Finite Fields

Lecture Slides by Lawrie Brown

Modified & Presented by Johannes Sianipar

7 September 2021
Motivation

■ Finite Fields are important in cryptography

□ AES, Elliptic Curve, IDEA, Public Key
■ All internal operations of AES are based on finite fields
□ especially in the S-Box and theMixColumn layer

Finite Fields

Chart 2
Introduction

■ Finite Field = Galois Fields

□ Find in wikipedia about who is Galois?
■ Field: a set of numbers in which we can add, substract, multiply,
and devide.
□ In crypto we almost always need Finite sets.
■ Concern operations on “numbers”
□ what constitutes a “number”
□ the type of operations and the properties
■ Start with concepts of groups, rings, fields from abstract algebra

Finite Fields

Chart 3
Group

■ a set of elements or “numbers”

□ A generalization of usual arithmetic
G
■ obeys: +-
□ closure: a.b also in G
□ associative law : (a.b).c = a.(b.c)
□ has identity e: e.a = a.e = a
□ has inverses a-1: a.a-1 = e
■ if commutative a.b = b.a
□ then forms an abelian group Finite Fields

■ Examples in P.116
Chart 4
Cyclic Group

■ define exponentiation as repeated application of operator

□ example: a3 = a.a.a
■ and let identity be: e=a0
■ a group is cyclic if every element is a power of some fixed
element
□ ie b = ak for some a and every b in group
■ a is said to be a generator of the group
■ Example: Integer

Finite Fields

Chart 5
Ring

■ a set of “numbers” with two operations (addition and

multiplication) which are:
■ an abelian group with addition operation R
■ multiplication: +-x
□ has closure
□ is associative
□ distributive over addition: a(b+c) = ab + ac
■ In essence, a ring is a set in which we can do addition,
subtraction [a – b = a + (–b)], and multiplication
without leaving the set.
■ With respect to addition and multiplication, the set of Finite Fields
all n-square matrices over the real numbers form a
ring.
Chart 6
Ring

■ if multiplication operation is commutative, it forms a

commutative ring
■ if multiplication operation has an identity element and no zero
divisors (ab=0 means either a=0 or b=0), it forms an integral
domain
■ The set of Integers with usual + and x is an integral domain

Finite Fields

Chart 7
Field

■ a set of numbers with two operations: F

□ Addition and multiplication +-x
□ F is an integral domain
□ F has multiplicative reverse
– For each a in F other than 0, there is an element b such that F
ab=ba=1 R
■ In essence, a field is a set in which we can do
addition, subtraction, multiplication, and division G
without leaving the set.
□ Division is defined with the following rule: a/b = a (b–1)
Finite Fields
■ Examples of fields: rational numbers, real numbers,
complex numbers. Integers are NOT a field.
Chart 8
Definitions

Finite Fields

Chart 9
Pause

Finite Fields

Chart 10
Modular Arithmetic

■ define modulo operator a mod n to be

remainder when a is divided by n
□ e.g. 1 = 7 mod 3 ; 4 = 9 mod 5
■ use the term congruence for: a ≡ b (mod n)
□ when divided by n, a & b have same remainder
□ eg. 100 ≡ 34 (mod 11)
■ b is called the residue of a mod n
□ since with integers can always write: a = qn + b
■ usually have 0 <= b <= n-1 Finite Fields
-12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7

Chart 11
Modulo 7 Example

...
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
... Finite Fields

all numbers in a column are equivalent (have same

remainder) and are called a residue class
Chart 12
Divisors

■ say a non-zero number b divides a if for some m have a=mb

(a,b,m all integers)
□ 0 ≡ a mod b
■ that is b divides into a with no remainder
■ denote this b|a
■ and say that b is a divisor of a
■ eg. all of 1,2,3,4,6,8,12,24 divide 24

Finite Fields

Chart 13
Modular Arithmetic Operations

■ has a finite number of values, and loops back from either end
■ modular arithmetic
□ Can perform addition & multiplication
□ Do modulo to reduce the answer to the finite set
■ can do reduction at any point, ie
□ a+b mod n = a mod n + b mod n

Finite Fields

Chart 14
Modular Arithmetic

■ can do modular arithmetic with any group of integers:

□ Zn = {0, 1, … , n-1}
■ form a commutative ring for addition
■ with an additive identity (Table 4.2)
■ some additional properties
□ if (a+b)≡(a+c) mod n then b≡c mod n
□ but (ab)≡(ac) mod n then b≡c mod n only if a is relatively
prime to n

Finite Fields

Chart 15
Modulo 8 Example

Finite Fields

Chart 16
Greatest Common Divisor (GCD)

■ a common problem in number theory

■ GCD (a,b) of a and b is the largest number that divides both a
and b
□ eg GCD(60,24) = 12
■ often want no common factors (except 1) and hence numbers
are relatively prime
□ eg GCD(8,15) = 1
□ hence 8 & 15 are relatively prime

Finite Fields

Chart 17
Euclid's GCD Algorithm

■ an efficient way to find the GCD(a,b)

■ uses theorem that:
□ GCD(a,b) = GCD(b, a mod b)
■ Euclid's Algorithm to compute GCD(a,b):
□ A=a, B=b
□ while B>0
– R = A mod B
– A = B, B = R
□ return A

Finite Fields

Chart 18
Example GCD(1970,1066)

1970 = 1 x 1066 + 904 gcd(1066, 904)

1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)
Compute successive instances of GCD(a,b) = GCD(b,a mod b). Finite Fields

Note this MUST always terminate since will eventually get a mod
b = 0 (ie no remainder left).
Chart 19
Pause

Finite Fields

Chart 20
Galois Fields

■ finite fields play a key role in many cryptography algorithms

■ can show number of elements in any finite field must be a power
of a prime number pn
■ known as Galois fields
■ denoted GF(pn)
■ in particular often use the fields:
□ GF(p)
□ GF(2n)

Finite Fields

Chart 21
Galois Fields GF(p)

■ GF(p) is the set of integers {0,1, … , p-1} with arithmetic

operations modulo prime p
■ these form a finite field
□ since have multiplicative inverses
■ hence arithmetic is “well-behaved” and can do addition,
subtraction, multiplication, and division without leaving the field
GF(p)
□ Division depends on the existence of multiplicative inverses.
Why p has to be prime?

Finite Fields

Chart 22
Example GF(7)

Finite Fields

Example: 3/2=5
GP(6) does not exist Chart 23
Finding Inverses

Finding inverses for large P is a problem

can extend Euclid’s algorithm:
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) Finite Fields
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2 Chart 24
Inverse of 550 in GF(1759)

Finite Fields

Prove correctness
Chart 25
Pause

Finite Fields

Chart 26
Polynomial Arithmetic
■ can compute using polynomials
■ several alternatives available
□ ordinary polynomial arithmetic
□ poly arithmetic with coefficients mod p
□ poly arithmetic with coefficients mod p and polynomials mod
another polynomial M(x)
■ Motivation: use polynomials to model Shift and XOR operations

Finite Fields

Chart 27
Ordinary Polynomial Arithmetic

■ add or subtract corresponding coefficients

■ multiply all terms by each other
■ eg
□ let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1
f(x) + g(x) = x3 + 2x2 – x + 3
f(x) – g(x) = x3 + x + 1
f(x) x g(x) = x5 + 3x2 – 2x + 2

Finite Fields

Chart 28
Polynomial Arithmetic with Modulo Coefficients

when computing value of each coefficient, modulo some value

could be modulo any prime
but we are most interested in mod 2
■ ie all coefficients are 0 or 1
■ eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1
f(x) x g(x) = x5 + x2

Finite Fields

Chart 29
Modular Polynomial Arithmetic

■ Given any polynomials f,g, can write in the form:

□ f(x) = q(x) g(x) + r(x)
□ can interpret r(x) as being a remainder
□ r(x) = f(x) mod g(x)
■ if have no remainder say g(x) divides f(x)
■ if g(x) has no divisors other than itself & 1 say it is
irreducible (or prime) polynomial
■ Modular polynomial arithmetic modulo an irreducible
polynomial forms a field
□ Check the definition of a field Finite Fields

Chart 30
Polynomial GCD

■ can find greatest common divisor for polys

■ GCD: the one with the greatest degree
□ c(x) = GCD(a(x), b(x)) if c(x) is the poly of
greatest degree which divides both a(x), b(x)
□ can adapt Euclid’s Algorithm to find it:
□ EUCLID[a(x), b(x)]
1. A(x) = a(x); B(x) = b(x)
2. 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)]
3. R(x) = A(x) mod B(x)
4. A(x) ¨ B(x)
5. B(x) ¨ R(x) Finite Fields

6. goto 2
Chart 31
Modular Polynomial Arithmetic

■ can compute in field GF(2n)

□ polynomials with coefficients modulo 2
□ whose degree is less than n
□ Coefficients always modulo 2 in an operation
□ hence must modulo an irreducible polynomial of degree n (for
multiplication only)
■ form a finite field
■ can always find an inverse
□ can extend Euclid’s Inverse algorithm to find

Finite Fields

Chart 32
Example GF(23)

Finite Fields

Chart 33
Computational Considerations

■ since coefficients are 0 or 1, can represent any such polynomial

as a bit string
■ addition becomes XOR of these bit strings
■ multiplication is shift & XOR
□ Example in P.133
■ modulo reduction done by repeatedly substituting highest power
with remainder of irreducible poly (also shift & XOR)

Finite Fields

Chart 34
Summary

have considered:
■ concept of groups, rings, fields
■ modular arithmetic with integers
■ Euclid’s algorithm for GCD
■ finite fields GF(p)
■ polynomial arithmetic in general and in GF(2n)

Finite Fields

Chart 35
References

■ Cryptography and Network Security by William Stallings

■ Understanding Cryptography by Christof Paar and Jan Pelzl

Finite Fields

Chart 36
 Insert picture by
clicking the icon

Thank you
for your attention!
Johannes Sianipar