AUSTRALASIAN JOURNALajc.maths.uq.edu.au/pdf/44/vol44v03.pdf · 2013-05-22 · Alice, Bob, and Cathy...

THE

AUSTRALASIAN

JOURNAL

OF

COMBINATORICS

CMSA (Inc.)

VOLUME 44

JUNE, 2009

ISSN 1034-4942

ISSN 1034-4942

The Australasian Journal of Combinatorics

Correspondence relating to manuscripts and submissionsshould be sent to [email protected]

If e-mail access is unavailable,two paper copies of submissions may be sent to:

Dr E.J. Billington,Australasian Journal of Combinatorics,

Department of Mathematics,The University of Queensland,Queensland 4072, Australia.

Correspondence relating to subscriptions or accountsshould be addressed to:

The Financial Manager, Professor P. Adams,Australasian Journal of Combinatorics,

Department of Mathematics,The University of Queensland,Queensland 4072, Australia.

In this volume, subscription informationappears on page 320.

COPYING PERMISSION

Any individual may photocopy one copy of any paper in this volumefor purposes of individual study or research. There is no charge.

Copyright c© 2009 Combinatorial Mathematics Society of Australasia (Inc.)All rights reserved.

Printed in Australia byWatson Ferguson & Company, Qld.

AUSTRALASIAN JOURNAL OF COMBINATORICSVolume 44 (2009), Pages 3–17

Avoiding bias in cards cryptography

M.D. Atkinson H.P. van Ditmarsch∗

Computer ScienceUniversity of Otago

New [email protected] [email protected]

S. Roehling

Department of Electrical and Computer EngineeringUniversity of Auckland

New [email protected]

Abstract

Public key cryptography bases its security on mathematical problemsthat are computationally hard to solve. There are also cryptographic pro-tocols wherein discovering the secret is not too complex given the currentstate of technology, but logically impossible. One approach involves theuse of a random deck of cards for such protocols. The messages in theprotocol consist of announcements made by the two players attemptingto exchange a secret. In that approach one may require that these twoplayers can communicate their holding of cards to each other without theremaining players (eavesdroppers) learning a single card in these hold-ings. In past work we described combinatorial axioms to achieve that.The eavesdroppers may still be able to make an educated guess aboutindividual card occurrence (card ownership). In this work we focus onovercoming such bias. From the perspective of cryptography there aretwo ways to do that: either use protocols that produce announcementsthat are unbiased for card occurrence, or use protocols that ensure thatthere is no relation between patterns in the announcement, such as cardoccurrence, and the actual holding. We focus on the first. We devisean additional requirement for the announcement in order to eliminatethe possibility of making educated guesses. To that effect we proposean additional combinatorial axiom CA4, and we give a method to designannouncements that meet this requirement. Additionally, we present un-biased protocols for incidental cases.

∗ Also at CNRS Institut de Recherche en Informatique de Toulouse, Université Paul Sabatier,France. Currently at Computing Science, University of Aberdeen, Scotland.

4 M.D. ATKINSON, H.P. VAN DITMARSCH AND S. ROEHLING

1 Introduction

Public key cryptography bases its security on mathematical problems that are com-putationally hard to solve, such as the discrete logarithm problem or factoring theproduct of two large primes. Advances in technology and new discoveries in math-ematics make it more feasible to solve these problems, i.e. it becomes more feasibleto break the encryption.

There are also cryptographic protocols wherein discovering the secret is not toocomplex given the current state of technology, but logically impossible. These cryp-tographic protocols are developed with computationally unlimited agents in mind.It is impossible for the attacker to learn the secret from the communication, but itis possible for the sender and receiver to share the secret. This is on the assumptionthat sender and receiver already share some other information prior to the start ofthe protocol. One such approach involves the use of a random deck of cards. In thatcase it is common knowledge that for all cards, if a player holds that card, no otherplayer holds it. There are also relations to bit-exchange protocols using card deals[5] and to cards cryptography for computations with committed bits as in Stiglic[10].

The general scenario is as follows: Two agents, Alice and Bob, draw a and b cardsfrom a deck of a+b+c cards, and Cathy, the attacker (a.k.a. Eve, the eavesdropper),receives the remaining c cards. Alice wishes to communicate her cards to Bob bymaking a public announcement without informing Cathy of any of her cards. Theinvestigation of the generalised problem with parameters (a, b, c) was inspired byits (3, 3, 1) instance that was coined in [12] the Russian Cards problem. This isbecause the (3, 3, 1) instance was presented as a problem at the Moscow MathematicalOlympiad in 2000. But it is older than that: it is a classic in design theory byKirkman [8].1

Previous work on the Russian Cards problem involved using epistemic logic todescribe its properties and to find its solutions [12; 13], including the analysis ofprotocols wherein Alice communicates her hand of cards to Bob with more than oneannouncement, depending on Bob’s response to her initial announcement. In vanDitmarsch’s [12] it is shown that however Alice structures her announcement, it al-ways corresponds to an announcement of the form “I hold one of the following hands:. . . ”. The generalised version has also been investigated by Albert et al. [1]; theydevise combinatorial analogues CA1, CA2 and CA3 of the epistemic requirements forAlice to communicate her hand of cards safely to Bob, and they have found variousmethods to construct ‘good announcements’ that satisfy these combinatorial axioms.

For the (3, 3, 1) instance, suppose Alice announces that she holds one of {012, 034,056, 135, 246} (by 012 we mean the set {0, 1, 2}, etc.). Her announcements are sup-posed to be truthful, and her actual hand must therefore be among those five. No

1The (maximal) solution is found on the very first pages of standard textbooks in design theoryas [15] and [11]. Its roots can (at least. . .) be traced back to Kirkman [8] where the solution is foundon page 194 as Q7; Qi is the maximum set of triples made from i points such that no pair occursmore than once. Kirkman is better known for Q15, the Fifteen Schoolgirls Problem, which is foundon the next page in [8].

AVOIDING BIAS IN CARDS CRYPTOGRAPHY 5

matter which of those Alice holds, and no matter what Bob holds, he can infer Alice’scards. For example, if Bob held 126, then he could eliminate 012, 056, 135 and 246,leaving only 034, that must therefore be Alice’s actual hand. And no matter whatCathy holds, she cannot infer any card of Alice or Bob. Say Cathy held card 5, thenshe could eliminate 056 and 135, leaving her with 012, 034 and 246 for Alice’s handand (by considering the remaining cards) 346, 126 and 013 for Bob’s hand. One canestablish that the combinatorial axioms CA1, CA2 and CA3 are indeed satisfied, andthat this is therefore a good announcement.

Also for the (3, 3, 1) instance, and supposing Alice holds 034, she could announcethat she holds one of {012, 034, 056, 135, 146, 236, 245}. This is a seven-hand an-nouncement. We can similarly to the method demonstrated in the previous para-graph establish that this is a good announcement.

Some of the constructions proposed by Albert et al. in [1], while not giving awayenough information for Cathy to determine any card held by Alice or Bob, appear toresult in situations where Cathy can make an educated guess based on the relative fre-quency of the cards. For example, consider again the announcement for (3, 3, 1) givenas {012, 034, 056, 135, 246}. Card 0 occurs three time in this announcement, and theother cards only twice. On the assumption that all holdings in the announcementare equally likely to be the actual one, it seems reasonable for an outside observerto conclude that it is more likely for Alice to hold card 0 than another card. Theeavesdropper Cathy is not exactly an outside observer. She also holds a card. Ifthat were card 0, the tentative conclusion of the outsider evaporates, as Alice nowcannot hold card 0: Cathy can exclude all but 135 and 246 from the announcement.All cards occur just once in these two holdings, and she has no reason to prefer oneover the other. If instead Cathy holds card 3, she can exclude all but 012, 056 and246 from the announcement. Among these, card 6 occurs more often than card 1. Itis now attractive for Cathy to conclude that Alice is more likely to hold card 6 thancard 1—and that would be justified if Alice produced her announcement based onone of these three holdings, although, again, only on the assumption that all suchannouncements are equally likely to be produced. In other words: even though theannouncement is unbiased with respect to holdings, the announcement may be biasedwith respect to card occurrences, or otherwise biased with respect to patterns in theannouncement, and this information may be valued by the eavesdropper (attacker)Cathy. The other announcement, {012, 034, 056, 135, 146, 236, 245}, does not containcard occurrence bias.

From the perspective of cryptography there are two ways to overcome such bias:either use protocols that produce announcements that are unbiased for card oc-currence (or more complex patterns), or use protocols that (may) produce biasedannouncements but ensure that there is no relation between patterns in the an-nouncement, such as card occurrence, and the actual holding. We focus on the first,in Section 2, using design theory. We devise an additional requirement for the an-nouncement in order to eliminate the possibility of making educated guesses. To thateffect we propose an additional combinatorial axiom CA4. We give a method to de-sign announcements that meet this requirement, unbiased announcements therefore,and we prove some relevant results. Those are our main contributions. Additionally,


in Section 3, we present unbiased protocols for the (3, 3, 1) case, counteracting singlecard occurrence bias in announcements.

2 Unbiased announcements

2.1 Combinatorial axiom CA4

We will use terminology as in [1]. Cards are commonly referred to as points, areall distinct, and are labeled with consecutive natural numbers. The set of all cards(or deck of cards) is denoted by Ω. An i-set is a set of i cards. A possible holding(or hand) of Alice is called a line (in other words, a line is an a-set). Thus, anannouncement L by Alice consists of one or more lines. We write X, Y, Z for i-sets,x, y, z for points in such sets, and in particular also L for a-sets (lines). Alice, Bob,and Cathy hold, respectively, a, b, and c cards. These are the parameters of the carddeal, for which we write (a, b, c). ‘Elimination’ refers to Cathy or Bob eliminatingthose lines from the announcement that are impossible holdings for Alice becausethey contain one or more of their own cards.

Albert et al. [1] proposed three axioms CA1, CA2, and CA3, that correspond tothe informal requirements given in the problem description for Alice to inform Bob ofher cards. An announcement satisfying those axioms is called a good announcement.A good announcement guarantees that it is common knowledge among Alice, Bob,and Cathy that Bob knows Alice’s holding. The axioms are as follows (CA standsfor ‘Combinatorial Axiom’).

CA1 For every b-set X there is at most one line in L that avoids X.CA2 For every c-set X the lines in L avoiding X have empty intersection.CA3 For every c-set X the lines in L avoiding X have union consisting of all cards

except those of X.

Combinatorial Axiom 1 states that, given the announcement, Bob must be ableto infer what Alice is holding. In order for Bob to figure out which line of theannouncement is Alice’s holding, he has to eliminate lines from the announcementbased on his knowledge of his own cards. For example, because cards are distinct,if Bob holds card 4, then he can eliminate all lines that contain card 4 since thosecannot be a possible holding of Alice. Similarly, Bob can eliminate any other linethat contains a card that he himself holds. A line in the announcement that containsnone of the cards held by Bob is said to avoid Bob’s hand (here denoted by b-setX). If there are two or more such lines in the announcement, then Bob is left withmore than one possibility for Alice’s hand and cannot state with certainty which isthe correct one. Therefore, there should be at most one line in the announcementthat avoids Bob’s hand. (As we are assuming that the announcement is truthful andthat Alice’s hand is among the lines, there is even exactly one line that avoids Bob’shand.)

