3.1 Arithmetic in Finite Fields 3.2 Addition

To make explicit computations with elliptic curves over finite fields, we need to know how to perform arithmetic operations in finite fields, and we would like to do so as efficiently as possible. In the applications we will consider, the finite fields involved may be very large, so it is important to understand the asymptotic complexity of finite field operations. This is a huge topic, one to which an entire course could be devoted. However, we will spend just one week on finite field arithmetic (this lecture and the next), with the goal of understanding the most commonly used algorithms and analyzing their asymptotic complexity. This will force us to omit many details. For they sake of brevity, we will focus on fields of large characteristic (and primes fields in particular), although the algorithms we describe will generally work in any finite field of odd characteristic. Fields of characteristic 2 are quite important in practical applications and there are specialized algorithms that are optimized for such fields, but we will not consider them here. We may represent elements of a prime field Fp ' Z/pZ as integers in the interval [0, p−1]. For finite fields Fq with q = pd, we may pick any irreducible monic polynomial f ∈ Fp[x] of degree d and represent Fq as the quotient Fp[x]/(f) ' (Z/pZ)[x]/(f), whose elements may be uniquely represented as polynomials of degree less than d with integer coefficients in [0, p−1]. The choice of the polynomial f impacts the cost of reducing a polynomials in Fp[x] modulo f ; ideally we would like f to have as few nonzero coefficients as possible. We can choose f to be a binomial if (and only if) d divides p−1: let f = xd−a where a is a generator of Fp. We can often, but not always, choose f to be a trinomial; see [5] for necessary criteria. It is also useful (but not necessary) for f to be a primitive polynomial; this means that f is the minimal polynomial of a generator for Fq , equivalently, the polynomial x generates the multiplicative group of Fp[x]/(f). Having fixed a representation for Fq as described above, every finite field operation can be reduced to arithmetic operations on integers, which we now consider.