0

I'm learning finite fields behind Advance Encryption Standard. As far as I know, the irreducible polynomial used in AES is $x^8+x^4+x^3+x+1$. This is because AES s-box is based on bytes(8bits). Now I am trying to enlarge the s-box to 4bytes(32bits), so I need to find a polynomials of degree 32 over $Z_2[x]$.

So the question is How can i get a irreducible polynomials of degree 32 over $Z_2[x]$?

I've searched for some approaches and not very familiar with trace most mentioned. What materials relating $Z_2[x]$ can I refer to?

Besides, I would appreciate it if there is some constructed such polynomials for me to test! Thanks!

Sil
  • 16,612
jjz
  • 11
  • Please add more details. If you do not specify demanded properties like the degree, $x+1$ does the job. But you are surely looking for more interesting polynomials. – Peter Apr 07 '21 at 08:29
  • 1
    One way is to find an element $a\in GF(2^{32})$ such that $tr(a)=1$. Then $x^2+x+a$ will be irreducible. But, seriously, you need to be more specific, like what degree? I also recommend that you take a look at our guide for new askers and try to improve your question. It is pretty much impossible to give a very helpful answer when you leave us in the dark about how much you know about these polynomials. For example, tell us more about what kind of tests you are planning to do. – Jyrki Lahtonen Apr 07 '21 at 08:30
  • I've added more details. Thanks for your suggestions. – jjz Apr 07 '21 at 08:51
  • 1
    You can take $X^{32}+X^{25}+X^2+X+1$. – GreginGre Apr 07 '21 at 10:07
  • 1
    Ok, so you didn't really want an irreducible polynomial over $GF(2^{32})$, you wanted a a polynomial of degree $32$ that is irreducible over $GF(2)=\Bbb{Z}_2$. No worries, I actually suspected that to be the case :-) Andeas Caranti gave an example (+1). I have a class to teach. If I think of such a polynomial that its irreducibility can be decided with paper and pencil calculations, I will come back to this. – Jyrki Lahtonen Apr 07 '21 at 10:07
  • Maybe something like this can be helpful: How can I prove irreducibility of polynomial over a finite field? – Sil Apr 07 '21 at 10:15
  • It is easy to see that the minimal number of terms of such a polynomial is $5$. So $x^{32}+x^{a}+x^{b}+x^{c}+1$. This leads you, for example, to the example given by GreginGre. – Dietrich Burde Apr 07 '21 at 10:57

1 Answers1

1

The appropriate Conway polynomial $$ c = x^{32}+x^{15}+x^9+x^7+x^4+x^3+1 $$ would fit the bill (this can be obtained from a computer algebra system).

To verify that this is primitive, hence irreducible, first factor (in case using a computer algebra system) \begin{align} 4\,294\,967\,295 &= 2^{32} - 1 \\&= (2^{16} -1) \cdot (2^{16} + 1) \\&= \dots \\&= (2^{2} - 1) \cdot (2^{2} + 1) \cdot (2^{4} + 1) \cdot (2^{8} + 1) \cdot (2^{16} + 1) \\&= 3 \cdot 5 \cdot 17 \cdot 257 \cdot 65537. \end{align} Then show (using a computer algebra system) that $x$ has indeed order $B = 2^{32} - 1$ modulo $c$, by checking that $x^{B} \equiv 1 \pmod{c}$, whereas $x^{B/p} \not\equiv 1 \pmod{c}$ for all primes $p \in \{ 3, 5, 17, 257, 65537 \}$ dividing $B$.

Andreas Caranti
  • 68,873