This chapter presents the following content: Number theory, divisibility & GCD, modular arithmetic with integers, Euclid’s algorithm for GCD & inverse, Group, Ring, Field, finite fields GF(p), polynomial arithmetic in general and in GF(2n).
Trang 1(CSE348)
Trang 2Lecture # 12
Trang 3– Number Theory
– divisibility & GCD
– modular arithmetic with integers
– Euclid’s algorithm for GCD & Inverse
Trang 4• Groups, rings, and fields are the fundamental
elements of a branch of mathematics
• known as abstract algebra, or modern algebra
• In abstract algebra, we are concerned with sets
on whose elements we can operate algebraically
• That is, we can combine two elements of the set, perhaps in several ways, to obtain a third
element of the set
Trang 6• A group G, denoted by {G, • }, is a set of
elements with a binary operation
• Denoted by •, that associates to each ordered pair (a, b) of elements in G an element (a • b) in G
• Such that the following axioms are obeyed:
– Closure, Associative, Identity element, Inverse
element
Trang 7• we have used as operator: could be addition +, multiplication x or any other mathematical
operator
• A group can have a finite (fixed) number of
elements, or it may be infinite
• Integers (+ve, -ve and 0) using addition form an infinite abelian group
Trang 8• a set of elements or “numbers”
– may be finite or infinite
• with some operation whose result is also
in the set (closure)
• obeys:
– associative law: (a.b).c = a.(b.c)
– has identity e: e.a = a.e = a
– has inverses a-1: a.a-1 = e
• if commutative a.b = b.a
Trang 9Cyclic Group
• Define exponentiation as repeated
application of operator
– example: a-3 = a.a.a
• and let identity be: e=a0
• a group is cyclic if every element is a
power of some fixed element
– ie b = ak for some a and every b in group
• a is said to be a generator of the group
Trang 10• and multiplication without leaving the set
• and which obeys the associative and distributive laws
Trang 11• With respect to addition and multiplication
• The set of all n-square matrices over the real
numbers form a ring
• The set of integers with addition & multiplication form an integral domain
Trang 13• If multiplication operation is commutative, it
forms a commutative ring
• If multiplication operation has an identity and no
zero divisors, it forms an integral domain
Trang 14• Lastly define a field, We denote a Field as {F,+,.}
• In essence, a field is a set in which we can do addition, subtraction, multiplication
• and division without leaving the set
• Division is defined with the following rule:
a/b = a (b–1)
Trang 15• Examples of fields are:
– rational numbers, real numbers, complex numbers
• Integers are NOT a field since there are no
multiplicative inverses (except for 1)
Trang 16 a set of numbers
with two operations which form:
abelian group for addition
abelian group for multiplication (ignoring 0)
ring
have hierarchy with more axioms/laws
group -> ring -> field
Trang 17Group, Ring, Field
• As a memory aid
• Can use the acronym for groups: CAIN
(Closure Associative Identity iNverse)
• Mostly we need to compute with Rings, if not
Fields
• When we do arithmetic modulo a prime, we
have a field
Trang 18Group, Ring, Field
• These are terms we use for different sorts of
"number systems“
• ones obeying different sets of laws
• From group to ring to field we get more and
more laws being obeyed
• as shown here in Stallings Figure 4.2
Trang 19Group, Ring, Field
Trang 20Finite (Galois) Fields
• Infinite fields are not of particular interest in the context of cryptography
• However, finite fields play a crucial role in many cryptographic algorithms
• It can be shown that the order of a finite field
(number of elements in the field) must be a
positive power of a prime
Trang 21Finite (Galois) Fields
• These are known as Galois fields
• In honor of the mathematician who first studied finite fields, & are denoted GF(p^n)
• We are most interested in the cases where
either n=1 - GF(p), or p=2 - GF(2^n)
Trang 22Finite (Galois) Fields
• Finite fields play a key role in cryptography
• can show number of elements in a finite field
must be a power of a prime pn
• known as Galois fields denoted GF(pn)
• In particular often use the fields:
– GF(p)
– GF(2n)
Trang 23Galois Fields GF(p)
• GF(p) is the set of integers {0,1, … , p-1} with
arithmetic operations modulo prime p
• These form a finite field
– since have multiplicative inverses
– find inverse with Extended Euclidean algorithm
• Hence arithmetic is “well-behaved” and can do
addition, subtraction, multiplication, and division without leaving the field GF(p)
Trang 25• As can be seen, it satisfies all of the
properties required of a field (Figure 4.2)
Trang 26GF(7) Multiplication Example
• Compare this table with Table 4.2
• In the latter case, we see that using modular
arithmetic modulo 8, is not a field
Trang 27Polynomial Arithmetic
• can compute using polynomials
f(x) = anxn + an-1xn-1 + … + a1x + a0 = ∑ aixi
• nb not interested in any specific value of x
• which is known as the indeterminate
• several alternatives available
– ordinary polynomial arithmetic
– poly arithmetic with coords mod p
– poly arithmetic with coords mod p and
Trang 28Ordinary Polynomial Arithmetic
• Includes:
• add or subtract corresponding coefficients
• multiply all terms by each other
Trang 29Polynomial Arithmetic with Modulo
Coefficients
• Consider variant where now when computing
value of each coefficient
• Do the calculation modulo some value, usually a prime
• If the coefficients are computed in a field (eg
GF(p)), then division on the polynomials is
possible
Trang 30Polynomial Arithmetic with Modulo
Coefficients
• Are most interested in using GF(2)
• i.e all coefficients are 0 or 1
• and any addition/subtraction of coefficients is
done mod 2 (ie 2x is the same as 0x!)
