A First Course in Number Theory

2.5 Euler’s Theorem and Fermat’s Theorem

10. Letm1, . . . , mkbe pairwise relatively prime positive integers andm= m1· · ·mk. Define the map

f : (Z/mZ)^×→(Z/m1Z)^×× · · · ×(Z/mkZ)^× by

f(a+mZ) = (a+m₁Z, . . . , a+m_kZ).

Use the Chinese remainder theorem to show directly that this map is one-to-one and onto.

68 2. Congruences

Theorem 2.13 (Fermat) Letpbe a prime number. If the integerais not divisible by p, then

a^p−1≡1 (modp).

Moreover,

a^p≡a (modp) for every integera.

Proof. Ifpis prime and does not dividea, then (a, p) = 1,ϕ(p) =p−1, and

a^p−1=a^ϕ(p)≡1 (mod p)

by Euler’s theorem. Multiplying this congruence bya, we obtain a^p≡a (modp).

Ifpdividesa, then this congruence also holds fora.2

Let m be a positive integer and let a be an integer that is relatively prime to m. By Euler’s theorem, a^ϕ(m) ≡ 1 (modm). The order of a with respect to the modulus mis the smallest positive integerdsuch that a^d ≡1 (mod m). Then 1≤d≤ϕ(m). We denote the order ofamodulo mby ordm(a).We shall prove that ordm(a) dividesϕ(m) for every integer arelatively prime top.

Theorem 2.14 Let m be a positive integer and a an integer relatively prime to m. If d is the order of a modulo m, then a^k ≡ a (modm) if and only ifk≡ (modd). In particular,aⁿ≡1 (mod m)if and only if ddividesn, and sod dividesϕ(m).

Proof. Since a has order d modulo m, we have a^d ≡ 1 (mod m). If k≡ (modd), thenk=+dq, and so

a^k=a^+dq=a a^dq

≡a (modm).

Conversely, suppose that a^k ≡ a (modm). By the division algorithm, there exist integersqandrsuch that

k−=dq+r and 0≤r≤d−1.

Then

a^k=a^+dq+r=a a^dq

a^r≡a^ka^r (modm).

Since (a^k, m) = 1, we can divide this congruence bya^k and obtain a^r≡1 (mod m).

Since 0≤r≤d−1, anddis the order ofamodulom, it follows thatr= 0, and so k≡ (modd).

If aⁿ ≡ 1 ≡ a⁰ (modm), then d divides n. In particular, d divides ϕ(m), sincea^ϕ(m)≡1 (mod m) by Euler’s theorem.2

For example, let m = 15 anda = 7. Since ϕ(15) = 8, Euler’s theorem tells us that

7⁸≡1 (mod 15).

Moreover, the order of 7 with respect to 15 is a divisor of 8. We can compute the order as follows:

7¹ ≡ 7 (mod 15), 7² ≡ 49≡4 (mod 15), 7³ ≡ 28≡13 (mod 15), 7⁴ ≡ 91≡1 (mod 15), and so the order of 7 is 4.

We shall give a second proof of Euler’s theorem and its corollaries. We begin with some simple observations about groups. We define theorder of a groupas the cardinality of the group.

Theorem 2.15 (Lagrange’s theorem) If G is a finite group and H is a subgroup ofG, then the order ofH divides the order ofG.

Proof. Let G be a group, written multiplicatively, and let X be a nonempty subset ofG. For everya∈Gwe define the set

aX ={ax:x∈X}.

The mapf :X →aX defined by f(x) =ax is a bijection, and so |X| =

|aX| for all a ∈ G. If H is a subgroup of G, then aH is called a coset of H. Let aH and bH be cosets of the subgroup H. If aH ∩bH = ∅, then there exist x, y ∈ H such that ax = by, or, since H is a subgroup, b=axy⁻¹=az, wherez=xy⁻¹∈H. Thenbh=azh∈aH for allh∈H, and so bH ⊆aH. By symmetry, aH ⊆bH, and so aH = bH. Therefore, cosets of a subgroup H are either disjoint or equal. Since every element of G belongs to some coset of H (for example, a ∈aH for alla∈ G), it follows that the cosets of H partition G. We denote the set of cosets by G/H. IfGis a finite group, thenH andG/H are finite, and

|G|=|H||G/H|.

