# Chapter 4 - Algebra

## Exercise 33. 

Consider example 16 again, and let Z∗5 be the set of all remainder classes from Z5 without the class 0. Then Z∗ = {1,2,3,4}. Show that (Z∗,·) is a commutative group.

**[others](https://github.com/ret2basic/moonmath/blob/master/algebra/README.ipynb) solution:**

The map (multiplication) of all elements in

have the following properties:

- Closed due to multiplication
- Associative due to multiplication
- Commutative due to multiplication
- Identity is 

Inverse exists for every element, as all elements are co-prime to With all these properties, the group is commutative. We can also see this from the table at example 16.

## Exercise 34. 

Generalizing the previous exercise, consider the general modulus n, and let $Z^∗_n$ be the set of all remainder classes from Zn without the class 0. Then Z∗n = {1, 2, . . . , n − 1}. Provide a counter-example to show that (Z∗n,·) is not a group in general.
Find a condition such that (Z∗n,·) is a commutative group, compute the neutral element, give a closed form for the inverse of any element and prove the commutative group axioms.

**solution:**

$let\ n \notin \mathbb{P} \rightarrow \exists x \in Z^*_n\ s.t\ \nexists x^{-1}\ \in Z^*_n $

## Exercise 35. 

Let $n \in \mathbb{N}$ with n ≥ 2 be some modulus. What is the order of the remainder class group $\mathbb{G} = (Z_n,+)$?

**solution:**
$| \mathbb{G}| = n$

## Exercise 36. 

Consider the group (Z6,+) of modular 6 addition from example 11. Show that 5 ∈ Z6 is a generator, and then show that 2 ∈ Z6 is not a generator.

**solution:**


In [1]:
Z6 = Integers(6)
G = Z6(1)

for _ in range(6):
    G += Z6(5) 
    print(G)

0
5
4
3
2
1


## Exercise 37. 

Let $p \in \mathbb{P}$ be prime number and $(Z^*_p,·)$ the finite group from exercise 34. Show that $(Z^*_p,·)$ is cyclic.

**solution:**

let $ \forall a\ s.t\ 1 < a < p: gcd(a, p) = 1 \rightarrow a^p \equiv a (\textrm{mod}\ p) \rightarrow a^1 \equiv a (\textrm{mod } p)$

## Excercise 38.

(Efficient Scalar Multiplication). Let (G,+) be a finite cyclic group of order n. Consider algorithm 5 and define its analog for groups in additive notation.

**solution:**
```
Require: g group generator of order n 
Require: $x \in Z_n$
procedure Multiplication(g,x)
    Let (b0,...,bk) be a binary representation of x
    h←g
    y←eG
    for 0≤ j<k do
        if
            bj = 1 then y ← y + h
        end if
            h ← h + h 
    end for
    return y 
end procedure
Ensure: y=gx
```

## Exercise 39. 

Consider the previous example 40, and show that $Z^*_5[2]$ is a commutative group.

**solution:**

$Z^*_5[2] = {1, 4}$

1. 1 · 4 = 4 · 1 = 4
2. Assosiative because it has only two elements and nr. 1
3. $e_{\mathbb{G}} = 1$
4. $1^{-1} = 1, 4^{-1} = 4$

## Exercise 40. 

Consider the finite cyclic group (Z6,+) of modular 6 addition from example 36. Describe all subgroups of (Z6,+). Identify the large prime order subgroup of Z6, define its cofactor clearing map and apply that map to all elements of Z6.

**solution:**

|Z6| = 6 = 2 · 3

Z6[3]; c = 2

0 · 2 = 0, 1 · 2 = 2, 2 · 2 = 4, 3 · 2 = 0, 4 · 2 = 2, 5 · 2 = 4

Z6[3] = {0, 2, 4}

## Exercise 41. 

Let $(Z^∗_p,·)$ be the cyclic group from exercise 37. Show that, for p ≥ 5, not every element $x \in F^*_p$ is a generator of $F^∗_p$.

