B504/I538: Introduction to Cryptography Spring 2017 • Lecture 17 (2017—03—07)

Assignment 4 is due on Tuesday after break! (2017—03—21) (That’s just two weeks from today!!)

Groups In our case this is typically multiplication Defn: Let G be a non-empty set and let ‘•’ be a binary operation acting on ordered pairs of elements from G. The pair (G,•) is called a group if Closure: ∀a,b∈G, Associativity: ∀a,b,c∈G, Identity: ∃e∈G, Inverses: ∀a∈G, The group (G,•) is abelian (or commutative) if Commutative: ∀a,b∈G, ??? a•b∈G ??? (a•b)•c=a•(b•c) ∀a∈G, a•e=e•a=a ??? ??? ∃a-1∈G such that a•a-1=a-1•a=e a•b=b•a ???

Examples of groups (ℤ,+), ( ℚ,+), and (ℝ,+) ?? Identity: Inverse of a: (ℝ∖{0}, •) and (ℚ∖{0}, •) where • is regular multiplication (ℤn,⊞) where ⊞ is addition modulo n Q: Is (ℤn,⊡) a group, where ⊡ is multiplication modulo n? A: No! Not all elements of ℤn have a multiplicative inverse modulo n ?? -a ?? 1 ?? 1⁄a ?? ?? n-a ??

Examples of groups (℥n,⊡) where ⊡ is multiplication modulo n ?? Identity: Inverse of a: Q: Is (℥n,⊞) where ⊞ is addition modulo n? A: NO! ℥n is not closed under addition modulo n. Q: Is (ℕ,+) a group? A: NO! ℕ does not have additive inverses! 1 ?? a-1 mod n ??

Examples of groups Q: Let ℤodd denote the set of odd integers. Explain why (ℤodd,-) is not a group. A1: ℤodd has no identity: 0 is even Also, no identity ⇒ no inverses A2: ℤodd is not closed under subtraction: odd-odd=even A3: Subtraction is not associative: (a-b)-c≠a-(b-c)

Elementary properties of groups Thm (uniqueness of identity): In a group (G,•), there is only one identity element. Thm (uniqueness of inverses): Let (G,•) be a group. For each a∈G, there exists a unique inverse. Proofs of these facts are very simple (you are asked to prove them on assignment 5!)

Elementary properties of groups Thm (cancellation): Let (G,•) be a group. The left and right cancellation laws both hold; that is, for all a,b,c∈G, Left cancellation: a•b=a•c⇒b=c Right cancellation: b•a=c•a ⇒b=c Proof (for right cancellation): Suppose b•a=c•a. Multiplying on the right by a-1 yields (b•a)•a-1=(c•a)•a-1 By associativity, (b•a)•a-1=b•(a•a-1)=b and (c•a)•a-1=c•(a•a-1)=c Hence b=c. A symmetric argument proves left cancellation holds.

Exponentiation For n∈{1,2,3,…} we define an=a•a•a•••a For n=0, we define an=e For n∈{-1,-2,-3, …} we define an=(a-1)-n Q: Is (a•b)n=an•bn? A: Sometimes! Specifically, (a•b)n=an•bn if a•b=b•a n times Thm (law of exponents): Let (G,•) be a group and let m,n∈ℤ. For each a∈G, am•an=am+n and (am)n=amn.

Order Defn: The number of elements in a group (G,•) is called its order. We write |G| to denote the order of (G,•). Defn: Let (G,•) be a group and let a∈G. The smallest positive integer i such that ai=e is called the order of a in (G,•). We write |a| to denote the order of a in G. If |a|=|G|, then we call a a generator of (G,•).

That’s all for today, folks!