If only i could've studied in your university. Im pretty sure all professors are absolutely top notch. Having to tell people to not talk during the lecture is .... just... i don't even know. Lecture is so so interesting, so brilliant, would've been drowning myself in coffee and listening with both my ears. Much thanks for your work professor.
Prof. Paar NOTHING boring about your class. You are a great and excellent teacher. THANK YOU for all the videos of your class It has sparked my interest and passion for cryptography. Best wishes for you and family. You don't have to worry about me sleeping in your class. I'm ALWAYS AWAKE!
So many times he has to ask for students to be quiet. His students should appreciate this subject, he's really good. We don't even have this subject in my alma mater.
I have never been in so much interactive course even in physical class. Here, sitting in front of my laptop, all my nerves are filling like I am in a real class, and there is you and me going through all these concepts. Hats off to your teaching!! The way you can keep up my attention to you, irrespective of how long it has been I am sitting here and watching, is the gem quality that you posses. Thank you so much for your all effort, Prof. Paar!!
It was the opposite for me: I came here to learn about Galois fields, and I learnt how the AES internals really work as a bonus :) (to this day, I only knew how to do the computations by using precalculated "multiplication tables" - now I can conjure up those tables myself :) )
That's simply not true. I don't even know why you'd think that. He has better English than some foreign professors, but not American professors. That's simply because English is very common in Germany.
@@chrism7574 He's not talking about the Quality of the English, but about the coherency of it. You can have excellent well spoken english but still fail at actually teaching with it.
dunno if anyone gives a shit but if you are stoned like me atm you can stream all of the new series on instaflixxer. Have been streaming with my gf during the lockdown =)
This was an absolutely brilliant lecture. I had been trying to understand the galois theory used in AES for a while and this lecture just saved me. Thank you so much.
this is not galois theory. galois theory is a different beast and a branch of maths. what he did is presenting the basic arithmetic properties of GF(2^m), which are sometimes called Galois fields
Thank you Prof Paar for making a whole lecture series on cryptography. Your explanation is super clear and easy to understand. This is saving me a lot of hours reading my textbook.
Also, not all lecturers are as good as the ones found on TH-cam. There are lectures by legends in some fields (think Reinforcement Learning by Dr. David Silver)
ich moeche darauf hinweisen, dass ich, waehrend der youtube-lektion, wirklich nicht geredet habe! :-) Aber ernsthaft: wie viele anderen hier kommentierten, haben Sie auch mich endlich ueber das Mysterium Galois Fields verklaert. Vielen Dank, Herr Paar! Sie verdeinen Respekt!
A brilliant brilliant explanation ....thank you so much. Teachers like you are the reason why education is so much fun and interesting. Otherwise the teachers in universities like mumbai university make the students hate the subject so that they have to put less efforts in classrooms .
Such an interesting lecture. Came here to get a basic idea on finite field, but stayed on till the end. It is almost the end of my Semester at Unimleb (Course: Crypto) and I have an exam next week but it was only until today that I was really able to understand a lot more than what I wanted to know. Thanks, Professor Paar (many thumbs up).
Excellent lecture ! Just what I needed to fill in the missing gaps in my understanding of AES. Tried to understand the material from several sources, but nowhere was it as clear as the professor explains in this video. Worth the 90 minutes spent.
Fun fact: this can also help you understand CRC (Cyclic Redundancy Check) checksums as a bonus :) (AES could be thought of as a glorified version of a CRC)
Thank you so much for putting your course online, Prof. Paar. You are an outstanding teacher. I just ordered your book and eagerly waiting for it to be delivered.
Good lecturer. Well organized presentation. Good video production. Good audio. Easy to read the chalk board. I wish all the class room videos could be this good. This should be the example of the industry standard for filming a classroom lecture. I have watched the entire series and I am pleased that the mystery of encryption is gone from my mind. I've tried to watch other lecture series but disappointed that the production was not as good as this one.
Man today I just chosed my subject for my presentation about different algorithms and I drawn "finite fields and it's appliance in cryptography" and since 4 hours I am sitting listening and reading about them and I was so angry at the beginning that I had such hard topic but now I feel really entertained lol I wish I had a teacher like you in my univeristy. Greets
Thank you, this lecture was really helpful. I am giving a short presentation in class on Reed Solomon codes, but didn't fully understand Galois fields, and this helped tremendously!
My current professor has great understanding, but lacks the ability to communicate the concepts well. Thank you so much for laying out these tough topics in a way that is easy to understand!
