Substitution boxes or S-boxes play a significant role in encryption and de-cryption of bit level plaintext and cipher-text respectively. Irreducible Poly-nomials (IPs) have been used to construct 4-bit or 8-bit substitution boxes in many cryptographic block ciphers. In Advance Encryption Standard, the ele-ments of 8-bit S-box have been obtained from the Multiplicative Inverse (MI) of elemental polynomials (EPs) of the 1 st IP over Galois field GF(2 8) by adding an additive element. In this paper, a mathematical method and the algorithm of the said method with the discussion of the execution time of the algorithm, to obtain monic IPs over Galois field GF( pq ) have been illustrated with example. The method is very similar to polynomial multiplication of two polynomials over Galois field GF( pq ) but has a difference in execution. The decimal equivalents of polynomials have been used to identify Basic Polynomials (BPs), EPs, IPs and Reducible polynomials (RPs). The monic RPs have been determined by this method and have been cancelled out to produce monic IPs. The non-monic IPs have been obtained with multiplication of α where α∈ GF( pq ) and assume values from 2 to ( p − 1) to monic IPs.
Substitution box or S-box in block ciphers is of utmost importance in Public Key Cryptography from the initial days. A 4-bit S-box has been defined as a box of 24 = 16 elements Varies from 0 to F in hex, arranged in a random manner as used in Data Encryption Standard or DES [
Now Basic Polynomials or BPs over Galois Field GF(pq) have been defined as the polynomials with highest degree q. The polynomials with degree less than q have been termed as Elemental Polynomials or EPs over Galois Field GF(pq). The polynomials that contain only constant term have been termed as Constant Polynomials or CPs over Galois Field GF(pq). BPs that have more than one non-constant BPs as Factors have been termed as Reducible Polynomials or RPs over Galois Field GF(pq). Rest of BPs that have CPs and itself as factors have been termed as Irreducible Polynomials or IPs over Galois Field GF(pq). BPs with coefficient of highest degree term or leading coefficient equal to unity have been termed as Monic BPs and rest with leading coefficient greater than unity have been termed as Non-Monic BPs as follows.
A basic polynomial BP(x) over finite field or Galois Field GF(pq) is expressed as,
B P ( x ) = a q x q + a q − 1 x q − 1 + ⋯ + a q x + a 0 .
B(x) has (q + 1) terms, where aq has been non-zero and has been termed as the leading coefficient. A BP has been monic if aq is unity, else it is non-monic. The GF(pq) have (pq − p) elemental polynomials ep(x) ranging from p to (pq − 1) each of whose representation involves q terms with leading coefficient aq-1. The expression of ep(x) is written as,
e p ( x ) = a q − 1 x q − 1 + ⋯ + a 1 x + a 0 ,
where a1 to aq−1 have not been simultaneously zero.
Many of BP(x), which has an non-constant elemental polynomial as a factor under GF(pq), have been termed as reducible. Those of the BP(x) that have no factors have been termed as irreducible polynomials IP(x) and has been expressed as,
I P ( x ) = a q x q + a q − 1 x q − 1 + ⋯ + a q x + a 0 where a q ≠ 0.
In Galois field GF(pq), the decimal equivalents or DEs of BPs vary from pq to (pq+1 − 1) while the EPs have been those with decimal equivalents vary from p to (pq − 1). Some of the monic BPs have been irreducible, since they have no monic non-constant EPs as a factor.
The method in this paper has been to look for the DEs of monic RPs with multiplication, addition and modulus of p-nary coefficients of each term of each two monic EPs to obtain the DE of monic RP. The polynomials belonging to the list of RPs have been cancelled leaving behind the monic IPs. A non-monic IP has been computed by multiplying a monic IP by α where α ∈ G F ( p ) and assumes values from 2 to (p − 1). In literatures, to the best knowledge of the present authors, there is no mention of a paper in which the composite polynomial method is translated into an algorithm and in turned into a computer program.
The survey of relevant Literatures has been notified in Sec. 2. For convenient understanding, the proposed mathematical method is presented in Sec. 3 for p = 7 with q = 7. The method can find all monic and after it all non-monic IPs IP(x) over GF(77). Sec. 4 demonstrates the obtained results and a discussion on efficiency of the algorithm to show that the proposed searching algorithm is actually able to search for any extension of the Galois field with any prime over Galois field GF(pq), where p = 3 , 5 , 7 , ⋯ , 101 , ⋯ , p and q = 2 , 3 , 5 , 7 , ⋯ , 101 , ⋯ , q . In Sec. 5 and Sec. 6, the conclusion of the paper and the references have been illustrated. The complete Lists of all monic IPs in a sequential manner over Galois fields GF(77) and (1013) have been found in ref. [
In early Twentieth Century Radolf Church initiated the search for irreducible polynomials over Galois Field GF(pq) for p = 2, 3, 5 and 7 and for p = 2, q = 1 through 11, for p = 3, q = 1 through 7, for p = 5, q = 1 through 4 and for p = 7, q = 1 through 3 respectively. A manual polynomial multiplication among respected EPs gives RPs in the said Galois field. All RPs have been cancelled from the list of BPs to give IPs over the said Galois field GF(pq) [
In this section the overview of the method behind the proposed algorithm has been given in subsec. 2.1. The example to search for monic IPs over Galois field GF(77) has been described in subsec. 2.2. The pseudo code of the proposed algorithm of proposed mathematical method has been given in subsec. 3.3 and its time complexity and comparison of time complexity with other algorithms have been illustrated in subsec. 3.4.
The idea behind this mathematical method and is algorithm has been to choose any two non-constant monic EPs at a time split the respective DEs into p-nary coefficients of respective EPs. Two EPs have been multiplied through polynomial multiplication or multiplication by the said method to obtain a BP. Since the obtained BP has two non-constant EPs as factors so it is termed as monic RPs. After considering all possible two EP combinations it has been found that all possible monic RPs have been generated. The monic RPs have been cancelled out from the list of all monic BPs leaving behind all monic IPs. The monic IPs have been multiplied with all CPs to obtain all non-monic IPs.
In the case of multiplication of two monic EPs, the respective DEs have been split into coefficients of respective EPs. All coefficient of each EP have been multiplied by modulo multiplication with each other along with variables. Next to it the coefficients of the same degree term have been added by modulo addition to obtain the concerned monic BP or monic RP. RPs have been cancelled out from the list of monic BPs to obtain monic IPs.
Here the interest has been to find the monic IPs over Galois Field or GF(77), where p = 7 has been the prime field and q = 7 has been the extension of that prime field. In general the indices of multiplicand and multiplier have been added to obtain the product. The extension q = 7 can be demonstrated as a sum of two integers d1 and d2. The degree of the highest degree term present in EPs of GF(77) has been (q − 1) = 6 through 1. The polynomials with highest degree of term has been 0, are constant polynomials and they do not play any significant role here, so they have been neglected. Hence the two set of monic elemental polynomials for which the product has been a monic BP where p = 7, q = 7, have the degree of highest degree terms d1, d2 where, d 1 = 1 , 2 , 3 , and the corresponding values of d2 are, 6, 5, 4. Here the number of coefficients in the monic basic polynomial, B P = ( q + 1 ) = ( 7 + 1 ) = 8 ; they are defined as B P 0 , B P 1 , B P 2 , B P 3 , B P 4 , B P 5 , B P 6 , B P 7 the value of the suffix also indicates the degree of the term of the monic BP and for monic polynomials BP7 = 1. for this case, total number of blocks is the number of integers in d1 or d2, i.e. 3.
Coefficients of each term in the 1st monic EP, EP0 where, d 1 = 1 ; have been defined as E P 0 0 , E P 1 0 , Coefficients of each term in the 2nd monic EP, EP1 where d 2 = 6 ; have been defined as E P 0 1 , E P 1 1 , E P 2 1 , E P 3 1 , E P 4 1 , E P 5 1 , E P 6 1 . The value in suffix also gives the degree of the term of the monic EPs.
Now, the mathematical method is as follows,
1st block:
B P 0 = ( E P 0 0 × E P 0 1 ) % 7.
B P 1 = ( E P 0 0 × E P 1 1 + E P 1 0 × E P 0 1 ) % 7.
B P 2 = ( E P 0 0 × E P 2 1 + E P 1 0 × E P 1 1 ) % 7.
B P 3 = ( E P 0 0 × E P 3 1 + E P 1 0 × E P 2 1 ) % 7.
B P 4 = ( E P 0 0 × E P 4 1 + E P 1 0 × E P 3 1 ) % 7.
B P 5 = ( E P 0 0 × E P 5 1 + E P 1 0 × E P 4 1 ) % 7.
B P 6 = ( E P 0 0 × E P 6 1 + E P 1 0 × E P 5 1 ) % 7.
B P 7 = ( E P 1 0 × E P 6 1 ) % 7 = 1.
Now the given monic BP is,
B P ( x ) = B P 7 x 7 + B P 6 x 6 + B P 5 x 5 + B P 4 x 4 + B P 3 x 3 + B P 2 x 2 + B P 1 x 1 + B P 0 x 0 .
D ( B P ( x ) ) = B P 7 7 7 + B P 6 7 6 + B P 5 7 5 + B P 4 7 4 + B P 3 7 3 + B P 2 7 2 + B P 1 7 1 + B P 0 7 0 .
Coefficients of each term in the 1st monic EP, EP0 where, d 1 = 2 ; have been defined as E P 0 0 , E P 1 0 , E P 2 0 , Coefficients of each term in the 2nd monic EP, EP1 where d 2 = 5 ; are defined as E P 0 1 , E P 1 1 , E P 2 1 , E P 3 1 , E P 4 1 , E P 5 1 .The value in suffix also gives the degree of the term of the monic EPs.
Now, the mathematical method is as follows,
2nd block:
B P 0 = ( E P 0 0 × E P 0 1 ) % 7.
B P 1 = ( E P 0 0 × E P 1 1 + E P 1 0 × E P 0 1 ) % 7.
B P 2 = ( E P 0 0 × E P 2 1 + E P 1 0 × E P 1 1 + E P 2 0 × E P 0 1 ) % 7.
B P 3 = ( E P 0 0 × E P 3 1 + E P 1 0 × E P 2 1 + E P 2 0 × E P 1 1 ) % 7.
B P 4 = ( E P 0 0 × E P 4 1 + E P 1 0 × E P 3 1 + E P 2 0 × E P 2 1 ) % 7.
B P 5 = ( E P 0 0 × E P 5 1 + E P 1 0 × E P 4 1 + E P 2 0 × E P 3 1 ) % 7.
B P 6 = ( E P 1 0 × E P 5 1 + E P 2 0 × E P 4 1 ) % 7.
B P 7 = ( E P 1 0 × E P 5 1 ) % 7 = 1.
Now the given monic BP is,
B P ( x ) = B P 7 x 7 + B P 6 x 6 + B P 5 x 5 + B P 4 x 4 + B P 3 x 3 + B P 2 x 2 + B P 1 x 1 + B P 0 x 0 .
D ( B P ( x ) ) = B P 7 7 7 + B P 6 7 6 + B P 5 7 5 + B P 4 7 4 + B P 3 7 3 + B P 2 7 2 + B P 1 7 1 + B P 0 7 0 .
Coefficients of each term in the 1st monic EP, EP0 where, d 1 = 3 ; are defined as E P 0 0 , E P 1 0 , E P 2 0 , E P 3 0 , Coefficients of each term in the 2nd monic EP, EP1 where d 2 = 4 ; are defined as E P 0 1 , E P 1 1 , E P 2 1 , E P 3 1 , E P 4 1 . The value in suffix also gives the degree of the term of the monic EPs.
Now, the mathematical method is as follows,
3rd block:
B P 0 = ( E P 0 0 × E P 0 1 ) % 7.
B P 1 = ( E P 0 0 × E P 1 1 + E P 1 0 × E P 0 1 ) % 7.
B P 2 = ( E P 0 0 × E P 2 1 + E P 1 0 × E P 1 1 + E P 2 0 × E P 0 1 ) % 7.
B P 3 = ( E P 0 0 × E P 3 1 + E P 1 0 × E P 2 1 + E P 2 0 × E P 1 1 + E P 3 0 × E P 0 1 ) % 7.
B P 4 = ( E P 0 0 × E P 4 1 + E P 1 0 × E P 3 1 + E P 3 0 × E P 1 1 + E P 2 0 × E P 2 1 ) % 7.
B P 5 = ( E P 1 0 × E P 4 1 + E P 2 0 × E P 3 1 + E P 3 0 × E P 2 1 ) % 7.
B P 6 = ( E P 2 0 × E P 4 1 + E P 3 0 × E P 3 1 ) % 7.
B P 7 = ( E P 3 0 × E P 4 1 ) % 7 = 1.
Now the given monic BP is,
B P ( x ) = B P 7 x 7 + B P 6 x 6 + B P 5 x 5 + B P 4 x 4 + B P 3 x 3 + B P 2 x 2 + B P 1 x 1 + B P 0 x 0 .
D ( B P ( x ) ) = B P 7 7 7 + B P 6 7 6 + B P 5 7 5 + B P 4 7 4 + B P 3 7 3 + B P 2 7 2 + B P 1 7 1 + B P 0 7 0 .
In this way the DEs of all the monic BPs or monic RPs have been pointed out. The monic RPs belonging to the list of monic BPs has been cancelled out leaving behind the monic IPs. Non-monic IPs have been computed with multiplication of a monic IP by α where α ∈ G F ( p ) and assumes values from 2 through 6.
Here the interest has been to find the monic IPs over Galois Field or GF(77), where p = 7 has been the prime field and q = 7 has been the extension of that prime field. In general the indices of multiplicand and multiplier have been added to obtain the product. The extension q can be demonstrated as a sum of two integers d1 and d2. The degree of the highest degree term present in EPs of GF(pq) has been (q − 1) through 1. The polynomials with highest degree of term has been 0, are constant polynomials and they do not play any significant role here, so they have been neglected. Hence the two set of monic elemental polynomials for which the product has been a monic BP, have the degree of highest degree terms d1, d2 where, d 1 = 1 , 2 , 3 , ⋯ , ( q − 1 / 2 ) , and the corresponding values of d2 have been, ( q − 1 ) , ( q − 2 ) , ( q − 3 ) , ⋯ , q − ( q − 1 / 2 ) . Here the number of coefficients in the monic basic polynomial, BP = (q + 1); they have been defined as B P 0 , B P 1 , B P 2 , B P 3 , B P 4 , B P 5 , B P 6 , B P 7 , ⋯ , B P q , the value of the suffix also indicates the degree of the term of the monic BP and for monic polynomials BP7 = 1. for this case, total number of blocks is the number of integers in d1 or d2, i.e. (q-1/2).
Coefficients of each term in the 1st monic EP, EP0, where, d 1 = 1 , 2 , ⋯ , ( q − 1 / 2 ) ; are defined as E P 0 0 , E P 1 0 , ⋯ , E P q − 1 / 2 0 . Coefficients of each term in the 2nd monic EP, EP1 where d 2 = ( q − 1 ) , ( q − 2 ) , ( q − 3 ) , ⋯ , q − ( q − 1 / 2 ) ; are defined as E P 0 1 , E P 1 1 , E P 2 1 , ⋯ , E P q − ( q − 1 / 2 ) 1 .. The value in suffix also gives the degree of the term of the monic EPs. Total number of blocks is the number of integers in d1 or d2, i.e. (q-1/2) for this example.
Now, the algebraic method for (q-1/2)th block is as follows,
(q-1/2)th block:
B P 0 = ( E P 0 0 × E P 0 1 ) % p .
B P 1 = ( E P 0 0 × E P 1 1 + E P 1 0 × E P 0 1 ) % p .
B P 2 = ( E P 0 0 × E P 2 1 + E P 1 0 × E P 1 1 + E P 2 0 × E P 0 1 ) % p .
B P 3 = ( E P 0 0 × E P 3 1 + E P 1 0 × E P 2 1 + E P 2 0 × E P 1 1 + E P 3 0 × E P 0 1 ) % p .
⋯
B P q − 1 = ( E P 0 0 × E P q − 1 1 + E P 1 0 × E P q − 2 1 + … + E P q − 1 / 2 0 × E P ( q − 1 ) − q − 1 / 2 1 ) % p .
B P q = ( E P q − 1 / 2 0 × E P q − ( q − 1 / 2 ) 1 ) % p = 1.
Now the given monic BP is,
B P ( x ) = B P q x q + B P q − 1 x q − 1 + ⋯ + B P 4 x 4 + B P 3 x 3 + B P 2 x 2 + B P 1 x 1 + B P 0 x 0 .
D ( B P ( x ) ) = B P q p q + B P q − 1 p q − 1 + ⋯ + B P 4 p 4 + B P 3 p 3 + B P 2 p 2 + B P 1 p 1 + B P 0 p 0 .
Similarly In this way the DEs of all the monic BPs or monic RPs have been pointed out. The monic RPs belonging to the list of monic BPs have been cancelled out leaving behind the monic IPs. Non-monic IPs have been computed with multiplication of a monic IP by α where α ∈ G F ( p ) and assumes values from 2 to (p − 1).
The pseudo code of the given algorithm has been given as follow,
Prime field: p
Extension of the field: q.
d 1 = 1 , 2 , 3 , ⋯ , ( q / 2 − 1 ) .
d 2 = ( q − 1 ) , ( q − 2 ) , ( q − 3 ) , ⋯ , q − ( q / 2 − 1 ) .
Number of terms in 1st elemental polynomial: N(d1).
Number of terms in 1st elemental polynomial: N(d2).
Number of terms in Basic Polynomial: p.
Coefficients of Basic polynomial = BPindx, where 1 < i n d x < p
Coefficients of Elemental polynomials = EPindx_i, where 1 < i < 2 .
Here,
N(d1) = N(d2) = Total number of blocks.
Each coefficient of basic polynomial can be derived as follows,
B P i n d x ∑ ( E P i n d x 1 p 1 + E P i n d x 2 p 2 ) % p (i)
Where,
1 < i n d x < p , 1 < i n d x 1 < q − 1 / 2 , ( q − 1 ) < i n d x 2 < q − ( q − 1 ) / 2
0 < p 1 < N ( d 1 ) − 1 , 0 < p 2 < N ( d 2 ) − 1 and i n d x = i n d x 1 + i n d x 2
The pseudo code of the (q − 1/2)th block of above mathematical method for Galois Field GF(pq) has been described as follows, where ep[
For(ep[
for(indx[
coeff_conv_1st_deg (indx[
for(indx[
coeff_conv_2nd_deg (indx[
B P 0 = ( E P 0 0 × E P 0 1 ) % p ;
B P 1 = ( E P 0 0 × E P 1 1 + E P 1 0 × E P 0 1 ) % p ;
B P 2 = ( E P 0 0 × E P 2 1 + E P 1 0 × E P 1 1 + E P 2 0 × E P 0 1 ) % p ;
B P 3 = ( E P 0 0 × E P 3 1 + E P 1 0 × E P 2 1 + E P 2 0 × E P 1 1 + E P 3 0 × E P 0 1 ) % p ;
⋯
B P q − 1 = ( E P 0 0 × E P q − 1 1 + E P 1 0 × E P q − 2 1 + ⋯ + E P q / 2 − 1 0 × E P ( q − 1 ) − ( q / 2 − 1 ) 1 ) % p ;
B P q = ( E P q / 2 − 1 0 × E P q − ( q / 2 − 1 ) 1 ) % p ;
B P ( x ) = B P q x q + B P q − 1 x q − 1 + ⋯ + B P 4 x 4 + B P 3 x 3 + B P 2 x 2 + B P 1 x 1 + B P 0 x 0 ;
D ( B P ( x ) ) = B P q p q + B P q − 1 p q − 1 + ⋯ + B P 4 p 4 + B P 3 p 3 + B P 2 p 2 + B P 1 p 1 + B P 0 p 0 ;
indx[
End for.
End for.
End for.
Since the pseudo code of algorithm consists of three nested loops so the time complexity of the algorithm has been O(n3). The comparison of time complexity of the proposed algorithm with Rabin’s and modified rabin’s algorithm has been
Algorithms | New Algorithm | Rabin’s Algorithm | Rabin’s Algorithm(mod) |
---|---|---|---|
Time Complexity | O(n3) | O(n4(logP)3) | O(n4(logp)2 + n3(logP)3) |
Ex.GF. | GF(33) | GF(73) | GF(113) | GF(1013) |
---|---|---|---|---|
Number of monic IPs. | 8 | 112 | 440 | 343,400 |
Ex.GF. | GF(35) | GF(75) | GF(37) | GF(77) |
Number of monic IPs. | 50 | 2157 | 312 | 117,648 |
given below in
From the Experiment on C99 platform the obtained results have been shown in
From
To the best knowledge of the present authors, there is no mention of a paper in which the composite polynomial method is translated into an algorithm and turn into a computer program. The new mathematical method has been a much simpler method similar to composite polynomial method to find monic IPs over Galois Field GF(pq). It is able to determine DEs of the monic IPs over Galois Field with a larger value of prime, also with large extensions. So this method can reduce the complexity to find monic IPs over Galois Field GF(pq) with large value of prime and also with large extensions of the prime field. So this would help the crypto community to build S-boxes or ciphers using IPs over Galois Fields of a large value of prime, also with the large extensions of the prime field.
Dey, S. and Ghosh, R. (2018) Search for Monic Irreducible Polynomials with Decimal Equivalents of Polynomials over Galois Field GF(pq). Open Journal of Discrete Mathematics, 8, 21-33. https://doi.org/10.4236/ojdm.2018.81003