program derivation of operations in finite fields of prime order

Introduction Title

Program Derivation of Operations in Fp

Charles Southerland Dr. Anita Walker

Department of Mathematics & Computer ScienceEast Central University

Oklahoma Computing Consortium Conference 2011

Southerland, Walker Program Derivation of Operations in Fp

Introduction Thanks

Special Thanks

I would like to say a special thank you to:

Dr. Anita Walker for working closely with me throughoutthis project, and for introducing me to abstract algebra

Dr. Bill Walker for introducing me to program derivation

Prof. Clay Carley for working with me on cryptology, whichfirst lead me to this particular problem

The creators of Beamer for allowing LATEX to save me fromthe abyss of WYSIWYG presentation software


Finite Fields Outline

Outline

1 Finite FieldsDefinitionField OrderA Well-Known Finite Field

2 Program Derivation

3 Multiplicative Inverse in Fp


Finite Fields Definition

The Definition of a Field

Definition

A field is a 3-tuple of a set F and two operations (called additionand multiplication) for which certain properties hold:

Closure of F under both operations

Associativity of both operations

Distinct identities in F for the operations

Additive inverses for all items in F

Multiplicative inverses for all but the additive identity

Commutativity of both operations

Distributivity of multiplication over addition


Finite Fields Definition

The Galois Field

A finite field is a field in which the contained set has finitecardinality (e.g., the field has a finite order).

All finite fields of the same order are isomorphic (so they are,for all practical purposes, the same).

Another name for a finite field is a Galois field.

Generalized fields are often denoted as F, but finite fields inparticular are usually denoted either with GF , GF (q), or Fq,where q is the order of the field.


Finite Fields Field Order

The Order of a Finite Field

There exists a finite field of order q iff q = pn, where p isprime and n ∈ N..

When n = 1, Fp is isomorphic to (Zp,⊕,⊗) (the integersmodulo p with modular addition and modular multiplication).

When n > 1, Fpn is isomorphic to the splitting field off (x) = xpn − x over Fp.

This project focuses on fields of prime order, so I’m afraidthere will be no more discussion of Fpn .


Finite Fields A Well-Known Finite Field

A Well-Known Finite Field of Prime Order: F2

Since 2 is prime, there is a finite field F2, and it has the form(Z2,⊕,⊗).

The operations are defined as:

Addition

⊕ 0 1

0 0 11 1 0

Multiplication

⊗ 0 1

0 0 01 0 1

As you can see, F2 is binary with XOR as addition and ANDas multiplication.


Program Derivation Outline

Outline

1 Finite Fields

2 Program DerivationHistoryDijkstra’s Guarded Command LanguageWeakest Precondition Predicate TransformerThe Program Derivation Process



Program Derivation History

The History of Program Derivation

Hoare’s 1969 paper An Axiomatic Basis for ComputerProgramming effectively launched the Formal Methodssubfield of CS.

Dijkstra’s paper Guarded Commands, Nondeterminacy andFormal Derivation of Programs introduced many of the ideaspresented in this paper.

Gries’ book The Science of Programming brings Dijkstra’spaper to a level undergrad CS and Math majors canunderstand.


Program Derivation Dijkstra’s Guarded Command Language

Some Familiar Parts of Dijkstra’s Language

Variable Assignment

x := 1

Addition

x := x + y

Command Concatenation

b := b − a; x := x + y

Procedure Call

c := gcd(a, b)

Subtraction

b := b − a

Skip, then Abort

skip; abort



Dijkstra’s Guarded Commands

Guarded if-Block

if a > 0 → c := 2ut b > 0 → c := 3; a := 5ut c > 0 → c := 1ut c = 6 → c := 4fi

Guarded do-Block

do b = 0 → c := 1ut a > 0 → a := a− 1ut b < 4 → b := b + 1ut c = 1 → a := a− 1

od



A Famous Example

Greatest Common Divisor

proc gcd(a, b) ≡do a > b → a := a− but b > a → b := b − a

odreturn a.


