Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4. Finite Fields 書名: Cryptography and Network Security Principles and Practices, Fourth Edition 作者: By William Stallings 報告者:陳盈如 2008/04/03.

Published byVerity Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 4. Finite Fields 書名: Cryptography and Network Security Principles and Practices, Fourth Edition 作者: By William Stallings 報告者:陳盈如 2008/04/03."— Presentation transcript:

1 Chapter 4. Finite Fields 書名: Cryptography and Network Security Principles and Practices, Fourth Edition 作者: By William Stallings 報告者:陳盈如 2008/04/03

2 2 Outline 4.1 Groups, Rings, and Fields 4.2 Modular Arithmetic 4.3 The Euclidean Algorithm 4.4 Finite Fields of the Form GF( p ) 4.5 Polynomial Arithmetic 4.6 Finite Fields of the Form GF(2 n ) 4.7 Recommended Reading and Web Sites 4.8 Key Terms, Review Questions, and Problems

3 4.1 Groups, Rings, and Fields 3

4 4 Groups, Rings, and Fields Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. Groups, rings, and fields are the fundamental elements of a branch of mathematics known as abstract algebra, or modern algebra. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set. In abstract algebra, we are concerned with sets on whose elements we can operate algebraically; we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set.

5 5 Group 「群」 {G, ·} 一個集合 R 和一種二元運算 · (1) Closure: 「封閉性」 若 a, b  G 則 a · b  G. (2) Associative: 「結合率」 若 a, b, c  G 則 a · (b · c) = (a · b) · G. (3) Identity element: 「單位元素」 There is an element e in G such that a · e = e · a = a for all a in G. (4) Inverse element: 「反元素」 For each a in G there is an element a ' in G such that a · a ' = a ' · a = e. abelian group 「可換群」 abelian group 「可換群」 (5) Commutative: 「交換率」 a · b = b · a for all a, b in G. Ex: Z 在加法下是 group

6 6 Ring 「環」 {G, ·} {G, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative (1) Closure (2) Associative (*) Distributive laws: (*) Distributive laws: 「分配法則」 a(b + c) = ab + ac for all a, b, c in R. (a + b)c = ac + bc for all a, b, c in R. commutative ring commutative ring 「交換環」 (5) Commutative integral domain integral domain 「整環」或「整域」: 含乘法單位元的無零因子的交換環。 (3) Identity element (3) Identity element (*) No zero divisors: (*) No zero divisors: If a, b in R and ab = 0, then either a = 0 or b = 0. {R, +, ·} 一個集合 R 和兩種二元運算 {R, +, ·} 一個集合 R 和兩種二元運算 {R, +} {R, ·} {R, +, ·} 零因子 (zero divisor) : 設 b 是環中的非零元素,稱 a 為 左零因子,如果 ab = 0 ;同樣 可以定義右零因子。通稱零因子。 零因子 (zero divisor) : 設 b 是環中的非零元素,稱 a 為 左零因子,如果 ab = 0 ;同樣 可以定義右零因子。通稱零因子。

7 7 Field 「體」 Field 「體」 {G, ·} {R, +, ·} {F, +, ·} {G, ·} {R, +, ·} {F, +, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative (1) Closure (2) Associative (*) Distributive laws commutative ring (5) Commutative integral domain (3) Identity element (*) No zero divisors (4) Inverse element {F, +} {F, +, ·} {F, ·}

8 8 Figure 4.1. Group, Ring, and Field

9 4.2 Modular Arithmetic 9

10 10 4.2 Modular Arithmetic Equation 4-1 Equation 4-1 a = qn + r 0  r < n ; q =  a / n  a = qn + r 0  r < n ; q =  a / n  where  x  is the largest integer less than or equal to x. residue residue When the integer a is divided by the integer n, the remainder r is referred to as the residue. Equivalently, r = a mod n. When the integer a is divided by the integer n, the remainder r is referred to as the residue. Equivalently, r = a mod n. a =  a / n   n + ( a mod n ) a =  a / n   n + ( a mod n )

11 congruent modulo Two integers a and b are said to be congruent modulo n, Two integers a and b are said to be congruent modulo n, if ( a mod n ) = ( b mod n ). This is written as a  b (mod n ). 73  4 (mod 23) 21   9 (mod 10) 11

12 a = mb  b divides a  b | a a = mb  b divides a  b | a ( b is a divisor of a ) divisor 21 = 3  7  7|21 if a  b (mod n )  n |( b  a ) if a  b (mod n )  n |( b  a ) if a  0 (mod n )  n | b 1  3 (mod 2)  2|(3  1) = 2|2 12

