Chap4

--VIJAY KATTA----VIJAY KATTA-- 11

Chapter 4 Chapter 4 Finite FieldsFinite Fields


❏ To review the concept of algebraic structures

❏ To define and give some examples of groups

❏ To define and give some examples of rings

❏ To define and give some examples of fields

❏ To emphasize the finite fields of type GF(2n) that make it possible to perform operations such as addition, subtraction, multiplication, and division on n-bit words in modern block ciphers

Objectives

Chapter 4

4.#4.# 33

4-1 ALGEBRAIC STRUCTURES4-1 ALGEBRAIC STRUCTURES

Cryptography requires sets of integers and specific Cryptography requires sets of integers and specific operations that are defined for those sets. The operations that are defined for those sets. The combination of the set and the operations that are combination of the set and the operations that are applied to the elements of the set is called an applied to the elements of the set is called an algebraic algebraic structurestructure. In this chapter, we will define three common . In this chapter, we will define three common algebraic structures: groups, rings, and fields.algebraic structures: groups, rings, and fields.

Topics discussed in this section:Topics discussed in this section:

4.1.1 Groups4.1.2 Rings4.1.3 Fields


IntroductionIntroduction

of increasing importance in cryptographyof increasing importance in cryptographyAES, Elliptic Curve, IDEA, Public KeyAES, Elliptic Curve, IDEA, Public Key

concern operations on “numbers”concern operations on “numbers”where what constitutes a “number” and the where what constitutes a “number” and the

type of operations varies considerablytype of operations varies considerablystart with concepts of groups, rings, fields start with concepts of groups, rings, fields

from abstract algebrafrom abstract algebra


4.1 Continued

Figure 4.1 Common algebraic structure


Group: {G, Group: {G, }}

a set of elements or “numbers” with a binary a set of elements or “numbers” with a binary operator “operator “”.”.

obeys:obeys: closureclosure: a: aG, bG, bG G a a b b G G associative law:associative law: (a (a b) b) c = a c = a (b (b c) c) has identity has identity ee:: e e a = a a = a e = a e = a has inverses has inverses aa-1-1:: a a a a-1-1 = e = e

if commutative if commutative a a b = b b = b a a then forms an then forms an abelian groupabelian group


4.1.1 Continued

Figure 4.2 Group


4.1.1 Continued

Application

Although a group involves a single operation, the properties imposed on the operation allow the use of a pair of operations as long as they are inverses of each other.

The set of residue integers with the addition operator, G = < Zn , +>, is a commutative group. We can perform addition and subtraction on the elements of this set without moving out of the set.

Example 4.1


4.1.1 Continued

The set Zn* with the multiplication operator, G = <Zn*, ×>, is also an abelian group.

Example 4.2

Let us define a set G = < {a, b, c, d}, •> and the operation as shown in Table 4.1.

Example 4.3


Cyclic GroupCyclic Group

define define exponentiationexponentiation as repeated as repeated application of operatorapplication of operatorexample:example: aa33 = a = a a a a a

and let identity be:and let identity be: e=e=aa00

a group is a group is cycliccyclic if every element is a if every element is a power of some fixed element power of some fixed element aaGG ie ie b =b = aakk for some for some aa and every and every bb in group in group

aa is said to be a is said to be a generatorgenerator of the group of the group


Ring: {R, +, Ring: {R, +, }} a set of “numbers” with two operations (addition a set of “numbers” with two operations (addition

and multiplication) which are:and multiplication) which are: an an abelian groupabelian group with addition operation with addition operation multiplication:multiplication:

has closurehas closure is associativeis associative distributive over addition:distributive over addition: a(b+c) = ab + aca(b+c) = ab + ac

if multiplication operation is commutative, it forms a if multiplication operation is commutative, it forms a commutative ringcommutative ring (ab = ba).. a,b (ab = ba).. a,b R R

if if multiplication operation has multiplicative identity multiplication operation has multiplicative identity and no zero divisors, it forms an and no zero divisors, it forms an integral domainintegral domain


4.1.2 Ring

A ring, R = <{…}, •, >, is an algebraic structure with two operations.

Figure 4.4 Ring


4.1.2 ContinuedExample 4.11

The set Z with two operations, addition and multiplication, is a

commutative ring. We show it by R = <Z, +, ×>. Addition satisfies

all of the five properties; multiplication satisfies only three

properties.


Field {F, +, Field {F, +, }}

a set of numbers with two operations:a set of numbers with two operations:abelian group for additionabelian group for addition abelian group for multiplication (ignoring 0)abelian group for multiplication (ignoring 0) RingRing

obeys:obeys:

has multiplicative inverses has multiplicative inverses aa-1-1::

a a a a-1-1 = e = e


4.1.3 Field

A field, denoted by F = <{…}, •, > is a commutative ring in which the second operation satisfies all five properties defined for the first operation except that the identity of the first operation has no inverse.

Figure 4.5 Field


4.1.3 Continued

Galois showed that for a field to be finite, the number of elements should be pn, where p is a prime and n is a positive integer.

Finite Fields

A Galois field, GF(pn), is a finite field with pn elements.

Note


4.1.3 Continued

When n = 1, we have GF(p) field. This field can be the set Zp, {0, 1, …, p − 1}, with two arithmetic operations.

GF(p) Fields



A very common field in this category is GF(2) with the set {0, 1}

and two operations, addition and multiplication, as shown in

Figure 4.6.

Figure 4.6 GF(2) field



We can define GF(5) on the set Z5 (5 is a prime) with addition and

multiplication operators as shown in Figure 4.7.

Figure 4.7 GF(5) field


4.1.3 Continued

Table 4.3 Summary

Summary


4.2 Continued

Example 4.14

Let us define a GF(22) field in which the set has four 2-bit words:

{00, 01, 10, 11}. We can redefine addition and multiplication for

this field in such a way that all properties of these operations are

satisfied, as shown in Figure 4.8.

Figure 4.8 An example of GF(22) field


4.2.1 ContinuedGF(2n) Fields

Polynomials representing n-bit words use two fields: GF(2) and GF(2n).

Note


Modular ArithmeticModular Arithmetic

define define modulomodulo operator operator a mod na mod n to be remainder to be remainder when a is divided by nwhen a is divided by n

use the term use the term congruencecongruence for: for: a a b mod n b mod n when divided by when divided by n,n, a & b have same remainder a & b have same remainder eg. 100 eg. 100 34 mod 11 34 mod 11

b is called the b is called the residueresidue of a mod n of a mod n since with integers can always write: since with integers can always write: a = qn + ba = qn + b

usually have usually have 0 <= b <= n-10 <= b <= n-1 -12 mod 7 -12 mod 7 -5 mod 7 -5 mod 7 2 mod 7 2 mod 7 9 mod 7 9 mod 7


DivisorsDivisors

say a non-zero number say a non-zero number bb dividesdivides aa if for if for some some mm have have a=mba=mb ( (a,b,ma,b,m all integers) all integers)

that is that is bb divides into divides into aa with no remainder with no remainder denote this denote this b|ab|a and say that and say that bb is a is a divisordivisor of of aa eg. all of 1,2,3,4,6,8,12,24 divide 24 eg. all of 1,2,3,4,6,8,12,24 divide 24


Properties

2.1.4 Continued

Property 1: if a|1, then a = ±1.

Property 2: if a|b and b|a, then a = ±b.

Property 3: if a|b and b|c, then a|c.

Property 4: if a|b and a|c, then a|(m × b + n × c), where m and n are arbitrary integers


Modular Arithmetic OperationsModular Arithmetic Operations

is 'clock arithmetic‘, uses a finite number is 'clock arithmetic‘, uses a finite number of values, and loops back from either endof values, and loops back from either end

modular arithmetic is when do addition & modular arithmetic is when do addition & multiplication and modulo reduce answermultiplication and modulo reduce answer

can do reduction at any pointcan do reduction at any point, ie, ie a+b mod n = [(a mod n)+(b mod n)] mod na+b mod n = [(a mod n)+(b mod n)] mod n a-b mod n = [(a mod n)-(b mod n)] mod na-b mod n = [(a mod n)-(b mod n)] mod n a*b mod n = [(a mod n)*(b mod n)] mod na*b mod n = [(a mod n)*(b mod n)] mod n


Modular Operator PropertiesModular Operator Properties

aab mod n if n|(a-b).b mod n if n|(a-b).aab mod n implies bb mod n implies ba mod n. a mod n. aab mod n and bb mod n and bc mod n imply ac mod n imply ac mod n c mod n


To find 11To find 117 7 mod 13.mod 13.

111122 = 121 = 121 4 mod 13 4 mod 13

111144= 4= 422 3 mod 13 3 mod 13

111177 11 * 4* 3 11 * 4* 3 132 132 2mod 13 2mod 13



can do modular arithmetic with any group can do modular arithmetic with any group of integers: of integers: ZZnn = {0, 1, … , n-1} = {0, 1, … , n-1}

ZZnn represents a residue class represents a residue classa commutative ring with a multiplicative a commutative ring with a multiplicative

identity element.identity element.note some peculiaritiesnote some peculiarities

if if (a+b)(a+b)≡(a+c) mod n ≡(a+c) mod n thenthen b≡c mod n b≡c mod nbut but (ab)(ab)≡(ac) mod n ≡(ac) mod n thenthen b≡c mod n b≡c mod n

only ifonly if a a is relatively prime tois relatively prime to n n


Residue classesResidue classes

Set ZSet Znn is set of non negative integers less than n: is set of non negative integers less than n: ZZnn={0,1…..(n-1)}. This is called as set of residue ,or ={0,1…..(n-1)}. This is called as set of residue ,or

residue classes residue classes modulo n.modulo n. Each integer in ZEach integer in Znn represent a residue class. represent a residue class. we lable residue classes modulo n as we lable residue classes modulo n as [0],[1],[2]..[n-1] where[0],[1],[2]..[n-1] where [r] ={a : a is an integer, a [r] ={a : a is an integer, a r mod n} r mod n}


Residue class continue..Residue class continue..

The residue classes modulo 4 are…The residue classes modulo 4 are… [0]={..,-16,-12,-8,-4,0,4,8,12,16,…}[0]={..,-16,-12,-8,-4,0,4,8,12,16,…} [1]={…,-3,1,5,9,13,….}[1]={…,-3,1,5,9,13,….} [2]={….,-6,-2,2,6,10,…..}[2]={….,-6,-2,2,6,10,…..} [3]={…,-13,-9,-5,-1,3,7,11,15,19,….}[3]={…,-13,-9,-5,-1,3,7,11,15,19,….}

Of all integers in residue class, the smallest Of all integers in residue class, the smallest nonnegative integers is one usually used nonnegative integers is one usually used to represent the residue classto represent the residue class


Multiplicative inverse(w-1): wz ≡ 1 mod n




Formula for Finding Inverse.Formula for Finding Inverse.

Additive Inverse.Additive Inverse.

w + z w + z ≡ 0 mod p≡ 0 mod p

Multiplicative Inverse.Multiplicative Inverse.

w w × z ≡ 1 mod p× z ≡ 1 mod p



An integer has a multiplicative inverse in An integer has a multiplicative inverse in ZZnn if that integer is relatively prime to n. if that integer is relatively prime to n.

two integers are relatively prime if their two integers are relatively prime if their only common positive integer factor is 1.only common positive integer factor is 1.


Greatest Common Divisor (GCD)Greatest Common Divisor (GCD)

a common problem in number theorya common problem in number theoryGCD (a,b) of a and b is the largest number GCD (a,b) of a and b is the largest number

that divides both a and b that divides both a and b e.g. GCD(60,24) = 12e.g. GCD(60,24) = 12

Two integers are Two integers are relatively prime relatively prime if their if their greatest common divisor is 1.greatest common divisor is 1.e.g. GCD(8,15) = 1e.g. GCD(8,15) = 1hence 8 & 15 are relatively prime hence 8 & 15 are relatively prime


Euclid's GCD AlgorithmEuclid's GCD Algorithm

an efficient way to find the GCD(a,b)an efficient way to find the GCD(a,b)uses theorem that: uses theorem that:

GCD(a,b) = GCD(b, a mod b)GCD(a,b) = GCD(b, a mod b) Euclid's AlgorithmEuclid's Algorithm to compute GCD(a,b): to compute GCD(a,b):

A=a, B=bA=a, B=bwhile B>0while B>0

R = A mod BR = A mod BA = B, B = RA = B, B = R

return Areturn A


Example GCD(1970,1066)Example GCD(1970,1066)

1970 = 1 1970 = 1 x 1066 + 904 x 1066 + 904 gcd(1066, 904)gcd(1066, 904)1066 = 1 x 904 + 162 1066 = 1 x 904 + 162 gcd(904, 162)gcd(904, 162)904 = 5 x 162 + 94 904 = 5 x 162 + 94 gcd(162, 94)gcd(162, 94)162 = 1 x 94 + 68 162 = 1 x 94 + 68 gcd(94, 68)gcd(94, 68)94 = 1 x 68 + 26 94 = 1 x 68 + 26 gcd(68, 26)gcd(68, 26)68 = 2 x 26 + 16 68 = 2 x 26 + 16 gcd(26, 16)gcd(26, 16)26 = 1 x 16 + 10 26 = 1 x 16 + 10 gcd(16, 10)gcd(16, 10)16 = 1 x 10 + 6 16 = 1 x 10 + 6 gcd(10, 6)gcd(10, 6)10 = 1 x 6 + 4 10 = 1 x 6 + 4 gcd(6, 4)gcd(6, 4)6 = 1 x 4 + 2 6 = 1 x 4 + 2 gcd(4, 2)gcd(4, 2)4 = 2 x 2 + 0 4 = 2 x 2 + 0 gcd(2, 0)gcd(2, 0)


Modular ArithmeticModular Arithmetic If GCD(a, n)=1, If GCD(a, n)=1, one can find b in Zone can find b in Znn such that such that aab b ≡≡ 1 mod n1 mod n

ZZnna = {0, a, 2a, 3a, …(n-1)a} = a = {0, a, 2a, 3a, …(n-1)a} = ZZnn

If p is a prime number, then all the elements If p is a prime number, then all the elements of Zof Zpp are relatively prime to p. are relatively prime to p.

ZZpp : field : field


Galois FieldsGalois Fields finite fields play a key role in cryptographyfinite fields play a key role in cryptography p: prime, a prime is an integer whose only p: prime, a prime is an integer whose only

positive integer factors are itself and 1.positive integer factors are itself and 1. The order of a finite field (number of elements in The order of a finite field (number of elements in

the field) the field) mustmust be a power of a prime p be a power of a prime pnn, wher n , wher n is a positive integer.is a positive integer.

known as Galois fieldsknown as Galois fields denoted GF(pdenoted GF(pnn)) in particular often use the fields:in particular often use the fields:

GF(p), n=1GF(p), n=1 GF(2GF(2nn))


Galois Fields GF(p)Galois Fields GF(p)

GF(p) is the set of integers {0,1, … , p-1} GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime pwith arithmetic operations modulo prime p

these form a finite fieldthese form a finite fieldsince have multiplicative inversessince have multiplicative inverses

hence arithmetic is “well-behaved” and can hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and do addition, subtraction, multiplication, and division without leaving the field GF(p).division without leaving the field GF(p).


Finding InversesFinding Inverses can extend Euclid’s algorithm:can extend Euclid’s algorithm:

EXTENDED EUCLID(EXTENDED EUCLID(mm, , bb))1.1. (A1, A2, A3)=(1, 0, (A1, A2, A3)=(1, 0, mm); );

(B1, B2, B3)=(0, 1, (B1, B2, B3)=(0, 1, bb))2. if 2. if B3 = 0B3 = 0

return return A3 = gcd(A3 = gcd(mm, , bb); no inverse); no inverse3. if 3. if B3 = 1 B3 = 1

return return B3 = gcd(B3 = gcd(mm, , bb); B2 = ); B2 = bb–1–1 mod mod mm4. 4. Q = A3 div B3Q = A3 div B35. 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)(T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)6. 6. (A1, A2, A3)=(B1, B2, B3)(A1, A2, A3)=(B1, B2, B3)7. 7. (B1, B2, B3)=(T1, T2, T3)(B1, B2, B3)=(T1, T2, T3)8. goto 8. goto 22


Inverse of 550 in GF(1759)Inverse of 550 in GF(1759)

Technology

Chap4