Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, 1983.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....authors consider special types of polynomials which allow for efficiency in the modulo p(x) reduction operation. These architectures are generalized in Section 4 to the GF(p TM) case, where p is odd. 3 Mathematical Background For a thorough introduction to finite fields, we refer the reader to [22]. Here, we briefly review the theory that we will need to develop the architectures of this paper. In the following, we will consider the field GF(p TM) generated by an irreducible polynomial p(x) x P(x) xm opix i over GF(p) of degree m. Let a be a root of p(x) then we can represent A C GF(p TM) ....

....applications in [4] We notice that the existence of irreducible binomials has been completely established as Theorem 3 shows s. Theorem 3. 22 Let m 2 be an integer and co F. Then the binomial x TM co is irreducible in Fq [x] if and only if the following two conditions are 8 Reference [22] is used here as a convenient reference for well established results. Efficient OF(p ) Arithmetic Architectures for Cryptographic Applications 11 satisfied: i) each prime factor of m divides the order c of : in F, but not (q 1) e; ii) q = 1 mod 4 if m = 0 mod 4. When irreducible binomials ....

1:1.. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, USA, 1983.

....ByteSub O ByteSub ShiftRow ShiftRow MixColumn Figure 4.3: Rijndael block diagram The MixColumn operates on each column independently within the array output from the ShiftRow operation. Within a given column, each byte is considered a polynomial over the Galois Field GF(2 s) see [37, 92] for a discussion of operations in Galois Fields) Figure 4.5 depicts the MixColumn transformation with input column a and output column b. To illustrate the transformation, the output equation for b0 is: b0 = 02 x a0) 03 x a) 01 x a2) 01 x a3) All multiplications and additions are in the ....

....: output K 4 K s K 6 ) 4 K z Whitening A B C (128 bits) C D I Figure 4. 8: Twofish block diagram The output of the S Boxes pass into the Maximum Distance Separable (MDS) coder, an operation analogous the Rijndael MixColumn transformation where multiplication over GF(2 s) is performed (see [162, 92] for a discussion of the mathematics of MDS coding) However, Twofish employs both a different fixed field and a different field polynomial versus Rijndael. Figure 4.9 details the MDS transformation with input column y and output column z. Zo Ol EF 5B 5B EF EF 01 5B 01 EF 01 EF 5B Yo ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, USA, 1983.

....type of a linear map or of a projectivity respectively. Since normal forms of regular matrices are strongly connected with companion and hypercompanion matrices (see [6] of monic, irreducible polynomials over GF (q) it is important to know the exponent or subexponent of such polynomials (see [11, 6]) The exponent of such a polynomial f(x) 2 GF (q) x] is defined to be exp(f(x) minfn 2 IN j f(x) j x Gamma 1g and the subexponent is subexp(f(x) minfn 2 IN j 9ff 2 GF (q) f(x) j x Gamma ffg : This element ff 2 F q is uniquely defined, and it is called the integral ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley Publishing Company, London, Amsterdam, Don Mills -- Ontario, Sydney, Tokyo, 1983. ISBN 0201 -13519-1.

....the additive group of the ring is defined using the characters of the additive group, the additive characters of the ring. Similarly, the multiplicative group of units induces multiplicative characters of the ring. The interplay between additive and multiplicative characters is well understood [28, 33], and we show that this connection can be exploited in quantum algorithms. In particular, we put a multiplicative character into the phase of the registers and compute the Fourier transform over the additive group. The resulting phases are the inner products between the multiplicative character ....

.... ) time [2] We will need to compute the Fourier transform over the additive group of a finite field, which is isomorphic to (Z pZ) The additive characters are of the form # y (x) # p , where Tr : F q F p is the trace of the finite field Tr(x) r 1 j=0 x j , and y F q [28]. We can e#ciently compute the Fourier transform over the additive group of a finite field. Lemma 2.2. Fourier Transform over F q ) The Fourier transform y# can be approximated to within error # in time polynomial in log q and log 1 #. Proof. See [13] Independently, the e#ciency ....

[Article contains additional citation context not shown here]

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and Its Applications. Cambridge, second edition, 1997.

....addition, subtraction, multiplication and division can all be performed in O( log q) 2 ) time [2] We will need to compute the Fourier transform over the additive group of a nite eld. The additive characters are of the form y (x) Tr(xy) p , where Tr is the trace of the nite eld [12]. We can eciently compute the Fourier transform over the additive group of a nite eld. Lemma 2 (Fourier Transform over F q ) The Fourier transform jxi 1 p q P y2Fq Tr(xy) p jyi is computable in polynomial time. Proof: See Appendix. The Fourier transform over the additive group ....

