cryptography - lecture4

872019 Cryptography - lecture4

httpslidepdfcomreaderfullcryptography-lecture4 133

March 28 2006 1

Cryptography and Network Security

Lecture 4 Basic notions of finite fields

Ion PetreIon PetreAcademy of Finland andAcademy of Finland andDepartment of IT Aringbo Akademi UniversityDepartment of IT Aringbo Akademi University

Spring 2006httpwwwabofi~ipetrecrypto



March 28 2006 2

Why finite fields

Increasingly important in cryptography Several modern cryptographic algorithms rely on computations in various finite fields among them

AES and elliptic curve cryptography

AES uses arithmetic in the finite field GF(28

) Virtually all encryption algorithms (both symmetric and public-key) involve arithmetic

operations on integers If we decide to work on n-bit integers for efficiency of storage we would like to be able to use all

integers on n-bits This means we have to do operations on integers from 0 to 2n-1

We could decide to use operations in Zm where m=2n

Difficulty 1 we may need to do divisions and Zm is not a field Difficulty 2 arithmetic modulo 2n may give rise to weak cryptographic algorithms

Example suppose we work with 3-bit blocks and decide to do arithmetic modulo 8

In the multiplication table of Z8 12hellip7 appear with different frequency 1 occurs 4 times 2 occurs8 times 3 occurs 4 times 4 occurs 12 times 5 occurs 4 times 6 occurs 8 times 7 occurs 4 times

Solution use a finite field GF(23) with 8 elements ndash division is always possible and in themultiplication table each integer 1hellip7 occurs exactly 7 times



March 28 2006 3

Why finite fields

We need fields y=ax+b x=a-1(y-b) We need finite fields

They all have pn elements with p a prime number What is their structure (addition multiplication table) Are there many different fields with pn elements

Example a field with 8 elements



March 28 2006 4

Modulo 8 example

This is not a field



March 28 2006 5

A field with 8 elements

+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

X 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 5 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3



March 28 2006 6

Summary of the constructions in this lecture

Consider the integers Z Take a prime number p and do operations modulo p Zp is a field with

p elements (order p) Consider polynomials with coefficients in Zp Zp[X]

Take an irreducible polynomial m(x) of degree n and do operationsmodulo m(x) GF(pn) is a field with pn elements (order pn) AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1



March 28 2006 7

Plan of the lecture

Introduce here (minimal) notions needed for the understanding of AES

Groups rings fields

Divisors modular arithmetic Euclidrsquos algorithm Polynomial arithmetic



March 28 2006 8

Basic notions of abstract algebra

groups rings fields

Group (G bulle) a set G with a binary operation bull and an element eisinGsatisfying the following laws

Associativity a bull(b bull c)=(a bull b) bull c for any abcisinG Identity element a bull e=e bull a=a for any aisinG Inverse element for each aisinG there exists an element arsquoisinG such that a bull arsquo=

arsquo bull a=e arsquo is usually denoted as -a and is called the inverse of a

Example of a group the set of integers with the addition (Z+0) Note that the set of integers with the multiplication (Zx1) is not a group the

inverse element does not exist for all integers (it exists only for 1 and ndash1)



March 28 2006 9

Groups

A group (G+e) is called Commutative (or abelian ) if a bull b=b bull a for all ab in G Finite if set G is finite Infinite if set G is infinite

Example (Z+0) is a commutative group

The set of nxn matrices over integers with the addition is a commutativegroup The set of permutations of the set 12hellipn with the composition is a finite

non-commutative group



March 28 2006 10

Rings

Ring (R+bull0) a set R with two binary operations + and bull satisfying the following laws (R+0) is a commutative group

Associative multiplication abull(bbullc)=(abullb)bullc for any abcisinR Distributive abull(b+c)=abullb + abullc (a+b)bullc=abullc + bbullc

A ring (R+bull0) is called Commutative if the multiplication bull is commutative

Unitary (or with unity element ) if operation bull has an identity element 1 abull1=1bulla=a for alla in R We denote it as (R+bull01)

Integral domain if It is commutative It has unity element It has no zero divisors if abullb=0 then either a=0 or b=0

Example (Z+bull01) is an integral domain The set of nxn matrices over integers with addition and multiplication is a commutative unitary

ring but not an integral domain (Z26 +bull01) is a commutative unitary ring but not an integral domain 2bull13=0 (mod 26)



March 28 2006 11

Fields

Field (F+bull01) (F+ bull01) is an integral domain

Multiplicative inverse for any nonzero element a in F there exists an

element a rsquo in F such that a bulla rsquo=a rsquobulla =1 a rsquo is usually denoted as a -1 and it is called the multiplicative inverse of a

Example The set of rational numbers (Q+bull01) the set of real numbers (R+bull01)

are fields The set of integers (Z+ bull01) is not field only 1 and ndash1 have multiplicative

inverses (Z26 + bull01) is not field (Z

3+ bull01) is a finite field the inverse of 1 is 1 and the inverse of 2 is 2

(Z5+ bull01) is a finite field 1bull1=1 mod 5 2bull3=1 mod 5 4bull4=1 mod 5 Inverse of 1 is 1 inverse of 2 is 3 inverse of 3 is 2 inverse of 4 is 4



March 28 2006 12

Modular arithmetic

Consider now the set of integers fix a positive integer n

For any integer a there exists integers q and r such that a=qn+r and

r is from 0 to n-1 q is the largest integers less than or equal to an r is called the residue of a modulo n Define the operator mod a mod n=r Define the operator div a div n=q Example

7 mod 5 = 2 11 mod 7 =4

-11 mod 7 =3 -11=(-2)7+3 Congruence modulo n aequivb mod n if a mod n = b mod n

Example 73 equiv 4 mod 23 21 equiv -9 equiv 1mod 10





March 28 2006 14

Arithmetic modulo n

We can perform ordinary arithmetic (addition subtractionmultiplication) modulo n (as we have done in Caesar)

Useful properties (reduce the computation mod n at any step) (a+b) mod n = ( (a mod n) + (b mod n) ) mod n (a-b) mod n = ( (a mod n) - (b mod n) ) mod n (abullb) mod n = ( (a mod n) bull (b mod n) ) mod n

Example to compute 117 mod 13 we do 112=121=4 mod 13 114=42=3 mod 13 117= 4bull3bull11 mod 13 =2 mod 13

(Zn+bull01) is a commutative unitary ring where Zn= 012hellipn-1 andthe operations are performed modulo n



March 28 2006 15

Arithmetic modulo n divisions

Careful when performing operations modulo n

If (a+b) equiv (a+c) mod n then b equiv c mod n Not true that if (abullb) equiv (abullc) mod n then b equiv c mod n

Example (2bull1) equiv (2bull5) mod 8 but 1 and 5 are not congruent modulo 8

The implication is true if and only if a is relatively prime to n iegcd(an)=1 Any such a has a multiplicative inverse a-1 modulo n





March 28 2006 17

Divisors

A nonzero integer b divides a if a=mb for some integer m Wedenote it as b | a and we say that b is a divisor of a

Example Positive divisors of 24 are 1234681224 Facts

If a | 1 then a=1 or a=-1 If a | b and b | a then a=b or a=-b If d | g and d | h then d | (mg+nh) for any integers m and n If a equiv b (mod n) then n | (a-b) If a equiv b (mod n) then b equiv a (mod n)

If a equiv b (mod n) and b equiv c (mod n) then a equiv c (mod n)



March 28 2006 18

Greatest common divisor

The positive integer d is the greatest common divisor of integers a and bdenoted d=gcd(ab) if It is a divisor of both a and b Any other divisor of a and b is a divisor of d

Example gcd(812)=4 gcd(2460)=12 Integers a and b are called relatively prime if gcd(ab)=1

Computing gcd(ab) Euclidrsquos algorithm Based on the following fact gcd(ab)=gcd(ba mod b)

