Normal Bases in Finite Fields and Efficient Compact Subgroup Trace Representation
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Quadratic Reciprocity and Computing Modular Square Roots.Pdf
12 Quadratic reciprocity and computing modular square roots In §2.8, we initiated an investigation of quadratic residues. This chapter continues this investigation. Recall that an integer a is called a quadratic residue modulo a positive integer n if gcd(a, n) = 1 and a ≡ b2 (mod n) for some integer b. First, we derive the famous law of quadratic reciprocity. This law, while his- torically important for reasons of pure mathematical interest, also has important computational applications, including a fast algorithm for testing if an integer is a quadratic residue modulo a prime. Second, we investigate the problem of computing modular square roots: given a quadratic residue a modulo n, compute an integer b such that a ≡ b2 (mod n). As we will see, there are efficient probabilistic algorithms for this problem when n is prime, and more generally, when the factorization of n into primes is known. 12.1 The Legendre symbol For an odd prime p and an integer a with gcd(a, p) = 1, the Legendre symbol (a j p) is defined to be 1 if a is a quadratic residue modulo p, and −1 otherwise. For completeness, one defines (a j p) = 0 if p j a. The following theorem summarizes the essential properties of the Legendre symbol. Theorem 12.1. Let p be an odd prime, and let a, b 2 Z. Then we have: (i) (a j p) ≡ a(p−1)=2 (mod p); in particular, (−1 j p) = (−1)(p−1)=2; (ii) (a j p)(b j p) = (ab j p); (iii) a ≡ b (mod p) implies (a j p) = (b j p); 2 (iv) (2 j p) = (−1)(p −1)=8; p−1 q−1 (v) if q is an odd prime, then (p j q) = (−1) 2 2 (q j p). -
Appendices A. Quadratic Reciprocity Via Gauss Sums
1 Appendices We collect some results that might be covered in a first course in algebraic number theory. A. Quadratic Reciprocity Via Gauss Sums A1. Introduction In this appendix, p is an odd prime unless otherwise specified. A quadratic equation 2 modulo p looks like ax + bx + c =0inFp. Multiplying by 4a, we have 2 2ax + b ≡ b2 − 4ac mod p Thus in studying quadratic equations mod p, it suffices to consider equations of the form x2 ≡ a mod p. If p|a we have the uninteresting equation x2 ≡ 0, hence x ≡ 0, mod p. Thus assume that p does not divide a. A2. Definition The Legendre symbol a χ(a)= p is given by 1ifa(p−1)/2 ≡ 1modp χ(a)= −1ifa(p−1)/2 ≡−1modp. If b = a(p−1)/2 then b2 = ap−1 ≡ 1modp,sob ≡±1modp and χ is well-defined. Thus χ(a) ≡ a(p−1)/2 mod p. A3. Theorem a The Legendre symbol ( p ) is 1 if and only if a is a quadratic residue (from now on abbre- viated QR) mod p. Proof.Ifa ≡ x2 mod p then a(p−1)/2 ≡ xp−1 ≡ 1modp. (Note that if p divides x then p divides a, a contradiction.) Conversely, suppose a(p−1)/2 ≡ 1modp.Ifg is a primitive root mod p, then a ≡ gr mod p for some r. Therefore a(p−1)/2 ≡ gr(p−1)/2 ≡ 1modp, so p − 1 divides r(p − 1)/2, hence r/2 is an integer. But then (gr/2)2 = gr ≡ a mod p, and a isaQRmodp. -
QUADRATIC RECIPROCITY Abstract. the Goals of This Project Are to Have
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this project are to have the reader(s) gain an appreciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein's slick proof of Gauss's Theorema Aureum of quadratic reciprocity. 1. Quadratic Residues and Legendre Symbols Definition 0.1. Let m; n 2 Z with (m; n) = 1 (recall: the gcd (m; n) is the nonnegative generator of the ideal mZ + nZ). Then m is called a quadratic residue mod n if m ≡ x2 (mod n) for some x 2 Z, and m is called a quadratic nonresidue mod n otherwise. Prove the following remark by considering the kernel and image of the map x 7! x2 on the group of units (Z=nZ)× = fm + nZ :(m; n) = 1g. Remark 1. For 2 < n 2 N the set fm+nZ : m is a quadratic residue mod ng is a subgroup of the group of units of order ≤ '(n)=2 where '(n) = #(Z=nZ)× is the Euler totient function. If n = p is an odd prime, then the order of this group is equal to '(p)=2 = (p − 1)=2, so the equivalence classes of all quadratic nonresidues form a coset of this group. Definition 1.1. Let p be an odd prime and let n 2 Z. The Legendre symbol (n=p) is defined as 8 1 if n is a quadratic residue mod p n < = −1 if n is a quadratic nonresidue mod p p : 0 if pjn: The law of quadratic reciprocity (the main theorem in this project) gives a precise relation- ship between the \reciprocal" Legendre symbols (p=q) and (q=p) where p; q are distinct odd primes. -
Quadratic Reciprocity Laws*
JOURNAL OF NUMBER THEORY 4, 78-97 (1972) Quadratic Reciprocity Laws* WINFRIED SCHARLAU Mathematical Institute, University of Miinster, 44 Miinster, Germany Communicated by H. Zassenhaus Received May 26, 1970 Quadratic reciprocity laws for the rationals and rational function fields are proved. An elementary proof for Hilbert’s reciprocity law is given. Hilbert’s reciprocity law is extended to certain algebraic function fields. This paper is concerned with reciprocity laws for quadratic forms over algebraic number fields and algebraic function fields in one variable. This is a very classical subject. The oldest and best known example of a theorem of this kind is, of course, the Gauss reciprocity law which, in Hilbert’s formulation, says the following: If (a, b) is a quaternion algebra over the field of rational numbers Q, then the number of prime spots of Q, where (a, b) does not split, is finite and even. This can be regarded as a theorem about quadratic forms because the quaternion algebras (a, b) correspond l-l to the quadratic forms (1, --a, -b, ub), and (a, b) is split if and only if (1, --a, -b, ub) is isotropic. This formulation of the Gauss reciprocity law suggests immediately generalizations in two different directions: (1) Replace the quaternion forms (1, --a, -b, ub) by arbitrary quadratic forms. (2) Replace Q by an algebraic number field or an algebraic function field in one variable (possibly with arbitrary constant field). While some results are known concerning (l), it seems that the situation has never been investigated thoroughly, not even for the case of the rational numbers. -
Selmer Groups and Quadratic Reciprocity 3
SELMER GROUPS AND QUADRATIC RECIPROCITY FRANZ LEMMERMEYER Abstract. In this article we study the 2-Selmer groups of number fields F as well as some related groups, and present connections to the quadratic reci- procity law in F . Let F be a number field; elements in F × that are ideal squares were called sin- gular numbers in the classical literature. They were studied in connection with explicit reciprocity laws, the construction of class fields, or the solution of em- bedding problems by mathematicians like Kummer, Hilbert, Furtw¨angler, Hecke, Takagi, Shafarevich and many others. Recently, the groups of singular numbers in F were christened Selmer groups by H. Cohen [4] because of an analogy with the Selmer groups in the theory of elliptic curves (look at the exact sequence (2.2) and recall that, under the analogy between number fields and elliptic curves, units correspond to rational points, and class groups to Tate-Shafarevich groups). In this article we will present the theory of 2-Selmer groups in modern language, and give direct proofs based on class field theory. Most of the results given here can be found in 61ff of Hecke’s book [11]; they had been obtained by Hilbert and Furtw¨angler in the§§ roundabout way typical for early class field theory, and were used for proving explicit reciprocity laws. Hecke, on the other hand, first proved (a large part of) the quadratic reciprocity law in number fields using his generalized Gauss sums (see [3] and [24]), and then derived the existence of quadratic class fields (which essentially is just the calculation of the order of a certain Selmer group) from the reciprocity law. -
4 Patterns in Prime Numbers: the Quadratic Reciprocity Law
4 Patterns in Prime Numbers: The Quadratic Reciprocity Law 4.1 Introduction The ancient Greek philosopher Empedocles (c. 495–c. 435 b.c.e.) postulated that all known substances are composed of four basic elements: air, earth, fire, and water. Leucippus (fifth century b.c.e.) thought that these four were indecomposable. And Aristotle (384–322 b.c.e.) introduced four properties that characterize, in various combinations, these four elements: for example, fire possessed dryness and heat. The properties of compound substances were aggregates of these. This classical Greek concept of an element was upheld for almost two thousand years. But by the end of the nineteenth century, 83 chem- ical elements were known to exist, and these formed the basic building blocks of more complex substances. The European chemists Dmitry I. Mendeleyev (1834–1907) and Julius L. Meyer (1830–1895) arranged the elements approx- imately in the order of increasing atomic weight (now known to be the order of increasing atomic numbers), which exhibited a periodic recurrence of their chemical properties [205, 248]. This pattern in properties became known as the periodic law of chemical elements, and the arrangement as the periodic table. The periodic table is now at the center of every introductory chemistry course, and was a major breakthrough into the laws governing elements, the basic building blocks of all chemical compounds in the universe (Exercise 4.1). The prime numbers can be considered numerical analogues of the chemical elements. Recall that these are the numbers that are multiplicatively indecom- posable, i.e., divisible only by 1 and by themselves. -
Notes on Mod P Arithmetic, Group Theory and Cryptography Chapter One of an Invitation to Modern Number Theory
Notes on Mod p Arithmetic, Group Theory and Cryptography Chapter One of An Invitation to Modern Number Theory Steven J. Miller and Ramin Takloo-Bighash September 5, 2006 Contents 1 Mod p Arithmetic, Group Theory and Cryptography 1 1.1 Cryptography . 1 1.2 Efficient Algorithms . 3 1.2.1 Exponentiation . 3 1.2.2 Polynomial Evaluation (Horner’s Algorithm) . 4 1.2.3 Euclidean Algorithm . 4 1.2.4 Newton’s Method and Combinatorics . 6 1.3 Clock Arithmetic: Arithmetic Modulo n ................................ 10 1.4 Group Theory . 11 1.4.1 Definition . 12 1.4.2 Lagrange’s Theorem . 12 1.4.3 Fermat’s Little Theorem . 14 1.4.4 Structure of (Z=pZ)¤ ...................................... 15 1.5 RSA Revisited . 15 1.6 Eisenstein’s Proof of Quadratic Reciprocity . 17 1.6.1 Legendre Symbol . 17 1.6.2 The Proof of Quadratic Reciprocity . 18 1.6.3 Preliminaries . 19 1.6.4 Counting Lattice Points . 21 1 Abstract We introduce enough group theory and number theory to analyze in detail certain problems in cryptology. In the course of our investigations we comment on the importance of finding efficient algorithms for real world applica- tions. The notes below are from An Invitation to Modern Number Theory, published by Princeton University Press in 2006. For more on the book, see http://www.math.princeton.edu/mathlab/book/index.html The notes below are Chapter One of the book; as such, there are often references to other parts of the book. These references will look something like ?? in the text. If you want additional information on any of these references, please let me know. -
Public-Key Cryptography
http://dx.doi.org/10.1090/psapm/062 AMS SHORT COURSE LECTURE NOTES Introductory Survey Lectures published as a subseries of Proceedings of Symposia in Applied Mathematics Proceedings of Symposia in APPLIED MATHEMATICS Volume 62 Public-Key Cryptography American Mathematical Society Short Course January 13-14, 2003 Baltimore, Maryland Paul Garrett Daniel Lieman Editors ^tfEMAT , American Mathematical Society ^ Providence, Rhode Island ^VDED Editorial Board Mary Pugh Lenya Ryzhik Eitan Tadmor (Chair) LECTURE NOTES PREPARED FOR THE AMERICAN MATHEMATICAL SOCIETY SHORT COURSE PUBLIC-KEY CRYPTOGRAPHY HELD IN BALTIMORE, MARYLAND JANUARY 13-14, 2003 The AMS Short Course Series is sponsored by the Society's Program Committee for National Meetings. The series is under the direction of the Short Course Subcommittee of the Program Committee for National Meetings. 2000 Mathematics Subject Classification. Primary 54C40, 14E20, 14G50, 11G20, 11T71, HYxx, 94Axx, 46E25, 20C20. Library of Congress Cataloging-in-Publication Data Public-key cryptography / Paul Garrett, Daniel Lieman, editors. p. cm. — (Proceedings of symposia in applied mathematics ; v. 62) Papers from a conference held at the 2003 Baltimore meeting of the American Mathematical Society. Includes bibliographical references and index. ISBN 0-8218-3365-0 (alk. paper) 1. Computers—Access control-—Congresses. 2. Public key cryptography—Congresses. I. Garrett, Paul, 1952— II. Lieman, Daniel, 1965- III. American Mathematical Society. IV. Series. QA76.9.A25P82 2005 005.8'2—dc22 2005048178 Copying and reprinting. Material in this book may be reproduced by any means for edu• cational and scientific purposes without fee or permission with the exception of reproduction by services that collect fees for delivery of documents and provided that the customary acknowledg• ment of the source is given. -
Primes and Quadratic Reciprocity
PRIMES AND QUADRATIC RECIPROCITY ANGELICA WONG Abstract. We discuss number theory with the ultimate goal of understanding quadratic reciprocity. We begin by discussing Fermat's Little Theorem, the Chinese Remainder Theorem, and Carmichael numbers. Then we define the Legendre symbol and prove Gauss's Lemma. Finally, using Gauss's Lemma we prove the Law of Quadratic Reciprocity. 1. Introduction Prime numbers are especially important for random number generators, making them useful in many algorithms. The Fermat Test uses Fermat's Little Theorem to test for primality. Although the test is not guaranteed to work, it is still a useful starting point because of its simplicity and efficiency. An integer is called a quadratic residue modulo p if it is congruent to a perfect square modulo p. The Legendre symbol, or quadratic character, tells us whether an integer is a quadratic residue or not modulo a prime p. The Legendre symbol has useful properties, such as multiplicativity, which can shorten many calculations. The Law of Quadratic Reciprocity tells us that for primes p and q, the quadratic character of p modulo q is the same as the quadratic character of q modulo p unless both p and q are of the form 4k + 3. In Section 2, we discuss interesting facts about primes and \fake" primes (pseu- doprimes and Carmichael numbers). First, we prove Fermat's Little Theorem, then show that there are infinitely many primes and infinitely many primes congruent to 1 modulo 4. We also present the Chinese Remainder Theorem and using both it and Fermat's Little Theorem, we give a necessary and sufficient condition for a number to be a Carmichael number. -
