Download to read offline
![Modular Arithmetic Operations
can perform arithmetic with residues
uses a finite number of values, and loops
back from either end
Zn = {0, 1, . . . , (n – 1)}
modular arithmetic is when do addition &
multiplication and modulo reduce answer
can do reduction at any point, i.e.
a+b mod n = [a mod n + b mod n] mod n](https://image.slidesharecdn.com/modulararithmetic-251112063019-4ae248b2/75/Modular-arithmetic-for-cryptography-pptx-1-2048.jpg)
![Modular Arithmetic Operations
1. [(a mod n) + (b mod n)] mod n
= (a + b) mod n
2. [(a mod n) – (b mod n)] mod n
= (a – b) mod n
3. [(a mod n) x (b mod n)] mod n
= (a x b) mod n
e.g.
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5](https://image.slidesharecdn.com/modulararithmetic-251112063019-4ae248b2/75/Modular-arithmetic-for-cryptography-pptx-2-2048.jpg)
Modular arithmetic for cryptography.pptx
- 1. Modular Arithmetic Operations can perform arithmetic with residues uses a finite number of values, and loops back from either end Zn = {0, 1, . . . , (n – 1)} modular arithmetic is when do addition & multiplication and modulo reduce answer can do reduction at any point, i.e. a+b mod n = [a mod n + b mod n] mod n
- 2. Modular Arithmetic Operations 1.[(a mod n) + (b mod n)] mod n = (a + b) mod n 2. [(a mod n) – (b mod n)] mod n = (a – b) mod n 3. [(a mod n) x (b mod n)] mod n = (a x b) mod n e.g. [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
- 3. Modulo 8 AdditionExample + 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5 7 7 0 1 2 3 4 5 6
- 4. Modulo 8 Multiplication +0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 6 0 2 4 6 3 0 3 6 1 4 7 2 5 4 0 4 0 4 0 4 0 4 5 0 5 2 7 4 1 6 3 6 0 6 4 2 0 6 4 2 7 0 7 6 5 4 3 2 1
- 5.
- 6. Euclidean Algorithm anefficient way to find the GCD(a,b) uses theorem that: GCD(a,b) = GCD(b, a mod b) Euclidean Algorithm to compute GCD(a,b) is: Euclid(a,b) if (b=0) then return a; else return Euclid(b, a mod b);
- 7. Extended Euclidean Algorithm calculates not only GCD but x & y: ax + by = d = gcd(a, b) useful for later crypto computations follow sequence of divisions for GCD but assume at each step i, can find x &y: r = ax + by at end find GCD value and also x & y if GCD(a,b)=1 these values are inverses
- 8. Finding Inverses EXTENDED EUCLID(m,b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2
- 9. Inverse of 550in GF(1759) Q A1 A2 A3 B1 B2 B3 — 1 0 1759 0 1 550 3 0 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1 -111(1759) + 355(550) = 1
- 10. Group a setS of elements or “numbers” may be finite or infinite with some operation ‘.’ so G=(S,.) Obeys CAIN: Closure: a,b in S, then a.b in S Associative law: (a.b).c = a.(b.c) has Identity e: e.a = a.e = a has iNverses a-1 :a.a-1 = e if commutative a.b = b.a then forms an Abelian group
- 11. Cyclic Group defineexponentiation as repeated application of operator example: a3 = a.a.a and let identity be: e=a0 a group is cyclic if every element is a power of some fixed element a i.e., b = ak for some a and every b in group a is said to be a generator of the group
- 12. Ring a setof “numbers” with two operations (addition and multiplication) which form: an Abelian group with addition operation and multiplication: has closure is associative distributive over addition: a(b+c) = ab + ac if multiplication operation is commutative, it forms a commutative ring if multiplication operation has an identity and no zero divisors, it forms an integral domain
- 13. Field a setof numbers with two operations which form: Abelian group for addition Abelian group for multiplication (ignoring 0) ring have hierarchy with more axioms/laws group -> ring -> field
- 14.
