[PPT] - Cryptography and Cryptography and Number Theory and Finite Number PowerPoint Presentation

SLIDE 1

Cryptography and Cryptography and Network Security Network Security Chapter 4 Chapter 4

Fifth Edition Fifth Edition by William Stallings by William Stallings Lecture slides by Lecture slides by Lawrie Lawrie Brown Brown (with edits by RHB) (with edits by RHB)

Chapter 4 Chapter 4 – – Basic Concepts in Basic Concepts in Number Theory and Finite Number Theory and Finite Fields Fields

The next morning at daybreak, Star flew indoors, seemingly keen The next morning at daybreak, Star flew indoors, seemingly keen for for a lesson. I said, "Tap eight." She did a brilliant exhibition, f a lesson. I said, "Tap eight." She did a brilliant exhibition, first irst tapping it in 4, 4, then giving me a hasty glance and doing it i tapping it in 4, 4, then giving me a hasty glance and doing it in 2, 2, n 2, 2, 2, 2, before coming for her nut. It is astonishing that Star le 2, 2, before coming for her nut. It is astonishing that Star learned to arned to count up to 8 with no difficulty, and of her own accord discover count up to 8 with no difficulty, and of her own accord discovered ed that each number could be given with various different divisions that each number could be given with various different divisions, this , this leaving no doubt that she was consciously thinking each number. leaving no doubt that she was consciously thinking each number. In In fact, she did mental arithmetic, although unable, like humans, t fact, she did mental arithmetic, although unable, like humans, to

name the numbers. But she learned to recognize their spoken

name the numbers. But she learned to recognize their spoken names almost immediately and was able to remember the sounds of names almost immediately and was able to remember the sounds of the names. Star is unique as a wild bird, who of her own free wi the names. Star is unique as a wild bird, who of her own free will ll pursued the science of numbers with keen interest and astonishin pursued the science of numbers with keen interest and astonishing g intelligence. intelligence. — — Living with Birds Living with Birds, Len Howard , Len Howard

Outline Outline

will consider:

will consider:

– – divisibility & GCD divisibility & GCD – – modular arithmetic with integers modular arithmetic with integers – – concept of groups, rings, fields concept of groups, rings, fields – – Euclid Euclid’ ’s algorithm for GCD & Inverse s algorithm for GCD & Inverse – – finite fields finite fields GF(p GF(p) ) – – polynomial arithmetic in general and in GF(2 polynomial arithmetic in general and in GF(2n

n)

)

Introduction Introduction

will build up to introduction of finite fields

will build up to introduction of finite fields

of increasing importance in cryptography
f increasing importance in cryptography

– – AES, Elliptic Curve, IDEA, Public Key AES, Elliptic Curve, IDEA, Public Key

concern operations on

concern operations on “ “numbers numbers” ”

– – where what constitutes a where what constitutes a “ “number number” ” and the and the type of operations varies considerably type of operations varies considerably

start with basic number theory concepts

start with basic number theory concepts

可分性和GCD
带整数的模运算
团体，戒指，领域的概念
Euclid的GCD和逆算法
有限域GF（p）
⼀丁般多项式算法和GF（2n）
将建⽴竌有限领域的引⼊兦
密码学的重要性⽇旦益增加
AES，椭圆曲线，IDEA，公钥
关注“数字”操作
什茶么构成“数字”，操作类型差异很⼤夨
从基本数论概念开始

SLIDE 2

Divisors Divisors

say a non

say a non-

zero number

zero number b b divides divides a a if for if for some some m m have have a a = = m.b m.b ( (a,b,m a,b,m all integers) all integers)

that is

that is b b divides into divides into a a with no remainder with no remainder

write this

write this b|a b|a

and say that

and say that b b is a is a divisor divisor of

f a

a

eg. all of
eg. all of 1,2,3,4,6,8,12,24

1,2,3,4,6,8,12,24 divide divide 24 24

eg.
eg. 13|182

13|182 ; ; – –5|30 5|30 ; ; 17|289 17|289 ; ; – –3|33 3|33 ; ; 17|0 17|0

Properties of Divisibility Properties of Divisibility

If

If a|1 a|1, then , then a a = = ± ±1 1. .

