1. Find all irreducible polynomials in Z​2​[x] of degree 4. Justify your answer.

To be irreducible, a polynomial of degree 4 must have no linear or quadratic factors. To have

no linear factor, a polynomial must have constant term 1, and have an odd number of terms.
So, the polynomials with no linear factors are:
x​4​ + x​3​ + x​2​ + x + 1, x​4​ + x​3​ + 1, x​4​ + x​2​ + 1, and x​4​ + x + 1. To check for quadratic factors,
attempt to divide these polynomials by x​2​ + x + 1, the only quadratic irreducible polynomial in
Z​2​[x]. This can be done by just squaring this polynomial. (x​2​ + x + 1)​2​ = x​4​ + x​2​ + 1. This means
that x​4​ + x​2​ + 1 is the only polynomial in degree 4 that has no linear factors but is reducible. So
the irreducible polynomials in Z​2​[x] of degree 4 are:​ x​4​ + x​3​ + x​2​ + x + 1, x​4​ + x​3​ + 1, and x​4​ + x
+ 1​.

2. Which of the following polynomials are reducible in Z​2​[x]:

a. x​5​ + x​4​ + 1
From the previous question, if a polynomial has an odd number of terms and constant
term 1, it is reducible if it can be divided by the irreducible quadratic polynomial x​2​ + x +
1, (long division)
​ ​ x​3 ​- x + 1
x​2​ + x + 1 | x​5​ + x​4​ + 1
- x​5​ + x​4​ + x​3
= 0 + 0 - x​3​ + 1
- - x​3​ - x​2​ - x
= 0 + x​2​ + x + 1
- x​2​ + x + 1
= ​0 + 0 + 0 reducible
5​ 3​
b. x​ + x​ + 1
From the previous question, if a polynomial has an odd number of terms and constant
term 1, it is reducible if it can be divided by the irreducible quadratic polynomial x​2​ + x +
1, (long division)
​ x​3​ - x​2​ + x
x​2​ + x + 1 | x​5​ + x​3​ + 1
- x​5​ + x​4​ + x​3
= 0 + x​3​ - x​4​ + 1 - x​3
= -x​4​ + 1
- -x​4​ - x​3​ - x​2
= 0 + x​3​ + x​2​ + 1
- x​3​ + x​2​ + x
= 0 + 0 + (​1 - x) irreducible
5​ 4​ 2​
c. x​ + x​ + x​ + 1
 From the previous question it is known that for a polynomial to be irreducible, it must
first have an odd number of terms, so x​5​ + x​4​ + x​2​ + 1 must be reducible
​(x + 1) (x​4​ + 2x​2​ + x + 1) = x​5​ + x​4​ + x​2​ + 1

3. Compute in ​GF(​ 2​8​):

(x​4​ + x + 1) / (x​7​ + x​6​ + x​3​ + x​2​)
Where the irreducible polynomial is the one used in AES, ​P​(x) = x​8​ + x​4​ + x​3​ + x + 1. (Table 4.2
shows the multiplicative inverses for this field)
Since division is multiplication by the inverse, (x​4​ + x + 1) / (x​7​ + x​6​ + x​3​ + x​2​) = (x​4​ + x + 1) *
(11001100)​2​ = (x​4​ + x + 1) * (CC)​hex​ ​ = (x​4​ + x + 1) * (1B)​hex​ = (x​4​ + x + 1) * (0001 1011)​2​ = (x​4​ + x
+ 1) * (x​4​ + x​3​ + x + 1) (given by table 4.2)
(x​4​ + x + 1) * (x​4​ + x​3​ + x + 1) = x​8​ + x​7​ + x​5​ + x​4​ + x​5​ + x​4​ + x​2​ + x + x​4​ + x​3​ + x + 1 = x​8​ + x​7​ + 2x​5
+ 3x​4​ + x​2​ + x​3​ + 2x + 1 = x​8​ + x​7​ + x​4​ + x​3​ + x​2​ + 1 mod 2
(use long division to mod by x​8​ + x​4​ + x​3​ + x + 1)
​ ​ 1
x​ + x​ + x​ + x + 1 | x​8​ + x​7​ + x​4​ + x​3​ + x​2​ + 1
8​ 4​ 3​