Combinatorial Axiom 2 states that, given the announcement, Cathy must not beable to infer any card held by Alice. Cathy employs the same process of eliminating


lines from the announcement as Bob by looking at her own hand (denoted by c-setX). After elimination, she examines the remaining lines. If there is one card commonto all these lines, then Cathy can conclude that Alice holds that card. So, there mustbe no card common to all remaining lines. In other words, all remaining lines takentogether must have empty intersection.

Combinatorial Axiom 3 states that, given the announcement, Cathy must not beable to infer any card held by Bob. If it is not satisfied, there is a card that does notoccur among the lines avoiding Cathy’s holding X. This card is therefore not heldby Alice, nor is it held by Cathy. It must therefore be a card held by Bob.

For parameters (3, 3, 1), the announcements {012, 034, 056, 135, 246} and{012, 034, 056, 135, 146, 236, 245} both satisfy CA1, CA2, and CA3, as can be eas-ily checked. We propose to distinguish between these announcements by means ofanother, new, combinatorial axiom. This is CA4. It expresses absence of card oc-currence bias. We also propose yet another axiom, CA5, that will then be shownequivalent to CA4.

CA4 For every c-set X there is a number nX such that for every point x /∈ X thereare nX lines in L avoiding X that contain x.

CA5 For every c-set X there is a number mX such that for every point y /∈ X thereare mX b-sets Y avoiding X that contain y and that avoid an L ∈ L alsoavoiding X.

Combinatorial Axiom 4 states that, given Alice’s announcement and Cathy’s handof cards, no card occurs more often than another one in the lines Cathy consid-ers possible. Combinatorial Axiom 5 states that, given Alice’s announcement andCathy’s hand of cards, no card occurs more often than another one in the b-setsCathy considers possible for Bob.

The new combinatorial axioms become more readable if we introduce additionalformalisation. Given a collection Z of i-sets Z ⊆ Ω (lines, b-sets, c-sets, ...), thesubset of Z with all points contained in X ⊆ Ω is denoted Z(X), i.e.

Z(X) = {Z ∈ Z | Z ⊆ X}.

On the other hand, the set of i-sets in Z containing (all) points in X is denotedZ[X], i.e.

Z[X] = {Z ∈ Z | X ⊆ Z}.For Z({x}), write Z(x), and for Z[{x}], write Z[x]; for Z(X∪{x}) we write Z(X+x),for Z({x, y}) we write Z(xy), etc. The complement of X in Ω is X. We combine thenotations, e.g. we write L(X)[x] for the set of lines in L avoiding X and containingx. Finally, somewhat arbitrarily, b(L(X)) is the set of b-sets Y avoiding X and anL ∈ L also avoiding X, i.e.

b(L(X)) = {Y | Y = Ω −X − L,L ∈ L, L ∩X = ∅}.

We now can rephrase the combinatorial axioms as


Definition 1 (Combinatorial Axioms). We distinguish five axioms.

CA1 For every b-set X: |L(X)| ≤ 1.CA2 For every c-set X:

⋂L(X) = ∅.CA3 For every c-set X:

⋃L(X) = X.CA4 For every c-set X there is a number nX such that for every x /∈ X:

|L(X)[x]| = nX.CA5 For every c-set X there is a number mX such that for every x /∈ X:

|b(L(X))[x]| = mX .Announcement {012, 034, 056, 135, 246} does not satisfy CA4. Take X = {5}.

The lines not containing 5 (i.e., avoiding {5}) are 012, 034 and 246. Two of thosecontain 2 but only one line contains 1. Therefore, no number n5 (i.e., n{5}) existsin this case. On the other hand, announcement {012, 034, 056, 135, 146, 236, 245}satisfies CA4, with ny = 2 for all points y = 0, . . . , 6. E.g., {135, 146, 236, 245} avoid0; point 1 occurs twice in those, namely in 135 and 146; and so on for other points.Announcement {012, 034, 056, 135, 246} does not satisfy CA5. Take X = {5}. The b-sets not containing 5 and avoiding one of 012, 034 and 246 are: 346, 126 and 013. Twoof those contain a 1 but only one contains a 2. Again, the seven-line announcementsatisfies CA5.

Many other, and more generic, examples can be found using design theory, see[15; 6; 11]. The mathematical theory of block designs deals with collections of specialsubsets, called blocks (or lines), of a given set. It provides a convenient framework forstudying the relation between the proposed combinatorial axioms CA4 and CA5. At-design with parameters (v, k, λ) has the property that any combination of t distinctelements of a set of v = |Ω| points occurs in the same number λ of k-blocks (or k-lines, sets with k elements). The number λ is the covalency of the design. Thus,in 2-designs, also known as balanced incomplete block designs, any pair of distinctcards occurs in the same number of lines. This is relevant for our investigation,because it entails that in the subset of lines containing any given card (such as asingleton c-set), any other card occurs in the same number of lines. Similarly, in3-designs any 3-tuple of distinct cards occurs in the same number of lines. Thiscan be further generalised to 4-designs, 5-designs, etc., but such designs are far lesscommon and few general constructions are available that may help us here. Every t-design is also a 1-design, 2-design, . . . , (t−1)-design. The seven-hand announcement{012, 034, 056, 135, 146, 236, 245} is a 2-design, with block size 3 and covalency 1.CA4 can be also be formulated as follows.

Definition 2 (CA4, alternative formulation). For every c-set X, L(X) is a 1-designwith covalency nX .

We can construct designs satisfying CA4 using the various methods known forconstructing designs, such as from projective planes and binary designs. Incidentalresults are reported in [16] and in [2]. For details, we refer to [9]. As an illustration


of such constructions we consider the design whose points are the 2n points of an-dimensional vector space over GF (2) and whose lines are the affine hyperplanes((n− 1)-dimensional subspaces and their complementary cosets), of which there are2(2n − 1). For brevity we shall call these binary designs. It is well-known that theirautomorphism group is triply transitive [4] and so they are 3-designs. We shall provethat they can be used to construct good announcements satisfying CA4.

For an example, we construct a binary design with n = 3. The points of thedesign in this case are known as Steiner quadruples [3, p.71]. Each line consistsof 23−1 = 4 points. The lines can be found as the orthogonal complements (andtheir cosets) of the 23 − 1 = 7 non-zero 3-bit vectors 001, 010, 011, 100, 101, 110, 111.The two lines corresponding to the first vector are {000, 010, 100, 110} (in decimalnotation {0, 2, 4, 6}, i.e. 0246) and {001, 011, 101, 111} (in decimal 1357). Proceedsimilarly for the remaining 3-bit vectors. The resulting announcement consisting ofthe 2(23 − 1) = 14 lines is

{0246, 0145, 0347, 0123, 0257, 0167, 0356, 1357, 2367, 1256, 4567, 1346, 2345, 1247}

Given parameters (4, 3, 1), this announcement L satisfies CA4: for all points y, ny =4. For example, for y = 0 we get L(0) = {4567, 2367, 2345, 1357, 1346, 1256, 1247}and all other points occur exactly four times in this set: point 1 in the last four lines,point 2 in lines 2, 3, 6, and 7; etc. It is also easy to check that the announcementsatisfies CA1, CA2, and CA3. Of course, for parameters (4, 2, 2) this same 14-lineannouncement is not good. This is obvious, as Bob needs to have an informationaladvantage over Cathy (he must have more cards) for the announcement to succeed.So they either both learn the secret, or neither. In case neither is informed, forexample, if Bob holds cards 0 and 1, he cannot determine from the design whetherAlice’s holding is 2367, 4567, or 2345.

The same binary design may be associated with more than one instance of the(a, b, c) parameters. For example, the binary design for n = 4 is a good announcementfor parameters (8, 7, 1) and (8, 6, 2), but not for (8, 5, 3) (in which case CA1 and CA2are satisfied, but not CA3), see [9]. Obviously, it is also not a good announcementfor (8, 4, 4).

Apart from the requirement CA4, which for parameters (a, b, 1) amounts to check-ing whether L(x) is a 1-design for arbitrary x, one could imagine strengthening therequirements, for example, demand that L(x) is a 2-design for all points x as well.We have already seen that the seven-hand announcement for (3, 3, 1) also satisfiesthis requirement. We will feature an incidental result for this stronger requirementin the next section, in Proposition 8.

2.2 Theoretical results

Theorem 1 shows that CA4 and CA5 are equivalent; this is followed by a resultrelating CA4 with t-designs. Our other main results are for the case that c = 1:Theorem 4 proves that the pattern required for CA4 is independent from the chosencard (nx is independent of x), in Theorem 6 we show that binary designs satisfy CA4


if c = 1, and in Theorem 7 we show that binary designs are good announcements(i.e., they satisfy CA1, CA2, and CA3) if c = 1. There are also some minor results.

Theorem 1. CA4 if and only if CA5.

Proof. Assume CA4 holds. Let X be any set of c points. For every line L in L(X)there is a b-set Ω −X − L in b(L(X)). Therefore, |b(L(X))| = |L(X)|. Also, for allpoints y ∈ X, if y ∈ Y ∈ L(X) then y ∈ Z ∈ b(L(X)) where Z = Ω − Y −X. Pointy occurs in nX lines in L(X). It therefore does not occur in nX lines in b(L(X)),and it therefore occurs in |b(L(X))| − nX lines in b(L(X)). As this is for arbitraryy, this defines the number mX . The argument runs both ways.

In other words, we can forget about CA5 from here on.

Proposition 2. Let c = 1. (CA4 holds and L is a 1-design) if and only if L is a2-design.

Proof. Assume L is a 1-design and that CA4 holds, and that c = 1. CA4 says thatevery L(x) is a 1-design. Its size |L(x)| is independent of x, as L is a 1-design. Forarbitrary y ∈ L(x), |L(x)[y]| + |L[x + y]| = |L[y]| (note that |L[x + y]| = |L[x][y]|).As |L(x)[y]| and |L(y)| are independent of x and y (by CA4, and because L is a1-design, respectively), so is |L[x+ y]|. Therefore L is a 2-design.

Assume L is a 2-design, i.e. |{L ∈ L | x, y ∈ L}| = λ2 is independent of x andy. We want to show that |{L ∈ L(x) | z ∈ L}| = nx is independent of z, for anyholding x of Cathy. Note that when she eliminates lines from L that contain x, shereduces the number of lines containing any y = x by λ2. Let λ1 = |{L ∈ L | y ∈ L}|,which is independent of y because L is also a 1-design. Before elimination λ1 linescontained y. After elimination, λ1 − λ2 lines contain y. This is the number of linesnx in L(x) that contain y. Since it is independent of y, CA4 holds.

Proposition 3. If CA4 holds then nX =a|L(X)|

a+b.

Proof. Count the total number of cards occurring in L(X) in two ways. AssumingCA4 holds there are a + b distinct cards and each of them occurs nX times. Thereare |L(X)| lines and each of them contains a cards. Thus (a+ b)nX = a|L(X)|.

Theorem 4. Let c = 1. If CA4 holds then nx is independent of x.

Proof. Assume c = 1 and CA4 holds. Take two arbitrary distinct X1 = {x1} andX2 = {x2}. Consider L(x1). It contains no lines that contain card x1 and nx1 linesthat contain card x2. It must therefore contain |L(x1)|−nx1 lines that contain neithercard x1 nor card x2. And due to construction of the set, this is the exact numberof lines in L that contain neither card. Now consider L(x2). It contains no linesthat contain card x2 and nx2 lines that contain card x1. It must therefore contain|L(x2)|−nx2 lines that contain neither card x1 nor card x2. And due to construction


of the set, this is the exact number of lines in L that contain neither card. Thus, weget the following equation

|L(x1)| − nx1 = |L(x2)| − nx2nx1

a+ b

a− nx1 = nx2

a+ b

a− nx2

nx1

(a+ b

a− 1

)

= nx2

(a+ b

a− 1

)

nx1

(b

a

)

= nx2

(b

a

)

nx1 = nx2

Because x1 and x2 were chosen arbitrarily we conclude that nx is independent of x.

Directly from Proposition 3 and Theorem 4 follows:

Corollary 5. Let c = 1. If CA4 holds, then |L(x)| is independent of x.Theorem 6. Binary designs satisfy CA4 for c = 1.

Proof. Let L be a binary design. Since L is a 3-design it is also a 2-design. Fromthat and c = 1 it follows by Proposition 2 that CA4 holds.

Theorem 7. Binary designs are good announcements for c = 1.

Proof. Let L be a binary design. We shall prove that the axioms CA1, CA2, andCA3 are satisfied with a = 2n−1, b = 2n−1 − 1, c = 1.

CA1: Assume towards a contradiction that more than one line in L has emptyintersection with a given b-set Y . However, two such lines intersect in an (n − 1)-dimensional affine subspace. Such intersections contain 2n−2 points and thereforethere are at most 2n − 2n−1 − 2n−1 + 2n−2 = 2n−2 points in neither line. This isimpossible since 2n−1 − 1 > 2n−2 if n ≥ 3.

CA2: Because L is a resolvable design (pairs of a-sets partition the set of cards),every card x occurs in half the number of lines. Suppose some other card y wouldoccur in all lines of L(x). As y also occurs in half the number of L lines, there wouldbe no line wherein x and y both occur. But then, L would not be a 3-design (or evena 2-design): the pair xy would never occur, nor any triple containing x and y.

CA3: Let x be given. As CA4 is satisfied, L(x) is a 1-design with covalency nx.From Theorem 4 follows that this covalency is independent of x. Also, it is largerthan or equal to 1. That means that each other card than x occurs in at least oneline in L(x), thus ⋃L(x) = x.

We close this section with two additional minor results relating 3-designs, 2-designs, and binary designs.

Proposition 8. L is a 3-design if and only if L(x) is a 2-design for all points x andL is a 1-design.


Proof. Let L be a 3-design. Trivially, it is also a 2-design, and also a 1-design.The last satisfies one proof obligation. As L is a 3-design, |L[yzx]| is independent ofy, z, x. As L is a 2-design, |L[yz]| is independent of y, z; and therefore independent ofy, z, x (note that x does not occur at all in |L[yz]|). As |L[yz]| = |L[yzx]|+|L[yz](x)|,also |L[yz](x)| is independent of y, z, x, i.e., for every x, L(x) is a 2-design.

Assume L(x) is a 2-design for all x, and that L is a 1-design. Similarly to aboveit immediately follows that L is a 3-design.Corollary 9. Binary designs L satisfy that L(x) is a 2-design for all points x.Proof. Directly, from Proposition 8 and because binary designs are 3-designs.

3 Unbiased protocols

In the previous section we focussed on avoiding bias in an announcement. Such biasresulted from the overrepresentation of certain patterns, such as single cards, or pairsof cards, or triples of cards, in the announcement or in the lines of an announcementthat avoid a given c-set (i.e., the eavesdropper’s hand of cards). Announcementswhere arbitrary c-set avoiding lines always are, respectively, 1-designs, or 2-designs,or 3-designs, guarantee that such bias is absent. The implicit assumption that relatesthe overrepresentation of patterns in an announcement to the probability that thispattern occurs in the actual holding, is that

each line in an announcement is equally likely to be the actual holding.

Given an underlying protocol to produce such an announcement, this is achievedwhen each announcement resulting from the protocol’s execution is equally likely tobe produced. In the absence of information to the contrary, that may be a reasonableassumption.

But another way to avoid bias in cryptographic communication is to apply a pro-tocol that takes such overrepresentation of patterns in announcements into account.By making that protocol public, the sender removes the relation between the bias inthe announcement and the actual holding—but just as well he may keep it secret,and in that case have a cutting edge over an unsuspecting eavesdropper. In otherwords, by applying protocols that make some lines in an announcement more likelyto be the actual holding than others, the sender can also remove bias. In this sectionwe investigate that matter. Our results are less general than those in the previoussection: we present two different ‘unbiasing’ protocols for parameters (3, 3, 1). Toinvestigate unbiased announcements, we have over 100 years of design theory to com-fortably fall back on. But the investigation of unbiased protocols to produce carddeal announcements has not been investigated in a combinatorial setting, as far aswe know.

3.1 Unbiased protocol for Russian Cards

Given parameters (3, 3, 1), consider again the five-hand announcement {012, 034, 056,135, 246}. There are 60 different five-line announcements containing an arbitraryactual hand. We summarize the details found in [12, p.56]:


One of the seven points has to occur thrice in the announcement. In casethis is one of the three actual cards, one of the three lines containing itwill be the actual hand, the four remaining points are distributed overthe other two of the three. Given an assignment of any of those four, wecan choose one of the remaining three to match it. That determines thethird of those lines too. Suppose that i is the chosen actual card, j, k theother actual cards, and that the other two lines containing it are ilm andino. Now consider the two lines not containing i. One will contain j, theother k. For the line containing j we can choose one (out of two) l,m andone (out of two) n, o. That determines the fifth hand too. Altogether:

3 · 3 · 2 · 2 = 36.Else, the triple point occurrence is not an actual card, but one of thefour other points; say l. This fixes the lines not containing that point:one of those is now the actual hand, say ijk again, and the other containsthe remaining three points, m,n, o. Consider the three lines containingl. Points (actual cards) i, j, k must be in three different lines containingl. For any of those, we can now choose between three of the remainingpoints m,n, o, and for another of those, between two of the points stillremaining after that choice. Altogether:

4 · 3 · 2 = 24.For an example, if 012 is the actual hand, of the 60 announcements containing 012,36 contain an actual card 0, 1, or 2 thrice; the remaining 24 contain one of the cards3, 4, 5, and 6 three times. A point occurring thrice in this five-line announcementis more likely to be an actual card, and the odds are 3 against 2 (36 against 24). Aprotocol randomly selecting an announcement containing the actual hand thereforepropagates this bias, and could rightfully be called a biased protocol. If we chooseone from the 36, and one from the 24, and then between those two, we can adjustfor this bias. (Here ‘choose’ means ‘randomly choose’.) We summarize the results:

Definition 3 (bias5: biased five-hand protocol). Given are parameters (3, 3, 1).Given an actual hand, produce the 60 five-hand announcements above, and chooseone among them. We call this protocol bias5.

Proposition 10. If sender Alice executes protocol bias5 to produce a good announce-ment solving (3, 3, 1), a point occurring thrice in the announcement is more likely tobe a card in her actual holding than not.

Definition 4 (nobias5: unbiased five-hand protocol). Given are parameters(3, 3, 1). Given an actual hand, choose one among the 36 five-hand announcementscontaining an actual card thrice, and choose one among the 24 not containing anactual card thrice. Now choose between those two. We call this protocol nobias5.

Proposition 11. If sender Alice executes protocol nobias5 to produce a good an-nouncement solving (3, 3, 1), a point occurring thrice in the announcement is equallylikely to be a card in her actual holding or not.


3.2 Unbiased protocol for Russian Cards, with designated point

Given that one point occurs thrice in a five-line announcement and that this mustbe meaningless information, sender Alice might as well make public which point thatwill be before being dealt a hand of cards. We call this card the special point. Shecan then execute a protocol that results in an announcement containing her actualhand and the pre-announced point, whether it is in the actual hand or not. (Pre-announcing the point was suggested by Ron van der Meyden.)

Given an arbitrary point and an arbitrary line (actual hand), the probability thatthat point avoids that line is 6

7· 5

6· 4

5= 4

7, so that the probability that the point is in

the line, is 37.

There are twelve announcements where the pre-announced point is an actualcard, and six where this is not the case. This we can see as follows. In the first case,as before, the four remaining points are distributed over the other two of the three:3 · 2 · 2 = 12. Else, also as before, each of the three actual cards must be in threedifferent lines containing the preselected point, for which our options are: 3 · 2 = 6.In that case, the fifth line is the (unique) line not containing the actual points northe preselected point.

For an example, let 0 be the publicly known thrice occurring point, let in thefirst case 012 be the arbitrary line containing 0, and let in the second case 135 bethe arbitrary line not containing 0 (so that this fixes the other line not containing 0to 246). Then the twelve announcements are:

012 034 056 135 246 012 034 056 136 245012 034 056 145 236 012 034 056 146 235012 035 046 134 256 012 035 046 136 245012 035 046 145 236 012 035 046 156 234012 036 045 134 256 012 036 045 135 246012 036 045 146 235 012 036 045 156 234

and the 6 announcements are:

012 034 056 135 246 012 036 045 135 246014 023 056 135 246 014 025 036 135 246016 023 045 135 246 016 025 034 135 246

As 12 · 37

= 367

, and 6 · 47

= 247

, then if we randomly select among these 18 ourbias is as before: the odds are 3 to 2 that a point occurring in an announcementis an actual card. This protocol was implemented in the model checker MCK tosolve ‘Russian Cards’, see [14], because its time complexity is lower than that of theprotocol bias5 without special card.

Again, we can adjust the protocol, in this case by choosing with probability 47

anannouncement among the twelve and with probability 3

7an announcement among

the six. We summarize our results.

Definition 5 (bias5sp: biased five-hand protocol with special point). Given


are parameters (3, 3, 1). Given a special point and an actual hand, produce the 18five-hand announcements as above, and choose one among them. We call this proto-col bias5sp.

Proposition 12. If sender Alice executes protocol bias5sp to produce a good an-nouncement solving (3, 3, 1), a point occurring thrice in the announcement is morelikely to be a card in her actual holding than not.

Definition 6. (nobias5sp: unbiased five-hand protocol with special point).Given are parameters (3, 3, 1). Given a special point and an actual hand, choose oneamong the 12 five-hand announcements containing an actual card thrice, and chooseone among the 6 not containing an actual card thrice. Choose between those two withprobability 4

7for the first and 3

7for the second. We call this protocol nobias5sp.

Proposition 13. If sender Alice executes protocol nobias5sp to produce a good an-nouncement solving (3, 3, 1), a point occurring thrice in the announcement is equallylikely to be a card in her actual holding or not.

3.3 Strategic behaviour for protocol disclosure

We close with an additional observation on the status of such protocols. If they arepublic, the combination of the protocol and a resulting announcement makes thatannouncement unbiased for an eavesdropper with regard to single point occurrence.If they are not public, but, for example, only known between sender and receiver,the situation becomes much more complex. For example, in the absence of informa-tion to the contrary, the eavesdropper may incorrectly assume that each line in anannouncement is equally likely, and from that correctly infer that a thrice occurringpoint is therefore more likely to be an actual card. But this conclusion is then false.Also, if the sender assumes that the eavesdropper follows that line of argument, itwould even make sense not to apply an unbiased protocol, but one that is even bi-ased the other way, namely towards triple occurrence of points that are not actualpoints. Then again, the eavesdropper may anticipate such behaviour of the sender,etc. In other words, the optimal strategies for sender and eavesdropper under condi-tions where announcements are always truthful but knowledge of applied protocolsis incomplete, are unclear.

On the other hand, incomplete knowledge of a protocol is an unreasonable as-sumption in our current setting. Given the ‘worst case’ assumption where eaves-droppers intercept the entire communication, in other words, where it is a publiccommunication, we might as well assume the ‘worst case’ concerning protocol knowl-edge: the protocol is public. This is in accordance with Kerckhoffs’ assumption [7]:a cryptosystem should be secure even if everything about the system, except the key,is public knowledge. In the setting of card deal protocols the announcement and theprotocol that produced it are the part that may be public, and the hands of cards ofthe sending and receiving player may be considered the key.


4 Conclusions

We outlined the need for stricter requirements for cryptographic protocols inspiredby the Russian Cards problem than the requirements CA1-CA3 and we proposeda new requirement CA4. This CA4 is shown to be equivalent to an alternativeformulation CA5. Announcements satisfying CA4 are 2-designs. We also introducedbinary designs and showed that these satisfy CA1-CA4. Instead of avoiding bias inannouncements produced by protocols, one also adjust the protocol such the relationbetween patterns in announcements and the actual hand disappears. We gave twoexamples of such protocols for card deal parameters (3, 3, 1).

Acknowledgements

We thank the reviewer supplied by the journal for helpful comments. Hans vanDitmarsch acknowledges support of the Netherlands Institute of Advanced Studywhere he was Lorentz Fellow in 2008.

References

[1] M.H. Albert, R.E.L. Aldred, M.D. Atkinson, H.P. van Ditmarsch and C.C.Handley, Safe communication for card players by combinatorial designs fortwo-step protocols, Australas. J. Combin. 33 (2005), 33–46.

[2] R.C. Bose, On the construction of balanced incomplete block designs, Annalsof Eugenics 9 (1939), 353–399.

[3] C.J. Colbourn and J.H. Dinitz, CRC Handbook of Combinatorial Designs, CRCPress, Boca Raton, FL, USA, 1996. Discrete Mathematics and Its ApplicationsVolume: 42.

[4] P. Dembowski, Finite geometries, Classics in Mathematics. Springer-Verlag,Berlin, 1997. Reprint of the 1968 original.

[5] M.J. Fischer and R.N. Wright, Bounds on secret key exchange using a randomdeal of cards, J. Cryptology 9(2) (1996), 71–99.

[6] D.R. Hughes, t-designs and permutation groups, in Proc. Symposia Pure Math.pp. 39–41, Amer. Math. Soc. 1962.

[7] A. Kerckhoffs, La cryptographie militaire, J. des sciences militaires, IX (1883),5–38 and 161–191.

[8] T.P. Kirkman, On a problem in combinations, Camb. Dublin Math. J. 2 (1847),191–204.

[9] S. Roehling, Cards and cryptography, Report in partial fulfilment of MSc inComputer Science, University of Otago, 2005.


[10] A. Stiglic, Computations with a deck of cards, Theoret. Comp. Sci. 259(1–2)(2001), 671–678.

[11] D.R. Stinson, Combinatorial Designs—Constructions and Analysis, Springer,2004.

[12] H.P. van Ditmarsch, The russian cards problem, Studia Logica 75 (2003), 31–62.

[13] H.P. van Ditmarsch, The case of the hidden hand, J. Appl. Non-Classical Logics15(4) (2005), 437–452.

[14] H.P. van Ditmarsch, W. van der Hoek, R. van der Meyden and J. Ruan, Modelchecking russian cards, Elec. Notes Theoret. Comp. Sci. 149 (2006), 105–123.Presented at MoChArt 05 (Model Checking in Artificial Intelligence).

[15] W.D. Wallis, Combinatorial Designs, M. Dekker, New York, 1988.

[16] F. Yates, Incomplete randomized blocks, Ann. Eugenics 7 (1936), 121–140.

(Received 17 Feb 2007; revised 25 Nov 2008)


Construction of amicable orthogonal designsof quaternions

Ying Zhao Jennifer Seberry Tianbing Xia

School of Software Engineering and Computer ScienceUniversity of WollongongWollongong, NSW, 2522

Australia

Beata J. Wysocki Tadeusz A. Wysocki

School of Electrical, Computer and Telecommunications EngineeringUniversity of WollongongWollongong, NSW, 2522

Australia

Abstract

This paper introduces some construction methods for amicable orthog-onal designs over the real and quaternion domain which have not beenexplored for code design before. The proposed construction methodsgenerate a large number of amicable orthogonal designs of quaternions.It is also shown that amicable orthogonal designs of quaternions canbe used to construct restricted quaternion orthogonal designs which canbe applied as orthogonal space-time-polarization block codes for wirelesscommunications.

1 Introduction

Space-time block codes from real and complex orthogonal designs for multiple-inputmultiple-output (MIMO)wireless communication systems have received considerableattention due to their inherent orthogonality, which guarantees a full transmit diver-sity and linear maximum-likelihood (ML) decoding [11]. Space-time block codes havebeen adopted in the newly proposed standard for wireless LANs IEEE, 802.11n. Weexpect that additional forms of diversity, namely polarization diversity and frequencydiversity, could be considered together with space and time diversity to overcomemulti-path fading in order to improve system performance.It has been shown that polarization diversity, together with other forms of diver-sity, can add to the performance improvements offered by other diversity techniques.Isaeva and Sarytchev [8] showed that the utilization of polarization diversity with

20 YING ZHAO, JENNIFER SEBERRY ET AL.

other forms of diversity can be modelled by means of quaternions, since two or-thogonal complex constellations form a quaternion. This has motivated the studyof orthogonal designs over the quaternion domain for future applications in signalprocessing as space-time-polarization block codes [9, 4, 1].This paper aims to use general construction techniques to generate amicable orthog-onal designs of quaternions, which we believe can be used for constructing quaternionorthogonal designs, just like the applications of amicable orthogonal designs(AOD)for complex space-time codes. This paper is organized as follows: Section 2 in-troduces the classifications of orthogonal designs over the quaternion domain, e.g.orthogonal design of quaternions (ODQ), and amicable orthogonal design of quater-nions (AODQ). In Section 3, we present several construction techniques for buildingAOD and AODQ, together with some examples to illustrate our methods. In Sec-tion 4, we give examples to show how to construct restricted quaternion orthogonaldesign(RQOD) from two AODQs.

2 Preliminaries

We first review the definitions of orthogonal designs and amicable designs over thereal, complex domain. Then we define several types of orthogonal designs over thequaternion domain based on the research in [9].

2.1 Orthogonal designs

The concept of an orthogonal design was first introduced in [6, 7] and concerned onlydesigns with real commuting variables or zero entries.

Definition 2.1. An orthogonal design, OD, of order n and type (s1, s2, . . . , su) incommuting real variables x1, x2, . . . , xu, denoted OD(n; s1, s2, . . . , su), is an n × nmatrix A with entries in the set {0,±x1,±x2, . . . ,±xu} satisfying

AAT =

(u∑

i=1

six2i

)

In,

where (.)T denotes the transpose of a matrix and In is the identity matrix of ordern. This definition can be extended to include rectangular designs, i.e. r×n matriceswhich satisfy ATA = (

∑ui=1 six

2i ) In.

Definition 2.2. Two square orthogonal designs A and B are said to be amicableif ATB = BTA and ABT = BAT . We write AOD(n;u1, . . . , us; v1, . . . , vt) to de-note that two orthogonal designs OD(n;u1, u2, . . . , us) and OD(n; v1, v2, . . . , vt) areamicable.

Example 2.1. The following matrices

A =

⎡

⎢⎢⎣

a1 a2 a3 0−a2 a1 0 a3−a3 0 a1 −a2

0 −a3 a2 a1

⎤

⎥⎥⎦ and B =

⎡

⎢⎢⎣

−b3 −b2 −b1 0−b2 b3 0 −b1−b1 0 b3 b2

0 −b1 b2 −b3

⎤

⎥⎥⎦ ,

AMICABLE ORTHOGONAL DESIGNS OF QUATERNIONS 21

where a1, a2, a3 and b1, b2, b3 are real, commuting variables, are amicable orthogonaldesigns AOD(4; 1, 1, 1; 1, 1, 1).

2.2 Complex orthogonal designs

An extension of orthogonal designs with real entries is orthogonal designs over thecomplex domain. There are several possible generalizations for orthogonal designswith complex entries. The first definition of such designs was given by Geramita andGeramita [5]; they treat real orthogonal designs as a special case.

Definition 2.3. A complex orthogonal design, COD, of order n and type (s1, s2, . . . ,su) in real commuting variables x1, x2, . . . , xu, denoted COD(n; s1, s2, . . . , su), is ann× n matrix A with entries in the set {0,±x1,±ix1,±x2,±ix2, . . . ,±xu,±ixu} sat-isfying

AHA = AAH =

(u∑

h=1

shx2h

)

In,

where (.)H denotes the Hermitian transpose.

Example 2.2. The matrix

[ix1 x2x2 ix1

]

, where x1 and x2 are real commuting vari-

ables, is a COD(2; 1, 1).

In [15], Yuen, Guan and Tjhung defined the concept of amicable complex orthogonaldesigns which is a complex extension of amicable orthogonal designs.

Definition 2.4. Two complex orthogonal designs, A and B are said to be amicableif ABH = BAH or AHB = BHA. We write ACOD(n;w1, w2, . . . , wu; z1, z2, . . . , zv)to denote that two designs COD(n;w1, w2, . . . , wu) and COD(n; z1, z2, . . . , zv) arecomplex amicable.

Example 2.3. Let A =

[a b

−ib ia]

and B =

[c did −ic

]

, where a, b, c, d ∈ R. Aand B are amicable complex orthogonal designs ACOD(2; 1, 1; 1, 1).

2.3 Amicable orthogonal designs of quaternions

Definition 2.5. Given a matrix A = (a�,m), where au are quaternion variables or

numbers, we define its quaternion transform by AQ = (aQm,�).

The following definitions of orthogonal design of quaternions and restricted quater-nion orthogonal design were originally given in [9].

Definition 2.6. An orthogonal design of quaternions, ODQ, of order n and type(s1, s2, . . . , su) denoted ODQ(n; s1, s2, . . . , su), on the commuting real variablesx1, x2, . . . , xu is a square matrix A of order n with entries from {0,q1x1,q2x2, . . . ,quxu}, where each qj ∈ {±1,±i,±j,±k} such that


AQA = AAQ =

(u∑

h=1

shx2h

)

In,

where (.)Q denotes quaternion transform. We can extend this definition to includerectangular designs that satisfy AQA = (

∑uh=1 shx

2h) In.