Algorithms in Algebraic Number Theory
BULLETIN (New Series) OF THE AMERICAN MATHEMATICALSOCIETY Volume 26, Number 2, April 1992 ALGORITHMS IN ALGEBRAIC NUMBER THEORY H. W. LENSTRA, JR. Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1. Introduction The main interest of algorithms in algebraic number theory is that they pro- vide number theorists with a means of satisfying their professional curiosity. The praise of numerical experimentation in number theoretic research is as widely sung as purely numerological investigations are indulged in, and for both activities good algorithms are indispensable. What makes an algorithm good unfortunately defies definition—too many extra-mathematical factors af- fect its practical performance, such as the skill of the person responsible for its execution and the characteristics of the machine that may be used. The present paper addresses itself not to the researcher who is looking for a collection of well-tested computational methods for use on his recently acquired personal computer. -
On Security of XTR Public Key Cryptosystems Against Side Channel Attacks ?
On security of XTR public key cryptosystems against Side Channel Attacks ? Dong-Guk Han1??, Jongin Lim1? ? ?, and Kouichi Sakurai2 1 Center for Information and Security Technologies(CIST), Korea University, Seoul, KOREA fchrista,[email protected] 2 Department of Computer Science and Communication Engineering 6-10-1, Hakozaki, Higashi-ku, Fukuoka, 812-8581, Japan, [email protected] Abstract. The XTR public key system was introduced at Crypto 2000. Application of XTR in cryptographic protocols leads to substantial sav- ings both in communication and computational overhead without com- promising security. It is regarded that XTR is suitable for a variety of environments, including low-end smart cards, and XTR is the excellent alternative to either RSA or ECC. In [LV00a,SL01], authors remarked that XTR single exponentiation (XTR-SE) is less susceptible than usual exponentiation routines to environmental attacks such as timing attacks and Di®erential Power Analysis (DPA). In this paper, however, we in- vestigate the security of side channel attack (SCA) on XTR. This paper shows that XTR-SE is immune against simple power analysis (SPA) un- der assumption that the order of the computation of XTR-SE is carefully considered. However we show that XTR-SE is vulnerable to Data-bit DPA (DDPA)[Cor99], Address-bit DPA (ADPA)[IIT02], and doubling attack [FV03]. Moreover, we propose two countermeasures that prevent from DDPA and a countermeasure against ADPA. One of the counter- measures using randomization of the base element proposed to defeat DDPA, i.e., randomization of the base element using ¯eld isomorphism, could be used to break doubling attack. -
Fast Normal Basis Multiplication Using General Purpose Processors
IEEE TRANSACTIONS ON COMPUTERS, VOL. 52, NO. 11, NOVEMBER 2003 1379 Fast Normal Basis Multiplication Using General Purpose Processors Arash Reyhani-Masoleh, Member, IEEE, and M. Anwar Hasan, Senior Member, IEEE Abstract—For cryptographic applications, normal bases have received considerable attention, especially for hardware implementation. In this article, we consider fast software algorithms for normal basis multiplication over the extended binary field GFð2mÞ. We present a vector-level algorithm which essentially eliminates the bit-wise inner products needed in the conventional approach to the normal basis multiplication. We then present another algorithm which significantly reduces the dynamic instruction counts. Both algorithms utilize the full width of the data-path of the general purpose processor on which the software is to be executed. We also consider composite fields and present an algorithm which can provide further speed-ups and an added flexibility toward hardware-software codesign of processors for very large finite fields. Index Terms—Finite field multiplication, normal basis, software algorithms, ECDSA, composite fields. æ 1INTRODUCTION m HE extended binary finite field GFð2 Þ of degree m is to a number of practical considerations. Most importantly, Tused in important cryptographic operations, such as normal basis multiplication algorithms require inner pro- key exchange, signing, and verification. For today’s security ducts or matrix multiplications over the ground field GF(2). applications, the minimum values of m are considered to be Such computations are not directly supported by most of l60 in the elliptic curve cryptography and 1,024 in the today’s general purpose processors. These computations standard discrete log-based cryptography.