If

If a|b a|b and and b|a b|a, then , then a a = = ± ±b b. .

Any

Any b b 0 divides divides 0 0. .

If

If a|b a|b and and b|c b|c, then , then a|c a|c

– – e.g. e.g. 11|66 11|66 and and 66|198 66|198 implies implies 11|198 11|198

If

If b|g b|g and and b|h b|h, then , then b|(mg b|(mg + + nh nh) )

(for arbitrary integers (for arbitrary integers m m and and n n) ) e.g. e.g. b b = = 7 7 ; ; g g = = 14 14 ; ; h h = = 63 63 ; ; m m = = 3 3 ; ; n n = = 2 2 7|14 7|14 and and 7|63 7|63, hence , hence 7|(3.14 7|(3.14 + + 2.63) 2.63)

Division Algorithm Division Algorithm

if divide

if divide a a by by n n get integer quotient get integer quotient q q and and integer remainder integer remainder r r such that: such that:

– – a a = = qn qn + + r r where where 0 0 <= <= r r < < n n; ; q q = = floor floor(a/n (a/n) )

remainder

remainder r r often referred to as a

ften referred to as a residue

residue

Modular Arithmetic Modular Arithmetic

define

define modulo operator modulo operator a a mod mod n n to yield to yield remainder remainder b b when when a a is divided by is divided by n n

– – where integer where integer n n is called the is called the modulus modulus

b

b is called a is called a residue residue of

f a

a mod mod n n with integers can always write: with integers can always write: a a = = qn qn + + b b

– – usually choose smallest positive remainder as residue usually choose smallest positive remainder as residue

ie

ie. . 0 0 <= <= b b <= <= n n-

1

1

– – known as known as modulo reduction modulo reduction

eg.
eg. -
12

12 mod mod 7 7 = = -

5

5 mod mod 7 7 = = 2 2 mod mod 7 7 = = 9 9 mod mod 7 7

a

a and and b b are are congruent congruent if if a a mod mod n = b n = b mod mod n n

– – a a and and b b have same remainder when divided by have same remainder when divided by n n – – eg.

eg. 100

100 = = 34 34 mod mod 11 11

全等

SLIDE 3

Modular Arithmetic Operations Modular Arithmetic Operations

can perform arithmetic with residues

can perform arithmetic with residues

use a finite number of values, and loop

use a finite number of values, and loop back from either end back from either end

Z Zn

n =

= {0,1,...,(n {0,1,...,(n – – 1)} 1)}

modular arithmetic is doing addition and

modular arithmetic is doing addition and multiplication and modulo reduce answer multiplication and modulo reduce answer

can do reduction at any point, i.e.

can do reduction at any point, i.e.

a a + + b b mod mod n = [a n = [a mod mod n + b n + b mod mod n] mod n n] mod n

Modular Arithmetic Operations Modular Arithmetic Operations

1. 1.[(a mod n) + (b mod n)] mod n [(a mod n) + (b mod n)] mod n = (a + b) mod n = (a + b) mod n 2. 2.[(a mod n) [(a mod n) – – (b mod n)] mod n (b mod n)] mod n = (a = (a – – b) mod n b) mod n 3. 3.[(a mod n) x (b mod n)] mod n [(a mod n) x (b mod n)] mod n = (a x b) mod n = (a x b) mod n

e.g. e.g. [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) m [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2

d 8 = 26 mod 8 = 2

[(11 mod 8) [(11 mod 8) – – (15 mod 8)] mod 8 = (15 mod 8)] mod 8 = – –4 mod 8 = 4 (11 4 mod 8 = 4 (11 – – 15) mod 8 = 15) mod 8 = – –4 mod 8 = 4 4 mod 8 = 4 [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) m [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5

d 8 = 165 mod 8 = 5

Modulo 8 Addition Modulo 8 Addition

+ 0 1 2 3 4 5 6 7 0 0 1 2 3 4 5 6 7 1 1 2 3 4 5 6 7 0 2 2 3 4 5 6 7 0 1 3 3 4 5 6 7 0 1 2 4 4 5 6 7 0 1 2 3 5 5 6 7 0 1 2 3 4 6 6 7 0 1 2 3 4 5 7 7 0 1 2 3 4 5 6