13 Modular arithmetic exhibits the following properties: Modular arithmetic exhibits the following properties: 1. [( a mod n ) + ( b mod n )] mod n = ( a + b ) mod n 2. [( a mod n )  ( b mod n )] mod n = ( a  b ) mod n 3. [( a mod n )  ( b mod n )] mod n = (a  b ) mod n Ex: 11 mod 8 = 3; 15 mod 8 = 7 Ex: 11 mod 8 = 3; 15 mod 8 = 7 1. [(11 mod 8) + (15 mod 8)] mod 8 1. [(11 mod 8) + (15 mod 8)] mod 8 = (11 + 15) mod 8 2. [(11 mod 8)  (15 mod 8)] mod 8 2. [(11 mod 8)  (15 mod 8)] mod 8 = (11  15) mod 8 = (11  15) mod 8 3. [(11 mod 8)  (15 mod 8)] mod 8 3. [(11 mod 8)  (15 mod 8)] mod 8 = (11  15) mod 8 13

14 14 Equation 4-2 Equation 4-2 if ( a + b )  ( a + c ) (mod n ) then b  c (mod n ) (5 + 23)  (5 + 7)(mod 8) ; (5 + 23)  (5 + 7)(mod 8) ; 23  7 (mod 8) Equation 4-3 Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n Ex: ( 5  3)  (5  7) (mod 4) then 3  7 (mod 4) ( 6  3)  (6  7) (mod 8) then 3  7 (mod 8)

15 15 if a is relatively prime to n if a is relatively prime to n existence of a multiplicative inverse.  existence of a multiplicative inverse. (( a -1 ) ab )  (( a -1 ) ac )(mod n ) (( a -1 ) ab )  (( a -1 ) ac )(mod n ) b  c (mod n ) b  c (mod n ) The integers 6 and 8 are not relatively prime, since they have the common factor 2. We have the following: The integers 6 and 8 are not relatively prime, since they have the common factor 2. We have the following: 6 3 = 18  2 (mod 8) 6  3 = 18  2 (mod 8) 6 7 = 42  2 (mod 8) 6  7 = 42  2 (mod 8) Yet 3  7 (mod 8).

16 16 Table 4.1. Arithmetic Modulo 8 要推回 6  = 2(mod 8) 無唯一解 即乘法反元素不唯一

17 17 Table 4.2. Properties of Modular Arithmetic for Integers in Z n PropertyExpression Commutative laws ( w + x ) mod n = ( x + w ) mod n ( w  x ) mod n = ( x  w ) mod n Associative laws [( w + x ) + y ] mod n = [ w + ( x + y )] mod n [( w  x )  y ] mod n = [ w  ( x  y )] mod n Distributive laws [ w + ( x + y )] mod n = [( w  x ) + ( w  y )] mod n [ w + ( x  y )] mod n = [( w + x ) x ( w + y )] mod n Identities (0 + w ) mod n = w mod n (1 + w ) mod n = w mod n Additive inverse (- w ) For each w  Z n, there exists a z such that w + z  0 mod n Modular Arithmetic for Integers in Z n is a Ring.

18 4.3 The Euclidean Algorithm 18 最大公因數 最大公因數 Greatest Common Divisor Finding the GCD Finding the GCD

19 19 Greatest Common Divisor a = mb a = mb  nonzero b is defined to be a divisor of a for some m ( a, b, and m are integers) gcd( a, b ) = c gcd( a, b ) = c The positive integer c is said to be the greatest common divisor of a and b if The positive integer c is said to be the greatest common divisor of a and b if 1. c is a divisor of a and of b ; 1. c is a divisor of a and of b ; 2. any divisor of a and b is a divisor of c. 2. any divisor of a and b is a divisor of c. An equivalent definition : An equivalent definition : gcd( a, b ) = max[ k, such that k | a and k | b ] gcd( a, b ) = max[ k, such that k | a and k | b ] 12 :1,2,3,4,6,12 18 :1,2,3,6,9,18 gcd(12, 18) = 6 gcd(12, 18) = 6

20 gcd(60, 24) = gcd(60,  24) = 12 gcd(60, 24) = gcd(60,  24) = 12 we require the GCD be positive, we require the GCD be positive, gcd( a, b ) = gcd( a,  b ) = gcd(  a, b ) = gcd(  a,  b ). gcd( a, b ) = gcd( a,  b ) = gcd(  a, b ) = gcd(  a,  b ). In general, gcd( a, b ) = gcd(| a |, | b |). In general, gcd( a, b ) = gcd(| a |, | b |). gcd( a, 0) = | a | gcd( a, 0) = | a | all nonzero integers divide 0 all nonzero integers divide 0 gcd( p, q ) = 1 gcd( p, q ) = 1 Integers p and q are relatively prime Integers p and q are relatively prime gcd(8, 15) =1; gcd(8, 15) =1; 8  1, 2, 4, 8 15  1, 3, 5, 15 20 Some example 0 m a = mb 0 = m 0 = 0 = 0

21 21 Finding the GCD Equation 4-4 Equation 4-4 gcd( a, b ) = gcd( b, a mod b ) gcd(55, 22) gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22, 11) = gcd(22, 22mod11) = gcd(11, 0) =11 證明 : 令 d = gcd( a, b )  d | a (1) and d | b (2) 證明 : 令 d = gcd( a, b )  d | a (1) and d | b (2) a = kb + r  r (mod b )  b | a  r (3) a mod b = r (4) By (2) and (3)  d | a  r  d | kb By (1) and (3)  d | kb + r, By (4)  d | kb +( a mod b ) * d | kb and d |[ kb + ( a mod b )]  d| ( a mod b )

22 22 Finding the GCD algorithm EUCLID( a, b ) EUCLID( a, b ) 1. A  a ; B  b 2. if B = 0 return A = gcd( a, b ) 3. R = A mod B 4. A  B 5. B  R 6. goto 2 gcd(55, 22) 55 22 2 11 22 11 2 0 11 0

23 4.4 Finite Fields of the Form GF( p ) Finite Fields: Finite Fields: 若 F 是一個 Field 且只有有限多個元素 若 F 是一個 Field 且只有有限多個元素 GF: Galois field GF: Galois field In honor of the mathematician who first studied finite fields. In honor of the mathematician who first studied finite fields. 23

24 Évariste Galois 法語發音 [eva ʀ ist galwa] 法語發音 [eva ʀ ist galwa] 法語發音 法語發音 1811 ~ 1832 (aged 20) France 1811 ~ 1832 (aged 20) France Mathematics : Mathematics : theory of equations 「方程式論」 and Abelian integrals 「亞培爾積分」 24 Two special cases of GF( p n ) Two special cases of GF( p n ) (1) For n = 1, GF( p ); (2) GF(2 n ). Prime p : Prime p : Prime p : Prime p : a prime number is an integer whose only positive integer factors are itself and 1. a prime number is an integer whose only positive integer factors are itself and 1. Prime p : Prime p : Prime p : Prime p : a prime number is an integer whose only positive integer factors are itself and 1. a prime number is an integer whose only positive integer factors are itself and 1. {G, ·} {G, ·} (1) Closure (2) Associative (3) Identity element (4) Inverse element abelian group (5) Commutative

25 25 GF( p ) (1) Finite Field (1) Finite Field (2) Multiplicative inverse ( w  1 ) (2) Multiplicative inverse ( w  1 ) For each w  Z p, w  0, there exists a z  Z p such that w  z  1 (mod p ) w  w  1  1 (mod p )

26 26 Prime p 在 modulo 的特性 Equation 4-5 Equation 4-5 if ( a  b )  ( a  c ) (mod p ) then b  c (mod p ) Ex: ( 4  3)  (4  10) (mod 7) then 3  10 (mod 7) (( a  1 )  a  b )  (( a  1 )  a  c ) (mod p ) (( a  1 )  a  b )  (( a  1 )  a  c ) (mod p )  b  c (mod p ) ( 2  4  3)  (2  4  10) (mod 7) then 3  10 (mod 7) ( 2  4  3)  (2  4  10) (mod 7) then 3  10 (mod 7) Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n Equation 4-3 if ( a  b )  ( a  c ) (mod n ) then b  c (mod n ) if a is relatively prime to n

27 27 GF(2) The simplest finite field is GF(2). Its arithmetic operations are easily summarized: The simplest finite field is GF(2). Its arithmetic operations are easily summarized: AdditionMultiplicationInverses In this case, addition is equivalent to the exclusive-OR (XOR) operation, and multiplication is equivalent to the logical AND operation. In this case, addition is equivalent to the exclusive-OR (XOR) operation, and multiplication is equivalent to the logical AND operation.

28 28 Table 4.3. Arithmetic in GF(7)

29 計算乘法反元素 輾轉相除法 輾轉相除法  求兩數 最大公因數, 若 (a, b)=1 ,稱 a, b 兩數是互質的 (relatively prime) 若 (a, b)=1 ,稱 a, b 兩數是互質的 (relatively prime) 利用計算展轉相除時的中間數字 利用計算展轉相除時的中間數字 2571 45 212 2 0 5,7 7/5=1 5  1=5 7-5=2 2,5 5/2=2 2  2=4 5-4=1 1,2 2/1=2 1  2=2 2-2=0

30 30 Finding the Multiplicative Inverse in GF( p ) EXTENDED EUCLID(m, b) EXTENDED EUCLID(m, b) 1. (A1, A2, A3)  (1, 0, m); (B1, B2, B3)  (0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); 沒有反元素 3. if B3 = 1 return B3 = gcd(m, b); B2 = b  1 mod m 4. Q =  A3/B3  5. (T1, T2, T3)  (A1  QB1, A2  QB2, A3  QB3) 6. (A1, A2, A3)  (B1, B2, B3) 7. (B1, B2, B3)  (T1, T2, T3) 8. goto 2

31 2571 45 212 2 0 A B T 107 12 015 1  (1  0) =1 0  (1  1) =-1 7  (1  5) =2 =7/5=1 A[i] = B[i]; B[i] = T[i]; T[i] = A[i]  (Q*B[i]); 0  (2  1) =-2 1  (2  -1) =3 5  (2  2) =1 =5/2=2 -231 =2/1=2 1  (2  -2) =5 -1  (2  -3) =5 2  (2  1) =0 )) Q  Q = A[2]/B[2]; 550 判斷 B3 是否為 0 或 1 A B T )) Q 

32 A B T 107 12 015 -231 )) Q  550 在透過求 gcd(7, 5) 的整個計算 過程中,下面關係式會成立: 7T[0] + 5T[1] = T[2] 7A[0] + 5A [1] = A [2] 7B[0] + 5B [1] = B [2] 若 gcd(7, 5) =1 , 最後結果 B[2]=0, A[2]=1 在前一步驟中 B[2]=1 , 可得到 7B[0] + 5B [1] = B[2] 7B[0] + 5B [1] = 1 5B [1] = 1 +(-B[0])  7 5B [1]  1 (mod 7) If gcd( m, b ) = 1 1. m B1 + b B2 = B3 2. m B1 + b B2 = 1 3. b B2 = 1 + m B1 4. b B2  1 mod m

33 33 Table 4.4. Finding the Multiplicative Inverse of 550 in GF(1759) gcd(1759, 550) = 1 gcd(1759, 550) = 1 The multiplicative inverse of 550 is 355; that is, 550  335  1 (mod 1759). The multiplicative inverse of 550 is 355; that is, 550  335  1 (mod 1759).

34 4.5 Polynomial Arithmetic 34 GF(2 n ) 透過方程式運算 1. 方程式的運算 1. 方程式的運算 2. Finite 方程式運算 2. Finite 方程式運算 系數都在一定範圍 系數都在一定範圍 方程式次方也在一定範圍 方程式次方也在一定範圍

35 Ordinary Polynomial Arithmetic A polynomial of degree n (integer n  0) A polynomial of degree n (integer n  0) f ( x ) = a n x n + a n  1 x n  1 + … + a 1 x + a 0 = where the a i are elements of some designated set of numbers S, called the coefficient set, and a n  0. We say that such polynomials are defined over the coefficient set S. where the a i are elements of some designated set of numbers S, called the coefficient set, and a n  0. We say that such polynomials are defined over the coefficient set S. 35

36 A zeroth-degree polynomial is called a constant polynomial and is simply an element of the set of coefficients. A zeroth-degree polynomial is called a constant polynomial and is simply an element of the set of coefficients. f ( x ) = 2 An n th-degree polynomial is said to be a monic polynomial if a n = 1. 「首一多項式」 An n th-degree polynomial is said to be a monic polynomial if a n = 1. 「首一多項式」 f ( x ) = x 3 + x 2 + 2 36 Some example

37 Polynomial Addition and Subtraction Addition and subtraction are performed by adding or subtracting corresponding coefficients. f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m f ( x ) ± g ( x ) = f ( x ) ± g ( x ) = 37 Ex : f ( x ) = x 3 + x 2 + 2 and g ( x ) = x 2  x + 1 x 3 + x 2 + 2 x 3 + x 2 + 2 + ( x 2  x + 1)  ( x 2  x + 1) x 3 + 2 x 2  x + 3 x 3 + x + 1 (a) Addition (b) Subtraction

38 Polynomial Multiplication f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m f ( x )  g ( x ) = f ( x )  g ( x ) = where c k = a 0 b k + a 1 b k  1 + … + a k  1 b 1 + a k b 0 38 x 3 + x 2 + 2 x 3 + x 2 + 2  ( x 2  x + 1)  ( x 2  x + 1) x 3 + x 2 + 2 x 3 + x 2 + 2  x 4  x 3  2 x  x 4  x 3  2 x x 5 + x 4 +2 x 2 x 5 +3 x 2  2 x + 2 (c) Multiplication

39 Polynomial Division The division 5/3 ? The division 5/3 ? 運算後系數都在一定範圍 運算後系數都在一定範圍  符合 field F 39 f ( x ) = ; g ( x ) = ; n  m f ( x ) = ; g ( x ) = ; n  m x + 2 x + 2 x 2  x + 1 x 3 + x 2 + 2 x 2  x + 1 x 3 + x 2 + 2 x 3  x 2 + x x 3  x 2 + x 2 x 2  x + 2 2 x 2  x + 2 2 x 2  2 x + 2 2 x 2  2 x + 2 x x (d) Division (d) Division

40 40 Consider the division 5/3 within a set S. (1) (1) If S is the set of rational numbers, is a field. The result is simply expressed as 5/3 and is an element of S. (2) Now suppose that S is the field Z 7. 5/3 = (5  3  1 ) mod 7 = (5  5) mod 7 = 4 (3 (3) If S is the set of integers, which is a ring but not a field. Then 5/3 produces a quotient of 1 and a remainder of 2. 5/3 = 1 + 2/3 5 = 1  3 + 2 Division is not exact over the set of integers.

41 Polynomial over GF(2) Addition Addition is equivalent to the XOR operation. Multiplication Multiplication is equivalent to the logical AND operation. Addition and subtraction Addition and subtraction are equivalent. are equivalent. mod 2: 1 + 1 = 1  1 = 0; 1 + 1 = 1  1 = 0; 1 + 0 = 1  0 = 1; 1 + 0 = 1  0 = 1; 0 + 1 = 0  1 = 1. 0 + 1 = 0  1 = 1. 41 

42 42 Figure 4.4. Examples of Polynomial Arithmetic over GF(2) f ( x ) = ( x 7 + x 5 + x 4 + x 3 + x + 1) g ( x ) = ( x 3 + x + 1) x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1 + ( x 3 + x + 1) + ( x 3 + x + 1) x 7 + x 5 + x 4 (a) Addition x 7 + x 5 + x 4 + x 3 + x + 1  ( x 3 + x + 1)  ( x 3 + x + 1) x 7 + x 5 + x 4 (b) Subtraction (b) Subtraction

43 43 x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1  ( x 3 + x + 1)  ( x 3 + x + 1) x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1 x 8 + x 6 + x 5 + x 4 + x 2 + x x 8 + x 6 + x 5 + x 4 + x 2 + x x 10 + x 8 + x 7 + x 6 + x 4 + x 3 x 10 + x 4 + x 2 + 1 (c) Multiplication x 4 + 1 x 4 + 1 x 3 + x + 1 x 7 + x 5 + x 4 + x 3 + x + 1 x 7 + x 5 + x 4 x 7 + x 5 + x 4 x 3 + x + 1 x 3 + x + 1 x 3 + x + 1 (d) Division (d) Division

44 方程式次方在一定範圍內 x mod p  prime x mod p  prime f ( x ) mod m ( x )  prime polynomial. f ( x ) mod m ( x )  prime polynomial. irreducible polynomial irreducible polynomial if and only if m ( x ) cannot be expressed as a product of two polynomials, both over F, and both of degree lower than that of m ( x ). if and only if m ( x ) cannot be expressed as a product of two polynomials, both over F, and both of degree lower than that of m ( x ). Ex: f ( x ) = x 3 + x + 1. Ex: f ( x ) = x 3 + x + 1. The polynomial f ( x ) = x 4 + 1 over GF(2) is reducible, x 4 + 1 = ( x + 1)( x 3 + x 2 + x + 1) The polynomial f ( x ) = x 4 + 1 over GF(2) is reducible, x 4 + 1 = ( x + 1)( x 3 + x 2 + x + 1) 44