• which is just the common XOR function
Trang 31Polynomial Arithmetic with Modulo
Coefficients
when computing value of each coefficient do
calculation modulo some value
forms a polynomial ring
could be modulo any prime
but we are most interested in mod 2
ie all coefficients are 0 or 1
eg let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1
f(x) x g(x) = x5 + x2
Trang 33Polynomial Division
• and show that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials
• whose coefficients are elements of a field
Trang 34Polynomial Division
• Define an irreducible (or prime) polynomial as
one with no divisors other than itself & 1
• If compute polynomial arithmetic modulo an
irreducible polynomial
• This forms a finite field, and the GCD & Inverse algorithms can be adapted for it
Trang 35• if have no remainder say g(x) divides f(x)
• if g(x) has no divisors other than itself & 1 say it
is irreducible (or prime) polynomial
• arithmetic modulo an irreducible polynomial
forms a field
Trang 36• Arithmetic operations are performed on
polynomials using the ordinary rules of algebra
Trang 37Polynomial GCD
• Polynomial division is not allowed unless the
coefficients are elements of a field
• Next, we discussed polynomial arithmetic in
which the coefficients are elements of GF(p)
• In this case, polynomial addition, subtraction,
multiplication, and division are allowed
• However, division is not exact; that is, in general
Trang 38Polynomial GCD
• Finally, we showed that the Euclidean algorithm can be extended
• To find the greatest common divisor of two
polynomials whose coefficients are elements of
Trang 39Polynomial GCD
• can find greatest common divisor for polys
– c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest
degree which divides both a(x), b(x)
• can adapt Euclid’s Algorithm to find it:
Euclid(a(x), b(x))
if (b(x)=0) then return a(x);
else return
Euclid(b(x), a(x) mod b(x));
• all foundation for polynomial fields as see next
Trang 40Modular Polynomial Arithmetic
• Consider now the case of polynomial arithmetic with coordinates mod 2 and polynomials mod an irreducible polynomial m(x)
• That is Modular Polynomial Arithmetic uses the set S of all polynomials of degree n-1 or less over the field Zp
• With the appropriate definition of arithmetic
operations, each such set S is a finite field
Trang 41Modular Polynomial Arithmetic
• The definition consists of the following elements:
1 Arithmetic follows the ordinary rules of polynomial
arithmetic using the basic rules of algebra, with the
following two refinements.
2 Arithmetic on the coefficients is performed modulo p.
3 If multiplication results in a polynomial of degree
greater than n-1, then the polynomial is reduced
modulo some irreducible polynomial m(x) of degree n That is, we divide by m(x) and keep the remainder.
Trang 42Modular Polynomial Arithmetic
• This forms a finite field
• And just as the Euclidean algorithm can be
adapted to find the greatest common divisor of two polynomials
• The extended Euclidean algorithm can be
adapted to find the multiplicative inverse of a
polynomial
Trang 43Modular Polynomial Arithmetic
• can compute in field GF(2n)
– polynomials with coefficients modulo 2
– whose degree is less than n
– hence must reduce modulo an irreducible poly
of degree n (for multiplication only)
• form a finite field
• can always find an inverse
– can extend Euclid’s Inverse algorithm to find
Trang 44Using a Generator
• Equivalent definition of a finite field
• A generator g is an element whose powers
generate all non-zero elements
Trang 45• using all possible bit values
• and the calculations only use simple common
machine instructions
Trang 46Computational Considerations
• The shortcut for polynomial reduction comes
from the observation
• That if in GF(2n) then irreducible poly g(x) has
highest term xn
• and if compute xn mod g(x) answer is g(x)- xn
Trang 47Computational Considerations
• since coefficients are 0 or 1, can represent any such polynomial as a bit string
• addition becomes XOR of these bit strings
• multiplication is shift & XOR
– cf long-hand multiplication
• modulo reduction done by repeatedly
substituting highest power with remainder of
Trang 48Computational Example
• Show here a few simple examples of addition,
• multiplication & modulo reduction in GF(23)
• The long form modulo reduction finds
p(x)=q(x).m(x)+r(x) with r(x) being the desired remainder
Trang 50Computational Example
• Polynomial modulo reduction (get q(x) & r(x)) is
– (x 3 +x 2 +x+1 ) mod (x 3 +x+1) = 1.(x 3 +x+1) + (x 2 ) = x 2
– 1111 mod 1011 = 1111 XOR 1011 = 01002