....with k = 0. We can extend the de nition of to F q by de ning (0) 0. We can eciently compute because nding the discrete log can be done eciently on a quantum computer. The Fourier transform of a non trivial multiplicative character of the nite eld F q is given by (y) y) 1) [12] [16] Let n = p m 1 1 : p m k k be the prime factorization of n. Then by the Chinese Remainder Theorem, Z n = Z p m 1 1 Z p m k k . Then any multiplicative character of Z n can be written as the product (x) 1 (x 1 ) k (x k ) where i is a ....

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and Its Applications. Cambridge, second edition, 1997.

....1 max( h 1 , 1) max( h 2 , 1) # # # # # 1 p p # u=1 exp # 2#i u 4 ah 1 u 6 bh 2 p # # # # # # , 5) CG 2001 2 Elliptic Curve Normalization 8 Lemma 13 Weil s bound. We have # # # # # p # u=1 exp # 2#i u 4 ah 1 u 6 bh 2 p # # # # # # # 5 # p. Proof. See [6] # From Weil s bound and (5) we can infer that D p (x 1 , x p ) # 216 # # # # 1 m # (h 1 ,h 2 )#Z 2 0 max( h 1 , h 2 )#m 5 max( h 1 , 1) max( h 2 , 1) # p # # # # . Note that # (h 1 ,h 2 )#Z 2 0 max( h 1 , h 2 )#m 1 max( h 1 , 1) max( h 2 , 1) # ....

R. Lidl and H. Niederreiter. Finite Fields. With a foreword by P. M. Cohn. Second Edition, volume Encyclopedia of Mathematics and its Applications of 20. Cambridge University Press, Cambridge, 1997.

....to some extend the mathematics of finite fields, as do, for instance, the references [Ber68] PW72] Bla83] or [LC83] The number of mathematical books which are entirely devoted to finite fields is rather limited. Besides Lidl and Niederreiter s thorough mathematical treatment of the matter in [LN83] there are McEliece s book [McE87] and, more recently, the references [BGM 93] and [Jun93] 2.1.1 Basic Properties We start with the definition of a fundamental algebraic structure which is called group. Its basic property is that it assigns to a pair of elements of a set a third element ....

....2 GF (q) In the sequel, a j b denotes a divides b, where a and b can either be numbers or polynomials. Definition 8 Let P (x) be a polynomial of degree m over GF (q) with P (0) 6= 0. The smallest positive integer s for which P (x) j (x s Gamma 1) is called the order of P (x) Theorem 4 [LN83] The order s of every irreducible polynomial of degree m over GF (q) fulfills the condition: s j (q m Gamma 1) A consequence of the last theorem is that the maximum possible order of an irreducible polynomial is s = q m Gamma 1) Definition 9 A monic polynomial of degree m with maximum ....

[Article contains additional citation context not shown here]

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....is a prime number of the form 2 n c, log 2 c # # 1 2 n#. We now define an OEF: Definition 2 An Optimal Extension Field is a finite field GF (p m ) such that: 1. p is a pseudo Mersenne prime, 2. An irreducible binomial P (x) x m # exists over GF (p) The following theorem from [LN83] describes the cases when an irreducible binomial exists: Theorem 1 Let m # 2 be an integer and # # GF (p) # . Then the binomial x m # is irreducible in GF (p) x] if and only if the following two conditions are satisfied: 6 OEF Definitions 7 (i) each prime factor of m divides the order ....

....reduces the problem of extension field inversion to subfield inversion. This reduction relies on a special mapping that is defined for all finite fields. In particular, the norm function maps elements of the extension field to the subfield by raising them to the (p m 1) p 1) power [LN83] In previous reported applications of ITI [GP97] researchers have used look up tables to perform the subfield inversion. While this approach is e#cient, it is also quite limited. For a choice of p less than 2 16 , tables easily fit in the storage of modern desktop PCs and workstations. ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....contains tables of a the polynomials (or rather: their essential irreducible factors, see below) up to 51 , their counterparts under the involution x 7 1 x on F 2 [x] and their depths. Background information from linear algebra and the theory of finite fields can be found in, say, 5] 10] or [6]. The second and third reference and Berlekamp s classic text on coding theory [3] both contain a careful discussion of the relationship between shift registers and finite fields. 2 Binary Chebyshev Polynomials Consider the sequence of polynomials n , n 0, over F 2 [x] given by 0 = 0 and i ....

....in the splitting field F q . Substituting, we obtain a sequence s i : i (ff) in F q given by the second order homogeneous recurrence s n 2 = ff s n 1 s n (2) with initial conditions s 0 = 0, s 1 = 1. Thus, s i ) is a feedback shift register sequence or linear recurrent sequence, see [3] and [6] for a wealth of background information. We will frequently use results from these sources without further mention. Since the coefficient of s n in the recurrence is 1, the sequence must be periodic. By our choice of initial conditions, our sequence is the impulse response sequence associated with ....

[Article contains additional citation context not shown here]

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Cambridge University Press, 1984.

....p61; return r; Not only is this code shorter than the above general case, it requires fewer registers, allowing the compiler to generate more efficient code. 8 Irreducible Binomials In Section 4.4 we showed that binomials allow modular reduction with low complexity. The following theorem from [LN83] describes the cases when an irreducible binomial exists: Theorem 3 [LN83] Let m 2 be an integer and 2 GF (p) Then the binomial x m Gamma is irreducible in GF (p) if and only if the following two conditions are satisfied: i) each prime factor of m divides the order e of in GF (p) ....

....it requires fewer registers, allowing the compiler to generate more efficient code. 8 Irreducible Binomials In Section 4.4 we showed that binomials allow modular reduction with low complexity. The following theorem from [LN83] describes the cases when an irreducible binomial exists: Theorem 3 [LN83] Let m 2 be an integer and 2 GF (p) Then the binomial x m Gamma is irreducible in GF (p) if and only if the following two conditions are satisfied: i) each prime factor of m divides the order e of in GF (p) but not (p Gamma 1) e; ii) p j 1 (mod 4) if m j 0 (mod 4) An important ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....polynomial in question. A good part of the discussion below is just the study of linear operators over pattern spaces, and uses only general tools from algebra; see for example [6, 5] Background material on finite fields, irreducible binary polynomials and shift register sequences can be found in [7] and [2] and will be used without further comment. In order to give a more detailed analysis of oe automata, one also has to consider the geometry of a pattern space together with oe. More precisely, we consider simulations, monomorphism of pattern spaces that commute with oe. In the case where ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Cambridge University Press, 1984.

.... function of GF (2 n ) over GF (2) i.e. Tr 2 n j2 (ff) ff ff 2 ff 2 2 Delta Delta Delta ff 2 n Gamma1 : Theorem 2 [4] For ff; fi 2 GF (2 n ) the trinomial x 2 ffx fi is irreducible over GF (2 n ) if and only if Tr 2 n j2 (fi=ff 2 ) 6= 0: Theorem 3 [19] Let f(x) x m am Gamma1 x m Gamma1 Delta Delta Delta 1 be an irreducible polynomial over GF (2 n ) and let fi 2 GF (2 n ) Then the polynomial f(x 2 x fi) is irreducible over GF (2 n ) if and only if Tr 2 n j2 (a m Gamma1 ) 6= 0. Lemma 4 Type B polynomials are ....

....j2 (p Gamma1 j ) 1. Pi A possible way to find an element p 2 GF (2 n ) satisfying the trace condition is described in the following lemma. The problem will be reduced to finding a root of a certain polynomial in GF (2 n ) For this problem efficient (probabilistic) algorithms exist (see [19]) Lemma 5 Define polynomials s j (x) 2 GF (2) x] j 1 recursively s 1 (x) x 2 x 1; s j 1 (x) x 2 j s j (x 1 x ) Let n = 2 k m with m odd. Then a root p 2 GF (2 n ) of the polynomial s k (x) satisfies Tr 2 n j2 (p) Tr 2 n j2 (p Gamma1 ) 1. Proof. Note that ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

.... k q 2 2 q 2k q 3 3 q 3k : 1 ln q k 1 q k 1 1 ; where the middle inequality is derived using the fact that there are at most q h =h monic, irreducible polynomials in F[x] with degree h if F is a nite eld of size q (see, for example, Lidl and Niederreiter [18]) As Wiedemann notes, even for k = 2, this is more than 0:3, so that the desired minimum 9 polynomial is obtained after examining the minimum polynomials of two sequences with probability at least 30 . The probability is more than 70 if k = 3 and three sequences are considered, and (as seen by ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, MA, 1983.

....is a prime number of the form 2 n c, log 2 c # # 1 2 n#. We now define an OEF: Definition 2. An Optimal Extension Field is a finite field GF (p m ) such that: 1. p is a pseudo Mersenne prime, 2. An irreducible binomial P (x) x m # exists over GF (p) The following theorem from [17] describes the cases when an irreducible binomial exists: Theorem 1. Let m # 2 be an integer and # # GF (p) # . Then the binomial x m # is irreducible in GF (p) x] if and only if the following two conditions are satisfied: i) each prime factor of m divides the order e of # over GF (p) ....

