Cryptography and Network Security Chapter 4

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Chapter 4 Finite Fields

The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence. Living with Birds, Len Howard

Introduction
will

now introduce finite fields of increasing importance in cryptography

AES, Elliptic Curve, IDEA, Public Key

concern

operations on numbers

where what constitutes a number and the type of operations varies considerably

start

with concepts of groups, rings, fields from abstract algebra

Group
a

set of elements or numbers with some operation whose result is also in the set (closure) obeys:

associative law: (a.b).c = a.(b.c) has identity e: e.a = a.e = a has inverses a-1: a.a-1 = e

if

commutative

a.b = b.a

then forms an abelian group

Cyclic Group
define

exponentiation as repeated application of operator

example: a-3 = a.a.a

and a

let identity be: e=a0

group is cyclic if every element is a power of some fixed element

ie b = ak

for some a and every b in group

is said to be a generator of the group

Ring
a set of numbers with two operations (addition and multiplication) which form: an abelian group with addition operation and multiplication:

has closure is associative distributive over addition:

a(b+c) = ab + ac

if multiplication operation is commutative, it forms a commutative ring if multiplication operation has an identity and no zero divisors, it forms an integral domain

Field
a

set of numbers with two operations which form:

abelian group for addition abelian group for multiplication (ignoring 0) ring

have

hierarchy with more axioms/laws

group -> ring -> field

Modular Arithmetic
define modulo operator a mod n to be remainder when a is divided by n use the term congruence for: a = b mod n

when divided by n, a & b have same remainder eg. 100 = 34 mod 11 since with integers can always write: a = qn + b usually chose smallest positive remainder as residue
ie. 0 <= b <= n-1

b is called a residue of a mod n

process is known as modulo reduction

eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7

Divisors
a non-zero number b divides a if for some m have a=mb (a,b,m all integers) that is b divides into a with no remainder denote this b|a and say that b is a divisor of a
say eg.

all of 1,2,3,4,6,8,12,24 divide 24

Modular Arithmetic Operations

is

'clock arithmetic' uses a finite number of values, and loops back from either end modular arithmetic is when do addition & multiplication and modulo reduce answer can do reduction at any point, ie

a+b mod n = [a mod n + b mod n] mod n

Modular Arithmetic

can do modular arithmetic with any group of integers: Zn = {0, 1, , n-1}

form a commutative ring for addition with a multiplicative identity note some peculiarities

if (a+b)=(a+c) mod n then b=c mod n but if (a.b)=(a.c) mod n then b=c mod n only if a is relatively prime to n

Modulo 8 Addition Example

+ 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5

7 7 0 1 2 3 4 5 6

Greatest Common Divisor (GCD)

a

common problem in number theory GCD (a,b) of a and b is the largest number that divides evenly into both a and b

eg GCD(60,24) = 12

often

want no common factors (except 1) and hence numbers are relatively prime
eg GCD(8,15) = 1 hence 8 & 15 are relatively prime

Euclidean Algorithm

an efficient way to find the GCD(a,b) uses theorem that:

GCD(a,b) = GCD(b, a mod b)

Euclidean Algorithm to compute GCD(a,b) is:

EUCLID(a,b)
1. 2. 3. 4. 5. 6. A = a; B = b if B = 0 return R = A mod B A = B B = R goto 2 A = gcd(a, b)

Example GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0)

Galois Fields
finite

fields play a key role in cryptography can show number of elements in a finite field must be a power of a prime pn known as Galois fields denoted GF(pn) in particular often use the fields:

GF(p) GF(2n)

Galois Fields GF(p)

GF(p)

is the set of integers {0,1, , p-1} with arithmetic operations modulo prime p these form a finite field

since have multiplicative inverses

hence

arithmetic is well-behaved and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

GF(7) Multiplication Example

0 1 2 3 4 5 6

0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1

Finding Inverses
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 Q B1, A2 Q B2, A3 Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2

Inverse of 550 in GF(1759)

Q A1 A2 A3 B1 B2 B3

1
0

0
1

1759
550

0
1

1
3

550
109

5
21 1

1
5 106

3
16 339

109
5 4

5
106 111

16
339 355

5
4 1

Polynomial Arithmetic
can

compute using polynomials

f(x) = anxn + an-1xn-1 + + a1x + a0 = aixi

nb. not interested in any specific value of x which is known as the indeterminate

several

alternatives available

ordinary polynomial arithmetic poly arithmetic with coords mod p poly arithmetic with coords mod p and polynomials mod m(x)

Ordinary Polynomial Arithmetic

add

or subtract corresponding coefficients multiply all terms by each other eg

let f(x) = x3 + x2 + 2 and g(x) = x2 x + 1 f(x) + g(x) = x3 + 2x2 x + 3 f(x) g(x) = x3 + x + 1 f(x) x g(x) = x5 + 3x2 2x + 2

Polynomial Arithmetic with Modulo Coefficients

when

computing value of each coefficient do calculation modulo some value

forms a polynomial ring

could

be modulo any prime but we are most interested in mod 2

ie all coefficients are 0 or 1 eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1 f(x) x g(x) = x5 + x2

Polynomial Division
can

write any polynomial in the form:

f(x) = q(x) g(x) + r(x) can interpret r(x) as being a remainder r(x) = f(x) mod g(x)

if

have no remainder say g(x) divides f(x) if g(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial arithmetic modulo an irreducible polynomial forms a field

Polynomial GCD

can find greatest common divisor for polys

c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree which divides both a(x), b(x)
EUCLID[a(x), b(x)] 1. A(x) = a(x); B(x) = b(x) 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 3. R(x) = A(x) mod B(x) 4. A(x) B(x) 5. B(x) R(x) 6. goto 2

can adapt Euclids Algorithm to find it:

Modular Polynomial Arithmetic

can

compute in field GF(2n)

polynomials with coefficients modulo 2 whose degree is less than n hence must reduce modulo an irreducible poly of degree n (for multiplication only)

form

a finite field can always find an inverse

can extend Euclids Inverse algorithm to find

Example GF(23)

Computational Considerations
since

coefficients are 0 or 1, can represent any such polynomial as a bit string addition becomes XOR of these bit strings multiplication is shift & XOR

cf long-hand multiplication

modulo

reduction done by repeatedly substituting highest power with remainder of irreducible poly (also shift & XOR)

Computational Example
in GF(23) have (x2+1) is 1012 & (x2+x+1) is 1112 so addition is

(x2+1) + (x2+x+1) = x 101 XOR 111 = 0102

and multiplication is

(x+1).(x2+1) = x.(x2+1) + 1.(x2+1) = x3+x+x2+1 = x3+x2+x+1 011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 101 = 11112
(x3+x2+x+1 ) mod (x3+x+1) = 1.(x3+x+1) + (x2) = x2 1111 mod 1011 = 1111 XOR 1011 = 01002

polynomial modulo reduction (get q(x) & r(x)) is

Using a Generator
equivalent

definition of a finite field a generator g is an element whose powers generate all non-zero elements

in F have 0, g0, g1, , gq-2

can

create generator from root of the irreducible polynomial then implement multiplication by adding exponents of generator

Summary
have

considered:

concept of groups, rings, fields modular arithmetic with integers Euclids algorithm for GCD finite fields GF(p) polynomial arithmetic in general and in GF(2n)