Wow.. it's really amazing as well as interesting Introduction to Galois Fields (which was helpful to understand mathematics involved behind RAID 6 as well.)
Thank you Dr. Parr, I'm not joking when I say you saved my buttocks. I am using the same book in my Crypto course but was baffled by how exactly reduction takes place after my professor's explanation. I watched your course from start to finish, took notes, and now I understand. Thank you! Now, on to the Extended Euclidean Algorithm. Thank you again Dr. Pharr, this was an excellent lecture.
Excellent lecture! You even get help to develop an intuition for finite fields. Only someone with deep knowledge can make something this difficult seem simple. Recommend watching the lecture in x1.5 speed.
The Gf(2^m) has the polynomial elements a(m-1)x^(m-1)+... In your example Gf(2^3), the irreducible polynom X^3+X+1 is not part of the field! Also the AES x^8+... since the largest element would be in the form of a(m-1)x^(m-1) Could you please explain? Thank you.
+worroSfOretsevraH ou are correct: The irreducible polynomial itself is NOT part of the Galois field. You DIVIDE by the irr. polynomial and the remainder is the field element. By definition, the remainder has always a lower degree than the irreducible polynomial itself. This is similar to prime fields. Let's consider Z_7, i.e., we do arithmetic modulo the prime 7. The field elements are {0,1,2,3,4,5,6}. Note that 7 is not a field element. I hope this helps, Christof
It's the same thing that the modulus you reduce by is not part of itself too. E.g. for arithmetics modulo `m` the possible remainders are `0, 1, 2, …, m-1`, so `m` (the number you reduce by) is not part of the set, but it is used for reducing the results of operations.
The video was really very helpful. We would love to listen about the irreducible polynomials p(x) from you immediately after the term is introduced in lecture-4 as primitive polynomial
When you draw the diagram of the structures in the beginning, you should draw the groups as the largest circle, and as you add structure/operations it makes the set of elements smaller and smaller i.e. all fields are rings and all rings are groups. The way you draw it makes it seems like all groups and rings are fields, which is nonsense. Very interesting though:)
I see your point and that could actually help some students. On the other hand, I always pictured the structured as follows: every ring contains a group and every field contains a ring and groups. Thus, I am not sure what the best approach is pedagogically speaking. Thanks for your thoughts, though. christof
If that was the case, then the diagram should have contained two instances of the group ;) (one for addition, the other one for multiplication), pretty much sharing the common set (except 0 being excluded from the multiplicative group's set). Another possible way to draw it that could be more intuitive to IT engineers could be to use an inheritance diagram similar to those used in programming languages like C++ or Java ;)
@@introductiontocryptography4223 , in addition to your point, making the group the largest circle might also defy the fact that the group is defined by only one operation. Because you will end up having all the other operations contained in the bigger circle which represents a group. I therefore agree more with your own structure. Thanks a lot for this brilliant lecture.
Hi Prof Paar Was it explained why the coefficients of the polynomial are of the set (0,1)? Is there are reason , a proof or is it axiomatic? Thanks as always
Good point, I skipped that :) If we look at GF(2^m), this is a so-called extension field. The base field is GF(2) and the extension degree is m. In extension fields, the polynomial coefficients are always from the base field, i.e, from GF(2). But GF(2) happens to consits of the two field elements 0 and 1. I hope this helps. cheers, christof
Thank you Prof Parr. So in the general case when the Galois field is (prime^m) the base field would be GF(prime) for the coefficients. Would that be correct) --and that you for this great course this has been a great career booster for me :-)
How it can be that the AES irreducible polynomial has a x^8 component? Per the previous explanation I understood that the biggest component of a GF(2^8) can have is x^7. What I am missing?
Prime fields are a special case of Galois fields. They are also sometimes called that. However, often it is convenient to refer to them as "prime field" as this conveys already more information about them. A (poor :) analogy is if one talks about a "hybrid car" rather than just a "car". Every hybrid is obviously a car, but "hybrid car" contains more information. cheers, christof
Galois' history was really really crazy and interesting. Thanks for recommending us to check his Wikipedia page! Really worth the read! Amazing history.
Thank you for a good and interesting lecture. One suggestion and one question. Suggestion: when discussing Galois say from the beginning that the definition is applicable to modular math. It feels like a cheap-shot to just bring it up at the end, with the buildup having viewer puzzled how the fields could possibly work in non-modular math. The question is this: in modular math with numbers the size of the set was used for modulation (mod2 for 0 and 1; modP for 0,1,2...P-1) What is the justification to be using a prime polynomial rather that a set size with polynomial modulation? Or perhaps the Largest polynomial+1, so for 3-bit case would be X^2+X+1+1=X^2+X? Thanks again for interesting lecture.
excellent question: "x+1" is the quotient in this division and is not needed, as we are only interested in the remainder. In any case, here is how quotient and remainder come up in this polynomial division example: (x^4+x^3+x+1) = (x+1) (x^4+x+^1) + (x^2+x) cheers, christof
Although it is not required to know that for the purposes of AES calculations (the `P(x)` is given by the standard), I would like to know where it comes from too. And it's not just my curiosity - it's on the grounds of the "nothing up my sleeves" rule of cryptography.
Same as with prime numbers, there is no easy way of finding irreducible polynomials. There are usually multiple irreducible polynomials of every degree m and the easiest way of finding one is by trail division. (Choose some random Polynomial P of degree m. Do polynomial division with all the polynomials of degree
Thank you so much for the lecture. I have one question please. How can compute the coefficients from GF(2^8) and compute the inverse of the coefficient?
Hi Dr. Paar, I am going to begin a research paper soon while I finish your lectures, perhaps on AES, so that I can can apply for my masters. I saw that on crypto-textbook.com you have a "projects link" where you give ideas for research but I don't know how old those ideas are. I wanted to ask, are there any new ideas that you now find new and exciting, that have not been explored much? Any subset of Cryptography is fine. Thank you, Matthew
Yes, the project ideas on www.crypto-textbook.com are, unfortunately, dated. A very current topic is post-quantum cryptography (PQC). There is a current NIST selection process/competition, which is very exciting. A lot of different new crypto algorithms have been proposed in this context -- I am sure you'll find a topic for your research paper in the PQC area. We will release the 2nd edition of our book in 2021 and there will be a comprehensive treatment of PQC algorithms. good luck, christof
@@introductiontocryptography4223 Awesome, I read the Wikipedia page for PQC this morning and it looks very exciting! I’ll also be waiting for the book! Thanks again, Matthew
Hi! I had a doubt. According to the description of inversion for a group, "For each "a" ∈ G there exists an element a−1 ∈ G, called the inverse of "a", such that a ◦ a−1 = a−1 ◦ a = 1." and all elements (except 0) of a finite field form a multiplicative group. However, this inversion property seems to be true for only prime fields. The existence of the Inverse of any element in a prime field say x is clear as the gcd(x,p) is always 1. Does this hold true for extension fields also? For example in GF(81) which is an extension field, the inverse of 3 does not seem to exist as gcd(3,81) is 3 and not 1.
Good point. I believe the confusion is coming from this: In extension fields, e.g., GF(81) = GF(3^4), you do NOT perform arithmetic with integers mod 81. Instead, the field elements are polynomials, and all field computations (+ - x /) are done as polynomial arithmetic. (Rem: one needs an irreducible polynomial for mutliply and inverse). In any case, if you do this type of field arithmetic, all field elements (= all polynomials that form the field) DO HAVE inverses. I hope this helps. cheers, christof
Hello Prof..thanks a lot for this great lecture series and the promptness with which you answer to the queries/ comments. I am not very clear why the set of natural numbers doesn't form a field. As per the definition of field (point #2 from your slide which defines a field), the number '0' is excused from the group operation/multiplication. Can you please clarify.
Sorry..I think I got that..its because we won't have multiplicative inverses for any of the non-zero numbers [except 1] and not because of "divide-by-zero" problem.
If only i could've studied in your university. Im pretty sure all professors are absolutely top notch. Having to tell people to not talk during the lecture is .... just... i don't even know. Lecture is so so interesting, so brilliant, would've been drowning myself in coffee and listening with both my ears. Much thanks for your work professor.
Prof. Paar NOTHING boring about your class. You are a great and excellent teacher. THANK YOU for all the videos of your class It has sparked my interest and passion for cryptography. Best wishes for you and family. You don't have to worry about me sleeping in your class. I'm ALWAYS AWAKE!
At 17:00 "Don't work through chapter four by yourself". Wiser words never, ever spoken.
So many times he has to ask for students to be quiet.
His students should appreciate this subject, he's really good. We don't even have this subject in my alma mater.