**solution:**

$|Z^∗_p| = p - 1 = 2 · a · q; q \in \mathbb{P} and q < p \rightarrow \exists Z^∗_p[2a] and \forall x \in Z^∗_p[2a] x \notin g of Z^∗_p$

## Exercise 44. 

Consider the multiplicative group Z^∗_{13} of modular 13 arithmetic from example 34. Choose a set of 3 generators of Z^∗_{13}, define its associated Pedersen Hash Function, and compute the Pedersen Hash of (3,7,11) ∈ Z12.

**solution:**

$|Z^∗_{13}| = 12 = 4 · 3$

$g_{Z^∗_{13}} = \{ 5, 7, 11 \}$

$H_{Z12} = 5^3 · 7^7 · 11^{11} = 8 · 6 · 6 = 2$


## Exercise 45. 

Consider the Pedersen Hash from exercise 44. Compose it with the SHA256 hash function from example 47 to define a hash-to-group function. Implement that function in Sage.

In [2]:
from hashlib import sha256

Z13POS = Integers(13)

def SHA256_H(x):
    hasher = sha256(x)
    digest = hasher.hexdigest()
    z = ZZ(digest, 16) # cast into integer
    z_bin = z.digits(base=2, padto=256) # cast to 256
    return Z13POS(5)**z_bin[0] * Z13POS(7)**z_bin[1] * Z13POS(11)**z_bin[2]

print(SHA256_H(b""), SHA256_H(b"SHA"), SHA256_H(b"Math"))

3 7 9


## Exercise 46. 

Consider the multiplicative group $\mathbb{Z}^∗_{13}$ of modular 13 arithmetic from example 34 and the parameter k = 3. Choose a generator of $\mathbb{Z}^∗_{13}$, a seed and instantiate a member of the 13 family given in (4.27) for that seed. Evaluate that member on the binary string < 1, 0, 1 >

In [3]:
from math import prod

bin_str = b'101'
Z13POS.random_element()
random_elements = []
while len(random_elements) < 3:
    x = Z13POS.random_element()
    if x != 0:
        random_elements.append(x)
print(f"random elements: {random_elements}")

def dhh_pseudorandom(bit_string: bytearray, seed: [int]) -> Z13POS:
    G = Z13POS(7)
    exponent = seed[0] * prod([a**b for (a, b) in  zip(seed[1:], bit_string[1:])])
    return G ** exponent

dhh_pseudorandom(bin_str, random_elements)

random elements: [3, 8, 8]


2

## Exercise 47. 

Consider the ring of modular 5 arithmetics ($Z_5$,+,·) from example 16. Show that ($Z_5$,+,·) is a field. What is the characteristic of $Z_5$? Prove that the equation a·x = b has only a single solution x ∈ $Z_5$ for any given a,b ∈ $Z^*_5$.

## Exercise 48. 

Consider the ring of modular 6 arithmetics ($Z_6$,+,·) from example 11. Show that ($Z_6$,+,·) is not a field.

**response**:

as 6 in not prime, not all a in 0..5 have a multiplicative inverse. More concretelly, the ones which gcd(a, 6) != 1. These are 2 and 3:

$2 * a^{-1} = 1 \mod 6$

In [4]:
Z6 = Integers(6)

inverse_found = False
for a in range(6):
    if Z6(a) * Z6(2) == Z6(1):
        inverse_found = True
        print(f"inverse of 2 found: {a}")

if not inverse_found:     
    print(f"Z6(2) has no multiplicative inverse")

Z6(2) has no multiplicative inverse


## Exercise 49 (Prime field F3). 

Construct the addition and multiplication table of the prime field $F_3$.

## Exercise 50 (Prime field F13). 

Construct the addition and multiplication table of the prime field $F_{13}$.

