# BLS threshold signing over the BN254 pairing

## Mathematical Foundations

This primer aims to build from first principles the just enough of the mathematical concepts necessary for understanding cryptographic 
primitives, particularly those involving elliptic curves and bilinear pairings used by Barreto and Naerig, as well as the threshold signing schema of BLS. We'll take a tasting of set theory, number theory, group theory, ring theory, and field theory, culminating in the specific structures used in this modern cryptography.

### Set Theory

Set theory forms the bedrock of modern mathematics. It provides us with a language to discuss collections of objects and the 
relationships between them. A pack of wolves, a bunch of grapes, or a flock of pigeons are all examples of sets of things. 
In a mathematical sense, sets are the concept of beloning, as a wolf does to a pack of wolves, so does an element to a set. 
For a more in depth treatment of set theory, Halmos' Naive Set Theory and Suppes' Axiomatic Set Theory are superb.

#### Basic Definitions

1. A set is a collection of distinct objects, called elements or members of the set.
2. If $a$ is an element of set $A$, we write $a \in A$.
3. The empty set, denoted $\varnothing$, is the unique set with no elements.
4. A set $A$ is a subset of set $B$, denoted $A \subseteq B$, if every element of $A$ is also an element of $B$. In other words, $A$ is included by, or contained in $B$.
5. Every set $A \subseteq A$, or in other words every set is contained by itself.


#### Set Operations

Set theory defines several operations on sets:

1. Union: $A \cup B = \{x : x \in A \text{ or } x \in B\}$
   The union of two sets contains all elements that are in either set.

2. Intersection: $A \cap B = \{x : x \in A \text{ and } x \in B\}$
   The intersection contains all elements common to both sets.

3. Difference: $A \setminus B = \{x : x \in A \text{ and } x \notin B\}$
   The difference contains elements in $A$ but not in $B$.

4. Symmetric Difference: $A \triangle B = (A \setminus B) \cup (B \setminus A)$
   This operation results in elements that are in either set, but not in both.

#### Cartesian Product

The Cartesian product of two sets $A$ and $B$, denoted $A \times B$, is the set of all ordered pairs where the first element comes from $A$ and the second from $B$:

$A \times B = \{(a,b) : a \in A \text{ and } b \in B\}$

#### Functions

A function $f$ from set $A$ to set $B$, denoted $f: A \to B$, is a rule that assigns to each element of $A$ exactly one element of $B$. We call $A$ the domain and $B$ the codomain of $f$. The set of all $f(a)$ for $a \in A$ is called the range of $f$.

Functions can have special properties:

1. Injective (one-to-one): $\forall a_1, a_2 \in A, f(a_1) = f(a_2) \implies a_1 = a_2$
2. Surjective (onto): $\forall b \in B, \exists a \in A : f(a) = b$
3. Bijective: Both injective and surjective

#### Cardinality

The cardinality of a set $A$, denoted $|A|$, is the number of elements in $A$ if $A$ is finite. For infinite sets, cardinality becomes more complex:

- Countably infinite: A set with the same cardinality as the natural numbers, denoted $\aleph_0$.
- Uncountable: An infinite set that is not countably infinite, such as the real numbers, with cardinality denoted $\mathfrak{c}$.

### Group Theory

Group theory is the study of actions on the relations or belongings coming from set theory, which forms algebras, it's more generally the study of symmetries. Professor Macauley's Visual Group Theory lectures on Youtube and Nathan Carters Visual Group theory book provide a beautiful and approachable exposition. Saracino's Abstract algebra is approchable, but in need of fresh typesetting. Lang's bible Algebra is also a good resource here and more generally on rings and fields to come. Here we treat the key parts as they relate to implementation of BLS and BN254.