Euclids Algorithm to compute gcd(ab) ndash Euclid(ab) If b=0 then return a

Else return Euclid(ba mod b)

Note the algorithm always terminates



March 28 2006 19

Example d=gcd(19701066)

1970 = 1 x 1066 + 904 d= gcd(1066 904)1066 = 1 x 904 + 162 d= gcd(904 162)904 = 5 x 162 + 94 d= gcd(162 94)

162 = 1 x 94 + 68 d= gcd(94 68)94 = 1 x 68 + 26 d= gcd(68 26)68 = 2 x 26 + 16 d= gcd(26 16)26 = 1 x 16 + 10 d= gcd(16 10)16 = 1 x 10 + 6 d= gcd(10 6)10 = 1 x 6 + 4 d= gcd(6 4)6 = 1 x 4 + 2 d= gcd(4 2)4 = 2 x 2 + 0 d= 2

Result gcd(19701066)=2 ie the last nonzero residue in the above computation



March 28 2006 20

Finite fields

It can be proved that if a field is finite then it has pn elements forsome prime number p We also say that it has order pn

We denote GF(pn) ndash GF stands for Galois field For n=1 we have GF(p) which is Zp

If p is prime then any element in Zp has a multiplicative inverse

For ngt1 the field has a different structure Start from Zp and build a field with pn elements





March 28 2006 22

Finding the multiplicative inverse in Zp

Euclids Algorithm to compute gcd(ab) ndash Euclid(ab) (assume bgt0) If b=0 then return a


Result if d=gcd(ab) then there are integers xy such that d=ax+by If d=1 then ax+by=1 and so ax=1 mod b ie x is the inverse of a mod b

Idea run Euclidrsquos algorithm in such a way as to compute not only d but alsox and y

Extended Euclidrsquos algorithm ExtEuclid(ab) Output (dxy) where d=gcd(ab) and d=ax+by

If d=1 then x = a-1 (mod b)

if b = 0 then return (a10) else (t1t2t3)=ExtEuclid(b a mod b)

return (t1 t3 t2 ndash (a div b) t3 )

Proof of correctness Clearly gcd is returned on the first component (runs like Euclidrsquos algorithm) Denote a mod b=r a div b=z a=bz+r The proof goes by induction if t1=gcd(b r) and t1=t2b+t3r then t1=t2b+t3(a-bz)

and so t1=t3a+(t2-t3z)b



March 28 2006 23

Example the inverse of 550 in GF(1759)

Extended Euclidrsquos algorithm ExtEuclid(ab) Output (dxy) where d=gcd(ab) and d=ax+by if b = 0 then return (a10) else (t1t2t3)=ExtEuclid(b a mod b)

return (t1 t3 t2 - (a div b) t3 )

Z=ExtEuclid(5501759) 550 =0bull1759 + 550 compute Z1=ExtEuclid(1759550) 1759=3bull550 + 109 compute Z2=ExtEuclid(550109) 550=5 bull109 + 5 compute Z3=ExtEuclid(1095) 109=21bull5+4 compute Z4=ExtEuclid(54) 5=1bull4+1 compute Z5=ExtEuclid(41) 4=4bull1+0 compute Z6=ExtEuclid(10)=(110) Z5=(101) Z4=(11-1) Z3=(1-122) Z2=(122-111) Z1=(1-111355) Z=(1355-111) Final answer the inverse of 550 mod 1759 is 355



March 28 2006 24

Polynomial Arithmetic

To define GF(pn) we need to discuss about operations withpolynomials with coefficients in Zp polynomial arithmetic

