R01 - Groups and Finite Fields
6.857
February 10, 2017
1 Introduction
Today we will be going over some mathematical background, beginning with
groups and fields. These concepts will be useful later on, in cryptographic
systems such as the Diffie-Hellman key exchange or the Advanced Encryption
Standard.
2 Groups
Definition 1. A binary operation f (x, y) is an operation that applies to two
quantities or expressions x and y. A binary operation on a nonempty set A is
a map f : A × A → A such that
1. f is defined for every pair of elements in A
2. f uniquely associates each pair of elements in A to some element of A.
Examples of binary operation on A from A × A to A include addition (+), sub-
traction (−), multiplication (×) and division (÷).
Definition 2. A group G is a set of elements equipped with a binary oper-
ation f : G × G → G. The operation with respect to which a group is defined is
often called the “group operation,” and a set is said to be a group “under” this
operation. Together, they satisfy the following four fundamental properties:
1. Closure: If a and b are two elements in G, then the product a · b (often
just denoted ab) is also in G.
2. Associativity: (a · b) · c = a · (b · c) holds for all a, b, c ∈ G.
3. Identity: There is an identity element I (sometimes also known as 1, E,
or e), such that I · a = a · I = a for every element a in G.
4. Inverse: For all elements a in G, there exists an inverse a−1 ∈ G such
that a · a−1 = a−1 · a = I.
1
�In addition, if ∀a, b ∈ G it is true that ab = ba, then we call G a commutative
or an abelian group.
It is easy to prove that the identity element I is unique. For all a ∈ G, the
inverse a− is also unique. (Hint: use proof by contradiction).
3 Finite Fields
Definition 3. A finite field F is a system (S, +, ·) where S is a finite set and
+, · are binary operations on S such that all of the field axioms hold for both
addition and multiplication. The field axioms include associativity, commuta-
tivity, distributivity, identity, and inverses. In other words, the finite field must
satisfy the following properties:
1. (S, +) is an abelian group where 0 is the identity element. By definition
of an abelian group, the following must hold:
• ∀a, b, c ∈ S, (a + b) + c = a + (b + c) (associativity)
• ∀ ∈ S, a + 0 = 0 + a = a (identity)
• ∀a ∈ S, there exists an inverse (−a) ∈ G such that a + (−a) =
(−a) + a = 0 (inverse)
• ∀a, b ∈ S, a + b = b + a (commutativity)
2. Let S ∗ = S − 0. (S ,·) is an abelian group where 1 is the identity element.
Again, the definition of an abelian group dictates the following properties:
• ∀a, b, c ∈ S, (a · b) · c = a · (b · c) (associativity)
• ∀ ∈ S, a · 1 = 1 · a = a (identity)
• ∀a ∈ S ∗ , there exists an inverse a−1 ∈ G such that a·a−1 = a−1 ·a = 1
(inverse)
• ∀a, b ∈ S, a · b = b · a (commutativity)
3. ∀a, b, c ∈ S, (a + b) · c = a · c + b · c
3.1 Examples of Finite Fields
A simple example of a finite field is Z2 = {0, 1}. Addition in this field is like
XOR (0 + 0 = 1 + 1 = 0 and 1 + 0 = 0 + 1 = 1). Multiplication in this field is
like AND (1 · 1 = 1 and 0 · 0 = 1 · 0 = 0 · 1 = 0). You can verify for yourself that
all the properties of finite fields are satisfied in Z2 .
Another example of a finite field is Zp = {0, 1, 2, . . . , p − 1}, which is just the
set of residues modulo a prime number p.
2
�3.2 Solving Linear Equations
Solving linear equations in finite fields is very intuitive. For example, to solve
a · x + b = 0 where a 6= 0, we take the following steps:
a·x+b=0
(a · x + b) + (−b) = 0 + (−b) = −b
(a · x) + (b + (−b)) = −b
a · x + 0 = −b
a·x=b
−1
a (a · x) = a−1 (−b)
(a−1 · a)x = a−1 (−b)
1 · x = a−1 (−b)
x = a−1 (−b)
4 Galois Fields
Theorem 1 (Galois). For all primes p and for all positive integers n there
exists a unique finite field with pn elements.
We call this field GF (pn ). Of special interest to cryptography is the case where
p = 2. The field GF (28 ) is used in the Advanced Encryption Standard (to be
covered later in the term).
Next, we describe what GF (2k ) looks like for general k.
Definition 4. GF (2k ) = {ak−1 xk−1 + ak−2 xk−2 + . . . + a1 x + a0 : ai ∈ Z2 },
where Z2 = {0, 1} is the finite field with 2 elements.
Each element in GF (2k ) is simply a polynomial of degree ≤ k − 1 with co-
efficients in Z2 . We can represent an element g = ak−1 xk−1 + ak−2 xk−2 +
. . . + a1 x + a0 ∈ GF (2k ) simply by its coefficients. For example, we can write
g = ak−1 ak−2 . . . a1 a0 .
A simple example is GF (22 ) = {0, 1, x, x + 1}.
4.1 Addition in GF (2k )
Addition in GF (2k ) is simply the addition of the coefficients of the respective
polynomials. For example, in GF (22 ), we get (x+1)+x = 1 (using the coefficient
notation this can be written as 11 + 10 = 01 which is bitwise XOR). Therefore
the additive inverse of any element g in GF (2k ) is g itself (because g + g = 0;
check this yourself as an exercise).
3
�4.2 Multiplication in GF (2k )
Multiplication in GF (2k ) involves two steps.
1. Multiply the two polynomials normally using Z2 arithmetic. The resulting
polynomial may have degree ≥ k, which is obviously not an element of
GF (2k ).
2. Divide by an irreducible polynomial of degree k and the result will then
be an element of GF (2k ).
For example, in GF (22 ), the irreducible polynomial we use is x2 + x + 1. There-
fore (x + 1) · (x + 1) = (x2 + 1) mod(x2 + x + 1) = x. In GF (28 ), the irreducible
polynomial we use (the same one used in AES) is x8 + x4 + x3 + x + 1.
5 Fermat’s Theorem for Finite Fields
Theorem 2 For all elements g in a finite field F (where F has n elements), the
following equality holds when g 6= 0:
g · g · g · ... · g = 1
| {z }
n-1 times
