Algebraic Structures and Polynomials Rings and Fields that - PowerPoint PPT Presentation

Algebraic Structures and Polynomials Rings and Fields that satisfies the following axioms: non-commutative! If it is commutative, we refer to the group as abelian . Formally, Abelian groups must satisfy requires another axiom: CS70 Summer 2016 - Lecture 7C the normal sense. Elements of G may not even be numbers! 4 Examples: With addition and multiplication defined in the usual 3 5 Galois Fields How do we apply fields to modular arithmetic? addition and multiplication that this is a commutative ring. Is it a field? How do we guarantee that there’s a multiplicative 1 Also known as Galois or finite fields for prime p , although those are more general objects that have different meanings for non-prime p as well. Groups 6 behave. arithmetic and congruences as in a manner similar to talking about Review: Chinese Remainder Theorem and Blum Coin Flipping Today Define algebraic structures through axioms that define how they Polynomials Applications: Secret Sharing and Erasure Codes 2 Algebraic Structures: Groups, Rings, and Fields Motivation We’ve been talking about manipulating numbers in modular 1 ordinary numbers. UC Berkeley arithmetic into their own “number system”? Can we express turn numbers and congruences in modular Galois Fields David Dinh 03 August 2016 A group ( G , +) is a pair consisting of a set G and a binary operation · Start with an Abelian group ( R , +) . Turn it into a ring by adding another binary operation, “ · ” (that it is closed on). In addition to the Let Z n denote the set { 0 , 1 , 2 ,..., n − 1 } and consider ( Z n , + , · ) where Abelian group axioms for ( R , +) , a ring must satisfy the following: • Closure : If a + b ∈ G , then a + b ∈ G . + and · are defined as standard addition and multiplication • Associativity: For all a , b , c ∈ G : a +( b + c ) = ( a + b )+ c . • Associativity: For all a , b , c ∈ R , ( a · b ) · c = a · ( b · c ) . ( mod n ) . It follows immediately from the standard properties of • Existence of Identity: There exists some element e ∈ G such that • Multiplicative identity: There exists an element 1 ∈ R such that for all a ∈ G , e + a = a . for all a ∈ R , 1 · a = a · 1 = a . • Existence of inverse: For all a ∈ G , exists b ∈ G such that • Left and right distributivity: For all a , b , c ∈ R , inverse for each k ∈ Z n ? a + b = b + a = e . a · ( b + c ) = a · b + a · c and ( b + c ) · a = b · a + c · a . To be a multiplicative inverse: gcd ( k , n ) = 1. How do we make sure Notice that there no commutativity requirement. “ · ” may be that this holds for all k ∈ Z n ? Make n prime. A ring is commutative if for all a , b ∈ r , a · b = b · a . Definition: For prime p , the field ( Z p , + , · ) , with + and · defined as Add multiplicative inverses to get a field : for all a ̸ = 0 ∈ R , exists a − 1 ∈ R such that a · a − 1 = 1. modular arithmetic ( mod p ) , is known as the prime field 1 of order p , denoted GF ( p ) . • Commutativity: For all a , b ∈ G : a + b = b + a . sense R , Q , and C are fields. Z is a commutative ring but not a field. Also, note that + doesn’t necessarily have to represent addition in

Polynomials . a 2 a 1 a 0 Polynomials x d x 2 1 . . . ... . . . . . . . . . 3 x d 3 x 2 x 3 1 2 . . 2 Let’s try another way to get the polynomial: set the value at each interpolation works. Polynomial must be over a field in order to guarantee that When does interpolation work? Notice that we need division also. polynomial of degree d that passes through all our points. polynomial? Just number of terms in each product, d . So we have a Therefore, Generally, define: Lagrange Interpolation (2/2) 10 together. interpolation: make these polynomials for all i and add them by y 1 ? x -coordinate, one at a time. that’s beyond the scope of this course.) a d independence that the Vandermonde matrix is nonsingular, but can prove directly through determinants or through linear solution? Unfortunately, we don’t. (If you know linear algebra you How do we know the system of equations on the previous slide has a Lagrange Interpolation (1/2) 9 (This matrix is called the Vandermonde matrix .) . . . y 3 y 2 y 1 x d 11 x 2 . contains. Obviously if we specify every single point that it does (in a Another way to think about it: specify polynomials by points that it 8 Specifying Polynomials with Points how do you get the coefficients back from the points? One way to do it: try plugging in the points and solving for the . Or in matrix form: How do we describe polynomials? Specifying a Polynomial 7 y 1 1 . finite ring there are only finitely many points, so we can list them all) that fully specifies the polynomial. Can we do it in fewer points? How many points to I need to specify a constant function? Just 1. x 1 x d What about a polynomial of degree 1? It’s a line. How many points 1 Now that we have a framework for modular math (mod some prime): x 2 x 2 1 1 let’s extend this to polynomials. We’ll be working with polynomials in prime fields. A polynomial of degree d over some commutative ring R is an expression of the form do I need to specify a line? 2. Beginning to see a pattern here? How many points do I need to 1 One way: just give me the coefficients. a 0 , a 1 ,..., a d . d + 1 numbers. What’s a polynomial of degree 0? Just a constant function. p ( x ) = a 0 . p ( x ) = a 0 + a 1 x + a 2 x 2 + ··· + a d x d ( anything , a 0 ) . where the coefficients a i are elements of R . A polynomial is said to contain a point ( x , y ) if p ( x ) = y . specify a polynomial of degree 2? 3. Degree d ? d + 1. If I have some degree- d polynomial, and I give you d + 1 points for it, ∆ i ( x ) := � j ̸ = i ( x − x j ) � j ̸ = i ( x i − x j ) coefficients. Say I give you ( x 1 , y 1 ) , ( x 2 , y , ) ,..., ( x d + 1 , y d + 1 ) . From construction we know that ∆ i ( x i ) = 1 and ∆ i ( x j ) = 0 for j ̸ = i . = a 0 + a 1 x 1 + a 2 x 2 1 + ··· + a d x d d + 1 � p ( x ) = y i ∆ i ( x ) = a 0 + a 1 x d + 1 + a 2 x 2 d + 1 + ··· + a d x d i = 1 Notice that ( x − x 2 )( x − x 3 ) ... ( x − x d + 1 ) is zero at x 2 , x 3 ,..., x d + 1 (but y d + 1 d + 1 must contain ( x 1 , y 1 ) , ( x 2 , y 2 ) ,..., ( x d + 1 , y d + 1 ) . Degree of this not at x 1 ). What if we divide by its value at x = x 1 and then multiply       ...       ...       ( x − x 2 )( x − x 3 ) ... ( x − x d + 1 )       = ∆ 1 ( x ) := y 1  ...      ( x 1 − x 2 )( x 1 − x 3 ) ... ( x 1 − x d + 1 )                   Value at x 1 ? y 1 . Value at x 2 ,..., x d + 1 ? 0. General idea behind x d + 1 y d + 1 d + 1 ... d + 1