DOCSLIB.ORG

Fast Normal Basis Multiplication Using General Purpose Processors

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fast Normal Basis Multiplication Using General Purpose Processors IEEE TRANSACTIONS ON COMPUTERS, VOL. 52, NO. 11, NOVEMBER 2003 1379 Fast Normal Basis Multiplication Using General Purpose Processors Arash Reyhani-Masoleh, Member, IEEE, and M. Anwar Hasan, Senior Member, IEEE Abstract—For cryptographic applications, normal bases have received considerable attention, especially for hardware implementation. In this article, we consider fast software algorithms for normal basis multiplication over the extended binary field GFð2mÞ. We present a vector-level algorithm which essentially eliminates the bit-wise inner products needed in the conventional approach to the normal basis multiplication. We then present another algorithm which significantly reduces the dynamic instruction counts. Both algorithms utilize the full width of the data-path of the general purpose processor on which the software is to be executed. We also consider composite fields and present an algorithm which can provide further speed-ups and an added flexibility toward hardware-software codesign of processors for very large finite fields. Index Terms—Finite field multiplication, normal basis, software algorithms, ECDSA, composite fields. æ 1INTRODUCTION m HE extended binary finite field GFð2 Þ of degree m is to a number of practical considerations. Most importantly, Tused in important cryptographic operations, such as normal basis multiplication algorithms require inner pro- key exchange, signing, and verification. For today’s security ducts or matrix multiplications over the ground field GF(2). applications, the minimum values of m are considered to be Such computations are not directly supported by most of l60 in the elliptic curve cryptography and 1,024 in the today’s general purpose processors. These computations standard discrete log-based cryptography. Elliptic curve require bit-by-bit logical AND and XOR operations, which crypto-systems, which were proposed by Koblitz [15] and are not efficiently implemented using the instruction set Miller [23] independently, use relatively smaller field sizes, supported by the processors. Also, when a high-level but require a considerable amount of field arithmetic for programming language such as C is used, the cyclic shifts each group operation (i.e., addition of two points). In such needed for field squaring operations are not as efficient as crypto-systems, often the most complicated and expensive they are in hardware. module is the finite field arithmetic unit. As a result, it is In this paper, we consider algorithms for fast software important to develop suitable finite field arithmetic algo- normal basis (NB) multiplication on general purpose rithms and architectures that can meet the constraints of processors. We discuss how the conventional bit-level various implementation technologies, such as hardware algorithm for normal basis multiplication fails to utilize and software. the full data-path of the processor and makes its software For cryptographic applications, the most frequently used implementation inefficient. In view of this, a vector-level m GFð2 Þ arithmetic operations are addition and multiplica- normal basis multiplication algorithm is presented which tion. Compared to the former, the latter is a much more eliminates the matrix multiplication over GF(2) and sig- complicated and time-consuming operation. The complex- nificantly reduces the number of dynamic instructions. We ity of GFð2mÞ multiplication very much depends on how then derive another scheme for normal basis multiplication the field elements are represented. For hardware imple- to further improve the speed. We present implementation mentation of a multiplier, the use of normal bases has results of these schemes for the five fields recommended by received considerable attention and a number of hardware NIST for NB multiplication in ECDSA (elliptic curve digital architectures and implementations have been reported (see, signature algorithm) [25], i.e., m ¼ 163, 233, 283, 409, 571. for example, [1], [2], [19], [10], [35]). Unlike hardware, so far For example, it takes 99s and requires only 322 bytes of 163 software implementation of a GFð2mÞ multiplier using memory for a GFð2 Þ multiplication using NB on normal bases has not been that popular. This is mainly due Pentium III 533 MHz PC. We also consider normal basis multiplication over certain special classes of composite fields. We show that normal basis multipliers over such . A. Reyhani-Masoleh is with the Centre for Applied Cryptographic composite fields can provide an additional speed-up. For Research, Department of Combinatorics and Optimization, University of example, it requires 114s and 25 bytes of memory for Waterloo, Waterloo, Ontario, Canada N2L 3G1. 299 E-mail: [email protected]. multiplication over GFð2 Þ. Composite fields also offer a . M.A. Hasan is with the Department of Electrical and Computer great deal of flexibility toward hardware-software codesign Engineering, University of Waterloo, Waterloo, Ontario, Canada N2L of very large finite field processors. 3G1. E-mail: [email protected]. The organization of this article is as follows: In Section 2, Manuscript received 26 July 2001; revised 16 Sept. 2002; accepted 24 Jan. the NB representation and its conventional multiplication 2003. For information on obtaining reprints of this article, please send e-mail to: algorithm are presented. This algorithm has been proposed [email protected], and reference IEEECS Log Number 114607. by NIST for NB multiplication in ECDSA [25] where all 0018-9340/03/$17.00 ß 2003 IEEE Published by the IEEE Computer Society 1380 IEEE TRANSACTIONS ON COMPUTERS, VOL. 52, NO. 11, NOVEMBER 2003 recommended values of m are prime. Then, in Section 3, we referred to [11] for an algorithm with t odd). The case of t even extend NIST’s algorithm to a vector-level multiplication is of particular interest for implementing high speed crypto- algorithm which uses the full width of the data-path of the systems based on Koblitz curves. Such curves with points processor. In Section 4, a more efficient algorithm for over GFð2mÞ exist for m ¼ 163, 233, 283, 409, 571, where NB multiplication is presented. In this section, this algo- normal bases have t even. Let A ¼ða0;a1; ÁÁÁ;amÀ1Þ and B ¼ m rithm is also compared with other algorithms. Then, we ðb0;b1; ÁÁÁ;bmÀ1Þ be the elements of GFð2 Þ, then the ith present an algorithm for multiplication over finite fields coordinate of the product C ¼ AB is computed as [13]: GFð2mÞ with composite values of m in Section 5. Finally, a XpÀ2 few concluding remarks are given in Section 6. ci ¼ aFðnþ1ÞþibFðpÀnÞþi; 0 i m À 1: ð4Þ n¼1 2PRELIMINARIES In (4), p ¼ tm þ 1 and 2.1 Normal Basis Representation Fð2iuj mod pÞ¼i; 0 i m À 1; 0 j<t; ð5Þ It is well-known that there exists a normal basis in the field GFð2mÞ over GFð2Þ for all positive integers m. By finding where u is an integer of order t mod p. In order to realize m 2 2mÀ1 an element 2 GFð2 Þ such that f; ; ÁÁÁ; g is a basis (4), the following algorithm can be used [11] where ci is of GFð2mÞ over GFð2Þ, any element A 2 GFð2mÞ can be computed in the inner loop of this algorithm. Note that, in represented as the following algorithm, A i (resp. A i) denotes the i-fold left (resp. right) cyclic shifts of the coordinates of A. mXÀ1 2i 2 2mÀ1 The algorithm uses the fact that the ði þ jÞth coordinate of A A ¼ ai ¼ a0 þ a1 þÁÁÁþamÀ1 ; i¼0 (i.e., aiþj) is equal to the jth coordinate of A i. It also requires the input sequence Fð1Þ;Fð2Þ; ÁÁÁ;Fðp À 1Þ to be where ai 2 GFð2Þ, 0 i m À 1, is the ith coordinate of A. precomputed using (5). In this paper, this normal basis representation of A will be written in short as A ¼ða0;a1; ÁÁÁ;amÀ1Þ. Now, consider the Algorithm 1. (Bit-Level NB Multiplication) following matrix: Input: A; B 2 GFð2mÞ;FðnÞ2½0;mÀ 1 for hi 1 n p À 1 i j mÀ1 M ¼ 2 þ2 ; ð1Þ Output: C ¼ AB i;j¼0 1. Initialize C ¼ðc0;c1; ÁÁÁ;cmÀ1Þ :¼ 0 whose entries belong to GFð2mÞ. Writing these entries with 2. For i ¼ 0 to m À 1 { respect to the NB, one obtains the following: 3. For n ¼ 1 to p À 2 { 4. ci :¼ ci þ aFðnþ1ÞbFðpÀnÞ 2 2mÀ1 M ¼ M0 þ M1 þÁÁÁþMmÀ1 ; ð2Þ 5. } 6. A 1;B 1 where Mis are m  m multiplication matrices whose entries belong to GFð2Þ. Following [23], we now give the definition 7. } of the complexity of an NB as follows. Software implementation of Algorithm 1 is not very efficient for the following reasons: First, in each execution of Definition 1. The numbers of 1s in all Mis are equal. Let us define this number by line 4, one coordinate of each of A and B