Announcements:Announcements: Ch 3 quiz next week (tentatively Friday). Will Ch 3 quiz next week (tentatively Friday). Will

include fields (today) include fields (today)

Today:Today: Prep. for Rijndael and Discrete Logs: Prep. for Rijndael and Discrete Logs: GF(2GF(288))

Questions, like on DES?Questions, like on DES? I pulled the key into the input fileI pulled the key into the input file A good time to aim for would be ~10 s for 1M A good time to aim for would be ~10 s for 1M

iterations.iterations. We’ll discuss the EDEN quiz shortlyWe’ll discuss the EDEN quiz shortly

DTTF/NB479: DszquphsbqizDTTF/NB479: Dszquphsbqiz Day 15Day 15

DES round keys involve two permutations DES round keys involve two permutations and a left shiftand a left shift

K = K =

Grab 56 permuted bits:[Grab 56 permuted bits:[5757,, 4949, , 4141, , 3333 …]…]

Get Get 11110000……

In round 1, LS(1), so: In round 1, LS(1), so: 11000 0 ……11 *Careful! *Careful!

Then grab 48 permuted bits: Then grab 48 permuted bits: [14, 17, 11, 24, 1, 5, 3, …] [14, 17, 11, 24, 1, 5, 3, …]

Get Get …… 1 1 0 0 ……

T&W, p. 127

0 1 1 1 1 1 1 0 0 1 0 0 1 0 0 01 1 0 0 0 0 1 0 1 0 0 0 0 0 1 00 0 0 1 1 1 0 0 0 0 0 0 1 1 1 01 1 1 1 0 1 0 0 1 1 1 0 1 0 0 0

Rijndael is the 128-bit, Rijndael is the 128-bit, Advanced Encryption Standard (AES)Advanced Encryption Standard (AES)

128-bit blocks128-bit blocks

Encrypted using functions of the 128-bit Encrypted using functions of the 128-bit key for 10 roundskey for 10 rounds Versions exist for keys with 192 bits (12 Versions exist for keys with 192 bits (12

rounds), 256 bits (14 rounds)rounds), 256 bits (14 rounds)

The S-boxes, round keys, and MixColumn The S-boxes, round keys, and MixColumn functions require the use of GF(2functions require the use of GF(288), so ), so today we study fields…today we study fields…

A A fieldfield is a set of numbers with special properties is a set of numbers with special properties

Addition, with identity: a + 0 = a and inverse a+(-a)=0 Addition, with identity: a + 0 = a and inverse a+(-a)=0 Multiplication with identity: a*1=a and inverseMultiplication with identity: a*1=a and inverse

(a * a(a * a-1-1 = 1 for all a != 0) = 1 for all a != 0) Subtraction and division (using inverses)Subtraction and division (using inverses) Commutative, associative, and distributive propertiesCommutative, associative, and distributive properties Closure over all four operationsClosure over all four operations

Examples:Examples: Real numbersReal numbers GF(4) = {0, 1, GF(4) = {0, 1, , , 22} with these additional laws: x + x = 0 for all x } with these additional laws: x + x = 0 for all x

and and + 1 = + 1 = 22.. GF(pGF(pnn) for prime p is called a Galois Field.) for prime p is called a Galois Field.

Trappe&Washington, 3.11Trappe&Washington, 3.11

Are these fields?Are these fields?

A A fieldfield is a is a set of numbers set of numbers with the with the following properties:following properties:

Addition, with identity: a + 0 = a and Addition, with identity: a + 0 = a and inverse a+(-a)=0 inverse a+(-a)=0

Multiplication with identity: a*1=a, and Multiplication with identity: a*1=a, and inverse inverse (a * a(a * a-1-1 = 1 for all a != 0) = 1 for all a != 0)

Subtraction and division (using Subtraction and division (using inverses)inverses)

Commutative, associative, and Commutative, associative, and distributive propertiesdistributive properties

Closure over all four operationsClosure over all four operations

Examples:Examples: Real numbersReal numbers GF(4) = {0, 1, GF(4) = {0, 1, , , 22} with these } with these

additional laws: x + x = 0 for all x and additional laws: x + x = 0 for all x and + 1 = + 1 = 22..

GF(pGF(pnn) for prime p is called a Galois ) for prime p is called a Galois Field.Field.

1.1. Positive integersPositive integers2.2. IntegersIntegers3.3. Rational numbersRational numbers4.4. Complex numbersComplex numbers5.5. The set of 2x2 matrices The set of 2x2 matrices

of real numbersof real numbers6.6. Integers mod n (be Integers mod n (be

careful here)careful here)

1

A Galois field is a finite field with pA Galois field is a finite field with pnn elements elements for a prime pfor a prime p

Example: GF(4) = GF(2Example: GF(4) = GF(222) = {0, 1, ) = {0, 1, , , 22} }

There is There is only one only one finite field with pfinite field with pnn elements for every power of n and prime elements for every power of n and prime p.p.

The integers (mod pThe integers (mod pnn) aren’t a field. ) aren’t a field. Why not?Why not?

ZZ22[X] is the set of polynomials with coefficients that [X] is the set of polynomials with coefficients that

are integers (mod 2)are integers (mod 2)

Example elements: X+1, XExample elements: X+1, X44 + X + X22 + X + 1 + X + 1

Is this a field? Is this a field? Does it have closure over add, subt, mult?Does it have closure over add, subt, mult? What about division?What about division?

Almost a field. What about a closely-Almost a field. What about a closely-related finite field?related finite field? Consider ZConsider Z22[X] mod (X[X] mod (X22 + X + 1) + X + 1)

2

What are they?What are they?

{0, 1, x, x+1}{0, 1, x, x+1}

3-4ZZ22[X] (mod (X[X] (mod (X22 + X + 1) is a finite field with only four + X + 1) is a finite field with only four

elements)elements)

Galois fieldsGalois fields

If ZIf Zpp[X] is set of polynomials with coefficients (mod p)[X] is set of polynomials with coefficients (mod p)

……and P(X) is degree n and irreducible (mod p)and P(X) is degree n and irreducible (mod p)

Then GF(pThen GF(pnn) = Z) = Zpp[X] (mod P(X)) is a field with p[X] (mod P(X)) is a field with pnn elements. elements.

Consider GF(2Consider GF(288) with P(X) = X) with P(X) = X88 + X + X44 + X + X33 + X + 1 + X + 1Rijndael uses this!Rijndael uses this!

5-7