Graham Sutherland / Polynomial

4 days ago

@dysfun the matrix-vector multiply is:

b[0]*A[0,0]+b[1]*A[0,1]+...+b[7]*A[0,7]
b[0]*A[1,0]+b[1]*A[1,1]+...+b[7]*A[1,7]
...
b[0]*A[7,0]+b[1]*A[7,1]+...+b[7]*A[7,7]

but since this is operating in GF(2) every element is 0 or 1 (a single bit) so a multiply by 0 is 0 and only 1*1 gets you a 1, thus each multiply is just and AND, and the sum is mod 2 so it turns into a parity calculation.

addition is xor so the vector addition is simply a 1-bit xor.

and that's basically it.

as for bit twiddles...

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@dysfun the instruction is doing the affine transformation step on the right hand page of my notes - the big matrix multiplication followed by vector addition step, mod 2.

Intel call it A*x+b, so A would be the 8x8 matrix, x is the input vector (b'[0-7] in my notes), b is the added vector (11000110 in AES).

it's mod 2 so the vector addition is just xor.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@schrottkatze it's the standard for laser projector imaging. covers both a file format (containing vector frame data for displaying on a laser projector) and a physical interface standard (differential signalling over DB25 connector) for laser projectors.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@schrottkatze ILDA output? :)

Likes: 0

Replies: 0

Boosts: 0

4 days ago

I'm up to 9 pages of notes on Galois field maths and the construction and properties of AES, based on Christof Paar's lectures.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

it's been forever since I made hand written notes. my knuckles hurt (arthritic joint condition and being left handed kinda sucks lol) but I'm quite happy with these.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@r they had been teaching it very much as "it's how you determine the slope of the graph" without any applied context and I just couldn't fathom why you would want to know what the gradient was on a graph at a particular x coordinate, let alone why you'd want to find the coordinate where a particular gradient was found, especially given how involved and unintuitive the procedures to do so could be. naturally once I could map it to a physics context it was trivial to understand why the use-case.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@r I'm also a visual learner. I can't do abstract concepts; I need a concrete example and application. I spent the first 75% of calculus at school being unable to grok it at all, blindly following rules and procedures by rote, until my physics teacher happened to put the equations of motion on the board in a certain order and suddenly it clicked that they were derivatives of one another, and that calculus was about modelling dependent behaviours like rates of change, and then I understood fine.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@r part of the problem I've found is that most of the lectures on the subject are being delivered to students who have been studying number theory and related topics as part of a dedicated mathematics module, so there's an expectation of comfort and recent familiarity with the underlying mathematical concepts, which I lack. I couldn't have really told you what a group, ring, or field was before the lecture, for example. my algebra is mostly only exercised for electronics.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

re: spoiler/help

@r because I haven't done polynomial division in years and can't remember the procedure at all. I think I had maybe two hours worth of tutoring on it back in 2005 or 2006. I remember being taught trial division at some point for factorisation, so that's the mental model I applied to understanding the approach here. wasn't until I had some time to percolate on it that I realised there was a rigorous procedure being followed rather than trialling based on elimination convenience.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

@r the direct focus on the procedure and minimal formalism with no expectations of knowing much beyond simple algebra (e.g. explaining the definitions of group, ring, field in basic terms) is the key here. any less focus on the implementation and examples would have been insufficient here; it's really not an accessible topic otherwise.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

spoiler/help

the reason xor is used here is because addition, subtraction, and xor are all the same operation in GF(2), so the c^=p' line does the addition step he showed in the example.

I'm not 100% sure the above is correct for all cases, but it does at least follow the same approach - sh represents the index you raise x to for each trial division step, so if you have x^4 as your highest index term in C' and x^3 as your highest index term in P, then you're going to trial divide by x^1, i.e. x.

Likes: 0

Replies: 0

Boosts: 0

4 days ago

spoiler/help

I think if you do the polynomial product A(x)∙B(x) to get C'(x), then interpret the coefficients of C'(x) and P(x) as bit vectors, you can do the modulo reduction as follows:

```
c = c'
while c >= 2^3:
sh = msb(c)-msb(p)
p' = p<<sh
c ^= p'
```

where msb() returns the index of the MSB.

so in his example of C'(x)=x^4+x^3+x+1 and P(x)=x^3+x+1, the steps are:

p=1011 (x^3+x+1)
c'=11011 (x^4+x^3+x+1)
c=11011
c>=2^3
sh=1
p'=10110
c=1101
c>=2^3
sh=0
p'=1011
c=110
c<2^3

thus, c=x^2+x

Likes: 0

Replies: 0

Boosts: 0

4 days ago

spoiler/help

the trickiest part for me was the polynomial reduction at the end.

if you get stuck there too: since the coeffs are mod 2 you just cancel out matching terms. he first trialled x as the divisor, getting us P*x so that the x^3 term in P would become x^4 and cancel out the x^4 term in C'. the result of this trial still had an x^3 term, so still not in GF(2^3), so he trialled x+1 as the divisor. he could test this by dividing the first trial result by P and that gave a result in GF(2^3)

Likes: 0

Replies: 1

Boosts: 0

4 days ago

just finished watching this lecture and holy crap I actually understand the fundamentals of Galois field arithmetic now, at least sufficiently for most cryptographic use. such a fantastic presentation that doesn't really expect any maths knowledge beyond fundamental algebra and integer modulo arithmetic.

if you choose to watch this, I highly recommend keeping a set of notes along the way - I found that it really aided my comprehension and retention of the details.

https://youtu.be/x1v2tX4_dkQ

Likes: 0

Replies: 0

Boosts: 1

1 week ago

if I had to pick a single moment to highlight from 2024, it would be my first ever DJ set performed live in front of people instead of just streamed from home. talk about starting on a high point.

this incredible slow-mo shot from @jtruk, with major thanks to @yagfox, @solexious, and the rest of the EMF/nullsector folks for making it such a blast.

Mentions: @solexious@chaos.social

Likes: 0

Replies: 1

Boosts: 0