....inversion method is particularly suited to finite fields in polynomial basis that have a binomial as the field polynomial. The Itoh and Tsujii Inversion (ITI) 8] reduces the problem of extension field inversion to subfield inversion. This reduction relies on the definition of the norm function [17], which states that for any element # # GF (p m ) # (p m 1) p 1) # GF (p) In previous reported applications of ITI [7] researchers have used look up tables to perform the subfield inversion. While this approach is e#cient, it is also quite limited. For a choice of p less than 2 16 ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....degree in this class. We consider a standard (or polynomial or canonical) basis representation of a field element A: A(x) am Gamma1 x m Gamma1 Delta Delta Delta a 1 x a 0 ; 5) where a i 2 GF (2 n ) Note that it is possible to choose P (x) with binary coefficients if gcd(n; m) 1 [12], a fact that will be explored for the inversion algorithm below. As stated above, inversion is the most costly arithmetic operation in EC systems. In the following an inversion method based on Fermat s Little Theorem will be developed which is entirely different from the approach in [22, 21] The ....

....n ) m ) as given by (7) determines in essence the overall complexity of the inversion algorithms. Exponentiation is realized as explained below. Let B and C be elements of GF ( 2 n ) m ) We want to find C(x) B(x) 2 n , where B(x) P m Gamma1 i=0 b i x i . This is done as follows [12]: C(x) m Gamma1 X i=0 c i x i = m Gamma1 X i=0 b i x i 2 n = m Gamma1 X i=0 b i x i2 n ; b i 2 GF (2 n ) 8) Assuming 2 n m Gamma 1, there are m Gamma 1 powers of x which must be reduced modulo the field polynomial P (x) namely the powers x i2 n , i = 1; 2; ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....set of all polynomials with coefficients from Z q in the indeterminate x. Then, one can construct the ring of polynomials modulo q by combining the set Z q [x] with the operations of addition and multiplication of polynomials (as defined in the usual way) and reducing the coefficients modulo q [LN83] Background 6 A second ring can be constructed in a similar manner. This time, we will construct the ring of polynomials modulo f(x) where f(x) 2 Z q [x] and deg(f(x) m 1. This ring is denoted by Z q [x] f(x) The elements of the ring are all those polynomials in Z q [x] with degree less ....

.... is an irreducible polynomial over GF (2) and P (x) is also irreducible over GF (2) In the rest of this thesis composite fields will be denoted by GF ( 2 n ) m ) It is important to point out that from a mathematical point of view GF ( 2 n ) m ) is isomorphic to GF (2 k ) for nm = k [LN83] However, although a field of order 2 nm and one of order 2 k are isomorphic, their algorithmic complexity is different with respect to the field operations addition and multiplication and, in general, it will depend on the choice of m and n and more specifically on the polynomials Q(y) and ....

[Article contains additional citation context not shown here]

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....1 for this reason. Our implementation takes advantage of its special form, making p = 2 61 Gamma 1 the best performing choice of p we consider. 6 Irreducible Binomials In Section 4.4 we showed that irreducible binomials allow modular reduction with low complexity. The following theorem from [11] describes the cases when an irreducible binomial exists: Theorem 2. Let m 2 be an integer and 2 GF (p) Then the binomial x m Gamma is irreducible in GF (p) if and only if the following two conditions are satisfied: i) each prime factor of m divides the order e of in GF (p) but not ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Reading, Massachusetts, 1983.

....= U Gamma I n ) Gamma1 U a) det(U Gamma I n ) Delta (1 a T (U Gamma I n ) 1 U a) 2 3.5 Lemmas specific for characteristic 3 In this subsection we collect some material specific for fields of characteristic 3. The first lemma concerns cubes of polynomials and can be found in [LN83]. Lemma 3.11 Let P (x 1 ; xn ) be a polynomial over a field K of characteristic 3. Then P (x 1 ; xn ) 3 = P (x 3 1 ; x 3 n ) The next lemma is crucial in the proof of theorem 2.1. It also depends on characteristic 3 and does not hold in any other characteristic. Let ....

R. Lidl and H. Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Cambridge University Press, 1983.

No context found.

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, 1983.

No context found.

Lidl, R., Niederreiter, H.: Finite Fields. Volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Amsterdam (1983)

No context found.

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley Publishing Company, Reading, Massachusetts, 1983.

No context found.

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and Its Applications. Cambridge, second edition, 1997.

No context found.

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley, Amsterdam, 1983.

No context found.

Rudolf Lidl and Harald Niederreiter. Finite Fields, volume 20 of Encyclopedia of Mathematics and its Applications. Addison-Wesley Publishing Company, Reading, Massachusetts, 1983.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC