DOCSLIB.ORG

LINEAR ALGEBRA Contents 1. Vector Spaces 2 1.1. Definitions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LINEAR ALGEBRA Contents 1. Vector Spaces 2 1.1. Definitions LINEAR ALGEBRA SIMON WADSLEY Contents 1. Vector spaces2 1.1. Definitions and examples2 1.2. Linear independence, bases and the Steinitz exchange lemma4 1.3. Direct sum7 2. Linear maps9 2.1. Definitions and examples9 2.2. Linear maps and matrices 11 2.3. The first isomorphism theorem and the rank-nullity theorem 13 2.4. Change of basis 15 2.5. Elementary matrix operations 17 3. Determinants of matrices 18 4. Endomorphisms 23 4.1. Invariants 23 4.2. The Cayley-Hamilton Theorem 28 4.3. Multiplicities of eigenvalues and Jordan Normal Form 32 5. Duality 38 5.1. Dual spaces 38 5.2. Dual maps 40 6. Bilinear Forms 42 6.1. Definitions and Examples 42 6.2. Symmetric bilinear forms and quadratic forms 44 6.3. Hermitian forms 48 7. Inner product spaces 50 7.1. Definitions and basic properties 50 7.2. Gram{Schmidt orthogonalisation 51 7.3. Adjoints 53 7.4. Spectral theory 55 8. Alternating forms 57 1 2 SIMON WADSLEY Lecture 1 1. Vector spaces Linear algebra can be summarised as the study of vector spaces and linear maps between them. This is a second ‘first course' in Linear Algebra. That is to say, we will define everything we use but will assume some familiarity with the concepts (picked up from the IA course Vectors and Matrices for example). 1.1. Definitions and examples. Examples. (1) For each non-negative integer n, the set Rn of column vectors of length n with real entries is a vector space (over R). An (m × n)-matrix A with real entries can be viewed as a linear map Rn ! Rm via v 7! Av. In fact, as we will see, every linear map from Rn ! Rm is of this form. (2) Let X be a set and RX := ff : X ! Rg be equipped with an addition given by (f + g)(x) := f(x) + g(x) and a multiplication by scalars (in R) given by (λf)(x) = λ(f(x)). Then RX is a vector space (over R). (3) If [a; b] is a closed interval in R then C([a; b]; R) := ff 2 R[a;b] j f is continuousg is an R-vector space by restricting the operations on R[a;b]. Similarly C1([a; b]; R) := ff 2 C([a; b]; R) j f is infinitely differentiableg is an R-vector space. (4) The set of (m × n)-matrices with real entries is a vector space over R. Convention. In this course we will use F to denote either R or C. Most of the results will be true for any field F; but since general fields are not officially defined until Groups, Rings and Modules next term we follow the schedules in not addressing that. What do our examples of vector spaces above have in common? In each case we have a notion of addition of `vectors' and scalar multiplication of `vectors' by elements in R. Definition. An F-vector space is an abelian group (V; +) equipped with a function F × V ! V ;(λ, v) 7! λv such that (a) λ(µv) = (λµ)v for all λ, µ 2 F and v 2 V ; (b) λ(u + v) = λu + λv for all λ 2 F and u; v 2 V ; (c)( λ + µ)v = λv + µv for all λ, µ 2 F and v 2 V ; (d)1 v = v for all v 2 V . Note that this means that we can add, subtract and rescale elements in a vector space and these operations behave in the ways that we are used to. Note also that in general a vector space does not come equipped with notions of length or of angle. We will discuss how to recover these at the end of the course. At that point particular properties of the field F will be important. Convention. We will always write 0 to denote the additive identity of a vector space V . By slight abuse of notation we will also write 0 to denote the vector space f0g. LINEAR ALGEBRA 3 Exercise. (1) Convince yourself that all the vector spaces mentioned thus far do indeed satisfy the axioms for a vector space. (2) Show that for any v in any vector space V , 0v = 0 and (−1)v = −v Definition. Suppose that V is a vector space over F. A subset U ⊂ V is a (linear) subspace if (a) for all u1; u2 2 U, u1 + u2 2 U; (b) for all λ 2 F and u 2 U, λu 2 U; (c)0 2 U. Remarks. (1) It is straightforward to see that U ⊂ V is a subspace if and only if U 6= ; and λu1 + µu2 2 U for all u1; u2 2 U and λ, µ 2 F . (2) If U is a subspace of V then U is a vector space under the inherited operations. Examples. 