1

What are the reasons that cryptography-related constructions -- such as featured in excellent explainers on elliptic curves on RareSkills and Practical Cryptography for Developers, and all the explainers on zero-knowledge proofs that I've found -- treat finite fields of size $p$ where $p$ is a prime, rather than the more general case of a non-prime finite field of size $p^n$, where $p$ is a prime and $n\geq 1$ is any number?

(Every finite field has order $p^n$ for some prime $p$ and $n\geq 1$ as per a nice argument on https://math.stackexchange.com/a/3067156/449733)

I understand that a prime finite field may be simple and sufficient, but non-prime finite fields seem not even to be considered or mentioned as a possibility, at least on the resources I've seen.

Are there practical reasons that ECC or zero-knowledge constructions should avoid these?

Thank you.

Jim
  • 518
  • Both prime and composite integers are very difficult to discern for large values. As far as I know, the primes used in cryptography are enormous and yet the codes that use them can be deciphered but within a not short time, so after said time, they must be changed. But I seem to remember that cryptographers they also use huge non-prime integers which are also used to devise codes in cryptography. – Piquito Jan 21 '24 at 20:50
  • Thank you for this @Piquito. You may be thinking of RSA encryption, which works by multiplying two large primes together and depends for its security on multiplication being easier than factorisation. https://www.comparitech.com/blog/information-security/rsa-encryption/#How_does_RSA_encryption_work If so, by my understanding this is a distinct topic. – Jim Jan 21 '24 at 21:03
  • As far as I know, there is no real reason. – Randall Jan 21 '24 at 21:15
  • Because not every element of a composite finite field is guaranteed to have a multiplicative inverse, perhaps? – H. sapiens rex Jan 21 '24 at 23:59
  • 2
    @H.sapiensrex By definition, every nonzero element of a field has a multiplicative inverse. So it's not that. – Jim Jan 22 '24 at 04:20

1 Answers1

1

Binary extension fields are used for Elliptic Curve crypto. There are even Elliptic curve cryptography standards using $GF(2^n)$. See Wikipedia. So extension fields are OK. There are practical reasons for preferring binary but there are some issues.

They are used less frequently in practice, mainly due to some patent issues. See this question and answer on cryptography stack exchange. Also if $GF(2^n)$ is used with some highly composite $n$ there are certain attacks possible.

Zero knowledge proofs are much rarer constructs, usually used as plugins to other primitives, such as identification schemes and group signatures, but I am not aware of explicit reasons for not using extension fields. I am also not sure if they are not used.

kodlu
  • 9,338