- 15. Finite (Galois) Fields finite fields play a key role in cryptography can show number of elements in a finite field must be a power of a prime pn known as Galois fields denoted GF(pn ) in particular often use the fields: GF(p) GF(2n )
- 16. Galois Fields GF(p) GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p these form a finite field since have multiplicative inverses find inverse with Extended Euclidean algorithm hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)
- 17. GF(7) Multiplication Example 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1
- 18. Polynomial Arithmetic cancompute using polynomials f(x) = anxn + an-1xn-1 + … + a1x + a0 = ∑ aixi • n.b. not interested in any specific value of x • which is known as the indeterminate several alternatives available ordinary polynomial arithmetic poly arithmetic with coefs mod p poly arithmetic with coefs mod p and polynomials mod m(x)
- 19. Ordinary Polynomial Arithmetic add or subtract corresponding coefficients multiply all terms by each other eg let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1 f(x) + g(x) = x3 + 2x2 – x + 3 f(x) – g(x) = x3 + x + 1 f(x) x g(x) = x5 + 3x2 – 2x + 2
- 20. Polynomial Arithmetic with ModuloCoefficients when computing value of each coefficient do calculation modulo some value forms a polynomial ring could be modulo any prime but we are most interested in mod 2 ie all coefficients are 0 or 1 eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1 f(x) x g(x) = x5 + x2
- 21. Polynomial Division canwrite any polynomial in the form: f(x) = q(x) g(x) + r(x) can interpret r(x) as being a remainder r(x) = f(x) mod g(x) if have no remainder say g(x) divides f(x) if g(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial arithmetic modulo an irreducible polynomial forms a field
- 22. Polynomial GCD canfind greatest common divisor for polys c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree which divides both a(x), b(x) can adapt Euclid’s Algorithm to find it: Euclid(a(x), b(x)) if (b(x)=0) then return a(x); else return Euclid(b(x), a(x) mod b(x)); all foundation for polynomial fields as see next
- 23. Modular Polynomial Arithmetic cancompute in field GF(2n ) polynomials with coefficients modulo 2 whose degree is less than n hence must reduce modulo an irreducible poly of degree n (for multiplication only) form a finite field can always find an inverse can extend Euclid’s Inverse algorithm to find
Editor's Notes
- #1 Note that the (mod n) operator maps all integers into the set of integers {0, 1, . . . (n – 1)}, denoted Zn. This is referred to as the set of residues, or residue classes (mod n). We can perform arithmetic operations within the confines of this set, and this technique is known as modular arithmetic. Finding the smallest nonnegative integer to which k is congruent modulo n is called reducing k modulo n. Then note some important properties of modular arithmetic which mean you can modulo reduce at any point and obtain an equivalent answer.
- #2 Modular arithmetic exhibits the properties shown, see text for details & proofs. Here are examples of the three properties: Given 11 mod 8 = 3; 15 mod 8 = 7 [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2 [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
- #3 Example showing addition in GF(8), from Stallings Table 4.2a. Table 4.2 provides an illustration of modular addition and multiplication modulo 8. Looking at addition, the results are straightforward and there is a regular pattern to the matrix. Both matrices are symmetric about the main diagonal, in conformance to the commutative property of addition and multiplication. As in ordinary addition, there is an additive inverse, or negative, to each integer in modular arithmetic. In this case, the negative of an integer x is the integer y such that (x + y) mod 8 = 0. To find the additive inverse of an integer in the left-hand column, scan across the corresponding row of the matrix to find the value 0; the integer at the top of that column is the additive inverse; thus (2 + 6) mod 8 = 0.
- #4 Continuing the example showing multiplication in GF(8), from Stallings Table 4.2b. Both matrices are symmetric about the main diagonal, in conformance to the commutative property of addition and multiplication. Similarly, the entries in the multiplication table are straightforward. In ordinary arithmetic, there is a multiplicative inverse, or reciprocal, to each integer. In modular arithmetic mod 8, the multiplicative inverse of x is the integer y such that (x x y) mod 8 = 1 mod 8. Now, to find the multiplicative inverse of an integer from the multiplication table, scan across the matrix in the row for that integer to find the value 1; the integer at the top of that column is the multiplicative inverse; thus (3 x 3) mod 8 = 1. Note that not all integers mod 8 have a multiplicative inverse; more about that later.
