DOCSLIB.ORG

Finite Fields (PART 4)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Lecture 7: Finite Fields (PART 4) PART 4: Finite Fields of the Form GF (2n) Theoretical Underpinnings of Modern Cryptography Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 9, 2021 4:58pm ©2021 Avinash Kak, Purdue University Goals: n To review finite fields of the form GF (2 ) To show how arithmetic operations can be carried out by directly operating on the bit patterns for the elements of GF (2n) Perl and Python implementations for arithmetic in a Galois Field using my BitVector modules CONTENTS Section Title Page 7.1 Consider Again the Polynomials over GF (2) 3 7.2 Modular Polynomial Arithmetic 5 7.3 How Large is the Set of Polynomials When 8 Multiplications are Carried Out Modulo x2 + x +1 7.4 How Do We Know that GF (23) is a Finite Field? 10 7.5 GF (2n) a Finite Field for Every n 14 7.6 Representing the Individual Polynomials 15 in GF (2n) by Binary Code Words 7.7 Some Observations on Bit-Pattern Additions 18 in GF (2n) 7.8 Some Observations on Arithmetic Multiplication 20 in GF (2n) 7.9 Direct Bitwise Operations for Multiplication 22 in GF (28) 7.10 Summary of How a Multiplication is Carried 25 Out in GF (28) 7.11 Finding Multiplicative Inverses in GF (2n) 27 with Implementations in Perl and Python 7.12 Using a Generator to Represent the Elements 34 of GF (2n) 7.13 Homework Problems 38 2 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.1 CONSIDER AGAIN THE POLYNOMIALS OVER GF (2) Recall from Lecture 6 that GF (2) is a finite field consisting of the set {0, 1}, with modulo 2 addition as the group operator and modulo 2 multiplication as the ring operator. In Section 6.7 of Lecture 6, we also talked about polynomials over GF (2). Along the lines of the examples shown there, here are some more: x + 1 x2 + x + 1 x2 + 1 x3 + 1 x 1 x5 x10000 ... ... The examples shown only use 0 and 1 for the coefficients in the polynomials. Obviously, we could also have shown polynomials with negative coefficients. However, as you’d recall from Lecture 6, -1 is the same as +1 in GF (2).[Does 23 ∗ x5 + 1 belong to the set of polynomials defined over GF (2)? How about − 3 ∗ x7 + 1? The answer to both questions is yes. Can you justify the answer?] 3 Computer and Network Security by Avi Kak Lecture 7 Obviously, the number of such polynomials is infinite. The polynomials can be subject to the algebraic operations of addition and multiplication in which the coefficients are added and multiplied according to the rules that apply to GF (2). As stated in the previous lecture, the set of such polynomials forms a ring, called the polynomial ring. 4 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.2 MODULAR POLYNOMIAL ARITHMETIC Let’s now add one more twist to the algebraic operations we carry out on all the polynomials over GF (2): In Section 6.11 of Lecture 6, I defined an irreducible polynomial as a polynomial that cannot be factorized into lower-degree polynomials. From the set of all polynomials that can be defined over GF (2), let’s now consider the following irreducible polynomial: x3 + x + 1 By the way there exist only two irreducible polynomials of degree 3 over GF (2). The other is x3 + x2 + 1. For the set of all polynomials over GF (2), let’s now consider polynomial arithmetic modulo the irreducible polynomial x3 + x + 1. To explain what I mean by polynomial arithmetic modulo the irreduciable polynomial, when an algebraic operation — we are 5 Computer and Network Security by Avi Kak Lecture 7 obviously talking about polynomial multiplication — results in a polynomial whose degree equals or exceeds that of the irreducible polynomial, we will take for our result the remainder modulo the irreducible polynomial. For example, (x2 + x + 1) × (x2 + 1) mod (x3 + x + 1) = (x4 + x3 + x2)+(x2 + x + 1) mod (x3 + x + 1) = (x4 + x3 + x + 1) mod (x3 + x + 1) = −x2 − x = x2 + x Recallthat1 + 1 = 0in GF (2). That’s what caused the x2 term to disappear in the second expression on the right hand side of the equality sign. For the division by the modulus in the above example, we used the result (x4 + x3 + x + 1) −x2 − x = x + 1 + (x3 + x + 1) x3 + x + 1 Obviously, for the division on the left hand side, our first quotient term is x. Multiplying the divisor by x yields x4 + x2 + x that when subtracted from the dividend gives us 6 Computer and Network Security by Avi Kak Lecture 7 x3 − x2 + 1. This dictates that the next term of the quotient be 1, and so on. 7 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.3 HOW LARGE IS THE SET OF POLYNOMIALS WHEN MULTIPLICATIONS ARE CARRIED OUT MODULO x3 + x + 1 3 With multiplications modulo x + x + 1, we have only the following eight polynomials in the set of polynomials over GF (2): 0 1 x x2 x + 1 x2 + 1 x2 + x x2 + x + 1 3 We will refer to this set as GF (2 ) where the exponent of 2, which in this case is 3, is the degree of the modulus polynomial. 