Finite field arithmetic

Last updated January 22, 2024

In mathematics, finite field arithmetic is arithmetic in a finite field (a field containing a finite number of elements) contrary to arithmetic in a field with an infinite number of elements, like the field of rational numbers.

Effective polynomial representation
Primitive polynomials
Addition and subtraction
Multiplication
Rijndael's (AES) finite field
Multiplicative inverse
Implementation tricks
Generator based tables
Carryless multiply
Composite field
Program examples
C programming example
D programming example
See also
References
Sources
External links

There are infinitely many different finite fields. Their number of elements is necessarily of the form pⁿ where p is a prime number and n is a positive integer, and two finite fields of the same size are isomorphic. The prime p is called the characteristic of the field, and the positive integer n is called the dimension of the field over its prime field.

Finite fields are used in a variety of applications, including in classical coding theory in linear block codes such as BCH codes and Reed–Solomon error correction, in cryptography algorithms such as the Rijndael (AES) encryption algorithm, in tournament scheduling, and in the design of experiments.

Effective polynomial representation

The finite field with pⁿ elements is denoted GF(pⁿ) and is also called the Galois field of order pⁿ, in honor of the founder of finite field theory, Évariste Galois. GF(p), where p is a prime number, is simply the ring of integers modulo p. That is, one can perform operations (addition, subtraction, multiplication) using the usual operation on integers, followed by reduction modulo p. For instance, in GF(5), 4 + 3 = 7 is reduced to 2 modulo 5. Division is multiplication by the inverse modulo p, which may be computed using the extended Euclidean algorithm.

A particular case is GF(2), where addition is exclusive OR (XOR) and multiplication is AND. Since the only invertible element is 1, division is the identity function.

Elements of GF(pⁿ) may be represented as polynomials of degree strictly less than n over GF(p). Operations are then performed modulo m(x) where m(x) is an irreducible polynomial of degree n over GF(p), for instance using polynomial long division. Addition is the usual addition of polynomials, but the coefficients are reduced modulo p. Multiplication is also the usual multiplication of polynomials, but with coefficients multiplied modulo p and polynomials multiplied modulo the polynomial m(x).^[1] This representation in terms of polynomial coefficients is called a monomial basis (a.k.a. 'polynomial basis').

There are other representations of the elements of GF(pⁿ); some are isomorphic to the polynomial representation above and others look quite different (for instance, using matrices). Using a normal basis may have advantages in some contexts.

When the prime is 2, it is conventional to express elements of GF(pⁿ) as binary numbers, with the coefficient of each term in a polynomial represented by one bit in the corresponding element's binary expression. Braces ( "{" and "}" ) or similar delimiters are commonly added to binary numbers, or to their hexadecimal equivalents, to indicate that the value gives the coefficients of a basis of a field, thus representing an element of the field. For example, the following are equivalent representations of the same value in a characteristic 2 finite field:

Polynomial	x⁶ + x⁴ + x + 1
Binary	{01010011}
Hexadecimal	{53}

Primitive polynomials

There are many irreducible polynomials (sometimes called reducing polynomials) that can be used to generate a finite field, but they do not all give rise to the same representation of the field.

A monic irreducible polynomial of degree $n$ having coefficients in the finite field GF( $q$ ), where $q = p t$ for some prime $p$ and positive integer $t$ , is called a primitive polynomial if all of its roots are primitive elements of GF( $q n$ ).^[2]^[3] In the polynomial representation of the finite field, this implies that $x$ is a primitive element. There is at least one irreducible polynomial for which $x$ is a primitive element.^[4] In other words, for a primitive polynomial, the powers of $x$ generate every nonzero value in the field.

