Applications of Group Theory in Cryptography and Coding Theory
Applications of Group Theory in Cryptography and Coding Theory
Applications of Group Theory in Cryptography and Coding Theory
net/publication/348805092
CITATIONS READS
0 213
2 authors:
All content following this page was uploaded by Rohan Joshi on 13 October 2021.
Abstract
We aim to study the role of group theory in classical cryptography and quantum
CSS codes. Number theory and group theory play an important role in the security
of classical public key cryptosystems. Here, we wish to show the construction and
properties of two specific classical cryptographic techniques, namely RSA and Diffie -
Hellman that employ difficulty of carrying out certain computations in the groups for
security of the protocols. Similarly, group theory is integral to the theory of quantum
error correction codes. Here, we wish to show the role of group theory in providing
robustness to a special class of quantum codes, namely CSS codes. These codes are
worth exploring since they have a deep relation with security in Quantum cryptographic
techniques.
Contents
1 Introduction 2
5 Conclusions 10
References 10
1
1 Introduction
The word cryptography originates from two Greek words: kryptos (secret) and graphein
(writing).Thus cryptography is the art of communicating a message in secret manner or in
other words, it is the art of rendering a message unintelligible to any unauthorized party.The
classical cryptographic protocols developed so far are secure under some assumptions and
use group theoretic principles extensively.The mathematics of public-key cryptography uses
a lot of group theory. Different cryptosystems use different groups, such as the group of
units in modular arithmetic and the group of rational points on elliptic curves over a finite
field. This use of group theory derives from the efficiency or difficulty of carrying out certain
computations in the groups.
It is well known that group theory finds many different applications in coding theory, pro-
viding simple and good error-correcting codes. Good codes refer to the codes that saturate
certain bounds for high code rates, i.e., they require low number of redundancy bits for
error - correcting propertied. Recent developments in Quantum Error Correction has led to
the realization that these concepts can be used in correcting quantum errors too and good
quantum errors can, in fact, be obtained.
Definition: Let G be a set together with a binary operation that assigns to each ordered
pair (a, b) of elements of G an element in G denoted by ab. We say G is a group under this
operation if the following three properties are satisfied.
• Associativity: The operation is associative; that is, (ab)c = a(bc) for all a, b, c in G.
2
called a cyclic group. A cyclic group can have more than one generator.
Theorem: Given group G, if a ∈ G has finite order, then so does ak for any integer k
|a|
and furthermore |ak | = gcd(|a|,k) .
Fermat’s Little Theorem: This theorem states that for every integer a and every prime
p, ap mod p ≡ a mod p.
3
• On the basis of key used:
– Symmetric key:
If in a cryptographic protocol the same key is used for both encryption and de-
cryption,then such a protocol is called symmetric key cryptographic protocol.
– Asymmetric key:
If in a cryptographic protocol different keys are used for encryption and decryp-
tion, then the protocol is called asymmetric key cryptographic protocol.
We know that a cipher is secure if and only if it is impossible to unlock the cryptogram
without the key.In practice, this impossibility requirement is often weakened to the extent
that the system is just extremely hard to crack.The amount of time required to solve a hard
problem depends on the size of the problem. Here the computational task is decryption of
the message and length of the problem is the size of the key. Classical cryptography uses
this principle to its advantage by making the problem of cracking the key computationally
hard for any classical computer. Some cryptographic protocols use group theoretic concepts
to achieve this task. RSA and Diffie-Hellman key exchange protocols are two such examples.
4
Figure 1: Diffie-Hellman Key Exchange using colours
the multiplicative group of integers modulo p, where p is prime, and g is a generator of this
group.These two values are chosen in this way to ensure that the resulting shared secret can
take on any value from 1 to p–1.
The protocol is given as follows:
• Step 1: Alice and Bob agree upon and make public two numbers: a prime p and a
generator g ∈ Zn∗ where Zn∗ = {x ∈ Zn | gcd(x, n) =1}.
• Step 2: Alice chooses a random a ∈ Zp∗ and computes A = g a mod p and sends it to
Bob.
• Step 3: Bob chooses a random b ∈ Zp∗ and computes B = g b mod p and sends it to
Alice.
• Step 4: Alice computes s = B a mod p. Bob computes s = Ab mod p.
Both Alice and Bob have arrived at the same values because under modp, Ab mod p =
g ab mod p = g ba mod p = B a mod p.
Alice and Bob now share a secret.
The strength of the scheme comes from the fact that it takes Eve extremely long times to
perform the required computations just from the knowledge of p, g, g a mod p and g b mod
p.Since Eve does not know either a or b,she needs to compute g ab mod p directly.This is
so-called a discrete logarithm problem: Solve for x the equation
y = g x mod p, (2)
given y, g and p.
There is no algorithm to accomplish this in a reasonable amount of time, making it a com-
putationally hard problem to solve which provides it the desired security.
The procedure described above can be generalized to finite cyclic groups.Here is a more
general description of the protocol:
• Step 1: Alice and Bob agree publicly on a finite cyclic group G of order n and a
generating element g in G.
5
• Step 2: Alice picks a random natural number a, where 1 < a < n and sends g a to Bob.
• Step 3: Bob picks a random natural number b, which is also 1 < b < n and sends g b
to Alice.
Both Alice and Bob are now in possession of the group element g ab which serves as the
shared secret key. The group G satisfies the requisite condition for secure communication if
an efficient algorithm for determining g ab given g, g a and g b does not exist.
Diffie Hellman key exchange protocol establishes a secret shared key between two parties
while RSA protocol provides direct encryption and security of messages.
• Step 1: Bob starts with two large prime numbers p and q. He computes their product
n = pq and another product φ(n) = (p-1)(q-1).
• Step 2: Now he chooses a nontrivial coprime e of φ(n) and announces e and n publicly.
So {n, e} is the public key which will be used for encryption.
• Step 3: Bob computes de = 1 mod φ(n) and uses that to form his private key. The
key that he uses later for decryption is {d, n}, of which n is provided in public channel
so essentially d is the private key.
• Step 4: Alice encrypts a message m as c = me mod n and sends it back to Bob over a
public channel.
• Step 5: Bob decrypts the message as cd mod n = med mod n. Since Bob has de =
1 mod φ(n), there exists some integer k, such that
de = 1 + k × φ(n) (3)
which gives
≡ m(modn) (5)
Since only Bob has the private key, the message is secure.
6
4 Group Theory in Coding Theory
4.1 Preliminaries: Classical Coding Theory
Quantum error-correcting codes were invented recently, but classical error-correcting codes
have a much longer history. Over the past century, a remarkably beautiful and powerful
theory of classical coding has been erected. Much of this theory can be exploited in the
construction of QECCs. Here we will quickly review just a few elements of the classical
theory, confining our attention to binary linear codes. The object of an error- correcting
code is to add redundancy to the original information or message in such a fashion so that
the original message can be recovered even if it is subject to some noise.Mathematically, we
may say that the length-n vector v(α1 , ..., αk ) encodes the length-k message α = (α1 , ..., αk )
by adding n − k redundant bits in an analytical manner to the original length-k message.
In order to define a binary linear code, we consider the space V of all n-tuples of 0’s and 1’s
with addition of vectors component wise mod 2.
HGT = 0 ; (6)
where GT is the transpose of G; since the codes C and C ⊥ are orthogonal.A code is called
self − orthogonal or self − dual if C ⊆ C ⊥ .
A very important concept in coding theory is the weight of a vector.
Definition: The weight of a vector u is the number of nonzero components it has and is
denoted by wt(u).Similarly,the minimum weight of a code, denoted by d is defined as the
weight of the nonzero vector of smallest weight in the code.
Another important concept is the distance between vectors.
Definition: The distance function is a metric and hence,satisfies all the properties of a
metric. In coding theory, it is defined between two vectors u and v to be the number of
positions in which they differ and is denoted by d(u, v).
It is easy to see that
d(u, v) = wt(u − v). (7)
An error occurring in an n-bit string can be characterized by an n-component vector e, where
the 1’s in e mark the locations where errors occur. When afflicted by the error vector e, the
7
codeword v becomes u = v + e. Codes are constructed in such a way that these errors can
be detected and possibly, corrected. Many decoding schemes are used for this purpose.
• No cloning: Classical bits can be easily cloned. This is forbidden for the quantum bits
(qubits) by the no-cloning theorem.
• Errors are continuous: For a classical bit, the only kind of error is a bit flip but a
continuum of different errors may occur on a single qubit. Determining which error
occurred in order to correct it would appear to require infinite precision, and therefore
infinite resources. The same difficulties are faced in analog classical computation, hence
explaining its lower popularity compared to digital computation despite being much
more powerful.
Fortunately, none of these problems is fatal. Quantum physics itself and sheer ingenuity
on our part can help overcome these difficulties. Quantum entanglement is used to counter
the first difficulty and achieve the desired results by circumventing the no-cloning theorem.
Also, the apparent continuum of errors that may occur on a single qubit can all be corrected
by correcting only a discrete subset of those errors, namely X - denoting bit flip and Z -
denoting phase flip errors; all other possible errors being corrected automatically by this
procedure! For the last one, using syndrome detection and decoding can resolve the arising
conflict.
Over the past two decades, a number of QECCs have been developed using the concepts of
classical coding theory. We look at one such class of codes, namely CSS codes which enjoy
a special position in the field of quantum information due to multiple reasons, as discussed
before.
CSS (Calderbank-Shor-Steane) codes exploit the concept of a self-dual code. Suppose C1
and C2 are [n, k1 ] and [n, k2 ] classical linear codes such that C2 ⊂ C1 and C1 and C2⊥ both
correct t errors. C2 defines an equivalence relation in C1 ; we say that u, v ∈ C1 are equivalent
(u ≡ v) if and only if there is a w in C2 such that u = v + w. The equivalence classes are the
8
cosets of C2 in C1 . The classical error-correcting properties of C1 and C2⊥ can be exploited
to detect and correct upto t bit and phase flip quantum errors!
A CSS code is a [n, k1 − k2 ] quantum code that associates a codeword with each coset. Each
element of a basis for the code subspace can be expressed as:
1 X
|wi = √ |v + wi (8)
2k2 v∈C2
an equally weighted superposition of all the words in the coset represented by w. Since there
are 2k1 −k2 cosets, the number of codewords is the same. The error correction properties of
the code simply comes down to the distinct distribution into codewords for each coset as we
will see now.
Suppose that bit-flips are represented by a vector e and phase-flips are represented by f with
both vectors containing at most t ones. this means that the overall error is given by X e Z f
with X e Z f = (1)e.f Z f X e .
A quantum operation, namely Hadamard, denoted by H used extensively in our analysis has
the following effect:
• H ⊗n |C2 i = C2⊥
• H ⊗n C2⊥ = |C2 i
• H ⊗n X e = Z e H ⊗n , and
• H ⊗n Z e = X e H ⊗n
Consider an arbitrary valid codeword (neglecting the superposition coefficients) of the CSS
code X
|wi = |v + wi (9)
v∈C2
The syndrome detection by parity check matrix H1 of C1 using additional qubits gives
X
(1)e.f Z f |v + w + ei |H1 ei (11)
v∈C2
9
Since the only errors left now are the phase flip errors, Hadamard operation is applied to
each qubit, taking the state to
X X X
H ⊗n Z f X w |vi = X f Z w |zi = (1)w.f Z w X f |zi (14)
v∈C2 z∈C2⊥ z∈C2⊥
5 Conclusions
In this project, various applications of group theory in classical cryptography - specifically
Diffie-Hellman and RSA protocols, and coding theory are explored. Discussions on Diffie-
Hellman and RSA usually rely on the concepts on number theory expressed in less abstract
forms. Here, we have tried to explain the same using group theory. Not only is it more
elegant this way, but it also helps in generalizing these encryption techniques making them
much more powerful. Similarly, group theory is integral to classical coding theory. These
properties are inherited by Quantum error correction codes too. Here, we have shown the
role of the same in providing robustness to a special class of quantum codes - CSS codes.
References
[1] M. A. Nielsen. I. L. Chuang, Quantum Computation and Quantum Information
[2] Joseph A. Gallian, Contemporary Abstract Algebra
[3] Vera Pless, Introduction to the Theory of Error-correcting Codes
[4] Anirban Pathak, Elements of Quantum Communication
[5] M. A. Nielsen. I. L. Chuang, Quantum Computation and Quantum Information
[6] John Preskill, Preskill Lecture Notes, Chapter 7
[7] John Watrous, Introduction to Quantum Computing (2005)
10
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: