(Solved): 3. Galois Counter Mode (GCM) provides authentication using GHASH unit. Suppose we get the polynomi ...

3. Galois Counter Mode (GCM) provides authentication using GHASH unit. Suppose we get the polynomial for the 128-bit hash subkey \( (H) \) as: \( H(x)=x^{27}+x^{25}+x^{20}+x^{4}+x+1 \). Also, as you know, the irreducible polynomial for GCM is: \( P(x)=x^{128}+x^{7}+x^{2}+x+1 \). Find the polynomial representing \( \beta(x)=\left(M_{1} \cdot H+M_{2}\right) \cdot H \bmod P(x) \) assuming the two 128-bit input blocks to GHASH are as follows: \( M_{1}=x^{89}+x^{23}+x^{10}, M_{2}=x^{93}+x^{24}+x^{10}+x \). \( \beta(x)=\left(M_{1} \cdot H+M_{2}\right) \cdot H \bmod p(x) \) is what you have to derive in \( \mathrm{GF}\left(2^{128}\right) \) after reduction. This is a very simple calculation which is done in practice thousands of times for eventually deriving a tag.