In the following examples it is best not to use the polynomial representation, as the meaning of $x$ changes between the examples. The monic irreducible polynomial $x 8 + x 4 + x 3 + x + 1$ over GF(2) is not primitive. Let $λ$ be a root of this polynomial (in the polynomial representation this would be $x$ ), that is, $λ 8 + λ 4 + λ 3 + λ + 1 = 0$ . Now $λ 51 = 1$ , so $λ$ is not a primitive element of GF(2⁸) and generates a multiplicative subgroup of order 51.^[5] The monic irreducible polynomial $x 8 + x 4 + x 3 + x 2 + 1$ over GF(2) is primitive, and all 8 roots are generators of $GF(2 8)$ .

All GF(2⁸) have a total of 128 generators (see Number of primitive elements), and for a primitive polynomial, 8 of them are roots of the reducing polynomial. Having $x$ as a generator for a finite field is beneficial for many computational mathematical operations.

Addition and subtraction

Addition and subtraction are performed by adding or subtracting two of these polynomials together, and reducing the result modulo the characteristic.

In a finite field with characteristic 2, addition modulo 2, subtraction modulo 2, and XOR are identical. Thus,

Polynomial	(x⁶ + x⁴ + x + 1) + (x⁷ + x⁶ + x³ + x) = x⁷ + x⁴ + x³ + 1
Binary	{01010011} + {11001010} = {10011001}
Hexadecimal	{53} + {CA} = {99}

Under regular addition of polynomials, the sum would contain a term 2x⁶. This term becomes 0x⁶ and is dropped when the answer is reduced modulo 2.

Here is a table with both the normal algebraic sum and the characteristic 2 finite field sum of a few polynomials:

p₁	p₂	p₁ + p₂ under...
p₁	p₂	K[x]	GF(2ⁿ)
x³ + x + 1	x³ + x²	2x³ + x² + x + 1	x² + x + 1
x⁴ + x²	x⁶ + x²	x⁶ + x⁴ + 2x²	x⁶ + x⁴
x + 1	x² + 1	x² + x + 2	x² + x
x³ + x	x² + 1	x³ + x² + x + 1	x³ + x² + x + 1
x² + x	x² + x	2x² + 2x	0

In computer science applications, the operations are simplified for finite fields of characteristic 2, also called GF(2ⁿ) Galois fields, making these fields especially popular choices for applications.

Multiplication

Multiplication in a finite field is multiplication modulo an irreducible reducing polynomial used to define the finite field. (I.e., it is multiplication followed by division using the reducing polynomial as the divisor—the remainder is the product.) The symbol "•" may be used to denote multiplication in a finite field.

Rijndael's (AES) finite field

Rijndael (standardised as AES) uses the characteristic 2 finite field with 256 elements, which can also be called the Galois field GF(2⁸). It employs the following reducing polynomial for multiplication:

x⁸ + x⁴ + x³ + x + 1.

For example, {53} • {CA} = {01} in Rijndael's field because

	(x⁶ + x⁴ + x + 1)(x⁷ + x⁶ + x³ + x)
=	(x¹³ + x¹² + x⁹ + x⁷) + (x¹¹ + x¹⁰ + x⁷ + x⁵) + (x⁸ + x⁷ + x⁴ + x²) + (x⁷ + x⁶ + x³ + x)
=	x¹³ + x¹² + x⁹ + x¹¹ + x¹⁰ + x⁵ + x⁸ + x⁴ + x² + x⁶ + x³ + x
=	x¹³ + x¹² + x¹¹ + x¹⁰ + x⁹ + x⁸ + x⁶ + x⁵ + x⁴ + x³ + x² + x

and

	x¹³ + x¹² + x¹¹ + x¹⁰ + x⁹ + x⁸ + x⁶ + x⁵ + x⁴ + x³ + x² + x mod x⁸ + x⁴ + x³ + x¹ + 1
=	(11111101111110 mod 100011011)
=	{3F7E mod 11B} = {01}
=	1 (decimal)

The latter can be demonstrated through long division (shown using binary notation, since it lends itself well to the task. Notice that exclusive OR is applied in the example and not arithmetic subtraction, as one might use in grade-school long division.):

           11111101111110 (mod) 100011011          ^100011011                01110000011110           ^100011011                0110110101110            ^100011011                010101110110             ^100011011                00100011010               ^100011011                  000000001

(The elements {53} and {CA} are multiplicative inverses of one another since their product is 1.)

Multiplication in this particular finite field can also be done using a modified version of the "peasant's algorithm". Each polynomial is represented using the same binary notation as above. Eight bits is sufficient because only degrees 0 to 7 are possible in the terms of each (reduced) polynomial.

This algorithm uses three variables (in the computer programming sense), each holding an eight-bit representation. a and b are initialized with the multiplicands; p accumulates the product and must be initialized to 0.

At the start and end of the algorithm, and the start and end of each iteration, this invariant is true: ab + p is the product. This is obviously true when the algorithm starts. When the algorithm terminates, a or b will be zero so p will contain the product.

Run the following loop eight times (once per bit). It is OK to stop when a or b is zero before an iteration:
1. If the rightmost bit of b is set, exclusive OR the product p by the value of a. This is polynomial addition.
2. Shift b one bit to the right, discarding the rightmost bit, and making the leftmost bit have a value of zero. This divides the polynomial by x, discarding the x⁰ term.
3. Keep track of whether the leftmost bit of a is set to one and call this value carry.
4. Shift a one bit to the left, discarding the leftmost bit, and making the new rightmost bit zero. This multiplies the polynomial by x, but we still need to take account of carry which represented the coefficient of x⁷.
5. If carry had a value of one, exclusive or a with the hexadecimal number 0x1b (00011011 in binary). 0x1b corresponds to the irreducible polynomial with the high term eliminated. Conceptually, the high term of the irreducible polynomial and carry add modulo 2 to 0.
p now has the product

This algorithm generalizes easily to multiplication over other fields of characteristic 2, changing the lengths of a, b, and p and the value 0x1b appropriately.

Multiplicative inverse

The multiplicative inverse for an element a of a finite field can be calculated a number of different ways:

By multiplying a by every number in the field until the product is one. This is a brute-force search.
Since the nonzero elements of GF(pⁿ) form a finite group with respect to multiplication, a^pⁿ−1 = 1 (for a ≠ 0), thus the inverse of a is a^pⁿ−2.
By using the extended Euclidean algorithm.
By making logarithm and exponentiation tables for the finite field, subtracting the logarithm from pⁿ − 1 and exponentiating the result.
By making a modular multiplicative inverse table for the finite field and doing a lookup.
By mapping to a composite field where inversion is simpler, and mapping back.
By constructing a special integer (in case of a finite field of a prime order) or a special polynomial (in case of a finite field of a non-prime order) and dividing it by a.^[6]

Implementation tricks

Generator based tables

When developing algorithms for Galois field computation on small Galois fields, a common performance optimization approach is to find a generator g and use the identity:

ab=g^{\log _{g}(ab)}=g^{\log _{g}(a)+\log _{g}(b)}

to implement multiplication as a sequence of table look ups for the log_g(a) and g^y functions and an integer addition operation. This exploits the property that every finite field contains generators. In the Rijndael field example, the polynomial x + 1 (or {03}) is one such generator. A necessary but not sufficient condition for a polynomial to be a generator is to be irreducible.

An implementation must test for the special case of a or b being zero, as the product will also be zero.

This same strategy can be used to determine the multiplicative inverse with the identity:

a^{-1}=g^{\log _{g}\left(a^{-1}\right)}=g^{-\log _{g}(a)}=g^{|g|-\log _{g}(a)}

Here, the order of the generator, |g|, is the number of non-zero elements of the field. In the case of GF(2⁸) this is 2⁸ − 1 = 255. That is to say, for the Rijndael example: (x + 1)²⁵⁵ = 1. So this can be performed with two look up tables and an integer subtract. Using this idea for exponentiation also derives benefit:

a^{n}=g^{\log _{g}\left(a^{n}\right)}=g^{n\log _{g}(a)}=g^{n\log _{g}(a){\pmod {|g|}}}

This requires two table look ups, an integer multiplication and an integer modulo operation. Again a test for the special case a = 0 must be performed.

However, in cryptographic implementations, one has to be careful with such implementations since the cache architecture of many microprocessors leads to variable timing for memory access. This can lead to implementations that are vulnerable to a timing attack.

Carryless multiply

For binary fields GF(2ⁿ), field multiplication can be implemented using a carryless multiply such as CLMUL instruction set, which is good for n ≤ 64. A multiplication uses one carryless multiply to produce a product (up to 2n − 1 bits), another carryless multiply of a pre-computed inverse of the field polynomial to produce a quotient = ⌊product / (field polynomial)⌋, a multiply of the quotient by the field polynomial, then an xor: result = product ⊕ ((field polynomial) ⌊product / (field polynomial)⌋). The last 3 steps (pclmulqdq, pclmulqdq, xor) are used in the Barrett reduction step for fast computation of CRC using the x86 pclmulqdq instruction.^[7]

Composite field

When k is a composite number, there will exist isomorphisms from a binary field GF(2^k) to an extension field of one of its subfields, that is, GF((2^m)ⁿ) where k = mn. Utilizing one of these isomorphisms can simplify the mathematical considerations as the degree of the extension is smaller with the trade off that the elements are now represented over a larger subfield.^[8] To reduce gate count for hardware implementations, the process may involve multiple nesting, such as mapping from GF(2⁸) to GF(((2²)²)²).^[9] There is an implementation constraint, the operations in the two representations must be compatible, so explicit use of the isomorphism is needed. More precisely, the isomorphism will be denoted by map(), it is a bijection that maps an element of GF(2^k) to GF((2^m)ⁿ), satisfying: map(a + b) = map(a) + map(b) and map(ab) = map(a) map(b), where the operations on the left side occur in GF(2^k) before mapping and the operations on the right side occur in GF((2^m)ⁿ) after mapping.^[10] The isomorphism is usually implemented with a k row by k bit matrix, used to perform a matrix multiply over GF(2) of an element of GF(2^k) treated as a k row by 1 bit matrix. Define α as a primitive element of GF(2^k), and β as a primitive element of GF((2^m)ⁿ). Then β^j = map(α^j) and α^j = map⁻¹(β^j). The values of α and β determine the mapping matrix and its inverse. Since the actual math is performed in GF((2^m)ⁿ), the reducing polynomial for GF((2^m)ⁿ) is usually primitive and β = x in GF((2^m)ⁿ). In order to meet the compatibility constraint for addition and multiplication, a search is done to choose any primitive element α of GF(2^k) that will meet the constraint. In the case where reducing polynomial for GF(2^k) is primitive, an alternate mapping method is possible: the 1 bit coefficients of the reducing polynomial for GF(2^k) are interpreted as m bit elements 0 or 1 of GF(2^m), and there will be m primitive factors of degree n, any of which can be used as the reducing polynomial for GF((2^m)ⁿ). Mapping to a composite field can be generalized to map GF(p^k) to a composite field such as GF((p^m)ⁿ), for p any prime.

Program examples

C programming example

Here is some C code which will add and multiply numbers in the characteristic 2 finite field of order 2⁸, used for example by Rijndael algorithm or Reed–Solomon, using the Russian peasant multiplication algorithm:

/* Add two numbers in the GF(2^8) finite field */uint8_tgadd(uint8_ta,uint8_tb){returna^b;}/* Multiply two numbers in the GF(2^8) finite field defined  * by the modulo polynomial relation x^8 + x^4 + x^3 + x + 1 = 0 * (the other way being to do carryless multiplication followed by a modular reduction) */uint8_tgmul(uint8_ta,uint8_tb){uint8_tp=0;/* accumulator for the product of the multiplication */while(a!=0&&b!=0){if(b&1)/* if the polynomial for b has a constant term, add the corresponding a to p */p^=a;/* addition in GF(2^m) is an XOR of the polynomial coefficients */if(a&0x80)/* GF modulo: if a has a nonzero term x^7, then must be reduced when it becomes x^8 */a=(a<<1)^0x11b;/* subtract (XOR) the primitive polynomial x^8 + x^4 + x^3 + x + 1 (0b1_0001_1011) – you can change it but it must be irreducible */elsea<<=1;/* equivalent to a*x */b>>=1;}returnp;}

This example has cache, timing, and branch prediction side-channel leaks, and is not suitable for use in cryptography.

D programming example

This D program will multiply numbers in Rijndael's finite field and generate a PGM image:

/**Multiply two numbers in the GF(2^8) finite field definedby the polynomial x^8 + x^4 + x^3 + x + 1.*/ubytegMul(ubytea,ubyteb)purenothrow{ubytep=0;foreach(immutableubytecounter;0..8){p^=-(b&1)&a;automask=-((a>>7)&1);// 0b1_0001_1011 is x^8 + x^4 + x^3 + x + 1.a=cast(ubyte)((a<<1)^(0b1_0001_1011&mask));b>>=1;}returnp;}voidmain(){importstd.stdio,std.conv;enumwidth=ubyte.max+1,height=width;autof=File("rijndael_finite_field_multiplication.pgm","wb");f.writefln("P5\n%d %d\n255",width,height);foreach(immutabley;0..height)foreach(immutablex;0..width){immutablecharc=gMul(x.to!ubyte,y.to!ubyte);f.write(c);}}

This example does not use any branches or table lookups in order to avoid side channels and is therefore suitable for use in cryptography.

Related Research Articles

In mathematics, a field is a set on which addition, subtraction, multiplication, and division are defined and behave as the corresponding operations on rational and real numbers do. A field is thus a fundamental algebraic structure which is widely used in algebra, number theory, and many other areas of mathematics.

In mathematics, a finite field or Galois field is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtraction and division are defined and satisfy certain basic rules. The most common examples of finite fields are given by the integers mod $p$ when $p$ is a prime number.

In mathematics, particularly in algebra, a field extension is a pair of fields $such that the operations of K are those of L restricted to K . In this case, L is an extension field of K and K is a subfield of L . For example, under the usual notions of addition and multiplication, the complex numbers are an extension field of the real numbers; the real numbers are a subfield of the complex numbers.$

In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" when reaching a certain value, called the modulus. The modern approach to modular arithmetic was developed by Carl Friedrich Gauss in his book Disquisitiones Arithmeticae, published in 1801.

In abstract algebra, a cyclic group or monogenous group is a group, denoted C_n, that is generated by a single element. That is, it is a set of invertible elements with a single associative binary operation, and it contains an element g such that every other element of the group may be obtained by repeatedly applying the group operation to g or its inverse. Each element can be written as an integer power of g in multiplicative notation, or as an integer multiple of g in additive notation. This element g is called a generator of the group.

In arithmetic and computer programming, the extended Euclidean algorithm is an extension to the Euclidean algorithm, and computes, in addition to the greatest common divisor (gcd) of integers a and b, also the coefficients of Bézout's identity, which are integers x and y such that

<span class="mw-page-title-main">Root of unity</span> Number that has an integer power equal to 1

In mathematics, a root of unity, occasionally called a de Moivre number, is any complex number that yields 1 when raised to some positive integer power $n$ . Roots of unity are used in many branches of mathematics, and are especially important in number theory, the theory of group characters, and the discrete Fourier transform.

In mathematics, for given real numbers a and b, the logarithm log_b a is a number x such that b^x = a. Analogously, in any group G, powers b^k can be defined for all integers k, and the discrete logarithm log_b a is an integer k such that b^k = a. In number theory, the more commonly used term is index: we can write x = ind_ra (mod m) (read "the index of a to the base r modulo m") for r^x ≡ a (mod m) if r is a primitive root of m and gcd(a,m) = 1.

In mathematics, an irreducible polynomial is, roughly speaking, a polynomial that cannot be factored into the product of two non-constant polynomials. The property of irreducibility depends on the nature of the coefficients that are accepted for the possible factors, that is, the field to which the coefficients of the polynomial and its possible factors are supposed to belong. For example, the polynomial $x 2 - 2$ is a polynomial with integer coefficients, but, as every integer is also a real number, it is also a polynomial with real coefficients. It is irreducible if it is considered as a polynomial with integer coefficients, but it factors as $if it is considered as a polynomial with real coefficients. One says that the polynomial x 2 - 2 is irreducible over the integers but not over the reals.$

Field theory is the branch of mathematics in which fields are studied. This is a glossary of some terms of the subject.

In finite field theory, a branch of mathematics, a primitive polynomial is the minimal polynomial of a primitive element of the finite field $GF(p m)$ . This means that a polynomial $F (X)$ of degree $m$ with coefficients in $GF(p) = Z / p Z$ is a primitive polynomial if it is monic and has a root $α$ in $GF(p m)$ such that $is the entire field GF(p m) . This implies that α is a primitive (p m - 1)-root of unity in GF(p m) .$

In mathematics, an all one polynomial (AOP) is a polynomial in which all coefficients are one. Over the finite field of order two, conditions for the AOP to be irreducible are known, which allow this polynomial to be used to define efficient algorithms and circuits for multiplication in finite fields of characteristic two. The AOP is a 1-equally spaced polynomial.

In mathematics, the interplay between the Galois group G of a Galois extension L of a number field K, and the way the prime ideals P of the ring of integers O_K factorise as products of prime ideals of O_L, provides one of the richest parts of algebraic number theory. The splitting of prime ideals in Galois extensions is sometimes attributed to David Hilbert by calling it Hilbert theory. There is a geometric analogue, for ramified coverings of Riemann surfaces, which is simpler in that only one kind of subgroup of G need be considered, rather than two. This was certainly familiar before Hilbert.

The Schönhage–Strassen algorithm is an asymptotically fast multiplication algorithm for large integers, published by Arnold Schönhage and Volker Strassen in 1971. It works by recursively applying fast Fourier transform (FFT) over the integers modulo 2ⁿ+1. The run-time bit complexity to multiply two $n$ -digit numbers using the algorithm is $in big O notation .$

In mathematics and computer algebra, factorization of polynomials or polynomial factorization expresses a polynomial with coefficients in a given field or in the integers as the product of irreducible factors with coefficients in the same domain. Polynomial factorization is one of the fundamental components of computer algebra systems.

$GF(2)$ is the finite field with two elements. Notations $Z 2$ and $may be encountered although they can be confused with the notation of 2 -adic integers .$

In field theory, a primitive element of a finite field $GF(q)$ is a generator of the multiplicative group of the field. In other words, $α \in GF(q)$ is called a primitive element if it is a primitive $(q - 1)$ th root of unity in $GF(q)$ ; this means that each non-zero element of $GF(q)$ can be written as $α i$ for some integer $i$ .

In mathematics and computer algebra the factorization of a polynomial consists of decomposing it into a product of irreducible factors. This decomposition is theoretically possible and is unique for polynomials with coefficients in any field, but rather strong restrictions on the field of the coefficients are needed to allow the computation of the factorization by means of an algorithm. In practice, algorithms have been designed only for polynomials with coefficients in a finite field, in the field of rationals or in a finitely generated field extension of one of them.

In mathematics, the Conway polynomial $C p, n$ for the finite field $F p n$ is a particular irreducible polynomial of degree $n$ over $F p$ that can be used to define a standard representation of $F p n$ as a splitting field of $C p, n$ . Conway polynomials were named after John H. Conway by Richard A. Parker, who was the first to define them and compute examples. Conway polynomials satisfy a certain compatibility condition that had been proposed by Conway between the representation of a field and the representations of its subfields. They are important in computer algebra where they provide portability among different mathematical databases and computer algebra systems. Since Conway polynomials are expensive to compute, they must be stored to be used in practice. Databases of Conway polynomials are available in the computer algebra systems GAP, Macaulay2, Magma, SageMath, at the web site of Frank Lübeck, and at the Online Encyclopedia of Integer Sequences.

In mathematics, Galois rings are a type of finite commutative rings which generalize both the finite fields and the rings of integers modulo a prime power. A Galois ring is constructed from the ring $similar to how a finite field is constructed from . It is a Galois extension of, when the concept of a Galois extension is generalized beyond the context of fields.$

References

↑ Hankerson, Vanstone & Menezes 2004 , p. 28
↑ The roots of such a polynomial must lie in an extension field of GF( $q$ ) since the polynomial is irreducible, and so, has no roots in GF( $q$ ).
↑ Mullen & Panario 2013 , p. 17
↑ Design and Analysis of Experiments. John Wiley & Sons, Ltd. August 8, 2005. pp. 716–720. doi:10.1002/0471709948.app1.
↑ Lidl & Niederreiter 1983 , p. 553
↑ Grošek, O.; Fabšič, T. (2018), "Computing multiplicative inverses in finite fields by long division" (PDF), Journal of Electrical Engineering, 69 (5): 400–402, doi: 10.2478/jee-2018-0059 , S2CID 115440420
↑ "Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction" (PDF). www.intel.com. 2009. Retrieved 2020-08-08.
↑ "Efficient Software Implementations of Large FiniteFieldsGF(2n) for Secure Storage Applications" (PDF). www.ccs.neu.edu. Retrieved 2020-08-08.
↑ "bpdegnan/aes". GitHub.
↑ ^[dead link ]

Sources

Lidl, Rudolf; Niederreiter, Harald (1983), Finite Fields, Addison-Wesley, ISBN 0-201-13519-1 (reissued in 1984 by Cambridge University Press ISBN 0-521-30240-4).
Mullen, Gary L.; Panario, Daniel (2013), Handbook of Finite Fields, CRC Press, ISBN 978-1-4398-7378-6
Hankerson, Darrel; Vanstone, Scott; Menezes, Alfred (2004), Guide to Elliptic Curve Cryptography, Springer, ISBN 978-0-387-21846-5

External links

Gordon, G. (1976). "Very simple method to find the minimum polynomial of an arbitrary nonzero element of a finite field". Electronics Letters. 12 (25): 663–664. doi:10.1049/el:19760508.
da Rocha, V. C.; Markarian, G. (2006). "Simple method to find trace of arbitrary element of a finite field". Electronics Letters. 42 (7): 423–325. doi:10.1049/el:20060473.
Trenholme, Sam. "AE's Galois field".
Planck, James S. (2007). "Fast Galois Field Arithmetic Library in C/C++".
Wikiversity: Reed–Solomon for Coders – Finite Field Arithmetic

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Hankerson, Vanstone & Menezes 2004 , p. 28

[2] The roots of such a polynomial must lie in an extension field of GF( $q$ ) since the polynomial is irreducible, and so, has no roots in GF( $q$ ).

[3] Mullen & Panario 2013 , p. 17

[4] Design and Analysis of Experiments. John Wiley & Sons, Ltd. August 8, 2005. pp. 716–720. doi:10.1002/0471709948.app1.

[LN-5] Lidl & Niederreiter 1983 , p. 553

[6] Grošek, O.; Fabšič, T. (2018), "Computing multiplicative inverses in finite fields by long division" (PDF), Journal of Electrical Engineering, 69 (5): 400–402, doi: 10.2478/jee-2018-0059 , S2CID 115440420

[7] "Fast CRC Computation for Generic Polynomials Using PCLMULQDQ Instruction" (PDF). www.intel.com. 2009. Retrieved 2020-08-08.

[8] "Efficient Software Implementations of Large FiniteFieldsGF(2n) for Secure Storage Applications" (PDF). www.ccs.neu.edu. Retrieved 2020-08-08.

[9] "bpdegnan/aes". GitHub.

[10] [dead link ]

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]