80 1 9 x1 < 3 = 3 (1) @x2A 2 R : x1 + x2 + x3 = t is a subspace of R if and only if t = 0. : x3 ; (2) Let X be a set. We define the support of a function f : X ! F to be suppf := fx 2 X : f(x) 6= 0g: Then ff 2 FX : jsuppfj < 1g is a subspace of FX . Definition. Let V be a vector space over F and S ⊂ V a subset of V . Then the span of S in V , ( n ) X hSi := λisi : λi 2 F; si 2 S; n > 0 i=1 Remark. For any subset S ⊂ V , hSi is the smallest subspace of V containing S. Example. Suppose that V is R3. 80 1 0 1 0 19 80 1 9 < 1 0 1 = < a = If S = @0A ; @1A ; @2A then hSi = @bA : a; b 2 R : : 0 1 2 ; : b ; Note also that every subset of S of order 2 has the same span as S. Example. Let X be a set and for each x 2 X, define δx : X ! F by ( 1 if y = x δx(y) = 0 if y 6= x: X Then hδx : x 2 Xi = ff 2 F : jsuppfj < 1g: Definition. Suppose that U and W are subspaces of a vector space V over F. Then the sum of U and W is the set U + W := fu + w : u 2 U; w 2 W g: Proposition. If U and W are subspaces of a vector space V over F then U \ W and U + W are also subspaces of V . 4 SIMON WADSLEY Proof. Certainly both U \ W and U + W contain 0. Suppose that v1; v2 2 U \ W , u1; u2 2 U, w1; w2 2 W ,and λ, µ 2 F. Then λv1 + µv2 2 U \ W and λ(u1 + w1) + µ(u2 + w2) = (λu1 + µu2) + (λw1 + µw2) 2 U + W: So U \ W and U + W are subspaces of V . *Quotient spaces*. Suppose that V is a vector space over F and U is a subspace of V . Then the quotient group V=U can be made into a vector space over F by definining λ(v + U) = (λv) + U for λ 2 F and v 2 V . Exercise. Justify the claim that this makes V=U into a vector space over F. Lecture 2 1.2. Linear independence, bases and the Steinitz exchange lemma. Definition. Let V be a vector space over F and S ⊂ V . (a) We say that S spans V if V = hSi. (b) We say that S is linearly independent (LI) if, whenever n X λisi = 0 i=1 with λi 2 F, and si distinct elements of S, it follows that λi = 0 for all i. If S is not linearly independent then we say that S is linearly dependent (LD). (c) We say that S is a basis for V if S spans and is linearly independent. 80 1 0 1 0 19 < 1 0 1 = Example. Suppose that V is R3 and S = @0A ; @1A ; @2A . Then S is linearly : 0 1 2 ; 011 001 011 dependent since 1 @0A+2 @1A+(−1) @2A = 0. Moreover S does not span V since 0 1 2 001 @0A is not in hSi. However, every subset of S of order 2 is linearly independent 1 and forms a basis for hSi. Remark. Note that no linearly independent set can contain the zero vector since 1 · 0 = 0. Convention. The span of the empty set h;i is the zero subspace 0. Thus the empty set is a basis of 0. One may consider this to not be so much a convention as the only reasonable interpretation of the definitions of span, linearly independent and basis in this case. Lemma. A subset S of a vector space V over F is linearly dependent if and only if Pn there exist s0; s1; : : : ; sn 2 S distinct and λ1; : : : ; λn 2 F such that s0 = i=1 λisi. LINEAR ALGEBRA 5 P Proof. Suppose that S is linearly dependent so that λisi = 0 for some si 2 S distinct and λi 2 F with λj 6= 0 say. Then X −λi sj = si: λj i6=j Pn Pn Conversely, if s0 = i=1 λisi then (−1)s0 + i=1 λisi = 0. Proposition. Let V be a vector space over F. Then fe1; : : : ; eng is a basis for V Pn if and only if every element v 2 V can be written uniquely as v = i=1 λiei with λi 2 F. Proof. First we observe that by definition fe1; : : : ; eng spans V if and only if every P element v of V can be written in at least one way as v = λiei with λi 2 F.
Load more

Recommended publications
  • Group Homomorphisms
    1-17-2018 Group Homomorphisms Here are the operation tables for two groups of order 4: · 1 a a2 + 0 1 2 1 1 a a2 0 0 1 2 a a a2 1 1 1 2 0 a2 a2 1 a 2 2 0 1 There is an obvious sense in which these two groups are “the same”: You can get the second table from the first by replacing 0 with 1, 1 with a, and 2 with a2. When are two groups the same? You might think of saying that two groups are the same if you can get one group’s table from the other by substitution, as above. However, there are problems with this. In the first place, it might be very difficult to check — imagine having to write down a multiplication table for a group of order 256! In the second place, it’s not clear what a “multiplication table” is if a group is infinite. One way to implement a substitution is to use a function. In a sense, a function is a thing which “substitutes” its output for its input. I’ll define what it means for two groups to be “the same” by using certain kinds of functions between groups. These functions are called group homomorphisms; a special kind of homomorphism, called an isomorphism, will be used to define “sameness” for groups. Definition. Let G and H be groups. A homomorphism from G to H is a function f : G → H such that f(x · y)= f(x) · f(y) forall x,y ∈ G.
    [Show full text]
  • The Geometry of Syzygies
    The Geometry of Syzygies A second course in Commutative Algebra and Algebraic Geometry David Eisenbud University of California, Berkeley with the collaboration of Freddy Bonnin, Clement´ Caubel and Hel´ ene` Maugendre For a current version of this manuscript-in-progress, see www.msri.org/people/staff/de/ready.pdf Copyright David Eisenbud, 2002 ii Contents 0 Preface: Algebra and Geometry xi 0A What are syzygies? . xii 0B The Geometric Content of Syzygies . xiii 0C What does it mean to solve linear equations? . xiv 0D Experiment and Computation . xvi 0E What’s In This Book? . xvii 0F Prerequisites . xix 0G How did this book come about? . xix 0H Other Books . 1 0I Thanks . 1 0J Notation . 1 1 Free resolutions and Hilbert functions 3 1A Hilbert’s contributions . 3 1A.1 The generation of invariants . 3 1A.2 The study of syzygies . 5 1A.3 The Hilbert function becomes polynomial . 7 iii iv CONTENTS 1B Minimal free resolutions . 8 1B.1 Describing resolutions: Betti diagrams . 11 1B.2 Properties of the graded Betti numbers . 12 1B.3 The information in the Hilbert function . 13 1C Exercises . 14 2 First Examples of Free Resolutions 19 2A Monomial ideals and simplicial complexes . 19 2A.1 Syzygies of monomial ideals . 23 2A.2 Examples . 25 2A.3 Bounds on Betti numbers and proof of Hilbert’s Syzygy Theorem . 26 2B Geometry from syzygies: seven points in P3 .......... 29 2B.1 The Hilbert polynomial and function. 29 2B.2 . and other information in the resolution . 31 2C Exercises . 34 3 Points in P2 39 3A The ideal of a finite set of points .
    [Show full text]
  • LINEAR ALGEBRA METHODS in COMBINATORICS László Babai
    LINEAR ALGEBRA METHODS IN COMBINATORICS L´aszl´oBabai and P´eterFrankl Version 2.1∗ March 2020 ||||| ∗ Slight update of Version 2, 1992. ||||||||||||||||||||||| 1 c L´aszl´oBabai and P´eterFrankl. 1988, 1992, 2020. Preface Due perhaps to a recognition of the wide applicability of their elementary concepts and techniques, both combinatorics and linear algebra have gained increased representation in college mathematics curricula in recent decades. The combinatorial nature of the determinant expansion (and the related difficulty in teaching it) may hint at the plausibility of some link between the two areas. A more profound connection, the use of determinants in combinatorial enumeration goes back at least to the work of Kirchhoff in the middle of the 19th century on counting spanning trees in an electrical network. It is much less known, however, that quite apart from the theory of determinants, the elements of the theory of linear spaces has found striking applications to the theory of families of finite sets. With a mere knowledge of the concept of linear independence, unexpected connections can be made between algebra and combinatorics, thus greatly enhancing the impact of each subject on the student's perception of beauty and sense of coherence in mathematics. If these adjectives seem inflated, the reader is kindly invited to open the first chapter of the book, read the first page to the point where the first result is stated (\No more than 32 clubs can be formed in Oddtown"), and try to prove it before reading on. (The effect would, of course, be magnified if the title of this volume did not give away where to look for clues.) What we have said so far may suggest that the best place to present this material is a mathematics enhancement program for motivated high school students.
    [Show full text]
  • The General Linear Group
    18.704 Gabe Cunningham 2/18/05 [email protected] The General Linear Group Definition: Let F be a field. Then the general linear group GLn(F ) is the group of invert- ible n × n matrices with entries in F under matrix multiplication. It is easy to see that GLn(F ) is, in fact, a group: matrix multiplication is associative; the identity element is In, the n × n matrix with 1’s along the main diagonal and 0’s everywhere else; and the matrices are invertible by choice. It’s not immediately clear whether GLn(F ) has infinitely many elements when F does. However, such is the case. Let a ∈ F , a 6= 0. −1 Then a · In is an invertible n × n matrix with inverse a · In. In fact, the set of all such × matrices forms a subgroup of GLn(F ) that is isomorphic to F = F \{0}. It is clear that if F is a finite field, then GLn(F ) has only finitely many elements. An interesting question to ask is how many elements it has. Before addressing that question fully, let’s look at some examples. ∼ × Example 1: Let n = 1. Then GLn(Fq) = Fq , which has q − 1 elements. a b Example 2: Let n = 2; let M = ( c d ). Then for M to be invertible, it is necessary and sufficient that ad 6= bc. If a, b, c, and d are all nonzero, then we can fix a, b, and c arbitrarily, and d can be anything but a−1bc. This gives us (q − 1)3(q − 2) matrices.
    [Show full text]
  • The Fundamental Homomorphism Theorem
    Lecture 4.3: The fundamental homomorphism theorem Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 4.3: The fundamental homomorphism theorem Math 4120, Modern Algebra 1 / 10 Motivating example (from the previous lecture) Define the homomorphism φ : Q4 ! V4 via φ(i) = v and φ(j) = h. Since Q4 = hi; ji: φ(1) = e ; φ(−1) = φ(i 2) = φ(i)2 = v 2 = e ; φ(k) = φ(ij) = φ(i)φ(j) = vh = r ; φ(−k) = φ(ji) = φ(j)φ(i) = hv = r ; φ(−i) = φ(−1)φ(i) = ev = v ; φ(−j) = φ(−1)φ(j) = eh = h : Let's quotient out by Ker φ = {−1; 1g: 1 i K 1 i iK K iK −1 −i −1 −i Q4 Q4 Q4=K −j −k −j −k jK kK j k jK j k kK Q4 organized by the left cosets of K collapse cosets subgroup K = h−1i are near each other into single nodes Key observation Q4= Ker(φ) =∼ Im(φ). M. Macauley (Clemson) Lecture 4.3: The fundamental homomorphism theorem Math 4120, Modern Algebra 2 / 10 The Fundamental Homomorphism Theorem The following result is one of the central results in group theory. Fundamental homomorphism theorem (FHT) If φ: G ! H is a homomorphism, then Im(φ) =∼ G= Ker(φ). The FHT says that every homomorphism can be decomposed into two steps: (i) quotient out by the kernel, and then (ii) relabel the nodes via φ. G φ Im φ (Ker φ C G) any homomorphism q i quotient remaining isomorphism process (\relabeling") G Ker φ group of cosets M.
    [Show full text]
  • Homomorphisms and Isomorphisms
    Lecture 4.1: Homomorphisms and isomorphisms Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 4.1: Homomorphisms and isomorphisms Math 4120, Modern Algebra 1 / 13 Motivation Throughout the course, we've said things like: \This group has the same structure as that group." \This group is isomorphic to that group." However, we've never really spelled out the details about what this means. We will study a special type of function between groups, called a homomorphism. An isomorphism is a special type of homomorphism. The Greek roots \homo" and \morph" together mean \same shape." There are two situations where homomorphisms arise: when one group is a subgroup of another; when one group is a quotient of another. The corresponding homomorphisms are called embeddings and quotient maps. Also in this chapter, we will completely classify all finite abelian groups, and get a taste of a few more advanced topics, such as the the four \isomorphism theorems," commutators subgroups, and automorphisms. M. Macauley (Clemson) Lecture 4.1: Homomorphisms and isomorphisms Math 4120, Modern Algebra 2 / 13 A motivating example Consider the statement: Z3 < D3. Here is a visual: 0 e 0 7! e f 1 7! r 2 2 1 2 7! r r2f rf r2 r The group D3 contains a size-3 cyclic subgroup hri, which is identical to Z3 in structure only. None of the elements of Z3 (namely 0, 1, 2) are actually in D3. When we say Z3 < D3, we really mean is that the structure of Z3 shows up in D3.
    [Show full text]
  • 6. Localization
    52 Andreas Gathmann 6. Localization Localization is a very powerful technique in commutative algebra that often allows to reduce ques- tions on rings and modules to a union of smaller “local” problems. It can easily be motivated both from an algebraic and a geometric point of view, so let us start by explaining the idea behind it in these two settings. Remark 6.1 (Motivation for localization). (a) Algebraic motivation: Let R be a ring which is not a field, i. e. in which not all non-zero elements are units. The algebraic idea of localization is then to make more (or even all) non-zero elements invertible by introducing fractions, in the same way as one passes from the integers Z to the rational numbers Q. Let us have a more precise look at this particular example: in order to construct the rational numbers from the integers we start with R = Z, and let S = Znf0g be the subset of the elements of R that we would like to become invertible. On the set R×S we then consider the equivalence relation (a;s) ∼ (a0;s0) , as0 − a0s = 0 a and denote the equivalence class of a pair (a;s) by s . The set of these “fractions” is then obviously Q, and we can define addition and multiplication on it in the expected way by a a0 as0+a0s a a0 aa0 s + s0 := ss0 and s · s0 := ss0 . (b) Geometric motivation: Now let R = A(X) be the ring of polynomial functions on a variety X. In the same way as in (a) we can ask if it makes sense to consider fractions of such polynomials, i.
    [Show full text]
  • Geometric Engineering of (Framed) Bps States
    GEOMETRIC ENGINEERING OF (FRAMED) BPS STATES WU-YEN CHUANG1, DUILIU-EMANUEL DIACONESCU2, JAN MANSCHOT3;4, GREGORY W. MOORE5, YAN SOIBELMAN6 Abstract. BPS quivers for N = 2 SU(N) gauge theories are derived via geometric engineering from derived categories of toric Calabi-Yau threefolds. While the outcome is in agreement of previous low energy constructions, the geometric approach leads to several new results. An absence of walls conjecture is formulated for all values of N, relating the field theory BPS spectrum to large radius D-brane bound states. Supporting evidence is presented as explicit computations of BPS degeneracies in some examples. These computations also prove the existence of BPS states of arbitrarily high spin and infinitely many marginal stability walls at weak coupling. Moreover, framed quiver models for framed BPS states are naturally derived from this formalism, as well as a mathematical formulation of framed and unframed BPS degeneracies in terms of motivic and cohomological Donaldson-Thomas invariants. We verify the conjectured absence of BPS states with \exotic" SU(2)R quantum numbers using motivic DT invariants. This application is based in particular on a complete recursive algorithm which determines the unframed BPS spectrum at any point on the Coulomb branch in terms of noncommutative Donaldson- Thomas invariants for framed quiver representations. Contents 1. Introduction 2 1.1. A (short) summary for mathematicians 7 1.2. BPS categories and mirror symmetry 9 2. Geometric engineering, exceptional collections, and quivers 11 2.1. Exceptional collections and fractional branes 14 2.2. Orbifold quivers 18 2.3. Field theory limit A 19 2.4.
    [Show full text]
  • Monoids: Theme and Variations (Functional Pearl)
    University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 7-2012 Monoids: Theme and Variations (Functional Pearl) Brent A. Yorgey University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/cis_papers Part of the Programming Languages and Compilers Commons, Software Engineering Commons, and the Theory and Algorithms Commons Recommended Citation Brent A. Yorgey, "Monoids: Theme and Variations (Functional Pearl)", . July 2012. This paper is posted at ScholarlyCommons. https://repository.upenn.edu/cis_papers/762 For more information, please contact [email protected]. Monoids: Theme and Variations (Functional Pearl) Abstract The monoid is a humble algebraic structure, at first glance ve en downright boring. However, there’s much more to monoids than meets the eye. Using examples taken from the diagrams vector graphics framework as a case study, I demonstrate the power and beauty of monoids for library design. The paper begins with an extremely simple model of diagrams and proceeds through a series of incremental variations, all related somehow to the central theme of monoids. Along the way, I illustrate the power of compositional semantics; why you should also pay attention to the monoid’s even humbler cousin, the semigroup; monoid homomorphisms; and monoid actions. Keywords monoid, homomorphism, monoid action, EDSL Disciplines Programming Languages and Compilers | Software Engineering | Theory and Algorithms This conference paper is available at ScholarlyCommons: https://repository.upenn.edu/cis_papers/762 Monoids: Theme and Variations (Functional Pearl) Brent A. Yorgey University of Pennsylvania [email protected] Abstract The monoid is a humble algebraic structure, at first glance even downright boring.
    [Show full text]
  • 1 Vector Spaces
    AM 106/206: Applied Algebra Prof. Salil Vadhan Lecture Notes 18 November 25, 2009 1 Vector Spaces • Reading: Gallian Ch. 19 • Today's main message: linear algebra (as in Math 21) can be done over any field, and most of the results you're familiar with from the case of R or C carry over. • Def of vector space. • Examples: { F n { F [x] { Any ring containing F { F [x]=hp(x)i { C a vector space over R • Def of linear (in)dependence, span, basis. • Examples in F n: { (1; 0; 0; ··· ; 0), (0; 1; 0;:::; 0), . , (0; 0; 0;:::; 1) is a basis for F n { (1; 1; 0), (1; 0; 1), (0; 1; 1) is a basis for F 3 iff F has characteristic 2 • Def: The dimension of a vector space V over F is the size of the largest set of linearly independent vectors in V . (different than Gallian, but we'll show it to be equivalent) { A measure of size that makes sense even for infinite sets. • Prop: every finite-dimensional vector space has a basis consisting of dim(V ) vectors. Later we'll see that all bases have exactly dim(V ) vectors. • Examples: { F n has dimension n { F [x] has infinite dimension (1; x; x2; x3;::: are linearly independent) { F [x]=hp(x)i has dimension deg(p) (basis is (the cosets of) 1; x; x2; : : : ; xdeg(p)−1). { C has dimension 2 over R 1 • Proof: Let v1; : : : ; vk be the largest set of linearly independent vectors in V (so k = dim(V )).
    [Show full text]
  • THE RESULTANT of TWO POLYNOMIALS Case of Two
    THE RESULTANT OF TWO POLYNOMIALS PIERRE-LOÏC MÉLIOT Abstract. We introduce the notion of resultant of two polynomials, and we explain its use for the computation of the intersection of two algebraic curves. Case of two polynomials in one variable. Consider an algebraically closed field k (say, k = C), and let P and Q be two polynomials in k[X]: r r−1 P (X) = arX + ar−1X + ··· + a1X + a0; s s−1 Q(X) = bsX + bs−1X + ··· + b1X + b0: We want a simple criterion to decide whether P and Q have a common root α. Note that if this is the case, then P (X) = (X − α) P1(X); Q(X) = (X − α) Q1(X) and P1Q − Q1P = 0. Therefore, there is a linear relation between the polynomials P (X);XP (X);:::;Xs−1P (X);Q(X);XQ(X);:::;Xr−1Q(X): Conversely, such a relation yields a common multiple P1Q = Q1P of P and Q with degree strictly smaller than deg P + deg Q, so P and Q are not coprime and they have a common root. If one writes in the basis 1; X; : : : ; Xr+s−1 the coefficients of the non-independent family of polynomials, then the existence of a linear relation is equivalent to the vanishing of the following determinant of size (r + s) × (r + s): a a ··· a r r−1 0 ar ar−1 ··· a0 .. .. .. a a ··· a r r−1 0 Res(P; Q) = ; bs bs−1 ··· b0 b b ··· b s s−1 0 . .. .. .. bs bs−1 ··· b0 with s lines with coefficients ai and r lines with coefficients bj.
    [Show full text]
  • Homomorphism Learning Problems and Its Applications to Public-Key Cryptography
    Homomorphism learning problems and its applications to public-key cryptography Christopher Leonardi1, 2 and Luis Ruiz-Lopez1, 2 1University of Waterloo 2Isara Corporation May 23, 2019 Abstract We present a framework for the study of a learning problem over abstract groups, and introduce a new technique which allows for public-key encryption using generic groups. We proved, however, that in order to obtain a quantum resistant encryption scheme, commuta- tive groups cannot be used to instantiate this protocol. Keywords: Learning With Errors, isogenies, non-commutative cryptography 1 Introduction Lattice based cryptography is nowadays the most prominent among the candidate areas for quantum resistant cryptography. The great popularity of lattice based cryptography is, in great part, due to its versatility|several different primitives have been constructed based on lattice problems|and security guarantees such as average-case to worst-case reductions to problems that are presumably hard even for quantum algorithms. Particularly, the short integers solutions problem (SIS), used by Ajtai in his seminal paper [1] to construct a one-way function, and the learning with errors problem (LWE), introduced by Regev in [18], have served as the backbone for several cryptographic constructions. The importance of these two problems goes beyond their applications in cryptography, since their formulation was motivated by purely mathematical problems of a mixed geometric and algebraic character. For example, SIS can be thought as the problem of finding short elements in the kernel of a linear function. For its part, LWE is the problem of finding solutions to a system of noisy linear equations. With these statements of the problems it is possible to imagine several generalizations of them, since some elements in the statements may seem rather arbitrary.
    [Show full text]