6. Galois fields
• Finite field (Galois field) is a field that contains
finite number of elements
• Finite field is commonly expressed as GF(q), q is
a number of the field elements.
• Simple example of finite field is residue ring
modulo a prime number p.
7. Galois fields
•
Field GF(pn) defining (p is a prime number, n is a natural number) starts with defining
of its prime subfield GF(p) (that is equal to the whole field for n=1).
•
Prime field GF(p) is defined as a residue ring modulo p, that doesn't have zero divisors
and is a field (because p is a prime number).
•
Elements are numbers. Operate with elements like integer numbers, reducting a result on
p modulo.
•
Field GF(pn) for n>1 is defined as a factor ring, f(x) is a prime polynomial of degree n
on the field. So to define a field from pn elements it is enough to find a polynomial of
degree n that is a prime for the field.
•
Field elements are polynomials of degree less than n. Arithmetic operations (addition
and multipliciation) are on modulo of polynomial f(x), so the result corresponding to an
operation is a remainder from division by f(x) with reduction of coefficients on modulo
p.
8. Operations with polynomials
•
Polynomial of n variables is a finite formal sum:
I = (i1,i2,...,in) is a set of integer non-negative numbers (multiindex), cI is a number
(polynomial coefficient) that depends only on multiindex I.
18. SubBytes
SubBytes() procedure processes each status byte,
independently making non-linear bytes replacement
with the use of substitution table (S-box). This operation
provides nonlinearity of encryption algorithm. S-box
construction involves two stages. At first, taking of
inverse number in GF{28} is executed. Secondly, the
operation in the picture above is applied to each byte of
S-box.
19. SubBytes
bi is i bit of b, ci is i bit of c = {63}
or {01100011}. This provides attack
protection based on simple algebraic
properties.
20. ShiftRows
• ShiftRows() procedure processes State rows. This
transformation automatically moves state rows cyclically
on r bytes horizontally depending on a row number. For
null row r = 0, for the first row r = 1b etc... So each result
column (after ShiftRows() procedure applying) consists of
bytes of each initial column. For Rijndael algorithm
pattern of rows moving is identical for rows consisting of
128 and 192 bits. But for a block of 256 bits pattern differs
in the way that 2, 3, and 4 rows are moved on 1, 3 and 4
bytes correspondingly.
21. MixColumns
• In MixColumns() procedure four bytes of each
State column mix using reversible linear
transformation. MixColumns() processes states by
columns interpreting each column as a polynomial
of 4 degree. Multiplying in GF(28) modulo x4 + 1
into fixed polynomial c(x) = 3x3 + x2 + x + 2 is
applied to these polynomials. As ShiftRows()
procedure, MixColumns() also adds diffusion to a
cipher .
22. AddRoundKey
• In AddRoundKey() procedure RoundKey of each
round is united with State. For each round
Roundkey is received from CipherKey using
KeyExpansion procedure; each RoundKey is of
the same size as State. This procedure executes
bit-mapped XOR of each State byte with each
RoundKey byte.