iss-12-04
TRANSCRIPT
-
8/13/2019 ISS-12-04
1/68
Mathematics of Cryptography Algebraic Structures
-
8/13/2019 ISS-12-04
2/68
-
8/13/2019 ISS-12-04
3/68
-
8/13/2019 ISS-12-04
4/68
Groups
A group (G) is a set of elements with a binary operation
(•) that satisfies four properties (or axioms). A
commutative group satisfies an extra property,
commutativity:
Closure: If a and b are elements of G, then c=a•b isalso an element of G.
Associativity: a•(b•c)=(a•b)•c
Commutativity: a•b=b•a
Existence of identity: For all element a in G, there
exists and element e, identity element, s. t. e•a=a•e=a
Existence of inverse: for each a there exists an a’,
inverse of a, s.t. a•a’=a’•a=e.
-
8/13/2019 ISS-12-04
5/68
Figure Group
-
8/13/2019 ISS-12-04
6/68
-
8/13/2019 ISS-12-04
7/68
-
8/13/2019 ISS-12-04
8/68
The set Zn * with the multiplication operator, G = , is also
an abelian group.
Identity element is 1.
Example
Let us define a set G = < {a , b , c , d }, •> and the operation as shown
below.
Example
-
8/13/2019 ISS-12-04
9/68
A very interesting group is the permutation group. The set is the
set of all permutations, and the operation is composition: applying
one permutation after another.
Example
Figure Composition of permutation
-
8/13/2019 ISS-12-04
10/68
Example
Table Operation table for permutation group
-
8/13/2019 ISS-12-04
11/68
In the previous example, we showed that a set of permutations
with the composition operation is a group. This implies that usingtwo permutations one after another cannot strengthen the security
of a cipher, because we can always find a permutation that can do
the same job because of the closure property.
Example
-
8/13/2019 ISS-12-04
12/68
-
8/13/2019 ISS-12-04
13/68
-
8/13/2019 ISS-12-04
14/68
Is the group H = a subgroup of the group G = ?
Example
SolutionThe answer is no. Although H is a subset of G, the operations
defined for these two groups are different. The operation in H is
addition modulo 10; the operation in G is addition modulo 12.
-
8/13/2019 ISS-12-04
15/68
Cyclic Subgroups
If a subgroup of a group can be generated using thepower of an element, the subgroup is called the cyclic
subgroup.
-
8/13/2019 ISS-12-04
16/68
Four cyclic subgroups can be made from the group G = .
They are H1 = , H2 = , H3 = , and
H4 = G.
Example
H1H4
H2
H3
H2
H4
-
8/13/2019 ISS-12-04
17/68
Three cyclic subgroups can be made from the group
G = . G has only four elements: 1, 3, 7, and 9. The cyclicsubgroups are H1 = , H2 = , and H3 = G.
Example
-
8/13/2019 ISS-12-04
18/68
Cyclic Groups
A cyclic group is a group that is its own cyclic subgroup.
Generator: The element that generates the cyclicsubgroup can also generate the group itself. The
elements of a finite cyclic group are:
-
8/13/2019 ISS-12-04
19/68
Three cyclic subgroups can be made from the group
G = . G has only four elements: 1, 3, 7, and 9. The cyclicsubgroups are H1 = , H2 = , and H3 = G.
Example
a. The group G = is a cyclic group with two generators,
g = 1 and g = 5.
b. The group G = is a cyclic group with two generators,g = 3 and g = 7.
-
8/13/2019 ISS-12-04
20/68
Lagrange’s Theorem: relates the order of a group to the
Order of its subgroup.Assume that G is a group, and H is a subgroup of G. If
the order of G and H are |G| and |H|, respectively, then,
based on this theorem, |H| divides |G|.
Order of an Element
The order of an element is the order of the cyclicsubgroup it generates.
