Photo by Dan Cristian Pădureț on Unsplash

Primitive and Conway Polynomials

--

In public key methods, we use the (mod p) operation to reduce the field. With a prime number of p, we end up with values from 0 to p-1. The methods we then have are:

M^e (mod N) [RSA]

y²=x³+a.x+b (mod p) [ECC]

Y=g^x (mod p) [Discrete logs]

And so in the Diffie-Hellman method we use:

A = g^a (mod p)
B = g^b (mod p)
K1 = A^b (mod p)
K2 = B^a (mod p)

But, quantum computers will be able to crack methods that use the (mod p) operation. Our focus is now on lattice methods, and which convert the bit patterns in polynomial, such as:

54->0b110110 -> x⁵+x⁴+x²+x
41->0b101001 -> x⁵+x³+1

This is known as GF(2⁶) and where we have six bits for each value. We then use polynomial addition, subtraction, division, and multiplication. If we multiply 54 times 41 we get:

(x⁵+x⁴+x²+x).(x⁵+x³+1) = x¹⁰+x⁸+x⁵+x⁹+x⁷+x⁴+x⁷+x⁵+x²+ x⁶+x⁴+x

= x¹⁰+x⁹+x⁸+(x⁷+x⁷)+x⁶+(x⁵+x⁵)+(x⁴+x⁴)+x²+x = x¹⁰+x⁹+x⁸+x⁶+x²+x

Let’s say that we want the maximum degree to be 6 (x⁵), then we divide by an irreducible polynomial. For a degree of 6, we get an irreducible polynomial of x⁶ + x⁴ + x³ + x + 1:

                          x^4+x^3+x^2
-------------------------------------
x^6 + x^4 + x^3 + x + 1 | x^10+x^9+x^8+ x^6+ +x^2+x
x^10+ +x^8+ x^7+ x^5+x^4
------------------------------------------
x^9+ x^7+x^6+x^5+x^4 +x^2+x
x^9+ x^7+x^6 x^4+x^3
------------------------------------
x^5 +x^3+x^2+x

The result is then (x⁵+x⁴+x²+x).(x⁵+x³+1) = x⁵+x³+x²+x … and which is 46 as an integer (b101110). We can check this against a GF(2⁶) table for multiplication [here]:

Primitive and Conway polynomials

With x²+1, we can expand to (x+1)(x+1), as this equals (x²+x+x+1), and which reduces to (x²+1). An irreducible polynomial cannot be expanded into factors. This includes:

  • x irreducible [Try!].
  • x+1 irreducible [Try!].
  • x²+x+1 irreducible [Try!] .
  • x³+x+1 irreducible [Try!].
  • x⁴+x+1 irreducible [Try!].

An irreducible polynomial is useful, and where we can divide by it, and reduce the maximum power in our polynomial values. A primitive polynomial is an irreducible polynomial and is the minimal derivation of the polynomial. With a degree of six, we have three irreducible polynomials:

x^6 + x^1 + 1
x^6 + x^5 + x^2 + x^1 + 1
x^6 + x^5 + x^3 + x^2 + 1

The primitive polynomial is x⁶ + x¹ + 1. Another type of irreducible polynomial is a Conway polynomial. In the following, we can produce a primitive polynomial and Conway polynomial for various degrees [here]:

import sys
import galois

p=2
n=2

if (len(sys.argv)>1):
p=int(sys.argv[1])
if (len(sys.argv)>2):
n=int(sys.argv[2])


print (f"== GF({p}^{n}) ==")


r=galois.primitive_poly(p, n)
print(f"\nPrimitive Polynomial for GF({p}^{n}):\t{r}")
print(f" Integer: \t{int(r)}\tBinary:\t{bin(r)} ")

r=galois.conway_poly(p, n)
print(f"Conway Polynomial for GF({p}^{n}):\t\t{r}")
print(f" Integer: \t{int(r)}\tBinary:\t{bin(r)} ")

We can then run for GF(2²):

== GF(2^2) ==

Primitive Polynomial for GF(2^2): x^2 + x + 1
Integer: 7 Binary: 0b111
Conway Polynomial for GF(2^2): x^2 + x + 1
Integer: 7 Binary: 0b111

and GF(2³):

== GF(2^3) ==

Primitive Polynomial for GF(2^3): x^3 + x + 1
Integer: 11 Binary: 0b1011
Conway Polynomial for GF(2^3): x^3 + x + 1
Integer: 11 Binary: 0b1011

and GF(2⁶):

== GF(2^6) ==

Primitive Polynomial for GF(2^6): x^6 + x + 1
Integer: 67 Binary: 0b1000011
Conway Polynomial for GF(2^6): x^6 + x^4 + x^3 + x + 1
Integer: 91 Binary: 0b1011011

Conclusions

Public key encryption methods are on the way out, and polynomial operations are on the way in.

https://billatnapier.medium.com/membership

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.