Why do we use groups, rings and fields in cryptography?

Question

I'm a student of Masters in Cyber Security. I have a habit to understand things from their first principles (at the very beginning). Kindly use any simple mathematical example to answer because I have read plenty of technical answers but they aren't clear to me. For example, we use primes because we know factoring them is extremely hard. Furthermore, we use injectives because we don't want one to many relations in encryption because it will be a disaster on the decryption side. Same like my examples can you provide me an example of using groups that makes sense as primes and injective do?Kindly, let me know what was the actual problem which leads us to use groups in cryptography?

I know what a group is and its properties, I know about abstract algebra, but I don't know why we use them and what happens if we don't use them.

Answer 1

Kindly, let me know what was the actual problem which leads us to use groups in cyptogrpahy?

Well, we use groups and other similar mathematical constructs because:

• We found there are problems that appeared to be difficult to solve with those groups

• We found ways to translate the difficulty of solving those problems into the cryptographical strength of some object (such as an RSA public key encryption, or a signature), that is, you can't break the cryptographical object (e.g. decrypt the encrypted ciphertext without the key) unless you can solve the hard problem.

The second part is crucial; we know problems that are much harder to solve than the ones we use in cryptography; however we don't know how to exploit those.

That's pretty much the answer; the answer to "why do we use groups" is pretty much the same as Willy Sutton supposedly gave to the question "why do you rob banks" - "because that's where the money is" - that is, we do it because it provides the cryptographical security we're looking for.

I believe if I don't know "why" then everything is useless.

Then you're in trouble with cryptography - one of the things we do not know is why these hard problems are actually hard (if, in fact, they are) - the most we know is that a number of fairly bright people have tried to do a number of rather clever tricks to solve them, and none of them worked.

Answer 2

Groups have properties which are useful for many cryptographic operations

• When you multiply 2 numbers in a cryptographic operation you want the result of the multiplication also to be in the same set. For e.g. if you are multiplying something which fits in a byte (or n bytes) by something similar, you also want the result also to fit in a byte (or n bytes). Groups have the closure property which ensures this

• When you want to decrypt something which is encrypt, many a times the decryption is an inverse of the encryption. Elements of a Group are invertible so again that is needed.

There are other properties of Groups which are useful in other specific cases. For e.g. in AES's MixColumn operation, the associativity property is needed. Like this you will find a lot of cryptographic operations which require many of the properties.

Rings & Finite Fields are also Groups, so they also have the same properties. Groups have Closure, Associativity & Inverse under only one Arithmetic operation. However, Finite Fields have Closure, Associativity, Identity, Inverse, Commutativity under both 2 Arithmetic operations (for e.g. Addition & Multiplication).

Answer 3

I think you got it backwards:

Algebraic structures like rings and groups and fields are the underlying concept of all commonly used types of numbers like the integers, rationals, reals and complex numbers. In algebra it is quite common to do theorems and proofs in the structure with the minimum requirements - so they are valid in a wide range of structures, and not just in the integers for example.

School math and possibly university courses intended for non-mathematicians are simplified versions of that: The numbers are just there, they skipped the basics of explaining where the numbers come from and what axioms and definitions have been made.

When it comes to cryptography, you already mentioned one relevant example: Factorization of large numbers is difficult. But that is just a problem - on its own this is not enough to create an encryption scheme. If we look at RSA, then everything happens inside a specific finite ring: all calculations happen modulo N.

Another example: ElGamal is a cryptosystem, which is based on the discrete logarithm - which is also a difficult problem like factorization. But the discrete logarithm problem is defined inside a finite group. And it has very little to do with logarithms on real numbers besides the name. And this finite group can be all integers modulo a prime number - or it can be an elliptic curve, which is another type of finite group.

I know what a group is and its properties, I know about abstract algebra, but I don't know why we use them and what happens if we don't use them.

How do you want to "not use them"? If you think about integers, they are a ring, which is a group (for addition) and a semi group (for multiplication). Or more generally: From what do you want to build an encryption scheme, signature scheme, etc? Cryptography has to build on some structure. And for most public key cryptography, this structure is finite groups, rings and fields.

Answer 4

The problem with "why"

"Why" is generally an unfortunate question. It is often very hard or impossible to answer. The reasoning goes like this: if you ask "why" a (reasonably complex) thing is like it is, any meaningful answer usually breaks the issue down into subcomponents. Then, you can and need to ask "why" for each of those. This goes on and on ad nauseam. Either you end up with more and more ever more complex answers and questions; or you eventually lose the semantics along the convoluted path, or you end up with subquestions that simply have no meaningful "why" answer at all.

A popular example would be children asking why the sky is blue. With a "nerd" child, you can spend a lot of time on that. It's not uninteresting, and not futile, and being inquisitive is great, but it's often frustrating.

There is a nice video from Feynman himself explaining this: https://www.youtube.com/watch?v=36GT2zI8lVA

Why do we use rings, groups, fields in cryptography

We use these structures in cryptography because in modern times, cryptography inevitably works on natural numbers as their base domain, and nothing else. Why is that the case? Because in our current computer architecture, all data is represented as natural numbers sooner or later, and therefore it only makes sense to focus all our efforts on this common denominator, instead of having different cryptography for images, text, sound etc..

Rings, groups, fields and other structures are literally what makes up numbers (or rather the semantics on numbers). There is no magic to this. Every child is working with these structures even when learning to count to 100, they just don't know it yet. It's not like mathematicians saw all the problems of cryptography, tried 10 alternatives, until someone said "hey, let's take rings", but whenever you are working with numbers, you inevitable end up with some of these structures.

It's not like we invented all these structures (people have been multiplying and adding long before these terms or the strict understanding of their structure were around); we just use them to label some very restrictive sets with their operations. Other labels or definitions could probably have been arrived at.

A direct example is the RSA public key algorithm. It is a conceptionally simple set of operations in modular arithmetic (i.e. $\mathbb N_n$ with $n$ being a very large integer with the property $n = pq$, with $p$ and $q$ being large primes). When working with these things, the only way we know how is to work with operators (multiplication...) which form a group structure. Ignoring key generation, the actual encryption and decryption is a single operation: exponentiation in modular algebra. Understanding why it works is easy even if someone only had a few first lessons in algebra, to define the terms. Hence we are using groups here (or rather some practical proofs from group theory) because they are the correct tool, they make it easy to reason about the algorithm and prove the correctness, and very easy to implement.

As a side point, not directly related to the question: Here, it just so happens that this operation also is very simple for a computer to perform. The inverse (which would be equivalent to cracking the code) is very hard. "Why" that is (on a philosophical level) is impossible to tell, except we didn't find a way to do yet. Nobody knows if it is fundamentally impossible to ever find an efficient algorithm to invert this.

Answer 5

Maybe I can give another answer from the perspective of Multiparty Computation (MPC), which studies the problem of enabling multiple parties to securely compute a function on sensitive data while revealing only the outputs.

A very important tool for solving the problem stated above is secret-sharing, which enables distribution of a secret $s$ into $n$ shares $s_1,\ldots,s_n$, in such a way that any set of at most $t$ shares does not leak anything about the secret, but any set of $t+1$ shares can completely reconstruct it. One of the most popular secret-sharing constructions is Shamir Secret Sharing, in which a secret $s$ is distributed by choosing a random polynomial $f$ of degree at most $t$, subject to $f(0)=s$, and letting the $i$-th share be $s_i:=f(i)$.

The idea why this construction works is that, due to the interpolation theorem, any set of $t+1$ points $(i,f(i))$ completely determine a unique polynomial of degree at most $t$, so in particular they determine $s=f(0)$, but only $t$ such points can be consistent with too many polynomials of degree at most $t+1$ as to be able to determine $s$. Now, for all of this to make sense, the elements need to belong to some algebraic structure (in particular a ring, since we're talking about polynomials). Furthermore, as stated, this structure has to be a field, since otherwise the interpolation theorem does not hold.¹

So, to sum up, there are some contexts where we benefit a lot from the additional properties that certain structures have. In the case of fields, the fact that there are no zero divisors really makes life easier.

---

¹The interpolation theorem also works for more general rings, but you they still need to have certain properties, like a long-enough exceptional sequence.