Example 2.4. Consider A =

[ −x1 x2i−x2j x1k

]

, where x1, x2 are real, commuting

variables. Then,

AQA =

[ −x1 x2j−x2i −x1k

] [ −x1 x2i−x2j x1k

]

=

[x21 + x

22 0

0 x21 + x22

]

,

so A is an ODQ(2; 1, 1).

Definition 2.7. A restricted quaternion orthogonal design of order n and type(s1, s2, . . . , su), denoted RQOD(n; s1, s2, . . . , su), on the complex variables z1, z2,. . ., zu, and their conjugates z

∗1 , z

∗2 , . . ., z

∗u, is an n × n matrix A with entries from

{0,q1z1,q1z∗1 ,q2z2,q2z∗2 , . . . ,quzu,quz∗u}, where each qp is a linear combination of{±1, ±i, ±j, ± k} such that

AQA = AAQ = (

u∑

h=1

sh|zh|2)In.

This definition can be extended to include rectangular designs that satisfy AQA =(∑u

h=1 sh|zh|2)In.

Example 2.5. Consider A =

[iz1 iz2−jz∗2 jz∗1

]

, where z1, z2 are complex commuting

variables. Then,

AQA =

[ −z∗1i z2j−z∗2i −z1j

] [iz1 iz2−jz∗2 jz∗1

]

=

[ |z1|2 + |z2|2 00 |z1|2 + |z2|2

]

,

so A is an RQOD(2; 1, 1). To illustrate why this is called a restricted QOD, wereplace complex variables in A using zi = xi + yii, where the xi, yi are real variables.

This gives A =

[ −y1 + ix1 −y2 + ix2−jx2 − ky2 jx1 + ky1

]

. We can see that the entries of A are

quaternion variables such that certain components of the variables are restricted tozero.

Definition 2.8. Two orthogonal designs of quaternions, A and B, are said to beamicable if ABQ = BAQ or AQB = BQA. We write

AODQ(n;w1, w2, . . . , wu; z1, z2, . . . , zv)

to denote that two designs ODQ(n;w1, w2, . . . , wu) and ODQ(n; z1, z2, . . . , zv) areamicable.




]

and B =

[y1 y2iy2j y1k

]

, where x1, x2, x3, x4 ∈R. Here A and B are amicable orthogonal designs of quaternions of type AODQ(2;1, 1; 1, 1).

The proof that A and B are amicable orthogonal designs of quaternions is straight-forward.Let X and Y be amicable orthogonal designs of quaternions of type AODQ(n;u1, . . . ,us; v1, . . . , vt). Let us write X =

∑si=1Aixi, Y =

∑tj=1Bjyj, and we then have:

i)Ai ∗A� = 0, 1 ≤ i �= � ≤ s; Bj ∗ Bk = 0, 1 ≤ j �= k ≤ t;ii)AiA

Qi = uiIn, 1 ≤ i ≤ s; BjBQj = vjIn, 1 ≤ j ≤ t;

iii)AiAQ� + A�A

Qi = 0, 1 ≤ i �= � ≤ s; BjBQk +BkBQj = 0, 1 ≤ j �= k ≤ t;

iv)AiBQj = BjA

Qi , 1 ≤ i ≤ s, 1 ≤ j ≤ t, (1)

where Ai, Bj are all {0,±1,±i,±j,±k} quaternion matrices. It is clear that con-ditions (i)–(iv) are necessary and sufficient for the existence of amicable orthogonaldesigns of quaternions AODQ(n;u1, . . . , us; v1, . . . , vt).

Proposition 2.1. A necessary and sufficient condition that there exist amicableorthogonal designs of quaternions X and Y of type AODQ(n;u1, . . . , us; v1, . . . , vt) isthat there exists a family of matrices of {A1, . . . , As;B1, . . . , Bt} of order n satisfing(i)–(iv) above.

Proof. Let X and Y be such a amicable pair and write X = A1x1 + · · · + Asxs andY = B1y1 + · · ·+Btyt as linear monomials in the xi, yi ∈ R. By definition, the proofof (i) and (ii) is straightforward. Since we have

XXQ = (A1x1 + · · · + Asxs)(AQ1 x1 + · · · +AQs xs)

=

s∑

j=1

(AjAQj x

2j ) +

∑

j �=k(AjA

Qk +AkA

Qj )xjxk

= (

s∑

j=1

ujx2j )In,

conditions in (iii) are thus satisfied. Condition (iv) can be proved by comparingcoefficient matrices of XY Q = Y XQ on both sides.

Conversely, if we have {A1, . . . , As;B1, . . . , Bt} of order n satisfing (i)–(iv), thenit is obvious that X = A1x1 + · · · + Asxs and Y = B1y1 + · · · + Btyt are an AODQwith the required type.

Definition 2.9. An amicable family of quaternions(AFQ) of type (u1, . . . , us; v1, . . . ,vt) in order n is a collection of quaternion matrices {A1, . . . As;B1, . . . , Bt} satisfying(ii), (iii), (iv) above.

The definition of amicable family of quaternions(AFQ) is analogous to the definitionof amicable family of orthogonal designs given in [7].


3 Construction techniques

In this section, we present several construction techniques for building amicableorthogonal designs over the real and quaternion domain. Some methods alreadyexist for generating real amicable orthogonal designs. We can also extend thesetechniques to build designs over the quaternion domain. However, due to the non-commutivity of the quaternions, we need to modify existing techniques to make themsuitable for designs over the quaternion domain.

3.1 Amicable orthogonal designs

Definition 3.1. A symmetric conference matrix N of order n is a square (0, 1,−1)matrix satisfying N = NT and NNT = (n − 1)In. It is shown in [3] that if such amatrix exists, one may assume it has zero diagonal.

The existence of symmetric conference matrices was discussed in [10, 13]. For ex-ample, there exist symmetric conference matrices of order n for n = p + 1, wherep ≡ 1 (mod 4), p a prime power. Here, we introduce the application of symmetricconference matrices in constructing amicable orthogonal designs.

Example 3.1. The matrix Q is a type 1 matrix [7] with properties: QQT = 5I5−J5,QJ5 = J5Q = 0 and Q = Q

T , where J5 is the 5 × 5 matrix of all ones.

Q =

⎡

⎢⎢⎢⎢⎣

0 + − − ++ 0 + − −− + 0 + −− − + 0 ++ − − + 0

⎤

⎥⎥⎥⎥⎦.

Then N =

⎡

⎢⎢⎢⎣

0 + · · · ++... Q+

⎤

⎥⎥⎥⎦

is a symmetric conference matrix of order n = p+1 = 6.

Lemma 3.1. Let N be a symmetric conference matrix in order n and x, y realcommuting variables. Then there is a complex orthogonal design COD(n; 1, n− 1).

Proof. Let Y = xIni + yN ; then Y is easily proved to be the required COD.

Lemma 3.2 below improves results of Theorem 2 given in [12].

Lemma 3.2. Let N be a symmetric conference matrix in order n. Then there existpairs of amicable orthogonal designs:a) AOD(2n;n, n;n, n), b) AOD(2n;n, n; 2, 2(n− 1)),c) AOD(2n;n, n; 1, n− 1), d) AOD(2n; 2, 2(n− 1); 1, n− 1).


Proof. Let a, b, c and d be real commuting variables. Then for a) the required designsare [

aIn + bN bIn − aNbIn − aN −aIn − bN

]

and

[cIn + dN dIn − cN−dIn + cN cIn + dN

]

,

for b) they are

[aIn + bN bIn − aNbIn − aN −aIn − bN

]

and

[cIn + dN cIn − dN−cIn + dN cIn + dN

]

,

for c) they are

[aIn + bN bIn − aNbIn − aN −aIn − bN

]

and

[cIn dN−dN cIn

]

,

and for d) they are

[aIn + bN aIn − bNaIn − bN −aIn − bN

]

and

[cIn dN−dN cIn

]

.

Corollary 3.1. Let n be the order of the symmetric conference matrices, wheren−1 ≡ 1 (mod 4) and n−1 is a prime power. Then the following amicable orthogonaldesigns of order 2n exista)AOD(2n;n, n;n, n), b)AOD(2n;n, n; 2, 2(n− 1)),c)AOD(2n;n, n; 1, n− 1), d)AOD(2n; 2, 2(n− 1); 1, n− 1).The following technique for constructing amicable orthogonal designs is from Theo-rem 1 in [12]. Here we review the original method. Let S be a circulant or type 1(0, 1,−1) matrix of order p ≡ 3 (mod 4), p a prime power satisfying

ST = −S, SST = pI − J, SJ = JS = 0,

where I is the identity matrix of order p and J the matrix of all ones. Further, letR be the back diagonal matrix of order p. Then, the matrices

A =

⎡

⎢⎢⎢⎣

a b . . . b−b... aI + bS−b

⎤

⎥⎥⎥⎦

and B =

⎡

⎢⎢⎢⎣

−c d . . . dd... (cI + dS)Rd

⎤

⎥⎥⎥⎦

of order p+ 1 are defined, where a, b, c and d are real commuting variables. Then, Aand B are amicable orthogonal designs of order p+ 1 and of type (1, p; 1, p). Hence,we have the following lemma inferred directly from Theorem 1 in [12].

Lemma 3.3. For p ≡ 3 (mod 4) a prime power, there exists a pair of amicableorthogonal designs AOD(p+ 1; 1, p; 1, p).


Proof. This is an almost straightforward verification, since aI + bS is type 1 and(cI + dS)R is a type 2 matrix [7].

Remark 3.1. More amicable orthogonal designs constructed from p prime powerother than p ≡ 3 (mod 4) can be found in [10] by Seberry and Yamada. For example,there exists AOD(2(p+ 1); 1, p; 1, p) for p ≡ 1 (mod 4) a prime power.

Example 3.2. For p = 3, we define type 1 matrix S =

⎡

⎣0 1 −− 0 11 − 0

⎤

⎦ and the back

diagonal matrix R =

⎡

⎣1 0 00 0 10 1 0

⎤

⎦. Then, we construct

A =

⎡

⎢⎢⎣

a b b b−b a b b−b −b a b−b b −b a

⎤

⎥⎥⎦ and B =

⎡

⎢⎢⎣

−c d d dd c −d dd −d d cd d c −d

⎤

⎥⎥⎦ .

A and B is a pair of amicable orthogonal design AOD(4; 1, 3; 1, 3).

3.2 Amicable orthogonal design of quaternions

Theorem 3.1. If there exists a pair of amicable orthogonal designs of quaternions,AODQ(n; a1, . . . , as; b1, . . . , bt) and a pair of amicable orthogonal designs AOD(m; c1, . . . , cu; d1, . . . , dv), then there exists a pair of amicable orthogonal designs ofquaternions AODQ(nm; b1c1, . . . , b1cu−1, a1cu, . . . , ascu; b1d1, . . . , b1dv, b2cu, . . . , btcu).

Proof. Let X =∑s

i=1Aixi and Y =∑t

j=1Bjyj be the amicable orthogonal designs ofquaternions in order n and let Z =

∑uk=1 Ckzk and W =

∑vl=1Dlwl are the amicable

orthogonal designs in order m. Construct the matrices

P =u−1∑

i=1

(B1 ⊗ Ci)pi +s∑

j=1

(Aj ⊗ Cu)pj+u−1

Q =

v∑

i=1

(B1 ⊗Di)qi +t∑

j=2

(Bj ⊗ Cu)qj+v−1

where the pi’s and qi’s are real commuting variables and ⊗ denotes the Kroneckerproduct.

