A quantum approach to the hidden subgroup problem using group representations and automorphisms
Size: px
Start display at page:

Download "A quantum approach to the hidden subgroup problem using group representations and automorphisms"

Transcription

1 A quantum approach to the hidden subgroup problem using group representations and automorphisms Casper Gyurik July 15, 2015 Bachelorthesis double bachelor Mathematics and Computer Science Supervisor: prof. dr. Buhrman and prof. dr. Opdam Korteweg-De Vries Institute for Mathematics Faculty of Sciences, Mathematics and Computer science University of Amsterdam

2 Abstract The hidden subgroup problem is a fundamental problem in quantum computation. It has many interesting instances for which we do not yet have an efficient classical algorithm and want to find or have found an efficient quantum algorithm. Examples of such instances are the discrete logarithm problem, prime factorization and the graph isomorphism problem. In this thesis we take a quantum computational approach to the hidden subgroup problem. We discuss an efficient algorithm for instances of the hidden subgroup problem in abelian groups stated in [4] and apply this algorithm to the discrete logarithm problem. There is no uniform algorithm for the non-abelian case yet. We discuss the approach taken by [4] which considers what happens when we apply the algorithm for the non-abelian case to the abelian case. By doing so, it turns out that we will be able to determine the part of the hidden subgroup that is invariant under conjugation, but we won t be able to efficiently solve the graph isomorphism problem. Although the nonabelian case of the hidden subgroup problem remains open, we will discuss the approach taken by [5] which shows that in extraspecial groups, a class of almost abelian groups, one can solve the hidden subgroup problem efficiently by exploiting clever automorphisms. Title: A quantum approach to the hidden subgroup problem using group representations and automorphisms Authors: Casper Gyurik, casper.gyurik@student.uva.nl, Supervisor: prof. dr. Buhrman and prof. dr. Opdam Date: July 15, 2015 Korteweg-De Vries Institute for Mathematics University of Amsterdam Science Park 904, 1098 XH Amsterdam 2

3 Contents 1. Introduction 5 2. The hidden subgroup problem Problem statement Instances of the hidden subgroup problem The discrete logarithm Graph isomorphisms of rigid graphs Quantum approach to the hidden subgroup problem A quantum experiment Probability distribution Constructing the normal core of the hidden subgroup Proof of correctness Application: the discrete logarithm problem Determining probability distribution Finding the discrete logarithm Diffie-Hellman key exchange Application: the Graph isomorphism problem for rigid graphs Distinguishing possible hidden subgroups The hidden subgroup problem in extraspecial groups Extra special groups Quantum hiding procedure Reduction to hiding HZ G The algorithm Conclusion Populaire Sammenvatting 38 Bibliografie 40 A. Representation Theory 41 A.1. Basic notions of representation theory A.1.1. Algebras

4 A.1.2. Representations A.1.3. Schur s lemma A.2. Representations of finite groups: Basic results A.2.1. Characters A.2.2. Orthogonality of characters A.2.3. Orthogonality of Matrix elements A.2.4. Orthogonality of the second kind A.3. Representations of finite groups: Further results A.3.1. Representations of products A.3.2. Induced and Restricted representations A.3.3. Frobenius Reciprocity and Mackey s irreduciblity criterion B. Quantum computing 47 B.1. Qubits B.1.1. Multiple Qubits B.2. Measuring a qubit system B.2.1. The measurement axiom B.3. Quantum algorithms for the hidden subgroup problem C. The Fourier transform 50 C.1. Example: The Fourier-transform over C N

5 1. Introduction The main goal of quantum computers is to efficiently solve problems thought to be intractable for classical computers. Many of these problems, such as prime factorization and the discrete logarithm, can be formulated in terms of the so called hidden subgroup problem. For this reason, the hidden subgroup problem is an extensively researched keystone problem in quantum computation. In the hidden subgroup problem we are given a function f on a group G that admits a symmetry. This function f is constant on left cosets of some subgroup H and differs on different left cosets of this subgroup H. Considering a function that has the same properties but for right cosets does not change anything. The goal is to determine where this symmetry lies, or in other words to determine H. The function f in the hidden subgroup problem contains enough information for us to uniquely determine the hidden subgroup H. Any subgroup H of G partitions G in left cosets. Likewise, our function f partitions G in level-sets. Using the given correspondence between level-sets and cosets we can uniquely determine H. We do not yet have a classical algorithm that efficiently solves the hidden subgroup problem. We say that an algorithm is efficient if it runs in an amount of operations polynomial in log G. On a quantum computer we have a firmer grip on the hidden subgroup problem, here it turns out that the difficulty of the problem depends heavily on how far the group G is removed from being abelian. In abelian groups we have an efficient algorithm that solves the hidden subgroup problem. This algorithm gives rise to an efficient algorithm for the discrete logarithm problem. Since the discrete logarithm is thought to be infeasible on classical computers, it is used as the foundation for some cryptosystems which would be broken with the comming of quantum computers. The algorithms throughout this thesis are build such that the run-time of the algorithm increases in G, whereas the probability of the output being incorrect decreases in G. This tradeoff works well for the problems we discuss since we can efficiently check if a solution is correct. If G is small then it is more likely that the output of the algorithm is incorrect. However in this case, the run-time of our algorithm is so small that it does not matter if we have to repeat it a couple of times. If G is large then the algorithm takes quite a while to run. In this case we would like the output to be correct as quickly as possible. This thesis will discuss [4] in which a natural generalization of the algorithm for abelian groups to a possible algorithm for non-abelian groups is researched. An instance of the hidden subgroup in a non-abelian group is the graph isomorphism problem. The graph isomorphism problem is an interesting problem from a computational complexity point of view. It is know that it is in NP but not if it is in P nor if it belongs to NP-complete. Unfortunately, the natural generalization from [4] as discussed in this thesis fails to 5

6 efficiently solve the graph isomorphism problem. The natural generalization we discuss entails taking the Fourier transform over a non-abelian group. Fourier transforms over non-abelian groups are defined in terms of the irreducible complex representations of the group. There is no general method for computing the Fourier transform over an arbitrary group. However, there are efficient quantum circuits for computing the Fourier transforms over some groups of interest, for example the symmetric group S n corresponding with the graph isomorphism problem. Therefore, the generalization we discuss will be restricted to groups which can be labeled using a reasonable amount of qubits and over which the Fourier transform can be computed efficiently. Although we do not have a uniform algorithm that efficiently solves the hidden subgroup problem in arbitrary non-abelian groups, there are classes of (almost abelian) groups in which we can efficiently solve the hidden subgroup problem. An example of such a class is the so-called extraspecial groups. The reason why we are able to solve the hidden subgroup problem in such classes of groups is that we can efficiently reduce it to an instance of the hidden subgroup problem in an abelian group as shown in [5]. 6

7 2. The hidden subgroup problem Many well-known quantum algorithms that acquire an exponential speedup over their fastest known classical counterpart are somehow based upon efficiently finding a symmetry. A general problem which defines a broad framework for finding these symmetries can be expressed in terms of group theory. This general problem we call the hidden subgroup problem Problem statement Formally we define the hidden subgroup problem as: Problem (The hidden subgroup problem). Let G be a finite group, S a set and f : G S an efficiently computable function for which there exists a subgroup H satisfying: 1. f is constant on the left cosets of H. 2. f is distinct on different left cosets of H. The hidden subgroup problem is to find this subgroup H. We will denote an instance of the hidden subgroup problem with group G and function f as: HSP(G, f). In this case we say that f hides the hidden subgroup H in G. The hidden subgroup problem HSP(G, f) is well-defined for an appropriate function f and a finite group G. By this we mean that we can always uniquely determine the hidden subgroup under the given conditions. One can see this as follows. A subgroup partitions a group in left cosets. All of such partitions stem from a unique subgroup. Now equivalently our function f also partitions our group in level-sets f 1 (g) where we know that each level-set corresponds uniquely to a left coset of the hidden subgroup. Because of this our function f contains enough information for us to uniquely determine the hidden subgroup. We want to efficiently solve the hidden subgroup problem. A solution to the hidden subgroup problem would be a method that allows us to efficiently sample elements from the hidden subgroup. What do we mean by efficient? Using the formulation of the hidden subgroup problem one can see that the hidden subgroup can written as: H = {g G f(g) = f(e)}, e is the unit element of G. A naïve (classical) algorithm to determine H would be to determine f(g) for all elements of the group and then check if f(g) = f(e). This would take an amount of 7

8 operations polynomial in G. Now since in some instances the size of the group grows exponential with the input, we say that an algorithm is efficient if it takes an amount of operations polynomial in log G. For any algorithm to be efficient we require f to be efficiently computable Instances of the hidden subgroup problem The hidden subgroup problem has instances in many fields of discrete mathematics. This section will give a brief introduction to two instances of the hidden subgroup problem to which we will apply the quantum computational methods from [4] in chapters 4 and The discrete logarithm The discrete logarithm is the finite-group analogue of the ordinary logarithm that we know from analysis. More formally: Definition 2.1. Let G = a be a cyclic group of order r and b G. The discrete logarithm s = log a b is the smallest integer solving the equation a s = b. Solutions to the equation a s = b are unique modulo r. Now because we limit ourselfs to the group generated by a we know that the equation a s = b must have a solution and thus that the discrete logarithm is well-defined. Using the above definition we can define the discrete logarithm problem. Problem (The discrete logarithm problem). Let G = a be a cyclic group of order r and b G. Find log a b. Note that in the definition of the discrete logarithm problem we require prior knowledge of the order of the element a. This requirement does not make the discrete logarithm problem quantum computationally harder, since there exists Shor s algorithm to efficiently find the order of a, see [1]. To formulate the discrete logarithm problem in terms of the hidden subgroup problem we consider the group C r C r (the direct product of two cyclic groups of order r), the set G (the finite group in which we want to solve the discrete logarithm problem) and the function f a,b : C r C r G defined by f a,b (g 1, g 2 ) = b g 1 a g 2. We note that f a,b admits a symmetry, namely for any g 1, g 2, l C r we have: f a,b (g 1 + l, g 2 ls) = b g 1+l a g 2 ls = a s(g 1+l)+g 2 ls = a sg 1+g 2 = b g 1 a g 2 = f a,b (g 1, g 2 ). In terms of the hidden subgroup we note that f a,b hides the hidden subgroup H given by: H = {(l, ls) l C r }. (2.1) To show that the discrete logarithm problem is reducible to HSP(C r C r, f a,b ), suppose we have an algorithm that efficiently solves HSP(C r C r, f a,b ). In other words we have an 8

