2014 PhD Summer School    in Discret  e Ma  themati cs                                              Mark Ellingham ■ Mariusz Meszka ■ Primož Moravec ■ Enes Pasalic FAMNIT LECTURES ■ FAMNITOVA PREDAVANJA ■  2014 PhD Summer School in Discrete Mathematics Famnit Lectures │ Famnitova predavanja │ 3 2014 PhD Summer School in Discrete Mathematics Mark El ingham Mariusz Meszka Primož Moravec Enes Pasalic Famnit Lectures 3 | ISSN 2335-3708 2014 PhD Summer School in Discrete Mathematics Dr Mark El ingham, Vanderbilt University, USA Dr Mariusz Meszka, AGH University of Science and Technology, Poland Dr Primož Moravec, University of Ljubljana, Slovenia Dr Enes Pasalic, University of Primorska, Slovenia Published by University of Primorska Press, Titov trg 4, SI-6000 Koper Koper · 2014 Editor-in-Chief Dr Jonatan Vinkler Managing Editor Alen Ježovnik @ 2014 University of Primorska Press www.hippocampus.si Print run · 60 · Not for sale CIP - Kataložni zapis o publikaciji Narodna in univerzitetna knjižnica, Ljubljana 51(082)(0.034.2) TWO thousand and fourteen 2014 Phd summer school in discrete mathematics [Elektronski vir] / Mark El ingham . . [et al.]. - El. knjiga. - Koper : University of Primorska Press, 2014. - (Famnit lectures = Famnitova predavanja, ISSN 2335-3708 ; 3) ISBN 978-961-6832-92-2 (pdf) ISBN 978-961-6832-93-9 (html) 1. El ingham, Mark N. 275179264 O peracijo delno financira Evropska unija, in sicer iz Evropskega socialnega sklada. Projekt se izvaja v okviru Operativnega programa razvoja človeških virov 2007-2013, razvojne prioritete 3: “Razvoj človeških virov in vseživljenjskega učenja”; prednostne usmeritve 3.3 “Kakovost, konkurenčnost in odzivnost visokega šolstva”. Preface This is a collection of lecture notes of the PhD Summer School in Discrete Mathemat- ics, held from June 29 to July 5, 2014, by tradition at Rogla, Slovenia. The organization of this summer school came as a combined effort of the Faculty of Mathematics, Natural Sciences and Information Technologies and the Andrej Marušič Institute at the Univer- sity of Primorska, and the Centre for Discrete Mathematics at the Faculty of Education at the University of Ljubljana. The Scientific Committee of the meeting consisted of Klavdija Kutnar, Aleksander Malnič, Dragan Marušič, Štefko Miklavič and Primož Šparl. The Organizing Committee of the meeting consisted of Iva Antončič, Ademir Hujdurović, Boštjan Frelih and Boštjan Kuzman. The aim of this Summer School was to bring together senior researchers, junior re- searches and PhD students working in Algebraic Graph Theory. The summer school has consisted of lectures given by • Dave Witte Morris, University of Lethbridge, Canada, • Joy Morris, University of Lethbridge, Canada, and four minicourses given by • Mark Ellingham, Vanderbilt University, USA, • Mariusz Meszka, AGH University of Science and Technology, Poland, • Primož Moravec, University of Ljubljana, Slovenia, • Enes Pasalic, University of Primorska, Slovenia. i Contents 1 Mark Ellingham: Construction Techniques for Graph Embeddings 1 1.1 Embeddings of graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Voltage graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3 Current graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4 Bouchet’s diamond sum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 1.5 Transition graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 1.6 Surgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 1.7 Connections with design theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 1.8 Bouchet’s covering triangulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 1.9 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2 Mariusz Meszka: Combinatorial Designs 35 2.1 Balanced incomplete block designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 2.2 Latin squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 2.3 Pairwise balanced designs and group divisible designs . . . . . . . . . . . . . . . 43 2.4 Steiner triple systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 2.5 Resolvable designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 2.6 Other classes of designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2.6.1 Affine and projective planes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 2.6.2 Cycle systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 2.6.3 G -designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 2.6.4 t -designs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 2.6.5 Room squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 2.6.6 Hadamard matrices and designs . . . . . . . . . . . . . . . . . . . . . . . . . . 53 2.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3 Primož Moravec: Some Topics in the Theory of Finite Groups 55 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 3.2 Basic notions and examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.2.1 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.2.2 Examples of groups and GAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3.2.3 Automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 3.2.4 Group actions and Sylow’s theorems . . . . . . . . . . . . . . . . . . . . . . . 69 3.2.5 An estimate of the number of finite groups . . . . . . . . . . . . . . . . . . 73 3.2.6 Jordan-Hölder theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 3.2.7 How to draw a group? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 iii iv CONTENTS 3.2.8 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 3.3 Finite simple groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 3.3.1 Faithful primitive actions and Iwasawa’s Lemma . . . . . . . . . . . . . . 81 3.3.2 Symmetric groups and alternating groups . . . . . . . . . . . . . . . . . . . 84 3.3.3 Simplicity of projective special linear groups . . . . . . . . . . . . . . . . . 87 3.3.4 On the classification of finite simple groups (CFSG) . . . . . . . . . . . . 90 3.3.5 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 3.4 Some extension theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 3.4.1 Basic notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.4.2 Semidirect products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 3.4.3 Extensions with abelian kernels . . . . . . . . . . . . . . . . . . . . . . . . . . 95 3.4.4 The Schur-Zassenhaus theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 100 3.4.5 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 3.5 Nilpotent groups and p -groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 3.5.1 Nilpotent groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 3.5.2 Finite p -groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 3.5.3 Enumeration of finite p -groups . . . . . . . . . . . . . . . . . . . . . . . . . . 114 3.5.4 Coclass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 3.5.5 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 3.6 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 4 Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 123 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 4.2 LFSR based stream ciphers and basic definitions . . . . . . . . . . . . . . . . . . . 127 4.3 Equivalence classes of Boolean functions . . . . . . . . . . . . . . . . . . . . . . . . . 136 4.4 Vectorial Boolean functions - substitution boxes . . . . . . . . . . . . . . . . . . . 137 4.5 Vectorial bent functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 4.6 Graph theoretic aspects of Boolean functions . . . . . . . . . . . . . . . . . . . . . . 141 4.7 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Chapter 1 Construction Techniques for Graph Embeddings Mark Ellingham Vanderbilt University, USA SUMMARY Mathematicians have been trying to construct embeddings of specific graphs in surfaces since at least the 1890s. However, until the 1960s the construction techniques were usu- ally fairly ad hoc, although some general ideas such as ‘schemes of cyclic sequences’ had emerged. This changed with the development of current graphs by Gustin and others in the 1960s, which provided a unified framework for many earlier constructions and played an important role in the proof of the Map Colour Theorem. Fifty years later we have a number of useful general tools for constructing embeddings of graphs. These lectures will survey tools of various kinds. We will look at algebraic methods such as cur- rent, voltage and transition graphs; surgical tools such as the diamond sum and adding handles or crosscaps around a vertex; lifting constructions due to Bouchet and his col- laborators; and techniques that use objects from design theory, such as latin squares, to construct embeddings. NOTE ON PRESENTATION: These are lecture notes for a course that will survey a lot of mate- rial in a short amount of time, so the presentation is often informal and rigorous details are omitted. The figures are taken from a number of different sources. Some are hand- drawn, others are drawn using software packages. The author apologizes for the lack of consistency! 1 Mark Ellingham: Construction Techniques for Graph Embeddings 3 1.1 Embeddings of graphs Surfaces Definition: A surface is a 2-manifold without boundary. Examples: sphere, torus, pro- jective plane, Klein bottle (all compact); plane, open Möbius strip (not compact). Theorem, Classification of Surfaces: Every compact surface is homeomorphic to the sphere S 0, a sphere with h ≥ 1 handles added Sh, or a sphere with k ≥ 1 crosscaps added Nk . Definition: Adding a handle: delete a disk, glue a punctured torus on to the boundary. Adding a crosscap: delete a disk, glue a punctured projective plane (i.e., a Möbius strip) on to the boundary. Surfaces Sh, h ≥ 0, are orientable: can define consistent clockwise orientation every- where. Surfaces Nk , k ≥ 1 are nonorientable: can travel in surface, maintaining locally consistent clockwise orientation, in such a way that orientation is reversed when you return to your starting point. In an orientable surface all closed curves are 2 -sided; nonorientable surfaces have 1 - sided closed curves. Question: What if add mixture of handles and crosscaps? Adding a crosscap and a handle is equivalent to adding three crosscaps. Consequently, if add h ≥ 0 handles, k ≥ 1 crosscaps, get N 2 h+ k . Definition: The genus of a surface is the number of added handles or crosscaps: genus of Sh is h, genus of Nk is k . Convention: From now on ‘surface’ means ‘compact surface’ unless otherwise specified. Representing surfaces Polygon representation: Proof of classification theorem shows that every surface can be represented in a standard way as a polygon (possibly a 2-gon) with sides identified in pairs. Use inverse notation when sides identified in opposite directions. Sphere S 0: ( a a −1) Sh, h ≥ 1: ( a 1 b 1 a −1 b −1 . . . a b −1) 1 1 h b h a −1 h h Nk , k ≥ 1: ( a 1 a 1 a 2 a 2 . . . a k a k ) 4 1.1 Embeddings of graphs Surfaces can also be represented in other ways as polygons with identified sides, e.g. ‘usual’ representation of Klein bottle is not standard one. Planar representation with handle or crosscap gadgets: Can also represent surfaces in plane: think of sphere as plane with implicit point at infinity, then add handles or crosscaps which we treat as ‘gadgets’ allowing curves to cross in certain ways. We can mix the above two representations: use polygon representation and then add handles or crosscaps. Mark Ellingham: Construction Techniques for Graph Embeddings 5 Graph embeddings Definition: Loosely, an embedding Ψ of graph G in surface Σ, which we denote Ψ : G → Σ, is a drawing of G in Σ with no crossing edges. Can make this rigorous, but concept should be clear. Can represent embedding by drawing on either representation above (polygon with iden- tified sides, or plane plus handle/crosscap gadgets), or on mixed representation. But if embedding nice, can represent in purely combinatorial ways or by simpler draw- ings. Definition: Embedding of graph is cellular or open 2-cell or just 2 -cell if every face is homeomorphic to an open disk. What prevents an embedding being 2-cell? Face has multiple boundary components, or face contains handles or crosscaps. Even stronger definition: embedding is closed 2 -cell if the closure of every face is home- omorphic to a closed disk. Equivalent to open 2-cell and boundary of every face is a cycle (not just a closed walk) in the graph. Closed 2-cell embeddings give cycle double covers. Closed 2-cell is usually a stronger property than we need or want. Representation of 2-cell embeddings Since all faces are open disks, just need to know how to glue faces onto graph. Band decompositions or ribbon graphs: Take small disk around each vertex, small band (or strip) along each edge, throw rest of surface away. Get a ‘fattened’ version of graph. Can reconstruct entire surface by gluing a disk along each boundary com- ponent of resulting complex. 6 1.1 Embeddings of graphs Rotation schemes: If our surface is orientable and we know a consistent global clock- wise orientation, we can describe the embedding just by giving the clockwise order ( rotation) of ends of edges at each vertex. This is a pure rotation system. Essentially known by Heffter in 1891, formalized by Edmonds in 1960. More general definition: If we do not know a consistent global clockwise orientation (always true if our surface is nonorientable, but surface could also be orientable) then we use a local clockwise orientation for each vertex to give the order of ends of edges. But then we need to say whether rotations at two ends of an edge match up. An edge is type 0 or signature 1 or untwisted if the local clockwise rotation of the vertex at one end can be followed along the edge and agrees with the local clockwise rotation of the vertex at the other end. Otherwise the edge is type 1 or signature −1 or twisted. A rotation scheme in general consists of the orders of ends of edges around each vertex plus the type of each edge. This is a purely combinatorial description. We can tell if a closed walk in a graph is 1-sided from this. A walk is 1-sided if and only if it contains an odd number of twisted (type 1) edges. Rotation projections: However, it is convenient to represent a rotation scheme geomet- rically by a rotation projection. We just draw the graph in the plane, with edge cross- ings allowed, so that the clockwise order of ends of edges around each vertex agrees with the local clockwise orientation of the surface at that vertex. We indicate twisted (type 1) edges by putting an ‘X’ in the middle of them. Face tracing for rotation projections: We can determine the face boundaries by follow- ing along the sides of edges, taking corners in the natural way, ignoring edge cross- ings, and switching sides in the middle of a twisted edge (at the ‘X’). Mark Ellingham: Construction Techniques for Graph Embeddings 7 Orientability detection for rotation projections: The presence of twisted edges does not necessarily mean the embedding is nonorientable. Take spanning tree, start at root vertex, flip rotations so that all edges in tree become untwisted. Embedding orientable if and only if all edges now untwisted. Gem representation: Due to Neil Robertson, 1971. Make band decomposition into 3- edge-coloured cubic graph: Corner → vertex. Vertex/face boundary → yellow edge. Vertex/edge boundary → red edge. Edge/face boundary → blue edge. Embedded graphs ↔ 3-edge-coloured graphs in which every red-blue cycle (edge) is a 4-cycle. Red-yellow cycles represent vertices, blue-yellow cycles represent faces. Theory of gems developed extensively in book by Bonnington and Little [BL]. q q t t p s p s u u r ↔ r Facial walk description: Give collection of closed walks that cover every edge exactly twice. Can glue a disk along each such walk to get a surface provided have ‘proper rotation’ at each vertex, determined using ‘rotation graph’. Definition: The rotation graph at v has as vertices the ends of edges incident with v . Join two ends of edges if there is a face that passes through them consecutively. Rotation graph is proper if it consists of a single cycle. Rotation graphs useful for building embeddings, basis of idea of transition graphs later. Rotation graphs are useful for relative (partial) embeddings. E.g., rephrasing of theorem of Škoviera and Širá ň, 1986: Given a graph G , a collection of closed walks using each edge at most twice can be completed to an embedding if and only if each rotation graph is a subgraph of a cycle (so is a spanning cycle, or is a collection of paths pos- sibly including isolated vertices). Embedding described by collection of facial walks is orientable if and only if can orient each walk so that every edge is used once in each direction. 8 1.2 Voltage graphs Euler’s formula We have a fundamental counting relationship for graphs with 2-cell embeddings on sur- faces. Euler’s formula: Suppose we have a 2-cell embedding of a connected graph G on a sur- face Σ, where G has v vertices, e edges, and the embedding has f faces. Then v − e + f = χ where χ = χ(Σ) is a constant that depends only on the surface; in particular, χ( Sh) = 2 − 2 h for h ≥ 0 and χ( Nk ) = 2 − k for k ≥ 1. Definition: χ(Σ) is the Euler characteristic and can often be used to handle both ori- entable and nonorientable surfaces at the same time. But often convenient and more intuitive to have a nonnegative number with the same property. Define the Euler genus (Σ) by ( Sh) = 2 h for h ≥ 0 and ( Nk ) = k for k ≥ 1 so that χ(Σ) = 2 − (Σ). Example: K 5 on torus S 1: v = 5, e = 10, f = 5, v − e + f = 5 − 10 + 5 = 0 = 2 − 2 × 1. Important note: For Euler’s formula to work, graph must be connected and embedding must be 2-cell. (There are more general versions that work if we relax these restric- tions, but we need them for the basic formula above.) Euler’s formula and face degrees: Euler’s formula gives an important implication in- volving the degrees of faces (lengths of facial walks) in an embedding. Since = 2 − v + e − f , for a minimum genus embedding of a given graph G (meaning v and e are fixed) we want to maximize f . Since the sum of the face degrees is 2 e , which is fixed, this means we want many faces of small degree. For a simple graph, we want triangular faces. Based on considerations like this we can often find obvious lower bounds on the genus of embeddings of a given graph G . We then want to show that this lower bound can be achieved by constructing an embedding. Exercise: Consider the usual drawing of the prism K 2 Cn , n ≥ 3, (cartesian product) in the plane. (a) If we make every K 2 edge twisted, what is the Euler genus of the corresponding embedding (use Euler’s formula!), and is it orientable or nonorientable? (b) Suppose we instead make every edge of one copy of Cn twisted, but leave all other edges untwisted. Answer the same question. 1.2 Voltage graphs Note: Main reference for this section and next is Gross and Tucker’s book [GT]. My nota- tion and setup is similar to [GT], but not exactly the same. Mark Ellingham: Construction Techniques for Graph Embeddings 9 Voltage graphs Basic construction: Start with base graph G , orient each edge e arbitrarily to get di- rected edge e + in oriented graph G , reverse of e + is e −. (Oriented graph here refers to putting a direction on each edge, nothing to do with surfaces.) Have voltage group Γ (usually assumed to be finite), every edge assigned a weight or voltage α( e +). Implicitly α( e −) = α( e )−1. Form derived graph G α as follows: V ( G α) = V ( G ) × Γ. For each e + from u to v in G with α( e +) = a , add an (oriented) edge ( e +, g ) in G α from ( u , g ) to ( v, g a ) for every g ∈ Γ. (Reverse of ( e +, g ) is ( e −, g a ).) Edge directions can now be ignored. Note: We multiply edge weights on right; could equally well define with edge weights multiplying on left. At this point we have just constructed a graph, no embeddings yet. Remark: A Cayley graph is just a connected graph derived from a 1-vertex base voltage graph. Since G has only one vertex, vertices of G α can be identified with elements of Γ. Embedded voltage graphs Extension to embedded graphs: Suppose base graph G has 2-cell embedding Ψ in sur- face. Describe using rotation projection. Construct 2-cell embedding of derived graph with following additional rules: Around each vertex ( v, g ) of G α the edges follow the order of their images in G (rotations are lifted). Each edge in G α has the same type (untwisted or twisted) as its image in G . Can actually describe in more abstract terms without using rotation projection, but equivalent. Resulting derived embedding Ψ α does not depend on specific rotation projection. Objects in Ψ or G are said to lift to corresponding objects in Ψ α or G α. 10 1.2 Voltage graphs Lifting walks: Suppose u v -walk W in G corresponds to sequence of edges/reverse edges in G that is f 1 f 2 . . . f d . Say net voltage of W is α( W ) = α( f 1) α( f 2) . . . α( f d ). If start at a vertex ( u , g ) in G α and follow lifted walk ˜ W in G α, will end at ( v, g α( W )). In particular, if W is a facial walk in G starting at u , will end at ( u , g α( W )). Will come back to original vertex ( u , g ) if repeat r times where r is the order of α( W ) in Γ. Thus, each face of degree d in G becomes a face of degree d r in G α where r is the order in Γ of the net voltage of the facial walk. Face length does not change exactly when net voltage is the identity (face satisfies Kirchoff Voltage Law, KVL). Orientability: If original embedding of G is orientable, derived embedding will be ori- entable. If original embedding is nonorientable derived embedding could end up being orientable if all 1-sided walks lift to 2-sided walks. Gross and Tucker [GT, 4.1.6] have algorithm based on reducing voltages in a span- ning tree to the identity; won’t discuss details. But if voltage group has odd order all 1-sided closed walks have net voltage of odd order, must be repeated an odd number of times to close up in derived embedding, stay 1-sided, so embedding stays nonorientable. More general voltage graphs Permutation/group action voltage graphs: Gross and Tucker describe ‘permutation voltage graphs’ using permutation groups. Permutation groups are equivalent to group actions so can also describe that way. Suppose have right action of group Γ on set S: for each s ∈ S, g ∈ Γ can form s g obeying natural rules. Then given graph G with edges oriented and voltage α( e +) ∈ Γ for each edge e , can form derived graph with V ( G α) = V ( G ) × S. For each e + from u to v in G with α( e +) = a , add an edge ( e +, s ) in G α from ( u , s ) to ( v, s a ) for every s ∈ Γ. (Reverse of ( e +, s ) is ( e −, s a ).) Can lift embedding of G to derived embedding of G α in same way as for ordinary voltage graphs: lift vertex rotations and edge twists. Final remark: Voltage graphs are straightforward to understand but may not be most convenient representation for particular applications. For very symmetric graphs a voltage graph representation of an embedding may have only one or two vertices and many edges, making it hard to keep track of where the edges go. So will look at alternative, current graphs, and then later another alternative, transition graphs. Mark Ellingham: Construction Techniques for Graph Embeddings 11 1.3 Current graphs Background: Current graphs were invented before voltage graphs, even though less in- tuitive. Used in proof of Map Colour Theorem, determination of minimum genus of complete graphs. Equivalent voltage graphs would have very few vertices, so it would be very hard to keep track of where the edges go. Current graphs are duals of voltage graphs (so apply to embedded voltage graphs). Faces of current graph correspond to vertices in a voltage graph, and vice versa. However, tricky to deal with duals when have edge weights: need to turn them 90◦, but which way? Hard to decide without globally consistent orientation (which never have in nonorientable case, and may not be given in orientable case). See Gross and Tucker [GT] for general treatment. For simplicity we will restrict to current graphs given as rotation projections in plane. Current graphs without twisted edges (hence orientable) Basic construction: We are given oriented graph with weights or currents on edges, from current group Γ. For applications convenient to have two sorts of vertices (although only really need one sort): solid • = clockwise vertices, open ◦ = anticlockwise vertices. Obtain derived embedding as follows: Vertices of derived embedding have form ( f , t ) with f a face of the base graph and t ∈ Γ. To get faces of base graph with globally consistent rotations, trace faces in current graph in such a way that every edge is used once in each direction (trace all clockwise, or all anticlockwise). Order of edges along face f specify rotation around each vertex ( f , t ) in derived embedding. 12 1.3 Current graphs Edges of derived embedding have form ( f , t )( g , t a ), where f and g are faces of base graph meeting along an edge of current a ; decide which way current applies based on rules below. Faces of derived embedding come from vertices of base graph. For each vertex mul- tiply currents of incident edges together in direction of vertex to get net current. Order r of net current in current group specifies how many times that sequence of edges is repeated to give a face of the derived graph, so vertex of degree d yields face of degree d r . If net current of vertex is the identity, say vertex obeys the Kirchoff Current Law, KCL. Then vertex of degree d yields face of degree d . Standard tracing algorithm: at each vertex follow natural rotation; if an edge has vertices of different directions at its ends, cross over in the middle; if we are leaving a clockwise vertex on an edge with face f on left, face g on right, current is a , then in derived graph ( f , t ) is joined to ( g , t a ) for each t ∈ Γ (current acts 90◦ clockwise because vertex is clockwise); for an anticlockwise vertex swap left ↔ right (current acts 90◦ anticlockwise). There are alternative ways to trace faces that are more convenient in some ways. Clockwise-biased tracing algorithm: at clockwise vertices follow natural rotation; at anticlockwise vertices follow reversed rotation; if going along an edge with face f on left, face g on right, current is a , then in derived graph ( f , t ) is joined to ( g , t a ) for each t ∈ Γ (currents always act 90◦ clockwise). Advantage is that we don’t have to worry about vertex rotations until we are actually at vertex. Also less complicated when have to deal with twisted edges, later. Also have anticlockwise-biased tracing algorithm: swap clockwise ↔ anticlockwise, left ↔ right. Can choose whether to use clockwise-biased or anticlockwise-biased algo- rithm depending on whether more clockwise or anticlockwise vertices. Mark Ellingham: Construction Techniques for Graph Embeddings 13 All tracing algorithms give same result. In each case, resulting list of edges, destination faces, and (outgoing) currents is called log of face. In above examples, only one face, and edges uniquely identified by current, so can just write log by listing currents: 8 9 7 4 −2 −9 −1 5 −3 −7 2 6 1 −8 −5 −6 −4 3 Current graphs with twisted edges Principle for handling twisted edges: Twisted edges reverse whether we cross over in the middle of the edge or not. To maintain consistency of rules about the way currents act, when we go through a twist on an edge, current must reverse. Current reverses in middle of edge, so twisted edges have same current going in opposite directions on opposite ends. Modifying standard tracing algorithm: When traverse a twisted edge, cross over in mid- dle if vertices at ends have same direction, do not cross if vertices have opposite di- rections. Modifying clockwise- or anticlockwise-biased tracing algorithms: Always cross over in middle of a twisted edge. Dealing with lack of global orientation in derived graph: Unless base embedding is ac- tually orientable, cannot trace faces in consistent way, using each edge once in each direction. Give each vertex ( f , t ) local (clockwise) rotation based on order edges en- countered when tracing face f . In derived embedding suppose edge e = ( f , t )( g , t a ) is derived from e with f , g on either side. Then e is twisted if both f and g trace e in the same direction, untwisted if they trace it in opposite directions. Example: For 13 current graph above, again just one face, edges uniquely identified by currents. Log of face is 2 1∗ −1∗ −2 6 3∗ −3∗ −6 5 9∗ −9∗ −5 where ∗ denotes twisted edge in derived embedding. Even with twisted edges derived embedding may be orientable (just as for nonorientable voltage graphs). Will always be nonorientable if base graph is actually nonorientable and current group has odd order. 14 1.3 Current graphs Example: See figure above. Face logs need to show edge, current applied, face represent- ing other end in derived embedding, and also whether edges are twisted (denoted by ∗). f : e ∗ e ∗ e ∗ e g : e 1 2 1 3 e 4 4 e 3 e ∗2 3 −1 3 −1 −2 2 1 1 f g f g g f f f We show the equivalent voltage graph. Final remarks on current graphs Map Colour Theorem: Current graphs were used heavily to determine the minimum genus of the complete graph Kn , generally by finding triangular embeddings. This often meant using current graphs with one face (‘index one’) and with most vertices of degree 3 and net (additive) current 0 (satisfying KCL). Ringel’s book on this [Ri] uses current graphs very heavily; presentation sometimes disagrees with modern conven- tions. Using both voltages and currents together: Won’t go into details, but can use voltages and currents simultaneously on an embedding by applying voltages to edges of gem representation, in such a way that net voltage of each red-blue cycle (corresponding to an edge) is the identity. Equivalent to a construction by Dan Archdeacon [Ar92] that puts voltages on edges of medial graph. Exercise: Consider the current graph from Ringel’s Fig. 9.1, shown below. Trace the faces and determine the derived graph. Also determine the distribution of face degrees in the derived embedding. Ringel’s Figure 9.1, slightly modified Mark Ellingham: Construction Techniques for Graph Embeddings 15 In his book Ringel uses this current graph to construct a triangular embedding of K 14 − K 2, the graph obtained by deleting one edge from K 14. How does this work? [Hints: keep only one component; add vertices in large faces.] Exercise: Suppose we have a voltage graph G using group Γ, and we take a vertex v and a constant g ∈ Γ. If we right multiply all voltages on edges into v by g , and left multiply all voltages on edges out of v by g −1, then the derived graph stays unchanged, except that vertex ( v, h) is now labelled vertex ( v, h g ) for each h ∈ Γ. Prove that if we have a gem with assigned voltages, such that the net voltage around every red-blue cycle is the identity, then we can modify the voltages as in the previous paragraph, so that all red and blue edges have identity voltage. [Then all nontrivial voltages are on yellow edges; this is the main step in proving that assign- ing voltages to gems is effectively the same as Archdeacon’s assignment of voltages to the medial graph.] 1.4 Bouchet’s diamond sum Definition: To take the diamond sum of two graphs G and G we take vertices v in G and v in G , so that deg ( ( G v ) = deg G v ), delete the two vertices, and identify their neigh- bours together. We denote this as G G (where v , v , and the particular identification of their neighbours are understood to be known). We can extend this to two embeddings Ψ of G and Ψ of G : when we delete v and v we cut along a curve through their neighbours, and we glue the surfaces together (to get connected sum surface Σ#Σ ). The neighbours must be identified in rotation order. We denote this as Ψ Ψ . Note that if Ψ, Ψ have Euler genus , respectively, then Ψ Ψ has Euler genus + . So if both embeddings are orientable, or both are nonorientable, we can just add the genera of the surfaces. Σ Σ′ | delete, identify, glue ↓ Σ#Σ′ 16 1.4 Bouchet’s diamond sum History: Used by Bouchet [Bo78a] in dual form for new proof of minimum genus of Km, n , 1978. Primal form used by Mohar, Parsons and Pisanski [MPP85], and Magajna, Mo- har and Pisanski [MMP86], mid-1980s. Mohar and Thomassen [MT] give primal ver- sion of Bouchet’s proof in their book and use diamond notation, hence name ‘dia- mond sum’. General form stated by Kawarabayashi, Stephens and Zha [KSZ04]. Theorem: The minimum genus of an orientable genus embedding of Km, n is g( Km, n ) = ( m − 2)( n − 2) / 4 . Proof: This was first proved by Ringel, 1965. But we will give a proof based on the dia- mond sum, following the one in Mohar and Thomassen [MT]. Will use straightforward primal arguments instead of Bouchet’s dual arguments. Euler’s formula and the fact that face degrees must be at least 4 (since graph is simple and bipartite) gives a lower bound of f 0( m , n) = ( m − 2)( n − 2) / 4 on genus, which is achieved if we have a quadrangular embedding (all facial walks are 4-cycles). Since genus is integral, can round up: g( Km, n ) ≥ f ( m , n) = f 0( m , n) = ( m − 2)( n − 2) / 4 . F ( m , n) is the statement that g( Km, n ) = f ( m , n). We prove it for m , n ≥ 2 by induction on m + n by constructing an embedding. Note that F ( m , n) ⇔ F ( n, m ). True if m = 2 or n = 2 so suppose m , n ≥ 3. Claim D: If F ( m , n) and F ( p, n) hold and at least one of f 0( m , n) and f 0( p, n) is integral, then F ( m + p − 2, n) holds. Proof: Take the diamond sum of minimum genus embeddings of Km, n and Kp, n , deleting a vertex in the first part of each bipartition. The resulting graph is Km+ p−2, n with an embedding of genus f ( m , n) + f ( p, n) = f 0( m , n) + f 0( p, n) = f 0( m , n) + f 0( p, n) as long as one of f 0( m , n), f 0( p, n) is integral ( m ( p ( m + p = − 2)( n − 2) + −2)( n −2) = − 4)( n − 2) 4 4 4 = f 0( m + p − 2, n) = f ( m + p − 2, n) and so F ( m + p − 2, n) holds. Mark Ellingham: Construction Techniques for Graph Embeddings 17 Claim B: F (3, 6) and F (4, 4) hold. Proof: Claim S: F ( m , 6) holds for all m . Proof: By repeated diamond sums with K 3,6 we can build up K 3,6 → K 4, 6 → K 5, 6 → . . ., and since f 0(3, 6) = 1 is integral the result follows from Claim D. Claim B+: F ( m , n) holds if m , n ≤ 6. Proof: Use Claim S if m = 6 or n = 6. Claim B covers F (4, 4), and also F (3, 6) from which we also get F (3, 3), F (3, 4) and F (3, 6). We get F (4, 5) from F (4, 6), and F (5, 5) from F (5, 6). Now we just use induction. Without loss of generality m ≤ n and n ≥ 7. Now F ( m , n − 4) and F ( m , 6) give F ( m , n) by Claim D. Nonorientable genus of Km, n : In a similar way can prove that Km, n has nonorientable genus g( Km, n) = ( m − 2)( n − 2) / 2 . Minimum genus of complete tripartite graphs Use of diamond sums suggested by Kawarabayashi, Stephens and Zha [KSZ04]. Used by Ellingham, Stephens and Zha [ESZ06] (together with transition graphs and surgical techniques) to find nonorientable genus of all complete tripartite graphs. Lower bound from Euler’s formulas, conjectured to give actual genus: assume ≥ m ≥ n: g( K , m, n ) ≥ ( − 2)( m + n − 2) / 4 , g( K , m, n ) ≥ ( − 2)( m + n − 2) / 2 . Note that lower bound is just genus of K , m+ n . So if this is really the genus, a min- imum genus embedding of K , m, n just consists of a minimum genus embedding of K , m+ n with the edges of a Km, n inserted into the faces without changing the surface. So diamond sum works in a way similar to complete bipartite graphs, but we have extra edges of a Km, n on one side of the diamond sum. Specifically, we can take diamond sum of K , m, n with Kp, m+ n , deleting vertex in first part of partition of each graph. Result is K + p−2, m, n . Means that we can start with embeddings of K , m, n for only a small number of values of close to m (at worst m , m + 1 in nonorientable case or m , m +1, m +2, m +3 in orientable case: stop at first value where no rounding occurs in formula above) and then get all other values of by diamond sum. Genus of families of graphs from hamilton cycle embeddings The situation with complete tripartite graphs suggested looking at graphs that look like complete bipartite graphs with some extra edges added on one side of the bipartition. Turns out to be related to embeddings where all facial walks are hamilton cycles. 18 1.4 Bouchet’s diamond sum h.c. face ↔ ↔ h.c. h.c. face face Hamilton cycle embedding of some r -regular n -vertex G ↔ Triangular (hence min. genus) embedding of join Kr + G ↔ Quadrangular (hence min. genus) embedding of Kr, n . So the middle step here is a complete bipartite graph with edges added on one side, and the last step tells us that we added edges to a minimum genus embedding of Kr, n . So we can now proceed as follows: Hamilton cycle embedding of r -regular n -vertex G Triangular (hence minimum genus) embedding of join Kr + G | because contains min. genus emb. of Kr, n ↓ Minimum genus embedding of join Kr + H for any spanning subgraph H of G | diamond sum with min. genus embedding of Kn, s− r+2 ↓ Guaranteed minimum genus embedding of Ks + H for all s ≥ r and spanning H ⊆ G . Exercise: Prove that the nonorientable genus of Km, n is ( m − 2)( n − 2) / 2 for m , n ≥ 3, given that this is known to be a lower bound on the genus. First find an embedding of K 3,4 in the projective plane N 1. Then use the diamond sum for induction. Exercise: Suppose we can construct an orientable hamilton cycle embedding of Kn, n, n for some particular n . For what family of graphs (as large as possible) can we then use the diamond sum to obtain minimum orientable genus embeddings? Repeat the question for Kn, n, n, n . Mark Ellingham: Construction Techniques for Graph Embeddings 19 1.5 Transition graphs Comment on the name: In retrospect ‘transition graph’ is not a great name. Should really be called ‘global rotation graphs’ or something like that: name comes from fact that edges in rotation graph represent ‘transitions’ between two edges as we pass through a vertex. General idea: Given an embedded voltage graph, take rotation graph around each vertex Rv . Now for each edge e from u to v identify the vertex of Ru corresponding to an end of e with the vertex of Rv corresponding to the other end of e . Result is actually medial graph of voltage graph. Add some information corresponding to embedding of medial graph, edge twists, voltages. Will not give formal definition. If desired, see [ESZ06]. Scope and usefulness: This is a general construction, equivalent to embedded voltage graphs (or to current graphs). We saw that current graphs were more convenient than voltage graphs for finding trian- gular embeddings of complete graphs. Similarly, transition graphs are more conve- nient for embeddings of regular complete bipartite graphs Km, m with control over face sizes (usually want faces to be either 4-cycles or bamilton cycles). Play a key role in determining genus of complete tripartite graphs. Controlled embeddings of Km, m Motivation: For complete tripartite graphs of form Km, m, n , may get min. genus embed- ding from embedding of Km, m with n hamilton cycle faces, all other faces 4-cycles. Can then add n new vertices in the hamilton cycle faces. For joins of edgeless and complete graphs of form Km + Km , may get min. genus embed- ding from embedding of Km, m with room in faces to add edges of a Km . Structure of a transition graph: Construction has group Γ, directed graph D, vertices (not edges) labelled by voltages in Γ, 7 0 0 = Z 8 edges partitioned into directed cycles, each vertex traversed exactly twice by directed cycles, 6 1 vertices (not edges) may have twist (solid vertex •). For embeddings of Km, m generally have group Γ = 5 2 m , exactly two directed cycles (solid, dashed). Deriving the embedding: 4 3 Directed cycle → vertices indexed by Γ, vertex → class of edges with given “slope”, twisted vertex → twisted edges, directed cycles show rotations. 20 1.5 Transition graphs Example: gives as part of derived embedding b a 4 5 b a 5 4 7 0 0 = Z 8 b a 2 1 3 7 1 2 7 0 3 6 1 4 b a 7 2 4 a b 3 6 5 5 solid 5 2 → a 7 6 i , i ∈ 8 6 0 b a 0 1 dashed → bi , i ∈ 8 b a 2 6 b a 1 0 4 3 Tracing faces: Follow edges in transition graph, 7 0 switching directed cycles at each vertex, at twisted vertex also switch directions. 6 1 Results: (0, 1, 7, 6), (1, 2, 3, 2), (4, 0, 3, 7), (6, 5), (5, 4) – give consecutive slopes (voltages) of edges in faces. 5 2 4 3 b 0 b 1 a b a b b 0 0 0 0 2 a b a b a b 1 1 1 1 3 3 a b a b a b 2 2 2 2 4 4 translate a b a b a b 3 3 3 3 5 5 translate a b a b a b 4 4 4 4 6 6 a b a b a b 5 5 5 5 7 7 a b a b a 6 6 6 6 0 a b a b a 7 7 7 7 1 (0; 1 ; 7 ; 6) (1; 2 ; 3 ; 2) a (6; 5) 2 Advantages of transition graphs • Can be built up from small patterns representing groups of faces of a particular size ( H , I , V , X , S, . . .). • Can be used to build whole families of embeddings at once, by making substitutions involving small patterns (2 H ↔ V , 4 H ↔ 2 X ). • Can be used to build relative (partial) embeddings, then complete with “gadgets” (non-algebraic constructions), when completely algebraic construction is impossi- ble. • Allow very precise control of emb. structure: set up places to add edges; set up ways to extend embedding using vertex duplication or special diamond sums. Mark Ellingham: Construction Techniques for Graph Embeddings 21 Building up from small patterns Easy to build transition graphs from small patterns: specific face sizes. i i i i + k i H I V X i + k i + k i + j i + j + k i + 2 k m g cd (k ; m) = 1 i + 2 one ham. cycle m / 2 4-cycles m 4-cycles m 4-cycles Embedding of K 8,8: X I 7 0 8+8+4+4 = 24 4-cycle faces H 6 1 1 + 1 = 2 ham. cycle faces → min. genus embedding of K 8,8,2 on S 12. 5 2 4 3 Building families of embeddings 11 0 11 0 • Switch 2 H → V (nonorientable): 10 1 10 1 K 12,12 with 10 ham. cycle faces 9 2 9 2 0 ! → Ori. min. genus emb. of K 12,12,10 8 3 8 3 which is modified to give K 7 4 7 4 12,12 with 8, 6, 4, 2 ham. cycle faces 6 5 6 5 → Nonori. min. genus emb. of K 12,12,8 / 6 / 4 / 2 . . . 11 0 10 1 9 2 0 ! 8 3 7 4 6 5 22 1.5 Transition graphs 11 0 11 0 • Switch 4 H → 2 X : 10 1 10 1 K 12,12 with 10 ham. cycle faces 9 2 9 2 → Ori. min. genus emb. of K 0 ! 12,12,10 8 3 8 3 which is modified to give K 12,12 with 6, 2 ham. cycle faces 7 4 7 4 → Ori. min. genus emb. of K 6 5 6 5 12,12,6 / 2 11 0 10 1 9 2 0 ! 8 3 7 4 6 5 Gadgets Sometimes there is no purely algebraic way to construct an embedding of Km, m, n using a transition graph. Instead use a partial transition graph together with a gadget, a set of faces not perfectly symmetric under the action of m , but which easily generalizes. Detailed faces in gadget: Special transition graphs (adding edges) Can also do other things with transition graphs. For example, by controlling the lengths of edges (length of i → j is j − i ) we can control which vertices share faces. If we get edges of one type (solid or dashed) with all possible lengths, means vertices in one class share a face with every other vertex in the same class, so can add a com- plete graph on that side of the bipartition. Used for example to construct orientable minimum genus embeddings of Kn + Kn for even n. Exercise: Find a transition graph that generates a nonorientable embedding of K 14,14 with twelve hamilton cycle faces and all other faces being 4-cycles. [Note: using any V pattern guarantees that you have a nonorientable embedding.] Mark Ellingham: Construction Techniques for Graph Embeddings 23 Now repeat for eleven hamilton cycle faces. These allow us to get minimum nonorientable genus embeddings of K 14,14,12 and K 14,14,11, by adding vertices in the hamilton cycle faces. Can you set up your embed- dings so that by using 2H ↔ V transformations you can also get minimum genus nonorientable embeddings of K 14,14, t for some other values of t ? Set up your original embeddings so that you can cover as many t as possible in this way. Now (if you are not worn out) repeat for orientable embeddings. Besides having different original embeddings, you should use 4H ↔ 2X transformations instead of 2H ↔ V transformations. 1.6 Surgery Surgery (cutting and pasting) can be used in many ways. Two very typical ways are for local modification of embeddings and for recursive constructions. Will give illustra- tions for each. Local modifications Merging faces around a vertex: Can use a single crosscap to merge two faces around the same vertex into a single face. Similarly, can use a handle to merge three faces around the same vertex into a single face. By repeating this process we can merge enough faces around a given vertex v into a sin- gle face so that we can add into the new face a new vertex v that is adjacent to all neighbours of v . We call this duplicating a vertex. See [ESZ06]; similar ideas also used by other people. The problem is often that we wish (when constructing minimum genus embeddings) to use only a certain number of crosscaps or handles. We may have to be careful and creative in how we place the crosscaps or handles. 24 1.6 Surgery Recursive constructions ‘Tripling’ for triangulations of complete graphs: Grannell, Griggs and Širá ň [GGS98] use 2-face-colourable triangulation of Kn to construct 2-face-colourable triangulation of K 3 n−2. (Face colouring is important.) • Take triangulation of Kn , cut out one vertex z , now have Kn−1 on surface with bound- ary S. • Take three copies of S: S 0, S 1, S 2, where v i on Si corresponds to v on S, etc. • For each white triangle t = ( u v w ) cut out t 0, t 1, t 2 and glue on 2-face-colourable toroidal embedding of K 3,3,3 with vertex classes { u 0, u 1, u 2}, { v 0, v 1, v 2}, { w 0, w 1, w 2} which has three black triangles ( u i v i w i ) deleted. Gives all edges of K 3 n−3 except those x i y j where i = j and x y incident with boundary and black triangle (then no white triangle containing that edge), and edges of form x i x j where i = j . • Now suppose boundary is ( x 1 x 2 . . . xn−1) (where n − 1 is even) where x 1 x 2, x 3 x 4, ... are incident with only black triangles. Construct derived embedding from 3-voltage graph shown: contains cycles ( x i x i . . . x i ) to glue on to boundaries of S 0, S 1, S 2, 1 2 n −1 assuming 3 | n −1, hamilton cycle ( x 0 x 1 x 1 x 2 . . . x 0 ) in which to add extra vertex, 1 2 3 4 n −1 and all missing edges; Mark Ellingham: Construction Techniques for Graph Embeddings 25 This construction is important: by varying the way the K 3,3,3 embeddings are glued on, was first construction of large number ( c n 2 ) of nonisomorphic triangular embed- dings of given complete graphs Kn [BGGS00]. ‘Doubling’ and ‘tripling’ for hamilton cycle embeddings of complete graphs: Due to Ellingham and Stephens [ES09]/Ellingham and Schroeder [ES14b] Use hamilton cy- cle embedding of regular complete bipartite/tripartite graph (known) to glue together hamilton cycle embeddings of Kn to get hamilton cycle embedding of K 2 n−2 or K 3 n−3. a0 b0 c0 For ‘tripling’, glue together: a (a) three hamilton cycle embeddings of K 1 b1 c1 n , each with one vertex deleted, and (b) one hamilton cycle embedding of Kn−1, n−1, n−1 with at least one abc -pattern face (which we remove). Result is hamilton cycle embedding of K 3 n−3. Rotation around b 1 shown to see how it works. Exercise: Use adding a crosscap around a vertex to transform the embedding of K 4,4 on the torus, given in Section 4 above, into an embedding of K 4,5 on N 3. 1.7 Connections with design theory Designs can often be used to help construct embeddings. Often need some kind of extra condition to make sure we get proper rotations. Biembeddings of Steiner triple systems If we have a 2-face-colourable triangular embedding of Kn , then each colour class forms a partition of the edges of Kn into triangles. In other words, we have a set of triples chosen from n elements so that every pair occurs in exactly one triple: a Steiner triple system (STS). Altogether this is a biembedding of Steiner triple systems. Example: 2-face-colourable embedding of K 7 on torus, shown below, is a biembedding of the Fano plane (the unique up to isomorphism STS of order 7) with itself. 26 1.7 Connections with design theory In general if we just take two arbitrary Steiner triple systems then we do not get an em- bedding: we have a set of closed walks covering each edge twice, but may not have proper rotations. If we take two Steiner triple systems T 1 and T 2, not clear when T 1 can be biembedded with something isomorphic to T 2. At least one case known where this cannot be done if we insist that the embedding must be orientable. Biembeddings of Latin squares Definition: A latin square is an n × n array of n symbols so that every symbol occurs exactly once in each row and each column. Suppose we have a 2-face-colourable triangular embedding of a complete tripartite graph Kn, n, n with tripartition ( A, B, C ) where A = { a 1, a 2, . . . , a n }, etc. Take one colour class of faces, then we have a partition of the edges of Kn, n, n into triangles. If we interpret a triangle ( a i b j ck ) as telling us to put symbol k in row i , column j , then we get a latin square for each colour class. Altogether this is a biembedding of latin squares. If this exists, the surface is necessarily orientable. Again, if we take two arbitrary latin squares, it is not clear if we can biembed them. But there is one positive result with very useful consequences. Definition: A latin square L is consecutive-row-hamiltonian if for every two (cyclically) consecutive rows, the permutation we get by mapping symbols in the first row to the symbols in the same column in the second row is a cyclic (hamiltonian!) permuta- tion. Simple example: Zn , the addition table of n , is consecutive-row-hamiltonian. Theorem (Grannell and Griggs [GG08]): Any latin square that is consecutive-row-ha- miltonian has a biembedding with something isomorphic to itself (in fact, to itself with all rows shifted up one position). This was used as part of first construction of n an 2 nonisomorphic triangulations of Kn for certain n . Overall construction used ideas related to earlier result giving c n 2 such triangulations (mentioned in section on surgery). Latin squares and hamilton cycle embeddings of complete tripartite graphs Can also use latin squares to get other embeddings of complete tripartite graphs: ones where all facial walks are hamilton cycles. Need two conditions. First, latin square must be consecutive-entry-hamiltonian (similar to consecutive-row-hamiltonian, and in fact could use that instead). Second, latin square L must have an orthogonal mate: another latin square L such that for every symbol s of L and every symbol s of L there is some row and column that contains s in L and s in L . Theorem (Ellingham and Schroeder): An n × n latin square that is consecutive-entry- hamiltonian and has an orthogonal mate can be used to construct a 2-face-colourable Mark Ellingham: Construction Techniques for Graph Embeddings 27 hamilton cycle embedding of Kn, n, n . Every face has an ab c -pattern (useful for tripling construction mentioned in section on surgery). If n ≥ 3 is not twice a prime then such a latin square exists. For n odd can again use Zn , addition table of n . Much trickier for even n. 1.8 Bouchet’s covering triangulations Idea: Lift triangulation of G to triangulation of G [ Km ] = G( m), graph where we replace each x ∈ V ( G ) by m independent vertices ( x , i ), i ∈ m , and ( x , i )( y , j ) ∈ E ( G( m) ⇔ x y ∈ E ( G ), i.e. each edge is replaced by a copy of Km, m . Original paper is [Bo78b]. Definition: Suppose G is eulerian (every vertex has even degree) and Ψ is a triangulation of G . Let T = T (Ψ) be the set of triangles of Ψ. An m -valuation is a map φ : T → m . An m -valuation is generative if the alternating sum around every vertex is a generator of m . Formalization: Make a bit more precise: a corner of the embedding is represented by a (vertex, triangle) pair ( x , t ). Assign a sign ( x , t ) ∈ {−1, 1} to each corner so that the signs alternate around every vertex. Define φ( x) = ( x, t ) φ( t ) x ∈ t for each vertex x . Then we want every φ( x ) to be a generator of m . 28 1.8 Bouchet’s covering triangulations Theorem: If φ is a generative m -valuation then we have a triangulation of G( m) whose triangles are given by {( ( x , i )( y , j )( z , k ) ) | ( x y z ) ∈ T, i + j + k = φ( t )}. This has the same orientability as the original triangulation. • Clear that we get two triangles containing every ( x , i )( y , j ), corresponding to the two original triangles ( w x y ) and ( x y z ): values of i and j force values of h and k for third vertices ( w, h) and ( z , k ). • So just need to verify proper rotations. When we follow triangles around a vertex ( x , i ) from edge ( x , i )( y , j ) will end up at edge ( x , i )( y , j ± φ( x )) after going around x once: since φ( x ) generates m , we end up with all neighbours of ( x , i ) after doing this m times. Finding a generative m -valuation Restate question in more formal algebraic way. • Consider m V = formal m -linear combinations of vertices in G , m -module. • For each triangle t define t = ( x, t ) x φ( t ) t . φ is x ∈ t ∈ m V . Define φ = t ∈ T generative m -valuation if coefficient of φ for vertex x is a generator of m for all x : in that case say that φ is generative element of m V . This coefficient is just what we called φ( x ) before: formal m -linear combinations are equivalent to m -valued functions. • Define submodule T generated by { t | t ∈ T }. Want to know if any generative element in T . • Depends on structure of diagonal graph D = D(Ψ): V ( D) = V ( G ), join w and z if they are in adjacent triangles ( w x y ) and ( x y z ). ◦ If w z ∈ E ( D) then one of w + z , w − z is in T : call it α( w, z ). ◦ If u and v are in the same component of D then one of u + v , u − v is in T : again call it α( u , v ). (Use induction on previous statement.) ◦ So if could partition each component of D into pairs of vertices ( ui , vi ), add up all α( ui , vi ) and all coefficients ±1, so have a generative element. Mark Ellingham: Construction Techniques for Graph Embeddings 29 • What do components of D look like? For a given triangle t and x ∈ T , for any other triangle t there is x ∈ t such that x and x are in the same component of D. So D has at most three components, and each component contains a fixed number of vertices of each triangle. For example, in the octahedron (as shown) there are three components of D with even vertex sets { p, q}, { w, y }, { x , z }. Take ( t 1 + t 5) + ( t 1 + t 4) + ( t 1 + t 2) = 3 t 1 + t 2 + t 4 + t 5 = ±( p ± q) ± ( w ± y ) ± ( x ± z ) which is generative for any m (even or odd). Theorem: Suppose m is odd and Ψ is a triangulation of eulerian G . Then Ψ has a gener- ative m -valuation and hence a triangular embedding of G( m) of the same orientability as Ψ. Proof: • Fix a triangle t = ( x y z ). Choose values so ( x , t ) = ( y . t ) = ( z , t ) = 1. • Partition each component of D into pairs of vertices, as follows: - if there is a leftover vertex make sure it is a vertex of t ; - if a vertex of t is in one of the pairs ( ui , vi ), make sure it is ui (so its coefficient is definitely 1, not −1). If all components of D are even, just add up all α( ui , vi ) as mentioned above: all coefficients are ±1. • If some component of D is odd then adding up all α( ui , vi ) will leave out some ele- ment(s) of t . So add up all α( ui , vi ) and add t = x + y + z . Now all coefficients ±1 except possibly coefficients of 2 for x , y or z : since m is odd, still generative. 30 1.8 Bouchet’s covering triangulations Example: In K 2 + C 6 as shown, D has three components with vertex sets { p, q}, { u , w, y } and { v, x , z }. Assuming all values of t 1 are +1, we take t 1 + α( q, p )+ α( u , w )+ α( v, x ) which has coefficient 2 for q and coefficient ±1 for everything else. Note: As mentioned earlier, if all components of D are even order then works for any m ; Bouchet gives other conditions that will guarantee this. Folded coverings If we want to extend Theorem above to even m , will be enough to do it for m = 2, then can use induction for powers of 2 and combine with result for odd m . But it can be shown that it is not always possible to get a generative 2-valuation. Instead, need to use folded coverings [Bo82]. Original coverings have property that two triangles containing given edge ( x , i )( y , j ) correspond to the two distinct triangles containing x y in G . But for folded covering, may have fold on edge ( x , i )( y , j ): both triangles containing this edge correspond to same original triangle ( x y z ). Theorem: Suppose Ψ is a triangulation of eulerian G . Then there is a triangular embed- ding of G 2) of the same orientability as Ψ, obtained by a folded covering. Proof: Assign ( x , t ) values as previously (±1 values at corners, alternating around each vertex). • For each x ∈ V ( G ) let ( x , −1) and ( x , 1) be corresponding vertices in G(2). • Given a triangle t = ( x y z ) in Ψ with a = ( x , t ), b = ( y , t ), c = ( z , t ), replace by four triangles (( x, a)( y, b)( z , c)) (primary triangle), (( x,− a)( y, b)( z , c)), (( x, a)( y,− b)( z , c)), (( x, a)( y, b)( z ,− c)) (three secondary triangles). Note that each edge ( x , a )( y , b ), ( x , a )( z , c ), ( y , b )( z , c ) appears in two triangles com-ing from ( x y z ) so each of these edges is a fold. • Each edge occurs in two triangles: suppose we also have original triangle t = ( w x y ). Then ( x , a )( y , b ) occurs in two triangles from t = ( x y z ); ( x , − a )( y , − b ) occurs in two triangles from t = ( w x y ) (also a fold) because ( x , t ) = − ( x , t ) = − a and ( y , t ) = − ( y , t ) = − b ; ( x , a )( y , − b ) and ( x , − a )( y , b ) each appear in one triangle from t = ( x y z ) and one triangle from t = ( w x y ) (so not folds). • Can follow triangles around each vertex ( x , ±1): close up because original degree of x was even, so have proper rotation. Mark Ellingham: Construction Techniques for Graph Embeddings 31 • Map local orientation of triangles in Ψ to new triangulation: use same orientation for primary triangles, reverse for secondary triangles. Consistent if and only if original orientation consistent. Other important results by Bouchet and coauthors Theorem: If Ψ is a triangulation of an eulerian complete multipartite graph then G( m) has a triangulation of the same orientability as Ψ, obtained using a generative m -valuation, for all m ≥ 2. Proof shows that we can avoid odd order components of diagonal graph when m is even. Theorem: If p is an odd prime and Ψ is a triangulation of a graph G such that Ψ∗ (the dual of Ψ) has a nowhere zero p -flow then there is a triangular embedding of G( p) of the same orientability as Ψ. Note: Since all 2-connected graphs have nowhere zero 6-flows (Seymour), can always do this for p ≥ 7. If 5-flow conjecture is true, would always work for p = 5, too. In special cases can work for p = 3 or 5 (e.g., see below). Theorem: If Ψ is a triangulation of a 4-colourable graph G ∼ = K 4, then we get a triangular embedding of G( m) of the same orientability as Ψ for m = 3 and hence (by repetition, and using the fact that a 4-face-colourable graph has a nowhere zero 4-flow) for all odd m . Non-triangular embeddings Bouchet’s constructions are for triangulations. But can use, perhaps in modified form, if convert other embeddings into triangulations by adding extra edges or vertices. A couple of examples: 1. Lifting embeddings where all faces have even lengths, paper by Bouchet. First add a new vertex inside each face so we have an Eulerian triangulation. Now find an m - valuation φ so that values/coefficients of φ are generators of m for original vertices, but are 0 for new vertices. 2. In some cases it makes sense to just directly apply Bouchet’s results after convert- ing to a triangulation. For example, Ellingham and Schroeder [ES12] used Bouchet’s results to help construct hamilton cycle embeddings of regular complete tripartite graphs: hamilton cycle embedding of Kt , t , t → triangulation of K 2 t , t , t , t (add vertex in each face) and apply Bouchet lifting to get triangulation of K 2 mt , mt , mt , mt 32 1.9 References → hamilton cycle embedding of Kmt , mt , mt (delete first vertex class). 1.9 References [Ar92] Dan Archdeacon, The medial graph and voltage-current duality, Discrete Math. 104 (1992) 111-141. [BGGS00] C. P. Bonnington M. J. Grannell, T. S. Griggs and J. Širáň, Exponential families of non-isomorphic triangulations of complete graphs, J. Combin. Theory Ser. B 78 (2000) 169-184. [BL] C.Paul Bonnington and Charles H.C. Little, The Foundations of Topological Graph Theory, Springer, 1995. [Bo78a] A. Bouchet, Orientable and nonorientable genus of the complete bipartite graph, J. Combin. Theory Ser. B 24 (1978) 24-33. [Bo78b] A. Bouchet, Triangular imbeddings into surfaces of a join of equicardinal inde- pendent sets following an Eulerian graph. Theory and applications of graphs (Proc. Internat. Conf., Western Mich. Univ., Kalamazoo, Mich., 1976), pp. 86-115, Lecture Notes in Math., 642, Springer, Berlin, 1978. [Bo82] A. Bouchet, Constructions of covering triangulations with folds. J. Graph Theory 6 (1982) 57–74. [ES12] M. N. Ellingham and Justin Z. Schroeder, Nonorientable hamilton cycle embed- dings of complete tripartite graphs, Discrete Math. 312 (2012) 1911-1917. [ES14a] M. N. Ellingham and Justin Z. Schroeder, Orientable hamilton cycle embeddings of complete tripartite graphs I: latin square constructions, J. Combin. Designs 22 (2014) 71-94. [ES14b] M. N. Ellingham and Justin Z. Schroeder, Orientable hamilton cycle embed- dings of complete tripartite graphs II: voltage graph constructions and applications, J. Graph Theory, to appear (available online). [ES09] M. N. Ellingham and D. Christopher Stephens, The orientable genus of some joins of complete graphs with large edgeless graphs, Discrete Math. 309 (2009) 1190-1198. [ESZ06] M. N. Ellingham, Chris Stephens and Xiaoya Zha, The nonorientable genus of complete tripartite graphs, J. Combin. Theory Ser. B 96 (2006) 529-559. [GG08] M. J. Grannell and T. S. Griggs A lower bound for the number of triangular em- beddings of some complete graphs and complete regular J. Combin. Theory Ser. B 98 (2008) 637-650. [GGS98] M. J. Grannell, T. S. Griggs and J. Širáň, Face 2-colourable triangular embeddings of complete graphs, J. Combin. Theory Ser. B 74 (1998) 8-19. [GT] J. L. Gross and T. W. Tucker, Topological Graph Theory (reprint edition), Dover, Mi- neola, NY, 2001. [KSZ04] Ken-ichi Kawarabayashi, Chris Stephens and Xiaoya Zha, Orientable and nonori- entable genera of some complete tripartite graphs, SIAM J. Discrete Math. 18 (2004) 479-487. Mark Ellingham: Construction Techniques for Graph Embeddings 33 [MMP86] Z. Magajna, B. Mohar, and T. Pisanski, Minimal ordered triangulations of sur- faces, J. Graph Theory 10 (1986) 451-460. [MPP85] B. Mohar, T. D. Parsons, and T. Pisanski, The genus of nearly complete bipartite graphs, Ars Combin. 20 (1985) 173-183. [MT] Bojan Mohar and Carsten Thomassen, Graphs on Surfaces, Johns Hopkins Univer- sity Press, Baltimore, 2001. [Ri] G. Ringel, Map Color Theorem, Springer, Berlin, 1974. Chapter 2 Combinatorial Designs Mariusz Meszka AGH University of Science and Technology, Poland SUMMARY The roots of combinatorial design theory, date from the 18th and 19th centuries, may be found in statistical theory of experiments, geometry and recreational mathematics. De- sign theory rapidly developed in the second half of the twentieth century to an indepen- dent branch of combinatorics. It has deep interactions with graph theory, algebra, geom- etry and number theory, together with a wide range of applications in many other disci- plines. Most of the problems are simple enough to explain even to non-mathematicians, yet the solutions usually involve innovative techniques as well as advanced tools and methods of other areas of mathematics. The most fundamental problems still remain unsolved. 35 Mariusz Meszka: Combinatorial Designs 37 2.1 Balanced incomplete block designs A design (or combinatorial design, or block design) is a pair ( V, ) such that V is a finite set and is a collection of nonempty subsets of V . Elements in V are called points while subsets in are called blocks. One of the most important classes of designs are balanced incomplete block designs. Definition 1. A balanced incomplete block design (BIBD) is a pair ( V, ) where | V | = v and is a collection of b blocks, each of cardinality k , such that each element of V is contained in exactly r blocks and any 2-element subset of V is contained in exactly λ blocks. The numbers v , b , r , k an λ are parameters of the BIBD. Since r = λ( v−1) and b = λv( v−1) k −1 k ( k −1) must be integers, the following are obvious arith- metic necessary conditions for the existence of a BIBD( v, b, r, k , λ): (1) λ( v − 1) ≡ 0 (mod k − 1), (2) λv ( v − 1) ≡ 0 (mod k ( k − 1)). Parameter sets that satisfy (1) and (2) are called admissible. The five parameters: v , b , r , k , λ are not independent; three of them: v , k and λ uniquely determine the remaining two as r = λ( v−1) and b = vr . Hence we often write k −1 k ( v, k , λ) -design (or ( v, k , λ) − BIBD) to denote a BIBD( v, b, r, k , λ). Example 1. A (7, 3, 1) − BIBD (the "Fano plane"): V = {0, 1, . . . , 6}, = {{0,1,2}, {0,3,4}, {0,5,6}, {1,3,5}, {1,3,6}, {2,3,6}, {2,4,5}}. Example 2. A (11, 5, 2) − BIBD: V = {0, 1, . . . , 10}, = {{0,1,2,6,9}, {0,1,5,8,10}, {0,2,3,4,8}, {0,3,5,6,7}, {0,4,7,9,10},{1,2,3,7,10}, {1, 3, 4, 5, 9}, {1, 4, 6, 7, 8}, {2, 4, 5, 6, 10}, {2, 5, 7, 8, 9}, {3, 6, 8, 9, 10}}. The necessary conditions are also sufficient for the existence of a (v,k,1)-BIBD with small k : when k = 2, v ≥ 2, when k = 3, v ≡ 1, 3 (mod 6), when k = 4, v ≡ 1, 4 (mod 12), when k = 5, v ≡ 1, 5 (mod 20). For k = 6, a ( v, 6, 1) − BIBD exists if v ≡ 1, 6 (mod 15) and v = 16, 21, 36, 46; 51, 61, 81, 166, 226, 231, 256, 261, 286, 316, 321, 346, 351, 376, 406, 411, 436, 441, 471, 501, 561, 591, 616, 646, 651, 676, 771, 796, 801. In the case of the orders v = 16, 21, 36, 46 it is proven that a ( v, 6, 1)− BIBD does not exists, in the case of remaining 29 orders the existence problem is still unsettled. A convenient way to represent a BIBD, other than a list of its blocks, is an incidence matrix. The incidence matrix of a ( v, k , λ) − BIBD ( V, ), where V = { xi : 1 ≤ i ≤ v } and = { Bj : 1 ≤ j ≤ b}, is a v × b matrix A = ( ai j ), in which ai j = 1 when xi ∈ Bj and ai j = 0 otherwise. Lemma 1. If A is an incidence matrix of a ( v, k , λ)−BIBD , then AAT = ( r − λ) I + λJ , where I is a v × v identity matrix and J is a v × v all ones matrix. Theorem 2 (Fisher’s inequality). If a ( v, k , λ) − BIBD exists with 2 ≤ k < v , then b ≥ v . 38 2.1 Balanced incomplete block designs This result, for instance, guarantees that a (21, 6, 1) − BIBD cannot exist, since b = 14 < 21 = v , even though the above arithmetic necessary conditions are satisfied. A BIBD is called symmetric if v = b (and r = k ). The most fundamental necessary condition for the existence of symmetric designs is due to Bruck, Ryser and Chowla. Theorem 3 (Bruck-Ryser-Chowla). Let v , k and λ be integers satisfying λ( v −1) = k ( k −1) and for which there exists a symmetric ( v, k , λ) − BIBD . (1) If v is even, then n = k − λ is a square. (2) If v is odd, then the equation z 2 = nx 2 + (−1)( v−1) / 2 λy 2 has a solution in integers x, y , z not all zero. The dual of D is a design D∗ = ( , V ), where corresponds to a set of elements and V to a set of blocks, such that B ∈ is an element contained in v ∈ V if and only if v is contained in B in D. Thus, if M is an incidence matrix of D, then M T is an incidence matrix of D∗. Remark. The dual of a BIBD is a BIBD if and only if the BIBD is symmetric. Also, the parameters of a symmetric design and its dual are the same, yet they are not necessarily isomorphic. All necessary conditions specified above (taken together) are still not sufficient for the existence, for instance, of a symmetric (111, 111, 11, 11, 1) − BIBD. One can easily check the set of parameters satisfies all conditions (including Fisher’s inequality and Bruck-Ryser-Chowla theorem) but such design does not exist, what was proven by a de- tailed structural analysis together with an exhaustive computational search. The general existence question for BIBD’s remains crucial open problem for infinitely many sets of parameters. Definition 2. Two designs, ( V 1, 1) and ( V 2, 2), are isomorphic if there exists a bijection α : V 1 → V 2 such that for any B 1 ∈ 1 there exists B 2 ∈ 2, where B 2 = { α( xi ) : xi ∈ B 1}. An automorphism is an isomorphism from a design to itself. The set of all auto- morphisms of a design forms a group called the full automorphism group. An automor- phism group of a design is any subgroup of its full automorphism group. In particular, a ( v, k , λ) − BIBD is cyclic if it admits a cyclic group of order v as its automorphism group. Specifying an automorphism group allows sometimes to construct a design in much easier way. Then it is enough to select a set of base blocks which are representatives of each orbit of blocks under the prescribed automorphism group. All remaining blocks are obtained by action of the group on these base blocks. Let G be a group of order v . A k -element subset D of G is a ( v, k , λ)- difference set if every non-zero element of G has exactly λ representations as a difference d − d with elements from D. Theorem 4. A set D = { d 1, d 2, . . . , d k } of k residues modulo v is a ( v, k , λ) -difference set if and only if the sets Bi = { d 1 + i , d 2 + i , . . . , d k + i } mod v , i = 0, 1, . . . , v − 1 form blocks of a cyclic ( v, k , λ) − BIBD . Example 3. {0, 1, 3, 9} is a (13, 4, 1)-difference set in the group Z13. Thus {0, 1, 3, 9} is the base block of a cyclic (13, 4, 1) − BIBD. The concept of a difference set may be extended to a larger number of sets. Let G be a Mariusz Meszka: Combinatorial Designs 39 group of order v . A collection = { D 1, D 2,... Ds } of k -element subsets of G , where Di = { d i , d i , . . . d i 1 2 }, i = 1, 2, . . . s , forms a ( v, k , λ)- difference family if every non-zero element k p p of G occurs exactly λ times as a difference d . i − d j Theorem 5. If a set = { D 1, D 2,..., Ds } is a ( v, k , λ) -difference family over the cyclic group G , then Or bG ( D 1)∪ Or bG ( D 2)∪. . .∪ Or bG ( Ds ) is the collection of blocks of a cyclic ( v, k , λ)− BIBD . Example 4. {{0, 2, 10, 15, 19, 20}, {0, 3, 7, 9, 10, 16}} is a (21, 6, 3)-difference family in the group Z21. Let G be a group of order v − 1. A collection = { D 1, D 2,... Ds } of k -element subsets of G ∪{∞}, is a 1-rotational ( v, k , λ) -difference family if every non-zero element of G ∪{∞} p p occurs exactly λ times as a difference d . i − d j Theorem 6. If a set = { D 1, D 2,..., Ds } is a 1-rotational ( v, k , λ) -difference family over the group G , then Or bG ( D 1) ∪ Or bG ( D 2) ∪ . . . ∪ Or bG ( Ds ) is the collection of blocks of a ( v, k , λ) − BIBD admitting an automorphism group fixing one point and acting sharply transitively on the other points. Example 5. {{0, 1, 3}, {0, 1, 5}}, {0, 2, 5}}, {0, 4, ∞}} is a 1-rotational (12, 3, 2)-difference fam- ily. The concept of a difference family has been generalized by Bose to form a basis of a method that is called the method of pure and mixed differences. Let G be an additive abelian group and let T be a t -element set. Consider the set V = G × T . For any two elements ( x , i ) = ( y , j ) of V , the differences arising from this pair may be of two kinds: (1) if i = j then ±( x − y ) is a pure difference of class i (2) if i = j then ±( x − y ) is a mixed difference of class i j . A pure difference of any class may equal to any nonzero element of G while a mixed difference may equal to any element of G . Suppose that there exists a collection of k -element sets = { D 1, D 2,..., Ds } such that every nonzero element of G occurs exactly λ times as a pure difference of class i for each i ∈ T , and moreover every element of G occurs exactly λ times as a mixed difference of class i j for all i , j ∈ T , i = j . Then the sets in form a basis of a ( v, k , λ) − BIBD ( V, ), where = { Di + g : g ∈ G , i = 1,2,... s }. Example 6. Let G = Z5 and T = {1, 2}. = {{01,21,31,32}, {01,22,32,42}}, {01,11,02,22}} is a basis for a (10,4,2) − BIBD. Example 7. Let G = Z3 and T = {1, 2, 3}. = {{01,11,02}, {02,12,03}, {01,03,13}}, {01,12,23}} is a basis for a (9,3,1) − BIBD. The above construction may be extended by adding one fixed point. Example 8. Let V = (Z7 × {1, 2}) ∪ {∞}. = {{01,11,31}, {01,02,12}, {01,22,42}}, {01,32,62}, {01,42,∞}} is a basis for a (15,3,1) − BIBD. A complement of a design ( V, ) is a design ( V, ), where = { V \ B : B ∈ }. Thus a complement of a BIBD( v, b, r, k , λ) is a BIBD( v, b, b − r, v − k , b − 2 r + λ). A supplement of a BIBD( v, b, r, k , λ) is a BIBD obtained by taking all k -subsets which are not in as blocks; in this way we get a BIBD( v, v − b, v−1 − r, k , v−2 − λ). k k −1 k −2 40 2.2 Latin squares A design ( V , ) is a subdesign of ( V, ) if V ⊂ V and ⊂ . Given a design D = ( V, ), a block intersection graph G ( D) is a graph with the vertex set and the edge set {{ Bi , Bj } : Bi ∩ Bj = }. In particular, for a ( v, k , 1) − BIBD, G ( D) is strongly regular. Exercise 1. (1) Construct a (6, 3, 2) − BIBD. (2) Construct a (13, 4, 1) − BIBD. Exercise 2. Find an isomorphism for the Fano plane given in Example 1 and its dual. Exercise 3. Prove that Fano plane is unique up to automorphism. Determine the order of its full automorphism group. Exercise 4. Find a (41, 5, 1)-difference family in the group Z41. Exercise 5. Construct a cyclic (21, 3, 1) − BIBD. Exercise 6. Given a BIBD( v, b, r, k , 1), determine the parameters (i.e., order, size, degree, clique num- ber, the number of common neighbors for each pair of adjacent vertices and for each pair of nonadjacent vertices) of its block intersection graph. 