Home/ Questions/Q 258227
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T22:09:47+00:00

I am looking for a way to uniformly choose values in GF(2^M) between two

  • 0

I am looking for a way to uniformly choose values in GF(2^M) between two bounds.

GF(2^M) is a Galois Field – See GF(4) as defined on this page – http://www.math.umbc.edu/~campbell/Math413Spr09/Notes/12-13_Finite_Fields.html
From a technical, non-math perspective, this is most similar to CRC operations.

For example: 

ulong gf2step( ulong x, int bits, ulong p ) 
{  
    x = x << 1;   // "multiply" by x 
    if ( x >= (1 << bits)) x = x ^ p;   
    return x;
}

Expanding the example from below:

  12 is '1100  
 '1100 shifted left by 1 becomes `11000. Since bit 4 is set, xor with `10011 (p). 
  Next is `1011 or 11.

Similarly,

  9 is '1001
 '1001 shifted left by 1 becomes `10010. Since bit 4 is set, xor with `10011 (p). 
  Next is `0001.

My obvious method is to start with the integer exponents corresponding to the bounds, pick a random exponent between those and generate the value from that.

However, this has two problems —
1. Given arbitrary bounds, I can’t find the corresponding integer exponent..
2. This will be repeated many, many times, so I am concerned about exponentiation speed.

Example: 

 int gf2random( ulong low, ulong high, ulong p); 

 gf2random( 12, 13, 19) should return evenly from the set {12, 11,5,10,7,14,15, 13}
 gf2random( 9, 1, 19)  should return either 9 or 1

I can step the values in GF(2^M) fairly easily – but I’m not sure how to avoid overshooting the upper bound.

Does it simplify the problem if the low bound was always ‘1’ ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m not completely sure I understand your question, so I’ll try to reformulate it.
    You are given a finite field GF(2^M) a generator g of the multiplicative group and two elements g^a and g^b. You may or may not know the exponents a and b. The question is to uniformly select elements g^c where a<= c < b. Since you say that tables are not an option I’d assume you want to work with a rather large M. Hope I got this right.

    If M is large then discrete logarithm is hard to compute. Hence if you don’t know a and b upfront you’ll not be able to find them. The difficulty of the discrete logarithm also implies that given a random element h in GF(2^M) it is hard to decide whether h is one of the valid elements g^c, because if you had such an algorithm to make this kind of decision then this algorithm could be used to solve discrete logarithms. In particular if you have two elements g^a and g^c and don’t know either a or c then you can’t easily decide whether c < a or not.

    From the comments above I’d expect that your problem is not easily solvable, even though what I wrote is not a proof. It might be helpful, if you also added a bigger picture of the problem that you want to solve. Maybe there is some other way to generate the random elements.

    • 0