Let GF(p n ) be the finite field with p n elements where p is prime. We consider the problem of how to deterministically generate in polynomial time a subset of GF(p n ) that contains a primitive root, i.e., an element that generates the multiplicative group of nonzero elements in GF(p n ). We present three results. First, we present a solution to this problem for the case where p is small, i.e., p = n O(1) . Second, we present a solution to this problem under the assumption of the Extended Riemann Hypothesis (ERH) for the case where p is large and n = 2. Third, we give a quantitative improvement of a theorem of Wang on the least primitive root for GF(p) assuming the ERH. Appeared in Mathematics of Computation 58, pp. 369--380, 1992. An earlier version of this paper appeared in the 22nd Annual ACM Symposium on Theory of Computing (1990), pp. 546-554. 1980 Mathematics Subject Classification (1985 revision): 11T06. 1. Introduction Consider the problem of finding a primitive ...

Abstract. We present a new deterministic algorithm for the problem of constructing kth power nonresidues in finite fields Fpn,wherepis prime and k is a prime divisor of pn −1. We prove under the assumption of the Extended Riemann Hypothesis (ERH), that for fixed n and p →∞, our algorithm runs in polynomial time. Unlike other deterministic algorithms for this problem, this polynomial-time bound holds even if k is exponentially large. More generally, assuming the ERH, in time (n log p) O(n) we can construct a set of elements

Interest in normal bases over finite fields stems both from mathematical theory and practical applications. There has been a lot of literature dealing with various properties of normal bases (for finite fields and for Galois extension of arbitrary fields). The advantage of using normal bases to represent finite fields was noted by Hensel in 1888. With the introduction of optimal normal bases, large finite fields, that can be used in secure and e#cient implementation of several cryptosystems, have recently been realized in hardware. The present thesis studies various theoretical and practical aspects of normal bases in finite fields. We first give some characterizations of normal bases. Then by using linear algebra, we prove that F q n has a basis over F q such that any element in F q represented in this basis generates a normal basis if and only if some groups of coordinates are not simultaneously zero. We show how to construct an irreducible polynomial of degree 2 n with linearly i...

This paper addresses the question: how can we find a normal element efficiently? More generally, we consider how to find an element of any given additive order. Hensel (1888) pioneered the study of normal bases for finite fields and proved that they always exist. We use his algorithm in Section 2. Eisenstein (1850) had already noted that normal bases always exist. Hensel, and also Ore (1934), determine exactly the number of these bases, and Ore develops the more general concept of additive order. Ore's approach is developed into more constructive proofs of the normal basis theorem in several textbooks (for example, van der Waerden 1966, Section 67, and Albert 1956, Section 4.15); these all use some linear algebra calculations. Schwarz (1988) has given a new proof along these lines, and several recent papers have translated this approach into algorithms. Sidel'nikov (1988) deals with the case where n divides one of p (the characteristic of F q ), q + 1, or

The black-box field (BBF) extraction problem is, for a given field�, to determine a secret field element hidden in a black-box which allows to add and multiply values in�in the box and which reports only equalities of elements in the box. This problem is of cryptographic interest for two reasons. First, for ���Ôit corresponds to the generic reduction of the discrete logarithm problem to the computational Diffie-Hellman problem in a group of prime orderÔ. Second, an efficient solution to the BBF problem proves the inexistence of certain field-homomorphic encryption schemes whose realization is an interesting open problems in algebra-based cryptography. BBFs are also of independent interest in computational algebra. In the previous literature, BBFs had only been considered for the prime field case. In this paper we consider a generalization of the extraction problem to BBFs that are extension fields. More precisely we discuss the representation problem defined as follows: For given generators��������algebraically generating a BBF and an additional elementÜ, all hidden in a black-box, expressÜalgebraically in terms of ��������. We give an efficient algorithm for this representation problem and related problems for fields with small characteristic (e.g.���Òfor someÒ). We also consider extension fields of large characteristic and show how to reduce the representation problem to the extraction problem for the underlying prime field. These results imply the inexistence of field-homomorphic (as opposed to only group-homomorphic, like RSA) one-way permutations for fields of small characteristic.

Let Fq be the finite field with q elements. A normal basis polynomial f # Fq [x] of degree n is an irreducible polynomial, whose roots form a (normal) basis for the field extension Fq n : Fq . We show that a normal basis polynomial of degree n can be found in expected time O(n 2+# · log(q) + n 3+# ), when an arithmetic operation and the generation of a random constant in the field Fq cost unit time. Given some basis B = {#1 , #2 , ..., #n} for the field extension Fq n : Fq together with an algorithm for multiplying two elements in the B- representation in time O(n # ), we can find a normal basis for this extension and express it in terms of B in expected time O(n 1+#+# · log(q) + n 3+# ). CR Categories: F.2.1. 1991 Mathematics Subject Classification: Primary 11Y16; Secondary 11T30. Related Work. [BDS90] give a probabilistic construction of a normal basis for F q n : F q for restricted values of q and n. They use that the ground field F q can have at most n(n - 1...

This paper studies a variation on classical key-agreement and consensus problems in which the set S of possible keys is the range of a random variable that can be sampled. We give tight upper and lower bounds of dlog 2 ke bits on the communication complexity of agreement on some key in S, using a form of Sperner's Lemma, and give bounds on other problems. In the case where keys are generated by a probabilistic polynomial-time Turing machine, agreement is shown to be possible with zero communication if every fully polynomial-time approximation scheme (fpras) has a certain symmetry-breaking property. 1 Introduction A fundamental problem in key agreement between two parties, commonly called "Alice" and "Bob," is for Alice to communicate some string w to Bob over an expensive, noisy, and/or insecure channel. Most work allows w to be any given string, making no assumptions about its source, or considers w to be uniformly generated among strings of some length n. We study cases in which w...

Galois Field Library (GFL) is a portable general-purpose computational library of functions written in C for working over finite fields. The library provides a comprehensive treatment of operations in prime fields and their arbitrary finite extensions. Application programmers should find this library useful for developing programs in the areas of public-key cryptography, error control coding and combinatorial design. This technical report is a reference manual of GFL. It provides an exhaustive listing of all the features of the library -- namely the new data structures and macro definitions introduced in the header files of the library and the prototypes of all GFL library calls. KEY WORDS: Finite fields Data structures Algorithms Library 1 Introduction Galois Field Library (GFL) is a portable general-purpose computational library of functions written in C for working over finite fields (also called Galois fields). GFL provides routines for field arithmetic and for manipulation of uni...

In this paper we give several families of specific irreducible polynomials with the following property: if f(x) is one of the given polynomials of degree n over a finite field F q and # is a root of it, then # # F q n is normal over every intermediate field between F q n and F q . Here by # # F q n being normal over a subfield F q we mean that the algebraic conjugates #, # are linearly independent over F q . The degrees of the given polynomials are of the form 2 i where r 1 , r 2 , ...,r u are distinct odd prime factors of q - 1 and k, l 1 ,...,l u are arbitrary positive integers. For example, we prove that, for a prime p # 3 mod 4, if x - bx - 1 # F p [x]is irreducible with b #= 2 then the polynomial - x has the described property over F p for every integer k # 0. We will also show how to e#ciently compute the required b # F p .

Abstract not found