3

I am trying to understand some topics in the literature and came across the following problem. Say I have a field $GF(2^4)$ defined by the irreducible polynomial $r(z) = z^4 + z + 1$, and I want to map an element in this field to an element in the isomorphic field $GF((2^2)^2)$ defined by the polynomials $p(x) = x^2 + x + 1$ and $q(y) = y^2 + y + (x + 1)$. Note that the coefficients in the polynomial $q(y)$ belong to the subfield $GF(2^2)$.

Now, I used Magma to find the following subset of roots for $p(x)$ and $q(y)$:

  • $p(w + 1) = 0$, where $w + 1$ is in $GF(2^2)$
  • $q(x + 1) = 0$, where $x$ is in $GF((2^2)^2)$

Now, assume I have an element $\alpha$ in $GF(2^4$ represented by 4 bits, namely, $\alpha_3\alpha_2\alpha_1\alpha_0$. In the standard (polynomial) basis, $\alpha$ is equivalent to $\alpha_3z^3 + \alpha_2z^2 + \alpha_1z + \alpha_0$. If I use the normal basis $[(w+1)^2, (w+1)]$ for elements in $GF(2^2)$ and $[(x+1)^4, (x+1)]$ for elements in $GF((2^2)^2)$, then we may rewrite $\alpha$ using new bits $g_i$ as follows:

$\alpha = \alpha_3z^3 + \alpha_2z^2 + \alpha_1z + \alpha_0 = (g_3(w+1)^2(x+1)^4 + g_2(w+1)(x+1)^4) + (g_1(w+1)^2(x+1) + g_0(w+1)(x+1))$

Now, if I simply compute $(w+1)(x+1), (w+1)^2(x+1), (w+1)(x+1)^2, (w+1)^2(x+1)^2$, I am under the impression that this is these are the new basis elements for $GF((2^2)^2)$, and so I should be able to easily derive a basis conversion algorithm by setting the binary strings of these products to be the column vectors of the matrix. This process yields the following:

\begin{matrix} 1 & 0 & 0 & 0 \\ 1 & 1 & 0 & 0 \\ 1 & 0 & 1 & 0 \\ 1 & 1 & 1 & 1 \end{matrix}

Unfortunately, using this basis transformation does not work. I verified its incorrectness by computing the square of some element $\alpha = z^3 + z + 1$ in $GF(2^4)$, and then by mapping $\alpha$ to its isomorphic counterpart in $GF((2^2)^2)$, computing the square in $GF((2^2)^2)$, and then mapping back to $GF(2^4)$. The results of these two steps did not match.

So, to summarize, I suppose my question is really three-fold. First, is my understanding of how the normal basis for an element in $GF((2^2)^2)$ is formed correct?

Second, is it enough to simply compute the products $(w+1)(x+1),\dots,(w+1)^2(x+1)^4$ and then map them to binary strings? Do I need to do any other sort of conversion?

Third, is my method of verification correct?

Thank you so very much to anyone who attempts to answer this question. There is a severe lack of consistency in the literature from which this problem arose, and I am simply trying to get everything along the same line. Also, my apologies for the length of this question.

If there is anything that is unclear, please comment and let me know.

caw
  • 187
  • 10
  • 1
    May be I missed it, but when did you identify a root of $r$ in terms of roots of $q$ and $p$? This is a must. I think the early part of my answer to another question might help you. Ignore the latter part where I try to do the same between $GF(256)$ and $GF(16^2)$. I couldn't make much sense of the paper (in that time) the asker referred to there, so I was unable to reproduce the formulas. But the passage between $GF(16)$ and $GF(4^2)$ should be ok. – Jyrki Lahtonen May 18 '13 at 04:42
  • 1
    And something is strange in your notation. You denoted by $x$ a root of $p$ in $GF(4)$. And it appears as a coefficient of $q$. The element $x+1$ is then also in $GF(4)$, so it cannot be a zero of $q$, because $q$ has no zeros in $GF(4)$. In other words, I think that you are somehow misunderstanding Magma output. – Jyrki Lahtonen May 18 '13 at 04:46
  • Please take a look at this question, too. – Jyrki Lahtonen May 18 '13 at 19:57
  • Thank you, Jyrki. The answers to those questions certainly clear up many issues I was having. – caw May 21 '13 at 20:42
  • 1
    @JyrkiLahtonen - I updated my answer, to actually answer the OP's question using normal basis rather than use a polynomial based alternative. I have the impression that the OP did not understand that q(y) and p(x) operate in $GF(2^4)$, not the isomorphic fields. As you pointed out, q(y) = y^2 + y + (x+1) doesn't work. I changed this to q(y) = y^2 + y + Q, where Q is an element of $GF(2^4)$. Q= 6 or 7 will work, I choose Q=6 for my answer. – rcgldr Mar 04 '23 at 17:29

1 Answers1

2

For normal basis, polynomial constants and roots are elements of $GF(2^4)$, and the polynomials evaluated in $GF(2^4)$. I wrote a program to do a brute force search for Q, X, Y, such that in $GF(2^4), \ (Y)+(Y^4 ) = 1, \ (Y)(Y^4 ) = Q, \ (X)+(X^2 ) = 1, \ (X)(X^2 ) = 1$, that resulted in isomorphic mapping. The following is one of the solutions.

                  irreducible polynomials
GF(2^4):          r(z): z^4 + z + 1
GF((2^2)^2):      q(y): y^2 + y + Q
GF(2^2):          p(x): x^2 + x + 1

              in GF(2^4), q(y) and p(x) are not irreducible polynomials



GF(2^4):          q(y): y^2 + y + Q, Q = 6:
                  y^2 + y + 6 = (y-Y)(y-Y^4)
                  Y = 2, Y^4 = 3
GF(2^4):          p(x): x^2 + x + 1 = (x-X)(x-X^2)
                  X = 7, X^2 = 6

$GF(2^4)$ element = $a3 \ Z^3 \ + a2 \ Z^2 + a1 \ Z + a0 $

$GF((2^2)^2)$ element = $(g3 \ X^2 + g2 \ X) \ Y^4 + (g1 \ X^2 + g0 \ X) \ Y$

The columns to map from $GF((2^2)^2)$ to $GF(2^4)$ are based on X, Y, with the math done in $GF(2^4)$: $(X^2)(Y^4) = 1010 \ \ \ (X)(Y^4) = 1001 \ \ \ (X^2)(Y) = 1100 \ \ \ (X)(Y) = 1110$ .

Map from $GF((2^2)^2)$ to $GF(2^4)$:

|a3|    |1 1 1 1| |g3|
|a2| =  |0 0 1 1| |g2|
|a1| =  |1 0 0 1| |g1|
|a0|    |0 1 0 0| |g0|

The inverse of that matrix to map from $GF(2^4)$ to $GF((2^2)^2)$:

|g3|   |1 1 0 1| |a3|
|g2| = |0 0 0 1| |a2|
|g1| = |1 0 1 1| |a1|
|g0|   |1 1 1 1| |a0|
rcgldr
  • 546
  • When mapping to isomorphic fields using polynomial basis, typically all of the parameters for the isomorphic fields are chosen first, usually to reduce gate count in a hardware implementation, then a brute force search is done to find a primitive element of the original field where isomorphic mapping works. For any set of chosen isomorphic parameters, 4 of the 8 primitive elements of $GF(2^4)$ will result in isomorphic mapping. – rcgldr Mar 04 '23 at 21:33