Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public Key AES, Elliptic Curve, IDEA, Public Key  start with concepts of groups, rings, fields from abstract algebra

Algebraic System  Binary Operation: Given a nonempty set S and a function op : S×S  S, then op is a binary operation on S.  Examples: S= N and op = × :the multiple of integer; S= N and op = +: the addition of integer.  Algebratic Systems: (S, op 1, op 2, …, op n ), where S is a nonenmpty set and there are at least one binary operation on S.  Examples: (R, +, ×) and (Z, +, ×)

 Properties of Algebratic Systems Closure: a op b  S, where a and b  S. Closure: a op b  S, where a and b  S. Associative: (a op b) op c= a op (b op c) for (S, op), where a, b, and c  S. Associative: (a op b) op c= a op (b op c) for (S, op), where a, b, and c  S. Communicative: a op b = b op a for (S, op) for a and b  S. Communicative: a op b = b op a for (S, op) for a and b  S. (Z, -) have no communicative property. (Z, -) have no communicative property. Identity: For (S, op),  e  S,  a  S, such that a op e= e op a= a. Identity: For (S, op),  e  S,  a  S, such that a op e= e op a= a. Example: For (Z, +), e=0, for (Z, ×), e= 1. Example: For (Z, +), e=0, for (Z, ×), e= 1. Inverses: For (S, op),  a  S,  b  S, such that a op b = b op a = e. Inverses: For (S, op),  a  S,  b  S, such that a op b = b op a = e. Symbol : a -1 or -a. Symbol : a -1 or -a.

Example: For (Z, +), the inverse of a is -a. Example: For (Z, +), the inverse of a is -a. Example: For (R/{0}, ×), the inverse of a is a -1 while, for (Z, ×), there is no inverse for any integer. Example: For (R/{0}, ×), the inverse of a is a -1 while, for (Z, ×), there is no inverse for any integer. Distribution: For (S, +, *), a*(b+c)= a*b+a*c, where a, b, and c  S. Distribution: For (S, +, *), a*(b+c)= a*b+a*c, where a, b, and c  S. Semigroup (G,*): An algebratic system (G, *) with the following properties: Closure, association, and an identity. Semigroup (G,*): An algebratic system (G, *) with the following properties: Closure, association, and an identity. Theorem: For a semigroup (G, *), the identity is unique. Theorem: For a semigroup (G, *), the identity is unique.

 Groups (G, *) : A semigroup (G, *) with inverses.  Examples:(Z, +), (R/{0}, *) are groups.  Abelian (Commutative) Groups: the group with communitative property  Theorem: For a group (G, *), the inverse of an element in G is unique.  Field (F, +, *):  (F, +) is a commutative group.  (F, *) is a semigroup and (F-{0}, *) is a commutative group, where 0 is the identity for the operation +.

Finite Fields  Finite Group (G, *): A group (G, *) with finite elements in G.  Example: ({0, 1, …, N-1}, +N) is a finite group, where N is an integer.  Cyclic Group (G, *): For a group (G, *), there exists an element a such that G= {a n |n  Z}, where a n =a*a* …*a (n-1 times).  a:primitive root (with the order n=|G|).  Example: ({1, …, 6}, * 7 ) is a cyclic group with the primitive root 3. [{3, 2, 6, 4, 5, 1}, & order= 6]

 Generator with order m: a m =1.  Finite Fields: A field (F, +, *) with finite elements in F.  Example:GF(P)= ({0, 1, …, P-1}, + P, * P ) for a prime number P. [The first finite fields].

Some Famous Finite Fields [P is a prime number]  GF(P) or Z P.  GF(P n ): Given an irreducible polynomial Q(x) of degree n over GF(P).  GF(2 n ) for P= 2.  Example: Q(x)= x 3 +x+1 over GF(2)  (x+1)+ (x)= 1.  (x+1)*x 2 = x 2 +x+1.

Congruences  Given integers a, b, and n  0, a, is congruent to b modulo n, written a  b mod n if and only if a  b = kn for some integer k. Ex. 41  93 mod  10 mod8.

 If a  b mod n, then b is called a residue of a modulo n (conversely, a is a residue of b modulo n).  A set of n integers {r 1, …, r n } is called a complete set of residues modulo n if, for every integer a, there is exactly one r i in the set such that a  r i mod n.  For any modulus n, the set of integers {0, 1,…, n  1} forms a complete set of residues modulo n.

Greatest Common Divisor (GCD)  a common problem in number theory  GCD (a,b) of a and b is the largest number that divides evenly into both a and b eg GCD(60,24) = 12 eg GCD(60,24) = 12  often want no common factors (except 1) and hence numbers are relatively prime eg GCD(8,15) = 1 eg GCD(8,15) = 1 hence 8 & 15 are relatively prime hence 8 & 15 are relatively prime

Euclidean Algorithm  an efficient way to find the GCD(a,b)  uses theorem that: GCD(a,b) = GCD(b, a mod b) GCD(a,b) = GCD(b, a mod b)  Euclidean Algorithm to compute GCD(a,b) is: EUCLID(a,b) 1. A = a; B = b 2. if B = 0 return A = gcd(a, b) 3. R = A mod B 4. A = B 5. B = R 6. goto 2

Example GCD(1970,1066) 1970 = 1 x gcd(1066, 904) 1066 = 1 x gcd(904, 162) 904 = 5 x gcd(162, 94) 162 = 1 x gcd(94, 68) 94 = 1 x gcd(68, 26) 68 = 2 x gcd(26, 16) 26 = 1 x gcd(16, 10) 16 = 1 x gcd(10, 6) 10 = 1 x gcd(6, 4) 6 = 1 x gcd(4, 2) 4 = 2 x gcd(2, 0)

Finding Inverses EXTENDED EUCLID(m, b) 1.(A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b –1 mod m 4. Q = A3 div B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2

Inverse of 550 in GF(1759) QA1A2A3B1B2B3 — – –3109– – – –3394–

Computing Inverses  Unlike ordinary integer arithmetic, modular arithmetic sometimes permits the computation of multiplicative inverse  That is, given an integer a in the range [0, n  1], it may be possible to find a unique integer x in the range [0, n  1] such that ax mod n = 1.  Ex. 3 and 7 are multiplicative inverses mod 10 because 21 mod 10 = 1.  Thm. If gcd(a, n) = 1, then (ai mod n)  (aj mod n) for each i, j such that 0  i < j < n.

 This property implies that each ai mod n (i = 0,..., n  1) is a distinct residue mod n, and that the set {ai mod n} i=0,..., n  1  is a permutation of the complete set of residues {0,..., n  1}.  This property does not hold when a and n have a common factor.  If gcd(a, n) = 1, then there exists an integer x, 0 < x < n, such that ax mod n = 1.

 Ex. n = 5 and a = 3: 3  0 mod 5 = 0 3  1 mod 5 = 3 3  2 mod 5 = 1 3  3 mod 5 = 4 3  4 mod 5 = 2.  Ex. n = 4 and a = 2: 2  0 mod 4 = 0 2  1 mod 4 = 2 2  2 mod 4 = 0 2  3 mod 4 = 2.

Solving for Inverse  Euler's generalization of Fermat's theorem gives us an algorithm for solving the equation ax mod n = 1, where gcd(a, n) = 1. Since a  (n) mod n = 1, we may compute x as ax  a  (n), or x = a  (n)  1 mod n. If n is prime, this is simply x = a (n  1)  1 mod n = a n  2 mod n.

 Ex. Let a = 3 and n = 7. Then x = 3 5 mod 7 = 5.  Ex. Let a = 2 and n = 15. Then x = 2 7 mod 15 = 8.  With this approach, to compute x, you have to know  (n).

Another Approach  x can also be computed using an extension of Euclid's algorithm for computing the greatest common divisor.  This is more suitable for computers to do. Euclid's algorithm for computing greatest common divisor : gcd(a, n) g 0  n g 1  a i  1 while g i  0 g i+1  g i  1 mod g i g i+1  g i  1 mod g i i  i + 1 i  i + 1 return g i  1

Extended Euclid's Algorithm  Extended Euclid's algorithm for computing inverse (loop invariant: g i = u i n + v i a):  inv(a, n) g 0  n; g 1  a; g 0  n; g 1  a; u 0  1; v 0  0; u 0  1; v 0  0; u 1  0; v 1  1; u 1  0; v 1  1; i  1 i  1 while g i  0 while g i  0 y  g i  1 div g i y  g i  1 div g i g i+1  g i  1  y  g i g i+1  g i  1  y  g i u i+1  u i  1  y  u i u i+1  u i  1  y  u i v i+1  v i  1  y  v i i  i + 1 x  v i  1 x  v i  1 if x  0 if x  0 return x return x else else return x + n return x + n

Example  Ex. To solve 3x mod 7 = 1 using the algorithm, we have  Because v 2 =  2 is negative, the solution is x =  = 5. i gigigigi uiuiuiui viviviviy 22223 30