Chap. 4: Finite Fields Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown

The next morning at daybreak, Star flew indoors, seemingly keen for a lesson. I said, "Tap eight." She did a brilliant exhibition, first tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, 2, 2, before coming for her nut. It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number. In fact, she did mental arithmetic, although unable, like humans, to name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free will pursued the science of numbers with keen interest and astonishing intelligence. — Living with Birds, Len Howard

Len Howard British naturalist, who studied bird behaviors Publications: Birds as Individuals (1953) Living with Birds (1956).

Introduction Finite fields: increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key Goal: mathematics for GF(2 n ) … 0100 Plaintext: 2 n … 0111 Ciphertext: 2 n T(Plaintext, Key) 1.Arbitrary mapping => large transform table 2.Mathematical form, ex. Hill cipher

Outline Group, rings, and fields Modular arithmetic Finite fields of the form GF(p), p is a prime Euclid ’ s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2 n )

Ring +,-,x Motivation for abstract math Abstract math.: 數學物件的集合，運算方式 在一個數學物件的集合中，可操作的運算種 類？ (+, -, x, /) Group +,- Field +,-,x,/

Group Group: {G, } G: a set of elements : binary operation to each pair (a,b) in G obeys: closure: a b is also in G associative law: (a b) c = a (b c) has identity e : e a = a e = a has inverses a -1 : a a -1 = e if commutative a b = b a then forms an abelian group Ex. Integers and + 1+2=3 (1+2)+3=1+(2+3) 3+0=0+3=3 2+(-2)=0

Example: group Ex. N symbols : N n ={1, 2, …, n} Set S n : all permutations over N n Binary operation : permutation according to the first element => Group {{1, 2, …, n}, {2, 1 …, n}, …, {n, n-1, …, 1}} {3,2,1}{1,3,2}={2,3,1}

Cyclic Group Def: exponentiation as repeated application of operator example: a 3 = a a a and let identity be: e=a 0 cyclic group every element is a power of some fixed element i.e. b = a k for some a and every b in group a is said to be a generator of the group EX. integers with addition: 1 as the generator

Ring Ring: {R, +, x} R: a set of “ numbers ” +,x: two operations (addition & multiplication) Ring obeys {R,+}: an abelian group multiplication: has closure is associative: ax(bxc)=(axb)xc distributive over addition: ax(b+c) = axb + axc if multiplication operation is commutative, it forms a commutative ring axb = bxa set of even integers (pos, neg, and 0) 2x4 = 8 2x(4x6) = (2x4)x6 2x(4+6)=2x4+2x6 trivial

Field Field: {F, +, x} F: a set of numbers +,x: two operations (addition & multiplication) Field obeys: Ring {F, +}: abelian group for addition {F\0, x}: abelian group for multiplication (ignoring 0) i.e. with multiplication inverse => division is possible Ex. Real number, {Z, +, x} 不是，無乘法反元素

Field for n-bit block? … 0100 Plaintext: 2 n … 0111 Ciphertext: 2 n +: addition x: multiplication ? Problems: 1. the set of plaintext (and ciphertext) is finite 2. how to define +,-,x,/ operations Ex. 2-bit input 如何定義 +,-,x,/ 運算？

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid ’ s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2 n )

Modulo operator modulo operator: a mod n to be the remainder (>0) when a is divided by n, a and n are integers

Modulo operator (cont.) Integers a and b are congruence modulo n a ≡ b mod n when divided by n, a & b have same remainder eg. 100 ≡ 34 mod 11 b is called the residue of a: b= a mod n integers can always write: a = qn + b usually have 0 <= b <= n mod 7 = 2

Integers Modulo 7 Example congruence Z 7 : residue class modulo 7

Question: (mod n) maps all integers into the set Z n ={0, 1, 2, …, n-1} Can we perform arithmetic (+,-,x,/) with this set?

Modular Arithmetic We can do modular arithmetic with any set of integers: Z n ={0, 1, …, n-1} Under normal arithmetic (+,-,x) Properties: 1. [(a mod n)+(b mod n)] mod n = (a+b) mod n 2. [(a mod n)- (b mod n)] mod n = (a-b) mod n 3. [(a mod n)x (b mod n)] mod n = (axb) mod n

Modulo 8 Example: add Find Additive inverse => group

Modulo 8 Example: multiply Not all have Multi. Inverse  Not a field Does not produce all elements in Z 8

Modular Arithmetic (cont.) Peculiarities compared with ordinary arith. if (a+b)≡(a+c) mod n then b≡c mod n Existence of (-a): if (ab)≡(ac) mod n then b≡c mod n ? Existence of (a -1 ) ? ((-a)+a+b) ≡ ((-a)+a+c) mod n ((a -1 ) ab) ≡ ((a -1 ) ac) mod n Not always true, eg. n=8 Multiplicative inverse exists iff. a is relatively prime to n

Question Do we have a finite field within Z n ?

