# Chapter 4 - Algebra

## Exercise 33. 

Consider example 16 again, and let Z∗5 be the set of all remainder classes from Z5 without the class 0. Then Z∗ = {1,2,3,4}. Show that (Z∗,·) is a commutative group.

**[others](https://github.com/ret2basic/moonmath/blob/master/algebra/README.ipynb) solution:**

The map (multiplication) of all elements in

have the following properties:

- Closed due to multiplication
- Associative due to multiplication
- Commutative due to multiplication
- Identity is 

Inverse exists for every element, as all elements are co-prime to With all these properties, the group is commutative. We can also see this from the table at example 16.

## Exercise 34. 

Generalizing the previous exercise, consider the general modulus n, and let $Z^∗_n$ be the set of all remainder classes from Zn without the class 0. Then Z∗n = {1, 2, . . . , n − 1}. Provide a counter-example to show that (Z∗n,·) is not a group in general.
Find a condition such that (Z∗n,·) is a commutative group, compute the neutral element, give a closed form for the inverse of any element and prove the commutative group axioms.

**solution:**

$let\ n \notin \mathbb{P} \rightarrow \exists x \in Z^*_n\ s.t\ \nexists x^{-1}\ \in Z^*_n $

## Exercise 35. 

Let $n \in \mathbb{N}$ with n ≥ 2 be some modulus. What is the order of the remainder class group $\mathbb{G} = (Z_n,+)$?

**solution:**
$| \mathbb{G}| = n$

## Exercise 36. 

Consider the group (Z6,+) of modular 6 addition from example 11. Show that 5 ∈ Z6 is a generator, and then show that 2 ∈ Z6 is not a generator.

**solution:**


In [1]:
Z6 = Integers(6)
G = Z6(1)

for _ in range(6):
    G += Z6(5) 
    print(G)

0
5
4
3
2
1


## Exercise 37. 

Let $p \in \mathbb{P}$ be prime number and $(Z^*_p,·)$ the finite group from exercise 34. Show that $(Z^*_p,·)$ is cyclic.

**solution:**

let $ \forall a\ s.t\ 1 < a < p: gcd(a, p) = 1 \rightarrow a^p \equiv a (\textrm{mod}\ p) \rightarrow a^1 \equiv a (\textrm{mod } p)$

## Excercise 38.

(Efficient Scalar Multiplication). Let (G,+) be a finite cyclic group of order n. Consider algorithm 5 and define its analog for groups in additive notation.

**solution:**
```
Require: g group generator of order n 
Require: $x \in Z_n$
procedure Multiplication(g,x)
    Let (b0,...,bk) be a binary representation of x
    h←g
    y←eG
    for 0≤ j<k do
        if
            bj = 1 then y ← y + h
        end if
            h ← h + h 
    end for
    return y 
end procedure
Ensure: y=gx
```

## Exercise 39. 

Consider the previous example 40, and show that $Z^*_5[2]$ is a commutative group.

**solution:**

$Z^*_5[2] = {1, 4}$

1. 1 · 4 = 4 · 1 = 4
2. Assosiative because it has only two elements and nr. 1
3. $e_{\mathbb{G}} = 1$
4. $1^{-1} = 1, 4^{-1} = 4$

## Exercise 40. 

Consider the finite cyclic group (Z6,+) of modular 6 addition from example 36. Describe all subgroups of (Z6,+). Identify the large prime order subgroup of Z6, define its cofactor clearing map and apply that map to all elements of Z6.

**solution:**

|Z6| = 6 = 2 · 3

Z6[3]; c = 2

0 · 2 = 0, 1 · 2 = 2, 2 · 2 = 4, 3 · 2 = 0, 4 · 2 = 2, 5 · 2 = 4

Z6[3] = {0, 2, 4}

## Exercise 41. 

Let $(Z^∗_p,·)$ be the cyclic group from exercise 37. Show that, for p ≥ 5, not every element $x \in F^*_p$ is a generator of $F^∗_p$.

**solution:**

$|Z^∗_p| = p - 1 = 2 · a · q; q \in \mathbb{P} and q < p \rightarrow \exists Z^∗_p[2a] and \forall x \in Z^∗_p[2a] x \notin g of Z^∗_p$

## Exercise 44. 

Consider the multiplicative group Z^∗_{13} of modular 13 arithmetic from example 34. Choose a set of 3 generators of Z^∗_{13}, define its associated Pedersen Hash Function, and compute the Pedersen Hash of (3,7,11) ∈ Z12.

**solution:**

$|Z^∗_{13}| = 12 = 4 · 3$

$g_{Z^∗_{13}} = \{ 5, 7, 11 \}$

$H_{Z12} = 5^3 · 7^7 · 11^{11} = 8 · 6 · 6 = 2$


## Exercise 45. 

Consider the Pedersen Hash from exercise 44. Compose it with the SHA256 hash function from example 47 to define a hash-to-group function. Implement that function in Sage.

In [2]:
from hashlib import sha256

Z13POS = Integers(13)

def SHA256_H(x):
    hasher = sha256(x)
    digest = hasher.hexdigest()
    z = ZZ(digest, 16) # cast into integer
    z_bin = z.digits(base=2, padto=256) # cast to 256
    return Z13POS(5)**z_bin[0] * Z13POS(7)**z_bin[1] * Z13POS(11)**z_bin[2]

print(SHA256_H(b""), SHA256_H(b"SHA"), SHA256_H(b"Math"))

3 7 9


## Exercise 46. 

Consider the multiplicative group $\mathbb{Z}^∗_{13}$ of modular 13 arithmetic from example 34 and the parameter k = 3. Choose a generator of $\mathbb{Z}^∗_{13}$, a seed and instantiate a member of the 13 family given in (4.27) for that seed. Evaluate that member on the binary string < 1, 0, 1 >

In [3]:
from math import prod

bin_str = b'101'
Z13POS.random_element()
random_elements = []
while len(random_elements) < 3:
    x = Z13POS.random_element()
    if x != 0:
        random_elements.append(x)
print(f"random elements: {random_elements}")

def dhh_pseudorandom(bit_string: bytearray, seed: [int]) -> Z13POS:
    G = Z13POS(7)
    exponent = seed[0] * prod([a**b for (a, b) in  zip(seed[1:], bit_string[1:])])
    return G ** exponent

dhh_pseudorandom(bin_str, random_elements)

random elements: [3, 8, 8]


2