I'm trying to help someone with normal basis tower fields, specifically for isomorphic mapping of $GF(2^8)$ to $GF(((2^2)^2)^2)$.
Example article:
Question: Normal basis tower fields seem to rely on what is a irreducible polynomial in a base field, becomes reducible in a different field. It also seems that a brute force search is needed to find factors in the different field in order for the fields to be isomorphic. Is this always the case for normal basis?
For example, in $GF(2^2)$ $w^2 + w + 1$ is irreducible, but in $GF(2^8)$, it is reducible: $w^2 + w + 1 = (w-W)(w-W^2)$, where $(W)+(W^2) = 1$, and $(W)(W^2) = 1$. A normal basis element for $GF(2^2)$ is then defined as $w_2 \ W^2 + w_1 \ W$, where $w_2$ and $w_1$ are single bit elements of $GF(2)$, while $W$ is an element of $GF(2^8)$.
Another example: $GF(((2^2)^2)^2)$ $y^2 + y + C$ is irreducible, but in $GF(2^8)$ it is reducible: $y^2 + y + C = (y-Y)(y-Y^{16})$. A normal basis element for $GF(((2^2)^2)^2)$ is then defined as $y_2 \ Y^{16} + y_1 \ Y$, where $y_2$ and $y_1$ are four bit elements of $GF((2^2)^2)$, while $Y$ is an element of $GF(2^8)$. In this case, the fields are different, but are the same size.
The article includes example C code, which I could compile with Visual Studio with minor changes. Since the article is focused on inversion from $GF(2^8)$ by mapping to the tower field $GF(((2^2)^2)^2)$, there is no $GF(((2^2)^2)^2)$ multiply function, so I added one. I also changed some names to match the article and added comments to show the values the code is based on:
/* rename: d -> Y, alpha^2 -> Z, Omega -> W */
/* case # 4 : [Y^16, Y], [Z^4, Z], [W^2, W] */
/* */
/* N, V, W, Y, Z are elements of GF(2^8) */
/* GF(2^8): x^8 + x^4 + x^3 + x + 1 */
/* primitive element = 0x03 */
/* GF(((2^2)^2)^2): y^2 + y + V */
/* primitive element = 0x56 */
/* V = 0xEC, roots: Y = 0xFF, Y^16 = 0xFE */
/* GF((2^2)^2) : z^2 + z + N */
/* N = 0xBC, roots: Z = 0x5C, Z^4 = 0x5D */
/* GF(2^2): w^2 + w + 1 */
/* roots: W = 0xBD, W^2 = 0xBC */
/* multiply in GF(((2^2)^2)^2), using normal basis (Y^16,Y) */
int G256_mul(int x, int y) {
int x1, x0, y1, y0, p1, p0, e;
x1 = (x & 0xF0) >> 4; x0 = (x & 0x0F);
y1 = (y & 0xF0) >> 4; y0 = (y & 0x0F);
e = G16_mul(x1^x0,y1^y0);
e = G16_mul(e, 0x01);
p1 = G16_mul(x1,y1)^e;
p0 = G16_mul(x0,y0)^e;
return ( (p1<<4) | p0 );
}
Regarding e = G16_mul(e, 0x01);, which may appear that it is doing nothing, the multiplicative identities for these tower fields are 0x3, 0xf, 0xff for $GF(2^2)$, $GF((2^2)^2)$, $GF(((2^2)^2)^2)$.
The article explains how to use an 8 row by 8 bit matrix to map from $GF(((2^2)^2)^2)$ to $GF(2^8)$, by noting the relationship between the 8 bits of an element in $GF(((2^2)^2)^2)$, $b_7, b_6, ... b_1, b_0$ and constants in $GF(2^8)$. For example $(b_0) (W\ Z\ Y) = (b_0) (0x60)$, so the right column of the matrix is $0x60$, and $(b_7) (W^2\ Z^4\ Y^{16}) = (b_7) (0x64)$, so the left column of the matrix is $0x64$. The inverse of this matrix is used to map from $GF(2^8)$ to $GF(((2^2)^2)^2)$. This approach doesn't work with polynomial basis, since in this case elements of $GF(((2^2)^2)^2)$ are not based on constants in $GF(2^8)$. Instead the mapping matrices are based on powers of primitive elements of $GF(2^8)$ and $GF(((2^2)^2)^2)$, as explained here:
https://github.com/jeffareid/finite-field/blob/master/Composite%20Field%20Mapping%20Example.pdf
This primitive element based method will also work for normal basis, using $0x03$ as primitive element of $GF(2^8)$ and $0x56$ as primitive element of $GF(((2^2)^2)^2)$, resulting in the same matrices as Canright's article.
