PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields

PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields 4.2 Modular Arithmetic 4.3 The Euclidean Algorithm 4.4 Finite Fields of the Form GF(p) 4.5 Polynomial Arithmetic 4.6 Finite Fields of the Form GF(2n)

4.1 Groups, Rings, and Fields Groups • A groupG, denoted by {G, } : a set of elements with a binary operation, denoted by  • The following axioms are obeyed. (A1) Closure : For a, b G, a b  G (A2) Associative : a (bc) = (a b)c for all a,b,c  G (A3) Identity element :  e  G such that ea = ae = a (A4) Inverse element : For each a,  a1  Gsuch that aa1 = e (A5) Commutative : a b = b a for a, b G • A group is said to beabelianif it satisfies (A5) • finite group (finite order), infinite group

4.1 Groups, Rings, and Fields Groups • Example : Define Sn to be the set of all permutations of n distinct symbols. Each element of Snis represented by a permutation of the integers in {1,2,…, n}. Snis a group A1 : For ,  Sn,thecomposite mapping     Sn For example,  = {3, 2, 1},  = {1, 3, 2}    = {2, 3, 1}  Sn A2 : The composition of mappings is easily seen to be associative. A3 : For Sn the identity element is{1, 2, …, n} A4 : For any = {2, 3, 1},  Sn ,  1 = {3, 1, 2}  Sn {2, 3, 1} {3, 1, 2} = {1, 2, 3}

4.1 Groups, Rings, and Fields Cyclic Group • define exponentiation as repeated application of group operator a3 = a a a • let identity be: e=a0 • A groupGis cyclic if every element is a power of some fixed element • b = akfor some a and every b G • a is said to be a generator of the groupG • Additive finite group G = {0, 1, 2, 3, 4, 5, 6 } G is cyclic group; identity = 0 ( 10 ) , generator = 1 3 = 13 = 1 + 1 + 1

4.1 Groups, Rings, and Fields Rings • A ring R, denoted by { R, +,  } is a set of elements with two binary operations called addition and multiplication such that for all a, b, c in R, the following axioms are obeyed : (A1 ~ A5) : an abelian group with addition operation (M1) Closure under multiplication: fora, b R, a  b  R (M2) Associativity of multiplication : fora, b, c R a (bc) = ( a  b ) c (M3) Distributive laws: fora, b, c R a (b + c) = a  b + a  c, (a+ b) c = a  c + b  c • Ring : the set of all n-square matrices over real numbers

4.1 Groups, Rings, and Fields Rings • A ring is said to be commutative if it satisfies the following condition: (M4) commutativity of multiplication : fora, b R, ab = ba • Let S be the set of even integers under the usual addition and multiplication : S is a comm. ring. Integral domain • An integral domain, which is a commutative ring that obeys the following axioms: (M5) Multiplicative identity : for alla R,  1  R such that a1 = 1a = a (M6) No zero divisors : If a, b in R and ab = 0, then either a = 0 or b = 0.

4.1 Groups, Rings, and Fields Fields • A field F, denoted by { F, +,  } is a set of elements with two binary operations, called addition and multiplication such that for all a, b, c in F the following axioms are obeyed : (A1~M6)F is an integral domain: F satisfies axioms A1-M6 (M7) Multiplicative inverse : For each a in F, except 0,  a1  F such that aa1 = (a1)a = 1 • A field is an additive abelian group and multiplicative group • have hierarchy with more axioms/laws • groupring field

4.1 Groups, Rings, and Fields Abelian group (A1) Closure under addition (A2) Associativity of addition (A3) Additive identity (A4) Additive inverse (A5) Commutativity of addition (M1) Closure under multiplication (M2) Associativity of multiplication (M3) Distributive law (M4) Commutativity of multiplication (M5) Multiplicative identity (M6) No zero divisors (M7) Multiplicative inverse Group Commutative ring Integral Domain Ring Field Fig. 4.1 Groups, Rings, and Fields

4.2 Modular Arithmetic • n : positive integer, a : any nonnegative integer a = qn + r 0  r n; q = a/n • define modulo operator “a mod n” to be remainderr (residue) when a is divided by n (modulus) eq : 11 mod 7 = 4 • Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod n). a and b have same remainder. a b (mod n) eq : 73  4 (mod 23), 21   9 (mod 10) • Process is known as modulo reduction

4.2 Modular Arithmetic Divisors • A non-zero number bdividesa if for some m,a = mb where a, b, m are all integers; i.e. b divides into a with no remainder; denoted by b|a • If b|a then b is a divisor of a; 1,2,3,4,6,8,12,24 divide 24 • If a|1, then a =  1, If a|b and b|a, then a = b • Any b  0 divides 0. • If b|g and b|h, then b|(mg + nh) for integers m, n Properties of Congruence • Congruence have the following properties 1. ab (mod n) if n|(a – b) 2. ab (mod n)  n|(b – a) 3. ab (mod n) and bc (mod n)  ac (mod n)

4.2 Modular Arithmetic Modular Arithmetic Operations • The (mod n) operator maps all integers into the set of integers {0, 1, …, (n – 1)}; 'clockarithmetic‘ • Modular arithmetic exhibits following properties: 1. (a + b) mod n = [(a mod n) + (b mod n)] mod n 2. (ab) mod n = [(a mod n)  (b mod n)] mod n 3. (ab) mod n = [(a mod n)  (b mod n)] mod n • Define (a mod n) = ra; a = jn + ra for some j (b mod n) = rb b = kn + rb for some k (a + b) mod n= (jn + ra + kn + rb) mod n = (ra + rb + (k + j)n ) mod n = (ra + rb) mod n = [(a mod n) + (b mod n)] mod n

4.2 Modular Arithmetic Properties of Modular Arithmetic • Define the set Zn as the set of nonnegative integers less than n:set of residue, residue classes modulon. Zn = {0, 1, … , n 1} • The residue classes modulon [r] = { a | a is an integer, a r (mod n) } The residue classes modulo 4 : { [0], [1], [2], [3] } • Zn= a commutative ring for additionwith amultiplicative identity; Table 4.2 Properties of Modular Arithmetic for Zn • Two integers are relatively prime if their only common positive integer factor is 1.

4.2 Modular Arithmetic Properties of Modular Arithmetic • if (a+b)= (a + c) mod n then b = c mod n (a): additive inverse of a ((a) + a + b) = ((a) + a + c) mod n  b = c mod n • if (a  b)= (a c) mod n, then b = c mod n only if a is relatively prime to n if a is relatively prime to n, then  a1 ((a1)  a  b)= ((a1)  a c) mod n  b = c mod n

4.3 The Euclidean Algorithm Greatest Common Divisor (gcd) • gcd : A common problem in number theory. • gcd(a, b) : (greatest common divisor of a and b) is the largest number that divides evenly into both a and b • gcd(a, b) = max{ k ; such that k|a and k|b } • gcd(60,24) = 12 • If gcd(a, b) = 1, i.e. if a and b have no common factors (except 1) and hence a and b are relatively prime • gcd(8,15) = 1  8 and 15 are relatively prime Finding the Greatest Common Divisor • The Euclidean algorithm : based on the following fact. gcd(a, b) = gcd(b, a mod b) for any positive integer a, b

4.3 The Euclidean Algorithm Finding the Greatest Common Divisor gcd(a, b) = gcd(b, a mod b) Proof: Let d = gcd(a, b). We have d|a, d|b. a can beexpressed a = kb + r r (mod b) a mod b = r where k, r I Thus (a mod b) = r = a – kb. Since d|a, d|b,  d|(a mod b) This means that d is a common divisor of b and (a mod b). Conversely, let d = gcd(b, (a mod b)) d|b, d|(a mod b). Then d|kb and d|(kb + (a mod b))  d|a. Thus, d =gcd(a, b) • Euclidean Algorithm to compute gcd(a,b) : Euclid(a,b) // Input : a, b; Output : gcd(a, b) // Step 1: A = a; B = b; Step 2: if B == 0 return A = gcd(a, b); Step 3: R = A mod B; Step 4: A = B;B = R; goto Step 2

4.3 The Euclidean Algorithm Finding the Greatest Common Divisor • To find gcd(1970, 1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0) Therefore, gcd(1970, 1066) = 2

4.4 Finite Fields of The Form GF(p) • Finite fields play a key role in cryptography • The number of elements in a finite field must be a power of a prime pn • The finite field of order pnisknown as Galois fields, denoted by GF(pn). • in particular often use the fields: • GF(p) : prime field ( n = 1); • GF(2n): binary field (p = 2) Finite Fields of order p • GF(p) is the set of integers {0,1, … , p1} with arithmetic operations modulo prime p

4.4 Finite Fields of The Form GF(p) Finite Fields of order p • Any integer Zn = {0, 1, …, n – 1} has a multiplicative inverse  the integer is relatively prime to n. If n is prime, then all of the nonzero integer in Zn are relatively prime to n, and there exists a multiplicative inverse for them. • For each w  Zp w  0, there exists a z  Zp such that wz = zw = 1 • Zp is in fact a finite field GF(p); hence can do addition, subtraction, multiplication, and division. • Table 4.3 shows arithmetic in GF(7) (next slide)

4.4 Finite Fields of The Form GF(p) Table 4.3 Arithmetic in GF(7)

4.4 Finite Fields of The Form GF(p) Finding the Multiplicative Inverse in GF(p) • How to find the multiplicative inverse of an element a in a finite filed GF(p); Extended Euclidean Algorithm Extended Euclid(a, b) INPUT : two non-negative integers a and b with a b OUTPUT: d = gcd(a, b) and integers x, y such that ax + by = d Step 1: if b = 0 then d  a, x  1, y  0 and return (d, x, y); Step 2: Set x2  1, x1 0, y2  0, y1  1; Step 3: While b > 0 do 3.1:q  a/b, r  a – qb, x  x2 – qx1, y  y2 – qy1 ; 3.2: a  b, b  r, x2  x1, x1 x, y2  y1, y1  y; Step 4: Setd  a, x  x2, y  y2 and return (d, x, y) • Extended Euclid (p, a); px + ay = 1  y = a1 mod p

4.4 Finite Fields of The Form GF(p) Finding the Multiplicative Inverse in GF(p) • Extended Euclid (p, a); px + ay = 1  y = a1 mod p px + ay = 1 ay = 1 – px  ay  1 (mod p) • Example : Find the inverse of 3 in GF(7); 31 = 5 q r x y a b x2 x1 y2 y1 - - - - 7 3 1 0 0 1 2 1 1 2 3 1 0 1 1 2 3 0 3 6 1 0 1 3 2 6 d  a = 1, x  x2 = 1, y  y2 = 2 (  5)  px + ay = d  7(1) + 3(5) = 1  31 = 5

4.5 Polynomial Arithmetic Ordinary Polynomial Arithmetic • A polynomial of degree n (n0) is an expression of the form; • The variable x is referred to as the indeterminate • ai: i-th coefficient : an element of coefficient setSSuch polynomials are defined over S; an 0 • A zeroth-degree polynomial is called constantpolynomial; if an = 1, monic polynomial • Polynomial arithmetic operations : addition, subtraction, multiplication, division.

4.5 Polynomial Arithmetic Ordinary Polynomial Arithmetic • polynomialaddition and subtraction, multiplication • See Fig. 4.3 Example of polynomial Arithmetic

4.5 Polynomial Arithmetic Polynomial Arithmetic with Coefficient in Zp • A polynomial of degree n (n0) is an expression of the form; where ai Zp • When computing value of each coefficient do calculation modulo any prime p F[x] = { f | } : Polynomial ring • Polynomial arithmetic operations : addition, subtraction, multiplication. When polynomial arithmetic is performed over a field, then division is possible. (coefficients  Zp )

4.5 Polynomial Arithmetic Polynomial Arithmetic with Coefficient in Zp • Division : r(x) = f(x) mod g(x) • If there is no remainder (r(x) = 0),g(x) dividesf(x); denoted by g(x) | f(x). g(x) is a factor of f(x) or g(x) is a divisor of f(x) • A polynomial f(x) over a field F is called irreducible f(x)cannot be expressed as a product of two polynomials. An irreducible polynomial is called a prime polynomial • An arithmetic modulo an irreducible polynomial forms a field. F[x] / f(x)

4.5 Polynomial Arithmetic Finding the Greatest Common Divisor • The polynomial c(x) is said to be the greatest common divisor of a(x) and b(x); c(x) = gcd(a(x), b(x)) if (1) c(x) divides both a(x) and b(x) (2) any divisor of a(x) and b(x) is a divisor of c(x) • Can adapt Euclid’s Algorithm to find it: EUCLID(a(x), b(x)) Step 1: A(x) a(x); B(x) b(x); Step 2:if B(x) = = 0 return A(x) = gcd[a(x), b(x)]; Step 3:R(x) A(x) mod B(x); Step 4:A(x) B(x); B(x) R(x); Step 5:goto Step 2;

4.6 Finite Fields of the Form GF(2n) • F[x]; Polynomial ring over a field Zp(GF(p));(p =prime) • m(x): An irreducible polynomial of degree n • F[x]/m(x) (= set of polynomials less than degree n ) • forms a field GF(pn) : Extension fields of GF(p) • GF(pn) = { an1xn1 + an2xn2 +  + a1x + a0 } ai  Zp • Let p = 2; GF(2n) : called binary field • GF(2n) : Extension Field of GF(2) (= Z2) = { 0, 1 } • GF(2n) = { (an1, an2,…, a1, a0) } ai GF(2) = {0, 1} • = { an1xn1 + an2xn2 + + a1x + a0 }

4.6 Finite Fields of the Form GF(2n) Table 4.6 Polynomial Arithmetic Module (x3 + x + 1) (a) Addition

4.6 Finite Fields of the Form GF(2n) Table 4.6 Polynomial Arithmetic Module (x3 + x + 1) (a) Multiplication

4.6 Finite Fields of the Form GF(2n) Computation Consideration • Addition becomes XOR of these bit strings • Multiplication is shift & XOR. • Modulo reduction done by repeatedly substituting highest power with remainder of irreducible polynomial (also shift & XOR) • Example : x x+1 x2 x2+1 x2+x x2+x+1 GF(23) = { 000, 001, 010, 011, 100, 101, 110, 111} m(x) = x3+x+1 Addition : (x2+1) + (x2+x+1) = x; 101  111 = 010 Multiplication : (x+1)(x2+1) = x(x2+1)+1(x2+1) = x3+x2+x+1 (011)(101) = (101)<<1(101)<<0=1010 101= 1111

4.6 Finite Fields of the Form GF(2n) Computation Consideration Modulo reduction: (x3+x2+x+1 ) mod (x3+x+1) = 1(x3+x+1) + (x2) = x2 1111 mod 1011 = 1111  1011 = 0100 Using Generator • A generatorgof a finite field F of order q (contains q elements) is an element whose first q – 1 powers generate all non-zero elements of F. That is, the elements of F consists of 0, g0, g1, …, gq2 • A generator is a root of the irreducible polynomialf(x) For example, f(x) = x3+x+1 : irreducible polynomial f(g) = 0  f(g) = g3+g+1= 0  g3 = g+1

4.6 Finite Fields of the Form GF(2n) Using Generator Table 4.8Generator forGF(23) usingx3 + x + 1

KEY POINTS • Afieldis set of elements on which two arithmetic operations (addition and multiplication) have been defined and which has the properties of ordinary arithmetic such as closure, associativity, commutativity, and having both additive and multiplicative inverses. • Modular arithmeticis a kind of integer arithmetic that reduces all numbers to one of a fixed set [0, …, n – 1]for some number n. Any integer outside this range is reduced to one in this range by taking the remainder after division by n. • The greatest common divisor of two integers is the largest positive integer that exactly divides both integers.

KEY POINTS • Finite fieldsare important in several area of cryptography. A finite field is simply a field with a finite number of elements. It can be shown that the order of afinite field (number of elements in the field) must be a power of a prime pn, where n is a positive integer. • Finite fields of order p can be defined using arithmetic mod p • Finite fields of order pn, for n > 1 can be defined using arithmetic over polynomials.

Summary • have considered: • concept of groups, rings, fields • modular arithmetic with integers • Euclid’s algorithm for GCD • finite fields GF(p) • polynomial arithmetic in general and in GF(2n)

PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields

PART I Symmetric Ciphers CHAPTER 4 Finite Fields 4.1 Groups, Rings, and Fields

Presentation Transcript

Finite Fields

SYMMETRIC CIPHERS

Rings,Fields

Chapter 4 – Finite Fields

Rings and fields

Cryptography and Network Security, Finite Fields

Chapter 4 – Finite Fields

Chapter 4 – Finite Fields Introduction

Applied Cryptography (Finite Fields)

I-4 Simple Electrostatic Fields

PART I Symmetric Ciphers CHAPTER 7 Confidentiality

Chap. 4: Finite Fields

6.6 Rings and fields

Finite Fields

Chap. 4: Finite Fields

Finite fields

Rings, Fields

Finite Fields