This document summarizes Charles Southerland's presentation on program derivation of operations in finite prime fields Fp. It begins with an introduction and thanks section. Then, it outlines the topics to be covered: finite fields, program derivation, and deriving a program to find the multiplicative inverse in Fp. It provides background on finite fields, Dijkstra's guarded command language, the weakest precondition predicate transformer, and the process of program derivation. It also discusses multiplicative inverses in finite fields, the greatest common divisor algorithm, exploring Bezout's identity, and deriving a program to find the multiplicative inverse using a loop invariant based on Bezout's identity and the gcd algorithm.
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Program Derivation of Operations in Finite Fields of Prime Order
1. Introduction Title
Program Derivation of Operations in Fp
Charles Southerland Dr. Anita Walker
Department of Mathematics & Computer Science
East Central University
Oklahoma Computing Consortium Conference 2011
Southerland, Walker Program Derivation of Operations in Fp
2. Introduction Thanks
Special Thanks
I would like to say a special thank you to:
Dr. Anita Walker for working closely with me throughout
this project, and for introducing me to abstract algebra
Dr. Bill Walker for introducing me to program derivation
Prof. Clay Carley for working with me on cryptology, which
first lead me to this particular problem
The creators of Beamer for allowing LATEX to save me from
the abyss of WYSIWYG presentation software
Southerland, Walker Program Derivation of Operations in Fp
3. Finite Fields Outline
Outline
1 Finite Fields
Definition
Field Order
A Well-Known Finite Field
2 Program Derivation
3 Multiplicative Inverse in Fp
Southerland, Walker Program Derivation of Operations in Fp
4. Finite Fields Definition
The Definition of a Field
Definition
A field is a 3-tuple of a set F and two operations (called addition
and multiplication) for which certain properties hold:
Closure of F under both operations
Associativity of both operations
Distinct identities in F for the operations
Additive inverses for all items in F
Multiplicative inverses for all but the additive identity
Commutativity of both operations
Distributivity of multiplication over addition
Southerland, Walker Program Derivation of Operations in Fp
5. Finite Fields Definition
The Galois Field
A finite field is a field in which the contained set has finite
cardinality (e.g., the field has a finite order).
All finite fields of the same order are isomorphic (so they are,
for all practical purposes, the same).
Another name for a finite field is a Galois field.
Generalized fields are often denoted as F, but finite fields in
particular are usually denoted either with GF, GF(q), or Fq,
where q is the order of the field.
Southerland, Walker Program Derivation of Operations in Fp
6. Finite Fields Field Order
The Order of a Finite Field
There exists a finite field of order q iff q = pn, where p is
prime and n ∈ N..
When n = 1, Fp is isomorphic to (Zp, ⊕, ⊗) (the integers
modulo p with modular addition and modular multiplication).
When n > 1, Fpn is isomorphic to the splitting field of
f (x) = xpn
− x over Fp.
This project focuses on fields of prime order, so I’m afraid
there will be no more discussion of Fpn .
Southerland, Walker Program Derivation of Operations in Fp
7. Finite Fields A Well-Known Finite Field
A Well-Known Finite Field of Prime Order: F2
Since 2 is prime, there is a finite field F2, and it has the form
(Z2, ⊕, ⊗).
The operations are defined as:
Addition
⊕ 0 1
0 0 1
1 1 0
Multiplication
⊗ 0 1
0 0 0
1 0 1
As you can see, F2 is binary with XOR as addition and AND
as multiplication.
Southerland, Walker Program Derivation of Operations in Fp
8. Program Derivation Outline
Outline
1 Finite Fields
2 Program Derivation
History
Dijkstra’s Guarded Command Language
Weakest Precondition Predicate Transformer
The Program Derivation Process
3 Multiplicative Inverse in Fp
Southerland, Walker Program Derivation of Operations in Fp
9. Program Derivation History
The History of Program Derivation
Hoare’s 1969 paper An Axiomatic Basis for Computer
Programming effectively launched the Formal Methods
subfield of CS.
Dijkstra’s paper Guarded Commands, Nondeterminacy and
Formal Derivation of Programs introduced many of the ideas
presented in this paper.
Gries’ book The Science of Programming brings Dijkstra’s
paper to a level undergrad CS and Math majors can
understand.
Southerland, Walker Program Derivation of Operations in Fp
10. Program Derivation Dijkstra’s Guarded Command Language
Some Familiar Parts of Dijkstra’s Language
Variable Assignment
x := 1
Addition
x := x + y
Command Concatenation
b := b − a; x := x + y
Procedure Call
c := gcd(a, b)
Subtraction
b := b − a
Skip, then Abort
skip; abort
Southerland, Walker Program Derivation of Operations in Fp
11. Program Derivation Dijkstra’s Guarded Command Language
Dijkstra’s Guarded Commands
Guarded if-Block
if a > 0 → c := 2
b > 0 → c := 3; a := 5
c > 0 → c := 1
c = 6 → c := 4
fi
Guarded do-Block
do b = 0 → c := 1
a > 0 → a := a − 1
b < 4 → b := b + 1
c = 1 → a := a − 1
od
Southerland, Walker Program Derivation of Operations in Fp
12. Program Derivation Dijkstra’s Guarded Command Language
A Famous Example
Greatest Common Divisor
proc gcd(a, b) ≡
do a > b → a := a − b
b > a → b := b − a
od
return a.
Southerland, Walker Program Derivation of Operations in Fp
13. Program Derivation Weakest Precondition Predicate Transformer
The Weakest Precondition Predicate Transformer
Definition
The Weakest Precondition Predicate Transformer (wp) is
defined as follows:
wp : P × L → L
P is the set of all finite-length programs
L is the set of all statements about the state of a computer
wp(s, r) = q
q is the weakest precondition (the initial state)
s is the program to be executed (which changes the state)
r is the postcondition (the resulting state)
Southerland, Walker Program Derivation of Operations in Fp
14. Program Derivation Weakest Precondition Predicate Transformer
wp and Dijkstra’s Language
Skip
wp(”skip”, r) = r
Command Concatenation
wp(”b := a; x := y”, r)
= wp(”b := a”, wp(”x := y”, r))
Abort
wp(”abort”, r) = F
Variable Assignment
wp(”x := y”, r)
= defined(y) ∧ rx
y
Southerland, Walker Program Derivation of Operations in Fp
15. Program Derivation Weakest Precondition Predicate Transformer
wp and Dijkstra’s if-Block
Dijkstra’s if-Block
wp(”if a > 0 → c := 2
b > 0 → c := 3; a := 5
c > 0 → c := 1
c = 6 → c := 4 fi”, r)
= (a > 0 ∨ b > 0 ∨ c > 0 ∨ c = 6)
∧(a > 0 =⇒ wp(”c := 2”, r))
∧(b > 0 =⇒ wp(”c := 3; a := 5”, r))
∧(c > 0 =⇒ wp(”c := 1”, r))
∧(c = 6 =⇒ wp(”c := 4”, r))
Southerland, Walker Program Derivation of Operations in Fp
16. Program Derivation Weakest Precondition Predicate Transformer
wp and Dijkstra’s do-Block, Part I
Let’s call this ”DO”:
do b = 0 → c := 1
a > 0 → a := a − 1
b < 4 → b := b + 1
c = 1 → a := a − 1
od
Also, let’s call this ”IF”:
do b = 0 → c := 1
a > 0 → a := a − 1
b < 4 → b := b + 1
c = 1 → a := a − 1
od
Southerland, Walker Program Derivation of Operations in Fp
17. Program Derivation Weakest Precondition Predicate Transformer
wp and Dijkstra’s do-Block, Part II
We define Hn(r) for n ∈ N and r ∈ L as:
For n = 1
H1(r) = (b = 0 ∧ a ≤ 0 ∧ b ≥ 4 ∧ c = 1) ∧ r
For n > 1
Hn(r) = H1(r) ∨ wp(”IF”, Hn−1(r))
Southerland, Walker Program Derivation of Operations in Fp
18. Program Derivation Weakest Precondition Predicate Transformer
wp and Dijkstra’s do-Block, Part III
Dijkstra’s Guarded do-Block
wp(”do b = 0 → c := 1
a > 0 → a := a − 1
b < 4 → b := b + 1
c = 1 → a := a − 1 od”, r)
= (∃n ∈ N)Hn(r)
Southerland, Walker Program Derivation of Operations in Fp
19. Program Derivation The Program Derivation Process
Program Derivation
Program Derivation
Given a precondition q ∈ L and a postcondition r ∈ L,
derive a program s ∈ P that satisfies q = wp(s, r).