- #5 If we perform modular arithmetic within Zn, the properties shown in Table 4.3 hold for integers in Zn We show in the next section that this implies that Zn is a commutative ring with a multiplicative identity element. Note that unlike ordinary arithmetic, the following statement is true only with the attached condition: if (a x b) = (a x c) (mod n) then b = c (mod n) if a is relatively prime to n In general, an integer has a multiplicative inverse in Zn if that integer is relatively prime to n. Table 4.2 cin the text shows that the integers 1, 3, 5, and 7 have a multiplicative inverse in Z 8, but 2, 4, and 6 do not.
- #6 We now describe an algorithm credited to Euclid for easily finding the greatest common divisor of two integers. This algorithm has significance subsequently in this chapter. The Euclidean algorithm is an efficient way to find the GCD(a,b), and is derived from the observation that if a & b have a common factor d (ie. a=m.d & b=n.d) then d is also a factor in any difference between them, vis: a-p.b = (m.d)-p.(n.d) = d.(m-p.n). See text for more detailed proof. Euclid's Algorithm keeps computing successive differences until it vanishes, at which point the greatest common divisor has been reached. Some pseudo-code from the text for this algorithm is shown.
- #7 We now proceed to look at an extension to the Euclidean algorithm that will be important for later computations in the area of finite fields and in encryption algorithms such as RSA. For given integers a and b, the extended Euclidean algorithm not only calculate the greatest common divisor d but also two additional integers x and y that satisfy the following equation: ax + by = d = gcd(a, b). It should be clear that x and y will have opposite signs. Can extend the Euclidean algorithm to determine x, y, d, given a and b. We again go through the sequence of divisions indicated in Equation Set (4.3) and we assume that at each step i, we can find integers x and y that satisfy r = ax + by. In each row, we calculate a new remainder r , based on the remainders of the previous two rows. We know from the original Euclidean algorithm that the process ends with a remainder of zero and that the greatest common divisor of a and b is d = gcd(a, b) = r n. But we also have determined that d = r n = axn + byn.
- #8 An important problem is to find multiplicative inverses in such finite fields. Can show that such inverses always exist, & can extend the Euclidean algorithm to find them as shown. See text for discussion as to why this works.
- #9 Example showing how to find the inverse of 550 in GF(1759), adapted from Stallings Table 4.4. In this example, let us use a = 1759 and b = 550 and solve for 1759x + 550y = gcd(1759, 550). The results are shown in Table 4.4. Thus, we have 1759 x (–111) + 550 x 355 = –195249 + 195250 = 1.
- #10 Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; that is, we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set. These operations are subject to specific rules, which define the nature of the set. By convention, the notation for the two principal classes of operations on set elements is usually the same as the notation for addition and multiplication on ordinary numbers. However, it is important to note that, in abstract algebra, we are not limited to ordinary arithmetical operations. A group G, sometimes denoted by {G, • }, is a set of elements with a binary operation, denoted by •, that associates to each ordered pair (a, b) of elements in G an element (a • b) in G, such that the following axioms are obeyed: Closure, Associative, Identity element, Inverse element. Note - we have used . as operator: could be addition +, multiplication x or any other mathematical operator. A group can have a finite (fixed) number of elements, or it may be infinite. Note that integers (+ve, -ve and 0) using addition form an infinite abelian group. So do real numbers using multiplication.
- #11 NOTE: -3 should be 3 Define exponentiation in a group as the repeated use of the group operator. Note that we are most familiar with it being applied to multiplication, but it is more general than that. If the repeated use of the operator on some value a in the group results in every possible value being created, then the group is said to be cyclic, and a is a generator of (or generates) the group G.
- #12 Next describe a ring. In essence, a ring is a set in which we can do addition, subtraction [a – b = a + (–b)], and multiplication without leaving the set, and which obeys the associative and distributive laws. We denote a Ring as {R,+,.} With respect to addition and multiplication, the set of all n-square matrices over the real numbers form a ring. The set of integers with addition & multiplication form an integral domain.
- #13 Lastly define a field. In essence, a field is a set in which we can do addition, subtraction, multiplication, and division without leaving the set. Division is defined with the following rule: a/b = a (b–1). We denote a Field as {F,+,.} Examples of fields are: rational numbers, real numbers, complex numbers. Note that integers are NOT a field since there are no multiplicative inverses (except for 1).
- #14 These are terms we use for different sorts of "number systems", ones obeying different sets of laws. From group to ring to field we get more and more laws being obeyed, as shown here in Stallings Figure 4.2. As a memory aid, can use the acronym for groups: CAIN (Closure Associative Identity iNverse) & ABEL. Mostly we need to compute with Rings, if not Fields. When we do arithmetic modulo a prime, we have a field.
- #15 Infinite fields are not of particular interest in the context of cryptography. However, finite fields play a crucial role in many cryptographic algorithms. It can be shown that the order of a finite field (number of elements in the field) must be a positive power of a prime, & these are known as Galois fields, in honor of the mathematician who first studied finite fields, & are denoted GF(p^n). We are most interested in the cases where either n=1 - GF(p), or p=2 - GF(2^n).
- #16 Start by considering GF(p) over the set of integers {0…p-1} with addition & multiplication modulo p. This forms a “well-behaved” finite field. Can find an inverse using the Extended Euclidean algorithm.
- #17 Table 4.5 shows arithmetic operations in GF(7). This is a field of order 7 using modular arithmetic modulo 7. As can be seen, it satisfies all of the properties required of a field (Figure 4.2). Compare this table with Table 4.2. In the latter case, we see that using modular arithmetic modulo 8, is not a field.
- #18 Next introduce the interesting subject of polynomial arithmetic, using polynomials in a single variable x, with several variants as listed above. Note we are usually not interested in evaluating a polynomial for any particular value of x, which is thus referred to as the indeterminate.
- #19 Polynomial arithmetic includes the operations of addition, subtraction, and multiplication, defined in the usual way, ie add or subtract corresponding coefficients, or multiply all terms by each other. The examples are from the text.
- #20 Consider variant where now when computing value of each coefficient do the calculation modulo some value, usually a prime. If the coefficients are computed in a field (eg GF(p)), then division on the polynomials is possible, and we have a polynomial ring. Are most interested in using GF(2) - ie all coefficients are 0 or 1, and any addition/subtraction of coefficients is done mod 2 (ie 2x is the same as 0x!), which is just the common XOR function.
- #21 Note that we can write any polynomial in the form of f(x) = q(x) g(x) + r(x), where division of f(x) by g(x) results in a quotient q(x) and remainder r(x). Can then extend the concept of divisors from the integer case, and show that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials whose coefficients are elements of a field. Define an irreducible (or prime) polynomial as one with no divisors other than itself & 1. If compute polynomial arithmetic modulo an irreducible polynomial, this forms a finite field, and the GCD & Inverse algorithms can be adapted for it.
- #22 We can extend the analogy between polynomial arithmetic over a field and integer arithmetic by defining the greatest common divisor as shown. We began this section with a discussion of arithmetic with ordinary polynomials. Arithmetic operations are performed on polynomials (addition, subtraction, multiplication, division) using the ordinary rules of algebra. Polynomial division is not allowed unless the coefficients are elements of a field. Next, we discussed polynomial arithmetic in which the coefficients are elements of GF(p). In this case, polynomial addition, subtraction, multiplication, and division are allowed. However, division is not exact; that is, in general division results in a quotient and a remainder. Finally, we showed that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials whose coefficients are elements of a field. All of the material in this section provides a foundation for the following section, in which polynomials are used to define finite fields of order pn.
- #23 Consider now the case of polynomial arithmetic with coordinates mod 2 and polynomials mod an irreducible polynomial m(x). That is Modular Polynomial Arithmetic uses the set S of all polynomials of degree n-1 or less over the field Zp. With the appropriate definition of arithmetic operations, each such set S is a finite field. The definition consists of the following elements: Arithmetic follows the ordinary rules of polynomial arithmetic using the basic rules of algebra, with the following two refinements. Arithmetic on the coefficients is performed modulo p. If multiplication results in a polynomial of degree greater than n-1, then the polynomial is reduced modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder. This forms a finite field. And just as the Euclidean algorithm can be adapted to find the greatest common divisor of two polynomials, the extended Euclidean algorithm can be adapted to find the multiplicative inverse of a polynomial.