Finite Fields

Number Theory

 Number theory is pervasive in cryptographic algorithms.

 We will cover just enough to help you understanding the wide range of
applications in cryptography
Division

 Divisibility:
 𝑏|𝑎, 𝑏 is adevisor of 𝑎: 𝑎 = 𝑚𝑏
 Examples: 7|0, 5|10, −5|10
 ∀𝑏 ≠ 0, 𝑏|0,
 If 𝑎|𝑏 and 𝑏|𝑐 then 𝑎|𝑐
 If 𝑏|𝑔 and 𝑏|ℎ then 𝑏|(𝑚𝑔 + 𝑛ℎ) for arbitrary integers 𝑚 and 𝑛.
 The Division Algorithm/Theorem
 If we divide 𝑎 ≥ 0 by 𝑛 > 0, then 𝑎 = 𝑞𝑛 + 𝑟, 0 ≤ 𝑟 < 𝑛; 𝑞 = ⌊𝑎/𝑛⌋
The Euclidean Algorithm

 Relative Prime:
 Two integers are relatively prime if and only if their only common positive integer factor is 1.
 𝑎 and 𝑏 are relatively prime if gcd 𝑎, 𝑏 = 1
 Greatest Common Divisor: 𝒈𝒄𝒅()
 gcd 𝑎, 𝑏 = gcd 𝑎 , 𝑏 = 𝑚 → 𝑎 = 𝑚𝑎′ 𝑎𝑛𝑑 𝑏 = 𝑚𝑏′
 ∴ gcd 0,0 = 0
 If gcd 𝑎, 𝑏 = 𝑐 and 𝑘|𝑎 and 𝑘|𝑏 then 𝑘|𝑐
 gcd 𝑎, 0 = 𝑎
 The Euclidean Algorithm: It is a simple procedure for calculating the 𝒈𝒄𝒅(𝒂, 𝒃).
The Euclidean Algorithm
Modular Arithmetic

 Congruent Modulo n: Two integers 𝑎 and 𝑏 are said to be congruent

modulo 𝒏, if (𝑎 𝑚𝑜𝑑 𝑛) = (𝑏 𝑚𝑜𝑑 𝑛). This is written as 𝑎 ≡ 𝑏 (𝑚𝑜𝑑 𝑛)
 If 𝑎 ≡ 0 𝑚𝑜𝑑 𝑛 then 𝑛|𝑎
 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 if 𝑛| 𝑎 − 𝑏
 If 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 and 𝑏 ≡ 𝑐 𝑚𝑜𝑑 𝑛 then 𝑎 ≡ 𝑐 𝑚𝑜𝑑 𝑛
 Modular Arithmetic Operations
 [(a mod n) + (b mod n)] mod n = (a + b) mod n
 [(a mod n) - (b mod n)] mod n = (a - b) mod n
 [(a mod n) * (b mod n)] mod n = (a * b) mod n
Modular Arithmetic Operations

 Define the set ℤ𝑛 as the set of nonnegative integers less than 𝑛:

 ℤ𝑛 = {0, 1, … , (𝑛 − 1)}

If 𝑎 × 𝑏 ≡ 𝑎 × 𝑐 𝑚𝑜𝑑 𝑛 then 𝑏 ≡ 𝑐 𝑚𝑜𝑑 𝑛 if gcd(𝑎, 𝑛) = 1

Modular Multiplicative Inverse

 An integer has a multiplicative inverse in ℤ𝑛 if and only if that integer is

relatively prime to n.
 Euclidean Algorithm Revisited

gcd(𝑎, 𝑏) = gcd(𝑏, 𝑎 𝑚𝑜𝑑 𝑏)

Euclid(a,b):
if (b=0) then return a;
else return Euclid(b, a mod b);
The Extended Euclidean Algorithm