I have never been in so much interactive course even in physical class. Here, sitting in front of my laptop, all my nerves are filling like I am in a real class, and there is you and me going through all these concepts. Hats off to your teaching!!
The way you can keep up my attention to you, irrespective of how long it has been I am sitting here and watching, is the gem quality that you posses. Thank you so much for your all effort, Prof. Paar!!
4:45 Intro to Finite Fields (Galois Field)
29:20 Prime Fields (GF(p))
44:20 Extension Fields (GF(p^m))
Thank you!,!
thank you
Came here to learn about AES, and learned a lot of Math. Not disappointed :). Thumbs up for your lecture.
It was the opposite for me: I came here to learn about Galois fields, and I learnt how the AES internals really work as a bonus :) (to this day, I only knew how to do the computations by using precalculated "multiplication tables" - now I can conjure up those tables myself :) )
Such shame he has to tell his students to be quiet and pay attention. This lecturer is brilliant! 10x better than ours.
Yeah... here where I live he could simply smack them through their heads or kick off the classroom :q
Yeah, the students are fucking dickheads
Had I had a teacher like Prof. Paar, I would have absolutely devoted to my study.
Normally it's really quiet compared to other lectures, however sometimes a few people talk and he will immediately call them out.
students are propably also discussing the course material.It happens
This Prof who I suspect has a native language of German is more coherent than most native English Profs in the USA. Excellent course
That's simply not true. I don't even know why you'd think that.
He has better English than some foreign professors, but not American professors. That's simply because English is very common in Germany.
@@chrism7574 He's not talking about the Quality of the English, but about the coherency of it. You can have excellent well spoken english but still fail at actually teaching with it.
This guy is unable to make two sentences together without throwing in a word in German
dunno if anyone gives a shit but if you are stoned like me atm you can stream all of the new series on instaflixxer. Have been streaming with my gf during the lockdown =)
@Major Malachi Yup, have been watching on InstaFlixxer for since december myself =)
This was an absolutely brilliant lecture. I had been trying to understand the galois theory used in AES for a while and this lecture just saved me. Thank you so much.
this is not galois theory. galois theory is a different beast and a branch of maths. what he did is presenting the basic arithmetic properties of GF(2^m), which are sometimes called Galois fields
Thank you Prof Paar for making a whole lecture series on cryptography. Your explanation is super clear and easy to understand. This is saving me a lot of hours reading my textbook.
Ironic that I skip all my actual classes but then spend hours watching stuff like this at home. Thank you for this and great job.
I do this too. i actually feel like i can learn better in my comfortable home space. What do you think is the reason why you do that?
Also, not all lecturers are as good as the ones found on TH-cam. There are lectures by legends in some fields (think Reinforcement Learning by Dr. David Silver)
Much better than my professor. Going to continue watching the series Prof. Paar. Thanks for uploading.
Motivation AES 2:00
intro FF 5:00
prime field arithmetic 30:00
extension field arithmetic 45:00
ich moeche darauf hinweisen, dass ich, waehrend der youtube-lektion, wirklich nicht geredet habe! :-) Aber ernsthaft: wie viele anderen hier kommentierten, haben Sie auch mich endlich ueber das Mysterium Galois Fields verklaert. Vielen Dank, Herr Paar! Sie verdeinen Respekt!
Best(easiest) explanation for fields I have ever heard! Thanks!
This material is exceptional and has helped me study for a undergrad fourth year course in cryptography.
Very good lecture. I don't get how someone would fall asleep by hearing about Galois Fields for the first time, it's so fascinating.
A brilliant brilliant explanation ....thank you so much. Teachers like you are the reason why education is so much fun and interesting. Otherwise the teachers in universities like mumbai university make the students hate the subject so that they have to put less efforts in classrooms .
Such an interesting lecture. Came here to get a basic idea on finite field, but stayed on till the end. It is almost the end of my Semester at Unimleb (Course: Crypto) and I have an exam next week but it was only until today that I was really able to understand a lot more than what I wanted to know. Thanks, Professor Paar (many thumbs up).
Excellent lecture !
Just what I needed to fill in the missing gaps in my understanding of AES.
Tried to understand the material from several sources, but nowhere was it as clear as the professor explains in this video.
Worth the 90 minutes spent.
Fun fact: this can also help you understand CRC (Cyclic Redundancy Check) checksums as a bonus :)
(AES could be thought of as a glorified version of a CRC)
Extraordinary! A very complex theory handled in a very logical way in just 90 minutes. Thank you 🙏
Thank you so much for putting your course online, Prof. Paar. You are an outstanding teacher. I just ordered your book and eagerly waiting for it to be delivered.
Excellent explanation of GF, groups and rings. And I finally understand the reason for the "AES polynomial".
This man is an American hero
Excellent lecture. Highly proficient lecturer. Would recommend this lecture series to almost anyone.
Wow - i am so glad i found this lecture. Danke Professor Paar!
thank you very much. Clear presentation . I always look for clear explanations to watch and your presentation is very clear .
Good lecturer. Well organized presentation. Good video production. Good audio.
Easy to read the chalk board.
I wish all the class room videos could be this good.
This should be the example of the industry standard for filming a classroom lecture.
I have watched the entire series and I am pleased that the mystery of encryption is gone from my mind.
I've tried to watch other lecture series but disappointed that the production was not as good as this one.
Legendary resource on TH-cam, Thanks Prof!
Man today I just chosed my subject for my presentation about different algorithms and I drawn "finite fields and it's appliance in cryptography" and since 4 hours I am sitting listening and reading about them and I was so angry at the beginning that I had such hard topic but now I feel really entertained lol I wish I had a teacher like you in my univeristy. Greets
Thank you, this lecture was really helpful. I am giving a short presentation in class on Reed Solomon codes, but didn't fully understand Galois fields, and this helped tremendously!
My current professor has great understanding, but lacks the ability to communicate the concepts well. Thank you so much for laying out these tough topics in a way that is easy to understand!
Interesting lecture. Prof Paar did a lot of work in there! Thank you
Thank you for this wonderful lecture, Mr. Paar.
I would hit "thumb up" 1000 times if I could. Thank you very much, it was very helpful!
Great teacher. I'd get a PhD if this guy was my advisor.
Best lesson on encryption ever.
Enjoyed the lesson. Excellent work. Thanks Prof. Paar
thank you so much ....you finished one of my chapters in 90 minutes
That board cleaning was relaxing.
Thank you so much. Your lecture helped me a lot to my final exam in next week :D
Awwww I want to learn about division! Damn lazy stupid undergrads! You guys were lucky to have this professor.
Can't believe this is a uni lecture. Last time I heard ''be quiet'' and 'dont fall asleep 'was in high school😵💫
Wow.. it's really amazing as well as interesting Introduction to Galois Fields (which was helpful to understand mathematics involved behind RAID 6 as well.)
Thank you so much your a life saver. I really enjoyed your lecture, it helped me allot in understanding the mix columns step in AES
Great course, very well explained, a lot of useful info. Thanks a lot!
Superb explanation.. will follow for the full semester !!
Thank you Dr. Parr, I'm not joking when I say you saved my buttocks. I am using the same book in my Crypto course but was baffled by how exactly reduction takes place after my professor's explanation. I watched your course from start to finish, took notes, and now I understand. Thank you! Now, on to the Extended Euclidean Algorithm. Thank you again Dr. Pharr, this was an excellent lecture.
Good explanations ! I liked the way you teach, looking forward to your other videos.
Really good supplement to my course at school that uses your book. Thank you for making these videos.
Awesome lecture. Students are gifted
Way better than my professor...!
Thanks professor for this amazing lecture !
lol @ those two students fighting when he's cleaning the board
When was that?
At around 59:00
Thanks all the way from Cambridge University. I missed my last lecture but this definitely makes up for it!
had a tough time understanding....but wow this lecture is so good...now my concepts are crystal clear ...i have exams next week thanks sir...respect
Such an amazing explanation, in india professor makes things complicated
Thank you Prof! Thank you very much for your brilliant lecture! :)
Such a great lecture. Thank you very much for uploading
Excellent lecture! You even get help to develop an intuition for finite fields. Only someone with deep knowledge can make something this difficult seem simple. Recommend watching the lecture in x1.5 speed.
Amazing that junior undergrads get to learn this. So jealous of these kids!
Excelent!! Thank you profesor.
A pleasure to watch, ty.
Love it when he talks about his past :D
Really helped a lot.thanks professor...
Thank you Professor, great lectures
Very helpful course! Big thanks for sharing.
Thank u so much prof for lecture, it was really amazing
Thank you for the book and the lectures!
Hello... Dr. Christof Paar ...Thank you so much i leaston you lucture on the You Tube its very Good..
cleared all my doubts about finite fields . danke
The Gf(2^m) has the polynomial elements a(m-1)x^(m-1)+...
In your example Gf(2^3), the irreducible polynom X^3+X+1 is not part of the field!
Also the AES x^8+... since the largest element would be in the form of a(m-1)x^(m-1)
Could you please explain?
Thank you.
the same observation i think P(x)=x^2+x+1
+worroSfOretsevraH ou are correct: The irreducible polynomial itself is NOT part of the Galois field. You DIVIDE by the irr. polynomial and the remainder is the field element. By definition, the remainder has always a lower degree than the irreducible polynomial itself. This is similar to prime fields. Let's consider Z_7, i.e., we do arithmetic modulo the prime 7. The field elements are {0,1,2,3,4,5,6}. Note that 7 is not a field element. I hope this helps, Christof
it helps a lot thank you professor Danke
It's the same thing that the modulus you reduce by is not part of itself too.
E.g. for arithmetics modulo `m` the possible remainders are `0, 1, 2, …, m-1`, so `m` (the number you reduce by) is not part of the set, but it is used for reducing the results of operations.
@@introductiontocryptography4223 how do i find the irreducible polynomial
The video was really very helpful. We would love to listen about the irreducible polynomials p(x) from you immediately after the term is introduced in lecture-4 as primitive polynomial
When you draw the diagram of the structures in the beginning, you should draw the groups as the largest circle, and as you add structure/operations it makes the set of elements smaller and smaller i.e. all fields are rings and all rings are groups. The way you draw it makes it seems like all groups and rings are fields, which is nonsense. Very interesting though:)
I see your point and that could actually help some students. On the other hand, I always pictured the structured as follows: every ring contains a group and every field contains a ring and groups. Thus, I am not sure what the best approach is pedagogically speaking. Thanks for your thoughts, though. christof
If that was the case, then the diagram should have contained two instances of the group ;) (one for addition, the other one for multiplication), pretty much sharing the common set (except 0 being excluded from the multiplicative group's set).
Another possible way to draw it that could be more intuitive to IT engineers could be to use an inheritance diagram similar to those used in programming languages like C++ or Java ;)
Totally agree!
@@introductiontocryptography4223 , in addition to your point, making the group the largest circle might also defy the fact that the group is defined by only one operation. Because you will end up having all the other operations contained in the bigger circle which represents a group. I therefore agree more with your own structure. Thanks a lot for this brilliant lecture.
Thanks prof. paar for the lecture :)
Wonderful explanation of GF(p^n), thank you
I'm in high school and I find these fascinating such a shame that he has to ask his students to shut up
4. Extension fields GF(2^m) arithmetic 45:50
Hi Prof Paar
Was it explained why the coefficients of the polynomial are of the set (0,1)? Is there are reason , a proof or is it axiomatic?
Thanks as always
Good point, I skipped that :)
If we look at GF(2^m), this is a so-called extension field. The base field is GF(2) and the extension degree is m. In extension fields, the polynomial coefficients are always from the base field, i.e, from GF(2). But GF(2) happens to consits of the two field elements 0 and 1. I hope this helps. cheers, christof
Thank you Prof Parr. So in the general case when the Galois field is (prime^m) the base field would be GF(prime) for the coefficients. Would that be correct) --and that you for this great course this has been a great career booster for me :-)
Yes, exactly. cheers, christof
How it can be that the AES irreducible polynomial has a x^8 component? Per the previous explanation I understood that the biggest component of a GF(2^8) can have is x^7. What I am missing?
Ohh, I get it... the irreducible polynomial is not part of the field. Duh!
Great lecture - generally interested why isn't a prime finite field referred to as a Galois field?
Prime fields are a special case of Galois fields. They are also sometimes called that. However, often it is convenient to refer to them as "prime field" as this conveys already more information about them. A (poor :) analogy is if one talks about a "hybrid car" rather than just a "car". Every hybrid is obviously a car, but "hybrid car" contains more information. cheers, christof
Started with 8 and now going to learn about this Galois magic.
same, just finished this one but I think I'm off to Lec. 11 now, down the rabbit hole we go!
Galois' history was really really crazy and interesting. Thanks for recommending us to check his Wikipedia page! Really worth the read! Amazing history.
Indeed Galois was not a math student but really an absolute genius . Cheers
Thank you! Wonderful teaching!
Thanks for the great explanation since I am looking for the answer about AES GCM message authentication ❤
Thank you for a good and interesting lecture. One suggestion and one question. Suggestion: when discussing Galois say from the beginning that the definition is applicable to modular math. It feels like a cheap-shot to just bring it up at the end, with the buildup having viewer puzzled how the fields could possibly work in non-modular math. The question is this: in modular math with numbers the size of the set was used for modulation (mod2 for 0 and 1; modP for 0,1,2...P-1) What is the justification to be using a prime polynomial rather that a set size with polynomial modulation? Or perhaps the Largest polynomial+1, so for 3-bit case would be X^2+X+1+1=X^2+X? Thanks again for interesting lecture.
Fantastic lecture, thanks very much.
Wow. Thank you so much. You just helped me to connect the dots :D
Thank you prof, learnt tons!
1:24:30 what is thr meaning of the x+1 that is left over from the procedure?
excellent question: "x+1" is the quotient in this division and is not needed, as we are only interested in the remainder. In any case, here is how quotient and remainder come up in this polynomial division example:
(x^4+x^3+x+1) = (x+1) (x^4+x+^1) + (x^2+x)
cheers, christof
How to find P(x)? Are we suppose to remember? Please tell me the way to find it? Thank you.
Although it is not required to know that for the purposes of AES calculations (the `P(x)` is given by the standard), I would like to know where it comes from too. And it's not just my curiosity - it's on the grounds of the "nothing up my sleeves" rule of cryptography.
Same as with prime numbers, there is no easy way of finding irreducible polynomials.
There are usually multiple irreducible polynomials of every degree m and the easiest way of finding one is by trail division. (Choose some random Polynomial P of degree m. Do polynomial division with all the polynomials of degree
Thank you so much for the lecture. I have one question please. How can compute the coefficients from GF(2^8) and compute the inverse of the coefficient?
Excellent course, thanks.
Hi Dr. Paar, I am going to begin a research paper soon while I finish your lectures, perhaps on AES, so that I can can apply for my masters. I saw that on crypto-textbook.com you have a "projects link" where you give ideas for research but I don't know how old those ideas are. I wanted to ask, are there any new ideas that you now find new and exciting, that have not been explored much? Any subset of Cryptography is fine.
Thank you, Matthew
Yes, the project ideas on www.crypto-textbook.com are, unfortunately, dated. A very current topic is post-quantum cryptography (PQC). There is a current NIST selection process/competition, which is very exciting. A lot of different new crypto algorithms have been proposed in this context -- I am sure you'll find a topic for your research paper in the PQC area.
We will release the 2nd edition of our book in 2021 and there will be a comprehensive treatment of PQC algorithms.
good luck, christof
@@introductiontocryptography4223 Awesome, I read the Wikipedia page for PQC this morning and it looks very exciting!
I’ll also be waiting for the book!
Thanks again, Matthew
Hi! I had a doubt.
According to the description of inversion for a group, "For each "a" ∈ G there exists an element a−1 ∈ G, called the inverse of "a", such that a ◦ a−1 = a−1 ◦ a = 1." and all elements (except 0) of a finite field form a multiplicative group. However, this inversion property seems to be true for only prime fields. The existence of the Inverse of any element in a prime field say x is clear as the gcd(x,p) is always 1. Does this hold true for extension fields also? For example in GF(81) which is an extension field, the inverse of 3 does not seem to exist as gcd(3,81) is 3 and not 1.
Good point. I believe the confusion is coming from this:
In extension fields, e.g., GF(81) = GF(3^4), you do NOT perform arithmetic with integers mod 81. Instead, the field elements are polynomials, and all field computations (+ - x /) are done as polynomial arithmetic. (Rem: one needs an irreducible polynomial for mutliply and inverse). In any case, if you do this type of field arithmetic, all field elements (= all polynomials that form the field) DO HAVE inverses. I hope this helps. cheers, christof
That helped! Thank you @@introductiontocryptography4223
Do you cover chinese remainder theorem in any of the lectures?
great great great explanation. Thank you
Thank you very much Professor..
Hello Prof..thanks a lot for this great lecture series and the promptness with which you answer to the queries/ comments.
I am not very clear why the set of natural numbers doesn't form a field. As per the definition of field (point #2 from your slide which defines a field), the number '0' is excused from the group operation/multiplication. Can you please clarify.
Sorry..I think I got that..its because we won't have multiplicative inverses for any of the non-zero numbers [except 1] and not because of "divide-by-zero" problem.