Modulo 8 Multiplication Modulo 8 Multiplication

+ 0 1 2 3 4 5 6 7 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 2 0 2 4 6 0 2 4 6 3 0 3 6 1 4 7 2 5 4 0 4 0 4 0 4 0 4 5 0 5 2 7 4 1 6 3 6 0 6 4 2 0 6 4 2 7 0 7 6 5 4 3 2 1

（a + b ）mod n = [a mod n + b mod n] mod n

SLIDE 4

Modulo 8 Inverses Modulo 8 Inverses Modular Arithmetic Properties Modular Arithmetic Properties

Greatest Common Divisor (GCD) Greatest Common Divisor (GCD)

a common problem in number theory

a common problem in number theory

GCD(a,b

GCD(a,b) ) of

f a

a and and b b is the largest integer is the largest integer that divides exactly into both that divides exactly into both a a and and b b

– – eg eg. . GCD(60,24) GCD(60,24) = = 12 12

define

define GCD(0,0) GCD(0,0) = = 0

often want
ften want no common factors

no common factors (except 1) (except 1) such numbers such numbers relatively prime / relatively prime / coprime coprime

– – eg eg. . GCD(8,15) GCD(8,15) = = 1 1 – – hence 8 are 15 are relatively prime or hence 8 are 15 are relatively prime or coprime coprime

Euclidean Algorithm Euclidean Algorithm

an efficient way to find the

an efficient way to find the GCD(a,b GCD(a,b) )

uses theorem that:

uses theorem that:

– – GCD(a,b GCD(a,b) = ) = GCD(b GCD(b, , a a mod mod b) b)

Euclidean Algorithm to compute

Euclidean Algorithm to compute GCD(a,b GCD(a,b) ) is: is:

Euclid(a,b Euclid(a,b) ) if (b if (b = = 0) then return a; 0) then return a; else return else return Euclid(b Euclid(b, , a a mod mod b); b);

模块化算术属性最⼤夨公约数（GCD）

SLIDE 5

Example GCD(1970,1066) Example GCD(1970,1066)

1970 = 1 x 1066 + 904 1970 = 1 x 1066 + 904 gcd(1066, 904) gcd(1066, 904) 1066 = 1 x 904 + 162 1066 = 1 x 904 + 162 gcd(904, 162) gcd(904, 162) 904 = 5 x 162 + 94 904 = 5 x 162 + 94 gcd(162, 94) gcd(162, 94) 162 = 1 x 94 + 68 162 = 1 x 94 + 68 gcd(94, 68) gcd(94, 68) 94 = 1 x 68 + 26 94 = 1 x 68 + 26 gcd(68, 26) gcd(68, 26) 68 = 2 x 26 + 16 68 = 2 x 26 + 16 gcd(26, 16) gcd(26, 16) 26 = 1 x 16 + 10 26 = 1 x 16 + 10 gcd(16, 10) gcd(16, 10) 16 = 1 x 10 + 6 16 = 1 x 10 + 6 gcd(10, 6) gcd(10, 6) 10 = 1 x 6 + 4 10 = 1 x 6 + 4 gcd(6, 4) gcd(6, 4) 6 = 1 x 4 + 2 6 = 1 x 4 + 2 gcd(4, 2) gcd(4, 2) 4 = 2 x 2 + 0 4 = 2 x 2 + 0 gcd(2, 0) gcd(2, 0)

GCD(1160718174, 316258250) GCD(1160718174, 316258250)

