Cryptography

Assignment on Finite Fields

Submitted By:
P.Satyam
1206/06

Finite Fields
n

For every power p of a prime, there is exactly

n

one finite field with p elements. But the integer

n

modulo p does not form a field, since the

congrucence px 1(mod p n ) does not have a
solution.

Example 1 Construct GF(22 ).

Solution : Let Z2 [ X ]be the set of polynomials whose
coefficients are integers mod 2, such as X 6 X 1, X . The constant
polynomials 0,1 are also in Z 2 [ X ]. We can add, subtract, and multiply
in this set, as long as we work with the coefficients mod 2, such as
( X 3 X 1)( X 1) X 4 X 3 X 2 1. We can perform division
with remainder, just as with the integers. For example, we divide
X 2 X 1 into X 4 X 3 1, get X 4 X 3 1 ( X 2 1)( X 2 X 1) X .
We can write this as X 4 X 3 1 X (mod X 2 X 1). Therefore,
we can define Z 2 [ X ](mod X 2 X 1) to be the set
{0,1, X , X 1}
of polynomials of degree at most 1. For addition and multiplication
mod X 2 X 1, it is a field with 4 elements.

The Construction of the Finite

Field GF(pn)
n

The general procedure for constructing a finite field GF ( p ).

(1) Z p [ X ] is the set of polynomials with coefficients modp.
(2) Choose P ( X ) to be an irreducible polynomial modp of
degree n.
(3) Let GF ( p n ) be Z p [ X ]mod P( X ). Then GF ( p n ) is a
field with p n elements.
# What happens if we do the same construction for two
different irreducible polynomials, both of degree n? It is
possible to show that these are essentially the same field.

Finite Fields in AES

AES uses the finite field GF(28)
b7x7 + b6x6 + b5x5 + b4x4 + b3x3 + b2x2 + b1x +
b0
{b7, b6, b5, b4, b3, b2, b1, b0}

Byte notation for the element: x6 + x5 + x

+1
{01100011} binary
{63} hex

Has its own arithmetic operations

Addition
Multiplication

Finite Field Arithmetic

Addition (XOR)
(x6 + x4 + x2 + x + 1) + (x7 + x +
1) = x7 + x6 + x4 + x2
{01010111} {10000011} =
{11010100}
{57} {83} = {d4}
Multiplication is tricky

Finite Field
Multiplication ()

Finite Field Division

The Extended Euclidean Algorithm
Example 2 Consider GF(28 ) Z 2 [ X ](mod X 8 X 4
X 3 X 1), find the inverse of X 7 X 6 X 3 X 1.
Solution : Calculate gcd( X 7 X 6 X 3 X 1, X 8 X 4
X 3 X 1)(remainder divisor dividend ignore )
is the same as for integers :
X 8 X 4 X 3 X 1 ( X 1)( X 7 X 6 X 3 X 1) ( X 6 X 2 X )
X 7 X 6 X 3 X 1 ( X 1)( X 6 X 2 X ) 1.
Therefore,
1 ( X 2 )( X 7 X 6 X 3 X 1) ( X 1)( X 8 X 4 X 3 X 1).
Reducing mod X 8 X 4 X 3 X 1, we obtain :
( X 2 )( X 7 X 6 X 3 X 1) 1(mod X 8 X 4 X 3 X 1).

GF(28)
Use GF(28 ) Z 2 [ X ](mod X 8 X 4 X 3 X 1) as an example. Every
element can be represented uniquely as a polynomial
b7 X 7 b6 X 6 b5 X 5 b4 X 4 b3 X 3 b2 X 2 b1 X b0 ,
where each bi is 0 or 1. The 8 bits b7 b6b5b4b3b2b1b0 represent a byte. For
example, X 7 X 6 X 3 X 1 becomes 11001011 . Addition is the XOR
of the bits :
X 7 X 6 X 3 X 1X 4 X 3 1 11001011 XOR00011001
11010010 X 7 X 6 X 4 X .
Multiplication is
X 7 X 6 X 3 X 1
( X ) 11001011(shift left and append a 0)
110010110 110010110 XOR100011011(subtract X 8 X 4 X 3
X 1, if the first bit is 1) 010001101 .
In summary, we see that the operations in GF (28 ) is efficiently.

Efficient Finite field

Multiply
Theres a better way
xtime() very efficiently multiplies
its input by {02}

Multiplication by higher powers

can be accomplished through
repeat application of xtime()

Efficient Finite field

Multiply
Example: {57} {13}
{57}
{57}
{57}
{57}

{02}
{04}
{08}
{10}

=
=
=
=

xtime({57}) = {ae}
xtime({ae}) = {47}
xtime({47}) = {8e}
xtime({8e}) = {07}

{57} {13} = {57} ({01} {02} {10})

= ({57} {01}) ({57} {02}) ({57}
{10})
= {57} {ae} {07}
= {fe}

Thank
You..