3 Our conceptualization of GF (2 ) is analogous to our conceptualization of the set Z8. The eight elements of Z8 are 8 Computer and Network Security by Avi Kak Lecture 7 to be thought of as integers modulo 8. So, basically, Z8 maps all integers to the eight numbers in the set Z8. Similarly, GF (23) maps all of the polynomials over GF (2) to the eight polynomials shown above. 3 But note the crucial difference between GF (2 ) and Z8: 3 GF (2 ) is a field, whereas Z8 is NOT. 9 Computer and Network Security by Avi Kak Lecture 7 Back to TOC 7.4 HOW DO WE KNOW THAT GF (23) IS A FINITE FIELD? 3 We do know that GF (2 ) is an abelian group because of the operation of polynomial addition satisfies all of the requirements on a group operator and because polynomial addition is commutative. [Every polynomial in GF (23) is its own additive inverse because of how the two numbers in GF (2) behave with respect to modulo 2 addition.] 3 GF (2 ) is also a commutative ring because polynomial multiplication distributes over polynomial addition (and because polynomial multiplication meets all the other stipulations on the ring operator: closedness, associativity, commutativity). 3 GF (2 ) is an integral domain because of the fact that the set contains the multiplicative identity element 1 and because if for a ∈ GF (23) and b ∈ GF (23) we have a × b = 0 mod (x3 + x + 1) then either a = 0or b = 0. This can be proved easily as follows: – Assume that neither a nor b is zero when 10 Computer and Network Security by Avi Kak Lecture 7 a × b = 0 mod (x3 + x + 1). In that case, the following equality must also hold a × b = (x3 + x + 1) since 0 ≡ (x3 + x + 1) mod (x3 + x + 1) – But the above implies that the irreducible polynomial x3 + x + 1 can be factorized, which by definition cannot be done. 3 We now argue that GF (2 ) is a finite field because it is a finite set and because it contains a unique multiplicative inverse for every non-zero element. 3 GF (2 ) contains a unique multiplicative inverse for every non-zero element for the same reason that Z7 contains a unique multiplicative inverse for every non-zero integer in the set. (For a counterexample, recall that Z8 does not possess multiplicative inverses for 2, 4, and 6.) Stated formally, we say that for every non-zero element a ∈ GF (23) there is always a unique element b ∈ GF (23) such that a × b = 1. The above conclusion follows from the fact if you multiply a non-zero element a with each of the eight elements of GF (23), 11 Computer and Network Security by Avi Kak Lecture 7 the result will the eight distinct elements of GF (23). Obviously, the results of such multiplications must equal 1 for exactly one of the non-zero element of GF (23). So if a × b = 1, then b must be the multiplicative inverse for a. The same thing happens in Z7. If you multiply a non-zero element a of this set with each of the seven elements of Z7, you will get seven distinct answers. The answer must therefore equal 1 for at least one such multiplication. When the answer is 1, you have your multiplicative inverse for a. For a counterexample, this is not what happens in Z8. When you multiply 2 with every element of Z8, you do not get eight distinct answers. (Multiplying 2 with every element of Z8 yields {0, 2, 4, 6, 0, 2, 4, 6} that has only four distinct elements). For a more formal proof (by contradiction) of the fact that if you multiply a non-zero element a of GF (23) with every element of the same set, no two answers will be the same, let’s assume that this assertion is false. That is, we assume the existence of two distinct b and c in the set such that a × b ≡ a × c mod (x3 + x + 1) That implies a × (b − c) ≡ 0 mod (x3 + x + 1) 12 Computer and Network Security by Avi Kak Lecture 7 That implies that either a is 0 or that b equals c.
Recommended publications
  • APPLICATIONS of GALOIS THEORY 1. Finite Fields Let F Be a Finite Field