 It calculates two integer values (of opposite signs) such that

𝑎𝑥 + 𝑏𝑦 = 𝑑 = gcd(𝑎, 𝑏)
The Extended Euclidean Algorithm
𝑎
⌊ ⌋ 𝑎 𝑚𝑜𝑑 𝑏 = 𝑟1
𝑏

𝑟−1 = 𝑎 = 𝑞1 𝑏 + 𝑟1

𝑟0 = 𝑏 = 𝑞2 𝑟1 + 𝑟2

𝑟1 = 𝑞3 𝑟2 + 𝑟3

𝑟𝑛−2 = 𝑞𝑛 𝑟𝑛−1 + 𝑟𝑛

𝑟𝑛−1 = 𝑞𝑛+1 𝑟𝑛 + 0
The Extended Euclidean Algorithm
𝑎
⌊ ⌋ 𝑎 𝑚𝑜𝑑 𝑏 = 𝑟1
𝑏

𝑟−1 = 𝑎 = 𝑞1 𝑏 + 𝑟1 𝑟1 = 𝑎𝑥1 + 𝑏𝑦1

𝑟0 = 𝑏 = 𝑞2 𝑟1 + 𝑟2 𝑟2 = 𝑎𝑥2 + 𝑏𝑦2

𝑟1 = 𝑞3 𝑟2 + 𝑟3 𝑟3 = 𝑎𝑥3 + 𝑏𝑦3

𝑟𝑛−2 = 𝑞𝑛 𝑟𝑛−1 + 𝑟𝑛 𝑟𝑛 = 𝑎𝑥𝑛 + 𝑏𝑦𝑛

𝑟𝑛−1 = 𝑞𝑛+1 𝑟𝑛 + 0
The Extended Euclidean Algorithm
𝑎
⌊ ⌋ 𝑎 𝑚𝑜𝑑 𝑏 = 𝑟1
𝑏

𝑟−1 = 𝑎 = 𝑞1 𝑏 + 𝑟1 𝑟1 = 𝑎𝑥1 + 𝑏𝑦1 𝑥𝑖 = 𝑥𝑖−2 − 𝑞𝑖 𝑥𝑖−1

𝑟0 = 𝑏 = 𝑞2 𝑟1 + 𝑟2 𝑟2 = 𝑎𝑥2 + 𝑏𝑦2 𝑦𝑖 = 𝑦𝑖−2 − 𝑞𝑖 𝑦𝑖−1

𝑟1 = 𝑞3 𝑟2 + 𝑟3 𝑟3 = 𝑎𝑥3 + 𝑏𝑦3

𝑟𝑛−2 = 𝑞𝑛 𝑟𝑛−1 + 𝑟𝑛 𝑟𝑛 = 𝑎𝑥𝑛 + 𝑏𝑦𝑛

𝑟𝑛−1 = 𝑞𝑛+1 𝑟𝑛 + 0
 The Extended Euclidean Algorithm

gcd 1759, 550 = 1 = 1759 × −111 + 550 × 355 = −195249 + 195250

Prime Numbers

 An integer 𝑝 > 1 is a prime number if and only if its only divisors are ±1 and
± 𝑝.
 All numbers other than ±1 and the prime numbers are composite numbers.
 Any integer 𝑎 > 1 can be factored in a unique way as
𝑎 𝑎 𝑎
𝑎 = 𝑝1 1 × 𝑝2 2 × ⋯ × 𝑝𝑡 𝑡 = ෑ 𝑝𝑎𝑝 where each 𝑎𝑝 ≥ 0
𝑝∈P
where 𝑝1 < 𝑝2 < ⋯ < 𝑝𝑡 are prime numbers and 𝑎𝑖 is a positive integer
Fermat’s Theorem

 If 𝑎 is a positive integer and 𝑝 is a prime number and 𝑝 ∤ 𝑎 (i.e. gcd(𝑝, 𝑎) = 1), then
𝑎𝑝−1 ≡ 1 𝑚𝑜𝑑 𝑝

 Alternative Form of the theorem

 If 𝑝 is a prime number and 𝑎 is a positive integer, then 𝑎𝑝 ≡ 𝑎(𝑚𝑜𝑑 𝑝)
Euler’s Totient Function

 𝜙 𝑛 Indicates the number of positive integers less than 𝑛 and relatively

prime to 𝑛.
 Examples: 𝜙 11 = 10 and 𝜙 12 = 4
 If 𝑝 is a prime, then 𝜙 𝑝 = 𝑝 − 1
 Suppose that 𝑝 and 𝑞 are primes and 𝑝 ≠ 𝑞 then
∀𝑝, 𝑞 ∈ P 𝑎𝑛𝑑 𝑝 ≠ 𝑞, 𝜙 𝑛 = 𝑝𝑞 = 𝜙 𝑝 × 𝜙 𝑞 = (𝑝 − 1)(𝑞 − 1)
Euler’s Theorem

 If gcd 𝑎, 𝑛 = 1 then 𝑎𝜙 𝑛
≡ 1(𝑚𝑜𝑑 𝑛)
 If 𝑛 is a prime then 𝑎𝜙 𝑛
= 𝑎𝑛−1 ≡ 1(𝑚𝑜𝑑 𝑛) Fermat Theorem: 𝑎𝑝−1 ≡ 1 𝑚𝑜𝑑 𝑝
 But this works for any value for 𝑛
Primality Test