#### Groups

A group is an ordered pair $(\mathbb{G}, *)$ where $\mathbb{G}$ is a set and $*$ is a binary operation on $\mathbb{G}$ satisfying four axioms:

1. Closure: $\forall a, b \in \mathbb{G}, a * b \in \mathbb{G}$
2. Associativity: $\forall a, b, c \in \mathbb{G}, (a * b) * c = a * (b * c)$
3. Identity: $\exists e \in \mathbb{G}, \forall a \in \mathbb{G}: a * e = e * a = a$
4. Inverse: $\forall a \in \mathbb{G}, \exists a^{-1} \in \mathbb{G}: a * a^{-1} = a^{-1} * a = e$

The identity element is often denoted as $e$, and the inverse of an element $a$ is written as $a^{-1}$. We also have "subtraction" defined through the binary operator of the inverse of an element.

#### Abelian Groups

An Abelian group, named after Norwegian mathematician Niels Henrik Abel, is a group which is commutative under the binary operation $*$. A group $\mathbb{G}$ is abelian if $a * b = b * a, \forall a, b \in \mathbb{G}$

#### Finite Groups

A group $\mathbb{G}$ is finite if the number of elements in $\mathbb{G}$ is finite, which then has cardinality or order $|\mathbb{G}|$.

#### Lagrange's Theorem

For a finite group $\mathbb{G}$ with $a \in \mathbb{G}$ and let there exist a positive integer $d$ such that $a^d$ is the smallest positive power of $a$ that is equal to $e$, the identity of the group. Let $n = |\mathbb{G}|$ be the order of $\mathbb{G}$, and let $d$ be the order of $a$, then $a^n = e$ and $d \mid n$

#### Subgroups

A subset $H$ of a group $\mathbb{G}$ is a subgroup if it forms a group under the same operation as $\mathbb{G}$. We denote this as $H \leq \mathbb{G}$. 

The order of a subgroup always divides the order of the group (Lagrange's Theorem).

Similar to a set every group $\mathbb{G} \subseteq \mathbb{G}$, and for every group there is a trivial subgroup containing only the identity.

#### Homomorphisms and Isomorphisms

A function $f: G \to H$ between groups is a homomorphism if it preserves the group operation:

$f(ab) = f(a)f(b)$ for all $a,b \in G$

An isomorphism is a bijective homomorphism. If there exists an isomorphism between groups $G$ and $H$, we say they are isomorphic and write $G \cong H$.

#### Cosets and Normal Subgroups

For a subgroup $H$ of $G$ and an element $a \in G$, we define:

- Left coset: $aH = \{ah : h \in H\}$
- Right coset: $Ha = \{ha : h \in H\}$

A subgroup $N$ of $G$ is called normal if $gN = Ng$ for all $g \in G$. We denote this as $N \triangleleft G$.

#### Cyclic Groups

A group $\mathbb{G}$ is cyclic if there exists an element $g \in \mathbb{G}$ such that every element of $\mathbb{G}$ can be written as a power of $g$:

$\mathbb{G} = \langle g \rangle = \{g^n : n \in \mathbb{Z}\}$

Here, $g$ is called a generator of $\mathbb{G}$. Cyclic groups have several important properties:

1. Every element $x \in \mathbb{G}$ can be written as $x = g^n$ for some integer $n$.
2. If $\mathbb{G}$ is infinite, it is isomorphic to $(\mathbb{Z}, +)$.
3. If $\mathbb{G}$ is finite with $|\mathbb{G}| = n$, it is isomorphic to $(\mathbb{Z}/n\mathbb{Z}, +)$.
4. All cyclic groups are Abelian.
5. Subgroups of cyclic groups are cyclic.
6. The order of $\mathbb{G}$ is the smallest positive integer $m$ such that $g^m = e$.

#### Quotient Groups

If $N \triangleleft G$, we can form the quotient group $G/N$, whose elements are the cosets of $N$ in $G$.

### Ring Theory

#### Rings

A ring is a set $R$ with two binary operations defined over it and closed under it. These binary operations are usually represented as, addition ($+$) and multiplication ($\cdot$). A ring $R$ must satisfy the axioms:

1. $(R,+)$ is an Abelian group.

2. Multiplication is associative: $(a \cdot b) \cdot c = a \cdot (b \cdot c)$ for all $a,b,c \in R$

3. Distributive laws hold, linking addition and multiplication:
   a. Left distributivity: $a \cdot (b + c) = (a \cdot b) + (a \cdot c)$ for all $a,b,c \in R$
   b. Right distributivity: $(b + c) \cdot a = (b \cdot a) + (c \cdot a)$ for all $a,b,c \in R$

These distributive properties ensure that multiplication distributes over addition, connecting the two operations and giving rings their distinctive algebraic structure.

A ring is commutative if $a \cdot b = b \cdot a$ for all $a,b \in R$. 

A ring has unity (or is unital) if there exists an element $1_R \in R$ such that $1_R \cdot a = a \cdot 1_R = a$ for all $a \in R$. This element, if it exists, is unique and called the multiplicative identity.

#### Ideals

An ideal of a ring $R$ is a subset $I \subseteq R$ where:

1. $(I,+)$ is a subgroup of $(R,+)$, meaning:
   a. $I$ is non-empty
   b. For all $a,b \in I$, $a - b \in I$

2. For all $r \in R$ and $i \in I$, both $r \cdot i \in I$ and $i \cdot r \in I$ (absorption property)

The absorption property of ideals interacts with both ring operations, as it involves multiplication by any ring element and the result remains in the ideal.

#### Quotient Rings

For a ring $R$ and ideal $I$, the quotient ring $R/I$ is defined as:

$R/I = \{r + I : r \in R\}$

where $r + I = \{r + i : i \in I\}$ is the coset of $r$ modulo $I$.

Operations in $R/I$ are defined as:

1. Addition: $(a + I) + (b + I) = (a + b) + I$
2. Multiplication: $(a + I) \cdot (b + I) = (a \cdot b) + I$

These operations are well-defined because of the ideal properties, particularly the absorption property.

#### Polynomial Rings

Given a ring $R$, the polynomial ring $R[x]$ is defined as the set of all formal sums of the form:

$$f(x) = \sum_{i=0}^n a_i x^i = a_0 + a_1x + a_2x^2 + ... + a_nx^n$$

where:
1. $n$ is a non-negative integer
2. $a_i \in R$ (called coefficients)
3. $x$ is an indeterminate (or variable)
4. Only finitely many $a_i$ are non-zero

The ring structure of $R[x]$ is defined by the following operations:

1. Addition: For $f(x) = \sum a_ix^i$ and $g(x) = \sum b_ix^i$,
   $$(f + g)(x) = \sum_{i=0}^{\max(\deg(f),\deg(g))} (a_i + b_i)x^i$$

2. Multiplication: For $f(x) = \sum a_ix^i$ and $g(x) = \sum b_ix^i$,
   $$(f \cdot g)(x) = \sum_{k=0}^{\deg(f)+\deg(g)} (\sum_{i+j=k} a_ib_j)x^k$$

Key properties:
1. The zero polynomial, denoted $0$, has all coefficients equal to $0$.
2. If $R$ has a unity $1 \neq 0$, then $R[x]$ has a unity, which is the constant polynomial $1$.
3. $R$ is embedded in $R[x]$ as the set of constant polynomials.
4. If $R$ is commutative, then $R[x]$ is commutative.
5. The degree of a non-zero polynomial $f(x)$, denoted $\deg(f)$, is the highest power of $x$ with a non-zero coefficient.

This definition treats polynomials as formal algebraic objects, not as functions. The construction can be extended to multiple variables, e.g., $R[x,y] = (R[x])[y]$.

### Field Theory

Fields are algebraic structures that allow for addition, subtraction, multiplication, and division (except by zero).

#### Fields

A field $F$ is a set with two binary operations defined over it and closed under it, usually addition ($+$) and multiplication ($·$). The field $F$ must satisfy the following axioms:

1. $(F, +)$ is an abelian group with identity element $0$
2. $(F \setminus \{0\}, \cdot)$ is an abelian group with identity element 1
3. Distributivity: $a \cdot (b + c) = (a \cdot b) + (a \cdot c)$ for all $a, b, c \in F$

Formally, a field is a commutative ring where every non-zero element has a multiplicative inverse. For every $a \in F, a \neq 0$, there exists $b \in F$ such that $a \cdot b = 1_F$.

Examples of fields include the rational numbers $\mathbb{Q}$, the real numbers $\mathbb{R}$, and the complex numbers $\mathbb{C}$.

#### Finite Fields

Finite fields, also known as Galois fields (named after Évariste Galois), are fields with a finite number of elements. They are denoted $GF(q)$ or $\mathbb{F}_q$, where $q = p^n$ for some prime $p$ and positive integer $n$.

Key properties of finite fields:

1. The order (number of elements) of a finite field is always a prime power.
2. For each prime power $q$, there exists a unique (up to isomorphism) finite field of order $q$.
3. The multiplicative group of a finite field is cyclic.

Finite fields are crucial in cryptography, particularly in elliptic curve cryptography, where operations are typically performed over a finite field.

#### Prime Fields

A \textit{prime} number is one that is measured by a unit alone, $1$. A prime field is a finite field of prime order. For a prime $p$, the prime field $\mathbb{F}_p$ consists of the integers modulo $p$:

$\mathbb{F}_p = \{0, 1, 2, ..., p-1\}$

with addition and multiplication performed modulo $p$. 

Prime fields are the simplest finite fields and form the building blocks for all other finite fields.

#### Polynomial Fields

For a prime $p$ and positive integer $n$, we can construct the finite field $\mathbb{F}_{p^n}$ using polynomials. Let $f(x)$ be an irreducible polynomial of degree $n$ over $\mathbb{F}_p$. Then:

$\mathbb{F}_{p^n} \cong \mathbb{F}_p[x]/(f(x))$

This field consists of polynomials over $\mathbb{F}_p$ of degree less than $n$, with arithmetic performed modulo $f(x)$.

#### Field Extensions

A field extension is a pair of fields $K$ and $F$ such that $F \subseteq K$. We denote this as $K/F$ and say "K over F".

Important concepts in field extensions:

1. Degree: The degree of an extension $K/F$, denoted $[K:F]$, is the dimension of $K$ as a vector space over $F$.

2. Simple extension: An extension $K/F$ is simple if $K = F(\alpha)$ for some $\alpha \in K$.

3. Algebraic extension: An extension $K/F$ is algebraic if every element of $K$ is the root of some polynomial with coefficients in $F$.

4. Splitting field: For a polynomial $f(x)$ over $F$, a splitting field is the smallest extension of $F$ that contains all roots of $f(x)$.

5. Normal extension: An algebraic extension $K/F$ is normal if it is the splitting field of some polynomial over $F$.

6. Separable extension: An algebraic extension $K/F$ is separable if the minimal polynomial of every element of $K$ over $F$ has distinct roots.

7. Galois extension: An extension that is both normal and separable.

Field extensions play a crucial role in understanding the structure of finite fields and in the theory of elliptic curves used in cryptography.

# Modular Arithmetic

Modular arithmetic is a system of arithmetic for integers or other prime finite fields, where numbers "wrap around" when reaching a certain value, called the modulus. This section explores modular arithmetic through the lens of $Z_5$, the integers modulo $5$.

## The Group Z_5

Z_5 is defined as the set of integers modulo 5:

Z_5 = {0, 1, 2, 3, 4}

In Z_5, we perform arithmetic operations and then take the remainder when divided by 5.

