Simplicial set: Difference between revisions
en>Linas m →Geometric realization: wikilink |
en>SuperJew m Disambiguated: weak equivalence → weak equivalence (homotopy theory) |
||
Line 1: | Line 1: | ||
In [[mathematics]], the '''polynomial basis''' is a [[basis (linear algebra)|basis]] for [[finite extension]]s of [[finite field]]s. | |||
Let α ∈ [[Finite field|GF(''p''<sup>''m''</sup>)]] be the root of a [[primitive polynomial (field theory)|primitive polynomial]] of degree ''m'' over GF(''p''). The polynomial basis of GF(''p''<sup>''m''</sup>) is then | |||
== | :<math> | ||
\{ 1, \alpha, \ldots, \alpha^{m-1}\} | |||
</math> <ref> | |||
{{cite book | last = Roman | first = Steven | authorlink = Steven Roman | title = Field Theory | publisher = Springer-Verlag | year = 1995 | location = New York | isbn = 0-387-94407-9 }} | |||
</ref> | |||
The | The set of elements of GF(''p''<sup>''m''</sup>) can then be represented as: | ||
:<math> | |||
\{ 0, 1, \alpha, \alpha^2, \ldots, \alpha^{p^{m}-2} \} | |||
</math> | |||
using [[Zech's logarithms]]. | |||
==Addition== | |||
Addition using the polynomial basis is as simple as addition modulo ''p''. For example, in GF(3<sup>''m''</sup>): | |||
:<math>(2\alpha^2 + 2\alpha + 1) + (2\alpha + 2) = 2\alpha^2 + 4\alpha + 3 \mod{3} = 2\alpha^2 + \alpha</math> | |||
In GF(2<sup>''m''</sup>), addition is especially easy, since addition and subtraction modulo 2 are the same thing, and furthermore this operation can be done in hardware using the basic [[XOR]] logic gate. | |||
==Multiplication== | |||
Multiplication of two elements in the polynomial basis can be accomplished in the normal way of multiplication, but there are a number of ways to speed up multiplication, especially in hardware. Using the straightforward method to multiply two elements in GF(''p''<sup>''m''</sup>) requires up to ''m''<sup>2</sup> multiplications in GF(''p'') and up to ''m''<sup>2</sup> − ''m'' additions in GF(''p''). | |||
Some of the methods for reducing these values include: | |||
*Lookup tables — a prestored table of results; mainly used for small fields, otherwise the table is too large to implement | |||
*The [[Karatsuba-Ofman algorithm]] — repeatedly breaking the multiplication into pieces, decreasing the total number of multiplications but increasing the number of additions. As seen above, addition is very simple, but the overhead in breaking down and recombining the parts involved in Karatsuba-Ofman make it prohibitive for hardware, although it is often used in software. It can even be used for general multiplication, and is done in many [[computer algebra system]]s such as [[Waterloo Maple]]. | |||
*[[Linear feedback shift register]]-based multiplication | |||
*[[Subfield]] computations — breaking the multiplication in GF(''p''<sup>''m''</sup>) to multiplications in GF(''p''<sup>''x''</sup>) and GF(''p''<sup>''y''</sup>), where ''x'' × ''y'' = ''m''. This is not frequently used for cryptographic purposes, since some composite degree fields are avoided because of known attacks on them. | |||
*Pipelined multipliers — storing intermediate results in buffers so that new values can be loaded into the multiplier faster | |||
*Systolic multipliers — using many cells that communicate with neighboring cells only; typically systolic devices are used for computation-intensive operations where input and output sizes are not as important, such as multiplication. | |||
==Squaring== | |||
Squaring is an important operation because it can be used for general exponentiation as well as inversion of an element. The most basic way to square an element in the polynomial basis would be to apply a chosen multiplication algorithm on an element twice. In general case, there are minor optimizations that can be made, specifically related to the fact that when multiplying an element by itself, all the bits will be the same. In practice, however, the [[irreducible polynomial]] for the field is chosen with very few nonzero coefficients which makes squaring in polynomial basis of GF(2<sup>''m''</sup>) much simpler than multiplication.<ref>{{Cite document | last1 = Huapeng | first1 = Wu | contribution = On Complexity of Polynomial Basis Squaring in F(2<sup>m</sup>) | title = Selected Areas in Cryptography: 7th Annual International Workshop, SAC 2000, Waterloo, Ontario, Canada, August 14–15, 2000, | publisher = Springer | pages = 118 | year = 2001 | postscript = <!--None--> }}</ref> | |||
==Inversion== | |||
Inversion of elements can be accomplished in many ways, including: | |||
*Lookup tables — once again, only for small fields otherwise the table is too large for implementation | |||
*Subfield inversion — by solving systems of equations in subfields | |||
*Repeated square and multiply — for example in GF(2<sup>''m''</sup>), ''A''<sup>−1</sup> = ''A''<sup>2''m'' − 2</sup> | |||
*The [[Extended Euclidean algorithm]] | |||
*The [[Itoh-Tsujii inversion algorithm]] | |||
==Usage== | |||
The polynomial basis is frequently used in [[cryptography|cryptographic]] applications that are based on the [[discrete logarithm problem]] such as [[elliptic curve cryptography]]. | |||
The advantage of the polynomial basis is that multiplication is relatively easy. For contrast, the [[normal basis]] is an alternative to the polynomial basis and it has more complex multiplication but squaring is very simple. Hardware implementations of polynomial basis arithmetic usually consume more power than their normal basis counterparts. | |||
==References== | |||
<references/> | |||
==See also== | |||
*[[normal basis]] | |||
*[[dual basis in a field extension|dual basis]] | |||
*[[change of bases]] | |||
{{DEFAULTSORT:Polynomial Basis}} | |||
[[Category:Linear algebra]] | |||
[[Category:Field theory]] | |||
[[Category:Theory of cryptography]] |
Revision as of 21:51, 18 November 2013
In mathematics, the polynomial basis is a basis for finite extensions of finite fields.
Let α ∈ GF(pm) be the root of a primitive polynomial of degree m over GF(p). The polynomial basis of GF(pm) is then
The set of elements of GF(pm) can then be represented as:
using Zech's logarithms.
Addition
Addition using the polynomial basis is as simple as addition modulo p. For example, in GF(3m):
In GF(2m), addition is especially easy, since addition and subtraction modulo 2 are the same thing, and furthermore this operation can be done in hardware using the basic XOR logic gate.
Multiplication
Multiplication of two elements in the polynomial basis can be accomplished in the normal way of multiplication, but there are a number of ways to speed up multiplication, especially in hardware. Using the straightforward method to multiply two elements in GF(pm) requires up to m2 multiplications in GF(p) and up to m2 − m additions in GF(p).
Some of the methods for reducing these values include:
- Lookup tables — a prestored table of results; mainly used for small fields, otherwise the table is too large to implement
- The Karatsuba-Ofman algorithm — repeatedly breaking the multiplication into pieces, decreasing the total number of multiplications but increasing the number of additions. As seen above, addition is very simple, but the overhead in breaking down and recombining the parts involved in Karatsuba-Ofman make it prohibitive for hardware, although it is often used in software. It can even be used for general multiplication, and is done in many computer algebra systems such as Waterloo Maple.
- Linear feedback shift register-based multiplication
- Subfield computations — breaking the multiplication in GF(pm) to multiplications in GF(px) and GF(py), where x × y = m. This is not frequently used for cryptographic purposes, since some composite degree fields are avoided because of known attacks on them.
- Pipelined multipliers — storing intermediate results in buffers so that new values can be loaded into the multiplier faster
- Systolic multipliers — using many cells that communicate with neighboring cells only; typically systolic devices are used for computation-intensive operations where input and output sizes are not as important, such as multiplication.
Squaring
Squaring is an important operation because it can be used for general exponentiation as well as inversion of an element. The most basic way to square an element in the polynomial basis would be to apply a chosen multiplication algorithm on an element twice. In general case, there are minor optimizations that can be made, specifically related to the fact that when multiplying an element by itself, all the bits will be the same. In practice, however, the irreducible polynomial for the field is chosen with very few nonzero coefficients which makes squaring in polynomial basis of GF(2m) much simpler than multiplication.[2]
Inversion
Inversion of elements can be accomplished in many ways, including:
- Lookup tables — once again, only for small fields otherwise the table is too large for implementation
- Subfield inversion — by solving systems of equations in subfields
- Repeated square and multiply — for example in GF(2m), A−1 = A2m − 2
- The Extended Euclidean algorithm
- The Itoh-Tsujii inversion algorithm
Usage
The polynomial basis is frequently used in cryptographic applications that are based on the discrete logarithm problem such as elliptic curve cryptography.
The advantage of the polynomial basis is that multiplication is relatively easy. For contrast, the normal basis is an alternative to the polynomial basis and it has more complex multiplication but squaring is very simple. Hardware implementations of polynomial basis arithmetic usually consume more power than their normal basis counterparts.
References
- ↑
20 year-old Real Estate Agent Rusty from Saint-Paul, has hobbies and interests which includes monopoly, property developers in singapore and poker. Will soon undertake a contiki trip that may include going to the Lower Valley of the Omo.
My blog: http://www.primaboinca.com/view_profile.php?userid=5889534 - ↑ Template:Cite document