1 / 34

COM5336 Cryptography Lecture 12 Construction & Basic Properties of Finite Fields

COM5336 Cryptography Lecture 12 Construction & Basic Properties of Finite Fields. Scott CH Huang. COM 5336 Cryptography Lecture 10. COM5137: Finite Field and Its Applications in Engineering. Construction of Finite Fields. Ideas. We wish to construct a finite field from a Euclidean domain.

hija
Télécharger la présentation

COM5336 Cryptography Lecture 12 Construction & Basic Properties of Finite Fields

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. COM5336 CryptographyLecture 12Construction & Basic Properties of Finite Fields Scott CH Huang COM 5336 Cryptography Lecture 10

  2. COM5137: Finite Field and Its Applications in Engineering Construction of Finite Fields COM 5336

  3. Ideas • We wish to construct a finite field from a Euclidean domain. • Elements of a Euclidean domain may not have multiplicative inverses. We wish to find this cause and somehow “remove” this cause. • The idea of “removing this cause” is analogous to “dividing an algebraic structure”. COM 5336

  4. Equivalence Relations • Let S be any set. A relation ~ on S is an equivalence relation iff the following three conditions hold: • Reflexivity: a~a for any a in S. • Symmetry: For any a,b in S, a~b implies b~a. • Transitivity: For any a,b,c in S, if a~b and b~c then a~c. • Any equivalence relation on a set induces a partition of this set. COM 5336

  5. Equivalence Relation on an Algebraic Structure • We may be able to define similar operations on these partitioned subsets. • However, we have to make sure such operations are well-defined. • The resulted “quotient” structure may be similar to the mother structure. i.e. quotient groups, quotient rings, quotient spaces (in a vector space),… COM 5336

  6. Theorem • Given a Euclidean domain D and a prime p. Then D mod p is a field. • Application: Consider the polynomial ring . Find an irreducible polynomial . Then is a field. COM 5336

  7. Direct Construction of Finite Fields • Consider the polynomial ring over a field .Find an irreducible polynomial . Then is a field. • In short, if we consider the polynomial ring over and find an irreducible polynomial of degree n, then is a finite field of pn elements. This is how we construct the Galois field GF(pn). • is also written as in some Math books. COM 5336

  8. An Example: GF(128) in AES • The irreducible polynomial: • GF(128) is constructed as COM 5336

  9. Alternative View of GF(pn) • Let be the irreducible polynomial used to construct GF(pn). • We can view GF(pn) as follows. “Imagine” is a solution to the equation . Then GF(pn) is a vector space over GF(p) of with basis and an “extra” relation • For example: Let be a solution to GF(128) is a vector space over with basis with the relation . COM 5336

  10. Number of Elements in Finite Fields • Theorem : Let be a finite field. Then , for some prime number and . COM 5336

  11. COM5137: Finite Field and Its Applications in Engineering Basic Properties of Finite Fields COM 5336

  12. Homomorphism • A homomorphism is a structure-preserving map between two algebraic structures. • The definition depends on the type of algebraic structure under consideration. • A group homomorphism is a homomorphism between two groups. • A ring homomorphism is a homomorphism between two rings. COM 5336

  13. Group Homomorphism • A group homomorphism from (G,*) to (H,·) is a function COM 5336

  14. Group Homomorphism (cont) • We define the kernel of h to be the set of elements in G which are mapped to the identity in H, i.e., • We define theimage of h to be • Ker(h) is a (normal) subgroup of G and Im(h) is a subgroup of H. • Lagrange Theorem: If G is a finite group and H is a subgroup of G. Then COM 5336

  15. Ring Homomorphism • A ring homomorphism from R to S is a function • h(u+v)=h(u)+h(v) • h(uv)=h(u)h(v) • The kernel of h is defined to be the set of elements in R mapped to the 0 in S, i.e., • Ker(h) is an ideal of R and Im(h) is a subring of S. COM 5336

  16. Isomorphism • If a homomorphism is bijective (both injective and surjective), it is called an isomorphism. COM 5336

  17. Subfield and Field Extension • If are both fields and . Then is called a field extension of and is called a subfield of . • We can view as a vector space over by defining the scalar product as field multiplication. COM 5336

  18. Ring Homomorphism from Zp to F • Let be a finite field and . • p must be a prime. (why?) • Define as follows: • h(0)=0. h(1)=1. • h(n+1)=h(n)+h(1) • h is a ring homomorphism. i.e., • h(m+n)=h(m)+h(n) • h(mn)=h(m)h(n) COM 5336

  19. Ring Homomorphism from Zp to F • h is injective. • Im(h) is a subfield of . • Therefore, contains a subfield isomorphic to . This subfield is called the prime subfield of . • Every field of characteristic p (p<∞) contains a prime subfield isomorphic to . In fact, every field of characteristic 0 contains a prime subfield isomorphic to . COM 5336

  20. Cyclic Subgroup and Order of an Element • Let G be a finite group and αG. • Since G is finite, the set {e,α,α2,…} is finite. At some point, there must be some repetition. • Let αk=αk+t be the first repetition. Then αt=e. This t is called the order of α, denoted by ord(α). COM 5336

  21. Multiplicative Structure of a Finite Field • Given a finite field . Consider the multiplicative group . • For any . We have . • Lemma: If and the deg(p(x))=m, then p(x)=0 can have at most m solutions. • Lemma: Let ord(α)=t. Then ord(αi) =t/gcd(i,t). COM 5336

  22. The Euler φ-function • φ(n) is defined as “the number of integers in {1,2,…,n-1} that are relatively prime to n. • Formally, • The multiplicative group has φ(n) elements. • Theorem: In any field , there are either no element of order t or exactly φ(t) elements of order t. • Theorem: COM 5336

  23. Theorem: Let be a finite field with q elements. . If t does not divide (q-1), then there are no elements of order t. If t divides (q-1), then there are exactly φ(t) elements of order t. • Corollary: In any finite field of size q, there exists at least one element α of order q-1. i.e., the multiplicative group is cyclic. (This can also be proved by applying the Fundamental Theorem of Finite Abelian Groups). • Definition: Such α is called a primitive root of . COM 5336

  24. Fundamental Theorem of Finite Abelian Groups Every finite abelian group G can be expressed as the direct sum of cyclic subgroups of prime-power order. In other words, every finite abelian group is isomorphic to where k1, k2,… can be are powers of primes. (Primary decomposition). Or equivalently, k1|k2, k2|k3 ,… (Invariant factor decomposition) COM 5336

  25. An Example of Finite Abelian Group Decomposition 360=23*32*5. COM 5336

  26. Proof of Existence of Primitive Elements • Let be a finite field. Then is a finite abelian group. • Apply the fundamental theorem of finite abelian group with invariant factor decomposition: where • Therefore, • The above means every element in is a solution to the equation , which has degree • Moreover, 0 is also a solution to this equation, so this equation has exactly solutions in . • Since the number of solutions in a field cannot exceed its degree, we have is cyclic and there exists an element of order . COM 5336

  27. Gauss’s Algorithm • Set i=1. Pick . Let ord(α1)=t1. • If ti=q-1, stop and return αi. • Otherwise we choose , β is not a power of αi. Let ord(β)=s. If s=q-1, stop and return αi+1 =β. • Otherwise we find d|ti and e|s with gcd(d,e)=1 and de=lcm(ti,s). Let αi+1 = and ti+1=lcm(ti,s). i=i+1. Goto step 2. COM 5336

  28. Lemma: Let ord(α)=m, ord(β)=n. gcd(m,n)=1. Then ord(αβ)=mn COM 5336

  29. Minimal Polynomials • Theorem 5.9: Let be a finite field of size pm . . Then there is a polynomial (where the prime subfield of ) such that • p(α)=0 • deg(p) ≤ m • If such that f(α)=0, then p(x)|f(x). • Such p(x) is called a minimal polynomial of α w.r.t. . If we only consider monic polynomials, then the minimal polynomial is unique. COM 5336

  30. Primitive Polynomials • For any finite field and , the minimal polynomial of α exists. (Why?) • The minimal polynomial of a primitive root of is called a primitive polynomial. • It is quite convenient to represent a finite field using its primitive polynomial. COM 5336

  31. Let be a finite field and be a subfield (not necessarily the prime subfield). Let . Then there is a unique monic polynomial such that • p(α)=0 • If such that f(α)=0, then p(x)|f(x). • Lemma: Let be a finite field and be a subfield (not necessarily the prime subfield). Let . Let . Then iff . COM 5336

  32. Conjugates • Let be two fields, . If p(α)=0. Then p(αq)=0. • Therefore, if α is a zero of p(x), so is • These elements are called the conjugates of α. COM 5336

  33. Number of Distinct Conjugates • The number d of distinct conjugates of α is called the degree of α. • Theorem: Let d be the degree of α and n is the dimension of vector space over . Then d|n, and d can be determined as the smallest integer holds. Moreover, if then COM 5336

  34. Explicit Formula for Minimal Polynomial • Let be a finite field and be one of its subfields with and . Let Then the minimal polynomial of αw.r.t. is given by where d is the degree of α w.r.t. . COM 5336

More Related