Chap. 4: Finite Fields

Chap. 4: Finite Fields

Jen-Chang Liu, 2004

Adapted from lecture slides by Lawrie Brown

The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence.

— Living with Birds, Len Howard

Len Howard British naturalist, who studied bird

behaviors Publications:

Birds as Individuals (1953) Living with Birds (1956).

Introduction Finite fields: increasing importance in

cryptography AES, Elliptic Curve, IDEA, Public Key

Goal: mathematics for GF(2n)

01100…0100

Plaintext: 2n

11010…0111

Ciphertext: 2n

T(Plaintext, Key)

1. Arbitrary mapping => large keys2. Mathematical form, ex. Hill cipher

Outline Group, rings, and fields Modular arithmetic Finite fields of the form GF(p) Euclid’s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2n)

Motivation 在封閉且有限的數集合中，可操作的運算種

類？ (+, -, x, /)

Group

Ring

Field

+,-

+,-,x

+,-,x,/

Group Group: {G, •}

G: a set of elements •: binary operation to each pair (a,b) in G

obeys: closure: a•b is also in G associative law: (a•b)•c = a•(b•c) has identity e: e•a = a•e = a has inverses a-1: a•a-1 = e

if commutative a•b = b•a then forms an abelian group

Example: group

1. Set of integers under addition=> Abelian group

2. N symbols : Nn={1, 2, …, n} Set Sn: all permutations over Nn

Binary operation •: permutation according to the first element

=> Group

{{1, 2, …, n}, {2, 1 …, n}, …, {n, n-1, …, 1}}

{3,2,1}•{1,3,2}={2,3,1}

Cyclic Group define exponentiation as repeated

application of operator example: a3 = a•a•a

and let identity be: e=a0

a group is cyclic if every element is a power of some fixed element i.e. b = ak for some a and every b in group a is said to be a generator of the group

EX. integers with addition: 1 as the generator

Ring Ring: {R, +, x}

R: a set of “numbers” +, x: two operations (addition and

multiplication) Ring obeys

{R,+}: an abelian group multiplication:

has closure is associative: ax(bxc)=(axb)xc distributive over addition: ax(b+c) = axb + axc

if multiplication operation is commutative, it forms a commutative ring axb = bxa

Example: Ring The set of even integers (pos, neg, and

0) Commutative ring

Field Field: {F, +, x}

F: a set of numbers +, x: two operations (addition and

multiplication) Field obeys:

Ring {F, +}: abelian group for addition {F\0, x}: abelian group for multiplication

(ignoring 0) i.e. with multiplication inverse => division is

possible {Z, +, x} ?

Field for n-bit block?

01100…0100

Plaintext: 2n

11010…0111

Ciphertext: 2n

+: additionx: multiplication

?

Problems: 1. the set of plaintext (and ciphertext) finite 2. how to define +,-,x,/ operations

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid’s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2n)

Modulo operator modulo operator: a mod n to be the

remainder (>0) when a is divided by n

) mod (/ nannaa , a and n are integers

Modulo operator (cont.) Integers a and b are congruence

modulo n a ≡ b mod n when divided by n, a & b have same

remainder eg. 100 = 34 mod 11

b is called the residue of a: b= a mod n integers can always write: a = qn + b usually have 0 <= b <= n-1 -12 mod 7 ≡ -5 mod 7 ≡ 2 mod 7 ≡ 9 mod 7

Integers Modulo 7 Example

... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ...

congruence

Z7: residue classmodulo n

(mod n) maps all integers into the set Zn={0, 1, 2, …, n-1} Can we perform arithmetic (+,-,x,/)

with this set?

Modular Arithmetic We can do modular arithmetic with any

set of integers: Zn={0, 1, … , n-1} Under normal arithmetic (+,-,x) Properties:

1. [(a mod n)+(b mod n)] mod n = (a+b) mod n

2. [(a mod n)- (b mod n)] mod n = (a-b) mod n3. [(a mod n)x (b mod n)] mod n = (axb) mod

n

Modulo 8(=23) Example

FindAdditiveinverse

=> group

Modulo 8(=23) Example

Not all haveMulti. Inverse Not a field

Does notproduce allelements inZ8

Modular Arithmetic (cont.) Peculiarities compared with ordinary

arith. if (a+b)≡(a+c) mod n then b≡c mod n Existence of (-a):

if (ab)≡(ac) mod n then b≡c mod n ? Existence of (a-1) ?

((-a)+a+b)≡((-a)+a+c) mod n

((a-1) ab)≡((a-1) ac) mod n

Not always true, eg. n=8Multiplicative inverse exists iff. a is relatively prime to n

Question Do we have a finite field within Zn ?

Modulo 7 example: addition

Yes foradditive inverse

Modulo 7 Example: multiply

Yes formulti. inverse

Question Do we have a finite field within Zn ? Galois field

GF(p): ZP ,the modulo p is a prime number Under ordinary arithmetic

GF(pn): , p is a prime number 23 does not form a field under normal

arithmetic Under polynomial arithmetic

npZ


Galois Fields: GF(p) Theorem: Zn={0,1,…,n-1} is a commutative

ring. Any integer aZn in has a multiplicative inverse iff a is relatively prime to n

In other words, If n is a prime number, then all nonzero

integers in Zn are relatively prime to n

=> all nonzero integers in Zn have multiplicative

inverses=> Zn is a finite field=> GF(p), p is a prime

Galois Fields: GF(p) GF(p) is the set of integers {0,1, … , p-

1} with arithmetic operations modulo prime p

these form a finite field since have multiplicative inverses

hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

Example: GF(2)

+ 0 1

01

0 11 0

x 0 1

01

0 00 1

w -w w-1

01

0 x1 1

XOR AND

Q: How to find the multiplicative inverse?

For GF(7), it is easy to build a table

For GF(1759), how to find the multiplicative inverse of 550?

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid’s algorithm (find GCD) and

extended Euclid’s algorithm (find multiplicative inverse)

Polynomial arithmetic Finite fields of the form GF(2n)

Greatest Common Divisor (GCD)

a common problem in number theory GCD (a,b) of a and b is the largest

number that divides evenly into both a and b eg. GCD(60,24) = 12

GCD(.,.)=1: no common factors (except 1) and hence numbers are relatively prime eg. GCD(8,15) = 1 hence 8 & 15 are relatively prime

Euclid's GCD Algorithm uses theorem that: (a>b>0)

GCD(a,b) = GCD(b, a mod b)

To prove: The set of common divisors of a and b = The set of common divisors of a and (a mod b)

Example GCD(1970,1066)1970 = 1 x 1066 + 904 gcd(1066, 904)1066 = 1 x 904 + 162 gcd(904, 162)904 = 5 x 162 + 94 gcd(162, 94)162 = 1 x 94 + 68 gcd(94, 68)94 = 1 x 68 + 26 gcd(68, 26)68 = 2 x 26 + 16 gcd(26, 16)26 = 1 x 16 + 10 gcd(16, 10)16 = 1 x 10 + 6 gcd(10, 6)10 = 1 x 6 + 4 gcd(6, 4)6 = 1 x 4 + 2 gcd(4, 2)4 = 2 x 2 + 0 gcd(2, 0)

Finding Inverses can extend Euclid’s algorithm:

EXTENDED EUCLID(m, b)1.(A1, A2, A3)=(1, 0, m);

(B1, B2, B3)=(0, 1, b)2. if B3 = 0

return A3 = gcd(m, b); no inverse3. if B3 = 1

return B3 = gcd(m, b); B2 = b–1 mod m4. Q = A3 div B35. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)6. (A1, A2, A3)=(B1, B2, B3)7. (B1, B2, B3)=(T1, T2, T3)8. goto 2

Inverse of 550 in GF(1759)

( 商 )

4 1 0

B2=A2-Q*B2=0-3*1=-3

inverse

Recall: inverse matrix in Hill cipher

Find inverse matrix for

Note that 26 is not a prime, not every element in {0,1,2,…,25} has multiplicative inverse

Inverse formula:

75

49K

921

227

43

1

95

47

4579

11K

Inverse of Hill cipher

Q A3 B3 26 171 17 91 9 81 8 18 1 0

A2 B2 0 1 1 -1-1 2 2 -3

2515

125

207483

506161

921

22723

921

227

17

11K

Multiplicative inverse


Motivation for GF(2n) For a 8-bit block

Z256 ={0,1,…,255} is not a field => no division

The largest prime < 256 is 251 Z251 ={0,1,…,250} is a field => 251,

…,255 are wasted Is that possible to find a field for Z256 ?

Yes. Define new arithmetic operations for Z256

Mapping from GF(2n) to polynomials

Ex. 8-bit block

10010111

01234567 11101001 xxxxxxxx =>

• To build the field for {0,1,2,…,2n-1}=> Require modular polynomial arithmetic

Polynomial Arithmetic Polynomials

3 polynomial arithmetic available: ordinary polynomial arithmetic Polynomial with coefficients in Zp; arithmetic

on the coefficients is performed modulo p Polynomial with coefficients in Zp, and the

polynomials are defined modulo a polynomial m(x); arithmetic on the coefficients is performed modulo p

1. Ordinary Polynomial Arithmetic

Add(+) or subtract(-) corresponding coefficients

Multiply(x) all terms by each other eg. 1101, 0111

f(x) = x3 + x2 + 1 and g(x) = x2 + x + 1f(x) + g(x) = x3 + 2x2 + x + 2f(x) – g(x) = x3 - x f(x) x g(x) = x5+2x4+2x3+2x2+x+1

GF(24) ?1. Not in {0,1} 2. degree>3

2. Polynomial Arithmetic with Modulo Coefficients

Polynomial coefficients are in a field F={p,+,x}

We are most interested in coefficients in GF(2) eg. 1101, 0111 let f(x) = x3 + x2 + 1 and g(x) = x2 + x + 1f(x) + g(x) = x3 + x f(x) x g(x) = x5 + x + 1GF(24) ?

degree > 3

3. Modular Polynomial Arithmetic for GF(2n)

Polynomial coefficients are in a field F={p,+,x} Ex. coefficients are in GF(2)

If multiplication results in poly. of degree > n-1 Reduce it by modulo some irreducible poly.

m(x) f(x) = q(x) m(x) + r(x)=> r(x) = f(x) mod m(x)

if m(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial

GF(23) =m(x)

Modular Polynomial Arithmetic

Computation in field GF(2n) polynomials with coefficients modulo 2 whose degree is less than n hence must reduce modulo an irreducible

poly of degree n (for multiplication only) Can always find an inverse

Extended Euclid’s Inverse algorithm to find

Computational Considerations

since coefficients are 0 or 1, can represent any such polynomial as a bit string

addition becomes XOR of these bit strings

multiplication is shift & XOR modulo reduction done by repeatedly

substituting highest power with remainder of irreducible poly (also shift & XOR) – see textbook for details

Summary

01100…0100

Plaintext: 2n

11010…0111

Ciphertext: 2n

Mathematicswithin GF(2n)

Documents

Chap. 4: Finite Fields