# Montgomery Representation of $GF(p^k)$

In cryptographic applications, a Galois field $GF(p^k)$ are typically represented directly as elemnts of the ring $\mathbb Z_p[x]$  --- that is, as polynomials with coefficients in $\mathbb Z_p$. Concretely, these are stored as lists of coefficients because the indeterminate $x$ of the polynomial is really just a formal marker of the degree. 

But as we have seen, even multiplication in $GF(p^k)$ is complicated by the need to reduce polynomials by some fixed irreducible polynomial $m$ of degree $k$. This is not usually a big problem for $p=2$. But it would be an obstruction for other primes.

In [2]:
import numpy as np

In [7]:
help(np.uint32)

Help on class uint32 in module numpy:

class uint32(unsignedinteger)
 |  Unsigned integer type, compatible with C ``unsigned int``.
 |  Character code: ``'I'``.
 |  Canonical name: ``np.uintc``.
 |  Alias *on this platform*: ``np.uint32``: 32-bit unsigned integer (0 to 4294967295).
 |  
 |  Method resolution order:
 |      uint32
 |      unsignedinteger
 |      integer
 |      number
 |      generic
 |      builtins.object
 |  
 |  Methods defined here:
 |  
 |  __abs__(self, /)
 |      abs(self)
 |  
 |  __add__(self, value, /)
 |      Return self+value.
 |  
 |  __and__(self, value, /)
 |      Return self&value.
 |  
 |  __bool__(self, /)
 |      self != 0
 |  
 |  __divmod__(self, value, /)
 |      Return divmod(self, value).
 |  
 |  __eq__(self, value, /)
 |      Return self==value.
 |  
 |  __float__(self, /)
 |      float(self)
 |  
 |  __floordiv__(self, value, /)
 |      Return self//value.
 |  
 |  __ge__(self, value, /)
 |      Return self>=value.
 |  
 |  __gt__(self, value

In [23]:
def ext_binary_gcd(a,b):
    """Extended binary GCD.
    Given input a, b the function returns d, s, t
    such that gcd(a,b) = d = as + bt."""
    old_a = a
    old_b = b
    
    r = 0
    # Loop invariants:
    #   old_a = a<<r
    #   old_b = b<<r
    #   gcd(old_a,old_b) = gcd(a,b)<<r
    while (a % 2 == 0) and (b % 2 == 0):
        # a and b are even
        a, b, r = a>>1, b>>1, r+1
    # either a or b is odd (or both)
    
    alpha, beta = a, b
    # So gcd(old_a,old_b) = gcd(alpha,beta)<<r
    
    u, v = 1, 0
    k = 0  # only needed for stating the invariants.
    # Loop invariants:
    #   gcd(a,beta) = gcd(alpha,beta)
    #   a = u*a + v*beta
    #   alpha = a<<k
    while (a % 2 == 0):
        # a is even
        # alpha is even
        # beta is odd
        # EXPLAIN WHY: v is even 
        a = a>>1
        if (u % 2 == 0):
            u, v = u>>1, v>>1
            # EXPLAIN WHY: a = u*a + v*beta
        else:
            # u and beta are odd
            # Because a changed
            #   2*a = u*2*a + v*beta
            u, v = (u + beta)>>1, (v - alpha)>>1
            # EXPLAIN WHY: a = u*a + v*beta
        # v is even iff a is even
        k += 1
    # a is odd        
    # v is odd 
    # v = ... ??? 
            
    s, t = 0, 1
    k = 0
    # Loop invariants:
    #    gcd(alpha,beta) = gcd(a,b)
    #    a = u*a + v*b
    #    b = s*t + t*b
    while a != b:
        # a != b
        # b<<r = old_a*s + old_b*t ??? 
        if (b % 2 == 0):
            b = b>>1
            if (s % 2 == 0):
                # s is even
                # t is even ???
                s, t = s>>1, t>>1
            else:
                # s is odd 
                # t - alpha is even ??? 
                s, t = (s + beta)>>1, (t - alpha)>>1
        elif b < a:
            a, b, u, v, s, t = b, a, s, t, u, v
        else:
            b, s, t = b - a, s - u, t - v
        k += 1
        
    # gcd(old_a,old_b) = a<<r = old_a*s + old_b*t
    return a<<r, s, t

In [25]:
ext_binary_gcd(72,48)

(24, -3, 5)

In [30]:
hex((-25))

'-0x19'

In [9]:
MonoAlgs=[
          "x<=x",
          "x<=y & y<=x -> x=y",
          "x<=y & y<=z -> x<=z",
          "x+y=z -> x<=z",
          "0<=x",
          "x*0=0",
          "x<=y -> x*z<=y*z",
          "(x+y)+z=x+(y+z)",
          "x+y=y+x",
          "x+0=x",
          "(x*y)*z=x*(y*z)",
          "x*y=y*x",
          "x*1=x",
          "x*(y+z)=(x*y)+(x*z)",
          "x<=y+z <-> x@z<=y",
#          "(x+y)@y=x",
]

In [14]:
p9(MonoAlgs,["x=x"],0,4)

FileNotFoundError: [Errno 2] No such file or directory: 'prover9': 'prover9'