Uploaded byssuser718176
PPT, PDF42 views

cryptography for students and for learning

El capítulo 4 del libro de William Stallings presenta los conceptos básicos de la teoría de números y los campos finitos, que son fundamentales en la criptografía, especialmente en técnicas como AES y operaciones en redes. Se discuten temas como la divisibilidad, el máximo común divisor y la aritmética modular, con ejemplos ilustrativos que destacan cómo estas matemáticas son aplicadas en la seguridad de la red. Además, se menciona la importancia del algoritmo euclidiano para calcular el máximo común divisor de dos números.

Embed presentation

Download to read offline
Cryptography and Cryptography and Network Security Network Security Chapter 4 Chapter 4 Fifth Edition Fifth Edition by William Stallings by William Stallings Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown
Chapter 4 – Basic Concepts in Chapter 4 – Basic Concepts in Number Theory and Finite Number Theory and Finite Fields Fields The next morning at daybreak, Star flew indoors, seemingly keen for The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing pursued the science of numbers with keen interest and astonishing intelligence. intelligence. — — Living with Birds Living with Birds, Len Howard , Len Howard
Introduction Introduction  will now introduce finite fields will now introduce finite fields  of increasing importance in cryptography of increasing importance in cryptography  AES, Elliptic Curve, IDEA, Public Key AES, Elliptic Curve, IDEA, Public Key  also important in many other areas of also important in many other areas of computer engineering computer engineering  error detection, error correction, matching, ... error detection, error correction, matching, ...  concern operations on “numbers” concern operations on “numbers”  where what constitutes a “number” and the where what constitutes a “number” and the type of operations varies considerably type of operations varies considerably  start with basic number theory concepts start with basic number theory concepts
Divisors Divisors  say a non-zero number say a non-zero number b b divides divides a a if for if for some some m m have have a=mb a=mb ( (a,b,m a,b,m all integers) all integers)  that is that is b b divides into divides into a a with no remainder with no remainder  denote this as denote this as b|a b|a (“b divides a”) (“b divides a”)  and say that and say that b b is a is a divisor divisor of of a a  eg. all of 1,2,3,4,6,8,12,24 divide 24 eg. all of 1,2,3,4,6,8,12,24 divide 24  eg. eg. 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0
Properties of Divisibility Properties of Divisibility  If If a|1, then a = ±1. a|1, then a = ±1.  If a|b and b|a, then a = ±b. If a|b and b|a, then a = ±b.  Any b /= 0 divides 0. Any b /= 0 divides 0.  If a | b and b | c, then a | c If a | b and b | c, then a | c  e.g. e.g. 11 | 66 and 66 | 198 so 11 | 198 11 | 66 and 66 | 198 so 11 | 198  If If b|g and b|h, then b|(mg + nh) b|g and b|h, then b|(mg + nh) linear combinations for arbitrary integers m and n linear combinations for arbitrary integers m and n e.g. b = 7; g = 14; h = 63; m = 3; n = 2 e.g. b = 7; g = 14; h = 63; m = 3; n = 2 7|14 and 7|63 hence 7 | 168 (= 42 + 126) 7|14 and 7|63 hence 7 | 168 (= 42 + 126)
Division Algorithm Division Algorithm  if we divide a by n we get integer quotient if we divide a by n we get integer quotient q q and integer remainder and integer remainder r r such that: such that:  a = qn + r a = qn + r where where 0 <= r < n; q = floor(a/n) 0 <= r < n; q = floor(a/n)  remainder remainder r r often referred to as a often referred to as a residue residue
Greatest Common Divisor (GCD) Greatest Common Divisor (GCD)  a common problem in number theory a common problem in number theory  GCD (a,b) of a and b is the largest integer GCD (a,b) of a and b is the largest integer that divides evenly into both a and b that divides evenly into both a and b  e.g. GCD(60,24) = 12 e.g. GCD(60,24) = 12  define gcd(0, 0) = 0 define gcd(0, 0) = 0  often want often want no common factors no common factors (except 1) (except 1) define such numbers as define such numbers as relatively prime relatively prime  e.g. GCD(8,15) = 1 e.g. GCD(8,15) = 1  hence 8 & 15 are relatively prime hence 8 & 15 are relatively prime
Example GCD(1970,1066) Example GCD(1970,1066) 1970 = 1 x 1066 + 904 1970 = 1 x 1066 + 904 gcd(1066, 904) gcd(1066, 904) 1066 = 1 x 904 + 162 1066 = 1 x 904 + 162 gcd(904, 162) gcd(904, 162) 904 = 5 x 162 + 94 904 = 5 x 162 + 94 gcd(162, 94) gcd(162, 94) 162 = 1 x 94 + 68 162 = 1 x 94 + 68 gcd(94, 68) gcd(94, 68) 94 = 1 x 68 + 26 94 = 1 x 68 + 26 gcd(68, 26) gcd(68, 26) 68 = 2 x 26 + 16 68 = 2 x 26 + 16 gcd(26, 16) gcd(26, 16) 26 = 1 x 16 + 10 26 = 1 x 16 + 10 gcd(16, 10) gcd(16, 10) 16 = 1 x 10 + 6 16 = 1 x 10 + 6 gcd(10, 6) gcd(10, 6) 10 = 1 x 6 + 4 10 = 1 x 6 + 4 gcd(6, 4) gcd(6, 4) 6 = 1 x 4 + 2 6 = 1 x 4 + 2 gcd(4, 2) gcd(4, 2) 4 = 2 x 2 + 0 4 = 2 x 2 + 0 gcd(2, 0) gcd(2, 0)
GCD(1160718174, 316258250) GCD(1160718174, 316258250) Dividend Dividend Divisor Divisor Quotient Quotient Remainder Remainder a = 1160718174 a = 1160718174 b = 316258250 b = 316258250 q1 = 3 q1 = 3 r1 = 211943424 r1 = 211943424 b = 316258250 b = 316258250 r1 = 211943424 r1 = 211943424 q2 = 1 q2 = 1 r2 = 104314826 r2 = 104314826 r1 = 211943424 r1 = 211943424 r2 = 104314826 r2 = 104314826 q3 = 2 q3 = 2 r3 = 3313772 r3 = 3313772 r2 = 104314826 r2 = 104314826 r3 = 3313772 r3 = 3313772 q4 = 31 q4 = 31 r4 = 1587894 r4 = 1587894 r3 = 3313772 r3 = 3313772 r4 = 1587894 r4 = 1587894 q5 = 2 q5 = 2 r5 = 137984 r5 = 137984 r4 = 1587894 r4 = 1587894 r5 = 137984 r5 = 137984 q6 = 11 q6 = 11 r6 = 70070 r6 = 70070 r5 = 137984 r5 = 137984 r6 = 70070 r6 = 70070 q7 = 1 q7 = 1 r7 = 67914 r7 = 67914 r6 = 70070 r6 = 70070 r7 = 67914 r7 = 67914 q8 = 1 q8 = 1 r8 = 2156 r8 = 2156 r7 = 67914 r7 = 67914 r8 = 2156 r8 = 2156 q9 = 31 q9 = 31 r9 = 1078 r9 = 1078 r8 = 2156 r8 = 2156 r9 = 1078 r9 = 1078 q10 = 2 q10 = 2 r10 = 0 r10 = 0
Modular Arithmetic Modular Arithmetic  define define modulo operator modulo operator “ “a mod n” a mod n” to be to be remainder when a is divided by n remainder when a is divided by n  where integer where integer n n is called the is called the modulus modulus  b b is called a is called a residue residue of of a a mod mod n n  since with integers can always write: since with integers can always write: a = qn + b a = qn + b  usually chose smallest positive remainder as residue usually chose smallest positive remainder as residue • ie. ie. 0 <= b <= n-1 0 <= b <= n-1  process is known as process is known as modulo reduction modulo reduction • eg. -12 mod 7 eg. -12 mod 7 = = -5 mod 7 -5 mod 7 = = 2 mod 7 2 mod 7 = = 9 mod 7 9 mod 7  a a & & b b are are congruent congruent if: if: a mod n = b mod n a mod n = b mod n  when divided by when divided by n, n, a & b have same remainder a & b have same remainder  eg. 100 mod 11 = 34 mod 11 eg. 100 mod 11 = 34 mod 11 so 100 is congruent to 34 mod 11 so 100 is congruent to 34 mod 11
Modular Arithmetic Operations Modular Arithmetic Operations  can perform arithmetic with residues can perform arithmetic with residues  uses a finite number of values, and loops uses a finite number of values, and loops back from either end back from either end Z Zn n = {0, 1, . . . , ( = {0, 1, . . . , (n – 1)} n – 1)}  modular arithmetic is when do addition & modular arithmetic is when do addition & multiplication and modulo reduce answer multiplication and modulo reduce answer  can do reduction at any point, i.e. can do reduction at any point, i.e. a+b mod n = [a mod n + b mod n] mod n a+b mod n = [a mod n + b mod n] mod n
Modular Arithmetic Operations Modular Arithmetic Operations 1. 1. [(a mod n) + (b mod n)] mod n [(a mod n) + (b mod n)] mod n = (a + b) mod n = (a + b) mod n 2. 2. [(a mod n) – (b mod n)] mod n [(a mod n) – (b mod n)] mod n = (a – b) mod n = (a – b) mod n 3. 3. [(a mod n) x (b mod n)] mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n = (a x b) mod n e.g. e.g. [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
Modulo 8 Addition Example Modulo 8 Addition Example + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5 7 7 0 1 2 3 4 5 6
Modulo 8 Multiplication Modulo 8 Multiplication + 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 6 0 2 4 6 3 0 3 6 1 4 7 2 5 4 0 4 0 4 0 4 0 4 5 0 5 2 7 4 1 6 3 6 0 6 4 2 0 6 4 2 7 0 7 6 5 4 3 2 1
Modular Arithmetic Properties Modular Arithmetic Properties
Euclidean Algorithm Euclidean Algorithm  an efficient way to find the GCD(a,b) an efficient way to find the GCD(a,b)  uses theorem that: uses theorem that:  GCD(a,b) = GCD(b, a mod b) GCD(a,b) = GCD(b, a mod b)  Euclidean Algorithm to compute GCD(a,b) is: Euclidean Algorithm to compute GCD(a,b) is: Euclid(a,b) Euclid(a,b) if (b=0) then return a; if (b=0) then return a; else return Euclid(b, a mod b); else return Euclid(b, a mod b);
Extended Euclidean Algorithm Extended Euclidean Algorithm  calculates not only GCD but x & y: calculates not only GCD but x & y: ax + by = d = gcd(a, b) ax + by = d = gcd(a, b)  useful for later crypto computations useful for later crypto computations  follow sequence of divisions for GCD but follow sequence of divisions for GCD but assume at each step i, can find x &y: assume at each step i, can find x &y: r = ax + by r = ax + by  at end find GCD value and also x & y at end find GCD value and also x & y  if GCD(a,b)=1 these values are inverses if GCD(a,b)=1 these values are inverses
Finding Inverses Finding Inverses EXTENDED EUCLID( EXTENDED EUCLID(m m, , b b) ) 1. 1. (A1, A2, A3)=(1, 0, (A1, A2, A3)=(1, 0, m m); ); (B1, B2, B3)=(0, 1, (B1, B2, B3)=(0, 1, b b) ) 2. if 2. if B3 = 0 B3 = 0 return return A3 = gcd( A3 = gcd(m m, , b b); no inverse ); no inverse 3. if 3. if B3 = 1 B3 = 1 return return B3 = gcd( B3 = gcd(m m, , b b); B2 = ); B2 = b b–1 –1 mod mod m m 4. 4. Q = A3 div B3 Q = A3 div B3 5. 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. 6. (A1, A2, A3)=(B1, B2, B3) (A1, A2, A3)=(B1, B2, B3) 7. 7. (B1, B2, B3)=(T1, T2, T3) (B1, B2, B3)=(T1, T2, T3) 8. goto 8. goto 2 2
