The FFT provides a strong mathematical basis for block cipher mixing such that all input values will have an equal chance to affect all output values.. An operation on any two elements i
Trang 1Fast Fourier Transform A numerically advantageous way of computing a Fourier transform Basically a way of transforming information from
amplitude values sampled periodically through time, into amplitude values sampled periodically through complex frequency The FFT performs this transformation in time proportional to n log n, for some n a power of 2 While exceedingly valuable, the FFT tends to run into practical problems in use which can require a deep understanding of the process For example, the transform assumes that the waveform is "stationary" and thus repetitive and continuous, which is rarely the case As another example, sampling a
continuous wave can create spurious "frequency" values related to the
sampling and not the wave itself Also the range of possible values increases
by a factor of 2 (in both positive and negative directions) in every sublayer mixing; this is information expansion, which we often try to avoid in
cryptography
The FFT provides a strong mathematical basis for block cipher mixing such that all input values will have an equal chance to affect all output values Cryptographic mixing then occurs in butterfly operations based on balanced block mixing structures which replace the simple add / subtract butterfly in the FFT and confine the value ranges so information expansion does not occur A related concept is the fast Walsh-Hadamard transform (FWT), which can use exactly the same mixing patterns as the FFT
Field
In abstract algebra, a commutative ring in which all non-zero elements have
a multiplicative inverse (This means we can divide.)
In general, a field supports the four basic operations (addition, subtraction, multiplication and division), and satisfies the normal rules of arithmetic An operation on any two elements in a field is a result which is also an element
in the field
Examples of fields include rings of integers modulo some prime Here are multiplication tables under mod 2, mod 3 and mod 4:
0 1 0 1 2 0 1 2 3
0 0 0 0 0 0 0 0 0 0 0 0
1 0 1 1 0 1 2 1 0 1 2 3
2 0 2 1 2 0 2 0 2
Trang 23 0 3 2 1
In a field, each element must have an inverse, and the product of an element and its inverse is 1 This means that every non-zero row and column of the multiplication table for a field must contain a 1 Since row 2 of the mod 4 table does not contain a 1, the set of integers mod 4 is not a field
The order of a field is the number of elements in that field The integers mod
p form a finite field of order p Similarly, mod 2 polynomials will form a
field with respect to an irreducible polynomial, and will have order 2n, which
is a very useful size
Finite Field
A Galois field: A mathematical field of non-infinite order As opposed to an
infinite field, such as the integers, rationals, reals and complex numbers
In a finite field, every nonzero element x can be squared, cubed, and
so on, and at some power will eventually become 1 The smallest
(positive) power n at which x n = 1 is the order of element x This of course makes x an "nth root of unity," in that it satisfies the equation
x n = 1
A finite field of order q will have one or more primitive elements a whose order is q-1 and whose powers cover all nonzero field
elements
For every element x in a finite field of order q, x q = x
Flip-Flop
A class of digital logic component which has a single bit of state with
various control signals to effect a state change There are several common versions:
Latch the output follows the input, but only while the clock input is
"1"; lowering the clock prevents the output from changing
SR FF Set / Reset; typically created by cross-connecting two 2-input NAND gates, in which case the 2-inputs are complemented: a "0"
on the S input forces a stable "1" state, which is held until a "0" on the
R input forces a "0"
D or "delay" FF senses the input value at the time of a particular clock transition
JK FF the J input is an AND enable for a clocked or synchronous transition to "1"; the K input is an AND enable for a clocked transition
Trang 3to "0"; and often there are S and R inputs to force "1" or "0"
(respectively) asynchronously
Fourier Series
An infinite series in which the terms are constants (A, B) multiplied by sine
or cosine functions of integer multiples (n) of the variable (x) One way to write this would be:
f(x) = A0 + SUM (An cos nx + Bn sin nx)
Alternately, over the interval [a, a+2c]:
f(x) = a0 + SUM ( an cos(n PI x/c) + bn sin(n PI x/c) )
an = 1/c INTEGRAL[a,a+2c]( f(x) cos(n PI x/c) dx )
bn = 1/c INTEGRAL[a,a+2c]( f(x) sin(n PI x/c) dx )
Fourier Theorem
Under suitable conditions any periodic function can be represented by a Fourier series (Various other "orthogonal functions" are now known.)
The use of sine and cosine functions is particularly interesting, since each term represents a single frequency oscillation So to the extent that we can represent an amplitude waveform as a series of sine and cosine functions, we thus describe the frequency spectrum associated with that waveform This frequency spectrum describes the frequencies which must be handled by a circuit to reproduce the original waveform This illuminating computation is called a Fourier transform
Fourier Transform
The Fourier transform relates amplitude samples at periodic discrete times to amplitude samples at periodic discrete frequencies There are thus two
representations: the amplitude vs time waveform, and the amplitude vs complex frequency (magnitude and phase) spectrum Exactly the same
information is present in either representation, and the transform supports converting either one into the other This computation is efficiently
performed by the FFT
In a cryptographic context, one of the interesting parts of the Fourier
transform is that it represents a thorough mixing of each input value to every output value
Frequency
The number of repetitions or cycles per second Now measured in Hertz
(Hz); previously called cycles-per-second (cps)
Trang 4Function
A mapping; sometimes specifically confined to numbers
FWT
Fast Walsh Transform
Gain
The amplitude change due to amplification A negative gain is in fact a loss
Galois Field
Finite field First encountered by the 19-year-old student Evariste Galois, in
1830 France, a year or so before dying in a duel
Gate
A digital logic component which is a simple logic function, possibly with a complemented output Some common Boolean logic gates include:
AND
OR
Exclusive-OR
NAND AND with output complement
NOR OR with output complement
Exclusive-NOR Exclusive-OR with output complement
NOT the complement
GF 2 n
The Galois field or finite field of 2n polynomials of degree n-1 or less
Typically we have mod 2 polynomials with results reduced "modulo" an irreducible "generator" polynomial g of degree n This is analogous to
creating a field from the integers modulo some prime p
For example, consider GF(24) using the generator polynomial x4 + x + 1, or
10011, which is a degree-4 irreducible First we multiply two elements as usual:
1 0 1 1
* 1 1 0 0
-
0
0
1 0 1 1
Trang 51 0 1 1
-
1 1 1 0 1 0 0
Then we "reduce" the result modulo the generator polynomial:
1 1 0
-
1 0 0 1 1 ) 1 1 1 0 1 0 0
1 0 0 1 1
-
1 1 1 0 0
1 0 0 1 1
-
1 1 1 1 0
1 0 0 1 1
-
1 1 0 1
=========
So, if I did the arithmetic right, the result is the remainder, 1101 I refer to this as arithmetic "mod 2, mod p"
An irreducible is sufficient to form a finite field However, some special irreducibles are also primitive, and these create "maximal length" sequences
in LFSR's
Goodness of Fit
In statistics, a test used to compare two distributions For nominal or
"binned" measurements, a chi-square test is common For ordinal or ordered measurements, a Kolmogorov-Smirnov test is appropriate
Goodness-of-fit tests can at best tell us whether one distribution is or is not
the same as the other, and they say even that only with some probability It
is important to be very careful about experiment design, so that, almost always, "nothing unusual found" is the goal we seek When we can match distributions, we are obviously able to state exactly what the experimental
distribution should be and is But there are many ways in which distributions can differ, and simply finding a difference is not evidence of a specific
effect (See null hypothesis.)