Computing the Modular Inverse of a Polynomial Function Over GF(2P) Using Bit Wise Operation
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Network Security, Vol.10, No.2, PP.107{113, Mar. 2010 107 Computing the Modular Inverse of a Polynomial Function over GF (2P ) Using Bit Wise Operation Rajaram Ramasamy and Amutha Prabakar Muniyandi (Corresponding author: Rajaram Ramasamy) Department of Computer Science and Engineering, Thiayagarajar College of Engineering Thiruparankundram, Madurai, Tamil Nadu, India, 625 015, India (Email: rrajaram@tce.edu) (Received May 26, 2008; revised Dec. 4, 2008; and accepted Feb. 10, 2009) Abstract The integer is ¯rst expressed as a polynomial in x, say, 7 4 2 95H = 10010101 ¡! x + x + x + 1. Then its multiplica- Most public key crypto systems use ¯nite ¯eld modulo tive inverse in GF (28) is determined. The polynomial arithmetic. This modulo arithmetic is applied on real to represent GF (28) is a carefully selected prime num- numbers, binary values and polynomial functions. The ber in the range of 28 to 29. Say, 283=100011101 ¡! computation cost is based on how it works with minimum x8 + x4 + x3 + x + 1. This is called an irreducible poly- use of scarce resources like processor and memory We have nomial [8, 14]. It is so chosen such that it has a unique implemented the determination of the multiplicative in- multiplicative inverse. Then we apply the Extended Eu- verse of a polynomial over GF (2p) with minimum com- clidean Algorithm (EEA) to these polynomials to evaluate putational cost. The \Extended Euclidean Algorithm" the multiplicative inverse. This means, we have to deter- (EEA) has been demonstrated to work very well manually mine the multiplicative inverse of x7 + x4 + x2 + 1 with for integers and polynomials. However polynomial manip- respect to x8 + x4 + x3 + x + 1. Manual operation on the ulation cannot be computerized directly. We have imple- EEA is quite easy and straightforward. But how do we mented the same by using simple bit wise shift and XOR implement the process by using computers? This is what operations. In small applications like smart cards, mo- this paper does. It proposes an algorithm, which imple- bile devices and other small memory devices, this method ments it e±ciently and cost e®ectively. It implements the works very well. To the best of our knowledge, the pro- algorithm in C/C++ for two di®erent cases. This is the posed algorithm seems to be the ¯rst, e±cient and cost ¯rst attempt at proposing an algorithm to determine the e®ective implementation of determining the multiplicative multiplicative inverse of a polynomial over the GF (28) ¯- inverse of polynomials over GF (2p) using computers. As nite plane. Therefore the results got through this method this is a pioneering work, the results could not be com- could not be compared with past works. pared with that of any previous work. We organize this paper as follow: In Section 2 papers Keywords: Advance encryption standard, extended Eu- that have appeared on this topic are surveyed. In Section clidean algorithm, multiplicative inverse 3, the proposed algorithm is explained. Section 4 de¯nes the problem. Section 5 de¯nes the proposed algorithm. Section 6 implements the proposed method. Section 7 1 Introduction gives the concluding remarks and discusses future scope of this problem. Euclid proposed an algorithm to determine the multi- plicative inverse of polynomials over GF (Zp) [1, 5, 14]. In modern cryptography, ¯nite ¯elds and number the- 2 Related Work ory play a major role. Some basic operations in ¯nite ¯eld are essential to develop encryption algorithm like Ad- Stallings [14] has used the Extended Euclidean Algorithm vance Encryption Standard [6] and ECC [11]. Advanced to solve linear Diophantine equations, GCDs, and module Encryption Standard largely relies on S-Box values to in- inverses. Ever since Di±e and Hellman [3] developed the troduce non-linearity in the encryption process. Using a prototype of modern cryptography; most public key cryp- row and a column value, expressed in Hexadecimal nota- tosystems are based on ¯nite ¯elds with modular arith- tion, accesses an element of the S-Box. The hexadecimal metic constituting basic operations. Modular multipli- integer is representative of a character in a message to cations, modular exponentiations, and modular inverses be encrypted. Evaluation of the corresponding elemental are performed in RSA cryptosystems [13], the US Gov- value of the S-Box is quite a circumlocutory process. ernment Digital Signature Algorithm [10], the Di±e Hell- International Journal of Network Security, Vol.10, No.2, PP.107{113, Mar. 2010 108 man Key Exchange Scheme [10]. Among the basic opera- For example, GF (23) = x2 + x + 1. tions [4, 7], computing modular inverses involving polyno- The above-mentioned GF (23) is ¯nite ¯eld with re- mials is the most complex. This has engaged the attention spect to 3. In AES, the S-box generation is designed by of many researchers [1, 2, 9, 15]. using irreducible polynomial in GF (28). The strength of In 1997, Calvez et al. [1] proposed a variation on the the AES is dependent on the non-linearity introduced in Euclidean Algorithm, which determines the greatest com- evaluating the S-Box values. mon divisors (GCDs) and inverses of polynomials. In Suppose we want to generate S-box value for 2A with 2004, Goupil and Palicot [5] introduced another variation respect to GF (28) = x8 + x4 + x3 + x + 1. First, we have on this algorithm to reduce the number of operations to to determine the multiplicative inverse of 2A in GF (28). a large extent. Inspired by their work, Liu [9] proposes 2A in binary form is 0010 1010, which in polynomial rep- a variation on the EA, which uses only simple modulo resentation in x is (x5 + x3 + x). In manual procedure operators (subtraction operations), to compute the mod- the Extended Euclidean Algorithm or its shortened ver- ular inverses. This variant only modi¯es the initial values sion can be directly applied to polynomials to evaluate and the termination condition of the EA. Therefore it is the multiplicative inverse. as simple as the EA. However one drawback is that the The multiplicative inverse of 2A(00101010), expressed input of this variant is twice the size of bit length as the as a polynomial (x5 + x3 + x), over GF (28) is calculated input of the EA. manually using the abridged Euclidean Algorithm [1]. Liu's algorithm only deals with number system [9]. It The manual operation shows that the multiplicative is not applicable for polynomial functions. Polynomials inverse of (x5 + x3 + x) over (x8 + x4 + x3 + x + 1) is with coe±cients other than 1 are di±cult to implement (x7 + x4 + x3). in computers [9]. The reason for this is due to occurrence In general terms this algorithm determines multiplica- of some negative or fractional value coe±cients. The pro- tive inverse of B(x) modulo M(x), if the degree of B(x) posed algorithm is based on polynomials with 1 or 0 as is less than the degree of M(x); or alternatively we say coe±cients such as x7 + x5 + x3 + x + 1. that gcd[M(x);B(x)] = 1. If M(x) is an irreducible poly- In 1997, the American Government [1] decided to re- nomial, then it has no factor other than itself or 1, so that place DES with an e±cient encryption algorithm. The gcd[M(x);B(x)] = 1. National Institute of Standards and Technology (NIST) However the computer cannot be coded to deal with announced a common note to cryptographers for devel- these polynomial functions straightaway. They need to opment of a new algorithm. Earlier the DES was de- be handled in an indirect way. This paper proposes the veloped using Federal encryption standard. In January technique to manipulate polynomials by the Extended 1997 NIST solicited a new symmetric algorithm based Euclidean Algorithm. on 128-bit block of message using 128¡, 192¡, 256¡bit keys. Cryptographers from di®erent parts of the world submitted their proposals. Fifteen of these proposals met 4 Proposed Algorithm the NIST speci¯cations. Based on this, NIST organized a conference to deliberate on all the proposed methods. In our proposed method, we have converted the poly- After nineteen months of evaluation, NIST recommended nomial function into decimal and its equivalent binary ¯ve algorithms like MARS, RC6, Rijndael, Serpent, and values. Both number systems ¯gure in the computations. Two¯sh. Then after one year of study, in October 2000, The proposed algorithm is given below. National Institute of Standard and Technology recom- mended the Rijndael algorithm as best suited for AES. Procedure Multiplicative Inverse ((A3[], B3[ ])) The Rijndael algorithm is combination of security, per- formance, e±cient, implement ability, and flexibility. Af- 1: Binary value A3[];B3[] ter one more year of evaluation, in November 2001, the 2: Begin Department of Commerce o±cially declared Rijndael al- 3: C1 = 0; A2 = 0; B2 = 0; gorithm as the de facto Advance Encryption Standard. 4: while (B3 > 1) //Step 1 do 5: Q= 0; 6: T emp = B3; 3 Problem Description 7: do 8: Q1 = 1; In the ¯eld of information security some of the security al- 9: do p gorithms are designed by using the ¯nite ¯eld GF (2 ) [2]. 10: B3 = B3 <<LinearLeftShift AES and ECC are the two important encryption tech- 11: Q1 = Q1 ¤ 2; niques that use algorithms based on ¯nite ¯eld arithmetic. 12: until(A3MSB ==B3MSB ) p The ¯nite ¯eld GF (2 ) is representative of a polynomial 13: Q = Q + Q1; function with respect to one variable x, as follows: 14: A3 = A3[] © B3[ ]; 15: B3 = T emp; p p¡1 p¡2 2 1 GF (2 ) = x + x + ¢ ¢ ¢ + x + x : 16: until(A3 > T empjjBitSize(C) >= BitSize(T emp)) International Journal of Network Security, Vol.10, No.2, PP.107{113, Mar.