ALGEBRAIC BASICS

The term algebra refers to the mathematical field of study that deals with sets of elements (e.g., sets of numbers) and operations on these elements.2The operations must satisfy specific rules (called axioms). These axioms are defined abstractly, but most of them are motivated by existing mathematical structures (e.g., the set of integers with the addition and multiplication operations).

1 http://shoup.net/ntb

2 For the purpose of this book, we assume familiarity with set theory at a basic level.

3.1.1 Preliminary Remarks

LetSbe a nonempty set and∗be a binary operation on the elements of this set.3_For

example,Smay be one of the following sets of numbers (that are frequently used in mathematics):

• The setN:={0,1,2, . . .}of natural numbers (also known as nonnegative or positive integers). In some literature, the termN+_{is used to refer toNwithout} zero (i.e.,N+ :=N\ {0}).

• The set Z := {. . . ,−2,−1,0,1,2, . . .} of integer numbers, or integers in short. In addition to the natural numbers, this set also comprises the negative numbers.

• The set Q of rational numbers. Roughly speaking, a rational number is a number that can be written as a ratio of two integers. More specifically, a number is rational if it can be written as a fraction where the numerator and denominator are integers and the denominator is not equal to zero. This can be expressed as follows:

Q:={a

b |a, b∈Zandb= 0}

• The setRof real numbers. Each real number can be represented by a converg- ing infinite sequence of rational numbers (i.e., the limit of the sequence refers to the real number). There are two subsets within the set of real numbers: algebraic numbers and transcendental numbers. Roughly speaking, an alge- braic number is a real number that is the root of a polynomial equation with integer coefficients, whereas a transcendental number is a real number that is not the root of a polynomial equation with integer coefficients. Examples of transcendental numbers areπande. Real numbers are the most general and most frequently used mathematical objects to model real-world phenomena. A real number that is not rational is called irrational, and hence the set of irrational numbers isR\Q. In some literature, the term R+ _{is also used to} refer to the real numbers that are nonnegative.

• The setCof complex numbers. Each complex number can be specified by a pair(a, b)of real numbers, and henceCcan be expressed as follows:

C:={a+bi|a, b∈Randi=√−1}

3 The choice of the symbol∗is arbitrary. The operations most frequently used in algebra are addition (denoted as+) and multiplication (denoted as·).

The first element of(a, b)is called the real part of the complex number, whereas the second element of(a, b)is called the imaginary part. This part is usually written as a multiple ofi=√−1, meaning that the imaginary part of

a+biis written asb(instead ofbi).

X

Y

f(X)

In this book, we assume some familiarity with functions and function families. As illustrated in Figure 3.1, a functionf :X →Y is a mapping from a domainX

to a codomainY assigning to everyx∈ Xa uniquef(x)∈Y. The range off is the subset of values ofY that are actually reached by the function (i.e.,f(X)⊆Y). A functionf :X→Y may be injective, surjective, or bijective.

• The functionf is injective (or one to one) if for allx1, x2 ∈ X it holds that

x1 = x2 ⇒ f(x1) = f(x2)(i.e., if two preimages are different, then the corresponding images are also different).

• The functionf is surjective (or onto) if for ally ∈Y there is anx∈Xwith

y =f(x), meaning thatf(X) =Y (i.e., the codomain and the range are the same).

• The functionf is bijective if it is both injective and surjective.

If we consider a set of functionsf :X →Y that takes a key as an additional input parameter, then we are talking about function families. Formally, a function family is a mapping

F :K×X→Y

whereX andY are the domain and codomain of the functions, andKis a set of possible keys. For everyk∈K, the mapfk :X →Y is defined asfk(x) =f(k, x)

and represents an instance of the family F. Consequently, F is a collection or ensemble of mappings. Every keyk∈ Kor mapfkoccurs with some probability,

and hence there is a probability distribution onK. IfK ={0,1}n_{and all keys are}

uniformly distributed, then

k←u K

refers to ann-bit keykthat is randomly chosen fromK. Furthermore,

f ←u F

refers to a functionfkthat is randomly chosen fromF. This can be translated into

k←u K;f ←fk(in this sequence). In other words,f is the functionfk, wherekis

a randomly chosen key.

We sometimes use the termRandX→Y _{to refer to the family of all functions}

from the domainX to the codomainY. IfX = Y, then we are talking about the family of all permutations onX, and we use the termP ermX→X_{orP(X)to refer}

to it. Permutations and families of permutations are further addressed in Section 3.1.4.

The fact that∗ is a binary operation on S means that it actually defines a function fromS ×S intoS. If a, b ∈ S, then the use of ∗ can be expressed as follows:

∗:S×S −→ S

(a, b) −→ a∗b

This expression suggests that two arbitrary elementsa, b ∈ S are mapped to a new element a∗ b ∈ S. In this setting, the operation∗ may have specific properties. We are mainly interested in commutative and associative operations as formally expressed in Definitions 3.1 and 3.2.