Inverse of 550 in GF(1759) Inverse of 550 in GF(1759) Q A1 A2 A3 B1 B2 B3 — 1 0 1759 0 1 550 3 0 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1 -111(1759) + 355(550) = 1
Group Group  a set S of elements or “numbers” a set S of elements or “numbers”  may be finite or infinite may be finite or infinite  with some operation ‘.’ so G=(S,.) with some operation ‘.’ so G=(S,.)  Obeys CAIN: Obeys CAIN:  Closure: Closure: a,b a,b in S, then in S, then a.b a.b in S in S  Associative law: Associative law: (a.b).c = a.(b.c) (a.b).c = a.(b.c)  has Identity has Identity e e: : e.a = a.e = a e.a = a.e = a  has iNverses has iNverses a a-1 -1 : :a.a a.a-1 -1 = e = e  if commutative if commutative a.b = b.a a.b = b.a  then forms an then forms an Abelian group Abelian group
Cyclic Group Cyclic Group  define define exponentiation exponentiation as repeated as repeated application of operator application of operator  example: example: a a3 3 = a.a.a = a.a.a  and let identity be: and let identity be: e= e=a a0 0  a group is cyclic if every element is a a group is cyclic if every element is a power of some fixed element power of some fixed element a a  i.e., i.e., b = b = a ak k for some for some a a and every and every b b in group in group  a a is said to be a generator of the group is said to be a generator of the group
Ring Ring  a set of “numbers” a set of “numbers”  with two operations (addition and multiplication) with two operations (addition and multiplication) which form: which form:  an Abelian group with addition operation an Abelian group with addition operation  and multiplication: and multiplication:  has closure has closure  is associative is associative  distributive over addition: distributive over addition: a(b+c) = ab + ac a(b+c) = ab + ac  if multiplication operation is commutative, it if multiplication operation is commutative, it forms a forms a commutative ring commutative ring  if if multiplication operation has an identity and no multiplication operation has an identity and no zero divisors, it forms an zero divisors, it forms an integral domain integral domain
Field Field  a set of numbers a set of numbers  with two operations which form: with two operations which form:  Abelian group for addition Abelian group for addition  Abelian group for multiplication (ignoring 0) Abelian group for multiplication (ignoring 0)  ring ring  have hierarchy with more axioms/laws have hierarchy with more axioms/laws  group -> ring -> field group -> ring -> field
Group, Ring, Field Group, Ring, Field
Finite (Galois) Fields Finite (Galois) Fields  finite fields play a key role in cryptography finite fields play a key role in cryptography  can show number of elements in a finite can show number of elements in a finite field field must must be a power of a prime p be a power of a prime pn n  known as Galois fields known as Galois fields  denoted GF(p denoted GF(pn n ) )  in particular often use the fields: in particular often use the fields:  GF(p) GF(p)  GF(2 GF(2n n ) )
Galois Fields GF(p) Galois Fields GF(p)  GF(p) is the set of integers {0,1, … , p-1} GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p with arithmetic operations modulo prime p  these form a finite field these form a finite field  since have multiplicative inverses since have multiplicative inverses  find inverse with Extended Euclidean algorithm find inverse with Extended Euclidean algorithm  hence arithmetic is “well-behaved” and can hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and do addition, subtraction, multiplication, and division without leaving the field GF(p) division without leaving the field GF(p)
GF(7) Multiplication Example GF(7) Multiplication Example  0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1
Polynomial Arithmetic Polynomial Arithmetic  can compute using polynomials can compute using polynomials f f( (x x) = a ) = an nx xn n + a + an-1 n-1x xn-1 n-1 + … + a + … + a1 1x + x + a a0 0 = ∑ a = ∑ ai ix xi i • n.b. not interested in any specific value of x n.b. not interested in any specific value of x • which is known as the indeterminate which is known as the indeterminate  several alternatives available several alternatives available  ordinary polynomial arithmetic ordinary polynomial arithmetic  poly arithmetic with coefs mod p poly arithmetic with coefs mod p  poly arithmetic with coefs mod p and poly arithmetic with coefs mod p and polynomials mod m(x) polynomials mod m(x)
Ordinary Polynomial Arithmetic Ordinary Polynomial Arithmetic  add or subtract corresponding coefficients add or subtract corresponding coefficients  multiply all terms by each other multiply all terms by each other  eg eg let let f f( (x x) = ) = x x3 3 + + x x2 2 + 2 and + 2 and g g( (x x) = ) = x x2 2 – – x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3 3 + 2 + 2x x2 2 – – x x + 3 + 3 f f( (x x) – ) – g g( (x x) = ) = x x3 3 + + x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5 5 + 3 + 3x x2 2 – 2 – 2x x + 2 + 2
Polynomial Arithmetic with Polynomial Arithmetic with Modulo Coefficients Modulo Coefficients  when computing value of each coefficient when computing value of each coefficient do calculation modulo some value do calculation modulo some value  forms a polynomial ring forms a polynomial ring  could be modulo any prime could be modulo any prime  but we are most interested in mod 2 but we are most interested in mod 2  ie all coefficients are 0 or 1 ie all coefficients are 0 or 1  eg. let eg. let f f( (x x) = ) = x x3 3 + + x x2 2 and and g g( (x x) = ) = x x2 2 + + x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3 3 + + x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5 5 + + x x2 2
Polynomial Division Polynomial Division  can write any polynomial in the form: can write any polynomial in the form:  f f( (x x) = ) = q q( (x x) ) g g( (x x) + ) + r r( (x x) )  can interpret can interpret r r( (x x) ) as being a remainder as being a remainder  r r( (x x) = ) = f f( (x x) mod ) mod g g( (x x) )  if have no remainder say if have no remainder say g g( (x x) divides ) divides f f( (x x) )  if if g g( (x x) has no divisors other than itself & 1 ) has no divisors other than itself & 1 say it is say it is irreducible irreducible (or prime) polynomial (or prime) polynomial  arithmetic modulo an irreducible arithmetic modulo an irreducible polynomial forms a field polynomial forms a field
Polynomial GCD Polynomial GCD  can find greatest common divisor for polys can find greatest common divisor for polys  c(x) c(x) = GCD( = GCD(a(x), b(x) a(x), b(x)) if ) if c(x) c(x) is the poly of greatest is the poly of greatest degree which divides both degree which divides both a(x), b(x) a(x), b(x)  can adapt Euclid’s Algorithm to find it: can adapt Euclid’s Algorithm to find it: Euclid( Euclid(a a( (x x) ), b , b( (x x) )) ) if ( if (b b( (x x) )=0) then return =0) then return a a( (x x) ); ; else return else return Euclid( Euclid(b b( (x x) ), , a a( (x x) ) mod mod b b( (x x) )); );  all foundation for polynomial fields as see next all foundation for polynomial fields as see next
Modular Polynomial Modular Polynomial Arithmetic Arithmetic  can compute in field GF(2 can compute in field GF(2n n ) )  polynomials with coefficients modulo 2 polynomials with coefficients modulo 2  whose degree is less than n whose degree is less than n  hence must reduce modulo an irreducible poly hence must reduce modulo an irreducible poly of degree n (for multiplication only) of degree n (for multiplication only)  form a finite field form a finite field  can always find an inverse can always find an inverse  can extend Euclid’s Inverse algorithm to find can extend Euclid’s Inverse algorithm to find
Example GF(2 Example GF(23 3 ) )
Computational Computational Considerations Considerations  since coefficients are 0 or 1, can represent since coefficients are 0 or 1, can represent any such polynomial as a bit string any such polynomial as a bit string  addition becomes XOR of these bit strings addition becomes XOR of these bit strings  multiplication is shift & XOR multiplication is shift & XOR  cf long-hand multiplication cf long-hand multiplication  modulo reduction done by repeatedly modulo reduction done by repeatedly substituting highest power with remainder substituting highest power with remainder of irreducible poly (also shift & XOR) of irreducible poly (also shift & XOR)
Computational Example Computational Example  in in GF(2 GF(23 3 ) have ) have (x (x2 2 +1) is 101 +1) is 1012 2 & (x & (x2 2 +x+1) is 111 +x+1) is 1112 2  so addition is so addition is  (x (x2 2 +1) + (x +1) + (x2 2 +x+1) = x +x+1) = x  101 XOR 111 = 010 101 XOR 111 = 0102 2  and multiplication is and multiplication is  (x+1).(x (x+1).(x2 2 +1) = x.(x +1) = x.(x2 2 +1) + 1.(x +1) + 1.(x2 2 +1) +1) = x = x3 3 +x+x +x+x2 2 +1 = x +1 = x3 3 +x +x2 2 +x+1 +x+1  011.101 = (101)<<1 XOR (101)<<0 = 011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 101 = 1111 1010 XOR 101 = 11112 2  polynomial modulo reduction (get q(x) & r(x)) is polynomial modulo reduction (get q(x) & r(x)) is  (x (x3 3 +x +x2 2 +x+1 ) mod (x +x+1 ) mod (x3 3 +x+1) = 1.(x +x+1) = 1.(x3 3 +x+1) + (x +x+1) + (x2 2 ) = x ) = x2 2  1111 mod 1011 = 1111 XOR 1011 = 0100 1111 mod 1011 = 1111 XOR 1011 = 01002 2
Using a Generator Using a Generator  equivalent definition of a finite field equivalent definition of a finite field  a a generator generator g is an element whose g is an element whose powers generate all non-zero elements powers generate all non-zero elements  in F have 0, g in F have 0, g0 0 , g , g1 1 , …, g , …, gq-2 q-2  can create generator from can create generator from root root of the of the irreducible polynomial irreducible polynomial  then implement multiplication by adding then implement multiplication by adding exponents of generator exponents of generator
Summary Summary  have considered: have considered:  divisibility & GCD divisibility & GCD  modular arithmetic with integers modular arithmetic with integers  concept of groups, rings, fields concept of groups, rings, fields  Euclid’s algorithm for GCD & Inverse Euclid’s algorithm for GCD & Inverse  finite fields GF(p) finite fields GF(p)  polynomial arithmetic in general and in GF(2 polynomial arithmetic in general and in GF(2n n ) )

More Related Content

PPT
Cryptography and Network Security chapter 4.ppt
bythe9amit
 
PPT
CH04.ppt
byShahidMehmood285010
 
PPT
ch04 cryptography1cryptography1cryptography1
bykavyams22
 
PPT
new 2.ppt
byTapodhirAcharjee2
 
PPT
ch04_crypotography_william_stallings slides
bysurajpatil0480
 
PPT
2.ppt
byTapodhirAcharjee2
 
PPT
Ch04
byJoe Christensen
 
PPTX
AC-Unit1.pptx CRYPTOGRAPHIC NNNNFOR ALL
byprabujayant2022
 
Cryptography and Network Security chapter 4.ppt
bythe9amit
 
CH04.ppt
byShahidMehmood285010
 
ch04 cryptography1cryptography1cryptography1
bykavyams22
 
new 2.ppt
byTapodhirAcharjee2
 
ch04_crypotography_william_stallings slides
bysurajpatil0480
 
2.ppt
byTapodhirAcharjee2
 
Ch04
byJoe Christensen
 
AC-Unit1.pptx CRYPTOGRAPHIC NNNNFOR ALL
byprabujayant2022
 

Similar to cryptography for students and for learning

PPTX
Lecture 11,12,13- Number Theory (1).pptx
by953623104012
 
DOCX
Cryptography and Network Security Principles and Practice.docx
byAbhinav816839
 
PPTX
Modular arithmetic
byJanani S
 
PPTX
ch wi ring field modular arithmatic.pptx
byseemamehlalockdown
 
PPT
ch04 cryptography and network security.ppt
byubaidullah75790
 
PDF
Finite fields
byBhumikaPal1
 
PPTX
Lecture 02-Modular Arithmeticfor rsa.pptx
byssuser6c0026
 
PPTX
Mathematics of Cryptography information.
bybadboiOP
 
PPT
Number theory
bydhivyakesavan3
 
PPTX
Mathematics required for Cryptography1.pptx
bysurajkumarsingh06092
 
PPT
Ini adalah ppt yang sangat baik untuk memahami tb
bySiswadiSiswadi7
 
PPT
Chap4
bynathanurag
 
PPTX
Part 1 Mathematical Backgroud mathsbd-1.pptx
bywdwd10
 
PPTX
It is about the number theory concept and integers
bykavyanallana1508
 
PPT
mathematics of cryptography chapter-02.ppt
bySalahuddinSwati
 
PPTX
Introduction-to-Number-Theory 23021519-002.pptx
byminahilzahrachatha
 
PDF
Ch4.pdf
bySnehSinha6
 
PPT
Information Security PowerPoint chapter-02.ppt
bymunashemuchinako1
 
PPTX
UNIT III.pptx
byUmeshReddy49
 
PPT
What is life? We never know the answer exactly
byademustafa3
 
Lecture 11,12,13- Number Theory (1).pptx
by953623104012
 
Cryptography and Network Security Principles and Practice.docx
byAbhinav816839
 
Modular arithmetic
byJanani S
 
ch wi ring field modular arithmatic.pptx
byseemamehlalockdown
 
ch04 cryptography and network security.ppt
byubaidullah75790
 
Finite fields
byBhumikaPal1
 
Lecture 02-Modular Arithmeticfor rsa.pptx
byssuser6c0026
 
Mathematics of Cryptography information.
bybadboiOP
 
Number theory
bydhivyakesavan3
 
Mathematics required for Cryptography1.pptx
bysurajkumarsingh06092
 
Ini adalah ppt yang sangat baik untuk memahami tb
bySiswadiSiswadi7
 
Chap4
bynathanurag
 
Part 1 Mathematical Backgroud mathsbd-1.pptx
bywdwd10
 
It is about the number theory concept and integers
bykavyanallana1508
 
mathematics of cryptography chapter-02.ppt
bySalahuddinSwati
 
Introduction-to-Number-Theory 23021519-002.pptx
byminahilzahrachatha
 
Ch4.pdf
bySnehSinha6
 
Information Security PowerPoint chapter-02.ppt
bymunashemuchinako1
 
UNIT III.pptx
byUmeshReddy49
 
What is life? We never know the answer exactly
byademustafa3
 

Recently uploaded

PDF
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
PPTX
GROWTH & DEVELOPMET MILESTONES (TODDLER).pptx
byAneetaSharma15
 
PPTX
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PPTX
Brahma_Muhurta_Presentation Ayurvedic Perspective
bySudha Sumathy
 
PDF
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
PPTX
ORAL & SUBLINGUAL ROUTE OF DRUGS ADMINISTRATION.pptx
byAneetaSharma15
 
PPTX
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
PPTX
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
PPTX
GROWTH & DEVELOPMENT MILESTONES (INFANTS).pptx
byAneetaSharma15
 
PPTX
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
PPTX
Unit 3: Gender Issues and Provisions F.Y.BEd Course
byRejoshaRajendran
 
PDF
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PPTX
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
PPTX
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
PDF
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
PPTX
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
PPTX
Multiple Correlation - Introduction, Meaning, Examples, Options, Formulas and...
bySundar B N
 
PPTX
Coefficient of Multiple Correlation - R₁.₂₃, R₂.₁₃ & R₃.₁₂
bySundar B N
 
International Men's Day Event: Breaking the Silence: Embracing Vulnerability ...
byAssociation for Project Management
 
GROWTH & DEVELOPMET MILESTONES (TODDLER).pptx
byAneetaSharma15
 
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
Brahma_Muhurta_Presentation Ayurvedic Perspective
bySudha Sumathy
 
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
ORAL & SUBLINGUAL ROUTE OF DRUGS ADMINISTRATION.pptx
byAneetaSharma15
 
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
GROWTH & DEVELOPMENT MILESTONES (INFANTS).pptx
byAneetaSharma15
 
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
Unit 3: Gender Issues and Provisions F.Y.BEd Course
byRejoshaRajendran
 
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
Multiple Correlation - Introduction, Meaning, Examples, Options, Formulas and...
bySundar B N
 
Coefficient of Multiple Correlation - R₁.₂₃, R₂.₁₃ & R₃.₁₂
bySundar B N
 

cryptography for students and for learning

  • 1.
    Cryptography and Cryptography and NetworkSecurity Network Security Chapter 4 Chapter 4 Fifth Edition Fifth Edition by William Stallings by William Stallings Lecture slides by Lawrie Brown Lecture slides by Lawrie Brown
  • 2.
    Chapter 4 –Basic Concepts in Chapter 4 – Basic Concepts in Number Theory and Finite Number Theory and Finite Fields Fields The next morning at daybreak, Star flew indoors, seemingly keen for The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing pursued the science of numbers with keen interest and astonishing intelligence. intelligence. — — Living with Birds Living with Birds, Len Howard , Len Howard
  • 3.
    Introduction Introduction  will nowintroduce finite fields will now introduce finite fields  of increasing importance in cryptography of increasing importance in cryptography  AES, Elliptic Curve, IDEA, Public Key AES, Elliptic Curve, IDEA, Public Key  also important in many other areas of also important in many other areas of computer engineering computer engineering  error detection, error correction, matching, ... error detection, error correction, matching, ...  concern operations on “numbers” concern operations on “numbers”  where what constitutes a “number” and the where what constitutes a “number” and the type of operations varies considerably type of operations varies considerably  start with basic number theory concepts start with basic number theory concepts
  • 4.
    Divisors Divisors  say anon-zero number say a non-zero number b b divides divides a a if for if for some some m m have have a=mb a=mb ( (a,b,m a,b,m all integers) all integers)  that is that is b b divides into divides into a a with no remainder with no remainder  denote this as denote this as b|a b|a (“b divides a”) (“b divides a”)  and say that and say that b b is a is a divisor divisor of of a a  eg. all of 1,2,3,4,6,8,12,24 divide 24 eg. all of 1,2,3,4,6,8,12,24 divide 24  eg. eg. 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0
  • 5.
    Properties of Divisibility Propertiesof Divisibility  If If a|1, then a = ±1. a|1, then a = ±1.  If a|b and b|a, then a = ±b. If a|b and b|a, then a = ±b.  Any b /= 0 divides 0. Any b /= 0 divides 0.  If a | b and b | c, then a | c If a | b and b | c, then a | c  e.g. e.g. 11 | 66 and 66 | 198 so 11 | 198 11 | 66 and 66 | 198 so 11 | 198  If If b|g and b|h, then b|(mg + nh) b|g and b|h, then b|(mg + nh) linear combinations for arbitrary integers m and n linear combinations for arbitrary integers m and n e.g. b = 7; g = 14; h = 63; m = 3; n = 2 e.g. b = 7; g = 14; h = 63; m = 3; n = 2 7|14 and 7|63 hence 7 | 168 (= 42 + 126) 7|14 and 7|63 hence 7 | 168 (= 42 + 126)
  • 6.
    Division Algorithm Division Algorithm if we divide a by n we get integer quotient if we divide a by n we get integer quotient q q and integer remainder and integer remainder r r such that: such that:  a = qn + r a = qn + r where where 0 <= r < n; q = floor(a/n) 0 <= r < n; q = floor(a/n)  remainder remainder r r often referred to as a often referred to as a residue residue
  • 7.
    Greatest Common Divisor(GCD) Greatest Common Divisor (GCD)  a common problem in number theory a common problem in number theory  GCD (a,b) of a and b is the largest integer GCD (a,b) of a and b is the largest integer that divides evenly into both a and b that divides evenly into both a and b  e.g. GCD(60,24) = 12 e.g. GCD(60,24) = 12  define gcd(0, 0) = 0 define gcd(0, 0) = 0  often want often want no common factors no common factors (except 1) (except 1) define such numbers as define such numbers as relatively prime relatively prime  e.g. GCD(8,15) = 1 e.g. GCD(8,15) = 1  hence 8 & 15 are relatively prime hence 8 & 15 are relatively prime
  • 8.
    Example GCD(1970,1066) Example GCD(1970,1066) 1970= 1 x 1066 + 904 1970 = 1 x 1066 + 904 gcd(1066, 904) gcd(1066, 904) 1066 = 1 x 904 + 162 1066 = 1 x 904 + 162 gcd(904, 162) gcd(904, 162) 904 = 5 x 162 + 94 904 = 5 x 162 + 94 gcd(162, 94) gcd(162, 94) 162 = 1 x 94 + 68 162 = 1 x 94 + 68 gcd(94, 68) gcd(94, 68) 94 = 1 x 68 + 26 94 = 1 x 68 + 26 gcd(68, 26) gcd(68, 26) 68 = 2 x 26 + 16 68 = 2 x 26 + 16 gcd(26, 16) gcd(26, 16) 26 = 1 x 16 + 10 26 = 1 x 16 + 10 gcd(16, 10) gcd(16, 10) 16 = 1 x 10 + 6 16 = 1 x 10 + 6 gcd(10, 6) gcd(10, 6) 10 = 1 x 6 + 4 10 = 1 x 6 + 4 gcd(6, 4) gcd(6, 4) 6 = 1 x 4 + 2 6 = 1 x 4 + 2 gcd(4, 2) gcd(4, 2) 4 = 2 x 2 + 0 4 = 2 x 2 + 0 gcd(2, 0) gcd(2, 0)
  • 9.
    GCD(1160718174, 316258250) GCD(1160718174, 316258250) Dividend DividendDivisor Divisor Quotient Quotient Remainder Remainder a = 1160718174 a = 1160718174 b = 316258250 b = 316258250 q1 = 3 q1 = 3 r1 = 211943424 r1 = 211943424 b = 316258250 b = 316258250 r1 = 211943424 r1 = 211943424 q2 = 1 q2 = 1 r2 = 104314826 r2 = 104314826 r1 = 211943424 r1 = 211943424 r2 = 104314826 r2 = 104314826 q3 = 2 q3 = 2 r3 = 3313772 r3 = 3313772 r2 = 104314826 r2 = 104314826 r3 = 3313772 r3 = 3313772 q4 = 31 q4 = 31 r4 = 1587894 r4 = 1587894 r3 = 3313772 r3 = 3313772 r4 = 1587894 r4 = 1587894 q5 = 2 q5 = 2 r5 = 137984 r5 = 137984 r4 = 1587894 r4 = 1587894 r5 = 137984 r5 = 137984 q6 = 11 q6 = 11 r6 = 70070 r6 = 70070 r5 = 137984 r5 = 137984 r6 = 70070 r6 = 70070 q7 = 1 q7 = 1 r7 = 67914 r7 = 67914 r6 = 70070 r6 = 70070 r7 = 67914 r7 = 67914 q8 = 1 q8 = 1 r8 = 2156 r8 = 2156 r7 = 67914 r7 = 67914 r8 = 2156 r8 = 2156 q9 = 31 q9 = 31 r9 = 1078 r9 = 1078 r8 = 2156 r8 = 2156 r9 = 1078 r9 = 1078 q10 = 2 q10 = 2 r10 = 0 r10 = 0
  • 10.
    Modular Arithmetic Modular Arithmetic define define modulo operator modulo operator “ “a mod n” a mod n” to be to be remainder when a is divided by n remainder when a is divided by n  where integer where integer n n is called the is called the modulus modulus  b b is called a is called a residue residue of of a a mod mod n n  since with integers can always write: since with integers can always write: a = qn + b a = qn + b  usually chose smallest positive remainder as residue usually chose smallest positive remainder as residue • ie. ie. 0 <= b <= n-1 0 <= b <= n-1  process is known as process is known as modulo reduction modulo reduction • eg. -12 mod 7 eg. -12 mod 7 = = -5 mod 7 -5 mod 7 = = 2 mod 7 2 mod 7 = = 9 mod 7 9 mod 7  a a & & b b are are congruent congruent if: if: a mod n = b mod n a mod n = b mod n  when divided by when divided by n, n, a & b have same remainder a & b have same remainder  eg. 100 mod 11 = 34 mod 11 eg. 100 mod 11 = 34 mod 11 so 100 is congruent to 34 mod 11 so 100 is congruent to 34 mod 11
  • 11.
    Modular Arithmetic Operations ModularArithmetic Operations  can perform arithmetic with residues can perform arithmetic with residues  uses a finite number of values, and loops uses a finite number of values, and loops back from either end back from either end Z Zn n = {0, 1, . . . , ( = {0, 1, . . . , (n – 1)} n – 1)}  modular arithmetic is when do addition & modular arithmetic is when do addition & multiplication and modulo reduce answer multiplication and modulo reduce answer  can do reduction at any point, i.e. can do reduction at any point, i.e. a+b mod n = [a mod n + b mod n] mod n a+b mod n = [a mod n + b mod n] mod n
  • 12.
    Modular Arithmetic Operations ModularArithmetic Operations 1. 1. [(a mod n) + (b mod n)] mod n [(a mod n) + (b mod n)] mod n = (a + b) mod n = (a + b) mod n 2. 2. [(a mod n) – (b mod n)] mod n [(a mod n) – (b mod n)] mod n = (a – b) mod n = (a – b) mod n 3. 3. [(a mod n) x (b mod n)] mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n = (a x b) mod n e.g. e.g. [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
  • 13.
    Modulo 8 AdditionExample Modulo 8 Addition Example + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5 7 7 0 1 2 3 4 5 6
  • 14.
    Modulo 8 Multiplication Modulo8 Multiplication + 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 6 0 2 4 6 3 0 3 6 1 4 7 2 5 4 0 4 0 4 0 4 0 4 5 0 5 2 7 4 1 6 3 6 0 6 4 2 0 6 4 2 7 0 7 6 5 4 3 2 1
  • 15.
  • 16.
    Euclidean Algorithm Euclidean Algorithm an efficient way to find the GCD(a,b) an efficient way to find the GCD(a,b)  uses theorem that: uses theorem that:  GCD(a,b) = GCD(b, a mod b) GCD(a,b) = GCD(b, a mod b)  Euclidean Algorithm to compute GCD(a,b) is: Euclidean Algorithm to compute GCD(a,b) is: Euclid(a,b) Euclid(a,b) if (b=0) then return a; if (b=0) then return a; else return Euclid(b, a mod b); else return Euclid(b, a mod b);
  • 17.
    Extended Euclidean Algorithm ExtendedEuclidean Algorithm  calculates not only GCD but x & y: calculates not only GCD but x & y: ax + by = d = gcd(a, b) ax + by = d = gcd(a, b)  useful for later crypto computations useful for later crypto computations  follow sequence of divisions for GCD but follow sequence of divisions for GCD but assume at each step i, can find x &y: assume at each step i, can find x &y: r = ax + by r = ax + by  at end find GCD value and also x & y at end find GCD value and also x & y  if GCD(a,b)=1 these values are inverses if GCD(a,b)=1 these values are inverses
  • 18.
    Finding Inverses Finding Inverses EXTENDEDEUCLID( EXTENDED EUCLID(m m, , b b) ) 1. 1. (A1, A2, A3)=(1, 0, (A1, A2, A3)=(1, 0, m m); ); (B1, B2, B3)=(0, 1, (B1, B2, B3)=(0, 1, b b) ) 2. if 2. if B3 = 0 B3 = 0 return return A3 = gcd( A3 = gcd(m m, , b b); no inverse ); no inverse 3. if 3. if B3 = 1 B3 = 1 return return B3 = gcd( B3 = gcd(m m, , b b); B2 = ); B2 = b b–1 –1 mod mod m m 4. 4. Q = A3 div B3 Q = A3 div B3 5. 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. 6. (A1, A2, A3)=(B1, B2, B3) (A1, A2, A3)=(B1, B2, B3) 7. 7. (B1, B2, B3)=(T1, T2, T3) (B1, B2, B3)=(T1, T2, T3) 8. goto 8. goto 2 2
  • 19.
    Inverse of 550in GF(1759) Inverse of 550 in GF(1759) Q A1 A2 A3 B1 B2 B3 — 1 0 1759 0 1 550 3 0 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1 -111(1759) + 355(550) = 1
  • 20.
    Group Group  a setS of elements or “numbers” a set S of elements or “numbers”  may be finite or infinite may be finite or infinite  with some operation ‘.’ so G=(S,.) with some operation ‘.’ so G=(S,.)  Obeys CAIN: Obeys CAIN:  Closure: Closure: a,b a,b in S, then in S, then a.b a.b in S in S  Associative law: Associative law: (a.b).c = a.(b.c) (a.b).c = a.(b.c)  has Identity has Identity e e: : e.a = a.e = a e.a = a.e = a  has iNverses has iNverses a a-1 -1 : :a.a a.a-1 -1 = e = e  if commutative if commutative a.b = b.a a.b = b.a  then forms an then forms an Abelian group Abelian group
  • 21.
    Cyclic Group Cyclic Group define define exponentiation exponentiation as repeated as repeated application of operator application of operator  example: example: a a3 3 = a.a.a = a.a.a  and let identity be: and let identity be: e= e=a a0 0  a group is cyclic if every element is a a group is cyclic if every element is a power of some fixed element power of some fixed element a a  i.e., i.e., b = b = a ak k for some for some a a and every and every b b in group in group  a a is said to be a generator of the group is said to be a generator of the group
  • 22.
    Ring Ring  a setof “numbers” a set of “numbers”  with two operations (addition and multiplication) with two operations (addition and multiplication) which form: which form:  an Abelian group with addition operation an Abelian group with addition operation  and multiplication: and multiplication:  has closure has closure  is associative is associative  distributive over addition: distributive over addition: a(b+c) = ab + ac a(b+c) = ab + ac  if multiplication operation is commutative, it if multiplication operation is commutative, it forms a forms a commutative ring commutative ring  if if multiplication operation has an identity and no multiplication operation has an identity and no zero divisors, it forms an zero divisors, it forms an integral domain integral domain
  • 23.
    Field Field  a setof numbers a set of numbers  with two operations which form: with two operations which form:  Abelian group for addition Abelian group for addition  Abelian group for multiplication (ignoring 0) Abelian group for multiplication (ignoring 0)  ring ring  have hierarchy with more axioms/laws have hierarchy with more axioms/laws  group -> ring -> field group -> ring -> field
  • 24.
  • 25.
    Finite (Galois) Fields Finite(Galois) Fields  finite fields play a key role in cryptography finite fields play a key role in cryptography  can show number of elements in a finite can show number of elements in a finite field field must must be a power of a prime p be a power of a prime pn n  known as Galois fields known as Galois fields  denoted GF(p denoted GF(pn n ) )  in particular often use the fields: in particular often use the fields:  GF(p) GF(p)  GF(2 GF(2n n ) )
  • 26.
    Galois Fields GF(p) GaloisFields GF(p)  GF(p) is the set of integers {0,1, … , p-1} GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p with arithmetic operations modulo prime p  these form a finite field these form a finite field  since have multiplicative inverses since have multiplicative inverses  find inverse with Extended Euclidean algorithm find inverse with Extended Euclidean algorithm  hence arithmetic is “well-behaved” and can hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and do addition, subtraction, multiplication, and division without leaving the field GF(p) division without leaving the field GF(p)
  • 27.
    GF(7) Multiplication Example GF(7)Multiplication Example  0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1
  • 28.
    Polynomial Arithmetic Polynomial Arithmetic can compute using polynomials can compute using polynomials f f( (x x) = a ) = an nx xn n + a + an-1 n-1x xn-1 n-1 + … + a + … + a1 1x + x + a a0 0 = ∑ a = ∑ ai ix xi i • n.b. not interested in any specific value of x n.b. not interested in any specific value of x • which is known as the indeterminate which is known as the indeterminate  several alternatives available several alternatives available  ordinary polynomial arithmetic ordinary polynomial arithmetic  poly arithmetic with coefs mod p poly arithmetic with coefs mod p  poly arithmetic with coefs mod p and poly arithmetic with coefs mod p and polynomials mod m(x) polynomials mod m(x)
  • 29.
    Ordinary Polynomial Arithmetic OrdinaryPolynomial Arithmetic  add or subtract corresponding coefficients add or subtract corresponding coefficients  multiply all terms by each other multiply all terms by each other  eg eg let let f f( (x x) = ) = x x3 3 + + x x2 2 + 2 and + 2 and g g( (x x) = ) = x x2 2 – – x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3 3 + 2 + 2x x2 2 – – x x + 3 + 3 f f( (x x) – ) – g g( (x x) = ) = x x3 3 + + x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5 5 + 3 + 3x x2 2 – 2 – 2x x + 2 + 2
  • 30.
    Polynomial Arithmetic with PolynomialArithmetic with Modulo Coefficients Modulo Coefficients  when computing value of each coefficient when computing value of each coefficient do calculation modulo some value do calculation modulo some value  forms a polynomial ring forms a polynomial ring  could be modulo any prime could be modulo any prime  but we are most interested in mod 2 but we are most interested in mod 2  ie all coefficients are 0 or 1 ie all coefficients are 0 or 1  eg. let eg. let f f( (x x) = ) = x x3 3 + + x x2 2 and and g g( (x x) = ) = x x2 2 + + x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3 3 + + x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5 5 + + x x2 2
  • 31.
    Polynomial Division Polynomial Division can write any polynomial in the form: can write any polynomial in the form:  f f( (x x) = ) = q q( (x x) ) g g( (x x) + ) + r r( (x x) )  can interpret can interpret r r( (x x) ) as being a remainder as being a remainder  r r( (x x) = ) = f f( (x x) mod ) mod g g( (x x) )  if have no remainder say if have no remainder say g g( (x x) divides ) divides f f( (x x) )  if if g g( (x x) has no divisors other than itself & 1 ) has no divisors other than itself & 1 say it is say it is irreducible irreducible (or prime) polynomial (or prime) polynomial  arithmetic modulo an irreducible arithmetic modulo an irreducible polynomial forms a field polynomial forms a field
  • 32.
    Polynomial GCD Polynomial GCD can find greatest common divisor for polys can find greatest common divisor for polys  c(x) c(x) = GCD( = GCD(a(x), b(x) a(x), b(x)) if ) if c(x) c(x) is the poly of greatest is the poly of greatest degree which divides both degree which divides both a(x), b(x) a(x), b(x)  can adapt Euclid’s Algorithm to find it: can adapt Euclid’s Algorithm to find it: Euclid( Euclid(a a( (x x) ), b , b( (x x) )) ) if ( if (b b( (x x) )=0) then return =0) then return a a( (x x) ); ; else return else return Euclid( Euclid(b b( (x x) ), , a a( (x x) ) mod mod b b( (x x) )); );  all foundation for polynomial fields as see next all foundation for polynomial fields as see next
  • 33.
    Modular Polynomial Modular Polynomial Arithmetic Arithmetic can compute in field GF(2 can compute in field GF(2n n ) )  polynomials with coefficients modulo 2 polynomials with coefficients modulo 2  whose degree is less than n whose degree is less than n  hence must reduce modulo an irreducible poly hence must reduce modulo an irreducible poly of degree n (for multiplication only) of degree n (for multiplication only)  form a finite field form a finite field  can always find an inverse can always find an inverse  can extend Euclid’s Inverse algorithm to find can extend Euclid’s Inverse algorithm to find
  • 34.
  • 35.
    Computational Computational Considerations Considerations  since coefficientsare 0 or 1, can represent since coefficients are 0 or 1, can represent any such polynomial as a bit string any such polynomial as a bit string  addition becomes XOR of these bit strings addition becomes XOR of these bit strings  multiplication is shift & XOR multiplication is shift & XOR  cf long-hand multiplication cf long-hand multiplication  modulo reduction done by repeatedly modulo reduction done by repeatedly substituting highest power with remainder substituting highest power with remainder of irreducible poly (also shift & XOR) of irreducible poly (also shift & XOR)
  • 36.
    Computational Example Computational Example in in GF(2 GF(23 3 ) have ) have (x (x2 2 +1) is 101 +1) is 1012 2 & (x & (x2 2 +x+1) is 111 +x+1) is 1112 2  so addition is so addition is  (x (x2 2 +1) + (x +1) + (x2 2 +x+1) = x +x+1) = x  101 XOR 111 = 010 101 XOR 111 = 0102 2  and multiplication is and multiplication is  (x+1).(x (x+1).(x2 2 +1) = x.(x +1) = x.(x2 2 +1) + 1.(x +1) + 1.(x2 2 +1) +1) = x = x3 3 +x+x +x+x2 2 +1 = x +1 = x3 3 +x +x2 2 +x+1 +x+1  011.101 = (101)<<1 XOR (101)<<0 = 011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 101 = 1111 1010 XOR 101 = 11112 2  polynomial modulo reduction (get q(x) & r(x)) is polynomial modulo reduction (get q(x) & r(x)) is  (x (x3 3 +x +x2 2 +x+1 ) mod (x +x+1 ) mod (x3 3 +x+1) = 1.(x +x+1) = 1.(x3 3 +x+1) + (x +x+1) + (x2 2 ) = x ) = x2 2  1111 mod 1011 = 1111 XOR 1011 = 0100 1111 mod 1011 = 1111 XOR 1011 = 01002 2
  • 37.
    Using a Generator Usinga Generator  equivalent definition of a finite field equivalent definition of a finite field  a a generator generator g is an element whose g is an element whose powers generate all non-zero elements powers generate all non-zero elements  in F have 0, g in F have 0, g0 0 , g , g1 1 , …, g , …, gq-2 q-2  can create generator from can create generator from root root of the of the irreducible polynomial irreducible polynomial  then implement multiplication by adding then implement multiplication by adding exponents of generator exponents of generator
  • 38.
    Summary Summary  have considered: haveconsidered:  divisibility & GCD divisibility & GCD  modular arithmetic with integers modular arithmetic with integers  concept of groups, rings, fields concept of groups, rings, fields  Euclid’s algorithm for GCD & Inverse Euclid’s algorithm for GCD & Inverse  finite fields GF(p) finite fields GF(p)  polynomial arithmetic in general and in GF(2 polynomial arithmetic in general and in GF(2n n ) )

Editor's Notes

  • #1 Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter Chapter 4 – “Basic Concepts in Number Theory and Finite Fields”.
  • #2 Intro quote.
  • #3 Finite fields have become increasingly important in cryptography. A number of cryptographic algorithms rely heavily on properties of finite fields, notably the Advanced Encryption Standard (AES) and elliptic curve cryptography. The main purpose of this chapter is to provide the reader with sufficient background on the concepts of finite fields to be able to understand the design of AES and other cryptographic algorithms that use finite fields. We begin, in the first three sections, with some basic concepts from number theory that are needed in the remainder of the chapter; these include divisibility, the Euclidian algorithm, and modular arithmetic.
  • #4 Define concept of “divisors”. We say that a nonzero b divides a if a=m.b for some m, where a, b, and m are integers. That is, b divides a if there is no remainder on division. Can denote this as b|a, and say that b is a divisor of a. For example, the positive divisors of 24 are 1,2,3,4,6,8,12, and 24. And have 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0.
  • #5 Subsequently, we will need some simple properties of divisibility for integers, which are as follows: • If a|1, then a = ±1. • If a|b and b|a, then a = ±b. • Any b ! 0 divides 0. • If a | b and b | c, then a | c • If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n. e.g. b = 7; g = 14; h = 63; m = 3; n = 2. 7|14 and 7|63. To show: 7|(3 x 14 + 2 x 63) We have (3 x 14 + 2 x 63) = 7(3 x 2 + 2 x 9) And it is obvious that 7|(7(3 x 2 + 2 x 9))
  • #6 Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer quotient q and an integer remainder r that obey the following relationship: a = qn + r, where 0 <= r < n; q = floor(a/n) which is referred to as the division algorithm. The remainder r is often referred to as a residue. Figure 4.1a demonstrates that, given a and positive n, it is always possible to find q and r that satisfy the preceding relationship. Represent the integers on the number line; a will fall somewhere on that line (positive a is shown, a similar demonstration can be made for negative a). Starting at 0, proceed to n, 2n, up to qn such that qn <= a and (q + 1)n > a. The distance from qn to a is r, and we have found the unique values of q and r. For example: a = 11; n = 7; 11 = 1 x 7 + 4; r = 4 q = 1 a = –11; n = 7; –11 = (–2) x 7 + 3; r = 3 q = –2 Figure 4.1b provides another example.
  • #7 One of the basic techniques of number theory is the Euclidean algorithm, which is a simple procedure for determining the greatest common divisor of two positive integers. Use the notation gcd(a,b) to mean the greatest common divisor of a and b. The positive integer c is said to be the greatest common divisor of a and b if c is a divisor of a and of b; and any divisor of a and b is a divisor of c. We also define gcd(0, 0) = 0. State that two integers a and b are relatively prime if their only common positive integer factor is 1, ie GCD(a,b)=1.
  • #8 Illustrate how we can compute successive instances of GCD(a,b) = GCD(b,a mod b). Note this MUST always terminate since will eventually get a mod b = 0 (ie no remainder left). Answer is then the last non-zero value. In this case GCD(1970,1066)=2.
  • #9 This example shows hpw to find d = gcd(a, b) = gcd(1160718174, 316258250), shown in tabular form. In this example, we begin by dividing 1160718174 by 316258250, which gives 3 with a remainder of 211943424. Next we take 316258250 and divide it by 211943424. The process continues until we get a remainder of 0, yielding a result of 1078 2156, not 2516
  • #10 Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer quotient q and an integer remainder r. In modular arithmetic we are only interested in the remainder (or residue) after division by some modulus, and results with the same remainder are regarded as equivalent. Two integers a and b are said to be congruent modulo n, if (a mod n) =(b mod n).
  • #11 Note that the (mod n) operator maps all integers into the set of integers {0, 1, . . . (n – 1)}, denoted Zn. This is referred to as the set of residues, or residue classes (mod n). We can perform arithmetic operations within the confines of this set, and this technique is known as modular arithmetic. Finding the smallest nonnegative integer to which k is congruent modulo n is called reducing k modulo n. Then note some important properties of modular arithmetic which mean you can modulo reduce at any point and obtain an equivalent answer.
  • #12 Modular arithmetic exhibits the properties shown, see text for details & proofs. Here are examples of the three properties: Given 11 mod 8 = 3; 15 mod 8 = 7 [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
  • #13 Example showing addition in GF(8), from Stallings Table 4.2a. Table 4.2 provides an illustration of modular addition and multiplication modulo 8. Looking at addition, the results are straightforward and there is a regular pattern to the matrix. Both matrices are symmetric about the main diagonal, in conformance to the commutative property of addition and multiplication. As in ordinary addition, there is an additive inverse, or negative, to each integer in modular arithmetic. In this case, the negative of an integer x is the integer y such that (x + y) mod 8 = 0. To find the additive inverse of an integer in the left-hand column, scan across the corresponding row of the matrix to find the value 0; the integer at the top of that column is the additive inverse; thus (2 + 6) mod 8 = 0.
  • #14 Continuing the example showing multiplication in GF(8), from Stallings Table 4.2b. Both matrices are symmetric about the main diagonal, in conformance to the commutative property of addition and multiplication. Similarly, the entries in the multiplication table are straightforward. In ordinary arithmetic, there is a multiplicative inverse, or reciprocal, to each integer. In modular arithmetic mod 8, the multiplicative inverse of x is the integer y such that (x x y) mod 8 = 1 mod 8. Now, to find the multiplicative inverse of an integer from the multiplication table, scan across the matrix in the row for that integer to find the value 1; the integer at the top of that column is the multiplicative inverse; thus (3 x 3) mod 8 = 1. Note that not all integers mod 8 have a multiplicative inverse; more about that later.
  • #15 If we perform modular arithmetic within Zn, the properties shown in Table 4.3 hold for integers in Zn We show in the next section that this implies that Zn is a commutative ring with a multiplicative identity element. Note that unlike ordinary arithmetic, the following statement is true only with the attached condition: if (a x b) = (a x c) (mod n) then b = c (mod n) if a is relatively prime to n In general, an integer has a multiplicative inverse in Zn if that integer is relatively prime to n. Table 4.2 cin the text shows that the integers 1, 3, 5, and 7 have a multiplicative inverse in Z 8, but 2, 4, and 6 do not.
  • #16 We now describe an algorithm credited to Euclid for easily finding the greatest common divisor of two integers. This algorithm has significance subsequently in this chapter. The Euclidean algorithm is an efficient way to find the GCD(a,b), and is derived from the observation that if a & b have a common factor d (ie. a=m.d & b=n.d) then d is also a factor in any difference between them, vis: a-p.b = (m.d)-p.(n.d) = d.(m-p.n). See text for more detailed proof. Euclid's Algorithm keeps computing successive differences until it vanishes, at which point the greatest common divisor has been reached. Some pseudo-code from the text for this algorithm is shown.
  • #17 We now proceed to look at an extension to the Euclidean algorithm that will be important for later computations in the area of finite fields and in encryption algorithms such as RSA. For given integers a and b, the extended Euclidean algorithm not only calculate the greatest common divisor d but also two additional integers x and y that satisfy the following equation: ax + by = d = gcd(a, b). It should be clear that x and y will have opposite signs. Can extend the Euclidean algorithm to determine x, y, d, given a and b. We again go through the sequence of divisions indicated in Equation Set (4.3) and we assume that at each step i, we can find integers x and y that satisfy r = ax + by. In each row, we calculate a new remainder r , based on the remainders of the previous two rows. We know from the original Euclidean algorithm that the process ends with a remainder of zero and that the greatest common divisor of a and b is d = gcd(a, b) = r n. But we also have determined that d = r n = axn + byn.
  • #18 An important problem is to find multiplicative inverses in such finite fields. Can show that such inverses always exist, & can extend the Euclidean algorithm to find them as shown. See text for discussion as to why this works.
  • #19 Example showing how to find the inverse of 550 in GF(1759), adapted from Stallings Table 4.4. In this example, let us use a = 1759 and b = 550 and solve for 1759x + 550y = gcd(1759, 550). The results are shown in Table 4.4. Thus, we have 1759 x (–111) + 550 x 355 = –195249 + 195250 = 1.
  • #20 Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; that is, we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set. These operations are subject to specific rules, which define the nature of the set. By convention, the notation for the two principal classes of operations on set elements is usually the same as the notation for addition and multiplication on ordinary numbers. However, it is important to note that, in abstract algebra, we are not limited to ordinary arithmetical operations. A group G, sometimes denoted by {G, • }, is a set of elements with a binary operation, denoted by •, that associates to each ordered pair (a, b) of elements in G an element (a • b) in G, such that the following axioms are obeyed: Closure, Associative, Identity element, Inverse element. Note - we have used . as operator: could be addition +, multiplication x or any other mathematical operator. A group can have a finite (fixed) number of elements, or it may be infinite. Note that integers (+ve, -ve and 0) using addition form an infinite abelian group. So do real numbers using multiplication.
  • #21 NOTE: -3 should be 3 Define exponentiation in a group as the repeated use of the group operator. Note that we are most familiar with it being applied to multiplication, but it is more general than that. If the repeated use of the operator on some value a in the group results in every possible value being created, then the group is said to be cyclic, and a is a generator of (or generates) the group G.
  • #22 Next describe a ring. In essence, a ring is a set in which we can do addition, subtraction [a – b = a + (–b)], and multiplication without leaving the set, and which obeys the associative and distributive laws. We denote a Ring as {R,+,.} With respect to addition and multiplication, the set of all n-square matrices over the real numbers form a ring. The set of integers with addition & multiplication form an integral domain.
  • #23 Lastly define a field. In essence, a field is a set in which we can do addition, subtraction, multiplication, and division without leaving the set. Division is defined with the following rule: a/b = a (b–1). We denote a Field as {F,+,.} Examples of fields are: rational numbers, real numbers, complex numbers. Note that integers are NOT a field since there are no multiplicative inverses (except for 1).
  • #24 These are terms we use for different sorts of "number systems", ones obeying different sets of laws. From group to ring to field we get more and more laws being obeyed, as shown here in Stallings Figure 4.2. As a memory aid, can use the acronym for groups: CAIN (Closure Associative Identity iNverse) & ABEL. Mostly we need to compute with Rings, if not Fields. When we do arithmetic modulo a prime, we have a field.
  • #25 Infinite fields are not of particular interest in the context of cryptography. However, finite fields play a crucial role in many cryptographic algorithms. It can be shown that the order of a finite field (number of elements in the field) must be a positive power of a prime, & these are known as Galois fields, in honor of the mathematician who first studied finite fields, & are denoted GF(p^n). We are most interested in the cases where either n=1 - GF(p), or p=2 - GF(2^n).
  • #26 Start by considering GF(p) over the set of integers {0…p-1} with addition & multiplication modulo p. This forms a “well-behaved” finite field. Can find an inverse using the Extended Euclidean algorithm.
  • #27 Table 4.5 shows arithmetic operations in GF(7). This is a field of order 7 using modular arithmetic modulo 7. As can be seen, it satisfies all of the properties required of a field (Figure 4.2). Compare this table with Table 4.2. In the latter case, we see that using modular arithmetic modulo 8, is not a field.
  • #28 Next introduce the interesting subject of polynomial arithmetic, using polynomials in a single variable x, with several variants as listed above. Note we are usually not interested in evaluating a polynomial for any particular value of x, which is thus referred to as the indeterminate.
  • #29 Polynomial arithmetic includes the operations of addition, subtraction, and multiplication, defined in the usual way, ie add or subtract corresponding coefficients, or multiply all terms by each other. The examples are from the text.
  • #30 Consider variant where now when computing value of each coefficient do the calculation modulo some value, usually a prime. If the coefficients are computed in a field (eg GF(p)), then division on the polynomials is possible, and we have a polynomial ring. Are most interested in using GF(2) - ie all coefficients are 0 or 1, and any addition/subtraction of coefficients is done mod 2 (ie 2x is the same as 0x!), which is just the common XOR function.
  • #31 Note that we can write any polynomial in the form of f(x) = q(x) g(x) + r(x), where division of f(x) by g(x) results in a quotient q(x) and remainder r(x). Can then extend the concept of divisors from the integer case, and show that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials whose coefficients are elements of a field. Define an irreducible (or prime) polynomial as one with no divisors other than itself & 1. If compute polynomial arithmetic modulo an irreducible polynomial, this forms a finite field, and the GCD & Inverse algorithms can be adapted for it.
  • #32 We can extend the analogy between polynomial arithmetic over a field and integer arithmetic by defining the greatest common divisor as shown. We began this section with a discussion of arithmetic with ordinary polynomials. Arithmetic operations are performed on polynomials (addition, subtraction, multiplication, division) using the ordinary rules of algebra. Polynomial division is not allowed unless the coefficients are elements of a field. Next, we discussed polynomial arithmetic in which the coefficients are elements of GF(p). In this case, polynomial addition, subtraction, multiplication, and division are allowed. However, division is not exact; that is, in general division results in a quotient and a remainder. Finally, we showed that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials whose coefficients are elements of a field. All of the material in this section provides a foundation for the following section, in which polynomials are used to define finite fields of order pn.
  • #33 Consider now the case of polynomial arithmetic with coordinates mod 2 and polynomials mod an irreducible polynomial m(x). That is Modular Polynomial Arithmetic uses the set S of all polynomials of degree n-1 or less over the field Zp. With the appropriate definition of arithmetic operations, each such set S is a finite field. The definition consists of the following elements: Arithmetic follows the ordinary rules of polynomial arithmetic using the basic rules of algebra, with the following two refinements. Arithmetic on the coefficients is performed modulo p. If multiplication results in a polynomial of degree greater than n-1, then the polynomial is reduced modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder. This forms a finite field. And just as the Euclidean algorithm can be adapted to find the greatest common divisor of two polynomials, the extended Euclidean algorithm can be adapted to find the multiplicative inverse of a polynomial.
  • #34 Example shows addition & multiplication in GF(23) modulo (x3+x+1), from Stallings Table 476.
  • #35 A key motivation for using polynomial arithmetic in GF(2n) is that the polynomials can be represented as a bit string, using all possible bit values, and the calculations only use simple common machine instructions - addition is just XOR, and multiplication is shifts & XOR’s. See text for additional discussion. The shortcut for polynomial reduction comes from the observation that if in GF(2n) then irreducible poly g(x) has highest term xn , and if compute xn mod g(x) answer is g(x)- xn
  • #36 Show here a few simple examples of addition, multiplication & modulo reduction in GF(23). Note the long form modulo reduction finds p(x)=q(x).m(x)+r(x) with r(x) being the desired remainder.
  • #37 There is an equivalent technique for defining a finite field of the form GF(2n) using the same irreducible polynomial, based on powers of a generator of the group, which gives a nice implementation of multiplication. The generator can be found from the root of the irreducible polynomial, as discussed in the text.
  • #38 Chapter 4 summary.