Program Derivation Weakest Precondition Predicate Transformer

The Weakest Precondition Predicate Transformer

Definition

The Weakest Precondition Predicate Transformer (wp) isdefined as follows:wp : P × L → L

P is the set of all finite-length programs

L is the set of all statements about the state of a computer

wp(s, r) = q

q is the weakest precondition (the initial state)

s is the program to be executed (which changes the state)

r is the postcondition (the resulting state)



wp and Dijkstra’s Language

Skip

wp(”skip”, r) = r

Command Concatenation

wp(”b := a; x := y”, r)= wp(”b := a”,wp(”x := y”, r))

Abort

wp(”abort”, r) = F

Variable Assignment

wp(”x := y”, r)= defined(y) ∧ r xy



wp and Dijkstra’s if-Block

Dijkstra’s if-Block

wp(”if a > 0 → c := 2ut b > 0 → c := 3; a := 5ut c > 0 → c := 1ut c = 6 → c := 4 fi”, r)

= (a > 0 ∨ b > 0 ∨ c > 0 ∨ c = 6)∧(a > 0 =⇒ wp(”c := 2”, r))∧(b > 0 =⇒ wp(”c := 3; a := 5”, r))∧(c > 0 =⇒ wp(”c := 1”, r))∧(c = 6 =⇒ wp(”c := 4”, r))



wp and Dijkstra’s do-Block, Part I

Let’s call this ”DO”:


od

Also, let’s call this ”IF”:


od



wp and Dijkstra’s do-Block, Part II

We define Hn(r) for n ∈ N and r ∈ L as:

For n = 1

H1(r) = (b 6= 0 ∧ a ≤ 0 ∧ b ≥ 4 ∧ c 6= 1) ∧ r

For n > 1

Hn(r) = H1(r) ∨ wp(”IF ”,Hn−1(r))



wp and Dijkstra’s do-Block, Part III

Dijkstra’s Guarded do-Block

wp(”do b = 0 → c := 1ut a > 0 → a := a− 1ut b < 4 → b := b + 1ut c = 1 → a := a− 1 od”, r)

= (∃n ∈ N)Hn(r)


Program Derivation The Program Derivation Process

Program Derivation

Program Derivation

Given a precondition q ∈ L and a postcondition r ∈ L,derive a program s ∈ P that satisfies q = wp(s, r).


Program Derivation The Program Derivation Process

Program Derivation Tips

Gather as much information as possible about theprecondition and postcondition.

Reduce the problem to previously solved ones wheneverpossible.

Look for a loop invariant that gives clues on how toimplement the program.

If you are stuck, consider alternative representations of thedata.


Multiplicative Inverse in Fp Outline

Outline

1 Finite Fields

2 Program Derivation


Multiplicative InversesThe Greatest Common DivisorExploring Bezout’s IdentityProgram to Find the Multiplicative Inverse in Fp


Multiplicative Inverse in Fp Multiplicative Inverses

Multiplicative Inverses in Fields of Infinite and Finite Order

Finding multiplicative inverses in a field of infinite order istypically not a problem.

Example

In (Q,+,×), multiplicative inverses are reciprocals (e.g., a−1 = 1a ).

Finding multiplicative inverses in fields of finite order can gettricky.

Example

In (Zp,⊕,⊗), multiplicative inverses are found using Bezout’sIdentity (i.e., ax + py = 1), which has two unknown values.


Multiplicative Inverse in Fp Multiplicative Inverses

Obtaining the Multiplicative Inverse from Bezout’s Identity

Noting that a and b are coprime (since b = p, and p is prime),gcd(a, b) = 1. So:

ax + by = gcd(a, b)ax + by = 1ax = by + 1ax = py + 1ax = 1

By the definition of multiplicative inverses, x = a−1.


Multiplicative Inverse in Fp The Greatest Common Divisor

The Greatest Common Divisor

Recall the greatest common divisor program:



odreturn a.

