Author: Matan Prasma PDF: can be found here Content is also from online lectures

Naive Set Theory (Elliptic Curve Script)

Ordered pair: $(a, b) := {{a}, {a, b}}$
Cartesian product: $A \times B := {(a, b) ∣ a \in A, b \in B}$
Function: A function $f : A \to B$ is a subset $f \subset A \times B$ s.t.:
- $\forall a \in A : \exists b \in B : (a, b) \in f$
- $\forall (a, b) \in f, (a, b^{'}) \in f : b = b^{'}$
- ⇒ $A$ is the domain, $B$ is the range
Function composition: $(g \circ f) (a) := g (f (a))$
Function properties:
- Injective, Monomorphism, “one-to-one”: $\forall x, x^{'} : f (x) = f (x^{'}) ⟹ x = x^{'}$
- Surjective, Epimorphism, “onto”: $\forall y : \exists x : f (x) = y$
- Bijective, Isomorphism, “invertible”: Injective + Surjective
- ⇒ Each of these properties still hold for $(g \circ f)$ if they do for $f$ and $g$
Equivalence relations: A relation $R$ on $X$ is a subset $R \subset X \times X$
- $x \sim_{R} y$ means that \mathbb{Z}_b $(x, y) \in R$
- An equivalence relation is a relation with the properties:
  - Reflexivity: $\forall x \in X : x \sim x$
  - Symmetry: $\forall x, y \in X : x \sim y ⟺ y \sim x$
  - Transitivity: $\forall x, y, z \in X : x \sim y \land y \sim z ⟹ x \sim z$
- Equivalence class: $[x] := {y \in X ∣ x \sim y}$
- Quotient set: $X / \sim:= {[x] ∣ x \in X}$
  - The quotient map maps an element $x$ to its equivalence class $[x]$
- Example: Projective Line:
  - On some field $F$ , define the punctured plane as $F^{2} ∖ {(0, 0)}$
  - Equivalence relation: $(x, y) \sim (x^{'}, y^{'}) ⟺ \exists λ \neq = 0 : (x, y) = (λ x^{'}, λ y^{'})$
  - The quotient set is the projective line and denoted $P_{F}^{1}$
  - Elements of this set are denoted as $[x : y]$
  - The number of elements is $∣ F ∣ + 1$ : One element for each possible slope, plus the “point at infinity” ( $[0 : 1]$ )

Elementary Number Theory

Bezout’s lemma: For any positive integers $a, b$ , there exist $u, v \in Z$ such that: $a u + b v = g c d (a, b)$
- ⇒ These numbers can be found using the Extended Euclidean Algroithm
- ⇒ One application: If $a < b$ and $b$ is prime, we have $g c d (a, b) = 1$ , so $u$ is the multiplicative inverse of $a$ in $Z_{b}$
Chinese Remainder Theorem:
- Let $n_{1}, \dots, n_{k} \in N$ be such that $\forall i \neq = j : g cd (n_{i}, n_{j}) = 1$ and denote $N = n_{1} \cdot \dots \cdot n_{k}$ .
- Then for all $a_{1}, \dots, a_{k} \in N$ , the system of equations $x x = a_{1} (mod n_{1}) ⋮ = a_{k} (mod n_{k})$ has a unique solution in $Z_{N}$ .

Groups

Group: A group consists of a set $G$ , containing a neutral element $e$ , and a group operation $μ$ under the following conditions:
- Unitary: $\forall x \in G : μ (x, e) = μ (e, x) = x$
- Associativity: $\forall x, y, z \in G : μ (μ (x, y), z) = μ (x, μ (y, z))$
- Invertibility: $\forall x \in G : \exists x^{- 1} \in G : μ (x^{- 1}, x) = μ (x, x^{- 1}) = e$
Common notation:
- Additive: $e$ is denoted as $0$ ; $μ$ is denoted as $+$
- Multiplicative: $e$ is denoted as $1$ ; $μ$ is denoted as $\cdot$
Fermat’s little theorem: If $p$ is prime, $\forall a \in {1, ..., p - 1} : a^{p - 1} = 1 mod p$
⇒ This implies that $F_{p}^{\times} = F ∖ {0} = {1, ..., p - 1}$ is a group with multiplication modulo $p$
Subgroup: If a for subset $H \subseteq G$ $(H, μ, e)$ is a group, it is called a subgroup of $G$ (denoted $H \leq G$ )
Coset: Given a subgroup $H$ and an element $x \in G$ , the (left) $H$ -coset is defined as: $x H := {x h ∣ x \in H}$
- $x H = yH ⟺ x^{- 1} y \in H$
- The set of cosets ${x H}_{x \in G}$ forms a partition of $G$
Lagrange’s Theorem: For a finite group $G$ and subgroup $H \leq G$ , $# H$ divides $# G$
- (Because each coset has $# H$ elements and the set of cosets is a partition of $G$ )
Group Homomorphism: For two groups $G$ and $H$ , a function $f : G \to H$ is called a group homomorphism if for any $x, y \in G$ , $f (x y) = f (x) \cdot f (y)$
- The kernel $k er (f)$ is defined as ${x \in G ∣ f (x) = e_{H}}$
- The image $I m (f)$ is defined as ${f (x) ∣ x \in G} \subseteq H$
If $f$ is bijective, it is called a group isomorphism and we denote $G ≅ H$
The quotient group $G / H = {x H ∣ x \in G}$ with $x H \cdot yH = (x y) H$ is a group and the quotient map $q : G \to G / H$ given by $x \mapsto x H$ is a group homomorphism
Cyclic groups:
- For a group $G$ and element $g \in G$ , the order of $g$ $o (g)$ is the minimal natural number $n$ such that $g^{n} = e$ . If no such number exists, we set $o (g) = \infty$ .
- Cauchy’s theorem: For a finite abelian group $G$ and prime $p$ , if $p ∣ # G$ , there exists an element $g \in G$ with $o (g) = p$
  - (partial converse of Lagrange’s theorem)
- A group $G$ is called cyclic if there exists an element $g \in G$ such that *the group generated by $g$ , $⟨ g ⟩ := {g^{n} ∣ n \in Z}$ , equals $G$
- Any cyclic group is abelian and isomorphic to $Z_{# G}$ (because any element can be expressed uniquely as $g^{i}$ for $i \in Z_{# G}$ )
- Euler totient function: $φ (n) = # {k ∣ 1 \leq k \leq n \land g cd (n, k) = 1}$
- An element in $k \in Z_{n}$ is a generator if $g c d (k, n) = 1$ , and $φ (n)$ gives the number of generators of $Z_{n}$
- Fundamental Theorem of Cyclic Groups: For a cyclic group $G$
  - Any subgroup is cyclic
  - For any $k ∣ # G$ , $⟨ g^{# G / k} ⟩$ is the unique subgroup of size $k$
- Lagrange’s theorem implies that any prime-order group is cyclic!

Fields

A field is a set $F$ with binary operations $+ : F \times F \to F$ and $\cdot : F \times F \to F$ and elements $0 \neq = 1 \in F$ such that:
- Both $(F, +, 0)$ and $(F ∖ {0}, \cdot, 1)$ are abelian groups
- For every $x, y, z \in F, x \cdot (y + z) = x \cdot y + x \cdot z$
The field characteristic is the minimal number $n$ such that $1$ added to itself $n$ times is $0$ (or $0$ , if no such number exists)
A subfield needs to contain $0$ and $1$ and be closed under the two operations.
Polynomials over a field:
- Polynomial in one variable: a formal expression of the form $f (x) = \sum_{i = 0}^{n} a_{i} \cdot x^{i}$ where $a_{i} \in F$ are the coefficients, the terms $a_{i} \cdot x^{i}$ are called monomials, $de g f := n$ is the degree and the set of all polynomials is denoted as $F [x]$ .
- Polynomials can be added, subtracted, multiplied and divided. Division example:
- ⇒ Polynomials form a ring: It’s like a field, but not all polynomials have multiplicative inverses
- A polynomial as a root $α$ iff. it is divisible by $(x - α)$
  - ⇒ a polynomial can have at most $n$ roots
- A prime (or irreducible) polynomial is one that cannot be expressed as a product of two non-constant polynomials.
- Monic polynomial: Leading coefficient is 1.
Modulo algorithmic of polynomials: For a prime polynomial $ϕ$ over a field $F$ , we can define a field $F_{ϕ (x)} = F [x] / (ϕ)$ ⇒ $ϕ$ does not have a root in $F$ , but in $F_{ϕ (x)}$ it has a root: $x$
A splitting field for a polynomial $f$ is one where $f$ can be expressed as a product of linear factors which is minimal, i.e., there is no subfield with the same property.
- It always exists: we can just repeat extending the field by non-linear prime polynomials until we have none left.
- If $F$ is a finite field of size $q = p^{n}$ (for a prime $p$ and some natural number $n$ ), it is a splitting field of $x^{q} - x$
Galois fields: For any prime $p$ and natural number $n$ , there exists a finite field of size $p^{n}$ . Conversely, any finite field has a size of the form $p^{n}$ , and all fields of the same size are isomorphic. Therefore, all finite fields can be denoted as $GF (p^{n})$ .
Algebraic Closure: For a finite field $F = F_{q}$ for $q = p^{m}$ , the algebraic closure $\overline{F} = ⋃_{n \in N} F_{q^{n}}$ is a infinite-size field with characteristic $q$ where all polynomials split.
- To add or multiply two elements from $F_{n_{1}}$ and $F_{n_{2}}$ , embed them into $F_{n_{1} \cdot n_{2}}$ and do the operation there
The $n$ th roots of unity $μ_{n}$ on a prime field $F_{p}$ is the sets of roots of $x^{n} - 1$ in $\overline{F}_{p}$
- If $p$ does not divide $n$ , $μ_{n}$ is a cyclic group
Lagrange interpolation: Given points $(x_{0}, y_{0}), ... (x_{n}, y_{n}) \in F \times F$ , the ith Lagrange polynomial is $L_{i} (x) := \frac{\prod _{j \neq = i} x - x _{j}}{\prod _{j \neq = i} x _{i} - x _{j}}$ and the Lagrange interpolation of the points is $L (x) := \sum_{i = 0}^{n} y_{i} \cdot L_{i} (x)$
Fast Fourier Transform (FFT):
- Polynomials can be represented in evaluation form (“sampling”) and coefficient form (“vector”)
- The FFT is an efficient algorithm to compute the Discrete Fourier Transform (DFT), which is a matrix-vector product of the Vandermonde matrix with the polynomial’s coefficients ⇒ performs evaluation:
- For efficiency, we choose $x = w$ , where $w$ is an $n$ th root of unity
- Algorithm below
- The inverse of $FF T_{w}$ is $\frac{1}{n} FF T_{w^{- 1}}$ FFT Algorithm:

def fft(f, omega):
    # Base case
    n = len(f)
    if n == 1:
        return f  # Nothing to transform if there's only 1 data point
 
    # Separate even and odd-indexed elements
    f_E = [f[2*i] for i in range(n//2)]
    f_O = [f[2*i + 1] for i in range(n//2)]
 
    # Recursively compute FFT on halves, using omega^2 as (n/2)-th root of unity
    F_E = fft(f_E, omega * omega)
    F_O = fft(f_O, omega * omega)
 
    # Combine step: allocate output and perform the butterfly merges
    F = [0] * n
    for j in range(n//2):
        t = (omega ** j) * F_O[j]
        F[j] = F_E[j] + t
        F[j + n//2] = F_E[j] - t
 
    return F

More resources:

Vector Spaces

A vector space $V$ over a field $F$ is a set $V$ with a distinguished element $0_{V} \in V$ and binary operations $+ : V \times V \to V$ and $\cdot : F \times V \to V$ such that:
- $(V, +, 0)$ is an abelian group
- Scalar multiplication is associative and distributive
A subspace is a subset of a vector space that is closed under the two operations
A linear map between to vector spaces $V, W$ (over the same field) is a function $f : V \to W$ such that:
- $f (a v) = a \cdot f (v)$
- $f (v + v^{'}) = f (v) + f (v^{'})$
A basis of a finite vector space is an ordered set of linearly independent vector space elements which span the entire vector space. All bases have the same number of elements which is called the dimension of the vector space.
- ⇒ Any finite vector space for dimension $n$ is isomorphic to $F^{n}$ , representing each element as a linear combination of its basis vectors.

Projective Coordinates

The projective line $P_{K}^{1}$ over a field $K$ is the quotient set of the punctured affine plane $K \times K ∖ {(0, 0}$ by the equivalence relation $\forall λ \in K ∖ {0} (x, y) \sim λ (x, y)$
The projective plane is defined as $P_{K}^{2} = K^{3} ∖ {(0, 0, 0)} / \sim$
The equivalence class of a point $(x, y, z)$ is denoted by $(x : y : z)$
…

Reed-Solomon error-correcting codes

Alphabet: Finite set $Σ$ of size $q$
Hamming distance of two strings $x, y \in Σ^{n}$ : $Δ (x, y) = ∣ {i \in [n] : x_{i} \neq = y_{i}} ∣$
$(n, k, d)$ code: Functions $E : Σ^{k} \to Σ^{n}, D : Σ^{n} \to Σ^{k}$ such that for all $u \in Σ^{k}, w \in Σ^{n}$ with $Δ (E (u), w) \leq e$ , we have $D (w) = u$
- Rate: $R = k / n$
- Relative distance: $δ = d / n$
Singleton bound: For any code, $R + δ \leq 1 + 1/ n$
Maximum distance separable (MDS) code: A code that meets the singleton bound with equality
A linear code $C$ is a code that is a $k$ -dimensional subspace of $F_{q}^{n}$
- $⟹$ $Δ$ satisfies the triangle equality

Errors?

Example 5.15: How can 2 times 2 be 0? Then $(F ∖ 0, \cdot, 1)$ would not be a group?
Example 5.60: The factor should be $(x^{2} + 2)$ ?
Misspelling of “Fanu plane”

Crypto Summaries

Explorer

Circle STARKs - notes from a seminar in Stateless Consensus EF

Naive Set Theory (Elliptic Curve Script)

Elementary Number Theory

Groups

Fields

Vector Spaces

Projective Coordinates

Reed-Solomon error-correcting codes

Errors?

Graph View

Table of Contents