Week4.

Basic Concepts in
Number Theory. Finite fields
Lecture slides by Zhanbolat Seitkulov

February IITU, Information Security 1

Outline
•  We will consider:
–  Divisibility and GCD
–  Modular arithmetic with integers
–  Euclid’s algorithm for GCD and Inverse
–  Finite fields, GF(p)
–  Polynomial arithmetic in general and in GF(2n)
–  Prime numbers
–  Fermat’s and Euler’s Theorems and ∅(n)

February IITU, Information Security 2

Introduction
•  Will introduce finite fields
•  which are of increasing importance in
cryptography
–  AES, Elliptic Curve, Public key, etc.
•  Concern “operations” on “numbers”
–  What constitutes to numbers and the type of
operations varies considerably
•  Will start with basic number theory concepts

February IITU, Information Security 3

Divisors
•  Non-zero number b divides a if for some m
have a = m*b (a, b, m all integers)
•  that is b divides a with no remainder
•  Write this b|a
•  And b is a divisor of a
•  E.g. all of 1, 2, 4, 5, 10 divide 20
•  E.g. 23|46, -3|12, 14|196, 7|0

February IITU, Information Security 4

Properties of divisibility
•  If a|1, then a = ±1
•  If a|b and b|a, then a = ±b
•  Any b ≠ 0 divides 0
•  If a|b and b|c, then a|c
–  E.g. 11|66 and 66|198 implies 11|198
•  If b|g and b|h, then b|(mg+nh) (for arbitrary
integers m and n)
–  E.g. b=7; g=14; h=63; m=3; n=2
–  7|14 and 7|63, hence 7|(3*14 + 2*63)
February IITU, Information Security 5
Division algorithm
•  if divide a by n get integer quotient q and integer
remainder r such that:
–  a=q*n + r where 0 <= r < n; q = floor(a/n)
•  remainder r often referred to as a residue

February IITU, Information Security 6

Modular Arithmetic
•  Define modulo operator a mod n to get remainder b
when a is divided by n
–  While integer n is called the modulus
•  b is called a residue of a mod n with integers can
always write: a = q*n + b
–  usually choose smallest positive remainder as residue 0 <=
b <= n-1
–  known as modulo reduction
•  E.g. -12mod7 = -5mod7 = 2mod7 = 9mod7
•  a and b are congruent if a mod n = b mod n
–  a and b have same remainder when divided by n
–  E.g. 100 = 34mod11

February IITU, Information Security 7

Modular Arithmetic Operations
•  Can perform arithmetic with residues
•  Use a finite number of values, and loop back
from either end, Zn = {0, 1, …, (n-1)}
•  Modular arithmetic is doing addition and
multiplication and modulo reduce answer
•  Can do reduction at any point
–  a + b mod n = [a mod n + b mod n] mod n

February IITU, Information Security 8

Modular Arithmetic Operations
1.  [(a mod n) + (b mod n)] mod n = (a + b) mod n
2.  [(a mod n) – (b mod n)] mod n = (a – b) mod n
3.  [(a mod n) x (b mod n)] mod n = (a x b) mod n

•  E.g.
–  [(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2;
–  [(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4;
–  [(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5.
February IITU, Information Security 9
Modular Arithmetic Properties

February IITU, Information Security 10

Greatest Common Divisor (GCD)
•  a common problem in number theory
•  GCD(a, b) of a and b is the largest integer that
divides exactly into both a and b
–  E.g. GCD(48, 36) = 12
•  Define GCD(0, 0) = 0
•  often want no common factors (except 1)
such numbers relatively prime / coprime
–  E.g. GCD (8, 15) = 1
–  Hence 8 and 15 are relatively prime or coprime
February IITU, Information Security 11
Euclidean Algorithm
•  An effective way to find the GCD(a, b)
•  Uses theorem that:
–  GCD(a, b) = GCD(b, a mod b)
•  Euclidean Algorithm to compute GCD(a, b) is:
Euclid(a, b)
if (b = 0) then return a;
else return Euclid(b, a mod b);

February IITU, Information Security 12

Example GCD(1970, 1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)
February IITU, Information Security 13
GCD(1160718174, 316258250)

February IITU, Information Security 14

Extended Euclidean Algorithm
•  Get not only GCD but x and y such that
ax + by = d = GCD(a, b)
•  Useful for later crypto computations
•  Follow sequence of divisions for GCD but at each
step i, keep track of x and y:
r = ax + by
•  At the end find GCD value and also x and y
•  If GCD(a, b) = 1 = ax + by then
x is inverse of a mod b (or mod y)
February IITU, Information Security 15
Finding Inverses
EXTENDED EUCLID(m, b)
1. (A1, A2, A3) = (1, 0, m);
(B1, B2, B3) = (0, 1, b)
2. if B3 = 0
return A3 = GCD(m, b); no inverse
3. if B3 = 1
return B3 = GCD(m, b); B2 = b – 1 mod m
4. Q = A3 div B3
5. (T1, T2, T3) = (A1 – Q*B1, A2 – Q*B2, A3 – Q*B3)
6. (A1, A2, A3) = (B1, B2, B3)
7. (B1, B2, B3) = (T1, T2, T3)
8. goto 2

February IITU, Information Security 16

Inverse of 550 in GF(1759)

February IITU, Information Security 17

Inverse of 550 in GF(1759)

February IITU, Information Security 18

Finite (Galois) Fields
•  finite fields play a key role in cryptography
•  can show number of elements in a finite field
must be a power of a prime p
•  known as Galois fields
•  denoted GF(p )
•  in particular often use the fields:
–  GF(p)
–  GF(2n)
February IITU, Information Security 19
Galois Fields GF(p)
•  GF(p) is the set of integers {0, 1, …, p-1} with
arithmetic operations modulo prime p
•  These form a finite field
–  1 … p-1 coprime to p, so have multiplicative inversion
–  Find inverse with Extended Euclidean algorithm
•  Hence arithmetic is “well-behaved” and can do
addition, subtraction, multiplication and division
without leaving the field GF(p)
•  Everything works as expected
February IITU, Information Security 20
Computational Example
•  In GF(23) have (x2 + 1) is 1012 and (x2 + x + 1) is 1112
•  So addition is:
–  (x2 + 1) + (x2 + x + 1) = x
–  101 XOR 111 = 0102
•  and multiplication is:
–  (x + 1) (x2 + 1) = x3 + x2 + x + 1
–  011 * 101 = (101)<<1 XOR (101)<<0 = 1010 XOR 0101 =
11112
•  Polynomial modulo reduction (to get q(x) and r(x))
–  (x3 + x2 + x + 1) mod (x3 + x + 1) = 1*(x3 + x + 1) + (x2) = x2
–  1111 mod 1011 = 1111 XOR 1011 = 01002

February IITU, Information Security 21

Prime Numbers
•  Prime numbers only have divisors of 1 and self
–  they cannot be written as a product of other numbers
–  note: 1 is prime, but is generally not of interest
•  E.g. 2, 3, 5, 7 are prime, 4, 6, 8, 9, 10 are not
•  Prime numbers are central to number theory
•  List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79
83 89 97 101 103 107 109 113 127 131 137 139 149 151 157
163 167 173 179 181 191 193 197 199

February IITU, Information Security 22

Prime Factorisation
•  To factor a prime number n is to write it as a
product of other numbers: n = a * b * c
•  Factoring a number is relatively hard
compared to multiplying the factors together
to generate the number
•  The prime factorisation of a number n is
when it is written as a product of primes
–  E.g. 91 = 7 * 13; or 3600 = 24 * 35 * 52

February IITU, Information Security 23

Relatively Prime Numbers and GCD
•  Two numbers a and b are relatively prime
(coprime) if they have no common divisors apart
from 1
–  E.g. 8 and 15 are relatively prime since factors of 8 are
1, 2, 4, 8 and of 15 are 1, 3, 5, 15 and 1 is the only
common factor
•  Conversely can determine the greatest common
divisor by comparing their prime factorizations
and using least powers
–  E.g. 300 = 21 * 31 * 52; 18 = 21 * 32 hence
GCD(18, 300) = 21 * 31 * 50 = 6

February IITU, Information Security 24

Fermat’s Theorem
•  ap-1 = 1 (mod p)
–  where p is prime and GCD(a, p) = 1
•  Also known as Fermat’s Little Theorem
•  Also have : ap = a (mod p)
•  Useful in public key and primality testing

February IITU, Information Security 25

Euler’s Totient Function ∅(n)
•  When doing arithmetic modulo n
•  Complete set of residues: 0 … n-1
•  Reduced set of residues is those numbers
(residues) which are relatively prime to n
–  E.g. for n = 10, complete set of residues is
{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}
–  reduced set of residues is {1, 3, 7, 9}
•  Number of elements in reduced set of residues is
called the Euler’s Totient Function ∅(n)

February IITU, Information Security 26

Euler’s Totient Function ∅(n)
•  To complete ∅(n) need to count number of
residues to be excluded
•  In general need prime factorisation, but
–  For p (p is prime), ∅(p) = p - 1
–  For p*q (p, q are prime), ∅(p*q) = (p – 1)*(q - 1)
•  E.g.
–  ∅(37) = 36
–  ∅(21) = (3 - 1)(7 - 1) = 12

February IITU, Information Security 27

Euler’s Theorem
•  A generalisation of Fermat's Theorem
•  a∅(n) = 1 (mod n)
–  For any a and n where GCD(a, n) = 1
•  E.g.
–  a = 3; n = 10; ∅(10) = 4;
hence 34 = 81 = 1 mod 10;
–  a = 2; n = 11; ∅(11) = 10;
hence 210 = 1024= 1 mod 11;
•  Also have: a∅(n)+1 = a (mod n)
February IITU, Information Security 28
Summary
•  Divisibility and GCD
•  Modular arithmetic with integers
•  Euclid’s algorithm for GCD and Inverse
•  Finite fields, GF(p)
•  Polynomial arithmetic in general and in GF(2n)
•  Prime numbers
•  Fermat’s and Euler’s Theorems and ∅(n)

February IITU, Information Security 29

Questions?

February IITU, Information Security 30

Reading
•  Cryptography and Network Security by
Stallings
–  Chapter 4 (Except section 4.4)
–  Chapter 8:
•  Sections 8.1, 8.2

February IITU, Information Security 31

 Basic Concepts in Number
Theory. Finite fields
Lecture slides by Zhanbolat Seitkulov

February IITU, Information Security 32