A finite field is a mathematical construct based on a set of axioms which are held to be true. A number of interesting and useful properties arise from finite fields that makes them particularly suitable for use in cryptography, notably in block ciphers. Questions concerning finite fields should use this tag. Your question may concern finite fields if you are asking about AES, block ciphers or modular arithmetic.
Questions tagged [finite-field]
433 questions
41
votes
5 answers
Galois fields in cryptography
I don't really understand Galois fields, but I've noticed they're used a lot in crypto. I tried to read into them, but quickly got lost in the mess of heiroglyphs and alien terms. I understand they're sets of the form $GF(p^n)$ for $n\geq1$ where…
Polynomial
- 3,577
- 4
- 30
- 45
35
votes
4 answers
What is so special about elliptic curves?
There seems to be sources like this, this also, and some introductions that discuss elliptic curves in general and how they're used. But what I'd like to know is why these particular curves are so important in cryptography as opposed to, let's say,…
stackuser
- 583
- 4
- 7
30
votes
2 answers
How to determine the order of an elliptic curve group from its parameters?
Let $\quad E:\; y^2 = x^3 + ax + b \quad$ be an elliptic curve defined over a finite field $\mathbb F_q$ where $q = p^n$, $a,b \in \mathbb F_q$ and $p \neq 2, 3$. By Hasse's theorem we know that the order of $E(\mathbb F_q)$ is in the range…
user110219
- 665
- 1
- 6
- 12
25
votes
3 answers
How robust is discrete logarithm in $GF(2^n)$?
"Normal" discrete logarithm based cryptosystems (DSA, Diffie-Hellman, ElGamal) work in the finite field of integers modulo a big prime $p$. However, there exist other finite fields out there, in particular binary fields $GF(2^n)$. There is a…
Thomas Pornin
- 88,324
- 16
- 246
- 315
23
votes
2 answers
Design properties of the Rijndael finite field?
So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this…
user46
21
votes
5 answers
Are there any (asymmetric) cryptographic primitives not relying on arithmetic over prime fields and/or finite fields?
Trying to figure out if any (asymmetric) cryptographic primitives exists, which do not rely on arithmetic over a prime field and/or arithmetic over a finite field, some people might get lost in research. Therefore, here’s the related question…
Mike Edward Moras
- 18,161
- 12
- 87
- 240
21
votes
3 answers
Choice of multiplication polynomial in Rijndael s-box affine mapping
The Rijndael specification details the design choices for the s-box in section 7.2. They describe the choice of affine mapping as follows:
We have chosen an affine mapping that has a very simple description per se, but a
complicated algebraic…
Richie Frame
- 13,278
- 1
- 26
- 42
18
votes
1 answer
Do recent announcements about solving the DLP in $GF(2^{6120})$ apply to schemes proposed for cryptographic use?
A recent paper by Göloğlu, Granger, McGuire, and Zumbrägel: Solving a 6120-bit DLP on a Desktop Computer seems to "demonstrate a practical DLP break in the finite field of $2^{6120}$ elements, using just a single core-month". They credit a 2012…
fgrieu
- 149,326
- 13
- 324
- 622
18
votes
0 answers
The aftermath and considerations of the new record of 30750-Bit Binary Field Discrete Logarithm - 2020
Granger et al. recently published a paper about breaking a record for discrete logarithm on the Binary field
Computation of a 30 750-Bit Binary Field Discrete Logarithm, Robert Granger and Thorsten Kleinjung and Arjen K. Lenstra and Benjamin…
kelalaka
- 49,797
- 12
- 123
- 211
16
votes
3 answers
What is the main difference between finite fields and rings?
In the course I'm studying, if I've understood it right, the main difference between the two is supposed to be that finite fields have division (inverse multiplication) while rings don't. But as I remember, rings also had inverse multiplication, so…
Jobo
- 171
- 1
- 5
16
votes
1 answer
Necessity for finite field arithmetic and the prime number p in Shamir's Secret Sharing Scheme
Shamir's original paper (PDF, 197kb) describing a threshold secret sharing scheme states:
To make this claim more precise, we use modular arithmetic instead of
real arithmetic. The set of integers modulo a prime number $p$ forms a
field in…
ampersand
- 375
- 2
- 9
15
votes
1 answer
Security of pairing-based cryptography over binary fields regarding new attacks
In the last week, the discrete logarithm problem was broken for the binary fields $\mathbb{F}_{2^{(14 \times 127)}}$ and $\mathbb{F}_{2^{(27 \times 73)}}$.
Pairing-based cryptography using binary fields currently relies on fields such as…
Conrado
- 6,614
- 1
- 30
- 45
14
votes
3 answers
Multiplicative inverse in $\operatorname{GF}(2^8)$?
I know how to do multiplication over ${\rm GF}(2^8)$:
uint8_t gmul(uint8_t a, uint8_t b)
{
uint8_t p=0;
uint8_t carry;
int i;
for(i=0;i<8;i++)
{
if(b & 1)
p ^=a;
carry = a & 0x80;
a = a<<1;
…
Melvin
- 331
- 1
- 3
- 7
13
votes
2 answers
Why does Shamir's Secret Sharing Scheme need a finite field?
I read ampersand's question "Necessity for finite field arithmetic and the prime number p in Shamir's Secret Sharing Scheme", where he asked why Shamir's Secret Sharing Scheme uses arithmetic in a finite field of prime order.
The answers to that…
Herc11
- 185
- 1
- 7
13
votes
0 answers
How Significant is the New Quasi-Polynomial-Time Attack on Fixed Characteristic Discrete Logarithms?
There is a new paper by Kleinjung and Wesolowski on eprint that claims and proves a new attack on the discrete logarithm problem in finite fixed characteristic fields in quasi-polynomial time.
Concretely a run-time of $$(pn)^{2\log_2n+O(1)}$$ is…
SEJPM
- 46,697
- 9
- 103
- 214