Scribd
Upload
3 views

Algebraic Structure

The document introduces Galois Fields and their applications in cryptography, focusing on algebraic structures such as groups, rings, and fields. It explains the properties of finite groups, rings, and fields, leading to the definition of Galois Fields (GF(pk)), which are finite fields with a prime power number of elements. The document also discusses irreducible and primitive polynomials, which are essential for generating elements in Galois Fields.

Uploaded by

priyanshupriyadrshithe
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Algebraic Structure

The document introduces Galois Fields and their applications in cryptography, focusing on algebraic structures such as groups, rings, and fields. It explains the properties of finite groups, rings, and fields, leading to the definition of Galois Fields (GF(pk)), which are finite fields with a prime power number of elements. The document also discusses irreducible and primitive polynomials, which are essential for generating elements in Galois Fields.

Uploaded by

priyanshupriyadrshithe
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Introduction to Galois Fields

Arup Kumar Pal


Department of Computer Science & Engineering
Indian Institute of Technology (ISM), Dhanbad
Jharkhand-826004
E-mail: [email protected]

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 1


Outline
Algebraic Structures
Group
Ring
Group and Ring applications: DH Key
exchange protocol, RSA, ECC
Field
➢ Galois Field
Field application: AES

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 2


Algebraic Structures
Cryptography requires sets of integers and
specific operations that are defined for
those sets.
A non-empty set G equipped with one or
more binary operations is called an
algebraic structure
In this lecture, three common algebraic
structures i.e. groups, rings, and fields will
be discussed.
Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 3
Group
Group is an algebraic structure with only
one binary operation.
A group(G) is a set of elements with a
binary operation(○) that satisfies four
properties. A commutative/abelian group
satisfies an extra property i.e. commutative.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 4


Contd…
Closure: if a, bϵG, then c=a○b also an element of G.
Associativity: if a, b, c ϵ G, then
(a ○ b) ○ c=a ○(b ○ c).
Existence of identity: for all aϵG, there exists an
element e in G such that a ○ e=e ○ a=a.
e is called identity element of G.
Existence of inverse: for all a in G, there exists
an element a′ in G such that a ○ a′=a′ ○ a=e.
a′ is called inverse element of a.
Commutativity: if a, b ϵ G, then a ○ b=b ○ a.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 5


Example
Example1: Let us define a Group
G=<{0,1,2,3},+4> and the operation as shown in
Table 1. Here +4 is addition modulo 4.

The identity element is 0.


This set does not form a
group with the operation
multiplication.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 6


Contd…
In cryptography, all groups do not play a significant role
since we need groups with a finite number of elements.
The group * which is very important for many
n
cryptographic schemes such as DHKE, Elgamal
encryption, digital signature algorithm and many others.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 7


Group
Finite Group: A group (G, ○) is said to be a finite
group if G contains a finite number of elements.
We denote the cardinality or order of the group
G by |G|.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 8


Contd…

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 9


Contd…
It is very interesting to look at what happens if
we keep multiplying the result by a:

• The powers of a run through the sequence


{3,9,5,4,1} indefinitely. This cyclic behavior
gives rise to following definition:
Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 10
Cyclic Group
A cyclic group is a group in which every
element can be generated by a single element
of the group. The single element is called the
generator of the cyclic group.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 11


Contd…

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 12


Rings
A ring is a set R defined as <R,{+,×}>. Ring is closed under
two operations + and x (satisfies closure property for both +
and x) and satisfying the following properties:
1. R is an abelian group under +.
2. Associativity of × : For every a, b, c ∈ R, a × (b × c) = (a
× b) × c.
3. Distributive properties: For every a, b, c ∈ R the following
identities holds: a × (b + c) = (a × b) + (a × c) and,
(b + c) × a = b × a + c × a.
• Set of Real number together with addition and
multiplication is Ring.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 13


Fields
A field is a set F which is defined as <F,{+,x}>. which is closed under two
operations + and × such that:
1. F is an abelian group under + .
2. F − {0} (the set F without the additive identity 0) is an abelian group
under ×.

Properties under (+ operator) Properties under (x operator)


1. ∀ {a, b}∈F, (a+b)∈F 1. ∀ {a, b}∈F-{0}, {a·b}∈F-{0}
2. ∀ {a,b,c}∈F, (a+b)+c=a+(b+c) 2. ∀ {a,b,c}∈F-{0}, (a·b)·c=a·(b·c)
3. ∀ {a,b}∈F, a+b=b+a 3. ∀ {a,b}∈F-{0}, a·b=b·a
4. ∃ 0∈F, ∀ a∈F, a+0=a 4. ∃ 1∈F-{0}, ∀ a∈F-{0}, a·1=a
5. ∀ a∈F, ∃ -a∈F, a+(-a)=0 5. ∀ {a,b,c}∈F-{0},a·(b+c)=a·b+a·c

February 14,
Vu Pham Department of CSE, ISM Dhanbad 14
2025
Galois Fields
In cryptography, we are almost always
interested in fields with a finite number of
elements, which we call finite fields or Galois
fields.
The number of elements in the field is called
the order or cardinality of the field.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 15


Contd…
This theorem implies that there are, for
instance, finite fields with 11 elements, or with
81 elements (since 81 = 34) or with 256
elements (since 256 = 28).
However, there is no finite field with 12
elements since 12 = 22 · 3, and 12 is thus not a
prime power.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 16


Galois Fields GF(𝑝𝑘)
➢ Theorem: For every prime power 𝑝𝑘 (𝑘=1,2,…), there is a unique
finite field containing 𝑝𝑘 elements.
➢ These fields are denoted by GF(𝑝𝑘) and are called Galois fields.
There are no finite fields with other cardinalities.

➢ There are 2 types of Galois Field depending on 𝑘


1. Prime Field : 𝑘=1, GF(𝑝) = {0, 1, 2, ..., 𝑝-1}
2. Extension Field : 𝑘>1, GF(𝑝𝑘)

➢ The elements of extension field are not in real space, therefore


an imaginary element 𝛼 is assumed which is an imaginary root
of a primitive polynomial (similar to a prime number).

∴ GF(𝑝𝑘) = {0,1,𝛼,𝛼2,𝛼3,....,𝛼𝓃-2} where 𝓃=𝑝𝑘.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 17


Irreducible Polynomials
A polynomial is irreducible in GF(𝑝) if it does not factor over GF(𝑝) else
it is reducible. It’s analogous to prime numbers and will be used in
polynomial multiplication in fields.
➢ All primitive polynomials are irreducible, but reverse is not true.
➢ To find the irreducible polynomials, 𝓍𝓃 + 1 where 𝓃 = 𝑝𝑘-1
is factored.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 18


Finding Irreducible Polynomials
Irreducible polynomial for GF(23):
1. Find the factors of 𝓍2^3 -1 + 1 using vanishing method (performing all
operations under modulo 2).
2. Put 𝓍 = 1 in 𝓍7+1. We get (17+1) % 2 = 2 % 2 =0 . Thus (𝓍+1) is a
factor.
3. We divide 𝓍7+1 by 𝓍+1 using polynomial operations explained
earlier.
4. We get 𝓍7+1 = (𝓍+1) (𝓍6+𝓍5+𝓍4+𝓍3+𝓍2+𝓍1+1).
5. Similarly, we perform further factorisation and finally we obtain,
𝓍7+1 = (𝓍+1)(𝓍3+𝓍+1)(𝓍3+𝓍2+1)
6. The polynomials 𝓍+1, 𝓍3+𝓍+1 and 𝓍3+𝓍2+1 are the irreducible
polynomials as they cannot be further factored.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 19


Examples

Degree Irreducible polynomial

1 𝓍+1, 𝓍
2 𝓍2+𝓍+1
3 𝓍3+𝓍2+1, 𝓍3+𝓍+1
4 𝓍4+𝓍3+1, 𝓍4+𝓍+1
5 𝓍5+𝓍2+1, 𝓍5+𝓍3+𝓍2+𝓍+1, 𝓍5+𝓍3+1

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 20


Primitive Polynomials
A primitive polynomial is a polynomial that
generates all elements of an extension
field from a base field.
Primitive polynomials are also irreducible
polynomials.
Primitive Polynomials are like the generator
element of the cyclic group.
All primitive polynomials are irreducible
polynomials but all irreducible polynomials are
not primitive polynomials.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 21


Generating Elements of GF(23)
1. As the definition says, primitive polynomials are used to
generate the elements of the Galois Fields.
2. Let us show the same by showing how to generate the
elements of the Galois Field GF(23).
3. Out of the two irreducible polynomials that we generated
for 𝓍7+1, let us consider f(𝓍) = 𝓍3+𝓍+1.
4. As 𝛼 is a root of f(𝓍), f(𝛼) = 0 ,
i.e. 𝛼3+𝛼+1 = 0
or 𝛼3 = 𝛼+1 … (I)

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 22


Generating Elements of GF(23)
5. Now, the group elements can be represented as
follows :
1. 0
2. 1
3. 𝛼
4. 𝛼2
5. 𝛼3 = 𝛼+1 (Using I)
6. 𝛼4 = 𝛼.𝛼3 = 𝛼2 + 𝛼
7. 𝛼5 = 𝛼.𝛼4 = 𝛼3 + 𝛼2 = 𝛼2 + 𝛼 +1
8. 𝛼6 = 𝛼.𝛼5 = 𝛼3 + 𝛼2 + 𝛼 = 𝛼2 +1
NOTE: All operations are performed under modulo 2.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 23


The field elements of GF(24) by considering polynomial p(x)= x4+x+1

0
1
α
α2
α3
α4= α+1
α 5= α 2+ α
α 6= α 3+ α 2
α7= α3+ α+1
α8= α2+1
α 9= α 3+ α
α10= α2+ α+1
α11= α3+ α2+ α
α12= α3+ α2+ α+1
α13= α3+ α2+1
α14= α3+1

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 24


Implementing GF(2𝑘) Arithmetic
Theorem: Let f(𝓍) be an irreducible polynomial of degree 𝑘 over Z𝑝. The
finite field GF(𝑝𝑘) can be realized as the set of degree 𝑘-1 polynomials
over Z𝑝, with addition and multiplication done modulo f(𝓍).

By the theorem the finite field GF(25) can be realized as the set of
degree 4 polynomials over Z2, with addition and multiplication done
modulo the irreducible polynomial
f(𝓍)=𝓍5+𝓍4+𝓍3+𝓍+1.

The coefficients of polynomials over Z2 are 0 or 1. So a degree 𝑘


polynomial can be written down by 𝑘+1 bits. For e𝓍ample, with 𝑘=4:
𝓍3+𝓍+1 (0,1,0,1,1)
𝓍4+ 𝓍3+𝓍+1 (1,1,0,1,1)

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 25


Implementing GF(2𝑘)
1. Addition/Subtraction: bitwise XOR

0𝓍7 + 0𝓍6 + 1𝓍5 + 0𝓍4 + 0𝓍3 + 1𝓍2 + 1𝓍1 + 0𝓍0


0𝓍7 + 0𝓍6 + 0𝓍5 + 0𝓍4 + 1𝓍3 + 1𝓍2 + 0𝓍1 + 1𝓍0

= 0𝓍7 + 0𝓍6 + 1𝓍5 + 0𝓍4 + 1𝓍3 + 0𝓍2 + 1𝓍1 + 1𝓍0


= 𝓍5 + 𝓍3 + 𝓍 + 1

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 26


Implementing GF(2𝑘)
1. Multiplication: Polynomial multiplication, and then remainder
modulo the defining polynomial f(𝓍) :

P1 X P2
= 𝓍5(𝓍7+𝓍4 +𝓍3 +𝓍2 +𝓍) +𝓍2(𝓍7+𝓍4 +𝓍3 +𝓍2 +𝓍) +𝓍1(𝓍7+𝓍4 +𝓍3 +𝓍2 +𝓍)
= 𝓍12+𝓍9 +𝓍8 +𝓍7+𝓍6+𝓍9+𝓍6 +𝓍5 +𝓍4+𝓍3+𝓍8+𝓍5 +𝓍4 +𝓍3+𝓍2
P1 X P2 = (𝓍12+𝓍7 +𝓍2) mod (𝓍8+𝓍4 +𝓍3+𝓍+1)
= 𝓍5+𝓍3 +𝓍3 +𝓍+1

For small size finite field, a loo𝑘up table is the most efficient method for
implementing multiplication.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 27


Implementing GF(2𝑘)
Modulo Inverse: (𝓍5) mod (𝓍8 + 𝓍4 + 𝓍3+ 𝓍1 +1)
= (𝓍5 + 𝓍4 + 𝓍3+ 𝓍1 )
g r1 r2 r t1 t2 t

𝓍3 𝓍8+𝓍4+𝓍3+𝓍+ 𝓍5 𝓍4+𝓍3+𝓍+ 0 1 𝓍3
1 1

𝓍+1 𝓍5 𝓍4+𝓍3+𝓍+ 𝓍3+𝓍2+1 1 𝓍3 𝓍4+𝓍3+1


1

𝓍 𝓍4+𝓍3+𝓍+1 𝓍3+𝓍2+1 1 𝓍3 𝓍4+𝓍3+1 𝓍5+𝓍4+𝓍3+𝓍

𝓍3+𝓍2+ 𝓍3+𝓍2+1 1 0 𝓍4+𝓍3+1 𝓍5+𝓍4+𝓍3+ 0


1

1 0 𝓍5+𝓍4+𝓍3+ 0
𝓍

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 28


Byte Substitution Layer in AES
The S-Box substitution is a Bijective mapping, i.e., each of the
28 = 256 possible input elements is one-to-one mapped to one
output element.
This allows us to uniquely reverse the S-Box, which is needed
for decryption.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 29


Mathematical description of the S-Box
Unlike the DES SBoxes, which are essentially
random tables that fulfill certain properties,
the AES S-Boxes have a strong algebraic
structure.
An AES S-Box can be viewed as a two step
mathematical transformation.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 30


Contd…
For each input element Ai, the inverse is computed: Bꞌi = Ai−1 ,
where both Ai and Bꞌi are considered elements in the field
GF(28) with the fixed irreducible polynomial P(x) = x8 +x4 +x3
+x+1.
In the second part of the substitution, each byte Bi is multiplied
by a constant bit matrix followed by the addition of a constant
8-bit vector.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 31


Contd…
The advantage of using inversion in GF(28) as the core
function of the Byte Substitution layer is that it provides
a high degree of nonlinearity, which in turn provides
optimum protection against some of the strongest
known analytical attacks.
The affine step “destroys” the algebraic structure of the
Galois field, which in turn is needed to prevent attacks
that would exploit the finite field inversion.
In software realizations of AES, the S-Box substitution is
performed based on lookup table operation.
However, for hardware implementations it is sometimes
advantageous to realize the S-Boxes as digital circuits
which actually compute the inverse followed by the
affine mapping.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 32


Inverse Byte Substitution Layer
The inverse affine transformation on each byte
Bi is defined by: B = M ( B + V ) = M B + M V = M B + V 
i
−1
i
−1
i
−1 −1
i

Finally,
The zero element is mapped to itself.

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 33


!!!Thank You!!!

Galois Fields Department of CSE, ISM Dhanbad February 14, 2025 34

You might also like