Fields in Cryptography. Çetin Kaya Koç Winter / 30

Similar documents
Chapter 4 Mathematics of Cryptography

Groups in Cryptography. Çetin Kaya Koç Winter / 13

Mathematical Foundations of Cryptography

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Commutative Rings and Fields

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

Chapter 4 Finite Fields

ECEN 5682 Theory and Practice of Error Control Codes

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Chinese Remainder Theorem

Numbers. Çetin Kaya Koç Winter / 18

3 The fundamentals: Algorithms, the integers, and matrices

ECEN 5022 Cryptography

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

4 Number Theory and Cryptography

Problem 4 (Wed Jan 29) Let G be a finite abelian group. Prove that the following are equivalent

Introduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard

Finite Fields. Mike Reiter

Rings. EE 387, Notes 7, Handout #10

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Arithmetic in Integer Rings and Prime Fields

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

Finite arithmetic and Latin squares

Discrete Logarithm Problem

1. Introduction to commutative rings and fields

17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

A. Algebra and Number Theory

1. Introduction to commutative rings and fields

Elliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.

Congruences and Residue Class Rings

Computer Algebra for Computer Engineers

2a 2 4ac), provided there is an element r in our

Tomáš Madaras Congruence classes

Galois Theory Overview/Example Part 1: Extension Fields. Overview:

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Finite Fields and Error-Correcting Codes

Error Correction Review

Stream Ciphers. Çetin Kaya Koç Winter / 20

Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic. Theoretical Underpinnings of Modern Cryptography

Basic elements of number theory

Basic elements of number theory

Lecture 2: Number Representations (2)

Basic Concepts in Number Theory and Finite Fields

Calculating Algebraic Signatures Thomas Schwarz, S.J.

Reducing the Complexity of Normal Basis Multiplication

LECTURE NOTES IN CRYPTOGRAPHY

Wilson s Theorem and Fermat s Little Theorem

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

3.4. ZEROS OF POLYNOMIAL FUNCTIONS

Outline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael

Number Theory, Algebra and Analysis. William Yslas Vélez Department of Mathematics University of Arizona

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Note 7

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

SYMMETRY AND THE MONSTER The Classification of Finite Simple Groups

8 Primes and Modular Arithmetic

Construction of latin squares of prime order

8+4 0 mod (12), mod (12), mod (12), mod (12), mod (12).

Some Results on the Arithmetic Correlation of Sequences

Latin squares. Clock arithmetic. Modular arithmetic. Binary operations 18/09/2013. Members only an introduction to groups

GF(2 m ) arithmetic: summary

Mathematics for Cryptography

Public-key Cryptography: Theory and Practice

6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)

Introduction to finite fields

EECS Components and Design Techniques for Digital Systems. Lec 26 CRCs, LFSRs (and a little power)

Cryptography Lecture 3. Pseudorandom generators LFSRs

5 Group theory. 5.1 Binary operations

Chapter 5. Modular arithmetic. 5.1 The modular ring

Exponentiation and Point Multiplication. Çetin Kaya Koç Spring / 70

The Advanced Encryption Standard

Intro to Rings, Fields, Polynomials: Hardware Modeling by Modulo Arithmetic

Section VI.33. Finite Fields

EECS150 - Digital Design Lecture 21 - Design Blocks

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs)

Continuing discussion of CRC s, especially looking at two-bit errors

Introduction to Information Security

Algebra for error control codes

Number Theory. Modular Arithmetic

Galois Fields and Hardware Design

CDM. Finite Fields. Klaus Sutner Carnegie Mellon University. Fall 2018

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Applications of Finite Sets Jeremy Knight Final Oral Exam Texas A&M University March 29 th 2012

1 Finite abelian groups

Linear Feedback Shift Registers (LFSRs) 4-bit LFSR

Linear Equations in Linear Algebra

A Polynomial Description of the Rijndael Advanced Encryption Standard

HMMT February 2018 February 10, 2018

Part IA Numbers and Sets

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Mathematics of Cryptography

Outline. We will now investigate the structure of this important set.

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Note 8

1. Group Theory Permutations.

Applied Cryptography and Computer Security CSE 664 Spring 2018

Modular numbers and Error Correcting Codes. Introduction. Modular Arithmetic.

NOTES ON FINITE FIELDS

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Transcription:

Fields in Cryptography http://koclab.org Çetin Kaya Koç Winter 2017 1 / 30

Field Axioms Fields in Cryptography A field F consists of a set S and two operations which we will call addition and multiplication, and denote them by and The set S has two special elements, denoted by 0 and 1 The set S and the addition operation forms an additive group denoted by G a = (S, ) such that 0 is the neutral element of G a Also the set S = S {0} and the multiplication operation forms a multiplicative group denoted by G m = (S, ) such that 1 is the unit (identity) element of G m Furthermore, the distributivity of multiplication over addition holds: a (b c) = (a b) (a c) for a, b, c S http://koclab.org Çetin Kaya Koç Winter 2017 2 / 30

Size and Characteristic The number of elements in a field is the size of the field, which can be finite or infinite The characteristic k of a field is the smallest number of times one must use 1 (the identity element of G m ) in a sum (using the addition operation ) to obtain 0 (the identity element of G a ) k 1s {}}{ 1 1 1 = 0 The characteristic is equal to zero, if the repeated sum never reaches the additive identity element 0 http://koclab.org Çetin Kaya Koç Winter 2017 3 / 30

Rings Fields in Cryptography The set of integers Z with the integer addition and multiplication operation does not form a field We can easily verify that (Z, +) is an additive group with identity 0 However, (Z {0}, ) is not a multiplicative group For example, the element 2 Z {0}, however, it does not have an inverse: There is no such x Z {0} that would give 2 x = 1 In fact, (Z, +, ) forms a ring Ring is another mathematical structure similar to field, which does not require a multiplicative group In a ring, the distributivity of multiplication over addition holds http://koclab.org Çetin Kaya Koç Winter 2017 4 / 30

Infinite Fields Fields in Cryptography A rational number is defined to be a number of the form a b such that b 0 and a, b Z The set of rational numbers Q together with the addition and multiplication operations forms a field, such that the additive and multiplicative identities are 0 and 1 Indeed, (Q, +) is an additive group with identity 0 The additive inverse of a b is found as a b Also, (Q, ) is a multiplicative group with identity 1 The multiplicative inverse of a b with with a 0 is found as b a The size of the field Q is infinity The characteristic of Q is zero since the sum 1 + 1 + + 1 can be equal to 0 if we take zero 1 http://koclab.org Çetin Kaya Koç Winter 2017 5 / 30

Infinite Fields Fields in Cryptography Similarly, the set of real numbers R together with the addition and multiplication operations forms a field, such that the additive and multiplicative identities are 0 and 1 Also, the set of complex numbers C together with the addition and multiplication operations forms a field, such that the additive and multiplicative identities are 0 and 1 Both of these fields have infinite size and zero characteristic In cryptography, we deal with computable objects, and we have finite memory, therefore, infinite fields are not suitable In cryptography, we deal with finite fields, a branch of mathematics where the name of Évariste Galois has a special place http://koclab.org Çetin Kaya Koç Winter 2017 6 / 30

Évariste Galois Fields in Cryptography Évariste Galois (1811-1832) was a French mathematician While still in his teens, he was able to determine a necessary and sufficient condition for a polynomial to be solvable by radicals, thereby solving a long-standing problem His work laid the foundations for Galois theory and group theory, two major branches of abstract algebra He was the first person to use the word group (French: groupe) as a technical term in mathematics to represent a group of permutations A radical Republican during the monarchy of Louis Philippe in France, he died from wounds suffered in a duel under questionable circumstances at the age of twenty http://koclab.org Çetin Kaya Koç Winter 2017 7 / 30

Finite Fields Fields in Cryptography For a prime p the set Z p together with the addition and multiplication mod p operations forms a finite field of p elements We denote this field by GF(p) or F p It is called a field of p elements or Galois field of p elements The additive group (Z p, +) has the elements Z p = {0, 1, 2,..., p 1}, the operation is addition mod p, and the additive identity element is 0 The multiplicative group (Z p, ) has the elements Z p = {1, 2,..., p 1}, the operation is multiplication mod p, and the multiplicative identity element is 1 The size of GF(p) is p, while the characteristic is also p since p copies of 1 {}}{ 1 + 1 + 1 + + 1 = 0 http://koclab.org Çetin Kaya Koç Winter 2017 8 / 30

The Smallest Field: GF(2) Since 2 is a prime, GF(2) is a Galois field of 2 elements The set is given as {0, 1} The field size is 2, and the field characteristic is 2 The additive identity is 0 while the multiplicative identity is 1 The addition and multiplication operations are as follows: + 0 1 0 0 1 1 1 0 0 1 0 0 0 1 0 1 In other words, the addition operation in GF(2) is equivalent to the Boolean exclusive OR operation, while the multiplication operation in GF(2) is the Boolean AND operation http://koclab.org Çetin Kaya Koç Winter 2017 9 / 30

GF(3) Fields in Cryptography 3 is also a prime, and thus, GF(3) is a Galois field of 3 elements The set is given as {0, 1, 2} The field size is 3, and the field characteristic is 3 The additive identity is 0 while the multiplicative identity is 1 the additive group: ({0, 1, 2}, +), the multiplicative group: ({1, 2}, ) The addition and multiplication operations in GF(3) are defined as mod 3 addition and mod 3 multiplication, respectively: + 0 1 2 0 0 1 2 1 1 2 0 2 2 0 1 0 1 2 0 0 0 0 1 0 1 2 2 0 2 1 http://koclab.org Çetin Kaya Koç Winter 2017 10 / 30

Finite Fields with Composite Number Size Since the size p of GF(p) is a prime, a question one can pose is whether there are fields of size other than a prime For example, is there a field with 6 elements? We can try to see if mod 6 arithmetic works, however, we already know that multiplicative inverse of certain elements mod 6 do not exist For example, 3 does not have a multiplicative inverse in mod 6, since there is no number a that satisfies 3 a = a 3 = 1 (mod 6) However, there may be another way to construct a field of 6 elements http://koclab.org Çetin Kaya Koç Winter 2017 11 / 30

Finite Fields of Size Prime Power It turns out there is no way to construct a field of 6 elements Galois showed that the size of a finite field can either be prime or power of a prime: p k for k = 1, 2, 3,... There is a particular construction of such fields In fact, we already know how to construct GF(p), it is simply mod p arithmetic over the set Z p How does one construct GF(p 2 ) or GF(p 3 )? For example, what is the set and the arithmetic of GF(7 3 )? http://koclab.org Çetin Kaya Koç Winter 2017 12 / 30

Construction of GF(2 k ) First we show how to construct the Galois field of GF(2 k ) In order to construct and the Galois field of 2 k elements, we need to represent the elements of GF(2 k ), and we also need to show how we can perform the field operations: addition, subtraction, multiplication, and division (inversion) operations using this representation It turns out there are more than one way to do that, for example, polynomial representation and normal representation First we will show how to represent field elements using polynomials, and its associated arithmetic http://koclab.org Çetin Kaya Koç Winter 2017 13 / 30

Representing the Elements of GF(2 k ) The polynomial representation of the Galois field of GF(2 k ) is based on the arithmetic of polynomials whose coefficients are from the base field GF(2) and whose degree is at most k 1 The elements of GF(2 k ) is polynomials whose degree is at most k 1 and coefficients from GF(2), that is {0, 1} Let a(α), b(α) GF(2 k ), then they are written as polynomials such that a i, b i {0, 1} a(α) = a k 1 α k 1 + + a 1 α + a 0 b(α) = b k 1 α k 1 + + b 1 α + b 0 http://koclab.org Çetin Kaya Koç Winter 2017 14 / 30

Addition and Multiplication in GF(2 k ) The field addition c(α) = a(α) + b(α) is performed by polynomial addition, where the coefficients are added in GF(2), therefore, c(α) = a(α) + b(α) = c k 1 α k 1 + + c 1 α + c 0 where c i = a i + b i (mod 2) On the other hand, the field multiplication is performed by first multiplying the polynomials, which would give a polynomial of degree at most 2k 2 Then, we reduce the product polynomial modulo an irreducible polynomial of degree k http://koclab.org Çetin Kaya Koç Winter 2017 15 / 30

Construction of GF(2 k ) Therefore, in order to construct a Galois field GF(2 k ), we need an irreducible polynomial of degree k Irreducible polynomials of any degree exist, in fact, usually there are more than one for a given k We can use any one of these degree k irreducible polynomials, and construct the field GF(2 k ) It does not matter which one we choose We just have to choose one and use that one only All such GF(2 k ) fields are isomorphic to one another http://koclab.org Çetin Kaya Koç Winter 2017 16 / 30

Irreducible Polynomials over GF(2) k irreducible polynomials 1 α α + 1 2 α 2 + α + 1 3 α 3 + α + 1 α 3 + α 2 + 1 4 α 4 + α + 1 α 4 + α 3 + 1 α 4 + α 3 + α 2 + α + 1 5 α 5 + α 2 + 1 α 5 + α 3 + 1 α 5 + α 3 + α 2 + α + 1 α 5 + α 4 + α 3 + α + 1 α 5 + α 4 + α 3 + α 2 + 1 α 5 + α 4 + α 2 + α + 1 6 α 6 + α + 1 α 6 + α 3 + 1 α 6 + α 5 + 1 α 6 + α 4 + α 2 + α + 1 α 6 + α 4 + α 3 + α + 1 α 6 + α 5 + α 2 + α + 1 α 6 + α 5 + α 3 + α 2 + 1 α 6 + α 5 + α 4 + α 2 + 1 α 6 + α 5 + α 4 + α + 1 7 α 7 + α + 1 α 7 + α 3 + 1 α 7 + α 4 + 1 α 7 + α 6 + 1 α 7 + α 3 + α 2 + α + 1 α 7 + α 5 + α 2 + α + 1 α 7 + α 5 + α 3 + α + 1 α 7 + α 6 + α 3 + α + 1 α 7 + α 4 + α 4 + α + 1 α 7 + α 4 + α 3 + α 2 + 1 α 7 + α 6 + α 4 + α 2 + 1 α 7 + α 6 + α 5 + α 2 + 1 α 7 + α 5 + α 4 + α 3 + 1 α 7 + α 6 + α 5 + α 4 + 1 http://koclab.org Çetin Kaya Koç Winter 2017 17 / 30

Irreducible Polynomials over GF(2) k irreducible polynomials 8 α 8 + α 4 + α 3 + α + 1 α 8 + α 7 + α 2 + α + 1 α 8 + α 5 + α 3 + α + 1 α 8 + α 7 + α 2 + α + 1 α 8 + α 6 + α 5 + α + 1 α 8 + α 7 + α 5 + α + 1 α 8 + α 7 + α 6 + α + 1 α 8 + α 4 + α 3 + α 2 + 1 α 8 + α 5 + α 3 + α 2 + 1 α 8 + α 6 + α 3 + α 2 + 1 α 8 + α 7 + α 3 + α 2 + 1 α 8 + α 6 + α 5 + α 2 + 1 α 8 + α 5 + α 4 + α 3 + 1 α 8 + α 6 + α 5 + α 3 + 1 α 8 + α 7 + α 5 + α 3 + 1 α 8 + α 6 + α 5 + α 4 + 1 α 8 + α 7 + α 5 + α 4 + 1 257 α 257 + α 12 + 1 α 257 + α 41 + 1 α 257 + α 48 + 1 α 257 + α 51 + 1 α 257 + α 65 + 1 α 257 + α 192 + 1 α 257 + α 206 + 1 α 257 + α 209 + 1 α 257 + α 216 + 1 α 257 + α 245 + 1 http://koclab.org Çetin Kaya Koç Winter 2017 18 / 30

Construction of GF(2 2 ) GF(2 2 ) has 2 2 = 4 elements: {0, 1, α, α + 1} The field addition is performed by adding the field elements, where the coefficients are added in GF(2) + 0 1 α α + 1 0 0 1 α α + 1 1 1 0 α + 1 α α α α + 1 0 1 α + 1 α + 1 α 1 0 To perform field multiplication in GF(2 2 ), we need an irreducible polynomial of degree 2 There exists only one irreducible polynomial of degree 2 which is p(α) = α 2 + α + 1 http://koclab.org Çetin Kaya Koç Winter 2017 19 / 30

Multiplication in GF(2 2 ) Multiplication in GF(2 2 ) is performed by first multiplying the given input polynomials, where the coefficient arithmetic is performed in GF(2), and reducing the result mod p(α) = α 2 + α + 1 For example, if a(α) = α and b(α) = α + 1, then we have c(α) = α (α + 1) = α 2 + α We now divide c(α) by p(α) and find the remainder r(α) as α 2 + α α 2 + α + 1 α 2 + α + 1 1 1 Since r(α) = 1, the product of α and α + 1 in GF(2 2 ) is equal to 1 http://koclab.org Çetin Kaya Koç Winter 2017 20 / 30

Multiplication in GF(2 2 ) We only need perform reduction mod p(α) if the degree of the resulting polynomial is more than 1 Reduction mod p(α) brings down the degree to k, and therefore, finding an element of GF(2 k ) which are polynomials whose coefficients are in GF(2) and the degree at most k 1 If we continue with the construction of the multiplication table for GF(2 2 ), we find the following 0 1 α α + 1 0 0 0 0 0 1 0 1 α α + 1 α 0 α α + 1 1 α + 1 0 α + 1 1 α http://koclab.org Çetin Kaya Koç Winter 2017 21 / 30

Representing the Elements of GF(2 k ) An element a(α) of GF(2 k ) is a polynomial of degree at most k 1, with coefficients from GF(2), as a(α) = a k 1 α k 1 + + a 1 α + a 0 While the polynomial representation is the natural representation of the elements of GF(2 k ), we can also represent a(α) using the coefficient vector as (a k 1 a 1 a 0 ) This is a binary vector, but it should not be confused with binary representation of integers Whenever we perform arithmetic with these vectors, we need to make sure that they are correctly operated on, for example, addition of a(α) and b(α) using their binary vector representation is performed by adding the individual vector bits mod 2 http://koclab.org Çetin Kaya Koç Winter 2017 22 / 30

Construction of GF(2 3 ) GF(2 3 ) has 2 3 = 8 elements: {0, 1, α, α + 1, α 2, α 2 + 1, α 2 + α, α 2 + α + 1} We can represent the field elements more compactly using the binary vectors as {000, 001, 010, 011, 100, 101, 110, 111}, for example, 011 represents α + 1, 100 represents α 2, and so on The field addition is performed by adding coefficients in GF(2), which corresponds to bitwise XOR operation 011 α + 1 110 + α 2 + α 101 α 2 + 1 http://koclab.org Çetin Kaya Koç Winter 2017 23 / 30

Addition Table in GF(2 3 ) + 000 001 010 011 100 101 110 111 000 000 001 010 011 100 101 110 111 001 001 000 011 010 101 100 111 110 010 010 011 000 001 110 111 100 101 011 011 010 001 000 111 110 101 100 100 100 101 110 111 000 001 010 011 101 101 100 111 110 001 000 011 010 110 110 111 100 101 010 011 000 001 111 111 110 101 100 011 010 001 000 http://koclab.org Çetin Kaya Koç Winter 2017 24 / 30

Multiplication Table in GF(2 3 ) To perform multiplication in GF(2 3 ), we need a polynomial of degree 3 over GF(2), which we select from the list as p(α) = α 3 + α + 1 000 001 010 011 100 101 110 111 000 000 000 000 000 000 000 000 000 001 000 001 010 011 100 101 110 111 010 000 010 100 110 011 001 111 101 011 000 011 110 101 111 100 001 010 100 000 100 011 111 110 010 101 001 101 000 101 001 100 010 111 011 110 110 000 110 111 001 101 011 001 100 111 000 111 101 010 001 110 100 011 An example: 101 100 (α 2 + 1) α 2 = α 4 + α 2, then the reduction gives the product as α 4 + α 2 = α (mod α 3 + α + 1) which is 010 http://koclab.org Çetin Kaya Koç Winter 2017 25 / 30

The Galois Field GF(3 2 ) We have seen that the elements of GF(3) are {0, 1, 2} while its arithmetic is addition and multiplication modulo 3 Similar to the GF(2 k ) case, in order to construct the Galois field GF(3 k ), we need polynomials degree at most k 1 whose coefficients are in GF(3) For example, GF(3 2 ) has 9 elements and they are of the form a 1 α + a 0, where a 1, a 0 {0, 1, 2}, which is given as {0, 1, 2, α, α + 1, α + 2, 2α, 2α + 1, 2α + 2} The addition is performed by polynomial addition, where the coefficient arithmetic is mod 3, for example: (α + 1) + (α + 2) = 2α http://koclab.org Çetin Kaya Koç Winter 2017 26 / 30

Multiplication in GF(3 2 ) In order to perform multiplication in GF(3 2 ), we need an irreducible polynomial of degree 2 over GF(3) This polynomial will be of the form α 2 + aα + b such that a, b {0, 1, 2} Note that b 0 (otherwise, we would have α 2 + aα which is reducible) Therefore, all possible irreducible candidates are α 2 + 1, α 2 + 2, α 2 + α + 1, α 2 + α + 2, α 2 + 2α + 1, α 2 + 2α + 2 A quick check shows that α 2 + 1 is irreducible The other two irreducible polynomials are α 2 + α + 2 and α 2 + 2α + 2 http://koclab.org Çetin Kaya Koç Winter 2017 27 / 30

Multiplication in GF(3 2 ) Multiplication of a(α) and b(α) in GF(3 2 ) can be performed using c(α) = a(α) b(α) (mod α 2 + 1) For example, a(α) = α + 1 and b = 2α + 1 gives c(α) = (α + 1) (2α + 1) (mod α 2 + 1) = 2α 2 + 3α + 1 (mod α 2 + 1) = 2α 2 + 1 (mod α 2 + 1) = 2 Note in the construction of a Galois field, we select and use only one of the irreducible polynomials http://koclab.org Çetin Kaya Koç Winter 2017 28 / 30

The Galois Field GF(2 8 ) The Galois field GF(2 8 ) has 2 8 = 256 elements: {0, 1, α, α + 1, α 2, α 2 + 1,..., α 7 + α 6 + α 5 + α 4 + α 3 + α 2 + α + 1} We represent the field elements using the binary vectors of length 8 {00000000, 00000001,..., 11111110, 11111111} The addition and multiplication tables are quite large, each of which has 256 rows and 256 columns, and each entry is 8 bits (1 byte), requiring 256 256 = 64k bytes of memory space for each table GF(2 8 ) is the building block of the Advanced Encryption Standard AES uses the irreducible polynomial p(α) = α 8 + α 4 + α 3 + α + 1 http://koclab.org Çetin Kaya Koç Winter 2017 29 / 30

Inversion in GF(2 k ) Fields in Cryptography Given a GF(2 k ), its multiplicative inverse a 1 GF(2 k ) is also in the field, and is the element with the property a a 1 = 1, except when a = 0 The additive inverse a in fields of characteristic 2 is the element itself: a + a = 0 There are various ways to compute the multiplicative inverse, for example, the extended Euclidean algorithm or Fermat s theorem Since the multiplicative group of GF(2 k ) is of order 2 k 1, for any nonzero a GF(2 k ), we have a 2k 1 = 1 Therefore, a 1 can be computed using a 1 = a 2k 2 since a a 2k 2 = a 2k 1 = 1 http://koclab.org Çetin Kaya Koç Winter 2017 30 / 30

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback