Lecture Data security and encryption - Chapter 11: Basic concepts in number theory and finite fields

This chapter presents the following content: Number theory, divisibility & GCD, modular arithmetic with integers, Euclid’s algorithm for GCD & inverse, the AES selection process, the details of Rijndael – the AES cipher, looked at the steps in each round out of four AES stages.

(CSE348)

Lecture # 11

– The AES selection process

– The details of Rijndael – the AES cipher

– Looked at the steps in each round

– Out of four AES stages, last two are

Chapter 4 Basic Concepts in Number Theory

and Finite Fields

The next morning at daybreak, Star flew indoors, seemingly keen for

a lesson I said, "Tap eight." She did a brilliant exhibition, first

tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2,

2, 2, before coming for her nut It is astonishing that Star learned to count up to 8 with no difficulty, and of her own accord discovered that each number could be given with various different divisions, this leaving no doubt that she was consciously thinking each number In fact, she did mental arithmetic, although unable, like humans, to

name the numbers But she learned to recognize their spoken

names almost immediately and was able to remember the sounds of the names Star is unique as a wild bird, who of her own free will

pursued the science of numbers with keen interest and astonishing intelligence.

— Living with Birds, Len Howard

• Finite fields have become increasingly important

in cryptography

• A number of cryptographic algorithms rely

heavily on properties of finite fields

• Notably the Advanced Encryption Standard

(AES) and elliptic curve cryptography

• will now introduce finite fields

• of increasing importance in cryptography

– AES, Elliptic Curve, IDEA, Public Key

• concern operations on “numbers”

– where what constitutes a “number” and the

type of operations varies considerably

• start with basic number theory concepts

• say a non-zero number b divides a if for

some m have a=mb (a,b,m all integers)

• that is b divides into a with no remainder

• denote this b|a

• and say that b is a divisor of a

• eg all of 1,2,3,4,6,8,12,24 divide9 24

• eg 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0

Division Algorithm

• Represent the integers on the number line

• a will fall somewhere on that line

– positive a is shown, a similar demonstration can be made for negative a

Division Algorithm

• Starting at 0, proceed to n, 2n, up to qn such

that qn <= a and (q + 1)n > a

• The distance from qn to a is r, and we have

found the unique values of q and r

Greatest Common Divisor (GCD)

• One of the basic techniques of number theory is the Euclidean algorithm

• which is a simple procedure for determining the greatest common divisor of two positive integers

• Use the notation gcd(a,b) to mean the greatest common divisor of a and b

Greatest Common Divisor (GCD)

• Positive integer c is said to be the greatest

common divisor of a and b if c is a divisor of a

and of b

• and any divisor of a and b is a divisor of c

• We also define gcd(0, 0) = 0

• State that two integers a and b are relatively

prime if their only common positive integer factor

is 1, i.e GCD(a,b)=1

Greatest Common Divisor (GCD)

 a common problem in number theory

 GCD (a,b) of a and b is the largest integer that divides evenly into both a and b

eg GCD(60,24) = 12

 define gcd(0, 0) = 0

 often want no common factors (except 1)

define such numbers as relatively prime

eg GCD(8,15) = 1

hence 8 & 15 are relatively prime

Example GCD(1970,1066)

• Illustrate how we can compute successive

instances of GCD(a,b) = GCD(b,a mod b)

• This MUST always terminate since will

eventually get a mod b = 0 (ie no remainder

left)

• Answer is then the last non-zero value In this case GCD(1970, 1066)=2

GCD(1160718174, 316258250)

Dividend Divisor Quotient Remainder

a = 1160718174 b = 316258250 q1 = 3 r1 = 211943424

b = 316258250 r1 = 211943424 q2 = 1 r2 = 104314826 r1 = 211943424 r2 = 104314826 q3 = 2 r3 = 3313772 r2 = 104314826 r3 = 3313772 q4 = 31 r4 = 1587894 r3 = 3313772 r4 = 1587894 q5 = 2 r5 = 137984 r4 = 1587894 r5 = 137984 q6 = 11 r6 = 70070

r5 = 137984 r6 = 70070 q7 = 1 r7 = 67914

r6 = 70070 r7 = 67914 q8 = 1 r8 = 2516

r7 = 67914 r8 = 2516 q9 = 31 r9 = 1078

r8 = 2516 r9 = 1078 q10 = 2 r10 = 0

GCD(1160718174, 316258250)

• This example shows how to find d = gcd(a, b) =

gcd(1160718174, 316258250), shown in tabular

form

• In this example, we begin by dividing 1160718174

by 316258250, which gives 3 with a remainder of 211943424

• Next we take 316258250 and divide it by

211943424

• The process continues until we get a remainder of 22

Modular Arithmetic

• define modulo operator “a mod n” to be

remainder when a is divided by n

– where integer n is called the modulus

• b is called a residue of a mod n

– since with integers can always write: a = qn + b

– usually chose smallest positive remainder as residue

• ie 0 <= b <= n-1

– process is known as modulo reduction

• eg -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7

• a & b are congruent if: a mod n = b mod n

– when divided by n, a & b have same remainder

– eg 100 = 34 mod 11

Modular Arithmetic Operations

• That the (mod n) operator maps all integers into the set of integers {0, 1, (n – 1)}, denoted Zn

• This is referred to as the set of residues, or

residue classes (mod n)

• We can perform arithmetic operations within the confines of this set, and this technique is known

as modular arithmetic

Modular Arithmetic Operations

• Finding the smallest non-negative integer to

which k is congruent modulo n is called

Modular Arithmetic Operations

• can perform arithmetic with residues

• uses a finite number of values, and loops back from either end

Zn = {0, 1, , (n – 1)}

• modular arithmetic is when do addition & multiplication and modulo reduce answer

• can do reduction at any point, ie

– a+b mod n = [a mod n + b mod n] mod n

Modular Arithmetic Operations

1.[(a mod n) + (b mod n)] mod n

[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = (11 + 15) mod 8 = 26 mod 8 = 2

[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = (11 – 15) mod 8 = –4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = (11 x 15) mod 8 = 165 mod 8 = 5

Modulo 8 Addition Example

Modulo 8 Addition Example

• Example showing addition in GF(8), from

Stallings Table 4.2a

• Table 4.2 provides an illustration of modular

addition and multiplication modulo 8

• Looking at addition, the results are

straightforward and there is a regular pattern

to the matrix

• Both matrices are symmetric about the main

diagonal, in conformance to the commutative property of addition and multiplication

Modulo 8 Addition Example

• As in ordinary addition, there is an additive

inverse, or negative, to each integer in

modular arithmetic

• In this case, the negative of an integer x is

the integer y such that (x + y) mod 8 = 0

• To find the additive inverse of an integer in

the left-hand column

Modulo 8 Addition Example

• scan across the corresponding row of the

matrix to find the value 0

• the integer at the top of that column is the

additive inverse; thus (2 + 6) mod 8 = 0

Modulo 8 Multiplication

• Continuing the example showing multiplication

in GF(8), from Stallings Table 4.2b

• Both matrices are symmetric about the main

diagonal, in conformance to the commutative property of addition and multiplication

• Similarly, the entries in the multiplication table

are straightforward

• In ordinary arithmetic, there is a multiplicative

inverse, or reciprocal, to each integer

Modulo 8 Multiplication

• In modular arithmetic mod 8, the multiplicative

inverse of x is the integer y such that (x x y)

mod 8 = 1 mod 8

• Now, to find the multiplicative inverse of an

integer from the multiplication table

• scan across the matrix in the row for that

integer to find the value 1

Modulo 8 Multiplication

• The integer at the top of that column is the

multiplicative inverse; thus (3 x 3) mod 8 = 1

• That not all integers mod 8 have a

multiplicative inverse; more about that later

Modular Arithmetic Properties

Modular Arithmetic Properties

• If we perform modular arithmetic within Zn, the properties shown in Table 4.3 hold for

integers in Zn

• We show in the next section that this implies that Zn is a commutative ring with a

multiplicative identity element

• That unlike ordinary arithmetic, the following

statement is true only with the attached

condition:

Modular Arithmetic Properties

• if (a x b) = (a x c) (mod n) then b = c (mod n)

if a is relatively prime to n

• In general, an integer has a multiplicative

inverse in Zn if that integer is relatively prime

to n

• Table 4.2 c in the text shows that the integers

1, 3, 5, and 7 have a multiplicative inverse in

Z 8

• The Euclidean algorithm is an efficient way to

find the GCD(a,b)

• and is derived from the observation that if a & b have a common factor d (ie a=m.d & b=n.d)

• Some pseudo-code from the text for this

algorithm is shown

Euclidean Algorithm

• an efficient way to find the GCD(a,b)

• uses theorem that:

Extended Euclidean Algorithm

• An extension to the Euclidean algorithm

• That will be important for later computations in the area of finite fields and in encryption

algorithms such as RSA

• For given integers a and b, the extended

Euclidean algorithm not only calculate the

greatest common divisor d

• but also two additional integers x and y that

satisfy the following equation: ax + by = d =

Extended Euclidean Algorithm

• It should be clear that x and y will have opposite signs

• Can extend the Euclidean algorithm to

determine x, y, d, given a and b

• We again go through the sequence of divisions indicated in Equation Set (4.3)

• and we assume that at each step i, we can find integers x and y that satisfy r = ax + by

Extended Euclidean Algorithm

• In each row, we calculate a new remainder r ,

based on the remainders of the previous two

Extended Euclidean Algorithm

• calculates not only GCD but x & y:

ax + by = d = gcd(a, b)

• useful for later crypto computations

• follow sequence of divisions for GCD but

assume at each step i, can find x &y:

r = ax + by

• at end find GCD value and also x & y

• if GCD(a,b)=1 these values are inverses

Finding Inverses

• An important problem is to find multiplicative

inverses in such finite fields

• Can show that such inverses always exist, & can extend the Euclidean algorithm to find them as shown

• See text for discussion as to why this works

Inverse of 550 in GF(1759)

• Example showing how to find the inverse of

550 in GF(1759), adapted from Stallings

Table 4.4

• In this example, let us use a = 1759 and b =

550 and solve for 1759x + 550y = gcd(1759, 550)

• The results are shown in Table 4.4

• Thus, we have 1759 x (–111) + 550 x 355 =

Inverse of 550 in GF(1759)

– Number Theory

– divisibility & GCD

– modular arithmetic with integers

– Euclid’s algorithm for GCD & Inverse