Southerland, Walker Program Derivation of Operations in Fp
20. Program Derivation The Program Derivation Process
Program Derivation Tips
Gather as much information as possible about the
precondition and postcondition.
Reduce the problem to previously solved ones whenever
possible.
Look for a loop invariant that gives clues on how to
implement the program.
If you are stuck, consider alternative representations of the
data.
Southerland, Walker Program Derivation of Operations in Fp
21. Multiplicative Inverse in Fp Outline
Outline
1 Finite Fields
2 Program Derivation
3 Multiplicative Inverse in Fp
Multiplicative Inverses
The Greatest Common Divisor
Exploring Bezout’s Identity
Program to Find the Multiplicative Inverse in Fp
Southerland, Walker Program Derivation of Operations in Fp
22. Multiplicative Inverse in Fp Multiplicative Inverses
Multiplicative Inverses in Fields of Infinite and Finite Order
Finding multiplicative inverses in a field of infinite order is
typically not a problem.
Example
In (Q, +, ×), multiplicative inverses are reciprocals (e.g., a−1 = 1
a ).
Finding multiplicative inverses in fields of finite order can get
tricky.
Example
In (Zp, ⊕, ⊗), multiplicative inverses are found using Bezout’s
Identity (i.e., ax + py = 1), which has two unknown values.
Southerland, Walker Program Derivation of Operations in Fp
23. Multiplicative Inverse in Fp Multiplicative Inverses
Obtaining the Multiplicative Inverse from Bezout’s Identity
Noting that a and b are coprime (since b = p, and p is prime),
gcd(a, b) = 1. So:
ax + by = gcd(a, b)
ax + by = 1
ax = by + 1
ax = py + 1
ax = 1
By the definition of multiplicative inverses, x = a−1.
Southerland, Walker Program Derivation of Operations in Fp
24. Multiplicative Inverse in Fp The Greatest Common Divisor
The Greatest Common Divisor
Recall the greatest common divisor program:
Greatest Common Divisor
proc gcd(a, b) ≡
do a > b → a := a − b
b > a → b := b − a
od
return a.
This implementation was discovered by exploring the property:
gcd(a, b) = gcd(a − b, b) = gcd(a, b − a)
Southerland, Walker Program Derivation of Operations in Fp
25. Multiplicative Inverse in Fp The Greatest Common Divisor
The Loop Invariant of gcd
The loop invariant used in the primary loop of this program is
gcd(a, b) = gcd(A, B).
The loop will exit when a = b, which occurs when
a = b = gcd(a, b).
Since every iteration decreases the value of either a or b, the
loop will progress toward termination (the loop is bound by
(a − gcd(a, b)) + (b − gcd(a, b))).
Southerland, Walker Program Derivation of Operations in Fp
26. Multiplicative Inverse in Fp Exploring Bezout’s Identity
Bezout’s Identity and the gcd Property
Combining Bezout’s Identity with the gcd property, we get:
ax + by = gcd(a, b)
= gcd(a, b − a)
= au + (b − a)v
= au + bv − av
= a(u − v) + bv
So x ≡ u − v (mod b) and y ≡ v (mod a).
As gcd is commutative, we derive a corresponding result if we
explored gcd(a − b, b) instead of gcd(a, b − a).
Southerland, Walker Program Derivation of Operations in Fp
27. Multiplicative Inverse in Fp Exploring Bezout’s Identity
Reassigning x and y as Linear Combinations: Part I
Each time the arguments of gcd get closer to their final value, it is
shown that x is equivalent (mod b) and y is equivalent (mod a)
to a linear combination of their corresponding values from Bezout’s
Identity after a and b have been modified as described in the gcd
program.
Southerland, Walker Program Derivation of Operations in Fp
28. Multiplicative Inverse in Fp Exploring Bezout’s Identity
Reassigning x and y as Linear Combinations: Part II
Specifically, it can be seen that x always has a positive coefficient
of following corresponding values of x and a negative coefficient of
corresponding values of y. Likewise, y always has a negative
coefficient of corresponding values of x and a positive coefficient of
corresponding values of y.
Southerland, Walker Program Derivation of Operations in Fp
29. Multiplicative Inverse in Fp Exploring Bezout’s Identity
Reassigning x and y as Linear Combinations: Part III
Once the arguments to gcd are equal to each other (and equal to
the result of gcd), we can find the original values of x and y by
multiplying the coefficients that have been stored by the final
corresponding values of x and y. However, since we are looking for
a multiplicative inverse in Fp, we know gcd(a, p) = 1 as p is prime.
Since this will give us x = 1 by simplification after using the gcd
property one last time, we see that the y components are
inconsequential.
Southerland, Walker Program Derivation of Operations in Fp
30. Multiplicative Inverse in Fp Exploring Bezout’s Identity
Reassigning x and y as Linear Combinations: Part IV
Finally, we see that only the x coefficients are of any consequence
to the final result. Specifically, once the gcd algorithm is complete,
since the initial (and desired) value of x can be found by
multiplying the final corresponding value of x by the proper
coefficient of x, and since the final corresponding value of x = 1,
we get that the desired value of x is equal to the coefficient of the
corresponding final value of x.
Southerland, Walker Program Derivation of Operations in Fp
31. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp
Finding the Loop Invariant
Based on the long-winded previous slides, we can describe a loop
invariant:
Axl + Byl = gcd(a, b)
where xl is is the linear combination that the initial value of x is
equal to, and yl is the linear combination that the initial value of y.
This loop invariant is nice, as it is fully compatible with the loop
invariant of gcd, and so it also progresses toward termination and
has a bound function that differs from that of gcd linearly.
Southerland, Walker Program Derivation of Operations in Fp
32. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp
A Last Look at gcd for Reference...
Greatest Common Divisor
proc gcd(a, b) ≡
do a > b → a := a − b
b > a → b := b − a
od
return a.
Southerland, Walker Program Derivation of Operations in Fp
33. Multiplicative Inverse in Fp Program to Find the Multiplicative Inverse in Fp
Multiplicative Inverse Program
Multiplicative Inverse
proc multinv(a, b) ≡
xx := 1; yx := 0
do a > b → a := a − b; yx := yx + xx
b > a → b := b − a; xx := xx + yx
od
return xx .
Southerland, Walker Program Derivation of Operations in Fp
34. Conclusion Summary
Summary
Finite fields are very useful mathematical constructs that can
behave very differently from fields of infinite order.
Program derivation is performed by using the rules of the
weakest precondition predicate transformer to determine what
sequence of conditions (and thus what program statements)
must have occured between a given precondition and
postcondition.
While the process of deriving my multiplicative inverse
program was time-consuming and complicated, the results
were well worth the effort.
Southerland, Walker Program Derivation of Operations in Fp
35. Conclusion Future Work
Future Work
Program Derivation of Exponentiation in Fp
Extend scope to include Fpn
Explore factorization techniques
Finish library and create graphical front end
Southerland, Walker Program Derivation of Operations in Fp
36. Conclusion Contact Me
Contact Information
You can email me at charlie@stuphlabs.com if you have any
further questions or comments.
Southerland, Walker Program Derivation of Operations in Fp