Subgroup distortion: Difference between revisions

Content deleted Content added

Inline

Latest revision as of 07:47, 15 October 2024

In geometric group theory, a discipline of mathematics, subgroup distortion measures the extent to which an overgroup can reduce the complexity of a group's word problem.^[1] Like much of geometric group theory, the concept is due to Misha Gromov, who introduced it in 1993.^[2]

Formally, let $S$ generate group $H$ , and let $G$ be an overgroup for $H$ generated by $S \cup T$ . Then each generating set defines a word metric on the corresponding group; the distortion of $H$ in $G$ is the asymptotic equivalence class of the function $R\mapsto {\frac {\operatorname {diam} _{H}(B_{G}(0,R)\cap H)}{\operatorname {diam} _{H}(B_{H}(0,R))}}{\text{,}}$ where $B X (x, r)$ is the ball of radius $r$ about center $x$ in $X$ and $diam(S)$ is the diameter of $S$ .^[2]^: 49

A subgroup with bounded distortion is called undistorted, and is the same thing as a quasi-isometrically embedded subgroup.^[3]

Examples

For example, consider the infinite cyclic group $ℤ = ⟨ b ⟩$ , embedded as a normal subgroup of the Baumslag–Solitar group $BS(1, 2) = ⟨ a, b ⟩$ . With respect to the chosen generating sets, the element $b^{2^{n}}=a^{n}ba^{-n}$ is distance $2 n$ from the origin in $ℤ$ , but distance $2 n + 1$ from the origin in $BS(1, 2)$ . In particular, $ℤ$ is at least exponentially distorted with base $2$ .^[2]^[4]

On the other hand, any embedded copy of $ℤ$ in the free abelian group on two generators $ℤ 2$ is undistorted, as is any embedding of $ℤ$ into itself.^[2]^[4]

Elementary properties

In a tower of groups $K \leq H \leq G$ , the distortion of $K$ in $G$ is at least the distortion of $K$ in $H$ .

A normal abelian subgroup has distortion determined by the eigenvalues of the conjugation overgroup representation; formally, if $g \in G$ acts on $V \leq G$ with eigenvalue $λ$ , then $V$ is at least exponentially distorted with base $λ$ . For many non-normal but still abelian subgroups, the distortion of the normal core gives a strong lower bound.^[1]

Known values

Every computable function with at most exponential growth can be a subgroup distortion,^[5] but Lie subgroups of a nilpotent Lie group always have distortion $n \mapsto n r$ for some rational $r$ .^[6]

The denominator in the definition is always $2 R$ ; for this reason, it is often omitted.^[7]^[8] In that case, a subgroup that is not locally finite has superadditive distortion; conversely every superadditive function (up to asymptotic equivalence) can be found this way.^[8]

In cryptography

The simplification in a word problem induced by subgroup distortion suffices to construct a cryptosystem, algorithms for encoding and decoding secret messages.^[4] Formally, the plaintext message is any object (such as text, images, or numbers) that can be encoded as a number $n$ . The transmitter then encodes $n$ as an element $g \in H$ with word length $n$ . In a public overgroup $G$ with that distorts $H$ , the element $g$ has a word of much smaller length, which is then transmitted to the receiver along with a number of "decoys" from $G \ H$ , to obscure the secret subgroup $H$ . The receiver then picks out the element of $H$ , re-expresses the word in terms of generators of $H$ , and recovers $n$ .^[4]

References

^ ^a ^b Broaddus, Nathan; Farb, Benson; Putman, Andrew (2011). "Irreducible Sp-representations and subgroup distortion in the mapping class group". Commentarii Mathematici Helvetici. 86: 537–556. arXiv:0707.2262. doi:10.4171/CMH/233. S2CID 7665268.
^ ^a ^b ^c ^d Gromov, M. (1993). Asymptotic Invariants of Infinite Groups. London Mathematical Society lecture notes 182. Cambridge University Press. OCLC 842851469.
^ Druţu, Cornelia; Kapovich, Michael (2018). Geometric Group Theory. American Mathematical Society, Providence, RI. p. 285. ISBN 978-1-4704-1104-6.
^ ^a ^b ^c ^d Protocol I in Chatterji, Indira; Kahrobaei, Delaram; Ni Yen Lu (2017). "Cryptosystems Using Subgroup Distortion". Theoretical and Applied Informatics. 1. 29 (2): 14–24. arXiv:1610.07515. doi:10.20904/291-2014. S2CID 16899700. Although Protocol II in the same paper contains a fatal error, Scheme I is feasible; one such group/overgroup pairing is analyzed in Kahrobaei, Delaram; Keivan, Mallahi-Karai (2019). "Some applications of arithmetic groups in cryptography". Groups Complexity Cryptology. 11 (1): 25–33. arXiv:1803.11528. doi:10.1515/gcc-2019-2002. S2CID 119676551. An expository summary of both works is Werner, Nicolas (19 June 2021). Group distortion in Cryptography (PDF) (grado). Barcelona: Universitat de Barcelona. Retrieved 13 September 2022.
^ Olshanskii, A. Yu. (1997). "On subgroup distortion in finitely presented groups". Matematicheskii Sbornik. 188 (11): 51–98. Bibcode:1997SbMat.188.1617O. CiteSeerX 10.1.1.115.1717. doi:10.1070/SM1997v188n11ABEH000276. S2CID 250919942.
^ Osin, D. V. (2001). "Subgroup distortions in nilpotent groups". Communications in Algebra. 29 (12): 5439–5463. doi:10.1081/AGB-100107938. S2CID 122842195.
^ Farb, Benson (1994). "The extrinsic geometry of subgroups and the generalized word problem". Proc. London Math. Soc. 68 (3): 578. We should note that this notion of distortion differs from Gromov's definition (as defined in [18]) by a linear factor.
^ ^a ^b Davis, Tara C.; Olshanskii, Alexander Yu. (October 29, 2018). "Relative Subgroup Growth and Subgroup Distortion". arXiv:1212.5208v1 [math.GR].

[Reps-1] Broaddus, Nathan; Farb, Benson; Putman, Andrew (2011). "Irreducible Sp-representations and subgroup distortion in the mapping class group". Commentarii Mathematici Helvetici. 86: 537–556. arXiv:0707.2262. doi:10.4171/CMH/233. S2CID 7665268.

[Gromov-2] Gromov, M. (1993). Asymptotic Invariants of Infinite Groups. London Mathematical Society lecture notes 182. Cambridge University Press. OCLC 842851469.

[3] Druţu, Cornelia; Kapovich, Michael (2018). Geometric Group Theory. American Mathematical Society, Providence, RI. p. 285. ISBN 978-1-4704-1104-6.

[Crypto-4] Protocol I in Chatterji, Indira; Kahrobaei, Delaram; Ni Yen Lu (2017). "Cryptosystems Using Subgroup Distortion". Theoretical and Applied Informatics. 1. 29 (2): 14–24. arXiv:1610.07515. doi:10.20904/291-2014. S2CID 16899700. Although Protocol II in the same paper contains a fatal error, Scheme I is feasible; one such group/overgroup pairing is analyzed in Kahrobaei, Delaram; Keivan, Mallahi-Karai (2019). "Some applications of arithmetic groups in cryptography". Groups Complexity Cryptology. 11 (1): 25–33. arXiv:1803.11528. doi:10.1515/gcc-2019-2002. S2CID 119676551. An expository summary of both works is Werner, Nicolas (19 June 2021). Group distortion in Cryptography (PDF) (grado). Barcelona: Universitat de Barcelona. Retrieved 13 September 2022.

[5] Olshanskii, A. Yu. (1997). "On subgroup distortion in finitely presented groups". Matematicheskii Sbornik. 188 (11): 51–98. Bibcode:1997SbMat.188.1617O. CiteSeerX 10.1.1.115.1717. doi:10.1070/SM1997v188n11ABEH000276. S2CID 250919942.

[6] Osin, D. V. (2001). "Subgroup distortions in nilpotent groups". Communications in Algebra. 29 (12): 5439–5463. doi:10.1081/AGB-100107938. S2CID 122842195.

[7] Farb, Benson (1994). "The extrinsic geometry of subgroups and the generalized word problem". Proc. London Math. Soc. 68 (3): 578. We should note that this notion of distortion differs from Gromov's definition (as defined in [18]) by a linear factor.

[DONotes-8] Davis, Tara C.; Olshanskii, Alexander Yu. (October 29, 2018). "Relative Subgroup Growth and Subgroup Distortion". arXiv:1212.5208v1 [math.GR].

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

@@ Line 1: / Line 1: @@
 {{Short description|Concept in geometric group theory}}
-In [[geometric group theory]], a discipline of [[mathematics]], '''subgroup distortion''' measures the extent to which an [[overgroup]] can reduce the complexity of a group's [[word problem (groups)|word problem]].<ref name=Reps>{{cite journal|journal=Commentarii Mathematici Helvetici|volume=86|year=2011|pages=537–556|doi=10.4171/CMH/233|title=Irreducible Sp-representations and subgroup distortion in the mapping class group|first1=Nathan|last1=Broaddus|first2=Benson|last2=Farb|author-link2=Benson Farb|first3=Andrew|last3=Putman|author-link3=Andrew Putman|arxiv=0707.2262|s2cid=7665268 }}</ref>  Like much of geometric group theory, the concept is due to [[Mikhael Gromov (mathematician)|Misha Gromov]], who introduced it in 1993.<ref name="Gromov">{{cite book |last=Gromov |first=M. |title=Asymptotic Invariants of Infinite Groups |publisher=Cambridge University Press |year=1993 |series=[[London Mathematical Society]] lecture notes 182 |oclc=842851469 |author-link=Mikhael Gromov (mathematician)}}</ref>
+In [[geometric group theory]], a discipline of [[mathematics]], '''subgroup distortion''' measures the extent to which an [[overgroup]] can reduce the complexity of a group's [[word problem (groups)|word problem]].<ref name=Reps>{{cite journal|journal=[[Commentarii Mathematici Helvetici]]|volume=86|year=2011|pages=537–556|doi=10.4171/CMH/233|title=Irreducible Sp-representations and subgroup distortion in the mapping class group|first1=Nathan|last1=Broaddus|first2=Benson|last2=Farb|author-link2=Benson Farb|first3=Andrew|last3=Putman|author-link3=Andrew Putman|arxiv=0707.2262|s2cid=7665268 }}</ref>  Like much of geometric group theory, the concept is due to [[Mikhael Gromov (mathematician)|Misha Gromov]], who introduced it in 1993.<ref name="Gromov">{{cite book |last=Gromov |first=M. |title=Asymptotic Invariants of Infinite Groups |publisher=Cambridge University Press |year=1993 |series=[[London Mathematical Society]] lecture notes 182 |oclc=842851469 |author-link=Mikhael Gromov (mathematician)}}</ref>
 Formally, let {{mvar|S}} generate group {{mvar|H}}, and let {{mvar|G}} be an overgroup for {{mvar|H}} generated by {{math|''S''&nbsp;&cup;&nbsp;''T''}}.  Then each generating set defines a [[word metric]] on the corresponding group; the distortion of {{mvar|H}} in {{mvar|G}} is the [[asymptotic equivalence]] class of the function <math display="block">R\mapsto\frac{\operatorname{diam}_H(B_G(0,R)\cap H)}{\operatorname{diam}_H(B_H(0,R))}\text{,}</math> where {{math|''B<sub>X</sub>''(''x'',&nbsp;''r'')}} is the [[ball (math)|ball]] of [[radius]] {{mvar|r}} about center {{mvar|x}} in {{mvar|X}} and {{math|diam(''S'')}} is the [[diameter]] of {{mvar|S}}.<ref name="Gromov" />{{rp|49}}
@@ Line 7: / Line 7: @@
 ==Examples==
-For example, consider the [[infinite cyclic group]] {{math|{{mathbb|Z}}&nbsp;{{=}}&nbsp;⟨''b''⟩}}, embedded as a normal subgroup of the [[Baumslag–Solitar group]] {{math|BS(1,&nbsp;2)&nbsp;{{=}}&nbsp;⟨''a'',&nbsp;''b''⟩}}.  Then <math display=block>b^{2^n}=a^nba^{-n}</math> is distance {{math|2<sup>''n''</sup>}} from the [[origin (math)|origin]] in {{math|{{mathbb|Z}}}}, but distance {{math|2''n''&nbsp;+&nbsp;1}} from the origin in {{math|BS(1,&nbsp;2)}}.  In particular, {{math|{{mathbb|Z}}}} is at least exponentially distorted with base {{math|2}}.<ref name=Gromov /><ref name=Crypto />
+For example, consider the [[infinite cyclic group]] {{math|{{mathbb|Z}}&nbsp;{{=}}&nbsp;⟨''b''⟩}}, embedded as a normal subgroup of the [[Baumslag–Solitar group]] {{math|BS(1,&nbsp;2)&nbsp;{{=}}&nbsp;⟨''a'',&nbsp;''b''⟩}}.  With respect to the chosen generating sets, the element <math display=block>b^{2^n}=a^nba^{-n}</math> is distance {{math|2<sup>''n''</sup>}} from the [[origin (math)|origin]] in {{math|{{mathbb|Z}}}}, but distance {{math|2''n''&nbsp;+&nbsp;1}} from the origin in {{math|BS(1,&nbsp;2)}}.  In particular, {{math|{{mathbb|Z}}}} is at least exponentially distorted with base {{math|2}}.<ref name=Gromov /><ref name=Crypto />
-Similarly, the same infinite cyclic group, embedded in the [[free abelian group]] on two generators {{math|{{mathbb|Z}}<sup>2</sup>}}, has linear distortion; the embedding in itself as {{math|3{{mathbb|Z}}}} only produces constant distortion.<ref name=Gromov /><ref name=Crypto />
+On the other hand, any embedded copy of {{math|{{mathbb|Z}}}} in the [[free abelian group]] on two generators {{math|{{mathbb|Z}}<sup>2</sup>}} is undistorted, as is any embedding of {{math|{{mathbb|Z}}}} into itself.<ref name=Gromov /><ref name=Crypto />
 ==Elementary properties==
-In a [[tower of groups]] {{math|''K''&nbsp;≤&nbsp;''H''&nbsp;≤&nbsp;''G''}}, the distortion of {{mvar|K}} in {{mvar|G}} is at least the distortion of {{mvar|H}} in {{mvar|G}}.
+In a [[tower of groups]] {{math|''K''&nbsp;≤&nbsp;''H''&nbsp;≤&nbsp;''G''}}, the distortion of {{mvar|K}} in {{mvar|G}} is at least the distortion of {{mvar|K}} in {{mvar|H}}.
 A [[normal subgroup|normal]] [[abelian subgroup]] has distortion determined by the [[eigenvalues]] of the [[conjugation (group theory)|conjugation]] [[group representation|overgroup representation]]; formally, if {{math|''g''&nbsp;∈&nbsp;''G''}} acts on {{math|''V''&nbsp;≤&nbsp;''G''}} with eigenvalue {{math|λ}}, then {{mvar|V}} is at least exponentially distorted with base {{math|λ}}.  For many non-normal but still abelian subgroups, the distortion of the [[normal core]] gives a strong lower bound.<ref name=Reps />
@@ Line 22: / Line 22: @@
 ==In cryptography==
-The simplification in a word problem induced by subgroup distortion suffices to construct a [[cryptosystem]], algorithms for encoding and decoding secret messages.<ref name=Crypto/>  Formally, the [[plaintext]] message is any object (such as [[plain text|text]], [[images]], or [[numbers]]) that can be encoded as a number {{mvar|n}}.  The transmitter then encodes {{mvar|n}} as an element {{math|''g''&nbsp;∈&nbsp;''H''}} with [[word length]] {{mvar|n}}.  In a public overgroup {{mvar|G}} with that distorts {{mvar|H}}, the element {{mvar|g}} has a word of much smaller length, which is then transmitted to the receiver along with a number of "decoys" from {{math|''G''&nbsp;\&nbsp;''H''}}, to obscure the secret subgroup {{mvar|H}}.  The receiver then picks out the element of {{mvar|H}}, re-expresses the word in terms of generators of {{mvar|H}}, and recovers {{mvar|n}}.<ref name=Crypto>Protocol I in {{cite journal|url=https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1298&context=ny_pubs|title=Cryptosystems Using Subgroup Distortion|year=2017|first1=Indira|last1=Chatterji|author1-link=Indira Chatterji|first2=Delaram|last2=Kahrobaei|author3=Ni Yen Lu|journal=Theoretical and Applied Informatics|volume=29|series=1|number=2|pages=14–24|doi=10.20904/291-2014|arxiv=1610.07515|s2cid=16899700 }}  Although Protocol II in the same paper contains a fatal error, Scheme I is feasible; one such group/overgroup pairing is analyzed in {{cite journal|last1=Kahrobaei|first1=Delaram|last2=Keivan|first2=Mallahi-Karai|title=Some applications of arithmetic groups in cryptography|journal=Groups Complexity Cryptology|volume=11|number=1|year=2019|pages=25–33|doi=10.1515/gcc-2019-2002 |arxiv=1803.11528|s2cid=119676551 }}  An expository summary of both works is {{cite thesis|title=Group distortion in Cryptography|publisher=[[Universitat de Barcelona]]|first=Nicolas|last=Werner|location=Barcelona|date=19 June 2021|type=[[Bachelor's degree#Spain|grado]]|url=http://diposit.ub.edu/dspace/bitstream/2445/185858/1/tfg_werner_nicolas.pdf|access-date=13 September 2022}}</ref>
+The simplification in a word problem induced by subgroup distortion suffices to construct a [[cryptosystem]], algorithms for encoding and decoding secret messages.<ref name=Crypto/>  Formally, the [[plaintext]] message is any object (such as [[plain text|text]], [[images]], or [[numbers]]) that can be encoded as a number {{mvar|n}}.  The transmitter then encodes {{mvar|n}} as an element {{math|''g''&nbsp;∈&nbsp;''H''}} with [[word length]] {{mvar|n}}.  In a public overgroup {{mvar|G}} with that distorts {{mvar|H}}, the element {{mvar|g}} has a word of much smaller length, which is then transmitted to the receiver along with a number of "decoys" from {{math|''G''&nbsp;\&nbsp;''H''}}, to obscure the secret subgroup {{mvar|H}}.  The receiver then picks out the element of {{mvar|H}}, re-expresses the word in terms of generators of {{mvar|H}}, and recovers {{mvar|n}}.<ref name=Crypto>Protocol I in {{cite journal|url=https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=1298&context=ny_pubs|title=Cryptosystems Using Subgroup Distortion|year=2017|first1=Indira|last1=Chatterji|author1-link=Indira Chatterji|first2=Delaram|last2=Kahrobaei|author2-link=Delaram Kahrobaei|author3=Ni Yen Lu|journal=Theoretical and Applied Informatics|volume=29|series=1|number=2|pages=14–24|doi=10.20904/291-2014|arxiv=1610.07515|s2cid=16899700 }}  Although Protocol II in the same paper contains a fatal error, Scheme I is feasible; one such group/overgroup pairing is analyzed in {{cite journal|last1=Kahrobaei|first1=Delaram|author1-link=Delaram Kahrobaei|last2=Keivan|first2=Mallahi-Karai|title=Some applications of arithmetic groups in cryptography|journal=Groups Complexity Cryptology|volume=11|number=1|year=2019|pages=25–33|doi=10.1515/gcc-2019-2002 |arxiv=1803.11528|s2cid=119676551 }}  An expository summary of both works is {{cite thesis|title=Group distortion in Cryptography|publisher=[[Universitat de Barcelona]]|first=Nicolas|last=Werner|location=Barcelona|date=19 June 2021|type=[[Bachelor's degree#Spain|grado]]|url=http://diposit.ub.edu/dspace/bitstream/2445/185858/1/tfg_werner_nicolas.pdf|access-date=13 September 2022}}</ref>
 == References ==