1
Introduction



A field is a set of elements on which two arithmetic
operations (addition and multiplication) have been defined
and which has the properties of ordinary arithmetic, such as
closure, associativity, commutativity, distributivity, and having
both additive and multiplicative inverses.
Finite fields are important in several areas of cryptography. A
finite field is simply a field with a finite number of elements. It
can be shown that the order of a finite field (number of
elements in the field) must be a power of a prime pn, where n
is a positive integer.
A number of cryptographic algorithms rely heavily on
properties of finite fields, notably the Advanced Encryption
Standard (AES) and elliptic curve cryptography.
2
4.1. Groups, Rings, and Fields
 The
chapter begins with a brief
overview of the concepts of group,
ring, and field (modern algebra). This
section is somewhat abstract and we
need some elementary background in
modular arithmetic and the Euclidean
algorithm.
3
4.1. Groups, Rings, and Fields

Groups
 A group G, sometimes denoted by {G, ·} is a set of
elements with a binary operation, denoted by
·(composition).
 Groups must follow these axioms:
○ (A1) Closure: If a and b belong to G, then a · b is also in G.
○ (A2) Associative: a · (b · c) = (a · b) · c for all a, b, c in G.
○ (A3) Identity element: There is an element e in G such that a ·
e = e · a = a for all a in G.
○ A4) Inverse element: For each a in G there is an element a' in
G such that a · a' = a' · a = e.
4
4.1. Groups, Rings, and Fields

E.g. Define Sn to be the set of all permutations of n distinct symbols.
Each element of Sn is represented by a permutation of the integers in
{1,2,...,n}. It is easy to demonstrate that Sn is a group
A1: If p, r ∈ Sn, then the composite mapping p · r is formed by permuting
the elements of r according to the permutation p. For example, {3,2,1} ·
{1,3,2} = {2,3,1}. Clearly, p · r ∈ Sn.
A2: The composition of mappings is also easily seen to be associative.
A3: The identity mapping is the permutation that does not alter the order of the
n elements. For Sn, the identity element is {1,2,...,n}.
A4: For any p Sn, the mapping that undoes the permutation defined by p， is
the inverse element for p. There will always be such an inverse. For
example {2,3,1} · {3,1,2} = {1,2,3}
5
4.1. Groups, Rings, and Fields


Finite group, order of the group, infinite group
A group is said to be abelian if it satisfies the following
additional condition:
 (A5) Commutative: a · b = b · a for all a, b in G.
 E.g. The set of integers (positive, negative, and 0) under addition
is an abelian group. The set of nonzero real numbers under
multiplication is an abelian group. The set Sn from the preceding
example is a group but not an abelian group for n > 2.

When the group operation is addition, the identity element is
0; the inverse element of a is -a; and subtraction is defined
with the following rule: a-b = a + (-b).
6
4.1. Groups, Rings, and Fields


Cyclic Group
We define a3 = a · a · a, a0 = e (the identity element), and a-n
= (a')n. A group G is cyclic if every element of G is a power ak
(k is an integer) of a fixed element a G. The element a is said
to generate the group G, or to be a generator of G. A cyclic
group is always abelian, and may be finite or infinite.
The additive group of integers is an infinite cyclic group
generated by the element 1. In this case, powers are
interpreted additively, so that n is the nth power of 1.
7
4.1. Groups, Rings, and Fields


Rings
A ring R, sometimes denoted by {R, +, x}, is a set of
elements with two binary operations, called addition and
multiplication, such that for all a, b, c in R the following
axioms are obeyed:
 (A1-A5) R is an abelian group with respect to addition; that is, R satisfies
axioms A1 through A5. For the case of an additive group, we denote the
identity element as 0 and the inverse of a as a.
 (M1) Closure under multiplication: If a and b belong to R, then ab is also
in R.
 (M2) Associativity of multiplication: a(bc) = (ab)c for all a, b, c in R.
 (M3) Distributive laws: a(b + c) = ab + ac for all a, b, c in R.
(a + b)c = ac + bc for all a, b, c in R.
8
4.1. Groups, Rings, and Fields

A ring is said to be commutative if it satisfies the
following additional condition:
 (M4) Commutativity of multiplication: ab = ba for all a, b in
R.

we define an integral domain, which is a
commutative ring that obeys the following axioms:
 (M5) Multiplicative identity: There is an element 1 in R
such that a1 = 1a = a for all a in R.
 (M6) No zero divisors: If a, b in R and ab = 0, then either a
= 0 or b = 0.
E.g. Let S be the set of integers, positive, negative, and 0, under
the usual operations of addition and multiplication. S is an integral
domain
9
4.1. Groups, Rings, and Fields

Fields
 A field F, {F, +, x}, is a set of elements with two binary
operations, called addition and multiplication, such that for
all a, b, c in F the following axioms are obeyed:
 (A1-M6) F is an integral domain; F satisfies axioms A1
through A5 and M1 through M6.
 (M7) Multiplicative inverse (invertible): For each a in F,
except 0, there is an element a-1 in F such that aa-1 = (a1)a = 1.

we can do addition, subtraction, multiplication, and
division without leaving the set in the fields.
Division is defined with the following rule: a/b =
a(b-1).
10
4.1. Groups, Rings, and Fields
11
4.2. Modular Arithmetic

We divide a by n, we get an integer quotient q and
an integer remainder r
a  qn  r
0  r  n; q  a / n
 Where x is the largest integer less than or equal to x
The remainder r is often referred to as a residue.
12
4.2. Modular Arithmetic

If a is an integer and n is a positive integer, we
define a mod n to be the remainder when a is
divided by n. The integer n is called the modulus.

For any integer a, we can always write:
a  a / n  n  (a mod n)

Two integers a and b are said to be congruent
modulo n, if (a mod n) = (b mod n). This is written
as a ≡ b (mod n)
13
4.2. Modular Arithmetic


We say that a nonzero b divides a if a = mb (no
remainder) for some m, where a, b, and m are
integers. Also, if b|a, we say that b is a divisor of
a.
The following relations hold:
 If a|1, then a = ±1.
 If a|b and b|a, then a = ±b.
 Any b ≠ 0 divides 0.
 If b|g and b|h, then b|(mg + nh) for arbitrary integers m
and n.

Note that if a ≡ 0 (mod n), then n|a.
14
4.2. Modular Arithmetic

Properties of Congruences:
 1. a ≡ b (mod n) if n|(a - b).(verify)
 2. a ≡ b (mod n) implies b ≡ a (mod n).
 3. a ≡ b (mod n) and b ≡ c (mod n) imply a ≡
c (mod n).

Modular Arithmetic Operations:
 The (mod n) operator maps all integers into
the set of integers {0, 1,... (n-1)}.
 modular arithmetic.
15
4.2. Modular Arithmetic

Modular arithmetic exhibits the following
properties:
 1. [(a mod n) + (b mod n)] mod n = (a + b) mod n (verify)
 2. [(a mod n) - (b mod n)] mod n = (a - b) mod n
 3. [(a mod n) x (b mod n)] mod n = (a x b) mod n

Exponentiation is performed by repeated
multiplication, as in ordinary arithmetic.
 E.g. To find 117 mod 13, we can proceed as follows:
 112 = 121 ≡ 4 (mod 13)
 114 = (112)2 ≡ 42 ≡ 3 (mod 13)
 117 ≡ 11 x 4 x 3 ≡ 132 ≡ 2 (mod 13)
16
4.2. Modular Arithmetic

Table 4.1 provides an illustration of modular
addition and multiplication modulo 8.
Table 4.1
17
4.2. Modular Arithmetic
 The inverse (negative) of an integer x is the integer y such that
(x + y) mod 8 = 0. In modular arithmetic mod 8,
 The multiplicative inverse (reciprocal) of x is the integer y such
that (x x y) mod 8 = 1 mod 8. Note that not all integers mod 8
have a multiplicative inverse.

Properties of Modular Arithmetic
 Define the set Zn as the set of nonnegative integers less than n:
○ Zn = {0, 1,...,(n -1)}
 This is referred to as the set of residues, or residue classes
modulo n. We can label the residue classes modulo n as [0], [1],
[2],...,[n -1], where [r] = {a: a is an integer, a ≡ r (mod n)}
 E.g. The residue classes modulo 4 are
○ [0] = {...,-16, -12, -8, -4, 0, 4, 8, 12, 16,…}
○ [1] = {...,-15, -11, -7, -3, 1, 5, 9, 13, 17,…}
○ [2], [3]……..
18
4.2. Modular Arithmetic

Properties of Modular Arithmetic for Integers in Zn
 Commutative laws: (w + x) mod n = (x + w) mod n





(w x x) mod n = (x x w) mod n
Associative laws: [(w + x) + y] mod n = [w + (x + y)] mod n
[(w x x) x y] mod n = [w x (x x y)] mod n
Distributive laws: [w x (x + y)] mod n = [(w x x) + (w x y)]
mod n (mistake)
Identities: (0 + w) mod n = w mod n
(1 x w) mod n = w mod n
Additive inverse (-w): For each w ∈Zn, there exists a z
such that w + z ≡ 0 mod n
○ Zn is a commutative ring with a multiplicative identity element
19
4.2. Modular Arithmetic

Equation 1: If (a+b) ≡ (a+c) (mod n) then b ≡ c (mod n)





(5 + 23) ≡ (5 + 7)(mod 8); 23 ≡ 7 (mod 8)
This equation1 is consistent with the existence of an additive
inverse. Adding the additive inverse of a to both sides of this
equation 1, we have:
((-a) + a + b) ≡ ((-a) + a + c) (mod n);
b ≡ c (mod n)
However, the following statement is true only with the
attached condition:
Equation 2: if (a x b) ≡ (a x c ) ( mod n) then b ≡ c (mod n)
if a is relatively prime to n (e.g.)
 two integers are relatively prime if their only common positive integer
factor is 1.
We can say that Equation 2 is consistent with the existence of a
multiplicative inverse. Applying the multiplicative inverse of a to
both sides of Equation 2 ,we have:
20
4.2. Modular Arithmetic
((a -1)ab) ≡ ((a - 1)ac) (mod n)
then b ≡ c (mod n)
 The reason for this strange result is that for any general modulus n,
a multiplier a that is applied in turn to the integers 0 through (n -1)
will fail to produce a complete set of residues if a and n have any
factors in common.











E.g. With a = 6 and n = 8,
Z8
0 1 2 3 4 5 6 7
Multiply by 6
0 6 12 18 24 30 36 42
Residues
0 6 4 2 0 6 4 2
Because this is a many-to-one mapping, there is not a unique inverse to the
multiply operation.
if we take a = 5 and n = 8, whose only common factor is 1,
Z8
0 1 2 3 4 5 6 7
Multiply by 5
0 5 10 15 20 25 30 35
Residues
0 5 2 7 4 1 6 3
The line of residues contains all the integers in Z8, in a different order.
21
4.2. Modular Arithmetic

In general, an integer has a multiplicative inverse in Zn if that
integer is relatively prime to n. Table 4.1c shows that the
integers 1, 3, 5, and 7 have a multiplicative inverse in Z8, but
2, 4, and 6 do not.
22
4.3. The Euclidean Algorithm

Greatest Common Divisor
 The positive integer c is said to be the
greatest common divisor of a and b if:
○ 1. c is a divisor of a and of b;
○ 2. any divisor of a and b is a divisor of c.
 gcd(a, b) = max[k, such that k|a and k|b]
 We require that the greatest common divisor
be positive
○ In general, gcd(a, b) = gcd(|a|, |b|).
 E.g. gcd(60, 24) = gcd(60, 24) = 12
23
4.3. The Euclidean Algorithm

Finding the Greatest Common Divisor
 The Euclidean algorithm is based on the
following theorem: For any nonnegative integer
a and any positive integer b,
 gcd(a, b) = gcd(b, a mod b) [verify] (equation 3)
E.g gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22, 11) = 11
 Equation 3 can be used repetitively to determine
the greatest common divisor.
○ gcd(18, 12) = gcd(12, 6) = gcd(6, 0) = 6
○ gcd(11, 10) = gcd(10, 1) = gcd(1, 0) = 1
24
4.3. The Euclidean Algorithm

The algorithm assumes a > b > 0. It is acceptable to restrict
the algorithm to positive integers because gcd(a, b) =
gcd(|a|, |b|).
EUCLID(a, b)
1. A ←a; B ← b
2. if B = 0 return A = gcd(a, b)
3. R = A mod B
4. A ← B
5. B ← R
6. goto 2
The algorithm has the following progression:
25
4.3. The Euclidean Algorithm

e.g. a=90, b=66 calculate the gcd (a,b)
90=1x66+24
66=2x24+18
24=1x18+6 －－－－－－－－－－ 6 is the gcd
18=3x6+0 －－－－－－－－－－ stop
gcd (90, 66) =6
26
4.4. Finite Fields of The Form
GF(p)

Recall:
 1. Fields: A field K is a ring such that every element a ≠ 0 in K is
invertible (multiplication inverse).
 2. The modular number system Zn is a field if and only if n is a
prime number
○ a prime number is an integer whose only positive integer factors are
itself and 1.

Finite fields can be shown that the order of a finite field
(number of elements in the field) must be a power of a prime
pn, where n is a positive integer.
 The finite field of order pn is generally written GF(pn); stands for
Galois field.
 Two special cases are of interest for our purposes. For n = 1, we
have the finite field GF(p); For n > 1, we look at finite fields of the
form GF(2n).
27
4.4. Finite Fields of The Form
GF(p)


Finite Fields of Order p
For a given prime, p, the finite field of order p, GF(p) is
defined as the set Zp of integers {0, 1,..., p -1}, together with
the arithmetic operations modulo p.
 Commutative laws: (w + x) mod n = (x + w) mod n






(w x x) mod n = (x x w) mod n
Associative laws: [(w + x) + y] mod n = [w + (x + y)] mod n
[(w x x) x y] mod n = [w x (x x y)] mod n
Distributive laws: [w x (x + y)] mod n = [(w x x) + (w x y)]
mod n (mistake)
Identities: (0 + w) mod n = w mod n
(1 x w) mod n = w mod n
Additive inverse (-w): For each w ∈Zn, there exists a z such that w + z ≡
0 mod n
Multiplicative inverse (w -1): For each w ∈Zp, w ≠0, there exists a z ∈Zp
such that w x z ≡1 (mod p)
28
4.4. Finite Fields of The Form
GF(p)



Zp is in fact a finite field.(p is a prime number)
If (a x b) ≡ (a x c) (mod p) then b ≡ c (mod p)
E.g. The simplest finite field is GF(2).
+
0
1
x
0
1
w
-w
W-1
0
0
1
0
0
0
0
0
__
1
1
0
1
0
1
1
1
1

In this case, addition is equivalent to the exclusiveOR (XOR) operation, and multiplication is
equivalent to the logical AND operation.

29
4.4. Finite Fields of The Form
GF(p)

E.g. The table4.3 shows GF(7). This is a field of
order 7 using modular arithmetic modulo 7.

Compare: the set Z8 using modular arithmetic
modulo 8, is not a field.
30
4.4. Finite Fields of The Form
GF(p)

Finding the Multiplicative Inverse in GF(p)
 It is easy to find the multiplicative inverse of an element in
GF(p) for small values of p. (from the multiplication table)
 However, for large values of p, this approach is not
practical.
 If gcd(m, b) = 1, then b has a multiplicative inverse
modulo m. (b < m, exist bb-1=1 mod m)
 The Euclidean algorithm can be extended so that, in
addition to finding gcd(m, b), if the gcd is 1, the algorithm
returns the multiplicative inverse of b.
○ E.g. gcd (25, 108)=1, calculate the multiplicative inverse of 25
31
4.4. Finite Fields of The Form
GF(p)

EXTENDED EUCLID(m, b)
 1. (A1, A2, A3) ←(1, 0, m); (B1, B2, B3) ←(0, 1, b)
 2. if B3 = 0 return A3 = gcd(m, b); no inverse
 3. if B3 = 1 return B3 = gcd(m, b); B2 = b-1 mod m
 4. Q  A3 / B3 
 5. (T1, T2, T3) ←(A1-QB1, A2-QB2, A3-QB3)
 6. (A1, A2, A3) ←(B1, B2, B3)
 7. (B1, B2, B3) ←(T1, T2, T3)
 8. goto 2
 At each iteration of the Euclidean algorithm, A is set equal to the
previous value of B and B is set equal to the previous value of A
mod B.
 At each step of the extended Euclidean algorithm, A3 is set equal to
the previous value of B3, and B3 is set equal to the remainder of A3
divided by B3, which is A3 mod B3.
32
4.4. Finite Fields of The Form
GF(p)

E.g. gcd(1759, 550) = 1 and that the multiplicative
inverse of 550 is 355; that is, 550 x 335 ≡1 (mod
1759).
33
4.5. Polynomial Arithmetic

Three classes of polynomial arithmetic:
 Ordinary polynomial arithmetic, using the basic rules of algebra
 Polynomial arithmetic in which the arithmetic on the coefficients
is performed modulo p; that is, the coefficients are in GF(p)
 Polynomial arithmetic in which the coefficients are in GF(p), and
the polynomials are defined modulo a polynomial m(x) whose
highest power is some integer n

Ordinary Polynomial Arithmetic
 degree, coefficient set S, constant polynomial, leading
coefficient

Polynomial arithmetic includes the operations of addition,
subtraction, and multiplication. Division is similarly defined,
but requires that S be a field
34
4.5. Polynomial Arithmetic

E.g. let f(x) = x3 + x2 + 2 and g(x) = x2 - x + 1, where S is the
set of integers. Then:
35
4.5. Polynomial Arithmetic



Polynomial Arithmetic with Coefficients in Zp
Polynomials in which the coefficients are elements of some
field F, referred to as a polynomial ring.
When polynomial arithmetic is performed on polynomials
over a field, then division is possible. Note that this does not
mean that exact division is possible.(explain)
 E.g. (5x2)/(3x) (coefficient set is integer and Z7)

Even if the coefficient set is a field, polynomial division is not
necessarily exact. In general, division will produce a quotient
and a remainder:
 f(x) = q(x)g(x) + r(x)

If there is no remainder, g(x) divides f(x), written as g(x)|f(x)
[g(x) is a factor of f(x) or g(x) is a divisor of f(x).]
36
4.5. Polynomial Arithmetic

E.g. Examples of Polynomial
Arithmetic over GF(2)

For f(x) = (x7 + x5 + x4 + x3 +x
+ 1) and g(x) = (x3 + x + 1),
the figure shows f(x) + g(x);
f(x) - g(x); f(x) x g(x); and
f(x)/g(x). Note that g(x)|f(x)
37
4.5. Polynomial Arithmetic


A polynomial f(x) over a field F is called irreducible if and
only if f(x) cannot be expressed as a product of two
polynomials (prime polynomial.)
The polynomial f(x) = x4 + 1 over GF(2) is reducible (why, my
experience)
x4 + 1 = (x + 1)(x3 + x2 + x + 1)
F(a)=0, then it is reducible, and (x-a) is the factor. Otherwise ,it is
irreducible
F(x)= x3 + x + 1
f(a) never equals 0, so it is irreducible
and we can easily show that x+1 is not a factor of f(x).
38
4.5. Polynomial Arithmetic

Finding the Greatest Common Divisor
 We can adapt the Euclidean algorithm to compute the greatest
common divisor of two polynomials.
 gcd[a(x), b(x)] = gcd[b(x), a(x) mod b(x)]
EUCLID[a(x), b(x)]
1. A(x) ← a(x); B(x) ← b(x)
2. if B(x) = 0 return A(x) = gcd[a(x), b(x)]
3. R(x) = A(x) mod B(x)
4. A(x) ← B(x)
5. B(x) ← R(x)
6. goto 2

E.g. a(x) = x6 + x5 +x4 + x3 + x2 +x + 1 and b(x) = x4
+ x2 + x + 1. (from book)
39
4.6. Finite Fields Of the Form
GF(2n)
Suppose we wish to define a conventional encryption algorithm that
operates on data 8 bits at a time and we wish to perform division.
(8-bit patterns, 251)
 Suppose we wish to use 3-bit blocks in our encryption algorithm

40
4.6. Finite Fields Of the Form
GF(2n)




Modular Polynomial Arithmetic
In GF(pn) we use modular polynomial arithmetic
instead of using modular arithmetic.
GF(pn): the set S of all polynomials of degree n -1
or less over the field Zp (p is prime number, ),and
the coefficient set follows in the set {0, 1,..., p -1}.
There are a total of pn different polynomials in S.
Each such set S is a finite field (coefficient,
multiplication)
41
4.6. Finite Fields Of the Form
GF(2n)
E.g. The Advanced Encryption Standard (AES) uses arithmetic in
the finite field GF(28), with the irreducible polynomial m(x) = x8 + x4
x3 + x + 1. Consider the two polynomials f(x) = x6 + x4 + x2 + x + 1
and g(x) = x7 + x + 1. Then
 f(x) + g(x) = x6 + x4 + x2 + x + 1 + x7 + x + 1= x7 + x6 + x4 + x2
 f(x) x g(x) = x13 + x11 + x9 + x8 + x7 + x7 + x5 + x3 + x2 + x +x6 + x4 +
x2 + x + 1 = x13 + x11 + x9 + x8 + x6 + x5 + x4 + x3 + 1


Therefore, f(x) x g(x) ≡ x7 + x6 + 1 (mod m(x) ).
42
4.6. Finite Fields Of the Form
GF(2n)

To construct the finite field GF(23), we need to choose an
irreducible polynomial of degree 3. There are only two such
polynomials: (x3 + x2 + 1) and (x3 + x + 1).
Polynomial Arithmetic Modulo (x3 + x + 1)
43
4.6. Finite Fields Of the Form
GF(2n)

Finding the Multiplicative Inverse









EXTENDED EUCLID[m(x), b(x)]
1. [A1(x), A2(x), A3(x)] ←[1, 0,
m(x)]; [B1(x), B2(x), B3(x)] ←[0, 1,
b(x)]
2. if B3(x) = 0 return A3(x) =
gcd[m(x), b(x)]; no inverse
3. if B3(x) = 1 return B3(x) =
gcd[m(x), b(x)]; B2(x) = b(x)-1 mod
m(x)
4. Q(x) = quotient of A3(x)/B3(x)
5. [T1(x), T2(x), T3(x)] ←[A1(x) Q(x)B1(x), A2(x) - Q(x)B2(x), A3(x)
- QB3(x)]
6. [A1(x), A2(x), A3(x)] [B1(x),
B2(x), B3(x)]
7. [B1(x), B2(x), B3(x)] [T1(x),
T2(x), T3(x)]
8. goto 2

Extended Euclid [(x8 + x4 + x3 + x
+ 1), (x7 + x + 1)]
44
4.6. Finite Fields Of the Form
GF(2n)

