Chapter 4. Finite Fields 書名： Cryptography and Network Security Principles and Practices, Fourth Edition 作者： By William Stallings 報告者：陳盈如 2008/04/03

2 Outline 4.1 Groups, Rings, and Fields 4.2 Modular Arithmetic 4.3 The Euclidean Algorithm 4.4 Finite Fields of the Form GF( p ) 4.5 Polynomial Arithmetic 4.6 Finite Fields of the Form GF(2 n ) 4.7 Recommended Reading and Web Sites 4.8 Key Terms, Review Questions, and Problems

4.1 Groups, Rings, and Fields 3

4 Groups, Rings, and Fields Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set.

5 Group 「群」 {G, ·} 一個集合 R 和一種二元運算 · (1) Closure: 「封閉性」 若 a, b  G 則 a · b  G. (2) Associative: 「結合率」 若 a, b, c  G 則 a · (b · c) = (a · b) · G. (3) Identity element: 「單位元素」 There is an element e in G such that a · e = e · a = a for all a in G. (4) Inverse element: 「反元素」 For each a in G there is an element a ' in G such that a · a ' = a ' · a = e. abelian group 「可換群」 abelian group 「可換群」 (5) Commutative: 「交換率」 a · b = b · a for all a, b in G. Ex: Z 在加法下是 group

6 Ring 「環」 {G, ·} {G, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative (1) Closure (2) Associative (*) Distributive laws: (*) Distributive laws: 「分配法則」 a(b + c) = ab + ac for all a, b, c in R. (a + b)c = ac + bc for all a, b, c in R. commutative ring commutative ring 「交換環」 (5) Commutative integral domain integral domain 「整環」或「整域」： 含乘法單位元的無零因子的交換環。 (3) Identity element (3) Identity element (*) No zero divisors: (*) No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0. {R, +, ·} 一個集合 R 和兩種二元運算 {R, +, ·} 一個集合 R 和兩種二元運算 {R, +} {R, ·} {R, +, ·} 零因子 (zero divisor) ： 設 b 是環中的非零元素，稱 a 為 左零因子，如果 ab = 0 ；同樣 可以定義右零因子。通稱零因子。 零因子 (zero divisor) ： 設 b 是環中的非零元素，稱 a 為 左零因子，如果 ab = 0 ；同樣 可以定義右零因子。通稱零因子。

7 Field 「體」 Field 「體」 {G, ·} {R, +, ·} {F, +, ·} {G, ·} {R, +, ·} {F, +, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative (1) Closure (2) Associative (*) Distributive laws commutative ring (5) Commutative integral domain (3) Identity element (*) No zero divisors (4) Inverse element {F, +} {F, +, ·} {F, ·}

8 Figure 4.1. Group, Ring, and Field

4.2 Modular Arithmetic 9

Modular Arithmetic Equation 4-1 Equation 4-1 a = qn + r 0  r < n ; q =  a / n  a = qn + r 0  r < n ; q =  a / n  where  x  is the largest integer less than or equal to x. residue residue When the integer a is divided by the integer n, the remainder r is referred to as the residue. Equivalently, r = a mod n. When the integer a is divided by the integer n, the remainder r is referred to as the residue. Equivalently, r = a mod n. a =  a / n   n + ( a mod n ) a =  a / n   n + ( a mod n )

congruent modulo Two integers a and b are said to be congruent modulo n, Two integers a and b are said to be congruent modulo n, if ( a mod n ) = ( b mod n ). This is written as a  b (mod n ). 73  4 (mod 23) 21   9 (mod 10) 11

a = mb  b divides a  b | a a = mb  b divides a  b | a ( b is a divisor of a ) divisor 21 = 3  7  7|21 if a  b (mod n )  n |( b  a ) if a  b (mod n )  n |( b  a ) if a  0 (mod n )  n | b 1  3 (mod 2)  2|(3  1) = 2|2 12

Modular arithmetic exhibits the following properties: Modular arithmetic exhibits the following properties: 1. [( a mod n ) + ( b mod n )] mod n = ( a + b ) mod n 2. [( a mod n )  ( b mod n )] mod n = ( a  b ) mod n 3. [( a mod n )  ( b mod n )] mod n = (a  b ) mod n Ex: 11 mod 8 = 3; 15 mod 8 = 7 Ex: 11 mod 8 = 3; 15 mod 8 = 7 1. [(11 mod 8) + (15 mod 8)] mod 8 1. [(11 mod 8) + (15 mod 8)] mod 8 = ( ) mod 8 2. [(11 mod 8)  (15 mod 8)] mod 8 2. [(11 mod 8)  (15 mod 8)] mod 8 = (11  15) mod 8 = (11  15) mod 8 3. [(11 mod 8)  (15 mod 8)] mod 8 3. [(11 mod 8)  (15 mod 8)] mod 8 = (11  15) mod 8 13

14 Equation 4-2 Equation 4-2 if ( a + b )  ( a + c ) (mod n ) then b  c (mod n ) (5 + 23)  (5 + 7)(mod 8) ; (5 + 23)  (5 + 7)(mod 8) ; 23  7 (mod 8) Equation 4-3 Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n Ex: ( 5  3)  (5  7) (mod 4) then 3  7 (mod 4) ( 6  3)  (6  7) (mod 8) then 3  7 (mod 8)

15 if a is relatively prime to n if a is relatively prime to n existence of a multiplicative inverse.  existence of a multiplicative inverse. (( a -1 ) ab )  (( a -1 ) ac )(mod n ) (( a -1 ) ab )  (( a -1 ) ac )(mod n ) b  c (mod n ) b  c (mod n ) The integers 6 and 8 are not relatively prime, since they have the common factor 2. We have the following: The integers 6 and 8 are not relatively prime, since they have the common factor 2. We have the following: 6 3 = 18  2 (mod 8) 6  3 = 18  2 (mod 8) 6 7 = 42  2 (mod 8) 6  7 = 42  2 (mod 8) Yet 3  7 (mod 8).

16 Table 4.1. Arithmetic Modulo 8 要推回 6  = 2(mod 8) 無唯一解 即乘法反元素不唯一

17 Table 4.2. Properties of Modular Arithmetic for Integers in Z n PropertyExpression Commutative laws ( w + x ) mod n = ( x + w ) mod n ( w  x ) mod n = ( x  w ) mod n Associative laws [( w + x ) + y ] mod n = [ w + ( x + y )] mod n [( w  x )  y ] mod n = [ w  ( x  y )] mod n Distributive laws [ w + ( x + y )] mod n = [( w  x ) + ( w  y )] mod n [ w + ( x  y )] mod n = [( w + x ) x ( w + y )] mod n Identities (0 + w ) mod n = w mod n (1 + w ) mod n = w mod n Additive inverse (- w ) For each w  Z n, there exists a z such that w + z  0 mod n Modular Arithmetic for Integers in Z n is a Ring.

4.3 The Euclidean Algorithm 18 最大公因數 最大公因數 Greatest Common Divisor Finding the GCD Finding the GCD

19 Greatest Common Divisor a = mb a = mb  nonzero b is defined to be a divisor of a for some m ( a, b, and m are integers) gcd( a, b ) = c gcd( a, b ) = c The positive integer c is said to be the greatest common divisor of a and b if The positive integer c is said to be the greatest common divisor of a and b if 1. c is a divisor of a and of b ; 1. c is a divisor of a and of b ; 2. any divisor of a and b is a divisor of c. 2. any divisor of a and b is a divisor of c. An equivalent definition : An equivalent definition : gcd( a, b ) = max[ k, such that k | a and k | b ] gcd( a, b ) = max[ k, such that k | a and k | b ] 12 :1,2,3,4,6,12 18 :1,2,3,6,9,18 gcd(12, 18) = 6 gcd(12, 18) = 6

gcd(60, 24) = gcd(60,  24) = 12 gcd(60, 24) = gcd(60,  24) = 12 we require the GCD be positive, we require the GCD be positive, gcd( a, b ) = gcd( a,  b ) = gcd(  a, b ) = gcd(  a,  b ). gcd( a, b ) = gcd( a,  b ) = gcd(  a, b ) = gcd(  a,  b ). In general, gcd( a, b ) = gcd(| a |, | b |). In general, gcd( a, b ) = gcd(| a |, | b |). gcd( a, 0) = | a | gcd( a, 0) = | a | all nonzero integers divide 0 all nonzero integers divide 0 gcd( p, q ) = 1 gcd( p, q ) = 1 Integers p and q are relatively prime Integers p and q are relatively prime gcd(8, 15) =1; gcd(8, 15) =1; 8  1, 2, 4, 8 15  1, 3, 5, Some example 0 m a = mb 0 = m 0 = 0 = 0

21 Finding the GCD Equation 4-4 Equation 4-4 gcd( a, b ) = gcd( b, a mod b ) gcd(55, 22) gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22, 11) = gcd(22, 22mod11) = gcd(11, 0) =11 證明 : 令 d = gcd( a, b )  d | a (1) and d | b (2) 證明 : 令 d = gcd( a, b )  d | a (1) and d | b (2) a = kb + r  r (mod b )  b | a  r (3) a mod b = r (4) By (2) and (3)  d | a  r  d | kb By (1) and (3)  d | kb + r, By (4)  d | kb +( a mod b ) * d | kb and d |[ kb + ( a mod b )]  d| ( a mod b )

22 Finding the GCD algorithm EUCLID( a, b ) EUCLID( a, b ) 1. A  a ; B  b 2. if B = 0 return A = gcd( a, b ) 3. R = A mod B 4. A  B 5. B  R 6. goto 2 gcd(55, 22)

4.4 Finite Fields of the Form GF( p ) Finite Fields: Finite Fields: 若 F 是一個 Field 且只有有限多個元素 若 F 是一個 Field 且只有有限多個元素 GF: Galois field GF: Galois field In honor of the mathematician who first studied finite fields. In honor of the mathematician who first studied finite fields. 23

Évariste Galois 法語發音 [eva ʀ ist galwa] 法語發音 [eva ʀ ist galwa] 法語發音 法語發音 1811 ~ 1832 (aged 20) France 1811 ~ 1832 (aged 20) France Mathematics : Mathematics : theory of equations 「方程式論」 and Abelian integrals 「亞培爾積分」 24 Two special cases of GF( p n ) Two special cases of GF( p n ) (1) For n = 1, GF( p ); (2) GF(2 n ). Prime p ： Prime p ： Prime p ： Prime p ： a prime number is an integer whose only positive integer factors are itself and 1. a prime number is an integer whose only positive integer factors are itself and 1. Prime p ： Prime p ： Prime p ： Prime p ： a prime number is an integer whose only positive integer factors are itself and 1. a prime number is an integer whose only positive integer factors are itself and 1. {G, ·} {G, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative

25 GF( p ) (1) Finite Field (1) Finite Field (2) Multiplicative inverse ( w  1 ) (2) Multiplicative inverse ( w  1 ) For each w  Z p, w  0, there exists a z  Z p such that w  z  1 (mod p ) w  w  1  1 (mod p )

26 Prime p 在 modulo 的特性 Equation 4-5 Equation 4-5 if ( a  b )  ( a  c ) (mod p ) then b  c (mod p ) Ex: ( 4  3)  (4  10) (mod 7) then 3  10 (mod 7) (( a  1 )  a  b )  (( a  1 )  a  c ) (mod p ) (( a  1 )  a  b )  (( a  1 )  a  c ) (mod p )  b  c (mod p ) ( 2  4  3)  (2  4  10) (mod 7) then 3  10 (mod 7) ( 2  4  3)  (2  4  10) (mod 7) then 3  10 (mod 7) Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n

27 GF(2) The simplest finite field is GF(2). Its arithmetic operations are easily summarized: The simplest finite field is GF(2). Its arithmetic operations are easily summarized: AdditionMultiplicationInverses In this case, addition is equivalent to the exclusive-OR (XOR) operation, and multiplication is equivalent to the logical AND operation. In this case, addition is equivalent to the exclusive-OR (XOR) operation, and multiplication is equivalent to the logical AND operation.

28 Table 4.3. Arithmetic in GF(7)

計算乘法反元素 輾轉相除法 輾轉相除法  求兩數 最大公因數， 若 (a, b)=1 ，稱 a, b 兩數是互質的 (relatively prime) 若 (a, b)=1 ，稱 a, b 兩數是互質的 (relatively prime) 利用計算展轉相除時的中間數字 利用計算展轉相除時的中間數字 ,7 7/5=1 5  1=5 7-5=2 2,5 5/2=2 2  2=4 5-4=1 1,2 2/1=2 1  2=2 2-2=0

30 Finding the Multiplicative Inverse in GF( p ) EXTENDED EUCLID(m, b) EXTENDED EUCLID(m, b) 1. (A1, A2, A3)  (1, 0, m); (B1, B2, B3)  (0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); 沒有反元素 3. if B3 = 1 return B3 = gcd(m, b); B2 = b  1 mod m 4. Q =  A3/B3  5. (T1, T2, T3)  (A1  QB1, A2  QB2, A3  QB3) 6. (A1, A2, A3)  (B1, B2, B3) 7. (B1, B2, B3)  (T1, T2, T3) 8. goto 2

A B T  (1  0) =1 0  (1  1) =-1 7  (1  5) =2 =7/5=1 A[i] = B[i]; B[i] = T[i]; T[i] = A[i]  (Q*B[i]); 0  (2  1) =-2 1  (2  -1) =3 5  (2  2) =1 =5/2= =2/1=2 1  (2  -2) =5 -1  (2  -3) =5 2  (2  1) =0 )) Q  Q = A[2]/B[2]; 550 判斷 B3 是否為 0 或 1 A B T )) Q 

A B T )) Q  550 在透過求 gcd(7, 5) 的整個計算 過程中，下面關係式會成立： 7T[0] + 5T[1] = T[2] 7A[0] + 5A [1] = A [2] 7B[0] + 5B [1] = B [2] 若 gcd(7, 5) =1 ， 最後結果 B[2]=0, A[2]=1 在前一步驟中 B[2]=1 ， 可得到 7B[0] + 5B [1] = B[2] 7B[0] + 5B [1] = 1 5B [1] = 1 +(-B[0])  7 5B [1]  1 (mod 7) If gcd( m, b ) = 1 1. m B1 + b B2 = B3 2. m B1 + b B2 = 1 3. b B2 = 1 + m B1 4. b B2  1 mod m

33 Table 4.4. Finding the Multiplicative Inverse of 550 in GF(1759) gcd(1759, 550) = 1 gcd(1759, 550) = 1 The multiplicative inverse of 550 is 355; that is, 550  335  1 (mod 1759). The multiplicative inverse of 550 is 355; that is, 550  335  1 (mod 1759).

4.5 Polynomial Arithmetic 34 GF(2 n ) 透過方程式運算 1. 方程式的運算 1. 方程式的運算 2. Finite 方程式運算 2. Finite 方程式運算 系數都在一定範圍 系數都在一定範圍 方程式次方也在一定範圍 方程式次方也在一定範圍

Ordinary Polynomial Arithmetic A polynomial of degree n (integer n  0) A polynomial of degree n (integer n  0) f ( x ) = a n x n + a n  1 x n  1 + … + a 1 x + a 0 = where the a i are elements of some designated set of numbers S, called the coefficient set, and a n  0. We say that such polynomials are defined over the coefficient set S. where the a i are elements of some designated set of numbers S, called the coefficient set, and a n  0. We say that such polynomials are defined over the coefficient set S. 35

A zeroth-degree polynomial is called a constant polynomial and is simply an element of the set of coefficients. A zeroth-degree polynomial is called a constant polynomial and is simply an element of the set of coefficients. f ( x ) = 2 An n th-degree polynomial is said to be a monic polynomial if a n = 1. 「首一多項式」 An n th-degree polynomial is said to be a monic polynomial if a n = 1. 「首一多項式」 f ( x ) = x 3 + x Some example

Polynomial Addition and Subtraction Addition and subtraction are performed by adding or subtracting corresponding coefficients. f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m f ( x ) ± g ( x ) = f ( x ) ± g ( x ) = 37 Ex ： f ( x ) = x 3 + x and g ( x ) = x 2  x + 1 x 3 + x x 3 + x ( x 2  x + 1)  ( x 2  x + 1) x x 2  x + 3 x 3 + x + 1 (a) Addition (b) Subtraction

Polynomial Multiplication f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m f ( x )  g ( x ) = f ( x )  g ( x ) = where c k = a 0 b k + a 1 b k  1 + … + a k  1 b 1 + a k b 0 38 x 3 + x x 3 + x  ( x 2  x + 1)  ( x 2  x + 1) x 3 + x x 3 + x  x 4  x 3  2 x  x 4  x 3  2 x x 5 + x 4 +2 x 2 x 5 +3 x 2  2 x + 2 (c) Multiplication

Polynomial Division The division 5/3 ? The division 5/3 ? 運算後系數都在一定範圍 運算後系數都在一定範圍  符合 field F 39 f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m x + 2 x + 2 x 2  x + 1 x 3 + x x 2  x + 1 x 3 + x x 3  x 2 + x x 3  x 2 + x 2 x 2  x x 2  x x 2  2 x x 2  2 x + 2 x x (d) Division (d) Division

40 Consider the division 5/3 within a set S. (1) (1) If S is the set of rational numbers, is a field. The result is simply expressed as 5/3 and is an element of S. (2) Now suppose that S is the field Z 7. 5/3 = (5  3  1 ) mod 7 = (5  5) mod 7 = 4 (3 (3) If S is the set of integers, which is a ring but not a field. Then 5/3 produces a quotient of 1 and a remainder of 2. 5/3 = 1 + 2/3 5 = 1  Division is not exact over the set of integers.

Polynomial over GF(2) Addition Addition is equivalent to the XOR operation. Multiplication Multiplication is equivalent to the logical AND operation. Addition and subtraction Addition and subtraction are equivalent. are equivalent. mod 2: = 1  1 = 0; = 1  1 = 0; = 1  0 = 1; = 1  0 = 1; = 0  1 = = 0  1 = 

42 Figure 4.4. Examples of Polynomial Arithmetic over GF(2) f ( x ) = ( x 7 + x 5 + x 4 + x 3 + x + 1) g ( x ) = ( x 3 + x + 1) x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x ( x 3 + x + 1) + ( x 3 + x + 1) x 7 + x 5 + x 4 (a) Addition x 7 + x 5 + x 4 + x 3 + x + 1  ( x 3 + x + 1)  ( x 3 + x + 1) x 7 + x 5 + x 4 (b) Subtraction (b) Subtraction

43 x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1  ( x 3 + x + 1)  ( x 3 + x + 1) x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1 x 8 + x 6 + x 5 + x 4 + x 2 + x x 8 + x 6 + x 5 + x 4 + x 2 + x x 10 + x 8 + x 7 + x 6 + x 4 + x 3 x 10 + x 4 + x (c) Multiplication x x x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 x 7 + x 5 + x 4 x 3 + x + 1 x 3 + x + 1 x 3 + x + 1 (d) Division (d) Division

方程式次方在一定範圍內 x mod p  prime x mod p  prime f ( x ) mod m ( x )  prime polynomial. f ( x ) mod m ( x )  prime polynomial. irreducible polynomial irreducible polynomial if and only if m ( x ) cannot be expressed as a product of two polynomials, both over F, and both of degree lower than that of m ( x ). if and only if m ( x ) cannot be expressed as a product of two polynomials, both over F, and both of degree lower than that of m ( x ). Ex: f ( x ) = x 3 + x + 1. Ex: f ( x ) = x 3 + x + 1. The polynomial f ( x ) = x over GF(2) is reducible, x = ( x + 1)( x 3 + x 2 + x + 1) The polynomial f ( x ) = x over GF(2) is reducible, x = ( x + 1)( x 3 + x 2 + x + 1) 44

Finding the GCD of polynomial The polynomial c ( x ) is said to be the greatest common divisor of a ( x ) and b ( x ) if The polynomial c ( x ) is said to be the greatest common divisor of a ( x ) and b ( x ) if c ( x ) divides both a ( x ) and b ( x ); c ( x ) divides both a ( x ) and b ( x ); any divisor of a ( x ) and b ( x ) is a divisor of c ( x ). any divisor of a ( x ) and b ( x ) is a divisor of c ( x ). An equivalent definition is the following: An equivalent definition is the following: gcd[ a ( x ), b ( x )] is the polynomial of maximum degree that divides both a ( x ) and b ( x ). gcd[ a ( x ), b ( x )] is the polynomial of maximum degree that divides both a ( x ) and b ( x ). 方程式找 GCD 與乘法反元素 其方法皆與數值時相同 45

Finding the GCD of polynomial Algorithm Assumes that the degree of a(x) is greater than the degree of b(x). Then, to find gcd[a(x), b(x)], Assumes that the degree of a(x) is greater than the degree of b(x). Then, to find gcd[a(x), b(x)], EUCLID[a(x), b(x)] EUCLID[a(x), b(x)] 1. A(x)  a(x); B(x)  b(x) 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 3. R(x) = A(x) mod B(x) 4. A(x)  B(x) 5. B(x)  R(x) 6. goto 2 46

4.6 Finite Fields of the Form GF(2 n ) Z 8 和 GF(2 3 ) 大不同 1. Z 8 和 GF(2 3 ) 大不同 2.GF(2 n ) 透過方程式運算 2.GF(2 n ) 透過方程式運算 系數都在 0~(2 n － 1) 系數都在 0~(2 n － 1) 方程式次方不超過 n 方程式次方不超過 n

Z 8 和 GF(2 3 ) 大不同 48 Z8Z GF(2 3 ) x x + 1 x2x2x2x2 x 2 +1 x 2 + x x 2 + x integers that fit exactly into a given number of bits.

Addition in Z 8 and GF(2 3 ) 4949

Multipition in Z 8 and GF(2 3 ) 5050 In the multiplication table, the nonzero integers do not appear an equal number of times. 數值出現次數不平均： In the multiplication table, the nonzero integers do not appear an equal number of times.Integer Occurrences in Z Occurrences in GF(2 3 )

51 Inverse of Z 8 and GF(2 3 )

52 轉成 p n 個方程式 For p = 3 and n = 2, the 3 2 = 9 polynomials in the set are GF(3 2 ) 01 2xx +1 x +22x 2x 2 x +12 x For p = 2 and n = 3, the 2 3 = 8 the polynomials in the set are GF(2 3 )01X x + 1 x2x2x2x2 x 2 +1 x 2 + x x 2 + x

53 系數都在 0~(2 n － 1) 系數都在 0~(2 n － 1) Arithmetic on the coefficients is performed modulo 2. That is, we use the rules of arithmetic for the finite field Z 2. Arithmetic on the coefficients is performed modulo 2. That is, we use the rules of arithmetic for the finite field Z 2. 方程式次方不超過 n  mod m ( x ) 方程式次方不超過 n  mod m ( x ) If multiplication results in a polynomial of degree greater than n  1, then the polynomial is reduced modulo irreducible polynomial m ( x ) of degree n. If multiplication results in a polynomial of degree greater than n  1, then the polynomial is reduced modulo irreducible polynomial m ( x ) of degree n. That is, we divide by m ( x ) and keep the remainder. That is, we divide by m ( x ) and keep the remainder. For a polynomial f ( x ), the remainder is expressed as r ( x ) = f ( x ) mod m ( x ). GF(2 n ) 透過方程式運算 : 需符合

54 irreducible polynomial m ( x ) An irreducible n th-degree polynomial m ( x ) satisfies ： the highest power is some integer n An irreducible n th-degree polynomial m ( x ) satisfies ： the highest power is some integer n Isomorphic 「同形的」或「同構」： Isomorphic 「同形的」或「同構」： Any two finite-field structures of a given order have the same structure, but the representation, or labels, of the elements may be different. Any two finite-field structures of a given order have the same structure, but the representation, or labels, of the elements may be different. Ex: There are two irreducible polynomial of degree 3 for m ( x ) to construct the finite field GF(2 3 ): Ex: There are two irreducible polynomial of degree 3 for m ( x ) to construct the finite field GF(2 3 ): (1) x 3 + x (2) x 3 + x + 1

55 Table 4.6. Polynomial Arithmetic Modulo ( x 3 + x + 1)

56 Addition Consider the two polynomials in GF(2 8 ) from our earlier example: f(x) = x 6 + x 4 + x 2 + x + 1 and g(x) = x 7 + x + 1. Consider the two polynomials in GF(2 8 ) from our earlier example: f(x) = x 6 + x 4 + x 2 + x + 1 and g(x) = x 7 + x + 1. (polynomial notation)(binary notation)DEC {Hex} notation} (x 6 + x 4 + x 2 + x + 1) + (x 7 + x + 1) ( )  ( ) 87 {57} +131 {83} = x 7 + x 6 + x 4 + x 2 = ( )212 {D4}

57 Multiplication We will discuss the technique with reference to GF(2 8 ) using m ( x ) = x 8 + x 4 + x 3 + x + 1 We will discuss the technique with reference to GF(2 8 ) using m ( x ) = x 8 + x 4 + x 3 + x + 1 Equation 4-8 Equation 4-8 x 8 mod m ( x ) = [ m ( x )  x 8 ] = x 4 + x 3 + x +1 Equation 4-9 Equation 4-9 x  f ( x ) = ( b 7 x 9 + b 6 x 7 + b 5 x 6 + b 4 x 5 + b 3 x 4 + b 2 x 3 + b 1 x 2 + b 0 x ) mod m ( x ) ( b 7 x 9 + b 6 x 7 + b 5 x 6 + b 4 x 5 + b 3 x 4 + b 2 x 3 + b 1 x 2 + b 0 x ) mod m ( x ) Equation 4-10 Equation 4-10 x  f ( x ) = x  f ( x ) =

Multiplication example f ( x ) = x 6 + x 4 + x 2 + x + 1 ( ) f ( x ) = x 6 + x 4 + x 2 + x + 1 ( ) g ( x ) = x 7 + x + 1( ) g ( x ) = x 7 + x + 1( ) m ( x ) = x 8 + x 4 + x 3 + x + 1 求 f ( x )  g ( x ) mod m ( x ) = ？ m ( x ) = x 8 + x 4 + x 3 + x + 1 求 f ( x )  g ( x ) mod m ( x ) = ？ 58 ( ) x ( ) = ( ) ( ) x ( ) = ( ) ( ) x ( ) = ( )  ( ) = ( ) ( ) x ( ) = ( ) ( ) x ( ) = ( )  ( ) = ( ) ( ) x ( ) = ( ) ( ) x ( ) = ( ) ( ) x ( ) = ( ) = ( ) ( ) ( ) = ( ) = ( )  ( )  ( ) = ( ) which is equivalent to x 7 + x which is equivalent to x 7 + x x  f ( x ) = x  f ( x ) =

應用 With 8 bits have 0~255 With 8 bits have 0~ is not a prime 256 is not a prime  251 is a Field 251~255 would not be used. GF(2 8 ) is a Field, too. GF(2 8 ) is a Field, too. 59