Computer Algebra for Computer Engineers

Similar documents
ELG 5372 Error Control Coding. Lecture 5: Algebra 3: Irreducible, Primitive and Minimal Polynomials

Galois Fields and Hardware Design

Information Theory. Lecture 7

Fundamental Theorem of Algebra

Section VI.33. Finite Fields

Irreducible Polynomials. Finite Fields of Order p m (1) Primitive Polynomials. Finite Fields of Order p m (2)

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

Chapter 4 Finite Fields

Chapter 4 Mathematics of Cryptography

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Coding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013

Abstract Algebra, Second Edition, by John A. Beachy and William D. Blair. Corrections and clarifications

Section 33 Finite fields

Mathematical Foundations of Cryptography

Public-key Cryptography: Theory and Practice

QUALIFYING EXAM IN ALGEBRA August 2011

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Polynomial Rings. (Last Updated: December 8, 2017)

Quasi-reducible Polynomials

ECEN 5682 Theory and Practice of Error Control Codes

LECTURE NOTES IN CRYPTOGRAPHY

Polynomials. Chapter 4

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

g(x) = 1 1 x = 1 + x + x2 + x 3 + is not a polynomial, since it doesn t have finite degree. g(x) is an example of a power series.

Congruences and Residue Class Rings

1 Rings 1 RINGS 1. Theorem 1.1 (Substitution Principle). Let ϕ : R R be a ring homomorphism

Finite fields: some applications Michel Waldschmidt 1

Finite Fields. Mike Reiter

Galois Theory Overview/Example Part 1: Extension Fields. Overview:

Introduction to finite fields

1. Algebra 1.5. Polynomial Rings

4.5 Hilbert s Nullstellensatz (Zeros Theorem)

ϕ : Z F : ϕ(t) = t 1 =

Intro to Rings, Fields, Polynomials: Hardware Modeling by Modulo Arithmetic

Rings. EE 387, Notes 7, Handout #10

Galois Theory and Noether s Problem

Homework 8 Solutions to Selected Problems

Commutative Rings and Fields

Groups in Cryptography. Çetin Kaya Koç Winter / 13

CDM. Finite Fields. Klaus Sutner Carnegie Mellon University. Fall 2018

Chapter 6. BCH Codes

Math 120. Groups and Rings Midterm Exam (November 8, 2017) 2 Hours

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Handout - Algebra Review

6]. (10) (i) Determine the units in the rings Z[i] and Z[ 10]. If n is a squarefree

Abstract Algebra: Chapters 16 and 17

ECEN 5022 Cryptography

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION

MATH 3030, Abstract Algebra Winter 2012 Toby Kenney Sample Midterm Examination Model Solutions


M2P4. Rings and Fields. Mathematics Imperial College London

RINGS: SUMMARY OF MATERIAL

18. Cyclotomic polynomials II

Finite Fields. SOLUTIONS Network Coding - Prof. Frank H.P. Fitzek

Polynomial Rings. i=0. i=0. n+m. i=0. k=0

Extension fields II. Sergei Silvestrov. Spring term 2011, Lecture 13

Chapter 4. Characters and Gauss sums. 4.1 Characters on finite abelian groups

Chapter 5. Modular arithmetic. 5.1 The modular ring

7.4: Integration of rational functions

(January 14, 2009) q n 1 q d 1. D = q n = q + d

Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

Finite Fields. Sophie Huczynska (with changes by Max Neunhöffer) Semester 2, Academic Year 2012/13

Solutions of exercise sheet 6

1. Definition of a Polynomial

ELG 5372 Error Control Coding. Lecture 12: Ideals in Rings and Algebraic Description of Cyclic Codes

7.1 Definitions and Generator Polynomials

+ 1 3 x2 2x x3 + 3x 2 + 0x x x2 2x + 3 4

Chapter 4. Fields and Galois Theory

Problem 4 (Wed Jan 29) Let G be a finite abelian group. Prove that the following are equivalent

1 The Galois Group of a Quadratic

Rings. Chapter 1. Definition 1.2. A commutative ring R is a ring in which multiplication is commutative. That is, ab = ba for all a, b R.

RUDIMENTARY GALOIS THEORY

Page Points Possible Points. Total 200

Sample algebra qualifying exam

MATH 361: NUMBER THEORY TENTH LECTURE

Chapter 4. Remember: F will always stand for a field.

FIELD THEORY. Contents

Lecture 7: Polynomial rings

Math 547, Exam 2 Information.

ELEC-E7240 Coding Methods L (5 cr)

2a 2 4ac), provided there is an element r in our

Implementation of Galois Field Arithmetic. Nonbinary BCH Codes and Reed-Solomon Codes

CSIR - Algebra Problems

Mathematics for Cryptography

MT5836 Galois Theory MRQ

4 Powers of an Element; Cyclic Groups

Basic elements of number theory

Basic elements of number theory

Binary Primitive BCH Codes. Decoding of the BCH Codes. Implementation of Galois Field Arithmetic. Implementation of Error Correction

Gauss s Theorem. Theorem: Suppose R is a U.F.D.. Then R[x] is a U.F.D. To show this we need to constuct some discrete valuations of R.

School of Mathematics and Statistics. MT5836 Galois Theory. Handout 0: Course Information

An Approach to Hensel s Lemma

Complex Numbers: Definition: A complex number is a number of the form: z = a + bi where a, b are real numbers and i is a symbol with the property: i

Section IV.23. Factorizations of Polynomials over a Field

Resultants. Chapter Elimination Theory. Resultants

U + V = (U V ) (V U), UV = U V.

Transcription:

p.1/23 Computer Algebra for Computer Engineers Galois Fields: GF(2 m ) Priyank Kalla Department of Electrical and Computer Engineering University of Utah, Salt Lake City

p.2/23 Galois Fields A Galois Field is a set F q, satisfying all the following properties: Abelian Group: w.r.t. addition +, and 0 element Commutative ring with unity: (+,, 0, 1) Associativity, Commutativity, Distributivity Inverse: a F q {0}, a 1 F q such that a a 1 = 1. q = p m, where p is prime. In our case, p = 2. Multiplicative cyclic group structure: a q = a. (Z (mod p)), where p = prime is a field.

p.3/23 Extension Fields If D is a Euclidean domain, and p is a prime in D, then D (mod p) is a field. (Z (mod p)), where p = prime is a field. We call it Z p F p GF(p). D = R[x], p = x 2 + 1, we have R[x] (mod x 2 + 1) = C[x], the field of complex numbers. D = Z p and we take an irreducible polynomial f(x) of degree m, irreducible in Z p, then Z p (mod f(x)) = F p m or GF(p m ). Consider GF(p m ) as an m-dimensional vector space over GF(p). Example: GF(2) (mod x 3 + x + 1) is GF(2 3 ). Note x 3 + x + 1 is irreducible over GF(2); but it has roots in GF(2 3 ). Galois Fields are unique up to the labeling of elements.

p.4/23 Field Elements Consider: GF(2 3 ) with irreducible polynomial p(x) = x 3 + x + 1. Let A F 2 [x] and compute A (mod p(x)) = a 2 x 2 + a 1 x + a 0, where a 2, a 1, a 0 {0, 1}. Let p(α) = 0, i.e. α is a root of p(x): a 2, a 1, a 0 = 0, 0, 0 = 0 a 2, a 1, a 0 = 0, 0, 1 = 1 a 2, a 1, a 0 = 0, 1, 0 = α a 2, a 1, a 0 = 0, 1, 1 = α + 1 a 2, a 1, a 0 = 1, 0, 0 = α 2 a 2, a 1, a 0 = 1, 0, 1 = α 2 + 1 a 2, a 1, a 0 = 1, 1, 0 = α 2 + α a 2, a 1, a 0 = 1, 1, 1 = α 2 + α + 1

p.5/23 Add and Multiply field elements Multiply two elements: (α 2 + 1)(α 2 + α) modulo p(x) = α 3 + α + 1: (α 2 + 1)(α 2 + α) = α 4 + α 3 + α 2 + α = α(α 3 ) + α 3 + α 2 + α = α(α + 1) + (α + 1) + α 2 + α = α 2 + α + α + 1 + α 2 + α = α + 1 Addition is componentwise and modulo p (p = 2 in this case): (α 2 + 1) + (α 2 + α) = α + 1 as 2 α 2 = 0

p.6/23 Prove that D (mod p) = Field To prove that D (mod p) = field, just prove that every non-zero element in D (mod p) has an inverse. Use Euclidean algorithm. Since p is prime, and a 0, GCD(a, p) = 1. If d = 1 = GCD(a, p) then d = 1 = t 1 a + t 2 p, for t 1, t 2 D (remember Euclidean algorithm?). Computing D (mod p): 1 = t 1 a + t 2 p (mod p) 1 = t 1 a (mod p) So we have that a and t 1 are inverses of each other. Note this also gives an algorithm to compute inverses! Characteristic of a field is prime (1 + 1 +... p-times = 0). Corresponds to Z p. [Proof given in notes pp 35] For any GF(q), q = p m. [Proof: m-dimensional vector space over p].

p.7/23 Irreducible Polynomials Given any GF(p), and integer m, there always exists an irreducible polynomial p(x) for field construction. Irreducble polynomial p(x) has coefficients in GF(p), and has degree m. It is irreducible in GF(p) (no roots in GF(p)) but has roots in GF(p m ). p(x) of degree 2: 1 + x + x 2 p(x) of degree 3: 1 + x 2 + x 3, 1 + x + x 3 p(x) of degree 4: 1 + x + x 4, 1 + x 3 + x 4, 1 + x + x 2 + x 3 + x 4 Any irreducible polynomials over GF(2) of degree m divides X 2m 1 + 1. [See notes pp. 41] Exercise: See notes pp. 47, Table 2.8: GF(16) constructed using p(x) = 1 + x + x 4. Construct GF(16) using p(x) = 1 + x + x 2 + x 3 + x 4.

p.8/23 Order of elements Order of a: smallest n s.t., a n = 1. Exercise: Take GF(16) from Table 2.8, from notes. Let element a = α. Find smallest n s.t. a n = 1. Repeat the above experiment for GF(16) constructed by p(x) = 1 + x + x 2 + x 3 + x 4. Let a be a non-zero element of GF(q): a q 1 = 1. Order n may or may not equal q 1. But if n = q 1, then a = primitive element of the field. Then we can use primitive elements to generate the entire field: {0, 1, a, a 2,...,a n 1 } Order divides q 1: i.e. n (q 1). [see notes pp. 35-37]

p.9/23 More on Orders of elements If order(α) = t, then order(α i ) = t gcd(i,t). Let φ(t) denote the number of integers in the set {0, 1,...,t 1} that are relatively prime to t. Note, φ(p) = p 1. Given F q, and t N. If t (q 1), there are φ(t) elements of order t. Otherwise, there are no elements of order t. There always exists at least one element (actually, exactly φ(q 1) elements) of order q 1. [Primitive root!] Let q = 8. How many elements in F 8 have order = 1? How many have order = 2, or 4 or 8? [Note: how much info you already know about field elements without any knowledge of how it was constructed?]

p.10/23 Primitive Polynomials Irreducible polynomials of degree m 1 always exist. An irreducible p(x) of degree m is primitive if smallest n for which p(x) (X n + 1) is n = 2 m 1. Root of primitive polynomial is called a primitive root. Primitive root is also a primitive element and can generate the entire field. Examples of primitive polynomials... Table 2.7 in the notes.

p.11/23 Roots of Irreducible Polynomials For the following slides: see notes pp 47-54. Irreducible Poly, no roots in GF(2); but may have roots in extension fields. Example: Take GF(16) given in Table 2.8, let f(x) = x 4 + x 3 + 1 be a polynomial over GF(16). It has Roots: a 7, a 11, a 13, a 14. Factorization into roots works... see pp 47-48 in the notes f(x) over GF(2). Let β be an element in an extension field of GF(2). If β is a root of f(x), then β 2l is also a root of f(x). β 2l is called conjugate of β. [Use the example above and find all the conjugates of a 7 ]

p.12/23 Roots of polynomials contd... Order of β: β q 1 = 1 In GF(2 m ): β 2m 1 = 1 Or β 2m 1 + 1 = 0, or β is a root of X 2m 1 + 1. This implies: All non-zero elements form the roots of X 2m 1 + 1 This also implies: ALL elements of GF(2 m ) form the roots of X 2m + X. Example: Take elements from GF(16)... and demonstrate the correctness of the above result.

p.13/23 Minimal Polynomials β GF(2 m ) is a root of X 2m + X. But β may (or may not) be a root of a polynomial of degree less than 2 m. Let φ(x) be the polynomial over GF(2) of smallest degree s.t. φ(β) = 0. Then φ(x) = unique, minimal polynomial of β. Minimal polynomial of a field element β is irreducible. Let f(x) GF(2), and φ(x) be minimal polynomial of β. If β is a root of f(x) then φ(x) f(x). Minimal poly φ(x) X 2m + X.

Continuing... From above: All roots of φ(x) are from GF(2 m ). So what are the roots of φ(x)? Let f(x) be an irreducible polynomial over GF(2). Let β be an element of GF(2 m ). Let φ(x) be minimal polynomial of β. If f(β) = 0 then φ(x) = f(x). Meaning: If an irreducible polynomial has β as a root, then it is the minimal polynomial of β. [Example?] Then β and its conjugates [β,β 2,β 22,...,β 2e 1 ] are roots of φ(x). Note: Let e be the smallest integer s.t. β 2e = β. Then β 2m = β,e m, and e m. p.14/23

Irreducible & Minimal Poly Creation Let β be an element in GF(2 m ), and e be smallest integer such that β 2e = β. Then: f(x) = e 1 i=0 (X + β2i ) is an irreducible polynomial over GF(2). Let φ(x) = minimal polynomial of β GF(2 m ). Let e be smallest integer such that β 2e = β. Then: φ(x) = e 1 i=0 (X + β2i ). Let φ(x) be the minimal polynomial of an element β in GF(2 m ), and e be the degree of φ(x). Then e is the smallest integer s.t. β 2e = β; e m. If β is a primitive element of GF(2 m ), then all its conjugates are also primitive elements, and they all have the same order. p.15/23

Another view of minimal polynomials We covered this in class, so also refer to your class notes. Given F q, q = p m, we view the field as m-dimensional vector space over F p. Let α F q. Consider m + 1 elements: {1, α, α 2,...α m }. Since F q has dimension m over F p, these m + 1 elements must be linearly independent over F p. Therefore, there exist m + 1 elements, not all zero, A 0,...,A m such that: A 0 + A 1 α + A 2 α 2 + + A m α m = 0 IOW, If A(x) = A 0 + A 1 x + A 2 x 2 + + A m x m, then α satisfies the polynomial equation A(x) = 0. Now α may also be a root of other polynomials. So we define S(α) to be the set of all such polynomials: S(α) = {f(x) F p (x) : f(α) = 0} Clearly, S(α) is non-empty set and contains at least one polynomial of degree m. p.16/23

p.17/23 Continuing... Let p(x) be a non-zero polynomial of least degree in S(α), and let f(x) be any other polynomial in S(α). By division: f(x) = q(x)p(x) + r(x), deg(r(x)) < deg(p(x)) Since f(α) = p(α) = 0 then r(α) = 0 as well, but this contradicts the fact that deg(p(x)) is minimal, unless r(x) = 0. So, we conclude that p(x) f(x). [This is what Thm 2.13, 2.14, 2.16 in the notes are all about.] Moreover p(x) is irreducible. Otherwise p(x) = a(x) b(x). Since p(α) = 0 we would have a(α) = 0 or b(α) = 0; which would again contradict the minimality of the degree of p(x). This polynomial p(x) is called the minimal polynomial of element α w.r.t. the field F q. If we make p(x) monic (leading coefficient = 1) then p(x) is unique.

p.18/23 Minimal Polynomial theorem Theorem 1 Suppose F q is a field with q = p m elements. Associated with each α F q, there is a unique, monic irreducible polynomial p(x) F p (x) with the following properties: p(α) = 0 deg(p) m If f(x) is another polynomial in F p (x) with f(α) = 0, then p(x) f(x). Now you can understand that a minimal polynomial of a primitive root (primitive element) of the field is the primitive polynomial. The above results, take together with conjugates of the roots, is what Section 2.5 pp. 47-54 in the notes is all about.

Discussions on Algorithms in GF Does there exist an algorithm to find irreducible polynomials in GF(2) of degree m? Yes, but this is a very difficult problem. Polynomial-time Probabilistic algorithms are known. See: Victor Shoup, Fast construction of irreducible polynomials over finite fields, Journal of Symbolic Computation 17:371-391, 1994. Given an irreducible polynomial, is it also a primitive polynomial? Algorithms exist. Porto, Guida, Montolivo, Fast Algorithm for finding primitive polynomials over GF(q), Electronic Letters, 1992, vol 28, no. 2. p.19/23

Algorithmic Computations in GF In general: Irreducible and primitive polynomials are known and precomputed for sufficiently large m (say, m = 1024). In most applications, we pick a primitive polynomial, and construct the field using the primitive element. Given a field GF(2 m ), Find primitive roots: Gauss algorithm. Given α GF(2 m ), find (α) 1 : Extended Euclidean Algorithm. Given a polynomial in GF(2 m ), find its roots: Again, algorithms exist, but not super-efficient. p.20/23

p.21/23 Gauss Algorithm: Primitive Root If order(α) = t, then order(α i ) = t. gcd(i,t) Let φ(t) denote the number of integers in the set {0, 1,...,t 1} that are relatively prime to t. Note, φ(p) = p 1. Given F q, and t N. If t (q 1), there are φ(t) elements of order t. Otherwise, there are no elements of order t. There always exists at least one element (actually, exactly φ(q 1) elements) of order q 1. [Primitive root!]

p.22/23 Gauss algorithm G1: Set i = 1. Let α 1 be a non-zero element of F. Let ord(α 1 ) = t 1. G2: If t i = q 1, α i is primitive root. G3: Otherwise, choose non-zero β which is not a power of α i. Let ord(β) = s. If s = q 1, set α i+1 = β, and stop. G4: Otherwise, find: d t i, e s with gcd(d,e) = 1 AND d e = lcm(t i,s). Let α i+1 = α t i/d β s/e, and t i+1 = lcm(t i,s). Increment i and go to G2.

p.23/23 Gauss continued.. Order s of β will not divide t i. So, lcm(t i,s) will be greater than t i. The decomp. step (d, e) is always possible. [E.g.: t 1 = 12,s = 18, then d = 4,e = 9 works! Element α ti/d has order d and β s/e has order e. So order α t i/d β s/e = lcm(t i,s). Result: If ord(α) = m and ord(β) = n, with gcd(m,n) = 1, then order(α β) = m n.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback