Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:

Published byBrittney Dorsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:"— Presentation transcript:

1 Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background: Extension Finite Fields Network Security Design Fundamentals ET-IDA-082 13.04.2016, v33 Prof. W. Adi

2 Page : 2 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Eucledian Algorithm, Remainder Eucledian Algorithm, Remainder Greatest Common Divisor (gcd) Greatest Common Divisor (gcd) Group Theory, Rings, Finite Fields Group Theory, Rings, Finite Fields Element’s Order, Euler Theorem Element’s Order, Euler Theorem Prime Numbers Prime Numbers Prime Number Generation Prime Number Generation Extension Fields Extension Fields Outlines Mathematical Background In Discrete Mathematics, number theory part 1 part 2 part 3 part 4

3 Page : 3 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Representing information in security systems as “Vectors” (Efficient algebra for modern cryptography!) (101)  5 Element in GF(13) (1010101)  85 Element in GF(89) Large data blocks require large field modulus and hence more complex arithmetic Possible representation of data as vectors having entries from some GF: (3 2 7 8 5) Elements are from GF(13) ( 101 011 110 000 ) Elements are from GF(7) ( 125 012 327 523 ) Elements are from GF(673) Question: Can we construct an algebraic system with Operational arithmetic using such vector representation ? The answer is yes, by using extended finite fields

4 Page : 4 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Vector representation as a Polynomials over GF(2) A (x) = A(x) is a Polynomial over GF(2), a i  GF(2) Example : Polynomial A(x) = x 6 + x 5 + x 3 +1 over GF(2) Corresponding vector ( 1 1 0 1 0 0 1 ) Position 6 5 4 3 2 1 0 MSB LSB Example : Position 6 5 4 3 2 1 0 Vector ( 1 1 0 0 0 1 1 ) Corresp. Polynomial A(x) = x 6 + x 5 + x + 1

5 Page : 5 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Vector Arithmetic over GF(2) Addition: A(x) = 1 + x B(x) = 1 + x + x 3 A(x) + B(x) = x 3 ( as 1+1=2=0 in GF(2) ) A(x) + B(x) = 2 + 2x + x 3 Multiplication: A(x) B(x)= (1 + x) (1 + x + x 3 ) = 1(1 + x + x 3 ) + x(1 + x + x 3 ) = 1 + x + x 3 + x + x 2 + x 4 = 1 + x 2 + x 3 4 In binary form A(x)  0011 B(x)  1011 A(x) + B(x)  1000 In binary form B(x) 1011 A(x) 0011 1011 0000 A(x) * B(x) 0011101   

6 Page : 6 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 A polynomial g(x) of degree m over GF(2) ( a i  GF(2) ) irreducible polynomial Is said to be an irreducible polynomial if factorizing g(x) is not possible over GF(2) g(x) = Properties of irreducible polynomials periodeThe period e of g(x) is the smallest e such that x e = 1 [mod g(x)] The period e is actually the multiplicative order of x modulo g(x). e divides 2 m -1 primitive plynomial If e = 2 m -1, the irreducible polynomial is called a primitive plynomial The reciprocal of a polynomial is defined as g*(x) = x m g(1/x) (mirror polynomial) The period of a reciprocal irreducible polynomial g*(x) is equal to that of g(x) self-reciprocal irreducible polynomial If g*(x) = g(x), then g(x) is said to be a self-reciprocal irreducible polynomial (symmetric) (highest possible period is a divisor of 2 m/2 + 1 ) What is the use of such “Irreducible Polynomials” ? Field algebra on vectors requires Irreducible Polynomials! (Notice: A field on integers required a “prime number” ) Self-reciprocal Polynomial can not be primitive!

7 Page : 7 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 The ring of polynomials Z g(x) modulo an irreducible polynomial g(x) of degree m over GF(2) is an extension field with 2 m elements. This is assigned as GF( 2 m ). The ring of polynomials Z g(x) The ring of polynomials modulo irreducible g(x) is an extension field How to construct such algebraic systems? - Select g(x) as an irreducible polynomial and use it as a field modulus! Finding irreducible polynomials: There are corresponding theories and techniques similar to those of prime integers for testing and generating irreducible polynomial. (out of the scope of this lecture) The following is a full list of the irreducible polynomials over GF(2) up to degree 11.