This implementation was discovered by exploring the property:gcd(a, b) = gcd(a− b, b) = gcd(a, b − a)


Multiplicative Inverse in Fp The Greatest Common Divisor

The Loop Invariant of gcd

The loop invariant used in the primary loop of this program isgcd(a, b) = gcd(A,B).

The loop will exit when a = b, which occurs whena = b = gcd(a, b).

Since every iteration decreases the value of either a or b, theloop will progress toward termination (the loop is bound by(a− gcd(a, b)) + (b − gcd(a, b))).


Multiplicative Inverse in Fp Exploring Bezout’s Identity

Bezout’s Identity and the gcd Property

Combining Bezout’s Identity with the gcd property, we get:

ax + by = gcd(a, b)= gcd(a, b − a)= au + (b − a)v= au + bv − av= a(u − v) + bv

So x ≡ u − v (mod b) and y ≡ v (mod a).As gcd is commutative, we derive a corresponding result if weexplored gcd(a− b, b) instead of gcd(a, b − a).



Reassigning x and y as Linear Combinations: Part I

Each time the arguments of gcd get closer to their final value, it isshown that x is equivalent (mod b) and y is equivalent (mod a)to a linear combination of their corresponding values from Bezout’sIdentity after a and b have been modified as described in the gcdprogram.



Reassigning x and y as Linear Combinations: Part II

Specifically, it can be seen that x always has a positive coefficientof following corresponding values of x and a negative coefficient ofcorresponding values of y . Likewise, y always has a negativecoefficient of corresponding values of x and a positive coefficient ofcorresponding values of y .



Reassigning x and y as Linear Combinations: Part III

Once the arguments to gcd are equal to each other (and equal tothe result of gcd), we can find the original values of x and y bymultiplying the coefficients that have been stored by the finalcorresponding values of x and y . However, since we are looking fora multiplicative inverse in Fp, we know gcd(a, p) = 1 as p is prime.Since this will give us x = 1 by simplification after using the gcdproperty one last time, we see that the y components areinconsequential.



Reassigning x and y as Linear Combinations: Part IV

Finally, we see that only the x coefficients are of any consequenceto the final result. Specifically, once the gcd algorithm is complete,since the initial (and desired) value of x can be found bymultiplying the final corresponding value of x by the propercoefficient of x , and since the final corresponding value of x = 1,we get that the desired value of x is equal to the coefficient of thecorresponding final value of x .


Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp

Finding the Loop Invariant

Based on the long-winded previous slides, we can describe a loopinvariant:

Axl + Byl = gcd(a, b)

where xl is is the linear combination that the initial value of x isequal to, and yl is the linear combination that the initial value of y .This loop invariant is nice, as it is fully compatible with the loopinvariant of gcd, and so it also progresses toward termination andhas a bound function that differs from that of gcd linearly.



A Last Look at gcd for Reference...



odreturn a.



Multiplicative Inverse Program

Multiplicative Inverse

proc multinv(a, b) ≡xx := 1; yx := 0do a > b → a := a− b; yx := yx + xxut b > a → b := b − a; xx := xx + yx

odreturn xx .


Conclusion Summary

Summary

Finite fields are very useful mathematical constructs that canbehave very differently from fields of infinite order.

Program derivation is performed by using the rules of theweakest precondition predicate transformer to determine whatsequence of conditions (and thus what program statements)must have occured between a given precondition andpostcondition.

While the process of deriving my multiplicative inverseprogram was time-consuming and complicated, the resultswere well worth the effort.


Conclusion Future Work

Future Work

Program Derivation of Exponentiation in Fp

Extend scope to include Fpn

Explore factorization techniques

Finish library and create graphical front end


Conclusion Contact Me

Contact Information

You can email me at [email protected] if you have anyfurther questions or comments.


program derivation of operations in finite fields of prime order

Technology

program derivation process

fp southerland

b subtraction b

fp charles southerland

operations associativity

formal derivation of

addition southerland

nite order