# TROPICAL CRYPTOGRAPHY

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 TROPICAL CRYPTOGRAPHY DIMA GRIGORIEV AND VLADIMIR SHPILRAIN Abstract. We employ tropical algebras as platforms for several cryptographic schemes that would be vulnerable to linear algebra attacks were they based on usual algebras as platforms. Keywords: tropical algebra, public key exchange, encryption Mathematics subject classification: 15A80, 94A Introduction In this paper, we employ tropical algebras as platforms for several cryptographic schemes. The schemes themselves are not brand new; similar ideas were used in the classical case, i.e., for algebras with the familiar addition and multiplication. However, in the classical case these schemes were shown to be vulnerable to various linear algebra attacks. Here we make a case for using tropical algebras as platforms by using, among other things, the fact that in the tropical case, even solving systems of linear equations is computationally infeasible in general. Yet another advantage is improved efficiency because in tropical schemes, one does not have to perform any multiplications of numbers since tropical multiplication is the usual addition, see below. We start by giving some necessary information on tropical algebras here; for more details, we refer the reader to a recent monograph [2]. Consider a tropical semiring S (also known as the min-plus algebra due to the following definition). This semiring is defined as a subset of reals that contains 0 and is closed under addition, with two operations as follows: x y = min(x, y) x y = x + y. It is straightforward to see that these operations satisfy the following properties: associativity: x (y z) = (x y) z x (y z) = (x y) z. Research of the first author was partially supported by the Federal Agency of the Science and Innovations of Russia, State Contract No Research of the second author was partially supported by the NSF grants DMS and CNS

2 2 TROPICAL CRYPTOGRAPHY commutativity: x y = y x x y = y x. distributivity: (x y) z = (x z) (y z). There are some counterintuitive properties as well: x x = x x 0 = x x 0 could be either 0 or x. There is also a special ɛ-element ɛ = such that, for any x S, ɛ x = x ɛ x = ɛ. A (tropical) monomial in S looks like a usual linear function, and a tropical polynomial is the minimum of a finite number of such functions, and therefore a concave, piecewise linear function. The rules for the order in which tropical operations are performed are the same as in the classical case, see the example below. Example 1. Here is an example of a tropical monomial: x x y z z. The (tropical) degree of this monomial is 5. We note that sometimes, people use the alternative notation x 2 for x x, etc. An example of a tropical polynomial is: p(x, y, z) = 5 x y z x x 2 z 17 = (5 x y z) (x x) (2 z) 17. This polynomial has (tropical) degree 3, by the highest degree of its monomials. We note that, just as in the classical case, a tropical polynomial is canonically represented by an ordered set of tropical monomials (together with non-zero coefficients), where the order that we use here is deglex. While the operation is obviously not invertible, the operation is, and we denote the inverse of this operation by (it is just the classical subtraction): x y = z if and only if y z = x. We refer to [8] for more detailed properties of this operation; here we just mention the following properties that agree with those of the usual division: (x y) (z t) = (x z) (y t) (x y) (z t) = ((x t) (y z)) (y t). Also as in the classical case, there is an equivalence relation on the set of all expressions of the form x y: x y is equivalent to z t if and only if x t = y z. All expressions of the form x y, where x, y S, modulo the above equivalence, form a semifield (of quotients of S), which we denote by Rat(S), see [8].

3 TROPICAL CRYPTOGRAPHY Tropical matrix algebra. A tropical algebra can be used for matrix operations as well. To perform the A B operation, the elements m ij of the resulting matrix M are set to be equal to a ij b ij. The operation is similar to the usual matrix multiplication, however, every + calculation has to be substituted by a operation, and every calculation by a operation. Example 2. Example 3. ( ( ) ) ( ) ( = ( ) ( = The role of the identity matrix I is played by the matrix that has 0 s on the diagonal and elsewhere. Similarly, a scalar matrix would be a matrix with an element λ S on the diagonal and elsewhere. Such a matrix commutes with any other square matrix (of the same size). Multiplying a square matrix by a scalar amounts to multiplying it by the corresponding scalar matrix. ( ) ( ) ( ) ( ) Example 4. 2 = = Then, tropical diagonal matrices have something on the diagonal and elsewhere. We also note that, in contrast with the classical situation, it is rather rare that a tropical matrix is invertible. More specifically (see [2, p.5]), the only invertible tropical matrices are those that are obtained from a diagonal matrix by permuting rows and/or columns. 2. Key exchange using matrices over a tropical algebra We are now going to offer a key exchange protocol building on an idea of Stickel [13] who used it for matrices over usual algebras, which made his scheme vulnerable to linear algebra attacks, see e.g. [11]. Since we believe that Stickel s idea itself has a good potential, we suggest here to use matrices over a tropical algebra as the platform for his scheme, in order to prevent linear algebra attacks. We start by recalling the original Stickel s protocol. Let G be a public noncommutative semigroup, a, b G public elements such that ab ba. The key exchange protocol goes as follows Protocol 1 [13]. (1) Alice picks two random natural numbers n, m and sends u = a n b m to Bob. (2) Bob picks two random natural numbers r, s and sends v = a r b s to Alice. (3) Alice computes K A = a n vb m = a n+r b m+s. (4) Bob computes K B = a r ub s = a n+r b m+s. Thus, Alice and Bob end up with the same group element K = K A = K B which can serve as the shared secret key. This can be generalized if the platform is not just a semigroup, but a ring (actually, a semiring would suffice): ). ).

4 4 TROPICAL CRYPTOGRAPHY 2.2. Protocol 2 [6, 11]. Let R be a public non-commutative ring (or a semiring), a, b R public elements such that ab ba. (1) Alice picks two random polynomials p 1 (x), p 2 (x) (say, with positive integer coefficients) and sends p 1 (a) p 2 (b) to Bob. (2) Bob picks two random polynomials q 1 (x), q 2 (x) and sends q 1 (a) q 2 (b) to Alice. (3) Alice computes K A = p 1 (a) (q 1 (a) q 2 (b)) p 2 (b). (4) Bob computes K B = q 1 (a) (p 1 (a) p 2 (b)) q 2 (b). Thus, since p 1 (a) q 1 (a) = q 1 (a) p 1 (a) and p 2 (b) q 2 (b) = q 2 (b) p 2 (b), Alice and Bob end up with the same element K = K A = K B which can serve as the shared secret key. It is Protocol 2 that we propose to adopt in the tropical situation Protocol 3 (tropical). Let R be the tropical algebra of n n matrices over integers, and let A, B R be public matrices such that A B B A. (1) Alice picks two random tropical polynomials p 1 (x), p 2 (x) (with integer coefficients) and sends p 1 (A) p 2 (B) to Bob. (2) Bob picks two random tropical polynomials q 1 (x), q 2 (x) and sends q 1 (A) q 2 (B) to Alice. (3) Alice computes K A = p 1 (A) (q 1 (A) q 2 (B)) p 2 (B). (4) Bob computes K B = q 1 (A) (p 1 (A) p 2 (B)) q 2 (B). Thus, since p 1 (A) q 1 (A) = q 1 (A) p 1 (A) and p 2 (B) q 2 (B) = q 2 (B) p 2 (B), Alice and Bob end up with the same element K = K A = K B which can serve as the shared secret key What are the advantages of the tropical Protocol 3 over classical Protocols 1 and 2? One obvious advantage is improved efficiency because when multiplying matrices in the tropical sense, one does not have to perform any multiplications of numbers since tropical multiplication is the usual addition. To compare security, we briefly recall a linear algebra attack [11] on Stickel s original protocol (Protocol 1), where G was a group of invertible matrices over a field. In that case, to recover a shared key K, it is not necessary to find the exponents n, m, r, or s. Instead, as was shown in [11], it is sufficient for the adversary to find matrices x and y such that xa = ax, yb = by, and xu = y. (Here x corresponds to a n, while y corresponds to b m.) These conditions translate into a system of 3k 2 linear equations with 2k 2 unknowns, where k is the size of the matrices. This typically yields a unique solution (according to computer experiments of [11] and [10]), which can be efficiently found if the matrices are considered over a field. We note that in [10], a more sophisticated attack on a more general Protocol 2 was offered. This attack applies to not necessarily invertible matrices over a field. In the tropical situation (Protocol 3), however, a linear algebra attack will not work, for several reasons:

5 TROPICAL CRYPTOGRAPHY 5 (1) Matrices are generically not invertible, so the equation XY = U with known U and unknown X, Y does not translate into a system of linear equations. (2) The equations XA = AX, Y B = BY do translate into a system of linear equations, which may be called a two-sided min-linear system, following [2]. In [1], it is shown that the problem of solving such systems is in the class NP Co NP (there is a belief that it does not belong to the class P). We refer to [2] for a comprehensive exposition of what is known concerning existing algorithms for solving two-sided min-linear systems and their complexity. Here we just say that, while it is known how to find one of the solutions of a system (if a solution exists), there is no known efficient method for describing the linear space of all solutions, in contrast with the classical situation Parameters and key generation. Here we suggest values of the parameters involved in the description of our Protocol 3. The size of matrices n = 10. The entries of the public matrices A, B are integers, selected uniformly randomly in the range [ 10 10, ]. The degrees of the tropical polynomials p 1 (x), p 2 (x), q 1 (x), q 2 (x) are selected uniformly randomly in the range [1, 10]. The coefficients of the above tropical polynomials are selected uniformly randomly in the range [ 1000, 1000]. With these parameters, the size of the key space (for private tropical polynomials) is approximately Encryption using birational automorphisms of a tropical polynomial algebra In this section, we describe a public key encryption scheme that would be susceptible to a linear algebra attack in the classical case (cf. [9], [4]), but not in the tropical case. Let P = Rat[x 1,..., x n ] be the quotient semifield of a tropical polynomial algebra over Z The protocol. There is a public automorphism α Aut(P ) given as a tuple of tropical rational functions (α(x 1 ),..., α(x n )). Alice s private key is α 1. Note that α is also a bijection of the set Z n, i.e., it is a one-to-one map of the set of all n-tuples of integers onto itself. We will use the same notation α for an automorphism of P and for the corresponding bijection of Z n, hoping this will not cause a confusion. (1) Bob s secret message is a tuple of integers s = (s 1,..., s n ) Z n. Bob encrypts his tuple by applying the public automorphism α: E α (s) = α(s 1,..., s n ). (2) Alice decrypts by applying her private α 1 to the tuple E α (s): α 1 (E α (s)) = s = (s 1,..., s n ).

6 6 TROPICAL CRYPTOGRAPHY 3.2. Key generation. The crucial ingredient in this scheme is, of course, generating the public key α Aut(P ). Alice can generate her automorphism α as a product of monomial automorphisms on the set of variables {x 1,..., x n } and triangular automorphisms of the form ϕ : x i x i p i (x i+1,..., x n ), 1 i n, where p i P = Rat[x 1,..., x n ]. Each triangular automorphism, in turn, is a product of elementary triangular automorphisms; these are of the form The inverse of such a τ is τ : x j x j q j (x j+1,..., x n ), x k x k, k j. τ 1 : x j x j (q j (x j+1,..., x n )), x k x k, k j, where q j P. Monomial automorphisms are analogs of linear automorphisms in the classical situation; they are of the form µ : x i b i x a i1 1 x a in where b i are finite coefficients (i.e., b i ), and the matrix A = (a ij ) of integer exponents is invertible in the classical sense. We note, in passing, that a question of independent interest (independent of cryptographic applications) is: n, Problem 1. Is every automorphism of P = Rat[x 1,..., x n ], the quotient semifield of a tropical polynomial algebra over Z, a product of triangular and monomial automorphisms? 3.3. Parameters. We suggest the following parameters. The number n of variables in the platform tropical polynomial algebra: 10. The number of triangular automorphisms in a product for α: 2. The number of monomial automorphisms: 3. More specifically, Alice generates her α in the following form: α = µ 1 ϕ 1 µ 2 ϕ 2 µ 3, where ϕ 1, ϕ 2 are triangular automorphisms, and µ 1, µ 2, µ 3 are monomial automorphisms. The tropical degrees of all q j are equal to 2. The coefficients of the above tropical polynomials q j are selected uniformly randomly in the range [ 10, 10]. Remark 1. Alice can obtain the inverse of α as the product of inverses of the automorphisms ϕ i and µ i, in the reverse order. However, Alice does not have to compute an explicit expression for α 1 ; this computation may not be efficient since the degree of α 1 may be substantially greater than the degree of α. In our protocol, Alice has to

7 TROPICAL CRYPTOGRAPHY 7 apply α 1 to a particular point in Z n ; efficient way of doing this is to first apply µ 1 then apply ϕ 1 2 to the obtained point, etc. Remark 2. There is a ramification of the above protocol, where Bob s secret message is a tropical polynomial u, instead of a point in Z n. (Note that the result of encrypting u will be, in general, an element of P = Rat[x 1,..., x n ].) In this ramification, decryption is going to have a much higher computational complexity because Alice would have to compute an explicit expression for α 1 (cf. the previous remark). On the other hand, encryption in this case is going to be homomorphic (in the tropical sense) because α(u 1 u 2 ) = α(u 1 ) α(u 2 ) and α(u 1 u 2 ) = α(u 1 ) α(u 2 ). For examples of homomorphic encryption in the classical case see e.g. [5] or [7]. Remark 3. One can consider an encryption protocol, similar to the one above, also in the classical case. As we have already pointed out, polynomial automorphisms were employed in a similar context in [9], but birational automorphisms have not been used for cryptographic purposes before, to the best of our knowledge Possible attacks. There are the following two attacks that adversary may attempt. (1) Trying to compute α 1 from the public automorphism α. The problem with this attack is that the degree of α 1 may be exponentially greater than the degree of α, which makes any commonly used attack (e.g. a linear algebra attack) infeasible. (2) Trying to recover Bob s secret message s from α(s). This translates into a system of tropical polynomial equations; solving such a system is an NP-hard problem, as we show in the following proposition. Proposition 1. The problem of solving systems of tropical polynomial equations is NP-hard. Before getting to the proof, we note that for a closely related, but different, problem of emptiness of a tropical variety NP-completeness was established in [14]. Proof. We show how to reduce the SAT problem to the problem of solving a system of tropical polynomial equations. Recall that the SAT (for SATisfiability) problem is a decision problem, whose instance is a Boolean expression written using only AND, OR, NOT, variables, and parentheses. The question is: given the expression, is there some assignment of TRUE (=1) and FALSE (=0) values to the variables that will make the entire expression true? A formula of propositional logic is said to be satisfiable if logical values can be assigned to its variables in a way that makes the formula true. The Boolean satisfiability problem is NP-complete [3]. The problem remains NP-complete even if all expressions are written in conjunctive normal form with 3 variables per clause (3-CNF), yielding the 3-SAT problem. Suppose now we have a 3-CNF, and we are going to build (in time polynomial in the number of clauses) a system of tropical polynomial equations that has a solution if and only if the given 3-CNF is satisfiable. Denote Boolean variables in the given 3-CNF by u i. In our tropical system, we are going to have two kinds of variables: those 3,

8 8 TROPICAL CRYPTOGRAPHY corresponding to literals u i will be denoted by x i, and those corresponding to literals u i will be denoted by y i. First of all, we include in our tropical system all equations of the form x i y i = 1, for all i. Now suppose we have a clause with 3 literals, for example, u i u j u k. To this clause, we correspond the following tropical polynomial equation: y i x j x k = 0. Obviously, the above clause is TRUE if and only if either u i = 1, or u j = 0, or u k = 0. If u i = 1, then y i = 0, and our tropical equation is satisfied. If, say, u j = 1, then x j = 0, and again our tropical equation is satisfied. This shows that if a given 3-CNF is satisfiable, then our tropical equation has a solution. If, on the other hand, our tropical equation has a solution, that means either y i = 0, or x j = 0, or x k = 0. In any case, the given clause is easily seen to be TRUE upon corresponding u i to x i and u i to y i. (Note that if, say, y i = 0, then, since we also have the equation x i y i = 1, x i should be equal to 1.) Having thus built a tropical equation for each clause in the given 3-CNF, we end up with a system of tropical polynomial equations that corresponds to the whole 3-CNF, which is solvable if and only if the given 3-CNF is satisfiable. This completes the proof. Acknowledgement. Both authors are grateful to Max Planck Institut für Mathematik, Bonn for its hospitality during the work on this paper. References [1] M. Bezem, R. Nieuwenhuis, E. Rodrguez-Carbonell, Hard problems in maxalgebra, control theory, hypergraphs and other areas, Information Processing Letters 110(4) (2010), [2] P. Butkovic, Max-linear systems: theory and algorithms, Springer-Verlag London, [3] M. Garey, J. Johnson, Computers and Intractability, A Guide to NP-Completeness, W. H. Freeman, [4] L. Goubin, N. Courtois, Cryptanalysis of the TTM cryptosystem, in: ASIACRYPT 2000, Lecture Notes in Comput. Sci (2000), [5] D. Grigoriev, I. Ponomarenko, Constructions in public-key cryptography over matrix groups, Contemp. Math., Amer. Math. Soc. 418 (2006), [6] G. Maze, C. Monico, J. Rosenthal, Public key cryptography based on semigroup actions, Advances in Mathematics of Communications 4 (2007), [7] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC-Press [8] G. Mikhalkin, Tropical geometry, in preparation. [9] T. Moh, A public key system with signature and master key functions, Comm. Algebra 27 (1999), [10] C. Mullan, Cryptanalysing variants of Stickel s key agreement scheme, preprint. [11] V. Shpilrain, Cryptanalysis of Stickel s key exchange scheme, in: Computer Science in Russia 2008, Lecture Notes Comp. Sc (2008),

9 TROPICAL CRYPTOGRAPHY 9 [12] R. Steinwandt and A. Suárez Corona, Cryptanalysis of a 2-party key establishment based on a semigroup action problem, Advances in Mathematics of Communications 5 (2011), [13] E. Stickel, A New Method for Exchanging Secret Keys. In: Proc. of the Third International Conference on Information Technology and Applications (ICITA05) 2 (2005), [14] T. Theobald, On the frontiers of polynomial computations in tropical geometry, J. Symbolic Comput. 41 (2006), CNRS, Mathématiques, Université de Lille, 59655, Villeneuve d Ascq, France address: Department of Mathematics, The City College of New York, New York, NY address:

### Mathematics of Cryptography

CHAPTER 2 Mathematics of Cryptography Part I: Modular Arithmetic, Congruence, and Matrices Objectives This chapter is intended to prepare the reader for the next few chapters in cryptography. The chapter

### NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

### MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS Systems of Equations and Matrices Representation of a linear system The general system of m equations in n unknowns can be written a x + a 2 x 2 + + a n x n b a

### Matrix Algebra. Some Basic Matrix Laws. Before reading the text or the following notes glance at the following list of basic matrix algebra laws.

Matrix Algebra A. Doerr Before reading the text or the following notes glance at the following list of basic matrix algebra laws. Some Basic Matrix Laws Assume the orders of the matrices are such that

### a 11 x 1 + a 12 x 2 + + a 1n x n = b 1 a 21 x 1 + a 22 x 2 + + a 2n x n = b 2.

Chapter 1 LINEAR EQUATIONS 1.1 Introduction to linear equations A linear equation in n unknowns x 1, x,, x n is an equation of the form a 1 x 1 + a x + + a n x n = b, where a 1, a,..., a n, b are given

### MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS. + + x 2. x n. a 11 a 12 a 1n b 1 a 21 a 22 a 2n b 2 a 31 a 32 a 3n b 3. a m1 a m2 a mn b m

MATRIX ALGEBRA AND SYSTEMS OF EQUATIONS 1. SYSTEMS OF EQUATIONS AND MATRICES 1.1. Representation of a linear system. The general system of m equations in n unknowns can be written a 11 x 1 + a 12 x 2 +

### 4. MATRICES Matrices

4. MATRICES 170 4. Matrices 4.1. Definitions. Definition 4.1.1. A matrix is a rectangular array of numbers. A matrix with m rows and n columns is said to have dimension m n and may be represented as follows:

### UNIT 2 MATRICES - I 2.0 INTRODUCTION. Structure

UNIT 2 MATRICES - I Matrices - I Structure 2.0 Introduction 2.1 Objectives 2.2 Matrices 2.3 Operation on Matrices 2.4 Invertible Matrices 2.5 Systems of Linear Equations 2.6 Answers to Check Your Progress

### December 4, 2013 MATH 171 BASIC LINEAR ALGEBRA B. KITCHENS

December 4, 2013 MATH 171 BASIC LINEAR ALGEBRA B KITCHENS The equation 1 Lines in two-dimensional space (1) 2x y = 3 describes a line in two-dimensional space The coefficients of x and y in the equation

### Linear Algebra Notes for Marsden and Tromba Vector Calculus

Linear Algebra Notes for Marsden and Tromba Vector Calculus n-dimensional Euclidean Space and Matrices Definition of n space As was learned in Math b, a point in Euclidean three space can be thought of

### ORDERS OF ELEMENTS IN A GROUP

ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since

### Inverses. Stephen Boyd. EE103 Stanford University. October 27, 2015

Inverses Stephen Boyd EE103 Stanford University October 27, 2015 Outline Left and right inverses Inverse Solving linear equations Examples Pseudo-inverse Left and right inverses 2 Left inverses a number

### MATH 304 Linear Algebra Lecture 8: Inverse matrix (continued). Elementary matrices. Transpose of a matrix.

MATH 304 Linear Algebra Lecture 8: Inverse matrix (continued). Elementary matrices. Transpose of a matrix. Inverse matrix Definition. Let A be an n n matrix. The inverse of A is an n n matrix, denoted

### (a) The transpose of a lower triangular matrix is upper triangular, and the transpose of an upper triangular matrix is lower triangular.