    APPLICATIONS of GALOIS THEORY 1. Finite Fields Let F Be a Finite Field

    CHAPTER IX APPLICATIONS OF GALOIS THEORY 1. Finite Fields Let F be a finite field. It is necessarily of nonzero characteristic p and its prime field is the field with p r elements Fp.SinceFis a vector space over Fp,itmusthaveq=p elements where r =[F :Fp]. More generally, if E ⊇ F are both finite, then E has qd elements where d =[E:F]. As we mentioned earlier, the multiplicative group F ∗ of F is cyclic (because it is a finite subgroup of the multiplicative group of a field), and clearly its order is q − 1. Hence each non-zero element of F is a root of the polynomial Xq−1 − 1. Since 0 is the only root of the polynomial X, it follows that the q elements of F are roots of the polynomial Xq − X = X(Xq−1 − 1). Hence, that polynomial is separable and F consists of the set of its roots. (You can also see that it must be separable by finding its derivative which is −1.) We q may now conclude that the finite field F is the splitting field over Fp of the separable polynomial X − X where q = |F |. In particular, it is unique up to isomorphism. We have proved the first part of the following result. Proposition. Let p be a prime. For each q = pr, there is a unique (up to isomorphism) finite field F with |F | = q. Proof. We have already proved the uniqueness. Suppose q = pr, and consider the polynomial Xq − X ∈ Fp[X]. As mentioned above Df(X)=−1sof(X) cannot have any repeated roots in any extension, i.e.
  • What Can (And Can't) We Do with Sparse Polynomials?

    What Can (And Can't) We Do with Sparse Polynomials?

    What Can (and Can’t) we Do with Sparse Polynomials? Daniel S. Roche United States Naval Academy Annapolis, Maryland, U.S.A. [email protected] ABSTRACT This sparse representation matches the one used by default for Simply put, a sparse polynomial is one whose zero coefficients are multivariate polynomials in modern computer algebra systems and not explicitly stored. Such objects are ubiquitous in exact computing, libraries such as Magma [83], Maple [73], Mathematica, Sage [84], and so naturally we would like to have efficient algorithms to handle and Singular [81]. them. However, with this compact storage comes new algorithmic challenges, as fast algorithms for dense polynomials may no longer 1.1 Sparse polynomial algorithm complexity be efficient. In this tutorial we examine the state of the art forsparse Sparse polynomials in the distributed representation are also called polynomial algorithms in three areas: arithmetic, interpolation, and lacunary or supersparse [55] in the literature to emphasize that, in factorization. The aim is to highlight recent progress both in theory this representation, the degree of a polynomial could be exponen- and in practice, as well as opportunities for future work. tially larger than its bit-length. This exposes the essential difficulty of computing with sparse polynomials, in that efficient algorithms KEYWORDS for dense polynomials may cost exponential-time in the sparse setting. sparse polynomial, interpolation, arithmetic, factorization Specifically, when analyzing algorithms for dense polynomials, the most important measure is the degree bound D 2 N such that ACM Reference Format: Daniel S. Roche. 2018. What Can (and Can’t) we Do with Sparse Polyno- deg f < D.
  • A Note on Presentation of General Linear Groups Over a Finite Field

    A Note on Presentation of General Linear Groups Over a Finite Field

    Southeast Asian Bulletin of Mathematics (2019) 43: 217–224 Southeast Asian Bulletin of Mathematics c SEAMS. 2019 A Note on Presentation of General Linear Groups over a Finite Field Swati Maheshwari and R. K. Sharma Department of Mathematics, Indian Institute of Technology Delhi, New Delhi, India Email: [email protected]; [email protected] Received 22 September 2016 Accepted 20 June 2018 Communicated by J.M.P. Balmaceda AMS Mathematics Subject Classification(2000): 20F05, 16U60, 20H25 Abstract. In this article we have given Lie regular generators of linear group GL(2, Fq), n where Fq is a finite field with q = p elements. Using these generators we have obtained presentations of the linear groups GL(2, F2n ) and GL(2, Fpn ) for each positive integer n. Keywords: Lie regular units; General linear group; Presentation of a group; Finite field. 1. Introduction Suppose F is a finite field and GL(n, F) is the general linear the group of n × n invertible matrices and SL(n, F) is special linear group of n × n matrices with determinant 1. We know that GL(n, F) can be written as a semidirect product, GL(n, F)= SL(n, F) oF∗, where F∗ denotes the multiplicative group of F. Let H and K be two groups having presentations H = hX | Ri and K = hY | Si, then a presentation of semidirect product of H and K is given by, −1 H oη K = hX, Y | R,S,xyx = η(y)(x) ∀x ∈ X,y ∈ Y i, where η : K → Aut(H) is a group homomorphism. Now we summarize some literature survey related to the presentation of groups.
  • The General Linear Group

