Chapter 4. Chapter 4. Finite FieldsFinite Fields

書名：書名： Cryptography and Network Security Cryptography and Network Security Principles and Practices, Fourth Principles and Practices, Fourth

EditionEdition作者：作者： By William StallingsBy William Stallings

報告者：陳盈如報告者：陳盈如 2008/04/032008/04/03

22

OutlineOutline

4.1 Groups, Rings, and Fields4.1 Groups, Rings, and Fields

4.2 Modular Arithmetic4.2 Modular Arithmetic

4.3 The Euclidean Algorithm4.3 The Euclidean Algorithm

4.4 Finite Fields of the Form GF(4.4 Finite Fields of the Form GF(pp))

4.5 Polynomial Arithmetic4.5 Polynomial Arithmetic

4.6 Finite Fields of the Form GF(24.6 Finite Fields of the Form GF(2nn))

4.7 Recommended Reading and Web 4.7 Recommended Reading and Web SitesSites

4.8 Key Terms, Review Questions, and 4.8 Key Terms, Review Questions, and ProblemsProblems

4.1 4.1 Groups, Rings, and FieldsGroups, Rings, and Fields

33

44

Groups, Rings, and FieldsGroups, Rings, and Fields

Groups, rings, and fields are the Groups, rings, and fields are the fundamental elements of a branch of fundamental elements of a branch of mathematics known as mathematics known as abstract abstract algebraalgebra, or , or modern algebramodern algebra. .

In abstract algebra, we are In abstract algebra, we are concerned with concerned with setssets on whose on whose elementselements we can we can operate operate algebraicallyalgebraically; we can ; we can combine two combine two elements of the setelements of the set, perhaps in , perhaps in several ways, to obtain a third several ways, to obtain a third element of the set. element of the set.

55

GroupGroup 「群」「群」{G, ·}{G, ·} 一個集合一個集合 RR 和一種二元運算和一種二元運算 ·· (1)(1) Closure:Closure: 「封閉性」「封閉性」

若若 aa, , bb G G 則則 aa · · bb G. G.(2)(2) Associative:Associative: 「結合率」「結合率」

若若 a, b, c a, b, c G G 則則 a · (b · c) = (a · b) · G.a · (b · c) = (a · b) · G.(3)(3) Identity element:Identity element: 「單位元素」「單位元素」

There is an element There is an element ee in G such that in G such that aa · · ee = = ee · · aa = = aa for all for all aa in G. in G.

(4)(4) Inverse element:Inverse element: 「反元素」「反元素」For each a in G there is an element For each a in G there is an element aa' '

in G in G such that such that aa · · aa' = ' = aa' · ' · aa = = ee.. abelian groupabelian group 「可換群」「可換群」(5)(5) Commutative:Commutative: 「交換率」「交換率」

a · b = b · a for all a, b in G.a · b = b · a for all a, b in G.Ex: Ex: ZZ 在加法下是在加法下是 group group

66

RingRing 「環」「環」 {G, ·} {G, ·} (1) (1) ClosureClosure(2) (2) AssociativeAssociative(3) (3) Identity elementIdentity element(4) (4) Inverse elementInverse elementabelian groupabelian group (5) (5) CommutativeCommutative

(1) (1) ClosureClosure(2) (2) AssociativeAssociative

(*) (*) Distributive laws:Distributive laws: 「分配法則」a(b + c) = ab + ac for all a, b, c a(b + c) = ab + ac for all a, b, c

in R. in R. (a + b)c = ac + bc for all a, b, c (a + b)c = ac + bc for all a, b, c

in R.in R.commutative ringcommutative ring 「交換環」(5) (5) CommutativeCommutative

integral domainintegral domain 「整環」或「整域」：含乘法單位元的無零因子的交換環。

(3) (3) Identity elementIdentity element (*) (*) No zero divisors:No zero divisors:

If If aa, , bb in R and in R and abab = 0, then either = 0, then either aa = 0 or = 0 or bb = 0. = 0.

{R, +, ·}{R, +, ·} 一個集合一個集合 RR 和兩種二元和兩種二元運算運算

{R, +} {R, +} {R, ·}{R, ·} {R, +, ·}{R, +, ·}

零因子 (zero divisor) ：設 b 是環中的非零元素，稱 a為左零因子，如果 ab = 0 ；同樣可以定義右零因子。通稱零因子。

77

FieldField「體」「體」 {G, ·} {G, ·} {R, +, ·} {R, +, ·} {F, +, {F, +,

·} ·} (1) (1) ClosureClosure(2) (2) AssociativeAssociative(3) (3) Identity elementIdentity element(4) (4) Inverse elementInverse elementabelian groupabelian group (5) (5) CommutativeCommutative

(1) (1) ClosureClosure(2) (2) AssociativeAssociative(*) (*) Distributive lawsDistributive lawscommutative ringcommutative ring(5) (5) CommutativeCommutativeintegral domainintegral domain (3) (3) Identity elementIdentity element(*) (*) No zero divisorsNo zero divisors

(4) (4) Inverse elementInverse element

{F, +} {F, +} {F, +, ·}{F, +, ·} {F, ·} {F, ·}

88

Figure 4.1. Group, Ring, and Figure 4.1. Group, Ring, and Field Field

4.2 4.2 Modular ArithmeticModular Arithmetic

99

1010

4.2 Modular Arithmetic4.2 Modular Arithmetic Equation 4-1 Equation 4-1

aa = = qnqn++rr 00 rr < <nn; ; qq = = aa//nn

where where xx is the largest integer less than or equal to is the largest integer less than or equal to xx..

residue residue When the integer When the integer aa is divided by the is divided by the

integer integer nn, the remainder , the remainder rr is referred is referred to as the to as the residueresidue. Equivalently, . Equivalently, rr = = aa mod mod nn..

aa = = aa//nn n n + (+ (aa mod mod nn))

congruent modulocongruent modulo

Two integers Two integers aa and and bb are said to are said to be be congruent modulo congruent modulo nn,,

if (if (aa mod mod nn) = () = (bb mod mod nn). This is ). This is written as written as a a bb (mod (mod nn).).

73 73 4 (mod 23) 4 (mod 23)

21 21 9 (mod 10)9 (mod 10)

1111

aa = = mbmb bb divides divides aa bb||aa

((bb is a is a divisor of of aa))

21 = 321 = 37 7 7|217|21

if if aa b b (mod (mod nn))nn|(|(bbaa))

if if aa 0 0 (mod (mod nn))nn||bb

1 1 3 (mod 2) 3 (mod 2) 2|(3 2|(3 1) = 2|2 1) = 2|21212

Modular arithmetic exhibits the Modular arithmetic exhibits the following properties:following properties:

1. 1. [([(aa mod mod nn) + () + (bb mod mod nn)] mod )] mod nn = ( = (aa + + bb) mod ) mod nn

2. 2. [([(aa mod mod nn) ) ( (bb mod mod nn)] mod )] mod n n = (= (a a bb) mod ) mod nn

3. 3. [([(aa mod mod nn) ) ( (bb mod mod nn)] mod )] mod nn = (a = (a bb) mod ) mod nn

Ex: 11 mod 8 = 3; 15 mod 8 = 7Ex: 11 mod 8 = 3; 15 mod 8 = 7

1. 1. [(11 mod 8) + (15 mod 8)] mod 8 [(11 mod 8) + (15 mod 8)] mod 8

= (11 + 15) mod 8= (11 + 15) mod 8

2. 2. [(11 mod 8) [(11 mod 8) (15 mod 8)] mod 8 (15 mod 8)] mod 8

= (11= (11 15) mod 8 15) mod 8

3. 3. [(11 mod 8) [(11 mod 8) (15 mod 8)] mod 8 (15 mod 8)] mod 8

= (11 = (11 15) mod 8 15) mod 81313

1414

Equation 4-2 Equation 4-2

if (if (aa + + bb) ) ( (aa + + cc) (mod ) (mod nn) ) then then bb cc (mod (mod nn))

(5 + 23) (5 + 23) (5 + 7)(mod 8) ; (5 + 7)(mod 8) ; 23 23 7 (mod 8) 7 (mod 8)

Equation 4-3 Equation 4-3

if (if (aa bb) ) ( (aa cc) (mod ) (mod nn) then ) then bb cc (mod (mod nn) ) if if aa is relatively prime to is relatively prime to nn

Ex:Ex:((5 5 3) 3) (5 (5 7) (mod 4) then 3 7) (mod 4) then 3 7 (mod 4) 7 (mod 4)

((6 6 3) 3) (6 (6 7) (mod 8) then 3 7) (mod 8) then 3 7 (mod 8) 7 (mod 8)

1515

if if aa is relatively prime to is relatively prime to nn existence of a multiplicative existence of a multiplicative inverse. inverse.

((((aa-1-1))abab) ) ( (((aa-1-1))acac)(mod )(mod nn)) bb cc (mod (mod nn))

The integers 6 and 8 are not The integers 6 and 8 are not relatively prime, since they have relatively prime, since they have the common factor 2. We have the the common factor 2. We have the following:following:

6 6 3 = 18 3 = 18 2 (mod 8) 2 (mod 8)6 6 7 = 42 7 = 42 2 (mod 8) 2 (mod 8)

Yet 3 Yet 3 7 (mod 8). 7 (mod 8).

