1

In galois field of prime 2, in composite field $GF((({2}^2)^2)^2)$,

There are irreducible polynomials and reducible polynomials.

$GF(2^2):Q_1(x) = x^2+x+1,$

$GF((2^2)^2):Q_2(x) = x^2+x+\phi,$ $\alpha$ is the root of $Q_2(x)$, $\phi \in GF(2^2)$

$GF((2^2)^2)^2):Q_3(x) = x^2+x+\lambda,$ $\lambda \in GF((2^2)^2)$

Combinations of $\phi$ and $\lambda$ constructs the field.

I tried to figure out the combination $\phi=\{10\}$ and $\lambda=\{1010\}$ is reducible $(\lambda =\alpha^9$ at $GF((2^2)^2))$, but cannot find the pair that makes polynomial $Q_3(x)$ reducible.

Is there any pair that makes this polynomial reducible?

$\phi$ can be expressed as $\{1\}X^1 + \{0\}X^0$

$\lambda$ can be expressed as $(\{1\}X^1+\{0\}X^0)Y^1 + (\{1\}X^1+\{0\}X^0)Y^0$

Element of $GF((2^2)^2)^2)$ can be expressed as

$((a_7X^1+a_6X^0)Y^1+(a_5X^1+a_4X^0)Y^0)Z^1+((a_3X^1+a_2X^0)Y^1+(a_1X^1+a_0X^0)Y^0)Z^0$,$\{a_7 a_6 a_5 a_4 a_3 a_2 a_1 a_0\}$.

Representation is different to $GF(2^8)$

Pyong
  • 11
  • 2
  • 4
    Why write $((2^2)^2)^2$ instead of $2^8$? – lhf May 21 '20 at 13:47
  • Since we don't know the relations between $\phi$, $\lambda$, and $\alpha$, it is hard to say. But if $\phi \in \mathrm{GF}(2^{4})$, then $Q_{2}$ must be reducible in $\mathrm{GF}(2^{8})$. Likewise with $\lambda$ and $Q_{3}$. – xxxxxxxxx May 21 '20 at 23:30
  • @lhf Because $GF(((2^2)^2)^2)$ is different to $GF(2^8)$. – Pyong May 22 '20 at 01:12
  • @MorganRodgers $\phi \in GF(2^2)$, not in $GF(2^4)$ – Pyong May 22 '20 at 01:14
  • 1
    $GF(((2^2)^2)^2)=GF(2^8)$. You probably meant $\phi \in GF(2^4),\not\in GF(2)$ and similarly for $\lambda$ ? With a counting argument and the fact that the minimal polynomial is $(x-a)(x-a^2)$ we get that not all polynomial of the form $x^2+x+b,b\in GF(2^n),\not\in GF(2^{n-1})$ is irreducible in $GF(2^n)[x]$. – reuns May 22 '20 at 01:33
  • @reuns You totally don't understand the composite field. Please write after you know the composite field. And $Q_2(x)$ and $Q_3(x)$ is extension field polynomials – Pyong May 22 '20 at 01:36
  • There is only one field with $2^8$ elements but many different ways to represent it. You want to construct it as a tower of quadratic extensions $GF(2^8)/GF(2^4)/GF(2^2)/GF(2)$ so you need to find an irreducible quadratic polynomial at each step. – reuns May 22 '20 at 01:49
  • @reuns Well, elements are isomorphic with different polynomials, for example, $x^8+x^4+x^3+x^2+1$ and $x^8+x^4+x^3+x^1+1$(Advanced Encryption Standard polynomial). What I want to ask is why that combinations of $Q_2(x)$ and $Q_3(x)$ is reducible. – Pyong May 22 '20 at 02:02
  • First of all you meant $\phi$ a root of $x^2+x+1$. So the first question is if $x^2+x+\phi$ is irreducible. For this try it : for each $a,b\in GF(2)^2$ find if $(a+b\phi)^2+(a+b\phi)+\phi=0\in GF(2)[\phi]/(\phi^2+\phi+1)$. What I'm saying is that a counting argument shows that we can't say if the polynomial is irreducible just by looking at it. – reuns May 22 '20 at 02:07
  • Pyong, calm down. It is well known from elementary course on abstract algebra that all fields with $2^8$ elements are isomorphic, and thus it makes perfect sense to state that $GF(2^8)=GF(((2^2)^2)^2)$. We also know that some implementations of the arithmetic of these fields benefit from having this construction as quadratic towers. The fields are the same, but the interpretations of elements as strings of bits are different. – Jyrki Lahtonen May 22 '20 at 04:48
  • Anyway, one way of constructing this tower is outlined in this old answer of mine. – Jyrki Lahtonen May 22 '20 at 04:50
  • (cont'd) It goes as follows. $x^2+x+1$ is irreducible over $GF(2)$ so if we denote by $\alpha_1$ its zero, then $\alpha_1$ generates the extension $GF(2^2)$. It is not hard to show that $x^2+x+\alpha_1$ is irreducible over $GF(2^2)$. So if we denote by $\alpha_2$ its zero, we see that $\alpha_2$ generates the extension $GF((2^2)^2)$ over either $GF(2)$ (degree four) or over $GF(2^2)$ (degree two). And we can keep going. $x^2+x+\alpha_2$ is irreducible over $GF((2^2)^2)$, and its zero $\alpha_3$ gives us $GF(2^8)$ etc. – Jyrki Lahtonen May 22 '20 at 04:55
  • But, may be you could explain the meaning of the notations such as ${10}$ and ${1010}$. They may be standard in your line of work, but they are anything but standard to users best placed to help you with the algebra. I can guess that the notations captures both halves of an element of some quadratic tower, and that the left/right halves are the coordinates w.r.t. a basis, and represent elements of the previous field. But there are at least little/big endian problems in interpreting those bit strings. – Jyrki Lahtonen May 22 '20 at 05:05
  • OK. I guess the last part tries to explain that. Thanks. Actually there is still a problem of the choice of basis, but that answers the little/big endian question. – Jyrki Lahtonen May 22 '20 at 05:11
  • The $X,Y,Z$ feel a bit strange to me because we are to do a recursive construction and will run out of dstinct letters sooner or later :-) – Jyrki Lahtonen May 22 '20 at 05:17
  • @JyrkiLahtonen Then how can I change $X, Y, Z$ to standard representation with recursive construction? $X, Y, Z$ are used because David Canright(in AES Sbox optimization, using normal basis of $2^8$) showed $GF(((2^2)^2)^2)$ normal basis representation similar to my representation though Canright used greek alphabet to represent. – Pyong May 22 '20 at 05:26
  • If you are stuck with a given way of doing $GF(256)$ then stick to it. My criticisim of using $X,Y,Z$ was more about extending this to $GF(2^{128})$. You need seven "letters" :-) Anyway, I will compose an answer. I cannot guarantee that it will be compatible with Canright's. – Jyrki Lahtonen May 22 '20 at 05:46
  • Sorry about abandoning my answer here. I sort of fleshed it out here, but I'm not sure it covers everything. – Jyrki Lahtonen Jun 30 '20 at 12:13

0 Answers0