    The General Linear Group

    18.704 Gabe Cunningham 2/18/05 [email protected] The General Linear Group Definition: Let F be a field. Then the general linear group GLn(F ) is the group of invert- ible n × n matrices with entries in F under matrix multiplication. It is easy to see that GLn(F ) is, in fact, a group: matrix multiplication is associative; the identity element is In, the n × n matrix with 1’s along the main diagonal and 0’s everywhere else; and the matrices are invertible by choice. It’s not immediately clear whether GLn(F ) has infinitely many elements when F does. However, such is the case. Let a ∈ F , a 6= 0. −1 Then a · In is an invertible n × n matrix with inverse a · In. In fact, the set of all such × matrices forms a subgroup of GLn(F ) that is isomorphic to F = F \{0}. It is clear that if F is a finite field, then GLn(F ) has only finitely many elements. An interesting question to ask is how many elements it has. Before addressing that question fully, let’s look at some examples. ∼ × Example 1: Let n = 1. Then GLn(Fq) = Fq , which has q − 1 elements. a b Example 2: Let n = 2; let M = ( c d ). Then for M to be invertible, it is necessary and sufficient that ad 6= bc. If a, b, c, and d are all nonzero, then we can fix a, b, and c arbitrarily, and d can be anything but a−1bc. This gives us (q − 1)3(q − 2) matrices.
  • On the Discrete Logarithm Problem in Finite Fields of Fixed Characteristic

    On the Discrete Logarithm Problem in Finite Fields of Fixed Characteristic

    On the discrete logarithm problem in finite fields of fixed characteristic Robert Granger1⋆, Thorsten Kleinjung2⋆⋆, and Jens Zumbr¨agel1⋆ ⋆ ⋆ 1 Laboratory for Cryptologic Algorithms School of Computer and Communication Sciences Ecole´ polytechnique f´ed´erale de Lausanne, Switzerland 2 Institute of Mathematics, Universit¨at Leipzig, Germany {robert.granger,thorsten.kleinjung,jens.zumbragel}@epfl.ch Abstract. × For q a prime power, the discrete logarithm problem (DLP) in Fq consists in finding, for × x any g ∈ Fq and h ∈hgi, an integer x such that g = h. For each prime p we exhibit infinitely many n × extension fields Fp for which the DLP in Fpn can be solved in expected quasi-polynomial time. 1 Introduction In this paper we prove the following result. Theorem 1. For every prime p there exist infinitely many explicit extension fields Fpn for which × the DLP in Fpn can be solved in expected quasi-polynomial time exp (1/ log2+ o(1))(log n)2 . (1) Theorem 1 is an easy corollary of the following much stronger result, which we prove by presenting a randomised algorithm for solving any such DLP. Theorem 2. Given a prime power q > 61 that is not a power of 4, an integer k ≥ 18, polyno- q mials h0, h1 ∈ Fqk [X] of degree at most two and an irreducible degree l factor I of h1X − h0, × ∼ the DLP in Fqkl where Fqkl = Fqk [X]/(I) can be solved in expected time qlog2 l+O(k). (2) To deduce Theorem 1 from Theorem 2, note that thanks to Kummer theory, when l = q − 1 q−1 such h0, h1 are known to exist; indeed, for all k there exists an a ∈ Fqk such that I = X −a ∈ q i Fqk [X] is irreducible and therefore I | X − aX.
  • A Second Course in Algebraic Number Theory