 Miller–Rabin Algorithm: produced a probabilistic result

Chinese Remainder Theorem (CRT)
Discrete Logarithms

 Discrete logarithms are fundamental to a number of public-key algorithms,

including Diffie–Hellman key exchange and the digital signature algorithm
(DSA).
 if a is a primitive root of 𝑛, then its powers 𝑎, 𝑎2 , … , 𝑎𝜙 𝑛
are distinct
𝑚𝑜𝑑 𝑛 and are all relatively prime to 𝑛.
 In particular, for a prime number 𝑝, if 𝑎 is a primitive root of 𝑝, then
𝑎, 𝑎2 , … , 𝑎𝑝−1 are distinct 𝑚𝑜𝑑 𝑝 .
 For the prime number 19, its primitive roots are 2, 3, 10, 13, 14, and 15
Powers of Integers, Modulo 19

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
3 9 8 5 15 7 2 6 18 16 10 11 14 4 12 17 13 1
4 16 7 9 17 11 6 5 1 4 16 7 9 17 11 6 5 1
5 6 11 17 9 7 16 4 1 5 6 11 17 9 7 16 4 1
6 17 7 4 5 11 9 16 1 6 17 7 4 5 11 9 16 1
7 11 1 7 11 1 7 11 1 7 11 1 7 11 1 7 11 1
8 7 18 11 12 1 8 7 18 11 12 1 8 7 18 11 12 1
9 5 7 6 16 11 4 17 1 9 5 7 6 16 11 4 17 1
10 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 1
11 7 1 11 7 1 11 7 1 11 7 1 11 7 1 11 7 1
12 11 18 7 8 1 12 11 18 7 8 1 12 11 18 7 8 1
13 17 12 4 14 11 10 16 18 6 2 7 15 5 8 9 3 1
14 6 8 17 10 7 3 4 18 5 13 11 2 9 12 16 15 1
15 16 12 9 2 11 13 5 18 4 3 7 10 17 8 6 14 1
16 9 11 5 4 7 17 6 1 16 9 11 5 4 7 17 6 1
17 4 11 16 6 7 5 9 1 17 4 11 16 6 7 5 9 1
18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1 18 1
 Discrete Logarithm

 dlog 𝑎,𝑝 𝑏 = dlog 𝑎,𝑝 𝑎𝑖 𝑚𝑜𝑑 𝑝 = 𝑖 where 0 ≤ 𝑖 ≤ 𝑝 − 1

𝑦 = 𝑥 log𝑥 𝑦
log 𝑥 𝑦 = 𝑥 𝑛 = 𝑛
log 𝑥 1 = 0
log 𝑥 𝑥 = 1
log 𝑥 𝑦𝑧 = log 𝑥 𝑦 + log 𝑥 𝑧
log 𝑥 𝑦 𝑟 = 𝑟 × log 𝑥 𝑦
 Discrete Logarithms, Modulo 19

𝑎 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
log 2,19 𝑎 18 1 13 2 16 14 6 3 8 17 12 15 5 7 11 4 10 9
log 3,19 𝑎 18 7 1 14 4 8 6 3 2 11 12 15 17 13 5 10 16 9
log10,19 𝑎 18 17 5 16 2 4 12 15 10 1 6 3 13 11 7 14 8 9
log13,19 𝑎 18 11 17 4 14 10 12 15 16 7 6 3 1 5 13 8 2 9
log14,19 𝑎 18 13 7 8 10 2 6 3 14 5 12 15 11 1 17 16 4 9
log15,19 𝑎 18 5 11 10 8 16 12 15 4 13 6 3 7 17 1 2 14 9
Calculation of Discrete Logarithms

 Given 𝑦, 𝑔, and 𝑝 in the following equation

𝑦 = 𝑔 𝑥 𝑚𝑜𝑑 𝑝
 Then: the difficulties of finding 𝑥 depends on the value of 𝑝
Importance

 A number of cryptographic algorithms rely heavily on properties of finite

fields
 Example:
 Advanced Encryption Standard (AES)
 Elliptic curve cryptography
 The message authentication code CMAC
 The authenticated encryption scheme GCM
 Etc.
Groups, Rings, and Fields
Groups

Group Operation Group Operation

 A group 𝐺, sometimes denoted by 𝑮, ∙ , is a set of elements with a binary
operation denoted by ∙ that associates to each ordered pair (𝑎, 𝑏) of elements in
𝐺 an element (𝑎 ∙ 𝑏) in 𝐺 × 𝐺, such that the following axioms are obeyed:
 (A1) Closure: If 𝑎 and 𝑏 belong to 𝐺, then 𝑎 ∙ 𝑏 is also in 𝐺.
 (A2) Associative: 𝒂 ∙ (𝒃 ∙ 𝒄) = (𝒂 ∙ 𝒃) ∙ 𝒄 for all 𝒂, 𝒃, 𝒄 in 𝑮.
 (A3) Identity element: There is an element 𝑒 in 𝐺 such that 𝑎 ∙ 𝑒 = 𝑒 ∙ 𝑎 = 𝑎 for all 𝑎 in 𝐺.
 (A4) Inverse element: For each 𝑎 in 𝐺, there is an element 𝑎′ in 𝐺 such that 𝑎 ∙ 𝑎′ = 𝑎′ ∙ 𝑎 = 𝑒.
 Abelian Group
 A group is said to be abelian if it satisfies the following additional condition:
 (A5) Commutative: 𝑎 ∙ 𝑏 = 𝑏 ∙ 𝑎 for all 𝑎, 𝑏 in 𝐺.
Finite Group

 If a group has a finite number of elements, it is referred to as a finite group

 The order of the group is = the number of elements in the group

 The set of integers (positive, negative, and 0) under addition is an abelian group.
 The set of nonzero real numbers under multiplication is an abelian group.
 Cyclic Group

 Consider that
 𝑎3 = 𝑎 ∙ 𝑎 ∙ 𝑎, 𝑎0 = 𝑒, and 𝑎−𝑛 = 𝑎′ 𝑛

 A group 𝐺 is cyclic if every element of 𝐺 is a power 𝑎𝑘 (𝑘 is an integer) of a fixed

element 𝑎 ∈ 𝐺.
 The element 𝑎 is said to generate the group 𝐺 or to be a generator of 𝐺.
 A cyclic group is always abelian and may be finite or infinite.

Example:
The additive group of integers is an infinite cyclic group generated by the element 1.
In this case, powers are interpreted additively, so that n is the nth power of 1.
 RINGS

 A ring is a set of elements in which we can do addition, subtraction [𝑎 − 𝑏 = 𝑎 + (−𝑏)], and multiplication
without leaving the set.
 A ring 𝑅, sometimes denoted by 𝑅, +,× , is a set of elements with two binary operations, called addition
and multiplication, such that for all 𝑎, 𝑏, 𝑐 in 𝑅 the following axioms are obeyed.
 (A1–A5) R is an abelian group with respect to addition; that is, R satisfies axioms A1 through A5. For the case of an
additive group, we denote the identity element as 0 and the inverse of a as -a.
 (M1) Closure under multiplication: If 𝑎 and 𝑏 belong to 𝑅, then 𝑎𝑏 is also in 𝑅.
 (M2) Associativity of multiplication: 𝑎(𝑏𝑐) = (𝑎𝑏)𝑐 for all 𝑎, 𝑏, 𝑐 in 𝑅.
 (M3) Distributive laws: 𝑎(𝑏 + 𝑐) = 𝑎𝑏 + 𝑎𝑐 for all 𝑎, 𝑏, 𝑐 in 𝑅. (𝑎 + 𝑏)𝑐 = 𝑎𝑐 + 𝑏𝑐 for all 𝑎, 𝑏, 𝑐 in 𝑅
 A ring is said to be commutative if it satisfies the following additional condition:
 (M4) Commutativity of multiplication: ab = ba for all a, b in R.

Example:
The set ℤ𝒏 of integers {𝟎, 𝟏, 𝒄 … 𝒏 − 𝟏}, together with the arithmetic operations modulo n, is a
commutative ring
 Integral Domain

 Integral Domain: it is a commutative Ring that obeys the following axioms:

 (M5) Multiplicative identity: There is an element 1 in 𝑅 such that 𝑎1 = 1𝑎 = 𝑎 for
all 𝑎 in 𝑅.
 (M6) No zero divisors: If 𝑎, 𝑏 in 𝑅 and 𝑎𝑏 = 0, then either 𝑎 = 0 or 𝑏 = 0.

