Normal basis of $GF(2^4)$ over $GF(2^2)$

Question

I'm reading this paper: Scrutinizing the Tower Field Implementation of the $F(2^8)$ Inverter – with Applications to AES, Camellia, and SM4. It mentioned a sequence of field extensions $F_2 \subseteq F_{2^2} \subseteq F_{2^4} \subseteq F_{2^8}$. Let $r(y) \in F_{2^4}[y], s(z) \in F_{2^2}[z], t(w) \in F_2[w]$ be irreducible polynomials over their respective fields, and let $Y \in F_{2^8}, Z \in F_{2^4}, W \in F_{2^2}$ be roots of $r(y),s(z),t(w)$ over the corresponding fields respectively. Then it obtain a set of normal basis: $[Y^{16},Y]$ is a basis of $F_{2^8}$ over $F_{2^4}$, $[Z^4,Z]$ is a basis of $F_{2^4}$ over $F_{2^2}$, $[W^2,W]$ is a basis of $F_{2^2}$ over $F_{2}$.
But I really don't understand how to get $[Y^{16},Y], [Z^4,Z], [W^2,W]$. HELP!

It would be easier to answer a more specific question. I tried to collect links to some on-site information here, but I'm not sure I made it understandable. The recursive construction I described there does explain these normal bases. Are you familiar with the meaning of a normal basis? Here they are somewhat immediate from the Galois theory of finite fields. Are you familiar with Galois theory concepts? — Jyrki Lahtonen, Nov 08 '20 at 10:09
Thank you. I'll try my best to read your answer. @JyrkiLahtonen — 李立基, Nov 08 '20 at 10:23
Actually that answer of mine does a piss-poor job with the normal bases. Check out reuns' answer for that part. I was so sold on the idea that the elements in the tower construction from my answer yield normal bases as extensions of the prime field. In other words, for example ${Z^8,Z^4,Z^2,Z}$ would be a normal basis of $\Bbb{F}_{16}$ over $\Bbb{F}_2$, if you extract $Z$ from that tower. That requirement is stronger than what is needed here (and in reuns' answer): — Jyrki Lahtonen, Nov 08 '20 at 11:41
In another article, $Y, Z, W$ are all $\in F_{2^8}$. I added an answer with a link to that article and a post I created that includes more details. — rcgldr, Dec 29 '23 at 20:40

reuns · Accepted Answer · 2020-11-08T11:28:51.327

$F_{p^{2n}} = F_{p^n}[x]/(x^2+ax+b)$ for any $x^2+ax+b\in F_{p^n}[x]$ irreducible.
$F_{p^n}$ is the splitting field of $x^{p^n}-x\in F_p[x]$.
The $F_{p^n}$-conjugate of $x$ is $x^{p^n}$ and $x,x^{p^n}$ is a normal basis of $F_{p^{2n}}/F_{p^n}$ iff $x,x^{p^n}$ are $F_{p^n}$-linearly independent iff $x^{p^n-1}$ is not in $F_{p^n}$.

If $x^{p^n-1}\in F_{p^n}$,

Then $(x^{p^n-1})^{p^n-1}=1$.

On the other hand $x\in F_{p^{2n}}$ implies that $x^{p^{2n}-1}=1$.

Together this would imply that $x^{\gcd(p^{2n}-1,(p^n-1)^2)}=1$.

Now we assume that $p=2$, then $\gcd(2^{2n}-1,(2^n-1)^2)=2^n-1$ so $x^{2^n-1}=1$ ie. $x\in F_{2^n}$ which is a contradiction.

Whence $x,x^{2^n}$ is always a normal basis.

In another article, $Y, Z, W$ are all $\in F_{2^8}$. I added an answer with a link to that article, and a link to a post I made that provides more details. — rcgldr, Dec 29 '23 at 20:04

rcgldr · Answer 2 · 2023-12-29T20:33:49.113

0

In this article, $Y, Z, W$ are all $\in F_{2^8}$ with their values defined on page 24. I provided more details in this post.

I could not find a full pdf file for "Scrutinizing the Tower Field ...", so I don't know the details of that implementation.

edited Dec 29 '23 at 20:33

answered Dec 29 '23 at 19:50

rcgldr

546

Normal basis of $GF(2^4)$ over $GF(2^2)$

2 Answers2