Consider only polynomials in one indeterminate



March 28 2006 25

Ordinary Polynomial Arithmetic

Consider polynomials with coefficients in a ring or a field ndash eg Z

Addingsubtracting two polynomials is done by addingsubtracting thecorresponding coefficients Multiplying two polynomials is done in the usual way by multiplying all terms

with each other Division (not necessarily exact) of two polynomials can also be defined if the

coefficients are in a field Example f (x ) = x 3 + x 2 + 2 g (x ) = x 2 ndash x + 1 with coefficients in Z

f (x ) + g (x ) = x 3 + 2x 2 ndash x + 3 f (x ) ndash g (x ) = x 3 + x + 1 f (x ) x g (x ) = x 5 + 3x 2 ndash 2x + 2

For a ring or a field R (R[X]+bull01) is a ring ndash the ring of polynomials over R

P l i l A i h i i h M d l C ffi i



March 28 2006 26

Polynomial Arithmetic with Modulo Coefficients

Consider polynomials with coefficients in Zp for some prime p We are mostly interested in computations mod 2 all coefficients are

0 or 1 Example f (x ) = x 3 + x 2 and g (x ) = x 2 + x + 1

f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2

Division (not necessarily exact) of two polynomials can also bedefined if the coefficients are in a field The computations are done similarly as for integers eg Euclidrsquos

algorithm holds also for polynomials



March 28 2006 27

Division of polynomials with coefficients in Zp

For any polynomials f(x) g(x) there exist two polynomials q(x) r(x) such that f (x ) = q (x ) g (x ) + r (x ) deg(r ) lt deg(g )

Thus division (not necessarily exact) is possible q(x)=f(x) div g(x)

r(x)=f(x) mod g(x)

If r(x)= 0 then we say that g (x ) divides f (x ) g(x) | f(x)

If f (x ) has no divisors other than itself and constant polynomials we say it isirreducible (or prime) polynomial Equivalently f(x) cannot be written as g(x)h(x) with deg(g ) deg(h ) lt deg(f)

Greatest common divisor gcd(fg) is defined similarly as for integers It is a divisor of both f and g

Any other divisor of f and g is a divisor of gcd(fg ) Gcd(fg) can be computed using Euclidrsquos algorithm



March 28 2006 28

Computing the GCD of two polynomials over Zp

Euclid(ab) If b=0 then return a


EUCLID[a (x ) b (x )] computes gcd(a(x) b(x)) If b(x)=0 then return a(x) Else return EUCLID(b(x) a(x) mod b(x))

M d l P l i l A i h i



March 28 2006 29

Modular Polynomial Arithmetic

(arithmetic modulo a polynomial)

Consider an irreducible polynomial f(x) with degree n and coefficients in Zp

Example x8

+x4

+x3

+x+1 is irreducible in Z2[x] (the polynomial used in AES) Polynomial arithmetic modulo f(x) can be done similarly as integer arithmeticmodulo a prime number p Take any two polynomials modulo f(x) Do additionsubtractionmultiplication modulo f(x)

If f(x) is irreducible then the set of all polynomials modulo f(x) forms a fielddenoted GF(pn) We are mostly interested in GF(2n) The elements of the field GF(2n) all polynomials with binary coefficients and

degree less than n Addition is the normal addition of two polynomials Multiplication is done modulo f(x)

GF(2n) is indeed a field any nonzero element has an inverse The extended Euclid algorithm can be used here just like for integers

C ti th i i GF( n)



March 28 2006 30

Computing the inverse in GF(pn )

Extended Euclidrsquos algorithm ExtEuclid(a(x)b(x)) Output (d(x)e(x)f(x)) where d(x)=gcd(a(x)b(x)) and d=a(x)e(x)+b(x)f(x)

if b(x) = 0 then return (a(x)10) else (t1(x)t2(x)t3(x))=ExtEuclid(b(x) a(x) mod b(x))

return (t1(x) t3(x) t2(x) - (a(x) div b(x)) t3(x) )

If F(x) is an irreducible polynomial and (d(x)t(x)u(x))=ExtEuclif(a(x)F(x))then d(x)=1 t(x)=a-1(x) mod F(x)

Example GF(23)



March 28 2006 31

Example GF(23 )

Computational considerations



March 28 2006 32


A polynomial in GF(2n)

can be represented by its n binary coefficients (an-1an-2hellipa0) ie by a number on n bits

Addition of polynomials becomes bitwise XOR of their n-bit representations Multiplication is shift amp XOR example for GF(28) with m(x)=x8+x4+x3+x+1 (AES)

x8 mod m(x) = (x8 - m(x)) = x4+x3+x+1 Consider a polynomial in GF(28) f(x)=b7x7+b6x6+b5x5+b4x4+b3x3+b2x2+b1x+b0

Multiplying by x we have xf(x)=b7x8+b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x If b7=0 then the result is in GF(28) If b7=1 then we need to reduce x8 mod m(x)

xf(x) = (b6x7+b5x6+b4x5+b3x4+b2x3+b1x2+b0x) + (x4+x3+x+1) Thus multiplication by x is in fact a 1-bit left shift followed by a conditional XOR with

(00011011) Multiplication by higher powers of x implies an iteration of the above procedure

Summary



March 28 2006 33

Summary

Consider the integers Z Take a prime number and do operations modulo p Zp is a field with p

elements (order p) Consider polynomials with coefficients in Zp Zp[X]

Take an irreducible polynomial m(x) of degree n and do operationsmodulo m(x) GF(pn) is a field with pn elements (order pn) Any finite field has order pn for some prime p and a positive integer n AES uses GF(28) with arithmetic modulo x8+x4+x3+x+1



March 28 2006 2

Why finite fields

Increasingly important in cryptography Several modern cryptographic algorithms rely on computations in various finite fields among them

AES and elliptic curve cryptography

AES uses arithmetic in the finite field GF(28

) Virtually all encryption algorithms (both symmetric and public-key) involve arithmetic

operations on integers If we decide to work on n-bit integers for efficiency of storage we would like to be able to use all

integers on n-bits This means we have to do operations on integers from 0 to 2n-1

We could decide to use operations in Zm where m=2n

Difficulty 1 we may need to do divisions and Zm is not a field Difficulty 2 arithmetic modulo 2n may give rise to weak cryptographic algorithms

Example suppose we work with 3-bit blocks and decide to do arithmetic modulo 8

In the multiplication table of Z8 12hellip7 appear with different frequency 1 occurs 4 times 2 occurs8 times 3 occurs 4 times 4 occurs 12 times 5 occurs 4 times 6 occurs 8 times 7 occurs 4 times

Solution use a finite field GF(23) with 8 elements ndash division is always possible and in themultiplication table each integer 1hellip7 occurs exactly 7 times



March 28 2006 3

Why finite fields






March 28 2006 4

Modulo 8 example

This is not a field



March 28 2006 5


+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

X 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 5 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3



March 28 2006 6







March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 3

Why finite fields






March 28 2006 4

Modulo 8 example

This is not a field



March 28 2006 5


+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

X 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 5 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3



March 28 2006 6







March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 4

Modulo 8 example

This is not a field



March 28 2006 5


+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

X 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 5 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3



March 28 2006 6







March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 5


+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

X 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 5 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3



March 28 2006 6







March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 6







March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 7

Plan of the lecture


Groups rings fields




March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 8


groups rings fields








March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 9

Groups







March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 10

Rings










March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 11

Fields











March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 12

Modular arithmetic




7 mod 5 = 2 11 mod 7 =4







March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary








March 28 2006 14

Arithmetic modulo n







March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 15










March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary








March 28 2006 17

Divisors







March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 18










March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 19







March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 20

Finite fields









March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary








March 28 2006 22














March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 23







March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 24






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 25











March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 26




f (x ) + g (x ) = x 3

+ x + 1f (x ) x g (x ) = x 5 + x 2





March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 27




r(x)=f(x) mod g(x)







March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 28








March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 29




Example x8

+x4

+x3





C ti th i i GF( n)



March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 30






Example GF(23)



March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 31

Example GF(23 )




March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 32









Summary



March 28 2006 33

Summary






March 28 2006 33

Summary




cryptography - lecture4

Documents