1 / 92

Number Theory and Advanced Cryptography 1. Finite Fields and AES

Number Theory and Advanced Cryptography 1. Finite Fields and AES. Chih-Hung Wang Sept. 2012. Part I: Introduction to Number Theory Part II: Advanced Cryptography. Group. A set of elements or “ numbers ” obeys: (A1) Closure: If a and b belong to G , then a  b is also in G .

jaultman
Download Presentation

Number Theory and Advanced Cryptography 1. Finite Fields and AES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Number Theory and Advanced Cryptography1. Finite Fields and AES Chih-Hung Wang Sept. 2012 Part I: Introduction to Number Theory Part II: Advanced Cryptography

  2. Group • A set of elements or “numbers” • obeys: • (A1) Closure: If a and b belong to G, then ab is also in G. • (A2) Associative: (ab) c = a(b c) • (A3) Identity element: There is an element e in G such that a e = e a = a • (A4) Inverses element: For each a in G there is an element a’ in G such that a a’ = a’ a = e • If commutative (A5) a b = b a for all a, b in G then forms an abelian group

  3. Cyclic Group • Define exponentiation as repeated application of operator • example: a-3 = a a a • Define identity: e=a0 • a-n=(a’)n • A group is cyclic if every element is a power of some fixed element • ie b = ak for some a and every b in group G • a is said to generate the group G or to be a generator of G.

  4. Ring • A set of “numbers” with two operations (addition + and multiplication ) which are: • An abelian group with addition operation (A1-A5) • Multiplication: • (M1) Closure • (M2) Associative: a(bc)=(ab)c • (M3) Distributive law: a(b+c) = ab + ac • If multiplication operation is commutative, it forms a commutative ring • (M4) Commutativity of multiplication: ab=ba • If multiplication operation has identity and no zero divisors, it forms an integral domain • (M5) Multiplicative identity: There is an element 1 in R such that a1=1a =a • (M6) No zero divisors: If a,b in R and ab=0, then either a=0 or b=0.

  5. Field • A set of numbers with two operations: • Abelian group for addition (A1-A5) • Abelian group for multiplication (ignoring 0) (M1-M6) • (M7) Multiplicative inverse: For each a in F, except 0, there is an element a-1 in F such that aa-1=(a-1)a =1.

  6. Group, Ring and Field

  7. Modular Arithmetic • Define modulo operatora mod n to be remainder when a is divided by n • Use the term congruence for: a ≡ b mod n • when divided by n, a & b have the same remainder • eg. 73 ≡ 4 mod 23 • r is called the residue of a mod n • since with integers can always write: a = qn + r • Usually have 0 <= b <= n-1 • -12 mod 7 ≡ -5 mod 7 ≡ 2 mod 7 ≡ 9 mod 7

  8. The Relationship a = qn + r, 0r<n

  9. Modulo 7 Example ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ...

  10. Divisors • Say a non-zero number bdividesa if for some m have a=mb (a,b,m are all integers) • That is b divides into a with no remainder • Denote this b|a • Also say that b is a divisor of a • eg. all of 1,2,3,4,6,8,12,24 divide 24

  11. Modular Arithmetic Operations • is 'clock arithmetic' • uses a finite number of values, and loops back from either end • modular arithmetic is when do addition & multiplication and modulo reduce answer • can do reduction at any point, ie • a+b mod n = [(a mod n) + (b mod n)] mod n • a-b mod n = [(a mod n) – (b mod n)] mod n • ab mod n = [(a mod n)  (b mod n)] mod n

  12. Property

  13. Modular Arithmetic • Can do modular arithmetic with any group of integers: Zn = {0, 1, … , n-1} • form a commutative ring for addition • with a multiplicative identity • note some peculiarities • if (a+b)≡(a+c) mod n then b≡c mod n • but (ab)≡(ac) mod n then b≡c mod n only if a is relatively prime to n

  14. Relatively Prime • Relative prime: their only common positive integer factor is 1. • An integer has a multiplicative inverse in Zn if that integer is relatively prime to n. • Example: • 63=18 ≡ 2 mod 8 • 67=42 ≡ 2 mod 8 • 3 ≡ 7 mod 8 6 and 8 are not relatively prime

  15. Residue Class • The residue classes modulo n as • [0], [1], [2], …, [n-1] where • [r] = {a: a is an integer, a≡ r mod n}

  16. Multiplicative Inverse • If p is a prime number, then all the elements of Zp are relatively prime to p • Multiplicative inverse (w-1) • For each there exists a z such that wz 1 mod p • For each and gcd(w,n)=1, there exists a z such that w z 1 mod n

  17. Modulo 8 Example (1)

  18. Modulo 8 Example (2)

  19. Properties of Modular Arithmetic for Integer Zn

  20. Greatest Common Divisor (GCD) • A common problem in number theory • GCD (a,b) of a and b is the largest number that divides evenly into both a and b • eg GCD(60,24) = 12 • Often want no common factors (except 1) and hence numbers are relatively prime • eg GCD(8,15) = 1 • hence 8 & 15 are relatively prime

  21. Euclid's GCD Algorithm • An efficient way to find the GCD(a,b) • uses theorem that: • GCD(a,b) = GCD(b, a mod b) • gcd(55,22)=gcd(22,55 mod 22)=gcd(22,11)=11 • Euclid's Algorithm to compute GCD(a,b): • EUCLID(a,b) • A a; B b • If B=0 return A=gcd(a,b) • R = A mod B • A  B • B  R • goto 2

  22. Example GCD(1970,1066) 1970 = 1 x 1066 + 904 gcd(1066, 904) 1066 = 1 x 904 + 162 gcd(904, 162) 904 = 5 x 162 + 94 gcd(162, 94) 162 = 1 x 94 + 68 gcd(94, 68) 94 = 1 x 68 + 26 gcd(68, 26) 68 = 2 x 26 + 16 gcd(26, 16) 26 = 1 x 16 + 10 gcd(16, 10) 16 = 1 x 10 + 6 gcd(10, 6) 10 = 1 x 6 + 4 gcd(6, 4) 6 = 1 x 4 + 2 gcd(4, 2) 4 = 2 x 2 + 0 gcd(2, 0)

  23. Galois Fields • Finite fields play a key role in cryptography • Can show number of elements in a finite field must be a power of a prime pn • Known as Galois fields • Denoted GF(pn) • In particular often use the fields: • GF(p) • GF(2n)

  24. Galois Fields GF(p) • GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime p • These form a finite field • since have multiplicative inverses • Hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and division without leaving the field GF(p)

  25. Example GF(7) -- (1)

  26. Example GF(7) -- (2)

  27. Finding Inverses (1) • Can extend Euclid’s algorithm: EXTENDED EUCLID(m, b) 1. (A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b–1 mod m 4. Q = A3 / B3 5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2

  28. Finding Inverses (2)

  29. Inverse of 550 in GF(1759) 550 545 1759 1650 3 5 109 5

  30. Polynomial Arithmetic • Ordinary polynomial arithmetic • A polynomial with degree n

  31. Polynomial Arithmetic with Coefficients in Zp • Polynomial ring • Example of GF(2)

  32. Example of GF(2)

  33. Irreducible • A polynomial f(x) over a field F is called irreducible if and only if f(x) cannot be expressed as a product of two polynomials. • The polynomial over GF(2) is reducible because is irreducible

  34. Finding the GCD • EUCLID Algorithm

  35. Finite Fields of the Form GF(2n) • To work with integers that fit exactly into a given number of bits, with no wasted bit patterns. (for implementation efficiency) • Arithmetic in GF(23) • Addition

  36. Arithmetic in GF(23) • Multiplication

  37. Arithmetic in GF(23) • Additive and multiplicative inverses

  38. Modular Polynomial Arithmetic • Consider the set S of all polynomials of degree n-1 or less over the field Zp. Thus, each polynomial has the form where each ai takes on a value in the set {0,1,…,p-1}. There are a total of pn different polynomials in S.

  39. Arithmetic Operations • Arithmetic follows the ordinary rules of polynomial arithmetic using the basic rules of algebra, with the following refinements. • Arithmetic on the coefficients is performed modulo p. That is, we use the rules of arithmetic for the finite field Zp. • If multiplication results in a polynomial of degree greater than n-1, than the polynomial is reduced modulo some irreducible polynomial m(x) of degree n. That is, we divide by m(x) and keep the remainder. For a polynomial f(x), the remainder is expressed as r(x)=f(x) mod m(x).

  40. Example of GF(28) – in AES (1)

  41. Example of GF(28) – in AES (2)

  42. Construction of GF(23) • Two irreducible polynomials in GF(23)

  43. Polynomial Arithmetic Modulo (1)

  44. Polynomial Arithmetic Modulo (2)

  45. Finding the Multiplicative Inverse

  46. Implementation Considerations (1) • Addition

  47. Implementation Considerations (2) • Multiplication (1)

  48. Implementation Considerations (3) • Multiplication (2)

  49. Implementation Considerations (4) • Multiplication (3)

  50. AES (Advanced Encryption Standard) • Next generation encryption standard of NIST/FIPS • It will replace the use of DES in the following 30 years • The sensitive information protected by AES can not be revealed within 100 years • It is selected by the competition from international selection process

More Related