How to represent the elements of the Galois filed GF(2^8) and perform arithmetic in NTL library

Question

I am new to NTL library for its GF2X, GF2E, GF2EX, etc. Now, I want to perform multiplication on the Galois field GF(2^8). The problem is as following:

Rijndael (standardised as AES) uses the characteristic 2 finite field with 256 elements, 
which can also be called the Galois field GF(2^8). 
It employs the following reducing polynomial for multiplication:
x^8 + x^4 + x^3 + x^1 + 1.

For example, {53} • {CA} = {01} in Rijndael's field because

(x^6 + x^4 + x + 1)(x^7 + x^6 + x^3 + x)
= (x^13 + x^12 + x^9 + x^7) + (x^11 + x^10 + x^7 + x^5) + (x^8 + x^7 + x^4 + x^2) + (x^7 + x^6 + x^3 + x)
= x^13 + x^12 + x^9 + x^11 + x^10 + x^5 + x^8 + x^4 + x^2 + x^6 + x^3 + x
= x^13 + x^12 + x^11 + x^10 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + x^2 + x

and
x^13 + x^12 + x^11 + x^10 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + x^2 + x modulo x^8 + x^4 + x^3 + x^1 + 1
=   (11111101111110 mod 100011011)
=   {3F7E mod 11B} = {01}
=   1 (decimal)

My question is how to represent the reducing polynomial x^8 + x^4 + x^3 + x^1 + 1 and the polynomials x^6 + x^4 + x + 1 and x^7 + x^6 + x^3 + x in NTL. Then perform multiplication on these polynomials, and get the result {01}.

This is a good example for me to use this library.

If your goal is to work with GF(2^8) symbols (as bytes) and not NTL specifically, it's really quite easy to create log and exp tables. I did that some years ago in favor of NTL for ECC math. Really easy now with constexpr. — doug, May 29 '21 at 04:37
I don't know NTL, but looking at the documentation, it seems that you could use | ZZ_p::init(ZZ(2)); | ZZ_pX P; | BuildIrred(P, 8); | to init a reducing polynomial, then change it to 1 + x + x^3 + x^4 + x^8. Once you've changed P to match the AES reducing polynomial, the rest should be straight forward. The elements of the field are stored as 8 element coefficients of a polynomial, least significant bit first. I don't know if there is a built in function to convert between bytes and 8 term coefficients. As commented by doug, implementing the math for GF(2^8) using bytes would be simpler. — rcgldr, May 29 '21 at 07:39
Thanks for your answer. Here, I want to get a example for better using NTL's finite filed class mentioned as my question. — Land, May 29 '21 at 08:36
Explaination and sample program that can run directly is the better answer. — Land, May 29 '21 at 09:05

rcgldr · Accepted Answer · 2021-05-29T22:38:30.233

2

Again, I don't know NTL, and I'm running Visual Studio 2015 on Windows 7. I've downloaded what I need, but have to build a library with all the supplied source files which will take a while to figure out. However, based on another answer, this should get you started. First, initialize the reducing polynomial for GF(256):

GF2X P;                      // apparently the length doesn't need to be set
SetCoeff(P, 0, 1);
SetCoeff(P, 1, 1);
SetCoeff(P, 3, 1);
SetCoeff(P, 4, 1);
SetCoeff(P, 8, 1);
GF2E::init(P);

Next, assign variables as polynomials:

GF2X A;
SetCoeff(A, 0, 1);
SetCoeff(A, 1, 1);
SetCoeff(A, 4, 1);
SetCoeff(A, 6, 1);

GF2X B;
SetCoeff(B, 1, 1);
SetCoeff(B, 3, 1);
SetCoeff(B, 6, 1);
SetCoeff(B, 7, 1);

GF2X C;

Looks like there is an override for multiply so this would work assuming that the multiply override is based on the GF(2^8) extension field GF2E::init(P).

C = A * B:

As commented after the question, NTL is more oriented to large fields. For GF(256) it would be faster to use bytes and lookup tables. For up to GF(2^64), xmm register intrinsics with carryless multiply (PCLMULQDQ) can be used to implement finite field math quickly without tables (some constants will be needed, the polynomial and it's multiplicative inverse). For fields greater than GF(2^64), extended precision math methods would be needed. For fields GF(p^n), where p != 2 and n > 1, unsigned integers can be used with lookup tables. Building the tables would involve some mapping between integers and GF(p) polynomial coefficients.

edited May 29 '21 at 22:38

answered May 29 '21 at 15:25

rcgldr

27,407
3
36
61

NTL is also available with MSVC's vcpkg which simplifies installation. – doug May 30 '21 at 01:24
@doug - there is a youtube video for how to create NTL library for VS2015, just takes a while and maybe a couple of fixes, unless the source has been fixed. – rcgldr May 30 '21 at 03:09
Thanks. Took a quick look. Easy port. – doug May 30 '21 at 03:37
@doug - under what circumstances would NTL be advantageous for use with finite field math, other than dealing with very large polynomials? Even in that case, from what I'm finding doing web searches, there are better libraries for large polynomials? I may try it out for factoring a primitive polynomial with finite field coefficients, as those factors can be used for composite field mapping, but I have the feeling it's going to take too long to be practical (such as factoring a degree 64 polynomial with GF(2^32) or GF(2^16) coefficients. – rcgldr May 30 '21 at 19:18
I don't think NTL is that useful for specific gf domain work. I did use it briefly to verify some work but quickly just wrote my own code. But my application was Reed-Solomon ECC which also involved adapting some matrix code to use gf(2^8). Easier to just code. Particularly as it was simulation that would be ported to VHDL. – doug May 31 '21 at 00:49
@doug - I did something similar back in the 1980's. I wrote an interactive RS demo program for GF(2^8), with all 3 common decoders. The Sugiyama extended Euclid algorithm emulates a pair of shift registers, since that is what the hardware guys would be using. https://github.com/jeffareid/eccdemo8 – rcgldr May 31 '21 at 06:55
Fun stuff. Toes were the Daze – doug Jun 01 '21 at 04:48
@doug - I'm still intermittently active with RS and finite field stuff, did some major updates to some Wikipedia articles a few years ago. One of the more recent things was to explain how the mapping matrices are generated for [composite field mapping](https://github.com/jeffareid/finite-field/blob/master/Composite%20Field%20Mapping%20Example.pdf) as used for hardware implementation of AES inversion. – rcgldr Jun 01 '21 at 07:12
Nice! I only got into it briefly. I'm an EE and mostly do sig processing and control systems. But I found the gf stuff quite fun and different during the couple months I worked on it. – doug Jun 01 '21 at 14:59

How to represent the elements of the Galois filed GF(2^8) and perform arithmetic in NTL library

1 Answers1