Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 4Chapter 4

IntroductionIntroduction

will now introduce Algebraic structureswill now introduce Algebraic structures of increasing importance in cryptographyof increasing importance in cryptography

AES, Elliptic Curve, IDEA, Public KeyAES, Elliptic Curve, IDEA, Public Key

Common algebraic structures are:Common algebraic structures are:

1.1. GroupsGroups

2.2. RingsRings

3.3. FieldsFields

GroupGroup a set of elements or “numbers”a set of elements or “numbers”

may be finite or infinitemay be finite or infinite with some operation whose result is also with some operation whose result is also

in the set (closure) in the set (closure) obeys:obeys:

associative law:associative law: (a.b).c = a.(b.c)(a.b).c = a.(b.c) has identity has identity ee:: e.a = a.e = ae.a = a.e = a has inverses has inverses aa-1-1:: a.aa.a-1-1 = e = e

if commutative if commutative a.b = b.aa.b = b.a then forms an then forms an abelian groupabelian group

The set of residue integers with the addition The set of residue integers with the addition operator, G = <Zn, +>, is a commutative operator, G = <Zn, +>, is a commutative group. We can perform addition and group. We can perform addition and subtraction on the elements of this set without subtraction on the elements of this set without moving out of the set.moving out of the set.

Checking the properties:Checking the properties:

1.1. Closure is satisfied. 3+5 = 8Closure is satisfied. 3+5 = 8

2.2. Associativity is satisfied. (3+5)+ 4= 3+(5+4)= Associativity is satisfied. (3+5)+ 4= 3+(5+4)= 1212

3.3. Commutativity is satisfied. 3+5= 5+3Commutativity is satisfied. 3+5= 5+3

4.4. Identity element exists. 3+0=0+3=3Identity element exists. 3+0=0+3=3

5.5. Inverse exists for 3 its -3Inverse exists for 3 its -3

Finite group: A group is called a finite Finite group: A group is called a finite group if the set has a finite number of group if the set has a finite number of elements; other wise it is an infinte group.elements; other wise it is an infinte group.

Order of a group: NO. of elements present Order of a group: NO. of elements present in the group.in the group.

Subgroup: A subset H of a group G is a Subgroup: A subset H of a group G is a subgroup of G if H itself is a group , with subgroup of G if H itself is a group , with respect to the operations on G.respect to the operations on G.

Is the group H= <Z10, +> a subgroup of Is the group H= <Z10, +> a subgroup of the group G= <Z12,+>????the group G= <Z12,+>????

Cyclic GroupCyclic Group

define define exponentiationexponentiation as repeated as repeated application of operatorapplication of operator example:example: aa33 = a.a.a = a.a.a

and let identity be:and let identity be: e=e=aa00

a group is cyclic if every element is a a group is cyclic if every element is a power of some fixed elementpower of some fixed element ie ie b =b = aakk for some for some aa and every and every bb in group in group

aa is said to be a generator of the group is said to be a generator of the group

Cyclic Sub groupCyclic Sub group

If a subgroup can be generated using the If a subgroup can be generated using the power of an element, the subgroup is power of an element, the subgroup is called the cyclic subgroup.called the cyclic subgroup.

example:example: aann = a.a.a.a.......a(n = a.a.a.a.......a(n times)times)

The set made from this process is The set made from this process is referred to as <a>.referred to as <a>.

aa00 = e. = e.

Four cyclic subgroups can be made from Four cyclic subgroups can be made from group G= <Z6, +>group G= <Z6, +>

They are H1=<{0},+>They are H1=<{0},+> H2=<{0,2,4},+>H2=<{0,2,4},+> H3=<{0,3},+>H3=<{0,3},+> H4=GH4=G

Suppose a group has only 4 elements Suppose a group has only 4 elements {1,3,7,9} and is denoted by Z10*.{1,3,7,9} and is denoted by Z10*.

Find the elements of these subgroups.Find the elements of these subgroups.

Suppose a group has only 4 elements Suppose a group has only 4 elements {1,3,7,9} and is denoted by Z10*.{1,3,7,9} and is denoted by Z10*.

Find the elements of these subgroups.Find the elements of these subgroups.

H1=1H1=1

H2=1,9H2=1,9

H3=1,3,9,7H3=1,3,9,7

RingRing a set of “numbers” a set of “numbers” with two operations (addition and multiplication) with two operations (addition and multiplication)

which form:which form: an abelian group with addition operation an abelian group with addition operation and multiplication:and multiplication:

has closurehas closure is associativeis associative distributive over addition:distributive over addition: a(b+c) = ab + aca(b+c) = ab + ac

if multiplication operation is commutative, it if multiplication operation is commutative, it forms a forms a commutative ringcommutative ring

if if multiplication operation has an identity(a1 = multiplication operation has an identity(a1 = 1a= a) and no zero divisors(ab=0 either a or 1a= a) and no zero divisors(ab=0 either a or b=0), it forms an b=0), it forms an integral domainintegral domain

FieldField

a set of numbers a set of numbers with two operations(addition, with two operations(addition,

multiplication) which follows all the rules of multiplication) which follows all the rules of groups and rings and one more condition:groups and rings and one more condition:

MI= For each a in F, except zero, there is MI= For each a in F, except zero, there is an element a.a(^-1)= a(^-1).a =1an element a.a(^-1)= a(^-1).a =1

have hierarchy with more axioms/lawshave hierarchy with more axioms/laws group -> ring -> fieldgroup -> ring -> field

Finite (Galois) FieldsFinite (Galois) Fields

finite fields play a key role in cryptographyfinite fields play a key role in cryptography can show number of elements in a finite can show number of elements in a finite

field field mustmust be a power of a prime p be a power of a prime pnn

known as Galois fieldsknown as Galois fields denoted GF(pdenoted GF(pnn)) in particular often use the fields:in particular often use the fields:

GF(p)GF(p) GF(2GF(2nn))

Galois Fields GF(p)Galois Fields GF(p)

GF(p) is the set of integers {0,1, … , p-1} GF(p) is the set of integers {0,1, … , p-1} with arithmetic operations modulo prime pwith arithmetic operations modulo prime p

these form a finite fieldthese form a finite field since have multiplicative inversessince have multiplicative inverses find inverse with Extended Euclidean algorithm find inverse with Extended Euclidean algorithm

hence arithmetic is “well-behaved” and can hence arithmetic is “well-behaved” and can do addition, subtraction, multiplication, and do addition, subtraction, multiplication, and division without leaving the field GF(p)division without leaving the field GF(p)

GF(7) Multiplication Example GF(7) Multiplication Example

0 1 2 3 4 5 6

0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6

2 0 2 4 6 1 3 5

3 0 3 6 2 5 1 4

4 0 4 1 5 2 6 3

5 0 5 3 1 6 4 2

6 0 6 5 4 3 2 1

Polynomial ArithmeticPolynomial Arithmetic

can compute using polynomialscan compute using polynomialsff((xx) = a) = annxxnn + a + an-1n-1xxn-1n-1 + … + a + … + a11x + x + aa00 = ∑ a = ∑ aiixxii

• nb. not interested in any specific value of xnb. not interested in any specific value of x• which is known as the indeterminatewhich is known as the indeterminate

several alternatives availableseveral alternatives available ordinary polynomial arithmeticordinary polynomial arithmetic poly arithmetic with coords mod ppoly arithmetic with coords mod p poly arithmetic with coords mod p and poly arithmetic with coords mod p and

polynomials mod m(x)polynomials mod m(x)

Ordinary Polynomial ArithmeticOrdinary Polynomial Arithmetic

add or subtract corresponding coefficientsadd or subtract corresponding coefficients multiply all terms by each othermultiply all terms by each other egeg

let let ff((xx) = ) = xx33 + + xx22 + 2 and + 2 and gg((xx) = ) = xx22 – – x x + 1+ 1ff((xx) + ) + gg((xx) = ) = xx33 + 2 + 2xx22 – – x x + 3+ 3ff((xx) – ) – gg((xx) = ) = xx33 + + x x + 1+ 1ff((xx) x ) x gg((xx) = ) = xx55 + 3 + 3xx22 – 2 – 2x x + 2+ 2

Polynomial Arithmetic with Polynomial Arithmetic with Modulo CoefficientsModulo Coefficients

when computing value of each coefficient when computing value of each coefficient do calculation modulo some valuedo calculation modulo some value forms a polynomial ringforms a polynomial ring

could be modulo any primecould be modulo any prime but we are most interested in mod 2but we are most interested in mod 2

ie all coefficients are 0 or 1ie all coefficients are 0 or 1 eg. let eg. let ff((xx) = ) = xx33 + + xx22 and and gg((xx) = ) = xx22 + + x x + 1+ 1

ff((xx) + ) + gg((xx) = ) = xx33 + + x x + 1+ 1ff((xx) x ) x gg((xx) = ) = xx55 + + xx22

Polynomial DivisionPolynomial Division

can write any polynomial in the form:can write any polynomial in the form: ff((xx) = ) = qq((xx) ) gg((xx) + ) + rr((xx)) can interpret can interpret rr((xx) ) as being a remainderas being a remainder rr((xx) = ) = ff((xx) mod ) mod gg((xx))

if have no remainder say if have no remainder say gg((xx) divides ) divides ff((xx)) if if gg((xx) has no divisors other than itself & 1 ) has no divisors other than itself & 1

say it is say it is irreducibleirreducible (or prime) polynomial (or prime) polynomial arithmetic modulo an irreducible arithmetic modulo an irreducible

polynomial forms a fieldpolynomial forms a field

Polynomial GCDPolynomial GCD

can find greatest common divisor for polyscan find greatest common divisor for polys c(x)c(x) = GCD( = GCD(a(x), b(x)a(x), b(x)) if ) if c(x)c(x) is the poly of greatest is the poly of greatest

degree which divides both degree which divides both a(x), b(x)a(x), b(x) can adapt Euclid’s Algorithm to find it:can adapt Euclid’s Algorithm to find it:

Euclid(Euclid(aa((xx)), b, b((xx))) ) if (if (bb((xx))=0) then return =0) then return aa((xx)); ; else return else return

Euclid(Euclid(bb((xx)), , aa((xx)) mod mod bb((xx))););

all foundation for polynomial fields as see nextall foundation for polynomial fields as see next

Modular Polynomial Modular Polynomial ArithmeticArithmetic

can compute in field GF(2can compute in field GF(2nn) ) polynomials with coefficients modulo 2polynomials with coefficients modulo 2 whose degree is less than nwhose degree is less than n hence must reduce modulo an irreducible poly hence must reduce modulo an irreducible poly

of degree n (for multiplication only)of degree n (for multiplication only) form a finite fieldform a finite field can always find an inversecan always find an inverse

can extend Euclid’s Inverse algorithm to findcan extend Euclid’s Inverse algorithm to find

Example GF(2Example GF(233))

Computational Computational ConsiderationsConsiderations

since coefficients are 0 or 1, can represent since coefficients are 0 or 1, can represent any such polynomial as a bit stringany such polynomial as a bit string

addition becomes XOR of these bit stringsaddition becomes XOR of these bit strings multiplication is shift & XORmultiplication is shift & XOR

cf long-hand multiplicationcf long-hand multiplication modulo reduction done by repeatedly modulo reduction done by repeatedly

substituting highest power with remainder substituting highest power with remainder of irreducible poly (also shift & XOR)of irreducible poly (also shift & XOR)

Computational ExampleComputational Example

in in GF(2GF(233) have ) have (x(x22+1) is 101+1) is 10122 & (x & (x22+x+1) is 111+x+1) is 11122

so addition isso addition is (x(x22+1) + (x+1) + (x22+x+1) = x +x+1) = x 101 XOR 111 = 010101 XOR 111 = 01022

and multiplication isand multiplication is (x+1).(x(x+1).(x22+1) = x.(x+1) = x.(x22+1) + 1.(x+1) + 1.(x22+1) +1)

= x= x33+x+x+x+x22+1 = x+1 = x33+x+x22+x+1 +x+1 011.101 = (101)<<1 XOR (101)<<0 = 011.101 = (101)<<1 XOR (101)<<0 =

1010 XOR 101 = 11111010 XOR 101 = 111122 polynomial modulo reduction (get q(x) & r(x)) ispolynomial modulo reduction (get q(x) & r(x)) is

(x(x33+x+x22+x+1 ) mod (x+x+1 ) mod (x33+x+1) = 1.(x+x+1) = 1.(x33+x+1) + (x+x+1) + (x22) = x) = x22

1111 mod 1011 = 1111 XOR 1011 = 01001111 mod 1011 = 1111 XOR 1011 = 010022