Finite Geometries, LDPC Codes and Cryptography Ustimenko PDF
Finite Geometries, LDPC Codes and Cryptography Ustimenko PDF
Finite Geometries, LDPC Codes and Cryptography Ustimenko PDF
cryptography
Maria Curie-Sklodowska University
Faculty of Mathematics, Physics and Computer Science
Institute of Computer Science
Vasyl Ustimenko
Urszula Romańczuk
Lublin 2012
Institute of Computer Science UMCS
Lublin 2012
Vasyl Ustimenko
Urszula Romańczuk
Finite geometries, LDPC codes and
cryptography
Publisher
Maria Curie-Sklodowska University
Institute of Computer Science
pl. Marii Curie-Sklodowskiej 1, 20-031 Lublin
Series Editor: prof. dr hab. Pawel Mikolajczak
www: informatyka.umcs.lublin.pl
email: [email protected]
ISBN: 978-83-62773-39-8
Contents
Preface vii
Bibliography 161
Index 173
Preface
ACKNOLEGEMENTS.
First and foremost I would like to thank my advisor Prof. Vasyl Us-
timenko without whose aid and advise, guidance and co-operation this re-
search work would not have been possible. I wish to thank his wonderful
wife for her kindness and advices. I also want to acknowledge and thank
my dear friends Aneta Wróblewska and Monika Polak for their friendship
and significant contributions to the development of this research.
I am forever grateful to Prof. Wojciech Szapiel (1948- 2010) who was a
supervisor of my master thesis in The Catholic University in Lublin. His pro-
fessional conduct and unflagging support of me and my work has provided an
excellent model for me to follow in my career. From The Catholic University
in Lublin, I extend thanks and appreciation to Dr. Armen Grigoryan and
Prof. Dariusz Partyka. I am also greatly indebted to Prof. Jerzy Kozicki,
Prof. Maria Nowak, Prof. Stanisaw Prus and Prof. Zdzisaw Rychlik of
Maria Curie-Sklodowska University in Lublin for their guidance and sup-
port.
Special thanks to my high school teacher Mikolaj Babulewicz. I have
been very fortunate to have the love and support of my family. Especially
I would like to thank my mother and sister for their never-ending belief in
my ability. Finally I would like to thank my fiancé, for all his love, support
and encouragement. Without you I could not have made it.
Urszula Romańczuk
Chapter 1
Incidence systems and geometries over
diagrams
x = (x) = (x1 , x2 , x3 , . . . xi , . . . )
1.1. Graphs and incidence structures 3
y = [y] = [y1 , y2 , y3 , . . . , yi , . . . ]
We say that point (x) is incident with the line [y] and we write it x I y
or (x) I [y] if and only if the following conditions are satisfied:
yi − xi = yi−1 x1
where i = 2, 3, . . . .
It is easy to see that W (q) is an infinite q-regular graph. Really, there is
the unique neighhbour y = [y] of the given vertex a = (a) with the chosen
first coordinate y1 from Fq . Other coordinates y2 , y3 , . . . can be consecu-
tively computed from the above written equations. The neighbourhood of
the line b = [b] can be observed in a similar way.
Let W(q) be the incidence graph of the structure Γ(Fq ) = (P, L, I). For
each integer n ≥ 2 let Γ(n, Fq ) = (Pn , Ln , In ) be the incidence system, where
Pn and Ln are the images of P and L under the projection of these spaces
on the first n-coordinates and binary relation In is defined by the first n − 1
equations. Finally, let W(n, q) be the incidence graph for Γ(n, Fq ). This
is exactly the graph, which has been defined by Wenger [183] and used in
various problems in Computer Science [178]. Graph W(q) is a projective
limit of W(n, q) when n goes to infinity.
Example 1.1.2. Let Pm be the incidence graph of the incidence structure
of points (vertices) and lines (edges) of the ordinary m-gon. We can identify
P with the set of singletons {i}, i = 1, 2, . . . , m and L with the collection
of subsets {1, 2}, {2, 3}, . . . , {m − 1, m} , {m, 1}. It is easy to see that the
girth of Pm is 2m and the diameter is m.
Example 1.1.3. Let us consider the following bipartite finite graph A(n, q)
(alternating graph). The partition sets Pn and Ln are two copies of the
n-dimensional vector space Fnq (point set and line set, respectively). Brack-
ets and parentheses allow us to distinguish point (p) = (p1 , p2 , . . . , pn ) ∈ Pn
and line [l] = [l1 , l2 , . . . , ln ] ∈ Ln . Point (p) is incident to line [l] if and only
if the following equations hold:
li − pi = l1 pi−1
li+1 − pi+1 = p1 li
n
where i = 2, 3, . . . , 2 2 , but when n is even we have to ignore the last
equation. Similarly to the case of Wenger graphs we can check that graph
A(n, q) is the a q-regular bipartite graph (each vertex has q neighbours).
Clearly, that A(n, q) has 2q n vertices and q n+1 edges.
The naturally defined projective limit of graphs A(n, q) equals Tq,q .
Different description of Tq,q in terms of equations over finite field Fq the
reader can find [152].
Graphs W (n, q) and A(n, q) are examples of semiplanes. Further prop-
erties of A(n, q) the reader can find in [175], [176].
Example 1.1.4. The complete bipartite graph Km,n is biregular graph with
the sets of points P , |P | = m and lines L,|L| = n, such that each point is
6 1. Incidence systems and geometries over diagrams
incident with each line. So, the order of Km,n is m + n (number of vertices),
the size is mn (number of edges) and bidegrees m, and n.
P = {W < V |dim(W ) = 1}
[l], which are not connected by an edge, the corresponding chain is of kind
(p) I [l′ ] I (p′ ) I [l], where [l′ ] is a line trough the point (p) and (p′ ) is the
point on a line [l]. So, the diameter of our incidence structure is 3. Let us
compute the degree of each vertex. Every two dimensional subspace over Fq
contains q 2 − 1 nonzero vectors, q − 1 proportional vectors and zero vector
form one dimensional subspace. So, we have (q 2 − 1)/(q − 1) = q + 1 points
through chosen line. The change of two dimensional subspace in the written
above computation for the space of dimension 3 will allow us to compute
number of all points, which is (q 3 − 1)/(q − 1) = 1 + q + q 2 . The general
equation of the line is
α1 x1 + α2 x2 + α3 x3 = 0,
where the point with nonzero vector (α1 , α2 , α3 ) gives full information about
the line. It means that we have 1 + q + q 2 lines in our incidence structure.
So, the order of our bipartite graph is 2(1 + q + q 2 ). We can get the size
(number of edges) as a product of number of points 1 + q + q 2 with the
degree q + 1. So, the size e equals (q 3 − 1)/(q + 1). We compute the degree
of line simply by division of e on number of lines (1 + q + q 2 ). So, incidence
graph is regular of degree q +1. Let use the notation P G2 (q) for the classical
projective plane introduced above.
The connected geometries over diagrams D such that D(A) is the class
of generalized m-gons for some m together with the family of complete
bibartite graphs are called the Tits geometries. If A = {i, j} and D(A) is
generalised m-gon, then we shall draw the edge between nodes i and j with
the weight m − 2. If D(A) is a biregular tree we put the weight ∞. Absence
of the edge between nodes i and j means that D(A) is a bipartite complete
graph Kn,m .
We refer to Tits geometry as thin incidence system if all generalised
m-gons of kind D(A) have order (1, 1), i.e. D(A) is an ordinary m-gon Pm ,
tree T2,2 or complite bipartite graph.
In opposite case when all generalised m-gons of Tits geometry are of
order (r, s), r ≥ 2 and s ≥ 2, we will use term thick incidence system. As it
follows from the definitions and Feit Higman theorem the diagram of finite
thick Tits geometry has weights 1, 2, 4 or 6.
and
functions, t(c(A)) can be different from t(A). Anyway t(A) = t(B) implies
t(c(A)) = t(c(B)).
Group Sn+1 appears as the automorphism group of thin Tits geometry Γ.
Vise versa we can reconstruct the geometry from symmetric group. Recall,
that each permutation from the group Sn+1 is a product of transpositions
(i, j), i, j ∈ N . So, the symmetric group is generated by all transpositions.
The number of generators is (n + 1)(n + 2)/2. In fact we may use only
transpositions from the smaller set
of cardinality n. Really
(23)(12)(23) = (13),
(34)(13)(34) = (14),
(45)(14)(45) = (1, 5),
...
(n, n + 1)(1, n)(n, n + 1) = (1, n + 1).
So, we have all transpositions with the symbol 1. We can conjugate them
with (12) and get all transpositions with symbol 2: (1, 2) and (2, 3) are
already on our list
(12)(1i)(12) = (2i), i = 4, 5, . . . , n + 1.
(23)(2i)(23) = (3i), i = 4, 5, . . . , n + 1,
(34)(3i)(34) = (4i), i = 5, 6, . . . , n + 1,
...
(n, n + 1)(n − 1, n)(n, n + 1) = (n − 1, n + 1).
Proof. The symmetric group Sn+1 acts transitively on the set Γ′i of elements
of the type i from Γ′ . The set Γ′i contains all left cosets of group Sn+1 by
subgroup Wi , which is isomorphic to Si × Si+1 . So
(n + 1)!
|Γ′i | = i
= Cn+1 .
i!(n + 1 − i)!
So, actions of Sn+1 on sets Γi and Γ′i are similar. Let di be the bijection
of Γi onto Γ′i , which send {g(1), g(2), . . . , g(i)} to gWi . Then the map d
of Γ onto Γ′ such that d(x) = di (x) for x ∈ Γi induces the similarity of
intransitive permutation groups (Sn+1 , Γ) and (Sn+1 , Γ′ ) and isomorphism
of incidence structures Γ and Γ′ .
and
Group GLn (q) acts on the vectors (rows) from V = Fn+1 q by the rule:
matrix A sends x ∈ V into xA. The action of this group on the set V induces
the action on P Gn (q). Matrix A ∈ GLn (q) moves subspace W into subspace
W ′ = {xA|x ∈ W }. The induced action is not faithful, totality S(q) of scalar
matrices form the kernel. The factor group P GLn (q) = GLn+1 (q)/S(q)
(projective linear group) is the automorphism group of P Gn (q).
1.3. Distance transitive graphs 13
J(A, B) = i − |A ∩ B|.
Obviously, elements (A, B) and (A′ , B ′ ) are taken from the same orbital
if and only if
J(A, B) = J(A′ , B ′ ).
It is easy to see that symmetric function J(A, B) is a metric on the
finite set Γj , i.e. J(A, B) ≥ 0, J(A, B) = 0 implies A = B and the triangle
inequality holds J(A, B) ≤ J(A, C) + J(C, B).
Recall, that function d is a distance transitive metric d if d(A, B) =
d(A′ , B ′ ), then there exists a metric automorphism π (i.e. d(x, y) = t implies
π(x) = π(y)), such that π(A) = A′ and π(B) = B ′ .
The classical Coding Theory studies examples of finite distance transitive
metrics d on the set X and maximal subsets Y of X such that d(x, y) ≥ t,
where t is fixed parameter ≥ 1, and x, y are arbitrary pair of distinct
14 1. Incidence systems and geometries over diagrams
x1 + x2 + · · · + xn+1 = j.
Dijkstra algorithm will provide us with the distance between A and B for
O(Cnj ln(Cnj )) elementary steps via computation of the shortest path in J1 .
But we can compute this distance J(A, B) as i − |A ∩ B|, where A ∩ B
is obtained by computation of scalar product for vectors (x1 , x2 , . . . , xn+1 )
and (y1 , y2 , . . . , yn+1 ) corresponding to subsets A and B (O(n) elementary
steps).
Fast computation of the distance is common feature of all known families
of distance transitive graphs. This is one of the reason for their importance
in Computer Science (Networking, Parallel computations, Coding and etc).
The Johnson metric is connected with the thin Tits geometry with the
diagram An .
({i1 }, f1 ),
({i1 , i2 , }f2 ),
..
.
({i1 , i2 , . . . , in }, fn ),
({i1 , i2 , . . . , in , in+1 }, fn+1 ),
Let us consider the totality of pairs and (π, c), where π ∈ Sn+1 and
c ∈ Fn+1
2 . Each pair (π, c) moves written above flag into
({π({i1 })}, f1′ ),
(π({i1 , i2 }), f2′ ),
..
.
(π({i1 , i2 , . . . , in }), fn′ ),
′
(π({i1 , i2 , . . . , in , in+1 }), fn+1 ),
where fn+1′ (π(i)) = bi +ci . It is easy to see that the transformation group on
the set of maximal flags is isomorphic to the group of bijections x → xA + c
on the set of row vectors from Fn+1 2 , where A is permutational matrix and
c ∈ Fn+1
2 . Recall, that the entries of permutational matrix are taken from
{0, 1} and each row or column contains exactly one symbol 1. We refer
to this group as hypercubical group and denote it via HCn+1 . Obviously
|HCn+1 | = 2n+1 (n + 1)!. This group acts naturally on the set of elements of
our incidence systems. This action allow us treat each element of HCn+1 as
an automorphism of our thin Tits geometry with the diagram An+1 . Notice
that HCn+1 acts regularly on the set of maximal flags, i.e. for each pair of
flags F1 , F2 there exist unique group element, which moves F1 into F2 .
Notice, that the group HCn+1 acts on the set of elements corresponding
to the node n + 1 similarly to (HCn+1 , Fn+1 2 ). Two pairs of functions (f , g)
and (f ′ , g ′ ) from {1, 2, . . . , n, n + 1} into F2 are in the same group orbital if
and only if sets A = {x|f (x) = g(x)} and A′ = {x|f ′ (x) = g ′ (x)} have the
same cardinality k.
We can introduce distance regular metric
H(f, g) = n + 1 − |{x|f (x) = g(x)}|
and write the condition (f, g) and (f ′ , g ′ ) are from the same orbital as
d(f, g) = d(f ′ , g ′ ). The symmetric function d(f, g) is, in fact, famous Ham-
ming metric, which has various applications in Computer Science. Let us
consider distance transitive Hamming graph
H1 = {(f, g)|H(f, g) = 1}.
In case of dimension 2, 3 graphs H1 are isomorphic to of P4 and 3
dimensional cube, for which HC2 and HC3 are full automorphism groups,
respectively.
G(W1 , W2 ) = i − |W1 ∩ W2 |.
Obviously elements (W1 , W2 ) and (W1′ , W2′ ) are taken from the same orbital
if and only if G(W1 , W2 ) = G(W1′ , W2′ ). it is easy to see that symmetric
function G(A, B) is a metric function on the finite set Γj . The function is
an other example of distance transitive metric known as Grassman metric.