8 Page : 8 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 List of all irreducible Polynomials over GF(2 ) up to degree 11 (all 1 Polynomial)

9 Page : 9 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Smallest Extension Field GF(2 2 ) : full operational algebra on vectors/polynomials g(x) = x 2 + x + 1= 111 is irreducible of degree m=2 over GF(2). g(x) is the modulus, therefore x 2 + x + 1 = 0 => x 2 = x + 1 GF(2 2 ) elements are : Addition and multiplication tables in GF(2 2 ) are:       011 0011 1101 101 1110 xx xx xx xxx xxx 011 00000 1011 011 1011 xx xx xxx xxx      00 0 01 1 10 x 11 1+x  0001 000111 01 10 11 10 11 10 01 00 10 0001 10 0010 0001 00 10 11 00 10 11 1000 01 00 01 1101 11 1011  (1+x) (1+x) = x 2 + 2x + 1 = x 2 + 1=(x+1)+1= x 2=0 Over GF(2). Renainder of division or divide: (x 2 +1) / (x 2 + x + 1) = 1 + x / (x 2 + x + 1)

10 Page : 10 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Non-zero elements in GF(2 m ) build a cyclic group. The multiplicative order of any element in GF(2 m ) is a divisor of 2 m -1. [ possible multiplicative orders are only the divisors of (2 m -1) ] Multiplicative order and primitive elements in GF (2 m ) A Primitive Element: Is the element having the highest possible multiplicative order = 2 m -1. The exponents of this element generate the whole group Number of existing primitive elements: is  (2 m -1) Number of elements having order k: is  (k)

11 Page : 11 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Given an extension field over GF(2) generated by the irreducible generator polynomial g(x) Of degree m, where g(x) = 1 + g 1 x 1 + g 2 x 2...+ g m x m. [all computations are modulo g(x) ] The result is GF(2 m ). Summary and selection of some extension field properties 1.Any non-zero element  in GF(2 m ) has a multiplicative inverse. Or in other words the 2 m –1 non-zero elements build a cyclic group under multiplication. Group’s order is 2 m -1. (inverse computation: by using the extended gcd for polynomials) 2.The multiplicative order of any element is a divisor of 2 m –1, the number of elements with order t is  (t) 3. For any non-zero element   GF(2 m ) the following holds  = 1 ( reason: the order of any element divides the group‘s order 2 m -1 ) 4. If ,   GF(2 m ) then : (  +  ) 2 =  2 +  2 or [f(x)] 2 = f(x 2 ) ( Notice : squaring is a linear operation in GF(2 m ) ( Notice : squaring is a linear operation in GF(2 m ) 2 m -1 In GF(2 m ) the following relationships hold:

12 Page : 12 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Example:Element’s order over an extension field Example: Element’s order over an extension field GF(2 4 ) Compute the exponents of the element x over GF(2 4 ) which is generated by the irreducible polynomial P(x)= (x 4 + x +1 ) Solution If P(x)= x 4 + x +1 is the modulus then it is equal to zero, that is x 4 + x +1 = 0, thus x 4 = x +1. the exponents of x in GF(2 4 ) are: x = x 0010mod (x 4 + x +1 ) x 2 = x 2 0100mod (x 4 + x +1 ) x 3 = x 3 1000mod (x 4 + x +1 ) x 4 = x 4 = x + 1 0011mod (x 4 + x +1 ) x 5 = x x 4 = x 2 +x 0110mod (x 4 + x +1 ) x 6 = x (x 2 +x)= x 3 +x 2 1100mod (x 4 + x +1 ) x 7 = x (x 3 +x 2 ) = ( x 4 +x 3 ) = x +1+x 3 1011mod (x 4 + x +1 ) x 8 = x 4 + x 2 +x = 1+x + x 2 +x = 1+x 2 0101mod (x 4 + x +1 ) x 9 = x 3 + x 1010mod (x 4 + x +1 ) x 10 = x 4 + x 2 = x +1 + x 2 0111mod (x 4 + x +1 ) x 11 = x 3 + x 2 +x 1110mod (x 4 + x +1 ) x 12 = x 4 + x 3 + x 2 = x +1+ x 3 + x 2 1111mod (x 4 + x +1 ) x 13 = x 4 + x 3 + x 2 +x = x 3 + x 2 + 1 1101mod (x 4 + x +1 ) x 14 = x 4 + x 3 + x= x+1+x 3 + x = x 3 +1 1001mod (x 4 + x +1 ) x 15 = x 4 + x = x + 1 + x = 1 0001mod (x 4 + x +1 ) Important notice: In GF (2 4 ): the order of any element Is a divisor of 2 4 -1=15 Divisors of 15 are 1, 3,5,15 !  The order can only be 1 or 3 or 5 or 15 ! The order of the element x is 15= 2 4 -1 => x is a primitive element msb lsb -> Ord (  i ) = k / gcd (i,k) Ord (x 1,2,4,7,8,11,13,14 ) = 15

13 Page : 13 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Hardware Architectures for Arithmetic in GF (2 n ) Addition Parallel Sequential

14 Page : 14 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 I(x)  … i(2), i(1), i(0) MSB h m h m-1 h 1 S 1 S S 0 S M-1 S m B (x) h 0 h 2 h 3 B (x) = H(x) ∙ I(x) Hardware Architectures for Arithmetic in GF (2 m ) Multiplication H(x)

15 Page : 15 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 g0g0 g1g1 g2g2 g0g0 g m-1 Hardware Architectures for Arithmetic in GF (2 m ) Division I(x) R(x) G(x) = Q(x) +

16 Page : 16 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Hardware Architectures for Arithmetic in GF (2 m ) Division and Multiplication Remainder

17 Page : 17 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Arithmetic in Z p(x),size (2 16 ) Example: Simultaneous Division and Multiplication S(x) = x 16 I(x) mod (1 + x 2 + x 15 + x 16 ) Multiply the data stream I(x) by x 16 and divide it simultaneously by (1 + x 2 + x 15 + x 16 ) The contents of the register after entering all I(x) bits is the rest of x 16 I(x) mod (1 + x 2 + x 15 + x 16 ) S(x) = x 16 I(x) mod (1 + x 2 + x 15 + x 16 )

18 Page : 18 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Example:Element’s order over an extension field Example: Element’s order over an extension field GF(2 3 ) Compute the exponents of the element x over GF(2 3 ) which is generated by the irreducible polynomial P(x)= (x 3 + x +1 ) Solution If P(x)= x 3 + x +1 is the modulus then it is equal to zero, that is x 3 + x +1 = 0, thus x 3 = x +1. the exponents of x in GF(2 3 ) are: x = x 010mod (x 3 + x +1 ) x 2 = x 2 100mod (x 3 + x +1 ) x 3 = x 3 = x + 1 011mod (x 3 + x +1 ) x 4 = x x 3 = x 2 + x 110mod (x 3 + x +1 ) x 5 = x x 4 = x 3 +x 2 = x + 1 + x 2 111mod (x 3 + x +1 ) x 6 = (x 3 ) 2 = (x+1) 2 = x 2 +1 101mod (x 3 + x +1 ) x 7 = x (x 2 +1) = ( x 3 +x ) = x+1 + x = 1 001mod (x 3 + x +1 ) Important notice: In GF (2 3 ): the order of any element Is a divisor of 2 3 -1=7 Divisors of 7 are 1, 7 !  The order can only be 1 or 7 ! The order of the element x is 7= 2 3 -1 => x is a primitive element + A possible hardware generator for the exponents of x. 0 10 x 0 x 1 x 2 Initial state = x = 010 LSB MSB x 0 =1 x 1 x 3 msb lsb x 8 = x

19 Page : 19 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 gcd Algorithm for Polynomials Start P 1 (x), P 2 (x) yes ? R(x)=R p 2 (x) [ P 1 (x)]=0 no P 1 (x)  P 2 P 2  R(x) gcd  c -1 P 2 (x) End PS: [ c -1 is the inverse of the leading coefficient of P 2 (x) ]

20 Page : 20 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Extended gcd Algorithm for Polynomials Start Divide P 1 (x) by P 2 (x) P 1 (x) / P 2 (x) = Q(x) + R(x) / P 2 (x) Input: P 1 (x), P 2 (x), P 2 (x)  0 Initialization: A 1 (x) =1, B 1 (x) =0 A 2 (x) =0, B 2 (x) =1 Find the leading coefficient c of P 2 (x) yes no gcd [ P 1 (x), P 2 (x) ] = A(x) P 1 (x) + B(x) P 2 (x)