Theorem.7.: (Properties of Triangular Matrices) (a) The transpose of a lower triangular matrix is upper triangular, and the transpose of an upper triangular matrix is lower triangular. (b) The product

### Basic Properties of Rings

Basic Properties of Rings A ring is an algebraic structure with an addition operation and a multiplication operation. These operations are required to satisfy many (but not all!) familiar properties. Some

### COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS

Bull Austral Math Soc 77 (2008), 31 36 doi: 101017/S0004972708000038 COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS IGOR V EROVENKO and B SURY (Received 12 April 2007) Abstract We compute

### Solving Linear Systems, Continued and The Inverse of a Matrix

, Continued and The of a Matrix Calculus III Summer 2013, Session II Monday, July 15, 2013 Agenda 1. The rank of a matrix 2. The inverse of a square matrix Gaussian Gaussian solves a linear system by reducing

### COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS

COMMUTATIVITY DEGREES OF WREATH PRODUCTS OF FINITE ABELIAN GROUPS IGOR V. EROVENKO AND B. SURY ABSTRACT. We compute commutativity degrees of wreath products A B of finite abelian groups A and B. When B

### University of Lille I PC first year list of exercises n 7. Review

University of Lille I PC first year list of exercises n 7 Review Exercise Solve the following systems in 4 different ways (by substitution, by the Gauss method, by inverting the matrix of coefficients

### Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

### Elementary Number Theory We begin with a bit of elementary number theory, which is concerned

CONSTRUCTION OF THE FINITE FIELDS Z p S. R. DOTY Elementary Number Theory We begin with a bit of elementary number theory, which is concerned solely with questions about the set of integers Z = {0, ±1,

### NOTES on LINEAR ALGEBRA 1

School of Economics, Management and Statistics University of Bologna Academic Year 205/6 NOTES on LINEAR ALGEBRA for the students of Stats and Maths This is a modified version of the notes by Prof Laura

### B such that AB = I and BA = I. (We say B is an inverse of A.) Definition A square matrix A is invertible (or nonsingular) if matrix

Matrix inverses Recall... Definition A square matrix A is invertible (or nonsingular) if matrix B such that AB = and BA =. (We say B is an inverse of A.) Remark Not all square matrices are invertible.

### 3. Applications of Number Theory

3. APPLICATIONS OF NUMBER THEORY 163 3. Applications of Number Theory 3.1. Representation of Integers. Theorem 3.1.1. Given an integer b > 1, every positive integer n can be expresses uniquely as n = a

### MATH 304 Linear Algebra Lecture 4: Matrix multiplication. Diagonal matrices. Inverse matrix.

MATH 304 Linear Algebra Lecture 4: Matrix multiplication. Diagonal matrices. Inverse matrix. Matrices Definition. An m-by-n matrix is a rectangular array of numbers that has m rows and n columns: a 11

### Linear Dependence Tests

Linear Dependence Tests The book omits a few key tests for checking the linear dependence of vectors. These short notes discuss these tests, as well as the reasoning behind them. Our first test checks

### Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices. A Biswas, IT, BESU SHIBPUR

Mathematics of Cryptography Modular Arithmetic, Congruence, and Matrices A Biswas, IT, BESU SHIBPUR McGraw-Hill The McGraw-Hill Companies, Inc., 2000 Set of Integers The set of integers, denoted by Z,

### 1. LINEAR EQUATIONS. A linear equation in n unknowns x 1, x 2,, x n is an equation of the form

1. LINEAR EQUATIONS A linear equation in n unknowns x 1, x 2,, x n is an equation of the form a 1 x 1 + a 2 x 2 + + a n x n = b, where a 1, a 2,..., a n, b are given real numbers. For example, with x and

### Determinants. Dr. Doreen De Leon Math 152, Fall 2015

Determinants Dr. Doreen De Leon Math 52, Fall 205 Determinant of a Matrix Elementary Matrices We will first discuss matrices that can be used to produce an elementary row operation on a given matrix A.

### Notes on Determinant

ENGG2012B Advanced Engineering Mathematics Notes on Determinant Lecturer: Kenneth Shum Lecture 9-18/02/2013 The determinant of a system of linear equations determines whether the solution is unique, without

### Cryptography ALICE BOB DECRYPT ENCRYPT OSCAR

Cryptography What is cryptography? Formal Definition: The art or science concerning the principles, means, and methods for rendering plain information unintelligible, and for restoring encrypted information

### Outline. Cryptography. Bret Benesh. Math 331

Outline 1 College of St. Benedict/St. John s University Department of Mathematics Math 331 2 3 The internet is a lawless place, and people have access to all sorts of information. What is keeping people

### Math Review. for the Quantitative Reasoning Measure of the GRE revised General Test

Math Review for the Quantitative Reasoning Measure of the GRE revised General Test www.ets.org Overview This Math Review will familiarize you with the mathematical skills and concepts that are important

### Solving Systems of Linear Equations. Substitution

Solving Systems of Linear Equations There are two basic methods we will use to solve systems of linear equations: Substitution Elimination We will describe each for a system of two equations in two unknowns,

### Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

### Linear Maps. Isaiah Lankham, Bruno Nachtergaele, Anne Schilling (February 5, 2007)

MAT067 University of California, Davis Winter 2007 Linear Maps Isaiah Lankham, Bruno Nachtergaele, Anne Schilling (February 5, 2007) As we have discussed in the lecture on What is Linear Algebra? one of

### DETERMINANTS. b 2. x 2

DETERMINANTS 1 Systems of two equations in two unknowns A system of two equations in two unknowns has the form a 11 x 1 + a 12 x 2 = b 1 a 21 x 1 + a 22 x 2 = b 2 This can be written more concisely in

### Math 313 Lecture #10 2.2: The Inverse of a Matrix

Math 1 Lecture #10 2.2: The Inverse of a Matrix Matrix algebra provides tools for creating many useful formulas just like real number algebra does. For example, a real number a is invertible if there is

### Practical Cryptanalysis of SFLASH

Practical Cryptanalysis of SFLASH Vivien Dubois 1, Pierre-Alain Fouque 1, Adi Shamir 1,2, and Jacques Stern 1 1 École normale supérieure Département d Informatique 45, rue d Ulm 75230 Paris cedex 05, France

### Chapter 8. Matrices II: inverses. 8.1 What is an inverse?

Chapter 8 Matrices II: inverses We have learnt how to add subtract and multiply matrices but we have not defined division. The reason is that in general it cannot always be defined. In this chapter, we

### Cofactor Expansion: Cramer s Rule

Cofactor Expansion: Cramer s Rule MATH 322, Linear Algebra I J. Robert Buchanan Department of Mathematics Spring 2015 Introduction Today we will focus on developing: an efficient method for calculating

### Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

### GENERATING SETS KEITH CONRAD

GENERATING SETS KEITH CONRAD 1 Introduction In R n, every vector can be written as a unique linear combination of the standard basis e 1,, e n A notion weaker than a basis is a spanning set: a set of vectors

### Solving Linear Diophantine Matrix Equations Using the Smith Normal Form (More or Less)

Solving Linear Diophantine Matrix Equations Using the Smith Normal Form (More or Less) Raymond N. Greenwell 1 and Stanley Kertzner 2 1 Department of Mathematics, Hofstra University, Hempstead, NY 11549

### MATH 304 Linear Algebra Lecture 9: Subspaces of vector spaces (continued). Span. Spanning set.

MATH 304 Linear Algebra Lecture 9: Subspaces of vector spaces (continued). Span. Spanning set. Vector space A vector space is a set V equipped with two operations, addition V V (x,y) x + y V and scalar

### Cryptography. Course 2: attacks against RSA. Jean-Sébastien Coron. September 26, Université du Luxembourg

Course 2: attacks against RSA Université du Luxembourg September 26, 2010 Attacks against RSA Factoring Equivalence between factoring and breaking RSA? Mathematical attacks Attacks against plain RSA encryption

### Inverses and powers: Rules of Matrix Arithmetic

Contents 1 Inverses and powers: Rules of Matrix Arithmetic 1.1 What about division of matrices? 1.2 Properties of the Inverse of a Matrix 1.2.1 Theorem (Uniqueness of Inverse) 1.2.2 Inverse Test 1.2.3

### IRREDUCIBLE OPERATOR SEMIGROUPS SUCH THAT AB AND BA ARE PROPORTIONAL. 1. Introduction

IRREDUCIBLE OPERATOR SEMIGROUPS SUCH THAT AB AND BA ARE PROPORTIONAL R. DRNOVŠEK, T. KOŠIR Dedicated to Prof. Heydar Radjavi on the occasion of his seventieth birthday. Abstract. Let S be an irreducible

### Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan

Arkansas Tech University MATH 4033: Elementary Modern Algebra Dr. Marcel B. Finan 3 Binary Operations We are used to addition and multiplication of real numbers. These operations combine two real numbers

### LECTURE 1 I. Inverse matrices We return now to the problem of solving linear equations. Recall that we are trying to find x such that IA = A

LECTURE I. Inverse matrices We return now to the problem of solving linear equations. Recall that we are trying to find such that A = y. Recall: there is a matri I such that for all R n. It follows that

### Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### Matrix Algebra 2.3 CHARACTERIZATIONS OF INVERTIBLE MATRICES Pearson Education, Inc.

2 Matrix Algebra 2.3 CHARACTERIZATIONS OF INVERTIBLE MATRICES Theorem 8: Let A be a square matrix. Then the following statements are equivalent. That is, for a given A, the statements are either all true

### Chapter 1 - Matrices & Determinants

Chapter 1 - Matrices & Determinants Arthur Cayley (August 16, 1821 - January 26, 1895) was a British Mathematician and Founder of the Modern British School of Pure Mathematics. As a child, Cayley enjoyed

### (Notice also that this set is CLOSED, but does not have an IDENTITY and therefore also does not have the INVERSE PROPERTY.)

Definition 3.1 Group Suppose the binary operation p is defined for elements of the set G. Then G is a group with respect to p provided the following four conditions hold: 1. G is closed under p. That is,

### 15.062 Data Mining: Algorithms and Applications Matrix Math Review

.6 Data Mining: Algorithms and Applications Matrix Math Review The purpose of this document is to give a brief review of selected linear algebra concepts that will be useful for the course and to develop

### The Inverse of a Matrix

The Inverse of a Matrix 7.4 Introduction In number arithmetic every number a ( 0) has a reciprocal b written as a or such that a ba = ab =. Some, but not all, square matrices have inverses. If a square

### Using row reduction to calculate the inverse and the determinant of a square matrix

Using row reduction to calculate the inverse and the determinant of a square matrix Notes for MATH 0290 Honors by Prof. Anna Vainchtein 1 Inverse of a square matrix An n n square matrix A is called invertible

### The basic unit in matrix algebra is a matrix, generally expressed as: a 11 a 12. a 13 A = a 21 a 22 a 23

(copyright by Scott M Lynch, February 2003) Brief Matrix Algebra Review (Soc 504) Matrix algebra is a form of mathematics that allows compact notation for, and mathematical manipulation of, high-dimensional

### An Introduction to Galois Fields and Reed-Solomon Coding

An Introduction to Galois Fields and Reed-Solomon Coding James Westall James Martin School of Computing Clemson University Clemson, SC 29634-1906 October 4, 2010 1 Fields A field is a set of elements on

### Inner Product Spaces

Math 571 Inner Product Spaces 1. Preliminaries An inner product space is a vector space V along with a function, called an inner product which associates each pair of vectors u, v with a scalar u, v, and

### Rules for Exponents and the Reasons for Them

Print this page Chapter 6 Rules for Exponents and the Reasons for Them 6.1 INTEGER POWERS AND THE EXPONENT RULES Repeated addition can be expressed as a product. For example, Similarly, repeated multiplication

### Solving Systems of Linear Equations

LECTURE 5 Solving Systems of Linear Equations Recall that we introduced the notion of matrices as a way of standardizing the expression of systems of linear equations In today s lecture I shall show how

### Diagonal, Symmetric and Triangular Matrices

Contents 1 Diagonal, Symmetric Triangular Matrices 2 Diagonal Matrices 2.1 Products, Powers Inverses of Diagonal Matrices 2.1.1 Theorem (Powers of Matrices) 2.2 Multiplying Matrices on the Left Right by

### Appendix A. Appendix. A.1 Algebra. Fields and Rings

Appendix A Appendix A.1 Algebra Algebra is the foundation of algebraic geometry; here we collect some of the basic algebra on which we rely. We develop some algebraic background that is needed in the text.

### Similarity and Diagonalization. Similar Matrices

MATH022 Linear Algebra Brief lecture notes 48 Similarity and Diagonalization Similar Matrices Let A and B be n n matrices. We say that A is similar to B if there is an invertible n n matrix P such that

### MODULAR ARITHMETIC KEITH CONRAD

MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic

### 6. Cholesky factorization

6. Cholesky factorization EE103 (Fall 2011-12) triangular matrices forward and backward substitution the Cholesky factorization solving Ax = b with A positive definite inverse of a positive definite matrix

### MATH 240 Fall, Chapter 1: Linear Equations and Matrices

MATH 240 Fall, 2007 Chapter Summaries for Kolman / Hill, Elementary Linear Algebra, 9th Ed. written by Prof. J. Beachy Sections 1.1 1.5, 2.1 2.3, 4.2 4.9, 3.1 3.5, 5.3 5.5, 6.1 6.3, 6.5, 7.1 7.3 DEFINITIONS

### Matrix Algebra and Applications

Matrix Algebra and Applications Dudley Cooke Trinity College Dublin Dudley Cooke (Trinity College Dublin) Matrix Algebra and Applications 1 / 49 EC2040 Topic 2 - Matrices and Matrix Algebra Reading 1 Chapters

### Data Encryption A B C D E F G H I J K L M N O P Q R S T U V W X Y Z. we would encrypt the string IDESOFMARCH as follows:

Data Encryption Encryption refers to the coding of information in order to keep it secret. Encryption is accomplished by transforming the string of characters comprising the information to produce a new

### SYSTEMS OF EQUATIONS AND MATRICES WITH THE TI-89. by Joseph Collison

SYSTEMS OF EQUATIONS AND MATRICES WITH THE TI-89 by Joseph Collison Copyright 2000 by Joseph Collison All rights reserved Reproduction or translation of any part of this work beyond that permitted by Sections

### Linear Algebra I. Ronald van Luijk, 2012

Linear Algebra I Ronald van Luijk, 2012 With many parts from Linear Algebra I by Michael Stoll, 2007 Contents 1. Vector spaces 3 1.1. Examples 3 1.2. Fields 4 1.3. The field of complex numbers. 6 1.4.

Hill Cipher Project K80TTQ1EP-??,VO.L,XU0H5BY,_71ZVPKOE678_X,N2Y-8HI4VS,,6Z28DDW5N7ADY013 Directions: Answer all numbered questions completely. Show non-trivial work in the space provided. Non-computational

### The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm

The RSA Algorithm: A Mathematical History of the Ubiquitous Cryptological Algorithm Maria D. Kelly December 7, 2009 Abstract The RSA algorithm, developed in 1977 by Rivest, Shamir, and Adlemen, is an algorithm

### 5.1 Commutative rings; Integral Domains

5.1 J.A.Beachy 1 5.1 Commutative rings; Integral Domains from A Study Guide for Beginner s by J.A.Beachy, a supplement to Abstract Algebra by Beachy / Blair 23. Let R be a commutative ring. Prove the following

### ECE 842 Report Implementation of Elliptic Curve Cryptography

ECE 842 Report Implementation of Elliptic Curve Cryptography Wei-Yang Lin December 15, 2004 Abstract The aim of this report is to illustrate the issues in implementing a practical elliptic curve cryptographic

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### NOTES ON LINEAR TRANSFORMATIONS

NOTES ON LINEAR TRANSFORMATIONS Definition 1. Let V and W be vector spaces. A function T : V W is a linear transformation from V to W if the following two properties hold. i T v + v = T v + T v for all

### Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

### 1 Orthogonal projections and the approximation

Math 1512 Fall 2010 Notes on least squares approximation Given n data points (x 1, y 1 ),..., (x n, y n ), we would like to find the line L, with an equation of the form y = mx + b, which is the best fit

### Explicit inverses of some tridiagonal matrices

Linear Algebra and its Applications 325 (2001) 7 21 wwwelseviercom/locate/laa Explicit inverses of some tridiagonal matrices CM da Fonseca, J Petronilho Depto de Matematica, Faculdade de Ciencias e Technologia,

### Algebraic expressions are a combination of numbers and variables. Here are examples of some basic algebraic expressions.

Page 1 of 13 Review of Linear Expressions and Equations Skills involving linear equations can be divided into the following groups: Simplifying algebraic expressions. Linear expressions. Solving linear

### The Inverse of a Square Matrix

These notes closely follow the presentation of the material given in David C Lay s textbook Linear Algebra and its Applications (3rd edition) These notes are intended primarily for in-class presentation

### Additional Topics in Linear Algebra Supplementary Material for Math 540. Joseph H. Silverman

Additional Topics in Linear Algebra Supplementary Material for Math 540 Joseph H Silverman E-mail address: jhs@mathbrownedu Mathematics Department, Box 1917 Brown University, Providence, RI 02912 USA Contents

### Math 223 Abstract Algebra Lecture Notes

Math 223 Abstract Algebra Lecture Notes Steven Tschantz Spring 2001 (Apr. 23 version) Preamble These notes are intended to supplement the lectures and make up for the lack of a textbook for the course

### Modular arithmetic. x ymodn if x = y +mn for some integer m. p. 1/??

p. 1/?? Modular arithmetic Much of modern number theory, and many practical problems (including problems in cryptography and computer science), are concerned with modular arithmetic. While this is probably

### Sec 4.1 Vector Spaces and Subspaces

Sec 4. Vector Spaces and Subspaces Motivation Let S be the set of all solutions to the differential equation y + y =. Let T be the set of all 2 3 matrices with real entries. These two sets share many common

### ModuMath Algebra Lessons

ModuMath Algebra Lessons Program Title 1 Getting Acquainted With Algebra 2 Order of Operations 3 Adding & Subtracting Algebraic Expressions 4 Multiplying Polynomials 5 Laws of Algebra 6 Solving Equations

### I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

I GROUPS: BASIC DEFINITIONS AND EXAMPLES Definition 1: An operation on a set G is a function : G G G Definition 2: A group is a set G which is equipped with an operation and a special element e G, called

### MATH10212 Linear Algebra. Systems of Linear Equations. Definition. An n-dimensional vector is a row or a column of n numbers (or letters): a 1.

MATH10212 Linear Algebra Textbook: D. Poole, Linear Algebra: A Modern Introduction. Thompson, 2006. ISBN 0-534-40596-7. Systems of Linear Equations Definition. An n-dimensional vector is a row or a column

### EULER S THEOREM. 1. Introduction Fermat s little theorem is an important property of integers to a prime modulus. a p 1 1 mod p.

EULER S THEOREM KEITH CONRAD. Introduction Fermat s little theorem is an important property of integers to a prime modulus. Theorem. (Fermat). For prime p and any a Z such that a 0 mod p, a p mod p. If

### SECTION 8.3: THE INVERSE OF A SQUARE MATRIX

(Section 8.3: The Inverse of a Square Matrix) 8.47 SECTION 8.3: THE INVERSE OF A SQUARE MATRIX PART A: (REVIEW) THE INVERSE OF A REAL NUMBER If a is a nonzero real number, then aa 1 = a 1 a = 1. a 1, or

### Geometric Transformations

Geometric Transformations Definitions Def: f is a mapping (function) of a set A into a set B if for every element a of A there exists a unique element b of B that is paired with a; this pairing is denoted

### MathQuest: Linear Algebra. 1. Which of the following matrices does not have an inverse?

MathQuest: Linear Algebra Matrix Inverses 1. Which of the following matrices does not have an inverse? 1 2 (a) 3 4 2 2 (b) 4 4 1 (c) 3 4 (d) 2 (e) More than one of the above do not have inverses. (f) All

### The determinant of a skew-symmetric matrix is a square. This can be seen in small cases by direct calculation: 0 a. 12 a. a 13 a 24 a 14 a 23 a 14

4 Symplectic groups In this and the next two sections, we begin the study of the groups preserving reflexive sesquilinear forms or quadratic forms. We begin with the symplectic groups, associated with

### Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer

### MATH 304 Linear Algebra Lecture 18: Rank and nullity of a matrix.

MATH 304 Linear Algebra Lecture 18: Rank and nullity of a matrix. Nullspace Let A = (a ij ) be an m n matrix. Definition. The nullspace of the matrix A, denoted N(A), is the set of all n-dimensional column