Applications of Group Theory in Cryptography and Coding Theory

Download as pdf or txt
Download as pdf or txt
You are on page 1of 11

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/348805092

Applications of Group Theory in Cryptography and Coding Theory

Technical Report · September 2020

CITATIONS READS

0 213

2 authors:

Akhil Gupta Rohan Joshi


Delhi Technological University Delhi Technological University
5 PUBLICATIONS   0 CITATIONS    7 PUBLICATIONS   0 CITATIONS   

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Rohan Joshi on 13 October 2021.

The user has requested enhancement of the downloaded file.


Applications of Group Theory in Cryptography and
Coding Theory
Akhil Gupta, Rohan Joshi

Abstract
We aim to study the role of group theory in classical cryptography and quantum
CSS codes. Number theory and group theory play an important role in the security
of classical public key cryptosystems. Here, we wish to show the construction and
properties of two specific classical cryptographic techniques, namely RSA and Diffie -
Hellman that employ difficulty of carrying out certain computations in the groups for
security of the protocols. Similarly, group theory is integral to the theory of quantum
error correction codes. Here, we wish to show the role of group theory in providing
robustness to a special class of quantum codes, namely CSS codes. These codes are
worth exploring since they have a deep relation with security in Quantum cryptographic
techniques.

Contents
1 Introduction 2

2 Preliminaries: Group Theory 2

3 Group Theory in Cryptography 3


3.1 Preliminaries: Classical Cryptography . . . . . . . . . . . . . . . . . . . . . . 3
3.2 Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.3 RSA Encryption Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

4 Group Theory in Coding Theory 7


4.1 Preliminaries: Classical Coding Theory . . . . . . . . . . . . . . . . . . . . . 7
4.2 CSS Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

5 Conclusions 10

References 10

1
1 Introduction
The word cryptography originates from two Greek words: kryptos (secret) and graphein
(writing).Thus cryptography is the art of communicating a message in secret manner or in
other words, it is the art of rendering a message unintelligible to any unauthorized party.The
classical cryptographic protocols developed so far are secure under some assumptions and
use group theoretic principles extensively.The mathematics of public-key cryptography uses
a lot of group theory. Different cryptosystems use different groups, such as the group of
units in modular arithmetic and the group of rational points on elliptic curves over a finite
field. This use of group theory derives from the efficiency or difficulty of carrying out certain
computations in the groups.
It is well known that group theory finds many different applications in coding theory, pro-
viding simple and good error-correcting codes. Good codes refer to the codes that saturate
certain bounds for high code rates, i.e., they require low number of redundancy bits for
error - correcting propertied. Recent developments in Quantum Error Correction has led to
the realization that these concepts can be used in correcting quantum errors too and good
quantum errors can, in fact, be obtained.

2 Preliminaries: Group Theory


In this section, some basic notations and results of group theory (without proof) are re-
viewed, which will be frequently used later.

Definition: Let G be a set together with a binary operation that assigns to each ordered
pair (a, b) of elements of G an element in G denoted by ab. We say G is a group under this
operation if the following three properties are satisfied.
• Associativity: The operation is associative; that is, (ab)c = a(bc) for all a, b, c in G.

• Identity: There is an identity element e in G such that ae = ea = a for all a in G.


In a group G, there is only one identity element.

• Inverses: For each element a in G, there is an element b in G(called an inverse of a)


such that ab = ba = e.
For every element a of G, there is a unique inverse element in G.
If a group has the property that ab = ba for every pair of elements a and b, we say the group is
Abelian. A group is non−Abelian if there is some pair of elements a and b for which ab = ba.

Definition: Order of a Group


The number of elements of a group (finite or infinite) is called its order. We will use |G| to
denote the order of G.
For an element a in group G,we define the order of a as |a| to be the smallest positive integer
such that a|a| = e if such a number exists, and ∞ otherwise.

Definition: An element g ∈ G is called a generator of G if G = {g n | n ∈ Z} and G is

2
called a cyclic group. A cyclic group can have more than one generator.

Theorem: Given group G, if a ∈ G has finite order, then so does ak for any integer k
|a|
and furthermore |ak | = gcd(|a|,k) .