Example:
Let 𝑺 be the set of integers (positive, negative, and 0) under the usual operations
of addition and multiplication. 𝑺 is an integral domain.
 Fields

 A field is a set of elements in which we can do addition, subtraction, multiplication, and

division without leaving the set.
 Division is defined with the following rule: 𝑎/𝑏 = 𝑎(𝑏 −1 )
 A field 𝐹, sometimes denoted by {𝐹, +,×}, is a set of elements with two binary operations,
called addition and multiplication, such that for all 𝑎, 𝑏, 𝑐 in 𝐹 the following axioms are
obeyed.
 (A1–M6) F is an integral domain; that is, 𝐹 satisfies axioms A1 through A5 and M1
through M6.
 (M7) Multiplicative inverse: For each 𝑎 in 𝐹, except 0, there is an element 𝑎−1 in
𝐹 such that 𝑎𝑎−1 = (𝑎−1 )𝑎 = 1.
Example:
rational numbers, real numbers, and complex numbers are examples of fields.
Groups, Rings, and Fields | Properties
Fields | Types

Galois field
FINITE FIELDS OF THE FORM GF(p)

 For a given prime, p, we define the finite field of order p, GF(p), as the set ℤ𝑝 of integers
0,1, … , 𝑝 − 1 together with the arithmetic operations modulo p.
 𝐺𝐹 𝑝 = ℤ𝑝 , 𝑚𝑜𝑑 𝑝
Multiplicative Inverse in GF(p)

 If 𝑎𝑥 + 𝑏𝑦 = 𝑑 = gcd 𝑎, 𝑏 = 1 𝑚𝑜𝑑 𝑎 then 𝑏 −1 = 𝑦

 The extended Euclidean algorithm can be used to find a multiplicative
inverse in ℤ𝑛 for any 𝑛.
 If 𝑛𝑥 + 𝑏𝑦 = 𝑑 = 1 𝑚𝑜𝑑 𝑛 then 𝑦 = 𝑏 −1 in ℤ𝑛
Arithmetic Modulo 8 and Modulo 7
Polynomials
Irreducible/Prime Polynomial

 A polynomial 𝑓(𝑥) over a field F is called irreducible(≡ prime polynomial) if

and only if 𝑓(𝑥) cannot be expressed as a product of two polynomials,
both over F, and both of degree greater than 0 and lower than that of
𝑓(𝑥).
Greatest Common Divisor GCD

 gcd 𝑎 𝑥 , 𝑏 𝑥 = gcd 𝑏 𝑥 , 𝑎 𝑥 𝑚𝑜𝑑 𝑏 𝑥

where the degree of 𝑎 𝑥 is greater than
the degree of 𝑏 𝑥 .
Arithmetic Modulo 8 and Modulo 7
GF(𝑝𝑛 )

 For encryption/decryption we would like to work in ℤ2𝑛 (n bit ranges) not ℤ𝑝

 Operations To Make 𝐺𝐹(𝑝𝑛 ) a field:
 Arithmetic on the coefficients is performed modulo 𝑝 (i.e. follow the rules of ℤ𝑝 ).
 For multiplication: if the order of 𝑓 𝑥 × 𝑔 𝑥 is greater then 𝑛 − 1, then calculate 𝑓 𝑥
× 𝑔 𝑥 𝑚𝑜𝑑 𝑚 𝑥 where 𝑚 𝑥 is irreducible.
 Example: suppose in 𝐺𝐹(28 ), 𝑚 𝑥 = 𝑥 8 + 𝑥 4 + 𝑥 3 + 𝑥 + 1 and 𝑓 𝑥 × 𝑔 𝑥 = 𝑥 13 + 𝑥 11
+ 𝑥 9 + 𝑥 8 + 𝑥 6 + 𝑥 5 + 𝑥 4 + 𝑥 3 + 1 then
 𝑓 𝑥 × 𝑔 𝑥 = 𝑥7 + 𝑥6 + 1
Multiplication Example in GF(𝑝𝑛 )
Polynomials | Multiplicative Inverse

 If 𝑎 𝑥 𝑣 𝑥 + 𝑏 𝑥 𝑤 𝑥 = gcd 𝑎 𝑥 , 𝑏 𝑥 = 1 then 𝑏 −1 𝑥 = 𝑤 𝑥 𝑚𝑜𝑑 𝑎 𝑥

Generators

 A generator 𝑔 of a finite field F of order 𝑞 (contains 𝑞 elements) is an element whose

first 𝑞 − 1 powers generate all the nonzero elements of F.
 That is, the elements of F consist of 0, 𝑔0 , 𝑔1 , … , 𝑔𝑞 − 2 .