0

I understand how to map elements from the $GF(2^8)$ to $GF(((2^2)^2)^2).$

And the isomorphic mapping matrix is isomorphic mapping matrix1

But recently,I'm reading a paper,and finding something really confusing me.

The paper maps $GF(2^8)$ to $GF((2^4)^2)$ , represents $GF(2^4)$ elements in a Normal basis {$β^4, β^3, β^2, β^1$}, and the modular polynomial for the extension is $α^2 + (β^4 + β)α + β.$

And the result mapping matrix is isomorphic mapping matrix2

Could someone help me how I construct this mapping matrix?

Thanks.

Mathmo123
  • 23,018
Allen Cheng
  • 1
  • Isn't $2^8=(2^4)^2$? What does the notation mean? – Kenta S Oct 29 '22 at 13:37
  • 1
    It means we map Galois field $GF(2^8)$ to its subfield $GF((2^4)^2)$ ,because we can use less cost to construct $GF((2^4))$ multiplication and inversion in circuit design. – Allen Cheng Oct 29 '22 at 13:54
  • Too much is missing for me to trace back the meaning of those mapping matrices. I can guess what $\beta$ is but even then different choices lead to different values of $\beta^4+\beta$ and $\beta$, further leading to different $\alpha$s. – Jyrki Lahtonen Oct 30 '22 at 07:14
  • @KentaS I don't know much at all about the variations, but the idea is to implement the arithmetic of $GF(2^8)$ on a chip with very limited resources (e.g. no memory for look-up-tables). The notation $GF((2^4)^2)$ is used when $GF(256)$ is seen as a 2-dimensional space over $GF(16)$. If they further implement $GF(16)$ arithmetic using two coordinates from $GF(4)$, then they denote it $GF(((2^2)^2)^2)$ instead. Division/inversion is particularly nasty to implement. – Jyrki Lahtonen Oct 30 '22 at 07:19
  • Those mapping matrices undoubtedly stand for simple change of bases matrices. But the 8 basis elements can be written in $8!=40320$ distinct orders (true, most don't make sense, because obviously a basis for an extension tower is gotten by using the familiar products of basis elements). Anyway, too many choices to figure it all out. – Jyrki Lahtonen Oct 30 '22 at 07:22
  • Study this thread. The information there may be a bit outdated. I attempt to explain the underlying algebra, but undoubtedly there is more to the optimization. See also rcgldr's answer for they seem to understand the goals of these optimizations better than I do. Anyway, without links to the source such as those given by acapola in that thread nobody can even attempt to answer. – Jyrki Lahtonen Oct 30 '22 at 07:30
  • Can you provide a link to that paper or at least post links to more images of key points in that paper. Mapping via a normal basis is more complicated than mapping via a polynomial basis. This is because what is an irreducible polynomial in $GF((2^4)^2)$, is used as a polynomial in $GF(2^8)$ where it has roots. A brute force search is done for a root W such that in $GF(2^8)$, $(W)+(W^2) = β^4 + β$, and $(W)(W^2) = β$. An element of $GF((2^4)^2)$, is then $b1 \ W^2 + b0 \ W$. – rcgldr Mar 05 '23 at 06:39
  • Assuming the matrix maps from $GF((2^4)^2)$ to $GF(2^8)$, and that the primitive element of $GF(2^8) = 0x02$, the inverse of that matrix implies that the primitive element of $GF((2^4)^2) = 0xf0 = 1111 \ W^2 + 0000 \ W$. The unknowns are $GF(2^8)$, $GF((2^4)^2)$, β, and W. More information is needed. – rcgldr Mar 05 '23 at 06:45
  • @JyrkiLahtonen - the OP is asking about normal basis mapping. See this question for $GF(2^8)$ to $GF(((2^2)^2)^2)$, and this answer for $GF(2^4)$ to $GF((2^2)^2$. My two prior comments explain some of this. – rcgldr Mar 05 '23 at 07:00

0 Answers0