2.2 Latin squares Definition 3. A latin square of order n (or side n ) is an n × n array in which each cell contains a single symbol from an n -element set S, such that each symbol occurs exactly once in each row and exactly once in each column. The nature of symbols in S is of no importance so usually we take S := {1, 2, . . . , n}. Definition 4. A quasigroup is an algebraic structure ( Q, ◦), where Q is a set and ◦ is a binary operation on Q such that the equations a ◦ x = b and y ◦ a = b have unique so- lutions for every pair of elements a , b in Q. If Q is finite, then | Q| = n is the order of the quasigroup. A latin square can be viewed as a multiplication table of a quasigroup with the head- line and sideline removed. Thus latin squares and quasigroups are equivalent combina- torial objects and we may use these two terms interchangeably. Example 9. Latin square of order 4 and its corresponding quasigroup of order 4. ◦ 1 2 3 4 1 2 4 3 1 1 2 4 3 3 4 2 1 2 3 4 2 1 4 1 3 2 3 4 1 3 2 2 3 1 4 4 2 3 1 4 Mariusz Meszka: Combinatorial Designs 41 A latin square L of side n is commutative (or symmetric) if L( i , j ) = L( j , i ) for all 1 ≤ i , j ≤ n. L is idempotent if L( i , i ) = i for all 1 ≤ i ≤ n. A latin square L of even order n = 2 k is half-idempotent if L ( i , i ) = i and L ( k + i , k + i ) = i for all 1 ≤ i ≤ k . The existence of a latin square of order n is equivalent to the existence of a one- factorization of the complete bipartite graph Kn, n . Moreover, the existence of a com- mutative idempotent latin square of order n is equivalent to the existence of a one- factorization of the complete graph Kn . A latin square is in standard form (or normalized) if both its first column and first row contain consecutive symbols in an increasing order. Two latin squares, L and L , of order n are isotopic (or equivalent) if there are three bijections from the rows, columns and symbols of L to the rows, columns and symbols, respectively, of L , that map L to L . Latin squares L and L are isomorphic if there exists a bijection ϕ : S → S such that ϕ( L( i , j )) = L ( ϕ( i ), ϕ( j )) for every i , j ∈ S, where S is not only the set of symbols of each square but also the indexing set for the rows and columns of each square. Latin squares are completely enumerated for small orders. n number of non-isomorphic latin squares number of distinct latin squares 2 1 1 3 1 2 4 2 24 5 2 1, 334 6 17 1, 128, 960 7 324 12, 198, 297, 600 8 842, 227 2, 697, 818, 265, 354, 240 9 15, 224, 734, 061, 278, 915, 461, 120 10 2, 750, 892, 211, 809, 148, 994, 633, 229, 926, 400 11 19, 464, 657, 391, 668, 924, 966, 616, 671, 344, 752, 852, 992, 000 Two latin squares, L and L , of order n are orthogonal if the n 2 ordered pairs ( L( i , j ), L ( i , j )) are all distinct. A set of latin squares L 1, L 2, . . . , Lm is mutually orthogonal (or a set of MOLS( n)) if for every 1 ≤ i < j ≤ m , Li and L j are orthogonal. Example 10. A set of three MOLS(4): 1 2 3 4 1 2 3 4 1 2 3 4 4 3 2 1 3 4 1 2 2 1 4 3 2 1 4 3 4 3 2 1 3 4 1 2 3 4 1 2 2 1 4 3 4 3 2 1 In any latin square belonging to some set of MOLS( n), relabeling symbols does not affect to the orthogonality. Theorem 7. A pair of orthogonal latin squares of order n exists for all n other than 2 and 6 (for which no such pair exists). 42 2.2 Latin squares Construction of a pair of orthogonal latin squares of odd order n . Let S = n . Then L 1( i , j ) = ( i + j ) mod n and L 2( i , j ) = ( i − j ) mod n. Let N ( n) denote the largest number of latin squares in a set of MOLS( n). Remark. For every n , 1 ≤ N ( n) ≤ n − 1 . Theorem 8. If q = p k is a prime power, then N ( q) = q − 1 . Construction of a set of n-1 MOLS of order q = p k , where p is a prime. Let q be a finite field of order q . Let α 0, α 1, . . . , αq−1 be elements of q , where α 0 is a zero element. For each nonzero element αr ( r = 0) in q , define a latin square Lr ( i , j ) = αr × αi + αj . Determining the value of N ( n) remains one of the most foremost problems in com- binatorics. For instance, it is known that N (3) ≥ 3 for all n = 2, 3, 6 and possibly 10. Definition 5. A partial latin square of order n is an n × n array in which some cells are empty and some are filled with elements of S, such that each element of S appears in every row and every column at most once. Theorem 9. Any partial latin square of order n which has at most n − 1 cells occupied can be completed to a latin square. Deciding whether a partial latin square can be completed is an NP-complete prob- lem, even if there are no more than 3 unfilled cells in any row or column. Definition 6. A latin rectangle of size m × n ( m ≤ n) is an m × n array with entries from a set S of cardinality n such that every row is a permutation of S and every column contains no repetition. Theorem 10. If L is an m × n latin rectangle, then one can append n − m further rows to L so that the resulting array in a latin square. Definition 7. Let a , b and n be positive integers with a × b = n. Let an n × n array be partitioned into disjoint a × b regions. An ( a , b )- Sudoku latin square is a latin square on the set {1, 2, . . . , n} where each region contains all of the symbols. An ( a , b )- Sudoku criti- cal set of size k is a partial latin square P with k nonempty cells that may be completed in exactly one way to an ( a , b )-Sudoku latin square, but removal of any of the filled cells from P destroys the uniqueness of a completion. Example 11. A (3, 3)-Sudoku critical set of size 17: 1 4 2 5 4 7 8 3 1 9 3 4 2 5 1 8 6 Mariusz Meszka: Combinatorial Designs 43 (3,3)-Sudoku critical sets are known for all sizes from 17 to 35. For instance, the exis- tence of a (3,3)-Sudoku critical set is still unsettled for the size 16. The number of distinct ( n, n)-Sudoku latin squares for n = 1, 2 and 3 is 1, 288 and 6,670,903,752,021,072,936,960, respectively. The number of inequivalent ( n, n)-Sudoku latin squares for n = 1, 2 and 3 is 1, 2 and 5, 472, 730, 538, respectively. Exercise 7. (1) Find an idempotent commutative latin square of order 5. (2) Find a half-idempotent commutative latin square of order 6. Exercise 8. Construct a set of two MOLS(3). Exercise 9. Complete a Sudoku critical set from the Example 11. 2.3 Pairwise balanced designs and group divisible designs Relaxing some of conditions in the definition of BIBD leads to other classes of designs. One of them concerns the case when all blocks do not have to have the same size. Definition 8. Let λ be a positive integer and K be a set of positive integers. A pairwise balanced design, PBD( v, K , λ), of order v with block sizes from K is a pair ( V, ) where V is a set of cardinality v and is a collection of subsets of V called blocks such that each block B ∈ has size | B| ∈ K and every pair of distinct elements of V occurs in exactly λ blocks. Example 12. A PBD(6, {3, 4}, 3): V = {1, 2, 3, 4, 5, 6}, = {{1,2,3,4},{1,3,4,5},{1,4,5,6},{2,3,4,6},{2,4,5,6},{1,2,5},{1,2,6},{1,3,6}, {2, 3, 5}, {3, 5, 6}}. If a PBD( v, K , λ) has b ki i blocks of size k i for each k i ∈ K , then λ v = b . 2 i i 2 For a set of positive integers K , let α( K ) = gcd{ k −1 : k ∈ K } and β ( K ) = gcd{ k ( k −1) : k ∈ K }. Then the necessary conditions for the existence of a PBD( v, K , λ) are: (1) λ( v − 1) ≡ 0 (mod α( K )), and (2) λv ( v − 1) ≡ 0 (mod β ( K )). Remark. Let K = { v } . If there exists a PBD( v, K , 1) , then v ≥ l ( s − 1) + 1 , where l and s are the largest and the smallest sizes, respectively, of blocks in a PBD . Definition 9. Let K and G be sets of positive integers and λ be a positive integer. A group divisible design of order v and index λ, GDD( v, K , G , λ), is a triple ( V, , ) where V is a finite set of cardinality v , is a partition of V into groups whose sizes belong to G , and is a collection of subsets of V called blocks such that each B ∈ has | B| ∈ K and every pair of distinct elements of V is contained in exactly λ blocks or in one group, but not both. Moreover, | | ≥ 2. s Given a GDD( v, K , G , λ) with a i groups of size g i , i = 1, 2, . . . , s (so that a i =1 i g i = v ), we use exponential notation g a 1 g a 2 . . . g as 1 2 s for the group type. If K = { k } and λ = 1, then we write k − GDD. 44 2.3 Pairwise balanced designs and group divisible designs Example 13. A GDD(10, {3, 4}, {1, 3}, 1) of type 1133: V = {1, 2, . . . , 10}, = {{1,2,3},{4,5,6},{7,8,9},{10}}, = {{1,4,7,10},{2,5,8,10},{3,6,9,10},{1,5,9},{2,6,7},{3,4,8},{1,6,8},{2,4,9}, {3, 5, 7}}. A GDD is uniform if K = { k } and all its groups have the same size m , that is, if it is of type m u for some positive integer u . The necessary conditions for the existence of a uniform GDD( v, k , m , λ) of type m u are: (1) u ≥ k , (2) λ( u − 1) m ≡ 0 (mod k − 1), (3) λu ( u − 1) m 2 ≡ 0 (mod k ( k − 1)). Definition 10. A transversal design, TD( k , m ), is a uniform k − GDD of type m k . In other words, a GDD is a transversal design if and only if each block meets every group in exactly one point. Theorem 11. A transversal design TD( k , m ) exists if and only if there exists a set of k − 2 MOLS( m ) . A GDD( v, K , G , 1) may be viewed as a PBD( v, K ∪ G , 1) by considering all groups of the GDD to be blocks of the PBD, together with blocks of the GDD. Lemma 12. If there exists a group divisible design ( V, , ) with λ = 1 , then there exists a pairwise balanced design ( V, ) , where = ∪ { G ∈ : | G | ≥ 2} . Moreover, a GDD( v, K , G , 1) can be used to built a PBD( v + 1, K ∪ { g + 1 : g ∈ G }, 1) by adjoining a new point to each group to form new blocks. Conversely, a GDD may be obtained from a PBD by deleting a point. Lemma 13. Suppose there exists a group divisible design ( V, , ) , λ = 1 and ∞ ∈ V . Define W = V ∪ {∞} and = ∪ { G ∪ {∞} : G ∈ } . Then ( W, ) is a pairwise balanced design. Certain transversal designs may be obtained using some recursive constructions. TD(4, m ) → TD(4, 3 m ) construction. Let ( V, , ) be a TD(4, m) and let W = {1,2,3}. Let V = V × W and define a collection of groups and a collection of blocks as follows: (1) = { G × W : G ∈ } (2) for each B ∈ , let ( B × W, {{ a } × W : a ∈ B}, W ( B)} be a TD(4, 3) and place the 9 blocks belonging to W ( B) in . Then ( V , , ) is a TD(4,3 m). TD(4, m ) with a parallel class → TD(4, 3 m + 1) construction. Let ( V, , ) be a TD(4, m) and let Π be a parallel class of blocks. Let W = {1,2,3} and set V 1 = {∞1, ∞2, ∞3, ∞4}. Let V = V × W ∪ V 1. Define a collection of groups and a collection of blocks as follows: (1) = {( Gi × W ) ∪ {∞ i } : Gi ∈ } (2) for each block B ∈ Π, let (( B × W )∪ V 1, {({ a } × W )∪{∞ i } : a ∈ B ∩ Gi , i ∈ W }, W ( B)} be a TD(4, 4) with a requirement that {∞1, ∞2, ∞3, ∞4} is a block; place 15 blocks of W ( B) \ {∞1, ∞2, ∞3, ∞4} in Mariusz Meszka: Combinatorial Designs 45 (3) for each B ∈ \ Π, let ( B × W, {{ a } × W : a ∈ B}, W ( B)} be a TD(4, 3) and place the 9 blocks belonging to W ( B) in (4) place {∞1, ∞2, ∞3, ∞4} in . Then ( V , , ) is a TD(4,3 m + 1). Exercise 10. (1) Construct a PBD(10, {3, 4}, 1). (2) Construct a PBD(12, {3, 4}, 1). (3) Construct a PBD(11, {3, 5}, 1). Exercise 11. Show that a PBD(8, {3, 4}, 1) does not exist. Exercise 12. (1) Construct a 3 − GDD of type 35. (2) Construct a 4 − GDD of type 34. Exercise 13. Construct a TD(4, 13). 2.4 Steiner triple systems The first class of intensively studied designs were BIBD’s with block size 3 and λ = 1. Definition 11. A Steiner triple system, STS( v ), of order v is a ( v, 3, 1) − BIBD. Blocks of an STS( v ) are often called triples. The arithmetic necessary conditions for the existence of an STS( v ) reduce to v ≡ 1, 3 (mod 6). This is also a sufficient condition, what was proven in 1847 by Kirkman. One of the simplest known direct constructions is due to Bose and Skolem. Bose construction (for STS( v ) when v ≡ 3 (mod 6)). Let v = 6 k + 3 and let ( Q, ◦) be an idempotent commutative quasigroup of order 2 k + 1, where Q = {0, 1, . . . , 2 k }. Let V = Q × {1, 2, 3}, and define to contain the following two types of triples: (1) for 0 ≤ i ≤ 2 k , {( i , 1), ( i , 2), ( i , 3)} ∈ , (2) for 0 ≤ i < j ≤ 2 k , {( i , 1), ( j , 1), ( i ◦ j , 2)} ∈ , {( i , 2), ( j , 2), ( i ◦ j , 3)} ∈ , {( i , 3), ( j , 3), ( i ◦ j , 1)} ∈ . Skolem construction (for STS( v ) when v ≡ 1 (mod 6)). Let v = 6 k + 1 and let ( Q, ◦) be a half-idempotent commutative quasigroup of order 2 k , where Q = {0, 1, . . . , 2 k − 1}. Let V = ( Q × {1, 2, 3}) ∪ {∞}, and define as follows: (1) for 0 ≤ i ≤ k − 1, {( i , 1), ( i , 2), ( i , 3)} ∈ , (2) for 0 ≤ i ≤ k − 1, {∞, ( k + i , 1), ( i , 2)} ∈ , {∞, ( k + i , 2), ( i , 3)} ∈ , {∞, ( k + i , 3), ( i , 1)} ∈ , (3) for 0 ≤ i < j ≤ 2 k − 1, {( i , 1), ( j , 1), ( i ◦ j , 2)} ∈ , {( i , 2), ( j , 2), ( i ◦ j , 3)} ∈ , {( i , 3), ( j , 3), ( i ◦ j , 1)} ∈ . An STS( v ) is cyclic if it admits an automorphism which is a single cycle of length v . Then all triples may be represented by base triples, one for each orbit of triples under a cyclic automorphism. The existence of cyclic Steiner triple systems may be proven by 46 2.4 Steiner triple systems solving two problems posed by Heffter in 1896. An ordered 3-element subset { a , b, c } of the set {1, 2, . . . , ( v − 1) / 2} is called a difference triple if either a + b = c or a + b + c = v . Heffter’s difference problems. (1) Let v = 6 k + 1. Is it possible to partition the set {1, 2, . . . , 3 k } into k difference triples? (2) Let v = 6 k + 3. Is it possible to partition the set {1, 2, . . . , 3 k + 1} \ {2 k + 1} into k difference triples? In 1939, Peltesohn solved both Heffter’s difference problems in the affirmative except for v = 9 (for which no solution exists). Example 14. A solution to the second Heffer’s difference problem for v = 27 is: {{1, 2, 3}, {4, 10, 13}, {5, 6, 11}, {7, 8, 12}}. The base blocks corresponding to the difference triples are: {0, 1, 3}, {0, 4, 14},{0, 5, 11},{0, 7, 15}. Given a solution to the first Heffter’s difference problem, i.e. the collection of k or- dered triples, each triple { a , b, c } forms the base triple {0, a i , a i + bi } of a cyclic STS(6 k + 1). Similarly, given a solution to the second Heffter’s difference problem, each triple { a , b, c } forms the base triple {0, a i , a i + bi } of a cyclic STS(6 k + 3); one more base triple (for short orbit) is {0, 2 k + 1, 4 k + 2}. Solutions to both Heffter’s difference problems may be reduced to finding certain integer sequences. A Skolem sequence of order n is a sequence S = ( s 1, s 2, . . . , s 2 n ) of 2 n integers satisfying: (1) for every k ∈ {1, 2, . . . , n} there exist exactly two elements si , s j ∈ S such that si = s j = k , (2) if si = s j = k with i < j , then j − i = k . Example 15. A Skolem sequence of order 5: S = (2, 4, 2, 3, 5, 4, 3, 1, 1, 5). A Skolem sequence of order n exists if and only if n ≡ 0, 1 (mod 4). Given a Skolem sequence S of order n , the collection of triples {{ k , n + i , n + j } : si = s j = k , k = 1, 2, . . . , n} is a solution to the first Heffter’s problem. When n ≡ 2, 3 (mod 4) we use an extension of a Skolem sequence. A hooked Skolem sequence of order n is a sequence HS = ( s 1, s 2, . . . , s 2 n+1) of 2 n + 1 integers satisfying: (1) for every k ∈ {1, 2, . . . , n} there exist exactly two elements si , s j ∈ S such that si = s j = k , (2) if si = s j = k with i < j , then j − i = k , (3) s 2 n = 0. Example 16. A hooked Skolem sequence of order 6: S = (6, 3, 5, 2, 3, 2, 6, 5, 4, 1, 1, 0, 4). A hooked Skolem sequence of order n exists if and only if n ≡ 2, 3 (mod 4). Given a hooked Skolem sequence S of order n , the collection of triples {{ k , n + i , n + j } : si = s j = k , k = 1, 2, . . . , n} is a solution to the first Heffter’s problem. Extensions of Skolem and hooked Skolem sequences, called split and split hooked Skolem sequences, with zero on the position n + 1 and two zeros on the positions n + 1, 2 n + 1, respectively, can be used is similar way in order to obtain solutions to the second Mariusz Meszka: Combinatorial Designs 47 Heffter’s difference problem. The number of pairwise nonisomorphic Steiner triple systems increases rapidly with v . While STS(7) and STS(9) are unique (up to isomorphism), there are two STS(13)’s, 80 STS(15)’s and 11, 084, 874, 829 STS(19)’s. The existence of Steiner triple systems for each admissible order v ≡ 1, 3 (mod 6) may be also proven by applying two recursive constructions. v → 2 v + 1 construction. Let ( V, ) be an STS( v ) and let ( X, ) be a one-factorization of the complete graph of order v + 1 on the set of vertices X . Let = {{ vi , x, y } : vi ∈ V, { x, y } ∈ Fi ∈ }. Then ( V ∪ X, ∪ ) is an STS(2 v + 1) with a subsystem STS( v ). The second construction uses the existence of one-factorizations in some circulant graphs, determined by Stern-Lenz Lemma. Lemma 14. A circulant graph C ( n; d 1, d 2, . . . , d s ) has a 1-factorization if and only if n / gcd( d i , n) is even for at least one generator d i . v → 2 v + 7 construction. Let ( V, ) be an STS( v ). Let ( X, ) be a collection of edge-disjoint one-factors in the complete graph Kv+7 on the set X , and moreover let T be a set of v + 7 triples, which to- gether with one-factors in form a partition of the edge set of Kv+7. Let = {{ vi , x, y } : vi ∈ V, { x , y } ∈ Fi ∈ }. Then ( V ∪ X , ∪ ∪ T ) is an STS(2 v +7) with a subsystem STS( v ). Another well studied class of Steiner triple systems are projective triple systems. Let Wm be an ( m + 1)-dimensional vector space over F2. Let ⊕ be the operation of vector addition in Wm . Any two nonzero ( m + 1)-vectors x and y determine uniquely a third vector x ⊕ y in Wm , where addition is performed modulo 2 componentwise. Let every nonzero vector in Wm+1 be represented by a point in a set V of cardinality 2 m+1 − 1. Every two distinct points, corresponding to x and y, define a unique triple formed by {x, y, x⊕y}. The STS(2 m+1 −1) produced in this way is called a projective triple system and it is often denoted by PG( m , 2) (just consider the triples as lines in the projective space over GF(2)). To simplify notation, let every point in V be labeled by an integer whose binary representation is determined by the coordinates of its corresponding vector. Thus V (PG( m , 2)) = {1, 2, . . . , 2 m+1 − 1}. A partial triple system PTS( v ) is a pair ( V, ), where | V | = v and is a collection of 3-element subsets of V such that each unordered pair of elements of V occurs in at most one triple of . Let ( V, ) be a PTS( v ) and ( W, ) be an STS( w ) for which V ⊆ W and ⊆ . Then ( W, ) is an embedding of ( V, ). Theorem 15. Any partial triple system PTS( v ) can be embedded in an STS( w ) if w = 1, 3 (mod 6) and w ≥ 2 v + 1 . Theorem 16. Let v, w ≡ 1, 3 (mod 6) and v ≥ 2 w + 1 . Then there exists an STS( v ) contain- ing an STS( w ) as a subsystem. Exercise 14. Apply Skolem construction to get an STS(13). Exercise 15. Show that a cyclic STS(9) does not exist. 48 2.5 Resolvable designs Exercise 16. Find a solution to the Heffer’s difference problems when: (1) v=19 (2) v=21. Exercise 17. Construct an embedding of an STS(7) into an STS(27). 2.5 Resolvable designs A parallel class in a design ( V, ) is a set of blocks that partition the set V . A partial parallel class is a set of blocks that contain no point of the design more than once. Definition 12. A design ( V, ) is resolvable if all its blocks can be partitioned into parallel classes. Example 17. A (9, 3, 1) − BIBD is resolvable; parallel classes are R 1, R 2, R 3, R 4: V = {0, 1, . . . , 9}, R 1 = {{0, 1, 2}, {3, 4, 5}, {6, 7, 8}}, R 2 = {{0, 3, 6}, {1, 4, 7}, {2, 5, 8}}, R 3 = {{0, 4, 8}, {1, 5, 6}, {2, 3, 7}}, R 4 = {{0, 5, 7}, {1, 3, 8}, {2, 4, 6}}. Definition 13. A Kirkman triple system, KTS( v ), of order v is a resolvable STS( v ) together with a resolution of its blocks. Distinct resolutions of a given STS( v ) may form nonisomorphic KTS’s. Example 18. KTS(15), V = {1, 2, . . . , 15}, R 1 = {{1, 2, 3}, {4, 8, 12}, {5, 11, 14}, {6, 9, 15}, {7, 10, 13}}, R 2 = {{1, 4, 5}, {2, 12, 14}, {3, 9, 10}, {6, 11, 13}, {7, 8, 15}}, R 3 = {{1, 6, 7}, {2, 13, 15}, {3, 8, 11}, {4, 10, 14}, {5, 9, 12}}, R 4 = {{1, 8, 9}, {2, 4, 6}, {3, 13, 14}, {5, 10, 15}, {7, 11, 12}}, R 5 = {{1, 10, 11}, {2, 5, 7}, {3, 12, 15}, {4, 9, 13}, {6, 8, 14}}, R 6 = {{1, 12, 13}, {2, 8, 10}, {3, 5, 6}, {4, 11, 15}, {7, 9, 14}}, R 7 = {{1, 14, 15}, {2, 9, 11}, {3, 4, 7}, {5, 8, 13}, {6, 10, 12}}. The existence problem for Kirkman triple systems was completely solved by Ray- Chaudhuri and Wilson in 1971, more than 120 years after the problem was posed by Kirkman. Theorem 17. A Kirkman triple system of order v exists if and only if v ≡ 3 (mod 6) . A proof of sufficiency bases on two important facts: Lemma 18. For each v ≡ 1 (mod 3) , there exists a ( v, {4, 7, 10, 19}, 1) − PBD . Lemma 19. If there exists a ( v, K , 1) − PBD , v ≡ 1 (mod 3) , and for each ki ∈ K there exists a KTS(2 ki + 1) , then there exists a KTS(6 n + 3) . Construction of a Kirkman triple system. Let v = 6 n + 3 and let W = V × {1, 2} ∪ {∞} where | V | = 3 n + 1. Let ( V, ) be a (3 n + 1,{4,7,10,19},1) − PBD. Mariusz Meszka: Combinatorial Designs 49 For each block B ∈ , put on the set B × {1, 2} ∪ {∞} a copy of a KTS(2| B| + 1) with a resolution B in such a way that { x 1, x 2, ∞} is a triple for each x ∈ B . Let RBx be a parallel class of B containing the triple { x 1, x 2, ∞}. Then Rx = R B ∈ Bx is a parallel class on W and = { Rx : x ∈ V } is a resolution of a KTS( v ). The necessary conditions are also sufficient for the existence of a resolvable (v,k,1)- BIBD when k is small, namely: if k = 2, v ≡ 0 (mod 2), if k = 3, v ≡ 3 (mod 6), if k = 4, v ≡ 4 (mod 12). For k = 5, a resolvable ( v, 5, 1) − BIBD exists if v ≡ 5 (mod 20) and v = 45, 345, 465, 645, in which cases the existence problem remains open. Theorem 20. A resolvable transversal design TD( k , m ) exists if and only if there exists a set of k − 1 MOLS( m ) . Corollary 21. A resolvable transversal design TD( k , m ) exists if and only if there exists transversal design TD( k + 1, m ) . When v ≡ 1 (mod 6), the maximum number of pairwise disjoint triples is v−1 . Then 3 the maximum partial parallel class has to miss one point. Definition 14. A Hanani triple system, HTS( v ), of order v is an STS( v ) with a partition of its blocks into ( v − 1) / 2 almost parallel classes and a single partial parallel class with ( v − 1) / 6 triples. Theorem 22. A Hanani triple system of order v exists if and only if v ≡ 1 (mod 6) and v ∈ {7, 13} . Exercise 18. Construct a resolvable (16, 4, 1) − BIBD. Exercise 19. Construct a resolvable TD(5, 7). Exercise 20. Show that an HTS(7) does not exist. 2.6 Other classes of designs 2.6.1 Affine and projective planes A finite incidence structure (or finite geometry), P = ( , , I ) is made of a finite set of points , a finite set of lines , and an incidence relation I between them. Definition 15. A finite affine plane is a finite incidence structure such that the following axioms are satisfied: (A1) any two distinct points are incident with exactly one line, (A2) for any point P outside a line l there is exactly one line through P that has no point in common with l , 50 2.6 Other classes of designs (A3) there exist three points not on a common line. For a finite affine plane A, there is a positive integer n such that any line of A has exactly n points. This number is the order of A. A finite affine plane of order n has n 2 points, n 2 + n lines, and n + 1 lines through each point. Lemma 23. An affine plane or order n is a BIBD( n 2, n 2 + n, n, n + 1, 1) . Conversely, BIBD( n 2, n 2 + n, n, n + 1, 1) is an affine plane of order n. Remark. An affine plane is resolvable. Theorem 24. An affine plane of order n exists if n is a prime power. Construction of an affine plane of a prime power order. Let q = p k be a prime power. Let V = F q × F q . For any a , b ∈ Fq , define a block La, b = {( x , y ) ∈ V : y = a x + b }. For any c ∈ Fq , define L∞, c = {( c , y ) ∈ V : y ∈ F q }. Finally, define = { La, b : a, b ∈ F q} ∪ { L∞, c : c ∈ F q}. ( V, ) is a ( q 2, q,1) − BIBD. Remark. The existence of an affine plane of order n is equivalent to the existence a set of n − 1 MOLS( n). Definition 16. A finite projective plane is a finite incidence structure such that the fol- lowing axioms are satisfied: (P1) any two distinct points are incident with exactly one line, (P2) any two distinct lines are incident with exactly one point, (P3) there exist four points no three of which are on the same line. For a finite projective plane P, there is a positive integer n such that any line of P has exactly n + 1 points. This number is the order of P. A finite projective plane of order n has n 2 + n + 1 points, n 2 + n + 1 lines, and n + 1 lines through each point. Lemma 25. A projective plane or order n is a BIBD( n 2 + n + 1, n 2 + n + 1, n + 1, n + 1, 1) . BIBD( n 2 + n + 1, n 2 + n + 1, n + 1, n + 1, 1) is a projective plane of order n. Remark. A projective plane of order n exists if and only if an affine plane of order n exists. Exercise 21. Construct an affine plane of order 4. 2.6.2 Cycle systems Definition 17. A k - cycle system of order n is a pair ( X , ) where is a collection of edge- disjoint k -cycles which partition the edge set of Kn with V ( Kn ) = X . Example 19. A 4-cycle system ( X , ) of order 9: V = {0, 1, . . . , 8}, = {(0,1,5,2), (0,3,8,7), (0,4,1,8), (0,5,4,6), (1,2,6,3), (1,6,5,7), Mariusz Meszka: Combinatorial Designs 51 (2,3,7,4), (2,7,6,8), (3,4,8,5)}. Theorem 26. A k -cycle system of order n exists if and only if: (1) n ≥ k ≥ 3 , (2) n is odd, (3) 2 k | n( n − 1) . A k -cycle system ( X , ) of order n is resolvable if the k -cycles belonging to C can be partitioned into parallel classes. Example 20. A resolvable 5-cycle system ( X , ) of order 15: V = {0, 1, . . . , 14}, R 1 = {(0, 1, 3, 6, 9), (2, 7, 8, 10, 13), (4, 11, 5, 14, 12)}, R 1 = {(0, 2, 5, 8, 6), (1, 12, 9, 7, 13), (3, 10, 4, 14, 11)}, R 1 = {(0, 3, 13, 4, 5), (1, 8, 2, 14, 9), (6, 10, 7, 12, 11)}, R 2 = {(0, 4, 2, 1, 10), (3, 7, 11, 9, 8), (5, 12, 6, 14, 13)}, R 1 = {(0, 7, 1, 14, 8), (2, 6, 4, 3, 12), (5, 10, 11, 13, 9)}, R 1 = {(0, 11, 8, 13, 12), (1, 4, 7, 5, 6), (2, 9, 3, 14, 10)}, R 3 = {(0, 13, 6, 7, 14), (1, 5, 3, 2, 11), (4, 8, 12, 10, 9)}. Theorem 27. A resolvable k -cycle system of order n exists if and only if: (1) n ≥ k ≥ 3 , (2) n is odd, (3) k | n. Theorem 28. Let n be odd, 3 ≤ m 1, m 2, . . . , mt ≤ n and m 1 + m 2 + . . . + mt = n( n − 1) / 2 . Then there exists a decomposition of Kn into t cycles of lengths m 1, m 2, . . . , mt . Oberwolfach Problem. Let n be odd, 3 ≤ m 1, m 2, . . . , mt ≤ n and m 1 + m 2 + . . . + mt = n . Does the complete graph Kn have a 2-factorization in which every 2-factor consists of cycles of lengths m 1, m 2, . . . , mt ? The Oberwolfach problem has an affirmative solution for n ≤ 40 and every admissi- ble collection of cycles lengths, with the exception of two cases: (1) m 1 = 4, m 2 = 5 (2) m 1 = m 2 = 3, m 3 = 5. Exercise 22. Construct a 5-cycle system of order 11. Exercise 23. Construct a resolvable 5-cycle system of order 25. 52 2.6 Other classes of designs 2.6.3 G -designs Definition 18. A G - design of order v and index λ (or ( λKn , G )- design) is a G -decomposition of a complete λ-multigraph λKn . A ( λKn , G )-design is balanced if each vertex of λKn occurs in the same number of copies of G . Theorem 29. There exists a ( λKn , K 1, k ) -design if and only if n ≥ k + 1 and λn( n − 1) ≡ 0 (mod 2 k ) . Theorem 30. There exists a ( λKn , Pk ) -design if and only if n ≥ k and λn( n − 1) ≡ 0 (mod (2 k − 2)) . Example 21. A ( K 6, P 4)-design: V = {0, 1, 2, 3, 4, 5}, = {(0,1,2,4), (0,2,3,5), (0,3,4,1), (0,4,5,2), (0,5,1,3)}. Conjecture. There exists a ( K 2 n+1, T ) -design for each tree T with n edges. Exercise 24. Construct a (2 K 7, K 1,6)-design. 2.6.4 t -designs Definition 19. A t − ( v, k , λ)- design is a pair ( V, ) where | V | = v and is a collection of k -element subsets of V ( blocks) with the property that each t -element subset of V is contained in exactly λ blocks. An ordered quadruple of positive integers ( λ, t , k , v ) is called admissible if λs = λ( v− s ) /( k− s ) is an integer for each 0 ≤ s < t . t − s t − s A Steiner quadruple system of order v (SQS( v )) is a 3 − ( v, 4, 1)-design. Example 22. A cyclic SQS(10): V = Z10. The base blocks are: B 1 = {0, 1, 3, 4}, B 2 = {0, 1, 2, 6}, B 3 = {0, 2, 4, 7}. Theorem 31. An SQS( v ) exists if and only if v ≡ 2, 4 (mod 6) . Exercise 25. Construct an SQS(8). 2.6.5 Room squares Definition 20. Let S be a set of n + 1 elements ( symbols). A Room square of side n is an n × n array, R, that satisfies the following properties: (1) every cell of R is either empty or contains an unordered pair of symbols from S, (2) every symbol of S occurs exactly once in each row and exactly once in each column of R, (3) every unordered pair of symbols occurs in precisely one cell in R. Mariusz Meszka: Combinatorial Designs 53 Thus each row and each column of R contain n−1 empty cells. 2 Example 23. A room square of side 9: S = {0, 1, . . . , 9}, 01 49 37 28 56 89 02 57 34 16 58 03 69 24 17 36 78 04 19 25 79 12 05 38 46 45 06 18 39 27 26 59 13 07 48 67 14 29 08 35 23 15 68 47 09 Theorem 32. A room square of side n exists if and only if n is odd and n ∈ {3, 5} . For odd n , two 1-factorizations of the complete graph Kn+1, = { F 1, F 2, ..., Fn} and = { G 1, G 2,..., Gn} are orthogonal if | Fi ∩ Gi | ≤ 1 for all 1 ≤ i , j ≤ n. The existence of a Room square of side n is equivalent to the existence of two orthogonal 1-factorizations of Kn+1. Exercise 26. Show that a Room square of side 5 does not exist. Exercise 27. Construct a Room square of side 7. 2.6.6 Hadamard matrices and designs In 1893, Hadamard addressed the problem of the maximum absolute value of the deter- minant of an n × n complex matrix H with all its entries on a unit circle. That maximum value is n n . Among real matrices, this value is attained if and only if H has every entry either 1 or −1, and satisfies HHT = n I . This condition means that any two distinct rows of H ( n) are orthogonal. Definition 21. An n × n (±1)-matrix H( n) is a Hadamard matrix of side n if HHT = n I . Notice that we may multiply all entries in any row (and column) by -1 and the result is again a Hadamard matrix. By a sequence of such multiplications, a Hadamard matrix may be transformed into another Hadamard matrix, in which every entry in the first row or in the first column is 1. Such a Hadamard matrix is called standardized. 54 2.7 References Example 24. H (4):  + + + +   + + − −     + − + −    + − − + Necessary condition for the existence of an H ( n) is n ≡ 0 (mod 4) or n = 1, 2. The famous conjecture, stated by Hadamard in 1893, claims that the above condition is also sufficient. The smallest order for which the conjecture remains open is 668. Definition 22. A Hadamard design is a symmetric (4 m − 1, 2 m − 1, m − 1) − BIBD. The existence of a Hadamard design of order 4 m − 1 is equivalent to the existence of a Hadamard matrix of side 4 m . Example 25. (7, 3, 1) − BIBD and its corresponding H(8).  + + + + + + + +  1 1 0 1 0 0 0  + + + − + − − −  0 1 1 0 1 0 0    + − + + − + − −  0 0 1 1 0 1 0    + − − + + − + −  0 0 0 1 1 0 1    + − − − + + − +  1 0 0 0 1 1 0    + + − − − + + −  0 1 0 0 0 1 1    + − + − − − + +  1 0 1 0 0 0 1   + + − + − − − + Exercise 28. Construct a Hadamard matrix H (12). 2.7 References [1] C.J. Colbourn, J.H. Dinitz (eds.), Handbook of Combinatorial Designs, Second Edition, Chapman & Hall/CRC, 2006. [2] C.J. Colbourn, A. Rosa, Triple Systems, Clarendon Press, 1999. [3] C.C. Lindner, C.A. Rodger, Design Theory, Second Edition, Chapman & Hall/CRC, 2009. [4] D.R. Stinson, Combinatorial Designs, Constructions and Analysis, Springer, 2004. [5] W.D. Wallis, Introduction to Combinatorial Designs, Chapman & Hall/CRC, 2007. Chapter 3 Some Topics in the Theory of Finite Groups Primož Moravec University of Ljubljana, Slovenia SUMMARY The theory of finite groups plays a central role in group theory and has several applica- tions in other branches of mathematics, including discrete mathematics and cryptogra- phy. The theory culminated with the classification of finite simple groups in 1983, and has developed afterwards into several different directions such as the theory of groups of prime power order, invariant theory, and many others. This mini course will address some topics of the above theory. These will include advanced applications of Sylow’s theory, techniques of building new groups from old, basic theory of finite p-groups, and problems regarding enumeration of finite groups. 55 Primož Moravec: Some Topics in the Theory of Finite Groups 57 3.1 Introduction These notes form a background material for a short course on group theory that was given at 2014 PhD Summer School in Discrete Mathematics and SYGN, Rogla, Slovenia. Since the summer school was aimed primarily at PhD students who are working in the latter area and may not necessarily be experts in group theory, the notes give a fairly general introduction to three main topics: Finite Simple Groups, Extension Theory of Groups, and Nilpotent groups and Finite p -groups. The choice of the first two topics is clear from the point of view of classifying all finite groups. It turns out that the knowledge of all finite simple groups, together with knowing how to “glue” two groups together to produce new ones, in principle provides a way of constructing all finite groups. The first problem, classification of finite simple groups (CFSG), has been resolved satisfactory, and one can operate with a full list of these groups. In these notes we will only touch this vast area by showing simplicity of alternating groups and projective special linear groups. We will sketch the classification, but ommit almost all further details. We will move on to extension theory which tells us how to construct new groups from old. The extension problem of classifying all possible extensions of one group by another appears to be hard (impossible?) to solve in general. We will only study a very special case of it. There are two main reasons why to deal with finite p -groups, i.e., groups whose or- ders are powers of a prime p . The first is clear to an undergraduate student: finite p - groups appear as Sylow p -subgroups of finite groups. The second is more delicate and motivated by a vague statement “Almost all finite groups are p -groups. ” We will not make any attempt of making this statement more precise, but rather develop some basic the- ory of these groups and indicate their complexity within the universe of all finite groups. In addition to the above, we include preliminaries that will be needed in subsequent sections. We collect some basic properties of groups with focus on finite groups. We also exhibit as many examples as possible in order to illustrate and motivate the the- ory. A general experience is that most of the students only know some standard types of groups, such as abelian groups, dihedral groups, symmetric and alternating groups,... Other groups which do not have clean descriptions are usually put aside. In order to avoid this, I use GAP (Groups, Algorithms, and Programming), a computational system designed for constructing and manipulating with groups. GAP is applied in exploring properties of groups, and even providing proofs of statements. Examples with full GAP code are be given, but I have decided to leave out all explanations of the syntax and pro- gramming rules. There are two reasons for this. One is that the reader will mostly find it easy to figure out what a given line of GAP code does, since the syntax is very much self-explanatory. The second one is that there is an extensive manual of GAP, together with tons of tutorials and self-study material available at GAP’s web page [5]. We encour- age the reader to download GAP (it’s open source) and try out all of the examples in these 58 3.2 Basic notions and examples notes. I have closely followed Robinson’s book A course in the theory of groups [8] and Ca- meron’s lecture notes on finite groups [4], thus I claim very little originality as far as for the exposition goes. 3.2 Basic notions and examples In this section we collect some basic properties of groups and important examples the reader should be familiar with in order to read these notes. Most of the proofs in this sec- tion will be omitted. We will also show how to use GAP in performing explicit calculations with groups. Concrete examples of computations will be presented. A convention about the notations. All (or most) of the functions we consider will be acting from the right. This means that if f : X → Y is a function and x ∈ X , then the image of x under f will (usually) be denoted by x f or x f . The main sources of the material covered here are [6] and [8]. 3.2.1 Groups A non-empty set G equipped with a binary operation ◦ is a group if the following hold: • Associativity: ( a ◦ b ) ◦ c = a ◦ ( b ◦ c ) for all a , b, c ∈ G ; • Identity element: there exists e ∈ G such that e ◦ a = a ◦ e = a for all a ∈ G ; • Inverse: For every a ∈ G there exists a ∈ G such that a ◦ a = a ◦ a = e . It is easy to show that the identity element e is uniquely determined, and that every a ∈ G has a unique inverse, denoted by a −1. For most of the time we write · instead of ◦; in this case, when there is no confusion, we write 1 instead of e (multiplicative notation). If g , h ∈ G , we will often use the notation g h = h−1 g h for conjugation of g by h. If the set G is finite, then we say that G is a finite group, and | G | is called the order of G . A group G is abelian if a ◦ b = b ◦ a for all a , b ∈ G . In this case we often write + instead of ◦, and the identity element is denoted by 0 (additive notation). A subset H of G is called a subgroup of G if it is a group under the same operation. We write H ≤ G . One can verify directly that H is a subgroup of G if and only if ab −1 ∈ H for all a , b ∈ H. If H is a subgroup of G and a ∈ G , then we define left (right) cosets of H by a H = { a h | h ∈ H}, Ha = { ha | h ∈ H}. The set of all left cosets of H in G is denoted by G /H, and the set of all right cosets by H\ G . Different left (right) cosets form a partition of G . The number of left (= the number of Primož Moravec: Some Topics in the Theory of Finite Groups 59 right) cosets of H in G is the index of H in G and is denoted by | G : H|. If G is a finite group then Lagrange’s theorem says that | G | = | H| · | G : H|. In particular, if H ≤ G , then | H| divides the order of G . The intersection of a family of subgroups of a given group G is again a subgroup of G . Thus, if X is a non-empty subset of G , then there exists the smallest subgroup of G containing X . It is denoted by 〈 X 〉 and called the subgroup generated by X . We say that a group G is finitely generated if there exists a finite set X of its elements such that G = 〈 X 〉. Let G 1 and G 2 be groups. A map φ : G 1 → G 2 is said to be a homomorphism of groups if it preserves group operation, that is, ( ab) φ = aφbφ for all a, b ∈ G 1, where the products are calculated in the corresponding groups. The set ker φ = { x ∈ G 1 | x φ = 1} is said to be the kernel of φ and is a subgroup of G 1. The set im φ = { x φ | x ∈ G 1} is a subgroup of G 2 and is called the image of φ. A group homomorphism φ : G 1 → G 2 is said to be an epimorphism if im φ = G 2; monomorphism if ker φ = {1}; isomorphism if it is epimorhism and monomorphism; endomorphism if G 1 = G 2. A bijective endomor- phism is also called an automorphism. A subgroup H of G is said to be a normal subgroup of G if x H = Hx for every x ∈ G . Equivalently, x −1 H x ⊆ H for all x ∈ G , i.e., H is closed under conjugation by the elements of G . If H is a normal subgroup of G then the sets of left and right cosets of H in G coincide, and we use the commonly accepted notation G /H for these. The operation on G /H given by Ha · Hb = H( ab ) is well defined and turns G /H into a group called the factor group of G over H . The map ρ : G → G /H given by g ρ = H g is a surjective homomorphism of groups with ker ρ = H. The intersection of a family of normal subgroups of G is again a normal subgroup of G . Thus, given a set X ⊆ G , there exists the smallest normal subgroup of G containing X . It is denoted by 〈〈 X 〉〉 and called the normal closure of X in G . Theorem 3.2.1 (First Isomorphism Theorem) Let φ : G 1 → G 2 be a homomorphism of groups. Then G 1 / ker φ ∼ = im φ. Theorem 3.2.2 (Second Isomorphism Theorem) Let H be a subgroup and N a normal subgroup of G . Then H ∩ N H, and HN /N ∼ = H/( H ∩ N ) . Theorem 3.2.3 (Third Isomorphism Theorem) Let M and N be normal subgroups of G and let N ≤ M . Then M /N G /N and ( G /N ) /( M /N ) ∼ = G /M . 60 3.2 Basic notions and examples One can generalize the notion of normal subgroups as follows. A subgroup H of G is said to be subnormal in G if there exists a finite series H = H 0 H 1 H 2 · · · Hd = G . The shortest length of such a series is called the defect of H in G . Subnormal subgroups of defect one are precisely normal subgroups. Two other notions related to normal subgroups are the following. A subgroup H of G is said to be fully invariant if H α ≤ H for every endomorphism α of G . Similarly, H is characteristic in G if H α ≤ H for every automorphism α of G . The following is straight- forward: Lemma 3.2.4 The properties of being a ‘characteristic subgroup’ and ‘fully invariant sub- group’ are transitive relations. If H is characteristic in K and K normal in G then H G . Let G be a group and x , y ∈ G . The commutator of x and y is defined by [ x , y ] = x −1 y −1 x y = x −1 x y . The subgroup G generated by all the commutators [ x , y ], where x , y ∈ G , is called the derived subgroup or the commutator subgroup of G . Since [ x , y ] α = [ xα, y α] for all endomorphisms α of G , it follows that G is a fully invariant subgroup of G . It is easy to verify that G /G is abelian. Furthermore, if N is normal subgroup of G with G /N abelian, then G ≤ N . Thus G /G can be seen as the largest abelian quotient of G . It is called the abelianization of G . If G = G , then G is said to be a perfect group. For a group G we define its center to be Z ( G ) = { g ∈ G | [ g , x ] = 1 for all x ∈ G }. It is easy to verify that Z ( G ) is a characteristic subgroup of G . Let G 1 and G 2 be groups. The direct product G 1 × G 2 is the group whose elements are all pairs ( g 1, g 2) ∈ G 1 × G 2, and the operation is given by ( a 1, a 2)( b 1, b 2) = ( a 1 b 1, a 2 b 2). Proposition 3.2.5 Let G , G 1 and G 2 be groups. Then G ∼ = G 1 × G 2 if and only if there exist normal subgroups H ∼ 1 and H 2 of G such that Hi = Gi for i = 1, 2 , H 1 ∩ H 2 = 1 and H 1 H 2 = G . More generally, G ∼ = G 1× G 2×···× Gn if and only if there exist normal subgroups H 1,..., Hn of G such that H ∼ i = Gi , G = H 1 H 2 · · · Hn , and Hi ∩ H 1 · · · Hi−1 Hi+1 ··· Hn = {1} for all i . This follows from Proposition 3.2.5 by induction. Let X be a non-empty set, F a group, and ι : X → F a function. Then F , together with ι, is said to be a free group on X if for each function α from X to a group G there exists a homomorphism β : F → G such that α = ιβ . It is easy to show that ι has to be injective. Up to isomorphism, there is precisely one free group on a given set X . It can be constructed as a group whose elements are reduced words in X ∪ X −1, and the operation Primož Moravec: Some Topics in the Theory of Finite Groups 61 is concatenation, followed by reduction of terms of the form x ±1 x ∓1 if necessary. For further details we refer to [8]. Let X be a set and let F be a free group on X . Choose a subset Y of F , and let R = 〈〈 Y 〉〉 be its normal closure in F . Then we say that the group G = F /R is given by generators X and relations Y . We write G = 〈 X | Y 〉. The following result is simple but useful in recognizing groups from their presenta- tions: Lemma 3.2.6 (von Dyck’s Lemma) Let G be a group generated by x 1, . . . , xm satisfying relators r 1 = 1, . . . , rn = 1 . Let H be a group generated by y 1, . . . , ym , and suppose that ri ( y 1, . . . , ym ) = 1 for all i = 1, . . . , n. Then there exists a uniquely determined epimorphism φ φ : G → H with x = y j j for all j = 1, . . . , m . A sample application von Dyck’s lemma will be given in the next section. 3.2.2 Examples of groups and GAP In this section we present some important examples of groups. Along the way we show how to use GAP to construct groups and study their properties. More information on how to obtain GAP and apply its commands can be found at [5]. Cyclic groups A group generated by one element is called a cyclic group. If G is a cyclic group, two possibilites can occur. Either G is infinite, in which case it is isomorphic to ( , +), or it is finite of order n , in which case it is isomorphic to ( n , +). In multiplicative notation, cyclic groups will be denoted by C∞ and Cn , respectively. In general, if G is an arbitrary group and g ∈ G , then the order of the cyclic subgroup 〈 g 〉 of G is called the order of g , and denoted by | g |. In GAP, one can construct cyclic groups in several different ways. The standard one is as follows: gap> G := CyclicGroup( 6 ); gap> Elements( G ); [ of ..., f1, f2, f1*f2, f2^2, f1*f2^2 ] The list of the elements above may be a bit unexpected, as it does not indicate that the group in question is cyclic. Rather, it reflects the fact that C 6 is isomorphic to C 2 × C 3, and f1 and f2 are the corresponding generators of these factors. It is possible to examine basic properties of the group we constructed above: 62 3.2 Basic notions and examples gap> Order( G ); 6 gap> IsCyclic( G ); true gap> IsAbelian( G ); true Another way is to represent a cyclic group of order n with a generator x and relation x n = 1. We first construct a free group on { x } and then factor out the relation x n = 1. For n = 6, this goes as follows: gap> F := FreeGroup( "x" ); gap> AssignGeneratorVariables( F ); #I Assigned the global variables [ x ] gap> G := F / [ x^6 ]; gap> Order( G ); 6 gap> StructureDescription( G ); "C6" gap> Elements( G ); [ , x^3, x^2, x^-1, x^-2, x ] Note that the groups in the first and second example both represent C 6, yet, in GAP’s eyes they are not identical objects, because GAP represents them in different ways. The first example represents C 6 as a pc group, and the second one as an fp group. Abelian groups Finitely generated abelian groups are classified by the following result: Theorem 3.2.7 (Fundamental Theorem of Abelian Groups) Every finitely generated abe- lian group is a direct product of cyclic groups Cm × C × · · · × C × C k , 1 m 2 mr ∞ where mi | mi+1 for all i = 1,..., r − 1 . Two groups of this form are isomorphic if and only if the numbers m 1, . . . , mr and k are the same for the two groups. Alternatively, all finite abelian groups are direct products of cyclic groups of prime power order. This follows from the fact that if m and n are relatively prime then Cm × C ∼ n = Cm n . A group that is isomorphic to the direct product of a number of copies of Cp is called an elementary abelian p -group. Every elementary abelian p -group (written additively) is also a vector space over GF( p ). The scalar multiplication is given by λx = x + ··· + x . λ times Primož Moravec: Some Topics in the Theory of Finite Groups 63 For example, one can construct C 2 × C 4 × C 12 in GAP as follows: gap> G := AbelianGroup( [2, 4, 12 ] ); gap> AbelianInvariants( G ); [ 2, 3, 4, 4 ] The last command tells us that our group is isomorphic to C 2× C 3× C 4× C 4. In general, AbelianInvariants( G ); returns a cyclic decomposition of G ab. Symmetric groups If X is a non-empty set, then the set of all bijections X → X becomes a group under the operation of composition. It is denoted by Sym X . If X is a finite set, then we can write X = {1, 2, . . . , n}, and we use the abbreviation Sn for Sym X in this case. The group Sn is called the symmetric group on n letters. Its elements are permutations that can be written as products of cycles of the form ( x 1 x 2 . . . xk ) that represents the map x 1 → x 2 → · · · → xk → x 1, and all other elements are fixed. The order of Sn is n!. If n > 2, then Sn is clearly a non-abelian group. Let us use GAP to play around with S 4 and its elements: gap> S4 := SymmetricGroup( 4 ); Sym( [ 1 .. 4 ] ) gap> Order( S4 ); 24 gap> el := Elements( S4 ); [ (), (3,4), (2,3), (2,3,4), (2,4,3), (2,4), (1,2), (1,2)(3,4), (1,2,3), (1,2,3,4), (1,2,4,3), (1,2,4), (1,3,2), (1,3,4,2), (1,3), (1,3,4), (1,3)(2,4), (1,3,2,4), (1,4,3,2), (1,4,2), (1,4,3), (1,4), (1,4,2,3), (1,4)(2,3) ] gap> a := el[ 4 ]; (2,3,4) gap> b := el[ 7 ]; (1,2) gap> a * b; (1,2,3,4) gap> a^(-1); (2,4,3) gap> a^b; (1,3,4) gap> Order( a ); 3 We can also present symmetric groups in terms of generators and relations. Here is an example: 64 3.2 Basic notions and examples Example 3.2.8 Let G = 〈 x , y | x 2 = y 3 = ( x y )2 = 1〉 . We claim that G ∼ = S 3 . Denote a = (12) and b = (1 2 3) . Then a 2 = b 3 = ( ab )2 = 1 . By von Dyck’s Lemma, there exists a surjective homomorphism φ : G → 〈 a , b 〉 = S 3 . Now consider G . We have that y x = x y 2 , hence every element of G can be written as x m y n , where 0 ≤ m ≤ 1 , 0 ≤ n ≤ 2 . It follows that | G | ≤ 6 . Comparing the orders, we conclude that φ must be an isomorphism between G and S 3 . Another proof can be done with GAP : gap> F := FreeGroup("x", "y");; gap> AssignGeneratorVariables(F);; #I Assigned the global variables [ x, y ] gap> G := F / [x^2, y^3, (x*y)^2];; gap> StructureDescription(G); "S3" In general, the group Sn has a following presentation: 〈 x 1, . . . , xn−1 | x 2 = 1,[ x i i , x j ] = 1, x i x i +1 xi = xi +1 xi xi +1 for all i and j = i ± 1〉. Here xi corresponds to the transposition ( i i + 1) . This is left as an exercise. Using GAP, one can also construct subgroups generated by certain sets of elements, and normal closures of subgroups. It is also possible to test memberships to subgroups. gap> G := SymmetricGroup( 5 ); Sym( [ 1 .. 5 ] ) gap> H := Subgroup( G, [(1, 2), (1, 3)]); Group([ (1,2), (1,3) ]) gap> Order( H ); 6 gap> (1,2,3,4) in H; false gap> N := NormalClosure(G, H); Group([ (2,3), (1,3,2), (2,4), (3,5) ]) gap> Order( N ); 120 gap> StructureDescription( H ); "S3" gap> StructureDescription( N ); "S5" The parity of a permutation g ∈ Sn is defined to be the parity of the number n − c ( g ), where c ( g ) is the number of cycles of g (including the cycles of length 1). We regard the parity as an element of 2. One can show that the parity is a homomorphism from Sn onto the group 2. Its kernel consists of all permutations of even parity. It is denoted by An and called the alternating group on n letters. Alternating groups can be constructed with GAP: Primož Moravec: Some Topics in the Theory of Finite Groups 65 gap> G := AlternatingGroup( 4 ); Alt( [ 1 .. 4 ] ) gap> Order( G ); 12 One can also locate A 4 within the list of all normal subgroups of S 4: gap> G := SymmetricGroup( 4 ); Sym( [ 1 .. 4 ] ) gap> norm := NormalSubgroups( G ); [ Sym( [ 1 .. 4 ] ), Group([ (2,4,3), (1,4)(2,3), (1,3)(2,4) ]), Group([ (1,4)(2,3), (1,3)(2,4) ]), Group(()) ] gap> List( norm, StructureDescription ); [ "S4", "A4", "C2 x C2", "1" ] gap> Q := G / norm[ 2 ]; Group([ f1 ]) gap> StructureDescription( Q ); "C2" We can also construct the natural homomorphism S 4 → S 4 /A 4 as follows: gap> G := SymmetricGroup( 4 );; gap> norm:= NormalSubgroups( G );; gap> N:=norm[ 2 ]; Group([ (2,4,3), (1,4)(2,3), (1,3)(2,4) ]) gap> hom := NaturalHomomorphismByNormalSubgroup( G, N ); [ (1,2,3,4), (1,2) ] -> [ f1, f1 ] gap> Kernel( hom ) = N; true gap> StructureDescription( Image( hom ) ); "C2" Linear groups Let F be a field. The set of all invertible n × n matrices over F is a group under multiplica- tion. It is called the general linear group of dimension n over F , and denoted by GL( n, F ). By Galois’ theorem, the order of a finite field is alwasy a prime power, and if q is a prime power, then there is, up to isomorphism, a unique field of order q . It is denoted by GF( q). The group GL( n, GF( q)) is also denoted as GL( n, q). The determinant map det : GL( n, F ) → F × is clearly a surjective homomorphism of groups. Its kernel is denoted by SL( n, F ) and called the special linear group of dimension n over F . Its elements are precisely all the matrices A ∈ GL( n, F ) with det A = 1. 66 3.2 Basic notions and examples Let us consider some examples using GAP: gap> G := GL( 2, 4); GL(2,4) gap> Order( G ); 180 gap> el := Elements( G );; gap> a := el[ 5 ]; [ [ 0*Z(2), Z(2)^0 ], [ Z(2^2), 0*Z(2) ] ] gap> b := el[ 7 ]; [ [ 0*Z(2), Z(2)^0 ], [ Z(2^2), Z(2^2) ] ] gap> Determinant( a ); Z(2^2) gap> a * b^2; [ [ Z(2^2)^2, Z(2)^0 ], [ Z(2^2)^2, Z(2^2)^2 ] ] gap> H := SL( 2, 4 ); SL(2,4) gap> Order( H ); 60 gap> StructureDescription( H ); "A5" Proposition 3.2.9 | GL( n, q)| = ( qn − 1)( qn − q) · · · ( qn − qn−1) . PROOF. A matrix is invertible if and only if its rows are linearly independent. This holds if and only if the first row is non-zero and, for k = 2, . . . , n, the k -th row is not in the sub- space spanned by the first k −1 rows. The number of possible rows is qn , and the number lying in any k -dimensional subspace is q k . So the number of choices for the first row is q n − 1, and for k = 2, . . . , n, the number of choices for the k -th row is qn − qk−1. Multi- plying these, we get the formula. Corollary 3.2.10 | SL( n, q)| = | GL( n, q)| /( q − 1) . PROOF. Let F = GF( q). We already saw above that GL( n, q) / SL( n, q) ∼ = F ×, and this gives the result. Dihedral groups A symmetry of a figure in Euclidian space is a rigid motion (or a combination of a rigid motion with reflection) of the space that carries the figure to itself. If we think of a rigid motion as a linear map of the real vector space, then it can be represented by a matrix. Alternatively, if we label the vertices of the figure, then a symmetry can be represented as a permutation of these labels. Primož Moravec: Some Topics in the Theory of Finite Groups 67 The group of symmetries of a regular n -gon is called a dihedral group D 2 n . If a de- notes the rotation around the center by the angle 2 π/n, and b the reflection over a cho- sen diagonal, then the elements of D 2 n can be written uniquely in the form a k b where 0 ≤ k < n and ∈ {0, 1}. Thus | D 2 n | = 2 n. The group D 2 n has a presentation D 2 n = 〈 a , b | a n = 1, b 2 = 1, ab = a −1〉. In GAP, one can construct dihedral groups directly by gap> G := DihedralGroup( 6 ); gap> Order( G ); 6 Another way is to present it by generators and relations. This is done by first con- structing a free group on two generators and then factor out the relations. gap> F := FreeGroup( "a", "b" ); gap> AssignGeneratorVariables(F); #I Assigned the global variables [ a, b ] gap> H := F / [ a^3, b^2, a^b / a^(-1) ]; gap> StructureDescription( H ); "S3" The last command tells us that D ∼ 6 = S 3. We can compare both constructions of D 6 above and see that they are not identical objects in GAP, yet they are isomorphic: gap> H = G; false gap> IsomorphismGroups(G, H); [ f1, f2 ] -> [ b, a ] The reason is that GAP represents D 6 in two different ways, first as a pc group and then as an fp group. The reader should consult GAP’s manual for further details. 3.2.3 Automorphisms An automorphism of a group G is an isomorphism G to itself. There are special types of automorphisms called conjugations or inner automorphisms; they are of the form c g : x → g −1 x g . Proposition 3.2.11 Let G be a group. (a) The set Aut( G ) of all automorphisms of G is a group under composition (from the right). This is the automorphism group of G . (b) The set Inn( G ) of all inner automorphisms of G is a normal subgroup of Aut G . This is called the inner automorphism group of G . 68 3.2 Basic notions and examples (c) Inn( G ) ∼ = G /Z ( G ) . The proof is straightforward and we leave it as an exercise. The group Out( G ) = Aut( G ) / Inn( G ) is the outer automorphism group of G . Note that its elements are not automorphisms, but rather right cosets Inn( G ) α, where α ∈ Aut( G ). GAP can deal with automorphisms very naturally: gap> G := DihedralGroup( 12 ); gap> A := AutomorphismGroup( G ); gap> Elements( A ); [ [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2, f1*f3^2, f1 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2*f3^2, f1*f3, f1 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1, f1*f2*f3, f1*f2 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f3, f1*f2*f3^2, f1*f2 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2, f1*f3^2, f1*f3 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2*f3, f1, f1*f3 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f3, f1*f2*f3^2, f1*f2*f3 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f3^2, f1*f2, f1*f2*f3 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2*f3, f1, f1*f3^2 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f2*f3^2, f1*f3, f1*f3^2 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1, f1*f2*f3, f1*f2*f3^2 ], [ f1*f3, f1*f2*f3^2, f1*f2*f3 ] -> [ f1*f3^2, f1*f2, f1*f2*f3^2 ] ] gap> StructureDescription( A ); "D12" gap> inn := InnerAutomorphismsAutomorphismGroup( A ); gap> Order( inn ); 6 gap> IsomorphismGroups( inn, G / Center( G ) ); CompositionMapping( [ (2,6)(3,5), (1,3,5)(2,4,6), (1,5,3)(2,6,4) ] -> [ f1, f2^2, f2 ], ) Next we compute some automorphism groups: Proposition 3.2.12 Aut C ∼ n = Cφ( n) , where φ is Euler’s totient function. PROOF. Let Cn = 〈 g 〉 and take α ∈ Aut G . Then g α = g i for some 0 ≤ i ≤ n − 1, and since 〈 g i 〉 = Cn , this can only happen if gcd( i , n) = 1. Conversely take an endomorphism α of Cn with g α = g i , where gcd( i , n) = 1. Then it is elementary to see that α is an automor- phism. Thus the map Aut Cn → × given by α → i is an isomorphism of groups. This n proves the result. Proposition 3.2.13 Aut( C n ) ∼ = GL( n, p) . p PROOF. This follows from the fact that C n is an n -dimensional vector space over GF( p ). p Primož Moravec: Some Topics in the Theory of Finite Groups 69 3.2.4 Group actions and Sylow’s theorems Sylow theorems are central in the theory of finite groups, as they describe the structure of such groups in terms of their subgroups of prime power order. These theorems are closely related to another fundamental notion of group theory, actions. Actions An action of a group G on a non-empty set X is a map µ: X × G → X satisfying the follow- ing rules: µ( µ( x, g ), h) = µ( x, g h), µ( x,1) = x for all x ∈ X and g , h ∈ G . We usually suppres µ and write µ( x , g ) as x g . It is clear that the above definition is equivalent to the fact that the map G → Sym X given by g → ( x → x g ) is a homomorphism of groups. An action µ is faithful if the condition that µ( x , g ) = µ( x, h) for all x ∈ X implies g = h. Let G act on X . The relation ≡ defined on X by x ≡ y ⇔ ∃ g ∈ G : x g = y is an equivalence relation on X . The equivalence class of x ∈ X is called the orbit of x , and is denoted by orb G ( x ). The set of orbits of G on X will be denoted by X /G . The action is said to be transitive if it has only one orbit, i.e., | X /G | = 1. For x ∈ X , the stabilizer of x is stab G ( x ) = { g ∈ G | x g = x }. It is easy to see that stab G ( x ) is a subgroup of G . Example 3.2.14 A group G acts on itself by right multiplication, i.e., we have an action G × G → G given by ( g , h) → g · h = g h. It is not hard to see that this action is transitive and faithful. gap> G := Group((1,2,3),(2,3,4));; gap> el := Elements( G);; gap> OnRight(el[2], el[3]) = el[2] * el[3]; true gap> orbit := Orbit(G, el[7], OnRight); [ (1,3,2), (), (1,4,2), (1,2,3), (2,3,4), (1,4,3), (1,2)(3,4), (1,3)(2,4), (2,4,3), (1,4)(2,3), (1,3,4), (1,2,4) ] gap> Size( orbit ) = Order( G ); true Example 3.2.15 A group G acts on itself by conjugation, i.e., ( g , h) → g h. The orbits of this actions are called the conjugacy classes of G . The stabilizer of g ∈ G is denoted by CG ( g ) and called the centralizer of g in G . 70 3.2 Basic notions and examples gap> G := DihedralGroup( 8 );; gap> ConjugacyClasses( G ); [ of ...^G, f1^G, f2^G, f3^G, f1*f2^G ] gap> el := Elements( G );; gap> Centralizer( G, Subgroup( G, [ el[ 5 ] ] ) ); Group([ f1*f2, f3 ]) More generally, any subgroup H ≤ G acts on G by conjugation. At the other end of the scale, if N is a normal subgroup of G , then G , by definition, acts on N by conjugation. Example 3.2.16 A subgroup H of a group G acts on the set of all subgroups of G by conju- gation; ( K , h) → K h. If K ≤ G , then the stabilizer of K is under this action is the normalizer of K : NH ( K ) = { h ∈ H | K h = K }. Example 3.2.17 Let H be a subgroup of G and H \ G the set of all right cosets of H in G . Then G acts on H \ G by right multiplication: ( Hx ) · g = Hx g . gap> G := Group((1, 2, 3, 4, 5), (1, 2) );; gap> H := Subgroup( G, [ (1, 2) ] );; gap> Index( G, H ); 60 gap> act := FactorCosetAction( G, H ); gap> Range( act ); gap> Kernel( act ); Group(()) Example 3.2.18 Let X be a non-empty set and G ≤ Sym X . Then G acts on points of X by the rule ( x , g ) → x g . gap> G := Group( (1, 2, 3), (2, 3, 4) );; gap> Orbit(G, 1, OnPoints); [ 1, 2, 3, 4 ] Let G be a finite group acting on a set X . One can observe that there is a 1-1 correspon- dence between the elements of orb G ( x ) and the right cosets of stab G ( x ) in G . This implies the following fundamental result: Theorem 3.2.19 (Orbit-stabilizer theorem) Let G be a finite group acting on a set X . Choose x ∈ X . Then | orb G ( x )| · | stab G ( x )| = | G | . In the special case when G acts on itself by conjugation, we obtain: Primož Moravec: Some Topics in the Theory of Finite Groups 71 Corollary 3.2.20 (Class equation) Let G be a finite group and let x 1, . . . , xr be the repre- sentatives of conjugacy classes of non-central elements of G . Then r | G | = | Z ( G )| + | G : CG ( xi )|. i =1 For g ∈ G denote by fix( g ) the number of fixed points of g (considered as an element of Sym X ). We have: Theorem 3.2.21 (Orbit-counting Lemma) Let a finite group G act on a set X . Then 1 | X /G | = fix( g ). | G | g∈ G PROOF. We will count the pairs ( x , g ) ∈ X × G with the property that x g = x ; let us call these pairs good pairs. On one hand, a given g ∈ G is a member of fix( g ) good pairs, hence the total number of good pairs is fix( g ). On the other hand, x g ∈ G ∈ X is a mem- ber of | stab G ( x )| good pairs. The orbit of x thus produces | orb G ( x )| · | stab G ( x )| = | G | good pairs, hence there are | X /G | · | G | good pairs in total. We get the result. Sylow theorems Since the action of G on itself by right multiplication is faithful, we have that the corre- sponding homomorphism G → Sym G is injective. In particular, we have: Theorem 3.2.22 (Cayley’s theorem) Every finite group is isomorphic to a subgroup of Sn for some positive integer n . Another classical result that can be proved using actions is Cauchy’s theorem which provides a basis for Sylow theorems. It goes as follows: Theorem 3.2.23 (Cauchy’s theorem) Let G be a finite group. If a prime p divides | G | , then G contains an element of order p . Theorem 3.2.24 (Sylow’s theorem) Let G be a group of order p a · m , where m is not di- visible by the prime p . Then the following holds: 1. G contains at least one subgroup of order p a . Any two subgroups of this order are conjugate in G . They are called the Sylow p -subgroups of G . 2. For each n ≤ a , G contains at least one subgroup of order p n . Every such subgroup is contained in a Sylow p -subgroup. 3. Let sp be the number of Sylow p -subgroups of G . Then sp ≡ 1 mod p and sp divides m . 72 3.2 Basic notions and examples This result has numerous consequences for the structure of finite groups, see the problems at the end of this section. We mention here that GAP can compute a Sylow p -subgroup of a given group as follows: gap> G := SymmetricGroup( 4 );; gap> P := SylowSubgroup( G, 2 ); Group([ (1,2), (3,4), (1,3)(2,4) ]) How many Sylow 2-subgroups of S 4 are there? A consequence of Sylow’s theorem is also that if P is a Sylow p -subgroup of G , then sp = | G : NG ( P)|. Thus: gap> Index( G, Normalizer( G, P ) ); 3 Thus there are three Sylow 2-subgroups of S 4. All of them are conjugate to P: gap> ConjugacyClassSubgroups( G, P ); Group( [ (1,2), (3,4), (1,3)(2,4) ] )^G gap> Elements( last ); [Group([ (1,2), (3,4), (1,3)(2,4) ]), Group([ (2,3), (1,4), (1,3)(2,4)]), Group([ (1,3), (2,4), (1,4)(2,3) ]) ] A finite group is said to be a p -group if every element has order a power of p . Equiv- alently, the order of the group is p n for some n (exercise). Proposition 3.2.25 Let G be a p -group. Then Z ( G ) is non-trivial, and G contains a nor- mal subgroup of order p . PROOF. We may assume that G is non-abelian of order p n . Let x 1, . . . , xr be the represen- tatives of non-central conjugacy classes of G . By the Class Equation, r p n = | Z ( G )| + | G : CG ( xi )|. i =1 Since CG ( xi ) = G , the prime p divides | G : CG ( xi )| for all i = 1, . . . , r . It follows that p divides | Z ( G )|. The rest is now straightforward. Example 3.2.26 There is only one group of order p , namely Cp . Let us show that all groups of order p 2 are abelian (hence there are only two possibilities, Cp × Cp and Cp 2 ). Suppose there exists a non-abelian group G of order p 2 . Then Z ( G ) ∼ = Cp and G /Z ( G ) ∼ = Cp . Let Z ( G ) x be a generator of G /Z ( G ) . Then G = Z ( G )〈 x 〉 , but the latter group is abelian, which is a contradiction. Example 3.2.27 Let us classify all groups of order pq , where p and q are distinct primes (for p = q see Example 3.2.26). Assume that p > q. Let P be a Sylow p -subgroup, and Q a Sylow q -subgroup of G . Then Sylow’s theorem implies that sp = 1 , i.e., P is a normal subgroup of G . Similarly, sq ∈ {1, p } , and sp = 1 if and only if p ≡ 1 mod q. We separate the two cases: Primož Moravec: Some Topics in the Theory of Finite Groups 73 Suppose sq = 1 . Denote P = 〈 a 〉 and Q = 〈 b 〉 . Then ab = a k and b a = b for some integers k and . Therefore a k −1 = [ a , b ] = b − +1 . Since the orders and b are coprime, it follows that [ a , b ] = 1 , hence G ∼ = C ∼ p × Cq = Cpq . Now let sq = p , that is, let q divide p −1 . We still have ab = a k . By induction, abs = a ks . Since | b | = q, we conclude that k q ≡ 1 mod p . There are exactly q solutions to this equa- tion; if k is one of them, the others are powers of k . By replacing b by a power of itself we see that all these solutions give rise to the same group, namely, a group with presentation 〈 a , b | a p = bq = 1, ab = a k 〉 for some k satisfying k q ≡ 1 mod p , k ≡ 1 mod p . More on finite p -groups will be discussed later on. We conclude with two useful lemmas which are of similar nature: Lemma 3.2.28 (The Frattini argument) Let G be a group and H a finite normal sub- group. If P is a Sylow p -subgroup of H , then G = NG ( P) H. PROOF. For g ∈ G we have P g ≤ H and P g = Ph for some h ∈ H. Thus g h−1 ∈ NG ( P). Lemma 3.2.29 If P is a Sylow p -subgroup of a finite group G and NG ( P) H G , then H = NG ( H) . PROOF. Clearly P H NG ( H). By Frattini’s argument we have that NG ( H) = NNG ( H)( P) H. But NNG ( H)( P) ≤ NG ( P) ≤ H, hence the result. 3.2.5 An estimate of the number of finite groups In this short section we derive a rough bound for the number of of groups of order n . Lemma 3.2.30 A group G of order n can be generated by a set of at most log2 n elements. PROOF. Choose a non-trivial element g 1 ∈ G , and let G 1 = 〈 g 1〉. If G 1 = G , then stop. Otherwise choose g 2 ∈ G − G 1 and let G 2 = 〈 g 1, g 2〉. Repeat the procedure until we find g 1, . . . , g k ∈ G such that G = 〈 g 1, . . . , g k 〉. We prove that | Gi | ≥ 2 i for all i = 1, . . . , k ; this suffices to prove our lemma. The proof is by induction on i , the case i = 1 being obvious, Suppose that | Gi | ≥ 2 i . Since | Gi | di- vides | Gi+1| and Gi = Gi+1, we have | Gi+1| ≥ 2| Gi | ≥ 2 i+1, as required. Proposition 3.2.31 The number of groups of order n is at most n n log2 n . 74 3.2 Basic notions and examples PROOF. By Cayley’s theorem, every group of order n can be embedded as a subgroup of Sn , and can be generated by k = log2 n elements. There are at most n! choices for each g i , so the number of subgroups of Sn is at most ( n!) k ≤ ( nn)log2 n = nn log2 n, as required. GAP offers a Small Groups library which gives access to all groups of certain “small” orders. The groups are sorted by their orders and they are listed up to isomorphism; that is, for each of the available orders a complete and irredundant list of isomorphism type representatives of groups is given. The library also has an identification function: it returns the library number of a given group. More on this can be found in GAP’s manual. Here are some examples. gap> AllSmallGroups( 16 );; gap> NrSmallGroups( 512 ); 10494213 gap> AllSmallGroups(Size, 16, IsAbelian, true); [ , , , , ] gap> List( last, StructureDescription ); [ "C16", "C4 x C4", "C8 x C2", "C4 x C2 x C2", "C2 x C2 x C2 x C2" ] gap> G := DihedralGroup( 64 ); gap> IdGroup( G ); [ 64, 52 ] gap> H := SmallGroup( 64, 52 ); gap> G = H; false gap> StructureDescription( H ); "D64" 3.2.6 Jordan-Hölder theorem A group G is simple if {1} and G are the only normal subgroups of G . The abelian simple groups are precisely Cp where p is a prime (exercise). More examples of finite simple groups will be exhibited in Section 3.3. A composition series of a group G is a sequence of subgroups {1} = G 0 G 1 G 2 · · · Gr = G such that all the factors Gi+1 /Gi are simple groups. A related concept is that of chief series, where Gi are all normal in G and each Gi+1 /Gi is a minimal normal subgroup of G /Gi . Primož Moravec: Some Topics in the Theory of Finite Groups 75 The Correspondence Theorem says that if N is a normal subgroup of G then there is a bijection between subgroups of G /N and subgroups of G containing N . The bijection is canonical in the sense that all subgroups of G /N are of the form H/N , where H is a subgroup of G containing N . This result enables construction of a composition series of a finite group G as follows. Start with the series {1} G . If G is simple, we are done. Other- wise there is a proper non-trivial normal subgroup N of G . Now we repeat the procedure with {1} N and N G . More precisely, if we have Gi Gi+1 and the corresponding quo- tient is not simple, then we choose (by the Correspondence Theorem) N /Gi Gi+1 /Gi with N = Gi and N = Gi+1. In this way we refine the series, and since the group is finite, the procedure eventually results in a composition series of G . Given a composition series of G as above, we have r simple groups Gi+1 /Gi . Theorem 3.2.32 (Jordan-Hölder Theorem) Any two composition series of a finite group G give rise, up to order and isomorphism type, to the same list of composition factors. PROOF. The proof is by induction on | G |. Let G = G 0 G 1 G 2 · · · Gr = {1} and G = H 0 H 1 G 2 · · · Hs = {1} be two composition series of G . If G 1 = H 1, then the parts of the series below this term are two composition series of G 1 and by induction they have the same length and com- position factors. So assume from here on that G 1 = H 1. Let K 2 = G 1 ∩ H 1. Let K 2 K 3 · · · Kt = {1} be a composition series of K 2. The group G 1 H 1 is a normal subgroup of G and G 1 < G . It follows that G = G ∼ ∼ 1 H 1. Therefore G /G 1 = G 1 H 1 /G 1 = H 1 /K 2, and similarly also G /H 1 = G 1 /K 2. Thus G 1 G 2 · · · Gr = {1} and G 1 K 2 K 3 · · · Kt = {1} are two composition series of G 1 and hence they have the same length and same compo- sition factors. A similar statement holds true for H 1, so each of the given series for G has the composition factors of K 2 together with G /G 1 and G /H 1. Therefore the result holds. Let us calculate a composition series of D 32: 76 3.2 Basic notions and examples gap> G := DihedralGroup( 32 ); gap> cs := CompositionSeries( G ); [ Group([ f1, f2, f3, f4, f5 ]), Group([ f2, f3, f4, f5 ]), Group([ f3, f4, f5 ]), Group([ f4, f5 ]), Group([ f5 ]), Group([ ]) ] gap> List( [1..5], i -> StructureDescription( cs[ i ] / cs[ i + 1 ] ) ); [ "C2", "C2", "C2", "C2", "C2" ] The result is not surprising as D 32 is a 2-group. Solvable groups A finite group is said to be solvable if all of its composition factors are cyclic of prime order. One can prove the following: Theorem 3.2.33 A finite group G is solvable if it has a series G = G 0 G 1 G 2 · · · Gr = {1} with all Gi /Gi+1 abelian. The statement of Theorem 3.2.33 is usually taken as the definition of solvable groups in the infinite case. Every abelian group is solvable. The smallest non-abelian solvable group is 1 A 3 S 3. The smallest non-solvable group is A 5. The derived length of a solv- able group G is the length of the shortest abelian series of G . A group is called metabelian if its derived length is no more than two. Lemma 3.2.34 The following hold: 1. A subgroup of a solvable group is solvable. 2. A homomorphic image of a solvable group is solvable. 3. If a normal subgroup and its factor are solvable, then the group is solvable. Lemma 3.2.35 A product of two normal solvable subgroups of a group is again solvable. PROOF. Let H G and K G be solvable. Then ( K H) /K H /( H ∩ K ) is solvable by (2) above and consequently K H is solvable by (3). The following shows that A 5 is the only non-solvable group of order 60: gap> l60 := AllSmallGroups( 60 );; gap> List( l60, IsSolvable ); [ true, true, true, true, false, true, true, true, true, true, true, true, true ] gap> notsolv := Filtered( l60, G -> not IsSolvable( G ) ); [ Group([ (1,2,3,4,5), (1,2,3) ]) ] gap> StructureDescription( notsolv[ 1 ] ); "A5" Primož Moravec: Some Topics in the Theory of Finite Groups 77 Examples of solvable groups include the following: Theorem 3.2.36 Let p , q , r be primes. Then all groups of orders p m q n or pq r are solvable. We skip the proof. Solvability of groups of order p m q n is also refered to as the Burnside’s p m q n -theorem. It is proved using character theory. A celebrated theorem by Feit and Thompson says that every group of odd order is solvable. The proof is very long (about 255 pages) and represents a milestone in the classification of finite simple groups as it was a first significant indication that such a classification might be possible. We mention here that the Feit-Thompson theorem was recently reproved using interactive theorem prover Coq. 3.2.7 How to draw a group? In this section we assume the reader is familiar with basic terminology of graph theory. Let G be a group generated by a set S. The Cayley graph Γ = Cay( G , S) is a colored directed graph given as follows: the vertex set of Γ is identified with G . To each s ∈ S we assign a color cs . The vertices g and s g are joined by a directed edge of color cs for all g ∈ G and s ∈ S. The set S is usually assumed to be finite, symmetric (i.e., S = S−1) and not containing the identity element of the group. In this case, the uncolored Cayley graph is an ordinary graph: its edges are not oriented and it does not contain loops (single- element cycles). One can modify the above definiton to the case when S is a set of elements of G that does not generate G . We still get a graph, but it may not be connected. From the definition of Cayley graphs it also follows that the Cayley graph of a given group clearly depends on the choice of a generating set S. Here are some examples that illustrate this. Example 3.2.37 If we take the cyclic group Cn = 〈 x 〉 of order n and S = { x , x −1} , then Cay( Cn , S) is an undirected cycle n of length n. If we take S = { x } , then, unless n = 2 , the corresponding Cayley graph is a directed cycle of length n . In the case n = 5 the diagram is as follows: 1 x 4 x x 2 x 3 78 3.2 Basic notions and examples Every red directed edge between x k and x k +1 resembles the fact that x k +1 = x · x k . If we take S = { x , x 2} , the corresponding graph is a directed circulant graph with jumps 1 and 2. Here is the diagram for n = 5 : 1 x 4 x x 2 x 3 If we take S = { x ±1, x ±2} then we get an undirected circulant graph with jumps 1 and 2. It turns out that undirected circulant graphs are precisely Cayley graphs of cyclic groups with respect to symmetric generating sets. Example 3.2.38 The dihedral group of order 8 has a presentation D 8 = 〈 x , y | x 4 = y 2 = 1, x y = x −1〉 . The Cayley graph Cay( D 8, { x , y }) looks as follows: y x y x 2 x x 2 1 x 3 y y x 3 The red arrows represent multiplication by x from the left, and the blue edges represent multiplication by y ; since y = y −1 , the blue edges are undirected. The dihedral group of order 8 can be also given by the following presentation: D 8 = 〈 a , b | a 2 = b 2 = 1, ( ab )2 = ( ba)2〉. In this case, Cay( D 8,{ a, b}) is as follows: Primož Moravec: Some Topics in the Theory of Finite Groups 79 1 a b b a a b a b a b a b b a b a Cayley graphs can be constructed within GAP using a package called GRAPE. This package has to be loaded into GAP using LoadPackage. After that all the commands of the pack- age are available. One can then construct Cayley graphs Cay( G , S); the result is a record that contains several attributes of the graph; we refer to GAP’s manual for further details on records, and GRAPE’s manual for further commands. Here we show how to construct a Cayley Graph of A 4 with respect to the generating set {(1 2 3), (1 2 4)}, and compute its adjacency matrix. gap> LoadPackage("grape");; ------------------------------------------------------------------------ Loading GRAPE 4.6.1 (GRaph Algorithms using PErmutation groups) by Leonard H. Soicher (http://www.maths.qmul.ac.uk/~leonard/). Homepage: http://www.maths.qmul.ac.uk/~leonard/grape/ ------------------------------------------------------------------------ gap> cay := CayleyGraph(AlternatingGroup(4), [(1,2,3),(1,2,4)]); rec( adjacencies := [ [ 5, 6, 7, 10 ] ], group := Group([ (1,5,7)(2,4,8) (3,6,9)(10,11,12), (1,2,3)(4,7,10)(5,9,11)(6,8,12) ]), isGraph := true, isSimple := true, names := [ (), (2,3,4), (2,4,3), (1,2)(3,4), (1,2,3), (1,2,4), (1,3,2), (1,3,4), (1,3)(2,4), (1,4,2), (1,4,3), (1,4)(2,3) ], order := 12, representatives := [ 1 ], schreierVector := [ -1, 2, 2, 1, 1, 1, 1, 1, 2, 2, 2, 1 ] ) gap> CollapsedAdjacencyMat(cay); [ [ 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0 ], [ 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0 ], [ 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1 ], [ 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 1, 0 ], [ 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0 ], [ 1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1 ], [ 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1 ], [ 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1 ], [ 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 0 ], [ 1, 1, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0 ], [ 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0 ], [ 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0 ] ] 3.2.8 Problems 1. Supply the missing proofs in this section. 80 3.2 Basic notions and examples 2. Let H be a subgroup of a group G with | G : H| = 2. Prove that H is a normal sub- group of G . 3. Is it always true that if H is a subgroup of G with prime index, then H G ? 4. Let p be the smallest prime that divides the order of a finite group G . If H is a subgroup of G of index p , then H is normal in G . 5. Find a group G and subgroups H and K with the property that H K G , but H is not normal in G . 6. Let H and K be subgroups of finite index in G . Prove that | G : H ∩ K | ≤ | G : H|·| G : K |, with equality if and only if G = H K . 7. If H is a subgroup of G of finite index, then H contains a subgroup of finite index which is normal in G . 8. A group in which every non-trivial element has order 2 is abelian. 9. Let a and b be elements of order 2 of a finite group G . Prove that 〈 a , b 〉 is a dihedral group. 10. Find all subgroups of D 12. Which of these are normal subgroups? 11. Show that GL(2, 2) ∼ = S 3. 12. What is the largest order of an element of S 12? 13. Give an example of two non-isomorphic groups whose automorphism groups are isomorphic. 14. If G is a non-cyclic abelian group, then Aut G is non-abelian. 15. Let G act transitively on a set X , let H be a subgroup of G , and choose x ∈ X . Prove that the following are equivalent: (a) G = H stab G ( x ), (b) G = stab G ( x ) H, (c) H acts transitively on X . Use this to find an alternative proof of Frattini’s argument. 16. Let H be a subgroup of G . Show that NG ( H) /CG ( H) is isomorphic to a subgroup of Aut H . 17. Find the center and all conjugacy classes of D 2 n . 18. Let P be a Sylow p -subgroup of a finite group G . Prove that if N is a normal subgroup of G , then P ∩ N is a Sylow p -subgroup of N , and PN /N is a Sylow p - subgroup of G /N . 19. Let P be a Sylow p -subgroup of a finite group G and H ≤ G . Is it true that P ∩ H is always a Sylow p -subgroup of H ? Primož Moravec: Some Topics in the Theory of Finite Groups 81 20. Show that a group of order 40 cannot be simple. Do the same for groups of order 84. 21. Prove that Sn is given by a presentation listed in Example 3.2.8. 22. Show that A 4 has a presentation 〈 x , y | x 2 = y 3 = ( x y )3 = 1〉. 23. Identify the group 〈 x , y , z | z y = z 2, x z = x 2, y x = y 2〉. 24. Find all the composition series of S 4. 3.3 Finite simple groups Quote from Wikipedia: In mathematics, the classification of finite simple groups states that every finite simple group is cyclic, or alternating, or in one of 16 families of groups of Lie type, or one of 26 sporadic groups... These groups can be seen as the basic building blocks of all finite groups, in a way reminiscent of the way the prime numbers are the basic building blocks of the natural numbers. The Jordan-Hoölder theorem is a more precise way of stating this fact about fi- nite groups. However, a significant difference with respect to the case of inte- ger factorization is that such “building blocks” do not necessarily determine uniquely a group, since there might be many non-isomorphic groups with the same composition series or, put in another way, the extension problem does not have a unique solution. The proof of the theorem consists of tens of thousands of pages in several hundred journal articles written by about 100 authors, published mostly be- tween 1955 and 2004. Gorenstein (d.1992), Lyons, and Solomon are gradu- ally publishing a simplified and revised version of the proof. 3.3.1 Faithful primitive actions and Iwasawa’s Lemma In this section we prove Iwasawa’s Lemma which provides a useful criterion for simplicity of a given finite group. Transitive actions Let H be a subgroup of G . Denote by H \ G the set of right cosets of H in G (note that, unless H is a normal subgroup, H \ G is only a set, not a group in general). The group G acts on H \ G by right multiplication. This action is obviously transitive. Our first result shows that this example is, in a sense, generic. Before stating this in a precise form, we need a definition. Let G act on sets X 1 and X 2. An equivalence between these two actions is a bijection f : X 1 → X 2 such that ( x g ) f = ( x f ) g for all x ∈ X 1 and g ∈ G . 82 3.3 Finite simple groups Proposition 3.3.1 Any transitive action of a group G on a set X is equivalent to the action of G on H \ G , where H = stab G ( x ) for some x ∈ X . Furthermore, the actions of G on H\ G and K \ G are equivalent if and only if H and K are conjugate. PROOF. Fix x ∈ X and denote H = stab G ( x ). Since the action is transitive, is straightfor- ward to show there is an obvious bijection between X and the set of subsets O( x , y ) = { g ∈ G | x g = y } of G . Note that O( x , y ) = H g for any g ∈ O( x , y ). It is now easy that the map y → O( x , y ) is an equivalence between the action of G on X , and the action of G on H \ G . The second part is left as an exercise. Suppose G acts transitively on a set X with | X | > 1. A G -congruence on X is an equiva- lence relation ≡ on X that is compatible with the action, i.e., if x ≡ y , then x g ≡ y g for all g ∈ G . An equivalence class of a G -congruence is called a block. There are two trivial G - congruences on X , namely, the equality x ≡ y ⇔ x = y , and the universal relation x ≡ y for all x , y ∈ X . The action is called imprimitive if there is a non-trivial G -congruence on X , and primitive otherwise. Examples of primitive actions can be obtained as follows. We say that an action of G on X is doubly transitive if for any two ordered pairs ( x 1, x 2) and ( y 1, y 2) of distinct elements of X there exists g ∈ G such that x 1 g = y 1 and x 2 g = y 2. Proposition 3.3.2 A doubly transitive action is primitive. We leave the proof as an exercise. The following result provides a useful characteri- zation of blocks: Proposition 3.3.3 Let G act transitively on X and let B be a non-empty subset of X . Then B is a block if and only if, for all g ∈ G , either B g = B or B g ∩ B = . PROOF. If B is a block then B g is also a block and the claim follows by the fact that differ- ent equivalence classes are disjoint. Conversely, let B be a non-empty subset of X such that, for all g ∈ G , either B g = B or B g ∩ B = . Since the action is transitive, all different B g form a partition of X , which is the set of equivalence classes of a congruence. Proposition 3.3.4 Let H be a proper subgroup of G . Then the action of G on H \ G is prim- itive if and only if H is a maximal subgroup of G . PROOF. Suppose that G acts primitively on H \ G and assume that H < K < G . Let B be the set of all cosets of H which are contained in K . By Proposition 3.3.3, B is a block which neither a singleton nor the whole H \ G , a contradiction. Primož Moravec: Some Topics in the Theory of Finite Groups 83 Conversely, suppose that G acts imprimitively on H \ G . Let B be a block containing the coset H , and denote K = { g ∈ G | B g = B}. Then H < K < G . Proposition 3.3.5 Let G act primitively on X , and let N be a normal subgroup of G . Then either N acts trivially on X , or N acts transitively on X . PROOF. For x , y ∈ X put x ≡ y iff x h = y for some h ∈ N . For any g ∈ G we have ( x g )( g −1 hg ) = y g . By normality, g −1 hg ∈ N . Therefore x g ≡ y g , so ≡ is a G -congruence. By primitivity, either all orbits have size 1 (i.e., N is in the kernel of the action), or there is a single orbit (i.e., N acts transitively on X ). Minimal and maximal subgroups The above discussion on actions provides some useful descriptions of minimal and max- imal subgroups of finite groups. Lemma 3.3.6 A minimal normal subgroup of a finite group is isomorphic to the direct product of a number of copies of a simple group. PROOF. Let H be a minimal normal subgroup of G . By Lemma 3.2.4, H has no proper non- tivial characteristic subgroups. Choose a minimal normal subgroup N of H of smallest possible order. Consider all subgroups of H of the form N 1 × · · · × Nn , where Ni H, N ∼ i = N . Let M be such group of largest possible order. If we show that M = H , then it follows from here that N is simple. For, if K is a normal subgroup of N , then it is a normal subgroup of M = N 1 × · · · × Nn = G , and this contradicts the choice of N . φ Thus it suffices to show that M is characteristic in H . Take φ ∈ Aut H. Then N ∼ = N . i φ φ φ φ A straightforward argument shows that N H . If N and i i ≤ M , then Ni ∩ M ≤ Ni φ φ φ | Ni ∩ M | < | N |. But Ni ∩ M H, so the minimality of | N | shows Ni ∩ M = {1}. The sub- φ φ group 〈 M , N is of the same type like M but of larger order, a contradiction. i 〉 = M × Ni Thus M is characteristic in H . Corollary 3.3.7 Let G be a finite solvable group. Then any maximal subgroup of G has prime power index. PROOF. Let H be a maximal subgroup of G and consider the action of G on H \ G . By Proposition 3.3.4, this action is primitive. The image of this action is a quotient of G , hence it is a solvable group. Therefore we may assume wlog that the action is faithful. Let N be a minimal normal subgroup of G . Then N is an elementary abelian p -group by Lemma 3.3.6. Snce G acts primitively, N acts transitively by Proposition 3.3.5. Using the 84 3.3 Finite simple groups Orbit-Stabilizer Theorem, | H\ G | is a power of p . Faithful actions and Iwasawa’s Lemma From here on we consider only faithful actions. We say that such an action of G on X is regular if it is transitive and the point stabilizer is trivial. From the above we see that a regular action of G is isomorphic to the action of G on itself by right multiplication. Let G act faithfully on X and let N be a normal subgroup of G whose action on X is regular. Then we can identify X with N , so that N acts by right multiplication. To be more precise, choose x ∈ X and observe there is a bijection between N and X under which n ∈ N corresponds to x n ∈ X . Under the above bijection, the action of stab G ( x ) on N by conjugation corresponds to the given action on X . To see this, take g ∈ stab G ( x ) and suppose that y g = z . Let h, k ∈ N correspond to y , z ∈ X under the above bijection, that is, x h = y , x k = z . Then x ( g −1 h g ) = x h g = y g = z . Since the action is faithful, we conclude that g −1 h g = k , as required. Theorem 3.3.8 (Iwasawa’s Lemma) Let G be a group with a faithful primitive action on X . Suppose there exists an abelian normal subgroup A of stab G ( x ) with the property that the conjugates of A generate G . Then any non-trivial normal subgroup of G contains G . In particular, if G is perfect, then it is simple. PROOF. Let N be a non-trivial normal subgroup of G . By Proposition 3.3.5, N acts transi- tively on X , therefore N ≤ stab G ( x ). By Proposition 3.3.4, stab G ( x ) is a maximal subgroup of G . Hence N stab G ( x ) = G . Take g ∈ G and write it as g = nh, where n ∈ N and h ∈ stab G ( x ). Then g A g −1 = nhAh−1 n−1 = nAn−1. We conclude that g A g −1 ≤ N A. By our assumption it follows that G = N A. Now, G /N ∼ = A/( A∩ N ) is abelian, hence G ≤ N . 3.3.2 Symmetric groups and alternating groups Here we examine the normal subgroups of Sn and prove that if n ≥ 5, then the alternating group An is simple. Proposition 3.3.9 Two elements of Sn are conjugate if and only if they have the same cycle structure. PROOF. If π ∈ Sn and γ = ( a 1 a 2 . . . a k ) is a cycle, then γπ = ( a π a π . . . a π). 1 2 k Proposition 3.3.10 The alternating group An is generated by the 3-cycles. Primož Moravec: Some Topics in the Theory of Finite Groups 85 PROOF. Note that 3-cycles are even permutations. If π is any even permutation, then it can be written as a product of an even number of transpositions. Thus we only need to consider products of two transpositions. If a , b, c , d ∈ {1, 2, . . . , n} are pairwise different, then the following clearly hold: ( a b)( a b) = 1, ( a b)( a c) = ( a b c), ( a b)( c d ) = ( a b c)( a d c), and we are done. Proposition 3.3.11 The following are equivalent for π ∈ An : 1. The Sn conjugacy class of π splits into two An -conjugacy classes; 2. There is no odd permutation which commutes with π; 3. π has no cycles of even length, and all of its cycless have distinct lengths. PROOF. Let us proove that (1) is equivalent to (2). The group Sn acts transitively on An by conjugation. We have that CA ( π) = C ( π) ∩ A ( π) = C ( π), n Sn n . If (2) holds, then C An Sn therefore π has | An : CA ( π)| = | S | / 2 conjugates in A n n : CSn n . Thus (1) follows. If (2) does not hold then | CA ( π)| = | C ( π)| / 2, and π has | A ( π)| = | S | conjugates in A n Sn n : C An n : CSn n . Therefore (1) does not hold. Now we prove that (2) and (3) are equivalent. If π has a cycle of even length, then this cycle is an odd permutation commuting with π. If π has only cycles of odd length, and two cycles of the same length , then a permutation interchanging them is a product of transpositions commuting with π. This proves that (2) implies (3). Assume now that (3) holds. Then any permutation commuting with π fixes each of its cycles and acts on it as a power of the corresponding cycle of π, hence it is an even permutation. Proposition 3.3.12 The group A 5 is simple. PROOF. A lazy proof is gap> IsSimple( AlternatingGroup( 5 ) ); true A formal proof goes as follows. The conjugacy classes of A 5 can be determined using Proposition 3.3.11: • Representative (∗)(∗)(∗)(∗)(∗): this class has size 1 and does not split into two con- jugacy classes of A 5; 86 3.3 Finite simple groups • Representative (∗)(∗ ∗)(∗ ∗): this class has size 15 and does not split into two conju- gacy classes of A 5; • Representative (∗)(∗)(∗ ∗ ∗): this class has size 20 and does not split into two conju- gacy classes of A 5; • Representative (∗ ∗ ∗ ∗ ∗): this class has size 24 and splits into two conjugacy classes of A 5, each of size 12. A normal subgroup N of A 5 would have to be a union of conjugacy classes and contain the identity, plus its order would have to divide 60. Checking all the possibilities, we see that either N is trivial or N = A 5. It turns out that A 5 is the only simple group of order 60. A formal proof can be found in [4]. Here is a proof using GAP: gap> Filtered(AllSmallGroups(60), IsSimple); [ Alt( [ 1 .. 5 ] ) ] Theorem 3.3.13 If n ≥ 5 , then An is simple. PROOF. The proof goes by induction on n . The case n = 5 is covered by Proposition 3.3.12. Suppose N is a non-trivial normal subgroup of An . Since An clearly acts doubly transi- tively on X = {1, 2, . . . , n}, this action is primitive by 3.3.2. Therefore N acts transitively on X by 3.3.5. It follows by Frattini’s argument that N An−1 = An . The intersection N ∩ An−1 is a normal subgroup of An−1. By assumption, either N ∩ An−1 = {1} or An−1 ≤ N . In the latter case, An /N = N An−1 /N ∼ = An−1 /( An−1 ∩ N ) = {1}, hence N = An. So assume that N ∩ An−1 = {1}. In this case N acts regularly and so | N | = n by a discussion above. By Lemma 3.2.30, N can be generated by at most log2 n elements. An automorphism of N is determined by the images of generators, hence | Aut( N )| ≤ n log2 n . On the other hand, An−1 acts faithfully on N by conjugation, so ( n − 1)! ≤ n log2 n which is impossible for n ≥ 6. Corollary 3.3.14 Let n ≥ 5 . Then the only normal subgroups of Sn are {1} , An and Sn . PROOF. Let N be a normal subgroup of Sn . Then N ∩ An is a normal subgroup of An , hence either An ∩ N = {1} or An ≤ N . Suppose the first possibility holds. Then N = N /( N ∩ An ) ∼ = N An/An. If N is non-trivial then N An = Sn and hence N ∼ = C 2. This is impossible as there would have to be a non-identity element of An in a conjugacy class of size 1. The remaining possibility is An ≤ N , but in this case we either have N = An or N = Sn , as An is a maximal subgroup of Sn . Primož Moravec: Some Topics in the Theory of Finite Groups 87 The remaining cases of Sn and An for 1 ≤ n ≤ 4 are somewhat exceptional, but easy to deal with. We show here how to use GAP to examine these groups: gap> for n in [ 1..4 ] do > sn := SymmetricGroup( n ); > an := AlternatingGroup( n ); > Print("n = ", n, "\n"); > Print("A_n: ", StructureDescription( an ), " ", IsSimple( an ), "\n" ); > Print("S_n: ", StructureDescription( sn ), " ", NormalSubgroups( sn ), "\n" ); > od; n = 1 A_n: 1 false S_n: 1 [ Group( () ) ] n = 2 A_n: 1 false S_n: C2 [ SymmetricGroup( [ 1 .. 2 ] ), Group( () ) ] n = 3 A_n: C3 true S_n: S3 [ SymmetricGroup( [ 1 .. 3 ] ), Group( [ (1,2,3) ] ), Group( () ) ] n = 4 A_n: A4 false S_n: S4 [ SymmetricGroup( [ 1 .. 4 ] ), Group( [ (2,4,3), (1,4)(2,3), (1,3)(2,4) ] ), Group( [ (1,4)(2,3), (1,3)(2,4) ] ), Group( () ) ] 3.3.3 Simplicity of projective special linear groups Unless stated otherwise, F will denote the Galois field GF( q), where q is a prime power. The projective space n−1( F ) is the set of all one-dimensional subspaces of F n . There are q n − 1 non-zero vectors in F n , each of which spans a one-dimensional subspace. Each such space is spanned by any of its q −1 non-zero vectors, hence | n−1( F )| = ( qn −1) /( q − 1). The group GL( n, F ) acts on n−1( F ) from the left as follows: ( A, span( v )) → span( Av ). Proposition 3.3.15 The following conditions for A ∈ GL( n, F ) are equivalent: 1. A ∈ Z (GL( n, F )) ; 2. A is in the kernel of the action of GL( n, F ) on n−1( F ) ; 3. A is a scalar matrix, i.e., A = λI for some λ ∈ F × . PROOF. Clearly (3) implies (1). To see that the converse holds, take A ∈ Z (GL n ( F )). Then, in particular, A has to commute with all matrices with 1 on the diagonal and the position ( i , j ), i = j , and zero elsewhere. Easy calculation then shows that A is a scalar matrix. Let us prove that (2) and (3) are equivalent. Clearly every scalar matrix fixes all 1- dimensional subspaces of F n . Conversely suppose that A fixes all 1-dimensional sub- spaces. Let e 1, . . . , en be a standard basis of F n . Then Aei = λi ei for some non-zero λi ∈ F . Fix different i and j . There also exists λ ∈ F × such that A( ei + ej ) = λ( ei + ej ), and this implies λ = λj = λi . Consequently, A is a scalar matrix. 88 3.3 Finite simple groups We define the projective general and projective special linear groups by PGL( n, F ) = GL( n, F ) /Z (GL( n, F )) and PSL( n, F ) = SL( n, F ) Z (GL( n, F )) /Z (GL( n, F )). Therefore the projective groups are the images of ther linear group counterparts in the action on the projective space, so we can think of them as subgroups of Sym n−1( F ). We see that | PGL( n, q)| = | GL( n, q)| /( q − 1) = | SL( n, q)|. Proposition 3.3.16 | PSL( n, q)| = | SL( n, q)| / gcd( n, q − 1) . PROOF. The kernel of the action of SL( n, q) on the corresponding projective space con- sists of scalar matrices with determinant one, i.e., matrices of the form λI with λn = 1. The multiplicative group of GF( q) is cyclic of order q − 1, so the number of solution of λn = 1 is gcd( n, q − 1). If we restrict to the case n = 2, we see that 1( F ) has q + 1 points, so PGL(2, q) and PSL(2, q) are subgroups of Sq+1. Let us consider some small cases: q = 2: PSL(2, 2) = PGL(2, 2) is a subgroup of S 3 of order 6, hence PSL(2, 2) ∼ = S 3. q = 3: PGL(2, 3) is a subgroup of S 4 of order 24, hence PGL(2, 3) = S 4. The group PSL(2, 3) is a subgroup of index 2 in PGL(2, 3), hence PSL(2, 3) ∼ = A 4. q = 4: PGL(2, 4) = PSL(2, 4) is a subgroup of S 5 of order 60, so it is isomorphic to A 5; one can double-check this with GAP: gap> StructureDescription(PSL(2,4)); "A5" q = 5: PSL(2, 5) ∼ = A 5: gap> StructureDescription(PSL(2,5)); "A5" We also remark here that there is another way of interpreting the actions of PGL(2, F ) and PSL(2, F ) on the projective line. The one-dimensional subspaces of F 2 can be spanned by either a unique vector of the form (1, x ), where x ∈ F , or the vector (0, 1). We iden- tify points of the first type with F , and the point of the second type with ∞. Then the elements of PGL(2, F ) can be identified with linear fractional maps a z + b z → , c z + d where a , b, c , d ∈ F , a d − b c = 0. The group PSL(2, F ) then consists of those linear fractional maps with a d − b c = 1. We will prove the following result: Primož Moravec: Some Topics in the Theory of Finite Groups 89 Theorem 3.3.17 For n ≥ 2 and any field F , the group PSL( n, F ) is simple, except in the two cases, n = 2 , F = G F(2) or n = 2 , F = G F(3) . We will only prove this theorem for n = 2, the proof for n > 2 is similar, but somewhat technical. Our proof will rely on Iwasawa’s lemma applied to the action of G = SL(2, F ) on 1( F ). We will show in a series of steps that all the conditions of the lemma are satisfied. Proposition 3.3.18 If n ≥ 2 , then SL(2, F ) acts doubly transitively on 1( F ) . PROOF. Let span( v 1) and span( v 2) be two distinct 1-dimensional subspaces of F 2. For any other pair span( w 1) and span( w 2) there exists a linear map that maps vi → wi , i = 1, 2. One can modify this map to obtain one with determinant 1. We let the reader fill in the details. Let e 1, e 2 be a standard basis of F 2. Denote x = span( e 1). The stabilizer of x is stab G ( x ) = { A ∈ SL(2, F ) | span( e 1) = span( Ae 1)} = a b | a ∈ F ×, b ∈ F . 0 1 /a There is an abelian normal subgroup of stab G ( x ) given as follows: U = 1 b | b ∈ F . 0 1 Its elements are called transvections. Proposition 3.3.19 The subgroup U and its conjugates generate SL2( F ) . PROOF. First we note that −1 0 1 0 1 U = 1 0 | b ∈ F = U . −1 0 −1 0 b 0 Now pick A = a b ∈ SL c d 2( F ). Suppose first that b = 0. Then 1 b 1 0 A = 1 0 ( ∈ 〈 U , U 〉. d − 1) /b 1 0 1 ( a − 1) /b 1 If c = 0, then 1 0 1 ( d − 1) /c A = 1 ( a − 1) /c ∈ 〈 U , U 〉. 0 1 c 1 0 1 Finally assume that b = c = 0. Then 1 1 1 0 1 −1 /a A = 1 0 ( ∈ 〈 U , U 〉. 1 − a ) /a 1 0 1 ( a − 1) 1 0 1 This proves the result. 90 3.3 Finite simple groups Proposition 3.3.20 If | F | > 3 , then SL(2, F ) is a perfect group. PROOF. If | F | > 3 there exists a ∈ F such that a 2 / ∈ {0, 1}. Now we observe 1 b ( a 2 − 1) = 1 /a 0 1 0 , . 0 1 0 a − b 1 Letting b run through F , we see that U ≤ SL2( F ) . By Proposition 3.3.19 we conclude the result. PROOF.[Proof of Theorem 3.3.17 for n = 2] This follows by previous propositions and Iwa- sawa’s lemma. 3.3.4 On the classification of finite simple groups (CFSG) One of the greatest achievements of mathematics is a full classificiation of finite simple groups (CFSG) which was announced in the 1980’s. Roughly speaking, the result says that all finite simple groups fall into one of the following four types: 1. Cyclic groups of prime order; 2. Alternating groups An for n ≥ 5; 3. Groups of Lie type; these groups arise as automorphism groups of simple Lie alge- bras. An example is PSL( n, F ). 4. 26 sporadic groups; these do not fall into any infinite family of simple groups de- scribed above. They are usually defined as symmetry groups of various algebraic or combinatorial configurations. The largest of them has order 808, 017, 424, 794, 512, 875, 886, 459, 904, 961, 710, 757, 005, 754, 368, 000, 000, 000 and is called the Monster Group. Since a thorough account on these groups is beyond the purpose of these notes, we only exhibit some of their properties and how to use GAP to study them. The following are all non-abelian finite simple groups of order ≤ 1000000: gap> AllSmallNonabelianSimpleGroups( [1..1000000] ); [ A5, PSL(2,7), A6, PSL(2,8), PSL(2,11), PSL(2,13), PSL(2,17), A7, PSL(2,19), PSL(2,16), PSL(3,3), PSU(3,3), PSL(2,23), PSL(2,25), M11, PSL(2,27), PSL(2,29), PSL(2,31), A8, PSL(3,4), PSL(2,37), PSp(4,3), Sz(8), PSL(2,32), PSL(2,41), PSL(2,43), PSL(2,47), PSL(2,49), PSU(3,4), PSL(2,53), M12, PSL(2,59), PSL(2,61), PSU(3,5), PSL(2,67), J_1, PSL(2,71), A9, PSL(2,73), PSL(2,79), PSL(2,64), PSL(2,81), PSL(2,83), PSL(2,89), PSL(3,5), M22, PSL(2,97), PSL(2,101), PSL(2,103), J_2, PSL(2,107), PSL(2,109), PSL(2,113), PSL(2,121), PSL(2,125), PSp(4,4) ] Here is a construction of Mathieu groups M 11 and M 12 which are sporadic groups: Primož Moravec: Some Topics in the Theory of Finite Groups 91 gap> p1 := (4,5,6)*(7,8,9)*(10,11,12);; gap> p2 := (4,7,10)*(5,8,11)*(6,9,12);; gap> p3 := (5,7,6,10)*(8,9,12,11);; gap> p4 := (5,8,6,12)*(7,11,10,9);; gap> p5 := (1,4)*(7,8)*(9,11)*(10,12);; gap> p6 := (1,2)*(7,10)*(8,11)*(9,12);; gap> p7 := (2,3)*(7,12)*(8,10)*(9,11);; gap> m11 := Group(p1, p2, p3, p4, p5, p6);; gap> IsSimple(m11); true gap> StructureDescription(m11); "M11" gap> m12 := Group(p1, p2, p3, p4, p5, p6,p7);; gap> IsSimple(m12); true gap> StructureDescription(m12); "M12" There is a vast amount of properties of finite simple groups that follow from CFSG, too many to state here. Some of them are: Theorem 3.3.21 Let S be a finite non-abelian simple group. 1. S can be generated by two elements. 2. Out( S) is a solvable group (used to be Schreier’s conjecture). 3. Every element of S is a commutator (used to be Ore’s conjecture). CFSG also implies, that, given a positive integer n , there are at most two non-isomorphic finite simple groups of order n . It may happen that there are two non-isomorphic finite simple groups of the same order. For example, consider PSL(3, 4) and PSL(4, 2); they are both of order 20160, and gap> G:=PSL(4,2);; gap> H:=PSL(3,4);; gap> IsomorphismGroups(G,H); fail Apart from using GAP, several useful information on finite simple groups can be ob- tained from Atlas of Finite Group Representations [1]. 3.3.5 Problems 1. Complete the proof of Proposition 3.3.1. 2. Prove Proposition 3.3.2. 3. Let G act transitively on X . Suppose that the stabilizer of x ∈ X acts transitively on X − { x }. Then G acts doubly transitively on X . 92 3.4 Some extension theory 4. Let Ω be the set of 2-element subsets of {1, 2, . . . , n}. Then Sn acts on Ω by { i , j } g = { i g , j g }. (a) If n = 2, then the action is not faithful. (b) If n = 3, then the action is doubly transitive. (c) If n = 4, then the action is imprimitive. (d) If n ≥ 5, then the action is primitive, but not doubly transitive. 5. Let G be a group. The group Aut G acts naturally on the set G . (a) If G − {1} is an orbit, prove that G is an elementary abelian p -group. (b) If Aut G acts doubly transitively on G − {1}, show that either G is a 2-group or | G | = 3. 6. Let G be a group of order 2 m , where m is odd and m > 1. Prove that G is not simple. 7. Let n ≥ 2. Show that the transpositions (1 2), (1 3), ..., (1 n) generate Sn . 8. Let n ≥ 3. Show that the 3-cycles (1 2 3), (1 2 4), ..., (1 2 n) generate An . 9. Prove that there are no simple groups of order 312, 616, or 1960. 10. Show that the only simple group of order 60 is A 5. 11. Prove that PSL(4, 2) ∼ = A 8. 12. Prove by hand that PSL(3, 4) has no elements of order 15, so it is not isomorphic to A 8. 13. Show that transvections in SL(2, F ) need not be conjugate. 3.4 Some extension theory Let N be a normal subgroup of G . Then we say that G is an extension of N by G /N . A precise definition of group extensions will be given in Section 3.4.1. The importance of extension theory can be outlined as follows. Let G be a finite group and 1 = G 0 G 1 G 2 · · · Gr = G its composition series. By Jordan-Hölder theorem, the composition factors Gi+1 /Gi are in a sense uniquely determined by G . On the other hand, these are simple groups, so they are known by CFSG. In order to build all finite groups with a given sequennce of composition factors, one can proceed as follows. Suppose we already know what Gi is, and we have a prescribed isomorphism type of the simple group Gi+1 /Gi . If we knew how to build all the extensions (up to certain equivalence) of a given group by a (simple) group, then we would be able to construct all possible Gi+1. Proceeding this way, we would eventually be able to construct all finite groups. The trouble is that the problem of constructing all possible extensions is very difficult and still open. Primož Moravec: Some Topics in the Theory of Finite Groups 93 We will briefly tackle the problem of classifying extensions of abelian groups. It will be shown that these are, up to equivalence, in 1-1 correspondence with the elements of a certain second cohomology group. Cohomological group theory is an area on its own, and we will not go deeply into it. We refer to [3] and [8] for further details. 3.4.1 Basic notions A group extension of a group N by a group G is a short exact sequence µ ε 1 / N / E / G /1. From the above it clearly follows that µ is injective, ε is surjective, M = im µ = ker ε is a normal subgroup of E , M ∼ = N , and E /M ∼ = G . ε ε A morphism between extensions N / µ / E / / G / 1 and N / µ / E / / G is a triple of group homomorphisms ( α, β , γ) such that the following diagram commutes: ε N / µ / E / / G . α β γ ε N / µ / E / / G The collection of all group extensions and morphisms between them is a category. A morphism of the type ε N / µ / E / / G 1 β 1 ε N / µ / E / / G is said to be an equivalence of extensions. 3.4.2 Semidirect products Suppose that H and N are groups and that we have a homomorphism α: H → Aut( N ). The (external) semidirect product H α N of N and H is the set of all pairs ( h, n ), where h ∈ H, n ∈ N , with the operation ( hα h 2 1, n 1)( h 2, n 2) = ( h 1 h 2, n n 1 2). This is a group with the identity element (1 H , 1 N ), and the inverse of ( h, n) is ( h−1, n−( hα)−1). We have embeddings H → H α N and N → H α N given by h → ( h,1 N ) and n → (1 H, n), respectively. If H∗ and N ∗ are images of these maps, then N ∗ H αN , H∗∩ N ∗ = 1 and H ∗ N ∗ = H α N . We say that H α N is the internal semidirect product of N ∗ and H∗. 94 3.4 Some extension theory The group H ∗ is said to be a complement of N ∗ in G . The group G is an extension of N ∗ by H ∗; we say that this extension is a split extension. GAP offers two ways of constructing semidirect products. The first one is directly via command SemidirectProduct(H, alpha, N). In the special case when N = GF( q) n , alpha must be a homomorphism from H into a matrix group of n × n matrices over a subfield of GF( q), or into a permutation group. The second option is to use SemidirectProduct(H, N), where H ≤ Aut( N ). Let us build all possible semidirect products of C 2 × C 2 by C 4: gap> H := CyclicGroup(4);; gap> N := AbelianGroup([2,2]);; gap> hom := AllHomomorphisms(H, AutomorphismGroup(N));; gap> for map in hom do > Print(IdGroup(SemidirectProduct(H, map, N)),"\n"); > od; [ 16, 10 ] [ 16, 3 ] [ 16, 3 ] [ 16, 3 ] gap> StructureDescription(SmallGroup(16,10)); "C4 x C2 x C2" gap> StructureDescription(SmallGroup(16,3)); "(C4 x C2) : C2" Here are two more examples: gap> SemidirectProduct(Group((1,2,3),(2,3,4)),GF(5)^4); gap> g:=Group((3,4,5),(1,2,3));; gap> mats:=[[[Z(2^2),0*Z(2)],[0*Z(2),Z(2^2)^2]], > [[Z(2)^0,Z(2)^0], [Z(2)^0,0*Z(2)]]];; gap> hom:=GroupHomomorphismByImages(g,Group(mats),[g.1,g.2],mats);; gap> SemidirectProduct(g,hom,GF(4)^2); An important example of a semidirect product is the following. Let N be any group and H = Aut( N ). Let α: H → Aut( N ) be the identity mapping. Then the semidirect prod- uct Aut( N ) α N is called the holomorph of N . Example 3.4.1 Let N = C n be an elementary abelian p -group of order p n . Its automor- p phism group is GL( n, p ) . The holomorph AGL( n, p ) = GL( n, p ) C n is called the affine p group of dimension n over p . Show that AGL(2, 2) ∼ = S 4 . Here is a proof using GAP : gap> G := AbelianGroup([2,2]);; gap> agl := SemidirectProduct(AutomorphismGroup(G), G);; gap> StructureDescription(agl); "S4" Primož Moravec: Some Topics in the Theory of Finite Groups 95 Another construction related to semidirect products is that of a wreath product. Let G and H be groups and let H act on the set X = { x 1, x 2, . . . , xn }. We take n G X = Gxi i =1 to be the direct product of n copies of G indexed by the set X . Then H also acts on G X by the rule ( gx , g ,..., g ) h = ( g 1 x 2 xn x 1 h , g x 2 h , . . . , g xn h ). Therefore we have a homomorphism α: H → Aut( G X ) and we can form the semidirect product H α G X which is denoted by G X H and called the wreath product of G by H . A special case is when X = H, and H acts on X by right multiplication. Then the cor- responding wreath product is denoted by G H and called the regular (standard) wreath product. Here is an example of how to build C 2 C 4 with GAP: gap> G := StandardWreathProduct(CyclicGroup(2), CyclicGroup(4)); gap> IdGroup(G); [ 64, 32 ] Alternatively, we can build C 2 C 4 as a semidirect product C 4 C 4, where we think of 2 C 4 as the group 〈(1 2 3 4)〉 acting on C 4 by permuting the indices: 2 gap> G := SemidirectProduct(Group((1,2,3,4)), GF(2)^4); gap> IdGroup(G); [ 64, 32 ] Wreath products are important in the theory of extensions because of the following: Theorem 3.4.2 Every extension of G by H is isomorphic to a subgroup of G H . We leave the proof as an exercise. 3.4.3 Extensions with abelian kernels Consider ε A / µ / E / / G , where A is an abelian group (written additively). When choosing a transversal to M = im µ = ker ε in E , we get a function τ: G → E defined by g τ = x , where x ∈ is such that g = x ε (note that this is well defined). The function τ is called a transversal function. Note that τ is not necessarily a homomorphism. We also see that τε = 1 G , and that any function τ: G → E with the property τε = 1 G determines a transversal to M in E , namely { g τ | g ∈ G }. 96 3.4 Some extension theory Suppose that we have fixed τ. Then the elements { g τ : g ∈ G } act on M by conjuga- tion. Since µ: A → M is an isomorphism, we can define g χ ∈ Aut( A) by the rule ( a gχ ) µ = ( g τ)−1 aµ( g τ) for a ∈ A and g ∈ G . We obtain a function χ : G → Aut( A). We prove that χ does not depend on the choice of τ. Here we will use the fact that A is abelian. Suppose that τ is another transversal function. Then ( g τ( g τ )−1) ε = g τε( g τ ε)−1 = 1, hence g τ = g τm g for some m g ∈ M . If τ induces χ : G → Aut( A) as above, then ( a gχ ) µ = ( g τ )−1 aµ( g τ ) = m−1(( g τ)−1 aµ( g τ)) m g g , hence g χ = g χ . Thus χ is uniquely defined. We claim that χ is a homomorphism. Let χ χ g 1, g 2 ∈ G . Then ( g 1 g 2) τ ≡ g τg τ mod M . Thus ( g g , hence χ is a homomor- 1 2 1 g 2) χ = g 1 2 phism. We have proved: ε Proposition 3.4.3 Each extension A / µ / E / / G , where A is abelian, determines a unique homomorphism χ : G → Aut( A) which arises by conjugation in im µ by elements of E . Let χ : G → Aut( A) be a homomorphism. Then χ induces a G -action A given by a · g = a g χ . We say that A is a G -module. More precisely, let g ∈ G and x ∈ E such that x ε = g . Then ( a g ) µ = x−1 aµx for a ∈ A (well defined, since A is abelian). Note that this action is trivial precisely when im µ is central in E , i.e., when the corresponding extension is a central extension. Theorem 3.4.4 Equivalent extensions of A by G , where A is abelian, induce the same G - module structure on A. PROOF. Suppose we have equivalent extensions ε A / µ / E / / G 1 β 1 ε A / µ / E / / G Let χ and χ be the respective homomorphisms G → Aut( A). Choose a transversal func- tion τ: G → E . Let τ = τβ . Then τε = τβ ε = τε = 1 G , hence τ is a transversal function for the second extension. Then ( a g χ ) µ = ( g τ)−1 a µ( g τ) and ( a g χ ) µ = ( g τ)−1 a µ( g τ) for a ∈ A and g ∈ G . Applying β to the first equation and using the fact that µβ = µ, we get ( a gχ ) µ = ( g τβ )−1 aµβ ( g τβ ) = ( a gχ ) µ and thus g χ = g χ. Primož Moravec: Some Topics in the Theory of Finite Groups 97 Choose a transversal function τ: G → E , i.e., τε = 1 G . Then the above action can be rewritten as ( a g ) µ = g − τaµg τ. Let x , y ∈ G . As x τy τ and ( x y ) τ belong to the same coset of ker ε = im µ in E , we may write x τy τ = ( x y ) τ(( x , y ) φ) µ for some ( x , y ) φ ∈ A. Thus we get a function φ : G × G → A defined by (( x, y ) φ) µ = ( x y )− τxτy τ. From the associative law x τ( y τz τ) = ( x τy τ) z τ we get that φ satisfies the identity ( x, y z ) φ + ( y, z ) φ = ( x y, z ) φ + ( x, y ) φ · z . A function φ : G × G → A satisfiying this functional equation is called a factor set (or a 2- cocycle). Note that we can assume without loss of generality that 1 τ = 1, therefore we can always assume that (1, x ) φ = ( x , 1) φ = 0 for all x ∈ G . The set Z 2( G , A) of all 2-cocycles in G with coefficients in the G -module A has the structure of an abelian group with the operation ( x, y )( φ 1 + φ 2) = ( x, y ) φ 1 + ( x, y ) φ 2. Example 3.4.5 In the situation above, what happens if ( x , y ) φ = 0 for all x , y ∈ G ? In this case, the transversal map τ: G → E is a homomorphism. It is easy to see that the image of τ is then a complement of im µ ∼ = A in E , therefore E ∼ = G χ A. How does the choice of τ affect φ? Let τ be another transversal function for given extension. Then we get another factor set φ , i.e., x τ y τ = ( x y ) τ (( x , y ) φ ) µ. As x τ and x τ belong to the same coset of ker ε = im µ, we can write x τ = x τ(( x ) ψ) µ for some ( x ) ψ ∈ A. We get ( x, y ) φ = ( x, y ) φ + ( x y ) ψ − ( x) ψ · y − ( y ) ψ. Define ψ∗ : G × G → A by ( x, y ) ψ∗ = ( y ) ψ − ( x y ) ψ + ( x) ψ · y, so that φ = φ+ ψ∗. It follows that ψ∗ ∈ Z 2( G , A). The 2-cocycle ψ∗ is called a 2-coboundary. 2-coboundaries form a subgroup B 2( G , A) of Z 2( G , A). We have proved: ε Proposition 3.4.6 The extension A / µ / E / / G , where A is abelian, determines a unique element φ + B 2( G , A) of the group Z 2( G , A) /B 2( G , A) . 98 3.4 Some extension theory Does every factor set induce an extension? Let A be a G -module and φ : G × G → A a factor set. Let E ( φ) be (as a set) G × A, with the operation ( x, a)( y, b) = ( x y, ay + b + ( x, y ) φ). E ( φ) becomes a group with identity element (1, −(1, 1) φ) and inversion rule ( x , a )−1 = ( x−1,− ax−1 −(1,1) φ −( x, x−1) φ). Define µ: A → E ( φ) by the rule aµ = (1, a −(1,1) φ), and ε: E ( φ) → G by the rule ( x, a) ε = x. Then we have A / µ / E( φ) ε / / G . Proposition 3.4.7 Let A be a G -module and φ : G × G → A a factor set. Then the extension A / µ / E( φ) ε / / G induces the given G -module structure. There exists a transversal τ: G → E ( φ) such that φ is the factor set for this extension with respect to τ. PROOF. Let g ∈ G , a ∈ A. Note that ( g , 0) ε = g . By definition, the G -module structure induced by the extension is given by ( a ◦ g ) µ = ( g , 0)−1 a µ( g , 0) = (1, a g −(1, 1) φ) = ( a g ) µ, which gives the first part. For the second part, define τ: G → E ( φ) by g τ = ( g , 0). This is a transversal function and x τy τ = ( x y ) τ(( x , y ) φ) µ. By looking at factor sets, how can we determine which extensions are equivalent? Let A be a fixed G -module and let ε A / µi / E i / / i G , i = 1, 2 be two extensions realizing this module structure. Choose transversal functions τi and let φi be the resulting factor sets. First suppose these extensions are equivalent: ε A / µ 1 / E 1 / / 1 G 1 θ 1 ε 2 A / µ 2 / E / / 2 G Then τ 2 = τ 1 θ is a transversal for the second extension. Applying θ to x τ 1 y τ 1 = ( x y ) τ 1(( x , y ) φ 1) µ 1, we get x τ 2 y τ 2 = ( x y ) τ 2(( x , y ) φ 1) µ 2, hence τ 2 determines the factor set φ 1 for the second extension. As the factor sets of τ 2 and τ 2 belong to the same coset of B 2( G , A), we get φ 1 + B 2( G , A) = φ 2 + B 2( G , A). Primož Moravec: Some Topics in the Theory of Finite Groups 99 Conversely, assume that φ 1 + B 2( G , A) = φ 2 + B 2( G , A). Write φ 1 = φ 2 + ψ∗ for some ψ: G → A as above. Define θ : E 1 → E 2 by the rule ( xτ 1 aµ 1) θ = xτ 2( a + ( x) ψ) µ 2 for x ∈ G and a ∈ A. θ is a well defined homomorphism, µ 1 θ = µ 2 and ε 1 = θ ε 2. Hence we have a commutative diagram ε A / µ 1 / E 1 / / 1 G 1 θ 1 ε 2 A / µ 2 / E / / 2 G and θ must be an isomorphism. Theorem 3.4.8 Let G be a group and A a G -module. Then there is a bijection between the set of equivalence classes of of extensions of A by G inducing the given module structure and the group Z 2( G , A) /B 2( G , A) . The split extension corresponds to B 2( G , A) . Let A be a G -module. We define H 2( G , A) = Z 2( G , A) /B 2( G , A) to be the second cohomology group of G with coefficients in A. The elements of H 2( G , A) thus correspond to equivalence classes of extensions of A by G . Unfortunately, different elements of H 2( G , A) can still produce extensions of A by G that are isomorphic as groups. Example 3.4.9 Consider p as a trivial Cp -module. From Example 3.2.26 it follows that there are only two non-isomorphic extensions of A = p by G = Cp , namely Cp × Cp and Cp 2 . On the other hand, one can show that H 2( Cp , p ) ∼ = Cp . GAP can compute extensions of elementary abelian p -groups by solvable groups, which have to be presented as pc groups. One has to define an elementary abelian group A together with an action of G on A as a MeatAxe module for G over a finite field; we refer to GAP’s manual for further information. The action of G on A can be represented by matrices over GF( p ). It is a requirement that the matrices that define the module must correspond to the pcgs of the group G . In this case, Z 2( G , A), B2( G , A) and H 2( G , A) are elementary abelian p -groups and can be considered as vector spaces over GF( p ). As another example we build all the extensions of A = 2 ⊕ 2 by G = D 8, where we consider 2 ⊕ 2 as a trivial D 8-module. Along the way we show commands for comput- ing 2-cocycles, extensions corresponding to given 2-cocycles, and split extensions. The way we build the action is as follows. To each element of Pcgs(G) we assign 2×2 identity matrix over GF(2). Then we build the module using the command GModuleByMats. The other commands we use are self-evident: gap> G := DihedralGroup(8);; gap> mats := List( Pcgs( G ), x -> IdentityMat( 2, GF(2) ) );; gap> A := GModuleByMats( mats, GF(2) );; gap> co := TwoCocycles( G, A );; gap> Extension( G, A, co[2] );; gap> StructureDescription(last); "C2 x (C4 : C4)" 100 3.4 Some extension theory gap> SplitExtension( G, A );; gap> StructureDescription(last); "C2 x C2 x D8" gap> ext := Extensions( G, A );; gap> Length(ext); 64 gap> DuplicateFreeList(List(ext, IdGroup)); [ [ 32, 46 ], [ 32, 40 ], [ 32, 22 ], [ 32, 39 ], [ 32, 9 ], [ 32, 23 ], [ 32, 13 ], [ 32, 41 ], [ 32, 10 ], [ 32, 2 ], [ 32, 14 ] ] Here note that the notation C4 : C4 means that the group in question is a semidi- rect product of C 4 by C 4. The command TwoCocycles(G, A) returns a list of vectors over the field underlying A, and the additive group generated by these vectors is the Z 2( G , A). There is also a command TwoCohomology(G, A) that returns a record defin- ing the second cohomology group as factor space of the vector space of cocycles by the subspace of coboundaries. We refer to GAP’s manual for further details. gap> z2 := AdditiveGroupByGenerators(co);; gap> Length(Elements(z2)); 256 gap> h2 := TwoCohomology(G, A);; gap> h2.cohom; -> ( GF(2)^6 )> gap> dimensionZ2 := Dimension(Source(h2.cohom)); 8 gap> dimensionB2 := Dimension(Kernel(h2.cohom)); 2 gap> dimensionH2 := Dimension(Image(h2.cohom)); 6 The last line tells us that H 2( G , A) ∼ = C 6. 2 3.4.4 The Schur-Zassenhaus theorem Let A and G be groups. We say that an extension of A by G splits if it is a semidirect product. Theorem 3.4.10 Suppose that A and G are finite groups satisfying gcd(| A|, | G |) = 1 . Then every extension of A by G splits. We will only prove this result in the case when A is abelian. In this form, the result was originally due to Schur. Zassenhaus improved it by showing that it suffices to assume that one of A or G is solvable. On the other hand, Feit-Thompson’s Odd Order Theorem shows that this assumption is redundant. PROOF.[Proof of Theorem 3.4.10 when A is abelian] Let m = | A| and n = | G |. Let φ : G × G → A be a 2-cocycle representing an extension of A by G , and let χ : G → Aut( A) be the homomorphism that induces the corresponding G -module structure on A. We claim Primož Moravec: Some Topics in the Theory of Finite Groups 101 that n φ ∈ B 2( G , A). Define a function d : G → A by ( g ) d = ( g 1, g ) φ. g 1∈ G Consider the cocycle identity: ( g 1, g 2 g 3) φ + ( g 2, g 3) φ = ( g 1 g 2, g 3) φ + ( g 1, g 2) φ · g 3. Sum this equation over g 1 ∈ G : ( g 2 g 3) d + n( g 2, g 3) φ = ( g 2) d · g 3 + ( g 1 g 2, g 3) φ g 1∈ G = ( g 2) d · g 3 + ( g 1 g 2, g 3) φ g 1 g 2∈ G = ( g 2) d · g 3 + ( g 3) d . Therefore n ( g 2, g 3) φ = ( g 2) d · g 3 + ( g 3) d − ( g 2 g 3) d , which proves our claim. Now, there exist integers a and b with a m + b n = 1. Since | A| = m , it follows that m φ = 0. Therefore φ = ( am + bn) φ = bnφ ∈ B 2( G , A). Thus every extension of A by G splits. 3.4.5 Problems 1. Let G 1, G 2 and G 3 be groups. Show that ( G 1 G 2) G 3 may not be isomorphic to G 1 ( G 2 G 3). 2. Find a proof of Theorem 3.4.2. 3. Prove that a Sylow p -subgroup of Spn is isomorphic to W ( p, n) = (· · · ( Cp C p ) · · · ) Cp , the number of factors being n. 4. Prove that every group of order p n is isomorphic to a subgroup of W ( p, n). µ ε 5. Let 1 / A / E / G /1 be a group extension, where A is abelian and G = 〈 g 〉 cyclic of order n. Choose x ∈ E with x ε = q, and let a = x n . Define a transversal function τ: G → E by ( g i ) τ = x i for 0 ≤ i < n. Prove that the corresponding factor set φ : G × G → A is given by ( g i , g j ) φ = 0 : i + j < n . a : i + j ≥ n 6. Find all equivalence classes of extensions of C 4 by C 2 by hand. Which groups arise this way? 7. Find all equivalence classes of extensions of D 8 by C 2 by hand. Which groups arise this way? 102 3.5 Nilpotent groups and p -groups 8. Fill in the details in Example 3.4.9. 9. Let N be a normal subgroup of a finite group G , and assume that | N | = n and | G : N | = m are relatively prime. Let m 1 be a divisor of m . Then a subgroup of G of order m 1 is contained in a subgroup of order m . 3.5 Nilpotent groups and p -groups Nilpotent groups are groups which can be constructed from abelian groups by repeat- edly forming central extensions. We exhibit some of the classical theory of these groups, and show that they are closely related to finite p -groups. These form a very rich class of groups. We prove that there are lots of finite p -groups, hence there is little hope to classify them up to isomorphism. 3.5.1 Nilpotent groups Definition and basic properties We call 1 = G 0 ⊂ G 1 ⊂ · · · ⊂ Gn = G a normal series of G if each of its members is a normal subgroup of G . A group G is nilpotent if it has a central series, i.e. a normal series 1 = G 0 ⊂ G 1 ⊂ · · · ⊂ Gn = G in which each factor Gi+1 /Gi is contained in the center of G /Gi . The length of the shortest central series of G is called the nilpotency class of G . All nilpotent groups are solvable. Nilpotent groups of class no more than 1 are abelian. The smallest solvable non-nilpotent group is S 3. Here is an example of how to manipulate nilpotent groups in GAP: gap> l := AllSmallGroups(Size, 54, IsNilpotent, true); [ , , , , ] gap> NilpotencyClassOfGroup(l[2]); 1 gap> NilpotencyClassOfGroup(l[3]); 2 gap> ForAll(AllSmallGroups(54), IsNilpotent); false gap> G:= First(AllSmallGroups(54), x->not IsNilpotent(x));; gap> StructureDescription(G); "D54" gap> List(l, StructureDescription); [ "C54", "C18 x C3", "C2 x ((C3 x C3) : C3)", "C2 x (C9 : C3)", "C6 x C3 x C3" ] From the above example we observe that all nilpotent groups of order 54 can be written as direct products of their Sylow p -subgroups. We will show later on that this Primož Moravec: Some Topics in the Theory of Finite Groups 103 property characterizes finite nilpotent groups. We now exhibit a large class of nilpotent groups: Lemma 3.5.1 All finite p -groups are nilpotent. PROOF. We know that Z ( G ) is nontrivial by Proposition 3.2.25. Now use induction on the order of G to show that G /Z ( G ) is nilpotent. From here it easily follows that G is nilpotent as well. The following is straightforward to prove: Lemma 3.5.2 Subgroups, homomorphic images and finite direct products of nilpotent groups are nilpotent. We note that nilpotency is not closed under extensions, since S 3 is an extension of C 3 by C 2. Commutators The theory of nilpotent groups relies significantly on commutator calculus that we briefly develop here. A simple commutator of length n of elements x 1, . . . , xn ∈G is defined in- ductively by [ x 1] = x 1 and [ x 1, x 2,..., xn] = [[ x 1,..., xn−1], xn]. Lemma 3.5.3 Let x , y , z be elements of a group. Then 1. [ x , y ] = [ y , x ]−1 ; 2. [ x y , z ] = [ x , z ] y [ y , z ] and [ x , y z ] = [ x , z ][ x , y ] z ; 3. [ x , y −1] = ([ x , y ] y −1)−1 and [ x −1, y ] = ([ x , y ] x−1)−1 ; 4. (the Hall-Witt identity) [ x , y −1, z ] y [ y , z −1, x ] z [ z , x −1, y ] x = 1. PROOF. Let us only sketch the proof of the Hall-Witt identity. Observe that [ x, y −1, z ] y = x−1 y −1 xz −1 x−1 y x y −1 z y = u −1 v, where u = z x−1 y x and we obtain v by cyclically permuting x , y , z in the definition of u . The rest is now immediate. These identities could also be proved using GAP. For example, in order to prove the identity [ x y , z ] = [ x , z ] y [ y , z ], it suffices that this holds in the free group generated by x , y , z : 104 3.5 Nilpotent groups and p -groups gap> F:=FreeGroup( "x", "y", "z" );; gap> AssignGeneratorVariables( F );; gap> Comm( x * y, z ) = Comm( x, z )^y * Comm( y, z ); true Let X , Y ⊂ G be non-empty sets. Define the commutator subgroup of X and Y by [ X, Y ] = 〈[ x, y ] | x ∈ X, y ∈ Y 〉 and note that [ X, Y ] = [ Y, X]. For any n 2 nonempty subsets X 1, X 2, . . . , Xn of G denote [ X 1, X 2,..., Xn] = [[ X 1,..., Xn−1], Xn]. Note that [ G , G ] = G is just the derived subgroup of G . Define also X Y = 〈 x y | x ∈ X , y ∈ Y 〉. If X is a subset and H G , then X ⊂ X H 〈 X , H〉. Thus, X H = X 〈 X, H〉 is the normal closure of X in 〈 X , H〉. Here is an example: gap> G := SmallGroup( 64, 52);; gap> gen := GeneratorsOfGroup(G);; gap> H := Subgroup(G, [gen[1]]);; gap> K := Subgroup(G, [gen[2], gen[3]]);; gap> C := CommutatorSubgroup(H,K);; gap> Order(H); 2 gap> Order(K); 32 gap> Order(C); 16 Lemma 3.5.4 Let X ⊂ G and H G . Then 1. X K = 〈 X , [ X , K ]〉 ; 2. [ X , K ] K = [ X , K ] ; 3. if K = 〈 Y 〉 , then [ X , K ] = [ X , Y ] K . PROOF. (1) Follows from x k = x [ x , k ]. (2) For k , h ∈ K and x ∈ X we have [ x , hk ] = [ x , k ][ x , h] k , so that [ x , h] k ∈ [ X , K ]. (3) It suffices to show that [ x , k ] ∈ [ X , Y ] K what we prove for k = y ±1 y ±1 . . . y ±1 by 1 2 r induction on r . For r = 1 we get [ x , y −1] = ([ x , y 1 1] y −1 1 )−1 ∈ [ X, Y ] K . For the inductive step we write k = k y ±1. Then [ x , k ] = [ x , k y ±1] = [ x , y ±1][ x , k ] y ±1 r ∈ [ X , Y ] K by induction. r r r Corollary 3.5.5 If H = 〈 X 〉 and K = 〈 Y 〉 , then [ H, K ] = [ X , Y ] HK . PROOF. This follows from Lemma 3.5.4, (3). Primož Moravec: Some Topics in the Theory of Finite Groups 105 Derived series, upper and lower central series Define G = [ G , G ] and inductively G (0) = G and G ( n+1) = ( G ( n)) . The derived series of G is the series G (0) G (1) G (2) · · · of fully invariant (and therefore normal) subgroups of G . The derived series of a group is in close connection with its solvability: Proposition 3.5.6 If 1 = G 0 G 1 · · · Gn = G is an abelian series of a solvable group G , then G ( i ) Gn− i and, in particular, G ( n) = 1 . The derived length of G is equal to the length of the derived series. PROOF. We prove this by induction, the case i = 0 being trivial. If the assertion is true for i , then G ( i +1) = ( G ( i)) ( Gn− i ) Gn− i−1, as required. GAP can compute the derived series as follows: gap> G := OneSmallGroup(Size, 120, IsAbelian, false, IsSolvable, true);; gap> StructureDescription(G); "C5 x (C3 : C8)" gap> DerivedSeries(G); [ C5 x (C3 : C8), Group([ f5 ]), Group([ ]) ] gap> DerivedLength(G); 2 There are two canonical central series of a given group. Define γ 1( G ) = G and induc- tively γn+1( G ) = [ γn ( G ), G ]. The result is the lower central series G = γ 1( G ) γ 2( G ) ··· of fully invariant (and therefore normal) subgroups. The factor group γn ( G ) /γn+1( G ) lies in the center of G /γn+1( G ). Define Z 0( G ) = 1 and inductively Zn+1( G ) /Zn ( G ) = Z ( G /Zn ( G )). We obtain the upper central series 1 = Z 0( G ) Z 1( G ) Z 2( G ) · · · of characteristic (and therefore normal) subgroups of G . If G is finite, it terminates in a subgroup called the hypercenter of G . Proposition 3.5.7 If 1 = G 0 G 1 · · · Gn = G is a central series of a nilpotent group G , then 1. γi ( G ) Gn− i+1 , so that γn+1( G ) = 1 ; 2. Gi Zi ( G ) so that Zn ( G ) = G ; 106 3.5 Nilpotent groups and p -groups 3. the nilpotency class of G equals the length of the upper central series which also equals the length of the lower central series. PROOF. (1). This is true for i = 1. Since Gn− i+1 /Gn− i ⊂ Z ( G /Gn− i ), we have [ Gn− i+1, G ] ⊂ Gn− i . By induction, γi+1( G ) = [ γi ( G ), G ] [ Gn− i+1, G ] Gn− i . The item (2) is another easy induction and (3) follows. Lemma 3.5.8 (The three subgroup lemma) Let H , K , L G . If two of the commutator subgroups [ H, K , L], [ K , L, H] , [ L, H, K ] are contained in a normal subgroup of G , then so is the third one. PROOF. By Corollary 3.5.5, [ H, K , L] is generated by conjugates of commutators of the form [ h, k −1, l ]. Apply the Hall-Witt identity. Proposition 3.5.9 Let G be a group and i , j ∈ : 1. [ γi ( G ), γj ( G )] γi+ j ( G ) . 2. γi ( γj ( G )) γi j ( G ) . 3. [ γi ( G ), Zj ( G )] Zj − i ( G ) if j i . 4. Zi ( G /Zj ( G )) = Zi+ j ( G ) /Zj ( G ) PROOF. (1) Both [ γi ( G ), γj ( G ), G ] and [ G , γi ( G ), γj ( G )] are inductively (on j ) contained in γi+ j +1( G ). By the three subgroup lemma the same holds true for [ γj ( G ), G , γi ( G )] = [ γi ( G ), γj+1( G )]. (2) This goes by induction on i : γi+1( γj G ) = [ γi ( γj ( G )), γj ( G )] [ γi j ( G ), γj ( G )] γ( i+1) j ( G ). (3) [ γi+1( G ), Zj ( G )] = [ γi ( G ), G , Zj ( G )] [ G , Zj ( G ), γi ( G )][ Zj ( G ), γi ( G ), G ] Zj− i−1( G ) by induction on i . (4) Induction on i . Corollary 3.5.10 For any group G we have that G ( i ) γ 2 i ( G ) . If G is nilpotent of class c, then its derived length is at most log2 c + 1 . PROOF. Apply part (2) of the above proposition to G ( i ) = γ 2(· · · ( γ 2( G )) · · · ) i times Primož Moravec: Some Topics in the Theory of Finite Groups 107 Now, let G be nilpotent of class c , let d be the derived length and let 2 i c + 1. Then, G ( i ) γ 2 i ( G ) γc+1( G ) = 1. Since the smallest such i is log2 c + 1, it follows that d log2 c + 1. Here is a sample computation of lower and upper central series of a group: gap> G := SmallGroup(128, 50);; gap> NilpotencyClassOfGroup(G); 4 gap> DerivedLength(G); 2 gap> LowerCentralSeriesOfGroup(G); [ , Group([ f3, f5, f7 ]), Group([ f5, f7 ]), Group([ f7 ]), Group([ of ... ]) ] gap> UpperCentralSeriesOfGroup(G); [ Group([ f6, f7, f5, f3, f4, f1, f2 ]), Group([ f6, f7, f5, f3, f4 ]), Group([ f6, f7, f5 ]), Group([ f6, f7 ]), Group([ ]) ] Unitriangular groups Here is a ring-theoretic source of examples of nilpotent groups. Let S be a ring with iden- tity and N a subring. Write N ( i ) for the set of all sums of products of i elements of N for i > 0, which is necessarily a subring. If N ( i) = 0 for some i > 0, then N is called nilpotent. Assume N ( n) = 0 and let U be the set of all elements of the form 1 + x for x ∈ N . Then U is a group with respect to the ring multiplication, i.e. (1 + x)(1 + y ) = 1 + ( x + y + x y ) and (1 + x)−1 = 1 + (− x + x 2 − ··· + (− x) n−1). Define Ui = {1 + x | x ∈ N ( i)} and observe that Ui is an increasing series of subgroups. We want to show that this is actually a central series of U . Let x ∈ N ( r) and y ∈ N ( s), then [1 + x,1 + y ] = (1 + x + y + y x)−1(1 + x + y + x y ). We let u = x + y + x y and v = x + y + y x : [1 + x,1 + y ] = (1 − v + v 2 − ··· + (− v ) n−1)(1 + u ) = 1 + (1 − v + v 2 − · · · + (− v ) n−2)( u − v ) + (− v ) n−1 u . Now, u − v = x y − y x ∈ N ( r+ s) and (− v ) n−1 u = 0. We have thus shown that [ Ur , Us ] Ur+ s implying that U is nilpotent of class no more than n − 1. For an even more concrete example, let us take S to be the ring of all n × n matrices over a commutative ring with identity R. Further, let N be the subring of all strictly upper 108 3.5 Nilpotent groups and p -groups triangular matrices. It is not hard to see that the class of U in this case is exactly n − 1 showing that there are nilpotent groups of arbitrary class. We note here that in the case n = 3 we call the group U a Heisenberg group over R. Observe that Ui consists of all upper unitriangular matrices whose first i − 1 super diagonals are zero. It easily follows that Ui /Ui+1 R ⊕ R ⊕ ··· ⊕ R . n − i times In the case that R = GF( p ) we find U to be a finite p -group of order p n( n−1) / 2. On the other hand, if R = , then U is a finitely generated torsion-free nilpotent group. Now, let T denote the group of all upper triangular invertible matrices over R. Let θ : T → ( R∗) n be the projection of a matrix to its diagonal. So, this is an epimorphism whose kernel is precisely equal to U and whose image is an abelian group. It follows that T is solvable, with the derived length being no more than [log ( 2 n − 1) + 2]. Properties of nilpotent groups Lemma 3.5.11 If G is a nilpotent group and 1 = N G , then N ∩ Z ( G ) = 1 . PROOF. Let i be the smallest natural number s.t. N ∩ Zi ( G ) = 1. Then, [ N ∩ Zi ( G ), G ] N ∩ Zi−1( G ) = 1, so that N ∩ Zi ( G ) N ∩ Z 1( G ) = 1 implying equality. Corollary 3.5.12 A minimal normal subgroup of a nilpotent group is contained in the center. Proposition 3.5.13 If A is a maximal normal abelian subgroup of the nilpotent group G , then A = CG ( A) . PROOF. Clearly A C = CG ( A). Suppose that A = C . Then C /A is a nontrivial normal subgroup of the nilpotent G /A. By Lemma 3.5.11 there is an A = Ax ∈ ( C /A) ∩ Z ( G /A). Now 〈 x , A〉 is abelian and normal leading to a contradiction. Theorem 3.5.14 The following conditions are equivalent for a finite group G : 1. G is nilpotent; 2. every subgroup of G is subnormal; 3. Every proper subgroup H of G is properly contained in its normalizer; 4. Every maximal subgroup of G is normal; Primož Moravec: Some Topics in the Theory of Finite Groups 109 5. G is the direct product of its Sylow subgroups. PROOF. (1) ⇒ (2). Let G be nilpotent with class c . If H G , then HZiG HZi+1 G since Zi+1 G /ZiG = Z ( G /ZiG ). So, HZiG is the series proving subnormality of H. (2) ⇒ (3). Let H = H 0 H 1 · · · Hn = G be the series proving subnormality of the proper subgroup H . Let i be the smallest integer s.t. H = Hi . Then, H = Hi−1 Hi NG ( H). (3) ⇒ (4). If M < G is maximal, then M < NG ( M ) implying NG ( M ) = G . (4) ⇒ (5). Assume P is a non-normal Sylow subgroup. Then NG ( P) is proper and therefore contained in a maximal subgroup M . Then M G contradicting Lemma 3.2.29. Thus, Sylow p -subgroup is normal and consequently unique for each p . Their product is clearly direct and equal to G . (5) ⇒ (1). This follows since every p -group is nilpotent and direct sum of nilpotent groups is nilpotent. In the case of infinite groups, properties (2) to (5) are weaker than (1). Using the above result, one can refine Corollary 3.3.7 as follows: Corollary 3.5.15 A maximal subgroup M of a finite nilpotent group G has prime index. PROOF. We known that M G , and | G : M | = p k by Corollary 3.3.7. If k > 1, then there exists H < G containing M such that | H : M | = p which is a contradiction. The Fitting Subgroup Theorem 3.5.16 (Fitting) Let M and N be normal nilpotent subgroups of a group G . If c and d are nilpotency classes of M and N , then L = M N is nilpotent of class ≤ c + d . PROOF. By induction on i we show that γi ( L) = [ X 1,..., Xi ]. X j ∈{ M , N } Taking i = c + d + 1 and noting that [ A, G ] ≤ A for all A G , we conclude that each [ X 1,..., Xi ] is contained in either γc+1( M) or γd+1( N ), both of which equal to 1. The subgroup Fit( G ) generated by all the normal nilpotent subgroups of a group G is called the Fitting subgroup of G . If the group G is finite, then Fit( G ) is nilpotent. In these cases, Fit( G ) is the unique largest normal nilpotent subgroup of G . Note also that Fit( G ) = 1 if and only if G is semisimple. Let N ≤ H ≤ G and N G . Define CG ( H/N ) = { g ∈ G : [ H, g ] ≤ N }. Clearly CG ( H/N ) ≤ G . 110 3.5 Nilpotent groups and p -groups Theorem 3.5.17 Let G be a finite group. For a prime p let Op ( G ) be the largest normal p -subgroup of G . The following groups are then equal to Fit( G ) : (a) The direct product of all Op ( G ) , where p divides | G | . (b) The intersection of the centralizers of the chief factors of G . PROOF. (a) If N G is nilpotent, then N = × Op ( N ). As the group Op ( N ) is a characteristic subgroup of N , it follows that Op ( N ) G . Therefore Op ( N ) ≤ Op ( G ), and thus N ≤ × Op ( G ). (b) Let 1 = G 0 ≤ G 1 ≤ · · · ≤ Gn = G be a chief series of G and denote I = CG ( Gi+1 /Gi ). i Since [ Gi+1, I ] ≤ Gi for all i , we get γn+1( I ) = 1, hence I ≤ Fit( G ). Conversely, let F = Fit( G ). Since G 1 is a minimal normal subgroup of G , we get either [ G 1, F ] = 1 or [ G 1, F ] = G 1. In the latter case, G 1 ≤ γc+1( F ) = 1 for some c , a contradiction. Thus [ G 1, F ] = 1. Induction on n shows that F ≤ CG ( Gi+1 /Gi ) for all i . gap> G := SmallGroup(96, 10);; gap> IsNilpotent(G); false gap> F := FittingSubgroup(G);; gap> Order(F); 48 gap> StructureDescription(F); "C12 x C4" The Frattini subgroup The Frattini subgroup Frat( G ) of G is the intersection of all maximal subgroups of G (if G does not have maximal subgroups, then we define Frat( G ) = G ). Clearly Frat( G ) is a characteristic subgroup of G . We say that g ∈ G is a nongenerator of G if G = 〈 g , X 〉 implies G = 〈 X 〉 for every X ⊆ G . Theorem 3.5.18 Frat( G ) equals the set of nongenerators of G . PROOF. Let g ∈ Frat( G ), G = 〈 g , X 〉, but G = 〈 X 〉. There exists M ≤ G which is maximal subject to 〈 X 〉 ≤ M and g / ∈ M . M is a maximal subgroup of G , hence g ∈ M , a contradic- tion. Let g be a nongenerator and g / ∈ Frat( G ). Thus g / ∈ M for some maximal subgroup M . It follows 〈 g , M 〉 = G , hence G = M , a contradiction. Proposition 3.5.19 Let G be a finite group. Primož Moravec: Some Topics in the Theory of Finite Groups 111 (a) If N G , H ≤ G and N ≤ Frat( H) , then N ≤ Frat( G ) . (b) If K G , then Frat( K ) ≤ Frat( G ) . (c) If N G , then Frat( G /N ) ≥ Frat( G ) N /N , with equality if N ≤ Frat( G ) . (d) If A is an abelian normal subgroup of G such that Frat( G )∩ A = 1 , there exists H ≤ G such that G = HA and H ∩ A = 1 . PROOF. (a) If not, then there exists a maximal subgroup M such that N ≤ M . Then G = M N , H = ( H ∩ M ) N , thus H ≤ M , therefore N ≤ M , a contradiction. (b) Apply (a) with N = Frat( K ) and H = K . (c) By definition. (d) Let H be minimal subject to G = HA. Then H ∩ A G . If H ∩ A ≤ Frat( H), then we claim that H ∩ A = 1 by (a). Namely, if this were false, there would exist a maximal subgroup M of H such that H ∩ A ≤ M . Then H = M ( H ∩ A) and G = M A, contrary to the minimality of H . Theorem 3.5.20 (Gaschütz) Let G be a group. (a) If Frat( G ) ≤ H ≤ G , where H is finite and H/ Frat( G ) is nilpotent, then H is nilpotent. (b) If G is finite, Frat( G ) is nilpotent. (c) Define FFrat( G ) by FFrat( G ) / Frat( G ) = Fit( G / Frat( G )). If G is finite, then FFrat( G ) = Fit( G ) . (d) If G is finite, FFrat( G ) / Frat( G ) is the product of all the abelian minimal normal subgroups of G / Frat( G ) . PROOF. (a) Let P be a Sylow subgroup of H , F = Frat( G ), and K = PF ≤ H. K /F is a Sylow subgroup of H /F , hence K /F is characteristic in H/F . Hence K is normal in G . By the Frattini argument, G = NG ( P) K = NG ( P) F = NG ( P). (b) Follows from (a). (c) Denote H = FFrat( G ). H is nilpotent by (a), thus H ≤ Fit( G ). (d) Taking quotients, we may assume that Frat( G ) = 1. Write L = Fit( G ). L/ Frat( L) is abelian, hence L ≤ Frat( L) ≤ Frat( G ) = 1. Thus L is abelian. Let N be the product of all the abelian minimal normal subgroups of G . Then N ≤ L. There exists H ≤ G such that G = HN and N ∩ H = 1. H ∩ L is normal in H L = G . Since H ∩ L ∩ N = 1, it follows that H ∩ L = 1 by the minimality. Then L = L ∩ ( HN ) = N . 112 3.5 Nilpotent groups and p -groups Proposition 3.5.21 Let G be a finite group. Then G is nilpotent if and only if G ≤ Frat( G ) . PROOF. If G is nilpotent and M a maximal subgroup of G , then G ≤ M . Conversely, if G ≤ Frat( G ) then every maximal subgroup of G is normal. gap> G := SmallGroup(96, 10);; gap> F := FrattiniSubgroup(G);; gap> StructureDescription(F); "C4 x C2" 3.5.2 Finite p -groups Basic properties Proposition 3.5.22 Let G be a group of order p m+1 . (a) If G is nilpotent of class c > 1 , then G /Zc−1( G ) is not cyclic. (b) c ≤ m . (c) If 0 ≤ i ≤ j ≤ m + 1 , every subgroup of order p i is contained in some subgroup of order p j . (d) G has subgroups of every order dividing p m+1 . PROOF. (a) If G /Zc−1( G ) were cyclic, G /Zc−2( G ) would be abelian, hence Zc−1( G ) = G , a contradiction. (b) | G : Zc−1( G )| ≥ p 2 by (a), all upper central factors have order ≥ p . (c) Let H be a subgrup of order p i . As H is subnormal in G , it is a part of a compo- sition series 1 = H 0 ≤ · · · ≤ Hi = H ≤ · · · ≤ Hm+1 = G by Jordan-Hölder’s theorem. All composition factors have order p , hence the assertion. (d) Follows from (c). Lemma 3.5.23 Let G be an elementary abelian p -group. Then Frat( G ) = 1 . PROOF. Let G = C n and let M p i = {( x 1, . . . x i −1, 1, xi +1, . . . , xn ) : x j ∈ Cp } for i = 1, . . . , n . Then n M i are maximal subgroups of G and M i =1 i = 1, hence Frat( G ) = 1. Theorem 3.5.24 (The Burnside Basis Theorem) Let G be a finite p -group. Then Frat( G ) = γ 2( G ) G p , where G p = 〈 g p | g ∈ G 〉 . Also if | G : Frat( G )| = pr , then every set of generators of G has a subset of r elements which also generates G . Primož Moravec: Some Topics in the Theory of Finite Groups 113 PROOF. Let M be a maximal subgroup of G . Then M G and | G : M | = p . It follows that γ 2( G ) G p ≤ M , hence γ 2( G ) G p ≤ Frat( G ). On the other hand, G /γ 2( G ) G p is an elementary abelian p -group, hence Frat( G /γ 2( G ) G p ) = 1. It follows that Frat( G ) ≤ γ 2( G ) G p . Let G = 〈 x 1, . . . , xs 〉 and F = Frat( G ). Then G = G /F = 〈 F x 1, . . . , F xs 〉. The group G is a vector space over GF( p ), hence it has a basis { F xi , . . . , F x }. Write Y = 〈 x , . . . , x 〉. 1 i r i 1 i r Then G = 〈 Y, F 〉, hence G = 〈 Y 〉. Let G be a finite p -group. By the Burnside Basis Theorem, we can think of G / Frat( G ) as a vector space over GF( p ). Corollary 3.5.25 Let G be a finite p -group and d the minimal number of generators of G . Then d = dim G F( p) G / Frat( G ). Extraspecial p -groups A finite p -group is said to be extraspecial if G = Z ( G ) ∼ = Cp . Proposition 3.5.26 Let G be a nonabelian group of order p 3 . If p is odd, then G is isomor- phic with 〈 x , y | x p = y p = 1, [ x , y ] x = [ x , y ] y = [ x , y ]〉 or 〈 x , y | x p 2 = 1 = y p , x y = x 1+ p 〉. These groups have exponent p and p 2 respectively. If p = 2 , then G is isomorphic with D 8 or quaternion group Q 8 . In particular, all non-abelian groups of order p 3 are extraspecial. PROOF. All the groups given above have order p 3. For p = 2, the assertion follows from the description of all groups of order 8 (exercise). Assume that p is odd. We consider two cases: Case 1. All elements of G have order p . Let z ∈ Z ( G )\{1} and let x / ∈ Z ( G ). Then 〈 z , x 〉 = 〈 z 〉 × 〈 x 〉 is a subgroup of order p 2, hence it is a maximal subgroup and thus normal in G . Choose w / ∈ 〈 z , x 〉. Then G = 〈 z , x , w 〉. We have that x w = x a z b for some 0 ≤ a , b < p . If a = 0, then x y ∈ Z ( G ), hence x ∈ Z ( G ), a contradiction. Thus there exists c such that a c ≡ 1 mod p . Let t = w c . We have that G = 〈 z , x , t 〉, and x t = x z b for some 0 ≤ b < p . As G is nonabelian, b = 0, hence there exists d such that b d ≡ 1 mod p . Put y = t d . Then we get [ x , y ] = z and G = 〈 x , y 〉. We have x p = y p = 1, [ x , y ] x = [ x , y ] y = [ x , y ], as required. Case 2. G contains an element x of order p 2. Let N = 〈 x 〉. As N is a maximal subgroup of G , N is normal in G . Choose z ∈ G \ N of order p . There exists a ∈ such that x z = x a . 114 3.5 Nilpotent groups and p -groups Since x = x zp , it follows that a p ≡ 1 mod p 2, hence a ≡ 1 mod p . Write a = 1 + k p. Let l be such that k l ≡ 1 mod p . Let y = z l . Then x y = x 1+ p . Since N ∩ 〈 y 〉 = 1, we have N 〈 y 〉 = G . All the groups above are clearly extraspecial. A group G is said to be the central product of its normal subgroups G 1, . . . , Gn if G = G 1 · · · Gn , [ Gi , G j ] = 1 for i = j , and Gi ∩ G j = i j = Z ( G ). Theorem 3.5.27 An extraspecial p -group is a central product of n nonabelian subgroups of order p 3 , and has order p 2 n+1 . Conversely, a finite central product of nonabelian groups of order p 3 is an extraspecial p -group. PROOF. Let C = Z ( G ) = G , and let c be a generator of C . The group V = G /C is elementary abelian, hence a vector space over GF( p ). We have a well defined skew-symmetric bilinear form f : V × V → GF( p ) induced by [ x, y ] = c( Cx, Cy ) f . If ( C x , C y ) f = 0 for all y ∈ G , then x ∈ C , thus f is nondegenerate. Thus there exists a decomposition V = V 1 ⊕ · · · ⊕ Vn where Vi is a 2-dimensional space with basis { ui , vi }, such that ( ui , vi ) f = 1, ( ui , vj ) f = 0 for i = j , ( ui , u j ) f = 0, ( vi , vj ) f = 0. Write u i = C xi , vi = C yi . Then Gi = 〈 xi , yi 〉 is a nonabelian group of order p 3. We have that G is the central product of G 1, . . . Gn . Clearly G /C = G 1 /C × · · · × Gn /C , hence | G | = p 2 n+1. Conversely, let G be the central product of G 1, . . . , Gn , where each Gi is a nonabelian group of order p 3. Since Z ( Gi ) ≤ Z ( G ), it follows that Z ( G ) = Z ( Gi ) ∼ = Cp . Beside that, [ Gi , Gj ] = 1 for i = j , and [ Gi , Gi ] = Z ( Gi ) = Z ( G ) for all i . Hence [ G , G ] = [ G 1 ··· Gn, G 1 ··· Gn] = Z ( G ), therefore G is extraspecial. 3.5.3 Enumeration of finite p -groups It turns out that most of the finite groups are p -groups. The proof is beyond the scope of these notes. To illustrate this result, there are 49, 910, 529, 484 different isomorphism Primož Moravec: Some Topics in the Theory of Finite Groups 115 classes of groups of order at most 2000, and 49, 487, 365, 422, or just over 99%, are groups of order 1024. We mention here that Phillip Hall proved that the number of isomorphism classes of groups of order p n is 2 p n 3+ O( n 8 / 3) 27 . We will not prove this result. Instead we will derive some good upper and lower bounds on the number of finite p -groups of given order. We refer to [2] for a wealth of further estimates. Preliminary results Let r be a positive integer and Fr a free group on { x 1, . . . , xr }. Denote Gr = Fr /F p 2 γ r 2( Fr ) p γ 3( F ). We identify xi with their images in Gr , so x 1, . . . , xr generate Gr . A finite p -group G is said to have Φ -class 2 if there exists a central elementary abelian subgroup H of G such that G /H is elementary abelian. In other words, G is a central ex- tension of an elementary abelian group by an elementary abelian group. Our first result shows that every group of Φ-class 2 is a homomorphic image of some Gr : Lemma 3.5.28 Let H be a group of Φ -class 2, and let y 1, . . . , yr ∈ H. There is a homomor- φ phism φ : Gr → H such that x = y i i for all i = 1, . . . , r . PROOF. As Fr is free there exists a unique homomorphism Fr → H with xi → yi . As p 2 Fr γ 2( Fr ) p γ 3( F ) is contained in the kernel of this map, we get the result. Lemma 3.5.29 The group Gr is a finite p -group. The Frattini subgroup Frat( Gr ) is central of order p r ( r +1) / 2 and index p r . Moreover, any automorphism α ∈ Aut( Gr ) that induces an identity mapping on Gr / Frat( Gr ) fixes Frat( Gr ) pointwise. p PROOF.[Sketch of proof] The group Gr γ 2( Gr ) is a central elementary abelian p -subgroup of Gr , and the quotient by it is also elementary abelian. Thus Gr is a p -group. Observe p that Frat( Gr ) is generated by x and [ x i j , x i ], where 1 ≤ i < j ≤ r . It is straightforward but technical to prove that this generating set is a minimal one, we skip the details. It follows that Frat( Gr ) is central of order p r( r+1) / 2 and index p r . Now take α ∈ Aut( Gr ) that induces an identity mapping on Gr / Frat( Gr ). So there exist h 1, . . . , hr ∈ Frat( Gr ) such that x α = h i i x i . Since Frat( G r ) is central and Frat( G r ) p = {1}, we have ( p p p p x ) α = ( x α) p = ( h x = x i i i x i ) p = h i i i and [ xj , xi ] α = [ xα, xα] = [ h j i j x j , h i x i ] = [ x j , x i ]. 116 3.5 Nilpotent groups and p -groups Thus α fixes every generator of Frat Gr and we are done. Lemma 3.5.30 Let N ∼ 1 and N 2 be subgroups of Frat G r . Then G r /N 1 = Gr /N 2 if and only if there exists α ∈ Aut Gr such that N α = N 1 2 . PROOF. It is obvious that if there exists α ∈ Aut Gr such that N α = N 1 2, then it induces an isomorphism Gr /N 1 → Gr /N 2. Conversely, suppose there is an isomorphism α : Gr /N 1 → Gr /N 2. Let y 1, . . . , yr ∈ G be such that ( N 1 xi ) α = N 2 yi . By Lemma 3.5.28 there exists a homomorphism α: Gr → Gr with x α = y i i . Since α is an isomorphism, G r = 〈 y 1, . . . , yr 〉 N 2. But N 2 ≤ Frat Gr , therefore Gr = 〈 y 1, . . . , yr 〉. Thus α is surjective. Since Gr is finite, this implies that α is an isomorphism. It remains to show that N α = N 1 2. By definition, N 2 x α = ( N 1 x ) α for all x ∈ Gr , and the result follows easily from here. A lower bound A similar argument as in the proof of 3.2.9 shows the following: Lemma 3.5.31 Let V be a vector space over G F( q) of dimension d . For 0 ≤ k ≤ d , let nk, d be the number of subspaces of V of dimension k . Then ( qd − 1)( qd − q)···( qd − qk−1) n k, d = . ( qk − 1)( qk − q)···( qk − qk−1) In particular, q k ( d − k ) ≤ nk, d ≤ qk( d − k+1) . Proposition 3.5.32 Let r be a positive integer, and s an integer such that 1 ≤ s ≤ r ( r +1) / 2 . Then there are at least p r s( r +1) / 2− r 2− s 2 isomorphism classes of groups of order p r + s . PROOF. Let Gr be as above. Let X be the set of subgroups N ≤ Frat Gr of index p s in Frat Gr . Each N ∈ X gives rise to a group Gr /N of order p r+ s . Furthermore, Lemma 3.5.30 implies that the set of isomorphism classes of these groups is in 1-1 correspondence with the set of orbits of Aut Gr acting on X . Let θ : Aut Gr → Aut( Gr / Frat Gr ) be the natural homomorphism. By Lemma 3.5.29 every α ∈ ker θ fixes Frat Gr pointwise and so acts trivially on X . Therefore ker θ is con- tained in the stabilizer of every element of X , and so the length of any orbit of Aut Gr acting on X is at most | Aut Gr | /| ker θ | ≤ | Aut( Gr / Frat Gr )| = | Aut C r | = | GL( r, p )| ≤ p r 2. p From Lemma 3.5.31 we conclude that | X | ≥ p s( r( r+1) / 2− s , therefore there are at least p s( r ( r +1) / 2− s /p r 2 Primož Moravec: Some Topics in the Theory of Finite Groups 117 orbits of Aut Gr on X . This gives the desired bound. Proposition 3.5.32 yields roughly p x 2 y n 3 / 2 groups with Frattini subgroup of index p xn and order p y n . Maximizing the function z = x 2 y / 2 under the constraint x + y = 1 yields the maximum value z = 2 / 27. Theorem 3.5.33 The number f ( p n ) of groups of order p n is at least 2 p n 2( n−6) 27 . PROOF. We may assume n > 6. Define s = ( n + 2( n mod 3)) / 3 and r = n − s . Then Proposition 3.5.32 gives f ( p n ) ≥ p rs( r+1) / 2− r 2− s 2 ≥ p 2 n 2( n−6) / 27. An elementary upper bound Let G be a group of order p n and let G = G 0 ≥ G 1 ≥ · · · ≥ Gn−1 ≥ Gn = {1} be its chief series. For each i choose g i ∈ Gi−1 − Gi . Then every g ∈ G may be written uniquely in normal form g = g α 1 1 · · · g αn n , where αi ∈ {0, 1, . . . , p − 1}. Furthermore, g ∈ G i iff α 1 = · · · = αi = 0. p Observe that, given 1 ≤ i < j ≤ n, we have that g i ∈ Gi and [ g j , g i ] ∈ Gj . Hence we may write these elements in normal form, that is, p β g = g i, i+1 (3.1) i i +1 · · · g βi, n n and [ γ γ g i , j , j +1 i , j , n j , g i ] = g j +1 · · · g n (3.2) for some βi, j , γi, j , k ∈ {0, 1, . . . , p − 1}. It is easy to see that the generators g 1, . . . , g n and all the relations of the form (3.1) and (3.2) form a presentation for G (called a power commutator presentation or polycyclic presentation). One has to prove that a product of two elements in normal form can again be written in normal form. This can be done using collection process described in [9]. We remark that GAP calls the groups given by power-commutator presentations pc groups. Here is an example of how GAP prints out presentations of pc groups: gap> PrintPcpPresentation(PcGroupToPcpGroup(DihedralGroup(16))); g1^2 = id g2^2 = g3 g3^2 = g4 g4^2 = id g2 ^ g1 = g2 * g3 * g4 g3 ^ g1 = g3 * g4 118 3.5 Nilpotent groups and p -groups Note that the conjugation relations can be rewritten into commutator ones using the identity x y = x [ x , y ], and that the trivial commutator relations are left out. The above discussion leads to the following: Theorem 3.5.34 We have that 1 f ( p n ) ≤ p ( n 3− n) 6 . PROOF. Let G be as above. The isomorphism class of G is determined by the values of βi, j and γi, j , k . There are at most p choices for each of these ( n 3 − n) / 6 elements, so there are 1 at most p ( n 3− n) 6 isomorphism classes of groups of order p n . 3.5.4 Coclass As we have seen so far, there are many p -groups of given order, too many to classify them all up to isomorphism. In recent years there has been an idea to clasify p -groups according to coclass. This has lead to coclass theory which has produced some fasci- nating results. In this section we will briefly describe some of the main features of the theory, omitting almost all details. We refer to [7] for proofs and further results. Let G be a group of order p n . Then its nilpotency class c is strictly smaller of n by Proposition 3.5.22. The difference n − c is called the coclass of G . Finite p -groups of coclass 1 are also known as p -groups of maximal class. An example of a p -group of maximal class is Cp Cp ; its order is p p+1 and the nilpotency class is precisely p (exercise). Example 3.5.35 Define Q 2 n = 〈 x , y | y 2 n−1 = 1, x 2 = y 2 n−2, y x = y −1〉 to be the generalized quaternion group of order 2 n (check that this is indeed its order). The group Q 8 is known as the quaternion group. Similarly, the group SD 2 n = 〈 x , y | y 2 n−1 = 1, x 2 = 1, y x = y 2 n−2−1〉 is said to be the semi-dihedral group of order 2 n . A classical result of the coclass theory is that 2-groups of maximal class are precisely dihedral, semi-dihedral, and generalized quaternion 2-groups. The goal of coclass theory is to study common properties of finite p -groups of fixed coclass. To this purpose we study the so-called coclass graph ( p, r ) whose vertices cor- respond to the isomorphism types of p -groups of coclass r . Two vertices G and H are joined by a directed edge from G to H if and only if G ∼ = H/γc ( H), where c is the nilpo- tency class of H . In order to understand this graph, we need a notion of pro- p -groups: Primož Moravec: Some Topics in the Theory of Finite Groups 119 Definition 3.5.36 A topological group G is a pro-p group if it is compact and has a basis of open neighborhoods of the identity consisting of normal subgroups of G of p -power index. Definition 3.5.37 An inductively ordered set is a partially ordered set I with the property that for all i , j ∈ I there exists k ∈ I with k > i and k > j . An inverse system of groups is a family { Gi | i ∈ I } of groups, where I is an inductively ordered set, with surjections θi j : Gi → Gj whenever i > j , satisfying θi j θjk = θik for all i > j > k . Definition 3.5.38 Let { Gi | i ∈ I } be an inverse system of groups. The inverse limit of this system is proj lim Gi = ( g i ) ∈ Gi | g i θi j = g j for all i > j , i ∈ I equipped with the product topology. If G is a pro- p group and the set of all normal subgroups of G of p -power index, then = { G /N | N ∈ } forms an inverse system, where the homomorphisms are the natural ones. We have that G is the inverse limit of . This property in fact characterizes pro- p groups. Definition 3.5.39 If a group is an inverse limit of p -groups of coclass r , then it said to be a pro-p group of coclass r . It turns out [7] that every infinite pro- p group S of coclass r determines a maximal coclass tree ( S) in ( p, r ), namely, the subtree of ( p, r ) consisting of all descendants of S/γi ( S), where i is minimal such that S/γi ( S) has coclass r and S/γi ( S) is not a quotient of another infinite pro- p group R of coclass r not isomorphic to S. In 1980, Leedham-Green and Newman posed five conjectures (A–E) about the stu- ructure of the coclass graph. These are now all theorems [7]. We state them as follows: Theorem 3.5.40 E Given p and r , there are only finitely many isomorphism types of infinite solvable pro-p groups of coclass r . D Given p and r , there are only finitely many isomorphism types of infinite pro-p groups of coclass r . C Pro-p groups of finite coclass are solvable. B For some function g , every finite p -group of coclass r has derived length bounded by g ( p, r ) . A For some function f , every finite p -group of coclass r has a normal subgroup N of class 2 (1 if p = 2 ) whose index is bounded by f ( p, r ) . 120 3.5 Nilpotent groups and p -groups The coclass theorems in particular imply that ( p, r ) consists of finitely many maxi- mal coclass trees and finitely many groups lying outside these trees. The next results shows that there is a certain kind of periodicity within coclass graphs. Let S be an infinite pro- p group of coclass r . The subtree ( S, k ) of ( S) containing all groups of distance at most k from the main line is called a shaved tree. We denote its branches by j ( S, k ). Theorem 3.5.41 (Theorem P (du Sautoy, 2001)) Let S be an infinite pro-p group of co- class r . Then there exist integers d = d ( ( S, k )) and f = f ( ( S, k )) such that j ( S, k ) and Bj + d ( S, k ) are isomorphic as rooted trees for all j ≥ f . The simplest case are 2-groups of coclass 1. The graph (2,1) has an isolated vertex C 4 and one infinite tree: V 4 Q 8 D 8 Q 16 SD 16 D 16 Q 32 SD 32 D 32 .. . . . .. .. The periodicity in this tree is self-evident, even without shaving the tree. 3.5.5 Problems 1. Prove that the Pauli spin matrices i = −1 0 , j = 0 1 , k = 0 −1 0 − −1 −1 0 −1 0 generate a subgroup of GL(2, ) that is isomorphic to Q 8. 2. Let a group G be generated by a 1, . . . , a d . Show that γi ( G ) is the normal closure in G of the set {[ x j , . . . , x ] | 1 ≤ j 1 ji k ≤ i }. 3. Let G = 〈 a 1, . . . , a d 〉 be a nilpotent group. Then every element of G can be written as [ x 1, a 1] · · · [ xd , a d ] for some x 1, . . . , xd ∈ G . 4. Suppose that G = HN , where H ≤ G and N G . Prove that G = Hγi ( N ) for all i . Primož Moravec: Some Topics in the Theory of Finite Groups 121 5. Prove that the group Cp Cpn is nilpotent of class precisely p n . 6. Let G be a group of order p n . If G has a unique subgroup of order p m for all 1 < m < n, prove that G is cyclic. 7. Let G be a group of order p n , wher n ≥ 3, and of maximal class. Prove the following: (a) G ab is an elementary abelian p -group of order p 2 and | γi ( G ) : γi+1( G )| = p for 2 ≤ i ≤ n − 1. The group G can be generated by two elements. (b) For every i ≥ 2 we have that γi ( G ) is the only normal subgroup of G of index p i . (c) Zi ( G ) = γn− i ( G ) for all i = 0,..., n − 1. 8. Let G be a group in which x 2 ∈ Z ( G ) for every x ∈ G . Prove the following: (a) G is nilpotent of class ≤ 2. (b) Every element of G has order at most 2. (c) For all x , y ∈ G , the element ( x y )2 y −2 x −2 belongs to G . (d) For every x , y ∈ G we have that ( x y )4 = x 4 y 4. 9. Let G be a metabelian group and x , y , z , z 1, . . . , z n ∈ G . Prove: (a) [ x , y , z 1, . . . , z n ] = [ x , y , z π(1),..., z π( n)] for every π ∈ Sn . (b) [ x , y , z ][ y , z , x ][ z , x , y ] = 1. 10. Let G be a group in which x 3 = 1 for all x ∈ G . Prove that [ x , y , y ] = 1 for all x , y ∈ G . 11. Let G be a finite group and F its Fitting subgroup. (a) Let N /F be an abelian normal subgroup of G /F such that N ≤ CG ( F ) F . Prove that N = F ( N ∩ CG ( F )). (b) Let N be as in (a). Prove that N /( N ∩ CG ( F )) is nilpotent. (c) Let c be the nilpotency class of N /( N ∩ CG ( F )), where N is as above. Show that N is nilpotent of class ≤ c + 1. (d) Conclude that CG ( F ) F /F contains no non-trivial abelian normal subgroup. (e) If G is solvable, show that CG ( F ) ≤ F . 12. Let G be a finite nilpotent group and N a non-trivial normal subgroup of G . Show the following: (a) [ N , G ] is a proper subgroup of N . (b) Some maximal proper subgroup of N is normal in G . (c) Suppose that G is a p -group and M and N normal subgroups of G with N < M . Prove that there exists K G such that N ≤ K < M and | M : K | = p . 122 3.6 References 13. Supply a proof of Lemma 3.5.31. 14. Use GAP to explore the number f ( m ) of groups of order m for small m , and in the case when m = p n for small primes p and integers n. 3.6 References [1] Atlas of Finite Group Representations, http://brauer.maths.qmul.ac.uk/Atlas/v3/. [2] S. R. Blackburn, P. M. Neumann, and G. Venkataraman, Enumeration of finite groups, Cambridge University Press, Cambridge, 2007. [3] K. S. Brown, Cohomology of groups, Springer-Verlag, New York, 1982. [4] P. J. Cameron, Notes on finite group theory, October 2013. [5] The GAP Group, GAP – Groups, Algorithms, and Programming, Version 4.7.4; 2014, (http://www.gap-system.org). [6] I. M. Isaacs, Finite group theory. Graduate Studies in Mathematics, 92. American Mathematical Society, Providence, RI, 2008. [7] C. R. Leedham-Green, and S. McKay, The structure of groups of prime power order, Oxford University Press, New York, 2002. [8] D. J. S. Robinson, A course in the theory of groups, 2nd. ed., Springer-Verlag, New York, 1996. [9] C. C. Sims, Computation with finitely presented groups, Cambridge University Press, Cambridge, 1994. Chapter 4 Symmetric Key Cryptography and its Relation to Graph Theory Enes Pasalic University of Primorska, Slovenia SUMMARY Modern cryptology relies on many scientific disciplines such as information theory, prob- ability theory, discrete mathematics among others. In addition, many public cryptosys- tems are based on some hard graph theoretic problems such as graph coloring for in- stance. While not directly derived from the concepts related to graphs, the most im- portant cryptographic properties of certain discrete structures may be defined and an- alyzed in the graph theoretic framework which might give at least different insight at these structures. We will give a short survey of cryptography with the emphasis on these discrete structures being basic primitives in the so-called symmetric key cryptography. Booolean functions, vectorial mappings over finite structures and permutations over fi- nite fields, as the most important representatives of these structures, will be considered in real-life encryption schemes. Their cryptographic properties will be stated both in a classical way using some suitable tools in cryptology and these will be then translated in the graph theoretic language. The students will also get a brief insight in the state-of- the-art research in this direction. 123 Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 125 4.1 Introduction A modern cryptology relies on many disciplines such as information theory, computer science, probability theory, number theory and abstract algebra. An information theo- retical foundation of modern cryptology was established in the late forties. In his cel- ebrated paper [9] from 1948 Claude E. Shannon laid the theoretical foundations of in- formation theory. One of the greatest contribution of his work was a new concept of measuring the information. In his second work [10], among other important notion, Shannon introduced the concept of u nconditional security of symmetric ciphers. Un- conditional security means that even if an adversary is assumed to have unlimited com- putational resources he still cannot defeat the cryptosystem. A necessary condition for a symmetric-key encryption scheme to be unconditionally secure is that the encryption key is at least as long as the message, which obviously restricts the practical use of such a system. Also, Shannon introduced two extremely important concepts which have been extensively used in design of modern ciphers, namely c onfusion and d iffusion. A standard cryptosystem model used for achieving confidentiality (secrecy), also call- ed symmetric-key cryptosystem transforms the plaintext message m into the ciphertext message c so that c = EK ( m ), where EK denotes the encryption function, see Figure 4.1. Eve estimate Attack m* Alice Bob plaintext ciphertext Encryption Decryption m K m=D (c) K c=E (m) key K Model of a classic cryptosystem Figure 4.1: Symmetric-key cryptosystem The ciphertext message received by Bob is now supposed to be decrypted before reading. Equipped with the same key as Alice, Bob performs the following. He applies the decryption algorithm DK on the encrypted message, i.e., m = DK ( EK ( m )) and re- trieves the original message. The cryptanalyst Eve, not knowing the actual key K , may perform various attacks on the cryptosystem. The most trivial one, is called e xhaustive search which checks for all possible keys in the key space to decrypt the message. As an example of an insecure symmetric-key cryptosystem we consider the Vigenère cipher. It is assumed that both the message and key symbols are letters from the English 126 4.1 Introduction alphabet, i.e., , ∈ { A, B, . . . , Z }. A sequence of message symbols m = m 0, m 1, . . . is encrypted by this scheme into an encrypted sequence c = c 0, c 1, . . . as follows. In order to express the encryption mathematically a simple transformation is performed, namely the letters are replaced by integers such that, A ↔ 0, B ↔ 1, . . . , Z ↔ 25. The same trans- formation is applied to the key K = K 0, K 1, . . . , Kl −1 and the corresponding message and key sequence are denoted m and K , respectively. Then, the encrypted integer sequence c = c , c , . . . is obtained using, 0 1 c = m + K mod 26, i = 0, 1, 2, . . . . (4.1) i i i mod l Now the ciphertext c is derived from c using the reverse transformation, 0 ↔ A, 1 ↔ B, . . . , 25 ↔ Z . To recover the sequence of the original message, a similar transformation is applied to the encrypted sequence by the recipient, m = c + (26 − K ) mod 26, i = 0,1,2,.... i i i mod l Then the same transformation as above is applied to m to retrieve the sequence of al- phabetic letters m. Nevertheless, practical encryption schemes use more sophisticated approaches of implementing Shannon’s concepts of confusion and diffusion. The encryption is rather performed on a bit level (or on a block of bits) by either "expanding" the secret key of finite length into a pseudo random sequence (running key sequence) z i using keystream generator ( s tream ciphers), see Figure 4.2. mi k Keystream zi ci generator General model of a binary additive stream cipher Figure 4.2: Additive (binary) stream cipher Alternatively, an encryption scheme can be designed by implementing a pseudo random permutations that substitutes a block of data (typically 128 bits) by a block of ciphertext bits of the same length ( b lock ciphers) by repeating substitution (S) and permutation (P) through sevral rounds, see Figure 4.3. In both cases an essential cryptographic primitive for embedding the concept of confusion is so-called Boolean function. Denoting by 2 the binary Galois field (thus 2 = {0, 1}) and the n -dimensional vector space over 2 by n , a Boolean function is de- 2 fined as f : n , also known as substitu- 2 → 2. A vectorial Boolean function F : n 2 → m 2 tion box (S-box), is widely used primitive in the design of block ciphers. For instance, the Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 127 plaintext . . . . . . . . . . . . S S S S . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . S S S S . . . . . . . . . . . . P . . . . . . . . . . . . ciphertext Figure 4.3: Substitution permutation network using S-boxes - a block cipher S-boxes of DES (Data Encryption Standard) use F : 6 , whereas the new standard 2 → 4 2 AES (Advanced Encryption Standard) use F : 8 . Since S-boxes are commonly the 2 → 8 2 only nonlinear components of the block cipher, their design is crucial from the security point of view. 4.2 LFSR based stream ciphers and basic definitions Stream ciphers which make use of a Boolean function are classically divided into two major groups: n onlinear combination generator and n onlinear filter generators, see Fig- ure 4.4. LFSR sk−1 sk−2 . . . s1 s0 f zt Nonlinear filtering generator Figure 4.4: Nonlinear filtering generator Both schemes have in common the use of a l inear feedback shift register (LFSR) as a main constituent block for producing sequences of large period. LFSRs are very well suited for hardware implementation and they can produce sequences with very good 128 4.2 LFSR based stream ciphers and basic definitions statistical properties. In relation to Figure 4.5, the update procedure performed in any LFSR (at the time instance controlled by the system clock) may be summarized as fol- lows: 1. The content of stage 0 is output and forms a part of the output sequence si , and at the same time the new content of stage k − 1 is computed using a linear recursion sk = k −1 s i =0 i c k − i . 2. The content of stage i is moved to stage i − 1, for each 1 ≤ i ≤ k − 1. The next state of the LFSR is therefore S = ( sk , . . . , s 1) seen from left to right in Figure 4.5. For a given length of the LFSR, the period and statistical properties of the sequence de- pend entirely on the c onnection polynomial used. The use of a primitive connection polynomial c ( x ) ∈ 2[ x ] results in the s equence of maximum length (the length is 2 L − 1 for an LFSR of length L) with good statistical properties. Informally, a primitive polyno- mial p ( x ) = a 0 + a 1 x +. . .+ a k x k of degree k can be defined as an irreducible polynomial over 2 with the property that { x i (mod p ( x )) : i = 0, . . . , 2 k − 2} = k 2 \ {0}, using the representation x i (mod p ( x )) = r ( x ) = r 0 + r 1 x + . . . + rk−1 x k−1 and identifying ( r 0,..., rk−1) with the elements of k . 2 c c c1 c2 k−1 k si s s . . . s s k−1 k−2 1 0 Figure 4.5: LFSR of length k with connection polynomial Let s denote an infinite binary sequence whose terms are s 0, s 1, . . ., whereas its trun- cated version of finite length n is denoted by s n , that is, s n = s 0, s 1, . . . , sn−1. The following definitions, taken from [6], will be useful in the sequel. Definition 4.2.1 An LFSR is said to generate a sequence s if there is some initial state of LFSR for which the output sequence of the LFSR is s . Similarly, an LFSR generates s n if for some initial state the first n terms of the output sequence of the LFSR coincide with s n . Definition 4.2.2 The linear complexity of an infinite binary sequence s , denoted L( s ) , is the length of the shortest LFSR that generates s . Example 4.2.3 For k = 4 (or L = 4 ) and the primitive connection polynomial C ( x ) = x 4 + x + 1 if we start the LFSR with S = ( s 0, s 1, s 2, s 3) = (1, 1, 1, 0) it produces the sequence 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1|1, 1, 1, 0 . . . Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 129 The sequence is of maximum length 15 = 24 − 1 and contains exactly 2 k−1 = 8 ones and 2 k −1 − 1 zeros, why ? Check what happens if we use irreducible polynomial C ( x ) = x 4 + x 3 + x 2 + x + 1 ! However, any sequence generated by a finite-state machine has a finite linear complexity. Moreover, due to Elwyn R. Berlekamp and James L. Massey [5], there exists an efficient polynomial-time synthesis algorithm, which computes the linear complexity of a given binary sequence. When the length L of LFSR is known then a sequence of length 2 L is required to compute the connection polynomial, either using the Berlekamp-Massey algorithm or a direct matrix equation. If L is not known, then the Berlekamp-Massey algorithm can be used to determine L and the connection polynomial. In either case the adversary must obtain a subsequence of length 2 L. In reference to Figure 4.2, we assume that an adversary mounts a known or chosen- plaintext attack on additive binary stream cipher where the running-key generator is im- plemented by using an LFSR. Then the adversary can obtain the subsequence of z of length L, by computing z i = mi ⊕ ci , i = 0, . . . , L − 1 (since mi are known). Then, an LFSR of length L, with the connection polynomial computed with the Berlekamp-Massey al- gorithm, can be initialized with this subsequence to generate the remainder of the se- quence z. Thus, a necessary but not sufficient condition for any keystream generator is the re- quirement for a large linear complexity. This cannot be achieved using a single LFSR, and general methods for destroying the linear properties of LFSRs are: • using a n onlinear combining function at the outputs of several LFSRs; • using a n onlinear filtering function on the contents of a single LFSR;and • using the output of one/several LFSRs to control clocking of one/several LFSRs. As mentioned earlier the first two methods take advantage of a Boolean function to introduce the nonlinearity to the keystream. A general construction of a nonlinear com- bination generator is illustrated in Figure 4.6, where for the sake of generality we consider F : n , for m 2 → m 2 ≥ 1. In this set up the outputs of n LFSRs, x (1), . . . , x ( n) are used as the inputs to a nonlinear vectorial Boolean function, denoted F , and the keystream sequence is then generated by ( ( this function. More formally, z 1) n ) i = f i ( x , . . . , x ), and the function F : n (actually i i 2 → m 2 an S-box) is a collection of m Boolean functions F = ( f 1, . . . , f m ). A Boolean function f ( x 1, . . . , xn ) can be represented as the output column of its t ruth table f , i.e., a binary string of length 2 n , f = [ f (0, 0, · · · , 0), f (1, 0, · · · , 0), f (0, 1, · · · , 0), . . . , f (1, 1, · · · , 1)]. The truth table representation may be suitable for Boolean function in small number of variables. Thus, for moderate to large values of n , f ∈ n is usually represented by its 130 4.2 LFSR based stream ciphers and basic definitions x1 LFSR11 z1 x2 LFSR2 F zm . .. xn LFSRn Figure 4.6: Nonlinear combination generator a lgebraic normal form (ANF):1 n f ( x 1, . . . , xn ) = λu x ui , λ i u ∈ 2 , u = ( u 1, . . . , u n ). (4.2) u ∈ n i =1 2 There are 2 n different terms x u 1 x u 2 1 2 · · · x u n n for different u ’s. As λu is binary it gives # n = 22 n different functions in n variables x 1, . . . , xn (denoting by n the set of all Boolean functions in n variables), implying that a search for "good" functions becomes infeasible already for n = 6 ! Example 4.2.4 For n = 3 there are 28 = 256 distinct functions specified by λu , 3 = { λ 01 ⊕ λ 1 x 1 ⊕ λ 2 x 2 ⊕ λ 3 x 3 ⊕ λ 4 x 1 x 2 ⊕ λ 5 x 1 x 3 ⊕ λ 6 x 2 x 3 ⊕ λ 7 x 1 x 2 x 3}. The a lgebraic degree of f , denoted by d e g ( f ) or sometimes simply d , is the maximal value of the Hamming weight of u such that λu = 0. There is a one-to-one correspon- dence between the truth table and the ANF via so called inversion formulae. x 3 x 2 x 1 f ( x ) 0 0 0 0 0 0 1 0 0 1 0 0 0 1 1 1 1 0 0 1 1 0 1 1 1 1 0 0 1 1 1 1 The truth table of the Boolean function f ( x 1, x 2, x 3) = x 1 x 2 + x 2 x 3 + x 3. The easiest way to obtain the ANF from the truth table (without involving Möbius trans- form) is to expand the ANF of f when f ( x ) = 1 and add these together. For the above example we have: f ( x ) = x 1 x 2(1 + x 3) + (1 + x 1)(1 + x 2) x 3 + x 1(1 + x 2) x 3 + x 1 x 2 x 3 = x 1 x 2 + x 2 x 3 + x 3, 1Addition operator over 2 denoted by “⊕” is often replaced with usual addition operator “+”. Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 131 after cancelling identical terms. A b alanced Boolean function has equally many zeros and ones in its truth table, i.e., { f ( x ) = 0 : x ∈ n 2 } = { f ( x ) = 1 : x ∈ n 2} = 2 n−1. What can be said about the upper bound on degree of balanced Boolean functions in n then ? The reason why we require a high algebraic degree is related to the following attack scenario. Recall that the basic goal of the attacker is to recover the secret state bits located in LFSR. Since both LFSR, its connection polynomial c ( x ), the filtering function f ( x ) and a portion of the output keystream sequence (known-plaintext attack) are known we have the following. At each time instance the known keystream bit z t = f ( x t , . . . , x t ), where i 1 n the time dependency of the inputs to f is due to the structure of LFSR. Anyway, any x ti ( is a linear function of the initial secret state bits s i , t ) 0, . . . , s L−1, say x t = L−1 a s i j =0 j j , due to the linear update function of LFSR. Thus given f of degree d , whose ANF contains at most T = n + n + . . . + n terms, we get one equation of degree d is secret state bits. 0 1 d Using so-called linearization we can introduce (at most) T new variables in s 0, . . . , sL−1 and solve a linear system with respect to unknown and secret si . Since there are L secret state variables after the above substitution our linear system has at most T = L + L + 0 1 . . . + L terms. The complexity of solving a linear system of size ≈ L is of order ( L )3 d d d using Gauss elimination. Therefore, a large d is desirable but the implementation cost increases ! Assume now, that n maximum-length LFSRs as in Figure 4.6, whose lengths L 1, L 2, . . . , Ln are relatively prime, are combined by a nonlinear Boolean function f ( x 1, . . . , xn ). Then the linear complexity of the keystream sequence z is f ( L 1, . . . , Ln ), where the expression is computed over the integers [6,12]. Since this expression is directly dependent on the degree of f , then obviously a large linear complexity of the keystream is obtained by functions of high degree. Example 4.2.5 (Geffe generator) Assume that the lengths of LFSRs are relatively prime for the scheme in Figure 4.6, with n = 3 . Let the nonlinear combining function be f ( x 1, x 2, x 3) = x 1 x 2 ⊕ x 2 x 3 ⊕ x 3 . The function f is obviously of degree 2 . The Geffe generator is crypto- graphically weak because the information about the states of LFSR 1 and LFSR 3 leaks to the output. For fixed x 3 = 0 the output is x 1 x 2 and therefore 75% zeros and 25% of ones are outputted in this case. The observation in the above example leads to another important criteria for Boolean functions used as a nonlinear combining function, which is the concept of c orrelation immunity. Definition 4.2.6 [11] Let x 1, x 2, . . . , xn be a set of independent uniformly distributed bi- nary random variables. A Boolean function f ( x 1, x 2, . . . , xn ) is called m th order correlation 132 4.2 LFSR based stream ciphers and basic definitions immune if for each subset of at most m input variables xi , . . . , x , 1 ≤ i 1 i k 1 · · · ≤ i k ≤ n , k ≤ m , the mutual information between the keystream z = f ( x 1, . . . , xn ) and the subset xi , . . . , x is equal to zero, i.e. I ( z ; x , . . . , x ) = 0 . Expressed in terms of probability we 1 i k i 1 i k have that 1 Prob( xi ⊕ x · · · ⊕ x = z ) = , z ∈ 1 i 2 i k 2, for any k = 1, . . . , m . 2 Another important measure of cryptographical strength of Boolean functions is nonline- arity. The nonlinearity of f , denoted by f , is defined to be the minimum Hamming distance 2 to the set of affine functions. For an n -input variable function the set of affine functions is given as n = { a 1 x 1 ⊕ · · · ⊕ a n x n ⊕ b , a ∈ n ; b 2 ∈ 2}. The set of all n variable linear functions, when b = 0, is denoted by n . Thus, the nonlinearity of f is given by, f = min d H ( f , g ). (4.3) g ∈ n Prof. James Massey formulated it nicely once upon a time “ The linearity is the curse of the cryptographer". Any cryptographic primitive somehow implements Shannon’s con- cept of confusion which for our scheme (almost) directly corresponds to nonlinearity. The linear functions will be represented by means of the scalar (inner) product, n ϕα : x ∈ n −→ α · x = α 2 i x i . i =1 Definition 4.2.7 A t -th order correlation immune function Boolean function f which is balanced is called a t -resilient function. The properties of Boolean functions are most comprehensibly viewed through the W alsh transform. Definition 4.2.8 The W alsh transform of f ∈ n in point α ∈ n is denoted by ( f + ϕ 2 α) and calculated as, α ∈ n −→ ( f + ϕ (−1) f ( x)+ ϕα( x) . (4.4) 2 α) = Wf ( α) = x ∈ n 2 The values of these coefficients form the W alsh-spectrum of f , and clearly f is balanced if and only if Wf (0) = 0. Notice that ϕα( x ) = α · x uniquely identifies one linear function, see also relation (4.5). Exercise 4.2.9 Show that the Hamming distance between a Boolean function f ( x ) and an affine function g ( x ) = α · x + b (α ∈ n and b 2 ∈ 2 ), can be calculated via the Walsh ( transform as d −1) b ( f + ϕα) H ( f , g ) = 2 n−1 − . 2 2The Hamming distance between two binary strings of the same length, say f and g , is the number of positions where these strings differ, i.e., d H ( f , g ) = #{ x | f ( x ) = g ( x )}. Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 133 A closely related concept, known as the Hadamard transform and denoted by W H , sim- f ply uses the values f ( x ) instead of (−1) f ( x), that is W H ( α) = f ( x )(−1) ϕα( x). A simple f x ∈ n 2 relationship between the two transforms is given as an exercise. Exercise 4.2.10 Show that Wf ( α) = −2 W H ( α) + 2 n ∆( α) for any α ∈ n , where ∆( α) = 1 if f 2 α = 0 , and zero otherwise. The values of Walsh and Hadamard spectra of f ∈ n are easily obtained through Wf = Hn f T , respectively, W H = H f n (−1 f ) T , where f T denotes the transpose of the truth table of f and Hn is the Hadamard matrix of size 2 n × 2 n defined recursively, H 1 = 1 1 , H . 1 −1 n = Hn−1 Hn−1 Hn−1 − Hn−1 It is easy to show that H H T = 2 n I and also HT H = 2 n I , where I is the identity matrix whose diagonal elements are ones. The nonlinearity of f ( x ) can be obtained via the Walsh transform as, 1 f = 2 n−1 − max | ( f + ϕα)|. (4.5) 2 α∈ n 2 Lemma 4.2.11 [13] Let f ∈ n and let t be some positive integer. The function f is said to be correlation immune (CI) of order t if and only if ( f + ϕα) = 0 for any a ∈ n such that 2 1 ≤ w t ( α) ≤ t . An important property of the Walsh spectra, referred to as Parseval’s equality [4], states that for any Boolean function f ∈ 2 n , α ( f + ϕ ∈ n α) = 22 n . 2 Exercise 4.2.12 Use a similar technique as in the proof of Proposition 4.2.14 to show Par- seval’s equality. Consider the sum W u ∈ n f ( u ) Wf ( u ⊕ v ) and show it is 22 n if v = 0 and 2 zero otherwise. We illustrate the cryptographic criteria discussed above with a detailed examination of the nonlinear combining function used in the Geffe generator, see also Example 4.2.5. Example 4.2.13 Consider the function f ( x 1, x 2, x 3) = x 1 x 2 + x 2 x 3 + x 3 used in the Geffe generator. The truth table and the Walsh spectra are given in Table 4.1. Note that the linear functions ϕα are determined by x values. For instance the entry ( x 1, x 2, x 3) = (1,0,0) will yield ϕα = ( x 1, x 2, x 3) · (1,0,0) = x 1 . Then, the nonlinearity f = 2 n−1 − 1 max | ( f + 2 α∈ n 2 ϕα)| = 2 . The function is balanced but not correlation immune since ( f + x 1) = ( f + x 3) = 0 . Notice that the Walsh spectra, constrained by Parseval’s equality, is integer valued and obviously we cannot design cryptographically strong Boolean functions by specifying 134 4.2 LFSR based stream ciphers and basic definitions x 1 x 2 x 3 f ( x ) ( f + ϕα) 0 0 0 0 0 0 0 1 0 -4 0 1 0 0 0 0 1 1 1 -4 1 0 0 1 -4 1 0 1 1 0 1 1 0 0 4 1 1 1 1 0 Table 4.1: The truth table and the Walsh spectra of the Boolean function f ( x 1, x 2, x 3) = x 1 x 2 + x 2 x 3 + x 3. the values (placing zeros and controlling maximum values) in the Walsh spectra (even though Parseval’s equality is satisfied). This means that the Boolean space is only a small subspace of a more general mapping from n to . Proposition 4.2.14 Given the Walsh spectra { Wf ( α)} of f ∈ n the inverse Walsh trans- formation can be computed as, (−1) f ( x) = 2− n Wf ( α)(−1) α· x for all x ∈ n . (4.6) 2 α∈ n 2 PROOF. Let us substitute Wf ( α) = ( y ∈ n −1) f ( y )+ α· y in f ( x ) so that, 2 Wf ( α)(−1) α· x = (−1) f ( y )+ α· y (−1) α· x α∈ n α y 2 ∈ n 2 ∈ n 2 = (−1) f ( y ) (−1) α·( x+ y ) y ∈ n α 2 ∈ n 2 = 2 n(−1) f ( x), since since the sum α ( ∈ n −1) α·( x + y ) is equal to zero unless x = y in which case it is equal 2 to 2 n . The statement follows. A special class of functions achieving the upper bound on nonlinearity is known as b ent functions. They exist only for even n and have a uniform spectra, that is, f is bent if and only if Wf ( α) = ±2 n/ 2, for all α ∈ n . It is easily understood that since W 2 α∈ n f ( α)2 = 2 22 n , then { Wf ( α) is minimized with respect to its maximum absolute value if the spectra is flat. These functions are not balanced however, since Wf (0) = ±2 n/ 2, but they posses many other desirable properties and have several connections to difference sets, Kerdock codes, symmetric design etc. (their modified balanced versions are also used in symmet- ric key primitives). Bent functions correspond to strongly distance regular Cayley graphs, this connection is discussed later. Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 135 For any bent function f one may define its dual ˜ f as (−1) ˜ f( x) = 2− n/ 2 Wf ( x ) for all x ∈ n . 2 Proposition 4.2.15 The dual bent function ˜ f of a bent function f is again bent. PROOF. If f is bent the inverse Walsh transform gives, (−1) f ( x) = 2− n α W ∈ n f ( α)(−1) α· x , 2 for all x ∈ n . Replacing W 2 f ( α) = 2 n/ 2(−1) ˜ f ( α) from the definition of ˜ f , we get 2 n/ 2(−1) f ( x) = (−1) ˜ f( α)(−1) α· x = (−1) ˜ f+ α· x = W˜( α), f α∈ n α 2 ∈ n 2 thus W ˜( α) f ∈ {−2 n/ 2, 2 n/ 2} and ˜ f is bent. One class of bent functions of particular importance, known as the Maiorana-McFar- land class, is specified as follows. Let us, for n = 2 k , identify n with k . Suppose 2 2 × k 2 π : k is a permutation and g 2 → k 2 ∈ k . A function f : k 2 × k 2 → 2 defined by f ( x , y ) = x · π( y ) + g ( y ), for all x , y ∈ k , (4.7) 2 is a bent function and this class is denoted as . Proposition 4.2.16 The function f defined by (4.7) is a bent function. PROOF. The Walsh transform at ( a , b ) ∈ k equals to: 2 × k 2 Wf ( a , b ) = (−1) f ( x, y )+( a, b)·( x, y ) = (−1) g( y )+ b· y (−1) x· π( y )+ a· x . x ∈ k y y x 2 ∈ k 2 ∈ k 2 ∈ k 2 For any fixed y the sum ( ( x ∈ k −1) x · π( y )+ a · x = x −1) x·( π( y )+ a) = 0, unless π( y ) = a 2 ∈ k 2 which happens exactly for one y = π−1( a ). In the case π( y ) = a the sum (−1) x·( π( y )+ a) = 2 k , x ∈ k 2 and therefore Wf ( a , b ) = 2 k (−1) g ( π−1( a))+ b· π−1( a), thus f is bent. Notice that the class contains as a subclass a class of bent functions, but it can also generate resilient functions with high nonlinearity. To see this we modify the above definition as follows, Definition 4.2.17 For any positive integers p , q such that n = p + q, a function f ∈ n in the Maiorana McFarland class is defined by f ( x , y ) = φ( y ) · x ⊕ g ( y ), x ∈ p , y ∈ q , (4.8) where φ is any mapping from q to p , g ∈ q is arbitrary. 136 4.3 Equivalence classes of Boolean functions Proposition 4.2.18 Let f be defined as above and for p > q assume that π is injective. q Then, N f = 2 n−1 − 2 p−1 . In addition, if w t ( φ( y )) ≥ t + 1 for all y ∈ then f is t -resilient. 2 q PROOF. Let n = p . All we have to do is to show that max p q 2 2 × 2 ( a, b)∈ | Wf ( a , b ) |= 2 p . 2 × 2 We have, Wf ( a , b ) = (−1) f ( x, y ) + ( a, b) · ( x, y ) = (−1) g( y )+ b· y (−1) φ( y ) · x + a · x. q p q p y ∈ x y x 2 ∈ 2 ∈ 2 ∈ 2 q Then again, for any fixed y ∈ the sum p ( 2 x ∈ −1) φ( y ) · x + a · x = 0, unless π( y ) = a . 2 q Since π is injective then #{ y ∈ : π( y ) = a 2 } is either 0 or 1. In the case π( y ) = a we have p ( x ∈ −1) φ( y ) · x + a · x = 2 p , and the first part follows. The second part is left as 2 an exercise. Example 4.2.19 Let n = 6 , p = 4 , q = 2 and ( x , y ) ∈ 4 . Define injective π : 2 2 × 2 2 2 → 4 2 as π(00) = (1100) , π(10) = (0110) , π(01) = (1010) , π(1) = (10011) . Then, for any fixed y the function f ( x , y ) is a linear function in x 1, . . . , x 4 . More precisely, f ( x , 00) = x 1 + x 2 , f ( x , 10) = x 2+ x 3, f ( x , 01) = x 1+ x 3, f ( x , 11) = x 1+ x 3+ x 4 . Then f is 1 -resilient, d e g ( f ) = 3 (check this !), and f = 24 . More advanced construction methods are not treated here due to their tedious repre- sentation. The currently best known methods are given recently by Pasalic and Zhang based on the use of disjoint linear codes (resilient S-boxes) and a subtle modification of the Maiorana-McFarland construction for resilient Boolean functions. 4.3 Equivalence classes of Boolean functions The group of all invertible 2-linear transformations on n is denoted by G L( n ). Definition 4.3.1 Two Boolean functions f , g ∈ n are said to be affine equivalent if and only if there exist A ∈ G L( n ) and b ∈ n such that g ( x ) = f ( Ax + b ) for all x ∈ n . (4.9) The affine general linear group AG L( n ) consists of all the element of the form ( A, b ). It can be verified that the transformation f ( x ) → f ( Ax + b ) is a group action of AG L( n ) on n . Definition 4.3.2 Two Boolean functions f , g ∈ n are said to be extended affine equiva- lent (EA-equivalent, or, equivalent) if and only if apart from A and b as above there exist µ ∈ n and ε ∈ 2 such that g ( x ) = f ( Ax + b ) + µ · x + ε for all x ∈ n . (4.10) 2 Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 137 Given any two Boolean functions f , g ∈ n deciding whether they are EA-equivalent or not is an important open problem. A direct verification requires a search over all the elements of AG L( n ) and therefore its computational complexity is O(2 n 2). Since an ex- haustive search over all the elements of AG L( n ) is not feasible for n ≥ 7, the decision problem involving equivalence of Boolean functions is attempted by using carefully cho- sen invariants. Algebraic degree of a non-affine Boolean function is an invariant with re- spect to affine transformations and addition of affine functions. Therefore, two Boolean functions with algebraic degree greater than or equal to 2 are EA-inequivalent if their al- gebraic degrees are different. It is well known [3] that the absolute Walsh spectra of any Boolean function f are invariants with respect to the action of AG L( n ) and the addi- tion by an affine function. Unfortunately these invariants are not useful to determine affine inequivalence of Boolean functions having the same algebraic degree and abso- lute Walsh spectra. The problem of classifying Boolean functions and bent functions in particular seems to be elusive. Open Problem 4.3.3 Find new classes of bent functions by proving their affine non-equi- valence to already known classes. The problem may also be viewed in terms of suitable subgroups of permutations of the Walsh spectra. Indeed, since the dual bent function is also bent it implies that either { α : Wf ( α) = 2 n/ 2} = 2 n−1 −2 n/ 2−1 and { α : Wf ( α) = −2 n/ 2} = 2 n−1 + 2 n/ 2−1 or vice versa. This is also related to a group action on the (multi)set of the Walsh spectra. Open Problem 4.3.4 A related concept to the above is so-called algebraic thickness which refers to the most compact representation of a function by its ANF. For instance, the func- tion f ( x 1, . . . , xn ) = x 1 x 2 · · · xn (which is cryptographically disastrous, why ?) is obviously affine equivalent to the function f ( x 1, . . . , xn ) = ( x 1 +1)( x 2 +2) · · · ( xn +1) . While the former contains a single term in its ANF, the latter contains all possible 2 n terms in its ANF. Of course, if we would implement such a function we would prefer the former one. Given any function f ∈ n find efficiently its affine equivalent containing the least number of ANF terms ! 4.4 Vectorial Boolean functions - substitution boxes The n onlinearity of F = ( f 1, f 2, . . . , f m ), denoted by NF , is defined as the minimum among the nonlinearities of all nonzero linear combinations of the component functions of F , i.e., m n l ( F ) = min nl ( τ ∗ j f j ( x )), where τ = ( τ 1, . . . , τm ) ∈ m . (4.11) τ 2 ∈ m ∗ 2 j =1 138 4.4 Vectorial Boolean functions - substitution boxes The algebraic degree of F is defined as the minimum of degrees of all nonzero linear combinations of the component functions of F , namely, m d e g ( F ) = min d e g ( τj f j ( x)). (4.12) τ∈ m ∗ 2 j =1 The two measures defined above in terms of linear combinations of the component func- tions obviously make the design of cryptographically strong vectorial Boolean functions much harder than in the Boolean case. In certain situations one may use additional al- gebraic structures in those cases such structures are available, but usually one prefer to involve the structure of finite fields and to consider mappings F over 2 n so that isomor- phically F : n is equivalent to F : 2 → n 2 2 n → 2 n (once the basis of the finite field is fixed). Example 4.4.1 Consider the mapping F over 2 n , for n odd, given as a polynomial F ( x ) = x 3 , thus 2 n x → x 3 ∈ 2 n . Since gcd(3, 2 n ) = 1 for odd k , F is a permutation. Further- n −1 more, NF = 2 n−1 − 2 2 which is exceptionally high nonlinearity and such functions are called almost bent (AB) for this reason. The mapping x 2 k +1 is also known as Gold map- ping, when gcd( k , n) = 1 . Another important property of substitution boxes is their differential table. Actually, this property of having low uniformity of differentials is of the same importance as nonlin- earity in the design of S-boxes since it leads to differential cryptanalysis which is one of the most powerful cryptanalytic tools. Definition 4.4.2 Let F be an ( n, m ) S-box, that is F : n . For any a 2 → m 2 ∈ n and b ∈ m , we denote δF ( a, b) = #{ x ∈ n, F ( Xn + a) + F ( Xn) = b} (4.13) where # S is the cardinality of any set S. We define δ( F ) = max δF ( a, b). (4.14) a =0, b ∈ n The smaller the δ( F ) , the better the differential properties of F . The above definition is more generally stated in terms of vector space mappings, since when m n where is no corresponding finite field representation. In the Boolean case, when m = 1, the above differentials are commonly denoted as Da, f ( x ) = f ( x + a ) + f ( x ), which is a derivative of f in direction a = 0, and obviously Da, f ( x ) ∈ n . Exercise 4.4.3 Show that if deg( f ) = d then deg( Da, f ) ≤ d − 1 . Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 139 Referring back to our finite filed representation we now assume that n = m and consider the derivative of F ( x ) ∈ 2 n [ x ] (the ring of polynomials with coefficients in n ). That 2 is, for F ( x ) ∈ 2 n [ x ] we consider the number of solutions to F ( x + a ) + F ( x ) = b , where a ∈ ∗2 n and b ∈ 2 n . Notice that if x 0 is a solution to this equation for some fixed a and b then x 0 + a is a solution as well. Also, if a is fixed then clearly δ b ∈ F ( a , b ) = 2 n . 2 n Therefore, the functions for which δ( F ) = 2 attains the lowest possible differential spectra and are called almost perfect nonlinear (APN) functions. Remark 4.4.4 The term perfect nonlinear functions is reserved for polynomials over q where the prime characteristic of the filed p = 2 . In this case, there exists mappings F ( x ) ∈ q [ x ] such that F ( x + a ) − F ( x ) is a permutation over Fq for any a ∈ ∗ , thus F ( x + a ) − q F ( x ) = b has exactly one solution for any a ∈ ∗ and b ∈ q q . Such mappings are called planar mappings and the known classes mainly come from linearized polynomials. For instance, the mapping F ( x ) = x 2 is planar over pn , for p = 2 , since F ( x + a ) − F ( x ) = x 2 +2 a x + a 2 − x 2 = 2 a x + a 2 due to the fact that αx + β is a permutation over pn for any nonzero α and any β . Example 4.4.5 Let F ( x ) = x 3 over 2 n , where n is odd. Then, F is an APN permutation. The permutation property being clear, we need to show that F ( x + a ) + F ( x ) = b admits at most two solutions for any a ∈ ∗2 n and b ∈ 2 n . Indeed, F ( x + a ) + F ( x) = ( x + a )3 + x 3 = a x 2 + a 2 x + a 3 so that a x 2 + a 2 x + a 3 = b is of degree 2 and can have at most two solutions in the field. Since for any α ∈ 2 n we have α 2 n−1 = 1 it is sufficient to consider polynomials of de- gree up to 2 n − 1, that is the polynomials of the form F ( x ) = 2 n −1 a i =0 i x i , where a i ∈ 2 n . Notice that this global degree of a polynomial in 2 n [ x ] does not correspond to the al- gebraic degree of F defined previously. More precisely, the algebraic degree of F corre- sponds to the largest Hamming weight of i for which a i = 0, see Carlet [1] which is an excellent reference for all topics treated here. To realize this consider F ( x ) = x 4 over 2 n whose algebraic degree is only 1 since it belongs to the class of linearized polynomials over the finite filed of the form L( x ) = n −1 a i =0 i x 2 i . If α 1, . . . , αn is a basis of 2 n (through the isomorphism of n and 2 2 n ) so that any element x ∈ 2 n can be uniquely represented as x = x 1 α 1 + . . . + xn αn , where xi ∈ 2, then, x 4 = ( x 1 α 1 + . . . + xn αn )4 = x 4 α 4 + . . . + x 4 α 4 = x + ... + x , 1 1 n n 1 α 4 1 n α 4 n since in the Boolean ring x 2 = x , i i . In this representation we actually consider F : n 2 → n 2 where x = ( x 1, . . . , xn ) → ( f 1( x 1, . . . , xn ), . . . , f n ( x 1, . . . , xn )), and each f i is a linear Boolean function. Notice that α 4, . . . , α 4 is just a linear transformation of the basis (Forbenius 1 n automormhism). 140 4.5 Vectorial bent functions Example 4.4.6 Let F ( x ) = x 3 over 23 defined by a primitive polynomial p ( x ) = x 3 + x + 1 over 2 . Let α be primitive element of 23 , i.e., α 3 = α + 1 and let {1, α, α 2} be a polynomial basis of 23 . Then the component functions of F ( x ) = 1 · f 1( x 1, x 2, x 3) + αf 2( x 1, x 2, x 3) + α 2 f 3( x 1, x 2, x 3) are derived as, F ( x ) = x 3 = ( x 0 + αx 1 + α 2 x 2)3 = = ( x 0 + αx 1 + α 2 x 2)( x 0 + αx 1 + α 2 x 2)2 = = ( x 0 + αx 1 + α 2 x 2)( x 0 + α 2 x 1 + α 4 x 2) α 3= α+1 = ... = ( x 0 + x 1 + x 2 + x 1 x 2) + α( x 1 + x 0 x 1 + x 0 x 2) + α 2( x 2 + x 0 x 1) Notice that the algebraic degree of F above is 2 since the binary (Hamming) weight of 3 is w t (3) = 2. Concludingly, even though x 3 is an APN permutation and an AB function as well (thus achieving the maximum nonlinearity) its algebraic degree is low and therefore its use in block ciphers is not recommended. We conclude this section with one of the most elegant problem in the theory of finite fields (related to cryptography) which is the existence of APN permutations for even n . Open Problem 4.4.7 For even n > 6 , find a class (or single function) which is an APN permutation or disprove their existence !! Only recently, Dillon [2] exceptionally confirmed the existence of such mappings for n = 6 using very sophisticated connections with coding theory. 4.5 Vectorial bent functions While the construction of Boolean bent functions (at least those in class was easy and generic, the construction of F : n is not that obvious. Now we have to ensure 2 → k 2 that for F ( x ) = ( f 1( x ), . . . , f k ( x )) all nonzero linear combinations of the form a 1 f 1( x ) + . . . + a k f k ( x ) are bent, where f i are Boolean functions. The bound on k for which it is possible to find such a collection was given by Nyberg [8], that is, k ≤ n/ 2. The design of such functions achieving the upper bound on k , that is k = n/ 2, was only given in terms of sequences and the representation of these functions in [14] is not univariate (meaning that their representation as polynomials over finite fields is unclear). In a recent work [7], the structure of the cyclic group of the 2 k + 1 roots of the unity was used to derive one complete class of vectorial bent functions F : n in a univariate representation. 2 → n / 2 2 Let us define the trace function Tr n : m 2 n → 2 m , a mapping to a subfield 2 m when m | n, is defined as Tr n ( x ) = x + x 2 m + x 22 m + . . . + x 2( n/m−1) m , for all x ∈ m 2 n . (4.15) The absolute trace Tr n : 1 2 n → 2, also denoted by T r , then maps to the prime field. Let also n = 2 k , and denote by L the field 2 n and its subfield 2 k by K . Let = Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 141 { u ∈ L : u 2 k +1 = 1} be the cyclic subgroup of L of order 2 k + 1, which is essentially the group of (2 k + 1)th primitive roots of unity. Then, α 2 k −1 = β is a generator of , and = { αs(2 k−1), s = 0,...,2 k }, where α ∈ L is a primitive element. Now, any ele- ment x ∈ L∗ can be uniquely represented as x = γu , where γ ∈ K ∗ and u ∈ , and furthermore ∪ u ∈ u K ∗ = L∗. For convenience, we denote P( x ) = t a i =1 i x i (2 k −1) so that F ( x ) = Tr n ( P( x )). The following result specify three equivalent necessary and sufficient k conditions (we only state two here) for F to be vectorial bent [7]. Theorem 4.5.1 Let n = 2 k , and define F ( x ) = Tr n ( P( x )) , where P( x ) = t a k i =1 i x i (2 k −1) and t ≤ 2 k . Then the following conditions are equivalent: 1. F is a vectorial bent function of dimension k . 2. ( ( λF ( u )) = 1 for all λ u ∈ −1) Trk 1 ∈ K ∗ . 3. There are two values u ∈ such that F ( u ) = 0 , and furthermore if F ( u 0) = 0 , then F is one-to-one and onto from 0 = \ u 0 to K . The proof is rather tedious but relies on the nice property of the exponents (known as Dillon exponent) of the terms x i (2 k −1). Indeed, since x ∈ G F (2 n ) can be written as x = u y for u ∈ U , y ∈ G F (2 k ), then F ( u y ) = t a a i =1 i ( u y ) i (2 k −1) = t i =1 i u i (2 k −1) = F ( u ), as y i (2 k −1) = 1 for any y because y ∈ K ∗. This means that F is constant on any coset u K ∗ which makes the analysis much easier. Exercise 4.5.2 (Semi-hard) Show the item (2) above by using the fact that F is vectorial bent if and only if WF ( λ, σ) = ±2 k for any λ ∈ K ∗ and any σ ∈ L. Here, WF ( λ, σ) = ( ( λF ( x))+ Tr k ( σx) 1 . Use the representation x = u γ for the elements in L∗ , and that x ∈ L −1) Tr k 1 F ( u γ) = F ( u ) for any γ ∈ K ∗ . Thus WF ( λ, σ) can be therefore written (using F (0) = 0 ) as 1 + ( λF ( u γ))+ Tr k ( σu γ) 1 ... u ∈ U γ∈ K ∗ (−1) Tr k 1 We conclude this part by mentioning that there exist various generalizations of the con- cept of bent functions, for instance one may naturally define F : n → n , for prime p p p = 2, but this requires a modification of the main cryptographic notions. 4.6 Graph theoretic aspects of Boolean functions Let G be a multiplicative group of order v . A k -subset D of G is a ( v, k , λ, µ) partial difference set (PDS) if each non-identity element in D can be represented as g h−1 ( g , h ∈ D, g = h) in exactly λ ways, and each non-identity element in G \ D can be represented as g h−1 ( g , h ∈ D, g = h) in exactly µ ways. We shall always assume that the identity element 1 G of G is not contained in D. Using the language of group ring algebra R[ G ], 142 4.6 Graph theoretic aspects of Boolean functions a k -subset D of G with 1 G ∈ D is a ( v, k , λ, µ)-PDS if and only if the following equation holds: DD(−1) = ( k − µ)1 G + ( λ − µ) D + µG , (4.16) where in R[ G ] we denote D = d d g ∈ G g g and D ( t ) = g ∈ G g g t , for d g ∈ R . Combinato- rial objects associated with partial difference sets are strongly regular graphs. A graph Γ with v vertices is called a ( v, k , λ, µ) strongly regular graph (SRG) if each vertex is adjacent to exactly k other vertices, any two adjacent vertices have exactly λ common neighbours, and any two non-adjacent vertices have exactly µ common neighbours. Given a group G of order v and a k -subset D of G with 1 G ∈ D and D−1 = D, the graph Γ = ( V, E ) is called the Cayley graph generated by D in G and is defined as follows: 1. The vertex set V is G ; 2. Two vertices g , h are joined by an edge if and only if g h−1 ∈ D. The following result links together the notions of partial difference set and the property of a graph being strongly regular. Theorem 4.6.1 [13] Let Γ be the Cayley graph generated by a k -subset D of a multiplica- tive group G with order v . Then Γ is a ( v, k , λ, µ) strongly regular graph if and only if D is a ( v, k , λ, µ) -PDS with 1 G ∈ D and D−1 = D. Note that in the binary case, when Boolean functions f : n 2 → 2 are considered, the Cayley graph is induced with respect to a subset of the elementary additivie Abelian 2- group n . Since the condition that for d 2 ∈ D we must have − d ∈ D, any D ⊆ 2 n will define the Cayley graph (each element is its own additive inverse) so that there is an edge between g and h if and only if h ⊕ g ∈ D. The Cayley graph Γ f = ( n , E 2 f ) associated to a Boolean function f is defined by selecting D = { x ∈ n : f ( x ) = 1 2 } ( D is called the support set of f ) and defining the set of edges as, E f = {( u , w ) ∈ n × n | f (u ⊕ w) = 1}, 2 2 where for convenience we use the boldface to denote the elements of n so that u = 2 ( u 1,..., un). The operation ⊕ over n is of course the componentwise modulo 2 addition. 2 Furthermore, we specify the elements of n by using the decimal representation of their 2 indices, thus u0 = (0, . . . , 0), u1 = (1, . . . , 0), . . ., u2 n−1 = (1,...,1). A graph is called r egular of degree (valency) r if every vertex has degree (valency) r , that is, the number of edges incident to it is r . The Cayley graph Γ f associated to any Boolean function f is obviously D regular. On the other hand, such a graph with parameters ( n , D, d , e ) is called s trongly regular graph (SRG) if there exist nonnegative 2 integers e , d such that for all vertices u , v the number of vertices adjacent to both u and v is e if u , v are adjacent, respectively, this number is d if u , v are nonadjacent. An easy Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory 143 counting argument shows that D( D − d −1) = e ( v − D −1). Notice that in general strongly regular graphs appear to be difficult to investigate. The adjacency matrix A f of size 2 n × 2 n is the matrix whose entries are Ai, j = f (u i ⊕ u j ), thus Ai, j = 1 if and only if u i and u j are connected. Given a graph Γ f and its adjacency matrix A f the s pectrum Sp e c (Γ f ) is the set of eigenvalues of A f . The following result specifies the eigenvalues in terms of Walsh coefficients and vice versa. Theorem 4.6.2 Let f : n 2 → 2 , and let λi , 0 ≤ i ≤ 2 n − 1 be the eigenvalues of its associ- ated graph Γ f . Then λi = Wf (b i ), for any i . PROOF. The eigenvectors of the Cayley graph Γ f are the characters Qw( x ) = (−1)w· x of n . Moreover, the i -th eigenvalue of A is given by 2 f , corresponding to the eigenvector Qb i λi = ( x ∈ n −1)b i · x f ( x ) = Wf (b i ). 2 It is known that a connected r -regular graph is strongly regular if and only if it has exactly three distinct eigenvalues λ 0 = r (or λ 0 = D in our notation) and λ 1, λ 2. Further- more, we have the following e = r + λ 1 λ 2 + λ 1 + λ 2 and d = r + λ 1 λ 2. It can be shown that bent functions, thus n is even, are the only Boolean functions whose associated Cayley graph is a strongly regular graph with e = d . In particular, for bent functions we have λ 2 = − λ 1 = 2 n/ 2−1 and λ 0 = D = 2 n−1 ± 2 n/ 2−1. Exercise 4.6.3 For n = 4 verify that f ( x 1, . . . , x 4) = x 1 x 2+ x 3 x 4 is a bent function. Compute the parameters e = d . An additional property of bent functions is related to the notion of the triangle-free property. In other words, a graph is triangle-free if there are no paths of the form x y z x , where the vertices x , y , z are distinct. It can be shown that if Γ f is triangle-free then f cannot be bent. But this property cannot be used for distinguishing the bent property of Boolean functions since the converse is not true. That is, there are functions whose graphs contain (many) triangles but they are not bent. 4.7 References [1] C. Carlet, B oolean Functions for Cryptography and Error Correcting Codes. Cam- bridge University Press, 2010. [2] J. Dillon, APN polynomials: An update. In F q9, the 9th International Conference on Finite Fields and Applications, 2009. [3] J. F. Dillon, Elementary Haddamard Difference Sets. Ph. D. thesis, University of Maryland, U.S.A., 1974. [4] F. J. MacWilliams and N. J. A. Sloane, T he Theory of Error-Correcting Codes. North- Holland, Amsterdam, 1977. 144 4.7 References [5] J. L. Massey, Shift-register synthesis and BCH decoding. I EEE Trans. on Inform. Theory, IT-15(1):122–127, 1969. [6] A. Menezes, P. van Oorschot, and S. Vanstone, H andbook of Applied Cryptography. CRC Press, Boca Raton, 1997. [7] A. Muratovic-Ribic, E. Pasalic, and S. Bajrić, An analysis of multiple output trace bent functions with nonlinear Niho exponents using symmetric polynomials. I EEE Trans. on Inform. Theory, IT-60(2):1337–1347, 2014. [8] K. Nyberg, Perfect nonlinear S-boxes. In A dvances in Cryptology—EUROCRYPT’91, volume LNCS 547, pages 378–385. Springer-Verlag, 1991. [9] C. E. Shannon, A mathematical theory of communication. B ell System Technical Journal, Vol. 27:379–423 (Part I) and 623–656 (Part II), 1948. [10] C. E. Shannon, Communication theory of secrecy systems. B ell System Technical Journal, Vol. 27:656–715, 1949. [11] T. Siegenthaler, Correlation-immunity of nonlinear combining functions for crypto- graphic applications. I EEE Trans. on Inform. Theory, IT-30:pages 776–780, 1984. [12] G. J. Simmons, C ontemporary Cryptology. Wiley-IEEE Press, New York, 1999. [13] G-Z. Xiao and J. L. Massey, A spectral characterization of correlation-immune com- bining functions. I EEE Trans. on Inform. Theory, IT-34:569–571, 1988. [14] A. M. Youssef and G.. Gong, Hyper-bent functions. In A dvances in Cryptology— EUROCRYPT 2001, volume LNCS 2045, pages 406–419. Springer-Verlag, 2001. 2014 PhD Summer School in Discrete Mathematics 2 3 5 7 11 13 17 19 23 29 31 37 41 89 97 101 103 107 109 113 127 131 137 139 149 151 157 173 179 181 191 193 197 199 211 223 227 229 233 239 241 251 257 263 269 271 277 281 283 293 30 53 359 367 373 379 383 389 397 401 409 419 421 431 433 439 443 449 457 461 463 467 479 487 491 499 503 509 521 523 541 547 557 563 569 571 577 587 593 599 601 607 613 617 619 631 641 643 647 653 6 Založba Univerze na Primorskem Titov trg 4, SI-6000 Koper www.hippocampus.si zalozba@upr. si Not for sale Mark Ellingham ■ Mariusz Meszka ■ Primož Moravec ■ Operacijo delno fi nancira Evropska unija, in sicer iz Evropskega Enes Pasalic socialnega sklada. Projekt se izvaja v okviru Operativnega progra- ma razvoja človeških virov 2007-2013, razvojne prioritete 3: “Razvoj človeških virov in vseživljenjskega učenja”; prednostne usmeritve 3.3 “Kakovost, konkurenčnost in odzivnost visokega šolstva”. FAMNIT LECTURES ■ FAMNITOVA PREDAVANJA ■ 3 Document Outline 2014 PhD Summer School in Discrete Mathematics (Front Cover) 2014 PhD Summer School in Discrete Mathematics (Title Page) Colophone Preface Contents Mark Ellingham: Construction Techniques for Graph Embeddings Embeddings of graphs Voltage graphs Current graphs Bouchet's diamond sum Transition graphs Surgery Connections with design theory Bouchet's covering triangulations References Mariusz Meszka: Combinatorial Designs Balanced incomplete block designs Latin squares Pairwise balanced designs and group divisible designs Steiner triple systems Resolvable designs Other classes of designs Affine and projective planes Cycle systems G-designs t-designs Room squares Hadamard matrices and designs References Primož Moravec: Some Topics in the Theory of Finite Groups Introduction Basic notions and examples Groups Examples of groups and GAP Automorphisms Group actions and Sylow's theorems An estimate of the number of finite groups Jordan-Hölder theorem How to draw a group? Problems Finite simple groups Faithful primitive actions and Iwasawa's Lemma Symmetric groups and alternating groups Simplicity of projective special linear groups On the classification of finite simple groups (CFSG) Problems Some extension theory Basic notions Semidirect products Extensions with abelian kernels The Schur-Zassenhaus theorem Problems Nilpotent groups and p-groups Nilpotent groups Finite p-groups Enumeration of finite p-groups Coclass Problems References Enes Pasalic: Symmetric Key Cryptography and its Relation to Graph Theory Introduction LFSR based stream ciphers and basic definitions Equivalence classes of Boolean functions Vectorial Boolean functions - substitution boxes Vectorial bent functions Graph theoretic aspects of Boolean functions References