Lectures #4

Finite Fields

CYS535 Network Security

Prepared By: Dr. Ihab ELAFF
 Chapter 4
Finite Fields
Introduction
• will now introduce finite fields
• of increasing importance in cryptography
▫ AES, Elliptic Curve, IDEA, Public Key
• concern operations on “numbers”
▫ what constitutes a “number”
▫ the type of operations and the properties
• start with concepts of groups, rings, fields from abstract
algebra
Definitions
Group
• An Group is a set “G”, together with an operation “.” (is
written as {G, . }) that combines any two elements “a”
and “b” of G to form another element of G, denoted
“a.b”.

• The symbol “.” is a general placeholder for a concretely

given operation.
• The operation symbol can be “+” or “x”.
 Group
• To qualify as an Group, the set and operation {G, . }, must
satisfy the following requirements :
▫ (A1) Closure: If a and b belong to G, then a · b is also in G.
▫ (A2)Associative: a · (b · c) = (a · b) · c for all a, b, c in G.
▫ (A3)Identity element: There is an element e in G such that a · e = e · a = a for all
a in G.
▫ (A4)Inverse element: For each a in G there is an element a' in G such that a · a'
= a' · a = e.
• A Group is said to be Abelian if it satisfies the following
additional condition:
▫ (A5)Commutative: a · b = b · a for all a, b in G.
 Group
Examples:
• The set of integers (positive, negative, and 0) under
addition is an abelian group.

• The set of nonzero real numbers under multiplication is an

abelian group.
Cyclic Group
• A group G is cyclic, if it was generated by single element.

• Ex1: If the group is {G, +}, for “a” as the group generator:
G = {…, -3a, -2a, -a, 0, a 2a, 3a, …}
(0 is the identity element for addition)

• Ex2: If the group is {G, x}, for “a” as the group generator:
G = {…, a-3, a-2, a-1, 1, a1 a2, a3, …}
(1 is the identity element for multiplication )
Cyclic Group
• Infinite Cyclic group {Z, +}
Ex: group of integers, where 1 is the group generator
Z = {… -3, -2, -1, 0, 1, 2, 3 ….}

• Finite Cyclic group {Z/nZ, +} (mod operator)

Ex: if 1 is the group generator and n=5
Z = {0,1, 2, 3, 4}
 Ring
• A Ring R, sometimes denoted by {R, +, x}, is a set of elements with
two binary operations, called addition and multiplication.

• A Ring is an Abelian group with additional operation.

• It follows all rules A1 to A5 and also the following rules:
▫ (M1) Closure under multiplication: If a and b belong to R, then ab is also in R.
▫ (M2) Associativity of multiplication: a(bc) = (ab)c for all a, b, c in R.
▫ (M3) Distributive laws: a(b + c) = ab + ac for all a, b, c in R.
▫ (a + b)c = ac + bc for all a, b, c in R..
Ring
• In essence, a Ring is a set in which we can do addition,
subtraction [a – b = a + (–b)], and multiplication without
leaving the set.

• With respect to addition and multiplication, the set of all n-

square matrices over the real numbers form a ring.
Ring
• A Ring is said to be Commutative if it satisfies the following
additional condition:
▫ (M4) Commutativity of multiplication: ab = ba for all a, b in R.

• A Commutative is said to be integral domain, if it satisfies the

following additional condition:
▫ (M5) Multiplicative identity: There is an element 1 in R such that
a1 = 1a = a for all a in R.
▫ (M6) No zero divisors: If a, b in R and ab = 0, then either a = 0 or
b = 0.
Field
• A Field is a Commutative group with the following additional
condition:

▫ (M7) Multiplicative inverse: For each a in F, except 0, there is an

element a-1 in F such that aa-1 = (a-1)a = 1.
Modular Arithmetic
• define modulo operator a mod n to be remainder
when a is divided by n
▫ e.g. 7 mod 3 = 1 ; 9 mod 5 = 4

• Ex:
▫ 11 mod 7 = 4
▫ -11 mod 7 = 3
Modular Arithmetic
• use the term congruence for: a ≡ b (mod n)
▫ when divided by n, a & b have same remainder
▫ eg. 100 ≡ 34 (mod 11)
▫ [100 mod 11 = 1 and 34 mod 11 = 1]

• b is called the residue of a mod n

▫ since with integers can always write: a = qn + b
• usually have 0 <= b <= n-1
(-12 mod 7)=(-5 mod 7)=(2 mod 7)=(9 mod 7)
Modulo 7 Example
...
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
...
all numbers in a column are equivalent (have same remainder) and
are called a residue class
Divisors
• say a non-zero number b divides a if for some m
have a=mb (a,b,m all integers)
▫ 0 ≡ a mod b
• that is b divides into a with no remainder
• denote this b|a
• and say that b is a divisor of a
• eg. all of 1,2,3,4,6,8,12,24 divide 24
Modular Arithmetic Operations
• has a finite number of values, and loops back from
either end
• modular arithmetic
▫ Can perform addition & multiplication
▫ Do modulo to reduce the answer to the finite set
• can do reduction at any point, ie
▫ a+b mod n = a mod n + b mod n
Modular Arithmetic
• can do modular arithmetic with any group of integers:
Zn = {0, 1, … , n-1}
• form a commutative ring for addition
• with an additive identity (Table 4.2)
• some additional properties
▫ if (a+b)≡(a+c) mod n then b≡c mod n
▫ but (ab)≡(ac) mod n then b≡c mod n only if a
is relatively prime to n
Modulo 8 Example