1616

Table 4.1. Table 4.1. Arithmetic Arithmetic Modulo 8 Modulo 8

要推回 6 = 2(mod 8)無唯一解即乘法反元素不唯一

1717

Table 4.2. Properties of Modular Table 4.2. Properties of Modular Arithmetic for Integers in ZArithmetic for Integers in Znn

PropertyProperty ExpressionExpression

Commutative Commutative lawslaws

((ww + + xx) mod ) mod nn = ( = (xx + + ww) mod ) mod nn ((ww x x) mod ) mod nn = ( = (x x w w) mod ) mod nn

Associative Associative lawslaws

[([(ww + + xx) + ) + yy] mod ] mod nn = [ = [ww + ( + (xx + + yy)] mod )] mod nn [([(ww x x) ) y y] mod ] mod nn = [ = [ww ( (xx yy)] mod )] mod nn

Distributive Distributive lawslaws

[[ww + ( + (xx + + yy)] mod )] mod nn = [( = [(ww xx) + () + (w w yy)] )] mod mod nn [[ww + ( + (xx y y)] mod )] mod nn = [( = [(ww + + xx) x () x (ww + + yy)] )] mod mod nn

IdentitiesIdentities (0 + (0 + ww) mod ) mod nn = = ww mod mod nn (1 + (1 + ww) mod ) mod nn = = ww mod mod nn

Additive Additive inverse (-inverse (-ww))

For each For each ww Z Znn, there exists a , there exists a zz such that such that

ww + + zz 0 mod 0 mod nnModular Arithmetic for Integers in Zn is a Ring.

4.3 4.3 The Euclidean AlgorithmThe Euclidean Algorithm

1818

最大公因數最大公因數Greatest Common Divisor Greatest Common Divisor

Finding the GCDFinding the GCD

1919

Greatest Common DivisorGreatest Common Divisor aa = = mb mb

nonzero nonzero bb is defined to be a is defined to be a divisordivisor of of aa for some for some m m ((aa, , bb, and , and mm are integers) are integers)

gcd(gcd(aa, , bb) = ) = cc The The positive integer positive integer cc is said to be the is said to be the

greatest common divisor of greatest common divisor of aa and and b b ifif 1.1. c c is a divisor of is a divisor of aa and of and of bb; ; 2. any divisor of 2. any divisor of aa and and bb is a divisor of is a divisor of cc..

An equivalent definition :An equivalent definition : gcd(gcd(aa, , bb) = ) = maxmax[[kk, such that , such that kk||aa and and kk||bb]]

1212 :1,2,3,4,6,12 :1,2,3,4,6,12 18 :1,2,3,6,9,1818 :1,2,3,6,9,18 gcd(12, 18) = 6gcd(12, 18) = 6

gcd(60, 24) = gcd(60, gcd(60, 24) = gcd(60, 24) = 12 24) = 12 we require the GCD be positive, we require the GCD be positive, gcd(gcd(aa, , bb) = gcd() = gcd(aa, , bb) = gcd() = gcd(aa, , bb) = gcd() = gcd(aa, ,

bb).).In general, gcd(In general, gcd(aa, , bb) = gcd(|) = gcd(|aa|, ||, |bb|).|).

gcd(gcd(aa, 0) = |, 0) = |aa||all nonzero integers all nonzero integers dividedivide 0 0

gcd(gcd(pp, , qq) = 1 ) = 1 Integers Integers pp and and qq are relatively prime are relatively primegcd(8, 15) =1;gcd(8, 15) =1;

8 8 1, 2, 4, 81, 2, 4, 815151, 3, 5, 151, 3, 5, 15

2020

Some exampleSome example

0m

aa = = mbmb0 = 0 = mm00

= 0= 0

2121

Finding the GCDFinding the GCD Equation 4-4 Equation 4-4

gcd(gcd(aa, , bb) = gcd() = gcd(bb, , aa mod mod bb)) gcd(55, 22) gcd(55, 22)

= gcd(22, = gcd(22, 55 mod 2255 mod 22) = gcd(22, 11) ) = gcd(22, 11) = gcd(22, 22mod11) = gcd(11, 0) =11= gcd(22, 22mod11) = gcd(11, 0) =11

證明證明 : : 令令 dd = gcd( = gcd(aa, , bb) ) dd||aa (1)(1) and and dd||b b (2)(2)

aa = = kbkb + + r r rr (mod (mod bb) ) bb||aar r (3)(3)

aa mod mod bb = = r r (4)(4)

ByBy(2)(2) and and (3)(3)dd||aar r dd||kbkbByBy(1)(1) and and (3)(3)dd||kbkb + + r, r, ByBy(4)(4)dd||kbkb+(+(aa mod mod

bb))* * dd||kbkb and and dd|[|[kb kb + (+ (aa mod mod bb)] )] d|d|((aa mod mod bb))

2222

Finding the GCD algorithmFinding the GCD algorithm

EUCLID(EUCLID(aa, , bb))1. A1. Aaa; B ; B bb 2. if B = 0 2. if B = 0

return A = gcd(return A = gcd(aa, , bb) ) 3. R = A mod B 3. R = A mod B 4. A 4. A B B 5. B 5. B R R 6. goto 2 6. goto 2

gcd(55, 22) 55 22 2 11

22 11 2 0

11 0

4.4 4.4 Finite Fields Finite Fields

of the Form GF(of the Form GF(pp))

Finite Fields:Finite Fields: 若若 FF 是一個是一個 FieldField 且只有且只有有限多個有限多個元素元素

GF: GF: Galois fieldGalois field In honor of the mathematician who first In honor of the mathematician who first

studied finite fields.studied finite fields.2323

Évariste GaloisÉvariste Galois 法語發音[evaʀist galwa][evaʀist galwa]

1811 ~ 1832 (aged 20) France1811 ~ 1832 (aged 20) France Mathematics : Mathematics :

theory of equationstheory of equations 「方程式論」「方程式論」and and Abelian integralsAbelian integrals 「亞培爾積分」「亞培爾積分」

2424

Two special cases of GF(Two special cases of GF(ppnn))(1) For (1) For n n = 1, GF(= 1, GF(pp););(2) GF(2(2) GF(2nn). ). Prime Prime pp ：：

a prime number is an a prime number is an integer whose only integer whose only positive integer factors are positive integer factors are itself and 1. itself and 1.

Prime Prime pp ：：a prime number is an a prime number is an integer whose only integer whose only positive integer factors are positive integer factors are itself and 1. itself and 1.

{G, ·} {G, ·}

(1) (1) ClosureClosure

(2) (2) AssociativeAssociative(3) (3) Identity elementIdentity element(4) (4) Inverse elementInverse elementabelian groupabelian group (5) (5) CommutativeCommutative

2525

GF(GF(pp))

(1) Finite Field (1) Finite Field

(2) Multiplicative inverse (2) Multiplicative inverse ((ww11))

For each For each ww Z Zpp, , ww 0, 0,

there exists a z there exists a z Z Zpp such that such that

ww zz 1 (mod 1 (mod pp))

ww ww11 1 (mod 1 (mod pp))

2626

Prime Prime pp 在在 modulomodulo 的特性的特性 Equation 4-5 Equation 4-5

if (if (aa bb) ) ( (aa cc) (mod ) (mod pp) )

then then bb cc (mod (mod pp))

Ex: (Ex: (4 4 3) 3) (4 (4 10) (mod 7) then 3 10) (mod 7) then 3 10 (mod 7) 10 (mod 7) ((((aa11) ) aa bb) ) (( ((aa11) ) aa cc) (mod ) (mod pp))

bb cc (mod (mod pp)) ((22 4 4 3) 3) ( (22 4 4 10) (mod 10) (mod 77) then 3 ) then 3 10 10

(mod (mod 77))

Equation 4-3 Equation 4-3 if (if (aa bb) ) ( (aa cc) (mod ) (mod nn) then ) then bb cc

(mod (mod nn) ) if if aa is relatively prime to is relatively prime to nn

Equation 4-3 Equation 4-3 if (if (aa bb) ) ( (aa cc) (mod ) (mod nn) then ) then bb cc

(mod (mod nn) ) if if aa is relatively prime to is relatively prime to nn

2727

GF(2)GF(2) The simplest finite field is GF(2). Its The simplest finite field is GF(2). Its

arithmetic operations are easily arithmetic operations are easily summarized:summarized:

AdditionAddition MultiplicationMultiplication

InversesInverses

In this case, addition is equivalent to the In this case, addition is equivalent to the exclusive-OR (XOR) operation, and exclusive-OR (XOR) operation, and multiplication is equivalent to the logical multiplication is equivalent to the logical AND operation.AND operation.

2828

Table 4.3. Table 4.3. Arithmetic Arithmetic in GF(7) in GF(7)

計算乘法反元素計算乘法反元素 輾轉相除法輾轉相除法

求兩數 最大公因數，求兩數 最大公因數， 若若 (a, b)=1(a, b)=1 ，，稱稱 a,a, bb 兩數是互質的兩數是互質的(relatively prime)(relatively prime)

利用計算展轉相除時的中間數字利用計算展轉相除時的中間數字2 5 7 1

4 5

2 1 2

2

0

5,7

7/5=1

51=5

7-5=2

2,5

5/2=2

22=4

5-4=1

1,2

2/1=2

12=2

2-2=0

3030

Finding the Multiplicative Finding the Multiplicative Inverse in GF(Inverse in GF(pp) )

EXTENDED EUCLID(m, b)EXTENDED EUCLID(m, b) 1.1. (A1, A2, A3)(A1, A2, A3)(1, 0, m); (B1, B2, B3) (1, 0, m); (B1, B2, B3) (0, 1, b) (0, 1, b) 2.2. if B3 = 0 return A3 = gcd(m, b);if B3 = 0 return A3 = gcd(m, b); 沒有反元素沒有反元素3.3. if B3 = 1 return B3 = gcd(m, b); B2 = bif B3 = 1 return B3 = gcd(m, b); B2 = b11 mod mod

m m 4.4. Q = Q = A3/B3A3/B35.5. (T1, T2, T3) (T1, T2, T3) (A1 (A1QB1, A2 QB1, A2 QB2, A3 QB2, A3 QB3) QB3)6.6. (A1, A2, A3) (A1, A2, A3) (B1, B2, B3) (B1, B2, B3) 7.7. (B1, B2, B3) (B1, B2, B3) (T1, T2, T3) (T1, T2, T3) 8.8. goto 2goto 2

2 5 7 1

4 5

2 1 2

2

0A

B

T

1 0 7

1 -1 2

0 1 51(10

)

=1

0(11)

=-1

7(15)

=2

=7/5=1

A[i] = B[i];B[i] = T[i];

T[i] = A[i] (Q*B[i]);

0(21)

=-2

1(2-1)

=3

5(22)

=1

=5/2=2

-2 3 1 =2/1=2

1(2-2)

=5

-1(2-3)

=5

2(21)

=0

) QQ = A[2]/B[2];

5 5 0

判斷 判斷 B3 B3 是否為是否為 0 0 或 或 11

A

B

T

) Q

A

B

T

1 0 7

1 -1 2

0 1 5

-2 3 1) Q

5 5 0

•在透過求 gcd(7, 5) 的整個計算過程中，下面關係式會成立：

7T[0] + 5T[1] = T[2]7A[0] + 5A [1] = A [2]7B[0] + 5B [1] = B [2]

•若 gcd(7, 5) =1 ，•最後結果 B[2]=0, A[2]=1•在前一步驟中 B[2]=1 ， 可得到

7B[0] + 5B [1] = B[2]7B[0] + 5B [1] = 15B [1] = 1 +(-B[0]) 75B [1] 1 (mod 7)

If gcd(If gcd(mm, , bb) = 1) = 11.1.mmB1B1 ++ bbB2 = B3B2 = B32.2.mmB1B1 ++ bbB2 = 1B2 = 13.3.bbB2 = 1 + B2 = 1 + mmB1B14.4.bbB2 B2 1 mod 1 mod mm

3333

Table 4.4. Finding the Multiplicative Table 4.4. Finding the Multiplicative Inverse of 550 in GF(1759)Inverse of 550 in GF(1759)

gcd(1759, 550) = 1 gcd(1759, 550) = 1 The multiplicative inverse of 550 is 355; The multiplicative inverse of 550 is 355;

that is, 550 that is, 550 335 335 1 (mod 1759). 1 (mod 1759).

4.5 4.5 Polynomial ArithmeticPolynomial Arithmetic

3434

GF(2GF(2nn)) 透過方程式運算透過方程式運算 1.1. 方程式的運算方程式的運算 2. Finite2. Finite 方程式運算方程式運算

系數都在一定範圍系數都在一定範圍方程式次方也在一定範圍方程式次方也在一定範圍

Ordinary Polynomial Ordinary Polynomial ArithmeticArithmetic

A polynomial of degree A polynomial of degree n n (integer (integer nn 0) 0) ff((xx) = ) = aannxxnn + + aann11xxnn11 + + …… ++ a a11xx + + a a00

==

where the where the aaii are elements of some are elements of some designated set of numbers designated set of numbers SS, called , called the the coefficient setcoefficient set, and , and aann 0. We say 0. We say that such polynomials are defined that such polynomials are defined over the coefficient set over the coefficient set SS..

