Add to collection(s) Add to saved
  1. Math
  2. Linear Algebra

Document

advertisement 
COM5336 Cryptography
Lecture 12
Construction & Basic Properties of
Finite Fields
Scott CH Huang
Scott CH Huang
COM 5336 Cryptography Lecture 10
COM5137: Finite Field and Its Applications in Engineering
Construction of Finite Fields
Scott CH Huang
COM 5336
Ideas
• We wish to construct a finite field from a Euclidean domain.
• Elements of a Euclidean domain may not have multiplicative
inverses. We wish to find this cause and somehow “remove”
this cause.
• The idea of “removing this cause” is analogous to “dividing an
algebraic structure”.
Scott CH Huang
COM 5336
Equivalence Relations
• Let S be any set. A relation ~ on S is an equivalence relation iff
the following three conditions hold:
– Reflexivity: a~a for any a in S.
– Symmetry: For any a,b in S, a~b implies b~a.
– Transitivity: For any a,b,c in S, if a~b and b~c then a~c.
• Any equivalence relation on a set induces a partition of this
set.
Scott CH Huang
COM 5336
Equivalence Relation on an Algebraic Structure
• We may be able to define similar operations on these
partitioned subsets.
• However, we have to make sure such operations are welldefined.
• The resulted “quotient” structure may be similar to the
mother structure. i.e. quotient groups, quotient rings,
quotient spaces (in a vector space),…
Scott CH Huang
COM 5336
Theorem
• Given a Euclidean domain D and a prime p. Then D mod p is a
field.
• Application: Consider the polynomial ring
. Find an
irreducible polynomial
. Then
is a field.
Scott CH Huang
COM 5336
Direct Construction of Finite Fields
• Consider the polynomial ring over a field
.Find an
irreducible polynomial
. Then
is a field.
• In short, if we consider the polynomial ring
over
and
find an irreducible polynomial
of degree n, then
is a finite field of pn elements. This is how we
construct the Galois field GF(pn).
•
is also written as
in some Math
books.
Scott CH Huang
COM 5336
An Example: GF(128) in AES
• The irreducible polynomial:
• GF(128) is constructed as
Scott CH Huang
COM 5336
Alternative View of GF(pn)
• Let
be the irreducible polynomial used to
construct GF(pn).
• We can view GF(pn) as follows. “Imagine”
is a solution to
the equation
. Then GF(pn) is a vector space over
GF(p) of with basis
and an “extra” relation
• For example: Let
be a solution to
GF(128) is a vector space over
with basis
with the relation
.
Scott CH Huang
COM 5336
Number of Elements in Finite Fields
• Theorem : Let
prime number
be a finite field. Then
and
.
Scott CH Huang
COM 5336
, for some
COM5137: Finite Field and Its Applications in Engineering
Basic Properties of Finite Fields
Scott CH Huang
COM 5336
Homomorphism
• A homomorphism is a structure-preserving map between two
algebraic structures.
• The definition depends on the type of algebraic structure
under consideration.
• A group homomorphism is a homomorphism between two
groups.
• A ring homomorphism is a homomorphism between two rings.
Scott CH Huang
COM 5336
Group Homomorphism
•
A group homomorphism from (G,*) to (H,·) is a function
Scott CH Huang
COM 5336
Group Homomorphism (cont)
• We define the kernel of h to be the set of elements in G which
are mapped to the identity in H, i.e.,
• We define the image of h to be
• Ker(h) is a (normal) subgroup of G and Im(h) is a subgroup of
H.
• Lagrange Theorem: If G is a finite group and H is a subgroup
of G. Then
Scott CH Huang
COM 5336
Ring Homomorphism
• A ring homomorphism from R to S is a function
– h(u+v)=h(u)+h(v)
– h(uv)=h(u)h(v)
• The kernel of h is defined to be the set of elements in R
mapped to the 0 in S, i.e.,
• Ker(h) is an ideal of R and Im(h) is a subring of S.
Scott CH Huang
COM 5336
Isomorphism
• If a homomorphism is bijective (both injective and surjective),
it is called an isomorphism.
Scott CH Huang
COM 5336
Subfield and Field Extension
• If
are both fields and
. Then is called a field
extension of
and
is called a subfield of .
• We can view
as a vector space over
by defining the
scalar product as field multiplication.
Scott CH Huang
COM 5336
Ring Homomorphism from Zp to F
• Let
be a finite field and
• p must be a prime. (why?)
• Define
as follows:
.
– h(0)=0. h(1)=1.
– h(n+1)=h(n)+h(1)
• h is a ring homomorphism. i.e.,
– h(m+n)=h(m)+h(n)
– h(mn)=h(m)h(n)
Scott CH Huang
COM 5336
Ring Homomorphism from Zp to F
• h is injective.
• Im(h) is a subfield of .
• Therefore, contains a subfield isomorphic to . This
subfield is called the prime subfield of .
• Every field of characteristic p (p<∞) contains a prime subfield
isomorphic to . In fact, every field of characteristic 0
contains a prime subfield isomorphic to .
Scott CH Huang
COM 5336
Cyclic Subgroup and Order of an Element
• Let G be a finite group and α G.
• Since G is finite, the set {e,α,α2,…} is finite. At some point,
there must be some repetition.
• Let αk=αk+t be the first repetition. Then αt=e. This t is called
the order of α, denoted by ord(α).
Scott CH Huang
COM 5336
Multiplicative Structure of a Finite Field
• Given a finite field . Consider the multiplicative group
.
• For any
. We have
.
• Lemma: If
and the deg(p(x))=m, then p(x)=0 can
have at most m solutions.
• Lemma: Let ord(α)=t. Then ord(αi) =t/gcd(i,t).
Scott CH Huang
COM 5336
The Euler φ-function
• φ(n) is defined as “the number of integers in {1,2,…,n-1} that
are relatively prime to n.
• Formally,
• The multiplicative group
has φ(n) elements.
• Theorem: In any field , there are either no element of
order t or exactly φ(t) elements of order t.
• Theorem:
Scott CH Huang
COM 5336
• Theorem: Let be a finite field with q elements.
. If t
does not divide (q-1), then there are no elements of order t. If
t divides (q-1), then there are exactly φ(t) elements of order t.
• Corollary: In any finite field
of size q, there exists at least
one element α of order q-1. i.e., the multiplicative group
is
cyclic. (This can also be proved by applying the Fundamental
Theorem of Finite Abelian Groups).
• Definition: Such α is called a primitive root of .
Scott CH Huang
COM 5336
Fundamental Theorem of Finite Abelian Groups
Every finite abelian group G can be expressed as the direct
sum of cyclic subgroups of prime-power order. In other words,
every finite abelian group is isomorphic to
where k1, k2,… can be are powers of primes. (Primary
decomposition). Or equivalently, k1|k2, k2|k3 ,… (Invariant
factor decomposition)
Scott CH Huang
COM 5336
An Example of Finite Abelian Group Decomposition
360=23*32*5.
Primary decomposition
Invariant factor decomposition
Z2× Z2× Z2× Z3× Z3× Z5
Z2× Z6× Z30
Z2× Z2× Z2× Z9× Z5
Z2× Z2× Z90
Z2× Z4× Z3× Z3× Z5
Z6× Z60
Z2× Z4× Z9× Z5
Z2× Z180
Z8× Z3× Z3× Z5
Z3× Z120
Z8× Z9× Z5
Z360
Scott CH Huang
COM 5336
Proof of Existence of Primitive Elements
• Let
be a finite field. Then
is a finite abelian group.
• Apply the fundamental theorem of finite abelian group with
invariant factor decomposition:
where
• Therefore,
• The above means every element in
is a solution to the
equation
, which has degree
• Moreover, 0 is also a solution to this equation, so this
equation has exactly
solutions in .
• Since the number of solutions in a field cannot exceed its
degree, we have
is cyclic and there
exists an element of order
.
Scott CH Huang
COM 5336
Gauss’s Algorithm
1.
2.
3.
4.
Set i=1. Pick
. Let ord(α1)=t1.
If ti=q-1, stop and return αi.
Otherwise we choose
, β is not a power of αi. Let
ord(β)=s. If s=q-1, stop and return αi+1 =β.
Otherwise we find d|ti and e|s with gcd(d,e)=1 and
de=lcm(ti,s). Let αi+1 =  t / d  s / e and ti+1=lcm(ti,s). i=i+1. Goto
step 2.
i
Scott CH Huang
COM 5336
• Lemma: Let ord(α)=m, ord(β)=n. gcd(m,n)=1. Then
ord(αβ)=mn
Scott CH Huang
COM 5336
Minimal Polynomials
• Theorem 5.9: Let be a finite field of size pm .
. Then
there is a polynomial
(where
the prime
subfield of ) such that
– p(α)=0
– deg(p) ≤ m
– If
such that f(α)=0, then p(x)|f(x).
• Such p(x) is called a minimal polynomial of α w.r.t. . If we
only consider monic polynomials, then the minimal
polynomial is unique.
Scott CH Huang
COM 5336
Primitive Polynomials
• For any finite field and
, the minimal polynomial of α
exists. (Why?)
• The minimal polynomial of a primitive root of is called a
primitive polynomial.
• It is quite convenient to represent a finite field using its
primitive polynomial.
Scott CH Huang
COM 5336
• Let be a finite field and
be a subfield (not necessarily
the prime subfield). Let
. Then there is a unique monic
polynomial
such that
– p(α)=0
– If
such that f(α)=0, then p(x)|f(x).
• Lemma: Let be a finite field and
necessarily the prime subfield). Let
iff
.
Scott CH Huang
COM 5336
be a subfield (not
. Let
. Then
Conjugates
• Let
be two fields,
. If p(α)=0.
Then p(αq)=0.
• Therefore, if α is a zero of p(x), so is
• These elements are called the conjugates of α.
Scott CH Huang
COM 5336
Number of Distinct Conjugates
• The number d of distinct conjugates of α is called the degree
of α.
• Theorem: Let d be the degree of α and n is the dimension of
vector space over . Then d|n, and d can be determined
as the smallest integer
holds. Moreover, if
then
Scott CH Huang
COM 5336
Explicit Formula for Minimal Polynomial
• Let
be a finite field and
be one of its subfields with
and
. Let
Then the minimal polynomial
of α w.r.t. is given by
where d is the degree of α w.r.t. .
Scott CH Huang
COM 5336
Related documents
Slide 1
Slide 1
Euclidean domain
Euclidean domain
16th January, 2014 Dear students, We are happy that you will be
16th January, 2014 Dear students, We are happy that you will be
Does Not Compute 5: DFA/NFA Equivalence Turing Machines
Does Not Compute 5: DFA/NFA Equivalence Turing Machines
Unit 5 China Study Guide - Marshall Community Schools
Unit 5 China Study Guide - Marshall Community Schools
Easy read - Pathways Associates & NWTDT
Easy read - Pathways Associates & NWTDT
Document
Document
Abstract
Abstract
Download
advertisement