Definition: Let G be a group and H be a nonempty subset of G. For any a ∈ G, the


set {ah | h ∈ H} is denoted by aH. Analogously, Ha = {ha | h ∈ H}.When H is a subgroup
of G, the set aH is called the left coset of H in G containing a, whereas Ha is called the
right coset of H in G containing a.

Lagrange’s Theorem: If G is a finite group and H is a subgroup of G, then |H| di-


vides |G|. Moreover, the number of distinct left (right) cosets of H in G is |G|/|H|.

Definition: Euler Phi function


The Euler Phi function, φ(n) tells us how many numbers are there between 1 and n − 1
which are relatively prime to n.Some important facts about this fucntion are:

• If p is prime, then φ(p) = p − 1.

• If p and q are distinct primes then φ(pq) = φ(p)φ(q) = (p − 1)(q − 1).

Fermat’s Little Theorem: This theorem states that for every integer a and every prime
p, ap mod p ≡ a mod p.

Euler’s Theorem:This theorem is a generalization of Fermat’s little theorem. It states that


if for n and a positive integers which are coprime (gcd(a, n) = 1), then aφ(n) ≡ 1 mod n.
Proof: Euler’s theorem can be proven easily enough using only the tools concepts described
above. It is a fact that the residue classes modulo n that are coprime to n form a group
under multiplication. The order of that group is φ(n). If a is any number coprime to n, then
a is in one of these residue classes, and its powers a, a2 , ..., ak modulo n form a subgroup
of the group of residue classes, with ak ≡ 1(modn). Lagrange’s theorem says that k must
divide φ(n), i.e. there is an integer M such that kM = φ(n). This then implies,

aφ(n) ≡ akM ≡ 1M ≡ 1(modn) (1)

3 Group Theory in Cryptography


3.1 Preliminaries: Classical Cryptography
Cryptography relies on a simple principle.A cipher is an algorithm which combines the mes-
sage to be encrypted with some additional information known as the key and produces a
cryptogram.If the key is secure then the cryptogram is secure. This fundamental principle
of cryptography is known as Kerckhoff’s principle.This principle implies that the security of
a cipher depends only on the secrecy of the key and not on the secrecy of the protocol used
for encryption. Cryptographic techniques can be broadly categorised

3
• On the basis of key used:

– Symmetric key:
If in a cryptographic protocol the same key is used for both encryption and de-
cryption,then such a protocol is called symmetric key cryptographic protocol.

– Asymmetric key:
If in a cryptographic protocol different keys are used for encryption and decryp-
tion, then the protocol is called asymmetric key cryptographic protocol.

• Types of the channel used:

– Private key cryptographic system:


The parties may have communicated before and shared a key. They may use
the previously shared key at a later time when it is required. This type of cryp-
tographic system is referred to as a private key cryptographic system. Usually
private key cryptographic systems use a symmetric key. Until 1976 only this type
of cryptographic system was in existence.

– Public key cryptographic system:


The key is generated through discussions over public channels. This type of cryp-
tographic scheme is known as public key cryptography and is usually asymmetric.
In 1976, Whitfield Diffie and Martin Hellman introduced the path-breaking con-
cept of public key cryptography, which allows two people to exchange confidential
information even if they have never met and the communication channel used
by them is monitored by undesired person/persons.The actual implementation of
this idea was done by Ronald Rivest, Adi Shamir, and Leonard Adleman in 1978.
The specific implementation is known as RSA and it is frequently used today.

We know that a cipher is secure if and only if it is impossible to unlock the cryptogram
without the key.In practice, this impossibility requirement is often weakened to the extent
that the system is just extremely hard to crack.The amount of time required to solve a hard
problem depends on the size of the problem. Here the computational task is decryption of
the message and length of the problem is the size of the key. Classical cryptography uses
this principle to its advantage by making the problem of cracking the key computationally
hard for any classical computer. Some cryptographic protocols use group theoretic concepts
to achieve this task. RSA and Diffie-Hellman key exchange protocols are two such examples.

