Why are finite groups used in cryptography?

Question

Most of the cryptographic schemes I know are all based on group theory, e.g. they use finite groups. Can someone explain why is that the case? And why not base the schemes on elements and operations say from natural numbers or some other infinite sets? E.g. $\mathbb{Q, Z, R}$?

Answer 1

Can someone explain why is that the case?

Cryptosystems based on finite sets have two very nice properties:

• There is an upper bound to the size of all involved mathematical objects. This also allows one to predict things like memory usage rather well. This also means that the precision / memory you need can't grow arbitrarily / infinitely.
• You can actually draw numbers at random according to some distribution. You can't draw a number uniformly at random from the natural numbers because you'd have probability $0$ of drawing any single specific one. Also in theory if you wanted to sample a normal distribution, you could get $10^{10^{100}}$ drawn (even though that's unlikely) which also brings back the first point.

Answer 2

Mostly, I would say that finite groups get used in crypto because they're a good way to describe things that naturally appear in many crypto schemes.

For example, going way back to the early days of cryptography, consider the simple Caesar cipher, where you replace every letter with the one $n$ positions after it in the alphabet, wrapping around from Z back to A. I'm sure that Julius Caesar (or whoever actually came up with this encryption scheme in the first place) had no idea what a "finite group" was, or that their cipher was equivalent to addition in such a group. But it is, anyway.

More generally, many of the things one works with in cryptography — letters of the alphabet, decimal digits, bits, bytes, $n$-bit strings, etc. — come in finite sets. And it's pretty easy to define a group operation on such sets; so easy that you can do it without even realizing it. Also, any invertible function from a finite set to itself, even if not a group operation on the original set itself, is automatically a permutation and thus an element of the permutation group over that set, so groups will inevitably sneak in that way, too.

As for why not work with infinite sets (or groups) like the integers, one major reason is that often in cryptography you'll want to pick a random element (e.g. a key) from the set you're working with, with each element being equally likely (i.e. with a uniform distribution). That's (relatively) easy if the set is finite, but impossible for most infinite sets.

And, of course, one cannot really represent most elements of an infinite set on a finite computer (or on paper, etc.), either. So it makes practical sense to work with sets of things that are representable, and those are always finite.