45 Finding the GCD of polynomial The polynomial c ( x ) is said to be the greatest common divisor of a ( x ) and b ( x ) if The polynomial c ( x ) is said to be the greatest common divisor of a ( x ) and b ( x ) if c ( x ) divides both a ( x ) and b ( x ); c ( x ) divides both a ( x ) and b ( x ); any divisor of a ( x ) and b ( x ) is a divisor of c ( x ). any divisor of a ( x ) and b ( x ) is a divisor of c ( x ). An equivalent definition is the following: An equivalent definition is the following: gcd[ a ( x ), b ( x )] is the polynomial of maximum degree that divides both a ( x ) and b ( x ). gcd[ a ( x ), b ( x )] is the polynomial of maximum degree that divides both a ( x ) and b ( x ). 方程式找 GCD 與乘法反元素 其方法皆與數值時相同 45

46 Finding the GCD of polynomial Algorithm Assumes that the degree of a(x) is greater than the degree of b(x). Then, to find gcd[a(x), b(x)], Assumes that the degree of a(x) is greater than the degree of b(x). Then, to find gcd[a(x), b(x)], EUCLID[a(x), b(x)] EUCLID[a(x), b(x)] 1. A(x)  a(x); B(x)  b(x) 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 3. R(x) = A(x) mod B(x) 4. A(x)  B(x) 5. B(x)  R(x) 6. goto 2 46

47 4.6 Finite Fields of the Form GF(2 n ) 47 1. Z 8 和 GF(2 3 ) 大不同 1. Z 8 和 GF(2 3 ) 大不同 2.GF(2 n ) 透過方程式運算 2.GF(2 n ) 透過方程式運算 系數都在 0~(2 n - 1) 系數都在 0~(2 n - 1) 方程式次方不超過 n 方程式次方不超過 n

48 Z 8 和 GF(2 3 ) 大不同 48 Z8Z8 01234567 GF(2 3 ) 01234567 01x x + 1 x2x2x2x2 x 2 +1 x 2 + x x 2 + x +1 000001010011100101110111 integers that fit exactly into a given number of bits.

49 Addition in Z 8 and GF(2 3 ) 4949

50 Multipition in Z 8 and GF(2 3 ) 5050 In the multiplication table, the nonzero integers do not appear an equal number of times. 數值出現次數不平均: In the multiplication table, the nonzero integers do not appear an equal number of times.Integer 1 2 3 4 5 6 7 1 2 3 4 5 6 7 Occurrences in Z 8 4 8 4 12 4 8 4 Occurrences in GF(2 3 ) 7 7 7 7 7 7 7

51 51 Inverse of Z 8 and GF(2 3 )

52 52 轉成 p n 個方程式 For p = 3 and n = 2, the 3 2 = 9 polynomials in the set are GF(3 2 ) 01 2xx +1 x +22x 2x 2 x +12 x +2 000102101112202122 For p = 2 and n = 3, the 2 3 = 8 the polynomials in the set are GF(2 3 )01X x + 1 x2x2x2x2 x 2 +1 x 2 + x x 2 + x +1 000001010011100101110111

53 53 系數都在 0~(2 n - 1) 系數都在 0~(2 n - 1) Arithmetic on the coefficients is performed modulo 2. That is, we use the rules of arithmetic for the finite field Z 2. Arithmetic on the coefficients is performed modulo 2. That is, we use the rules of arithmetic for the finite field Z 2. 方程式次方不超過 n  mod m ( x ) 方程式次方不超過 n  mod m ( x ) If multiplication results in a polynomial of degree greater than n  1, then the polynomial is reduced modulo irreducible polynomial m ( x ) of degree n. If multiplication results in a polynomial of degree greater than n  1, then the polynomial is reduced modulo irreducible polynomial m ( x ) of degree n. That is, we divide by m ( x ) and keep the remainder. That is, we divide by m ( x ) and keep the remainder. For a polynomial f ( x ), the remainder is expressed as r ( x ) = f ( x ) mod m ( x ). GF(2 n ) 透過方程式運算 : 需符合

54 54 irreducible polynomial m ( x ) An irreducible n th-degree polynomial m ( x ) satisfies : the highest power is some integer n An irreducible n th-degree polynomial m ( x ) satisfies : the highest power is some integer n Isomorphic 「同形的」或「同構」: Isomorphic 「同形的」或「同構」: Any two finite-field structures of a given order have the same structure, but the representation, or labels, of the elements may be different. Any two finite-field structures of a given order have the same structure, but the representation, or labels, of the elements may be different. Ex: There are two irreducible polynomial of degree 3 for m ( x ) to construct the finite field GF(2 3 ): Ex: There are two irreducible polynomial of degree 3 for m ( x ) to construct the finite field GF(2 3 ): (1) x 3 + x 2 + 1 (2) x 3 + x + 1

55 55 Table 4.6. Polynomial Arithmetic Modulo ( x 3 + x + 1)

56 56 Addition Consider the two polynomials in GF(2 8 ) from our earlier example: f(x) = x 6 + x 4 + x 2 + x + 1 and g(x) = x 7 + x + 1. Consider the two polynomials in GF(2 8 ) from our earlier example: f(x) = x 6 + x 4 + x 2 + x + 1 and g(x) = x 7 + x + 1. (polynomial notation)(binary notation)DEC {Hex} notation} (x 6 + x 4 + x 2 + x + 1) + (x 7 + x + 1) (01010111)  (10000011) 87 {57} +131 {83} = x 7 + x 6 + x 4 + x 2 = (11010100)212 {D4}

57 57 Multiplication We will discuss the technique with reference to GF(2 8 ) using m ( x ) = x 8 + x 4 + x 3 + x + 1 We will discuss the technique with reference to GF(2 8 ) using m ( x ) = x 8 + x 4 + x 3 + x + 1 Equation 4-8 Equation 4-8 x 8 mod m ( x ) = [ m ( x )  x 8 ] = x 4 + x 3 + x +1 Equation 4-9 Equation 4-9 x  f ( x ) = ( b 7 x 9 + b 6 x 7 + b 5 x 6 + b 4 x 5 + b 3 x 4 + b 2 x 3 + b 1 x 2 + b 0 x ) mod m ( x ) ( b 7 x 9 + b 6 x 7 + b 5 x 6 + b 4 x 5 + b 3 x 4 + b 2 x 3 + b 1 x 2 + b 0 x ) mod m ( x ) Equation 4-10 Equation 4-10 x  f ( x ) = x  f ( x ) =

58 Multiplication example f ( x ) = x 6 + x 4 + x 2 + x + 1 (01010111) f ( x ) = x 6 + x 4 + x 2 + x + 1 (01010111) g ( x ) = x 7 + x + 1(10000011) g ( x ) = x 7 + x + 1(10000011) m ( x ) = x 8 + x 4 + x 3 + x + 1 求 f ( x )  g ( x ) mod m ( x ) = ? m ( x ) = x 8 + x 4 + x 3 + x + 1 求 f ( x )  g ( x ) mod m ( x ) = ? 58 (01010111) x (00000001) = (01010111) (01010111) x (00000010) = (10101110) (01010111) x (00000100) = (01011100)  (00011011) = (01000111) (01010111) x (00001000) = (10001110) (01010111) x (00010000) = (00011100)  (00011011) = (00000111) (01010111) x (00100000) = (00001110) (01010111) x (01000000) = (00011100) (01010111) x (10000000) = (00111000) = (01010111) (10101110) (00111000) = (11000001) = (01010111)  (10101110)  (00111000) = (11000001) which is equivalent to x 7 + x 6 + 1. which is equivalent to x 7 + x 6 + 1. x  f ( x ) = x  f ( x ) =

59 應用 With 8 bits have 0~255 With 8 bits have 0~255 256 is not a prime 256 is not a prime  251 is a Field 251~255 would not be used. GF(2 8 ) is a Field, too. GF(2 8 ) is a Field, too. 59

Download ppt "Chapter 4. Finite Fields 書名: Cryptography and Network Security Principles and Practices, Fourth Edition 作者: By William Stallings 報告者:陳盈如 2008/04/03."

Similar presentations

Cryptography and Network Security, Finite Fields From Third Edition by William Stallings Lecture slides by Mustafa Sakalli so much modified..

Cryptography and Network Security, Finite Fields From Third Edition by William Stallings Lecture slides by Mustafa Sakalli so much modified..
Cryptography and Network Security

Cryptography and Network Security
布林代數的應用--- 全及項(最小項)和全或項(最大項)展開式

布林代數的應用--- 全及項(最小項)和全或項(最大項)展開式
密碼學與網路安全 第4章 有限體.

密碼學與網路安全 第4章 有限體.
Section 1.2 Describing Distributions with Numbers 用數字描述分配.

Section 1.2 Describing Distributions with Numbers 用數字描述分配.
Advanced Chemical Engineering Thermodynamics

Advanced Chemical Engineering Thermodynamics
1.1 線性方程式系統簡介 1.2 高斯消去法與高斯-喬登消去法 1.3 線性方程式系統的應用(-Skip-)

1.1 線性方程式系統簡介 1.2 高斯消去法與高斯-喬登消去法 1.3 線性方程式系統的應用(-Skip-)
Chap. 4: Finite Fields Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.

Chap. 4: Finite Fields Jen-Chang Liu, 2005 Adapted from lecture slides by Lawrie Brown.
代數概論 劉兆樑.

代數概論 劉兆樑.
1 10606: OPENING DOORS ? 題組: Problem Set Archive with Online Judge 題號: 10606: OPENING DOORS 解題者:侯沛彣 解題日期: 2006 年 6 月 11 日 題意: - 某間學校有 N 個學生,每個學生都有自己的衣物櫃.

: OPENING DOORS ? 題組: Problem Set Archive with Online Judge 題號: 10606: OPENING DOORS 解題者:侯沛彣 解題日期: 2006 年 6 月 11 日 題意: - 某間學校有 N 個學生,每個學生都有自己的衣物櫃.
Chapter 2 聯立線性方程式與矩陣. 2 2.1 緒言 線性方程式組 (systems of linear equations) 出現 在多數線性模式 (linear model) 中。根據以往解 題的經驗,讀者們也許已發現方程式的解僅與 該方程式的係數有關,求解的過程也僅與係數 的運算有關,只要係數間的相關位置不改變,

Chapter 2 聯立線性方程式與矩陣 緒言 線性方程式組 (systems of linear equations) 出現 在多數線性模式 (linear model) 中。根據以往解 題的經驗,讀者們也許已發現方程式的解僅與 該方程式的係數有關,求解的過程也僅與係數 的運算有關,只要係數間的相關位置不改變,
STAT0_sampling1 10.1 Random Sampling  母體: Finite population & Infinity population  由一大小為 N 的有限母體中抽出一樣本數為 n 的樣 本,若每一樣本被抽出的機率是一樣的,這樣本稱 為隨機樣本 (random sample)

STAT0_sampling Random Sampling  母體: Finite population & Infinity population  由一大小為 N 的有限母體中抽出一樣本數為 n 的樣 本,若每一樣本被抽出的機率是一樣的,這樣本稱 為隨機樣本 (random sample)
Cryptography and Network Security Chapter 4

Cryptography and Network Security Chapter 4
1 11082: Matrix Decompressing ★★★★☆ 題組: Contest Volumes with Online Judge 題號: 11082: Matrix Decompressing 解題者:蔡權昱、劉洙愷 解題日期: 2008 年 4 月 18 日 題意:假設有一矩陣 R*C,

: Matrix Decompressing ★★★★☆ 題組: Contest Volumes with Online Judge 題號: 11082: Matrix Decompressing 解題者:蔡權昱、劉洙愷 解題日期: 2008 年 4 月 18 日 題意:假設有一矩陣 R*C,
5.1 Rn上之長度與點積 5.2 內積空間 5.3 單範正交基底:Gram-Schmidt過程 5.4 數學模型與最小平方分析

5.1 Rn上之長度與點積 5.2 內積空間 5.3 單範正交基底:Gram-Schmidt過程 5.4 數學模型與最小平方分析
Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 4 Fourth Edition by William Stallings.
第一章 信號與系統初論 信號的簡介與DSP的處理方式。 系統特性與穩定性的判定方法。 以MATLAB驗證系統的線性、非時變、因果等特性。

第一章 信號與系統初論 信號的簡介與DSP的處理方式。 系統特性與穩定性的判定方法。 以MATLAB驗證系統的線性、非時變、因果等特性。
STAT0_corr1 二變數的相關性  變數之間的關係是統計研究上的一大目標  討論二分類變數的相關性,以列聯表來表示  討論二連續隨機變數時,可以作 x-y 散佈圖觀察它 們的關係強度  以相關係數來代表二者關係的強度.

STAT0_corr1 二變數的相關性  變數之間的關係是統計研究上的一大目標  討論二分類變數的相關性,以列聯表來表示  討論二連續隨機變數時,可以作 x-y 散佈圖觀察它 們的關係強度  以相關係數來代表二者關係的強度.
Introduction to Java Programming Lecture 17 Abstract Classes & Interfaces.

Introduction to Java Programming Lecture 17 Abstract Classes & Interfaces.
1 10232:Problem D: Bit-wise Sequence ★★★☆☆ 題組: Problem Set Archive with Online Judge 題號: 10232: Problem D: Bit-wise Sequence 解題者:李濟宇 解題日期: 2006 年 4 月 16.

:Problem D: Bit-wise Sequence ★★★☆☆ 題組: Problem Set Archive with Online Judge 題號: 10232: Problem D: Bit-wise Sequence 解題者:李濟宇 解題日期: 2006 年 4 月 16.

Similar presentations

Ads by Google