If H is a subgroup of G then #H | #G, that is, #H divides #G.
Proof For H = G, #H | #G holds trivially. Let us consider H G.
For any a G \ H, by Closure Axiom, coset a o H is a subset of G. We can show the following two facts:
For any a a', if a a' oH then (aoH) (a'oH) = .
i.
#(aoH) = #H.
ii.
For (i), suppose b (aoH) (a'oH). So c, c' H: aoc = b = a' o c'. Applying Inverse Axiom, Identity Axiom, Closure Axiom and Associative Axiom on elements in H, we have a = aoe = ao (c o c –1) = boc –1 = (a'oc') oc –1 = a' o (c' oc –1) a'oH.
This contradicts our assumption: a a' o H. As a special case, for a H = e o H, we have H (a o H) = .
For (ii), #(a o H) #H holds trivially by coset's definition. Suppose that the inequality is rigorous. This is only possible because for some b c, b, c H, a o b = a o c. Applying Inverse Axiom in G, we reach b = c, contradicting to b c.
Thus, G is partitioned by H and the family of its mutually disjoint cosets, each has the size #H. Hence #H | #G. (In general, partitioning a set means splitting it into disjoint subsets.)
Example 5.4.
Check Example 5.2(3): #H | # holds for every H as a subgroup of the "clock group" .
1.
Instantiate Example 5.2(5) using n = 21; we have Fermat(21) = {1, 8, 13, 20} satisfying
• Table of Contents
Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company
Publisher: Prentice Hall PTR Pub Date: July 25, 2003
ISBN: 0-13-066943-1 Pages: 648
Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing
cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.
.
2.
Lagrange's Theorem is not only very beautiful in group theory, but also very important in applications. Review our probabilistic primality test algorithm Prime_Test in §4.4.3.1. That algorithm tests whether an odd integer n is prime by testing congruence
using random x U . In Example 5.2(5) we have seen that Fermat(n) is the subgroup of defined by this congruence, and is a proper subgroup of if and only if n is not prime. Thus, by Lagrange's Theorem, #Fermat (n) | . Hence, if n is not prime, #Fermat(n) can be at most half the quantity . This provides us with the error probability bound ½ for each step of test, i.e., the working principle of Prime_Test (the probability space being ).
In §5.2.2 we will discuss another important application of Lagrange's Theorem in public-key cryptography.
Definition 5.8: Quotient GroupLet G be a (abelian) group and H G. The quotient group of G modulo H, denoted by G/H, is the set of all cosets aoH with a ranging over G, with the group operation defined by (aoH) (boH) = (aob) oH, and with the identity element being eo H.
Example 5.5.
Let n > 0 be an integer. Set = {0, ±n, ±2n, …, } is clearly a subgroup of under the integer addition. Quotient group
can only have n elements. This is because , and
so on, and consequently
• Table of Contents
Modern Cryptography: Theory and Practice By Wenbo Mao Hewlett-Packard Company
Publisher: Prentice Hall PTR Pub Date: July 25, 2003
ISBN: 0-13-066943-1 Pages: 648
Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing
cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal- world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.
In fact, is the formal and standard notation for . However, for presentation convenience, in this book we will always use the short-hand notation in place of .