In particular, we see that |H|divides |G|.2

LetGbe a group, written multiplicatively, and leta∈G. LetH ={a^k: k∈Z}. Then 1 =a⁰∈H⊆G. Sincea^ka=a^k+for allk, ∈Z, it follows

70 2. Congruences

that H is a subgroup of G. This subgroup is called the cyclic subgroup generated by a, and writtena. Cyclic subgroups are abelian.

The groupGiscyclicif there exists an elementa∈Gsuch thatG=a.

In this case, the elementais called ageneratorofG. For example, the group (Z/7Z)^× is a cyclic group of order 6 generated by 3 + 7Z. The congruence class 5 + 7Zis another generator of this group.

If a^k =a for all integers k=, then the cyclic subgroup generated by a is infinite. If there exist integersk and such that k < and a^k =a, then a^−k = 1. Let d be the smallest positive integer such that a^d = 1.

Then the group elements 1, a, a², . . . , a^d−1 are distinct. Let n∈Z. By the division algorithm, there exist integers q andr such thatn =dq+rand 0≤r≤d−1. Since

aⁿ=a^dq+r= a^dq

a^r=a^r, it follows that

a={aⁿ:n∈Z}={a^r: 0≤r≤d−1},

and the cyclic subgroup generated bya has orderd. Moreover, a^k =a if and only ifk≡ (mod d).

LetGbe a group, and leta∈G. We define theorderofa as the cardi- nality of the cyclic subgroup generated bya.

Theorem 2.16 Let Gbe a finite group, anda∈G. Then the order of the element adivides the order of the groupG.

Proof. This follows immediately from Theorem 2.15, since the order of ais the order of the cyclic subgroup thatagenerates.2

Let us apply these remarks to the special case when G = (Z/mZ)^× is the group of units in the ring of congruence classes modulom. ThenGis a finite group of orderϕ(m). Let (a, m) = 1 and letdbe the order ofa+mZ in G, that is, the order of the cyclic subgroup generated by a+mZ. By Theorem 2.16,ddividesϕ(m), and so

a^ϕ(m)+mZ= (a+mZ)^ϕ(m)=

(a+mZ)^dϕ(m)/d

= 1 +mZ.

Equivalently,

a^ϕ(m)≡1 (mod m).

This is Euler’s theorem.

Theorem 2.17 LetGbe a cyclic group of orderm, and letH be a subgroup of G. If a is a generator of G, then there exists a unique divisor d of m such that H is the cyclic subgroup generated bya^d, andH has orderm/d.

Proof. LetS be the set of all integersusuch that a^u ∈H. If u, v∈S, then a^u, a^v ∈H. SinceH is a subgroup, it follows thata^ua^v =a^u+v ∈H anda^u(a^v)⁻¹=a^u−v ∈H. Therefore,u±v∈S, andS is a subgroup ofZ.

By Theorem 1.3, there is a unique nonnegative integerdsuch thatS=dZ, and so H is the cyclic subgroup generated bya^d. Since a^m= 1∈ H, we havem∈S, and sodis a positive divisor ofm. It follows thatH has order m/d.2

Theorem 2.18 LetGbe a cyclic group of orderm, and letabe a generator of G. For every integer k, the cyclic subgroup generated by a^k has order m/d, whered= (m, k), anda^k=a^d. In particular,Ghas exactlyϕ(m) generators.

Proof. Since d = (k, m), there exist integers x and y such that d = kx+my. Then

a^d=a^kx+my= a^kx

(a^m)^y= a^kx

,

and soa^d∈ a^kanda^d ⊆ a^k. Sinceddividesk, there exists an integer z such thatk=dz. Then

a^k= a^dz

,

and so a^k ∈ a^d and a^k ⊆ a^d. Therefore, a^k = a^d and a^k has order m/d. In particular, a^k generatesG if and only ifd= 1 if and only if (m, k) = 1, and so Ghas exactly ϕ(m) generators. This completes the proof.2

We can now give a group theoretic proof of Theorem 2.8. Let G be a cyclic group of orderm. For every divisordofm, the groupGhas a unique cyclic subgroup of orderd, and this subgroup has exactlyϕ(d) generators.

Since every element ofGgenerates a cyclic subgroup, it follows that

m=

d|m

ϕ(d).

Voil`a!

Exercises

1. Prove that

3⁵¹²≡1 (mod 1024).

2. Find the remainder when 7⁵¹ is divided by 144.

3. Find the remainder when 2¹⁰⁸ is divided by 31.

72 2. Congruences

4. Compute the order of 2 with respect to the prime moduli 3, 5, 7, 11, 13, 17, and 19.

5. Compute the order of 10 with respect to the modulus 7.

6. Letridenote the least nonnegative residue of 10ⁱ (mod 7). Compute rifori= 1, . . . ,6. Compute the decimal expansion of the fraction 1/7 without using a calculator. Can you find where the numbersr1, . . . , r6

appear in the process of dividing 7 into 1?

7. Compute the order of 10 modulo 13. Compute the period of the frac- tion 1/13.

8. Let p be prime and a an integer not divisible by p. Prove that if a²ⁿ ≡ −1 (mod p), thenahas order 2ⁿ⁺¹ modulop.

9. Let m be a positive integer not divisible by 2 or 5. Prove that the decimal expansion of the fraction 1/mis periodic with period equal to the order of 10 modulom.

10. Prove that the decimal expansion of 1/mis finite if and only if the prime divisors ofmare 2 and 5.

11. Prove that 10 has order 22 modulo 23. Deduce that the decimal ex- pansion of 1/23 has period 22.

12. Prove that ifpis a prime number congruent to 1 modulo 4, then there exists an integerxsuch thatx²≡ −1 (modp).

Hint:Observe that (p−1)! ≡

(p−1)/2 j=1

j(p−j)≡

(p−1)/2 j=1

(−j²)

≡ (−1)^(p−1)/2



^(p−1)/2

j=1

j





2

(modp),

and apply Theorem 2.4.

13. Prove that ifn≥2, then 2ⁿ−1 is not divisible by n.

Hint:Letpbe the smallest prime that divides n. Consider the con- gruence 2ⁿ≡1 (mod p).

14. Prove that ifpandq are distinct primes, then p^q−1+q^p−1≡1 (modpq).

15. Prove that ifmandnare relatively prime positive integers, then m^ϕ(n)+n^ϕ(m)≡1 (mod mn).

16. Letpbe an odd prime. By Euler’s theorem, if (a, p) = 1, then fp(a) =a^p−1−1

p ∈Z.

Prove that if (ab, p) = 1, then

fp(ab)≡fp(a) +fp(b) (mod p).

17. Let f(x) and g(x) be polynomials with integer coefficients. We say thatf(x) is equivalent tog(x) modulo pif

f(a)≡g(a) (modp) for all integersa.

Prove that the polynomialsx⁹+5x⁷+3 andx³−2x+24 are equivalent modulo 7. Prove that every polynomial is equivalent modulopto a polynomial of degree at mostp−1.

Hint:Use Fermat’s theorem.

18. Let Gbe the group (Z/7Z)^×. Determine all the cyclic subgroups of G.

19. Prove that the group (Z/11Z)^× is cyclic, and find a generator.

20. Let G be a group with subgroup H. Define a relation ∼ on G as follows:a∼bifb⁻¹a∈H. Prove that this is an equivalence relation (that is, reflexive, symmetric, and transitive). Prove thata∼bif and only ifaH =bH, and so the equivalence classes of this relation are the cosets inG/H.

21. LetGbe an abelian group with subgroupH. LetG/H be the set of cosets ofH in G. Define multiplication of congruence classes by

aH·bH =abH.

Prove that ifaH =aH and bH =bH, then abH =abH, and so multiplication of cosets is well-defined. Prove thatG/H is an abelian group with this multiplication. This is called thequotient groupofG byH.

22. Let Gbe a group and let H and K be subgroups of G. Fora∈ G, we define thedouble cosetHaK ={hak:h∈H, k∈K}. Prove that ifa, b∈GandHaK∩HbK=∅, then HaK=HbK.

74 2. Congruences