21 Page : 21 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Solution: Compute gcd [ P 1 (x), P 2 (x) ] = A(x) P 1 (x) + B(x) P 2 (x) if gcd =1, then the inverse is B(x) Operating modulo x 4 + x + 1 : R [ (x) ( x 4 + x + 1) + ( x 2 + 1) ( x 3 + x + 1 ) ] = 1 R [ ( x 2 + 1) ( x 3 + x + 1 ) ] = 1 Example: Example: Compute the multiplicative inverse of x 3 + x + 1 modulo x 4 + x + 1 P 1 (x) A2(x)A1(x) P 2 (x) B2(x)B1(x)R(x)Qx) x 4 + x + 1x 3 + x + 1 1 0 0 1xx 2 + 1 x 3 + x + 1x 2 + 1 0 1 1 x1 1 1 0 – x. 1 = x x 1 – x. x = x 2 + 1 0 B2 = B1 – q B2 A2 = A1 – q A2 0 - x. 1= x gcd [ P 1 (x), P 2 (x) ] = (x) ( x 4 + x + 1) + ( x 2 + 1) ( x 3 + x + 1 ) = 1 ( x 4 + x + 1) => ( x 2 + 1)  ( x 3 + x + 1 ) -1 modulo ( x 4 + x + 1) ( x 4 + x + 1) Check: ( x 2 + 1) ( x 3 + x + 1 ) = x 5 + x 3 + x 2 + x 3 + x + 1  1 modulo ( x 4 + x + 1) x 4 + x + 1=0 x 4 = x + 1 x 5 = x 2 + x Extended gcd Algorithm:

22 Page : 22 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Some extension field properties GF (2 m ) as a vector space 6.If   GF(2 m ) is a root for g(x)=0, then are all the roots of g(x) ( Proof : direct application of 4) 7. If ( ) are linearly independent they build the normal basis for this GF(2 m ) 8.The multiplicative order of any element divides 2 m -1. period of g(x) 9.The order of the element x is called the period of g(x) (or the exponent to which g(x) belongs) primitive polynomial 10. The polynomial is called a primitive polynomial if the order of x is maximal=(2 m -1). self reciprocal 11. If g(x) = x m g(1/x) then the polynomial is called self reciprocal. The highest possible period of a self reciprocal irreducible polynomial is 2 m/2 + 1

23 Page : 23 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Arithmetic in GF (2 m ) is sometimes very attractive for practical hardware implementations Example: Normal Base representation (Massey-Omura) If  is a root of the field generating irreducible polynomial P(x) over GF(2), then  0  1  2  3...  m-1 build a Canonical Base for GF(2 m ). GF(2 m ) is equivalent to a vector space with dimension m: represent a base for a vector space if: = 0 If and only if b 0 = b 1 = b 2 =... = b m-1 = 0, (Base vectors are linearly independent). then represents the so called a Normal Base If however are linearly independent, Squaring is equal to ring rotation when using normal base: i.e if b = [b 0 b 1 b 2... b m-1 ] then: Or in normal base representation Example of squaring in a normal base system: If a = 10101 a 2 is = 11010

Download ppt "Page : 1 bfolieq.drw Technical University of Braunschweig IDA: Institute of Computer and Network Engineering  W. Adi 2011 Lecture-5 Mathematical Background:"

Similar presentations

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.

Finite Fields Rong-Jaye Chen. p2. Finite fields 1. Irreducible polynomial f(x)  K[x], f(x) has no proper divisors in K[x] Eg. f(x)=1+x+x 2 is irreducible.
BCH Codes Hsin-Lung Wu NTPU.

BCH Codes Hsin-Lung Wu NTPU.
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
Cryptography and Network Security

Cryptography and Network Security
More about Polynomials

More about Polynomials
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Information and Coding Theory Finite fields. Juris Viksna, 2015.

Information and Coding Theory Finite fields. Juris Viksna, 2015.
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
Introduction Polynomials

Introduction Polynomials
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.

Peter Lam Discrete Math CS.  Sometimes Referred to Clock Arithmetic  Remainder is Used as Part of Value ◦ i.e Clocks  24 Hours in a Day However, Time.
Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.
M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,

M. Khalily Dermany Islamic Azad University.  finite number of element  important in number theory, algebraic geometry, Galois theory, cryptography,
FINITE FIELDS 7/30 陳柏誠.

FINITE FIELDS 7/30 陳柏誠.
Cyclic codes 1 CHAPTER 3: Cyclic and convolution codes Cyclic codes are of interest and importance because They posses rich algebraic structure that can.

Cyclic codes 1 CHAPTER 3: Cyclic and convolution codes Cyclic codes are of interest and importance because They posses rich algebraic structure that can.
CPSC 3730 Cryptography and Network Security

CPSC 3730 Cryptography and Network Security
Information Security and Management 4. Finite Fields 8

Information Security and Management 4. Finite Fields 8
Cryptography and Network Security Introduction to Finite Fields.

Cryptography and Network Security Introduction to Finite Fields.
By: Hector L Contreras SSGT / USMC

By: Hector L Contreras SSGT / USMC

Similar presentations

Ads by Google