The above theorem is similar to Wolfe’s theorem [14] which gave a general construc-tion method for amicable orthogonal designs. The only change in Theorem 3.1 isthat X and Y are amicable orthogonal designs of quaternions (AODQ). It is im-portant to note that Z and W must be amicable orthogonal designs over the realdomain, otherwise the non-commutative property of quaternion can not guaranteethe amicability of the results.




]

and B =

[y1 y2iy2j y1k

]

, where x1, x2, y1, y2 ∈R. A and B are amicable orthogonal designs of quaternions AODQ(2; 1, 1; 1, 1).

One pair of amicable orthogonal design is given as Z =

[z1 z2−z2 z1

]

and W =[w1 w2w2 −w1

]

, where z1, z2, w1, w2 ∈ R. Theorem 3.1 gives

P = (B1 ⊗ C1)p1 + (A1 ⊗ C2)p2 + (A2 ⊗ C2)p3,Q = (B1 ⊗D1)q1 + (B1 ⊗D2)q2 + (B2 ⊗ C2)q3.

Then, P =

⎡

⎢⎢⎣

p1 −p2 0 p3ip2 p1 −p3i 00 −p3j p1k p2kp3j 0 −p2k p1k

⎤

⎥⎥⎦ and Q =

⎡

⎢⎢⎣

q1 q2 0 q3iq2 −q1 −q3i 00 q3j q1k q2k

−q3j 0 q2k −q1k

⎤

⎥⎥⎦ are

amicable orthogonal designs of quaternions AODQ(4; 1, 1, 1; 1, 1, 1) since they areboth ODQs and satisfy PQQ = QPQ.

Corollary 3.2. If there exist a pair of amicable orthogonal designs of quaternionsAODQ(n; a1, . . . , as; b1, . . . , bt), then there exists a pair of amicable orthogonal designsof quaternions of typea) AODQ(2n; a1, a1, 2a2 . . . , 2as; 2b1, . . . , 2bt),b) AODQ(2n; a1, a1, a2 . . . , as; b1, . . . , bt),c) AODQ(2n; 2a1, 2a2 . . . , 2as; 2b1, 2b2 . . . , 2bt).

Proof. Let X =∑s

i=1Aixi and Y =∑t

j=1Bjyj be the amicable designs of quater-nions in order n.

a)Let M =

[0 1−1 0

]

, N =

[1 11 −1

]

be real weighing matrices and construct the

matrices

P = (A1 ⊗ I2)p1 + (A1 ⊗M)p2 +s∑

i=2

(Ai ⊗N)pi+1, Q =t∑

j=1

(Bj ⊗N)qj

b)Same as a), only set N =

[1 00 −1

]

.

c)Let C =

[1 11 −1

]

and construct the matrices

P =

s∑

i=1

(Ai ⊗ C)pi, Q =t∑

j=1

(Bj ⊗ C)qj

It is obvious that all the quaternion matrices Pi’s and Qi’s satisfy the conditions (i)–(iv) in (1) because the weighing matrices M , N and C have the following properties:M = −MT , N = NT , C = CT and MNT = NMT , where (.)T denotes matrixtranspose.


Example 3.4. Consider a pair of AODQ(2; 1, 1; 1, 1) given in Example 2.6, and letus construct AODQ(4; 1, 1, 2; 2, 2) using Corollary 3.2(a):

P =

⎡

⎢⎢⎣

−p1 −p2 p3i p3ip2 −p1 p3i −p3i

−p3j −p3j p1k p2k−p3j p3j −p2k p1k

⎤

⎥⎥⎦ Q =

⎡

⎢⎢⎣

q1 q1 q2i q2iq1 −q1 q2i −q2iq2j q2j q1k q1kq2j −q2j q1k −q1k

⎤

⎥⎥⎦

In Theorem 3.1, we can also replace the amicable orthogonal designs AOD(m; c1, . . . ,cu; d1, . . . , dv) by an amicable family to obtain more amicable orthogonal designs ofquaternions.

Example 3.5. Consider a pair of AODQ(2; 1, 1; 1, 1) given in Example 2.6, and let

C1 =

[ −1 11 1

]

, C2 =

[1 11 −1

]

, D1 =

[1 −11 1

]

and D2 =

[1 1−1 1

]

be an

amicable family {C1, C2;D1, D2}. We constructP = (B1 ⊗ C1)p1 + (A1 ⊗ C2)p2 + (A2 ⊗ C2)p3,Q = (B1 ⊗D1)q1 + (B1 ⊗D2)q2 + (B2 ⊗ C2)q3.

The new amicable orthogonal designs of quaternions are:

P =

⎡

⎢⎢⎣

−p1 − p2 p1 − p2 p3i p3ip1 − p2 p1 + p2 p3i −p3i−p3j −p3j −p1k + p2k p1k + p2k−p3j p3j p1k + p2k p1k − p2k

⎤

⎥⎥⎦

Q =

⎡

⎢⎢⎣

q1 + q2 −q1 + q2 q3i q3iq1 − q2 q1 + q2 q3i −q3iq3j q3j q1k + q2k −q1k + q2kq3j −q3j q1k − q2k q1k + q2k

⎤

⎥⎥⎦ .

In this design, some entries are linear combinations of two variables which may makeit unsuitable for real applications in communications. To normalize the above design,we set new variables a1 = p1 +p2, a2 = p1−p2, a3 = p3, and b1 = q1 +q2, b2 = q1−q2,b3 = q3, and then we obtain

P =

⎡

⎢⎢⎣

−a1 a2 a3i a3ia2 a1 a3i −a3i

−a3j −a3j −a2k a1k−a3j a3j a1k a2k

⎤

⎥⎥⎦ Q =

⎡

⎢⎢⎣

b1 −b2 b3i b3ib2 b1 b3i −b3ib3j b3j b1k −b2kb3j −b3j b2k b1k

⎤

⎥⎥⎦ .

This is an AODQ(4; 1, 1, 2; 1, 1, 2) design without zero entries and with no linearprocessing.

In [15], Yuen, Guan and Tjhung offered a construction method for amicable complexorthogonal designs. We can also apply it in constructing amicable orthogonal designsof quaternions.


Lemma 3.4. If there exists a pair of amicable orthogonal designs of quaternionsAODQ(n; a1, . . . , as; b1, . . . , bt), then there exists a pair of amicable orthogonal designsof quaternions of type AODQ(4n; a1, a1, a1, b2, . . . , bt; b1, b1, b1, a2, . . . , as).

Proof. Let X =∑s

i=1Aixi and Y =∑t

j=1Bjyj be the amicable orthogonal designsof quaternions in order n and let us define following real weighing matrices:

M1 =

⎡

⎢⎢⎣

0 1 0 0−1 0 0 00 0 0 10 0 −1 0

⎤

⎥⎥⎦ , M2 =

⎡

⎢⎢⎣

0 0 1 00 0 0 −1−1 0 0 00 1 0 0

⎤

⎥⎥⎦ , M3 =

⎡

⎢⎢⎣

0 0 0 10 0 1 00 −1 0 0−1 0 0 0

⎤

⎥⎥⎦ ,

N1 =

⎡

⎢⎢⎣

0 1 0 0−1 0 0 00 0 0 −10 0 1 0

⎤

⎥⎥⎦ , N2 =

⎡

⎢⎢⎣

0 0 1 00 0 0 1−1 0 0 00 −1 0 0

⎤

⎥⎥⎦ , N3 =

⎡

⎢⎢⎣

0 0 0 10 0 −1 00 1 0 0−1 0 0 0

⎤

⎥⎥⎦ .

Let us construct the matrices

P =

3∑

i=1

(A1 ⊗Ni)pi +t∑

j=2

(Bj ⊗ I4)p2+j

Q =

3∑

i=1

(B1 ⊗Mi)qi +s∑

j=2

(Aj ⊗ I4)q2+j.

Matrices Pi’s and Qi’s satisfy the conditions (i)-(iv) in (1) because the weighingmatrices {Mi} and {Ni} are skew-symmetric and they also form an amicable family.

Example 3.6. Let us consider a pair of AODQ(2; 1, 1; 1, 1) given in Example 2.6,we apply Lemma 3.4 to construct the following AODQ(8; 1, 1, 1, 1; 1, 1, 1, 1):

P =

⎡

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎣

0 −p1 −p2 −p3 p4i 0 0 0p1 0 p3 −p2 0 p4i 0 0p2 −p3 0 p1 0 0 p4i 0p3 p2 −p1 0 0 0 0 p4ip4j 0 0 0 0 p1k p2k p3k0 p4j 0 0 −p1k 0 −p3k p2k0 0 p4j 0 −p2k p3k 0 −p1k0 0 0 p4j −p3k −p2k p1k 0

⎤

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎦

,

Q =

⎡

⎢⎢⎢⎢⎢⎢⎢⎢⎢⎢⎣

0 q1 q2 q3 q4i 0 0 0−q1 0 q3 −q2 0 q4i 0 0−q2 −q3 0 q1 0 0 q4i 0−q3 q2 −q1 0 0 0 0 q4i−q4j 0 0 0 0 q1k q2k q3k

0 −q4j 0 0 −q1k 0 q3k −q2k0 0 −q4j 0 −q2k −q3k 0 q1k0 0 0 −q4j −q3k q2k −q1k 0

⎤

⎥⎥⎥⎥⎥⎥⎥⎥⎥⎥⎦

.


Although we only give examples of AODQ of orders 2, 4 and 8 in this paper, there areactually many designs of orders other than the power of 2. We know that symmetricconference matrices exist for orders n = q + 1, q ≡ 1 (mod 4) a prime power,e.g. n = 6. Applying Theorem 3.1 on AODQ(2; 1, 1; 1, 1) and amicable orthogonaldesigns constructed from Corollary 3.1 gives us the following corollary.

Corollary 3.3. Let n ≡ 2 (mod 4) be the order of the symmetric conference matrices;then there exista)AODQ(4n;n, n, n;n, n, n), b)AODQ(4n;n, n, n; 2, 2(n− 1), n),c)AODQ(4n;n, n, n; 1, n−1, n), d)AODQ(4n; 2, 2(n−1), 2(n−1); 1, n−1, 2(n−1)).Examples are AODQ(24; 6, 6, 6; 6, 6, 6), AODQ(24; 6, 6, 6; 2, 10, 6) for n = 6.

Corollary 3.4. For q ≡ 3 (mod 4) a prime power, there exists AODQ(2(q + 1);1, q, q; 1, q, q).

Proof. This corollary follows by applying Theorem 3.1 on AODQ(2; 1, 1; 1, 1) andamicable orthogonal designs constructed using Lemma 3.3.

The above corollary also gives an example of AODQ(24; 1, 11, 11; 1, 11, 11) whenq = 11.

