CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy Master 1

Wednesday, April 6nd

A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

FIRST PART :

What makes a good code ?

What makes a Good Code ?

.

A little Group Theory A good code ?

CODES

FIRST PART :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

What makes a Good Code ? SECOND PART :

A Little Group Theory.

A little Group Theory A good code ?

CODES

FIRST PART :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

What makes a Good Code ? SECOND PART :

A Little Group Theory. THIRD PART :

A Good Code ?

A little Group Theory A good code ?

First part :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

What makes a good code ?

CODES

Preliminary Remark :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

The techniques of digital communication have made familiar the idea that any piece of information can be transmitted in the form of a number.

A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Preliminary Remark :

What makes a good code ?

The techniques of digital communication have made familiar the idea that any piece of information can be transmitted in the form of a number. That is why, Written message, Photograph, Sound, etc . . .

      

can be associated to sets of numbers.

A little Group Theory A good code ?

CODES

From this point of view, cryptography consists in the following process :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

U ⊂ Z+

(The possible messages) T

V ⊂ Z+

↓

↑S

(The possible coded messages)

A little Group Theory A good code ?

CODES

From this point of view, cryptography consists in the following process :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

U ⊂ Z+

(The possible messages) T

V ⊂ Z+

↓

↑S

(The possible coded messages)

With : T : U −→ V : The encoding function S : V −→ U : The decoding function

A little Group Theory A good code ?

CODES

From this point of view, cryptography consists in the following process :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

U ⊂ Z+

(The possible messages) T

V ⊂ Z+

↓

↑S

(The possible coded messages)

With : T : U −→ V : The encoding function S : V −→ U : The decoding function Such that S ◦ T : U −→ U is the identity.

A little Group Theory A good code ?

CODES

Remark :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

In fact even this definition fails to cover all possibilities.

A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Remark :

What makes a good code ?

In fact even this definition fails to cover all possibilities.

A little Group Theory A good code ?

For example : We could suppose T multivalued, with the value T (u) being chosen at random from a set Q(u) ⊂ Q such that : ∀v ∈ Q(u), we have S(v ) = u.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Remark :

What makes a good code ?

In fact even this definition fails to cover all possibilities.

A little Group Theory A good code ?

For example : We could suppose T multivalued, with the value T (u) being chosen at random from a set Q(u) ⊂ Q such that : ∀v ∈ Q(u), we have S(v ) = u.

But we must start with simple conditions...

CODES

..., that is why we consider only the following simple example.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

..., that is why we consider only the following simple example.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Let us take :

A little Group Theory

U = V = {n : 0 ≤ n ≤ N − 1}

A good code ?

CODES

..., that is why we consider only the following simple example.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Let us take :

A little Group Theory

U = V = {n : 0 ≤ n ≤ N − 1} and define T : U −→ V

and S : V −→ U

A good code ?

CODES

..., that is why we consider only the following simple example.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Let us take :

A little Group Theory

U = V = {n : 0 ≤ n ≤ N − 1} and define T : U −→ V by the relations : 

and S : V −→ U

T (u) ≡ u + (M S(v ) ≡ v − (M

mod N) mod N)

A good code ?

Example : Ceasar’s method : ROT13. →We want to code some words, transmitted as sets of numbers.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

We consider the characters of the alphabet, associated with their position.

A good code ?

CODES

Example : Ceasar’s method : ROT13.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

→We want to code some words, transmitted as sets of numbers.

What makes a good code ? A little Group Theory

We consider the characters of the alphabet, associated with their position.

A good code ?

So we obtain : A 1 O 15

B 2 P 16

C 3

D 4 Q 17

E 5 R 18

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10 V 22

K 11 W 23

L 12 X 24

M 13 Y 25

N 14 Z 26

CODES

Example : Ceasar’s method : ROT13.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

→We want to code some words, transmitted as sets of numbers.

What makes a good code ? A little Group Theory

We consider the characters of the alphabet, associated with their position.

A good code ?

So we obtain : A 1 O 15

B 2 P 16

C 3

D 4 Q 17

E 5 R 18

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10 V 22

K 11 W 23

L 12 X 24

M 13 Y 25

N 14 Z 26

Here, without restriction, and in order to fully understand the process, we use the notation for xi ∈ {1, . . . , 26}, n ∈ N∗ :     T (x1 , x2 , . . . , xn ) := T (x1 ), . . . , T (xn ) .

CODES

A 1

B 2

C 3

D 4

E 5

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10

K 11

L 12

M 13

N 14

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

O 15

P 16

Q 17

R 18

V 22

W 23

X 24

Y 25

Z 26

A little Group Theory A good code ?

CODES

A 1

B 2

C 3

D 4

E 5

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10

K 11

L 12

M 13

N 14

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

O 15

P 16

Q 17

R 18

V 22

W 23

X 24

Y 25

Considering the link words-numbers, we have for example : asterix := (1, 19, 20, 5, 18, 9, 24)

Z 26

A little Group Theory A good code ?

CODES

A 1

B 2

C 3

D 4

E 5

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10

K 11

L 12

M 13

N 14

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

O 15

P 16

Q 17

R 18

V 22

W 23

X 24

Y 25

Considering the link words-numbers, we have for example : asterix := (1, 19, 20, 5, 18, 9, 24) Now, using the encoding function T : u 7−→ u + (13 (we have (N, M) = (26, 13))

mod 26)

Z 26

A little Group Theory A good code ?

CODES

A 1

B 2

C 3

D 4

E 5

F 6

G 7

H 8

S 19

T 20

U 21

I 9

J 10

K 11

L 12

M 13

N 14

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

O 15

P 16

Q 17

R 18

V 22

W 23

X 24

Y 25

Considering the link words-numbers, we have for example : asterix := (1, 19, 20, 5, 18, 9, 24) Now, using the encoding function T : u 7−→ u + (13

mod 26)

(we have (N, M) = (26, 13)) we obtain the coded message for ”asterix” :   T (asterix) := T (1, 19, 20, 5, 18, 9, 24) = (14, 6, 7, 18, 2, 22, 11) =: nfgrbvk

Z 26

A little Group Theory A good code ?

CODES

• We consider the problem faced by opponents who wish to decipher messages written using this code.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• We consider the problem faced by opponents who wish to decipher messages written using this code.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

In general, we assume that our opponents know or guess the method of coding that we use.

CODES

• We consider the problem faced by opponents who wish to decipher messages written using this code.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

In general, we assume that our opponents know or guess the method of coding that we use.

For the sake of illustration we may suppose that

CODES

• We consider the problem faced by opponents who wish to decipher messages written using this code.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

In general, we assume that our opponents know or guess the method of coding that we use.

For the sake of illustration we may suppose that their information includes the value of N.

CODES

• We consider the problem faced by opponents who wish to decipher messages written using this code.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

In general, we assume that our opponents know or guess the method of coding that we use.

For the sake of illustration we may suppose that their information includes the value of N. they don’t know the value of M (at least initially).

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Thus, if we choose M at random if we use the code only once

 What makes a good code ? A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Thus, if we choose M at random if we use the code only once

 it is unbreakable !

What makes a good code ? A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Thus, if we choose M at random if we use the code only once

 it is unbreakable !

What makes a good code ? A little Group Theory A good code ?

In fact : The trial decodes Sr (v ) ≡ v − (r mod N) allowing r to run from 0 to N − 1 give all possible messages without any indication of which to choose. (This is the principe of one time codes).

Example : ”One time code” The Romans (our opponents) intercept the coded message : nfgrbvk, and know our coding method.

Example : ”One time code” The Romans (our opponents) intercept the coded message : nfgrbvk, and know our coding method. With r ∈ {0, . . . , 25} the possible decoded messages of nfgrbvk are : (14,6,7,18,5,22,11) (16,8,9,20,7,24,13) (18,10,11,22,9,26,15) (20,12,13,24,11,2,17) (22,14,15,26,13,4,19) (24,16,17,2,15,6,21) (26,18,19,4,17,8,23) (2,20,21,6,19,10,25) (4,22,23,8,21,12,1) (6,24,25,10,23,14,3) (8,26,1,12,25,16,5) (10,2,3,14,1,18,7) (12,4,5,16,3,20,9)

nfgrbvk phitgxm rjkvizo tlmxkbq vnozmds xpqbofu zrsdqhw btufsjy dvwhula fxyjwnc hzalype jbcnarg ldepcti

(15,7,8,19,6,23,12) (17,9,10,21,8,25,14) (19,11,12,23,10,1,16) (21,13,14,25,12,3,18) (23,15,16,1,14,5,20) (25,17,18,3,16,7,22) (1,19,20,5,18,9,24) (3,21,22,7,20,11,26) (5,23,24,9,22,13,2) (7,25,26,11,24,15,4) (9,1,2,13,26,17,6) (11,3,4,15,2,19,8) (13,5,6,17,4,21,11)

oghscwl qijuhyn sklwjap umnylcr wopanet yqrcpgv asterix cuvgtkz ewxivmb gyzkxod iabmzqf kcdobsh mefqduk

• Suppose, however, that we use our code repeatedly to send messages u1 , ..., un

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Suppose, however, that we use our code repeatedly to send messages u1 , ..., un

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

and that our opponents have intercepted the corresponding messages T (u1 ) = v1 , ..., T (un ) = vn

A little Group Theory A good code ?

• Suppose, however, that we use our code repeatedly to send messages u1 , ..., un

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

and that our opponents have intercepted the corresponding messages T (u1 ) = v1 , ..., T (un ) = vn Suppose, further, that they know that u1 ∈ U1 , ..., un ∈ Un

A little Group Theory A good code ?

• Suppose, however, that we use our code repeatedly to send messages u1 , ..., un

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

and that our opponents have intercepted the corresponding messages T (u1 ) = v1 , ..., T (un ) = vn Suppose, further, that they know that u1 ∈ U1 , ..., un ∈ Un

Remark : Here, Uj may simply be the subset corresponding to English words.

A little Group Theory A good code ?

• Suppose, however, that we use our code repeatedly to send messages u1 , ..., un

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

and that our opponents have intercepted the corresponding messages T (u1 ) = v1 , ..., T (un ) = vn Suppose, further, that they know that u1 ∈ U1 , ..., un ∈ Un

Remark : Here, Uj may simply be the subset corresponding to English words. Or they may know that the elements of Uj contain certain proper names or set phrases.

A little Group Theory A good code ?

Historical example : During the Second World War the British attacked minor targets like navigation buoys just to elicit coded messages containing known sequences of words for their code breakers to work on.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Then, as they know all the Ui , our opponents may expect a situation in which, for all messages vj , only one value of 0 ≤ r < N will give trial decodes belonging to the good Uj .

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Then, as they know all the Ui , our opponents may expect a situation in which, for all messages vj , only one value of 0 ≤ r < N will give trial decodes belonging to the good Uj .

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

So they expect that :

A little Group Theory A good code ?

 ∃!r ∈ {0, . . . , N−1} such that, ∀j :

Sr (vj ) ≡ v − (r Sr (vj ) ∈ Uj

mod N)

• Then, as they know all the Ui , our opponents may expect a situation in which, for all messages vj , only one value of 0 ≤ r < N will give trial decodes belonging to the good Uj .

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

So they expect that :

A little Group Theory A good code ?

 ∃!r ∈ {0, . . . , N−1} such that, ∀j :

Sr (vj ) ≡ v − (r Sr (vj ) ∈ Uj

In this situation, they then know that S(v ) ≡ v − (r

mod N)

mod N)

• Then, as they know all the Ui , our opponents may expect a situation in which, for all messages vj , only one value of 0 ≤ r < N will give trial decodes belonging to the good Uj .

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

So they expect that :

A little Group Theory A good code ?

 ∃!r ∈ {0, . . . , N−1} such that, ∀j :

Sr (vj ) ≡ v − (r Sr (vj ) ∈ Uj

In this situation, they then know that S(v ) ≡ v − (r

and have cracked the code ! !

mod N)

mod N)

Example : We consider ,as previously, that the Romans have intercepted the message nfgrbvk, so they know all the possible messages : (14,6,7,18,5,22,11) (16,8,9,20,7,24,13) (18,10,11,22,9,26,15) (20,12,13,24,11,2,17) (22,14,15,26,13,4,19) (24,16,17,2,15,6,21) (26,18,19,4,17,8,23) (2,20,21,6,19,10,25) (4,22,23,8,21,12,1) (6,24,25,10,23,14,3) (8,26,1,12,25,16,5) (10,2,3,14,1,18,7) (12,4,5,16,3,20,9)

nfgrbvk phitgxm rjkvizo tlmxkbq vnozmds xpqbofu zrsdqhw btufsjy dvwhula fxyjwnc hzalype jbcnarg ldepcti

(15,7,8,19,6,23,12) (17,9,10,21,8,25,14) (19,11,12,23,10,1,16) (21,13,14,25,12,3,18) (23,15,16,1,14,5,20) (25,17,18,3,16,7,22) (1,19,20,5,18,9,24) (3,21,22,7,20,11,26) (5,23,24,9,22,13,2) (7,25,26,11,24,15,4) (9,1,2,13,26,17,6) (11,3,4,15,2,19,8) (13,5,6,17,4,21,11)

oghscwl qijuhyn sklwjap umnylcr wopanet yqrcpgv asterix cuvgtkz ewxivmb gyzkxod iabmzqf kcdobsh mefqduk

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Moreover, if they know that the decode message belongs to a particular subset, for example : < The message is one of the Irreducible Gauls’s name >

What makes a good code ? A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Moreover, if they know that the decode message belongs to a particular subset, for example : < The message is one of the Irreducible Gauls’s name >

Then, the only possibility is asterix,

What makes a good code ? A little Group Theory A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy

Moreover, if they know that the decode message belongs to a particular subset, for example : < The message is one of the Irreducible Gauls’s name >

Then, the only possibility is asterix,

so they have cracked our code ! !

What makes a good code ? A little Group Theory A good code ?

• More generally we consider the situation in which :

..................................................... ◦ We may have a familly Σ of pairs (T , S) of encoding and decoding functions. ◦ We select (T0 , S0 ) ∈ Σ.

..................................................... ◦ Our opponents know Σ.

◦ They don’t know (T0 , S0 ). ◦ They don’t know the ui !

◦ We use this system to send messages u1 , ..., un . ◦ u1 ∈ U1 , ..., un ∈ Un .

◦ They know U1 , ..., Un .

◦ T0 (ui ) = vi , ∀i.

◦ They know v1 = T0 (u1 ), ..., vn .

CODES

So the question is :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

What properties should have Σ to make life as hard as possible for our opponents and as easy as possible for ourselves ?

A little Group Theory A good code ?

• Note first that we wish to use our code.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Note first that we wish to use our code. We thus have our first criterion :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (1A)

A little Group Theory A good code ?

Coding and decoding must be quick.

• Note first that we wish to use our code. We thus have our first criterion :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (1A)

A little Group Theory A good code ?

Coding and decoding must be quick. • The speed of decoding depends on how it is done but nowadays we would expect to use a computer.

• Note first that we wish to use our code. We thus have our first criterion :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (1A)

A little Group Theory A good code ?

Coding and decoding must be quick. • The speed of decoding depends on how it is done but nowadays we would expect to use a computer. Our criterion can now be stated more precisely :

Criterion (1B) For each (T , S) ∈ Σ and each u ∈ U, v ∈ V the computation of T (u) must take no more than N1 operations and that of S(v ) no more than N2 operations.

• Note first that we wish to use our code. We thus have our first criterion :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (1A)

A little Group Theory A good code ?

Coding and decoding must be quick. • The speed of decoding depends on how it is done but nowadays we would expect to use a computer. Our criterion can now be stated more precisely :

Criterion (1B) For each (T , S) ∈ Σ and each u ∈ U, v ∈ V the computation of T (u) must take no more than N1 operations and that of S(v ) no more than N2 operations. The numbers N1 and N2 depend on the use of the code and the technology available.

• Let us turn to the problems facing our opponents.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Let us turn to the problems facing our opponents. Here the criterion is simple but vague :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (2A) It should be very hard indeed to find S even knowing Σ, U1 , ..., Un and v1 , ..., vn .

A little Group Theory A good code ?

• Let us turn to the problems facing our opponents. Here the criterion is simple but vague :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (2A) It should be very hard indeed to find S even knowing Σ, U1 , ..., Un and v1 , ..., vn . History shows that if n is large, the opponent will come into possession of a Uj which is very small, or, indeed, consists of one point.

A little Group Theory A good code ?

• Let us turn to the problems facing our opponents. Here the criterion is simple but vague :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (2A) It should be very hard indeed to find S even knowing Σ, U1 , ..., Un and v1 , ..., vn . History shows that if n is large, the opponent will come into possession of a Uj which is very small, or, indeed, consists of one point. Example : An ambassy may transmit a known newspaper article or political speech (small messages) using the code.

A little Group Theory A good code ?

• Knowing this, we consider Uj = {uj },

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Knowing this, we consider Uj = {uj }, we obtain :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (2B)

A little Group Theory A good code ?

It should be very hard indeed to find S even when n is large and u1 , ..., un ∈ U, Σ and T (u1 ) = v1 , ..., vn are known.

• Knowing this, we consider Uj = {uj }, we obtain :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ?

Criterion (2B)

A little Group Theory A good code ?

It should be very hard indeed to find S even when n is large and u1 , ..., un ∈ U, Σ and T (u1 ) = v1 , ..., vn are known. Remark : Notice that this criterion emphasises the futility of the coding method used as an example. Once u1 and v1 ≡ u1 + (M mod N) are known, the value of M is known and the code is broken.

• The use of machines to code and decode has led inevitably to the use of machines to break codes.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• The use of machines to code and decode has led inevitably to the use of machines to break codes. That is why criterion (2B) can be made more precise :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Criterion (2C) Even when n is large and Σ, u1 , ..., un ∈ U and T (u1 ) = v1 , ..., vn are known, the number of operations require to find S should be at least N3 .

A good code ?

• Condition (2C ) is strong but still not as precise as we would wish.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Condition (2C ) is strong but still not as precise as we would wish. For example, in some cases the choice of a particular u1 , ..., un may make the code easy to break.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• Condition (2C ) is strong but still not as precise as we would wish. For example, in some cases the choice of a particular u1 , ..., un may make the code easy to break. We can avoid this difficulty by strengthening the condition :

Criterion (2D) if Σ is known then, even given a chosen sequence u1 , ..., un ∈ U together with T (u1 ) = v1 , ..., vn , the number of operations required to find S should be at least N3 .

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• The problem of finding a good code is thus reduced to reconciling (1B) and (2D) :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• The problem of finding a good code is thus reduced to reconciling (1B) and (2D) :

Criterion (1B)

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

For each (T , S) ∈ Σ and each u ∈ U, v ∈ V the computation of T (u) must take no more than N1 operations and that of S(v ) no more than N2 operations.

Criterion (2D) if Σ is known then, even given a chosen sequence u1 , ..., un ∈ U together with T (u1 ) = v1 , ..., vn , the number of operations required to find S should be at least N3 . for N3 much larger than N1 or N2 .

A good code ?

• The problem is now precise but gives no indication of where, if anywhere, a solution might be found.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• The problem is now precise but gives no indication of where, if anywhere, a solution might be found. By making the problem still more difficult, W. Diffie and M.E. Hellman showed that the aera of search could be narrowed to manageable proportions.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

• The problem is now precise but gives no indication of where, if anywhere, a solution might be found. By making the problem still more difficult, W. Diffie and M.E. Hellman showed that the aera of search could be narrowed to manageable proportions. Specifically, they proposed replacing condition (2D) by a new one :

Criterion (2E) If Σ and T are known the number of operations required to find S should be at least N3

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• Remarks :

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• Remarks : Observe that (2E ) includes (2D) since our opponents can now compute v1 = T (u1 ), ... themselves starting from whatever u1 , ..., un they want.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• Remarks : Observe that (2E ) includes (2D) since our opponents can now compute v1 = T (u1 ), ... themselves starting from whatever u1 , ..., un they want. Notice also that we need no longer keep both S and T secret, but only S.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• Remarks : Observe that (2E ) includes (2D) since our opponents can now compute v1 = T (u1 ), ... themselves starting from whatever u1 , ..., un they want. Notice also that we need no longer keep both S and T secret, but only S. • Using this clue, Rivest, Shamir and Adleman proposed a system Σ of codes which would be good if the following plausible conjecture was true,

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

• Remarks : Observe that (2E ) includes (2D) since our opponents can now compute v1 = T (u1 ), ... themselves starting from whatever u1 , ..., un they want. Notice also that we need no longer keep both S and T secret, but only S. • Using this clue, Rivest, Shamir and Adleman proposed a system Σ of codes which would be good if the following plausible conjecture was true,

Conjecture (1.1) Let N(d) be the number of operations required to factorise an arbitrary integer of size about 2d . Then d −m N(d) −→ ∞ as d −→ ∞ for all m.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Second part :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

A little Group Theory.

CODES

Lemma (2.1) (i)

If a and n are coprime so are a + nm and n.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

Lemma (2.1) (i)

If a and n are coprime so are a + nm and n.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Lemma (2.2) (ii) (iii)

If [a1 ] = [a2 ] and [b1 ] = [b2 ] then [a1 b1 ] = [a2 b2 ]. If [a], [b] ∈ G than [ab] ∈ G .

A good code ?

CODES

Lemma (2.1) (i)

If a and n are coprime so are a + nm and n.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Lemma (2.2) (ii) (iii)

If [a1 ] = [a2 ] and [b1 ] = [b2 ] then [a1 b1 ] = [a2 b2 ]. If [a], [b] ∈ G than [ab] ∈ G .

Lemma (2.3) If [a], [b], [c] ∈ G then (iv ) (v ) (vi)

[a]([b][c]) = ([a][b])[c] (associative law) [a][b] = [b][a] (commutative law) [1][a] = [a] (existence of unit)

A good code ?

CODES

Lemma (2.1) (i)

If a and n are coprime so are a + nm and n.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Lemma (2.2) (ii) (iii)

If [a1 ] = [a2 ] and [b1 ] = [b2 ] then [a1 b1 ] = [a2 b2 ]. If [a], [b] ∈ G than [ab] ∈ G .

Lemma (2.3) If [a], [b], [c] ∈ G then (iv ) (v ) (vi)

[a]([b][c]) = ([a][b])[c] (associative law) [a][b] = [b][a] (commutative law) [1][a] = [a] (existence of unit)

Lemma (2.4) (vi)

If [a] ∈ G we can find [A] ∈ G such that [a][A] = [1]

A good code ?

CODES

Theorem (2.1) If [a] ∈ G then [a]φ(n) = [1]

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

Theorem (2.1) If [a] ∈ G then [a]φ(n) = [1]

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Theorem (2.2) If a and n are coprime then aφ(n) ≡ 1 mod n

A good code ?

CODES

Theorem (2.1) If [a] ∈ G then [a]φ(n) = [1]

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Theorem (2.2) If a and n are coprime then aφ(n) ≡ 1 mod n

Theorem (2.3) If p is prime and p does not divide a then ap−1 ≡ 1 mod p

A good code ?

CODES

Theorem (2.1) If [a] ∈ G then [a]φ(n) = [1]

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Theorem (2.2) If a and n are coprime then aφ(n) ≡ 1 mod n

Theorem (2.3) If p is prime and p does not divide a then ap−1 ≡ 1 mod p

Example (2.4) Let G be the group of units modulo 8. Then writing x = [3], y = [5] we have : G = e, x, y , xy with xy = yx, x 2 = y 2 = e. (i.e : G = C2 × C2 the Klein 4 group.)

A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Third part :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

A good code ?

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take :

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take : 2 very large primes p and q

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take : 2 very large primes p and q N = pq

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take : 2 very large primes p and q N = pq U = V = {u ∈ Z : 0 ≤ u ≤ N − 1, u coprime to N}

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take : 2 very large primes p and q N = pq U = V = {u ∈ Z : 0 ≤ u ≤ N − 1, u coprime to N} a coprime to (p − 1)(q − 1)

RSA : Rivest Shamir Adleman

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

We take : 2 very large primes p and q N = pq U = V = {u ∈ Z : 0 ≤ u ≤ N − 1, u coprime to N} a coprime to (p − 1)(q − 1) then we define the encoding function T : U −→ V by T (u) ≡ u a modN

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Lemma (3.1) If p and q are prime then φ(pq) = (p − 1)(q − 1).

(1) u t ≡ u mod N whenever t ≡ 1 mod (p − 1)(q − 1)

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

(1) u t ≡ u mod N whenever t ≡ 1 mod (p − 1)(q − 1) (2) ab ≡ 1 mod (p − 1)(q − 1)

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

(1) u t ≡ u mod N whenever t ≡ 1 mod (p − 1)(q − 1) (2) ab ≡ 1 mod (p − 1)(q − 1)

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

so defining S : V −→ U by S(v ) ≡ v b modN we have ST (u) ≡ u ab ≡ umodN

Criterion of easy coding and decoding :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Criterion (1B) For each (T , S) ∈ Σ and each u ∈ U, v ∈ V the computation of T (u) must take no more than N1 operations and that of S(v ) no more than N2 operations.

if N < 2d , then we can compute T (u) using no more than 2d − 2 multiplications modulo N.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

if N < 2d , then we can compute T (u) using no more than 2d − 2 multiplications modulo N.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

the number of elementary operations involved in each multiplication modulo N : → rise as d 2 if we use the obvious way, → rise as d log d log log d if we use the fast multiplication technique.

A good code ?

if N < 2d , then we can compute T (u) using no more than 2d − 2 multiplications modulo N.

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

the number of elementary operations involved in each multiplication modulo N : → rise as d 2 if we use the obvious way, → rise as d log d log log d if we use the fast multiplication technique.

So the total number of operations → rise as dd 2 = (log2 N)3 in the first case, → rise as (log2 N)2 log2 log2 Nlog2 log2 log2 N in the second case.

A good code ?

Criterion for being hard to crack :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Criterion (2E) If Σ and T are known the number of operations required to find S should be at least N3 .

Problem : Given N which is known to be the product of two large prime numbers and an integer a which is known to be coprime to φ(N), roughly how many operations are required to find a function S : V −→ U such that S(u a ) = u for all u ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Problem : Given N which is known to be the product of two large prime numbers and an integer a which is known to be coprime to φ(N), roughly how many operations are required to find a function S : V −→ U such that S(u a ) = u for all u ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

which can be restated :

Problem : Given N which is known to be the product of two large prime numbers and an integer a which is known to be coprime to φ(N), roughly how many operations are required to find an integer b such that u ab ≡ u mod N for all u ?

CODES

Conjecture (A) Provided N and a have no special features then knowledge of b will enable us to find the factors of N very rapidly.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

CODES

Conjecture (A) Provided N and a have no special features then knowledge of b will enable us to find the factors of N very rapidly.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Conjecture (B) Given N which is known to be the product of two large prime numbers and an integer a coprime to φ(N) the number of operations required to factor N is a function ψ(N) such that N −r ψ(N) → ∞ as N → ∞for all r.

CODES

Conjecture (A) Provided N and a have no special features then knowledge of b will enable us to find the factors of N very rapidly.

PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

Conjecture (B) Given N which is known to be the product of two large prime numbers and an integer a coprime to φ(N) the number of operations required to factor N is a function ψ(N) such that N −r ψ(N) → ∞ as N → ∞for all r.

Conjecture (C) Given N with no special features the number of operations required to factor N is a function ψ(N) such that N −r ψ(N) → ∞ as N → ∞for all r.

If A and B are true then :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Even if T is known the number of operations required to find S is very large.

A good code ?

If A and B are true then :

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory

Even if T is known the number of operations required to find S is very large.

Even if S is known the number of operations required to find T is very large.

A good code ?

CODES PERRIN Mathilde, COOBAR Mehdi, MOUGIN Davy What makes a good code ? A little Group Theory A good code ?

” A science is said to be useful if its development tends to accentuate the existing inequalities in the distribution of wealth, or more directly promotes the destruction of human life.”

wrote G.H. Hardy.