1k likes | 1.33k Views
Number Theory and Advanced Cryptography 1. Finite Fields and AES. Chih-Hung Wang Sept. 2011. Part I: Introduction to Number Theory Part II: Advanced Cryptography. Group. A set of elements or “ numbers ” obeys: (A1) Closure: If a and b belong to G , then a b is also in G .
E N D
Number Theory and Advanced Cryptography1. Finite Fields and AES Chih-Hung Wang Sept. 2011 Part I: Introduction to Number Theory Part II: Advanced Cryptography
Group • A set of elements or “numbers” • obeys: • (A1) Closure: If a and b belong to G, then ab is also in G. • (A2) Associative: (ab) c = a(b c) • (A3) Identity element: There is an element e in G such that a e = e a = a • (A4) Inverses element: For each a in G there is an element a’ in G such that a a’ = a’ a = e • If commutative (A5) a b = b a for all a, b in G then forms an abelian group
Cyclic Group • Define exponentiation as repeated application of operator • example: a-3 = a a a • Define identity: e=a0 • a-n=(a’)n • A group is cyclic if every element is a power of some fixed element • ie b = ak for some a and every b in group G • a is said to generate the group G or to be a generator of G.
Ring • A set of “numbers” with two operations (addition + and multiplication ) which are: • An abelian group with addition operation (A1-A5) • Multiplication: • (M1) Closure • (M2) Associative: a(bc)=(ab)c • (M3) Distributive law: a(b+c) = ab + ac • If multiplication operation is commutative, it forms a commutative ring • (M4) Commutativity of multiplication: ab=ba • If multiplication operation has identity and no zero divisors, it forms an integral domain • (M5) Multiplicative identity: There is an element 1 in R such that a1=1a =a • (M6) No zero divisors: If a,b in R and ab=0, then either a=0 or b=0.
Field • A set of numbers with two operations: • Abelian group for addition (A1-A5) • Abelian group for multiplication (ignoring 0) (M1-M6) • (M7) Multiplicative inverse: For each a in F, except 0, there is an element a-1 in F such that aa-1=(a-1)a =1.
Modular Arithmetic • Define modulo operatora mod n to be remainder when a is divided by n • Use the term congruence for: a ≡ b mod n • when divided by n, a & b have the same remainder • eg. 73 ≡ 4 mod 23 • r is called the residue of a mod n • since with integers can always write: a = qn + r • Usually have 0 <= b <= n-1 • -12 mod 7 ≡ -5 mod 7 ≡ 2 mod 7 ≡ 9 mod 7
The Relationship a = qn + r, 0r<n
Modulo 7 Example ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ...
Divisors • Say a non-zero number bdividesa if for some m have a=mb (a,b,m are all integers) • That is b divides into a with no remainder • Denote this b|a • Also say that b is a divisor of a • eg. all of 1,2,3,4,6,8,12,24 divide 24
Modular Arithmetic Operations • is 'clock arithmetic' • uses a finite number of values, and loops back from either end • modular arithmetic is when do addition & multiplication and modulo reduce answer • can do reduction at any point, ie • a+b mod n = [(a mod n) + (b mod n)] mod n • a-b mod n = [(a mod n) – (b mod n)] mod n • ab mod n = [(a mod n) (b mod n)] mod n
Modular Arithmetic • Can do modular arithmetic with any group of integers: Zn = {0, 1, … , n-1} • form a commutative ring for addition • with a multiplicative identity • note some peculiarities • if (a+b)≡(a+c) mod n then b≡c mod n • but (ab)≡(ac) mod n then b≡c mod n only if a is relatively prime to n
Relatively Prime • Relative prime: their only common positive integer factor is 1. • An integer has a multiplicative inverse in Zn if that integer is relatively prime to n. • Example: • 63=18 ≡ 2 mod 8 • 67=42 ≡ 2 mod 8 • 3 ≡ 7 mod 8 6 and 8 are not relatively prime
Residue Class • The residue classes modulo n as • [0], [1], [2], …, [n-1] where • [r] = {a: a is an integer, a≡ r mod n}
Multiplicative Inverse • If p is a prime number, then all the elements of Zp are relatively prime to p • Multiplicative inverse (w-1) • For each there exists a z such that wz 1 mod p • For each and gcd(w,n)=1, there exists a z such that w z 1 mod n
Greatest Common Divisor (GCD) • A common problem in number theory • GCD (a,b) of a and b is the largest number that divides evenly into both a and b • eg GCD(60,24) = 12 • Often want no common factors (except 1) and hence numbers are relatively prime • eg GCD(8,15) = 1 • hence 8 & 15 are relatively prime
Euclid's GCD Algorithm • An efficient way to find the GCD(a,b) • uses theorem that: • GCD(a,b) = GCD(b, a mod b) • gcd(55,22)=gcd(22,55 mod 22)=gcd(22,11)=11 • Euclid's Algorithm to compute GCD(a,b): • EUCLID(a,b) • A a; B b • If B=0 return A=gcd(a,b) • R = A mod B • A B • B R • goto 2
Example GCD(1970,1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0)
Galois Fields • Finite fields play a key role in cryptography • Can show number of elements in a finite field must be a power of a prime pn • Known as Galois fields • Denoted GF(pn) • In particular often use the fields: • GF(p) • GF(2n)
Galois Fields GF(p) • GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p • These form a finite field • since have multiplicative inverses • Hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)
Finding Inverses (1) • Can extend Euclid’s algorithm: EXTENDED EUCLID(m, b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 / B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2
Inverse of 550 in GF(1759) 550 545 1759 1650 3 5 109 5
Polynomial Arithmetic • Ordinary polynomial arithmetic • A polynomial with degree n
Polynomial Arithmetic with Coefficients in Zp • Polynomial ring • Example of GF(2)
Irreducible • A polynomial f(x) over a field F is called irreducible if and only if f(x) cannot be expressed as a product of two polynomials. • The polynomial over GF(2) is reducible because is irreducible
Finding the GCD • EUCLID Algorithm
Finite Fields of the Form GF(2n) • To work with integers that fit exactly into a given number of bits, with no wasted bit patterns. (for implementation efficiency) • Arithmetic in GF(23) • Addition
Arithmetic in GF(23) • Multiplication
Arithmetic in GF(23) • Additive and multiplicative inverses
Modular Polynomial Arithmetic • Consider the set S of all polynomials of degree n-1 or less over the field Zp. Thus, each polynomial has the form where each ai takes on a value in the set {0,1,…,p-1}. There are a total of pn different polynomials in S.
Arithmetic Operations • Arithmetic follows the ordinary rules of polynomial arithmetic using the basic rules of algebra, with the following refinements. • Arithmetic on the coefficients is performed modulo p. That is, we use the rules of arithmetic for the finite field Zp. • If multiplication results in a polynomial of degree greater than n-1, than the polynomial is reduced modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder. For a polynomial f(x), the remainder is expressed as r(x)=f(x) mod m(x).
Construction of GF(23) • Two irreducible polynomials in GF(23)
Implementation Considerations (1) • Addition
Implementation Considerations (2) • Multiplication (1)
Implementation Considerations (3) • Multiplication (2)
Implementation Considerations (4) • Multiplication (3)
AES (Advanced Encryption Standard) • Next generation encryption standard of NIST/FIPS • It will replace the use of DES in the following 30 years • The sensitive information protected by AES can not be revealed within 100 years • It is selected by the competition from international selection process