GCM forbidden_attack breaks on Sage 10.7 (integer_representation removed)

[idrassi]

The GCM forbidden attack uses gf2e element.integer_representation(), which is no longer available in Sage 10.7 for NTL-backed GF(2^128) elements. This causes test_gcm to fail.

Steps to Reproduce (Sage 10.7)

Run: sage -python -m pytest test/test_gcm.py
Observe failure in attacks/gcm/forbidden_attack.py

Expected: GCM test passes and forge_tag computes a valid tag.

Actual: AttributeError: 'FiniteField_ntl_gf2eElement' object has no attribute integer_representation.

Environment

• SageMath 10.7 (Conda)
• Python: 3.12.x
• OS: Linux

Proposed Fix

Use the new Sage API from_integer()/to_integer() for GF(2^128), preserve the original bit ordering by manually reversing 128 bits:

• _to_gf2e: from_integer(reverse_bits_128(n))
• _from_gf2e: reverse_bits_128(to_integer())
  Keep the legacy conversion as fallback for older Sage builds if needed.

[jvdsn]

Please try the latest version.

[idrassi]

Thanks, it works.
In my approach, I wanted to use newer API but ended up adding more complexity because of NTL issue. Your approach is simpler.

[jvdsn]

Thanks for bringing it to my attention, happy it works!