are accessed. These accesses are such that their software implementation is CN ¼ HðMiÞ; 0 i m À 1; ð3Þ rather unsystematic and typically requires more than one instruction. Second, in line 4, the mod 2 multiplication of the which is known as the complexity of the NB. In (3), HðM Þ i coordinates, which is implemented by bit-level logical AND refers to the Hamming weight, i.e., the number of 1s, in M . i operation, is performed mðp À 2Þ times in total and the mod 2 addition, which is implemented by bit-level logical It is well-known that C 2m À 1 [23]. When N XOR operation, is performed 1 mðp À 2Þ times, on average, C ¼ 2m À 1, the NB is called an optimal normal basis 4 N assuming that A and B are two random inputs. In the (ONB). Two types of ONBs were constructed by Mullin et al. C programming language, these mod 2 multiplication and [23].
Load more

Recommended publications
  • Algorithms in Algebraic Number Theory
    BULLETIN (New Series) OF THE AMERICAN MATHEMATICALSOCIETY Volume 26, Number 2, April 1992 ALGORITHMS IN ALGEBRAIC NUMBER THEORY H. W. LENSTRA, JR. Abstract. In this paper we discuss the basic problems of algorithmic algebraic number theory. The emphasis is on aspects that are of interest from a purely mathematical point of view, and practical issues are largely disregarded. We describe what has been done and, more importantly, what remains to be done in the area. We hope to show that the study of algorithms not only increases our understanding of algebraic number fields but also stimulates our curiosity about them. The discussion is concentrated of three topics: the determination of Galois groups, the determination of the ring of integers of an algebraic number field, and the computation of the group of units and the class group of that ring of integers. 1. Introduction The main interest of algorithms in algebraic number theory is that they pro- vide number theorists with a means of satisfying their professional curiosity. The praise of numerical experimentation in number theoretic research is as widely sung as purely numerological investigations are indulged in, and for both activities good algorithms are indispensable. What makes an algorithm good unfortunately defies definition—too many extra-mathematical factors af- fect its practical performance, such as the skill of the person responsible for its execution and the characteristics of the machine that may be used. The present paper addresses itself not to the researcher who is looking for a collection of well-tested computational methods for use on his recently acquired personal computer.
    [Show full text]
  • On Security of XTR Public Key Cryptosystems Against Side Channel Attacks ?
    On security of XTR public key cryptosystems against Side Channel Attacks ? Dong-Guk Han1??, Jongin Lim1? ? ?, and Kouichi Sakurai2 1 Center for Information and Security Technologies(CIST), Korea University, Seoul, KOREA fchrista,[email protected] 2 Department of Computer Science and Communication Engineering 6-10-1, Hakozaki, Higashi-ku, Fukuoka, 812-8581, Japan, [email protected] Abstract. The XTR public key system was introduced at Crypto 2000. Application of XTR in cryptographic protocols leads to substantial sav- ings both in communication and computational overhead without com- promising security. It is regarded that XTR is suitable for a variety of environments, including low-end smart cards, and XTR is the excellent alternative to either RSA or ECC. In [LV00a,SL01], authors remarked that XTR single exponentiation (XTR-SE) is less susceptible than usual exponentiation routines to environmental attacks such as timing attacks and Di®erential Power Analysis (DPA). In this paper, however, we in- vestigate the security of side channel attack (SCA) on XTR. This paper shows that XTR-SE is immune against simple power analysis (SPA) un- der assumption that the order of the computation of XTR-SE is carefully considered. However we show that XTR-SE is vulnerable to Data-bit DPA (DDPA)[Cor99], Address-bit DPA (ADPA)[IIT02], and doubling attack [FV03]. Moreover, we propose two countermeasures that prevent from DDPA and a countermeasure against ADPA. One of the counter- measures using randomization of the base element proposed to defeat DDPA, i.e., randomization of the base element using ¯eld isomorphism, could be used to break doubling attack.
    [Show full text]
  • On Fast Algorithm and Vlsi Design of Finite Computational Structures
    ON FAST ALGORITHM AND VLSI DESIGN OF FINITE COMPUTATIONAL STRUCTURES By ROM- S HEN KAO A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 1991 Dedicated to my parents ACKNOWLEDGMENTS In the years leading to this dissertation, I have had the great pleasure of working for and with an adviser who provided an environment conducive to learning. I would like to take this opportunity to thank my advisor, Dr. Fred J. Taylor. I would also like to thank Dr. Y. C. Chow, Dr. H. Lam, Dr. M. Law, and Dr. J. Principe for serving on my supervisory committee. Special thanks to my fellow students, who have offered useful advice. Thanks go to Ah- mad Ansari, Glenn Dean, Jun Li, Jon Mellott, Jeremy Smith, Eric Strom, Glenn Zelniker, and especially, John Ruckstuhl, for his courtesy and professional work on setting up the SUN systems. I would also like to thank those I have come to know at the University of Florida. They make my years at the university a unique and memorable experience. This work would not be possible without the encouragement and support from my wife, Jeannie. Finally, I would like to thank my parents for teaching me the philosophy of life and the value of education, and most of all for their love, patience, and support. - in - TABLE OF CONTENTS ACKNOWLEDGMENTS iii LIST OF TABLES vii LIST OF FIGURES viii KEY TO SYMBOLS AND ABBREVIATIONS xiii ABSTRACT xv CHAPTERS 1 INTRODUCTION 1 1.1 Overview 1 1.2 Problem Statement
    [Show full text]
  • Topics in Normal Bases of Finite Fields N. A. Carella
    Topics in Normal Bases of Finite Fields N. A. Carella Copyright 2001. All rights reserved. Table of Contents Chapter 1 Bases of Finite Fields 1.1 Introduction……………………………………………………………………………….2 1.2 Definitions and Elementary Concepts………………………………………………….....3 1.3 The Discriminants of Bases……………………………………………………………….7 1.4 Distribution of Bases…………………………………………………………………….10 1.5 Dual Bases……………………………………………………………………………….11 1.6 Distribution of Dual Bases…………….………………………………………………...16 1.7 Polynomials Bases……………………………………………………………………….17 Chapter 2 Structured Matrices 2.1 Basic Concepts…………………………………………………………………………..22 2.2 Circulant Matrices……….………………………………………………………………24 2.3 Triangular Matrices……………………………………………………………………...31 2.4 Hadamard Matrices……………………………………………………………………33 2.5 Multiplication Tables…………………………………………………………………….35 Chapter 3 Normal Bases 3.1 Basic Concepts………………………………………….……………………………….40 3.2 Existence of Normal Bases………………………………..……………………………..41 3.3 Iterative Construction of Normal Bases………………….……………………………...42 3.4 Additive Order and Decomposition Theorem…………….……………………………..44 3.5 Normal Tests……………………………………………….……………………………46 3.6 Polynomial Representations………………………………….………………………….48 3.7 Dual Normal Bases……………………………………………..………………………..51 3.8. Distribution Of Normal Bases…………………………………..………………………53 3.9 Distribution Of Self-Dual Normal Bases…………………………………………...…54 3.10. Formulae For Normal Elements/Polynomials………………….…………………..…57 3.11 Completely Normal Bases and Testing Methods……………………………………59 3.12 Infinite Sequences of Normal Elements/Polynomials………………………………...62
    [Show full text]
  • A Normal Integral Basis Theorem
    JOURNAL OF ALGEBRA 39, 131-137 (1976) A Normal Integral Basis Theorem A. FR&ILICH Department of Mathematics, Kings College, The Strand, London WC2, England Communicated by the Editors Received November 26. 1974 TO OLGA TAUSSKY IN GRATITUDE FOR HER FRIENDSHIP, ENCOURAGEMENT, AND INSPIRATION THROUGHOUT MY MATHEMATICAL LIFE 1. STATEMENT OF RESULT Let 1 be an odd prime, q a divisor of I- 1, and T an integer prime to 1 and of order q mod 1. Write in the sequelsZ(Z, q) for the group with generatorsu and w and defining relations & zz 1 = & 3 oJuorl = ur. Let N be a normal algebraic number field (always of finite degree) with Galois group Gal(N/Q) = r over the field Q of rational numbers and oN its ring of algebraic integers. A basis of oN over Z, the ring of integers, of form {a~}, with a fixed in Do and y running through r, will in accordancewith classicalterminology be called a normal integral busis of N. A well-known necessarycondition for this to happen is that N/Q be tamely ramified (cf. [12]). This, however, is not sufficient. The first examplesto the contrary were found by Martinet (cf. [ll]) for the quaternion group of order 8, and (cf. [l, 21) subsequently it was shown that there are infinitely many such examples for the quaternion groups of order 8 and of order 41*, E = -1 (mod 4). Here we prove THEOREM. Any normal tamely ramified numberjeld N with Galois group Gal(N/Q) = Q(Z, q) has a normal integral basis.
    [Show full text]
  • An Algorithm for the Construction of a Normal Basis
    Journal of Number Theory 78, 3645 (1999) Article ID jnth.1999.2388, available online at http:ÂÂwww.idealibrary.com on An Algorithm for the Construction of a Normal Basis Kurt Girstmair Institut fur Mathematik, Universitat Innsbruck, Technikerstrasse 25Â7, A-6020 Innsbruck, Austria E-mail: Kurt.GirstmairÄuibk.ac.at Communicated by M. Pohst Received April 20, 1998 We present an algorithm for the construction of a normal basis of a Galois exten- sion of degree n in characteristic 0. The algorithm requires O(n4) multiplications in the ground field. It is based on representation theory but does not require the View metadata, citation and similar papers at core.ac.uk brought to you by CORE knowledge of representation theoretical data (like characters). 1999 Academic Press provided by Elsevier - Publisher Connector 1. INTRODUCTION Let L be a Galois extension of the field K with Galois group G= [s1 , ..., sn] (so n=[L : K]) and y # L. One says y generates a normal basis of L over K if (s1( y), ..., sn( y)) is a basis of the K-vector space L. We simply say, by abuse of notation, y is a normal basis of LÂK if this holds. Moreover, we assume char(K )=0 for the time being, since we are inter- ested in this case mainly. The literature contains quite a number of proofs for the existence of a normal basis y, some of them of a purely field theoretic nature (e.g., [4, 11]) and others using representation theory ([1, 3, 10]). But the question of how to actually find a normal basis seems to be less well investigated (except for the case of finite fields, which we have ruled out).
    [Show full text]
  • Primitive Normal Bases for Finite Fields
    mathematics of computation volume 48. number 177 january 1987. pages 217-231 Primitive Normal Bases for Finite Fields By H. W. Lenstra, Jr. and R. J. Schoof Dedicated to Daniel Shanks Abstract. It is proved that any finite extension of a finite field has a normal basis consisting of primitive roots. Introduction. Let q be a prime power, q > 1. We denote by Vq a finite field of q elements. It is well known that for every positive integer m there exists a normal basis of F ». over F?, i.e., a basis of the form (a,aq,aql,...,aq"'^) with a e F ™.It is also well known that the multiplicative group F*mof F^», is cyclic, i.e., that for some a G Fl we have ¥*,= {a": « e Z}. Such an element a is called a primitive root of F »,. Following Davenport [4] we call 2 m-1 a normal basis (a,aq,aq ,. ..,aq ) of F », over F a primitive normal basis if a is a primitive root of F »,. Carlitz [2], [3] proved in 1952 that for all sufficiently large qm there exists a primitive normal basis of F », over Fq. Davenport [4] proved in 1968 that a primitive normal basis exists for all m if q is prime. In the present paper this result is extended to the general case. Theorem. For every prime power q > 1 and every positive integer m there exists a primitive normal basis of F ». over F . Section 1 contains an exposition of certain results due to Ore [7] concerning the Galois module structure of finite fields.
    [Show full text]
  • Normal Bases Over Finite Fields
    Normal Bases over Finite Fields by Shuhong Gao A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Doctor of Philosophy in Combinatorics and Optimization Waterloo, Ontario, Canada, 1993 c Shuhong Gao 1993 Abstract Interest in normal bases over finite fields stems both from mathematical theory and practical applications. There has been a lot of literature dealing with various properties of normal bases (for finite fields and for Galois extension of arbitrary fields). The advantage of using normal bases to represent finite fields was noted by Hensel in 1888. With the introduction of optimal normal bases, large finite fields, that can be used in secure and efficient implementation of several cryp- tosystems, have recently been realized in hardware. The present thesis studies various theoretical and practical aspects of normal bases in finite fields. We first give some characterizations of normal bases. Then by using linear algebra, we prove that Fqn has a basis over Fq such that any element in Fq represented in this basis generates a normal basis if and only if some groups of coordinates are not simultaneously zero. We show how n to construct an irreducible polynomial of degree 2 with linearly independent roots over Fq for any integer n and prime power q. We also construct explicitly an irreducible polynomial in Fp[x] of degree pn with linearly independent roots for any prime p and positive integer n. We give a new characterization of the minimal polynomial of αt for any integer t when the minimal polynomial 2n of α is given.
    [Show full text]
  • Normal Bases in Finite Fields and Efficient Compact Subgroup Trace Representation
    UNIVERSITÀ DEGLI STUDI ROMA TRE FACOLTÀ DI S.M.F.N. Graduation Thesis in Mathematics by Silvia Pastore Normal bases in finite fields and Efficient Compact Subgroup Trace Representation Supervisor Prof. Francesco Pappalardi The Candidate The Supervisor ACADEMIC YEAR 2006 - 2007 Classification: 94A60 11T71 11Y16 Key Words: XTR, Normal Basis, Optimal Normal Basis. A te che meritavi tanto, A te, Nico. 1 Contents Introduction . 3 1 Background 14 1.1 Algebraic structures . 14 1.2 Normal bases . 15 1.2.1 The multiplication matrix . 19 1.3 Construction of the optimal normal bases . 25 2 Arithmetic operations in 30 Fp2 3 XTR supergroup and XTR subgroup 35 3.1 Traces . 35 3.2 The polynomials F (c; X) ..................... 37 3.3 Properties of F (c; X) and its roots . 38 3.4 The computation of cn ...................... 43 4 XTR parameter and key selection 48 4.1 Selection of p and q ........................ 48 4.2 Selection of the subgroup . 50 5 Cryptographic applications 53 5.1 XTR - Diffie Hellman and XTR - ElGamal . 53 5.2 Discrete logarithm . 58 A Karatsuba Algorithm 64 A.1 Karatsuba's algorithm . 65 2 B Multi-exponentiation algorithm 68 References . 72 3 Introduction In the last twenty years, with the development of coding theory and appearance of several cryptosystems, the study of nite elds has generated much interest. This impetus behind this interest has been the need to produce efficient algorithms that can be implemented in the hardware or software used for applications such as data encryption and public key distribution. The necessity to produce efficient algorithms is translated into solving mathematical problems involving computations in nite elds.
    [Show full text]
  • The Normal Basis Theorem and the Primitive Element Theorem
    The nonvanishing polynomial lemma and applications Lemma 1. Let k be an infinite field. Let f(x1; x2; : : : ; xn) be a polynomial with coefficients in k. n If f has nonzero coefficients, then there exists (a1; a2; : : : ; an) 2 k such that f(a1; : : : ; an) 6= 0. Proof. Our proof is by induction on n. For the base case, n = 1, let f(x) have degree d. Since K is infinite, and f has no more than d roots, we see that there exists a 2 K with f(a) 6= 0. Now, suppose the result is known for polynomials in n − 1 variables. Write f(x1; : : : ; xn) = P i gi(x1; : : : ; xn−1)xn. At least one of the polynomials gi has nonzero coefficients; say it is gi. Inductively, choose (a1; : : : ; an−1) so that gi(a1; : : : ; an−1) is nonzero. So f(a1; a2; : : : ; an−1; x) is a nonzero polynomial in x. Using again that K is infinite, we can find an such that f(a1; : : : ; an−1; an) is nonzero. Here are some applications of this lemma: Lemma 2. Let K be an infinite field. Let V be a finite dimensional vector space over K. Let W1, W2,..., Wm be a finite list of vector subspaces of V , none of them the entire space V . Then there is vector ~v in V which is not in any Wi. Q Proof. For each Wi, choose a nonzero linear function λi : V ! K with Wi ⊆ Ker(λi). Then λi is a nonzero polynomial on V . Choose a point where this polynomial doesn't vanish.
    [Show full text]
  • ALGEBRAIC NUMBER THEORY Romyar Sharifi
    ALGEBRAIC NUMBER THEORY Romyar Sharifi Contents Introduction 7 Part 1. Algebraic number theory 9 Chapter 1. Abstract algebra 11 1.1. Tensor products of fields 11 1.2. Integral extensions 13 1.3. Norm and trace 18 1.4. Discriminants 22 1.5. Normal bases 29 Chapter 2. Dedekind domains 33 2.1. Fractional ideals 33 2.2. Dedekind domains 34 2.3. Discrete valuation rings 39 2.4. Orders 43 2.5. Ramification of primes 47 2.6. Decomposition groups 52 Chapter 3. Applications 57 3.1. Cyclotomic fields 57 3.2. Quadratic reciprocity 61 3.3. Fermat’s last theorem 63 Chapter 4. Geometry of numbers 67 4.1. Lattices 67 4.2. Real and complex embeddings 70 4.3. Finiteness of the class group 71 4.4. Dirichlet’s unit theorem 74 Chapter 5. Valuations and completions 79 5.1. Global fields 79 5.2. Valuations 80 3 4 CONTENTS 5.3. Completions 88 5.4. Extension of valuations 97 5.5. Local fields 101 Chapter 6. Local-global theory 105 6.1. Semi-local theory 105 6.2. Ramification revisited 110 6.3. Differents and discriminants 113 Part 2. Cohomology 121 Chapter 7. Group cohomology 123 7.1. Group rings 123 7.2. Group cohomology via cochains 124 7.3. Group cohomology via projective resolutions 129 7.4. Homology of groups 132 7.5. Induced modules 134 7.6. Tate cohomology 136 7.7. Dimension shifting 141 7.8. Comparing cohomology groups 142 7.9. Cup products 152 7.10. Tate cohomology of cyclic groups 159 7.11.
    [Show full text]
  • Lectures on Algebraic Number Theory
    Lectures On Algebraic Number Theory Dipendra Prasad Notes by Anupam 1 Number Fields We begin by recalling that a complex number is called an algebraic number if it satisfies a polynomial with rational coefficients or equivalently with integer coefficients. A complex number is called an algebraic integer if it satisfies a polynomial with integral coefficients having leading coefficient as 1. Let Q be the set of all algebraic numbers inside C. It is well known that Q is a subfield of C. Any finite extension of Q is called an Algebraic Number Field. Some of the most studied examples of number fields are: 1. Q, the field of rational numbers. √ 2. Quadratic extensions Q( d); where d ∈ Z is a non-square integer. 2πi 3. Cyclotomic fields Q(ζn), ζn = e n . 1 ∗ 4. Kummer extensions K(a n ) where a ∈ K and K is a number field. Definition. A Dedekind domain is an integral domain R such that 1. Every ideal is finitely generated; 2. Every nonzero prime ideal is a maximal ideal; 1 3. The ring R is integrally closed (in its field of fractions). Let K be a number field. Let us denote the set of algebraic integers inside K by OK . Theorem 1.1. 1. If K is a number field then OK , the set of algebraic integers inside K, forms a subring of K. This subring OK is a finitely generated Z module of the same rank as degQK. 2. The ring OK is a Dedekind domain. In particular, every ideal in OK can be written uniquely as a product of prime ideals.
    [Show full text]