If G(W1 , W2 ) = G(W1′ , W1′ ), then there exists a metric automorphism
g ∈ P SLn (q), such that g(W1 ) = W1′ and g(W2 ) = W2′ . The classical
Coding Theory studies examples of maximal subsets Y of Γi such that
d(W1 , W2 ) ≥ t, where t is fixed parameter ≥ 1, and W1 , W2 are arbitrary
pair of distinct elements on Γj .
Information on the Grassman metric G can be given by the family of
symmetric binary relations
relation xÔy if and only if there exist g in T such that g(x) = y is ”wild ”
algebraic problem (see [47] and further references for the definition of alge-
braic wilderness). The description of classes as above heavily depends on
the choice of field F. We can consider the algebraic closure of this partition
in Zarisski topology. Instead of orbit we can take the minimal topologi-
cally closed subset in P Gn (F). D. Hilbert defined small Schubert sets as a
collection of such subsets (see [55]).
Recall, that algebraically closed sets in Zarisski topology are simply sets
of solutions of algebraic system of algebraic equations. It is interesting that
the number of small sch(n) does not depend on the choice of F if parameter n
is ”sufficiently large”. Function cch(n) is an important example of function
which is hard to compute.
The number gn+1 m (q) of m-dimensional subspaces of Fm is known as
q
Gaussian binomial coefficient. Group GLn+1 (q) of order
(si × sj )mi,j = e.
So generic relations are given by the list: s21 = e and s22 = e. Irre-
ducible words are s1 s2 s1 s2 . . . s1 s2 , s2 s1 . . . s2 s1 in case of even length and
22 1. Incidence systems and geometries over diagrams
Example 1.5.4. (Finite Coxeter group with the diagram Im−2 ) In case
of diagram (Fig. 1.12) the geometry is orginary m-gon Pm . We have to
generators s1 and s2 and unique generic relation (s1 s2 )m = e.
The list of irreducible words contains 2m irreducible words e, s1 , s2 ,
s1 s2 , s2 s1 , . . . , the maximal length of the word is m. We may identify
s1 and s2 with mirror symmetries of Pm , which fix the line [1, 2] together
with incident points (1) and (2), so s1 s2 is a rotation of regular polygon Pm
corresponding to the angle 2π/m.
We already discuss the case of Coxeter diagram Bn and corresponding
group of transformations x → xA + b of vector space Fn2 , where b ∈ Fn2 and
A permutational matrix. We may identify set S of generators with permu-
tational matrices corresponding to transpositions (12), (23), . . . , (n − 1, n)
and translation τ adding 1 ∈ F2 to the last coordinate of vector x. It is
easy to check that τ (n − 1, n) has order 4. So τ corresponds to extremal
right node of the diagram. The action of group W = Bn on the left cosets
by Wn = h(12), (23), . . . , (n − 1, n)i is similar to natural action of Bn onto
vector space Fn2 . Hamming metrics corresponds to this action.
Let us change τ for τ ′ adding 1 to the last two coordinates of vector
x. It is easy to see that τ commutes with linear transformation (n − 1, n)
and generic relations between (12), (23), . . . , (n − 1, n), τ ′ are ”encoded”
1.5. Groups and Tits geometries 23
x1 + x2 + · · · + xn = 0.
w = s′−1 ∈ gWi
{s′1 , s′1 s′2 s′1 , s′1 s′2 s′3 s′2 s′1 , . . . , s′1 s′2 . . . s′n s′n−1 . . . s′1 }.
|T + (β) ∩ T − (β ′ )| = |T − (β) ∩ T + (β ′ )| = 0.
{β ∈ Γ(W )|l(β) ≤ k}
rj (αi ) = αi − ai,j αj .
introduce the dual element αi ∗ , which is a linear function l(x) from Lat(A)
into Z, such that l(αi ) = 1 and l(αj ) = 0 for j 6= i. Notice, that group
W (A) acts naturally on linear functions l(x) from dual lattice for Lat(A):
g(l(x)) = l(g(x)).
Let Hi = Hi (A) be the orbit of group W (A), which contains αi ∗ . We
consider an incidence structure defined on the set H(A) = H1 ∪H2 ∪· · ·∪Hm
with the type function t(h(x)) = i ⇐⇒ x ∈ Hi and incidence relation
hIh′ ⇐⇒ h(x)h′ (x) ≥ 0 for all x ∈ {α1 , α2 , . . . , αm }
The following statement the reader can find in [151], [153].
Proposition 1.6.2. The incidence system H(A) is isomorphic to Coxeter
geometry W (A).
The information on element h in H(A) can be given by string
(h(α1 ), h(α2 ), . . . , h(αm ), i),
where i is the type of elements. So we can check the incidence of elements
for time O(m).
If Γ is a finite subset of H(A) of cardinality k, then adjacency matrix of
Γ can be computed for time O(k 2 m).
In the case of finite group W (A) linear functions αi ∗ corresponds to
fundamental weights fi . Linear function αi∗ can be given as a map
x → (fi , x),
where scalar product (·, ·) is defined by Killing form (see [43], [44]).
We assume that Cartan matrices A1 and A2 are equivalent if correspond-
ing Weyl groups W (A1 ) and W (A2 ) act similarly on lattices Lat(A1 ) and
Lat(A2 ). If the Coxeter diagram W (A) is different from Bl , then class of
equivalent matrices is uniquely defined by diagram: A1 ⇐⇒ A2 if and only
if diagrams for W (A1 ) and W (A2 ) coincide. There are exactly two classes
of equivalent Cartan matrices in the case of diagram Bn , n ≥ 3. Each claa is
denoted by the directed graph which can be obtained by putting the double
arrow instead of the underected edge with weight 2. This way we obtained
two ”Coxeter-Dynkin” diagrams Bn and Cn . In case of Weyl groups we will
use term Coxeter-Dynkin diagrams. We are not discussing here the symbolic
meaning, of the directions (from left to right or opposite). We simply will
put the list of positive roots in both cases Bn and Cn in the Appendix (last
pages of manuscript).
Theorem 1.6.3. The list of finite Weyl groups is given by the list of dia-
grams in table 1.2.
In case of rank (A) = m − 1 we use term affine Coxeter-Dynkin diagram.
Theorem 1.6.4. The affine Coxeter matrix uniquely defined up to equiva-
lence by its Coxeter-Dynkin diagrams from the list given in Table 1.3.
1.6. Cartan matrices and Coxeter groups 27
may check that that group Bn+1 (q) of triangular matrices which is minimal
subgroups, which contains Tn+1 (q) and Un+1 (q), together with the group
N = Nn+1 (q) of monomial matrices for which exactly one entry of each row
differs from zero, form BN -pair.
The maximal standard parabolic subgroup, i.e group X, such that Bn+1 (q) <
X < GLn+1 (q) is a totality of matrices Pi
A 0
,
B C
Let us consider the action of group B onto left cosets of kind gPi .
We refer to the orbits of this action as large Schubert cells for Γ(G) they
are in one to one correspondence with the double cosets of kind BgPi . It
can be prowen that there is unique represantative w ∈ Wi of the shortest
length such then BgPi = wWi . Let Retr be the map from Γ(G) such that
Retr(gPi ) = wWi if an only if BgPi . The map Retr is a homomorphism of
Γ(G) onto Γ(W ) (retration map).
Let us consider groups of kind w−1 Bw, w ∈ W and equivalence relation
gPi ⇐⇒ g ′ Pi if and only if there exist w ∈ W such that cosets gPi and
g ′ Pi are in the same orbit of w−1 Bw. We refer to classes of this equivalence
relation as small Schubert cells of Tits geometry Γ(G).
Let G be a split finite BN -pair with cooresponding geometry Γ(G).
Let us consider the largest orbits of Borel subgroup B acting on Γ(G),
i.e. orbits corresponding to double coset GwPi with maximal l(wWi ) for
each i = 1, 2, . . . , n. As it follows directly from definition disjoint union [Γ]
(”integer part” of Tits geometry) with the restriction of incidence I and
type function t on this set is a flag transitive incidence system. In fact,
Borel subgroup B acts transitively on the totality of maximal flags (cosets
of kind gB, g ∈ G. We refer to this incidence system as Schubert geometry
and use notation Sch(Γ(G)).
1.7. On general constructions of thick flag transitive Tits geometries 31
Let us consider class of finite BN -pairs of rank 2. For each thick m-gon
from this class m ∈ {3, 4, 6, 8} we consider biregular incidence structure
Sch(Γ(G)). Tis incidence structure a(m) = aqr ,qs (m) is uniquely determined
by the triple m, q r , q s , where last two parameters stands for the bidegrees
of corresponding incidence graph. We refer to a(m) as affine part of gener-
alised m-gon (see [156]). We associate with the general Schubert geometry
Sch(Γ(G)) the diagram obtained from diagram of Γ(G) simply by the change
of weight m − 2 of the edge for symbol a(m). It is easy to see that Schubert
geometry Sch(Γ(G)) is a diagram geometry over new diagram.
The idea of diagram geometry allows easily expand the class of geometry.
For instant adding some new incidence structures to the list of generalised
polygons brings famous class of Buekenhout-Tits geometries, which contains
geometries of finite nonabelian sporadic groups together with the geometries
of BN -pairs (see [18], [19]).
[x, y] + [y, x] = 0
and
[x, [y, z]] + [y, [z, x]] + [z[x, y]] = 0
32 1. Incidence systems and geometries over diagrams
(x, y) = T r(ad(x)ad(y)),
[ei , fj ] = σi,j ,
[hi , hj ] = 0,
[hi , ej ] = ai,j ej ,
[hi , fj ] = −ai,j fi ,
(ad(ei ))1−ai,j (ej ) = (ad(fi ))1−ai,j (fj ) = 0, i 6= j.
[h, x] = h(α)
[eα , eβ ] = 0
in opposite case.
Let us consider BN -pairs corresponding to algebra L(A) over various
fields F. Let (L(A), ad) be adjoint representation of L(A). As it follows
from the definitions transformations
X
exp(ad(λei ))(v) = (1/n!)λn (ad(ei ))n (v),
n≥0
X
exp(ad(λfi ))(v) = (1/n!)λn (ad(fi ))n (v),
n≥0
of Weyl group and their union H are also subsets of L0 . Recall that we treat
the set H as an incidence system. Linear functionals l1 (x) and l2 (x) are
incident if and only if products l1 (α)l2 (α) ≥ 0 for all roots α corresponding
to Cartan matrix A. The type function t is defined by t(l(x)) = i where
l(x) ∈ Hi . We already discussed the isomorphism of (H, I, t) and Coxeter
geometry Γ(W ). In fact there is a unique isomorphism of ΓW with (H, I, t),
which sends Wi to αi , 1 ≤ i ≤ m.
We now consider an analogous embedding of the Lie geometry ΓG into
the Borel subalgebra B = L0 + L+ of L. Let d = α1 ∗ + α2 ∗ + · · · + αm ∗ .
Than we can take
∆+ = {α ∈ ∆|d(α) ≥ 0}
to be our set of positive roots in ∆. For any l(x) ∈ Lat(L) define
h = x1 α1∗ + x2 α2∗ + · · · + xm αm
∗
,
h′ = h.
We can check that values of l(α), where l(x) ∈ Lat and α in L0 are < 5 .
So, the embedding of H into L0 is still working for a field F of characteristic
≥ 5 . So we may use it in the case of finite field.
We give B = B(A, F) the structure of an incident system as follows.
Elements (h1 , v1 ) and (h2 , v2 ) are incident if and only if each of the following
hold:
(i) h1 (α)h2 (α) ≥ 0 for all α ∈ ∆, i.e. it means that h1 and h2 are incident
in (H, I, t).
(ii) [h′1 + v1 , h′2 + v2 ] = 0
Element (h, v) has type i if h + v ∈ Ui .
In [151] it is shown that this newly defined incident system is isomorphic
to the Lie geometry ΓG , provided that the characteristic of K is zero or
sufficiently large to ensure the isomorphism at the level of the subgeometries
(H, I, t) and ΓW . Then analogous to the Weyl case, there exists a unique
isomorphism Retr of Γ(G) into (B, I, t) which sends Pi to αi , 1 ≤ i ≤ l.
The following statement
Theorem 1.7.2. Let Γ(A, q) = Γ(G) be the Tits geometry of finite group
G = Xn (q) corresponding to Cartan matrix A, char(Fq ) ≥ 5. Then Γ is
isomorphic to the incidence system (B(A, Fq ), I, T )
Γ(A, q) in O(|Γ|) elementary steps and check whether or not two elements
of Γ are incident for time O(N 2 ), where N is the number of positive roots.
Corollary 1.7.3. Geometry Γ(A, q) o can be generated in computer memory
in time O(|Γ|). The check whether or not two elements of Γ are incident
can be O(m2 ), where m is the number of diagram nodes.
1.7. On general constructions of thick flag transitive Tits geometries 35
[−αi∗ + vi , −αj∗ + vj ] = 0.
Ri −1 = {(x, y)|(y, x) ∈ Ri }
It means that structure constant of H(Bn (q)) and H(Cn (q)) are equal
and there is a natural one to one correspondence between fusions of H(Bn (q))
and H(Cn (q)). Notice that groups B2 (q) and C2 (q) are isomorphic. So,
H(B2 (q)) = H(C2 (q)).
Let (G, X) be a permutation group. We refer to
N (G) = {π ∈ S(X)|π −1 Gπ = G}
as permutational normalizer of G.
The group of automorphism of distance transitive metric corresponding
to the action of Bn (q) on Bn (q) : Pn (Cn (q) on Cn (q) : Pn ) coincides with
N (Bn (q)) (N (Cn (q))), respectively. In fact N (Bn (q)) and N (Cn (q)) are
simply extensions of Bn (q) and Cn (q) by automorphisms of finite field Fq
(see [31]). So N (Bn (q)) and N (Cn (q)) are different quasisimple finite group.
So, we prove the following statement.
Proposition 2.1.3. Hyperequivalent Hecke algebras H(Bn (q)) and H(Cn (q))
are not isomorphic.
In paper [173] the following problem had been investigated. Let G be
a finite BN pair acting on G : Pi . Describe over groups X of (G, G : Pi ),
i.e. subgroups Z of symmetric group S(G : Pi ) such that Z > G. The
proof of this results use some corollaries from the classification theorem of
finite simple groups (t.f.s.g.). The compact solution independent from for
the (t.f.s.g.) for the case of classical BN pairs, i.e. simple groups with
diagrams An , Bn , Cn and Dn , was obtained in [188], [189]. In particular,
the following statement was proven.
Theorem 2.1.4. (i) Let Z be over group of (Cn (q), Cn (q) : Pn ), n ≥ 2
then Z is subgroup of permutational normalizer N (Cn (q)).
(ii) Let Z be over group of (Bn (q), Bn (q) : Pn ), which is not a subgroup
N (Bn (q)). Then
Dn+1 (q) < Z < N (Dn+1 (q))
The nature of the embedding of Bn (q) into Dn+1 (q) was investigated
in [104]. Orbitals of Dn+1 (q) : Pn on Bn (q) : Pn obviously form distance
transitive orbital scheme corresponding to Hecke algebra H(Dn+1 (q)) but
the image Ωn (q) of H(Dn+1 (q)) under the hyperequivalence ηη ′ sending
Ri to Ri′ is distance regular but not distance transitive map. The distance
regular graph of Ωn (q) is called ”Ustimenko graph” according to subject
index of [16]. J. Hemmeter used the existence of Ωn (q) for the prove of
existence of other family of distance regular but not distance transitive
graphs of unbounded diameter (see Hemmeter graphs in the subject index
in [16]).
2. Distance regular graphs, small world graphs and generalisations of Tits
42 geometries
(p) = (p1 , . . . , pn , c1 , c2 , . . . , cr )
[l] = [l1 , . . . , ln , t1 , t2 , . . . , ts ]
y − b = xa
z − 2c = −2xb
u − 3d = −3xc
2v − 3e = 3zb − 3yc − ua
Let us define the incidence relation I4 as: (a, b, c)I4 [x, y, z] if and only if
y − b = xa
z − c = ay + ay q .
2.4. On small world graphs obtained by blow up operation 47
The term graphs with memory used for an infinite family of finite graphs
Γi (K) with the vertices and which are tuples over the alphabet K and the
choice of neighbour described by disjoint union of several Cartesian powers
of K.
The family of graphs with memory can be treated as special models of
Turing machina with the internal and external alphabet K and few special
symbols.
Definition 2.4.1. We define, that family of k-regular graphs Γi (or graph
with the average degree k) and increasing order vi is a family of graphs of
small world if
diam(Γi ) ≤ clogk (vi )
for some independent constant c, c > 0, where diam(Γi ) is diameter of graph
Γi .
The chapter is devoted to explicit constructions of new families of small
world tactical configurations with memory. They form wide class of graphs
containing incidence graphs of geometries of finite simple groups of Lie type.
The examples can be partited into three following categories - cases of graphs
with bounded diameter, unbounded diameter, and the case of bounded de-
gree.
For the defined class of graphs the natural parametrisation of walks
(computations in the corresponding Turing machine) will be given. It is
allow to introduce analogs of small Schubert sells on the set of vertices.
2. Distance regular graphs, small world graphs and generalisations of Tits
48 geometries
It is well known that the diameter of a k-regular graph (or graph with
the average degree k) of order v is at least logk−1 (v) and that the random
k-regular graph has diameter close to this lower bound (see [3, X]). Only
several explicit constructions of families of k-regular graphs with diameter
close to logk−1 (v) are known(see [11], X, sec.1) and further references or
geometrical construction .
In case of irregular graph with the list of valencies k1 , k2 , . . . , kt , we shall
use the term small world graph for the graph with the diameter bounded
by ci logki (v) for each i = 1, . . . , t for appropriate constant ci .
In case of that family of irregular graphs Γi of degree ki and increasing
order vi , we shall use also the term family of graphs of small world if
(f + g) ∗ h = f ∗ h + g ∗ h,
h ∗ (f + g) = h ∗ f + h ∗ g.
2.4. On small world graphs obtained by blow up operation 49
1 l1
· · ւ
∗ ∗ 1 l2
· · · · ւ
∗ ∗ 0 ∗ 1 l3
· · · · · · ւ
∗ ∗ 0 ∗ 0 ∗ 1
Figure 2.1.
Let us continue this process and consider the step m. The system
{b̄1m−1 , b̄2m−2 , . . . , b̄m
contains the unique vector b̄lm−1 such that all its
m−1 }
Put
(m) m−1 −1
Γ̄l1 = Γ̄l1 = (bl,l 1
) × b̄lm−1
(m−1) (m−1) (m−1)
and exchange the vectors Γ̄l2 , Γ̄l3 , . . . , Γ̄lm by
(m−1) (m−1)
Γ̄li = Γ̄li − gli ,l1 · Γ̄l1 .
and determing
P mapping ρ : P Gn−1 (F) → Ñ . Notice that it is convenient to
identify either with the set of transpositions of the group Sn (the Weil
group An−1 of the general linear group P Gn (F) ) or with the positive roots
of the system An−1 (i.e. with the vectors ei −ej ). Here ei is the orthonormal
basis vectors of the Euclidean space of dimension n.
Proof. If U and W are distinct subspaces then ρ(U ) and ρ(W ) are dis-
tinct elements of Ñ . In fact, the equality ρ(U ) = ρ(W ) implies the equality
of the Gaussian basises Γ̄l1 , Γ̄l2 , . . . , Γ̄lm a Γ̄′l1 , Γ̄′l2 , . . . , Γ̄′lm of the subspaces
U and W , respectively.
In this case
U = Γ̄l1 , Γ̄l2 , . . . , Γ̄lm = Γ̄′l1 , Γ̄′l2 , . . . , Γ̄′lm = W .
On the other
hand the image of an element (B, f ) is nonempty. It contains
the subspace Γ̄l1 , Γ̄l2 , . . . , Γ̄lm where {l1 , l2 , . . . , lm } = B and Γ̄l1 , Γ̄l2 , . . . , Γ̄lm
is the Gaussian basis determined by the function f . Thus the mapping ρ is
a bijection.
Let U be a subspace of W and ρ(U ) = (B, f ), ρ(W ) = (A, g). Let us
show that B ⊂ A. Suppose to the contrary that i ∈ B & i ∈ / A. The vector
Γ̄i of the Gaussian basis of U is a linear combination of the vectors Γ̄′j of the
Gaussian basis of W . Moreover the coefficients behind the vectors having
number j > i should be equal to zero:
X
Γ̄i = λj Γ̄′j . (2.4.1)
j<i
But the i-th component of the vector on the right is zero while this
component of the vector on the left is 1, a contradiction. Notice that if
i ∈ B then
X
Γ̄i − Γ̄′i = λj Γ̄′j . (2.4.2)
j<i
g − f |∆(A)∩∆(B) = g ◦ f.
Notice that the vectors from F∆(A) = {f |f (x) = 0 for x ∈ / ∆(A)} form
an abelian subalgebra (since x ◦ y = 0 for all x, y ∈ F∆(A) ). This is due to
the fact that if the elements of ∆(A) are considered as the roots ei − ej of
the system An−1 then the sum of two roots from ∆(A) is not a root. So
g ◦ f = g|∆(A)\∆(A)∩∆(B) ◦ f |∆(B)\∆(A)∩∆(B)
2.4. On small world graphs obtained by blow up operation 53
The right side of the above equality is just the j-th component of the right
side of (2.4.2).
Definition 2.4.6. Let (Γ̃, I, ˜ t̃) be a blowing of an incidence system (Γ, I, t)
with the set of types ∆. For an element y ∈ U let us define a transformation
ŷ of the set Γ̃i by the following rule:
where (α, x) ∈ Γ̃i . The incidence system (Γ̃, I, ˜ t̃) will be called a smooth
blowing of an incidence system (Γ, I, t) if there is an element i ∈ ∆ (the
distinguished type) such that
(a) an element a ∈ Γ is uniquely determined by the set Oa of elements
from Γ̃i which are incident to a;
(b) for arbitrary y and a the transformation ŷ maps Oa into the set Ob
for some b;
(c) the action of ŷ on Γ̃ defined by the rule:
is an automorphism of Γ̃.
The incidence system (Ñ , Φ̃, t̃) considered in Example 2.4.3 is a smooth
blowing of the system (N, Φ, t). For the distinguished type one can take 1
or n − 1 (remind that t(A) = |A| for A ∈ N ).
Example 2.4.7. Geometry of the Weyl groups of classical groups.
The relation Φ on the set N considered in the previous example can
be identified with the incidence relation of the geometry of the Coxeter
group An−1 (i.e. of the symmetric group S(Ω) with the set of generating
transpositions (1, 2), . . . , (n − 1, n)).
Let us consider the geometry of the Coxeter group Bn . 1ts elements can
be interpreted as the partially defined functions on the set n taking values
in the field F2 . So
Put (B, f ) ≺ (C, g) if and only if C ⊂ B and the restrictions of the functions
f and g on the set B coincide. The incidence relation Φ′ of the geometry
2. Distance regular graphs, small world graphs and generalisations of Tits
54 geometries
Let us consider
P the subalgebra U in η consisting
P of all functions which
are zero outside . A direct check shows that Φ̃( , U, ∗, η) is a blowing of
the incidence system (D, Φ, t).
a(α) = |∆(α) ∩ T1 |
and
b(α) = |∆(α) ∩ T2 |.
For each ordered edge (α, β), αIβ in GF (W ) such that t(α) = J1 and
t(β) = J2 we consider set
Let c(α, β) = |C(α, β)| and rJ1 ,J2 (α) which is the sum of monomial terms
xc(α,β) , βIα and t(β) = J2 .
If T is not a collection of conjugate elements we consider
Let sJ1 ,J2 (α) be the sum of monomial expressions xa(α,β) y b(α,β) , such
that αIβ and t(β) = J2 .
Proposition 2.4.12. Let W be the finite Coxeter group with the stan-
dard set of generators S, then polynomial expressions rJ1 ,J2 (α)(x) = rJ1 ,J2
does not depend on α. If not all elements are conjugate, then polynomials
sJ1 ,J2 (α) does not depend on α.
Theorem 2.4.13. Let us consider a distributed blow up Γ̃(W )(a) of the
geometry Γ(W ) (GF (W )) such that Y = T , m(x) = m(y) if x and y are
conjugate and
∆(α) = {w ∈ T |l(αw) < l(α)}.
Let a = m(x) for each x if all elements of T are conjugate (conjugate case),
and a and at , t ≥ 1 are weight of elements from different conjugate classes
of T in the case of existence of two conjugate classes. Then Γ̃(W ) is geo-
metrical incidence structure, GF (Γ̃(W )J1 ,J2 (a)) (GF ′ (W )J1 ,J2 , respectively)
a = 2, 3, . . . are small world tactical configurations with bidegrees rJ1 ,J2 (a)
and rJ2 ,J1 (a) in conjugate or sJ1 ,J2 (a, at ) and sJ2 ,J1 (a, at ) otherwise.
Let us refer to the blow up for Γ(W ) as balanced blow up.
Let us consider the retraction map r : Γ̃ → Γ(W ) such that r(v, x) = v
which is graph homomorphism.
We refer to reimage Sch(v) of the element v ∈ Γ under the retraction
map as Schubert cell. Let Sch(Γ̃) be the disjoint union of the Schubert cells
Sch(v) where cosets v contain the Coxeter element i.e. element with the
maximal length of the irreducible decomposition relatively to the standard
set of generators S.
The complete list of finite Coxeter groups contains several sequences
An , Bn , Dn , Im (groups of symmetries for incidence graphs of m-gons) and
the following ”sporadic groups”: F4 , E6 , E7 , E8 , H3 , H4 (see [15]). The
properties of graphs ΓJ1 ,J2 , J1 ∩ J2 = ∅ such as bidegrees and diameters the
reader can find in [16]] (look at ”incidence Coxeter graphs” in the subject
index).
2. Distance regular graphs, small world graphs and generalisations of Tits
58 geometries
Remark 2.4.21. In fact, families G(a, n), Ga (n), and P (a, n) are families
of small world graphs depending from two parameters a and n.
Remark 2.4.22. If a is prime degrees then for the proper choice of linguistic
blow up P (a, n) will be the graph without cycles C4 (see examples in [9] and
[17]. In this case graph P 2 (a, n), n = 1, 2, . . . binary relation: two points of
P (2, n) are incident to common line, form an infinite family of small world
graphs of diameter D, n/2 ≤ D ≤ n with fixed degree (a + 1)2 − 1.
Let us remove all edges between elements from the ”largest Schubert
cells” in P (a, m) i.e. elements of kind (α, x), where l(α) = m − 1. After the
completion of this operation we shall get the graph STm (a).
Lemma 2.4.23. STm (a) is a spanning tree for the graph P (a, m).
Proof. Let us consider the process of walking from one of the vertices (hai , 0)
or (hbi , 0) which does not contain the edge between these two verices. This
branching processes produce rooting trees Thai and Thbi . They do not contain
common vertices. So adding extra edge between (hai , 0) and (hbi , 0) leads
to the tree STm (q), which contains all vertices of P Cm (q).
2.5. Small word expanding graphs of large girth or large cycle indicator 61
g(Γi ) ≥ γlogki vi ,
where c is the independent of i constant (see [7], [8]). Erdős proved the
existence of such a family with arbitrary large but bounded degree ki = k
with γ = 1/4 by his famous probabilistic method.
Just two explicit families of graphs of large girth with unbounded girth
and arbitrarily large k are known: the family of Cayley graphs had been
defined by G. Margulis (see next unit) and investigated further by several
authors and the family of algebraic graphs CD(n, q) (see Chapter 3).
The first explicit examples of families with large girth were mention
above given by Margulis [93], [94], [95] with γ = 0.44 for some infinite
families with arbitrary large valency, and γ = 0.83 for an infinite family of
graphs of valency 4. The constructions were Cayley graphs of SL2 (Zp ) with
respect to special sets of generators. Imrich [59] was able to improve the
result for an arbitrary large valency, γ = 0.48, and to produce a family of
cubic graphs (valency 3) with γ = 0.96. A family of geometrically defined
cubic graphs, so called sextet graphs, was introduced by Biggs and Hoare.
They conjectured that these graphs have large girth. Weiss proved the
conjecture by showing that for the sextet graphs (or their double cover)
γ ≥ 4/3. Then independently Margulis (see [93], [94] , [95]) and Lubotsky,
Phillips, and Sarnak [87] came up with similar examples of graphs (graphs
X(p, q)) with γ ≥ 4/3 and arbitrary large valency (they turned out to be,
additionally, so-called Ramanujan graphs). In [9] Biggs and Boshier showed
that that γ is asymptotically 4/3 for graphs from [93], [94], [95].
Let us consider these facts in more details. Recall, that adjacency matrix
T for k-regular graph X on the vertex set {1, 2, . . . , m} is m × m matrix
(ti,j ) such that ti,j = 1 if nodes i and j are connected by an edge, if i
and j do not form an edge in X, then ti,j = 0. The matrix T of simple
graph is symmetrical, so all its eigenvalues (eigenvalues of the graph) are
real numbers. It is easy to see that k is the largest eigenvalue of the graph.
Let λ1 (X) be the second largest eigenvalue.
2. Distance regular graphs, small world graphs and generalisations of Tits
62 geometries
In this section we describe Ramanujan graphs and discuss their use for
the generation of matrices with large order. We give a brief outline of the
explicit construction of a class of Cayley graphs called the Ramanujan Graph
X(p, q) due to Lubotzky, Phillips and Sarnak [87].
Let p and q be primes, p ≡ q ≡ 1(mod 4). Suppose that i is an integer so
that i2 ≡ −1(mod q). By a classical formula of Jacobi, we know that there
are 8(p + 1) solutions α = (a0 , a1 , a2 , a3 ) such that a20 + a21 + a22 + a23 = p.
Among these, there are exactly p+1 with a0 > 0 and a0 odd and aj even for
j ∈ {1, 2, 3}, as is easily shown. To each such α we associate the matrix
a0 + ia1 a2 + ia3
α̃ =
−a2 + ia3 a0 − ia1
2.5. Small word expanding graphs of large girth or large cycle indicator 63
which gives us p+1 matrices in PGL2 (Fq ). We let S be the set of generators
of these matrices α̃ and take PGL2 (Fq ). In [6], it is shown that the Cayley
graphs X(p, q) will be a (p + 1)-regular graph,
namely the Cayley graph
of PSL2 (Fq ) if q = 1 and PGL2 (Fq ) if q = −1, (where pq is the
p p
g = s i1 s i2 . . . s ik , (k − small, sij ∈ S, j = 1, . . . , k)
2.5.3. On small world graph with large cycle indicator and their
expansion properties
We generalize the concept of family of large girth in the following way
Let gx = gx (Γ) be the length of the minimal cycle through the vertex x
from the set V (Γ) of vertices in graph Γ. We refer to
Cind(Γ) 6= g(Γ).
ha1 , . . . , an , b1 , . . . , bm |R1 , . . . Rd , S1 , . . . , St i .
We define the family of graphs D(n, K), where n > 2 is positive integer
and K is a commutative ring, such graphs have been considered in [81] for
the case K = Fq ( some examples are in [78]).
3.2. On infinite family of simple graphs D(n, K) defined by nonlinear algebraic
equations 69
(p) = (p0,1 , p1,1 , p1,2 , p2,1 , p2,2 , p′2,2 , p2,3 , . . . , pi,i , p′i,i , pi,i+1 , pi+1,i , . . .),
′ ′
[l] = [l1,0 , l1,1 , l1,2 , l2,1 , l2,2 , l2,2 , l2,3 , . . . , li,i , li,i , li,i+1 , li+1,i , . . .].
[l]t0,1 (x) =[l1,0 , l1,1 + l1,0 x, l1,2 + 2l1,1 x + l1,0 x2 , l2,1 , l2,2 + l2,1 x, . . . ,
′ ′
ls,s + ls,s−1 x, ls,s+1 + (ls,s + ls,s )x + ls,s−1 x2 , ls+1,s , ls,s + ls,s−1 x, . . . ]
(p)t0,1 (x) =(p0,1 + x, p1,1 , p1,2 , p2,1 , p2,2 , . . . )
lt1,1 (x) =[l1,0 , l1,1 + x, l1,2 , l2,1 + l1,0 x, l2,2 − l1,1 x, l2,2
′
+ l1,1 x, . . . ,
′
ls,s − ls−1,s−1 x, ls,s + ls−1,s−1 x, ls,s+1 − ls−1,s x, ls+1,s + ls,s−1 x, . . . ]
pt1,1 (x) =(p0,1 , p1,1 + x, p1,2 − p0,1 x, p2,1 , p2,2 − p2,1 x, . . . ,
ps,s − ps−1,s−1 x, p′s,s − p′s−1,s−1 x, ps,s+1 − ps−1,s , ps+1,s + ps,s−1 x, . . . )
Let k ≥ 6, t = [(k+2)/4], and let u = (uα , u11 , · · · , utt , u′tt , ut,t+1 , ut+1,t , · · · )
be a vertex of D(k, K) (α ∈ {(1, 0), (0, 1)}, it does not matter whether u is
a point or a line). For every r, 2 ≤ r ≤ t, let
X
ar = ar (u) = (uii u′r−i,r−i − ui,i+1 ur−i,r−i−1 ),
i=0,r
and
a = a(u) = (a2 , a3 , · · · , at ).
Proposition 3.2.4. (i) The classes of equivalence relation
form the imprimitivity system of permutation groups U(K) and U(n, K).
(ii) For any t − 1 ring elements xi ∈ K, 2 ≤ t ≤ [(k + 2)/4], there exists
a vertex v of D(k, K) for which
(iii) The equivalence class C for the equivalence relation τ on the set
Kn ∪ Kn is isomorphic to the affine variety Kt ∪ Kt , t = [4/3n] + 1 for
n = 0, 2, 3 mod 4, t = [4/3n] + 2 for n = 1 mod 4.
Proof. Let C be the equivalence class on τ on the vertex set D(K) (D(n, K)
then the induced subgraph, with the vertex set C is the union of several
connected components of D(K) (D(n, K)).
Without loss of generality we may assume that for the vertex v of C(n, K)
′
satisfying a2 (v) = 0, . . . at (v) = 0. We can find the values components vi,i
3.2. On infinite family of simple graphs D(n, K) defined by nonlinear algebraic
equations 73
from this system of equations and eliminate them. Thus we can identify P
and L with elements of Kt , where t = [3/4n] + 1 for n = 0, 2, 3 mod 4, and
t = [3/4n] + 2 for n = 1 mod 4.
We shall use notation C(t, K) (C(K)) for the induced subgraph of D(n, K)
with the vertex set C.
where i = 1, 2, . . . .
Let E(K) be the incidence graph of the incidence graph of the inci-
dence structure Γ(K) = (P ′ , L′ , J ′ ). For each integer k ≥ 2 let Γ(k, q) =
(Pk′ , L′k , Jk ) be the incidence system, where Pk and Lk are images of P and
L under the projection of these spaces on the first k -coordinates and binary
relation J(k) is defined by the first k equations. Finally, let E(k, K) be the
incidence graph for Γ(k, K).
Similarly we can define an incidence structure E ′ (K) with points of kind
(x) = (x0,1 , x1,1 , x2,1 , . . . , x′i,i , xi+1,i , . . . ), i ≥ 2,
lines of kind
[y] = [y1,0 , y1,1 , y2,1 , . . . yi,i′ ,y
i+1,i , . . . ]
and the incidence relation given by equations
′
yi,i − x′i,i = yi,i−1 x0,1 ,
yi+1,i − xi+1,i = y1,0 x′i,i .
By projections of the point space and the line space on the first k com-
ponents we get the quotient graph E ′ (n, K). It is easy to see that graphs
E(K) and E ′ (K) (E(n, K) and E ′ (n, K)) are isomorphic.
74 3. On regular trees and simple graphs given by nonlinear equations
Let us recall some information from graph theory. Let G be the graph
with the colouring ρ : V (G) → C of the set of vertices V (G) into colours
from C such that the neighbourhood of each vertex looks like rainbow, i.e.
consists of |C| vertices of different colours. In case of pair (G, ρ), we shall
refer to G as parallelotopic graph with the local projection ρ.
It is obvious that parallelotopic graphs are k-regular with k = |C|. Lin-
guistic graphs are just bipartite parallelotopic graphs of order 2q t and degree
q = ps where p is a prime number.
′
If C ′ is a subset of C, then induced subgraph GC of G which consists
of all vertices with colours from C ′ is also a parallelotopic graph. It is clear
that connected component of the parallelotopic graph is also a parallelotopic
graph.
The arc of the graph G is a sequence of vertices v1 , . . . , vk such that
vi Ivi+1 for i = 1, . . . , k−1 and vi 6= vi+2 for i = 1, . . . , k−2. If v1 , . . . , vk is an
arc of the parallelotopic graph (G, ρ) then ρ(vi ) 6= ρ(vi+2 ) for i = 1, . . . , k−2.
The trail of the graph G is the sequence of vertices v1 , . . . , vk , such that
vi 6= vi+1 , i = 1, . . . , k − 1 and v1 = vk .
If (G1 , ρ1 ) and (G2 , ρ2 ) be two parallelotopic graphs over the same set of
colours. We say that graph homomorphism φ : G1 → G2 is a parallelotopic
morphism if ρ1 (v) = ρ2 (φ(v)) for each vertex v of the graph G1 .
Parallelotopic morphism moves arc of the graph G1 into the arc of graph
G2 .
Example 3.2.6. Let Γ = Γk (K) be one graph among the graphs D(k, K),
CD(k, K) and E(k, K). Γ with the colouring ρ([x]) = x1 , ρ((x)) = x1 is a
parallelotopic graph. If K = Fq , then it is q-regular bipartite graph with 2q k
vertices. The map ηs of deleting the s last components of the tuple-vertex
(point or line) of Γk+s (q) is a parallelotopic morphism onto Γk (q).
Example 3.2.7. Let φ be a map of deleting of coordinates with indices
(i, i + 1), (i, i)′ for vertices of D(K) (or CD((K)). Then φ is a parallelotopic
morphism onto the graph E(K). It is preserves not only colours but all
components xα , α ∈ Root′ , where Root′ contains exactly (1, 0), (0, 1), (i, i),
(i, i + 1), i = 1, 2, . . . .
Example 3.2.8. We can consider the map φn (φ′n )on the set of vertices of
the graph D(n, K). The image of this parallelotopic morphism belongs to
the family E(k, K) (E ′ (k, K), respectively).
Let Uα = htα (x)|x ∈ Ki be a subgroup of U (K). It is isomorphic to the
additive group K+ of the ring K. Let U C be subgroup generated by tα (x),
x ∈ K, α ∈ {(0, 1, (1, 0), . . . , (i, i), (i, i + 1), . . . }. Let Un C be the subgroup
generated by transformations tα (x) from U C onto the graph D(n, K) (or
C(t, K)).
3.3. On polarity graphs of incidence structures 75
Let us consider the case when the set B of colours of the absolute points
is a proper subset of the set of all colours C. In that case we can define an
induced subgraph IΓ = IΓπ with the set of vertices
{v ∈ Γπ |ρ(v) ∈ C − B}.
Directly from the definitions and above proposition we are getting the
following statement.
Lemma 3.3.2. Let P, L, I be the incidence structure with the k-regular
parallelotopic incidence graph Γ and parallelotopic polarity π : Γ → C.
Then R(Γπ ) is k − 1-regular graph of girth g(R(Γπ )), where
g(IΓS ) ≥ g(IΓ).
3.4. On algebraic dynamical systems and irreversible walks on simple graphs 77
pπ = [p0,1 , −p1,1 , p2,1 , p1,2 , −p′2,2 , −p2,2 , . . . , −p′i,i , −pi,i , pi+1,i , pi,i+1 , . . . ],
lπ = (l1,0 , −l1,1 , l2,1 , l1,2 , −l2,2
′ ′
, −l2,2 , . . . , −li,i , −li,i , li+1,i , li,i+1 , · · · )
arrow with the label α, but each state v is a string of characters from the
alphabet K.
We consider explicit construction of symmetric arithmetic dynamical
systems SFD (n, K) and SFC (n, K) on Kn ∪ Kn related to permutational
representations of infinite group UD (K) and UC (K) defined over arbitrary
commutative ring, if K is an integral domain than UC (K) is a free product
K+ ∗ K+ , where K+ is an additive group of the ring, well defined projective
limit of graphs Γ(SFC (nK)) is an infinite tree. If K has zero divisors, then
the girth of each graph Γ(SFC (n, K)) and their projective limit is dropping
to 4 (see section 4).
The following statement is the generalisation of statement in [164].
Theorem 3.4.1. Let ND,x,n (v) be the operator of taking the neighbour of
the vertex v = (v1 , v2 , . . . , vs ) of the colour v1 + x in the graph D(n, K).
Then operator it defines symmetric arithmetical dynamic system SAFD (n, K)
on Kn ∪ Kn of level d = [(n + 5)/2] − 1.
Proof. Let us consider the action of operator
where the difference of colours for elements ui and ui+2 is ti + ti+1 . The
group UD (n, K) acts transitively on the vertex set of D(n, K) and preserves
difference of colours for elements of same type. Thus without loss of gener-
ality we may assume that u is zero point.
We can apply map φn (or φ′ n ) to ud and compute the common for ud and
its image component α via two numbers lemma. It is product of M -regular
elements and one nonzero element. Thus it differs from zero. Let us assume
that
Fs′ (u) = FD,t′1 ,...,t′s ,n (u) = ND,t′1 ,n . . . ND,t′s ,n (u) = Fd (u).
Without loss of generality we may assume that t′i 6= t′i+1 , i = 1, . . . , s-1.
If s ≤ d, the component with number α for F ′ (u) = 0 according to the 2
numbers lemma and we are getting a contradiction. So s = d and consec-
utive execution of transformation ND,t′i ,n , (i = 1, . . . , d) produces the walk
u′1 , . . . u′d . Let t1 6= t′1 . Then we can apply operator t0,1 (−t′ ) to each ele-
ment ui , u′i , i = 1, . . . , d and get elements vi , vi′ , i = 1, . . . , d, respectively.
Conditions ud = u′d and vd = vd′ are equivalent.
According to two numbers lemma component α of vd′ equals zero but
same component of vd is not a product of regular and nonzero elements.
3.4. On algebraic dynamical systems and irreversible walks on simple graphs 81
from bipartite dynamical systems BFD (n, K) given by graphs D(n, K) (see
[175], [176]), where αi ∈ K, i = 1, 2, . . . , k. We will assume that the point
set Kn is the domain of our map. The codomain will be the set of points in
the case of even k, and the set of lines for odd parameter k.
The following computations the reader can find in [184] and [120]
1, n = 1,
2, n = 2,
deg fn (p1 , p2 , . . . , pn ) =
2, n = 4k, 4k + 1,
3, n = 4k + 2, 4k − 1 where k = 1, 2, 3 . . .
3.5. Stable cubical polynomial maps corresponding to dynamiacal systems
BD (n, K) 83
(2)
p0,1 = p0,1 + α1 + α2
(2)
p1,1 = l1,1 − l1,0 p0,1 = −(α1 + α2 )(α1 + p0,1 )
(2) (2)
p1,2 = l1,2 − p0,1 l1,1 = p1,2 − (α1 + α2 )p1,1 − α1 (α1 + α2 )p0,1 − (α1 + α2 )p20,1
(2) (2)
pi,i+1 = li,i+1 − p0,1 li,i = pi,i+1 − (α1 + α2 )(pi,i + α1 pi−1,i + p0,1 pi−1,i )
(2) (2)
pi,i = li,i − l1,0 pi−1,i = pi,i + (α1 + p0,1 )(α1 + α2 )(pi−1,i−1 + α1 pi−2,i−1 + p0,1 pi−2,i−1 )
1, n = 1,
1, n = 2,
deg gn (p1 , p2 , . . . , pn ) =
2,
n = 4k − 1, 4k + 2,
3, n = 4k, 4k + 1 where k = 1, 2, 3 . . .
and
FD,α1 ,α2 ,...,αm ,n = ND,α1 ,n ND,α2 ,n . . . ND,αm ,n ,
respectively, we will calculate using induction, imposing m-even.
Assume transformation FD,α1 ,α2 ,...,αm−3 ,n = Nα1 Nα2 . . . Nαm−3 ,n gave us
vertex point:
(m−3) (m−3)
(p)(m−3) = (g1 (p1 ), g2 (p1 , p2 ), . . . , gn(m−3) (p1 , p2 , . . . , pn ))
84 3. On regular trees and simple graphs given by nonlinear equations
with degree
1, n = 1,
(m−3) 1, n = 2,
deg gn (p1 , p2 , . . . , pn ) =
2, n = 4k − 1, 4k + 2,
3, n = 4k, 4k + 1 where k = 1, 2, 3, . . .
with degree
1, n = 1,
2, n = 2,
deg fn(m−2) (p1 , p2 , . . . , pn ) =
2, n = 4k, 4k + 1,
3, n = 4k + 2, 4k − 1 where k = 1, 2, 3, . . .
(m−1)
Now we have to check the degree of polynomial gn .
(m−1)
p1 = p1 + α1 + α2 + . . . + αm−3 + αm−2 + αm−1
(m−3)
= p1 + αm−2 + αm−1
(m−1) (m−2) (m−1) (m−2)
pi,i+1 = li,i+1 − p1 li,i
(m−3) (m−3) (m−2) (m−3) (m−2) (m−2)
= pi,i+1 + p1 li,i − p1 li,i − (αm−2 + αm−1 )li,i
(m−3) (m−2)
= pi,i+1 − (αm−2 + αm−1 )li,i .
(m−3) (m−3)
Since pi,i+1 is independent from αm−2 and αm−1 and both pi,i+1 and
(m−2) (m−1)
li,i have degree equal 2, we get that pi,i+1 has degree 2.
(m−1) ′ (m−1)
By similar reasoning we obtain that pi,i has degree 3, pi,i degree
(m−1)
2, pi+1,i
degree 3.
Hence by means of transformation FD,α1 ,α2 ,...,αm−1 ,n we encoded plain
text (p1 , p2 , . . . , pn ) on ciphertext
(m−1) (m−1)
(p)(m−1) = (g1 (p1 ), g2 (p1 , p2 ), . . . , gn(m−1) (p1 , p2 , . . . , pn ))
with degree
1, n = 1,
1, n = 2,
deg gn(m−1) (p1 , p2 , . . . , pn ) =
2, n = 4k − 1, 4k + 2,
3, n = 4k, 4k + 1 where k = 1, 2, 3, . . .
3.6. On symmetric bipartite dynamical systems of large cycle indicator
corresponding to graphs A(n, K) 85
In the same way using second part of inductive assumption we get the
ciphertext
(m) (m)
[l](m) = (f1 (p1 ), f2 (p1 , p2 ), . . . , fn(m) (p1 , p2 , . . . , pn ))
1, n = 1,
2, n = 2,
deg fn(m) (p1 , p2 , . . . , pn ) =
2, n = 4k, 4k + 1,
3, n = 4k + 2, 4k − 1 where k = 1, 2, 3, . . .
is infinity.
lines L = KN are two copies of infinite dimensional free module via incidence
relation I. Let us denote point (p) from P by
(x) = (x1 , x2 , . . . , xi , xi+1 , . . . )
and line [y] form L by
[y] = [y1 , y2 , . . . , yi , yi+1 , . . . ].
We say that point (x) is incident with the line [y] if and only if the following
conditions are satisfied
yi − xi = y1 xi−1
yi+1 − xi+1 = x1 yi ,
where i = 2, 3, . . . . Brackets and parenthesis will allow us to distinguish
points and lines again.
This incidence structure (P, L, I) we denote as A(K). We identify it with
the bipartite incidence graph of (P, L, I), which has the vertex set P ∪ L
and the edge set consisting of all pairs {(p), [l]} for which (p)I[l].
For each positive integer n ≥ 2 we obtain an incidence structure (Pn , Ln , In )
as follows. First, Pn and Ln are obtained from P and L respectively by sim-
ply projecting each vector onto its n initial coordinates with respect to the
above order. The incidence In is then defined by imposing the first n−1 inci-
dence equations and ignoring all others. The incidence graph corresponding
to the structure (Pn , Ln , In ) is denoted by A(n, K).
Natural canonical homomorphism of A(n, K) onto A(n − 1, K) given
by procedure to delete last coordinate of the vertex (point or line) allow
us to consider well define projective limit A(K) of A(n, K) n → ∞. It
is very interesting that A(n, K), which is not an edge transitive incidence
structure which aproximaates infinite graphs A(K) = limn→∞ A(n, K) with
edge-transitive automorphism group.
Similarly to the case of D(n, K) we assume that the colour of the vertex v
is the first coordinates of this vector (point or line). So colours are elements
of K. Each vertex v of graph A(n, K) has unique neighbour of given colour.
Let NA,t,n be the map on the vertex set of graph A(n, K), which transform
point x = (x1 , x2 , . . . , xn ) to its neighbour of colour x1 + t, t ∈ K and
transform line y = [y1 , y2 , . . . , yn ] into its neighbour of colour y1 + t.
We define in this chapter the incidence structure E(K) with point set P ′
and line set L′ . It will be convenient for us to denote vectors from P ′ as
x = (x) = (x0,1 , x1,1 , x1,2 , x2,2 , . . . xi,i , xi,i+1 . . . , )
and vectors from L′ as
y = [y1,0 , y1,1 , y1,2 , y2,2 , . . . , yi,i , yi,i+1 , . . . ].
3.6. On symmetric bipartite dynamical systems of large cycle indicator
corresponding to graphs A(n, K) 87
We say that point (x) is incident with the line [y] and we write it xJy
or (x)J[y] if and only if the following condition are satisfied:
where i = 1, 2, . . . .
The simplification of notations by the following change of indices:
Families of simple graphs of high girth had been used for the development
of algorithms in Cryptography and Turbocoding. Recent results in that
directions show the interest of applied researchers to ”families of directed
graphs of high girth” as possible source of applied ideas, In this chapter we
discussed some explicit construction of simple and directed graphs which
can be applicable to Theory of LDPC codes Turbocoding.
Various applications of graph theory to Coding Theory are hard to ob-
serve. We just mention that the code is just subset in finite metric space
defined via distance regular graph (see [8], [29] , [2] ) and expanding graphs
(superconcentrators, magnifyers) had been used for the design of important
codes (see [57], [87]).
Similar situation is in Cryptography: each computation can be defined
in terms of finite automaton, roughly directed graph with labels on arrows,
various applications of automata theory to cryptography are very hrd to
observe. We just mention [38]( see also further references in this survey).
In this chapter we briefly observe some traditional applications of fam-
ilies of simple graphs of large girth to construction of LDPC and Turbo
Codes (see [115], last chapter of[64], [137], [138], , [107], [51], [50]).
Low-density parity-check (LDPC) codes were originally introduced in
his doctoral thesis by Gallager in 1961 [45]. Since the discovery of Turbo
codes in 1993 by Berrou, Glavieux, and Thitimajshima [5], and the redis-
covery of LDPC codes by Mackay and Neal in 1995 [90], there has been
renewed interest in Turbo codes and LDPC codes, because their error rate
performance approaches asymptotically the Shannon limit. Much research
is devoted to characterizing the performance of LDPC codes and designing
codes that have good performance. Commonly, a graph, the Tanner graph (
see [61] and further references), is associated with the code and an important
parameter affecting the performance of the code is the girth of its Tanner
graph. In [93], [50], [51] authors consider the design of structured regular
LDPC codes based on Tanner graphs of large girth. The regularity and
structure of LDPC codes utilize memory more efficiently and simplify the
implementation of LDPC coders. The Tanner graph is a special type of
graph, a bipartite graph, where the nodes divide into two disjoint classes
with edges only between nodes in the two different classes.
Large girth speeds the convergence of iterative decoding and improves
the performance of LDPC codes, at least in the high SNR range, by slowing
down the onsetting of the error floor. Large size of such graphs implies fast
convergence.
On the web page of Professor Moura (see also [101]) one can find the
following text: ”Commonly, a graph, the Tanner graph, is associated with
4.2. Explicit constructions of Tanner graphs 91
the code and an important parameter affecting the performance of the code
is the girth of its Tanner graph. In our work, we consider the design of
structured regular LDPC codes whose Tanner graphs have large girth. The
regularity and structure of LDPC codes utilize memory more efficiently and
simplify the implementation of LDPC coders. The Tanner graph is a special
type of graph, a bipartite graph, where the nodes divide into two disjoint
classes with edges only between nodes in the two different classes. The
problem we have been considering is a generic problem in graph theory,
namely, that of designing bipartite graphs with large girth. We actually
have studied a more special class of this generic problem, in particular, the
design of undirected regular bipartite graphs with large girth”.
So here we can see clearly two ideas:
(i) new families of bipartite simple graphs of large girth can be used as
families of Tanner’s graphs
(ii) for the constructions of LDPC codes and turbo codes we can use di-
rected graphs which are analogs of bipartite graphs of large girth.
k
Rt = .
NT
Unfortunately, he didn’t show a way of constructing such codes. The
most known classes of error correcting codes are Turbocodes and Low Den-
sity Parity Check Codes (LDPC codes). In this article we are only interested
in LDPC codes. They were introduced in 1963 by Robert G. Gallanger.
These codes have a high possibility of selection of parameters N and r,
making it possible to create codes with a large block size and excellent
correction properties. Their advantage is the existence of efficient decoding
algorithms of linear complexity of the block length N .
LDPC codes can be obtained by few methods but a very good codes can
be obtained from families of graphs with certain specific properties. The
ability to use graphs to construct error correcting codes was first discussed
by Tanner [137], [138]. This is the area where we can work because only
specified graphs are suitable for creating a good code. Usually for this pur-
pose, simple graphs are used, which means graphs undirected and containing
no graph loops or multiple edges. The graph should be bipartite, sparse,
without small cycles and biregular or regular with the possibility to obtain
biregularity.
There are three ways to represent linear error correcting code allowing
us to obtain LDPC codes: generator matrix G, parity checks matrix H or
Tanner graph Γ(V, E). Parity checks matrix for [N, k] code is r × N matrix
which words are zeros or ones. Rows of this matrix correspond to the parity
94 4. On some LDPC codes corresponding to algebraic graphs
C = {y ∈ FN T
2 | Hy = 0}.
2|E|
g= ,
|V |(|V | − 1)
4.4. On basics of LDPC codes theory 95
x = [x1 , x2 , x3 , x4 ]
y = [y1 , y2 , x1 , y3 , x2 , x3 , x4 ]
y1 + 1 + 1 + 0 = 0
y2 + 1 + 0 + 0 = 0
y4 + 1 + 0 + 0 = 0
All calculations must be performed in the field F2 .
96 4. On some LDPC codes corresponding to algebraic graphs
e K) and
4.5. Codes based on families of graphs D(n, K), D(n,
A(n, K)
e
Let us to use the analogical notions for points and lines in graph D(n, K):
(p) = (p0,1 , p1,1 , p1,2 , p2,1 , p2,2 , p2,3 , . . . , pi,i , pi,i+1 , pi+1,1 , . . . ),
[l] = [l1,0 , l1,1 , l1,2 , l2,1 , l2,2 , l2,3 , . . . , li,i , li,i+1 , li+1,1 , . . . ].
e 3) = A(2, 3) = W (2, 3)
Figure 4.1. Graph D(2, 3) = D(2,
Denote this infinite incidence structure (P, L, I)A as A(K) and it can be
identify with the bipartite incidence graph of (P, L, I)A . A(K) is an infinite
tree. For each positive integer n > 2 we obtain an finite incidence structure
(Pn , Ln , In )A as above. The incidence graph corresponding to the structure
(Pn , Ln , In )A is denoted by A(n, K).
In case K = Fq , where q is prime power we denote D(n, Fq ), D(n, e Fq )
e
and A(n, Fq ) simply as D(n, q), D(n, q), A(n, q) accordingly.
D(n, K) and D(n, e K) have the same structure for n < 6. For n ≤ 3
e
graphs D(n, q), D(n, q) and A(n, q) are isomorphic. For n ≥ 4 A(n, q) has
e
different structure than: D(n, q), D(n, q) and lead as to different codes. For
example, graphs D(n, q) are disconnected for k ≥ 6 when A(n, q), q 6= 2 are
connected.
For all n they are |K|-regular but have a structure that allows us to
remove points and lines in such a way that we can obtain arbitrary bidegree
(a, b) for 1 ≤ a, b ≤ |K|. We can make it as was shown in [59]. When L is
a set of all lines and P is a set of all points to obtain the desired bidegree
(a, b) we must put restriction on coordinates. Let A ⊂ Fq and B ⊂ Fq be
an a-element and b-element subsets respectively and let VP and VL be sets
of points and lines in new bipartite graph. They are the following sets:
VP = {(p) ∈ P |cp ∈ A}
VL = {[l] ∈ L|cl ∈ B},
in Hamming metric. Correction properties are better for codes that have a
higher minimum distance or a very small amount of codewords which are on
the minimum distance from each other. A study of asymptotic performance
[191] shows the future for degree distribution: dv ≥ 2 is enough. Every bit
in codeword should be checked by unique set of control equations. If dv = 2
then every bit is checked by 2 equations and the condition:
r
>N
2
is necessary. It is easy to see that for every code in this section r2 > 2N .
If dv ≥ 3 then dmin for code is growing linear with increasing N , so error
probability decreases exponentially with increasing length of the block. 4.2,
4.3, 4.4 show that presented codes give good results for dv = 2. The codes
considered in this section have dv =min(a, b). 4.1, 4.2, 4.3, 4.4 and 4.5 show
properties of sample described codes.
4.2, 4.3, 4.4 show BER for codes obtained from graphs described in
4.1, 4.2, 4.3 accordingly. With increasing parameter n graphs for the same
field produce codes with better correcting properties (4.2, 4.3, 4.4) and
bigger block length N . In order to compare 4.8 shows codes based on some
representatives of family A(n, q) and 4.9 of family D(n, q) with the same
paremeter accordingly. We see that codes based on representatives of family
A(n, q) have better error correcting properties. This fact is supported by a
dozen other simulations conducted.
The most consistent structure have graphs A(n, q), so that they give
codes with the best correcting properties. For example, graph A(8, 5) after
the reduction of bidegrees to (2, 5) splits into 125 components and D(8, 5)
into 625, A(10, 3) after the reduction of bidegrees to (2, 3) splits into 81
components and D(10, 3) into 243. The worst results in the case of the
considered families of graphs give codes obtained from graphs D(n, q). The
structure of A(n, q) after biregularity reduction allows us to obtain codes
with bigger block size than for codes obtained from D(n, q). When we use
bigger field we obtain better code rate. Reducting bidegrees to (2, q) gives
code rate 2q . Obviously, in a case of each code we can reduce the bidegrees
of a graph. After the reduction the code rate can increase. A good example
is a case of bidegrees 3 and q.
Use bidegree (a, b), where a ≥ 3 makes the desired codes much better
(4.6) and of bigger block size. For this two presented codes dv = 3. In case
of codes which come from presented families, reducing bidegrees to (a, b)
gives code rate RC = ab . Codes described in 4.1, 4.2, 4.3 (4.2, 4.3, 4.4)
have code rate 0.4. When we use bigger field Fq we can obtain different and
often better (more economic) code rate (For example see 4.4) and usually
code correcting properties don’t change much. However, we must be carefull
100 4. On some LDPC codes corresponding to algebraic graphs
because used much bigger field and reduced biregularity to (2, q) or (3, q)
can give RC close to zero, but error correcting properties can be much worse.
Presented codes have a high possibility to choose the code rate RC . In
many well known constructions the code rate is strictly determined, for
example is equal to 1/2. David MacKay considerd [107], [90] very good,
randomly generated codes with code rate 1/2 and 1/4. Codes arising from
graphs with symmetric adjacency matrix, which was considered in [145] have
code rate 1/2 and 1. 4.6 shows codes: [75, 150] (blue), [500, 1000] (green),
[1875, 3750] (purple), [250, 500] (black) obtained from random construction
based on Radford M. Neal’s programs available from [102]. Radfold M. Neal
and David MacKay reinvented LDPC codes in the mid-1990’ (see [107]).
4.7 shows codes based on presented graphs with accordingly to randomly
generated codes with the same number of information bits k. It is easy
to see that codes (blue, green and purple) based on graphs (4.7) with the
same number of information bits as random codes (4.6) have better error
correcting properties and less code rate ( 4.5).
e
Table 4.1. Properties of graphs D(n, 5) after receiving bidegree (2, 5) used for pre-
sented sample codes
Based graph |P | = |L| Size of desired H Block length
e 5)
D(2, 25 10 × 25 25
e 5)
D(3, 125 10 × 25 25
e 5)
D(4, 625 50 × 125 125
e 5)
D(5, 3125 50 × 125 125
e 5)
D(6, 15625 50 × 125 125
e 5)
D(7, 78125 1250 × 3125 3125
e 5)
D(8, 390625 1250 × 3125 3125
e 5)
D(9, 1953125 1250 × 3125 3125
e
D(10, 5) 9765625 6250 × 15625 15625
e
4.5. Codes based on families of graphs D(n, K), D(n, K) and A(n, K) 101
Figure 4.3. Bit error rate for [50, 125] code (green) based on D(6, 5), [50, 125] code
(blue) based on D(7, 5), [250, 625] code (purple) based on D(8, 5) and [1250, 3125]
code (black) based on D(9, 5)
102 4. On some LDPC codes corresponding to algebraic graphs
Figure 4.4. Bit error rate for [250, 625] code (blue) based on A(6, 5), [1250, 3125]
code (green) based on A(7, 5), [1250, 3125] code (purple) based on A(8, 5) and
[1250, 3125] code (black) based on A(9, 5)
Figure 4.6. Bit error rate for [75, 150] code (blue), [500, 1000] code (green),
[1875, 3750] code (purple) and [250, 500] code (black), all based on Radford M.
Neal random constructions [27] with code rate RC = 1/2.
4.5.4. Remarks
Instead of using Fq as K we can use ring Zn and modulo operations.
Modified codes where rings are used, based on subgraph of A(n, Zm ) give
better code than those based on subgraph of D(n, Zm ) (4.10 shows results
for fixed parameters ).
In [51] authors as coordinates used elements from Fq where q is the first
Table 4.2. Properties of graphs D(n, 5) after receiving bidegree (2, 5) used for pre-
sented sample codes
Based graph |P | = |L| Size of desired H Block length
D(2, 5) 25 10 × 25 25
D(3, 5) 125 10 × 25 25
D(4, 5) 625 50 × 125 125
D(5, 5) 3125 50 × 125 125
D(6, 5) 15625 50 × 125 125
D(7, 5) 78125 50 × 125 125
D(8, 5) 390625 250 × 625 625
D(9, 5) 1953125 1250 × 3125 3125
D(10, 5) 9765625 1250 × 3125 3125
Table 4.3. Properties of graphs A(n, 5) after receiving bidegree (2, 5) used for pre-
sented sample codes
Based graph |P | = |L| Size of desired H Block length
A(2, 5) 25 10 × 25 25
A(3, 5) 125 10 × 25 25
A(4, 5) 625 50 × 125 125
A(5, 5) 3125 50 × 125 125
A(6, 5) 15625 250 × 625 625
A(7, 5) 78125 1250 × 3125 3125
A(8, 5) 390625 1250 × 3125 3125
A(9, 5) 1953125 1250 × 3125 3125
A(10, 5) 9765625 6250 × 15625 15625
prime greater than n. We take q which is first prime power greater than n.
4.11 shows that for the code based on D(3, 16) we obtain as good results
as for D(3, 17). D(3, 16) gives [256, 32] code with slightly better code rate
than code [255, 34] arising from D(3, 17).
The missing definitions on theory of simple graphs the reader can find
in [16].
The distance between vertices v1 and v2 of the graph is the length of
minimal pass from v1 and v2 . The graph is connected if for arbitrary pair
Table 4.5. Properties of graphs after receiving bidegree (2, s) used for presented
sample codes
Initial Number Number Code
graph Biregularity of lines of points rate
in fixed in fixed
component component
A(6, 6) (2, 6) 648 216 0.(3)
A(6, 7) (2, 7) 2401 686 ≈ 0.286
A(8, 5) (2, 5) 3125 1250 0.4
A(10, 3) (2, 3) 729 486 0.(6)
D(6, 6) (2, 6) 216 72 0.(3)
D(6, 7) (2, 7) 2401 686 ≈ 0.286
D(8, 5) (2, 5) 625 250 0.4
D(10, 3) (2, 3) 243 162 0.(6)
Table 4.6. Comparison between presented codes and other effective LDPC
Number Block Number
Code of information length RC of ones
bits per column
random [75, 150] 75 150 0.5 2
random [500, 1000] 500 1000 0.5 2
random [1875, 3750] 1875 3750 0.5 2
random [250, 500] 250 500 0.5 3
e 5)
[50, 125] based on D(6, 75 125 0.4 2
[250, 625] based on A(6, 5) 500 1250 × 3125 0.4 2
[1250, 3125] based on A(9, 5) 1875 1250 × 3125 0.4 2
e 5)
[375, 625] based on D(5, 250 625 0.6 3
106 4. On some LDPC codes corresponding to algebraic graphs
Figure 4.8. Bit error rate for [2401, 686] code (green) based on A(6, 7), [3125, 1250]
code (red) based on A(8, 5) and [729, 486] code (black) based on A(10, 3)
Figure 4.9. Bit error rate for [2401, 686] code (green) based on D(6, 7), [625, 250]
code (red) based on D(8, 5) and [243, 162] code (black) based on D(10, 3)
Figure 4.10. Bit error rate for [648, 216] code (red) based on A(6, Z6 ), [625, 250]
code (blue) based on D(6, Z6 )
108 4. On some LDPC codes corresponding to algebraic graphs
Figure 4.11. Bit error rate for [256, 32] code (square) based on D(3, 16) and [255, 34]
code (circle) based on D(3, 17)
section. Let L be set of all lines and P set of all points. To obtain the
desired bidegree (r, s) we must put restriction on coordinates. Let R ⊂ Fq
and S ⊂ Fq be an r-element and s-element subsets respectively and let VP
and VL be sets of points and lines in new bipartite graph. They are the
following sets:
VP = {(p) ∈ P |x ∈ R}
VL = {[l] ∈ L|a ∈ S}.
If set of points is bigger than set of lines then points correspond to codeword
bits and lines correspond to parity checks. Otherwise, lines correspond to
codeword bits and points correspond to parity checks. The ratio of total
number of bits in codeword to number of parity bits is called code rate and
is denoted as RC . The lower the code rate is the more economic the code
is. Thus, the most wanted codes are those with low code rate and the best
error correcting properties.
Table 4.7. Graphs property after receiving bidegree (2, 7) and (2, 15) respectively
Initial Girth Restriction Number Number Code
graph on of lines of points rate
coordinates in fixed in fixed
component component
AH(17, 17) 12 a ∈ S, |S| = 2 167042 1252815 0.1(3)
x ∈ R, |R| = 15
AH(17, 17) 12 x ∈ R, |R| = 2 4335 578 0.1(3)
a ∈ S, |S| = 15
D(5, 17) 10 x ∈ R, |R| = 2 4335 578 0.1(3)
a ∈ S, |S| = 15
D(5, 17) 10 a ∈ S, |S| = 2 578 4335 0.1(3)
x ∈ R, |R| = 15
AH(7, 7) 12 a ∈ S, |S| = 2 4802 16807 ≈ 0.286
AH(7, 7) 12 x ∈ R, |R| = 2 343 98 ≈ 0.286
D(5, 7) 10 x ∈ R, |R| = 2 343 98 ≈ 0.286
D(5, 7) 10 a ∈ S, |S| = 2 98 343 ≈ 0.286
D(4, 7) 8 x ∈ R, |R| = 2 98 343 ≈ 0.286
D(4, 7) 8 a ∈ S, |S| = 2 343 98 ≈ 0.286
4.6. Codes based on generalised polygons 111
Figure 4.12. Bit error rate for [343, 98] code (circle) based on AH(7, 7) and [343, 98]
code (square) based on D(5, 7), both with x ∈ {0, 1}
Figure 4.13. Bit error rate for [4335, 578] code (circle) based on AH(17, 17) and
[4335, 578] code (square) based on D(5, 17), both with x ∈ {0, 1} and a ∈ {0, 14}
112 4. On some LDPC codes corresponding to algebraic graphs
Figure 4.14. Bit error rate for [16807, 4802] code (square) with a ∈ {0, 1} and
chosen vertex [l] = [0, 0, 0, 0, 0] and [343, 98] code (circle) with x ∈ {0, 1} and
chosen vertex (p) = (0, 0, 0, 0, 0), both based on AH(7, 7)
Chapter 5
Directed graphs of high girth and
large diagram indicator
of the family of graphs with unbounded girth indicator, the girth is also
unbounded. We also have
Dind(Γ) ≥ g(Γ)/2.
Let F = {(p, l)|p ∈ P, l ∈ L, pIl} be the totality of flags for the tactical
configuration with partition sets P (point set) and L (line set) and incidence
relation I. We define the following irreflexive binary relation φ on the set
F:
((l1 , p1 ), (l2 , p2 )) ∈ φ if and only if p1 Il2 , p1 6= p2 andl1 6= l2 .
Let F(I) be the binary relation graph corresponding to φ. The order of
F(I) is |P |(s + 1) (or |L|(t + 1) We refer to it as directed flag graph of I.
Lemma 5.4.1. Let (P, L, I) be a tactical configuration with bidegrees s + 1
and t + 1 of girth g ≥ 4k. Then the girth indicator of directed graph F(I)
with the output and input degree st is > k.
Proof. The absence of even cycles C2s , 2 < s < 2k − 2 in the graph I insure
the absence of commutative diagrams Or,s , 1 ≤ s ≤ r ≤ k in the directed
graph F(I).
Let (P, L, I) be the incidence structure corresponding to regular tactical
configuration of order t.
Let F1 = {(l, p)|l ∈ L, p ∈ P, lIp} and F2 = {[l, p]|l ∈ L, p ∈ P, lIp}
be two copies of the totality of flags for (P, L, I). Brackets and parenthesis
allow us to distinguish elements from F1 and F2 . Let DF(I) be the directed
graph (double directed flag graph) on the disjoint union of F1 with F2 defined
by the following rules
5.4. Directed graphs of generalised polygons 119
Proof. The absence of even cycles C2s , 2 < s < m − 1 in the bipartite graph
I insure the absence of commutative diagrams Or,s , 1 ≤ s ≤ r ≤ m in the
double directed graph DF(I).
Lemma 5.4.3. Let (P, L, I) be the generalized 2k-gon of order (r, s). Then
X
|P | = (rt st + rt+1 st ),
t=0,k−1
X
|L| = (st rt + st+1 rs ).
t=0,k−1
120 5. Directed graphs of high girth and large diagram indicator
Proof. As it follows from lemma 11 the girth indicator of each directed graph
F n is > m/2. The existence of cycles C2m in the corresponding generalised
m-gon leads to the existence of commutative diagrams Om/2+1,m . So the
girth indicator of each graph is m/2 + 1 and the girth is 2(m/2) + 1.
The order of each directed graph F n coinsides with the cardinality of
the flag set of the correspondent generalised m-gon or its size and can be
given by polynomial expession f (q) in single variable q (see lemmas 13 and
14 for the close formulae for the order ). The degree of the balanced graph
F n is q s+t . The highest term for the polynomial F (q) is q (s+t)m/2 .
So for each prime p the family F n is the family of asymptotical cages of
odd girth and we proved statement (i) of the theorem.
The Schubert subgraphs SF n is the induced subgraps of F n . So for
the the girth indicator and the girth of the Schubert subgraph we have
Dind(SF n ) ≥ Dind(F n ) ≥ m/2 + 1 and g(SF n ) ≥ g(F n ) ≥ m + 1.
Notice that the order of SF n is exactly q (s+t)m/2 . The assumption that
Dind(SF n ) > Dind(F n ) ≥ m/2 + 1 for sufficiently large q contrudict to
previously proven statement (i) (or established upper bound for directed
cages). So graphs (SF n ), n = 1, . . . form the family of asymptotical cages
and we proved (ii).
The graphs DF (m, i). i = 1, . . . are graphs of order 2f (q) where f (q) is
the order of corresponding directed flag graph F i . As it follows from lemma
12 the girth indicator of each double directed graph DF (m, i) is > m. The
bipartite structure of the graph corresponding to the partition which formed
by 2 copies of F (I) insures the absence of commutative diagrams Om+1,m
The existence of cycles C2m in the corresponding generalised m-gon leads to
the existence of commutative diagrams Om+1,m+1 . So the girth indicator of
each graph is m+1 and the girth is 2m+2. The highest term of polyniomial
expression 2f (q) is 2q m . So the graphs form the family of asymptotical
directed cages. Double flag graphs of Schubert subgraphs for I1.1 (m, pn ),
n = 1, . . . have order 2q m , q = pn . So if n is sufficiently the girth indicator
and girth of such graph is m + 1 and 2m + 2, respectively. Thus we show
that they form the family of asymptotical cages as well. So we proved point
(iii).
Acording to proposition 17 the double tactical configuration I 2 (m, q),
q = pn , p is prime is generalised 2m-gon. Similarly to part (i) of the proof
we can show that the girth indicator of directed flag graph of I 2 (m, q) is
m + 1 and its girth is 2m + 1 (7, 9, 13). The order v = v n (m, p) of the graph
F n (m, p) can be computed as the size of generalised 2m-gon of order (q, 1).
It is polynomial expression in variable q of degree m. So these graphs form
the family of graphs of large girth.
5.5. Construction of groups of cubical transformations from special directed
graphs 123
′ ′ ′ ′
{[l ], (p )}Rh(p), [l]i ⇔ (p ) = (p) & l1 − l1 ∈ K
Our key will be α1 , α2 , . . . , αn , such that αi ∈ RegK.
As a first vertex we take
(our variables) . Using the above relation we get get next vertex:
(1) (1)
h(p)(1) , [l](2) i = (p1 , p1,1 , . . . , pi,j , l1 + α1 )
Let us represent:
(2k−1) (2k−3)
p1 = p1 + α2 + α4 + . . . + α(2k−2) = p1 + α(2k−2)
(2k) (2k−2)
l1 = l1 + α1 + α3 + . . . + α(2k−1) = l1 + α(2k−1)
Assume that the following vertices:
(2k−1) (2k−1) (2k−1) (2k)
h(p)(2k−1) , [l](2k) i = (p1 , p1,1 , . . . , pi,j , l1 )
5.5. Construction of groups of cubical transformations from special directed
graphs 125
′
(2k) 3, (i, j) = (i, i) or (i, j) = (i, i + 1),
deg li,j (l1 , l2 , . . . , lk , p1 ) =
2, (i, j) = (i, i) or (i, j) = (i + 1, i)
and
(2k+2) (2k) (2k+1)
li,i = li,i + α2k+1 pi−1,i deg = 2
(2+2) (2k) ′ (2k+1)
li+1,i = li+1,i + α2k+1 pi,i deg = 2
′ (2+2) ′ (2k) (2k+1) ′ (2k+1)
li,i = li,i + α2k+1 p1 pi−1,i−1 deg = 3
(2+2) (2k) (2k+1) (2k+1)
li,i+1 = li,i+1 + α2k+1 p1 pi−1,i deg = 3
Hence using the induction we got:
′
(2k+1) 2, (i, j) = (i, i) or (i, j) = (i, i + 1),
deg pi,j (l1 , l2 , . . . , lk , p1 ) =
3, (i, j) = (i, i) or (i, j) = (i + 1, i)
′
(2k+2) 3, (i, j) = (i, i) or (i, j) = (i, i + 1),
deg li,j (l1 , l2 , . . . , lk , p1 ) =
2, (i, j) = (i, i) or (i, j) = (i + 1, i)
Remark 5.5.2. We may change the group GDD (n, K) for its conjugation
τ −1 GDD (n, K)τ , where τ is an affine invertible transformation of Kn+1 .
Let α1 , α2 , . . . , α2m is a string of nonzero ring elements. We define the
map FDD,α1 ,α2 ,...,α2m ,n+1 as the composition of transformations ZDD,α1 ,α2 ,n+1 ,
ZDD,α3 ,α4 ,n+1 , . . . , ZDD,α2m−1 ,α2m ,n+1 acting on the free module Kn+1 . Sym-
bol FDD,α1 ,α2 ,...,α2m as the composition of transformations ZDD,α1 ,α2 , ZDD,α3 ,α4 ,
. . . , ZDD,α2m−1 ,α2m from the group GDD (K).
126 5. Directed graphs of high girth and large diagram indicator
FDD,α1 ,α2 ,...,α2m ,n+1 (x) 6= FDD,β1 ,β2 ,...,β2m ,n+1 (x)
They used finite field of characteristic 2 and its extension, f has a decom-
position f1 f2 f3 , where f1 and f2 are affine maps (of degree 1) and f2 is a
Frobenius automorphism. Cryptanalysis for the scheme the reader can find
in [76]. We have to notice that the failure of this cryptosystem is not a
surprise for specialists in algebra. Despite its formal quadratic appearance
Frobenius automorphism is quite close to linear maps (in his famous book
[31] J. Dieudonne uses term 3/2 linear map for such automorphism). One
of the new directions in multivariate cryptography is the use of tools out-
side commutative algebra such as dynamical systems or algebraic automata
theory for the creation of nonlinear maps of pseudorandom nature.
The goal of the chapter is a discussion of new cryptosystems in the area of
Multivariate Cryptography, which have some potential to be used in the era
of Postquantum Informatics. The Quantum Computer is a special random
computational machine. The cryptographical algorithm have to produce
a ciphertext which is ”a seeming chaos”. So The Theory of Continuous
Dynamical Chaos and its discrete approximation can be used in multivariate
cryptography.
g(x) = b.
algorithm is practically same with those given by the famous Gauss elimina-
tion method. If the degree of g is d then the best known general algorithm
2
has complexity dO(n ) . In the case of some special restrictions on g solution
can be found for dO(n) . It is clear, that if g −1 is known, then x = g −1 b. So
the problem (2) of finding the inverse map of bijective polynomial multivari-
able map is more sophisticated. In fact it is much harder algebraic problem
in comparison with the solving of non linear equation. Traditionally spe-
cialists use dO(n) as a lower bound for the complexity of both problems.
The efficient general algorithm of finding g −1 is known only in the case
when g is linear map. There is an amassing gap between linearity and
nonlinearity, which can be used to guarantee the security of cryptographical
tools. Of course specialists have to use g which is close to pseudorandom
map.
The old problem DLP for the group F∗p , where prime p is ”sufficienly
large”, has been used in a well known Diffie-Hellman algorithms for the
key exchange and several public-key cryptosystems, including the ElGamal
system and DSS. Recall that multiplicative group F∗p is isomorphic to ad-
ditive group Zp−1 , for which DLP is equivalent to the finding the solution
of linear equation. This fact demonstrates that group theoretical DLP, in
fact, depends not only on chosen abstract finite group, but also on the ways
of its representations. Both groups F∗p and Zp−1 are isomorphic subgroups
of symmetric group Sp of order p!. They are isomorphic but not similar
(groups are not conjugated by some permutation from Sp ). So they are
distinct transformation groups.
DLP problem can be considered formally for any finite transformation
group. In fact even the case of group Z∗n , where n is a composite num-
ber, is not investigated properly. We can consider the following natural
generalisations of DLP for F∗p .
It is well known that each permutation from Sp can be written in the
form of polynomial transformation x → f (x). We can identify F∗p with
totality of maps x → ax of degree 1, where a 6= 0.
The simplest generalisation DLP can be obtained by the change of the
pair F∗p , Sp on the pair of groups GLn (Fp ) (general linear group over Fp ) and
symmetric group Spn . Recall that GLn (Fp ) consists of all bijective linear
transformations x → xA of the vector space Fnp , where A is non singular
quadratic matrix with entries from Fp . Notice, that each permutation from
Spn can be written in the form x → F (x), where F is a bijective polynomial
map from the vector space Fnp onto itself. Similarly to the case n = 1 we
can identify GLn (Fp ) with totality of invertible polynomial maps x → xA of
degree 1. It is clear that GL1 (Fp ) = F∗p and we have natural generalisation
of classical DLP.
The natural second step of generalisation DLP is the change of the field
132 6. On multivariate cryptography, algebraic groups and graphs
Fp on the general finite commutative ring K, vector space Fnp onto free
module Kn , symmetric group Spn onto Cremona group C(Kn ) of all bijective
polynomial maps F of Kn onto Kn such that the inverse map F −1 is also a
polynomial one.
The DLP problem for the cyclic group generated by nonlinear transfor-
mation g of order t from Cremona group C(Kn ), i.e. problem of solving
g k = h is more difficult than the problem of finding h−1 . If x is known
together with t, then our equation can be written in the form g t−k = h−1
and we are computing the inverse map for b, last computation generally
2
requires dO(n ) operations, where d is the degree of polynomial map g.
Cremona group C(Kn ) is an important object of algebraic geometry.
There are many open questions connected with cryptographical aspects
about this group. For instance, let AGLn (K) be the totality of all invertible
affine maps of Kn onto itself, i.e. maps x → xA + b, where x and b are
row vectors from V and A is invertible square matrix with entries from K.
Describe subgroups X of C(Kn ) containing AGLn (K) as a subgroup. This
problem is still open.
In the next section we consider new problem of construction families of
polynomial maps g = gn ∈ C(Kn ) of large order (order of gn is going to
infinity with the growth of n) and small degree (bounded by small constant)
for all powers g k of g (iteration of g with itself). Such maps can be used as
bases for DLP.
x1 → g1 (x1 , x2 , . . . , xn ),
x2 → g2 (x1 , x2 , . . . , xn ),
...
xn → gn (x1 , x2 , . . . , xn ).
H ′ = f −1 Hf
will be also a stable group, but for ”most pairs” f and H group H ′ will be
of degree degf × degf −1 ≥ 4 because of nonlinearity f and f −1 .
So the problem of construction an infinite families of subgroups Gn in
C(Kn ) of degree 2 and 3 may attract special attention.
c = τ1 Fn τ2 (m)
where Fn = Fi1 ,i2 ,...,is ,n = gi1 ,n gi2 ,n . . . gis ,n . Decryption process is as follows:
where
Fn−1 = gi−1 g −1 . . . gi−1
s ,n is−1 ,n 1 ,n
.
Public-key algorithm
We assume that password as a string i1 , i2 , . . . , is . Alice pick up parameter n.
6.5. On the projective limits of stable subgroups and corresponding multivariate
cryptosystems 135
She sends the cubical symbolic map F to Bob. The next step is for Alice
to pick a secret integer nA that she does not reveal to anyone, while at
the same time Bob picks an integer nB that he keeps secret.
2. Alice and Bob use their secret integers (nA and nB , respectively) to
compute A = F nA and B = F nB in Cremona group, respectively. Re-
call, that they use composition of multivariable map f with itself. After
136 6. On multivariate cryptography, algebraic groups and graphs
3. Finally, Alice and Bob again use their secret integers to compute KAB =
B nA = (f nB )nA = f nA nB , and KAB = AnB = (f nA )nB = f nA nB , respec-
tively.
Recall, that, g is cubical map if has a form
Example 6.6.1. Let us consider family of graphs D(n, K) over finite com-
mutative ring K. Let ND,t,n be the operator of taking the neighbour of
the vertex from Kn ∪ Kn . Let GD (n, K) be the group of cubical trans-
formations from C(Kn ) generated by ND,t1 ,n ND,t2 ,n , t1 , t2 ∈ K. The pro-
jective limit GD (K) is well defined and we can use described above cryp-
tosystem. The string t1 , t2 , . . . t2s of ring elements produce irreversible
string ND,t1 ,n ND,t2 ,n , . . . , ND,t2s−1 ,n ND,t2s ,n if the product d of ti + ti+1 ,
i = 1, 2, . . . , 2s − 1 is antinilpotent ring element, i.e. dx 6= 0 for each positive
integer x.
Example 6.6.2. Let us consider family of graphs A(n, K) over finite com-
mutative ring K. Let NA,t,n be the operator of taking the neighbour of
the vertex from Kn ∪ Kn Let GA (n, K) be the group of cubical transfor-
mations from C(Kn ) generated by NA,t1 ,n NA,t2 ,n , t1 , t2 ∈ K. The pro-
jective limit GA (K) is well defined and we can use described above cryp-
tosystem. The string t1 , t2 , . . . t2s of ring elements produce irreversible
string NA,t1 ,n NA,t2 ,n , . . . , NA,t2s−1 ,n NA,t2s ,n if the product d of ti + ti+1 ,
i = 1, 2, . . . , 2s − 1 is antinilpotent ring element.
6.7. On Multivariate Cryptography with stable groups and Extremal Graph
Theory 137
The best known lower bound for d 6= 2, 3, 5 had been obtained in [82]:
The construction of graphs L(n, q) and B(n, q) implies the following result
(the best known upper bounds on v(k, C4n ) (see [84]).
n−2
v(k, C4n ) ≤ (k + 1)q (3/4) (6.8.1)
(3/4)n−2
v(k, C4n ) ≤ kb (6.8.2)
It is clear, that for some very special k the bound 6.8.2 is better then
6.8.
By Chebyshev’s Theorem for a fixed integer k ≥ 3 there is always a
prime between k and 2k − 2. For any e ≥ 0 and k > k0 (e), this interval can
be narrowed to [k, k + k 2/3+e ].
The best known bound for v(k, 2n), n is odd, follows from the bound on
v(k, 2n):
Let k ≥ 2 and g ≥ 5 be integers, and let q denote the smallest odd prime
power for which k ≤ q. Then
g−α
v(k, g) ≤ 2kq (3/4) (6.8.3)
PLATE I
SYSTEM OF TYPE An (n ≥ 1)
I V is the hyperplane of E = Rn+1 consisting of the points the sum of
whose coordinates is zero.
Roots: ei − ej (i 6= j, 1 ≤ i ≤ n + 1, 1 ≤ j ≤ n + 1).
Number of roots: N = n(n + 1)
II Basis: α1 = e1 − e2 , α2 = e2 − e3 , . . . , αn = en − en+1
Positive roots:
X
ei − ej = αk (1 ≤ i < j ≤ n + 1),
i≤k<j
for n = 1:
for n ≥ 2:
145
PLATE II
SYSTEM OF TYPE Bn (n ≥ 2 )
I V = E = Rn .
Roots: ±ei (1 ≤ i ≤ n), ±ei ± ej (1 ≤ i < j ≤ n).
Number of roots: N = 2n2
II Basis: α1 = e1 − e2 , α2 = e2 − e3 , . . . , αn−1 = en−1 − en , αn = en .
Positive roots:
X
ei = αk (1 ≤ i ≤ n),
i≤k≤n
X
ei − ej = αk (1 ≤ i < j ≤ n)
i≤k<j
X X
ei + ej = αk + 2 αk (1 ≤ i < j ≤ n),
i≤k<j j≤k≤n
for n = 2:
147
for n ≥ 3:
PLATE III
SYSTEM OF TYPE Cn (n ≥ 2 )
I V = E = Rn .
Roots: ±2ei (1 ≤ i ≤ n), ±ei ± ej (1 ≤ i < j ≤ n).
Number of roots: N = 2n2 .
X
ei − ej = αk (1 ≤ i < j ≤ n)
i≤k<j
X X
ei + ej = αk + 2 αk + αn (1 ≤ i < j ≤ n),
i≤k<j j≤k<n
X
2ei = αk + αn (1 ≤ i ≤ n)
i≤k<n
PLATE IV
SYSTEM OF TYPE Dn (n ≥ 1)
I V = E = Rn
Roots: ±ei ± ej (1 ≤ i < j ≤ n); (ei ) the canonical basis of Rn .
Number of roots: N = 2n(n − 1)
II Basis: α1 = e1 − e2 , α2 = e2 − e3 , . . . , αn−1 = en−1 − en , αn = en−1 + en .
Positive roots:
X
ei − ej = αk (1 ≤ i < j ≤ n),
i<k<j
X
ei + en = αk + αn (1 ≤ i < n),
i≤k≤n−2
X X
ei + ej = αk + 2 αk + αn−1 + αn (1 ≤ i < j < n),
i≤k<j j≤k<n−1
V Highest root:
PLATE V
SYSTEM OF TYPE E6
I V is the subspace of E = R8 consisting of the points whose coordinates
(xi ) are such that x6 = x7 = −x8 .
Roots: ±ei ± ej (1 ≤ i < j ≤ 5),
5
X 5
X
1
± (e8 − e7 − e6 + (−1)ν(i) ei ) with ν(i) even
2
i=1 i=1
Positive roots with at least one coefficient ≥ 2 we denote the root aα1 +
bα2 + cα3 + dα4 + eα5 + f α6 by a c db e f
V Highest root:
1
α̃ = (e1 + e2 + e3 + e4 + e5 − e6 − e7 + e8 )
2
= α1 + 2α2 + 2α3 + 3α4 + 2α5 + α6 .
153
PLATE VI
SYSTEM OF TYPE E7
I V is hyperplane in E = R8 ortogonal to e7 + e8 .
Roots: ±ei ± ej (1 ≤ i ≤ j ≤ 6), ±(e7 − e8 ).
6
X 6
X
1 ν(i)
± (e7 − e8 + (−1) ei ) with ν(i) odd
2
i=1 i=1
PLATE VII
SYSTEM OF TYPE E8
I V = E = R8 .
Roots: ±ei ± ej (i < j),
8 8
1X X
(−1)ν(i) ei with ν(i) even.
2
i=1 i=1
V Highest root: α̃ = e7 +e8 = 2α1 +3α2 +4α3 +6α4 +5α5 +4α6 +3α7 +2α8 .
VI Completed Coxeter-Dynkin diagram:
PLATE VIII
SYSTEM OF TYPE F4
I V = E = R4 .
Roots:
±ei , (1 ≤ i ≤ 4), ±ei ± ej (1 ≤ i < j ≤ 4),
1
(±e1 ± e2 ± e3 ± e4 ).
2
Number of roots: N = 48.
II Basis: α1 = e2 − e3 , α2 = e3 − e4 , α3 = e4 , α4 = 21 (e1 − e2 − e3 − e4 ).
Positive roots:
1
ei (1 ≤ i ≤ 4), ei ± ej (1 ≤ i < j ≤ 4), (e1 ± e2 ± e3 ± e4 ).
2
Positive roots with at least one coefficient ≥ 2, we denote the root
aα1 + bα2 + cα3 + dα4
PLATE IX
SYSTEM OF TYPE G2
I V is hyperplane in E = R3 with equation x1 + x2 + x3 = 0.
Roots:
±(2e2 − e1 − e3 ), ±(2e3 − e1 − e2 ).
Number of roots: N = 12.
II Basis: α1 = e1 − e2 , α2 = −2e1 + e2 + e3 .
Positive roots: α1 , α2 , α1 + α2 , 2α1 + α2 , 3α1 + α2 , 3α1 + 2α2 ,
(more details reader can find in [15]).
III Coxeter number: h = 6.
IV Coxeter diagram:
[1] E. Artin, Galois Theory, Lectures Delivered at the University of Notre Dame
Notre Dame Mathematical Lectures, Number 2 Notre Dame, Indiana : Uni-
versity of Notre Dame, 1971. 2nd edition 82 pp.
[2] E. Bannai, N. Ito, Algebraic Combinatorics.
[3] A. Beutelspachera, Enciphered Geometry. Some Applications of Geometry
To Cryptography, Annals of Discrete Mathematics, V.37, 1988, 59-68.
[4] C.T. Benson, Minimal regular graphs of girth eight and twelve, Canadien
Journal of Mathematics, (18):1091- 1094, 1966.
[5] C. Berrou, A. Glavieux and P. Thitimajshima, Near Shannon limit
error-correcting coding and decoding: turbo-codes, ICC 1993, Geneva,
Switzerland, pp. 1064-1070, May 1993.
[6] F. Bien, Constructions of telephone networks by group representations, No-
tices Amer. Mah. Soc., 36 (1989), 5-22.
[7] N. Biggs, Algebraic Graph Theory (2nd ed), Cambridge, University Press,
1993.
[8] N.L. Biggs, Graphs with large girth, Ars Combinatoria, 25C (1988), 73–80.
[9] N.L. Biggs and A.G. Boshier, Note on the Girth of Ramanujan Graphs,
Journal of Combinatorial Theory, Series B 49, pp. 190–194 (1990).
[10] B. Bollobás, Extremal Graph Theory, Academic Press, London, 1978.
[11] B. Bollobás, Random Graphs, Academic Press, London, 1985.
[12] J.A. Bondy and M.Simonovits, Cycles of even length in graphs, J. Com-
bin.Theory, Ser. B, 16 (1974) 87-105.
[13] A. Borovik, Matroids and Coxeter groups, In: Survey in Combinatorics 2003,
London Math Soc. Lect. Notes Ser., vol 307, Cambridge University Press,
2003, 79-114.
[14] A. Borovik, I. Gelfand, N. White, Combinatorial flag varieties, J. Comb.
Theory (A), 2000, v. 91, 111-136.
[15] N. Bourbaki, Lie Groups and Lie Algebras, Chapters 1 - 9, Springer,
1998-2008.
[16] A. Brower, A. Cohen, A. Nuemaier, Distance regular graphs, Springer, Berlin,
1989.
[17] A. A. Bruen D. L. Wehlau, Error-Correcting Codes, Finite Geometries and
Cryptography, AMS, 2010.
[18] F. Buekenhout, Diagrams for geometries and groups, J. Comb. Theory, Ser.
A., 27,1979, pp 261-285.
[19] F. Buekenhout (Editor), Handbook on Incidence Geometry, North Holland,
Amsterdam, 1995.
162 Bibliography
ilies of 2k-cycle free graphs, J. Combin. Theory, ser B, 60, No. 2 (1994),
293-298.
[81] F. Lazebnik, V. Ustimenko, Explicit construction of graphs with an arbitrary
large girth and of large size, Discrete Appl. Math. , 60, (1995), 275 - 284.
[82] F. Lazebnik, V. A. Ustimenko and A. J. Woldar, A New Series of Dense
Graphs of High Girth, Bull (New Series) of AMS, v.32, N1, (1995), 73-79.
[83] F. Lazebnik, V.A. Ustimenko, A.J. Woldar, A characterisation of the com-
ponents of the graph D(k, q), Discrete Mathematics, 157 (1996), 271-283.
[84] F. Lazebnik,V.A. Ustimenko, A.J. Woldar, New upper bounds on the order
of cages, Electronic J. Combin. 14 R13 (1997), 1–11.
[85] F. Lazebnik, V. A. Ustimenko and A. J. Woldar, Polarities and 2k-cycle-free
graphs, Discrete Mathematics, 197/198, (1999), 503–513.
[86] Lih-Chung Wang, Bo-yin Yang, Yuh-Hua Hu, Feipei Lai, A Medium- Field
Multivariate Public key Encryption Scheme, CT-RSA 2006: The Cryptogra-
phers Track at the RSA Conference 2006, LNCS 3860, 132- 149, Springer,
2006
[87] A. Lubotsky, R. Philips, P. Sarnak, Ramanujan graphs, J. Comb. Theory.,
115, N 2., (1989), 62-89.
[88] M. G. Luby, M. Mitzenmacher, M. A. Shokrollahi and D. A. Spielman, Im-
proved Low-Density Parity-Check Codes Using Irregular Graphs and Belief
Propagation, in ISIT 98-IEEE International Symposium of Information The-
ory, p 171, Cambridge, USA,1998.
[89] D. J. C. MacKay, R. M. Neal, Good Codes Based on Very Sparse Matrices, in
Cryptography and Coding 5th IMA Conference, pp. 100-111, Berlin, 1995.
[90] D. J. C. MacKay, Good error correcting codes based on very sparse matrices,
IEEE Trans. Information Theory, pp. 399-431, March 1999.
[91] D. MacKay and M. Postol,Weakness of Margulis and Ramanujan Margulis
Low Dencity Parity Check Codes, Electronic Notes in Theoretical Computer
Science, 74 (2003), 8pp.
[92] W. Magnus, A. Karrass, D. Solitar, Combinatorial group theory, Interscience
publ., 1966.
[93] G. A. Margulis, Explicit construction of graphs without short cycles and low
density codes, Combinatorica, 2, (1982), 71-78.
[94] G. Margulis, Explicit group-theoretical constructions of combinatorial
schemes and their application to desighn of expanders and concentrators,
Probl. Peredachi Informatsii., 24, N1, 51-60. English translation publ. Jour-
nal of Problems of Information transmission (1988), 39-46.
[95] M. Margulis, Arithmetic groups and graphs without short cycles, 6th Intern.
Symp. on Information Theory, Tashkent, abstracts, vol. 1, 1984, pp. 123-125
(in Russion).
[96] T. Matsumoto, H. Imai H, Public quadratic polynomial-tuples for efficient
signatureverification and message-encryption, Eurocrypt 88, Springer-Verlag
(1988), pp. 419-453.
[97] T. Moh, A public key system with signature and master key functions, Com-
mun. Algebra, vol. 27, no. 5, pp. 2207-2222, 1999.
[98] H. L. Montgomery, Topics in Multiplicative Number Theory, Lecture Notes
in Mathematics 227, Springer Verlag, New York, 1971.
166 Bibliography
[138] R. Michiel Tanner, A recursive approach to low density codes, IEEE Trans.
on Info Th., IT, 27(5):533-547, Sept.1984.
[139] J. A. Thas, Generalised polygons, in F. Buekenhout (ed), Handbook in Inci-
dence Geometry, Ch. 9, North Holland, Amsterdam, 1995.
[140] J. Tits, Sur la trialite at certains groupes qui s’en deduicent, Publ. Math.
I.H.E.S. 2 (1959), 15-20.
[141] J. Tits, Les groupes simples de Suzuki et de Ree, Seminaire Bourbaki 13
(210), 1960/1961, 1-18.
[142] J. Tits, Buildings of spherical type and Finite BN -pairs, Lecture Notes in
Math, Springer Verlag, 1074.
[143] J. Tits, Buildings and Buekenhout geometries, Finite Simple Group 2, Symp.
Durham, July-August, 1978, Proc. London Math. Soc., 1980,p. 309-320.
[144] A. Touzene, V. Ustimenko, Graph Based Private Key Crypto System, Inter-
national Journal on Computer Research, Nova Science Publisher, volume 13
(2006), issue 4, 12p.
[145] V. D. Tonchev, Error-correcting codes from graphs, Discrete Math. 257
(2002), 549-557.
[146] A. Touzene, V. Ustimenko,Private and Public Key Systems Using Graphs
of High Girth, In ”Cryptography Research Perspectives”, Nova Publishers,
Ronald E. Chen (the editor), 2008, pp.205-216
[147] A. Touzene, V. Ustimenko, Marwa AlRaissi, Imene Boudelioua, Performance
of algebraic graphs based stream-ciphers using large finite fields, Annales
UMCS, Informatica IssueVolume 11, Number 2 / 2011, 81-93
[148] W. Tutte, A family of cubical graphs, Proc. Cambridge Philos. Soc. 43 (1945).
[149] V. A. Ustimenko, On some properties of Chevalley groups and their gen-
eralisations, In: Investigations in Algebraic Theory of Combinatorial ob-
jects, Moskow, Institute of System Studies, 1985, 134 - 138 (in Russian),
Engl.trans.: Kluwer, Dordrecht, 1992, pp. 112-119
[150] V. A. Ustimenko, Geometries of twisted simple groups of Lie type as objects
of linear algebra, in Questions of Group Theory and Homological Algebra,
University of Jaroslavl, Jaroslavl, 1990, 33-56 (in Russian).
[151] V. A. Ustimenko, Linear interpretation of Chevalley group flag geometries,
Ukraine Math. J. 43, Nos. 7,8 (1991), pp. 1055–1060 (in Russian).
[152] V. A. Ustimenko, Coordinatisation of regular tree and its quotients, in
”Voronoi’s impact on modern science”, eds P. Engel and H. Syta, book 2,
National Acad. of Sci, Institute of Matematics, 1998, 228p.
[153] V. A. Ustimenko, On the Varieties of Parabolic Subgroups, their Generaliza-
tions and Combinatorial Applications, Acta Applicandae Mathematicae 52
(1998): pp. 223–238.
[154] V. Ustimenko, CRYPTIM: Graphs as Tools for Symmetric Encryption, in
Lecture Notes in Computer Science, Springer, 2001, v. 2227, 278-287.
[155] V. A. Ustimenko, Graphs with Special Arcs and Cryptography, Acta Appli-
candae Mathematicae, vol. 71, N2, November 2002, 117-153.
[156] V. Ustimenko, A. Woldar, Extremal properties of regular and affine gen-
eralised polygons of tactical configurations, European Journal of Combina-
torics, 24 (2003) 99–111.
[157] V. Ustimenko, Maximality of affine group and hidden graph cryptsystems,
Bibliography 169
unitriangle group, 17
Ustimenko graph, 41