Groups are algebraic structures which are set and has a binary operation that combines two elements of the set to produce a third element in the set. The operation is said to have following properties:

  1. Closure
  2. Associative:
  3. Existence of Identity element:
  4. Existence of inverse element for every element of the set:

Groups which satisfy an additional property: commutativity on the set of elements are known as Abelian groups. One very obvious question that comes to mind is Why abelian varieties are so significant in cryptography ? I mean, first these structures provide perfect abstractions to instantiations of them like a group of integers , and due to this abstraction, we can prove theorems for these structures that won’t be possible without introducing their properties like commutativity in abelian groups.1

Other properties regarding groups are very significant in cryptography like unique identity element and unique inverse element.

Example: is an abelian group while is not a group as it doesn’t satisfy inverse element property.

Now, set underlying the group can have finite elements, namely Finite Groups. For example: , having elements .

Cyclic Groups

Finite groups that can be represented as , i.e. a generator , which can create the complete set with the group operation.

Lagrange’s theorem: states that for any finite group , order of every subgroup divides order of group . Formally, for being subgroup of ,

Cauchy’s theorem: states that let be a finite group, and a prime dividing , then contains a subgroup of order .

Note: when the group is abelian, i.e. the group operation supports commutativity, the group operation is written mostly additively.

Fundamental theorem of finite cyclic groups: if is a finite cyclic group such that , and , then, refers to unique finite cyclic subgroup of with order . Proof of above theorem follows from Lagrange’s theorem.


It’s the ratio of order of the curve group and order of the subgroup . Usually, cofactor should be very small in order to avoid subgroup attacks on discrete logarithms. But in pairing-based cryptography, the cofactors of , and can be very large.

By multiplying by the cofactor, a point on the curve is mapped to the appropriate group known as cofactor clearing. Cofactors for and are as follows:


  1. link contains beautiful answers about why these different varieties of a mathematical structure is needed.