SlideShare a Scribd company logo

paper6.pdf

A
aminasouyah

paper6

Engineering
1 of 35
Download to read offline
January 24, 2012 1 Cryptography and Network Security Lecture 5: Basic notions of finite fields Ion Petre Department of IT, Åbo Akademi University Spring 2012 http://users.abo.fi/ipetre/crypto/ http://users.abo.fi/ipetre/crypto/
Content of this lecture January 24, 2012 http://users.abo.fi/ipetre/crypto/ 2 Z Zp Zp[X] GF(pn) Modular arithmetics Modular arithmetics Polynomials Every finite field has this structure Domain of operation of AES
January 24, 2012 3 Why finite fields?  Increasingly important in cryptography  Several modern cryptographic algorithms rely on computations in various finite fields, among them AES and elliptic curve cryptography  AES uses arithmetic in the finite field GF(28)  Virtually all modern encryption algorithms (both symmetric and public-key) involve arithmetic operations on integers  If we decide to work on n-bit integers, for efficiency of storage we would like to be able to use all integers on n-bits  This means we have to do operations on integers from 0 to 2n-1  We could decide to use operations in Zm, where m=2n  Difficulty 1: we may need to do divisions and Zm is not a field  Difficulty 2: arithmetic modulo 2n may give rise to weak cryptographic algorithms  Example: suppose we work with 3-bit blocks and decide to do arithmetic modulo 8  In the multiplication table of Z8, 1,2,…,7 appear with different frequency: 1 occurs 4 times, 2 occurs 8 times, 3 occurs 4 times, 4 occurs 12 times, 5 occurs 4 times, 6 occurs 8 times, 7 occurs 4 times  Solution: use a finite field GF(23) with 8 elements – division is always possible and in the multiplication table each integer 1,…,7 occurs exactly 7 times http://users.abo.fi/ipetre/crypto/
January 24, 2012 4 Why finite fields?  We need fields: y=ax+b  x=a-1(y-b)  We need finite fields  They all have pn elements, with p a prime number  What is their structure (addition, multiplication table)  Are there many different fields with pn elements?  Example: a field with 8 elements http://users.abo.fi/ipetre/crypto/
January 24, 2012 5 Modulo 8 example This is not a field! http://users.abo.fi/ipetre/crypto/
January 24, 2012 6 A field with 8 elements! + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 0 3 2 5 4 7 6 2 2 3 0 1 6 7 4 5 3 3 2 1 0 7 6 5 4 4 4 5 6 7 0 1 2 3 5 5 4 7 6 1 0 3 2 6 6 7 4 5 2 3 0 1 7 7 6 5 4 3 2 1 0 X 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 5 3 1 7 5 3 0 3 6 5 7 4 1 2 4 0 4 3 7 6 2 5 1 5 0 5 1 4 2 7 3 6 6 0 6 7 1 5 3 2 4 7 0 7 5 2 1 6 4 3 http://users.abo.fi/ipetre/crypto/
January 24, 2012 7 Summary of the constructions in this lecture  Consider the integers Z  Take a prime number p and do operations modulo p: Zp is a field with p elements (order p)  Consider polynomials with coefficients in Zp: Zp[X]  Take an irreducible polynomial m(x) of degree n and do operations modulo m(x): GF(pn) is a field with pn elements (order pn)  AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1 http://users.abo.fi/ipetre/crypto/
January 24, 2012 8 Plan of the lecture  Introduce here (minimal) notions needed for the understanding of AES  Groups, rings, fields  Divisors, modular arithmetic  Euclid’s algorithm  Polynomial arithmetic http://users.abo.fi/ipetre/crypto/
January 24, 2012 9 Basic notions of abstract algebra: groups, rings, fields  Group (G,¤,e): a set G with a binary operation ¤ and an element e∈G satisfying the following laws:  Associativity: a ¤ (b ¤ c)=(a ¤ b) ¤ c for any a,b,c∈G  Identity element: a ¤ e=e ¤ a=a, for any a∈G  Inverse element: for each a∈G, there exists an element a’∈G such that a ¤ a’= a’ ¤ a=e.  a’ is usually denoted as -a and is called the inverse of a  Example of a group: the set of integers with the addition (Z,+,0)  Note that the set of integers with the multiplication (Z,x,1) is not a group: the inverse element does not exist for all integers (it exists only for 1 and –1) http://users.abo.fi/ipetre/crypto/
January 24, 2012 10 Groups  A group (G, ¤,e) is called:  Commutative (or abelian) if a ¤ b=b ¤ a for all a,b in G  Finite if set G is finite  Infinite if set G is infinite  Example:  (Z,+,0) is a commutative group  The set of nxn matrices over integers, with the addition, is a commutative group  The set of permutations of the set {1,2,…,n} with the composition, is a finite non-commutative group http://users.abo.fi/ipetre/crypto/
January 24, 2012 11 Rings  Ring (R,+,•,0,1): a set R with two binary operations + and • satisfying the following laws:  Associative addition: (a+b)+c=a+(b+c)  Existence of 0: a+0=0+a=a  Existence of the inverse: for all a, there is –a such that a+(-a)=(-a)+a=0  Commutativity of addition: a+b=b+a  Associative multiplication: a•(b•c)=(a•b)•c for any a,b,c∈R  Existence of 1: a•1=1•a=a  Distributivity of • over +: a•(b+c)=a•b + a•c; (a+b)•c=a•c + b•c  A ring (R,+,•,0) is called commutative if the multiplication • is commutative  Example:  (Z,+,•,0,1) is an integral domain  (Z26, +,•,0,1) is a commutative unitary ring, but not an integral domain: 2•13=0 (mod 26)  The set of nxn matrices over integers with addition and multiplication is a commutative unitary ring, but not an integral domain http://users.abo.fi/ipetre/crypto/
January 24, 2012 12 Fields  Field (F,+,•,0,1):  (F,+, •,0,1) is a ring  Commutativity of the multiplication  Multiplicative inverse: for any nonzero element a in F there exists an element a’ in F such that a•a’=a’•a=1  a’ is usually denoted as a-1 and it is called the multiplicative inverse of a  Example:  The set of rational numbers (Q,+,•,0,1), the set of real numbers (R,+,•,0,1) are fields  The set of integers (Z,+, •,0,1) is not a field: only 1 and –1 have multiplicative inverses  (Z26, +, •,0,1) is not field  (Z3,+, •,0,1) is a finite field: the inverse of 1 is 1 and the inverse of 2 is 2  (Z5,+, •,0,1) is a finite field: 1•1=1 mod 5, 2•3=1 mod 5, 4•4=1 mod 5  Inverse of 1 is 1, inverse of 2 is 3, inverse of 3 is 2, inverse of 4 is 4 http://users.abo.fi/ipetre/crypto/
January 24, 2012 13 Modular arithmetic  Consider now the set of integers: fix a positive integer n  For any integer a, there exists integers q and r such that a=qn+r and r is from 0 to n-1  q is the largest integers less than or equal to a/n  r is called the residue of a modulo n  Define the operator mod: a mod n=r  Define the operator div: a div n=q  Example:  7 mod 5 = 2, 11 mod 7 =4,  -11 mod 7 =3: -11=(-2).7+3  Congruence modulo n: a≡b mod n if a mod n = b mod n  Example: 73 ≡ 4 mod 23, 21 ≡ -9 ≡ 1mod 10 http://users.abo.fi/ipetre/crypto/
January 24, 2012 14 Modulo 7 Example  The elements in each column are congruent to each other modulo 7 ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... http://users.abo.fi/ipetre/crypto/
January 24, 2012 15 Arithmetic modulo n  We can perform ordinary arithmetic (addition, subtraction, multiplication) modulo n (as we have done in Caesar)  Useful properties (reduce the computation mod n at any step)  (a+b) mod n = ( (a mod n) + (b mod n) ) mod n  (a-b) mod n = ( (a mod n) - (b mod n) ) mod n  (a•b) mod n = ( (a mod n) • (b mod n) ) mod n  Example: to compute 117 mod 13 we do:  112=121=4 mod 13  114=42=3 mod 13  117= 4•3•11 mod 13 =2 mod 13  (Zn,+,•,0,1) is a commutative ring, where Zn= {0,1,2,…,n-1} and the operations are performed modulo n http://users.abo.fi/ipetre/crypto/
January 24, 2012 16 Arithmetic modulo n: divisions  Careful when performing operations modulo n  If (a+b) ≡ (a+c) mod n, then b ≡ c mod n  Not true that if (a•b) ≡ (a•c) mod n, then b ≡ c mod n  Example: (2•1) ≡ (2•5) mod 8 but 1 and 5 are not congruent modulo 8  The implication is true if and only if a is relatively prime to n, i.e., gcd(a,n)=1  Any such a has a multiplicative inverse a-1 modulo n http://users.abo.fi/ipetre/crypto/
January 24, 2012 17 Modulo 8 example http://users.abo.fi/ipetre/crypto/
January 24, 2012 18 Divisors  A nonzero integer b divides a if a=mb, for some integer m. We denote it as b | a and we say that b is a divisor of a  Example: Positive divisors of 24 are 1,2,3,4,6,8,12,24  Facts:  If a | 1, then a=1 or a=-1  If a | b and b | a, then a=b or a=-b  If d | g and d | h, then d | (mg+nh), for any integers m and n  If a ≡ b (mod n), then n | (a-b)  If a ≡ b (mod n), then b ≡ a (mod n)  If a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n) http://users.abo.fi/ipetre/crypto/
January 24, 2012 19 Greatest common divisor  The positive integer d is the greatest common divisor of integers a and b, denoted d=gcd(a,b) if  It is a divisor of both a and b  Any other divisor of a and b is a divisor of d  Example: gcd(8,12)=4, gcd(24,60)=12  Integers a and b are called relatively prime if gcd(a,b)=1  Computing gcd(a,b): Euclid’s algorithm  Based on the following fact: gcd(a,b)=gcd(b,a mod b)  Euclid's Algorithm to compute gcd(a,b): Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  Note: the algorithm always terminates http://users.abo.fi/ipetre/crypto/
January 24, 2012 20 Example: d=gcd(1970,1066) 1970 = 1 x 1066 + 904 d= gcd(1066, 904) 1066 = 1 x 904 + 162 d= gcd(904, 162) 904 = 5 x 162 + 94 d= gcd(162, 94) 162 = 1 x 94 + 68 d= gcd(94, 68) 94 = 1 x 68 + 26 d= gcd(68, 26) 68 = 2 x 26 + 16 d= gcd(26, 16) 26 = 1 x 16 + 10 d= gcd(16, 10) 16 = 1 x 10 + 6 d= gcd(10, 6) 10 = 1 x 6 + 4 d= gcd(6, 4) 6 = 1 x 4 + 2 d= gcd(4, 2) 4 = 2 x 2 + 0 d= 2 Result: gcd(1970,1066)=2, i.e., the last nonzero residue in the above computation http://users.abo.fi/ipetre/crypto/
January 24, 2012 21 Finite fields  Fields with a finite number of elements: what is their structure?  It can be proved that if a field is finite then it has pn elements, for some prime number p  We also say that it has order pn  We denote GF(pn) – GF stands for Galois field  For n=1 we have GF(p) which is Zp  If p is prime, then any element in Zp has a multiplicative inverse  For n>1 the field has a different structure  Start from Zp and build a field with pn elements http://users.abo.fi/ipetre/crypto/
January 24, 2012 22 Example: GF(7)=Z7 http://users.abo.fi/ipetre/crypto/
January 24, 2012 23 Finding the multiplicative inverse in Zp  Given an element p, how do we calculate p-1?  Euclid's Algorithm to compute gcd(a,b): Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  Result: if d=gcd(a,b), then there are integers x,y such that d=ax+by  Consequence: if gcd(a,b)=1, then there are intergers x,y such that ax+by=1  so, ax=1 mod b, i.e., x=a-1 mod b  Question: how do we calculate x for given a,b?  Idea: run Euclid’s algorithm in such a way as to compute not only d, but also x and y http://users.abo.fi/ipetre/crypto/
Finding the multiplicative inverse in Zp  Extended Euclid’s algorithm: ExtEuclid(a,b)  Output: (d,x,y), where d=gcd(a,b) and d=ax+by  If d=1, then x = a-1 (mod b)  if b = 0 then return (a,1,0)  else (t1,t2,t3)=ExtEuclid(b, a mod b)  return (t1, t3, t2 – (a div b) * t3 )  Proof of correctness  Clearly, gcd is returned on the first component (runs like Euclid’s algorithm)  Denote a mod b=r, a div b=z: a=bz+r  The proof goes by induction  The base case for b=0: trivial  Induction step: if t1=gcd(b, r) and t1=t2*b+t3*r, then t1=t2*b+t3*(a-bz) and so, t1=t3*a+(t2-t3*z)*b January 24, 2012 http://users.abo.fi/ipetre/crypto/ 24
January 24, 2012 25 Example: the inverse of 550 in GF(1759)  Extended Euclid’s algorithm: ExtEuclid(a,b)  Output: (d,x,y), where d=gcd(a,b) and d=ax+by  if b = 0 then return (a,1,0)  else (t1,t2,t3)=ExtEuclid(b, a mod b)  return (t1, t3, t2 - (a div b) * t3 )  Z=ExtEuclid(550,1759): 550 =0•1759 + 550  compute Z1=ExtEuclid(1759,550): 1759=3•550 + 109  compute Z2=ExtEuclid(550,109): 550=5 •109 + 5  compute Z3=ExtEuclid(109,5): 109=21•5+4  compute Z4=ExtEuclid(5,4): 5=1•4+1  compute Z5=ExtEuclid(4,1): 4=4•1+0  compute Z6=ExtEuclid(1,0)=(1,1,0)  Z5=(1,0,1), Z4=(1,1,-1), Z3=(1,-1,22), Z2=(1,22,-111), Z1=(1,-111,355)  Z=(1,355,-111)  Final answer: the inverse of 550 mod 1759 is 355 http://users.abo.fi/ipetre/crypto/
January 24, 2012 26 Polynomial Arithmetic  To define GF(pn) we need to discuss about operations with polynomials with coefficients in Zp: polynomial arithmetic  Consider only polynomials in one indeterminate http://users.abo.fi/ipetre/crypto/
January 24, 2012 27 Ordinary Polynomial Arithmetic  Consider polynomials with coefficients in a ring or a field – e.g, Z  Adding/subtracting two polynomials is done by adding/subtracting the corresponding coefficients  Multiplying two polynomials is done in the usual way, by multiplying all terms with each other  Division (not necessarily exact) of two polynomials can also be defined if the coefficients are in a field  Example: f(x) = x3 + x2 + 2, g(x) = x2 – x + 1 with coefficients in Z  f(x) + g(x) = x3 + 2x2 – x + 3  f(x) – g(x) = x3 + x + 1  f(x) x g(x) = x5 + 3x2 – 2x + 2  For a ring or a field R, (R[X],+,•,0,1) is a ring – the ring of polynomials over R http://users.abo.fi/ipetre/crypto/
January 24, 2012 28 Polynomial Arithmetic with Modulo Coefficients  Consider polynomials with coefficients in Zp, for some prime p  We are mostly interested in computations mod 2: all coefficients are 0 or 1  Example: f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1 f(x) x g(x) = x5 + x2  Division (not necessarily exact) of two polynomials can also be defined if the coefficients are in a field  The computations are done similarly as for integers: e.g., Euclid’s algorithm holds also for polynomials http://users.abo.fi/ipetre/crypto/
January 24, 2012 29 Division of polynomials with coefficients in Zp  For any polynomials f(x), g(x), there exist two polynomials q(x), r(x) such that:  f(x) = q(x) g(x) + r(x)  deg(r) < deg(g)  Thus, division (not necessarily exact) is possible:  q(x)=f(x) div g(x)  r(x)=f(x) mod g(x)  If r(x)=0, then we say that g(x) divides f(x): g(x) | f(x)  If f(x) has no divisors other than itself and constant polynomials, we say it is irreducible (or prime) polynomial  Equivalently, f(x) cannot be written as g(x)h(x) with deg(g) < deg(f), deg(h) < deg(f)  Greatest common divisor gcd(f,g) is defined similarly as for integers:  It is a divisor of both f and g  Any other divisor of f and g is a divisor of gcd(f,g)  Gcd(f,g) can be computed using Euclid’s algorithm http://users.abo.fi/ipetre/crypto/
January 24, 2012 30 Computing the GCD of two polynomials over Zp  Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  EUCLID[a(x), b(x)]: computes gcd(a(x), b(x))  If b(x)=0 then return a(x)  Else return EUCLID(b(x), a(x) mod b(x)) http://users.abo.fi/ipetre/crypto/
January 24, 2012 31 Modular Polynomial Arithmetic (arithmetic modulo a polynomial)  Consider an irreducible polynomial f(x) with degree n and coefficients in Zp  Example: x8+x4+x3+x+1 is irreducible in Z2[x] (the polynomial used in AES)  Polynomial arithmetic modulo f(x) can be done similarly as integer arithmetic modulo a prime number p  Take any two polynomials modulo f(x)  Do addition/subtraction/multiplication modulo f(x)  If f(x) is irreducible, then the set of all polynomials modulo f(x) forms a field denoted GF(pn)  We are mostly interested in GF(2n) : all polynomials with binary coefficients and degree less than n  Addition is the normal addition of two polynomials  Multiplication is done modulo f(x)  GF(2n) is indeed a field: any nonzero element has an inverse  The extended Euclid algorithm can be used here just like for integers http://users.abo.fi/ipetre/crypto/
January 24, 2012 32 Computing the inverse in GF(pn)  Extended Euclid’s algorithm: ExtEuclid(a(x),b(x))  Output: (d(x),e(x),f(x)), where d(x)=gcd(a(x),b(x)) and d=a(x)e(x)+b(x)f(x)  if b(x) = 0 then return (a(x),1,0)  else (t1(x),t2(x),t3(x))=ExtEuclid(b(x), a(x) mod b(x))  return (t1(x), t3(x), t2(x) - (a(x) div b(x)) * t3(x) )  If F(x) is an irreducible polynomial and (d(x),t(x),u(x))=ExtEuclid(a(x),F(x)), then  d(x)=1  t(x)=a-1(x) mod F(x) http://users.abo.fi/ipetre/crypto/
January 24, 2012 33 Example: GF(23) http://users.abo.fi/ipetre/crypto/
January 24, 2012 34 Computational considerations  A polynomial in GF(2n) can be represented by its n binary coefficients (an-1,an-2,…,a0), i.e., by a number on n bits  Addition of polynomials becomes bitwise XOR of their n-bit representations  Multiplication is shift & XOR: example for GF(28) with m(x)=x8+x4+x3+x+1 (AES)  x8 mod m(x) = (x8 - m(x)) = x4+x3+x+1  Consider a polynomial in GF(28) f(x)=b7x7+b6x6+b5x5+b4x4+b3x3+b2x2+b1x+b0  Multiplying by x we have xf(x)=b7x8+b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x  If b7=0, then the result is in GF(28). If b7=1, then we need to reduce x8 mod m(x): xf(x) = (b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x) + (x4+x3+x+1)  Thus, multiplication by x is in fact a 1-bit left shift followed by a conditional XOR with (00011011)  Multiplication by higher powers of x implies an iteration of the above procedure http://users.abo.fi/ipetre/crypto/
January 24, 2012 35 Summary  Consider the integers Z  Take a prime number and do operations modulo p: Zp is a field with p elements (order p)  Consider polynomials with coefficients in Zp: Zp[X]  Take an irreducible polynomial m(x) of degree n and do operations modulo m(x): GF(pn) is a field with pn elements (order pn)  Any finite field has order pn, for some prime p and a positive integer n  AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1 http://users.abo.fi/ipetre/crypto/

Recommended

2.ppt
2.ppt2.ppt
2.pptTapodhirAcharjee2
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmeticJanani S
 
ikh323-05
ikh323-05ikh323-05
ikh323-05Anung Ariwibowo
 
DAA - UNIT 4 - Engineering.pptx
DAA - UNIT 4 - Engineering.pptxDAA - UNIT 4 - Engineering.pptx
DAA - UNIT 4 - Engineering.pptxvaishnavi339314
 
Design and Analysis of Algorithms Lecture Notes
Design and Analysis of Algorithms Lecture NotesDesign and Analysis of Algorithms Lecture Notes
Design and Analysis of Algorithms Lecture NotesSreedhar Chowdam
 
555_Spring12_topic06.ppt
555_Spring12_topic06.ppt555_Spring12_topic06.ppt
555_Spring12_topic06.pptSnehSinha6
 
Project seminar ppt_steelcasting
Project seminar ppt_steelcastingProject seminar ppt_steelcasting
Project seminar ppt_steelcastingRudra Narayan Paul
 
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...The Statistical and Applied Mathematical Sciences Institute
 

Recommended

2.ppt
2.ppt2.ppt
2.pptTapodhirAcharjee2
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmeticJanani S
 
ikh323-05
ikh323-05ikh323-05
ikh323-05Anung Ariwibowo
 
DAA - UNIT 4 - Engineering.pptx
DAA - UNIT 4 - Engineering.pptxDAA - UNIT 4 - Engineering.pptx
DAA - UNIT 4 - Engineering.pptxvaishnavi339314
 
Design and Analysis of Algorithms Lecture Notes
Design and Analysis of Algorithms Lecture NotesDesign and Analysis of Algorithms Lecture Notes
Design and Analysis of Algorithms Lecture NotesSreedhar Chowdam
 
555_Spring12_topic06.ppt
555_Spring12_topic06.ppt555_Spring12_topic06.ppt
555_Spring12_topic06.pptSnehSinha6
 
Project seminar ppt_steelcasting
Project seminar ppt_steelcastingProject seminar ppt_steelcasting
Project seminar ppt_steelcastingRudra Narayan Paul
 
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...
MUMS: Bayesian, Fiducial, and Frequentist Conference - Model Selection in the...The Statistical and Applied Mathematical Sciences Institute
 
ADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.pptADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.pptssuser702532
 
Ch-2 final exam documet compler design elements
Ch-2 final exam documet compler design elementsCh-2 final exam documet compler design elements
Ch-2 final exam documet compler design elementsMAHERMOHAMED27
 
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/ThetaAlgorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/ThetaPriyanka Rana
 
FPGA based BCH Decoder
FPGA based BCH DecoderFPGA based BCH Decoder
FPGA based BCH Decoderijsrd.com
 
Data_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.pptData_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.pptISHANAMRITSRIVASTAVA
 
Finite fields
Finite fields Finite fields
Finite fields BhumikaPal1
 
CS 354 More Graphics Pipeline
CS 354 More Graphics PipelineCS 354 More Graphics Pipeline
CS 354 More Graphics PipelineMark Kilgard
 
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...Matt Moores
 
Stack squeues lists
Stack squeues listsStack squeues lists
Stack squeues listsJames Wong
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsLuis Goldster
 
Stacksqueueslists
StacksqueueslistsStacksqueueslists
StacksqueueslistsFraboni Ec
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsYoung Alista
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsTony Nguyen
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsHarry Potter
 
Cryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.pptCryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.pptthe9amit
 
Comparison GUM versus GUM+1
Comparison GUM versus GUM+1Comparison GUM versus GUM+1
Comparison GUM versus GUM+1Maurice Maeck
 
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...SSA KPI
 
3 analysis.gtm
3 analysis.gtm3 analysis.gtm
3 analysis.gtmNatarajan Angappan
 
Ch04
Ch04Ch04
Ch04Joe Christensen
 
Algorithms DM
Algorithms DMAlgorithms DM
Algorithms DMRokonuzzaman Rony
 
paper10.pdf
paper10.pdfpaper10.pdf
paper10.pdfaminasouyah
 
paper9.pdf
paper9.pdfpaper9.pdf
paper9.pdfaminasouyah
 

More Related Content

Similar to paper6.pdf

ADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.pptADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.pptssuser702532
 
Ch-2 final exam documet compler design elements
Ch-2 final exam documet compler design elementsCh-2 final exam documet compler design elements
Ch-2 final exam documet compler design elementsMAHERMOHAMED27
 
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/ThetaAlgorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/ThetaPriyanka Rana
 
FPGA based BCH Decoder
FPGA based BCH DecoderFPGA based BCH Decoder
FPGA based BCH Decoderijsrd.com
 
Data_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.pptData_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.pptISHANAMRITSRIVASTAVA
 
CS 354 More Graphics Pipeline
CS 354 More Graphics PipelineCS 354 More Graphics Pipeline
CS 354 More Graphics PipelineMark Kilgard
 
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...Matt Moores
 
Stack squeues lists
Stack squeues listsStack squeues lists
Stack squeues listsJames Wong
 
Stacksqueueslists
StacksqueueslistsStacksqueueslists
StacksqueueslistsFraboni Ec
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsYoung Alista
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsTony Nguyen
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues listsHarry Potter
 
Cryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.pptCryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.pptthe9amit
 
Comparison GUM versus GUM+1
Comparison GUM versus GUM+1Comparison GUM versus GUM+1
Comparison GUM versus GUM+1Maurice Maeck
 
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...SSA KPI
 

Similar to paper6.pdf (20)

ADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.pptADVANCED ALGORITHMS-UNIT-3-Final.ppt
ADVANCED ALGORITHMS-UNIT-3-Final.ppt
 
Ch-2 final exam documet compler design elements
Ch-2 final exam documet compler design elementsCh-2 final exam documet compler design elements
Ch-2 final exam documet compler design elements
 
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/ThetaAlgorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
Algorithm analysis basics - Seven Functions/Big-Oh/Omega/Theta
 
FPGA based BCH Decoder
FPGA based BCH DecoderFPGA based BCH Decoder
FPGA based BCH Decoder
 
Data_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.pptData_Structure_and_Algorithms_Lecture_1.ppt
Data_Structure_and_Algorithms_Lecture_1.ppt
 
Finite fields
Finite fields Finite fields
Finite fields
 
CS 354 More Graphics Pipeline
CS 354 More Graphics PipelineCS 354 More Graphics Pipeline
CS 354 More Graphics Pipeline
 
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
R package 'bayesImageS': a case study in Bayesian computation using Rcpp and ...
 
Stack squeues lists
Stack squeues listsStack squeues lists
Stack squeues lists
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues lists
 
Stacksqueueslists
StacksqueueslistsStacksqueueslists
Stacksqueueslists
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues lists
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues lists
 
Stacks queues lists
Stacks queues listsStacks queues lists
Stacks queues lists
 
Cryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.pptCryptography and Network Security chapter 4.ppt
Cryptography and Network Security chapter 4.ppt
 
Comparison GUM versus GUM+1
Comparison GUM versus GUM+1Comparison GUM versus GUM+1
Comparison GUM versus GUM+1
 
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
Efficient Solution of Two-Stage Stochastic Linear Programs Using Interior Poi...
 
3 analysis.gtm
3 analysis.gtm3 analysis.gtm
3 analysis.gtm
 
Ch04
Ch04Ch04
Ch04
 
Algorithms DM
Algorithms DMAlgorithms DM
Algorithms DM
 

More from aminasouyah

More from aminasouyah (20)

paper10.pdf
paper10.pdfpaper10.pdf
paper10.pdf
 
paper9.pdf
paper9.pdfpaper9.pdf
paper9.pdf
 
paper8.pdf
paper8.pdfpaper8.pdf
paper8.pdf
 
paper7.pdf
paper7.pdfpaper7.pdf
paper7.pdf
 
paper5.pdf
paper5.pdfpaper5.pdf
paper5.pdf
 
paper4.pdf
paper4.pdfpaper4.pdf
paper4.pdf
 
paper3.pdf
paper3.pdfpaper3.pdf
paper3.pdf
 
paper2.pdf
paper2.pdfpaper2.pdf
paper2.pdf
 
paper1.pdf
paper1.pdfpaper1.pdf
paper1.pdf
 
sheet7.pdf
sheet7.pdfsheet7.pdf
sheet7.pdf
 
sheet6.pdf
sheet6.pdfsheet6.pdf
sheet6.pdf
 
sheet5.pdf
sheet5.pdfsheet5.pdf
sheet5.pdf
 
sheet4.pdf
sheet4.pdfsheet4.pdf
sheet4.pdf
 
sheet3.pdf
sheet3.pdfsheet3.pdf
sheet3.pdf
 
sheet2.pdf
sheet2.pdfsheet2.pdf
sheet2.pdf
 
sheet1.pdf
sheet1.pdfsheet1.pdf
sheet1.pdf
 
doc4.pdf
doc4.pdfdoc4.pdf
doc4.pdf
 
doc7.pdf
doc7.pdfdoc7.pdf
doc7.pdf
 
doc6.pdf
doc6.pdfdoc6.pdf
doc6.pdf
 
doc5.pdf
doc5.pdfdoc5.pdf
doc5.pdf
 

Recently uploaded

Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Call Girls Mumbai
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilVinayVitekari
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdfKamal Acharya
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiessarkmank1
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdfKamal Acharya
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxSCMS School of Architecture
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 

Recently uploaded (20)

Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in South Ex (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 

paper6.pdf

  • 1. January 24, 2012 1 Cryptography and Network Security Lecture 5: Basic notions of finite fields Ion Petre Department of IT, Åbo Akademi University Spring 2012 http://users.abo.fi/ipetre/crypto/ http://users.abo.fi/ipetre/crypto/
  • 2. Content of this lecture January 24, 2012 http://users.abo.fi/ipetre/crypto/ 2 Z Zp Zp[X] GF(pn) Modular arithmetics Modular arithmetics Polynomials Every finite field has this structure Domain of operation of AES
  • 3. January 24, 2012 3 Why finite fields?  Increasingly important in cryptography  Several modern cryptographic algorithms rely on computations in various finite fields, among them AES and elliptic curve cryptography  AES uses arithmetic in the finite field GF(28)  Virtually all modern encryption algorithms (both symmetric and public-key) involve arithmetic operations on integers  If we decide to work on n-bit integers, for efficiency of storage we would like to be able to use all integers on n-bits  This means we have to do operations on integers from 0 to 2n-1  We could decide to use operations in Zm, where m=2n  Difficulty 1: we may need to do divisions and Zm is not a field  Difficulty 2: arithmetic modulo 2n may give rise to weak cryptographic algorithms  Example: suppose we work with 3-bit blocks and decide to do arithmetic modulo 8  In the multiplication table of Z8, 1,2,…,7 appear with different frequency: 1 occurs 4 times, 2 occurs 8 times, 3 occurs 4 times, 4 occurs 12 times, 5 occurs 4 times, 6 occurs 8 times, 7 occurs 4 times  Solution: use a finite field GF(23) with 8 elements – division is always possible and in the multiplication table each integer 1,…,7 occurs exactly 7 times http://users.abo.fi/ipetre/crypto/
  • 4. January 24, 2012 4 Why finite fields?  We need fields: y=ax+b  x=a-1(y-b)  We need finite fields  They all have pn elements, with p a prime number  What is their structure (addition, multiplication table)  Are there many different fields with pn elements?  Example: a field with 8 elements http://users.abo.fi/ipetre/crypto/
  • 5. January 24, 2012 5 Modulo 8 example This is not a field! http://users.abo.fi/ipetre/crypto/
  • 6. January 24, 2012 6 A field with 8 elements! + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 0 3 2 5 4 7 6 2 2 3 0 1 6 7 4 5 3 3 2 1 0 7 6 5 4 4 4 5 6 7 0 1 2 3 5 5 4 7 6 1 0 3 2 6 6 7 4 5 2 3 0 1 7 7 6 5 4 3 2 1 0 X 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 5 3 1 7 5 3 0 3 6 5 7 4 1 2 4 0 4 3 7 6 2 5 1 5 0 5 1 4 2 7 3 6 6 0 6 7 1 5 3 2 4 7 0 7 5 2 1 6 4 3 http://users.abo.fi/ipetre/crypto/
  • 7. January 24, 2012 7 Summary of the constructions in this lecture  Consider the integers Z  Take a prime number p and do operations modulo p: Zp is a field with p elements (order p)  Consider polynomials with coefficients in Zp: Zp[X]  Take an irreducible polynomial m(x) of degree n and do operations modulo m(x): GF(pn) is a field with pn elements (order pn)  AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1 http://users.abo.fi/ipetre/crypto/
  • 8. January 24, 2012 8 Plan of the lecture  Introduce here (minimal) notions needed for the understanding of AES  Groups, rings, fields  Divisors, modular arithmetic  Euclid’s algorithm  Polynomial arithmetic http://users.abo.fi/ipetre/crypto/
  • 9. January 24, 2012 9 Basic notions of abstract algebra: groups, rings, fields  Group (G,¤,e): a set G with a binary operation ¤ and an element e∈G satisfying the following laws:  Associativity: a ¤ (b ¤ c)=(a ¤ b) ¤ c for any a,b,c∈G  Identity element: a ¤ e=e ¤ a=a, for any a∈G  Inverse element: for each a∈G, there exists an element a’∈G such that a ¤ a’= a’ ¤ a=e.  a’ is usually denoted as -a and is called the inverse of a  Example of a group: the set of integers with the addition (Z,+,0)  Note that the set of integers with the multiplication (Z,x,1) is not a group: the inverse element does not exist for all integers (it exists only for 1 and –1) http://users.abo.fi/ipetre/crypto/
  • 10. January 24, 2012 10 Groups  A group (G, ¤,e) is called:  Commutative (or abelian) if a ¤ b=b ¤ a for all a,b in G  Finite if set G is finite  Infinite if set G is infinite  Example:  (Z,+,0) is a commutative group  The set of nxn matrices over integers, with the addition, is a commutative group  The set of permutations of the set {1,2,…,n} with the composition, is a finite non-commutative group http://users.abo.fi/ipetre/crypto/
  • 11. January 24, 2012 11 Rings  Ring (R,+,•,0,1): a set R with two binary operations + and • satisfying the following laws:  Associative addition: (a+b)+c=a+(b+c)  Existence of 0: a+0=0+a=a  Existence of the inverse: for all a, there is –a such that a+(-a)=(-a)+a=0  Commutativity of addition: a+b=b+a  Associative multiplication: a•(b•c)=(a•b)•c for any a,b,c∈R  Existence of 1: a•1=1•a=a  Distributivity of • over +: a•(b+c)=a•b + a•c; (a+b)•c=a•c + b•c  A ring (R,+,•,0) is called commutative if the multiplication • is commutative  Example:  (Z,+,•,0,1) is an integral domain  (Z26, +,•,0,1) is a commutative unitary ring, but not an integral domain: 2•13=0 (mod 26)  The set of nxn matrices over integers with addition and multiplication is a commutative unitary ring, but not an integral domain http://users.abo.fi/ipetre/crypto/
  • 12. January 24, 2012 12 Fields  Field (F,+,•,0,1):  (F,+, •,0,1) is a ring  Commutativity of the multiplication  Multiplicative inverse: for any nonzero element a in F there exists an element a’ in F such that a•a’=a’•a=1  a’ is usually denoted as a-1 and it is called the multiplicative inverse of a  Example:  The set of rational numbers (Q,+,•,0,1), the set of real numbers (R,+,•,0,1) are fields  The set of integers (Z,+, •,0,1) is not a field: only 1 and –1 have multiplicative inverses  (Z26, +, •,0,1) is not field  (Z3,+, •,0,1) is a finite field: the inverse of 1 is 1 and the inverse of 2 is 2  (Z5,+, •,0,1) is a finite field: 1•1=1 mod 5, 2•3=1 mod 5, 4•4=1 mod 5  Inverse of 1 is 1, inverse of 2 is 3, inverse of 3 is 2, inverse of 4 is 4 http://users.abo.fi/ipetre/crypto/
  • 13. January 24, 2012 13 Modular arithmetic  Consider now the set of integers: fix a positive integer n  For any integer a, there exists integers q and r such that a=qn+r and r is from 0 to n-1  q is the largest integers less than or equal to a/n  r is called the residue of a modulo n  Define the operator mod: a mod n=r  Define the operator div: a div n=q  Example:  7 mod 5 = 2, 11 mod 7 =4,  -11 mod 7 =3: -11=(-2).7+3  Congruence modulo n: a≡b mod n if a mod n = b mod n  Example: 73 ≡ 4 mod 23, 21 ≡ -9 ≡ 1mod 10 http://users.abo.fi/ipetre/crypto/
  • 14. January 24, 2012 14 Modulo 7 Example  The elements in each column are congruent to each other modulo 7 ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ... http://users.abo.fi/ipetre/crypto/
  • 15. January 24, 2012 15 Arithmetic modulo n  We can perform ordinary arithmetic (addition, subtraction, multiplication) modulo n (as we have done in Caesar)  Useful properties (reduce the computation mod n at any step)  (a+b) mod n = ( (a mod n) + (b mod n) ) mod n  (a-b) mod n = ( (a mod n) - (b mod n) ) mod n  (a•b) mod n = ( (a mod n) • (b mod n) ) mod n  Example: to compute 117 mod 13 we do:  112=121=4 mod 13  114=42=3 mod 13  117= 4•3•11 mod 13 =2 mod 13  (Zn,+,•,0,1) is a commutative ring, where Zn= {0,1,2,…,n-1} and the operations are performed modulo n http://users.abo.fi/ipetre/crypto/
  • 16. January 24, 2012 16 Arithmetic modulo n: divisions  Careful when performing operations modulo n  If (a+b) ≡ (a+c) mod n, then b ≡ c mod n  Not true that if (a•b) ≡ (a•c) mod n, then b ≡ c mod n  Example: (2•1) ≡ (2•5) mod 8 but 1 and 5 are not congruent modulo 8  The implication is true if and only if a is relatively prime to n, i.e., gcd(a,n)=1  Any such a has a multiplicative inverse a-1 modulo n http://users.abo.fi/ipetre/crypto/
  • 17. January 24, 2012 17 Modulo 8 example http://users.abo.fi/ipetre/crypto/
  • 18. January 24, 2012 18 Divisors  A nonzero integer b divides a if a=mb, for some integer m. We denote it as b | a and we say that b is a divisor of a  Example: Positive divisors of 24 are 1,2,3,4,6,8,12,24  Facts:  If a | 1, then a=1 or a=-1  If a | b and b | a, then a=b or a=-b  If d | g and d | h, then d | (mg+nh), for any integers m and n  If a ≡ b (mod n), then n | (a-b)  If a ≡ b (mod n), then b ≡ a (mod n)  If a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n) http://users.abo.fi/ipetre/crypto/
  • 19. January 24, 2012 19 Greatest common divisor  The positive integer d is the greatest common divisor of integers a and b, denoted d=gcd(a,b) if  It is a divisor of both a and b  Any other divisor of a and b is a divisor of d  Example: gcd(8,12)=4, gcd(24,60)=12  Integers a and b are called relatively prime if gcd(a,b)=1  Computing gcd(a,b): Euclid’s algorithm  Based on the following fact: gcd(a,b)=gcd(b,a mod b)  Euclid's Algorithm to compute gcd(a,b): Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  Note: the algorithm always terminates http://users.abo.fi/ipetre/crypto/
  • 20. January 24, 2012 20 Example: d=gcd(1970,1066) 1970 = 1 x 1066 + 904 d= gcd(1066, 904) 1066 = 1 x 904 + 162 d= gcd(904, 162) 904 = 5 x 162 + 94 d= gcd(162, 94) 162 = 1 x 94 + 68 d= gcd(94, 68) 94 = 1 x 68 + 26 d= gcd(68, 26) 68 = 2 x 26 + 16 d= gcd(26, 16) 26 = 1 x 16 + 10 d= gcd(16, 10) 16 = 1 x 10 + 6 d= gcd(10, 6) 10 = 1 x 6 + 4 d= gcd(6, 4) 6 = 1 x 4 + 2 d= gcd(4, 2) 4 = 2 x 2 + 0 d= 2 Result: gcd(1970,1066)=2, i.e., the last nonzero residue in the above computation http://users.abo.fi/ipetre/crypto/
  • 21. January 24, 2012 21 Finite fields  Fields with a finite number of elements: what is their structure?  It can be proved that if a field is finite then it has pn elements, for some prime number p  We also say that it has order pn  We denote GF(pn) – GF stands for Galois field  For n=1 we have GF(p) which is Zp  If p is prime, then any element in Zp has a multiplicative inverse  For n>1 the field has a different structure  Start from Zp and build a field with pn elements http://users.abo.fi/ipetre/crypto/
  • 22. January 24, 2012 22 Example: GF(7)=Z7 http://users.abo.fi/ipetre/crypto/
  • 23. January 24, 2012 23 Finding the multiplicative inverse in Zp  Given an element p, how do we calculate p-1?  Euclid's Algorithm to compute gcd(a,b): Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  Result: if d=gcd(a,b), then there are integers x,y such that d=ax+by  Consequence: if gcd(a,b)=1, then there are intergers x,y such that ax+by=1  so, ax=1 mod b, i.e., x=a-1 mod b  Question: how do we calculate x for given a,b?  Idea: run Euclid’s algorithm in such a way as to compute not only d, but also x and y http://users.abo.fi/ipetre/crypto/
  • 24. Finding the multiplicative inverse in Zp  Extended Euclid’s algorithm: ExtEuclid(a,b)  Output: (d,x,y), where d=gcd(a,b) and d=ax+by  If d=1, then x = a-1 (mod b)  if b = 0 then return (a,1,0)  else (t1,t2,t3)=ExtEuclid(b, a mod b)  return (t1, t3, t2 – (a div b) * t3 )  Proof of correctness  Clearly, gcd is returned on the first component (runs like Euclid’s algorithm)  Denote a mod b=r, a div b=z: a=bz+r  The proof goes by induction  The base case for b=0: trivial  Induction step: if t1=gcd(b, r) and t1=t2*b+t3*r, then t1=t2*b+t3*(a-bz) and so, t1=t3*a+(t2-t3*z)*b January 24, 2012 http://users.abo.fi/ipetre/crypto/ 24
  • 25. January 24, 2012 25 Example: the inverse of 550 in GF(1759)  Extended Euclid’s algorithm: ExtEuclid(a,b)  Output: (d,x,y), where d=gcd(a,b) and d=ax+by  if b = 0 then return (a,1,0)  else (t1,t2,t3)=ExtEuclid(b, a mod b)  return (t1, t3, t2 - (a div b) * t3 )  Z=ExtEuclid(550,1759): 550 =0•1759 + 550  compute Z1=ExtEuclid(1759,550): 1759=3•550 + 109  compute Z2=ExtEuclid(550,109): 550=5 •109 + 5  compute Z3=ExtEuclid(109,5): 109=21•5+4  compute Z4=ExtEuclid(5,4): 5=1•4+1  compute Z5=ExtEuclid(4,1): 4=4•1+0  compute Z6=ExtEuclid(1,0)=(1,1,0)  Z5=(1,0,1), Z4=(1,1,-1), Z3=(1,-1,22), Z2=(1,22,-111), Z1=(1,-111,355)  Z=(1,355,-111)  Final answer: the inverse of 550 mod 1759 is 355 http://users.abo.fi/ipetre/crypto/
  • 26. January 24, 2012 26 Polynomial Arithmetic  To define GF(pn) we need to discuss about operations with polynomials with coefficients in Zp: polynomial arithmetic  Consider only polynomials in one indeterminate http://users.abo.fi/ipetre/crypto/
  • 27. January 24, 2012 27 Ordinary Polynomial Arithmetic  Consider polynomials with coefficients in a ring or a field – e.g, Z  Adding/subtracting two polynomials is done by adding/subtracting the corresponding coefficients  Multiplying two polynomials is done in the usual way, by multiplying all terms with each other  Division (not necessarily exact) of two polynomials can also be defined if the coefficients are in a field  Example: f(x) = x3 + x2 + 2, g(x) = x2 – x + 1 with coefficients in Z  f(x) + g(x) = x3 + 2x2 – x + 3  f(x) – g(x) = x3 + x + 1  f(x) x g(x) = x5 + 3x2 – 2x + 2  For a ring or a field R, (R[X],+,•,0,1) is a ring – the ring of polynomials over R http://users.abo.fi/ipetre/crypto/
  • 28. January 24, 2012 28 Polynomial Arithmetic with Modulo Coefficients  Consider polynomials with coefficients in Zp, for some prime p  We are mostly interested in computations mod 2: all coefficients are 0 or 1  Example: f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1 f(x) x g(x) = x5 + x2  Division (not necessarily exact) of two polynomials can also be defined if the coefficients are in a field  The computations are done similarly as for integers: e.g., Euclid’s algorithm holds also for polynomials http://users.abo.fi/ipetre/crypto/
  • 29. January 24, 2012 29 Division of polynomials with coefficients in Zp  For any polynomials f(x), g(x), there exist two polynomials q(x), r(x) such that:  f(x) = q(x) g(x) + r(x)  deg(r) < deg(g)  Thus, division (not necessarily exact) is possible:  q(x)=f(x) div g(x)  r(x)=f(x) mod g(x)  If r(x)=0, then we say that g(x) divides f(x): g(x) | f(x)  If f(x) has no divisors other than itself and constant polynomials, we say it is irreducible (or prime) polynomial  Equivalently, f(x) cannot be written as g(x)h(x) with deg(g) < deg(f), deg(h) < deg(f)  Greatest common divisor gcd(f,g) is defined similarly as for integers:  It is a divisor of both f and g  Any other divisor of f and g is a divisor of gcd(f,g)  Gcd(f,g) can be computed using Euclid’s algorithm http://users.abo.fi/ipetre/crypto/
  • 30. January 24, 2012 30 Computing the GCD of two polynomials over Zp  Euclid(a,b)  If b=0 then return a  Else return Euclid(b,a mod b)  EUCLID[a(x), b(x)]: computes gcd(a(x), b(x))  If b(x)=0 then return a(x)  Else return EUCLID(b(x), a(x) mod b(x)) http://users.abo.fi/ipetre/crypto/
  • 31. January 24, 2012 31 Modular Polynomial Arithmetic (arithmetic modulo a polynomial)  Consider an irreducible polynomial f(x) with degree n and coefficients in Zp  Example: x8+x4+x3+x+1 is irreducible in Z2[x] (the polynomial used in AES)  Polynomial arithmetic modulo f(x) can be done similarly as integer arithmetic modulo a prime number p  Take any two polynomials modulo f(x)  Do addition/subtraction/multiplication modulo f(x)  If f(x) is irreducible, then the set of all polynomials modulo f(x) forms a field denoted GF(pn)  We are mostly interested in GF(2n) : all polynomials with binary coefficients and degree less than n  Addition is the normal addition of two polynomials  Multiplication is done modulo f(x)  GF(2n) is indeed a field: any nonzero element has an inverse  The extended Euclid algorithm can be used here just like for integers http://users.abo.fi/ipetre/crypto/
  • 32. January 24, 2012 32 Computing the inverse in GF(pn)  Extended Euclid’s algorithm: ExtEuclid(a(x),b(x))  Output: (d(x),e(x),f(x)), where d(x)=gcd(a(x),b(x)) and d=a(x)e(x)+b(x)f(x)  if b(x) = 0 then return (a(x),1,0)  else (t1(x),t2(x),t3(x))=ExtEuclid(b(x), a(x) mod b(x))  return (t1(x), t3(x), t2(x) - (a(x) div b(x)) * t3(x) )  If F(x) is an irreducible polynomial and (d(x),t(x),u(x))=ExtEuclid(a(x),F(x)), then  d(x)=1  t(x)=a-1(x) mod F(x) http://users.abo.fi/ipetre/crypto/
  • 33. January 24, 2012 33 Example: GF(23) http://users.abo.fi/ipetre/crypto/
  • 34. January 24, 2012 34 Computational considerations  A polynomial in GF(2n) can be represented by its n binary coefficients (an-1,an-2,…,a0), i.e., by a number on n bits  Addition of polynomials becomes bitwise XOR of their n-bit representations  Multiplication is shift & XOR: example for GF(28) with m(x)=x8+x4+x3+x+1 (AES)  x8 mod m(x) = (x8 - m(x)) = x4+x3+x+1  Consider a polynomial in GF(28) f(x)=b7x7+b6x6+b5x5+b4x4+b3x3+b2x2+b1x+b0  Multiplying by x we have xf(x)=b7x8+b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x  If b7=0, then the result is in GF(28). If b7=1, then we need to reduce x8 mod m(x): xf(x) = (b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x) + (x4+x3+x+1)  Thus, multiplication by x is in fact a 1-bit left shift followed by a conditional XOR with (00011011)  Multiplication by higher powers of x implies an iteration of the above procedure http://users.abo.fi/ipetre/crypto/
  • 35. January 24, 2012 35 Summary  Consider the integers Z  Take a prime number and do operations modulo p: Zp is a field with p elements (order p)  Consider polynomials with coefficients in Zp: Zp[X]  Take an irreducible polynomial m(x) of degree n and do operations modulo m(x): GF(pn) is a field with pn elements (order pn)  Any finite field has order pn, for some prime p and a positive integer n  AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1 http://users.abo.fi/ipetre/crypto/