In [5]:

def sum_matrix(p):
    print(f"Sum matrix of F_{p}:")
    print(matrix(GF(p), p, p, lambda i, j: i+j))

def mul_matrix(p):
    print(f"Mul matrix of F_{p}:")
    print(matrix(GF(p), p, p, lambda i, j: i*j))

print('-' * 10 + ' Exc 49 ' + '-' * 10)
sum_matrix(3)
mul_matrix(3)

print('-' * 10 + ' Exc 50 ' + '-' * 10)
sum_matrix(13)
mul_matrix(13)

---------- Exc 49 ----------
Sum matrix of F_3:
[0 1 2]
[1 2 0]
[2 0 1]
Mul matrix of F_3:
[0 0 0]
[0 1 2]
[0 2 1]
---------- Exc 50 ----------
Sum matrix of F_13:
[ 0  1  2  3  4  5  6  7  8  9 10 11 12]
[ 1  2  3  4  5  6  7  8  9 10 11 12  0]
[ 2  3  4  5  6  7  8  9 10 11 12  0  1]
[ 3  4  5  6  7  8  9 10 11 12  0  1  2]
[ 4  5  6  7  8  9 10 11 12  0  1  2  3]
[ 5  6  7  8  9 10 11 12  0  1  2  3  4]
[ 6  7  8  9 10 11 12  0  1  2  3  4  5]
[ 7  8  9 10 11 12  0  1  2  3  4  5  6]
[ 8  9 10 11 12  0  1  2  3  4  5  6  7]
[ 9 10 11 12  0  1  2  3  4  5  6  7  8]
[10 11 12  0  1  2  3  4  5  6  7  8  9]
[11 12  0  1  2  3  4  5  6  7  8  9 10]
[12  0  1  2  3  4  5  6  7  8  9 10 11]
Mul matrix of F_13:
[ 0  0  0  0  0  0  0  0  0  0  0  0  0]
[ 0  1  2  3  4  5  6  7  8  9 10 11 12]
[ 0  2  4  6  8 10 12  1  3  5  7  9 11]
[ 0  3  6  9 12  2  5  8 11  1  4  7 10]
[ 0  4  8 12  3  7 11  2  6 10  1  5  9]
[ 0  5 10  2  7 12  4  9  1  6 11  3  8]
[ 0  6 12  5 11  4 10  3  9  2  8  1 

## Exercise 51. 

Consider the prime field $F_{13}$ from exercise 50. Find the set of all pairs (x, y) ∈ $F_{13}$ × $F_{13}$ that satisfy the following equation:
x2 +y2 = 1+7·x2 ·y2

In [17]:
f = lambda x, y: (x^2 + y^2) - (1 + 7 * x^2 * y^2)
p = 13
F_p = GF(p)
mat = matrix(F_p, p, p, f)
print(mat)
sol = [(i, j) for i, x in enumerate(mat) for j, y in enumerate(x) if y == 0]
for x, y in sol:
    assert F_p(x^2 + y^2) == F_p(1 + 7 * x^2 * y^2) 

print(f"solutions x,y: {sol}")

[12  0  3  8  2 11  9  9 11  2  8  3  0]
[ 0  7  2 11  8  6  5  5  6  8 11  2  7]
[ 3  2 12  7  0  4  6  6  4  0  7 12  2]
[ 8 11  7  9  4  5 12 12  5  4  9  7 11]
[ 2  8  0  4  7  9 10 10  9  7  4  0  8]
[11  6  4  5  9  3  0  0  3  9  5  4  6]
[ 9  5  6 12 10  0  8  8  0 10 12  6  5]
[ 9  5  6 12 10  0  8  8  0 10 12  6  5]
[11  6  4  5  9  3  0  0  3  9  5  4  6]
[ 2  8  0  4  7  9 10 10  9  7  4  0  8]
[ 8 11  7  9  4  5 12 12  5  4  9  7 11]
[ 3  2 12  7  0  4  6  6  4  0  7 12  2]
[ 0  7  2 11  8  6  5  5  6  8 11  2  7]
solutions x,y: [(0, 1), (0, 12), (1, 0), (2, 4), (2, 9), (4, 2), (4, 11), (5, 6), (5, 7), (6, 5), (6, 8), (7, 5), (7, 8), (8, 6), (8, 7), (9, 2), (9, 11), (11, 4), (11, 9), (12, 0)]


## Exercise 52. 

Consider the prime field F13 from exercise 50. Compute the Legendre symbol x/13 andthe set of roots √x for all elements x ∈ F13.

