Data Security and Encryption (CSE348) 1. Lecture # 12 2.

Data Security and Encryption

(CSE348)

1

Lecture # 12

2

Review

– Number Theory– divisibility & GCD– modular arithmetic with integers– Euclid’s algorithm for GCD & Inverse

3

Group• Groups, rings, and fields are the fundamental

elements of a branch of mathematics

• known as abstract algebra, or modern algebra

• In abstract algebra, we are concerned with sets on whose elements we can operate algebraically

• That is, we can combine two elements of the set, perhaps in several ways, to obtain a third element of the set

4

Group• These operations are subject to specific rules, which

define the nature of the set

• By convention, the notation for the two principal classes of operations on set elements

• usually the same as the notation for addition and multiplication on ordinary numbers

• In abstract algebra, we are not limited to ordinary arithmetical operations

5

Group• A group G, denoted by {G, • }, is a set of elements

with a binary operation

• Denoted by •, that associates to each ordered pair (a, b) of elements in G an element (a • b) in G

• Such that the following axioms are obeyed: – Closure, Associative, Identity element, Inverse element

6

Group• we have used . as operator: could be addition +,

multiplication x or any other mathematical operator

• A group can have a finite (fixed) number of elements, or it may be infinite

• Integers (+ve, -ve and 0) using addition form an infinite abelian group

• So do real umbers using multiplication

7

Group• a set of elements or “numbers”– may be finite or infinite

• with some operation whose result is also in the set (closure)

• obeys:– associative law: (a.b).c = a.(b.c) – has identity e: e.a = a.e = a – has inverses a-1: a.a-1 = e

• if commutative a.b = b.a – then forms an abelian group

8

Cyclic Group

• Define exponentiation as repeated application of operator– example: a-3 = a.a.a

• and let identity be: e=a0

• a group is cyclic if every element is a power of some fixed element– ie b = ak for some a and every b in group

• a is said to be a generator of the group

9

Ring• Next describe a ring. We denote a Ring as {R,+,.}

• In essence, a ring is a set in which we can do addition, subtraction [a – b = a + (–b)]

• and multiplication without leaving the set

• and which obeys the associative and distributive laws

10

Ring• With respect to addition and multiplication

• The set of all n-square matrices over the real numbers form a ring

• The set of integers with addition & multiplication form an integral domain

11

Ring• a set of “numbers”

• with two operations (addition and multiplication) which form:

• an abelian group with addition operation

• and multiplication:– has closure– is associative– distributive over addition: a(b+c) = ab + ac

12

Ring• If multiplication operation is commutative, it forms a

commutative ring

• If multiplication operation has an identity and no zero divisors, it forms an integral domain

13

Field

• Lastly define a field, We denote a Field as {F,+,.}

• In essence, a field is a set in which we can do addition, subtraction, multiplication

• and division without leaving the set

• Division is defined with the following rule: a/b = a (b–1)

14

Field

• Examples of fields are: – rational numbers, real numbers, complex numbers

• Integers are NOT a field since there are no multiplicative inverses (except for 1)

15

Field

a set of numbers with two operations which form:

abelian group for addition abelian group for multiplication (ignoring 0) ring

have hierarchy with more axioms/lawsgroup -> ring -> field

16

Group, Ring, Field• As a memory aid

• Can use the acronym for groups: CAIN (Closure Associative Identity iNverse)

• Mostly we need to compute with Rings, if not Fields

• When we do arithmetic modulo a prime, we have a field

17

Group, Ring, Field• These are terms we use for different sorts of

"number systems“

• ones obeying different sets of laws

• From group to ring to field we get more and more laws being obeyed

• as shown here in Stallings Figure 4.2

18

Group, Ring, Field

19

Finite (Galois) Fields

• Infinite fields are not of particular interest in the context of cryptography

• However, finite fields play a crucial role in many cryptographic algorithms

• It can be shown that the order of a finite field (number of elements in the field) must be a positive power of a prime

20

Finite (Galois) Fields

• These are known as Galois fields

• In honor of the mathematician who first studied finite fields, & are denoted GF(p^n)

• We are most interested in the cases where either n=1 - GF(p), or p=2 - GF(2^n)

21

Finite (Galois) Fields

• Finite fields play a key role in cryptography

• can show number of elements in a finite field must be a power of a prime pn

• known as Galois fields denoted GF(pn)

• In particular often use the fields:– GF(p)– GF(2n)

22

Galois Fields GF(p)

• GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p

• These form a finite field– since have multiplicative inverses– find inverse with Extended Euclidean algorithm

• Hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

23

GF(7) Multiplication Example

0 1 2 3 4 5 6

0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6

2 0 2 4 6 1 3 5

3 0 3 6 2 5 1 4

4 0 4 1 5 2 6 3

5 0 5 3 1 6 4 2

6 0 6 5 4 3 2 1

24

GF(7) Multiplication Example

• Table 4.5 shows arithmetic operations in GF(7)

• This is a field of order 7 using modular arithmetic modulo 7

• As can be seen, it satisfies all of the properties required of a field (Figure 4.2)

25

GF(7) Multiplication Example

• Compare this table with Table 4.2

• In the latter case, we see that using modular arithmetic modulo 8, is not a field

26

Polynomial Arithmetic

• can compute using polynomialsf(x) = anxn + an-1xn-1 + … + a1x + a0 = ∑ aixi

• nb. not interested in any specific value of x• which is known as the indeterminate

• several alternatives available– ordinary polynomial arithmetic– poly arithmetic with coords mod p– poly arithmetic with coords mod p and

polynomials mod m(x)

27

Ordinary Polynomial Arithmetic

• Includes:• add or subtract corresponding coefficients• multiply all terms by each other• E.g

Let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1f(x) + g(x) = x3 + 2x2 – x + 3f(x) – g(x) = x3 + x + 1f(x) x g(x) = x5 + 3x2 – 2x + 2

28

Polynomial Arithmetic with Modulo Coefficients

• Consider variant where now when computing value of each coefficient

• Do the calculation modulo some value, usually a prime

• If the coefficients are computed in a field (eg GF(p)), then division on the polynomials is possible

• and we have a polynomial ring

29

Polynomial Arithmetic with Modulo Coefficients

• Are most interested in using GF(2)

• i.e. all coefficients are 0 or 1

• and any addition/subtraction of coefficients is done mod 2 (ie 2x is the same as 0x!)

• which is just the common XOR function

30

Polynomial Arithmetic with Modulo Coefficients

when computing value of each coefficient do calculation modulo some valueforms a polynomial ring

could be modulo any prime but we are most interested in mod 2

ie all coefficients are 0 or 1eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1

f(x) + g(x) = x3 + x + 1f(x) x g(x) = x5 + x2

31

Polynomial Division

• We can write any polynomial in the form of f(x) = q(x) g(x) + r(x)

• where division of f(x) by g(x) results in a quotient q(x) and remainder r(x)

• Can then extend the concept of divisors from the integer case

32

Polynomial Division

• and show that the Euclidean algorithm can be extended to find the greatest common divisor of two polynomials

• whose coefficients are elements of a field

33

Polynomial Division

• Define an irreducible (or prime) polynomial as one with no divisors other than itself & 1

• If compute polynomial arithmetic modulo an irreducible polynomial

• This forms a finite field, and the GCD & Inverse algorithms can be adapted for it

34

Polynomial Division

• can write any polynomial in the form:– f(x) = q(x) g(x) + r(x)– can interpret r(x) as being a remainder– r(x) = f(x) mod g(x)

• if have no remainder say g(x) divides f(x)• if g(x) has no divisors other than itself & 1 say it is

irreducible (or prime) polynomial• arithmetic modulo an irreducible polynomial forms a

field

35

Polynomial GCD

• We can extend the analogy between polynomial arithmetic over a field and integer arithmetic

• by defining the greatest common divisor as shown

• Here we discuss of arithmetic with ordinary polynomials

• Arithmetic operations are performed on polynomials using the ordinary rules of algebra– addition, subtraction, multiplication, division

36

Polynomial GCD

• Polynomial division is not allowed unless the coefficients are elements of a field

• Next, we discussed polynomial arithmetic in which the coefficients are elements of GF(p)

• In this case, polynomial addition, subtraction, multiplication, and division are allowed

• However, division is not exact; that is, in general division results in a quotient and a remainder

37

Polynomial GCD

• Finally, we showed that the Euclidean algorithm can be extended

• To find the greatest common divisor of two polynomials whose coefficients are elements of a field

• All of the material in this section provides a foundation

• Next the polynomials are used to define finite fields of order pn

38

Polynomial GCD

• can find greatest common divisor for polys– c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree

which divides both a(x), b(x)• can adapt Euclid’s Algorithm to find it:

Euclid(a(x), b(x)) if (b(x)=0) then return a(x); else return

Euclid(b(x), a(x) mod b(x));

• all foundation for polynomial fields as see next

39

Modular Polynomial Arithmetic

• Consider now the case of polynomial arithmetic with coordinates mod 2 and polynomials mod an irreducible polynomial m(x)

• That is Modular Polynomial Arithmetic uses the set S of all polynomials of degree n-1 or less over the field Zp

• With the appropriate definition of arithmetic operations, each such set S is a finite field

40

Modular Polynomial Arithmetic

• The definition consists of the following elements: 1. Arithmetic follows the ordinary rules of polynomial

arithmetic using the basic rules of algebra, with the following two refinements.

2. Arithmetic on the coefficients is performed modulo p.

3. If multiplication results in a polynomial of degree greater than n-1, then the polynomial is reduced modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder.

41

Modular Polynomial Arithmetic

• This forms a finite field

• And just as the Euclidean algorithm can be adapted to find the greatest common divisor of two polynomials

• The extended Euclidean algorithm can be adapted to find the multiplicative inverse of a polynomial

42

Modular Polynomial Arithmetic

• can compute in field GF(2n) – polynomials with coefficients modulo 2– whose degree is less than n– hence must reduce modulo an irreducible poly of

degree n (for multiplication only)• form a finite field• can always find an inverse– can extend Euclid’s Inverse algorithm to find

43

Using a Generator

• Equivalent definition of a finite field

• A generator g is an element whose powers generate all non-zero elements– in F have 0, g0, g1, …, gq-2

• Can create generator from root of the irreducible polynomial

• Then implement multiplication by adding exponents of generator

44

Computational Considerations

• key motivation for using polynomial arithmetic in GF(2n)

• That the polynomials can be represented as a bit string

• using all possible bit values

• and the calculations only use simple common machine instructions – addition is just XOR– and multiplication is shifts & XOR’s

45

Computational Considerations

• The shortcut for polynomial reduction comes from the observation

• That if in GF(2n) then irreducible poly g(x) has highest term xn

• and if compute xn mod g(x) answer is g(x)- xn

46

Computational Considerations

• since coefficients are 0 or 1, can represent any such polynomial as a bit string

• addition becomes XOR of these bit strings

• multiplication is shift & XOR– cf long-hand multiplication

• modulo reduction done by repeatedly substituting highest power with remainder of irreducible poly (also shift & XOR)

47

Computational Example

• Show here a few simple examples of addition,

• multiplication & modulo reduction in GF(23).

• The long form modulo reduction finds

p(x)=q(x).m(x)+r(x) with r(x) being the desired remainder

48

Computational Example

• In GF(23) have (x2+1) is 1012 & (x2+x+1) is 1112

• so addition is– (x2+1) + (x2+x+1) = x – 101 XOR 111 = 0102

• and multiplication is– (x+1).(x2+1) = x.(x2+1) + 1.(x2+1)

= x3+x+x2+1 = x3+x2+x+1 – 011.101 = (101)<<1 XOR (101)<<0 =

1010 XOR 101 = 11112

49

Computational Example

• Polynomial modulo reduction (get q(x) & r(x)) is

– (x3+x2+x+1 ) mod (x3+x+1) = 1.(x3+x+1) + (x2) = x2

– 1111 mod 1011 = 1111 XOR 1011 = 01002

50

Summary

• have considered:– Group– Ring– Field– finite fields GF(p)– polynomial arithmetic in general and in GF(2n)

51