4 Combined designs from amicable AODQs

In [9], Seberry et al. propose a technique named combined quaternion orthogonaldesigns from real and complex orthogonal designs. This combined design uses theproperty that if ABH is a symmetric matrix, where A and B are matrices withcomplex entries, so that ABHq = qBAH for q ∈ {±j,±k}, then this will constructa new RQOD. If A and B are complex orthogonal designs with elements fromcomplex commuting variables, and if AHB is symmetric, then A+Bj is a restrictedquaternion orthogonal design. We say that A+ Bj is a combined design [9].There is a connection between combined designs and amicable orthogonal designs, inthat the form of ABH is examined. For amicable orthogonal designs of quaternions,the condition that ABQ is a symmetric matrix can be relaxed, since we have ABQ =BAQ for A and B. In the case of combined designs from amicable orthogonal designsof quaternions, we also need to be careful about what quaternion appears as entriesof ABQ. We illustrate this with the following example:

Example 4.1. Consider the AODQ(2; 1, 1; 1, 1) designs A and B from Example 2.3.We have

AQB =

[ −x1 x2j−x2i −x1k

] [y1 y2iy2j y1k

]

= BQA.

Let D = A+ Bq, q ∈ {±i,±j,±k} be a new design, for which we haveDQD = (AQ − qBQ)(A +Bq)

= AQA+ AQBq − qBQA− qBQBq= (AQA+ BQB) + (AQB)q − q(BQA),


where AQB = BQA for the amicability of A and B. We also notice that all entriesin AQB are either real or products with quaternion i. Thus AQBi = iBQA, and wehave DQD = AQA + BQB = (x21 + x

22 + y

21 + y

22)I2. The new design D = A + Bi is

of the form:

D =

[ −x1 + y1i x2i − y2−x2j − y2k x1k + y1j

]

.

Let complex symbols zi = xi + iyi, for 1 ≤ i ≤ 2, then we can rewrite D above as

D =

[ −z∗1 iz2−jz∗2 kz1

]

.

The above design satisfies DQD = (|z1|2 + |z2|2)I2 and is thus an RQOD(2; 1, 1) oncomplex variables z1 and z2. The new RQOD in Example 4.1 has no zero entries,which may have practical advantages when used in wireless communication, sincethere is no need to switch antennas off and back on during transmission.

We now provide another example of RQOD with order 4.

Example 4.2. Consider the AODQ(4; 1, 1, 2; 1, 1, 2) designs A and B in Example3.3 with variables a1, a2, a3 and b1, b2, b3 ∈ R. We have X = AQB

=

⎡

⎢⎢⎣

−a1 a2 a3j a3ja2 a1 a3j −a3j

−a3i −a3i a2k −a1k−a3i a3i −a1k −a2k

⎤

⎥⎥⎦

⎡

⎢⎢⎣

b1 −b2 b3i b3ib2 b1 b3i −b3ib3j b3j b1k −b2kb3j −b3j b2k b1k

⎤

⎥⎥⎦

=

⎡

⎢⎢⎣

X11 X12 X13 X14XQ12 X22 X23 X24XQ13 X

Q23 X33 X34

XQ14 XQ24 X

Q34 X44

⎤

⎥⎥⎦

= BQA,

where X11 = −a1b1 + a2b2 − 2a3b3, X12 = a1b2 + a2b1, X13 = (−a1b3 + a2b3 +a3b1 + a3b2)i, X14 = (−a1b3 − a2b3 + a3b1 − a3b2)i, X22 = a1b1 − a2b2 − 2a3b3, X23 =(a1b3+a2b3+a3b1−a3b2)i, X24 = (−a1b3+a2b3−a3b1−a3b2)i, X33 = a1b2−a2b1+2a3b3,X34 = a1b1 + a2b2 and X44 = −a1b2 + a2b1 + 2a3b3. Since only quaternion i appearsin X, we then set D = A +Bi as the new design:

D =

⎡

⎢⎢⎣

−a1 + b1i a2 − b2i a3i − b3 a3i− b3a2 + b2i a1 + b1i a3i − b3 −a3i + b3

−a3j − b3k −a3j − b3k −a2k + b1j a1k − b2j−a3j − b3k a3j + b3k a1k + b2j a2k + b1j

⎤

⎥⎥⎦ .

Let complex symbols zi = ai + ibi, for 1 ≤ i ≤ 3, then we can write D above as

D =

⎡

⎢⎢⎣

−z∗1 z∗2 iz3 iz3z2 z1 iz3 −iz3

−jz∗3 −jz∗3 −k(a2 − b1i) k(a1 − b2i)−jz∗3 jz∗3 k(a1 + b2i) k(a2 + b1i)

⎤

⎥⎥⎦ .


This design D satisfies DQD = (|z1|2+|z2|2+2|z3|2)I4 and is thus an RQOD(4; 1, 1, 2)on complex variables z1, z2 and z3. Note that if an entry in the orthogonal designis a linear combination of variables from the given domain, the design is said to bewith linear processing. Obviously, the new RQOD design has the property ofno zero entries but with linear processing on some entries, i.e the position (3,3) isthe quaternion combination of the real part of symbol z2 and the imaginary part ofsymbol z1.

The following Lemma shows the construction of orthogonal designs of quaternions(ODQ) by using symmetric conference matrices.

Lemma 4.1. Suppose a, b, c, d are real commuting variables. Let N be a symmetricconference matrix of order n and I the identity matrix of the same order. Then, X =aIi+bN and Y = cIj+dNk are orthogonal designs of quaternions ODQ(n; 1, n−1),and XY Q + Y XQ = 0, so X and Y are AAODQ(n; 1, n− 1; 1, n− 1) (anti-amicableorthogonal design of quaternions). Hence

[X YY X

]

is an ODQ(2n; 1, 1, n−1, n−1).

The proof for Lemma 4.1 is straightforward.

Example 4.3. From the symmetric conference matrix N given in Example 3.1 oforder 6, we construct the following matrices according to Lemma 4.1:

X =

⎡

⎢⎢⎢⎢⎢⎢⎣

ai b b b b bb ai b −b −b bb b ai b −b −bb −b b ai b −bb −b −b b ai bb b −b −b b ai

⎤

⎥⎥⎥⎥⎥⎥⎦

Y =

⎡

⎢⎢⎢⎢⎢⎢⎣

cj dk dk dk dk dkdk cj dk −dk −dk dkdk dk cj dk −dk −dkdk −dk dk cj dk −dkdk −dk −dk dk cj dkdk dk −dk −dk dk cj

⎤

⎥⎥⎥⎥⎥⎥⎦

.

X and Y are both ODQ(6; 1, 5), and they also form a pair of AAODQ(6; 1, 5; 1, 5).

Corollary 4.1. Let p ≡ 1 (mod 4) be a prime power. Then there exist orthogonaldesigns of quaternions ODQ(p+1; 1, p) and ODQ(2(p+1); 1, p, 1, p), and also a pairof anti-amicable orthogonal designs of quaternions AAODQ(p+ 1; 1, p; 1, p).

Corollary 4.1 follows on directly from Lemma 4.1.

Lemma 4.2. For a pair of AODQ(n; 1, n − 1; 1, n − 1) X and Y given in Lemma4.1, then D = X + Y i is an RQOD(n; 1, n− 1).

Proof. We have

DQD = (XQ − iY Q)(X + Y i)= XQX +XQY i− iY QX − iY QY i= (XQX + Y QY ) + (XQY )i − i(Y QX).


For X = xIi + bN and Y = cIj + dNk, where N is a symmetric conference matrixof order n and I is the identity matrix with the same order, we have

XQY = (−aIi + bNT )(cIj + dNk)= −acIk + adNj + bcNj + bdNNT k= −Y QX,

since only quaternions k and j appear in XQY , we thus have (XQY )i = i(Y QX).Hence, DQD = XQX + Y QY = (a2 + (n − 1)b2 + c2 + (n − 1)d2)In, i.e. D is anRQOD(n; 1, n− 1).

Example 4.4. Consider a pair of AODQ(6; 1, 5; 1, 5) given in Example 4.3, and wehave the following D = X + Y i:

⎡

⎢⎢⎢⎢⎢⎢⎣

i(a− cj) b+ dj b+ dj b+ dj b+ dj b+ djb+ dj i(a− cj) b+ dj −(b + dj) −(b+ dj) b+ djb+ dj b+ dj i(a− cj) b+ dj −(b+ dj) −(b+ dj)b+ dj −(b+ dj) b+ dj i(a− cj) b+ dj −(b+ dj)b+ dj −(b+ dj) −(b+ dj) b+ dj i(a− cj) b+ djb+ dj b+ dj −(b+ dj) −(b + dj) b+ dj i(a− cj)

⎤

⎥⎥⎥⎥⎥⎥⎦

.

In design D above, if we replace quaternion element j with i, i with an undecidedquaternion element q, and let complex variables z1 = a+ ci and z2 = b+ di, then wecan rewrite D: ⎡

⎢⎢⎢⎢⎢⎢⎣

qz∗1 z2 z2 z2 z2 z2z2 qz

∗1 z2 −z2 −z2 z2

z2 z2 qz∗1 z2 −z2 −z2

z2 −z2 z2 qz∗1 z2 −z2z2 −z2 −z2 z2 qz∗1 z2z2 z2 −z2 −z2 z2 qz∗1

⎤

⎥⎥⎥⎥⎥⎥⎦

.

q in D above can be chosen from the set {±k,±j} since qz∗1z∗2 = z2z1q for anyq ∈ {±k,±j}. It is easy to prove DQD = (|z1|2 + 5|z2|2)I6. Hence, D is a restrictedquaternion orthogonal design RQOD(6; 1, 5) with no zero entries.

5 Conclusion and future work

In this paper, we have introduced some methods for building amicable orthogonaldesigns over the real and quaternion domain, e.g. a method of constructing amicableorthogonal designs of quaternions (AODQ) by using the Kronecker product with realamicable orthogonal designs or real weighing matrices from an amicable family. Thisconstruction ensures that, for any existing real amicable orthogonal design generatedby using the Kronecker product, we can easily find an AODQ with the same orderand type. We have also shown that if A and B form a pair of AODQ, then thecombined design A+Bq for q ∈ {±i,±j,±k}is an RQOD by carefully choosing q.


Our newly constructed AODQs and RQODs, especially those with no zero entries,could have applications as space-time-polarization block codes.

However, there are still some problems that need to be solved, e.g. do there existany new amicable orthogonal designs of quaternions for which there are no suchreal or complex designs? Another problem is to determine the maximum number ofvariables in an AODQ. It is known that finding the maximum number of variables inan AOD is equivalent to finding the number of members in a Hurwitz-Radon familyof corresponding type [7], which also implies that the so-called Clifford algebras [2]have a matrix representation of the same order. In other words, how can we find a setof anti-commuting real, complex and quaternion matrix representation to determinethe maximum number of variables in an AODQ? We will address these problems ina future study.

References

[1] A. R. Calderbank, S. Das, N. Al-Dhahir, and S. N. Diggavi, Construction andanalysis of a new quaternionic space-time code for 4 transmit antennas, Commu-nications in Information and Systems 5(1) (2005), 1–26.

[2] W. K. Clifford, Applications of Grassman’s extensive algebra, Amer. J. Math. 5(1878), 350–358.

[3] P. Delsarte, J. M. Goethals and J. J. Seidel, Orthogonal matrices with zero diag-onal, II, Canad. J. Math. 23 (1971), 816–832.

[4] K. Finlayson, J. Seberry, T. A. Wysocki and T. Xia, Orthogonal designs withquaternion elements, In Proc. 8th International Symposium on CommunicationTheory and Applications, ISCTA’05, pp. 270–272, Ambleside, UK, July 2005.

[5] A. V. Geramita and J. M. Geramita, Complex orthogonal designs, J. Combin.Theory Ser. A 25 (1978), 211–225.

[6] A. V. Geramita, J. M. Geramita, and J. Seberry Wallis, Orthogonal designs, Lin-ear and Multilinear Algebra, 3 (1976), 281–306.

[7] A. V. Geramita and J. Seberry, Orthogonal Designs,Quadratic Forms andHadamard Matrices, Lec. Notes Pure Appl. Math. vol.43, New York and Basel,Marcel Dekker, 1979.

[8] O. M. Isaeva and V. A. Sarytchev, Quaternion presentations polarization state,In Proc. 2nd IEEE Topical Symposium of Combined Optical-Microwave Earth andAtmosphere Sensing, pp. 195–196, Atlanta, GA, USA, April 1995.

[9] J. Seberry, K. Finlayson, Sarah A. Spence, T. A. Wysocki and T. Xia, The theoryof orthogonal designs over the quaternion domain. Under review.


[10] J. Seberry and M. Yamada, Hadamard matrices, Sequences, and Block Designs.In Contemporary Design Theory—A Collection of Surveys, pp. 431–560. Eds J.H.Dinitz and D.R. Stinson, John Wiley and Sons, New York, 1992.

[11] V. Tarokh, H. Jafarkhani, and A. R. Calderbank, Space-time block codes fromorthogonal designs, IEEE Trans. Inform. Theory, 45(5) (1999), 1456–1467.

[12] J. S. Wallis, Constructions for amicable orthogonal designs, Bull. Austral. Math.Soc. 12 (1975), 179–182.

[13] W. D. Wallis, A. P. Street and J. S. Wallis, Combinatorics: Room squares, sum-free sets, Hadamard matrices. In Lec. Notes Math. 292, Springer-Verlag, New York,1972.

[14] W. W. Wolfe, Orthogonal designs-amicable orthogonal designs-some algebraicand combinatorial techniques, Ph.D. Dissertation, Queen’s University, Kingston,Ontario, 1975.

[15] C. Yuen, Y. L. Guan, and T. T. Tjhung, Amicable complex orthogonal designs.Under review.

(Received 27 Feb 2007; revised 9 Mar 2008, 21 Jan 2009)


The transformation graph G++−

Lei Yi Baoyindureng Wu∗

College of Mathematics and System SciencesXinjiang University

Urumqi 830046, XinjiangP.R. China

[email protected]

Abstract

The transformation graph G++− of G is the graph with vertex set V (G)∪E(G) in which the vertices u and v are joined by an edge if one of thefollowing conditions holds: (i) u, v ∈ V (G) and they are adjacent in G,(ii) u, v ∈ E(G) and they are adjacent in G, (iii) one of u and v is inV (G) while the other is in E(G), and they are not incident in G. In thispaper, for a graph G, we determine the independence number of G++−

and give a lower bound for the connectivity of G++−. Furthermore, weprovide some simple sufficient conditions for G++− to be hamiltonian.

1 Introduction

All graphs considered here are finite, undirected and simple. We refer to [2] forunexplained terminology and notation. Let G = (V (G), E(G)) be a graph. |V (G)|and |E(G)| are called the order and the size of G, respectively. For two vertices uand v of G, if there is an edge e joining them, we say u and v are adjacent. In thiscase, both u and v are end vertices of e, and u (or v) and e are said to be incident.Two edges e and f are also said to be adjacent if they have an end vertex in common.

For a vertex v of G, if there is no confusion, the degree dG(v) is simply denoted byd(v). The symbols Δ(G), δ(G), κ(G), α(G), M(G) and ω(G) denote the maximumdegree, the minimum degree, the connectivity, the independence number, the cardi-nality of a maximum matching and the number of components of G, respectively.

As usual, Kn is the complete graph of order n. For two positive integers r and s,Kr,s is the complete bipartite graph with two partite sets containing r and s vertices.In particular, K1,s is called a star. For s � 2, K1,s +e is the graph obtained from K1,sby adding a new edge which joins two vertices of degrees one. We say two graphsG and H are disjoint if they have no vertex in common, and denote their union byG + H; it is called the disjoint union of G and H. The disjoint union of k copies ofG is written as kG.

∗ Corresponding author.

38 LEI YI AND BAOYINDURENG WU

The line graph L(G) of G is the graph whose vertex set is E(G) in which twovertices are adjacent if and only if they are adjacent in G. The total graph T (G) ofG is the graph whose vertex set is V (G) ∪ E(G) in which two vertices are adjacentif and only if they are adjacent or incident in G. The complement of G, denoted byG, is the graph with the same vertex set as G, but where two vertices are adjacent ifand only if they are not adjacent in G. For simplicity, if a graph G is isomorphic toH, we write G ∼= H, and if it is not, G �∼= H. For a graph G and a set A of graphs,we denote by G ∈ A the fact that G is isomorphic to a graph in A, and G �∈ A,otherwise.

Wu and Meng [8] generalized the concept of total graphs to a total transformationgraph Gxyz with x, y, z ∈ {−,+}, where G+++ is precisely the total graph of G, andG−−− is the complement of G+++. Each of these eight kinds of transformation graphGxyz appears to have some nice properties; for instance, their diameters are small inmost cases [8], and their edge connectivities are equal to their minimum degree etc.[3, 12].

Fleischner and Hobbs [5] showed that G+++ is hamiltonian if and only if Gcontains an EPS-subgraph. Ma and Wu [7] showed that for a graph G of order n � 6,G−−− is hamiltonian if and only if G /∈ {K1,n−1, K1,n−1 +e,K1,n−2 +K1}. Wu, Zhangand Zhang [10] proved that for any graph G of order n, G−++ is hamiltonian if andonly if n � 3. For the hamiltonicity of line graphs and their complements, see [6]and [9].

We shall investigate the transformation graph G++− of a graph G. G++− is thegraph with V (G++−) = V (G) ∪ E(G), in which two vertices u and v are joined byan edge in G++− if one of the following conditions holds: (i) u, v ∈ V (G) and theyare adjacent in G, (ii) u, v ∈ E(G) and they are adjacent in G, (iii) one of u and vis in V (G) while the other is in E(G), and they are not incident in G.

In this note, for a graph G, we determine the independence number of G++− andgive a lower bound for the connectivity of G++−. Furthermore, we provide a simplesufficient condition for G++− to be hamiltonian.

2 Main results

We start with some simple observations. Let G be a graph of order n and sizem. Then the order of G++− is n + m, dG++−(x) = m for any x ∈ V (G) anddG++−(e) = n− 4 + d(u) + d(v) for any e = uv ∈ E(G). So

δ(G++−) = min{m,n− 4 + minuv∈E(G)

{d(u) + d(v)}}.

Theorem 2.1. For any graph G,

α(G++−) ={

2 if G ∼= K2 or K3,max{α(G),M(G)} otherwise.

Proof. It is easy to check that if G ∈ {K1, K2, K3}, the result holds. So we treatthe remaining case. It is clear that α(G++−) � max{α(G),M(G)}.

THE TRANSFORMATION GRAPH G++− 39

To complete the proof, we will show that α(G++−) � max{α(G),M(G)}. Let Sbe a maximum independent set of G++− and S = S1 ∪ S2, where S1 ⊆ V (G) andS2 ⊆ E(G). Let us consider three cases.Case 1. |S1| � 2.

We show that S2 = ∅. Otherwise, we can take a vertex e ∈ S2. Then each vertex ofS1 is incident with e in G, which implies |S1| � 2. Thus together with the assumption|S1| � 2, we have |S1| = 2. Namely, the two elements of S1 are exactly the two endvertices of e inG. But, since S is an independent set of G++−, they are not adjacent inG++−, and so in G, a contradiction. Thus |S| = |S1| � α(G) � max{α(G),M(G)}.Case 2. |S2| � 2.

We show that S1 = ∅. Otherwise, we can take a vertex u, say, from S1. Thenall elements of S2 are edges incident with u in G. But, on the other hand, S2 area matching of G, and thus the elements of S2 are not pairwise adjacent in G, acontradiction. Thus |S| = |S2| � M(G) � max{α(G),M(G)}.Case 3. max{|S1|, |S2|} � 1.

Then |S| = |S1| + |S2| � 2. It remains to show that max{α(G),M(G)} � 2. Ifα(G) � 2, we are done, and otherwise α(G) = 1 then G is a complete graph of orderat least 4, and thus M(G) ≥ 2. Thus max{α(G),M(G)} � 2.

The proof is complete. �

Wu and Meng [8] proved that G++− is connected if and only if G � 2K2 andG has at least two edges, and furthermore, that diam(G++−) � 4 when G++− isconnected.

Theorem 2.2. For a graph G of order n � 6 and size m � 3, κ(G++−) � min{m−1, n+ κ(L(G)) − 1}.

Proof. Let S be a minimum cut of G++− with |S| < δ(G++−). Thus each componentof G++−−S has at least two vertices. We say that a component H of G++−−S is oftype-1 (respectively, type-2, or type-3) if V (H) ⊆ V (G) (respectively, V (H) ⊆ E(G),or V (H) ∩ V (G) �= ∅ and V (H) ∩ E(G) �= ∅ ).Claim 1. Components of type-1 and type-2 do not appear in G++−−S at the sametime.

Proof of Claim 1. If it is not true, we can take two vertices x and y from a componentof type-1 and two vertices e and e′ from a component of type-2. By the definition ofG++−, both e and e′ must be incident with both x and y in G. Therefore, e and e′

are parallel edges in G, which contradicts the fact that G is a simple graph. �

Claim 2. All components cannot be of type-1.

Proof of Claim 2. If all components of G++− − S are of type-1 then E(G) ⊆ S andthus |S| ≥ m, which contradicts |S| < δ(G++−) � m. �Claim 3. If G++−−S contain a component of type-1 then |S| = m−1 = δ(G++−)−1.

40 LEI YI AND BAOYINDURENG WU

Proof of Claim 3. By Claims 1 and 2, G++− − S must contain a component of type-3. First we show ω(G++− − S) = 2. By contradiction, suppose ω(G++− − S) > 2.We take a vertex e ∈ V (G++− − S) ∩ E(G), from a component of type-3 and twovertices u1, u2 ∈ V (G++− − S) ∩ V (G) from two other different components. Thenby the definition of G++−, e = u1u2 while u1 and u2 are not adjacent in G sinceu1 and u2 are not adjacent in G

++−. So G consists of exactly two components, oneof which is H1, say, of type-1 and the other is H3, say, of type-3. By the sameargument as in the proof of Claim 1, one can deduce that |V (H3) ∩ E(G)| = 1. LetV (H3) ∩ E(G) = {e}. Again by the definition of G++− and the fact that H1 hasorder at least two, V (H1) = {u, v}, where uv

AUSTRALASIAN JOURNALajc.maths.uq.edu.au/pdf/44/vol44v03.pdf · 2013-05-22 · Alice, Bob, and Cathy...

Documents

Transcript of AUSTRALASIAN JOURNALajc.maths.uq.edu.au/pdf/44/vol44v03.pdf · 2013-05-22 · Alice, Bob, and Cathy...