In [22]:
F_13 = GF(13)

roots_set = [a for a in F_13 if a^((13-1)/2) <= 1]
roots_set

[0, 1, 3, 4, 9, 10, 12]

## Exercise 53. 

Consider the extension field F32 from the previous example and find all pairs of elements (x, y) ∈ F32 , for which the following equation holds:
y2 =x3+4 (4.54)



In [25]:
F_3_sqr = GF(3^2)

[(x, y) for (x, y) in F_3_sqr if y^2 == x^3 + 4]

[(0, 1), (2, 0), (0, 2)]

## Exercise 54. 

Show that the polynomial Q = x2 + x + 2 from F3[x] is irreducible. Construct the multiplication table of F32 with respect to Q and compare it to the multiplication table of F32 from example 68.

In [40]:
F_3 = GF(3)
R.<x> = PolynomialRing(F_3)
Q = x^2 + x + 2

# Q is irreductible
for a in F_3:
    assert Q(a) != 0

#or F_32.<u> = F_3.extension(Q)
F_32.<u> = GF(3^2, modulus=Q) 

matrix(F_32, 9, 9, lambda x, y: x * y)

[0 0 0 0 0 0 0 0 0]
[0 1 2 0 1 2 0 1 2]
[0 2 1 0 2 1 0 2 1]
[0 0 0 0 0 0 0 0 0]
[0 1 2 0 1 2 0 1 2]
[0 2 1 0 2 1 0 2 1]
[0 0 0 0 0 0 0 0 0]
[0 1 2 0 1 2 0 1 2]
[0 2 1 0 2 1 0 2 1]

## Exercise55. 
Show that the polynomial $P=t^3+t+1$ from $F_5[t]$ is irreducible. Then consider the extension field F_{5^3} defined relative to P. Compute the multiplicative inverse of $(2t^2+4) \in F_{5^3}$ using the Extended Euclidean Algorithm. Then find all $x \in F_{5^3}$ that solve the following equation:

$(2t^2 +4)(x−(t^2 +4t +2)) = (2t +3)$

In [56]:
F5 = GF(5)
R.<t> = PolynomialRing(F5)
P = t^3 + t + 1

for a in F5:
    assert P(a) != 0

F53.<v> = GF(5^3, modulus=P)

f = 2 * v^2 + 4

gcd, f_inv, b = xgcd(f, P)
assert gcd == 1

x = (2*v + 3) * f_inv + (v^2 + 4*v + 2)
print(f"we have that x is equal to the polynomial: {x}")
print(f"the slutions to the polynomial are: {x.roots(F53, multiplicities=False)}")

we have that x is equal to the polynomial: v^2 + 2
the slutions to the polynomial are: []


## Exercise 56. 

Consider the prime field F5. Show that the polynomial P = x2 + 2 from F5[x] isirreducible. Implement the finite field F52 in Sage.

In [57]:
P = t^2 + 2

for a in F5:
    assert P(a) != 0

F52.<v> = GF(5^2, modulus=P)

## Exercise 57. 

Construct the so-called Fano plane, that is, the projective plane over the finite field $F_2$.

In [60]:
# Define the finite field F2
F2 = GF(2)

# Define the polynomial ring over F2
R.<x> = PolynomialRing(F2)

# Define the extension field of F2
F4.<alpha> = GF(2^2)

# Projective space of dimension 2 over F2
P = ProjectiveSpace(F2, 2)

# Get the points in the projective space
points = P.rational_points()
print("points")
print(points)

# Separate affine points and points at infinity
affine_points = [p for p in points if p[2] == 1]
points_at_infinity = [p for p in points if p[2] == 0]

print("affine points")
print(affine_points)
print("points at infinity")
print(points_at_infinity)

points
[(0 : 0 : 1), (0 : 1 : 1), (1 : 0 : 1), (1 : 1 : 1), (0 : 1 : 0), (1 : 1 : 0), (1 : 0 : 0)]
affine points
[(0 : 0 : 1), (0 : 1 : 1), (1 : 0 : 1), (1 : 1 : 1)]
points at infinity
[(0 : 1 : 0), (1 : 1 : 0), (1 : 0 : 0)]
