1

I'm tabulating logs in $GF(2^8)$.

I noticed

  1. there's one fixed-point: $\log(235) = 235$
  2. there's one 3-cycle: [86, 219, 177]
  3. there's one 9-cycle: [15, 75, 179, 171, 178, 211, 82, 148, 38]
  4. the rest is one "flight" of length 242 ending in [...,4,2,1,0]

I wonder if

  1. it's obvious
  2. it's useful
  3. it can be found in other structures
Poor Standard
  • 35
  • 1
    What does $235$ mean in the field of $2^8$ elements? Also, logs in finite field depend on the base chosen. – Gerry Myerson Sep 03 '19 at 09:43
  • I don't know if I awser your question, but I'm using $XOR$ $285$ as modulo in sums and products. – Poor Standard Sep 03 '19 at 09:52
  • 1
    I don't know what you mean. What is $285$? What is $XOR\ 285$? – Gerry Myerson Sep 03 '19 at 10:10
  • 1
    Because $285=2^8+2^4+2^3+2^2+1$ it sounds like you constructed the field $GF(256)$ as the quotient ring $GF(2)[x]/\langle x^8+x^4+x^3+x^2+1\rangle$. That octic polynomial is irreducible. IIRC AES specifies this polynomial, but it is by no means the only possibility. Furthermore, the OP is apparently using the notation that if $\alpha$ is a fixed zero of that octic then, for example $86$ is their notation for the element $\alpha^6+\alpha^4+\alpha^2+\alpha$. All because $$2^6+2^4+2^2+2^1=86.$$ – Jyrki Lahtonen Sep 03 '19 at 11:09
  • BTW, please don't blame the poor engineering/CS students. Blame the curriculum designers who think that all the math their students need is a crash course explaining which Matlab function solves which problem. Explaining quotient rings to them is out of the question. And we get to see many students come here thinking that elements of $GF(256)$ are integers in the range $0\ldots255$. Mind you, many of them (but not all) do know that the addition is bitwise XOR rather than arithmetic modulo $256$, but they all think that this is the only way to think about elements of finite fields (char $2$) – Jyrki Lahtonen Sep 03 '19 at 11:11
  • Sorry about the rant. – Jyrki Lahtonen Sep 03 '19 at 11:11
  • 1
    About the actual question. I don't think this is too interesting. The reason is that the domain of this discrete logarithm is $GF(256)$, an 8-dimensional vector space over $GF(2)$, and the range is the residue class ring $\Bbb{Z}_{255}$. Without that mistaken identification of residue classes with their smallest non-negative element, and further identification of those as polynomials of $\alpha$, there is no natural way to "iterate" the discrete log. For the iteration to make sense, you would need the range to be a subset of the domain, and that is not the case here. – Jyrki Lahtonen Sep 03 '19 at 11:15
  • 1
    Mind you, if we (IMO still somewhat misguidedly) do similar identifications when dealing with the discrete logarithm of the prime field $\Bbb{Z}_p$, and pretend that $p-1$ is the base $g$ discrete logarithm of $1=g^0=g^{p-1}$, then we actually get something slightly curious. – Jyrki Lahtonen Sep 03 '19 at 11:18
  • Poor Standard, sorry about sounding negative. You see, this is the umpteenth I see something related. It really, really is not your fault. I should probably prepare a dummy Q&A explaining this. It would be better have it in Wikipedia, but they would be anal about citations. Here people simply trust that I know this stuff :-) – Jyrki Lahtonen Sep 03 '19 at 11:24
  • All, sorry about poor proof-reading. I have a vector calculus lecture to prepare. Off the air. – Jyrki Lahtonen Sep 03 '19 at 11:57

0 Answers0