All memories

Crypto's Core - A Journey Through Groups, Rings, Fields, and Quadratic Residues

 — #Cyber Security#CS Basics

Welcome back, aspiring cryptographers and mathematical explorers! We've previously touched upon essential number theory concepts like prime numbers and modular arithmetic. Now, we're venturing deeper into the mathematical landscape that forms the bedrock of modern cryptography. Understanding these structures isn't just academic; it's key to appreciating why cryptographic algorithms are secure and how they operate.

In this post, we'll review some key number theory ideas and then explore fundamental algebraic structures—groups, rings, and fields (especially finite fields)—before moving into the intriguing world of quadratic residues and the symbols used to describe them.

A Quick Recap: Essential Number Theory for Crypto

Before we build higher, let's quickly refresh two pillars we've discussed:

  • Prime Numbers: Numbers greater than 1 divisible only by 1 and themselves. Their unique properties, especially the difficulty of factoring their large products, are central to many public-key cryptosystems like RSA.
  • Modular Arithmetic: The arithmetic of remainders (e.g., 172(mod5)17 \equiv 2 \pmod 5). It provides a finite system for calculations, which is computationally convenient and essential for creating one-way functions. Operations like modular exponentiation (ak(modn)a^k \pmod n) and finding modular multiplicative inverses (aa11(modn)a \cdot a^{-1} \equiv 1 \pmod n) are workhorses in cryptography.

With these in mind, let's explore more structured mathematical environments.

Algebraic Structures: The Organized Worlds of Cryptography

Cryptographers often work within well-defined algebraic structures because they offer a rich set of properties and operations that can be leveraged for security.

1. Groups: The Foundation of Symmetry and Operations

A group is one of the most fundamental algebraic structures. It consists of a set of elements, GG, equipped with a single binary operation (let's denote it as \cdot) that satisfies four axioms:

  1. Closure: For all a,bGa, b \in G, the result of the operation, aba \cdot b, is also in GG.
  2. Associativity: For all a,b,cGa, b, c \in G, (ab)c=a(bc)(a \cdot b) \cdot c = a \cdot (b \cdot c).
  3. Identity Element: There exists an element eGe \in G (the identity element) such that for every aGa \in G, ea=ae=ae \cdot a = a \cdot e = a.
  4. Inverse Element: For each aGa \in G, there exists an element bGb \in G (the inverse of aa, often denoted a1a^{-1}) such that ab=ba=ea \cdot b = b \cdot a = e.

If the operation is also commutative (i.e., ab=baa \cdot b = b \cdot a for all a,bGa, b \in G), then the group is called an Abelian group (or commutative group).

  • Examples:
    • The set of integers Z\mathbb{Z} under addition (+) forms an Abelian group. (Identity is 0, inverse of aa is a-a).
    • The set of non-zero rational numbers Q\mathbb{Q}^* under multiplication (×\times) forms an Abelian group. (Identity is 1, inverse of aa is 1/a1/a).
    • The set of integers modulo nn, denoted Zn={0,1,,n1}\mathbb{Z}_n = \{0, 1, \ldots, n-1\}, under addition modulo nn forms an Abelian group.
    • The set of integers relatively prime to nn under multiplication modulo nn, denoted Zn\mathbb{Z}_n^*, forms an Abelian group. This group is particularly important in cryptography (e.g., in RSA).
  • Relevance to Crypto:
    • Cyclic Groups: Many cryptographic protocols, like Diffie-Hellman key exchange and Elliptic Curve Cryptography (ECC), operate within cyclic groups (groups where all elements can be generated by repeatedly applying the group operation to a single generator element). The Discrete Logarithm Problem (DLP), which is hard in certain cyclic groups, forms the security basis for these schemes.

2. Rings: Two Operations Working Together

A ring is an algebraic structure with a set RR and two binary operations, typically addition (+) and multiplication (\cdot), satisfying these properties:

  1. RR is an Abelian group under addition. (This means addition is closed, associative, commutative, has an identity element 0, and every element has an additive inverse).
  2. RR is a semigroup under multiplication. (This means multiplication is closed and associative).
  3. Multiplication is distributive over addition: For all a,b,cRa, b, c \in R:
    • a(b+c)=(ab)+(ac)a \cdot (b+c) = (a \cdot b) + (a \cdot c) (left distributivity)
    • (b+c)a=(ba)+(ca)(b+c) \cdot a = (b \cdot a) + (c \cdot a) (right distributivity)

If multiplication is also commutative, the ring is called a commutative ring. If there's a multiplicative identity element (usually denoted 1), it's a ring with unity.

  • Example: The set of integers Z\mathbb{Z} with usual addition and multiplication is a commutative ring with unity.
  • Relevance to Crypto: Polynomial rings are used in some cryptographic constructions. The structure of rings helps define operations in finite fields.

3. Fields: Where Division (Almost) Always Works

A field is a commutative ring with unity (F,+,F, +, \cdot) in which every non-zero element has a multiplicative inverse. This means:

  1. FF is an Abelian group under addition.
  2. F{0}F \setminus \{0\} (the set of non-zero elements in FF) is an Abelian group under multiplication.
  3. Multiplication is distributive over addition.

Essentially, a field is a structure where you can add, subtract, multiply, and divide (by non-zero elements) and these operations behave as expected (like with rational or real numbers).

  • Examples: The set of rational numbers Q\mathbb{Q}, real numbers R\mathbb{R}, and complex numbers C\mathbb{C} are all fields.
  • Finite Fields (Galois Fields): Fields with a finite number of elements are crucial in cryptography.
    • GF(pp) or Fp\mathbb{F}_p (where pp is a prime number): The set of integers {0,1,,p1}\{0, 1, \ldots, p-1\} with addition and multiplication performed modulo pp forms a finite field. For every non-zero element aZpa \in \mathbb{Z}_p, its multiplicative inverse a1(modp)a^{-1} \pmod p exists because pp is prime (so gcd(a,p)=1\text{gcd}(a,p)=1).
    • GF(pnp^n) or Fpn\mathbb{F}_{p^n} (where pp is prime, n1n \ge 1): These are extension fields. We previously discussed GF(2n2^n) (binary fields) in the context of AES, where elements are polynomials of degree less than nn with coefficients in GF(2) (0 or 1), and operations are polynomial addition (XOR) and polynomial multiplication modulo an irreducible polynomial of degree nn. These fields provide rich structures for cryptographic operations.

Delving into Divisibility: Quadratic Residues

Within modular arithmetic, quadratic residues play a special role in certain cryptographic schemes and number-theoretic algorithms.

Definition: Let nn be a positive integer. An integer aa is called a quadratic residue modulo nn if gcd(a,n)=1\text{gcd}(a,n)=1 and the congruence x2a(modn)x^2 \equiv a \pmod n has a solution for xx. If it has no solution, aa is a quadratic non-residue modulo nn.

We are often most interested in quadratic residues modulo an odd prime pp.

  • An integer aa is a quadratic residue modulo an odd prime pp if a≢0(modp)a \not\equiv 0 \pmod p and x2a(modp)x^2 \equiv a \pmod p has a solution.
  • Properties modulo an odd prime pp:
    • There are exactly (p1)/2(p-1)/2 quadratic residues modulo pp among the integers {1,2,,p1}\{1, 2, \ldots, p-1\}.
    • There are also exactly (p1)/2(p-1)/2 quadratic non-residues modulo pp.
  • Example: Modulo p=7p=7. The non-zero elements are {1,2,3,4,5,6}\{1,2,3,4,5,6\}. 121(mod7)1^2 \equiv 1 \pmod 7 224(mod7)2^2 \equiv 4 \pmod 7 3292(mod7)3^2 \equiv 9 \equiv 2 \pmod 7 42162(mod7)4^2 \equiv 16 \equiv 2 \pmod 7 52254(mod7)5^2 \equiv 25 \equiv 4 \pmod 7 62361(mod7)6^2 \equiv 36 \equiv 1 \pmod 7 The quadratic residues modulo 7 are {1,2,4}\{1, 2, 4\}. The quadratic non-residues are {3,5,6}\{3, 5, 6\}.
  • Relevance to Cryptography: The problem of determining whether a number is a quadratic residue (the quadratic residuosity problem) is easy, but finding the square roots modulo a composite number N=pqN=pq (where p,qp,q are unknown primes) is computationally equivalent to factoring NN. This difficulty is leveraged in cryptosystems like:
    • Goldwasser-Micali cryptosystem: A probabilistic public-key encryption scheme whose security relies on the difficulty of the quadratic residuosity problem modulo N=pqN=pq.
    • Rabin cryptosystem: Security is based on the difficulty of finding square roots modulo a composite N=pqN=pq, which is equivalent to factoring NN.

Symbolic Shortcuts for Quadratic Residuosity

To work with quadratic residues more easily, mathematicians developed symbolic notations.

1. Legendre Symbol

The Legendre symbol (ap)(\frac{a}{p}) is defined for an integer aa and an odd prime pp.

  • Definition and Values:

    • (ap)=0(\frac{a}{p}) = 0 if pap | a (i.e., a0(modp)a \equiv 0 \pmod p).
    • (ap)=1(\frac{a}{p}) = 1 if aa is a quadratic residue modulo pp (and pap \nmid a).
    • (ap)=1(\frac{a}{p}) = -1 if aa is a quadratic non-residue modulo pp (and pap \nmid a).

  • Euler's Criterion: A fundamental way to compute the Legendre symbol: (ap)a(p1)/2(modp)(\frac{a}{p}) \equiv a^{(p-1)/2} \pmod p. This provides a direct test: if a(p1)/21(modp)a^{(p-1)/2} \equiv 1 \pmod p, aa is a quadratic residue. If a(p1)/21(modp)a^{(p-1)/2} \equiv -1 \pmod p, aa is a quadratic non-residue. (This requires a≢0(modp)a \not\equiv 0 \pmod p).

  • Properties of the Legendre Symbol:

    1. If ab(modp)a \equiv b \pmod p, then (ap)=(bp)(\frac{a}{p}) = (\frac{b}{p}).
    2. (a2p)=1(\frac{a^2}{p}) = 1 if pap \nmid a.
    3. (abp)=(ap)(bp)(\frac{ab}{p}) = (\frac{a}{p})(\frac{b}{p}) (It's completely multiplicative).
    4. (1p)=1(\frac{1}{p}) = 1.
    5. (1p)=(1)(p1)/2(\frac{-1}{p}) = (-1)^{(p-1)/2}. (So 1-1 is a QR mod pp if p1(mod4)p \equiv 1 \pmod 4, and a QNR if p3(mod4)p \equiv 3 \pmod 4).
    6. (2p)=(1)(p21)/8(\frac{2}{p}) = (-1)^{(p^2-1)/8}. (So 22 is a QR mod pp if p1 or 7(mod8)p \equiv 1 \text{ or } 7 \pmod 8, and a QNR if p3 or 5(mod8)p \equiv 3 \text{ or } 5 \pmod 8).
    7. Law of Quadratic Reciprocity: For distinct odd primes pp and qq: (pq)(qp)=(1)((p1)/2)((q1)/2)(\frac{p}{q})(\frac{q}{p}) = (-1)^{((p-1)/2)((q-1)/2)}. This remarkable law relates whether pp is a residue mod qq to whether qq is a residue mod pp, and simplifies computation of Legendre symbols.

2. Jacobi Symbol

The Legendre symbol is defined only when the "denominator" pp is an odd prime. The Jacobi symbol (an)(\frac{a}{n}) generalizes this to any odd positive integer n>1n > 1.

  • Definition: Let n=p1k1p2k2pmkmn = p_1^{k_1} p_2^{k_2} \cdots p_m^{k_m} be the prime factorization of an odd integer nn. The Jacobi symbol is defined as: (an)=(ap1)k1(ap2)k2(apm)km(\frac{a}{n}) = (\frac{a}{p_1})^{k_1} (\frac{a}{p_2})^{k_2} \cdots (\frac{a}{p_m})^{k_m} where (api)(\frac{a}{p_i}) is the Legendre symbol.

  • Properties: The Jacobi symbol shares many properties with the Legendre symbol, including complete multiplicativity in the top argument, and a similar law of quadratic reciprocity.

    1. If ab(modn)a \equiv b \pmod n, then (an)=(bn)(\frac{a}{n}) = (\frac{b}{n}).
    2. (abn)=(an)(bn)(\frac{ab}{n}) = (\frac{a}{n})(\frac{b}{n}).
    3. (anm)=(an)(am)(\frac{a}{nm}) = (\frac{a}{n})(\frac{a}{m}).
    4. (1n)=1(\frac{1}{n}) = 1.
    5. (1n)=(1)(n1)/2(\frac{-1}{n}) = (-1)^{(n-1)/2}.
    6. (2n)=(1)(n21)/8(\frac{2}{n}) = (-1)^{(n^2-1)/8}.
    7. Law of Quadratic Reciprocity: For odd, coprime m,n>1m, n > 1: (mn)(nm)=(1)((m1)/2)((n1)/2)(\frac{m}{n})(\frac{n}{m}) = (-1)^{((m-1)/2)((n-1)/2)}.

  • Important Distinction: If (an)=1(\frac{a}{n}) = -1, then aa is definitely a quadratic non-residue modulo nn. However, if nn is composite and (an)=1(\frac{a}{n}) = 1, it does not necessarily mean that aa is a quadratic residue modulo nn. It could be a non-residue. For aa to be a quadratic residue modulo composite nn, it must be a quadratic residue modulo each prime factor of nn.

  • Use: The Jacobi symbol is very efficient to calculate (without needing to factor nn) using its properties, especially quadratic reciprocity. It's used in some primality tests (like the Solovay-Strassen test, though Miller-Rabin is more common) and other number-theoretic algorithms. For example, in the Solovay-Strassen primality test, a number nn is likely prime if (an)a(n1)/2(modn)(\frac{a}{n}) \equiv a^{(n-1)/2} \pmod n holds for many randomly chosen aa.

Key Takeaways

The security and functionality of many advanced cryptographic systems are not arbitrary but are deeply rooted in these mathematical concepts:

  • Groups, Rings, and Fields provide the algebraic framework, with Finite Fields (Galois Fields) like GF(pp) and GF(2n2^n) being particularly crucial for implementing ciphers like AES and protocols based on discrete logarithms.
  • Quadratic Residues introduce a source of computational hardness (determining square roots modulo a composite) that is exploited in certain cryptosystems.
  • The Legendre and Jacobi Symbols are efficient tools for determining the nature of quadratic residuosity and are used in algorithms like primality tests.

While these topics can be mathematically intensive, understanding their role gives us a profound appreciation for the ingenuity behind modern cryptography and its ability to secure our digital world.