Fields - HackMD

Rings, Fields notes

Rings

a ring over the set

R

is given as

(R, +, \cdot)

, which has two binary operations, denoted by

+

and

\cdot

such that:

$R$ is an abelian group (commutative group) with respect to +.
$\cdot$ is associative. i.e.,
$(a \cdot b) \cdot c = a \cdot (b \cdot c)$ for all
$a, b, c \in R$ .
The distributive laws hold. i.e., for all
$a, b, c \in R$ we have
$a \cdot (b + c) = (a \cdot b + b \cdot c$ and
$(b + c) \cdot a = b \cdot a + c \cdot a$ .

We use

0

(the zero element) to denote the identity element of the abelian group

R

with respect to addition.
The additive inverse of

a

is denoted by

- a

, also

a + (- b)

is abbreviated by

a - b

Definition

A ring is called a ring with identity if the ring has a multiplicative identity—that is, if there is an element e such that
$a e = e a = a$ for all
$a e R$ .
A ring is called commutative if
$\cdot$ is commutative.
A ring is called an integral domain if it is a commutative ring with identity
$e \neq 0$ in which
$a b = 0$ implies
$a = 0$ or
$b = 0$ .
A ring is called a division ring (or skew field) if the nonzero elements of
$R$ form a group under
$\cdot$ .
A commutative division ring is called a field

Polynomials

from elementary algebra, a polynomial is regarded as an expression of the form

\begin{array}{r} a_{0} + a_{1} x + \dots + a_{n} x^{n} \end{array}

the

a

's are called the coefficients and are usually real or complex numbers.

x

is viewed as a variable. The arithmetic of polynomials is governed by familiar rules. The concept of polynomial and the associated operations can be generalized to a formal algebraic setting in a straightforward manner.

Let

R

be an arbitary ring. A polynomial over

R

is an expression of the form

\begin{array}{r} f (x) = \sum_{i = 0}^{n} a_{i} x^{i} = a_{0} + a_{1} x + \dots + a_{n} x^{n}, \end{array}

where

n

is a nonegative integer, the coefficients

a_{i}, 0 \leq i \leq n

, are elements of

R

, and

x

is a symbol not belonging to

R

called an indeterminate over

R

Prime fields

Let

p \in P

be a prime number and

(Z_{p}, +, \cdot)

be the ring of modular

p

arithmetic. To differentiate between arbitary modular arithmetic rings we write a prime fields of characteristic

p

(F_{p}, +, \cdot)

An impotant proterty of prime fields is that any prime field of charateristic

p

has exactly

p

elements which can be represented on a computer with not more than

l o g_{2} (p)

bits. This is in contracts to fields which may be require an unbounded amount of bits to properly describe an arbitary precession representation.

Prime fields are special case of modular arithmetic rings. Addition and multiplication can be computed by first doing integer addition and multiplication, and then considering the remainder in Euclidean division by

p

as the result.

As above, (in Rings), for any prime fields element

x \in F_{p}

, its additive inverse (the negative) is given by

- x = p - x mod p

For

x \neq 0

, the multiplicative inverse always exists, and is given by

x^{- 1} = x^{p - 2}

Division is then defined by multiplication with the multiplicative inverse;

\frac{a}{b} = b \cdot a^{- 1}

NOTE:
In modular
$n$ arithmetic, a number
$r$ has a multiplicative inverse if and only if
$n$ and
$r$ are coprime. Since
$g c d (n, r) = 1$ in that case, we know from the Extended Euclidean Algorithm that there are numbers
$s$ and
$t$ , such that the following equation holds:

$1 = s \cdot n + t \cdot r$
If we take the modulus n on both sides, the term
$s \cdot n$ vanishes, which tells us that
$t mod n$ is the multiplicative inverse of
$r$ in modular
$n$ arithmetic.

See: Extended Euclidean Algorithm

Extended field

Pairing based SNARK systems are crucially dependent on certain types of pairings defind on elliptic curves over prime field extensions.

Given some prime number

p \in P

, a natural number

m \in N

, and a irreducible polynomial

P \in F_{p} [x]

of degree

k

whith coefficients from the prime field

F_{p}

, a prime extension

(F_{p^{k}}, +, \cdot)

is defined as follows

The set

F_{p^{k}}

of the prime field extension is given by the set of all polynomials with a degree less than

k

\begin{array}{r} F_{p^{k}} := {a_{k - 1} x^{k - 1} + a_{k - 2} x^{k - 2} + \dots + a_{1} x^{1} + a_{0} | a_{i} \in F_{p}} \end{array}

The addition law of the prime field extension

F_{p^{k}}

is given by the usual addition of polynomials:

Let

\sum_{j = 0}^{m_{1}} a_{n} x^{n}

and

\sum_{j = 0}^{m_{2}} b_{n} x^{n}

be two polynomials from

R [x]

\begin{array}{r} + : F_{p^{k}} \times F_{p^{k}} \to F_{p^{k}}, (\sum_{j = 0}^{m} a_{j} x^{j}, \sum_{j = 0}^{m} b_{j} x^{j}) \mapsto \sum_{j = 0}^{m} (a_{j} + b_{j}) x^{j} \end{array}

The multiplication law of the prime field extension

F_{p^{k}}

is given by first multiplying the two polynomials

\begin{array}{r} \times : F_{p^{k}} \times F_{p^{k}} \to F_{p^{k}}, (\sum_{j = 0}^{m} a_{j} x^{j}, \sum_{j = 0}^{m} b_{j} x^{j}) \mapsto \sum_{n = 0}^{2 m} \sum_{i = 0}^{n} (a_{i} b_{n - i}) x^{n} mod P \end{array}

The neutral element of the additive group

(F_{p^{k}}, +)

is given by the zero polynomial 0.

Example:
For a field

F_{p}

, an extension field is of the form

F_{p^{k}}

An example is to study a binary extension field

F_{p^{k}}

where

p = 2

In this example,

F_{2^{k}}

has its elements represented a polynomials over the base field

F_{2}

. A polynomial in

F_{2}

is an expression where the coefficients come from the set

{0, 1}

, and arithemetic operations are performed modulo 2.

The degree of the polynomial will be less than of equal to

k - 1

.
Taking

k = 3

, we can construct extension field

F_{2^{3}}

by considering the polynomials of degree 2 over

F_{2}

.
A primitive polynomial for

F_{2^{3}}

would be

f (x) = x^{2} + x + 1

The elements are:

k

–> element in

F_{2^{3}}

0,0,0 –>

0

which is also the additive identity.
0,0,1 –>

1

which is also a multiplicative identity.
0,1,0 –>

x

0,1,1 –>

x + 1

1,0,0 –>

x^{2}

1,0,1 –>

x^{2} + 1

1,1,0 –>

x^{2} + x

1,1,1 –>

x^{2} + x + 1

addition and multiplication are performed modulo 2.

Image Not Showing Possible Reasons

The image was uploaded to a note which you don't have access to
The note which the image was originally uploaded to has been deleted

Learn More →

Elliptic curve over prime field:

For a prime power

p > 3

and

a, b \in F_{p}

(where

4 a^{3} + 27 b^{2} \neq 0

a.k.a the degenerate case) let

\begin{array}{r} E (F_{p}) = {(x, y) \in F_{p} \times F_{p} such that y^{2} = x^{3} + a x + b} \end{array}

Pairings

within the development of SNARKs the use pairing-maps on commutative groups is a frequently used. A pairing map if a function that takes pairs of elements from the source field(s)

G_{1}

and

G_{2}

, and maps then to elements in a target field

G_{T}

such that the blinearity property holds. i.e.,

Definition:

e (\cdot, \cdot) : G_{1} \times G_{2} \mapsto G_{T}

In other words, a pairing

e : G \times G \mapsto G_{T}

is a mapping of points in groups to points in another.

Bilinear in the fact that there is two eponents,

e (g^{a}, g^{b}) = e (g, g)^{a b}

\forall a, b \in Z, g \in G

maps generators to generators.

g

generates

G \Rightarrow e (g, g)

generates

G_{T}

the example (in reference to the above) is that the group

G

is an elliptic curve, and the target group

G_{T}

is a finite field.

G \subseteq E (F_{p})

G_{T} \subseteq E (F_{p^{k}})

, where k = 1,2,3,4,6,10,12

Note:

lets take a finite field under an elliptic curve and call this group

G

which has

q

point in the gorup

E (F_{p}) = G

no lets take an extension

E (F_{p^{k}}) [q]

which can be thought of a elliptic curve over a 2-dimensional set of points.

Tate pairing:

e (P, Q) = f_{p} (Q)^{(p^{k} - 1) / q}

the function

f_{p}

is a polynomial defined by the point

P

, which is a bivariat polynomial whose inputs are the two coordinated of the point

Q

. i.e., treat the coordinate

Q

(x, y)

In crypto we dont like to have such 2-dimensional fields, we prefer to use a ring. So we define two groups

G_{1}

and

G_{2}

that are non-degenerate, where

e : G_{1} \times G_{2} = G_{T}

, this is an asymetric pairing.

Rings, Fields notes

Rings

Polynomials

Prime fields

Extended field

Elliptic curve over prime field:

Pairings

Read more

Week 15-24

Week 11-24

Week 3

Week 2