-
8/13/2019 ISS-12-04
21/68
Example
a. In the group G = , the orders of the elements are:ord(0) = 1, ord(1) = 6, ord(2) = 3, ord(3) = 2, ord(4) = 3,
ord(5) = 6.
b. In the group G = , the orders of the elements are:ord(1) = 1, ord(3) = 4, ord(7) = 4, ord(9) = 2.
-
8/13/2019 ISS-12-04
22/68
Ring
A ring, R = , is an algebraic structure with two
operations.
Ring
-
8/13/2019 ISS-12-04
23/68
-
8/13/2019 ISS-12-04
24/68
Example
The set Z with two operations, addition and multiplication, is acommutative ring. We show it by R = . Addition satisfies
all of the five properties; multiplication satisfies only three
properties.
Fi ld
-
8/13/2019 ISS-12-04
25/68
Field
A field, denoted by F = is a commutative ring
in which the second operation satisfies all five properties
defined for the first operation except that the identity of
the first operation has no inverse.
Field
-
8/13/2019 ISS-12-04
26/68
-
8/13/2019 ISS-12-04
27/68
Galois showed that for a field to be finite, the number ofelements should be p n , where p is a prime and n is a
positive integer.
Finite Fields: are normally used in cryptography
A Galois field, GF(p n ), is a finite field
with p n elements.
Note
-
8/13/2019 ISS-12-04
28/68
When n = 1, we have GF(p ) field. This field can be the setZp , {0, 1, …, p − 1}, with two arithmetic operations.
GF(p ) Fields
-
8/13/2019 ISS-12-04
29/68
Example
A very common field in this category is GF(2) with the set {0, 1}
and two operations, addition and multiplication, as shown below.
GF(2) f ield
-
8/13/2019 ISS-12-04
30/68
Example
A very common field in this category is GF(2) with the set {0, 1}
and two operations, addition and multiplication, as shown below.GF(2) f ield
1. The set has only two elements – binary digits or bits 0 and 1.
2. Addition = XOR operation. Multiplication = AND
3. Addition and multiplication operations are same opn. XOR.
4. Multiplication and division are same AND operation.
-
8/13/2019 ISS-12-04
31/68
Example
We can define GF(5) on the set Z5 (5 is a prime) with addition and
multiplication operators as shown below.
GF(5) f ield
-
8/13/2019 ISS-12-04
32/68
Summary
Summary
-
8/13/2019 ISS-12-04
33/68
GF(2n) FIELDS
I n cryptography, we often need to use four operations(addition, subtraction, mul tiplication, and division). I n
other words, we need to use fields. We can work in
GF(2 n ) and uses a set of 2 n elements. The elements in
this set are n-bi t words.
1 Polynomials
2 Using A Generator
3 Summary
-
8/13/2019 ISS-12-04
34/68
Example
Let us define a GF(22) field in which the set has four 2-bit words:
{00, 01, 10, 11}. We can redefine addition and multiplication for
this field in such a way that all properties of these operations are
satisfied, as shown below.
An example of GF (2 2 ) f ield
-
8/13/2019 ISS-12-04
35/68
Example
Let us define a GF(22) field in which the set has four 2-bit words:
{00, 01, 10, 11}. We can redefine addition and multiplication for
this field in such a way that all properties of these operations are
satisfied, as shown below.
An example of GF (2 2 ) fieldEach word is a additive
inverse of itself.
Every word except 00 has a
mul tiplicative inverse.
Addition and multiplication are
defined in terms of polynomials.
Polynomials
-
8/13/2019 ISS-12-04
36/68
Polynomials
A polynomial of degree n − 1 is an expression
of the form
where x i is called the ith term and a i is called coefficient
of the i th term.
-
8/13/2019 ISS-12-04
37/68
Example
Figure below shows how we can represent the 8-bit word(10011001) using a polynomials.
Representation of an 8-bi t word by a polynomial
-
8/13/2019 ISS-12-04
38/68
Example
To find the 8-bit word related to the polynomial x 5 + x 2 + x , we
first supply the omitted terms. Since n = 8, it means the
polynomial is of degree 7. The expanded polynomial is
This is related to the 8-bit word 00100110.
-
8/13/2019 ISS-12-04
39/68
GF(2 n ) Fields
Any operation on polynomials actually
involves two operations: on coefficients,
on two polynomials.Coefficients 0 and 1 belong to GF(2).
The polynomials belong to GF(2n ).
Note
-
8/13/2019 ISS-12-04
40/68
GF(2 n ) Fields
Polynomials representing n -bit words
use two fields: GF(2) and GF(2n ).
Note
-
8/13/2019 ISS-12-04
41/68
Addition of two polynomials never creates a polynomial out of the
set.
Multiplication of two polynomials may create a polynomial with
degree more than n-1.
Need to divide the result by a modulus and keep the remainder.
For the sets of polynomials in GF(2n ), a group of polynomials of
degree n is defined as the modulus.
Modulus
-
8/13/2019 ISS-12-04
42/68
The modulus in this case acts as the prime polynomial, that is no
polynomial in this set can divide this polynomial.
A prime polynomial cannot be factored into a polynomial with
degree less than n.
Such polynomials are referred to as irreducible polynomials.
Modulus
-
8/13/2019 ISS-12-04
43/68
For the sets of polynomials in GF(2n ), a group of
polynomials of degree n is defined as the modulus. Suchpolynomials are referred to as irreducible polynomials.
Modulus
L ist of irreducible polynomials
-
8/13/2019 ISS-12-04
44/68
Addition
Add the coefficients in GF(2).
Adding two polynomials of degree n-1
always creates a polynomial of degree n-1.
Additive identity: zero polynomial – all
coeffn set to zero.
Additive inverse: of a polynomial in GF(2) isthe polynomial itself.
Addition and subtraction operations are the
same operation.
-
8/13/2019 ISS-12-04
45/68
Example
Let us do (x5 + x2 + x) (x3 + x2 + 1) in GF(28). We use the symbol
to show that we mean polynomial addition. The following shows
the procedure:
-
8/13/2019 ISS-12-04
46/68
-
8/13/2019 ISS-12-04
47/68
1. The coefficient multiplication is done in GF(2).
Multiplication
Sum of multiplication of each term of the first polynomial
with each term of the second polynomial.
3. The multiplication may create terms with degree more
than n − 1, which means the result needs to be reducedusing a modulus polynomial.
2. The multiplying x i by x j results in x i + j .
-
8/13/2019 ISS-12-04
48/68
Multiplicative Identity: The multiplicative identity is
always 1, in GF(2^8) it is 00000001.
Multiplication
Multiplicative Inverse: It can be found using the
extended Euclidean algorithm.
-
8/13/2019 ISS-12-04
49/68
Example
Find the result of (x 5 + x 2 + x ) (x 7 + x 4 + x 3 + x 2 + x ) in GF(28)
with irreducible polynomial (x 8 + x 4 + x 3 + x + 1). Note that we use
the symbol to show the multiplication of two polynomials.
Solution
To find the final result, divide the polynomial of degree 12 by the
polynomial of degree 8 (the modulus) and keep only the
remainder.
-
8/13/2019 ISS-12-04
50/68
Polynomial division with coeff icients in GF (2)
-
8/13/2019 ISS-12-04
51/68
Example
In GF (2
4
), find the inverse of (x 2
+ 1) modulo (x 4
+ x + 1).
Using the Extended Euclidean Algorithm
-
8/13/2019 ISS-12-04
52/68
Example
Find the multiplicative inverse of 11 in Z26.
Solution
The gcd (26, 11) is 1; the inverse of 11 is 7 or 19.
-
8/13/2019 ISS-12-04
53/68
Example
In GF (24), find the inverse of (x 2 + 1) modulo (x 4 + x + 1).
Solution
Using Extended Euclidean Algorithm
The answer is (x 3 + x + 1) as shown below.
-
8/13/2019 ISS-12-04
54/68
Example
In GF(28), find the inverse of (x5) modulo (x 8 + x 4 + x 3 + x + 1).
Solution
Euclidean algorithm for above example
The answer is (x 5 + x 4 + x 3 + x ) as shown below.
-
8/13/2019 ISS-12-04
55/68
The computer implementation uses a better algorithm,
repeatedly multiplying a reduced polynomial by x .
Multliplication Using Computer
-
8/13/2019 ISS-12-04
56/68
Example
Find the result of multiplying P1 = (x 5 + x 2 + x ) by P2 = (x
7 + x 4 + x 3
+ x 2 + x ) in GF(28) with irreducible polynomial (x 8 + x 4 + x 3 + x +
1)
Solution
We first find the partial result of multiplying x 0, x 1, x 2, x 3, x 4, and
x 5 by P2. Note that although only three terms are needed, the
product of x m P2 for m from 0 to 5 because each calculation
depends on the previous result.
-
8/13/2019 ISS-12-04
57/68
Example
An eff icient algor ithm
Continued
Find the result of multiplying P1 = (x 5 + x 2 + x ) by P2 = (x
7 + x 4 + x 3
+ x 2 + x ) in GF(28) with irreducible polynomial (x 8 + x 4 + x 3 + x +
1)
-
8/13/2019 ISS-12-04
58/68
Example
Repeat above Example using bit patterns of size 8.
Solution
We have P1 = 000100110, P2 = 10011110, modulus = 100011010
(nine bits). We show the exclusive or operation by .
An eff icient algor ithm for multipli cation using n-bit words
-
8/13/2019 ISS-12-04
59/68
-
8/13/2019 ISS-12-04
60/68
Example
Addition table for GF(2^3)
Continued
-
8/13/2019 ISS-12-04
61/68
Example
Multiplication table for GF(2 3 )
Continued
Using a Generator
-
8/13/2019 ISS-12-04
62/68
g
Sometimes it is easier to define the elements of the
GF(2n ) field using a generator.
In this Field with the irreducible polynomial f(x), an
element in the field, a, must satisfy the relation f(a) = 0.
In particular, if g is a generator of the Field, then f(g)=0.
It can be proved that the elements can be generated as:
-
8/13/2019 ISS-12-04
63/68
Example
Generate the elements of the field GF(24) using the irreducible
polynomial ƒ(x ) = x 4 + x + 1.
The elements 0, g 0
, g 1
, g 2, and g 3
can be easily generated, becausethey are the 4-bit representations of 0, 1, x 2, and x 3. Elements g 4
through g 14, which represent x 4 though x 14 need to be divided by
the irreducible polynomial. To avoid the polynomial division, the
relation ƒ(g ) = g 4 + g + 1 = 0 can be used.
Solution
-
8/13/2019 ISS-12-04
64/68
Example Continued
-
8/13/2019 ISS-12-04
65/68
Inverses
Additive inverses:
Additive inverse of each element is the element itselfbecause addition and subtraction in this f ield are same.
– g^ 3 = g^ 3
Mul tipli cative inverses:To find the multiplicative inverses g3
(g 3 ) -1 = g-3 = g12 = g3+g2+g+1
Note the exponents are calculated mudulo 2^n-1=15.
See g3 x g12 = g15 = g0 = 1
So g3 and g12 are multiplicative inverses of each other.
-
8/13/2019 ISS-12-04
66/68
Example
The following show the results of addition and subtractionoperations:
-
8/13/2019 ISS-12-04
67/68
Example
The following show the result of multiplication and division
operations:
Summary
-
8/13/2019 ISS-12-04
68/68
The finite field GF(2
n
) can be used to define fouroperations of addition, subtraction, multiplication and
division over n -bit words. The only restriction is that
division by zero is not defined.