Dividend Dividend Divisor Divisor Quotient Quotient Remainder Remainder a = 1160718174 a = 1160718174 b = 316258250 b = 316258250 q1 = 3 q1 = 3 r1 = 211943424 r1 = 211943424 b = 316258250 b = 316258250 r1 = 211943424 r1 = 211943424 q2 = 1 q2 = 1 r2 = 104314826 r2 = 104314826 r1 = 211943424 r1 = 211943424 r2 = 104314826 r2 = 104314826 q3 = 2 q3 = 2 r3 = 3313772 r3 = 3313772 r2 = 104314826 r2 = 104314826 r3 = 3313772 r3 = 3313772 q4 = 31 q4 = 31 r4 = 1587894 r4 = 1587894 r3 = 3313772 r3 = 3313772 r4 = 1587894 r4 = 1587894 q5 = 2 q5 = 2 r5 = 137984 r5 = 137984 r4 = 1587894 r4 = 1587894 r5 = 137984 r5 = 137984 q6 = 11 q6 = 11 r6 = 70070 r6 = 70070 r5 = 137984 r5 = 137984 r6 = 70070 r6 = 70070 q7 = 1 q7 = 1 r7 = 67914 r7 = 67914 r6 = 70070 r6 = 70070 r7 = 67914 r7 = 67914 q8 = 1 q8 = 1 r8 = 2516 r8 = 2516 r7 = 67914 r7 = 67914 r8 = 2516 r8 = 2516 q9 = 31 q9 = 31 r9 = 1078 r9 = 1078 r8 = 2516 r8 = 2516 r9 = 1078 r9 = 1078 q10 = 2 q10 = 2 r10 = 0 r10 = 0

Extended Euclidean Algorithm Extended Euclidean Algorithm

get not only

get not only GCD GCD but but x x and and y y such that such that ax ax + + by by = = d d = = GCD(a,b GCD(a,b) )

useful for later crypto computations

useful for later crypto computations

follow sequence of divisions for

follow sequence of divisions for GCD GCD but but at each step at each step i i, keep track of , keep track of x x and and y y: :

r r = = ax ax + + by by

at end find

at end find GCD GCD value and also value and also x x and and y y

if

if GCD(a,b GCD(a,b) ) = = 1 1 = = ax ax + + by by then then x x is inverse of is inverse of a a mod mod b b (or (or mod mod y y) )

Finding Inverses Finding Inverses

EXTENDED EXTENDED EUCLID(m EUCLID(m, b) , b)

1.

1. (A1, A2, A3)=(1, 0, m);

(A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) (B1, B2, B3)=(0, 1, b)

2. if
2. if B3 = 0

B3 = 0 return return A3 = A3 = GCD(m GCD(m, b); no inverse , b); no inverse

3. if
3. if B3 = 1

B3 = 1 return return B3 = B3 = GCD(m GCD(m, b); B2 = b , b); B2 = b–

–1 1 mod m

mod m 4.

4. Q = A3 div B3

Q = A3 div B3 5.

5. (T1, T2, T3)=(A1

(T1, T2, T3)=(A1 – – Q B1, A2 Q B1, A2 – – Q B2, A3 Q B2, A3 – – Q B3) Q B3) 6.

6. (A1, A2, A3)=(B1, B2, B3)

(A1, A2, A3)=(B1, B2, B3) 7.

7. (B1, B2, B3)=(T1, T2, T3)

(B1, B2, B3)=(T1, T2, T3) 8.

8. goto

goto 2 2

不泌仅要获得GCD，还要获得x和y

对以后的加密计算有⽤甩
遵循GCD的划分顺序，但在每个步骤i，跟踪x和y：

r = ax + by

最后找到GCD值以及x和y
ifGCD（a，b）= 1 = ax +

x是mod b（或mod y）的逆

SLIDE 6

Inverse of 550 in GF(1759) Inverse of 550 in GF(1759)

Q A1 A2 A3 B1 B2 B3 — 1 1759 1 550 3 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1

Inverse of 550 in GF(1759) Inverse of 550 in GF(1759)

Q A1 A2 A3 B1 B2 B3 — 1 1759 1 550 3 1 550 1 –3 109 5 1 –3 109 –5 16 5 21 –5 16 5 106 –339 4 1 106 –339 4 –111 355 1

Group Group

a set of elements or

a set of elements or “ “numbers numbers” ”

– – may be finite or infinite may be finite or infinite

with some operation whose result is also

with some operation whose result is also in the set (closure) in the set (closure)

obeys:
beys:

– – associative law: associative law: ( (a.b).c a.b).c = = a.(b.c a.(b.c) ) – – has identity has identity e e: : e.a e.a = = a.e a.e = a = a – – has inverses has inverses a a-

1

1:

