1

In the Rijndael AES proposal in section 2.1.2 they have chosen m(x) = x^8 + x^4 + x^3 + x + 1 and said it is an irreducible polynomial. This polynomial corresponds to integer 283.

Further in section 4.2.3, they have defined the value of M, the matrix used in MixColumn operation. I was trying to find its multiplicative inverse M⁻¹ in octave. I used the command

y = gf(M, 8, 283)

And octave gave me the following error:

error: gf: primitive polynomial (283) of Galois Field must be irreducible

Can anyone please help me in explaining why I am getting this error? I have very little knowledge of fields, groups and similar abstract concepts.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262
siddhant
  • 837
  • 9
  • 13
  • Have you checked if `y = primpoly (8)`well returns the irreducible polynomial used in AES? – Raoul722 Mar 02 '16 at 13:45
  • `primpoly(8)` returns $D^8+D^4+D^3+D^2+1$ i.e . 285 – siddhant Mar 02 '16 at 13:47
  • This polynomial is also an irreducible one over $GF(2^8)$ but try `y = primpoly(8, all)`to get all the irreducible polynomials and then check if the one used in AES appears. – Raoul722 Mar 02 '16 at 13:54
  • Tried that as well. It doesn't. – siddhant Mar 02 '16 at 13:57
  • Really? So I think there might be an error in their implementation... You can try to contact the support or developpers team. – Raoul722 Mar 02 '16 at 14:00
  • 2
    I suspect that the Octave implementation insists that the value 2 in the generated field is primitive (that is, $2^x$ takes on all possible nonzero values in the field) as well. If they insist on that, well, that's an error; that's not a requirement for a field (there must be primitive elements, but 2 needn't be one of them) – poncho Mar 02 '16 at 14:48
  • @Siddhant 0x11D is indeed the first *primitive* polynomial, but 0x11B is the first irreducible – Richie Frame Mar 03 '16 at 00:33
  • I was also able to replicate the problem, it complains about 283 but not 285 – Richie Frame Mar 03 '16 at 01:53
  • @RichieFrame Octave complains that its irreducible. I think it should complain that its not primitive. I tried the same thing in matlab. It warns that 283 is not primitive. There must me some problem in octave's implementation – siddhant Mar 03 '16 at 08:10
  • @Siddhant Then a [bug report](https://savannah.gnu.org/bugs/?func=additem&group=octave) would useful. – ederag Mar 03 '16 at 16:04
  • The error message is wrong in stating that 0x11b is not irreducible. Every non-zero number for the 0x11b field is a power of 3. There are 30 irreducible 9 bit polynomials which can be used for GF(2^8), but only 16 of these have 2 as a primitive element. – rcgldr Sep 07 '17 at 06:45

0 Answers0