    A Second Course in Algebraic Number Theory

    A second course in Algebraic Number Theory Vlad Dockchitser Prerequisites: • Galois Theory • Representation Theory Overview: ∗ 1. Number Fields (Review, K; OK ; O ; ClK ; etc) 2. Decomposition of primes (how primes behave in eld extensions and what does Galois's do) 3. L-series (Dirichlet's Theorem on primes in arithmetic progression, Artin L-functions, Cheboterev's density theorem) 1 Number Fields 1.1 Rings of integers Denition 1.1. A number eld is a nite extension of Q Denition 1.2. An algebraic integer α is an algebraic number that satises a monic polynomial with integer coecients Denition 1.3. Let K be a number eld. It's ring of integer OK consists of the elements of K which are algebraic integers Proposition 1.4. 1. OK is a (Noetherian) Ring 2. , i.e., ∼ [K:Q] as an abelian group rkZ OK = [K : Q] OK = Z 3. Each can be written as with and α 2 K α = β=n β 2 OK n 2 Z Example. K OK Q Z ( p p [ a] a ≡ 2; 3 mod 4 ( , square free) Z p Q( a) a 2 Z n f0; 1g a 1+ a Z[ 2 ] a ≡ 1 mod 4 where is a primitive th root of unity Q(ζn) ζn n Z[ζn] Proposition 1.5. 1. OK is the maximal subring of K which is nitely generated as an abelian group 2. O`K is integrally closed - if f 2 OK [x] is monic and f(α) = 0 for some α 2 K, then α 2 OK . Example (Of Factorisation).
  • Modular Arithmetic

    Modular Arithmetic

    CS 70 Discrete Mathematics and Probability Theory Fall 2009 Satish Rao, David Tse Note 5 Modular Arithmetic One way to think of modular arithmetic is that it limits numbers to a predefined range f0;1;:::;N ¡ 1g, and wraps around whenever you try to leave this range — like the hand of a clock (where N = 12) or the days of the week (where N = 7). Example: Calculating the day of the week. Suppose that you have mapped the sequence of days of the week (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday) to the sequence of numbers (0;1;2;3;4;5;6) so that Sunday is 0, Monday is 1, etc. Suppose that today is Thursday (=4), and you want to calculate what day of the week will be 10 days from now. Intuitively, the answer is the remainder of 4 + 10 = 14 when divided by 7, that is, 0 —Sunday. In fact, it makes little sense to add a number like 10 in this context, you should probably find its remainder modulo 7, namely 3, and then add this to 4, to find 7, which is 0. What if we want to continue this in 10 day jumps? After 5 such jumps, we would have day 4 + 3 ¢ 5 = 19; which gives 5 modulo 7 (Friday). This example shows that in certain circumstances it makes sense to do arithmetic within the confines of a particular number (7 in this example), that is, to do arithmetic by always finding the remainder of each number modulo 7, say, and repeating this for the results, and so on.
  • Discrete Mathematics

    Discrete Mathematics

    Slides for Part IA CST 2016/17 Discrete Mathematics <www.cl.cam.ac.uk/teaching/1617/DiscMath> Prof Marcelo Fiore [email protected] — 0 — What are we up to ? ◮ Learn to read and write, and also work with, mathematical arguments. ◮ Doing some basic discrete mathematics. ◮ Getting a taste of computer science applications. — 2 — What is Discrete Mathematics ? from Discrete Mathematics (second edition) by N. Biggs Discrete Mathematics is the branch of Mathematics in which we deal with questions involving finite or countably infinite sets. In particular this means that the numbers involved are either integers, or numbers closely related to them, such as fractions or ‘modular’ numbers. — 3 — What is it that we do ? In general: Build mathematical models and apply methods to analyse problems that arise in computer science. In particular: Make and study mathematical constructions by means of definitions and theorems. We aim at understanding their properties and limitations. — 4 — Lecture plan I. Proofs. II. Numbers. III. Sets. IV. Regular languages and finite automata. — 6 — Proofs Objectives ◮ To develop techniques for analysing and understanding mathematical statements. ◮ To be able to present logical arguments that establish mathematical statements in the form of clear proofs. ◮ To prove Fermat’s Little Theorem, a basic result in the theory of numbers that has many applications in computer science. — 16 — Proofs in practice We are interested in examining the following statement: The product of two odd integers is odd. This seems innocuous enough, but it is in fact full of baggage. — 18 — Proofs in practice We are interested in examining the following statement: The product of two odd integers is odd.
  • Factoring Polynomials Over Finite Fields

    Factoring Polynomials Over Finite Fields

    Factoring Polynomials over Finite Fields More precisely: Factoring and testing irreduciblity of sparse polynomials over small finite fields Richard P. Brent MSI, ANU joint work with Paul Zimmermann INRIA, Nancy 27 August 2009 Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 1 / 64 Outline Introduction I Polynomials over finite fields I Irreducible and primitive polynomials I Mersenne primes Part 1: Testing irreducibility I Irreducibility criteria I Modular composition I Three algorithms I Comparison of the algorithms I The “best” algorithm I Some computational results Part 2: Factoring polynomials I Distinct degree factorization I Avoiding GCDs, blocking I Another level of blocking I Average-case complexity I New primitive trinomials Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 2 / 64 Polynomials over finite fields We consider univariate polynomials P(x) over a finite field F. The algorithms apply, with minor changes, for any small positive characteristic, but since time is limited we assume that the characteristic is two, and F = Z=2Z = GF(2). P(x) is irreducible if it has no nontrivial factors. If P(x) is irreducible of degree r, then [Gauss] r x2 = x mod P(x): 2r Thus P(x) divides the polynomial Pr (x) = x − x. In fact, Pr (x) is the product of all irreducible polynomials of degree d, where d runs over the divisors of r. Richard Brent (ANU) Factoring Polynomials over Finite Fields 27 August 2009 3 / 64 Counting irreducible polynomials Let N(d) be the number of irreducible polynomials of degree d. Thus X r dN(d) = deg(Pr ) = 2 : djr By Möbius inversion we see that X rN(r) = µ(d)2r=d : djr Thus, the number of irreducible polynomials of degree r is ! 2r 2r=2 N(r) = + O : r r Since there are 2r polynomials of degree r, the probability that a randomly selected polynomial is irreducible is ∼ 1=r ! 0 as r ! +1.
  • EE 595 (PMP) Advanced Topics in Communication Theory Handout #1

    EE 595 (PMP) Advanced Topics in Communication Theory Handout #1

    EE 595 (PMP) Advanced Topics in Communication Theory Handout #1 Introduction to Cryptography. Symmetric Encryption.1 Wednesday, January 13, 2016 Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Outline: 1. Review - Security goals 2. Terminology 3. Secure communication { Symmetric vs. asymmetric setting 4. Background: Modular arithmetic 5. Classical cryptosystems { The shift cipher { The substitution cipher 6. Background: The Euclidean Algorithm 7. More classical cryptosystems { The affine cipher { The Vigen´erecipher { The Hill cipher { The permutation cipher 8. Cryptanalysis { The Kerchoff Principle { Types of cryptographic attacks { Cryptanalysis of the shift cipher { Cryptanalysis of the affine cipher { Cryptanalysis of the Vigen´erecipher { Cryptanalysis of the Hill cipher Review - Security goals Last lecture, we introduced the following security goals: 1. Confidentiality - ability to keep information secret from all but authorized users. 2. Data integrity - property ensuring that messages to and from a user have not been corrupted by communication errors or unauthorized entities on their way to a destination. 3. Identity authentication - ability to confirm the unique identity of a user. 4. Message authentication - ability to undeniably confirm message origin. 5. Authorization - ability to check whether a user has permission to conduct some action. 6. Non-repudiation - ability to prevent the denial of previous commitments or actions (think of a con- tract). 7. Certification - endorsement of information by a trusted entity. In the rest of today's lecture, we will focus on three of these goals, namely confidentiality, integrity and authentication (CIA). In doing so, we begin by introducing the necessary terminology. 1 We thank Professors Radha Poovendran and Andrew Clark for the help in preparing this material.
  • Quaternion Algebra and Calculus

    Quaternion Algebra and Calculus

    Quaternion Algebra and Calculus David Eberly, Geometric Tools, Redmond WA 98052 https://www.geometrictools.com/ This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Created: March 2, 1999 Last Modified: August 18, 2010 Contents 1 Quaternion Algebra 2 2 Relationship of Quaternions to Rotations3 3 Quaternion Calculus 5 4 Spherical Linear Interpolation6 5 Spherical Cubic Interpolation7 6 Spline Interpolation of Quaternions8 1 This document provides a mathematical summary of quaternion algebra and calculus and how they relate to rotations and interpolation of rotations. The ideas are based on the article [1]. 1 Quaternion Algebra A quaternion is given by q = w + xi + yj + zk where w, x, y, and z are real numbers. Define qn = wn + xni + ynj + znk (n = 0; 1). Addition and subtraction of quaternions is defined by q0 ± q1 = (w0 + x0i + y0j + z0k) ± (w1 + x1i + y1j + z1k) (1) = (w0 ± w1) + (x0 ± x1)i + (y0 ± y1)j + (z0 ± z1)k: Multiplication for the primitive elements i, j, and k is defined by i2 = j2 = k2 = −1, ij = −ji = k, jk = −kj = i, and ki = −ik = j. Multiplication of quaternions is defined by q0q1 = (w0 + x0i + y0j + z0k)(w1 + x1i + y1j + z1k) = (w0w1 − x0x1 − y0y1 − z0z1)+ (w0x1 + x0w1 + y0z1 − z0y1)i+ (2) (w0y1 − x0z1 + y0w1 + z0x1)j+ (w0z1 + x0y1 − y0x1 + z0w1)k: Multiplication is not commutative in that the products q0q1 and q1q0 are not necessarily equal.
  • WORKSHEET # 7 QUATERNIONS the Set of Quaternions Are the Set Of

    WORKSHEET # 7 QUATERNIONS the Set of Quaternions Are the Set Of

    WORKSHEET # 7 QUATERNIONS The set of quaternions are the set of all formal R-linear combinations of \symbols" i; j; k a + bi + cj + dk for a; b; c; d 2 R. We give them the following addition rule: (a + bi + cj + dk) + (a0 + b0i + c0j + d0k) = (a + a0) + (b + b0)i + (c + c0)j + (d + d0)k Multiplication is induced by the following rules (λ 2 R) i2 = j2 = k2 = −1 ij = k; jk = i; ki = j ji = −k kj = −i ik = −j λi = iλ λj = jλ λk = kλ combined with the distributive rule. 1. Use the above rules to carefully write down the product (a + bi + cj + dk)(a0 + b0i + c0j + d0k) as an element of the quaternions. Solution: (a + bi + cj + dk)(a0 + b0i + c0j + d0k) = aa0 + ab0i + ac0j + ad0k + ba0i − bb0 + bc0k − bd0j ca0j − cb0k − cc0 + cd0i + da0k + db0j − dc0i − dd0 = (aa0 − bb0 − cc0 − dd0) + (ab0 + a0b + cd0 − dc0)i (ac0 − bd0 + ca0 + db0)j + (ad0 + bc0 − cb0 + da0)k 2. Prove that the quaternions form a ring. Solution: It is obvious that the quaternions form a group under addition. We just showed that they were closed under multiplication. We have defined them to satisfy the distributive property. The only thing left is to show the associative property. I will only prove this for the elements i; j; k (this is sufficient by the distributive property). i(ij) = i(k) = ik = −j = (ii)j i(ik) = i(−j) = −ij = −k = (ii)k i(ji) = i(−k) = −ik = j = ki = (ij)i i(jj) = −i = kj = (ij)j i(jk) = i(i) = (−1) = (k)k = (ij)k i(ki) = ij = k = −ji = (ik)i i(kk) = −i = −jk = (ik)k j(ii) = −j = −ki = (ji)i j(ij) = jk = i = −kj = (ji)j j(ik) = j(−j) = 1 = −kk = (ji)k j(ji) = j(−k) = −jk = −i = (jj)i j(jk) = ji = −k = (jj)k j(ki) = jj = −1 = ii = (jk)i j(kj) = j(−i) = −ji = k = ij = (jk)j j(kk) = −j = ik = (jk)k k(ii) = −k = ji = (ki)i k(ij) = kk = −1 = jj = (ki)j k(ik) = k(−j) = −kj = i = jk = (ki)k k(ji) = k(−k) = 1 = (−i)i = (kj)i k(jj) = k(−1) = −k = −ij = (kj)j k(jk) = ki = j = −ik = (kj)k k(ki) = kj = −i = (kk)i k(kj) = k(−i) = −ki = −j = (kk)j 1 WORKSHEET #7 2 3.