Finite Fields. Mike Reiter

Similar documents
Chapter 4 Finite Fields

Mathematical Foundations of Cryptography

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

4 Powers of an Element; Cyclic Groups

Mathematics for Cryptography

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Basic Concepts in Number Theory and Finite Fields

LECTURE NOTES IN CRYPTOGRAPHY

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

Chapter 4 Mathematics of Cryptography

CSC 474 Information Systems Security

2. THE EUCLIDEAN ALGORITHM More ring essentials

CPSC 467: Cryptography and Computer Security

Congruences and Residue Class Rings

CPSC 467b: Cryptography and Computer Security

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

MTH310 EXAM 2 REVIEW

Basic elements of number theory

Basic elements of number theory

Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic. Theoretical Underpinnings of Modern Cryptography

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

ECEN 5022 Cryptography

Public-key Cryptography: Theory and Practice

SEVENTH EDITION and EXPANDED SEVENTH EDITION

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

1. Factorization Divisibility in Z.

Section VI.33. Finite Fields

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Polynomials. Chapter 4

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

NOTES ON SIMPLE NUMBER THEORY

Math 547, Exam 2 Information.

Lecture 7: Polynomial rings

The Euclidean Algorithm and Multiplicative Inverses

Number Theory and Group Theoryfor Public-Key Cryptography

Public Key Encryption

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

0 Sets and Induction. Sets

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Introduction to Cryptology. Lecture 19

Number Theory. Modular Arithmetic

Applied Cryptography and Computer Security CSE 664 Spring 2017

Introduction to Information Security

Coding Theory ( Mathematical Background I)

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Modular Arithmetic and Elementary Algebra

3 The fundamentals: Algorithms, the integers, and matrices

+ 1 3 x2 2x x3 + 3x 2 + 0x x x2 2x + 3 4

Information Theory. Lecture 7

CHAPTER I. Rings. Definition A ring R is a set with two binary operations, addition + and

EE512: Error Control Coding

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

Homework 8 Solutions to Selected Problems

Algebra for error control codes

Arithmetic Algorithms, Part 1

Rings. EE 387, Notes 7, Handout #10

8 Primes and Modular Arithmetic

Introduction. will now introduce finite fields of increasing importance in cryptography. AES, Elliptic Curve, IDEA, Public Key

Commutative Rings and Fields

Math 2070BC Term 2 Weeks 1 13 Lecture Notes

Chapter 4. Greatest common divisors of polynomials. 4.1 Polynomial remainder sequences

CHAPTER 10: POLYNOMIALS (DRAFT)

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Rings and modular arithmetic

Basic Algorithms in Number Theory

1. Algebra 1.5. Polynomial Rings

Elementary Number Theory Review. Franz Luef

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Finite Fields. Sophie Huczynska. Semester 2, Academic Year

Introduction to finite fields

CMPUT 403: Number Theory

Rings. Chapter 1. Definition 1.2. A commutative ring R is a ring in which multiplication is commutative. That is, ab = ba for all a, b R.

Olympiad Number Theory Through Challenging Problems

Lecture 3.1: Public Key Cryptography I

Chapter 5. Modular arithmetic. 5.1 The modular ring

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

CS250: Discrete Math for Computer Science

Topics in Cryptography. Lecture 5: Basic Number Theory

Algorithms (II) Yu Yu. Shanghai Jiaotong University

g(x) = 1 1 x = 1 + x + x2 + x 3 + is not a polynomial, since it doesn t have finite degree. g(x) is an example of a power series.

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Discussion 6B Solution

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition. Todd Cochrane

Numbers. Çetin Kaya Koç Winter / 18

MATH FINAL EXAM REVIEW HINTS

be any ring homomorphism and let s S be any element of S. Then there is a unique ring homomorphism

MTH 346: The Chinese Remainder Theorem

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

2a 2 4ac), provided there is an element r in our

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Transcription:

1 Finite Fields Mike Reiter reiter@cs.unc.edu Based on Chapter 4 of: W. Stallings. Cryptography and Network Security, Principles and Practices. 3 rd Edition, 2003. Groups 2 A group G, is a set G of elements with a binary operation satisfying the following properties Closure: a, b G : a b G Associativity: a, b, c G : a (b c) = (a b) c Identity element: e G : a G : a e = e a = a Inverse element: a G : a G : a a = a a = e If G has a finite number of elements, then it is a finite group, and the order of the group is the size of G A group G, is abelian if it also satisfies the following Commutative: a, b G : a b = b a 1

Examples of Groups 3 The set of bijections on n elements, with ( )(i) = ( (i)) Closure: is still a bijection on n elements Associative: (( )(i)) = ( )( (i)) Identity element: defined by (i) = i Inverse element: If (i) = j then (j) = i Integers under addition an abelian group? Reals under multiplication an abelian group? Bijections on n elements with as above an abelian group? Cyclic Groups 4 Define exponentiation in a group as repeated application of the group operator a 3 = a a a, for example a 0 = e A group G, is cyclic if a G : b G : k : b = a k a is said to generate G, or to be a generator of G 2

Rings 5 A ring R, +, is a set R of elements with two binary operators + ( addition ) and ( multiplication ) satisfying R, + is an abelian group, with identity element denoted 0 and the inverse of a denoted a Closure under : a, b R : a b R Associativity of : a, b, c R : a (b c) = (a b) c Distributivity: a, b, c R : a (b + c) = a b + a c a, b, c R : (a + b) c = a c + b c A ring is commutative if it satisfies: Commutativity of : a, b R : a b = b a Examples of Rings 6 n x n matrices over the reals A ring w.r.t. addition and multiplication? A commutative ring? The even integers A commutative ring w.r.t. addition and multiplication? 3

Integral Domains and Fields 7 A commutative ring R, +, is an integral domain if it obeys Multiplicative identity: 1 R : a R : a 1 = 1 a = a No zero divisors: a, b R : a b = 0 a = 0 b = 0 Example: Integers under addition and multiplication? A integral domain F, +, is a field if it obeys Multiplicative inverse: a F\{0 : a 1 F : a a 1 = a 1 a = 1 Example: Integers under addition and multiplication? Example: Rationals under addition and multiplication? Summary 8 4

Modular Arithmetic 9 Given a positive integer n and any integer a, if we divide a by n we get an integer quotient q and an integer remainder r a = qn + r where 0 r < n and q = a/n x denotes the largest integer less than or equal to x r is often called a residue Define a mod n to be the residue when a is divided by n Integers a and b are congruent mod n if (a mod n) = (b mod n) This is written a b mod n Divisors 10 Nonzero b divides a if a = mb for some m, where a, b, m are integers, i.e., if a 0 mod b Notation: b a means b divides a The following relations hold If a 1 then a = 1 If a b and b a then a = b Any b 0 divides 0 If b g and b h then b (mg+nh) for any integers m and n 5

Properties of mod 11 n (a b) a b mod n a b mod n b a mod n a b mod n b c mod n a c mod n Properties of modular arithmetic (a mod n) + (b mod n) (a + b) mod n (a mod n) (b mod n) (a b) mod n (a mod n) (b mod n) (a b) mod n If we let Z n = {0, 1, 2,..., n 1, then Z n, +, is a commutative ring Greatest Common Divisors 12 Positive integer c is the greatest common divisor of a and b if c is a divisor of a and of b Any divisor of a and b is a divisor of c We denote c by gcd(a, b) Because we require gcd(a, b) to be positive, gcd(a, b) = gcd(a, b) = gcd( a, b) a and b are relatively prime if gcd(a, b) = 1 6

Euclid s Algorithm for Computing gcd 13 Fact: If a 0 and b > 0, then gcd(a, b) = gcd(b, a mod b). Proof: Note that a mod b = a kb for some integer k. Lemma 1: If d a and d b, then d (a mod b). Proof: Since d a and d b, it is the case that d (a kb). Lemma 2: If d b and d (a mod b), then d a. Proof: d kb and d (a kb) and so d (a kb + kb). Thus the set of common divisors for a and b is the same as the set of common divisors for b and a mod b. Euclid s Algorithm for Computing gcd 14 /* Assumption: a, b > 0 */ int Euclid(a, b) { A a; B b; while (B > 0) { R A mod B; A B; B R; return A; For arbitrary integers a, b, invoke as Euclid( a, b ) 7

Computing Multiplicative Inverses 15 Fact: If gcd(m, b) = 1, then b has a multiplicative inverse mod m. Corollary: If p is prime, then Z p, +, satisfies multiplicative inverse. int ExtendedEuclid(m, b) { (A1,A2,A3) (1,0,m); (B1,B2,B3) (0,1,b); while (B3 > 1) { Q A3/B3 ; (T1,T2,T3) (A1 Q B1, A2 Q B2, A3 Q B3); (A1,A2,A3) (B1,B2,B3); (B1,B2,B3) (T1,T2,T3); if (B3 = 1) return B2; else return null; Computing Multiplicative Inverses 16 Why does the extended Euclidean algorithm work? First note that A3 and B3 in ExtendedEuclid are treated identically to A and B in Euclid Except that exit condition from loop is weaker in ExtendedEuclid Loop invariants in ExtendedEuclid m A1 + b A2 = A3 m B1 + b B2 = B3 8

Computing Multiplicative Inverses 17 If 1 Euclid(m,b), then at start of its last loop iteration, A = 0 and B = 1 Now consider the corresponding point in ExtendedEuclid, at which point the while loop terminates (since B3 = 1) m B1 + b B2 = B3 m B1 + b B2 = 1 (m B1 + b B2) mod m = 1 mod m b B2 1 mod m That is, B2 is b 1 mod m Polynomial Arithmetic 18 A polynomial of degree n 0 is an expression of the form If then their addition is defined as 9

Polynomial Arithmetic 19 Multiplication is defined as where c k = a 0 b k + a 1 b k 1 +... + a k 1 b 1 + a k b 0 and a i = 0 for i > n and b i = 0 for i > m If coefficients are in a field F, then we define division as i.e., f(x) = q(x) g(x) + r(x) where q(x) is of degree n m and r(x) is of degree at most m 1 Irreducible Polynomials and gcd 20 A polynomial f(x) over a field F is irreducible iff f(x) cannot be expressed as a product of two polynomials, both over F, and both of degree lower than f(x) Also called a prime polynomial, by analogy to integers Polynomial c(x) is the greatest common divisor ( gcd ) of a(x) and b(x) if c(x) divides both a(x) and b(x) Any divisor of a(x) and b(x) is a divisor of c(x) Fact: gcd(a(x), b(x)) = gcd(b(x), a(x) mod b(x)) By analogy to the integers, we write f(x) mod g(x) for the residue of f(x)/g(x) 10

Euclid s Algorithm for Polynomials 21 /* Assumption: deg(a(x)) > deg(b(x)) */ polynomial Euclid(a(x), b(x)) { A(x) a(x); B(x) b(x); while (B(x) 0) { R(x) A(x) mod B(x); A(x) B(x); B(x) R(x); return A(x); Computing Polynomial Inverses 22 If gcd(m(x),b(x)) = 1, same extension computes b(x) 1 mod m(x) polynomial ExtendedEuclid(m(x), b(x)) { (A1(x),A2(x),A3(x)) (1,0,m(x)); (B1(x),B2(x),B3(x)) (0,1,b(x)); while (B3(x) {0,1) { Q(x) quotient of A3(x)/B3(x); (T1(x),T2(x),T3(x)) (A1(x) Q(x) B1(x), A2(x) Q(x) B2(x), A3(x) Q(x) B3(x)); (A1(x),A2(x),A3(x)) (B1(x),B2(x),B3(x)); (B1(x),B2(x),B3(x)) (T1(x),T2(x),T3(x)); if (B3(x)=1) return B2(x); else return null; 11

Finite Fields of Non-Prime Order 23 Fact: The order of any finite field must be p n for some prime p and positive integer n. Fact: Z p, +, is a field. However, Z p n, +, is generally not. What structure with p n elements is a field? Motivating example: Suppose we want to define a field with 2 n elements, so we can represent it with n bits? Z 2 n, +, is not a field, and so we can t do division in it Finite Fields of Non-Prime Order 24 Consider the set of all polynomials of degree n 1 or less over the field Z p, with ordinary polynomial arithmetic where Arithmetic on coefficients is performed in Z p, +, Multiplication is reduced modulo some irreducible polynomial m(x) of degree n Fact: This is a finite field of order p n. We denote this by GF(p n ) Fact: All finite fields of a given order are isomorphic. 12

Finite Field GF(2 n ) 25 We will typically be most interested in polynomials with coefficients in the field GF(2) = Z 2, +, In GF(2), Addition is equivalent to logical exclusive-or (XOR) Multiplication is equivalent to logical AND Addition and subtraction are equivalent Represent an element of GF(2 n ) by the n-bit vector of its coefficients E.g., f(x) = x 6 + x 4 + x 2 + x + 1 in GF(2 8 ) is represented by 01010111 Then, addition of two elements in GF(2 n ) is simply their XOR Very, very efficient Finite Field GF(2 n ) 26 Multiplication in GF(2 n ) can be done efficiently using the fact that for a degree-n polynomial m(x) = x n +..., x n mod m(x) = m(x) x n Now consider multiplication x f(x) mod m(x), where is irreducible, and 13

Finite Field GF(2 n ) 27 Finite Field GF(2 n ) 28 So, to compute x f(x) mod m(x), compute it as Multiplication by a higher power of x f(x) can be computed by repeated application 14

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback