Cryptography and Network Security (4th Edition)

[Page 109 (continued)]

4.4. Finite Fields of The Form GF(p)

In Section 4.1, we defined a field as a set that obeys all of the axioms of Figure 4.1 and gave some examples of infinite fields. Infinite fields are not of particular interest in the context of cryptography. However, finite fields play a crucial role in many cryptographic algorithms. It can be shown that the order of a finite field (number of elements in the field) must be a power of a prime pn, where n is a positive integer. We discuss prime numbers in detail in Chapter 8. Here, we need only say that a prime number is an integer whose only positive integer factors are itself and 1. That is, the only positive integers that are divisors of p are p and 1.

The finite field of order pn is generally written GF(pn); stands for Galois field, in honor of the mathematician who first studied finite fields. Two special cases are of interest for our purposes. For n = 1, we have the finite field GF(p); this finite field has a different structure than that for finite fields with n > 1 and is studied in this section. In Section 4.6, we look at finite fields of the form GF(2n).

Finite Fields of Order p

For a given prime, p, the finite field of order p, GF(p) is defined as the set Zp of integers {0, 1,..., p 1}, together with the arithmetic operations modulo p.

Recall that we showed in Section 4.2 that the set Zn of integers {0,1,...,n 1}, together with the arithmetic operations modulo n, is a commutative ring (Table 4.2). We further observed that any integer in Zn has a multiplicative inverse if and only if that integer is relatively prime to n [see discussion of Equation (4.3)].[4] If n is prime, then all of the nonzero integers in Zn are relatively prime to n, and therefore there exists a multiplicative inverse for all of the nonzero integers in Zn. Thus, we can add the following properties to those listed in Table 4.2 for Zp:

[4] As stated in the discussion of Equation (4.3), two integers are relatively prime if their only common positive integer factor is 1.


[Page 110]

Multiplicative inverse (w1)

For each w Zw 0, there exists a

Zw x z 1 (mod Because w is relatively prime to p, if we multiply all the elements of Zp by w, the resulting residues are all of the elements of Zp permuted. Thus, exactly one of the residues has the value 1. Therefore, there is some integer Zp in that, when multiplied by w, yields the residue 1. That integer is the multiplicative inverse of w, designated w1. Therefore, Zp is in fact a finite field. Further, Equation (4.3) is consistent with the existence of a multiplicative inverse and can be rewritten without the condition:

Equation 4-5

Multiplying both sides of Equation (4.5) by the multiplicative inverse of a, we have:

((a1) x a x b)

((a x c)(mod p)

b

p)

The simplest finite field is GF(2). Its arithmetic operations are easily summarized:

Addition

Multiplication

Inverses

In this case, addition is equivalent to the exclusive-OR (XOR) operation, and multiplication is equivalent to the logical AND operation.

Table 4.3 shows GF(7). This is a field of order 7 using modular arithmetic modulo 7. As can be seen, it satisfies all of the properties required of a field (Figure 4.1). Compare this table with Table 4.1. In the latter case, we see that the set Z8 using modular arithmetic modulo 8, is not a field. Later in this chapter, we show how to define addition and multiplication operations on Z8 in such a way as to form a finite field.

Table 4.3. Arithmetic in GF(7)
(This item is displayed on page 111 in the print version)

Finding the Multiplicative Inverse in GF(p)

It is easy to find the multiplicative inverse of an element in GF(p) for small values of p. You simply construct a multiplication table, such as shown in Table 4.3b, and the desired result can be read directly. However, for large values of p, this approach is not practical.

If gcd(m, b) = 1, then b has a multiplicative inverse modulo m. That is, for positive integer b < m, there exists a b1 < m such that bb1 = 1 mod m. The Euclidean algorithm can be extended so that, in addition to finding gcd(m, b), if the gcd is 1, the algorithm returns the multiplicative inverse of b.


[Page 111]

EXTENDED EUCLID(m, b) 1. (A1, A2, A3) (1, 0, (0, 1, 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b1 mod m

4.

5. (T1, T2, T3) (A1 QB1, A2 QB2, A3 QB3) 6. (A1, A2, A3) (B1, B2, B3) 7. (B1, B2, B3) (T1, T2, T3) 8. goto 2

Throughout the computation, the following relationships hold:

 

mT1 + bT2 = T3

mA1 + bA2 = A3

mB1 + bB2 = B3

To see that this algorithm correctly returns gcd(m, b), note that if we equate A and B in the Euclidean algorithm with A3 and B3 in the extended Euclidean algorithm, then the treatment of the two variables is identical. At each iteration of the Euclidean algorithm, A is set equal to the previous value of B and B is set equal to the previous value of A mod B. Similarly, at each step of the extended Euclidean algorithm, A3 is set equal to the previous value of B3, and B3 is set equal to the previous value of A3 minus the integer quotient of A3 multiplied by B3. This latter value is simply the remainder of A3 divided by B3, which is A3 mod B3.


[Page 112]

Note also that if gcd(m, b) = 1, then on the final step we would have B3 = 0 and A3 = 1. Therefore, on the preceding step, B3 = 1. But if B3 = 1, then we can say the following:

mB1 + bB2 = B3

mB1 + bB2 = 1

bB2 = 1 mB1

bB2 1 (mod m)

And B2 is the multiplicative inverse of b, modulo m.

Table 4.4 is an example of the execution of the algorithm. It shows that gcd(1759, 550) = 1 and that the multiplicative inverse of 550 is 355; that is, 550 x 335 1 (mod 1759).

Table 4.4. Finding the Multiplicative Inverse of 550 in GF(1759)

Q

A1

A2

A3

B1

B2

B3

1

0

1759

0

1

550

3

0

1

550

1

3

109

5

1

3

109

5

16

5

21

5

16

5

106

339

4

1

106

339

4

111

355

1

For a more detailed proof of this algorithm, see [KNUT97].

Summary

In this section, we have shown how to construct a finite field of order p, where p is prime. Specifically, we defined GF(p) with the following properties:

  1. GF(p) consists of p elements.

  2. The binary operations + and x are defined over the set. The operations of addition, subtraction, multiplication, and division can be performed without leaving the set. Each element of the set other than 0 has a multiplicative inverse.

We have shown that the elements of GF(p) are the integers {0, 1,..., p} and that the arithmetic operations are addition and multiplication mod p.

Категории

© amp.flylib.com,