Upcoming SlideShare
×

# Chap4

2,320 views

Published on

Published in: Technology, Education
2 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

Views
Total views
2,320
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
115
0
Likes
2
Embeds 0
No embeds

No notes for slide
• ### Chap4

1. 1. Chapter 4 Finite Fields
2. 2. ❏ To review the concept of algebraic structures ❏ To define and give some examples of groups ❏ To define and give some examples of rings ❏ To define and give some examples of fields ❏ To emphasize the finite fields of type GF(2 n ) that make it possible to perform operations such as addition, subtraction, multiplication, and division on n -bit words in modern block ciphers Objectives Chapter 4
3. 3. 4-1 ALGEBRAIC STRUCTURES Cryptography requires sets of integers and specific operations that are defined for those sets. The combination of the set and the operations that are applied to the elements of the set is called an algebraic structure . In this chapter, we will define three common algebraic structures: groups, rings, and fields. Topics discussed in this section: 4.1.1 Groups 4.1.2 Rings 4.1.3 Fields
4. 4. Introduction <ul><li>of increasing importance in cryptography </li></ul><ul><ul><li>AES, Elliptic Curve, IDEA, Public Key </li></ul></ul><ul><li>concern operations on “numbers” </li></ul><ul><ul><li>where what constitutes a “number” and the type of operations varies considerably </li></ul></ul><ul><li>start with concepts of groups, rings, fields from abstract algebra </li></ul>
5. 5. 4.1 Continued Figure 4.1 Common algebraic structure
6. 6. Group: {G,  } <ul><li>a set of elements or “numbers” with a binary operator “  ”. </li></ul><ul><li>obeys: </li></ul><ul><ul><li>closure : a  G, b  G  a  b  G </li></ul></ul><ul><ul><li>associative law: (a  b)  c = a  (b  c) </li></ul></ul><ul><ul><li>has identity e : e  a = a  e = a </li></ul></ul><ul><ul><li>has inverses a -1 : a  a -1 = e </li></ul></ul><ul><li>if commutative a  b = b  a </li></ul><ul><ul><li>then forms an abelian group </li></ul></ul>
7. 7. 4.1.1 Continued Figure 4.2 Group
8. 8. 4.1.1 Continued Application Although a group involves a single operation, the properties imposed on the operation allow the use of a pair of operations as long as they are inverses of each other. The set of residue integers with the addition operator, G = < Z n , +>, is a commutative group. We can perform addition and subtraction on the elements of this set without moving out of the set. Example 4.1
9. 9. 4.1.1 Continued The set Z n * with the multiplication operator, G = <Z n *, ×>, is also an abelian group. Example 4.2 Let us define a set G = < { a , b , c , d }, •> and the operation as shown in Table 4.1. Example 4.3
10. 10. Cyclic Group <ul><li>define exponentiation as repeated application of operator </li></ul><ul><ul><li>example: a 3 = a  a  a </li></ul></ul><ul><li>and let identity be: e= a 0 </li></ul><ul><li>a group is cyclic if every element is a power of some fixed element a  G </li></ul><ul><ul><li>ie b = a k for some a and every b in group </li></ul></ul><ul><li>a is said to be a generator of the group </li></ul>
11. 11. Ring: {R, +,  } <ul><li>a set of “numbers” with two operations (addition and multiplication) which are: </li></ul><ul><li>an abelian group with addition operation </li></ul><ul><li>multiplication: </li></ul><ul><ul><li>has closure </li></ul></ul><ul><ul><li>is associative </li></ul></ul><ul><ul><li>distributive over addition: a(b+c) = ab + ac </li></ul></ul><ul><li>if multiplication operation is commutative, it forms a commutative ring (ab = ba).. a,b  R </li></ul><ul><li>if multiplication operation has multiplicative identity and no zero divisors, it forms an integral domain </li></ul>
12. 12. 4.1.2 Ring A ring, R = <{…}, •, >, is an algebraic structure with two operations. Figure 4.4 Ring
13. 13. 4.1.2 Continued Example 4.11 The set Z with two operations, addition and multiplication, is a commutative ring. We show it by R = <Z, +, ×>. Addition satisfies all of the five properties; multiplication satisfies only three properties.
14. 14. Field {F, +,  } <ul><li>a set of numbers with two operations: </li></ul><ul><ul><li>abelian group for addition </li></ul></ul><ul><ul><li>abelian group for multiplication (ignoring 0) </li></ul></ul><ul><ul><li>Ring </li></ul></ul><ul><li>obeys: </li></ul><ul><ul><li>has multiplicative inverses a -1 : </li></ul></ul><ul><ul><li>a  a -1 = e </li></ul></ul>
15. 15. 4.1.3 Field A field, denoted by F = <{…}, •, > is a commutative ring in which the second operation satisfies all five properties defined for the first operation except that the identity of the first operation has no inverse. Figure 4.5 Field
16. 16. 4.1.3 Continued Galois showed that for a field to be finite, the number of elements should be p n , where p is a prime and n is a positive integer. Finite Fields A Galois field, GF( p n ), is a finite field with p n elements. Note
17. 17. 4.1.3 Continued When n = 1, we have GF( p ) field. This field can be the set Z p , {0, 1, …, p − 1}, with two arithmetic operations. GF( p ) Fields
18. 18. 4.1.2 Continued Example 4.12 A very common field in this category is GF(2) with the set {0, 1} and two operations, addition and multiplication, as shown in Figure 4.6. Figure 4.6 GF(2) field
19. 19. 4.1.2 Continued Example 4.13 We can define GF(5) on the set Z 5 (5 is a prime) with addition and multiplication operators as shown in Figure 4.7. Figure 4.7 GF(5) field
20. 20. 4.1.3 Continued Table 4.3 Summary Summary
21. 21. 4.2 Continued Example 4.14 Let us define a GF(2 2 ) field in which the set has four 2-bit words: {00, 01, 10, 11}. We can redefine addition and multiplication for this field in such a way that all properties of these operations are satisfied, as shown in Figure 4.8. Figure 4.8 An example of GF(2 2 ) field
22. 22. 4.2.1 Continued GF( 2 n ) Fields Polynomials representing n -bit words use two fields: GF(2) and GF(2 n ). Note
23. 23. Modular Arithmetic <ul><li>define modulo operator a mod n to be remainder when a is divided by n </li></ul><ul><li>use the term congruence for: a  b mod n </li></ul><ul><ul><li>when divided by n, a & b have same remainder </li></ul></ul><ul><ul><li>eg. 100  34 mod 11 </li></ul></ul><ul><li>b is called the residue of a mod n </li></ul><ul><ul><li>since with integers can always write: a = qn + b </li></ul></ul><ul><li>usually have 0 <= b <= n-1 </li></ul><ul><ul><li>-12 mod 7  -5 mod 7  2 mod 7  9 mod 7 </li></ul></ul>
24. 24. Divisors <ul><li>say a non-zero number b divides a if for some m have a=mb ( a,b,m all integers) </li></ul><ul><li>that is b divides into a with no remainder </li></ul><ul><li>denote this b|a </li></ul><ul><li>and say that b is a divisor of a </li></ul><ul><li>eg. all of 1,2,3,4,6,8,12,24 divide 24 </li></ul>
25. 25. Properties 2.1.4 Continued Property 1: if a|1, then a = ±1. Property 2: if a|b and b|a, then a = ±b. Property 3: if a|b and b|c, then a|c. Property 4: if a|b and a|c, then a|(m × b + n × c), where m and n are arbitrary integers
26. 26. Modular Arithmetic Operations <ul><li>is 'clock arithmetic‘, uses a finite number of values, and loops back from either end </li></ul><ul><li>modular arithmetic is when do addition & multiplication and modulo reduce answer </li></ul><ul><li>can do reduction at any point , ie </li></ul><ul><ul><li>a+b mod n = [(a mod n)+(b mod n)] mod n </li></ul></ul><ul><ul><li>a-b mod n = [(a mod n)-(b mod n)] mod n </li></ul></ul><ul><ul><li>a*b mod n = [(a mod n)*(b mod n)] mod n </li></ul></ul>
27. 27. Modular Operator Properties <ul><li>a  b mod n if n|(a-b). </li></ul><ul><li>a  b mod n implies b  a mod n. </li></ul><ul><li>a  b mod n and b  c mod n imply a  c mod n </li></ul>
28. 28. <ul><li>To find 11 7 mod 13. </li></ul><ul><li>11 2 = 121  4 mod 13 </li></ul><ul><li>11 4 = 4 2  3 mod 13 </li></ul><ul><li>11 7  11 * 4* 3  132  2mod 13 </li></ul>
29. 29. Modular Arithmetic <ul><li>can do modular arithmetic with any group of integers: Z n = {0, 1, … , n-1} </li></ul><ul><li>Z n represents a residue class </li></ul><ul><li>a commutative ring with a multiplicative identity element. </li></ul><ul><li>note some peculiarities </li></ul><ul><ul><li>if (a+b) ≡(a+c) mod n then b≡c mod n </li></ul></ul><ul><ul><li>but (ab) ≡(ac) mod n then b≡c mod n only if a is relatively prime to n </li></ul></ul>
30. 30. Residue classes <ul><li>Set Z n is set of non negative integers less than n: </li></ul><ul><li>Z n ={0,1…..(n-1)}. This is called as set of residue ,or residue classes modulo n. </li></ul><ul><li>Each integer in Z n represent a residue class. </li></ul><ul><li>we lable residue classes modulo n as </li></ul><ul><li>[0],[1],[2]..[n-1] where </li></ul><ul><li>[r] ={a : a is an integer, a  r mod n} </li></ul>
31. 31. Residue class continue.. <ul><li>The residue classes modulo 4 are… </li></ul><ul><li>[0]={..,-16,-12,-8,-4,0,4,8,12,16,…} </li></ul><ul><li>[1]={…,-3,1,5,9,13,….} </li></ul><ul><li>[2]={….,-6,-2,2,6,10,…..} </li></ul><ul><li>[3]={…,-13,-9,-5,-1,3,7,11,15,19,….} </li></ul><ul><li>Of all integers in residue class, the smallest nonnegative integers is one usually used to represent the residue class </li></ul>
32. 32. Multiplicative inverse(w -1 ): w  z ≡ 1 mod n
33. 35. Formula for Finding Inverse. <ul><li>Additive Inverse. </li></ul><ul><li>w + z ≡ 0 mod p </li></ul><ul><li>Multiplicative Inverse. </li></ul><ul><li>w × z ≡ 1 mod p </li></ul>
34. 36. Modular Arithmetic <ul><li>An integer has a multiplicative inverse in Z n if that integer is relatively prime to n. </li></ul><ul><li>two integers are relatively prime if their only common positive integer factor is 1. </li></ul>
35. 37. Greatest Common Divisor (GCD) <ul><li>a common problem in number theory </li></ul><ul><li>GCD (a,b) of a and b is the largest number that divides both a and b </li></ul><ul><ul><li>e.g. GCD(60,24) = 12 </li></ul></ul><ul><li>Two integers are relatively prime if their greatest common divisor is 1. </li></ul><ul><ul><li>e.g. GCD(8,15) = 1 </li></ul></ul><ul><ul><li>hence 8 & 15 are relatively prime </li></ul></ul>
36. 38. Euclid's GCD Algorithm <ul><li>an efficient way to find the GCD(a,b) </li></ul><ul><li>uses theorem that: </li></ul><ul><ul><li>GCD(a,b) = GCD(b, a mod b) </li></ul></ul><ul><li>Euclid's Algorithm to compute GCD(a,b): </li></ul><ul><ul><li>A=a, B=b </li></ul></ul><ul><ul><li>while B>0 </li></ul></ul><ul><ul><ul><li>R = A mod B </li></ul></ul></ul><ul><ul><ul><li>A = B, B = R </li></ul></ul></ul><ul><ul><li>return A </li></ul></ul>
37. 39. Example GCD(1970,1066) <ul><li>1970 = 1 x 1066 + 904 gcd(1066, 904) </li></ul><ul><li>1066 = 1 x 904 + 162 gcd(904, 162) </li></ul><ul><li>904 = 5 x 162 + 94 gcd(162, 94) </li></ul><ul><li>162 = 1 x 94 + 68 gcd(94, 68) </li></ul><ul><li>94 = 1 x 68 + 26 gcd(68, 26) </li></ul><ul><li>68 = 2 x 26 + 16 gcd(26, 16) </li></ul><ul><li>26 = 1 x 16 + 10 gcd(16, 10) </li></ul><ul><li>16 = 1 x 10 + 6 gcd(10, 6) </li></ul><ul><li>10 = 1 x 6 + 4 gcd(6, 4) </li></ul><ul><li>6 = 1 x 4 + 2 gcd(4, 2) </li></ul><ul><li>4 = 2 x 2 + 0 gcd(2, 0) </li></ul>
38. 40. Modular Arithmetic <ul><li>If GCD(a, n)=1, </li></ul><ul><li>one can find b in Z n such that a  b ≡ 1 mod n </li></ul><ul><li>Z n  a = {0, a, 2a, 3a, …(n-1)a} = Z n </li></ul><ul><li>If p is a prime number, then all the elements of Z p are relatively prime to p. </li></ul><ul><li>Z p : field </li></ul>
39. 41. Galois Fields <ul><li>finite fields play a key role in cryptography </li></ul><ul><li>p: prime, a prime is an integer whose only positive integer factors are itself and 1. </li></ul><ul><li>The order of a finite field (number of elements in the field) must be a power of a prime p n , wher n is a positive integer. </li></ul><ul><li>known as Galois fields </li></ul><ul><li>denoted GF(p n ) </li></ul><ul><li>in particular often use the fields: </li></ul><ul><ul><li>GF(p), n=1 </li></ul></ul><ul><ul><li>GF(2 n ) </li></ul></ul>
40. 42. Galois Fields GF(p) <ul><li>GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p </li></ul><ul><li>these form a finite field </li></ul><ul><ul><li>since have multiplicative inverses </li></ul></ul><ul><li>hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p). </li></ul>
41. 43. Finding Inverses <ul><li>can extend Euclid’s algorithm: </li></ul><ul><ul><li>EXTENDED EUCLID( m , b ) </li></ul></ul><ul><ul><li>(A1, A2, A3)=(1, 0, m ); </li></ul></ul><ul><ul><li>(B1, B2, B3)=(0, 1, b ) </li></ul></ul><ul><ul><li>2. if B3 = 0 </li></ul></ul><ul><ul><li>return A3 = gcd( m , b ); no inverse </li></ul></ul><ul><ul><li>3. if B3 = 1 </li></ul></ul><ul><ul><li>return B3 = gcd( m , b ); B2 = b –1 mod m </li></ul></ul><ul><ul><li>4. Q = A3 div B3 </li></ul></ul><ul><ul><li>5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) </li></ul></ul><ul><ul><li>6. (A1, A2, A3)=(B1, B2, B3) </li></ul></ul><ul><ul><li>7. (B1, B2, B3)=(T1, T2, T3) </li></ul></ul><ul><ul><li>8. goto 2 </li></ul></ul>
42. 44. Inverse of 550 in GF(1759)