Computational Considerations
 Addition
○ Addition of two polynomials in GF(2n)
corresponds to a bitwise XOR operation.
○ (x6 + x4 + x2 + x + 1) + (x7+ x + 1)= x7 + x6 + x6
+ x4 + x2 (polynomial notation)
○ (01010111)(10000011) = (11010100)
(binary notation)
45
4.6. Finite Fields Of the Form
GF(2n)
 Multiplication
○ In general, in GF(2n) with an nth-degree
polynomial p(x), we have xn mod p(x) = [p(x) -xn].
○ E.g. Now, consider a polynomial in GF(28), which
has the form f(x) = b7x7 + b6x6 + b5x5 + b4x4 + b3x3
+ b2x2 + b1x + b0. If we multiply by x, we have
 X x f(x) = (b7x8 + b6x7 + b5x6 + b4x5 + b3x4 + b2x3 + b1x2+
b0x) mod (m(x)=x8 + x4 + x3 + x + 1)
 X x f(x) = (b6x7 + b5x6 + b4x5 + b3x4 + b2x3 + b1x2+ b0x) +
(x4 + x3 + x + 1)
[b7 = 1]
○ It follows that multiplication by x (i.e., 00000010)
can be implemented as a 1-bit left shift followed by
a conditional bitwise XOR with (00011011), which
represents (x4 + x3 + x + 1).
46
4.6. Finite Fields Of the Form
GF(2n)

E.g. In an earlier example, we showed that for f(x) = x6 + x4 + x2 + x + 1,
g(x) = x7 + x + 1, and m(x) = x8 + x4 + x3 + x + 1, f(x) x g(x) mod m(x) = x7 +
x6 + 1. Redoing this in binary arithmetic, we need to compute (01010111) x
(10000011). First, we determine the results of multiplication by powers of x:
47
4.6. Finite Fields Of the Form
GF(2n)
48
4.6. Finite Fields Of the Form
GF(2n)

Using a Generator
 A generator g of a finite field F of order q (contains q elements) is an
element whose first q -1 powers generate all the nonzero elements of F.
An element b contained in F is called a root of the polynomial if f(b) = 0.
Finally, it can be shown that a root g of an irreducible polynomial is a
generator of the finite field defined on that polynomial.
 E.g. Let us consider the finite field GF(23), defined over the irreducible
polynomial x3 + x + 1, the generator g must satisfy f(g) = g3 + g + 1 = 0.
so,g3 = -g -1 = g + 1. We now show that g in fact generates all of the
polynomials of degree less than 3.
g4 = g(g3) = g(g + 1) = g2 + g
○ g5 = g(g4) = g(g2 + g) = g3 + g2 = g2 + g + 1
○ g6 = g(g5) = g(g2 + g + 1) = g3 + g2 + g = g2 + g + g + 1 = g2 + 1
○ g7 = g(g6) = g(g2 + 1) = g3 + g = g + g + 1 = 1 = g0
○
 We see that the powers of g generate all the nonzero polynomials in
GF(23). Also, it should be clear that gk = gk mod 7 for any integer k.
49
4.6. Finite Fields Of the Form
GF(2n)

For example, g4 x g6 = g(10 mod 7) = g3 = g
+ 1. (finite cyclic group)
50
4.6. Finite Fields Of the Form
GF(2n)

GF(23) Arithmetic Using Generator for the
Polynomial (x3 + x + 1)
51
4.6. Finite Fields Of the Form
GF(2n)




For GF(2n) with irreducible polynomial f(x), determine gn =
f(g) - gn.
n
Calculate all of the powers of g from gn+1 through g2 -2.
The elements of the field correspond to the powers of g0
n
from through g2 -2, plus the value 0.
For multiplication of two elements in the field, use the
equality gk = gk mod (2n1) for any integer k.
52
Summary



GF(2n) consists of 2n elements.
The binary operations + and x are defined over the
set. The operations of addition, subtraction,
multiplication, and division can be performed
without leaving the set. Each element of the set
other than 0 has a multiplicative inverse.
Any questions? Thank you!!
53