9 algorithm that can efficiently determine the subgroup H given by 2.1. Now if we sample an element (l, ls) from our hidden subgroup such that l and r are coprime, then we can efficiently determine the multiplicative inverse l 1 modulo r using the extended Euclidean algorithm and thus solve the discrete logarithm problem by determining s = l 1 ls. The amount of times we have to sample elements of H in order for this to happen turns out to be polynomial in log G. This shows that given a solution to HSP(C r C r, f), we can efficiently solve the discrete logarithm problem. Proposition 2.2. If we sample 2 log G times from H we will observe, with high probability, an element (l, ls) such that l and r are coprime. Proof. Let φ(r) denote the Euler totient function, i.e. the number of integers smaller than r that are coprime with r. By Problem 4.1 in [1] we have that: φ(r) > r 2 log r. Using this we get that for any n < r the probability of n being coprime with r equals: P [gcd(n, r) = 1] = φ(r) r > 1 2 log r > 1 2 log G. Thus sampling 2 log G times will result in observing, with high probability, an element (l, ls) such that l and r are coprime Graph isomorphisms of rigid graphs A graph isomorphism is a map between the vertices of two graphs such that it preserves adjacency. More formally: Definition 2.3. Let G 1 = (V 1, E 1 ) and G 2 = (V 2, E 2 ) be two graphs. A map f : V 1 V 2 is called an isomorphism if it is a bijection that preserves adjacency, i.e. if (v, w) E 1 then (f(v), f(w)) E 2. Two graphs G 1 and G 2 are called isomorphic if there exists an isomorphism between them, we denote this with G 1 = G2. An example of two isomorphic graphs can be found in figure 2.1. Using this definition we state the graph isomorphism problem: Problem (The graph isomorphism problem). Let G 1 and G 2 be two graphs. Determine if G 1 and G 2 are isomorphic. The graph isomorphism problem is an interesting problem in the world of complexity theory. It is one of the few problems which is in NP but is not known to be in either P or NP-complete. What makes this so interesting is that if P NP then there exists problems which are of intermediate status. It is suspected that the graph isomorphism problem may very well be one of these intermediate problems. To formulate the graph isomorphism problem in terms of the hidden subgroup problem we have to introduce a group. 9

10 Figure 2.1.: Two isomorphic graphs Definition 2.4. Let G be a graph with n vertices. The automorphism group, Aut(G), is the group of all isomorphisms from G onto itself. It can be viewed as a subgroup of S n, the permutation group on n elements. We also need the definition of the disjoint union of two graphs. Definition 2.5. Let G 1 = (V 1, E 1 ) and G 2 = (V 2, E 2 ) be two graphs. The disjoint union G = G 1 G 2 is defined by G = (V 1 V 2, E 1 E 2 ). So, by taking the disjoint union of two graphs we place both graphs next to each other and consider it as one graphs. To link this automorphism group to the graph isomorphism problem we use a lemma from [7]. Lemma 2.6. Let G 1 = (V 1, E 1 ), G 2 = (V 2, E 2 ) be two connected graphs with n vertices, and let G = G 1 G 2 be their disjoint union. Then G 1 and G 2 are isomorphic if and only if there exist g 1 V 1, g 2 V 2 and σ Aut(G) such that σ(g 1 ) = g 2. Proof. = : Suppose G 1 and G 2 are isomorphic and let f be an isomorphism between G 1 and G 2. We can now define an element σ Aut(G) that satisfies the necessary property by: { σ(g) = f(g) if g E 1. f 1 (g) if g E 2 = : Suppose there exists an element σ Aut(G) such that there exist g 1 G 1 and g 2 G 2 with σ(g 1 ) = g 2. Under a graph isomorphism connected components are mapped to connected components. Since G 1 and G 2 are the only connected compontents of G we have that σ maps G 1 to G 2. By this we have that σ G1 is an isomorphism between G 1 and G 2. From now on we will only consider the graph isomorphism problem for rigid graphs. Definition 2.7. A graph G is called rigid if Aut(G) = {e}. In the case of rigid graphs lemma 2.6 reduces the following lemma as formulated in [4]. 10

11 Lemma 2.8. Let G = G 1 G 2, where G 1 and G 2 are disjoint, connected and rigid graphs and let n denote the number of vertices of G. Then 1. if G 1 = G2, then Aut(G) = {e}, and 2. if G 1 = G2, then Aut(G) = {e, σ}, where σ is a permutation consisting of n/2 disjoint 2-cycles. Proof. 1. Suppose G 1 = G2. Then by lemma 2.6 any element of Aut(G) must be of the form σ 1 σ 2, where σ 1 Aut(G 1 ) and σ 2 Aut(G 2 ). But since both G 1 and G 2 are rigid, Aut(G) = {e}. 2. Suppose G 1 = G2. Then by lemma 2.6 there must exist an element σ of Aut(G) that maps G 1 to G 2 and vice versa. We can view this element as an element of S n as follows: σ = v 1 V 1 (v 1, f(v 1 )), where f is an isomorphism between G 1 and G 2. Now suppose there exists another non-trivial element τ Aut(G). Because the automorphism groups of G 1 and G 2 are trivial, this τ must map G 1 to G 2 and vice versa. Now consider the product στ, it maps G 1 to G 1 and G 2 to G 2. Again since both automorphism groups are trivial we get that: στ = e τ = σ 1 = σ. Suppose we want to determine whether two graphs G 1 and G 2 are isomorphic. In terms of the hidden subgroup problem we consider the group S n, the set G of all graphs and the function f : S n G defined by f(σ) = σ(g), where G = G 1 G 2. We note that f admits a symmetry, namely for any σ Aut(G) and π S n : f(πσ) = π(σ(g)) = π(g) = f(π). In other words, f hides Aut(G) in S n. So if we could efficiently determine Aut(G) using an efficient solution to HSP(S n, f), we can determine whether G 1 and G 2 are isomorphic by applying lemma 2.8. This shows that the graph isomorphism problem for rigid graphs is reducible to HSP(S n, f), an instance of the hidden subgroup problem. 11

12 3. Quantum approach to the hidden subgroup problem In this chapter we will approach the hidden subgroup problem from a quantum computational perspective. We discuss the approach taken in [4]. This approach entails attempting to generalize the already existing efficient algorithm that solves the hidden subgroup problem in abelian groups. Throughout this chapter we will use quantum computing, representation theory and the Fourier transform. The neccessary preliminaries can be found in appendices A, B and C respectively A quantum experiment For the hidden subgroup problem in abelian groups there already exists an efficient quantum algorithm. This algorithm is based on a quantum experiment. We will discuss a generalization of this experiment as given in [4] and discuss its derived properties. Experiment 3.1 (Experiment for HSP(G, f)). 1. Prepare the state g G g, f(g). 2. Measure the second register, this will result in the state: h H ch, f(ch), where c is some element of G selected uniformly at random. 3. Discard the second register and compute the Fourier-transform of the state from step 2: ρ Irr(G) dim V ρ i,j ( ) dim V ρ ρ(ch) ρ, i, j. G H h H i,j 4. Measure the first register and observe an irreducible representation ρ. A quick thing to notice about this experiment is that in our final step we only measure the first register. This thesis discusses what information regarding the hidden subgroup we can obtain by doing so as in [4]. In section we will see that, by only measuring the first register, we are guaranteed that the outcome of the experiment is independent of the random c from step 2. This independence is key, repetitions of this experiment result in the same distribution over the irreducibles of the group. 12

13 Probability distribution We want to find out when experiment 3.1 gives enough information for us to efficiently determine the hidden subgroup. Our analysis of experiment 3.1 is based upon its (theoretical) distribution as derived in [4]. Theorem 3.1 (Distribution of the outcomes of experiment 3.1). For every subgroup H of G, the probability P H (ρ) of observing ρ in the experiment for the HSP, with hidden subgroup H, is given by: P H (ρ) = H G dim V ρ χ ρ χ triv H = H G dim V ρ χ Ind G H ρ triv χ ρ G We will now, using a couple of lemmas, prove theorem 3.1. The proofs we discuss are given by [4]. For any superposition, the probability of observing a state is the sum of the squares of the absolute values of its coefficients. In our case this leads to: ( ) dim(v ρ ) P H (ρ) = ρ(ch) 2 G H 0 i,j dim(v ρ) = dim(v ρ) G H = dim(v ρ) G H = dim(v ρ) G H 0 i,j dim(v ρ) h H ( ) ρ(ch) h H 2 ρ(ch) = dim(v 2 ρ) ρ(c)ρ(h) G H h H 2 h H 2 2 ρ(c) 2 2 ρ(h) = dim(v ρ) ρ(h) G H h H 2 ij ij 2 h H 2 2, (3.1) where we used that ρ(c) is unitary and A 2 is the natural norm given by: A 2 2 = tra A = i,j A i,j 2. Now to further simplify expression 3.1 we have the following lemma. Lemma 3.2. Let ρ Irr(G) and suppose it decomposes into irreducibles over H as: Res H ρ = σ 1 σ k, where σ i Irr(H). Then in an appropriate basis: h H σ 1(h) h H ρ(h) = σ 2(h) (3.2) h H 0 0 h H σ k(h) Proof. Since we evaluate ρ only on H, we may instead consider Res H ρ. Note that Res H ρ may not be irreducible over H. Now in an appropriate basis ρ(h) is comprised of block matrices, each corresponding to a σ i in the decomposition of Res H ρ. From this equation 3.2 follows. 13