 Row = 6, Col = 5  6+5 = 11 mod 8 = 3

 Row = 4, Col = 4  4+4 = 8 mod 8 = 0
Modulo 8 Example

• Row = 5, Col = 2  5x2 = 10 mod 8 = 2

• Row = 4, Col = 4  4x4 = 16 mod 8 = 0
Greatest Common Divisor (GCD)
• a common problem in number theory
• GCD (a,b) of a and b is the largest number that divides
both a and b
▫ eg GCD(60,24) = 12
• often want no common factors (except 1) and hence
numbers are relatively prime
▫ eg GCD(8,15) = 1
▫ hence 8 & 15 are relatively prime
Euclid's GCD Algorithm
• an efficient way to find the GCD(a,b)
• uses theorem that:
▫ GCD(a,b) = GCD(b, a mod b)
• Euclid's Algorithm to compute GCD(a,b):
▫ A=a, B=b
▫ while B>0
 R = A mod B
 A = B, B = R
▫ return A
Example GCD(70,38)
Example GCD(1970,1066)

• Compute successive instances of GCD(a,b) = GCD(b,a mod b).

• Note this MUST always terminate since will eventually get a mod b = 0 (ie no
remainder left).
Galois Fields
• finite fields play a key role in many cryptography
algorithms
• can show number of elements in any finite field must be
a power of a prime number pn
• known as Galois fields
• denoted GF(pn)
• in particular often use the fields:
▫ GF(p)
▫ GF(2n)
Galois Fields GF(p)
• GF(p) is the set of integers {0,1, … , p-1} with arithmetic
operations modulo prime p
• these form a finite field
▫ since have multiplicative inverses
• hence arithmetic is “well-behaved” and can do addition,
subtraction, multiplication, and division without leaving
the field GF(p)
▫ Division depends on the existence of multiplicative inverses.
Finding Inverses
• Finding inverses for large P is a problem
• can extend Euclid’s algorithm:
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
Inverse of 550 in GF(1759)
Polynomial Arithmetic
• can compute using polynomials

• several alternatives available

▫ ordinary polynomial arithmetic
▫ poly arithmetic with coefficients mod p
▫ poly arithmetic with coefficients mod p and polynomials
mod another polynomial M(x)
• Motivation: use polynomials to model Shift and XOR
operations
Ordinary Polynomial Arithmetic
Ordinary Polynomial Arithmetic
Ordinary Polynomial Arithmetic
Polynomial Long Division Example.
Polynomial Arithmetic with Modulo
Coefficients
• when computing value of each coefficient, modulo some
value
• could be modulo any prime
• but we are most interested in mod 2
▫ ie all coefficients are 0 or 1
▫ eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1  (2x2 is removed)
f(x) x g(x) = x5 + x2  (2x4 +2x3 are removed)
Modular Polynomial Arithmetic
• Given any polynomials f,g, can write in the form:
▫ f(x) = q(x) g(x) + r(x)
▫ can interpret r(x) as being a remainder
▫ r(x) = f(x) mod g(x)
• if have no remainder say g(x) divides f(x)
• if g(x) has no divisors other than itself & 1 say it is irreducible
(or prime) polynomial
• irreducible polynomial is, roughly speaking, a polynomial that
cannot be factored into the product of two non-constant
polynomials.
• Modular polynomial arithmetic modulo an irreducible
polynomial forms a field
▫ Check the definition of a field
Modular Polynomial Arithmetic
There exist only two irreducible polynomials of degree 3 over
GF(2).

x3 + x + 1
x3 + x2 + 1.
Polynomial GCD
• can find greatest common divisor for polys
• GCD: the one with the greatest degree
▫ c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest degree which
divides both a(x), b(x)
▫ can adapt Euclid’s Algorithm to find it:
▫ EUCLID[a(x), b(x)]
1. A(x) = a(x); B(x) = b(x)
2. 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)]
3. R(x) = A(x) mod B(x)
4. A(x) ¨ B(x)
5. B(x) ¨ R(x)
6. goto 2
Modular Polynomial Arithmetic
• can compute in field GF(2n)
▫ polynomials with coefficients modulo 2
▫ whose degree is less than n
▫ Coefficients always modulo 2 in an operation
▫ hence must modulo an irreducible polynomial of degree n
(for multiplication only)
• form a finite field
• can always find an inverse
▫ can extend Euclid’s Inverse algorithm to find
Example GF(23)
Computational Considerations
• since coefficients are 0 or 1, can represent any such
polynomial as a bit string
• addition becomes XOR of these bit strings
• multiplication is shift & XOR
• modulo reduction done by repeatedly substituting
highest power with remainder of irreducible poly
(also shift & XOR)
End.