docDIARIO DEL CORSO FINITE FIELDS AND SYMMETRIC
download 
Reclamo Transcript
DIARIO DEL CORSO FINITE FIELDS AND SYMMETRIC
DIARIO DEL CORSO FINITE FIELDS AND SYMMETRIC CRYPTOGRAPHY SANDRO MATTAREI A.A. 2009/10 (42 ore di lezione) (Il corso è iniziato la seconda settimana del semestre) Seconda settimana. Lezione di giovedı́ 25 febbraio 2010 (due ore) Rings and integral domains. Field of fractions of a domain, with examples: Q, the field of rational functions F(x). The ring of formal power series F[[x]], its invertible elements, and its field of fractions F((x)) (the field of formal Laurent series). Finite domains are fields. The right- and left-multiplication maps by an element of a ring. Terza settimana. Lezione di lunedı́ 1 marzo 2010 (un’ora) Algebras over a field, and over a ring with unit element. Examples. If a finite-dimensional commutative algebra is a domain, then it is a field. Simple extensions of a field. Minimal polynomial. The minimal polynomial is irreducible, if the top ring is a domain. Lezione di giovedı́ 4 marzo 2010 (due ore) The division R-algebra of Hamilton’s quaternions, its representation through matrices. A more general construction of a quaternion algebra, over an arbitrary field; over a finite field it cannot be a division algebra. Wedderburn’s theorem on finite division algebras (without proof). Quarta settimana. Lezione di giovedı́ 11 marzo 2010 (due ore) Characteristic of a ring, and of a domain. A finite field has order a power of a prime. A finite multiplicative subgroup of a field is cyclic. A ring of square matrices over a field is a simple ring. Quinta settimana. Lezione di lunedı́ 15 marzo 2010 (un’ora) Fundamental theorem for ring homomorphisms. Simple ring extensions, minimal polynomial. 1 2 SANDRO MATTAREI A.A. 2009/10 Lezione di giovedı́ 18 marzo 2010 (due ore) Another proof that a finite multiplicative subgroup of a field is cyclic. Explicit construction of fields with p2 and p3 elements. Sesta settimana. Lezione di lunedı́ 22 marzo 2010 (un’ora) Splitting field of a polynomial. Existence of splitting fields. Existence of fields of any order pn , for p a prime. Lezione di giovedı́ 25 marzo 2010 (due ore) The derivative criterion for multiple roots. Uniqueness of splitting fields. Uniqueness of the field of pn elements. Settima settimana. Lezione di lunedı́ 29 marzo 2010 (un’ora) More examples of irreducible polynomials (among cyclotomic polynomials). Lezione di giovedı́ 1 aprile 2010 (due ore) The Frobenius automorphism. Subfields of a finite field. The point of view of Galois theory. f The polynomial xp − x equals the product of all monic irreducible polynomials over Fp of degree a divisor of f . Galois orbits on Fq . f Examples of the full factorization of xp − x over Fp . Ottava settimana. Lezione di giovedı́ 8 aprile 2010 (due ore) Order of a polynomial. Primitive polynomials. The number of primitive polynomials of a given degree. Examples. The polynomial of Rijndael is irreducible. Introduction to general Möbius functions. Nona settimana. Lezione di lunedı́ 12 aprile 2010 (un’ora) The classical Möbius function. Möbius functions of other partially ordered sets (such as N and P(Ω)). Applications of (the classical) Möbius inversion: another expression for Euler’s ϕ function; the number of irreducible polynomials of a given degree; cyclotomic polynomials. Lezione di giovedı́ 15 aprile 2010 (due ore) Symmetric cryptography vs. public-key cryptography. Classical ciphers: Caesar, Vigenere. Linear and affine transformations. Frequency analysis. General structure of Rjindael. DIARIO DEL CORSO FINITE FIELDS AND SYMMETRIC CRYPTOGRAPHY 3 Lezione di giovedı́ 22 aprile 2010 (due ore) The four steps of a round of Rjindael: SubBytes (the S-box), ShiftRows, MixColumns (the affine diffusion steps, or D-box), AddRoundKey (key addition, via XOR). Full diffusion after two rounds. Comparison with the structure of DES. The MixColumns step in detail. Reasons for the choice of the specific polynomial used. Undicesima settimana. Lezione di lunedı́ 26 aprile 2010 (un’ora) All the basic steps of Rjindael have small period. The dihedral group: the product of two involutions can have arbitrary period. Chosen-plaintext and given-plaintext cryptanalysis of linear... Lezione di giovedı́ 29 aprile 2010 (due ore) ...and affine transformations. Description of all maps of a finite field into itself in terms of polynomials. Lagrange interpolation. Dodicesima settimana. Lezione di lunedı́ 3 maggio 2010 (un’ora) Linear functions between finite fields. The trace. Lezione di giovedı́ 6 maggio 2010 (tre ore) Differential cryptanalysis of key-alternating block ciphers. Difference propagation through the inversion map. Tredicesima settimana. Lezione di giovedı́ 13 maggio 2010 (due ore) Introduction to linear cryptanalysis. Quattordicesima settimana. Lezione di lunedı́ 17 maggio 2010 (un’ora) Introduction to (Discrete) Fourier Analysis. Characters of an abelian group; the dual group. Lezione di mercoledı́ 19 maggio 2010 (due ore) Finitely generated abelian groups: the structure theorem. Construction of all characters of finite abelian groups. Lezione di giovedı́ 20 maggio 2010 (due ore) The orthogonality relations. The Fourier inversion formula. Quindicesima settimana. Lezione di lunedı́ 24 maggio 2010 (un’ora) Parseval’s identity. The Fourier transform on more general groups (such as R/Z or R). 4 SANDRO MATTAREI A.A. 2009/10 Lezione di mercoledı́ 26 maggio 2010 (due ore) Fourier analysis of Boolean functions. Hamming distance and correlation. Lower bound for the minimum correlation with linear functions. The components of the inversion map have low correlations with the linear functions: Kloosterman sums and the bound of Carlitz-Uchiyama. Lezione di giovedı́ 27 maggio 2010 (due ore) Discussion of bounds for other exponential sums. Branch number of a linear map. The MixColumns step has branch number five.
