So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this field do the trick or are the special considerations and properties of that particular reducing polynomial?

If a more general discussion on appropriate fields for cryptographic operations, such as those used in ECC, is necessary, then I'd be happy to hear it. What I'm trying to get to is an understanding of whether there are any important properties in terms of the "randomness" of the operation - for example, are there weak fields to operate over? For example, $x^8 + x^3 + x + 1$ ought to also be irreducible - so would it be suitable? I ask partly because of the Galois/Counter Mode issue with short tags which lead me to think not all fields might hold equal strength. Right? Wrong? Inconsequential?

So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this field do the trick or are the special considerations and properties of that particular reducing polynomial?

If a more general discussion on appropriate fields for cryptographic operations, such as those used in ECC, is necessary, then I'd be happy to hear it. What I'm trying to get to is an understanding of whether there are any important properties in terms of the "randomness" of the operation - for example, are there weak fields to operate over? For example, $x^8 + x^3 + x + 1$ ought to also be irreducible - so would it be suitable? I ask partly because of the Galois/Counter Mode issue with short tags which lead me to think not all fields might hold equal strength. Right? Wrong? Inconsequential?

So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this field do the trick or are the special considerations and properties of that particular reducing polynomial?

If a more general discussion on appropriate fields for cryptographic operations, such as those used in ECC, is necessary, then I'd be happy to hear it. What I'm trying to get to is an understanding of whether there are any important properties in terms of the "randomness" of the operation - for example, are there weak fields to operate over? For example, $x^8 + x^3 + x + 1$ ought to also be irreducible - so would it be suitable? I ask partly because of the Galois/Counter Mode issue with short tags which lead me to think not all fields might hold equal strength. Right? Wrong? Inconsequential?

So we've already had a question on replacing the Rijndael S-Box. My question is - can we use a different finite field other than the one given by $x^8 + x^4 + x^3 + x + 1$ in $GF(2^8)$. In other words, would any irreducible polynomial over this field do the trick or are the special considerations and properties of that particular reducing polynomial?

If a more general discussion on appropriate fields for cryptographic operations, such as those used in ECC, is necessary, then I'd be happy to hear it. What I'm trying to get to is an understanding of whether there are any important properties in terms of the "randomness" of the operation - for example, are there weak fields to operate over? For example, $x^8 + x^3 + x + 1$ ought to also be irreducible - so would it be suitable? I ask partly because of the Galois/Counter Mode issue with short tags which lead me to think not all fields might hold equal strength. Right? Wrong? Inconsequential?