Modulo 7 example: addition Yes for additive inverse

Modulo 7 Example: multiply  Yes for multi. inverse

Question Do we have a finite field within Z n ? Galois field GF(p): Z P,the modulo p is a prime number Under ordinary arithmetic GF(p n ):, p is a prime number 2 3 does not form a field under normal arithmetic Under polynomial arithmetic

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid’s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2 n )

Galois Fields: GF(p) Theorem: Z n ={0,1, …,n-1} is a commutative ring. Any integer a  Z n in has a multiplicative inverse iff a is relatively prime to n In other words, If n is a prime number, then all nonzero integers in Z n are relatively prime to n => all nonzero integers in Z n have multiplicative inverses => Z n is a finite field => GF(p), p is a prime

Galois Fields: GF(p) GF(p) is the set of integers {0,1, …, p-1} with arithmetic operations modulo prime p these form a finite field since have multiplicative inverses hence arithmetic is “ well-behaved ” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

Example: GF(2) x w-w w x 1 XORAND

Q: How to find the multiplicative inverse? For GF(7), it is easy to build a table For GF(1759), how to find the multiplicative inverse of 550?

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid’s algorithm (find GCD) and extended Euclid’s algorithm (find multiplicative inverse) Polynomial arithmetic Finite fields of the form GF(2 n )

Greatest Common Divisor (GCD) a common problem in number theory GCD (a,b) of a and b is the largest number that divides evenly into both a and b eg. GCD(60,24) = 12 GCD(.,.)=1: no common factors (except 1) and hence numbers are relatively prime eg. GCD(8,15) = 1 hence 8 & 15 are relatively prime

Euclid's GCD Algorithm uses theorem that: (a>b>0) GCD(a,b) = GCD(b, a mod b) To prove: The set of common divisors of a and b = The set of common divisors of a and (a mod b)

Example GCD(1970,1066) 1970 = 1 x gcd(1066, 904) 1066 = 1 x gcd(904, 162) 904 = 5 x gcd(162, 94) 162 = 1 x gcd(94, 68) 94 = 1 x gcd(68, 26) 68 = 2 x gcd(26, 16) 26 = 1 x gcd(16, 10) 16 = 1 x gcd(10, 6) 10 = 1 x gcd(6, 4) 6 = 1 x gcd(4, 2) 4 = 2 x gcd(2, 0)

Finding Inverses can extend Euclid’s algorithm: EXTENDED EUCLID(m, b) 1.(A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b –1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2

Inverse of 550 in GF(1759) (商)(商) 410 B2=A2-Q*B2=0-3*1=-3 inverse

Recall: inverse matrix in Hill cipher Find inverse matrix for Note that 26 is not a prime, not every element in {0,1,2, …,25} has multiplicative inverse Inverse formula:

Inverse of Hill cipher Q A3 B A2 B Multiplicative inverse

Outline Group, rings, and Fields Modular arithmetic Finite fields of the form GF(p) Euclid ’ s algorithm (find GCD) Polynomial arithmetic Finite fields of the form GF(2 n )

Motivation for GF(2 n ) For a 8-bit block Z 256 ={0,1, …,255} is not a field => no division The largest prime < 256 is 251 Z 251 ={0,1, …,250} is a field => 251, …,255 are wasted Is that possible to find a field for Z 256 ? Yes. Define new arithmetic operations for Z 256

Mapping from GF(2 n ) to polynomials Ex. 8-bit block => To build the field for {0,1,2,…,2 n -1} => Require modular polynomial arithmetic

Polynomial Arithmetic Polynomials 3 polynomial arithmetic available: ordinary polynomial arithmetic Polynomial with coefficients in Z p ; arithmetic on the coefficients is performed modulo p Polynomial with coefficients in Z p, and the polynomials are defined modulo a polynomial m(x); arithmetic on the coefficients is performed modulo p

1. Ordinary Polynomial Arithmetic Add(+) or subtract(-) corresponding coefficients Multiply(x) all terms by each other eg. 1101, 0111 f(x) = x 3 + x and g(x) = x 2 + x + 1 f(x) + g(x) = x 3 + 2x 2 + x + 2 f(x) – g(x) = x 3 - x f(x) x g(x) = x 5 +2x 4 +2x 3 +2x 2 +x+1 GF(2 4 ) ? 1. Not in {0,1} 2. degree>3

2. Polynomial Arithmetic with Modulo Coefficients Polynomial coefficients are in a field F={p,+,x} We are most interested in coefficients in GF(2) eg. 1101, 0111 let f(x) = x 3 + x and g(x) = x 2 + x + 1 f(x) + g(x) = x 3 + x f(x) x g(x) = x 5 + x + 1 GF(2 4 ) ? degree > 3

3. Modular Polynomial Arithmetic for GF(2 n ) Polynomial coefficients are in a field F={p,+,x} Ex. coefficients are in GF(2) If multiplication results in poly. of degree > n-1 Reduce it by modulo some irreducible poly. m(x) f(x) = q(x) m(x) + r(x) => r(x) = f(x) mod m(x) if m(x) has no divisors other than itself & 1 say it is irreducible (or prime) polynomial

GF(2 3 ) =m(x)

Modular Polynomial Arithmetic Computation in field GF(2 n ) polynomials with coefficients modulo 2 whose degree is less than n hence must reduce modulo an irreducible poly of degree n (for multiplication only) Can always find an inverse Extended Euclid’s Inverse algorithm to find

Computational Considerations since coefficients are 0 or 1, can represent any such polynomial as a bit string addition becomes XOR of these bit strings multiplication is shift & XOR modulo reduction done by repeatedly substituting highest power with remainder of irreducible poly (also shift & XOR) – see textbook for details

Summary … 0100 Plaintext: 2 n … 0111 Ciphertext: 2 n Mathematics within GF(2 n )