Subgroup test

In abstract algebra, the one-step subgroup test is a theorem that states that for any group, a nonempty subset of that group is itself a group if the inverse of any element in the subset multiplied with any other element in the subset is also in the subset. The two-step subgroup test is a similar theorem which requires the subset to be closed under the operation and taking of inverses.

One-step subgroup test

Let $G$ be a group and let $H$ be a nonempty subset of $G$ . If for all $a$ and $b$ in $H$ , $ab^{-1}$ is in $H$ , then $H$ is a subgroup of $G$ .

Proof

Let G be a group, let H be a nonempty subset of G and assume that for all a and b in H, ab⁻¹ is in H. To prove that H is a subgroup of G we must show that H is associative, has an identity, has an inverse for every element and is closed under the operation. So,

Since the operation of H is the same as the operation of G, the operation is associative since G is a group.
Since H is not empty there exists an element x in H. If we take a = x and b = x, then ab⁻¹ = xx⁻¹ = e, where e is the identity element. Therefore e is in H.
Let x be an element in H and we have just shown the identity element, e, is in H. Then let a = e and b = x, it follows that ab⁻¹ = ex⁻¹ = x⁻¹ in H. So the inverse of an element in H is in H.
Finally, let x and y be elements in H, then since y is in H it follows that y⁻¹ is in H. Hence x(y⁻¹)⁻¹ = xy is in H and so H is closed under the operation.

Thus H is a subgroup of G.

Two-step subgroup test

A corollary of this theorem is the two-step subgroup test which states that a nonempty subset of a group is itself a group if the subset is closed under the operation as well as under the taking of inverses.

gollark: If you do *not* use that, then people can store a bunch of precalculated mappings from hashes to original passwords (rainbow tables, yes) and work out the original.

gollark: That's why salts are recommended (they're a bit of extra data you store along with the password and feed to the hash function when hashing it in the first place and comparing passwords with the hash).

gollark: The main attack on this is that you can, sometimes even using dedicated ASICs/FPGAs, run hashes *very fast* on a lot of possibilities and figure out what the original password was.

gollark: Yep!

gollark: The point is that for one hashed input you always have the same output, so you can compare values without storing what they originally were.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.