: a.a a.a-

1

1 = e

= e

if commutative

if commutative a.b a.b = = b.a b.a

– – then forms an then forms an abelian abelian group group

Cyclic Group Cyclic Group

define

define exponentiation exponentiation as repeated as repeated application of operator application of operator

– – example: example: a a3

3 =

= a.a.a a.a.a

and write identity as:

and write identity as: e e = = a a0

a group is cyclic if every element

a group is cyclic if every element b b is a is a power of some fixed element power of some fixed element a a

– – i.e. every i.e. every b b = = a ak

k

for some for some k k

a

a is said to be a generator of the group is said to be a generator of the group

SLIDE 7

Ring Ring

a set of elements or

a set of elements or “ “numbers numbers” ”

with two operations (addition and multiplication)

with two operations (addition and multiplication) which form: which form:

an

an abelian abelian group with respect to addition group with respect to addition

and multiplication:

and multiplication:

– – has closure has closure – – is associative is associative – – distributive over addition: distributive over addition: a(b a(b + + c) c) = = ab ab + + ac ac

if multiplication operation is

if multiplication operation is commutative commutative, we , we have a have a commutative ring commutative ring

if

if multiplication operation has an multiplication operation has an identity identity and and no no zero divisors zero divisors, it forms an , it forms an integral domain integral domain

Field Field

a set of elements or

a set of elements or “ “numbers numbers” ”

with two operations which form:

with two operations which form:

– – abelian abelian group for addition group for addition – – abelian abelian group for multiplication (ignoring 0) group for multiplication (ignoring 0) – – ring ring

have hierarchy with more axioms/laws

have hierarchy with more axioms/laws

– – group group ring ring field field

Group, Ring, Field Group, Ring, Field Finite (Galois) Fields Finite (Galois) Fields

finite fields play a key role in cryptography

finite fields play a key role in cryptography

can show number of elements in a finite

can show number of elements in a finite field field must must be a power of a prime be a power of a prime p pn

n

known as Galois fields

known as Galois fields

denoted

denoted GF(p GF(pn

n)

)

in particular often use the fields:

in particular often use the fields:

– – GF(p GF(p) ) – – GF(2 GF(2n

n)

)

关于加法的阿⻉贞尔组如果乘法运算具有标识且没有零除数，则它形成⼀丁个整数域拥有更車多公理痢/法律慄的等级制度可以显示有限n场中元素的数量勵必须是素数p的幂

SLIDE 8

Galois Fields Galois Fields GF(p GF(p) )

GF(p

GF(p) is the set of integers ) is the set of integers {0,1, {0,1,… …,p ,p-

1}

1} with arithmetic operations modulo prime with arithmetic operations modulo prime p p

these form a finite field

these form a finite field

– – 1 1… …p p-

1

1 coprime coprime to to p p, so have multiplicative inv. , so have multiplicative inv. – – find inverse with Extended Euclidean algorithm find inverse with Extended Euclidean algorithm

hence arithmetic is

hence arithmetic is “ “well well-

behaved

behaved” ” and can and can do addition, subtraction, multiplication, and do addition, subtraction, multiplication, and division without leaving the field division without leaving the field GF(p GF(p) )

everything works as expected

everything works as expected

GF(7) Multiplication GF(7) Multiplication

× 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1

Arithmetic in GF(7)

Polynomial Arithmetic Polynomial Arithmetic

can compute using polynomials

can compute using polynomials

f f( (x x) = ) = a an

nx

xn

n + a

+ an

n-

1

1x

xn

n-

1

1 +

+ … … + a + a1

1x +

x + a a0

0 =

= a ai

ix

xi

i

nb
nb. not interested in any specific value of x

. not interested in any specific value of x

x is the indeterminate

x is the indeterminate … … like an unspecified base like an unspecified base

several alternatives available

several alternatives available

– – ordinary polynomial arithmetic

rdinary polynomial arithmetic

– – poly arithmetic with coefficients mod p poly arithmetic with coefficients mod p – – poly arithmetic with coefficients mod p and poly arithmetic with coefficients mod p and polynomials mod polynomials mod m(x m(x) )

1 ... p-1互质p，所以有乘法inv。

找到与扩展欧⼏凡⾥里離德算法的逆

多项式算术对x的任何特定值不泌感兴趣

x是不泌确定的......就像⼀丁个未指定的基础
提供多种替代⽅斺案
普通多项式算术
具有系数mod p的多项算术
具有系数mod p和多项式mod m（x）的多项算术

SLIDE 9

Ordinary Polynomial Arithmetic Ordinary Polynomial Arithmetic

add or subtract corresponding coefficients

add or subtract corresponding coefficients

multiply all terms by each other

multiply all terms by each other

eg

eg

let let f f( (x x) = ) = x x3

3 +

+ x x2

2 + 2 and

+ 2 and g g( (x x) = ) = x x2

2 –

– x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3

3 + 2

+ 2x x2

2 –

– x x + 3 + 3 f f( (x x) ) – – g g( (x x) = ) = x x3

3 +

+ x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5

5 + 3

+ 3x x2

2 –

– 2 2x x + 2 + 2

Polynomial Arithmetic with Modulo Polynomial Arithmetic with Modulo Coefficients Coefficients

when computing value of each coefficient

when computing value of each coefficient do calculation modulo some value do calculation modulo some value

– – forms a polynomial ring forms a polynomial ring

could be modulo any prime

could be modulo any prime

but we are most interested in mod 2

but we are most interested in mod 2

– – ie ie all coefficients are 0 or 1 all coefficients are 0 or 1 – – eg

eg. let

. let f f( (x x) = ) = x x3

3 +

+ x x2

2 and

and g g( (x x) = ) = x x2

2 +

+ x x + 1 + 1 f f( (x x) + ) + g g( (x x) = ) = x x3

3 +

+ x x + 1 + 1 f f( (x x) x ) x g g( (x x) = ) = x x5

5 +

+ x x2

2

普通多项式算法加或减相应的系数

将所有术语相互乘以

模数系数的多项式算法

当计算每个系数的值时，计算模数为某个值
形成⼀丁个多项式环
可以模数任何素数
但我们对mod 2最感兴趣

即所有系数都是0或1

SLIDE 10

Polynomial Division Polynomial Division

can write any polynomial in the form:

can write any polynomial in the form:

– – f f( (x x) = ) = q q( (x x) ) g g( (x x) + ) + r r( (x x) ) – – can interpret can interpret r r( (x x) ) as being a remainder as being a remainder – – r r( (x x) = ) = f f( (x x) mod ) mod g g( (x x) )

if no remainder, say

if no remainder, say g g( (x x) divides ) divides f f( (x x) )

if

if g g( (x x) has no divisors other than itself and 1, say ) has no divisors other than itself and 1, say it is it is irreducible irreducible (or prime) polynomial (or prime) polynomial

arithmetic modulo an irreducible polynomial

arithmetic modulo an irreducible polynomial forms a field forms a field

Polynomial GCD Polynomial GCD

can find greatest common divisor for

can find greatest common divisor for polys polys

– – c(x c(x) ) = = GCD( GCD(a(x a(x), ), b(x b(x) )) ) if if c(x c(x) ) is the poly of is the poly of greatest degree which divides both greatest degree which divides both a(x a(x), ), b(x b(x) )

can adapt Euclid

can adapt Euclid’ ’s Algorithm to find it: s Algorithm to find it:

Euclid( Euclid(a a( (x x) ), , b b( (x x) )) ) if ( if (b b( (x x) ) = = 0) then return 0) then return a a( (x x) ); ; else return else return Euclid( Euclid(b b( (x x) ), , a a( (x x) ) mod mod b b( (x x) )); );

Modular Polynomial Arithmetic Modular Polynomial Arithmetic

can compute in field GF(2

can compute in field GF(2n

n)

)

– – elements of GF(2 elements of GF(2n

n) are polynomials with

) are polynomials with coefficients modulo 2 coefficients modulo 2 – – whose degree is less than n whose degree is less than n – – hence must reduce modulo an irreducible poly hence must reduce modulo an irreducible poly

f degree n (when you multiply)
f degree n (when you multiply)
form a finite field

form a finite field

can always find an inverse

can always find an inverse

– – use Extend Euclid Algorithm to find inverse use Extend Euclid Algorithm to find inverse

Computational Considerations Computational Considerations

since coefficients are 0 or 1, can represent

since coefficients are 0 or 1, can represent any such polynomial as a bit string any such polynomial as a bit string

addition becomes XOR of these bit strings

addition becomes XOR of these bit strings

multiplication is shift and XOR

multiplication is shift and XOR

– – Cf. long multiplication

Cf. long multiplication
modulo reduction done by repeatedly

modulo reduction done by repeatedly substituting highest power with remainder substituting highest power with remainder

f irreducible poly (also shift and XOR)
f irreducible poly (also shift and XOR)
eg

eg. . irreducible irreducible poly poly = = x x3

3 +

+ x x + 1 + 1 means means x x3

3 =

= x x + 1 in the + 1 in the polynomial polynomial field field

可以将r（x）解释为余数它是不泌可约的（或素数）多项式算术模数不泌可约多项式形成⼀丁个场可以在GF（2）领域进⾏行降计算

GF（2n）的元素是系数为2的多项式
学位低于n
因此必须减少模n的不泌可约多边形（当你乘以时）
形成有限的领域
总能找到反转
使⽤甩Extend Euclid算法找到逆

计算考虑因素

由于系数为0或1，因此可以将任何此类多项式表示为位

串句

加法变为这些位串句的XOR
乘法是移位和异或
参考⻓門乘法
通过使⽤甩剩余的不泌可约多边形（也是移位和异或）重复

替换最⾼髙功率来完成模数减少

例禮如。不泌可减少的poly = x + x + 1表示

x = x + 1在多项式场中

SLIDE 11

Computational Example Computational Example

in

in GF(2 GF(23

3) have

) have (x (x2

2+1) is 101

+1) is 1012

2 & (x

& (x2

2+x+1) is 111

+x+1) is 1112

2

so addition is

so addition is

– – (x (x2

2+1) + (x

+1) + (x2

2+x+1) = x

+x+1) = x – – 101 XOR 111 = 010 101 XOR 111 = 0102

2

and multiplication is

and multiplication is

– – (x+1).(x (x+1).(x2

2+1) = x.(x

+1) = x.(x2

2+1) + 1.(x

+1) + 1.(x2

2+1)

+1) = x = x3

3+x + x

+x + x2

2+1 = x

+1 = x3

3+x

+x2

2+x+1

+x+1 – – 011.101 = (101)<<1 XOR (101)<<0 = 011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 0101 = 1111 1010 XOR 0101 = 11112

2

polynomial modulo reduction (to get

polynomial modulo reduction (to get q(x q(x) & ) & r(x r(x)) ))

– – (x (x3

3+x

+x2

2+x+1 ) mod (x

+x+1 ) mod (x3

3+x+1) = 1.(x

+x+1) = 1.(x3

3+x+1) + (x

+x+1) + (x2

2) = x

) = x2

2

– – 1111 mod 1011 = 1111 XOR 1011 = 0100 1111 mod 1011 = 1111 XOR 1011 = 01002

2

Example GF(2 Example GF(23

3)

)

Arithmetic in GF(23)

Using a Generator Using a Generator

equivalent definition of a finite field

equivalent definition of a finite field

a

a generator generator g is an element whose g is an element whose powers generate all non powers generate all non-

zero elements

zero elements

– – in F have 0, g in F have 0, g0

0, g

, g1

1,

, … …, g , gq

q-

2

2

can create generator from

can create generator from root root of the

f the

irreducible polynomial irreducible polynomial

then implement multiplication by adding

then implement multiplication by adding exponents of generator exponents of generator

just a

just a relabelling relabelling of the field elements

f the field elements

(since only one field of a given size) (since only one field of a given size)

有限域的等价定义

⽣甠成器塀g是⼀丁种能够⽣甠成所有⾮靟零元素的元素
在F中有0，g0，g1，...，gq-2
可以从不泌可约多项式的根创建⽣甠成器塀
然后通过添加⽣甠成器塀的指数来实现乘法
只是字段元素的重新标记（因为只有给定⼤夨⼩尐的⼀丁个字段）