Finite fields Definition Theorem (Field) Let F be a set with two - - PowerPoint PPT Presentation

finite fields
SMART_READER_LITE
LIVE PREVIEW

Finite fields Definition Theorem (Field) Let F be a set with two - - PowerPoint PPT Presentation

Apr 19, 2023 545 likes •614 views

Finite Fields Finite Fields AES AES Definition (Group) Let G be a set and be a binary operation defined on G , Definition i.e., : G G G . We say ( G , ) is a group if (Ring) Let R be a set with two binary operations + and

slide-1
SLIDE 1

Finite Fields AES

Definition (Group) Let G be a set and ◦ be a binary operation defined on G, i.e., ◦ : G × G → G. We say (G, ◦) is a group if ◦

1 is closed: that is for each a, b ∈ G we have a ◦ b ∈ G. 2 is associative: that is for each a, b, c ∈ G we have

(a ◦ b) ◦ c = a ◦ (b ◦ c).

3 has an identity element: that is there exists e ∈ G s.t. for

each a ∈ G we have a ◦ e = e ◦ a = a.

4 every element has an inverse: that is for every a ∈ G there is

a−1 ∈ G with a ◦ a−1 = a−1 ◦ a = e. We call (G, ◦) a commutative group if in addition ◦

5 is commutative: that is for each a, b ∈ G we have

a ◦ b = b ◦ a.

Eike Ritter Cryptography 2013/14 42 Finite Fields AES

Definition (Ring) Let R be a set with two binary operations + and ·, then (R, +, ·) is a ring if (R, +) is a commutative group, (R, ·) is closed, associative and has an identity. + and · are

1

left distributive: that is for each a, b, c ∈ R we have a · (b + c) = (a · b) + (a · c),

2

right distributive: that is for each a, b, c ∈ R we have (b + c) · a = (b · a) + (c · a).

Eike Ritter Cryptography 2013/14 43 Finite Fields AES

Definition (Field) Let F be a set with two binary operations + and ·. Let F ∗ be the set that contains all elements of F except the identity for +, i.e. we let F ∗ = F \ {0}, where 0 is the identity for +. Then (F, +, ·) is a field if (F, +) is a commutative group, (F ∗, ·) is a commutative group, + and · are left and right distributive.

Eike Ritter Cryptography 2013/14 44 Finite Fields AES

Finite fields

Theorem (Zn, +, ·) is a field iff n is a prime number Theorem Assume Fp is a field with p elements, where p is a prime number. Then Fp is isomorphic to Zp. Not all fields with finite elements are of this form. Need to make detour via polynomials to identify others.

Eike Ritter Cryptography 2013/14 45

slide-2
SLIDE 2

Finite Fields AES

Definition (Polynomial) We call an expression of the form anxn + . . . + a2x2 + a1x + a0 a polynomial in the variable x over Z, if all ai ∈ Z, i = 0, . . . , n and all exponents 0, . . . , n are non-negative integers. We denote the set of all polynomials in one variable over Z as Z[x]. We call a summand aixi of a polynomial a monomial of degree i with coefficient ai. We say a polynomial p ∈ Z[x] is of degree n if its greatest non-zero monomial is of degree n. We generally write deg(p) = n.

Eike Ritter Cryptography 2013/14 46 Finite Fields AES

Division with remainder

Theorem For every a, b ∈ Z with a ≥ b there exist s, r ∈ Z with |s| < |a| and |r| < |b| such that a = s · b + r. Same holds also for polynomials: Theorem For every p(x), q(x) ∈ Z[x] with deg(p) ≥ deg(q) there exist s(x), r(x) ∈ Z[x] with deg(s) < deg(p) and deg(r) < deg(q) such that k · p(x) = s(x) · q(x) + r(x), with k ∈ Z.

Eike Ritter Cryptography 2013/14 47 Finite Fields AES

Residue classes

For Z, have for each integer n residue classes {[0]n, [1]n, . . . , [n − 1]n} obtained by divison with remainder In the same way, in Z[x] have for each polynomial p(x) residue classes obtained by division with remainder Note that there are infinitely many residue classes for each polynomial p(x) of degree ≤ 2 We will write Z[x]/p(x) for the set of all residue classes

Eike Ritter Cryptography 2013/14 48 Finite Fields AES

Irreducible polynomials

Definition An integer n is called prime if its only divisors are 1 and n The same notion for polynomials is called irreducible: Definition A polynomial p(x) ∈ Z[x] is called irreducible if its only divisors are p(x) and the constant polynomial a0 ∈ Z[x] for any a0 ∈ Z.

Eike Ritter Cryptography 2013/14 49

slide-3
SLIDE 3

Finite Fields AES

Polynomials over finite fields

Instead of Z can use arbitrary ring to obtain polyonmials. Interesting case: Ring is finite field Fp. Theorem Let q(x) be an irreducible polynomial of degree n over Fp, where p is a prime number. Then Fp[x]/q(x) is a field with pn elements. Theorem For every prime number p and every n there exists (up to isomorphism) exactly one field with pn elements. Will use often case of F2, ie polynomials with coefficients 0 or 1

  • nly.

Eike Ritter Cryptography 2013/14 50 Finite Fields AES

The Advanced Encryption Standard

Successor of DES Adopted in 2001 Still believed to be secure

Eike Ritter Cryptography 2013/14 51 Finite Fields AES

AES parametrisable: Bock sizes of 128, 192 and 256 bits key sizes of 128, 192 and 256 bits 10, 12 or 14 rounds of encryption

Eike Ritter Cryptography 2013/14 52 Finite Fields AES

Operations take place in F28 = F2[x]/(x8 + x4 + x3 + x + 1) Start by arranging the message in 4 × 4 matrix of 8-bit elements, filling it downwards and then right Each round has following operations: Substitution: Operating on every single byte Byte permutation ShiftRows column manipulation MixColumns xor with round key

Eike Ritter Cryptography 2013/14 53

slide-4
SLIDE 4

Finite Fields AES

Substitution

Corresponds to algebraic operation in the field F28 Consider byte as polynomial in the field Compute its multiplicative inverse (non-linear step) Compute new bitvector by applying certain linear function to it (strengthening against algebraic attacks)

Eike Ritter Cryptography 2013/14 54 Finite Fields AES

Shift Rows

ShiftRows performs cyclic shift on the state matrix

Source: Wikipedia Eike Ritter Cryptography 2013/14 55 Finite Fields AES

MixColumns

Mixing each column separately Achieved by multiplying with matrix     b0,i b1,i b2,i b3,i     =     0x02 0x03 0x01 0x01 0x01 0x02 0x03 0x01 0x01 0x01 0x02 0x03 0x03 0x01 0x01 0x02     ·     a0,i a1,i a2,i a3,i     Each hex-number represents polynomial. Multiplication is in F28.

Eike Ritter Cryptography 2013/14 56 Finite Fields AES

Adding Round Key

Key, including all round keys is 128 bits. Can be therefore represented as 4 × 4 matrix. Simply added to state matrix.

Eike Ritter Cryptography 2013/14 57

slide-5
SLIDE 5

Finite Fields AES

Key schedule

Derive round keys Ki as follows: K0 is the original key K To obtain Ki+1, first split key k into four words W0, W1, W2 and W3 of 32 bit each for i := 1 to 10 do T := W4i−1 ≪ 8 T := SubBytes(T) T := T⊕RCi W4i := W4i−4⊕T W4i+1 := W4i−3⊕W4i W4i+2 := W4i−2⊕W4i+1 W4i+3 := W4i−1⊕W4i+2 end where RCi = xi(modx8 + x4 + x3 + x + 1)

Eike Ritter Cryptography 2013/14 58 Finite Fields AES

Advanced Access Content System

Digital rights management system for HD-DVD and Blu-Ray Disc

Source: arstechnica.com Eike Ritter Cryptography 2013/14 59