3.2 Diffie-Hellman Key Exchange


Diffie–Hellman key exchange is a method of securely exchanging symmetric cryptographic
keys over a public channel and was one of the first public-key protocols developed by Ralph
Merkle, Whitfield Diffie and Martin Hellman.
Suppose we have two people wishing to communicate: Alice and Bob. They do not want the
eavesdropper Eve to know their message.The simplest implementation of the protocol uses

4
Figure 1: Diffie-Hellman Key Exchange using colours

the multiplicative group of integers modulo p, where p is prime, and g is a generator of this
group.These two values are chosen in this way to ensure that the resulting shared secret can
take on any value from 1 to p–1.
The protocol is given as follows:

• Step 1: Alice and Bob agree upon and make public two numbers: a prime p and a
generator g ∈ Zn∗ where Zn∗ = {x ∈ Zn | gcd(x, n) =1}.
• Step 2: Alice chooses a random a ∈ Zp∗ and computes A = g a mod p and sends it to
Bob.
• Step 3: Bob chooses a random b ∈ Zp∗ and computes B = g b mod p and sends it to
Alice.
• Step 4: Alice computes s = B a mod p. Bob computes s = Ab mod p.
Both Alice and Bob have arrived at the same values because under modp, Ab mod p =
g ab mod p = g ba mod p = B a mod p.
Alice and Bob now share a secret.
The strength of the scheme comes from the fact that it takes Eve extremely long times to
perform the required computations just from the knowledge of p, g, g a mod p and g b mod
p.Since Eve does not know either a or b,she needs to compute g ab mod p directly.This is
so-called a discrete logarithm problem: Solve for x the equation
y = g x mod p, (2)
given y, g and p.
There is no algorithm to accomplish this in a reasonable amount of time, making it a com-
putationally hard problem to solve which provides it the desired security.
The procedure described above can be generalized to finite cyclic groups.Here is a more
general description of the protocol:
• Step 1: Alice and Bob agree publicly on a finite cyclic group G of order n and a
generating element g in G.

5
• Step 2: Alice picks a random natural number a, where 1 < a < n and sends g a to Bob.

• Step 3: Bob picks a random natural number b, which is also 1 < b < n and sends g b
to Alice.

• Step 4: Alice computes (g b )a . Similarly,Bob computes (g a )b .

Both Alice and Bob are now in possession of the group element g ab which serves as the
shared secret key. The group G satisfies the requisite condition for secure communication if
an efficient algorithm for determining g ab given g, g a and g b does not exist.
Diffie Hellman key exchange protocol establishes a secret shared key between two parties
while RSA protocol provides direct encryption and security of messages.

3.3 RSA Encryption Algorithm


RSA (Rivest–Shamir–Adleman) is an algorithm used by modern computers to encrypt and
decrypt messages. It is an asymmetric cryptographic algorithm. RSA is used for purposes
when any sender can encrypt a message using the public key but only the receiver can decrypt
it with the private key in their possession.
The protocol is given as follows:

• Step 1: Bob starts with two large prime numbers p and q. He computes their product
n = pq and another product φ(n) = (p-1)(q-1).

• Step 2: Now he chooses a nontrivial coprime e of φ(n) and announces e and n publicly.
So {n, e} is the public key which will be used for encryption.

• Step 3: Bob computes de = 1 mod φ(n) and uses that to form his private key. The
key that he uses later for decryption is {d, n}, of which n is provided in public channel
so essentially d is the private key.

• Step 4: Alice encrypts a message m as c = me mod n and sends it back to Bob over a
public channel.

• Step 5: Bob decrypts the message as cd mod n = med mod n. Since Bob has de =
1 mod φ(n), there exists some integer k, such that

de = 1 + k × φ(n) (3)

which gives

med ≡ mkφ(n)+1 ≡ m × mkφ(n) ≡ m × (mφ (n))k (modn) (4)

≡ m(modn) (5)
Since only Bob has the private key, the message is secure.

6
4 Group Theory in Coding Theory
4.1 Preliminaries: Classical Coding Theory
Quantum error-correcting codes were invented recently, but classical error-correcting codes
have a much longer history. Over the past century, a remarkably beautiful and powerful
theory of classical coding has been erected. Much of this theory can be exploited in the
construction of QECCs. Here we will quickly review just a few elements of the classical
theory, confining our attention to binary linear codes. The object of an error- correcting
code is to add redundancy to the original information or message in such a fashion so that
the original message can be recovered even if it is subject to some noise.Mathematically, we
may say that the length-n vector v(α1 , ..., αk ) encodes the length-k message α = (α1 , ..., αk )
by adding n − k redundant bits in an analytical manner to the original length-k message.
In order to define a binary linear code, we consider the space V of all n-tuples of 0’s and 1’s
with addition of vectors component wise mod 2.

Definition: An [n, k] linear, binary code C is a k-dimensional subspace of V . In sim-


pler terms, it is the set of all linear combinations of k independent vectors in V .
Since a code is a vector subspace, it can be given by a basis.

Definition: Generator Matrix


The matrix whose rows are the basis vectors of a [n, k] code C is called its generator matrix.
It is a k × n matrix.
An alternative and equivalent way to specify a code is by giving a parity check matrix.For
any code subspace C, there is a dual or orthogonal code subspace C ⊥ = {u ∈ V | u.w =
0 ∀w ∈ C}. The basis vectors of C ⊥ form the parity check matrix, denoted by H. These
two formulations come together in the equation

HGT = 0 ; (6)

where GT is the transpose of G; since the codes C and C ⊥ are orthogonal.A code is called
self − orthogonal or self − dual if C ⊆ C ⊥ .
A very important concept in coding theory is the weight of a vector.
Definition: The weight of a vector u is the number of nonzero components it has and is
denoted by wt(u).Similarly,the minimum weight of a code, denoted by d is defined as the
weight of the nonzero vector of smallest weight in the code.
Another important concept is the distance between vectors.

Definition: The distance function is a metric and hence,satisfies all the properties of a
metric. In coding theory, it is defined between two vectors u and v to be the number of
positions in which they differ and is denoted by d(u, v).
It is easy to see that
d(u, v) = wt(u − v). (7)
An error occurring in an n-bit string can be characterized by an n-component vector e, where
the 1’s in e mark the locations where errors occur. When afflicted by the error vector e, the

7
codeword v becomes u = v + e. Codes are constructed in such a way that these errors can
be detected and possibly, corrected. Many decoding schemes are used for this purpose.

Syndrome Decoding: Syndrome decoding is a highly efficient method of decoding a linear


code over a noisy channel. Since it is known that, for a codeword v, Hv = 0, the received
vector u will give Hu = H(v + e) = Hv + He = He. He is called the syndrome of the error
e. Since it is known that He is mapped to e in the syndrome table, it can be easily detected
and corrected.

4.2 CSS Codes


There are some important differences between classical and quantum systems that require
new ideas to be introduced to make such quantum error-correcting codes possible. In quan-
tum systems, there are three rather formidable difficulties that has to be dealt with:

• No cloning: Classical bits can be easily cloned. This is forbidden for the quantum bits
(qubits) by the no-cloning theorem.

• Errors are continuous: For a classical bit, the only kind of error is a bit flip but a
continuum of different errors may occur on a single qubit. Determining which error
occurred in order to correct it would appear to require infinite precision, and therefore
infinite resources. The same difficulties are faced in analog classical computation, hence
explaining its lower popularity compared to digital computation despite being much
more powerful.

• Measurement destroys quantum information: In classical error-correction, we observe


the output from the channel and decide what decoding procedure to adopt. Observa-
tion in quantum mechanics generally destroys the quantum state under observation,
and makes recovery impossible.

Fortunately, none of these problems is fatal. Quantum physics itself and sheer ingenuity
on our part can help overcome these difficulties. Quantum entanglement is used to counter
the first difficulty and achieve the desired results by circumventing the no-cloning theorem.
Also, the apparent continuum of errors that may occur on a single qubit can all be corrected
by correcting only a discrete subset of those errors, namely X - denoting bit flip and Z -
denoting phase flip errors; all other possible errors being corrected automatically by this
procedure! For the last one, using syndrome detection and decoding can resolve the arising
conflict.
Over the past two decades, a number of QECCs have been developed using the concepts of
classical coding theory. We look at one such class of codes, namely CSS codes which enjoy
a special position in the field of quantum information due to multiple reasons, as discussed
before.
CSS (Calderbank-Shor-Steane) codes exploit the concept of a self-dual code. Suppose C1
and C2 are [n, k1 ] and [n, k2 ] classical linear codes such that C2 ⊂ C1 and C1 and C2⊥ both
correct t errors. C2 defines an equivalence relation in C1 ; we say that u, v ∈ C1 are equivalent
(u ≡ v) if and only if there is a w in C2 such that u = v + w. The equivalence classes are the

8
cosets of C2 in C1 . The classical error-correcting properties of C1 and C2⊥ can be exploited
to detect and correct upto t bit and phase flip quantum errors!
A CSS code is a [n, k1 − k2 ] quantum code that associates a codeword with each coset. Each
element of a basis for the code subspace can be expressed as:
1 X
|wi = √ |v + wi (8)
2k2 v∈C2

an equally weighted superposition of all the words in the coset represented by w. Since there
are 2k1 −k2 cosets, the number of codewords is the same. The error correction properties of
the code simply comes down to the distinct distribution into codewords for each coset as we
will see now.
Suppose that bit-flips are represented by a vector e and phase-flips are represented by f with
both vectors containing at most t ones. this means that the overall error is given by X e Z f
with X e Z f = (1)e.f Z f X e .
A quantum operation, namely Hadamard, denoted by H used extensively in our analysis has
the following effect:

• H ⊗n |C2 i = C2⊥

• H ⊗n C2⊥ = |C2 i

• H ⊗n X e = Z e H ⊗n , and

• H ⊗n Z e = X e H ⊗n

Consider an arbitrary valid codeword (neglecting the superposition coefficients) of the CSS
code X
|wi = |v + wi (9)
v∈C2

If the errors represented by e and f occur, the state becomes


X X
X e Z f |v + wi = (1)e.f Z f |v + w + ei (10)
v∈C2 v∈C2

The syndrome detection by parity check matrix H1 of C1 using additional qubits gives
X
(1)e.f Z f |v + w + ei |H1 ei (11)
v∈C2

from which e is detected and corrected producing the state


X
Z f |v + wi (12)
v∈C2

, which can be rewritten as X


Z f X w |vi (13)
v∈C2

9
Since the only errors left now are the phase flip errors, Hadamard operation is applied to
each qubit, taking the state to
X X X
H ⊗n Z f X w |vi = X f Z w |zi = (1)w.f Z w X f |zi (14)
v∈C2 z∈C2⊥ z∈C2⊥

and so the state becomes X


(1)w.f Z w |z + f i . (15)
z∈C2⊥

Again the syndrome detection and error correction afterwards gives


X
Z w |zi (16)
z∈C2⊥

Finally, Hadamard operation is applied again taking the state to


X X X
H ⊗n Z w |zi = X w |vi = |v + wi (17)
z∈C2⊥ v∈C2 v∈C2

which is the original codeword.

5 Conclusions
In this project, various applications of group theory in classical cryptography - specifically
Diffie-Hellman and RSA protocols, and coding theory are explored. Discussions on Diffie-
Hellman and RSA usually rely on the concepts on number theory expressed in less abstract
forms. Here, we have tried to explain the same using group theory. Not only is it more
elegant this way, but it also helps in generalizing these encryption techniques making them
much more powerful. Similarly, group theory is integral to classical coding theory. These
properties are inherited by Quantum error correction codes too. Here, we have shown the
role of the same in providing robustness to a special class of quantum codes - CSS codes.

References
[1] M. A. Nielsen. I. L. Chuang, Quantum Computation and Quantum Information
[2] Joseph A. Gallian, Contemporary Abstract Algebra
[3] Vera Pless, Introduction to the Theory of Error-correcting Codes
[4] Anirban Pathak, Elements of Quantum Communication
[5] M. A. Nielsen. I. L. Chuang, Quantum Computation and Quantum Information
[6] John Preskill, Preskill Lecture Notes, Chapter 7
[7] John Watrous, Introduction to Quantum Computing (2005)

10

View publication stats

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy