Group Theory and Number Theory for Cryptology

1
Group Theory and Number Theory for Cryptology
Irene Gassko and Peter Gemmell
2
Definition Group

• A set G of elements and operator _at_ form a group
  if
• for all x,y in G, x _at_ y is also in G
  (inclusion)
• there is an identity element e such that for
  all x in G, e_at_x x
• for all x in G, there is an inverse element x-1
  such that x-1_at_x e
• for all x,y,z in G, (x_at_y)_at_z x_at_(y_at_z)
  (associativity)
• abelian groups have the property for all x,y
  in G, x_at_y y_at_x

Note sometimes the group operator may be
denoted or , the identity denoted 0 or
1 and the inverse of x -x.
Note 2 unless stated otherwise, we consider
only abelian groups
3
Examples of Groups
The integers under addition
G Z the integers -3, -2, -1, 0 , 1 , 2

the group operator is , ordinary addition

• the integers are closed under addition
• the identity is 0
• the inverse of x is -x
• the integers are associative
• the integers are commutative (so the group is
  abelian)

4
Examples of Groups
The non-zero rationals under multiplication
G Q -0 a/b a,b non-zero integers
the group operator is , ordinary multiplication

• If a/b, c/d are in Q-0, then a/b c/d
  (ac/bd) is in Q-0
• the identity is 1
• the inverse of a/b is b/a
• the rationals are associative
• the rationals are commutative (so the group is
  abelian)

5
Examples of Groups
The non-zero reals under multiplication
G R -0
the group operator is , ordinary multiplication

• If a, b are in R-0, then ab is in R-0
• the identity is 1
• the inverse of a is 1/a
• the reals are associative
• the reals are commutative (so the group is
  abelian)

6
Examples of Groups
The integers mod N under addition
G ZN the integers modulo N 0 N-1
the group operator is , modular addition

• the integers modulo N are closed under addition
• the identity is 0
• the inverse of x is -x
• addition is associative
• addition is commutative (so the group is
  abelian)

7
Examples of Groups
The integers mod p under multiplication
G Zp the non-zero integers modulo p 1
p-1
the group operator is , modular multiplication

• the integers modulo p are closed under
  multiplication this is so because if GCD(x, p)
  1 and GCD(y,p) 1 then GCD(xy,p) 1
• the identity is 1
• the inverse of x is from Euclids
  algorithm ux vp 1 GCD(x,p) so x-1
  u also x-1 u xp-2
• multiplication is associative
• multiplication is commutative (so the group is
  abelian)

8
Examples of Groups
ZN the multiplicative group mod N
G ZN the positive integers modulo N
relatively prime to N
the group operator is , modular multiplication

• the integers modulo N are closed under
  multiplication this is so because if GCD(x, N)
  1 and GCD(y,N) 1 then GCD(xy,N) 1
• the identity is 1
• the inverse of x is from Euclids
  algorithm ux vN 1 GCD(x,N) so x-1
  u ( x f(N)-1)
• multiplication is associative
• multiplication is commutative (so the group is
  abelian)

9
Examples of a non-abelian group
GL(2), 2 by 2 non-singular real matrices under
matrix multiplication
GL(2) , ad-bc 0
a b c d

• if A and B are non-singular, so is AB
• the identity is I
• /(ad-bc)
• matrix multiplication is associative
• matrix multiplication is not commutative

1 0 0 1
10
Subgroups

• (H,_at_) is a subgroup of (G,_at_) if
• H is a subset of G
• (H,_at_) is a group

11
Example
Subgroups
Let G Z7 1,2,3,4,5,6 the multiplicative
group modulo 7 Let H 1,2,4 (mod 7) a subset
of G Note 1. H is closed under multiplication
modulo 7 2. 1 is still the identity 3. 1 is 1
inverse, 2 and 4 are inverses of each other 4.
associativity still applies 5. commutativity
still applies
H is a subgroup of G
12
Example
Subgroups
Let G R-0 the non-zero reals under
multiplication Let H Q-0 the non-zero
rationals under multiplication H is a subset of
G and G, H are groups
H is a subgroup of G
13
Group order
The order of a group (G,_at_) equals the size of set
G Notation order(G), ord(G), G
14
example
Group order
For all N,
order(ZN) N order(ZN) f(N)
15
Order of an element
Let x be an element of group G The order of x is
the least positive number k such that xk
1 Notation order(x), ord(x)
16
Order of an element
Example Z7 the multiplicative group modulo
7 Z7 1,2,3,4,5,6 order(1) 1 because 11
1 order(2) 3 because 23 8 1 and 3 is the
smallest such number order(3) 6 because 36 93
23 1 and 6 is order(4) 3 because 43 64
1 and 6 is order(5) 6 because 56 253 43
1 and 6 is order(6) 2 because 62 36 1
and 6 is ...
17
Theorem
For all groups G and every element x of G ,
order(x) divides order(G)
18
Generated Sets
Let (G,_at_) be a group and let S s1, , sk be
a subset of G Define by ltSgt all elements of the
form s1i1 skik where i1, , ik are
integers ltSgt is the set generated by S
19
Lemma For any subset S of group (G,_at_), ltSgt is a
subgroup of G
Proof
Recall ltSgt s1i1 skik where i1, , ik are
integers
So

• ltSgt is closed under _at_
• 1 is the identity
• (s1i1 skik ) -1 s1-i1 sk-ik
• associativity, commutativity still hold

20
Example
Generated Groups
Let G Z7 1,2,3,4,5,6 the multiplicative
group modulo 7 Let H 1,2,4 (mod 7) a
subgroup of G Let S 2. Then lt2gt 2i for
integers i 23 1 implies that lt2gt 1,2,4 H
2 generates the subgroup H of G
21
Example
Generated Groups
Let G Z7 1,2,3,4,5,6 the multiplicative
group modulo 7 Let S 3. Then lt3gt 3i
for integers i 36 1 implies that lt3gt
1,3,2,6,4,5 G
3 generates G
22
Fact
For every group G and element x of G, order(x)
ltxgt
23
Cyclic groups
Let (G,_at_) be a group such that there exists an
element x of G such that G ltxgt (x generates G)
Then G is a cyclic group
24
Cosets
Let (G,_at_) be a group and (H,_at_) be a subgroup of G
Let x be an element of G
xH xy y in H is a (left) coset of H
respect to G
25
Lemma
Cosets
Let H be a subgroup of G and let x,y be elements
of G
Either xH yH or xH and yH are disjoint
proof
If xH yH, then there are v,w in H such that xv
yw Let z xu be any element of xH. Then z
xu ywv-1u must be an element of yH because
w,v-1, and u are elements of H. This shows that
xH is a subset of yH. A similar argument shows
that yH is a subset of xH.
26
Lemma
Cosets
Let H be a subgroup of G and let x be an element
of G
Then xH order(H)
proof
Assume xH is not equal to H. For every element
v in xH, there is exactly 1 element h x-1v in H
such that v xh. Because of this 1-to-1
mapping, we have xH H
corollary order(H) divides order(G)
27
Euclids algorithmto compute GCD(x,y)
example GCD(68,24)
68 2(24) 20 24 20 4 20 5(4)
GCD(68,24) 4
28
Euclids algorithmto compute GCD(x,y)
Definition of the algorithm
Assume x gt y let x a1 y b1 where b1 lt y
let y a2 b1 b2 where b2 lt b1 let b1 a3
b2 b3 ... For the first i such that bi1 0,
we have GCD(x,y) bi
29
Euclids extended GCD algorithmto compute
GCD(x,y), u, v, where ux vy GCD(x,y)
Assume x gt y let x a1 y b1 where b1 lt y
let y a2 b1 b2 where b2 lt b1 let b1 a3
b2 b3 For the first i such that bi1 0, we
have GCD(x,y) bi
30
Euclids extended GCD algorithmto compute
GCD(x,y), x-1 mod y, and y-1 mod x
31
Problem

• A set G of elements and operator _at_ satisfy
• for all x,y in G, x _at_ y is also in G
  (inclusion)
• there is an identity element e such that for
  all x in G, e_at_x x
• G is finite
• For all x,y,z in G, if x_at_y x_at_z , then y z
• for all x,y,z in G, (x_at_y)_at_z x_at_(y_at_z)
  (associativity)

Show that (G,_at_) is a group