- x​8​ + x​4​ + x​3​ + x + 1 + 0

= 0 + ​x7​​ - x + x​2​ lower degree than mod polynomial, final answer

4. Compute 1100 0011 * 0011 0011 in GF(256) using the AES irreducible polynomial.
1100 0011 * 0011 0011 = (x​7​ + x​6​ + x + 1) * (x​5​ + x​4​ + x + 1) = x​12​ + x​11​ + x​8​ + x​7​ + x​11​ + x​10​ + x​7
+ x​6​ + x​6​ + x​5​ + x​2​ + x + x​5​ + x​4​ + x + 1 = x​12​ + 2x​11​ + x​8​ + 2x​7​ + x​10​ + 2x​6​ + 2x​5​ + x​2​ + 2x + x​4​ + 1
= x​12​ + x​10​ + x​8​ + x​4​ + x​2​ + 1 mod 2 (use long division to mod by x​8​ + x​4​ + x​3​ + x + 1)
​ ​ x​4​ + x​2
x​8​ + x​4​ + x​3​ + x + 1 | x​12​ + x​10​ + x​8​ + x​4​ + x​2​ + 1
- x​12​ + x​8​ + x​7​ + x​5​ + x​4
= 0 + x​10​ - x​7​ - x​5​ + x​2​ + 1
- 0 + x​10​ +x​6​ + x​5​ + x​3​ + x​2
= 0 + 0 - x​7​ - x​6​ - x​5​ - x​5​ + x​2​ - x​3​ + 1 - x​2​ lower degree, done dividing
- x​7​ - x​6​ - x​5​ - x​5​ + x​2​ - x​3​ + 1 - x​2​ =​ x​7​ + x​6​ + x​3​ + 1 mod 2 = (1100 1001)​2

5. Find the multiplicative inverse of (72)​16​ using the AES irreducible polynomial, EEA for
polynomials and long division.
(72)​16​ = (01110010)​2​ = x​6​ + x​5​ + x​4​ + x

step q r s t

0 x​8​ + x​4​ + x​3​ + x + 1 1 0

0 x​6​ + x​5​ + x​4​ + x 0 1

1 x​2​ + x x​5​ + x​4​ + x​2​ + x + 1 0 - (1 * (x​2​ + x))
1 = x​2​ + x

2 x x​4​ + x​3​ + x​2 x 1 - x (x​2​ + x) =

x​3​ + x​2​ + 1

3 x x​3​ + x​2​ + x + 1 1 - x (x) = x​2​ + 1 (x​2​ + x) - x (x​3​ + x​2​ + 1) = (x​2​) - (x​4​ + x​3​) =
x​4​ + x​3​ + x​2

4 x x x - x (x​2​ + 1) = x - (x​3​ + (x​3​ + x​2​ + 1) - x (x​4​ + x​3​ + x​2​) = (x​3​ + x​2​ + 1)

x) = x​3 - (x​5​ + x​4​ + x​3​) =
x​5​ + x​4​ + x​2​ + 1

5 x​2​ + x + 1 1 x​2​ + 1 - (x​2​ + x + 1) * x​3 x​4​ + x​3​ + x​2​ - (x​2​ + x + 1) * (x​5​ + x​4​ + x​2​ + 1)
= x​2​ + 1 - (x​5​ + x​4​ + x​3​) = = (x​4​ + x​3​ + x​2​) - (x​7​ + x​3​ + x + 1) =
x​5​ + x​4​ + x​3​ + x​2​ + 1 x​7​ + x​4​ + x​2​ + x + 1

6 x 0 x​3​ - (x) * (x​5​ + x​4​ + x​3​ +

x​2​ + 1) = x​3​ - (x​6​ + x​5​ +
x​4​ + x​3​ + x) = x​6​ + x​5​ +
x​4​ + x

Step 1:​ ​ x​2​ ​+ x ​= q mod 2

x​6​ + x​5​ + x​4​ + x | x​8​ + x​4​ + x​3​ + x + 1
- x​8​ + x​7​ + x​6​ + x​3​ + 0
= 0 - x​7​ - x​6​ + x​4​ + x + 1
- 0 - x​7​ - x​6​ - x​5​ - x​2
= 0 + 0 + 0 + x​5​ + x​4​ + x​2​ + x + 1 = r mod 2

Step 2:​ ​ x​ = q mod 2

x​ + x​ + x​ + x + 1 | x​6​ + x​5​ + x​4​ + x
5​ 4​ 2​

- x​6​ + x​5​ + x​3​ + x​2​ + x

= 0 + 0 + x​4​ + x​3​ + x​2​ = r mod 2

Step 3:​ ​ x​ = q mod 2

x​ + x​ + x​ | x​5​ + x​4​ + x​2​ + x + 1
4​ 3​ 2​

- x​5​ + x​4​ + x​3​ + 0 + 0

= 0 + 0 + x​3​ + x​2​ + x + 1 = r mod 2

Step 4:​ ​ x​ = q mod 2

x​ + x​ + x + 1 | x​4​ + x​3​ + x​2
3​ 2​

- x​4​ + x​3​ + x​2​ + x

= 0 + 0 + 0 + x = r mod 2
 Step 5:​ ​ x​2​ + x + 1​ = q mod 2
x | x​3​ + x​2​ + x + 1
- x​3​ + 0 + 0 + 0
= 0 + x​2​ + x + 1
- x​2​ + 0 + 0
= 0 +x+1
- x+0
= 0 + 1 = r mod 2

Step 6:​ ​ x​ = q mod 2

1|x
-x
= 0 = r mod 2

The multiplicative inverse of [(72)​16​ = (01110010)​2​ = x​6​ + x​5​ + x​4​ + x]

is [x​7​ + x​4​ + x​2​ + x + 1 = (10010111)​2​ = (97)​16​]

6. Compute the S-Box (the ByteSub layer) value for the following input bytes:
Recall that in order to do this, you should first look up the inverses in table 4.2 to obtain
intermediary value ​B’​ ​. Next, perform the affine mapping by computing the matrix-vector
multiplication and addition mod 2. (Verify results with table 4.3)
a. (29)​16
The inverse of (29)​16​ is (0A)​16​ = (0000 1010)​2​. Perform affine mapping:
[affine matrix] [inverse vector] [constant vector] [result vector]
(1 0 0 0 1 1 1 1) (0) (1) (1)
(1 1 0 0 0 1 1 1) (1) (1) (0)
(1 1 1 0 0 0 1 1) (0) (0) (1)
(1 1 1 1 0 0 0 1) * (1) + (0) mod 2 = (0)
(1 1 1 1 1 0 0 0) (0) (0) (0)
(0 1 1 1 1 1 0 0) (0) (1) (1)
(0 0 1 1 1 1 1 0) (0) (1) (0)
(0 0 0 1 1 1 1 1) (0) (0) (1)
In proper form: ​(1010 0101)​2​ = (A5)​16

b. (F3)​16
The inverse of (F3)​16​ is (34)​16​ = (0011 0100)​2​. Perform affine mapping:
[affine matrix] [inverse vector] [constant vector] [result vector]
(1 0 0 0 1 1 1 1) (0) (1) (1)
(1 1 0 0 0 1 1 1) (0) (1) (0)
(1 1 1 0 0 0 1 1) (1) (0) (1)
(1 1 1 1 0 0 0 1) * (0) + (0) mod 2 = (1)
(1 1 1 1 1 0 0 0) (1) (0) (0)
(0 1 1 1 1 1 0 0) (1) (1) (0)
(0 0 1 1 1 1 1 0) (0) (1) (0)
(0 0 0 1 1 1 1 1) (0) (0) (0)
In proper form: ​(0000 1101)​2​ = (0D)​16