1 / 50

Chap. 4: Finite Fields

Chap. 4: Finite Fields. Jen-Chang Liu, 2004 Adapted from l ecture slides by Lawrie Brown.

Download Presentation

Chap. 4: Finite Fields

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chap. 4: Finite Fields Jen-Chang Liu, 2004 Adapted from lecture slides by Lawrie Brown

  2. The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence. —Living with Birds, Len Howard

  3. Len Howard • British naturalist, who studied bird behaviors • Publications: • Birds as Individuals (1953) • Living with Birds (1956).

  4. Introduction • Finite fields: increasing importance in cryptography • AES, Elliptic Curve, IDEA, Public Key • Goal: mathematics for GF(2n) Ciphertext: 2n Plaintext: 2n 11010…0111 01100…0100 T(Plaintext, Key) • Arbitrary mapping => large keys • Mathematical form, ex. Hill cipher

  5. Outline • Group, rings, and fields • Modular arithmetic • Finite fields of the form GF(p) • Euclid’s algorithm (find GCD) • Polynomial arithmetic • Finite fields of the form GF(2n)

  6. Motivation • 在封閉且有限的數集合中,可操作的運算種類?(+, -, x, /) +,-,x,/ Field +,-,x Ring Group +,-

  7. Group • Group: {G, •} • G: a set of elements • •: binary operation to each pair (a,b) in G • obeys: • closure: a•b is also in G • associative law: (a•b)•c = a•(b•c) • has identity e: e•a = a•e = a • has inverses a-1: a•a-1 = e • if commutative a•b = b•a • then forms an abelian group

  8. Example: group 1. Set of integers under addition => Abelian group 2. N symbols : Nn={1, 2, …, n} • Set Sn: all permutations over Nn • Binary operation •: permutation according to the first element => Group {{1, 2, …, n}, {2, 1 …, n}, …, {n, n-1, …, 1}} {3,2,1}•{1,3,2}={2,3,1}

  9. Cyclic Group • define exponentiation as repeated application of operator • example: a3 = a•a•a • and let identity be: e=a0 • a group is cyclic if every element is a power of some fixed element • i.e.b =ak for some a and every b in group • a is said to be a generator of the group EX. integers with addition: 1 as the generator

  10. Ring • Ring: {R, +, x} • R: a set of “numbers” • +, x: two operations (addition and multiplication) • Ring obeys • {R,+}: an abelian group • multiplication: • has closure • is associative: ax(bxc)=(axb)xc • distributive over addition: ax(b+c) = axb + axc • if multiplication operation is commutative, it forms a commutative ring axb = bxa

  11. Example: Ring • The set of even integers (pos, neg, and 0) • Commutative ring

  12. Field • Field: {F, +, x} • F: a set of numbers • +, x: two operations (addition and multiplication) • Field obeys: • Ring • {F, +}: abelian group for addition • {F\0, x}: abelian group for multiplication (ignoring 0) • i.e. with multiplication inverse => division is possible • {Z, +, x} ?

  13. Field for n-bit block? Ciphertext: 2n Plaintext: 2n 11010…0111 01100…0100 +: addition x: multiplication ? Problems: 1. the set of plaintext (and ciphertext) finite 2. how to define +,-,x,/ operations

  14. Outline • Group, rings, and Fields • Modular arithmetic • Finite fields of the form GF(p) • Euclid’s algorithm (find GCD) • Polynomial arithmetic • Finite fields of the form GF(2n)

  15. Modulo operator • modulo operator:a mod n to be the remainder (>0) when a is divided by n , a and n are integers

  16. Modulo operator (cont.) • Integers a and b are congruence modulo na ≡ b mod n • when divided by n, a & b have same remainder • eg. 100 = 34 mod 11 • b is called the residue of a: b= a mod n • integers can always write: a = qn + b • usually have 0 <= b <= n-1 -12 mod 7 ≡ -5 mod 7 ≡ 2 mod 7 ≡ 9 mod 7

  17. Integers Modulo 7 Example ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... Z7: residue class modulo n congruence

  18. (mod n) maps all integers into the set Zn={0, 1, 2, …, n-1} • Can we perform arithmetic (+,-,x,/) with this set?

  19. Modular Arithmetic • We can do modular arithmetic with any set of integers: Zn={0, 1, … , n-1} • Under normal arithmetic (+,-,x) • Properties: 1. [(a mod n)+(b mod n)] mod n = (a+b) mod n 2. [(a mod n)- (b mod n)] mod n = (a-b) mod n 3. [(a mod n)x (b mod n)] mod n = (axb) mod n

  20. Modulo 8(=23) Example Find Additive inverse => group

  21. Modulo 8(=23) Example • Not all have • Multi. Inverse • Not a field Does not produce all elements in Z8

  22. Modular Arithmetic (cont.) • Peculiarities compared with ordinary arith. • if (a+b)≡(a+c) mod n then b≡c mod n • Existence of (-a): • if(ab)≡(ac) mod n then b≡c mod n ? • Existence of (a-1) ? ((-a)+a+b)≡((-a)+a+c) mod n ((a-1)ab)≡((a-1)ac) mod n Not always true, eg. n=8 Multiplicative inverse exists iff. a is relatively prime to n

  23. Question • Do we have a finite field within Zn ?

  24. Modulo 7 example: addition Yes for additive inverse

  25. Modulo 7 Example: multiply • Yes for multi. inverse

  26. Question • Do we have a finite field within Zn ? • Galois field • GF(p): ZP ,the modulo p is a prime number • Under ordinary arithmetic • GF(pn): , p is a prime number • 23 does not form a field under normal arithmetic • Under polynomial arithmetic

  27. Outline • Group, rings, and Fields • Modular arithmetic • Finite fields of the form GF(p) • Euclid’s algorithm (find GCD) • Polynomial arithmetic • Finite fields of the form GF(2n)

  28. Galois Fields: GF(p) • Theorem: Zn={0,1,…,n-1} is a commutative ring. Any integer aZn in has a multiplicative inverse iff a is relatively prime to n • In other words, • If n is a prime number, thenall nonzero integers in Zn are relatively prime to n => all nonzero integers in Zn have multiplicative inverses => Zn is a finite field => GF(p), p is a prime

  29. Galois Fields: GF(p) • GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p • these form a finite field • since have multiplicative inverses • hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

  30. Example: GF(2) x 0 1 w -w w-1 + 0 1 0 1 0 0 0 1 0 x 0 1 0 1 0 1 1 1 1 0 XOR AND

  31. Q: How to find the multiplicative inverse? • For GF(7), it is easy to build a table • For GF(1759), how to find the multiplicative inverse of 550?

  32. Outline • Group, rings, and Fields • Modular arithmetic • Finite fields of the form GF(p) • Euclid’s algorithm (find GCD) and extended Euclid’s algorithm (find multiplicative inverse) • Polynomial arithmetic • Finite fields of the form GF(2n)

  33. Greatest Common Divisor (GCD) • a common problem in number theory • GCD (a,b) of a and b is the largest number that divides evenly into both a and b • eg. GCD(60,24) = 12 • GCD(.,.)=1: no common factors (except 1) and hence numbers are relatively prime • eg. GCD(8,15) = 1 • hence 8 & 15 are relatively prime

  34. Euclid's GCD Algorithm • uses theorem that: (a>b>0) • GCD(a,b) = GCD(b, a mod b) To prove: The set of common divisors of a and b = The set of common divisors of a and (a mod b)

  35. Example GCD(1970,1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0)

  36. Finding Inverses • can extend Euclid’s algorithm: EXTENDED EUCLID(m, b) 1.(A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2

  37. Inverse of 550 in GF(1759) B2=A2-Q*B2=0-3*1=-3 (商) 4 1 0 inverse

  38. Recall: inverse matrix in Hill cipher • Find inverse matrix for • Note that 26 is not a prime, not every element in {0,1,2,…,25} has multiplicative inverse • Inverse formula:

  39. Inverse of Hill cipher Q A3 B3 26 17 1 17 9 1 9 8 1 8 1 8 1 0 A2 B2 0 1 1 -1 -1 2 2 -3 Multiplicative inverse

  40. Outline • Group, rings, and Fields • Modular arithmetic • Finite fields of the form GF(p) • Euclid’s algorithm (find GCD) • Polynomial arithmetic • Finite fields of the form GF(2n)

  41. Motivation for GF(2n) • For a 8-bit block • Z256 ={0,1,…,255} is not a field => no division • The largest prime < 256 is 251 • Z251 ={0,1,…,250} is a field => 251,…,255 are wasted • Is that possible to find a field for Z256 ? • Yes. Define new arithmetic operations for Z256

  42. Mapping from GF(2n) to polynomials • Ex. 8-bit block 10010111 => • To build the field for {0,1,2,…,2n-1} • => Require modular polynomial arithmetic

  43. Polynomial Arithmetic • Polynomials • 3 polynomial arithmetic available: • ordinary polynomial arithmetic • Polynomial with coefficients in Zp; arithmetic on the coefficients is performed modulo p • Polynomial with coefficients in Zp, and the polynomials are defined modulo a polynomial m(x); arithmetic on the coefficients is performed modulo p

  44. 1. Ordinary Polynomial Arithmetic • Add(+) or subtract(-) corresponding coefficients • Multiply(x) all terms by each other • eg. 1101, 0111 • f(x) = x3 + x2 + 1 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + 2x2 + x + 2 f(x) –g(x) = x3 - x f(x) x g(x) = x5+2x4+2x3+2x2+x+1 GF(24) ? 1. Not in {0,1} 2. degree>3

  45. 2. Polynomial Arithmetic with Modulo Coefficients • Polynomial coefficients are in a field F={p,+,x} • We are most interested in coefficients in GF(2) • eg. 1101, 0111 • let f(x) = x3 + x2 + 1 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x f(x) x g(x) = x5 + x + 1 GF(24) ? degree > 3

  46. 3. Modular Polynomial Arithmetic for GF(2n) • Polynomial coefficients are in a field F={p,+,x} • Ex. coefficients are in GF(2) • If multiplication results in poly. of degree > n-1 • Reduce it by modulo some irreducible poly. m(x) • f(x) = q(x) m(x) + r(x) => r(x) = f(x) mod m(x) • if m(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial

  47. =m(x) GF(23)

  48. Modular Polynomial Arithmetic • Computation in field GF(2n) • polynomials with coefficients modulo 2 • whose degree is less than n • hence must reduce modulo an irreducible poly of degree n (for multiplication only) • Can always find an inverse • Extended Euclid’s Inverse algorithm to find

  49. Computational Considerations • since coefficients are 0 or 1, can represent any such polynomial as a bit string • addition becomes XOR of these bit strings • multiplication is shift & XOR • modulo reduction done by repeatedly substituting highest power with remainder of irreducible poly (also shift & XOR)– see textbook for details

  50. Summary Ciphertext: 2n Plaintext: 2n 11010…0111 01100…0100 Mathematics within GF(2n)

More Related