### Addition in Z_5

Addition in Z_5 is performed as:

$a \oplus b = (a + b) \bmod 5$

The addition table for Z_5 is:

| $\oplus$ | 0 | 1 | 2 | 3 | 4 |
|---------|---|---|---|---|---|
| 0       | 0 | 1 | 2 | 3 | 4 |
| 1       | 1 | 2 | 3 | 4 | 0 |
| 2       | 2 | 3 | 4 | 0 | 1 |
| 3       | 3 | 4 | 0 | 1 | 2 |
| 4       | 4 | 0 | 1 | 2 | 3 |

### Multiplication in Z_5

Multiplication in Z_5 is performed as:

$a \otimes b = (a \times b) \bmod 5$

The multiplication table for Z_5 is:

| $\otimes$ | 0 | 1 | 2 | 3 | 4 |
|-----------|---|---|---|---|---|
| 0         | 0 | 0 | 0 | 0 | 0 |
| 1         | 0 | 1 | 2 | 3 | 4 |
| 2         | 0 | 2 | 4 | 1 | 3 |
| 3         | 0 | 3 | 1 | 4 | 2 |
| 4         | 0 | 4 | 3 | 2 | 1 |

## Properties of Z_5

1. Closure: For all $a, b \in$ Z_5, $a \oplus b \in$ Z_5 and $a \otimes b \in$ Z_5.
2. Associativity: For all $a, b, c \in$ Z_5, $(a \oplus b) \oplus c = a \oplus (b \oplus c)$ and $(a \otimes b) \otimes c = a \otimes (b \otimes c)$.
3. Commutativity: For all $a, b \in$ Z_5, $a \oplus b = b \oplus a$ and $a \otimes b = b \otimes a$.
4. Identity elements: 
   - Additive identity: 0, where $a \oplus 0 = a$ for all $a \in$ Z_5.
   - Multiplicative identity: 1, where $a \otimes 1 = a$ for all $a \in$ Z_5.
5. Inverse elements:
   - Additive inverse: For each $a \in$ Z_5, there exists $-a \in$ Z_5 such that $a \oplus (-a) = 0$.
   - Multiplicative inverse: For each $a \in$ Z_5 \ {0}, there exists $a^{-1} \in$ Z_5 such that $a \otimes a^{-1} = 1$.
6. Distributivity: For all $a, b, c \in$ Z_5, $a \otimes (b \oplus c) = (a \otimes b) \oplus (a \otimes c)$.

These properties make Z_5 a field, which is a commutative ring where every non-zero element has a multiplicative inverse.

## Euclidean Division

Euclidean division is the process of dividing one integer by another to produce a quotient and a remainder. In the context of modular arithmetic, we're particularly interested in the remainder.

For integers $a$ and $b$ with $b \neq 0$, there exist unique integers $q$ (quotient) and $r$ (remainder) such that:

$a = bq + r$, where $0 \leq r < |b|$

### Euclidean Division Algorithm

Here's a pseudocode algorithm for Euclidean division:

```
function euclidean_divide(a, b):
    if b == 0:
        error "Division by zero"
    
    q = floor(a / b)
    r = a - b * q
    
    if r < 0:
        if b > 0:
            q = q - 1
            r = r + b
        else:
            q = q + 1
            r = r - b
    
    return (q, r)
```

In Z_5, we're primarily concerned with the remainder $r$, which will always be in the set {0, 1, 2, 3, 4}.

## Extended Euclidean Algorithm

The extended Euclidean algorithm is a way to compute the greatest common divisor (GCD) of two numbers $a$ and $b$, and also find the coefficients of Bézout's identity, which states that:

$\gcd(a,b) = ax + by$

for some integers $x$ and $y$.

### Extended Euclidean Algorithm Pseudocode

```
function extended_gcd(a, b):
    if b == 0:
        return (a, 1, 0)
    else:
        (gcd, x', y') = extended_gcd(b, a mod b)
        x = y'
        y = x' - floor(a / b) * y'
        return (gcd, x, y)
```

This algorithm is particularly useful in modular arithmetic for finding multiplicative inverses. In Z_5, we can use it to find the multiplicative inverse of any non-zero element.

For example, to find the multiplicative inverse of 3 in Z_5:

1. Call extended_gcd(3, 5)
2. This returns (1, 2, -1), meaning 1 = 3(2) + 5(-1)
3. In Z_5, this is equivalent to 1 ≡ 3(2) (mod 5)
4. Therefore, 2 is the multiplicative inverse of 3 in Z_5

Indeed, we can verify that $3 \otimes 2 = 1$ in Z_5.

## Conclusion

Understanding modular arithmetic and its properties is crucial for many areas of cryptography, including the operations performed on elliptic curves over finite fields. The group Z_5 serves as a simple yet illustrative example of these concepts, demonstrating the key properties of closure, associativity, commutativity, identity elements, inverses, and distributivity that are fundamental to algebraic structures used in cryptographic systems.

### Elliptic Curves

### Bilinear Pairings

Bilinear pairings on elliptic curves have led to numerous new cryptographic protocols. A bilinear pairing is a map $e: G_1 \times G_2 \to G_T$, where $G_1, G_2, G_T$ are groups, satisfying:

1. Bilinearity: $e(a·x, b·y) = e(x,y)^{ab}$ for all $x \in G_1, y \in G_2, a,b \in \mathbb{Z}$
2. Non-degeneracy: If $e(x,y) = 1_T$ for all $y \in G_2$, then $x = 1_1$, and if $e(x,y) = 1_T$ for all $x \in G_1$, then $y = 1_2$
3. Computability: There exists an efficient algorithm to compute $e(x,y)$ for all $x \in G_1, y \in G_2$

## Glossary of Notation

| Notation | Meaning |
|--------|---------|
| $\{ \}$ | Set delimiters |
| $\varnothing$ | Empty set |
| $\in$ | Element of |
| $\notin$ | Not an element of |
| $\subset$ | Proper subset |
| $\subseteq$ | Subset or equal to |
| $\supset$ | Proper superset |
| $\supseteq$ | Superset or equal to |
| $\cup$ | Union |
| $\cap$ | Intersection |
| $\setminus$ | Set difference |
| $\overline{A}$ | Complement of set $A$ |
| $A^c$ | Complement of set $A$ (alternative notation) |
| $\mathcal{P}(A)$ | Power set of $A$ |
| $A \times B$ | Cartesian product of sets $A$ and $B$ |
| $|A|$ | Cardinality (size) of set $A$ |
| $\aleph_0$ | Cardinality of the natural numbers (countable infinity) |
| $\mathfrak{c}$ | Cardinality of the real numbers (continuum) |
| $\forall$ | For all |
| $\exists$ | There exists |
| $\exists!$ | There exists a unique |
| $:$ or $\mid$ | Such that |
| $\{ x \in A \mid P(x) \}$ | Set-builder notation: set of all $x$ in $A$ such that $P(x)$ is true |
| $[a,b]$ | Closed interval from $a$ to $b$ |
| $(a,b)$ | Open interval from $a$ to $b$ |
| $[a,b)$ or $(a,b]$ | Half-open intervals |
| $A \triangle B$ | Symmetric difference of sets $A$ and $B$ |
| $\bigsqcup$ | Disjoint union |
| $\bigcup_{i \in I} A_i$ | Union of a family of sets |
| $\bigcap_{i \in I} A_i$ | Intersection of a family of sets |
| $A^n$ | Cartesian product of $A$ with itself $n$ times |
| $f: A \to B$ | Function $f$ from set $A$ to set $B$ |
| $f(A)$ | Image of set $A$ under function $f$ |
| $f^{-1}(B)$ | Preimage of set $B$ under function $f$ |
| $\text{dom}(f)$ | Domain of function $f$ |
| $\text{cod}(f)$ | Codomain of function $f$ |
| $\text{range}(f)$ | Range of function $f$ |
| $\text{id}_A$ | Identity function on set $A$ |
| $f \circ g$ | Composition of functions $f$ and $g$ |
| $f|_A$ | Restriction of function $f$ to set $A$ |
| $f: A \twoheadrightarrow B$ | Surjective function from $A$ to $B$ |
| $f: A \hookrightarrow B$ | Injective function from $A$ to $B$ |
| $f: A \xrightarrow{\sim} B$ | Bijective function from $A$ to $B$ |
| $\mathbb{Z}$ | set of all integers |
| $\mathbb{Q}$ | set of all rational numbers |
| $\mathbb{R}$ | set of all real numbers |
| $\mathbb{C}$ | set of all complex numbers |
| $\Leftrightarrow$, iff | if and only if |
| $\mathbb{Z}^+, \mathbb{Q}^+, \mathbb{R}^+$ | sets of all positive integers, rational numbers, and real numbers, respectively |
| $a\mid b$ | $a$ divides $b$ |
| $*$ | binary operation |
| $\Delta$ | symmetric difference |
| $e$ | identity element of a group |
| $GL(2,\mathbb{R})$ | general linear group of degree 2 over $\mathbb{R}$ |
| $P(X)$ | set of subsets $X$ |
| $\mathbb{Z}_n$ | the set $\{0, 1, 2, \ldots, n-1\}$ |
| $a \equiv b \pmod{n}$ | the integers $a$ and $b$ are congruent modulo $n$ |
| $\oplus, \otimes$ | addition and multiplication modulo $n$ |
| $o(x)$ | order of the element $x$ |
| $\langle x \rangle$ | set of powers of the element $x$ |
| $\|G\|$ | order of the group $G$ |
| $V$ | Klein's 4-group |
| $Z(G)$ | center of the group $G$ |
| $GL(2,\mathbb{C})$ | general linear group of degree 2 over $\mathbb{C}$ |
| $Q_8$ | group of unit quaternions |
| $SL(2,\mathbb{R})$ | special linear group of degree 2 over $\mathbb{R}$ |
| $Z(g)$ | centralizer of the element $g$ |
| $G \times H$ | direct product of $G$ and $H$ |
| $f:S \to T$ | $f$ is a function from $S$ to $T$ |
| $f^{-1}$ | the inverse of the function $f$ |
| $g \circ f$ | composite function |
| $i_X$ | identity function on the set $X$ |
| $S_X$ | symmetric group on $X$ |
| $S_n$ | symmetric group of degree $n$ |
| $A_n$ | alternating group of degree $n$ |
| $D_4$ | group of symmetries of a square |
| $x \equiv_H y$ | means $xy^{-1} \in H$ |
| $x_H \equiv y$ | means $x^{-1}y \in H$ |
| $[G:H]$ | the index of $H$ in $G$ |
| $H \triangleleft G$ | $H$ is a normal subgroup of $G$ |
| $G/H$ | quotient group of $G$ by $H$ |
| $G \cong H$ | $G$ and $H$ are isomorphic |
| $\varphi^{-1}(J)$ | inverse image of $J$ under $\varphi$ |
| $\text{Aut}(G)$ | group of automorphisms of the group $G$ |
| $\rho$ | canonical homomorphism |
| $\ker(\varphi)$ | kernel of the homomorphism $\varphi$ |
| $N(H)$ | normalizer of the subgroup $H$ |
| $R \oplus S$ | direct sum of the rings $R$ and $S$ |
| $M_2(\mathbb{R})$ | ring of all $2 \times 2$ real matrices |
| $\mathbb{Z}[i]$ | ring of Gaussian integers |
| $\mathbb{H}$ | ring of quaternions |
| $R/I$ | quotient ring of $R$ by $I$ |
| $R[X]$ | polynomial ring over $R$ |
| $F(a)$ | field obtained by adjoining $a$ to the field $F$ |
| $\text{irr}(a/F)$ | irreducible polynomial of $a$ over $F$ |
| $\deg(a/F)$ | degree of $a$ over $F$ |
| $[E : F]$ | degree of the field $E$ over the field $F$ |
| $\mathbb{C}_c$ | field of constructible complex numbers |
| $\Gamma(E/F)$ | Galois group of $E$ over $F$ |
| $\Phi(H)$ | fixed field of the subgroup $H$ of $\Gamma(E/F)$ |
| $\Gamma(f(X)/F)$ | Galois group of $f(X)$ over $F$ |

Whew!