A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Similar documents
Mathematical Foundations of Cryptography

Chapter 4 Finite Fields

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

Finite Fields. Mike Reiter

Commutative Rings and Fields

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Homework 8 Solutions to Selected Problems

Polynomial Rings. i=0. i=0. n+m. i=0. k=0

Math 109 HW 9 Solutions

Rings. EE 387, Notes 7, Handout #10

Handout - Algebra Review

Polynomial Rings. i=0

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Fields in Cryptography. Çetin Kaya Koç Winter / 30

LECTURE NOTES IN CRYPTOGRAPHY

MTH310 EXAM 2 REVIEW

Chapter 4 Mathematics of Cryptography

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

φ(xy) = (xy) n = x n y n = φ(x)φ(y)

Polynomials. Chapter 4

Polynomials. In many problems, it is useful to write polynomials as products. For example, when solving equations: Example:

REVIEW Chapter 1 The Real Number System

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

3 The fundamentals: Algorithms, the integers, and matrices

Introduction to Information Security

Rings. Chapter 1. Definition 1.2. A commutative ring R is a ring in which multiplication is commutative. That is, ab = ba for all a, b R.

6x 3 12x 2 7x 2 +16x 7x 2 +14x 2x 4

Basic Algebra. Final Version, August, 2006 For Publication by Birkhäuser Boston Along with a Companion Volume Advanced Algebra In the Series

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

NOTES ON SIMPLE NUMBER THEORY

0 Sets and Induction. Sets

Mathematics for Cryptography

17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

Computations/Applications

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Math 2070BC Term 2 Weeks 1 13 Lecture Notes

3.2 Solving linear congruences. v3

MATH 433 Applied Algebra Lecture 22: Semigroups. Rings.

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

2. THE EUCLIDEAN ALGORITHM More ring essentials

Fault Tolerance & Reliability CDA Chapter 2 Cyclic Polynomial Codes

Math 4310 Solutions to homework 7 Due 10/27/16

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Polynomials, Ideals, and Gröbner Bases

Math 120 HW 9 Solutions

Today. Polynomials. Secret Sharing.

Lesson 7.1 Polynomial Degree and Finite Differences

Lecture Notes. Advanced Discrete Structures COT S

Lecture 7: Polynomial rings

Chapter 4. Remember: F will always stand for a field.

Galois Fields and Hardware Design

GF(2 m ) arithmetic: summary

1. multiplication is commutative and associative;

x 9 or x > 10 Name: Class: Date: 1 How many natural numbers are between 1.5 and 4.5 on the number line?

4 Powers of an Element; Cyclic Groups

Simplifying Rational Expressions and Functions

Polynomial Review Problems

4 Number Theory and Cryptography

Group, Rings, and Fields Rahul Pandharipande. I. Sets Let S be a set. The Cartesian product S S is the set of ordered pairs of elements of S,

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Mathematical Olympiad Training Polynomials

Practice problems for first midterm, Spring 98

ELEMENTS OF NUMBER THEORY

8 Primes and Modular Arithmetic

MODEL ANSWERS TO HWK #10

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

Chapter 2.7 and 7.3. Lecture 5

1. Group Theory Permutations.

Public-key Cryptography: Theory and Practice

Finite Fields and Error-Correcting Codes

Section September 6, If n = 3, 4, 5,..., the polynomial is called a cubic, quartic, quintic, etc.

Arithmetic Operations. The real numbers have the following properties: In particular, putting a 1 in the Distributive Law, we get

Section VI.33. Finite Fields

Lagrange s polynomial

Functions and Equations

Introduction to finite fields

Section III.6. Factorization in Polynomial Rings

Study Guide for Math 095

Algebra Review. Terrametra Resources. Lynn Patten

Introduction to Cryptology. Lecture 19

1. Introduction to commutative rings and fields

CONTENTS COLLEGE ALGEBRA: DR.YOU

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Dividing Polynomials: Remainder and Factor Theorems

Lecture Notes on DISCRETE MATHEMATICS. Eusebius Doedel

Complex Numbers: Definition: A complex number is a number of the form: z = a + bi where a, b are real numbers and i is a symbol with the property: i

Discrete Mathematics and Probability Theory Spring 2016 Rao and Walrand Note 8

Chapter 14: Divisibility and factorization

A Generalization of Wilson s Theorem

1. Introduction to commutative rings and fields

Coding Theory ( Mathematical Background I)

4. Congruence Classes

Honors Algebra 4, MATH 371 Winter 2010 Assignment 3 Due Friday, February 5 at 08:35

Modular Arithmetic and Elementary Algebra

MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

arxiv:math/ v1 [math.nt] 21 Sep 2004

Transcription:

Byte multiplication 1 Field arithmetic A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties: F is an abelian group under addition, meaning - F is closed under the operation: x + y F for all x, y F, - addition is commutative: x + y y + x for all x, y F, - addition is associative: (x + y) + z x + ( y + z ) for every x, y,z F, - 0 is the additive identity: x + 0 x for all x F, - for every x F there must be an additive inverse x F which satisfies x + ( x) 0; F is an abelian monoid under multiplication, meaning - F is closed under the operation: xy F for all x, y F, - multiplication is commutative: xy yx for all x, y F, - multiplication is associative: (xy)z x(yz ) for every x, y,z F, - 1 is the multiplicative identity: x 1 x for all x F,

Byte multiplication 2 For every nonzero x F there must be a (nonzero) multiplicative inverse x 1 F satisfying x(x 1 ) 1; Multiplication distributes over addition: x( y + z ) xy + xz for all x, y,z F. In any field, we can define subtraction and division as follows: x y means x + ( y ), and x / y means x( y 1 ). In particular, division by 0 will be undefined, since 0 has no multiplicative inverse! You are already familiar with examples of fields: the rational numbers, the real numbers, even the complex numbers are all fields. (Why?) Note that some other familiar number systems are not fields: the natural numbers, the integers, n n matrices, Z 10, Z 12 (why?). These examples of fields are all infinite sets. There are finite fields as well, the most important being Z p, the integers under arithmetic modulo a prime p. (Why is this a finite field?) The field Z 2 is used to produce bit arithmetic.

Byte multiplication 3 There are other binary fields that are useful for cryptology. In particular, we now describe GF (2 8 ), the Galois field with 2 8 256 elements. (In general, a Galois field GF ( p n ) with p n elements for any power of any prime number is similarly defined, but these other fields play no role in cryptology, so we will not consider them here.) Begin by defining Z 2 [X ] to be the set of polynomials in X with coefficients in Z 2 ; these polynomials are added and multiplied in the obvious way, using mod 2 arithmetic: (X 3 + X +1)( X +1) X 4 + X 3 + X 2 +1 because 2X 0 (mod 2). (We also include the constant polynomials 0 and 1.) Long division works much the same as long division with integers: X 2 +1 X 2 + X +1) X 4 + X 3 +1 X 4 + X 3 + X 2 X 2 +1 X 2 + X +1 X

Byte multiplication 4 This computation can be summarized by writing it in the form X 4 + X 3 +1 X (mod X 2 + X +1). Therefore, by specifying a particular polynomial modulus P (X ), arithmetic in Z 2 [X ] extends to a congruence arithmetic for polynomials in Z 2 [X ] mod P (X ). It should be immediately clear from this that by dividing by P (X ), every polynomial in Z 2 [X ] can be seen to be congruent mod P (X ) to a unique polynomial in Z 2 [X ] of degree less than that of P (X ) (its remainder in the division). It is also clear that Z 2 [X ] mod P (X ) is an abelian group under addition and an abelian monoid under multiplication; further, the distributive law of multiplication over addition will hold here as well. The only field property that is not so easy to check is the one asserting that every nonzero polynomial in Z 2 [X ] mod P (X ) has a multiplicative inverse. The difficulty arises because it is not always true!

Byte multiplication 5 Recall that Z 10 is not a field because no factor of the modulus (like 2 or 5) can have a multiplicative inverse. More generally, Z n is not a field if n is a composite number. The same is true in Z 2 [X ] mod P (X ) if the polynomial P (X ) factors nontrivially: if P(X ) Q(X ) R(X ), where Q(X ) and R(X ) are polynomials of degree less than that of P (X ), then neither Q(X ) nor R(X ) can have a multiplicative inverse in Z 2 [X ] mod P (X ): if Q(X ) had a multiplicative inverse polynomial Q ( X ), multiplication of the congruence Q(X ) R(X ) P(X ) 0 (mod P(X )) by Q ( X ) would prove that R( X ) 0 (mod P (X )), that is, R(X ) is a multiple of P (X ) in addition to being a factor of P (X ), forcing P (X ) and R(X ) to have the same degree. But this would contradict our assumption that each of the factors Q(X ) and R(X ) has degree smaller than that of P (X ). In other words, if P (X ) factors nontrivially, then Z 2 [X ] mod P (X ) is not a field.

Byte multiplication 6 On the other hand, suppose P (X ) has no nontrivial factors (it is irreducible). Then, if D(X ) is any polynomial of smaller degree than P (X ), D(X ) is not a factor of P (X ), so long division of P (X ) by D(X ) will produce a quotient polynomial Q(X ) and remainder polynomial R(X ) where R(X ) has degree smaller than both P (X ) and Q(X ): P(X ) D(X ) Q(X ) + R(X ) Indeed, we can use the Euclidean algorithm on these polynomials, dividing D(X ) by R(X ), and so on, until we find either a remainder equal to 0, or until the degree of the final remainder is 0. The first case is impossible since we have assumed that P (X ) is irreducible. So it must be that the gcd of P (X ) and D(X ) is a constant polynomial. But the only nonzero constant polynomial in Z 2 [X ] is 1, so it follows that P (X ) and D(X ) are relatively prime in Z 2 [X ] mod P (X ). The extended Euclidean algorithm applied to these polynomials will then discover polynomials A(X ) and B(X ) so that A(X )P(X ) + B(X )D(X ) 1, whence B(X )D(X ) 1 (mod P(X )). Therefore, every nonzero polynomial of smaller degree than P (X ) has a multiplicative inverse in Z 2 [X ] mod P (X )!

Byte multiplication 7 It follows that if P (X ) is irreducible, then Z 2 [X ] mod P (X ) is a field. And since every polynomial in this field s congruent to a unique polynomial of degree less than n deg P ( X ), every element of this field is congruent to a polynomial of the form b n 1 X n 1 +b n 2 X n 2 + +b 1 X +b 0 where the b i ±1. Clearly, then, this field contains exactly 2 n elements. It is for this reason that we give it the label GF (2 n ). By selecting an irreducible polynomial of degree 8, like P (X ) X 8 + X 4 + X 3 + X +1 (how do you check that it is irreducible?), we obtain the field GF (2 8 ). We use this field to represent the set of all 8-bit bytes via the association b 7 X 7 +b 6 X 6 + +b 1 X +b 0 b 7 b 6 b 1 b 0 (that is, the powers of X act as placeholders for the bits). Observe that addition of polynomials corresponds to bitwise XOR of the bytes. What does multiplication of elements of GF (2 8 ) correspond to in byte form?

Byte multiplication 8 Multiplication of X with the polynomial B(X ) b 7 X 7 +b 6 X 6 + +b 1 X +b 0 simply adds 1 to each of the exponents in B(X ) if b 7 0, so if the leftmost bit is 0, it has the effect of shifting the bits of b 7 b 6 b 1 b 0 to the left one place, dropping the bit b 7, and attaching 0 as the new rightmost bit. But when b 7 1, then X B(X ) X ( X 7 +b 6 X 6 + +b 1 X +b 0 ) X 8 +b 6 X 7 + +b 1 X 2 +b 0 X P (X ) + X 8 +b 6 X 7 + +b 1 X 2 +b 0 X and since X 8 appears twice in the last expression, this term cancels out. This has the effect of shifting the bits of b 7 b 6 b 1 b 0 to the left one place, dropping the bit b 7, attaching a 0 as the rightmost bit, then computing an XOR with 00011011. Multiplication of an arbitrary polynomial A( X ) in GF (2 8 ) with B(X ) can then be accomplished by muliplying B(X ) by those of 1, X,, X 7 corresponding to each successive nonzero term in A( X ), then summing the results. In byte form, this corresponds to repeated application of the above steps and a final XOR of the results.

Byte multiplication 9 For instance, to multiply the bytes A 11010000 and B 00110111, we recognize that A corresponds to the polynomial X 7 + X 6 + X 4 and B to X 5 + X 4 + X 2 + X +1, so we multiply B(X ) by X successively four, six, and seven times, then sum the results: B 1 2 3 4 5 6 7 AB 00110111 01101110 11011100 10111000 00011011 10100011 01000110 00011011 01011101 10111010 01110100 00011011 01101111 11011110 01011101 01101111 11011110 11101100

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback