Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

921 views

Published on

Published in:
Technology

License: CC Attribution-ShareAlike License

No Downloads

Total views

921

On SlideShare

0

From Embeds

0

Number of Embeds

1

Shares

0

Downloads

12

Comments

0

Likes

1

No embeds

No notes for slide

- 1. Introduction Title Program Derivation of Operations in Fp Charles Southerland Dr. Anita Walker Department of Mathematics & Computer Science East Central University Oklahoma Computing Consortium Conference 2011 Southerland, Walker Program Derivation of Operations in Fp
- 2. Introduction Thanks Special Thanks I would like to say a special thank you to: Dr. Anita Walker for working closely with me throughout this project, and for introducing me to abstract algebra Dr. Bill Walker for introducing me to program derivation Prof. Clay Carley for working with me on cryptology, which ﬁrst lead me to this particular problem The creators of Beamer for allowing LATEX to save me from the abyss of WYSIWYG presentation software Southerland, Walker Program Derivation of Operations in Fp
- 3. Finite Fields Outline Outline 1 Finite Fields Deﬁnition Field Order A Well-Known Finite Field 2 Program Derivation 3 Multiplicative Inverse in Fp Southerland, Walker Program Derivation of Operations in Fp
- 4. Finite Fields Deﬁnition The Deﬁnition of a Field Deﬁnition A ﬁeld is a 3-tuple of a set F and two operations (called addition and multiplication) for which certain properties hold: Closure of F under both operations Associativity of both operations Distinct identities in F for the operations Additive inverses for all items in F Multiplicative inverses for all but the additive identity Commutativity of both operations Distributivity of multiplication over addition Southerland, Walker Program Derivation of Operations in Fp
- 5. Finite Fields Deﬁnition The Galois Field A ﬁnite ﬁeld is a ﬁeld in which the contained set has ﬁnite cardinality (e.g., the ﬁeld has a ﬁnite order). All ﬁnite ﬁelds of the same order are isomorphic (so they are, for all practical purposes, the same). Another name for a ﬁnite ﬁeld is a Galois ﬁeld. Generalized ﬁelds are often denoted as F, but ﬁnite ﬁelds in particular are usually denoted either with GF, GF(q), or Fq, where q is the order of the ﬁeld. Southerland, Walker Program Derivation of Operations in Fp
- 6. Finite Fields Field Order The Order of a Finite Field There exists a ﬁnite ﬁeld of order q iﬀ q = pn, where p is prime and n ∈ N.. When n = 1, Fp is isomorphic to (Zp, ⊕, ⊗) (the integers modulo p with modular addition and modular multiplication). When n > 1, Fpn is isomorphic to the splitting ﬁeld of f (x) = xpn − x over Fp. This project focuses on ﬁelds of prime order, so I’m afraid there will be no more discussion of Fpn . Southerland, Walker Program Derivation of Operations in Fp
- 7. Finite Fields A Well-Known Finite Field A Well-Known Finite Field of Prime Order: F2 Since 2 is prime, there is a ﬁnite ﬁeld F2, and it has the form (Z2, ⊕, ⊗). The operations are deﬁned as: Addition ⊕ 0 1 0 0 1 1 1 0 Multiplication ⊗ 0 1 0 0 0 1 0 1 As you can see, F2 is binary with XOR as addition and AND as multiplication. Southerland, Walker Program Derivation of Operations in Fp
- 8. Program Derivation Outline Outline 1 Finite Fields 2 Program Derivation History Dijkstra’s Guarded Command Language Weakest Precondition Predicate Transformer The Program Derivation Process 3 Multiplicative Inverse in Fp Southerland, Walker Program Derivation of Operations in Fp
- 9. Program Derivation History The History of Program Derivation Hoare’s 1969 paper An Axiomatic Basis for Computer Programming eﬀectively launched the Formal Methods subﬁeld of CS. Dijkstra’s paper Guarded Commands, Nondeterminacy and Formal Derivation of Programs introduced many of the ideas presented in this paper. Gries’ book The Science of Programming brings Dijkstra’s paper to a level undergrad CS and Math majors can understand. Southerland, Walker Program Derivation of Operations in Fp
- 10. Program Derivation Dijkstra’s Guarded Command Language Some Familiar Parts of Dijkstra’s Language Variable Assignment x := 1 Addition x := x + y Command Concatenation b := b − a; x := x + y Procedure Call c := gcd(a, b) Subtraction b := b − a Skip, then Abort skip; abort Southerland, Walker Program Derivation of Operations in Fp
- 11. Program Derivation Dijkstra’s Guarded Command Language Dijkstra’s Guarded Commands Guarded if-Block if a > 0 → c := 2 b > 0 → c := 3; a := 5 c > 0 → c := 1 c = 6 → c := 4 ﬁ Guarded do-Block do b = 0 → c := 1 a > 0 → a := a − 1 b < 4 → b := b + 1 c = 1 → a := a − 1 od Southerland, Walker Program Derivation of Operations in Fp
- 12. Program Derivation Dijkstra’s Guarded Command Language A Famous Example Greatest Common Divisor proc gcd(a, b) ≡ do a > b → a := a − b b > a → b := b − a od return a. Southerland, Walker Program Derivation of Operations in Fp
- 13. Program Derivation Weakest Precondition Predicate Transformer The Weakest Precondition Predicate Transformer Deﬁnition The Weakest Precondition Predicate Transformer (wp) is deﬁned as follows: wp : P × L → L P is the set of all ﬁnite-length programs L is the set of all statements about the state of a computer wp(s, r) = q q is the weakest precondition (the initial state) s is the program to be executed (which changes the state) r is the postcondition (the resulting state) Southerland, Walker Program Derivation of Operations in Fp
- 14. Program Derivation Weakest Precondition Predicate Transformer wp and Dijkstra’s Language Skip wp(”skip”, r) = r Command Concatenation wp(”b := a; x := y”, r) = wp(”b := a”, wp(”x := y”, r)) Abort wp(”abort”, r) = F Variable Assignment wp(”x := y”, r) = deﬁned(y) ∧ rx y Southerland, Walker Program Derivation of Operations in Fp
- 15. Program Derivation Weakest Precondition Predicate Transformer wp and Dijkstra’s if-Block Dijkstra’s if-Block wp(”if a > 0 → c := 2 b > 0 → c := 3; a := 5 c > 0 → c := 1 c = 6 → c := 4 ﬁ”, r) = (a > 0 ∨ b > 0 ∨ c > 0 ∨ c = 6) ∧(a > 0 =⇒ wp(”c := 2”, r)) ∧(b > 0 =⇒ wp(”c := 3; a := 5”, r)) ∧(c > 0 =⇒ wp(”c := 1”, r)) ∧(c = 6 =⇒ wp(”c := 4”, r)) Southerland, Walker Program Derivation of Operations in Fp
- 16. Program Derivation Weakest Precondition Predicate Transformer wp and Dijkstra’s do-Block, Part I Let’s call this ”DO”: do b = 0 → c := 1 a > 0 → a := a − 1 b < 4 → b := b + 1 c = 1 → a := a − 1 od Also, let’s call this ”IF”: do b = 0 → c := 1 a > 0 → a := a − 1 b < 4 → b := b + 1 c = 1 → a := a − 1 od Southerland, Walker Program Derivation of Operations in Fp
- 17. Program Derivation Weakest Precondition Predicate Transformer wp and Dijkstra’s do-Block, Part II We deﬁne Hn(r) for n ∈ N and r ∈ L as: For n = 1 H1(r) = (b = 0 ∧ a ≤ 0 ∧ b ≥ 4 ∧ c = 1) ∧ r For n > 1 Hn(r) = H1(r) ∨ wp(”IF”, Hn−1(r)) Southerland, Walker Program Derivation of Operations in Fp
- 18. Program Derivation Weakest Precondition Predicate Transformer wp and Dijkstra’s do-Block, Part III Dijkstra’s Guarded do-Block wp(”do b = 0 → c := 1 a > 0 → a := a − 1 b < 4 → b := b + 1 c = 1 → a := a − 1 od”, r) = (∃n ∈ N)Hn(r) Southerland, Walker Program Derivation of Operations in Fp
- 19. Program Derivation The Program Derivation Process Program Derivation Program Derivation Given a precondition q ∈ L and a postcondition r ∈ L, derive a program s ∈ P that satisﬁes q = wp(s, r). Southerland, Walker Program Derivation of Operations in Fp
- 20. Program Derivation The Program Derivation Process Program Derivation Tips Gather as much information as possible about the precondition and postcondition. Reduce the problem to previously solved ones whenever possible. Look for a loop invariant that gives clues on how to implement the program. If you are stuck, consider alternative representations of the data. Southerland, Walker Program Derivation of Operations in Fp
- 21. Multiplicative Inverse in Fp Outline Outline 1 Finite Fields 2 Program Derivation 3 Multiplicative Inverse in Fp Multiplicative Inverses The Greatest Common Divisor Exploring Bezout’s Identity Program to Find the Multiplicative Inverse in Fp Southerland, Walker Program Derivation of Operations in Fp
- 22. Multiplicative Inverse in Fp Multiplicative Inverses Multiplicative Inverses in Fields of Inﬁnite and Finite Order Finding multiplicative inverses in a ﬁeld of inﬁnite order is typically not a problem. Example In (Q, +, ×), multiplicative inverses are reciprocals (e.g., a−1 = 1 a ). Finding multiplicative inverses in ﬁelds of ﬁnite order can get tricky. Example In (Zp, ⊕, ⊗), multiplicative inverses are found using Bezout’s Identity (i.e., ax + py = 1), which has two unknown values. Southerland, Walker Program Derivation of Operations in Fp
- 23. Multiplicative Inverse in Fp Multiplicative Inverses Obtaining the Multiplicative Inverse from Bezout’s Identity Noting that a and b are coprime (since b = p, and p is prime), gcd(a, b) = 1. So: ax + by = gcd(a, b) ax + by = 1 ax = by + 1 ax = py + 1 ax = 1 By the deﬁnition of multiplicative inverses, x = a−1. Southerland, Walker Program Derivation of Operations in Fp
- 24. Multiplicative Inverse in Fp The Greatest Common Divisor The Greatest Common Divisor Recall the greatest common divisor program: Greatest Common Divisor proc gcd(a, b) ≡ do a > b → a := a − b b > a → b := b − a od return a. This implementation was discovered by exploring the property: gcd(a, b) = gcd(a − b, b) = gcd(a, b − a) Southerland, Walker Program Derivation of Operations in Fp
- 25. Multiplicative Inverse in Fp The Greatest Common Divisor The Loop Invariant of gcd The loop invariant used in the primary loop of this program is gcd(a, b) = gcd(A, B). The loop will exit when a = b, which occurs when a = b = gcd(a, b). Since every iteration decreases the value of either a or b, the loop will progress toward termination (the loop is bound by (a − gcd(a, b)) + (b − gcd(a, b))). Southerland, Walker Program Derivation of Operations in Fp
- 26. Multiplicative Inverse in Fp Exploring Bezout’s Identity Bezout’s Identity and the gcd Property Combining Bezout’s Identity with the gcd property, we get: ax + by = gcd(a, b) = gcd(a, b − a) = au + (b − a)v = au + bv − av = a(u − v) + bv So x ≡ u − v (mod b) and y ≡ v (mod a). As gcd is commutative, we derive a corresponding result if we explored gcd(a − b, b) instead of gcd(a, b − a). Southerland, Walker Program Derivation of Operations in Fp
- 27. Multiplicative Inverse in Fp Exploring Bezout’s Identity Reassigning x and y as Linear Combinations: Part I Each time the arguments of gcd get closer to their ﬁnal value, it is shown that x is equivalent (mod b) and y is equivalent (mod a) to a linear combination of their corresponding values from Bezout’s Identity after a and b have been modiﬁed as described in the gcd program. Southerland, Walker Program Derivation of Operations in Fp
- 28. Multiplicative Inverse in Fp Exploring Bezout’s Identity Reassigning x and y as Linear Combinations: Part II Speciﬁcally, it can be seen that x always has a positive coeﬃcient of following corresponding values of x and a negative coeﬃcient of corresponding values of y. Likewise, y always has a negative coeﬃcient of corresponding values of x and a positive coeﬃcient of corresponding values of y. Southerland, Walker Program Derivation of Operations in Fp
- 29. Multiplicative Inverse in Fp Exploring Bezout’s Identity Reassigning x and y as Linear Combinations: Part III Once the arguments to gcd are equal to each other (and equal to the result of gcd), we can ﬁnd the original values of x and y by multiplying the coeﬃcients that have been stored by the ﬁnal corresponding values of x and y. However, since we are looking for a multiplicative inverse in Fp, we know gcd(a, p) = 1 as p is prime. Since this will give us x = 1 by simpliﬁcation after using the gcd property one last time, we see that the y components are inconsequential. Southerland, Walker Program Derivation of Operations in Fp
- 30. Multiplicative Inverse in Fp Exploring Bezout’s Identity Reassigning x and y as Linear Combinations: Part IV Finally, we see that only the x coeﬃcients are of any consequence to the ﬁnal result. Speciﬁcally, once the gcd algorithm is complete, since the initial (and desired) value of x can be found by multiplying the ﬁnal corresponding value of x by the proper coeﬃcient of x, and since the ﬁnal corresponding value of x = 1, we get that the desired value of x is equal to the coeﬃcient of the corresponding ﬁnal value of x. Southerland, Walker Program Derivation of Operations in Fp
- 31. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp Finding the Loop Invariant Based on the long-winded previous slides, we can describe a loop invariant: Axl + Byl = gcd(a, b) where xl is is the linear combination that the initial value of x is equal to, and yl is the linear combination that the initial value of y. This loop invariant is nice, as it is fully compatible with the loop invariant of gcd, and so it also progresses toward termination and has a bound function that diﬀers from that of gcd linearly. Southerland, Walker Program Derivation of Operations in Fp
- 32. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp A Last Look at gcd for Reference... Greatest Common Divisor proc gcd(a, b) ≡ do a > b → a := a − b b > a → b := b − a od return a. Southerland, Walker Program Derivation of Operations in Fp
- 33. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp Multiplicative Inverse Program Multiplicative Inverse proc multinv(a, b) ≡ xx := 1; yx := 0 do a > b → a := a − b; yx := yx + xx b > a → b := b − a; xx := xx + yx od return xx . Southerland, Walker Program Derivation of Operations in Fp
- 34. Conclusion Summary Summary Finite ﬁelds are very useful mathematical constructs that can behave very diﬀerently from ﬁelds of inﬁnite order. Program derivation is performed by using the rules of the weakest precondition predicate transformer to determine what sequence of conditions (and thus what program statements) must have occured between a given precondition and postcondition. While the process of deriving my multiplicative inverse program was time-consuming and complicated, the results were well worth the eﬀort. Southerland, Walker Program Derivation of Operations in Fp
- 35. Conclusion Future Work Future Work Program Derivation of Exponentiation in Fp Extend scope to include Fpn Explore factorization techniques Finish library and create graphical front end Southerland, Walker Program Derivation of Operations in Fp
- 36. Conclusion Contact Me Contact Information You can email me at charlie@stuphlabs.com if you have any further questions or comments. Southerland, Walker Program Derivation of Operations in Fp

No public clipboards found for this slide

×
### Save the most important slides with Clipping

Clipping is a handy way to collect and organize the most important slides from a presentation. You can keep your great finds in clipboards organized around topics.

Be the first to comment