Example 5.1 Groups - Modern Cryptography Theory & Practice pdf

The set of integers is a group under addition +, i.e., ( , +) is a group, with e = 0 and a-1_{= –}_a_{. This is an}_additive_{group and is an infinite group (and is abelian). Likewise, the} set of rational numbers , the set of real numbers , and the set of complex numbers are additive and infinite groups with the same definitions for identity and inverse.

Non-zero elements of , and under multiplication · are groups with e = 1 and a-1 being the multiplicative inverse (defined in the usual way). We denote by , , these

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing

cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

groups, respectively. Thus, the full denotations for these groups are: ( , ·), ( , ·) and ( , ·). They are called multiplicative groups. They are infinite.

For any n 1, the set of integers modulo n forms a finite additive group of n elements; here addition is in terms of modulo n, the identity element is 0, and for all element a in the group, a–1₌_{n – a}_{(property 2 of}_{Theorem 4.2}_{, in §}_4.3.2.5_{). We denote by} _{this group.} Thus, the full denotation of this group is ( , + (mod n)). (Notice that is a shorthand notation for a formal and standard notation /n . We shall see the reason in

Example 5.5.)

The numbers for hours over a clock form under addition modulo 12. Let us name ( , + (mod 12)) "clock group."

The subset of containing elements relatively prime to n (i.e., gcd(a, n) = 1) forms a finite multiplicative group; here multiplication is in terms of modulo n, e = 1, and for any element a in the group, a–1_{can be computed using extended Euclid algorithm (}_{Alg 4.2}_). We denote by this group. For example, , · (mod 15)) = ({1, 2, 4, 7, 8, 11, 13, 14}, · (mod 15)).

For set B = {F, T}, let o = be (logical XOR): F F = F, F T = T F = T, T T = F. Then B under is a finite group with e = F and T–1₌_T_.

The roots of x3_{– 1 = 0 is a finite group under multiplication with}_e_{= 1 (obviously 1 is a} root). Denote by Roots(x3_{– 1) this group. Let us find the other group elements in Roots(}_x3 – 1) and their inverses. As a degree-3 polynomial, x3_{– 1 has three roots only. Let}_a_,_b_be the other two roots. From x3_{– 1 = (}_x_{– 1) (}_x2₊_x_{+ 1),}_a_and_b_{must be the two roots of} x2₊_x_{+ 1 = 0. By the relation between the roots and the coefficient of a quadratic} equation, we have ab = 1. Thus, a–1₌_b_and_b–1₌_a_{. The reader may check that Closure} Axiom is satisfied (i.e., a2_and_b2_{are roots of}_x3_{– 1 = 0).}

Definition 5.4: Shorthand Representation of Repeated Group OperationsLet G be a group with operation o. For any element a G, and for any non-negative integer , we denote by ai_{G the following element}

We should pay attention to two points in the following remark.

. Remark 5.1

We write ai_{G only for a shorthand presentation of} _{Notice that the}

"operation" between the integer i and the element a is not a group operation.

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

Some groups are conventionally written additively, e.g., ( , + (mod n)). For these groups, the reader may view ai_{as i · a. However, in this shorthand view, one must notice}

that "·" here is not a group operation and the integer i is usually not a group element (considering the case ( , + (mod n)) with i > n).

ii.

Definition 5.5: SubgroupA subgroup of a group G is a non-empty subset H of G which is itself a group under the same operation as that of G. W e write H G to denote that H is a subgroup of G, and H G to denote that H is a proper subgroup of G (i.e., H G).

Example 5.2.

Under addition, ;

Under addition, the set of even integers plus 0 is a subgroup of the groups in (1); so is the set of odd numbers plus 0.

The "clock group" ( , + (mod 12)) has the following subgroups: ({0}, +), ({0, 6}, +), ({0, 4, 8}, +), ({0, 3, 6, 9}, +), ({0, 2, 4, 6, 8, 10}, +), ( , +).

Under multiplication, .

Let n be an odd positive integer and let Fermat(n) denote the subset of such that any a

Fermat(n) satisfies (mod n). Then

Moreover, if n is a prime number, then by Fermat's Little Theorem (Theorem 6.10 in §6.4), ; otherwise, Fermat(n) is a proper subgroup of

{F} is a proper subgroup of the group B in Example 5.1(6). However, {T} is not a subgroup of B since it does not contain an identity (i.e., breach of Identity Axiom).

(Review Example 4.1) Polynomial-time language DIV3 is a subgroup of ;

Set {e} is a subgroup of any group.

Definition 5.6: Order of a GroupThe number of elements in a finite group G is called the order of G and is denoted by #G.

Example 5.3.

#Zn = n; 1. 2. 3.

• Table of Contents

Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company

Publisher: Prentice Hall PTR Pub Date: July 25, 2003

ISBN: 0-13-066943-1 Pages: 648

5.2.1 Lagrange's Theorem

Let us now introduce a beautiful and important theorem in group theory.

Definition 5.7: CosetLet G be a (abelian) group and H G . For a G , set a is called a ( left) coset of H.

In document Modern Cryptography Theory & Practice pdf (Page 167-170)