3535

n

ii

ixa0

A zeroth-degree polynomial is A zeroth-degree polynomial is called a called a constant polynomial constant polynomial and is simply an element of the and is simply an element of the set of coefficients. set of coefficients.

ff((xx) = 2) = 2

An An nnth-degree polynomial is th-degree polynomial is said to be a said to be a monic polynomialmonic polynomial if if aann = 1. = 1. 「「首一多項式首一多項式」」ff((xx) = ) = xx33 + + xx22 + 2 + 2

3636

Some exampleSome example

Polynomial Addition and Polynomial Addition and Subtraction Subtraction

Addition and subtraction are Addition and subtraction are performed by adding or subtracting performed by adding or subtracting corresponding coefficientscorresponding coefficients..

ff((xx) = ) = ; ; gg((xx) = ; ) = ; nn mm

ff((xx) ) ±± g g((xx) = ) =

3737

n

iii xa

0

m

iii xb

0

n

miii

m

iiii xaxba

10

)(

ExEx ：： ff((xx) = ) = xx33 + + xx22 + 2 and + 2 and gg((xx) = ) = xx22xx + 1+ 1 xx33 + + xx22 + 2 + 2 xx33 + + xx22 + 2 + 2

++ ( ( xx2 2 xx + 1) + 1) ( (xx2 2 xx + 1) + 1)xx33 + 2 + 2xx2 2 x x + 3 + 3 xx33 + + xx + 1 + 1(a) Addition (a) Addition (b) Subtraction (b) Subtraction

Polynomial MultiplicationPolynomial Multiplication

ff((xx) = ) = ; ; gg((xx) = ; ) = ; nn mm

ff((xx) ) g g((xx) =) =wherewhere c ckk= = aa00bbkk + + aa11bbkk1 1 ++ …… ++ a akk11bb11 + + aakkbb00

3838

n

iii xa

0

m

iii xb

0

mn

iii xc

0

xx33 + + xx22 + + 2 2

((xx2 2 xx + 1) + 1) xx33 + + xx22 + +

22 xx44 xx33 22xx

xx55 + + xx44 +2 +2xx22

xx55 +3 +3xx2 2 22x x + 2 + 2

(c) (c) Multiplication Multiplication

Polynomial DivisionPolynomial Division

The division 5/3The division 5/3 ??

運算後運算後系數都在一定範圍系數都在一定範圍 符合符合 field Ffield F

3939

ff((xx) = ) = ; ; gg((xx) = ; ) = ; nn mm

xx + + 2 2 xx2 2 xx + 1 + 1 xx33 + + xx22 + 2 + 2

xx3 3 xx22 + + xx

22xx2 2 xx + + 2 2

22xx2 2 22xx + + 2 2

xx (d) (d) DivisionDivision

n

iii xa

0

m

iii xb

0

4040

Consider the division 5/3 Consider the division 5/3 within a set S.within a set S.

(1) (1) If S is the set of rational numbers, is a field. The result is simply expressed as 5/3 and is an

element of S.

(2) Now suppose that S is the field Z7. 5/3 = (5 31) mod 7 = (5 5) mod 7 = 4

(3(3) If S is the set of integers, which is a ring but not a field. Then 5/3 produces a quotient of 1 and a

remainder of 2.5/3 = 1 + 2/35 = 1 3 + 2

Division is not exact over the set of integers.

Polynomial over GF(2)Polynomial over GF(2) AdditionAddition

is equivalent to the XOR operationis equivalent to the XOR operation.. MultiplicationMultiplication

is equivalent to the logical AND operationis equivalent to the logical AND operation.. Addition and Addition and subtractionsubtraction

are equivalent.are equivalent.

mod 2: mod 2: 1 + 1 = 11 + 1 = 11 = 0;1 = 0; 1 + 0 = 11 + 0 = 10 = 1; 0 = 1; 0 + 1 = 00 + 1 = 01 = 1. 1 = 1.

4141

4242

Figure 4.4. Examples of Figure 4.4. Examples of Polynomial Arithmetic over GF(2)Polynomial Arithmetic over GF(2)

ff((xx) = () = (xx77 + + xx55 + + xx44 + + xx33 + +xx + 1) + 1) gg((xx) = () = (xx33 + + xx + 1) + 1)

xx77 + + xx55 + + xx44 + + xx33 + +xx + 1+ 1

+ + ((xx33 + + xx + 1) + 1)

xx77 + + xx55 + + xx44 (a) Addition(a) Addition

xx77 + + xx55 + + xx44 + + xx33 + +xx + 1+ 1

((xx33 + +xx + + 1) 1)

xx77 + + xx55 + + xx44 (b) Subtraction(b) Subtraction

4343

xx77 + + xx55 + + xx44 + + xx33 + + xx + 1 + 1

((xx33 + + xx + 1) + 1) xx77 + + xx55 + + xx44 + + xx33 + + xx + 1 + 1

xx88 + + xx66 + + xx55 + + xx44 + +xx22 + + xx

xx1010 + + xx88 + + xx77 + + xx66 + +xx44 + + xx33

xx1010 + +xx44 + + xx2 2 + 1 + 1

(c) Multiplication(c) Multiplication

xx44 + 1 + 1

xx33 + + xx + 1 + 1 xx77 + + xx55 + + xx44 + + xx33 + + xx + 1 + 1

xx77 + + xx55 + + xx44

xx33 + + xx + 1 + 1

xx33 + + xx + 1 + 1

(d) Division(d) Division

方程式次方在一定範圍內方程式次方在一定範圍內 xx mod mod pp prime prime ff((xx) mod ) mod mm((xx) ) prime polynomialprime polynomial. .

irreducible polynomialirreducible polynomial if and only if if and only if mm((xx) cannot be expressed as a ) cannot be expressed as a

product of two polynomials, both over F, and product of two polynomials, both over F, and both of degree lower than that of both of degree lower than that of mm((xx).).

Ex: Ex: ff((xx) = ) = xx33 + + xx + 1. + 1.

The polynomialThe polynomial ff((xx) = ) = xx44 + 1 over GF(2) is + 1 over GF(2) is reduciblereducible, , xx44 + 1 = ( + 1 = (xx + 1)( + 1)(xx33 + + xx22 + + xx + 1) + 1)

4444

Finding the GCD of Finding the GCD of polynomialpolynomial

The polynomial The polynomial cc((xx) is said to be the ) is said to be the greatest common divisor of greatest common divisor of aa((xx) and ) and bb((xx) if) if cc((xx) divides both ) divides both aa((xx) and ) and bb((xx);); any divisor of any divisor of aa((xx) and ) and bb((xx) is a divisor of ) is a divisor of cc((xx).).

An equivalent definition is the following:An equivalent definition is the following: gcd[gcd[aa((xx), ), bb((xx)] is the polynomial of )] is the polynomial of maximum maximum

degree degree that divides both that divides both aa((xx) and ) and bb((xx).).

方程式找方程式找 GCDGCD 與乘法反元素與乘法反元素其方法皆與數值時相同其方法皆與數值時相同

4545

Finding the GCD of Finding the GCD of polynomial Algorithmpolynomial Algorithm

Assumes that the degree of a(x) is Assumes that the degree of a(x) is greater than greater than the degree of b(x). Then, the degree of b(x). Then, to find gcd[a(x), b(x)],to find gcd[a(x), b(x)],

EUCLID[a(x), b(x)] EUCLID[a(x), b(x)]

1. A(x) 1. A(x) a(x); B(x) a(x); B(x) b(x) b(x)

2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)]

3. R(x) = A(x) mod B(x)3. R(x) = A(x) mod B(x)

4. A(x) 4. A(x) B(x) B(x)

5. B(x) 5. B(x) R(x) R(x)

6. goto 2 6. goto 2 4646

4.6 4.6 Finite Fields Finite Fields

of the Form GF(2of the Form GF(2nn))

4747

1. Z1. Z88 和和 GF(2GF(233)) 大不同大不同 2.GF(22.GF(2nn)) 透過方程式運算透過方程式運算

系數都在系數都在 0~(20~(2nn －－ 1)1)方程式次方不超過方程式次方不超過 nn

ZZ88 和和 GF(2GF(233)) 大不同大不同

4848

Z8

0 1 2 3 4 5 6 7

GF(23)0 1 2 3 4 5 6 7

00 11 xx xx + 1 + 1 xx22 xx22+1+1 xx2 2 + + xx xx2 2 + + xx +1+1

000 001 010 011 100 101 110 111

integers that fit exactly intoa given number of bits.

Addition in ZAddition in Z88and GF(2and GF(233))

49494949

Multipition in ZMultipition in Z8 8 and GF(2and GF(233))

50505050

數值出現次數不平均： In the multiplication table, the In the multiplication table, the nonzero integers do not appear an equal number of nonzero integers do not appear an equal number of times.times.

IntegerInteger 1 2 3 4 5 6 1 2 3 4 5 6 7 7 

Occurrences in ZOccurrences in Z88 4 8 4 4 8 4 1212 4 8 4 8 44

Occurrences in Occurrences in GF(2GF(233))

7 7 7 7 7 7 7 7 7 7 7 7 77

5151

Inverse of ZInverse of Z8 8 and GF(2and GF(233))

5252

轉成轉成 ppnn 個方程式個方程式

For p = 3 and n = 2, the 32 = 9 polynomials in the set are

GF(32)0 1 2 x x +1 x +2 2x

2x +1 2x

+2

00 01 02 10 11 12 20 21 22

For p = 2 and n = 3, the 23 = 8 the polynomials in the set are

GF(23)00 11 XX xx + 1 + 1 xx22 xx22+1+1 xx2 2 + +

xxxx2 2 + + xx +1+1

000 001 010 011 100 101 110 111

5353

系數都在系數都在 0~(20~(2nn －－ 1)1) Arithmetic on Arithmetic on the coefficients is performed the coefficients is performed

modulo 2modulo 2. That is, we use the rules of . That is, we use the rules of arithmetic for the finite field Zarithmetic for the finite field Z22..

方程式次方不超過方程式次方不超過 n n modmod m m((xx) ) If multiplication results in a polynomial of If multiplication results in a polynomial of

degree degree greater than greater than nn11, then the polynomial , then the polynomial is reduced modulo is reduced modulo irreducible polynomial irreducible polynomial mm((xx)) of degree of degree nn. .

That is, we divide by That is, we divide by mm((xx) and keep the ) and keep the remainder.remainder.

For a polynomial For a polynomial ff((xx), the remainder is ), the remainder is expressed as expressed as rr((xx) = ) = ff((xx) mod ) mod mm((xx).).

GF(2GF(2nn)) 透過方程式運算透過方程式運算 :: 需符合需符合

5454

irreducible polynomial irreducible polynomial mm((xx)) An An irreducibleirreducible nnth-degree th-degree

polynomial polynomial mm((xx) satisfies) satisfies ：： the the highest power is some integer highest power is some integer nn

IsomorphicIsomorphic 「「同形的同形的」」或或「「同構同構」」：：Any two finite-field structures of a Any two finite-field structures of a

given order have the given order have the same structuresame structure, , but the representation, or labels, of but the representation, or labels, of the elements may be different.the elements may be different.

Ex:Ex: There are two irreducible There are two irreducible polynomial of degree 3 for polynomial of degree 3 for mm((xx) to ) to construct the finite field GF(2construct the finite field GF(233):):(1)(1) xx33 + + xx22 + 1 + 1(2)(2) xx33 + + xx + 1 + 1

5555

Table 4.6. Polynomial Arithmetic Table 4.6. Polynomial Arithmetic Modulo (Modulo (xx33 + + xx + 1) + 1)

5656

Addition Addition

Consider the two polynomials in GF(2Consider the two polynomials in GF(288) ) from our earlier example: f(x) = xfrom our earlier example: f(x) = x66 + x + x44 + + xx22 + x + 1 and g(x) = x + x + 1 and g(x) = x77 + x + 1. + x + 1.

(polynomial notation) (binary notation)

DEC {Hex} notation}

(x6 + x4 + x2 + x + 1) + (x7 + x + 1)

(01010111) (10000011)

87 {57} +131 {83}

= x7 + x6 + x4 + x2 = (11010100) 212 {D4}

5757

Multiplication Multiplication We will discuss the technique with reference We will discuss the technique with reference

to GF(2to GF(288) using ) using mm((xx) = ) = xx88 + + xx44 + + xx33 + + x x + 1+ 1 Equation 4-8Equation 4-8

xx88 mod mod mm((xx) = [) = [mm((xx))xx88] = ] = xx44++xx33++xx+1+1

Equation 4-9Equation 4-9

x x ff((xx) =) = ((bb77xx99++bb66xx77++bb55xx66++bb44xx55++bb33xx44++bb22xx33++bb11xx22++bb00xx) mod ) mod

mm((xx))

Equation 4-10Equation 4-10

x x ff((xx) =) = 1)00011011(0

00

70123456

70123456

bbbbbbbb

bbbbbbbb

if

if

Multiplication exampleMultiplication example ff((xx) = ) = xx66 + + xx44 + + xx22 + + xx + 1 + 1 (01010111) (01010111) gg((xx) = ) = xx77 + + xx + 1 + 1 (10000011) (10000011) mm((xx) = ) = xx88 + + xx44 + + xx33 + + xx + 1 + 1 求求 ff((xx) ) gg((xx) mod ) mod mm((xx) =) = ？？

5858

(01010111) x (00000001) = (01010111)(01010111) x (00000010) = (10101110)(01010111) x (00000100) = (01011100) (00011011) = (01000111)(01010111) x (00001000) = (10001110)(01010111) x (00010000) = (00011100) (00011011) = (00000111)(01010111) x (00100000) = (00001110)(01010111) x (01000000) = (00011100)(01010111) x (10000000) = (00111000)= (01010111)= (01010111) (10101110) (10101110) (00111000) = (00111000) = (11000001)(11000001)which is equivalent to xwhich is equivalent to x77 + x + x66 + 1. + 1.

1if)00011011(0

0if0

70123456

70123456

bbbbbbbb

bbbbbbbb xx ff((xx) =) =

應用應用 With 8 bits have 0~255With 8 bits have 0~255 256256 is not a prime is not a prime

251 is a Field251 is a Field

251~255251~255 would not be used.would not be used. GF(2GF(288) is a Field, too.) is a Field, too.

5959