# Montgomery Representation of $GF(p^k)$

In cryptographic applications, a Galois field $GF(p^k)$ are typically represented directly as elemnts of the ring $\mathbb Z_p[x]$  --- that is, as polynomials with coefficients in $\mathbb Z_p$. Concretely, these are stored as lists of coefficients because the indeterminate $x$ of the polynomial is really just a formal marker of the degree. 

But as we have seen, even multiplication in $GF(p^k)$ is complicated by the need to reduce polynomials by some fixed irreducible polynomial $m$ of degree $k$. This is not usually a big problem for $p=2$. But it would be an obstruction for other primes.

In [18]:
def ext_binary_gcd(a,b):
    """Extended binary GCD.
    Given input a, b the function returns d, s, t
    such that gcd(a,b) = d = as + bt."""
    
    # First, find largest exponent of 2 in common, and reduce a and b by that
    r = 0
    while (a % 2 == 0) and (b % 2 == 0):
        a, b, r = a//2, b//2, r+1
    alpha, beta = a, b
    # gcd(original a, original b) = gcd(a,b)<<r
    # original a = lpha << r
    # original b = beta << r
    #
    # from here on we maintain 
    #   a = u * alpha + v * beta
    #   b = s * alpha + t * beta
    #
    
    u, v = 1, 0
    while (a % 2 == 0):
        # alpha is even, beta is odd
        a = a//2
        if (u % 2 == 0) and (v % 2 == 0):
            u, v = u//2, v//2
        else:
            u, v = (u + beta)//2, (v - alpha)//2
    
    s, t = 0, 1
    while a != b:
        if (b % 2 == 0):
            b = b//2
#
# Commentary: note that here, since b is even,
# (i) if s, t are both odd then so are alpha, beta
# (ii) if s is odd and t even then alpha must be even, so beta is odd
# (iii) if t is odd and s even then beta must be even, so alpha is odd
# so for each of (i), (ii) and (iii) s + beta and t - alpha are even
#
            if (s % 2 == 0) and (t % 2 == 0):
                s, t = s//2, t//2
            else:
                s, t = (s + beta)//2, (t - alpha)//2
        elif b < a:
            a, b, u, v, s, t = b, a, s, t, u, v
        else:
            b, s, t = b - a, s - u, t - v
    return (2 ** r) * a, s, t

In [9]:
MonoAlgs=[
          "x<=x",
          "x<=y & y<=x -> x=y",
          "x<=y & y<=z -> x<=z",
          "x+y=z -> x<=z",
          "0<=x",
          "x*0=0",
          "x<=y -> x*z<=y*z",
          "(x+y)+z=x+(y+z)",
          "x+y=y+x",
          "x+0=x",
          "(x*y)*z=x*(y*z)",
          "x*y=y*x",
          "x*1=x",
          "x*(y+z)=(x*y)+(x*z)",
          "x<=y+z <-> x@z<=y",
#          "(x+y)@y=x",
]

In [14]:
p9(MonoAlgs,["x=x"],0,4)

FileNotFoundError: [Errno 2] No such file or directory: 'prover9': 'prover9'