14 Now that we have acquired a simplified expresion for P H in terms of h H ρ(h) and have written h H ρ(h) as a block-matrix we are ready to prove theorem 3.1. Proof of theorem 3.1. Suppose ρ decomposes into irreducibles over H as Res H ρ = σ 1 σ k. Equations 3.1 and 3.2 give us: P H (ρ) = dim(v ρ) G H = dim(v ρ) G H = dim(v ρ) G H 2 ρ(h) h H 2 k σ i (h) i=1 h H k H 2 χ σi χ triv 2 H i=1 = dim(v ρ) G H H 2 χ ρ χ triv H = H G dim(v ρ) χ ρ χ triv H, where the third equality follows from the orthogonality of matrix elements as in proposition A.17. Applying Frobenius reciprocity finishes the proof. A less cumbersome but more technical way to prove lemma 3.1 is to define P = 1 H h H ρ(h) End(V ρ), the orthogonal projector onto the space of H-invariants, and note that P is a self-adjoint idempotent operator. Applying this to 3.1 we get: P H (ρ) = dim(v ρ) G H ρ(h) h H = dim(v ρ) G H H P 2 2 = dim(v ρ) G H H 2 tr(p P ) = H G dim(v ρ)tr(p 2 ) = H G dim(v ρ)tr(p ) 2 2 = H G dim(v ρ) tr(ρ(h)) = H G dim(v ρ) χ ρ (h) h H h H = H G dim(v ρ) χ ρ χ triv H 2 2 How can we apply experiment 3.1 to efficiently solve the hidden subgroup problem? One could start by repeating the experiment a certain number of times to approximate its distribution. One could then compare this approximation with the (theoretical) distributions, as in theorem 3.1, for different hidden subgroups and decide which hidden subgroup fits best. Although this might work in some cases, it does not work in general. Corollary 3.3. Experiment 3.1 does not distinguish between conjugate subgroups. 14

15 Proof. Follows directly from the fact that χ ρ and χ ρtriv are class-functions. This corollary tells us that even if we got a perfect approxiomation of the distribution of experiment 3.1, we are not be able to distinguish between possible conjugate hidden subgroups. We are only able to possibly distinguish hidden subgroups that are not conjugate. A class of such hidden subgroups are hidden subgroups with different normal cores Constructing the normal core of the hidden subgroup Since our experiment 3.1 does not distinguish between conjugate subgroups, see 3.3, one could only hope to be able to determine the part of the subgroup that is invariant under conjugation. We call this part of the subgroup its normal core and in this section we discuss an algorithm from [4] that determines the normal core of the hidden subgroup using O(log G ) queries of experiment 3.1. We assume that we can efficiently compute the intersection of a O(log G ) sized family of kernels. Definition 3.4. Let H be a subgroup of G. The normal core H G of H in G is the largest subgroup of H that is normal in G. The normal core is well-defined. Suppose there are two different largest subgroups of H that are normal in G, say N 1 and N 2. Then their product N = N 1 N 2 is a subgroup of H that is normal in G and contains both N 1 and N 2. In this section we will discuss the following algorithm from [4] and prove that it constructs the normal core of any hidden subgroup using O(log G ) queries of experiment 3.1. The proofs discussed in this section are given by [4]. Algorithm 3.1 (Algorithm that outputs the normal core H G of the hidden subgroup H). 1. For i = 1,..., s = 4 log 2 G, run experiment 3.1 and observe an irreducible representation σ i Irr(G). 2. Let N i = i j=1 ker(σ j ). 3. Output N = N s. When H is normal in G, H G = H, so that this algorithm would determine the H with high probability. Also note that in an abelian group any subgroup is normal. 15

16 Proof of correctness We will discuss the proofs from [4] which shows that the procedure in algorithm 3.1 converges, with high probability, to the normal core of the hidden subgroup. Theorem 3.5. Algorithm 3.1 returns H G with probability at least 1 2e log 2 G /8 We reduce the proof of theorem 3.5 to two lemmas. The proofs of these two lemmas are mainly based upon the principle of induced representations. For background on the theory used we refer to appendix A. Lemma 3.6. If the irreducible representation ρ can be sampled by experiment 3.1 (i.e. it has non-zero probability), then H G ker(ρ). Proof. We begin with a recollection of the induced representation Ind G Hρ triv. Let ρ be a representation of a subgroup H of G. Formally the induced representation of ρ is defined as the representation over the vector space: Ind G HV ρ = {f : G V ρ : f(hx) = ρ(h)f(x), x G, h H}, with the action: ρ(g)(f)(x) = f(xg), g G. In example A.23 we saw that, in the case of ρ being the trivial representation, the induced representation Ind G Hρ triv can also be defined as some sort of coset-permutation representation. Namely, let G/H = {g 1,..., g k } be a full system of representatives for the left-cosets of H. Then the induced representation Ind G Hρ triv can be defined as the complex vector-space with basis: {[g 1 H],..., [g k H]}, with the action: Ind G Hρ triv (x)([gh]) = [xgh]. Using this description of Ind G Hρ triv, we can derive an identity that links the normal core of the hidden subgroup to representations of G: ker(ind G Hρ triv ) = H G (3.3) First we prove the forward inclusion ker(ind G Hρ triv ) H G. Suppose x ker(ind G Hρ triv ), i.e. ker(ind G Hρ triv )(x) equals the identity map. This means that for any g G: Ind G Hρ triv (x)([gh]) = [xgh] = [gh]. In other words, xgh = gh for all g G. In particular, for g = e, we have xh = H, which implies that x H. So, ker(ind G Hρ triv ) H. Now since the kernel of a representation is normal we must have that ker(ind G Hρ triv ) H G. For the reverse inclusion H G ker(ind G Hρ triv ), suppose x H G. Since H G is normal we have that for any g G there is some x H G such that xg = x g. Now consider the map Ind G Hρ triv (x) : gh xgh = gx H = gh. So Ind G Hρ triv (x) equals the identity map which implies that x ker(ind G Hρ triv ) and so H G ker(ind G Hρ triv ). 16

17 Suppose ρ has a non-zero probability of being measured in experiment 3.1. We then have: χ Ind G H ρ triv χ ρ G 0. In other words, ρ is contained in the decomposition of Ind G Hρ triv. Together with 3.3 this implies that: H G = ker(ind G Hρ triv ) ker(ρ). Now that we have established that the normal core is included in the σ i s we want to know if, by taking the intersection, N s indeed converges to H G using only O(log G ) queries of experiment 3.1. Lemma 3.7. For any subgroup H of G, if N i H, then: P[N i+1 = N i ] 1 2. Proof. Suppose we obtain N i+1 by observing σ from experiment 3.1, i.e. N i+1 = N i ker(σ). Then we have: N i = N i+1 N i ker(σ). This shows that the probability that N i+1 equals N i is the same as the probability that N i is contained in the kernel of σ. Let P H denote the distribution of experiment 3.1 when H is the hidden subgroup. We now have: P[N i+1 = N i ] = P[N i ker(σ)] = P H (ρ) ρ Irr(G), N i ker(ρ) = H G ρ Irr(G), N i ker(ρ) dim(v ρ ) χ ρ χ ρtriv H. (3.4) To simplify this expression we decompose Ind G Nρ triv = ρ Irr(G) n ρρ. Suppose N ker(ρ). By lemma 3.6: N = N G = ker(ind G Nρ triv ) ker(ρ), which implies that n ρ = 0. Now suppose that N ker(ρ). By Frobenius reciprocity: n ρ = χ Ind G N ρ triv χ ρ G = χ ρtriv χ ρ N = 1 χ ρ (n) = 1 Tr(I) N N = 1 N n N n N dim(v ρ ) = dim(v ρ ). n N 17

18 This results in the decomposition: Ind G Nρ triv = ρ Irr(G), N ker(ρ) We already know that, by Frobenius reciprocity: Ind G Hρ triv = ρ χ Ind G H ρ triv χ ρ G = ρ Irr(G) dim(v ρ )ρ (3.5) ρ Irr(G) ρ χ ρ χ ρtriv H (3.6) To get back to expression 3.4 we combine 3.5 and 3.6 to get: χ Ind G H ρ triv χ Ind G N ρ triv G = χ ρ χ ρtriv H χ ρ ρ Irr(G) = ρ Irr(G) N ker(ρ) = ρ Irr(G) N i ker(ρ) ρ Irr(G) N ker(ρ) dim(v ρ ) χ ρ χ ρtriv H χ ρ χ ρ G dim(v ρ ) χ ρ χ ρtriv H dim(v ρ )χ ρ G So to further simplify equation 3.4 we want to find an alternate way of writing χ Ind G H ρ triv χ Ind G N ρ triv G. Applying Frobenius reciprocity and decomposing the restricted induction, see section A.3.3, we get: χ Ind G H ρ triv χ Ind G N ρ triv G = χ ρtriv χ Res G H Ind G N ρ triv H = χ ρtriv χ Ind H Ng ρ triv H, (3.7) g H\G/N where N g = H gng 1 = H N, and g runs through a full system of representatives for the double cosets H\G/N. If we again apply Frobenius reciprocity, now to the right-hand side of equation 3.7, we get: χ Ind G H ρ triv χ Ind G N ρ triv G = χ ρtriv χ Ind H Ng ρ triv H g H\G/N = g H\G/N χ ρtriv χ ρtriv Ng = H\G/N (3.8) Since N is normal in G we have that for any double coset: HgN = HNg. So a system of representatives of the double cosets H\G/N equals a system of representatives for the right-cosets of the subgroup HN. Applying this to equation 3.8 we get: χ Ind G H ρ triv χ Ind G N ρ triv G = H\G/N = G/HN = G HN. (3.9) 18

19 Now to finalize the proof we implement 3.9 into 3.4 to get: if N H. P[N i+1 = N i ] = H G χ Ind G H ρ χ triv Ind G N ρ triv G = H G G HN = H HN 1 2, Using lemma 3.6 and 3.7 we can rephrase the current situation as follows. Each time we run experiment 3.1, when we have yet to find the normal core, we toss a (biased) coin and when this coin lands head our N i converges closer to H G. In fact, this new N i+1 must be of order smaller than half the order of N i. A simple group-theoretical fact tells us how many times our coin has to land heads-up. Proposition 3.8. Any chain of subgroups H 1 H 2 H k of a group G can be no longer than log 2 G, i.e. k log 2 G. Proof. Suppose k > log 2 G. For any i {1,..., k} we have that H i Hi+1 which implies that H i+1 2 H i. If we extend this inductively we get: H k 2 k H 1 > G H 1 G. This contradicts that H k is a subgroup of G. Using proposition 3.8 our goal is to prove that if we repeat experiment 3.1 s = 4 log 2 G times we have that, with high probability, the coin we tossed has landed heads up at least log 2 G times. To help us prove this we need a special case of the so-called Azuma s inequality: Proposition 3.9 (Special case of Azuma s inequality). Let X 1,... X k be random variables that take values in {0, 1} such that P [X i = 0 X 1,... X i 1 ] 1 2 then: P [ k X i λ] 2e λ2 /2k. i=1 After all this preperation we are now ready to prove theorem 3.5. Proof of theorem 3.5. Let σ 1,..., σ k be irreducible representations observed from experiment 3.1 with k = 4 log 2 G. Let N i be as in algorithm 3.1 and define the indicator random variables X 1,... X k as: { 1 if N i H or N i+1 N i, X i = 0 otherwise. For these indicator random variables we note that lemma 3.7 implies that: P [X i = 0 X 1,... X i 1 ]

20 Now by the special case of Azuma s inequality 3.9 with λ = log 2 G we have that: P [ k X i log 2 G ] 2e log 2 G /8. i=1 So with probability at least 1 2e log 2 G /8 we have that at least log 2 G of the indicator random variables X i equal 1. Now since a chain of subgroups of a group G can never be longer than log 2 G, by proposition 3.8, we have that N k H. Since N k is normal in G we have that N k H G. Together with lemma 3.6 we have that N k = H G. 20

21 4. Application: the discrete logarithm problem In this section we apply the theory developed in chapter 3 to the discrete logarithm problem. Recall the discrete logarithm problem. Problem (The discrete logarithm problem). Let G = a be a cyclic group of order r and b G. Find the smallest s N that solves the equation: a s = b. In section we have seen that the discrete logarithm problem reduces to HSP(C r C r, f), an instance of the hidden subgroup problem, where the function f is defined by f(x 1, x 2 ) = b x 1 a x 2 and we have the hidden subgroup: H = {(l, ls) l C r }. In order to make experiment 3.1 more explicit we first have to determine the irreducibles of C r C r. Proposition 4.1. The irreducibles of C r C r are given by: Irr(C r C r ) = {ρ j,k (x, y) = e 2πi(jx+ky)/r j, k = 0,..., r 1}. Proof. In section C.1 we have shown that the irreducibles of a cyclic group are: Irr(C r ) = {ρ j (x) = e 2πijx/r j = 0,..., r 1}. Furthermore, we have seen in section A.3.1 that the irreducibles of a direct product of groups are the tensor products of the irreducibles of the respective groups. In our case this implies: Irr(C r C r ) = {ρ σ ρ, σ Irr(C r )} = {ρ j,k (x, y) = e 2πi(jx+ky)/r j, k = 0,..., r 1}. Using proposition 4.1 we rewrite experiment 3.1 into a more explicit form for our instance of the hidden subgroup problem. Instead of writing ρ j,k we write (j, k), since we are only interested in the label of the representation. 21

22 Experiment 4.1 (Experiment for the HSP(C r C r, f)). 1. Prepare the state g G g, f(g). 2. Measure the second register, this will result in the state: h H ch, f(ch), where c is some element of G selected uniformly at random. 3. Discard the second register and compute the Fourier-transform of the state from step 2: 1 e 2πi(j ks)cl/r (j, k). (j,k) C r C r r 3 (l, ls) H 4. Measure the register and observe the label (j, k) of an irreducible representation Determining probability distribution Now to solve the current instance of the hidden subgroup problem we want to run experiment 4.1 in an attempt to get information regarding the hidden subgroup. The possible outcomes of experiment 4.1 are distributed as follows. Proposition 4.2. Let P H be the distribution of experiment 4.1 where H is the hidden subgroup, then: P H ( (j, k) ) = { 1 r if j ks(mod r), 0 otherwise. Proof. Theorem 3.1 gives us two ways to compute the distribution of experiment 4.1. First we will explicitly compute the distribution using the restricted representation. H P H ( (j, k) ) = C r C r χ ρ j,k χ ρtriv H ( ) = 1 1 χ ρj,k (h) r H h H = 1 χ r 2 ρj,k (l, ls) l C r = 1 e 2πi(jl kls)/r r 2 l C r = 1 r 2 l C r e 2πil(j ks)/r = { 1 r if j ks(mod r), 0 otherwise. 22

23 Another way to compute the distribution is by determining the character of the induced trivial representation. Consider the system of representatives for the right cosets of H given by: G/H = {(0, k) k C r }. The induced representation Ind G Hρ triv is given by the complex vector space with basis {[(0, k) + H] k C r } upon which we have the action: Ind G Hρ triv ((x, y)) : [(0, k) + H] [(x, y + k) + H] = [(0, y + xs + k) + H]. (4.1) Since Ind G Hρ triv is a permutation representation its character equals the number of its fixed points. If we look at 4.1 we see that any left coset [(0, k) + H] is a fixed points of (x, y) C r if and only if y xs(mod )r. This implies: { r if y xs(mod r), χ Ind G H ρ triv (x, y) = 0 otherwise. If we apply this to theorem 3.1 we get: P H ( (j, k) ) = H G χ Ind G H ρ χ triv ρ G ( ) = 1 1 χ r C r C r Ind G H ρ triv (g)χ ρj,k (g) g C r C r = 1 r 3 = 1 r 2 l C r rχ ρj,k (l, ls) = 1 r 2 l C r e 2πil(j ks)/r = { 1 r l C r e 2πi(jl kls)/r if j ks(mod r), 0 otherwise Finding the discrete logarithm Proposition 4.2 tells us that the outcome of experiment 4.1 is uniformly distributed over the set {(ks, k) k C r }. How can we use this to find the discrete logarithm s? Algorithm 4.1 (Algorithm to find the discrete logarithm). 1. Run experiment 4.1 and measure (k, ks), where k C r. 2. Use the Euclidean algorithm to check if gcd(k, r) = 1. a) If not: go back to step 1. 23

24 b) Else: apply the extended Euclidean algorithm to determine the multiplicative inverse k 1 modulo r and go to step Return s k 1 ks(mod r). Proposition 4.3. Algorithm 4.1 returns, with high probability, the discrete logarithm s using O(log r) runs of experiment 4.1. Proof. The amount of times algorithm 4.1 has to run experiment 4.1 fully depends on the probability that the measured k is coprime with r. Proposition 2.2 shows that the probability that a uniform random k smaller than r is comprime with r is given by: P[gcd(k, r) = 1] = φ(r) r 1 2 log r. Using the above expression and some elementary probability theory we conclude that, with high probability, running experiment log G times would result in a k that is coprime with r and would thus result in algorithm 4.1 returning the discrete logarithm Diffie-Hellman key exchange Since the discrete logarithm problem is considered unfeasible on classical computers, some cryptography schemes are based upon its hardness. In symmetric-key crypthography two parties exhanges message which are encrypted and decrypted using a secret shared key. A problem that comes with this is the exchange of the shared key. How can we make sure we securely exchange this shared-key? In 1976 Whitfield Diffie and Martin Hellman published a scheme to securely exchange a shared-key to be used in symmetrickey cryptosystems which is based upon the hardness of the discrete logarithm. Scheme 4.1 (Diffie-Hellman key exchange). Suppose Alice and Bob want to securely exchange a shared-key. To do so they take the following steps: 1. They agree upon and publish a (large) prime number p and a primitive root modulo p say g. 2. Alice, in secret, chooses a random 0 a p 1 and Bob, also in secret, chooses a random 0 b p Alice publishes A = g a (mod) p and Bob publishes B = g b (mod) p. 4. Alice computes k = B a (mod) p and Bob computes k = A b (mod) p. After this scheme Alice and Bob share a key k = g ab. Suppose Eve wants to try and find out this key k. The only information Eve has is the information that has been published: p, g, A and B. For Eve to find k she could solve the equations: A = g a for 24

25 a and B = g b for b. This would require Eve to have an efficient solution to the discrete logarithm problem. Since there is no known efficient solution to the discrete logarithm problem on classical computers, the Diffie-Hellman key exchange is considered safe. However, algorithm 4.1 shows that there exists an efficient quantum algorithm to solve the discrete logarithm problem. The Diffie-Hellman key-exchange does not remain safe with the coming of quantum computers. 25

26 5. Application: the Graph isomorphism problem for rigid graphs Section shows that the graph isomorphism problem for rigid graphs with n vertices reduces to HSP(S 2n, f). In this chapter we will apply the theory from chapter 3 to this instance of the hidden subgroup problem. We will discuss a section of [4] which shows that by only using experiment 3.1 we will not be able to decide whether two graphs are isomorphic or not Distinguishing possible hidden subgroups In the reduction of the graph isomorphism problem for rigid graphs of n vertices to HSP(S 2n, f) we proved the following lemma. Lemma 5.1. Let G = G 1 G 2, where G 1 and G 2 are disjoint, connected and rigid graphs and let n denote the number of vertices of G. Then 1. if G 1 = G2, then Aut(G) = {e}, and 2. if G 1 = G2, then Aut(G) = {e, σ}, where σ S n is a permutation of n/2 disjoint 2-cycles. In order to decide whether two rigid graphs are isomorphic we run experiment 3.1 and decide which hidden subgroup matches the distribution best. However, unfortunately we are unable to do so. Theorem 5.2. Let G 1 and G 2 be two connected and rigid graphs with n vertices. Let P Hnot (ρ) be the probability of sampling ρ in experiment 3.1 when G 1 = G2, and let P Hiso (ρ) be the same probability when G 1 = G2. Then P Hnot P Hiso 1 2 Ω(n). Proof. By lemma 5.1, when G 1 = G2 we have H not = {e}. Now by theorem 3.1: P Hnot (ρ) = {e} S n dim(v ρ) χ ρ χ ρtriv H = 1 n! dim(v ρ)χ ρ (e) = (dim(v ρ)) 2. (5.1) n! Again by lemma 5.1, when G 1 = G2 we have H iso = {e, σ}, where σ is the product of n/2 disjoint 2-cycles. By theorem 3.1: P Hiso (ρ) = {e, σ} S n dim(v ρ ) χ ρ χ ρtriv H = dim(v ρ) (dim(v ρ ) + χ ρ (σ)). (5.2) n! 26

27 Combining equation 5.1 and 5.2 we get: P I P N 1 = P I (ρ) P N (ρ) = 1 dim(v ρ ) χ ρ (σ) (5.3) n! ρ ρ 1 dim(v ρ ) n! 2 χ ρ (σ) 2 (5.4) ρ ρ = 1 n! χ ρ (σ) n! 2 (5.5) = 1 n! ρ ρ χ ρ (σ) 2, (5.6) where, to get from 5.3 to 5.4 we applied the Cauchy-Schwarz inequality and to get from 5.4 to 5.5 we applied the sum of the squares rule. The sum of squares rule states that G = ρ Irr(G) (dim(v ρ)) 2, and follows directly from Maschke s theorem as in appendix C. We want to apply the orthogonality of the second kind of the characters. Orthogonality G C(σ) of the second kind states that ρ χ ρ(σ) 2 =, where C(σ) denotes the conjugacy class of σ. A brief description and proof can be found in section A.2.4. To apply this we need to compute the size of the conjugacy class of σ. We know from elementary group-theory that the conjugacy class of σ consists of all permutations of the same cycle type as σ. To compute the size of the conjugacy class we have the formula C(σ) = n! Π m m im i m!, where i m denotes the amount of times m occurs in the cycle type of σ. In our case we have that σ consists of n/2 cycles of length 2. So we have that: n! C(σ) = 2 ( ). (5.7) n/2 n 2! We implement orthogonality of the second kind into equation 5.6 to get: P I P N 1 1 χ ρ (σ) 2 = 1 n! (5.8) n! ρ n! C(σ) = 1 ( n ) 2 ( ) n/2 n 2 (n/2) 2!! = 2 Ω(n), (5.9) n! 2 n! Theorem 5.2 shows that the probability distributions of experiment 3.1 are nearly equal for the cases G 1 = G2 and G 1 = G2. One can compare this with being handed weighted die with weights so close to each other that we would be unable to tell them apart. This shows that experiment 3.1 will fail to determine wether or not G 1 and G 2 are isomorphic. 27

28 6. The hidden subgroup problem in extraspecial groups In chapter 3 we discussed a section of [4] which derives an algorithm that efficiently solves the hidden subgroup problem in abelian groups. Although we saw in chapter 5 that this algorithm does not work to efficiently solve the hidden subgroup problem in non-abelian groups, there are still classes of non-abelian group in which we can efficiently solve the hidden subgroup problem. An example of such a class of groups are the socalled extraspecial groups. This chapter will discuss [5], which shows that we can reduce an instance of the hidden subgroup problem in extraspecial groups to an instance of the hidden subgroup problem in an abelian group Extra special groups To formally define extraspecial groups we need to define certain subgroups. Definition 6.1. Let G be a group. We have the following subgroups of G, i) The center of G, defined as Z G = {g G gh = hg, h G}. ii) The commutator subgroup of G, defined as [G, G] = {xyx 1 y 1 x, y G}. iii) The Frattini subgroup Φ(G), the intersection of all maximal subgroups. A subgroup H G is called maximal if there does not exist a subgroup F such that H F G. All of the subgroups in definition 6.1 are connected with how abelian G is. For example, the commutator subgroup is the smallest normal subgroup such that the quotient group of the original group by this subgroup is abelian. In other words, G/N is abelian if and only if N contains the commutator subgroup. One could measure how abelian a group is by saying: the larger the commutator subgroup is, the less abelian the group is. Definition 6.2. Let p be a prime number. i) A p-group is a group of order p n, for some n N. ii) A p-group G is special if: Φ(G) = Z G = [G, G]. iii) A special p-group G is extraspecial if its center Z G is cyclic. 28

29 Although definition 6.2 might seem cumbersome, the characterization of all extraspecial groups is quite comprehensible. If G is an extraspecial p-group then G = p 2k+1 for some integer k. We begin by characterizing the smallest non-abelian extraspecial groups, the ones of order p 3. It turns out that we can construct any non-abelian extraspecial group using only these smallest non-abelian extraspecial groups. For p = 2, we have, up to isomorphism two extraspecial 2-groups of order 8. These are the quaternion group Q, and the dihedral group D 4. For p > 2, up to isomorphism, we have again two extraspecial p-groups of order p 3. The first one is the Heisenberg group H p, consisting of upper triangulair 3 3 matrices over F p with 1 s on the diagonal. The other one is A p, the group of maps t at + b from Z/p 2 Z to Z/p 2 Z, where a 1(mod p) and b Z/p 2 Z. Using the above extraspecial p-groups of order p 2, we can obtain any extraspecial p-group of order p 2k+1 using a construction called the central product. Definition 6.3. Let G 1,..., G k be extraspecial p-groups of order p 3 then their central product G 1 Z... Z G k is the factor group G 1 G k (mod)z, where z is an arbitrary generator of Z Gi for i = 1,... k. Note that the definition of the central product does not depend on the choice of z, because all centers of extraspecial p-groups are isomorphic and of order p such that any element z is a generator of these isomorphic centers. It turns out that any extraspecial p-groups of order p 2k+1 can be obtained as the central product of k extraspecial p-groups of order p 3. With some algebra we can show that D 4 Z D 4 = Q Z Q. Because of this, up to isomorphism, the unique extraspecial 2- groups of order 2 2k+1 k k 1 are Z i=1 D 4 and ( Z i=1 D 4) Z Q. When p > 2, we can show that H p Z A p = Ap Z A p. Therefore, up to isomorphism the unique extraspecial p-groups of order p 2k+1 k k are Z i=1 H p and ( Z i=1 H P ) Z A p. We summarize the characterization of extraspecial p-groups in table 6.1. p = 2 p > 2 G k k 1 = Z i=1 D 4 or ( Z i=1 D 4) Z Q G k k = Z i=1 H p or ( Z i=1 H P ) Z A p Table 6.1.: Characterization of extraspecial p-groups of order p 2k+1 Another way of describing extraspecial p-groups is by giving a set of generators and defining relations. For the extraspecial p-groups of order p 3 we will take three generators x, y and z, where z generates the center of the group, for which we have the following defining relations: Q = x 2 = x 2 = [x, y] = z, z 2 = 1, D 4 = x 2 = y 2 = z 2, [x, y] = z, [x, z] = [y, z] = 1, H p = x p = y p = z p = 1, [x, y] = z, [x, z] = [y, z] = 1, A p = x p2 = y p = 1, [x, y] = z = x p, [y, z] = 1. 29

30 Using these defining relations, it follows that any element in an extraspecial group of order p 3 has a unique representation of the form x i y j z k where i, j, k C p. Using the central-product construction, it follows that any extraspecial p-group of order p 2k+1 can be generated by 2k + 1 elements x 1, y 1,..., x k, y k, z, where any element of the group has a unique representation of the form x i 1 1 y j x i k k y j k k z l, with i 1, j 1,..., j k, i k, l C p Quantum hiding procedure In the standard algorithm from [4], as discussed in chapter 3, we required the existence of a black box to prepare the state 1 G g G g f(g), where f was the function hiding the hidden subgroup. The existence of this black box is essential, we needed it to create the superposition over a left coset of the hidden subgroup. In [5] instead of considering a black box, they consider so-called hiding sets. Definition 6.4. Let H be a Hilbert space, we say that a set of vectors { Ψ g g G} in H is a hiding set for the subgroup H in G if i) Ψ g is a unit vector for every g G, ii) if g and g are in the same left coset of H then Ψ g = Ψ g, iii) if g and g are in different left cosets of H than Ψ g and Ψ g are orthogonal. We say that a quantum procedure is hiding the hidden subgroup H G if for every g G, on the input g 0 it outputs g Ψ g where { Ψ g g G} is a hiding set for H. In [6] it is shown that instead of considering a black box to prepare the state 1 G g G g f(g) we might aswell consider an efficient quantum hiding procedure. Theorem 6.5. Let G be a finite abelian group. If there exists an efficient quantum procedure which hides the subgroup H of G, then there is an efficient quantum algorithm for finding H. Proof. We alter the standard algorithm from chapter 3. In step 3 of experiment 3.1, instead of preparing the state 1 G g G g f(g) using the black box we prepare the state 1 G g G g Ψ g using the quantum hiding procedure. After measuring the second register this will result in the same possible superpositions in step 2 by the definition of a quantum hiding set Reduction to hiding HZ G In this section we will discuss a section from [5] which reduces the hidden subgroup problem in an extraspecial group to an instance of the hidden subgroup problem in an abelian group. In short, this will show that if we can construct (using our hiding function f) an efficient quantum procedure hiding HZ G, then we can efficiently find our hidden 30

Similar documents

Quantum Computing Lecture Notes, Extra Chapter. Hidden Subgroup Problem

Quantum Computing Lecture Notes, Extra Chapter. Hidden Subgroup Problem Quantum Computing Lecture Notes, Extra Chapter Hidden Subgroup Problem Ronald de Wolf 1 Hidden Subgroup Problem 1.1 Group theory reminder A group G consists of a set of elements (which is usually denoted

More information

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 6: Quantum query complexity of the HSP

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 6: Quantum query complexity of the HSP Quantum algorithms (CO 78, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 6: Quantum query complexity of the HSP So far, we have considered the hidden subgroup problem in abelian groups.

More information

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations Page 1 Definitions Tuesday, May 8, 2018 12:23 AM Notations " " means "equals, by definition" the set of all real numbers the set of integers Denote a function from a set to a set by Denote the image of

More information

SUMMARY ALGEBRA I LOUIS-PHILIPPE THIBAULT

SUMMARY ALGEBRA I LOUIS-PHILIPPE THIBAULT SUMMARY ALGEBRA I LOUIS-PHILIPPE THIBAULT Contents 1. Group Theory 1 1.1. Basic Notions 1 1.2. Isomorphism Theorems 2 1.3. Jordan- Holder Theorem 2 1.4. Symmetric Group 3 1.5. Group action on Sets 3 1.6.

More information

Graph isomorphism, the hidden subgroup problem and identifying quantum states

Graph isomorphism, the hidden subgroup problem and identifying quantum states 1 Graph isomorphism, the hidden subgroup problem and identifying quantum states Pranab Sen NEC Laboratories America, Princeton, NJ, U.S.A. Joint work with Sean Hallgren and Martin Rötteler. Quant-ph 0511148:

More information

120A LECTURE OUTLINES

120A LECTURE OUTLINES 120A LECTURE OUTLINES RUI WANG CONTENTS 1. Lecture 1. Introduction 1 2 1.1. An algebraic object to study 2 1.2. Group 2 1.3. Isomorphic binary operations 2 2. Lecture 2. Introduction 2 3 2.1. The multiplication

More information

Classical simulations of non-abelian quantum Fourier transforms

Classical simulations of non-abelian quantum Fourier transforms Classical simulations of non-abelian quantum Fourier transforms Diploma Thesis Juan Bermejo Vega December 7, 2011 Garching First reviewer: Prof. Dr. J. Ignacio Cirac Second reviewer: Prof. Dr. Alejandro

More information

Representation Theory

Representation Theory Part II Year 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2018 Paper 1, Section II 19I 93 (a) Define the derived subgroup, G, of a finite group G. Show that if χ is a linear character

More information

The McEliece Cryptosystem Resists Quantum Fourier Sampling Attack

The McEliece Cryptosystem Resists Quantum Fourier Sampling Attack The McEliece Cryptosystem Resists Quantum Fourier Sampling Attack Cristopher Moore University of New Mexico and the Santa Fe Institute Joint work with Hang Dinh, University of Connecticut / Indiana, South

More information

Math 429/581 (Advanced) Group Theory. Summary of Definitions, Examples, and Theorems by Stefan Gille

Math 429/581 (Advanced) Group Theory. Summary of Definitions, Examples, and Theorems by Stefan Gille Math 429/581 (Advanced) Group Theory Summary of Definitions, Examples, and Theorems by Stefan Gille 1 2 0. Group Operations 0.1. Definition. Let G be a group and X a set. A (left) operation of G on X is

More information

REPRESENTATION THEORY OF S n

REPRESENTATION THEORY OF S n REPRESENTATION THEORY OF S n EVAN JENKINS Abstract. These are notes from three lectures given in MATH 26700, Introduction to Representation Theory of Finite Groups, at the University of Chicago in November

More information

CONSEQUENCES OF THE SYLOW THEOREMS

CONSEQUENCES OF THE SYLOW THEOREMS CONSEQUENCES OF THE SYLOW THEOREMS KEITH CONRAD For a group theorist, Sylow s Theorem is such a basic tool, and so fundamental, that it is used almost without thinking, like breathing. Geoff Robinson 1.

More information

The Hidden Subgroup Problem and Quantum Computation Using Group Representations

The Hidden Subgroup Problem and Quantum Computation Using Group Representations The Hidden Subgroup Problem and Quantum Computation Using Group Representations Sean Hallgren Computer Science Department Caltech, MC 256-80 Pasadena, CA 925 hallgren@cs.caltech.edu Alexander Russell Department

More information

Representation Theory

Representation Theory Representation Theory Representations Let G be a group and V a vector space over a field k. A representation of G on V is a group homomorphism ρ : G Aut(V ). The degree (or dimension) of ρ is just dim

More information

Groups and Symmetries

Groups and Symmetries Groups and Symmetries Definition: Symmetry A symmetry of a shape is a rigid motion that takes vertices to vertices, edges to edges. Note: A rigid motion preserves angles and distances. Definition: Group

More information

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 1: Quantum circuits and the abelian QFT Quantum algorithms (CO 78, Winter 008) Prof. Andrew Childs, University of Waterloo LECTURE : Quantum circuits and the abelian QFT This is a course on quantum algorithms. It is intended for graduate students

More information

MAT 445/ INTRODUCTION TO REPRESENTATION THEORY

MAT 445/ INTRODUCTION TO REPRESENTATION THEORY MAT 445/1196 - INTRODUCTION TO REPRESENTATION THEORY CHAPTER 1 Representation Theory of Groups - Algebraic Foundations 1.1 Basic definitions, Schur s Lemma 1.2 Tensor products 1.3 Unitary representations

More information

Normal Subgroups and Quotient Groups

Normal Subgroups and Quotient Groups Normal Subgroups and Quotient Groups 3-20-2014 A subgroup H < G is normal if ghg 1 H for all g G. Notation: H G. Every subgroup of an abelian group is normal. Every subgroup of index 2 is normal. If H

More information

Real representations

Real representations Real representations 1 Definition of a real representation Definition 1.1. Let V R be a finite dimensional real vector space. A real representation of a group G is a homomorphism ρ VR : G Aut V R, where

More information

TC10 / 3. Finite fields S. Xambó

TC10 / 3. Finite fields S. Xambó TC10 / 3. Finite fields S. Xambó The ring Construction of finite fields The Frobenius automorphism Splitting field of a polynomial Structure of the multiplicative group of a finite field Structure of the

More information

MA441: Algebraic Structures I. Lecture 26

MA441: Algebraic Structures I. Lecture 26 MA441: Algebraic Structures I Lecture 26 10 December 2003 1 (page 179) Example 13: A 4 has no subgroup of order 6. BWOC, suppose H < A 4 has order 6. Then H A 4, since it has index 2. Thus A 4 /H has order

More information

School of Mathematics and Statistics. MT5824 Topics in Groups. Problem Sheet I: Revision and Re-Activation

School of Mathematics and Statistics. MT5824 Topics in Groups. Problem Sheet I: Revision and Re-Activation MRQ 2009 School of Mathematics and Statistics MT5824 Topics in Groups Problem Sheet I: Revision and Re-Activation 1. Let H and K be subgroups of a group G. Define HK = {hk h H, k K }. (a) Show that HK

More information

Ph 219b/CS 219b. Exercises Due: Wednesday 22 February 2006

Ph 219b/CS 219b. Exercises Due: Wednesday 22 February 2006 1 Ph 219b/CS 219b Exercises Due: Wednesday 22 February 2006 6.1 Estimating the trace of a unitary matrix Recall that using an oracle that applies the conditional unitary Λ(U), Λ(U): 0 ψ 0 ψ, 1 ψ 1 U ψ

More information

Algebra SEP Solutions

Algebra SEP Solutions Algebra SEP Solutions 17 July 2017 1. (January 2017 problem 1) For example: (a) G = Z/4Z, N = Z/2Z. More generally, G = Z/p n Z, N = Z/pZ, p any prime number, n 2. Also G = Z, N = nz for any n 2, since

More information

D-MATH Algebra I HS 2013 Prof. Brent Doran. Solution 3. Modular arithmetic, quotients, product groups

D-MATH Algebra I HS 2013 Prof. Brent Doran. Solution 3. Modular arithmetic, quotients, product groups D-MATH Algebra I HS 2013 Prof. Brent Doran Solution 3 Modular arithmetic, quotients, product groups 1. Show that the functions f = 1/x, g = (x 1)/x generate a group of functions, the law of composition

More information

NOTES ON FINITE FIELDS

NOTES ON FINITE FIELDS NOTES ON FINITE FIELDS AARON LANDESMAN CONTENTS 1. Introduction to finite fields 2 2. Definition and constructions of fields 3 2.1. The definition of a field 3 2.2. Constructing field extensions by adjoining

More information

The Hunt for a Quantum Algorithm for Graph Isomorphism

The Hunt for a Quantum Algorithm for Graph Isomorphism The Hunt for a Quantum Algorithm for Graph Isomorphism Cristopher Moore, University of New Mexico Alexander Russell, University of Connecticut Leonard J. Schulman, Caltech The Hidden Subgroup Problem Given

More information

Equivalence Relations and Partitions, Normal Subgroups, Quotient Groups, and Homomorphisms

Equivalence Relations and Partitions, Normal Subgroups, Quotient Groups, and Homomorphisms Equivalence Relations and Partitions, Normal Subgroups, Quotient Groups, and Homomorphisms Math 356 Abstract We sum up the main features of our last three class sessions, which list of topics are given

More information

The Gelfand-Tsetlin Basis (Too Many Direct Sums, and Also a Graph)

The Gelfand-Tsetlin Basis (Too Many Direct Sums, and Also a Graph) The Gelfand-Tsetlin Basis (Too Many Direct Sums, and Also a Graph) David Grabovsky June 13, 2018 Abstract The symmetric groups S n, consisting of all permutations on a set of n elements, naturally contain

More information

The Major Problems in Group Representation Theory

The Major Problems in Group Representation Theory The Major Problems in Group Representation Theory David A. Craven 18th November 2009 In group representation theory, there are many unsolved conjectures, most of which try to understand the involved relationship

More information

Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs

Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Evidence that the Diffie-Hellman Problem is as Hard as Computing Discrete Logs Jonah Brown-Cohen 1 Introduction The Diffie-Hellman protocol was one of the first methods discovered for two people, say Alice

More information

Lectures on Class Field Theory

Lectures on Class Field Theory Helmut Hasse Lectures on Class Field Theory April 7, 2004 v Translation, annotations and additions by Franz Lemmermeyer and Peter Roquette vi Preface Preface to the First Edition I have given the lectures

More information

Algebra Exam Topics. Updated August 2017

Algebra Exam Topics. Updated August 2017 Algebra Exam Topics Updated August 2017 Starting Fall 2017, the Masters Algebra Exam will have 14 questions. Of these students will answer the first 8 questions from Topics 1, 2, and 3. They then have

More information

Lecture Notes, Week 6

Lecture Notes, Week 6 YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several

More information

REPRESENTATION THEORY. WEEK 4

REPRESENTATION THEORY. WEEK 4 REPRESENTATION THEORY. WEEK 4 VERA SERANOVA 1. uced modules Let B A be rings and M be a B-module. Then one can construct induced module A B M = A B M as the quotient of a free abelian group with generators

More information

Lecture 15: The Hidden Subgroup Problem

Lecture 15: The Hidden Subgroup Problem CS 880: Quantum Information Processing 10/7/2010 Lecture 15: The Hidden Subgroup Problem Instructor: Dieter van Melkebeek Scribe: Hesam Dashti The Hidden Subgroup Problem is a particular type of symmetry

More information

1 Fields and vector spaces

1 Fields and vector spaces 1 Fields and vector spaces In this section we revise some algebraic preliminaries and establish notation. 1.1 Division rings and fields A division ring, or skew field, is a structure F with two binary

More information

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem Curtis Bright December 9, 011 Abstract In Quantum Computation and Lattice Problems [11] Oded Regev presented the first known connection

More information

Topics in Representation Theory: Fourier Analysis and the Peter Weyl Theorem

Topics in Representation Theory: Fourier Analysis and the Peter Weyl Theorem Topics in Representation Theory: Fourier Analysis and the Peter Weyl Theorem 1 Fourier Analysis, a review We ll begin with a short review of simple facts about Fourier analysis, before going on to interpret

More information

Group Theory

Group Theory Group Theory 2014 2015 Solutions to the exam of 4 November 2014 13 November 2014 Question 1 (a) For every number n in the set {1, 2,..., 2013} there is exactly one transposition (n n + 1) in σ, so σ is

More information

Abstract Algebra II Groups ( )

Abstract Algebra II Groups ( ) Abstract Algebra II Groups ( ) Melchior Grützmann / melchiorgfreehostingcom/algebra October 15, 2012 Outline Group homomorphisms Free groups, free products, and presentations Free products ( ) Definition

More information

BASIC GROUP THEORY : G G G,

BASIC GROUP THEORY : G G G, BASIC GROUP THEORY 18.904 1. Definitions Definition 1.1. A group (G, ) is a set G with a binary operation : G G G, and a unit e G, possessing the following properties. (1) Unital: for g G, we have g e

More information

Chapter 8. P-adic numbers. 8.1 Absolute values

Chapter 8. P-adic numbers. 8.1 Absolute values Chapter 8 P-adic numbers Literature: N. Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions, 2nd edition, Graduate Texts in Mathematics 58, Springer Verlag 1984, corrected 2nd printing 1996, Chap.

More information

NAVARRO VERTICES AND NORMAL SUBGROUPS IN GROUPS OF ODD ORDER

NAVARRO VERTICES AND NORMAL SUBGROUPS IN GROUPS OF ODD ORDER NAVARRO VERTICES AND NORMAL SUBGROUPS IN GROUPS OF ODD ORDER JAMES P. COSSEY Abstract. Let p be a prime and suppose G is a finite solvable group and χ is an ordinary irreducible character of G. Navarro

More information

3. G. Groups, as men, will be known by their actions. - Guillermo Moreno

3. G. Groups, as men, will be known by their actions. - Guillermo Moreno 3.1. The denition. 3. G Groups, as men, will be known by their actions. - Guillermo Moreno D 3.1. An action of a group G on a set X is a function from : G X! X such that the following hold for all g, h

More information

Exercises on chapter 1

Exercises on chapter 1 Exercises on chapter 1 1. Let G be a group and H and K be subgroups. Let HK = {hk h H, k K}. (i) Prove that HK is a subgroup of G if and only if HK = KH. (ii) If either H or K is a normal subgroup of G

More information

A PROOF OF BURNSIDE S p a q b THEOREM

A PROOF OF BURNSIDE S p a q b THEOREM A PROOF OF BURNSIDE S p a q b THEOREM OBOB Abstract. We prove that if p and q are prime, then any group of order p a q b is solvable. Throughout this note, denote by A the set of algebraic numbers. We

More information

Math 451, 01, Exam #2 Answer Key

Math 451, 01, Exam #2 Answer Key Math 451, 01, Exam #2 Answer Key 1. (25 points): If the statement is always true, circle True and prove it. If the statement is never true, circle False and prove that it can never be true. If the statement

More information

2. The center of G, denoted by Z(G), is the abelian subgroup which commutes with every elements of G. The center always contains the unit element e.

2. The center of G, denoted by Z(G), is the abelian subgroup which commutes with every elements of G. The center always contains the unit element e. Chapter 2 Group Structure To be able to use groups in physics, or mathematics, we need to know what are the important features distinguishing one group from another. This is under the heading of group

More information

REPRESENTATION THEORY WEEK 5. B : V V k

REPRESENTATION THEORY WEEK 5. B : V V k REPRESENTATION THEORY WEEK 5 1. Invariant forms Recall that a bilinear form on a vector space V is a map satisfying B : V V k B (cv, dw) = cdb (v, w), B (v 1 + v, w) = B (v 1, w)+b (v, w), B (v, w 1 +

More information

Ph 219b/CS 219b. Exercises Due: Wednesday 11 February 2009

Ph 219b/CS 219b. Exercises Due: Wednesday 11 February 2009 1 Ph 219b/CS 219b Exercises Due: Wednesday 11 February 2009 5.1 The peak in the Fourier transform In the period finding algorithm we prepared the periodic state A 1 1 x 0 + jr, (1) A j=0 where A is the

More information

9 Artin representations

9 Artin representations 9 Artin representations Let K be a global field. We have enough for G ab K. Now we fix a separable closure Ksep and G K := Gal(K sep /K), which can have many nonabelian simple quotients. An Artin representation

More information

Math 250: Higher Algebra Representations of finite groups

Math 250: Higher Algebra Representations of finite groups Math 250: Higher Algebra Representations of finite groups 1 Basic definitions Representations. A representation of a group G over a field k is a k-vector space V together with an action of G on V by linear

More information

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015 L7. Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang, 5 March 2015 1 Outline The basic foundation: multiplicative group modulo prime The basic Diffie-Hellman (DH) protocol The discrete logarithm

More information

Stab(t) = {h G h t = t} = {h G h (g s) = g s} = {h G (g 1 hg) s = s} = g{k G k s = s} g 1 = g Stab(s)g 1.

Stab(t) = {h G h t = t} = {h G h (g s) = g s} = {h G (g 1 hg) s = s} = g{k G k s = s} g 1 = g Stab(s)g 1. 1. Group Theory II In this section we consider groups operating on sets. This is not particularly new. For example, the permutation group S n acts on the subset N n = {1, 2,...,n} of N. Also the group

More information

Course 311: Abstract Algebra Academic year

Course 311: Abstract Algebra Academic year Course 311: Abstract Algebra Academic year 2007-08 D. R. Wilkins Copyright c David R. Wilkins 1997 2007 Contents 1 Topics in Group Theory 1 1.1 Groups............................... 1 1.2 Examples of Groups.......................

More information

Factoring integers with a quantum computer

Factoring integers with a quantum computer Factoring integers with a quantum computer Andrew Childs Department of Combinatorics and Optimization and Institute for Quantum Computing University of Waterloo Eighth Canadian Summer School on Quantum

More information

CHARACTERS OF FINITE GROUPS.

CHARACTERS OF FINITE GROUPS. CHARACTERS OF FINITE GROUPS. ANDREI YAFAEV As usual we consider a finite group G and the ground field F = C. Let U be a C[G]-module and let g G. Then g is represented by a matrix [g] in a certain basis.

More information

Representation Theory. Ricky Roy Math 434 University of Puget Sound

Representation Theory. Ricky Roy Math 434 University of Puget Sound Representation Theory Ricky Roy Math 434 University of Puget Sound May 2, 2010 Introduction In our study of group theory, we set out to classify all distinct groups of a given order up to isomorphism.

More information

COURSE SUMMARY FOR MATH 504, FALL QUARTER : MODERN ALGEBRA

COURSE SUMMARY FOR MATH 504, FALL QUARTER : MODERN ALGEBRA COURSE SUMMARY FOR MATH 504, FALL QUARTER 2017-8: MODERN ALGEBRA JAROD ALPER Week 1, Sept 27, 29: Introduction to Groups Lecture 1: Introduction to groups. Defined a group and discussed basic properties

More information

REPRESENTATION THEORY NOTES FOR MATH 4108 SPRING 2012

REPRESENTATION THEORY NOTES FOR MATH 4108 SPRING 2012 REPRESENTATION THEORY NOTES FOR MATH 4108 SPRING 2012 JOSEPHINE YU This note will cover introductory material on representation theory, mostly of finite groups. The main references are the books of Serre

More information

Algebra: Groups. Group Theory a. Examples of Groups. groups. The inverse of a is simply a, which exists.

Algebra: Groups. Group Theory a. Examples of Groups. groups. The inverse of a is simply a, which exists. Group Theory a Let G be a set and be a binary operation on G. (G, ) is called a group if it satisfies the following. 1. For all a, b G, a b G (closure). 2. For all a, b, c G, a (b c) = (a b) c (associativity).

More information

Symplectic representation theory and the Weyl algebra in positive characteristic

Symplectic representation theory and the Weyl algebra in positive characteristic Symplectic representation theory and the Weyl algebra in positive characteristic SPUR Final Paper, Summer 2016 Joseph Zurier Mentor: Augustus Lonergan Project Suggested by Roman Bezrukavnikov 3 August

More information

p-adic fields Chapter 7

p-adic fields Chapter 7 Chapter 7 p-adic fields In this chapter, we study completions of number fields, and their ramification (in particular in the Galois case). We then look at extensions of the p-adic numbers Q p and classify

More information

9 Knapsack Cryptography

9 Knapsack Cryptography 9 Knapsack Cryptography In the past four weeks, we ve discussed public-key encryption systems that depend on various problems that we believe to be hard: prime factorization, the discrete logarithm, and

More information

Lecture 1: Introduction to Public key cryptography

Lecture 1: Introduction to Public key cryptography Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means

More information

Supplementary Notes: Simple Groups and Composition Series

Supplementary Notes: Simple Groups and Composition Series 18.704 Supplementary Notes: Simple Groups and Composition Series Genevieve Hanlon and Rachel Lee February 23-25, 2005 Simple Groups Definition: A simple group is a group with no proper normal subgroup.

More information

An Algebraic View of the Relation between Largest Common Subtrees and Smallest Common Supertrees

An Algebraic View of the Relation between Largest Common Subtrees and Smallest Common Supertrees An Algebraic View of the Relation between Largest Common Subtrees and Smallest Common Supertrees Francesc Rosselló 1, Gabriel Valiente 2 1 Department of Mathematics and Computer Science, Research Institute

More information

Hidden Symmetry Subgroup Problems

Hidden Symmetry Subgroup Problems 1/27 Hidden Symmetry Subgroup Problems Miklos Santha CNRS, Université Paris Diderot, France and Centre for Quantum Technologies, NUS, Singapore joint work with Thomas Decker Gábor Ivanyos Pawel Wocjan

More information

QIP Note: On the Quantum Fourier Transform and Applications

QIP Note: On the Quantum Fourier Transform and Applications QIP ote: On the Quantum Fourier Transform and Applications Ivan Damgård 1 Introduction This note introduces Fourier transforms over finite Abelian groups, and shows how this can be used to find the period

More information

ALGEBRA QUALIFYING EXAM PROBLEMS

ALGEBRA QUALIFYING EXAM PROBLEMS ALGEBRA QUALIFYING EXAM PROBLEMS Kent State University Department of Mathematical Sciences Compiled and Maintained by Donald L. White Version: August 29, 2017 CONTENTS LINEAR ALGEBRA AND MODULES General

More information

DRAFT AYAN MAHALANOBIS

DRAFT AYAN MAHALANOBIS arxiv:1309.1859v1 [math.gr] 7 Sep 2013 THE MOR CRYPTOSYSTEM AND FINITE p-groups AYAN MAHALANOBIS Abstract. The ElGamal cryptosystem is the most widely used public key cryptosystem. It uses the discrete

More information

Pseudo Sylow numbers

Pseudo Sylow numbers Pseudo Sylow numbers Benjamin Sambale May 16, 2018 Abstract One part of Sylow s famous theorem in group theory states that the number of Sylow p- subgroups of a finite group is always congruent to 1 modulo

More information

From the shortest vector problem to the dihedral hidden subgroup problem

From the shortest vector problem to the dihedral hidden subgroup problem From the shortest vector problem to the dihedral hidden subgroup problem Curtis Bright University of Waterloo December 8, 2011 1 / 19 Reduction Roughly, problem A reduces to problem B means there is a

More information

arxiv: v3 [cs.cr] 15 Jun 2017

arxiv: v3 [cs.cr] 15 Jun 2017 Use of Signed Permutations in Cryptography arxiv:1612.05605v3 [cs.cr] 15 Jun 2017 Iharantsoa Vero RAHARINIRINA ihvero@yahoo.fr Department of Mathematics and computer science, Faculty of Sciences, BP 906

More information

Using semidirect product of (semi)groups in public key cryptography

Using semidirect product of (semi)groups in public key cryptography Using semidirect product of (semi)groups in public key cryptography Delaram Kahrobaei City University of New York Graduate Center: PhD Program in Computer Science NYCCT: Mathematics Department University

More information

A Little Beyond: Linear Algebra

A Little Beyond: Linear Algebra A Little Beyond: Linear Algebra Akshay Tiwary March 6, 2016 Any suggestions, questions and remarks are welcome! 1 A little extra Linear Algebra 1. Show that any set of non-zero polynomials in [x], no two

More information

ON THE RESIDUALITY A FINITE p-group OF HN N-EXTENSIONS

ON THE RESIDUALITY A FINITE p-group OF HN N-EXTENSIONS 1 ON THE RESIDUALITY A FINITE p-group OF HN N-EXTENSIONS D. I. Moldavanskii arxiv:math/0701498v1 [math.gr] 18 Jan 2007 A criterion for the HNN-extension of a finite p-group to be residually a finite p-group

More information

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1). 1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not

More information

Maximal non-commuting subsets of groups

Maximal non-commuting subsets of groups Maximal non-commuting subsets of groups Umut Işık March 29, 2005 Abstract Given a finite group G, we consider the problem of finding the maximal size nc(g) of subsets of G that have the property that no

More information

Yale University Department of Mathematics Math 350 Introduction to Abstract Algebra Fall Midterm Exam Review Solutions

Yale University Department of Mathematics Math 350 Introduction to Abstract Algebra Fall Midterm Exam Review Solutions Yale University Department of Mathematics Math 350 Introduction to Abstract Algebra Fall 2015 Midterm Exam Review Solutions Practice exam questions: 1. Let V 1 R 2 be the subset of all vectors whose slope

More information

REU 2007 Discrete Math Lecture 2

REU 2007 Discrete Math Lecture 2 REU 2007 Discrete Math Lecture 2 Instructor: László Babai Scribe: Shawn Drenning June 19, 2007. Proofread by instructor. Last updated June 20, 1 a.m. Exercise 2.0.1. Let G be an abelian group and A G be

More information

Groups of Prime Power Order with Derived Subgroup of Prime Order

Groups of Prime Power Order with Derived Subgroup of Prime Order Journal of Algebra 219, 625 657 (1999) Article ID jabr.1998.7909, available online at http://www.idealibrary.com on Groups of Prime Power Order with Derived Subgroup of Prime Order Simon R. Blackburn*

More information

Part V. 17 Introduction: What are measures and why measurable sets. Lebesgue Integration Theory

Part V. 17 Introduction: What are measures and why measurable sets. Lebesgue Integration Theory Part V 7 Introduction: What are measures and why measurable sets Lebesgue Integration Theory Definition 7. (Preliminary). A measure on a set is a function :2 [ ] such that. () = 2. If { } = is a finite

More information

CHAPTER 6. Representations of compact groups

CHAPTER 6. Representations of compact groups CHAPTER 6 Representations of compact groups Throughout this chapter, denotes a compact group. 6.1. Examples of compact groups A standard theorem in elementary analysis says that a subset of C m (m a positive

More information

φ(xy) = (xy) n = x n y n = φ(x)φ(y)

φ(xy) = (xy) n = x n y n = φ(x)φ(y) Groups 1. (Algebra Comp S03) Let A, B and C be normal subgroups of a group G with A B. If A C = B C and AC = BC then prove that A = B. Let b B. Since b = b1 BC = AC, there are a A and c C such that b =

More information

REPRESENTATIONS AND CHARACTERS OF FINITE GROUPS

REPRESENTATIONS AND CHARACTERS OF FINITE GROUPS SUMMER PROJECT REPRESENTATIONS AND CHARACTERS OF FINITE GROUPS September 29, 2017 Miriam Norris School of Mathematics Contents 0.1 Introduction........................................ 2 0.2 Representations

More information

CONJUGATION IN A GROUP

CONJUGATION IN A GROUP CONJUGATION IN A GROUP KEITH CONRAD 1. Introduction A reflection across one line in the plane is, geometrically, just like a reflection across any other line. That is, while reflections across two different

More information

A study of permutation groups and coherent configurations. John Herbert Batchelor. A Creative Component submitted to the graduate faculty

A study of permutation groups and coherent configurations. John Herbert Batchelor. A Creative Component submitted to the graduate faculty A study of permutation groups and coherent configurations by John Herbert Batchelor A Creative Component submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER

More information

SUPPLEMENT ON THE SYMMETRIC GROUP

SUPPLEMENT ON THE SYMMETRIC GROUP SUPPLEMENT ON THE SYMMETRIC GROUP RUSS WOODROOFE I presented a couple of aspects of the theory of the symmetric group S n differently than what is in Herstein. These notes will sketch this material. You

More information

Public Key Encryption

Public Key Encryption Public Key Encryption KG October 17, 2017 Contents 1 Introduction 1 2 Public Key Encryption 2 3 Schemes Based on Diffie-Hellman 3 3.1 ElGamal.................................... 5 4 RSA 7 4.1 Preliminaries.................................

More information

Two subgroups and semi-direct products

Two subgroups and semi-direct products Two subgroups and semi-direct products 1 First remarks Throughout, we shall keep the following notation: G is a group, written multiplicatively, and H and K are two subgroups of G. We define the subset

More information

Exercises on chapter 4

Exercises on chapter 4 Exercises on chapter 4 Always R-algebra means associative, unital R-algebra. (There are other sorts of R-algebra but we won t meet them in this course.) 1. Let A and B be algebras over a field F. (i) Explain

More information

Math 121. Fundamental Theorem and an example

Math 121. Fundamental Theorem and an example Math 121. Fundamental Theorem and an example Let K/k be a finite Galois extension and G = Gal(K/k), so #G = [K : k] by the counting criterion for separability discussed in class. In this handout we will

More information

Finite groups determined by an inequality of the orders of their subgroups

Finite groups determined by an inequality of the orders of their subgroups Finite groups determined by an inequality of the orders of their subgroups Tom De Medts Marius Tărnăuceanu November 5, 2007 Abstract In this article we introduce and study two classes of finite groups

More information

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation Quantum logic gates Logic gates Classical NOT gate Quantum NOT gate (X gate) A NOT A α 0 + β 1 X α 1 + β 0 A N O T A 0 1 1 0 Matrix form representation 0 1 X = 1 0 The only non-trivial single bit gate

More information

CYCLICITY OF (Z/(p))

CYCLICITY OF (Z/(p)) CYCLICITY OF (Z/(p)) KEITH CONRAD 1. Introduction For each prime p, the group (Z/(p)) is cyclic. We will give seven proofs of this fundamental result. A common feature of the proofs that (Z/(p)) is cyclic

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 11 February 21, 2013 CPSC 467b, Lecture 11 1/27 Discrete Logarithm Diffie-Hellman Key Exchange ElGamal Key Agreement Primitive Roots

More information

2. Intersection Multiplicities

2. Intersection Multiplicities 2. Intersection Multiplicities 11 2. Intersection Multiplicities Let us start our study of curves by introducing the concept of intersection multiplicity, which will be central throughout these notes.

More information

Background Material in Algebra and Number Theory. Groups

Background Material in Algebra and Number Theory. Groups PRELIMINARY READING FOR ALGEBRAIC NUMBER THEORY. HT 2016/17. Section 0. Background Material in Algebra and Number Theory The following gives a summary of the main ideas you need to know as prerequisites

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback