Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 4Chapter 4

IntroductionIntroduction

will now introduce finite fieldswill now introduce finite fields of increasing importance in cryptographyof increasing importance in cryptography

AES, Elliptic Curve, IDEA, Public KeyAES, Elliptic Curve, IDEA, Public Key concern operations on “numbers”concern operations on “numbers” start with concepts of groups, rings, fields start with concepts of groups, rings, fields

from abstract algebrafrom abstract algebra

GroupGroup

a set of elements or “numbers”a set of elements or “numbers” with some operation whose result is also with some operation whose result is also

in the set (closure) in the set (closure) obeys:obeys:

associative law:associative law: (a.b).c = a.(b.c)(a.b).c = a.(b.c) has identity has identity ee:: e.a = a.e = ae.a = a.e = a has inverses has inverses aa-1-1:: a.aa.a-1-1 = e = e

if commutative if commutative a.b = b.aa.b = b.a then forms an then forms an abelian groupabelian group

Cyclic GroupCyclic Group

define define exponentiationexponentiation as repeated as repeated application of operatorapplication of operator example:example: aa33 = a.a.a = a.a.a

and let identity be:and let identity be: e=e=aa00

a group is cyclic if every element is a a group is cyclic if every element is a power of some fixed elementpower of some fixed element ie ie b =b = aakk for some for some aa and every and every bb in group in group

aa is said to be a generator of the group is said to be a generator of the group

RingRing

a set of “numbers” a set of “numbers” with two operations (addition and multiplication) with two operations (addition and multiplication)

which form:which form: an abelian group with addition operation an abelian group with addition operation and multiplication:and multiplication:

has closurehas closure is associativeis associative distributive over addition:distributive over addition: a(b+c) = ab + aca(b+c) = ab + ac

if multiplication operation is commutative, it if multiplication operation is commutative, it forms a forms a commutative ringcommutative ring

FieldField

a set of numbers a set of numbers with two operations which form:with two operations which form:

abelian group for addition abelian group for addition abelian group for multiplication (ignoring 0) abelian group for multiplication (ignoring 0) ringring

have hierarchy with more axioms/lawshave hierarchy with more axioms/laws group -> ring -> fieldgroup -> ring -> field

Modular ArithmeticModular Arithmetic

define define modulo operatormodulo operator “ “a mod n”a mod n” to be to be remainder when a is divided by nremainder when a is divided by n

use the term use the term congruencecongruence for: for: a = b mod na = b mod n when divided by when divided by n,n, a & b have same remainder a & b have same remainder eg. 100 = 34 mod 11 eg. 100 = 34 mod 11

b is called a b is called a residueresidue of a mod n of a mod n since with integers can always write: since with integers can always write: a = qn + ba = qn + b usually chose smallest positive remainder as residueusually chose smallest positive remainder as residue

• ie. ie. 0 <= b <= n-10 <= b <= n-1 process is known as process is known as modulo reductionmodulo reduction

• eg. -12 mod 7 eg. -12 mod 7 == -5 mod 7 -5 mod 7 == 2 mod 7 2 mod 7 == 9 mod 7 9 mod 7

DivisorsDivisors

say a non-zero number say a non-zero number bb dividesdivides aa if for if for some some mm have have a=mba=mb ( (a,b,ma,b,m all integers) all integers)

that is that is bb divides into divides into aa with no remainder with no remainder denote this denote this b|ab|a and say that and say that bb is a is a divisordivisor of of aa eg. all of 1,2,3,4,6,8,12,24 divide 24 eg. all of 1,2,3,4,6,8,12,24 divide 24

Modular Arithmetic OperationsModular Arithmetic Operations

modular arithmetic is when do addition & modular arithmetic is when do addition & multiplication and modulo reduce answermultiplication and modulo reduce answer

can do reduction at any point, iecan do reduction at any point, ie a+b mod n = [a mod n + b mod n] mod na+b mod n = [a mod n + b mod n] mod n

Modular ArithmeticModular Arithmetic

can do modular arithmetic with any group of can do modular arithmetic with any group of integers: integers: ZZnn = {0, 1, … , n-1} = {0, 1, … , n-1}

form a commutative ring for additionform a commutative ring for addition note some peculiaritiesnote some peculiarities

if if (a+b)(a+b)=(a+c) mod n =(a+c) mod n

thenthen b=c mod n b=c mod n but if but if (a.b)(a.b)=(a.c) mod n =(a.c) mod n

thenthen b=c mod n b=c mod n only ifonly if a a is relatively prime tois relatively prime to n n

Modulo 8 Addition ExampleModulo 8 Addition Example+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 2 3 4 5 6 7 0

2 2 3 4 5 6 7 0 1

3 3 4 5 6 7 0 1 2

4 4 5 6 7 0 1 2 3

5 5 6 7 0 1 2 3 4

6 6 7 0 1 2 3 4 5

7 7 0 1 2 3 4 5 6

Greatest Common Divisor (GCD)Greatest Common Divisor (GCD)

a common problem in number theorya common problem in number theory GCD (a,b) of a and b is the largest number GCD (a,b) of a and b is the largest number

that divides evenly into both a and b that divides evenly into both a and b eg GCD(60,24) = 12eg GCD(60,24) = 12

often want often want no common factorsno common factors (except 1) (except 1) and hence numbers are and hence numbers are relatively primerelatively prime eg GCD(8,15) = 1eg GCD(8,15) = 1 hence 8 & 15 are relatively prime hence 8 & 15 are relatively prime

Euclidean AlgorithmEuclidean Algorithm

an efficient way to find the GCD(a,b)an efficient way to find the GCD(a,b) uses theorem that: uses theorem that:

GCD(a,b) = GCD(b, a mod b)GCD(a,b) = GCD(b, a mod b) Euclidean Algorithm to compute GCD(a,b) is: Euclidean Algorithm to compute GCD(a,b) is:

EUCLID(a,b)EUCLID(a,b)1. A 1. A = = a; B a; B = = b b 2. if B = 0 return A = gcd(a, b) 2. if B = 0 return A = gcd(a, b) 3. R = A mod B 3. R = A mod B 4. A = B 4. A = B 5. B 5. B = = R R 6. goto 26. goto 2

Example GCD(1970,1066)Example GCD(1970,1066)

1970 = 1 x 1066 + 904 1970 = 1 x 1066 + 904 gcd(1066, 904)gcd(1066, 904)1066 = 1 x 904 + 162 1066 = 1 x 904 + 162 gcd(904, 162)gcd(904, 162)904 = 5 x 162 + 94 904 = 5 x 162 + 94 gcd(162, 94)gcd(162, 94)162 = 1 x 94 + 68 162 = 1 x 94 + 68 gcd(94, 68)gcd(94, 68)94 = 1 x 68 + 26 94 = 1 x 68 + 26 gcd(68, 26)gcd(68, 26)68 = 2 x 26 + 16 68 = 2 x 26 + 16 gcd(26, 16)gcd(26, 16)26 = 1 x 16 + 10 26 = 1 x 16 + 10 gcd(16, 10)gcd(16, 10)16 = 1 x 10 + 6 16 = 1 x 10 + 6 gcd(10, 6)gcd(10, 6)10 = 1 x 6 + 4 10 = 1 x 6 + 4 gcd(6, 4)gcd(6, 4)6 = 1 x 4 + 2 6 = 1 x 4 + 2 gcd(4, 2)gcd(4, 2)4 = 2 x 2 + 0 4 = 2 x 2 + 0 gcd(2, 0)gcd(2, 0)

Galois FieldsGalois Fields

finite fields play a key role in cryptographyfinite fields play a key role in cryptography can show number of elements in a finite can show number of elements in a finite

field field mustmust be a power of a prime p be a power of a prime pnn

known as Galois fieldsknown as Galois fields denoted GF(pdenoted GF(pnn)) in particular often use the fields:in particular often use the fields:

GF(p)GF(p) GF(2GF(2nn))

Galois Fields GF(p)Galois Fields GF(p)

GF(p) is the set of integers {0,1, … , p-1} GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime pwith arithmetic operations modulo prime p

these form a finite fieldthese form a finite field hence arithmetic is “well-behaved” and hence arithmetic is “well-behaved” and

can do addition, subtraction, multiplication, can do addition, subtraction, multiplication, and division without leaving the field GF(p)and division without leaving the field GF(p)

GF(7) Multiplication Example GF(7) Multiplication Example

0 1 2 3 4 5 6

0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6

2 0 2 4 6 1 3 5

3 0 3 6 2 5 1 4

4 0 4 1 5 2 6 3

5 0 5 3 1 6 4 2

6 0 6 5 4 3 2 1

Polynomial ArithmeticPolynomial Arithmetic

can compute using polynomialscan compute using polynomialsff((xx) = a) = annxxnn + a + an-1n-1xxn-1n-1 + … + a + … + a11x + x + aa00 = ∑ a = ∑ aiixxii

Ordinary Polynomial ArithmeticOrdinary Polynomial Arithmetic

add or subtract corresponding coefficientsadd or subtract corresponding coefficients multiply all terms by each othermultiply all terms by each other egeg

let let ff((xx) = ) = xx33 + + xx22 + 2 and + 2 and gg((xx) = ) = xx22 – – x x + 1+ 1ff((xx) + ) + gg((xx) = ) = xx33 + 2 + 2xx22 – – x x + 3+ 3ff((xx) – ) – gg((xx) = ) = xx33 + + x x + 1+ 1ff((xx) x ) x gg((xx) = ) = xx55 + 3 + 3xx22 – 2 – 2x x + 2+ 2

Polynomial Arithmetic with Polynomial Arithmetic with Modulo CoefficientsModulo Coefficients

when computing value of each coefficient when computing value of each coefficient do calculation modulo some valuedo calculation modulo some value forms a polynomial ringforms a polynomial ring

could be modulo any primecould be modulo any prime but we are most interested in mod 2but we are most interested in mod 2

ie all coefficients are 0 or 1ie all coefficients are 0 or 1 eg. let eg. let ff((xx) = ) = xx33 + + xx22 and and gg((xx) = ) = xx22 + + x x + 1+ 1

ff((xx) + ) + gg((xx) = ) = xx33 + + x x + 1+ 1ff((xx) x ) x gg((xx) = ) = xx55 + + xx22

Modular Polynomial Modular Polynomial ArithmeticArithmetic

can compute in field GF(2can compute in field GF(2nn) ) polynomials with coefficients modulo 2polynomials with coefficients modulo 2 whose degree is less than nwhose degree is less than n hence must reduce modulo an irreducible poly hence must reduce modulo an irreducible poly

of degree n (for multiplication only)of degree n (for multiplication only) form a finite fieldform a finite field

Example GF(2Example GF(233))

Computational Computational ConsiderationsConsiderations

since coefficients are 0 or 1, can represent since coefficients are 0 or 1, can represent any such polynomial as a bit stringany such polynomial as a bit string

addition becomes XOR of these bit stringsaddition becomes XOR of these bit strings

modulo reduction done by repeatedly modulo reduction done by repeatedly substituting highest power with remainder substituting highest power with remainder of irreducible poly (also shift & XOR)of irreducible poly (also shift & XOR)

Computational ExampleComputational Example

in in GF(2GF(233) have ) have (x(x22+1) is 101+1) is 10122 & (x & (x22+x+1) is +x+1) is 11111122

so addition isso addition is (x(x22+1) + (x+1) + (x22+x+1) = x +x+1) = x 101 XOR 111 = 010101 XOR 111 = 01022