Mathematical Foundations

01 // The Why

Everything after this chapter runs on algebra

Symmetric cryptography hides data behind a shared key. Public-key cryptography does something stranger: it creates mathematical relationships where one direction is easy and the reverse is practically impossible. That trick requires a very particular kind of arithmetic.

What structure does arithmetic need?

Think about what cryptography actually requires. You need to combine numbers in a way that is predictable (the same inputs always produce the same output). You need the result to stay within a fixed range (keys have fixed sizes). And you need to be able to undo every operation (if you encrypt, you must be able to decrypt).

These are not arbitrary requirements. They are constraints that the math itself must satisfy. This chapter identifies the minimal structures that meet those constraints: groups, finite fields, and elliptic curves. Once you see why each structure exists, the protocols in the next chapters will feel inevitable rather than mysterious.

02 // Groups

A set with one rule

Cryptography needs operations that can be undone. You encrypt, you must be able to decrypt. You sign, someone must be able to verify. What is the absolute minimum structure an operation needs to be reliably reversible?

Starting from the need

Imagine you have a set of values and one operation that combines any two of them. For this to be useful in cryptography, you need four things. First, the result of combining two values must stay in the set (you can not produce a key that is outside your key space). Second, the order of grouping does not matter: $(a \star b) \star c = a \star (b \star c)$ . Third, there must be a neutral element that does nothing (an identity). Fourth, every element must have a partner that undoes it (an inverse).

A set with an operation satisfying these four properties is called a group. These are not arbitrary axioms. They are the consequences of needing reversibility.

The four axioms

1. Closure

Combining two elements always produces another element in the set.

2. Associativity

$(a \star b) \star c = a \star (b \star c)$

3. Identity

There exists an element $e$ such that $a \star e = e \star a = a$ .

4. Inverse

For every $a$ , there exists $a^{-1}$ such that $a \star a^{-1} = e$ .

A group you already know

Clock arithmetic

Take the numbers 0 through 11 and add them mod 12. You already use this group every time you read a clock: $9 + 5 \equiv 2 \pmod{12}$ .

Closure: any sum mod 12 stays in $\{0, \ldots, 11\}$ .

Identity: 0 is the neutral element.

Inverse: the inverse of 5 is 7, because $5 + 7 = 12 \equiv 0 \pmod{12}$ .

The group that matters for cryptography is not clock addition. It is the set $\{1, 2, \ldots, p{-}1\}$ under multiplication mod a prime $p$ . This is written $\mathbb{Z}_p^*$ . Its identity element is 1, and every element has a multiplicative inverse. The order of this group (the number of elements) is $p - 1$ .

03 // Generators

One element that reaches everywhere

In Diffie-Hellman, Alice and Bob start from a single public number and generate their keys by raising it to secret powers. How can one number reach every possible key? And what happens if it can not?

Why the starting point matters

Take a number $g$ and repeatedly multiply it by itself mod $p$ : $g^1, g^2, g^3, \ldots$ Some starting values $g$ will eventually visit every element in the group before cycling back. These are called generators. Others only reach a subset and loop back early.

If Diffie-Hellman uses a generator, the shared secret could be any element in the group, and an attacker must search the entire space. If it uses a non-generator, the secret is confined to a smaller subgroup, and the attacker's job gets easier. A group where a single element generates everything is called a cyclic group. The order of an element is the number of distinct values it visits before returning to 1.

Lagrange's theorem: the order of any element always divides the order of the group. In $\mathbb{Z}_p^*$ , the group order is $p - 1$ , so every element's order divides $p - 1$ . A generator has order exactly $p - 1$ . Explore this yourself in the demo below.

Group Explorer

Prime p

Element g

Colored = generators

Generator

$g = 3$ in $\mathbb{Z}_{7}^*$

3¹ = 3 → 3² = 2 → 3³ = 6 → 3⁴ = 4 → 3⁵ = 5 → 3⁶ = 1 → 1

Order: 6 (visits 6 of 6 elements)

04 // Finite Fields

Arithmetic that wraps around

A group gives you one reversible operation. But public-key cryptography often needs two: multiplication to encrypt and addition on exponents to construct decryption keys. Elliptic curves need both point addition and scalar multiplication. A set where both operations work together is called a field.

Why the modulus must be prime

Take the integers $\{0, 1, 2, \ldots, p{-}1\}$ and do arithmetic mod $p$ . Addition works for any modulus. But multiplication needs every nonzero element to have an inverse, and that only works when $p$ is prime.

Try mod 6: what is $2^{-1}$ ? You need a number $x$ such that $2x \equiv 1 \pmod{6}$ . Check every possibility: $2 \times 0 = 0$ , $2 \times 1 = 2$ , $2 \times 2 = 4$ , $2 \times 3 = 0$ , $2 \times 4 = 2$ , $2 \times 5 = 4$ . None of them give 1. The element 2 has no inverse. The field breaks.

With a prime $p$ , this never happens. Every nonzero element has an inverse. The set $\{0, 1, \ldots, p{-}1\}$ with addition and multiplication mod $p$ is the finite field $GF(p)$ , also written $\mathbb{F}_p$ .

Field Arithmetic

Prime modulus

Composite (broken)

Result

3 + 5 \equiv {\color{#00e5a0}1} \pmod{7}

05 // Elliptic Curves

Points that form a group

Groups and finite fields gave us reversible arithmetic on numbers. Elliptic curves create a different kind of group where the elements are points on a curve and the operation is geometric. This is the structure that modern cryptography actually uses.

What is an elliptic curve?

An elliptic curve is the set of points $(x, y)$ satisfying an equation of the form $y^2 = x^3 + ax + b$ . Over the real numbers, this produces a smooth curve with a distinctive shape. The specific values of $a$ and $b$ determine the curve.

These points form a groupunder a special addition operation: you can "add" any two points and get another point on the curve, just like multiplying numbers in $\mathbb{Z}_p^*$ . The identity element is a special "point at infinity" $\mathcal{O}$ that acts like zero in addition: $P + \mathcal{O} = P$ for any point $P$ .

Point addition

To "add" two points P and Q on the curve, draw a straight line through them. That line intersects the curve at exactly one more point. Reflect that intersection over the x-axis, and the result is P + Q. When P and Q are the same point, the line becomes the tangent at P, and you get point doubling: $2P = P + P$ .

Scalar multiplication is repeated addition: $kP = P + P + \cdots + P$ ( $k$ times). Computing $kP$ is fast using a doubling-and-adding algorithm, similar to repeated squaring for modular exponentiation. But given $P$ and $Q = kP$ , recovering $k$ is the Elliptic Curve Discrete Logarithm Problem (ECDLP). Same trapdoor as the integer discrete log, different math.

Elliptic Curve Visualizer

The curve $y^2 = x^3 - x + 1$ plotted over the real numbers. Explore how point addition works geometrically and how scalar multiplication produces unpredictable-looking jumps.

(-1.00, 1.000)

(2.00, 2.646)

R = P + Q

(-0.699, -1.165)

Draw a line through P and Q (yellow dashed). It intersects the curve at a third point R' (yellow dot). Reflect R' over the x-axis (red dashed) to get the result R (green dot).

06 // Curves Over Finite Fields

From smooth curves to scattered points

The previous section showed elliptic curves over real numbers with smooth, continuous geometry. But real numbers have infinite precision, which computers cannot handle. Moving the same equation to a finite field changes the picture completely.

Why move to finite fields?

Over $GF(p)$ , the equation $y^2 \equiv x^3 + ax + b \pmod{p}$ defines a finite set of points where both $x$ and $y$ are integers mod $p$ . The smooth curve becomes a scattered cloud of discrete points. The geometry vanishes, but the algebra (the point addition formulas) works exactly the same way.

This is what P-256 actually computes. The prime $p$ is a 256-bit number, the curve has roughly $p$ points (by Hasse's theorem), and the ECDLP is hard because there is no geometric shortcut in a finite field. The points look random, and an attacker cannot exploit the visual structure that exists over the reals.

Elliptic Curves Over Finite Fields

Over real numbers (smooth)

Smooth curve with infinitely many points

Over GF(23) (discrete)

23 discrete points (including ∞). Click two to add them.

Click a point on the finite field curve to select it.

This is what P-256 actually computes. The same equation, but with a 256-bit prime. The scattered dots you see here are the same structure that secures every TLS connection, just with roughly $2^{256}$ points instead of 23.

07 // What You Learned

The algebra behind every protocol

Every concept in this chapter exists because a cryptographic protocol demanded it.

Key Exchange

Generators power Diffie-Hellman

The key exchange protocol picks a generator of $\mathbb{Z}_p^*$ so that the shared secret could be any group element. A non-generator would confine it to a smaller, breakable subgroup.

Asymmetric Encryption

Finite fields make curves computable

Elliptic curves over $GF(p)$ replace infinite precision with modular arithmetic. The algebra works the same, but now everything fits in 256 bits and the discrete logarithm problem is hard.

Signatures

Group structure enables signing

Digital signature schemes like ECDSA and Ed25519 rely on the group structure of elliptic curves. The discrete log trapdoor lets you sign with a private key and verify with the public one.

You now have the vocabulary. Groups give reversible operations. Finite fields make them computable with two operations. Elliptic curves define a new kind of group on points. Moving those curves to finite fields creates the trapdoor that public-key cryptography depends on. The next chapter puts it all to work.

MathematicalFoundations