A First Course in Number Theory
3.1 Polynomials and Primitive Roots
Let m be a positive integer greater than 1, and a an integer relatively prime tom. Theorder ofamodulom, denoted by ordm(a), is the smallest positive integerdsuch thatad≡1 (modm). By Theorem 2.14, ordm(a) is a divisor of the Euler phi function ϕ(m). The order of a modulom is also called theexponentofamodulom.
We investigate the least nonnegative residues of the powers ofamodulo m. For example, if m= 7 anda= 2, then
20 ≡ 1 (mod 7), 21 ≡ 2 (mod 7), 22 ≡ 4 (mod 7), 23 ≡ 1 (mod 7), and 2 has order 3 modulo 7. Ifm= 7 and a= 3, then
30 ≡ 1 (mod 7), 31 ≡ 3 (mod 7), 32 ≡ 2 (mod 7), 33 ≡ 6 (mod 7), 34 ≡ 4 (mod 7), 35 ≡ 5 (mod 7), 36 ≡ 1 (mod 7),
and 3 has order 6 modulo 7. The powers of 3 form a reduced residue system modulo 7.
The integerais called aprimitive root modulomifahas orderϕ(m). In this case, theϕ(m) integers 1, a, a2, . . . , aϕ(m)−1 are relatively prime tom and are pairwise incongruent modulom. Thus, they form a reduced residue system modulo m. For example, 3 is a primitive root modulo 7. Similarly, 3 is a primitive root modulo 10, sinceϕ(10) = 4 and
30 ≡1 (mod 10), 31 ≡3 (mod 10), 32 ≡9 (mod 10), 33 ≡7 (mod 10), 34 ≡1 (mod 10).
Some moduli do not have primitive roots. There is no primitive root modulo 8, for example, since ϕ(8) = 4, but
12≡32≡52≡72≡1 (mod 8), (3.1) and no integer has order 4 modulo 8.
In this section we prove that every prime p has a primitive root. In Section 3.2 we determine all composite moduli m for which there exist primitive roots.
We begin with some remarks about polynomials. LetRbe a commutative ring with identity. A polynomial with coefficients in R is an expression of the form
f(x) =amxm+am−1xm−1+· · ·+a1x+a0,
where a0, a1, . . . , am ∈ R. The element ai is called the coefficient of the term xi. The degree of the polynomial f(x), denoted by deg(f), is the greatest integernsuch thatan = 0,andanis called theleading coefficient.
If deg(f) = n, we defineai = 0 for i > n. Nonzero constant polynomials f(x) =a0= 0 have degree 0. The zero polynomialf(x) = 0 has no degree.
Amonic polynomialis a polynomial whose leading coefficient is 1.
We define addition and multiplication of polynomials in the usual way:
Iff(x) =n
i=0aixi andg(x) =m
j=0bjxj, then (f+g)(x) =
max(m,n)
k=0
(ak+bk)xk and
f g(x) = mn k=0
ckxk,
3.1 Polynomials and Primitive Roots 85
where
ck =
i+j=k 0≤i≤n 0≤j≤m
aibj= k i=0
aibk−i.
With this addition and multiplication, the setR[x] of all polynomials with coefficients inR is a commutative ring. Moreover,
deg(f+g)≤max(deg(f),deg(g)).
Iff, g∈F[x] for some fieldF, then
deg(f g) = deg(f) + deg(g), and the leading coefficient off g isambn.
For everyα∈R, theevaluation mapΘα:R[x]→R defined by Θα(f) =f(α) =anαn+an−1αn−1+· · ·+a1α+a0
is a ring homomorphism, that is, (f+g)(α) =f(α) +g(α) and (f g)(α) = f(α)g(α). The elementαis called azero or arootof the polynomialf(x) if Θα(f) =f(α) = 0.
We say that the polynomial d(x) divides the polynomial f(x) if there exists a polynomialq(x) such thatf(x) =d(x)q(x).
Theorem 3.1 (Division algorithm for polynomials) LetF be a field.
If f(x) andd(x) are polynomials inF[x] and if d(x)= 0, then there exist unique polynomials q(x) and r(x) such that f(x) = d(x)q(x) +r(x) and either r(x) = 0 or the degree of r(x) is strictly smaller than the degree of d(x).
Proof. Let d(x) =bmxm+· · ·+b1x+b0, where bm= 0 and deg(d) = m. If d(x) does not divide f(x), then f −dq = 0 and deg(f −dq) is a nonnegative integer for every polynomial q(x) ∈ F[x]. Choose q(x) such that = deg(f−dq) is minimal, and let
r(x) =f(x)−d(x)q(x) =cx+· · ·+c1x+c0∈F[x], wherec= 0. We shall prove that < m.
SinceF is a field,b−1m ∈F. If≥m, then d(x)b−1mcx−m
is a polynomial of degree with leading coefficientc. Then Q(x) =q(x) +b−1mcx−m∈F[x],
and
R(x) = f(x)−d(x)Q(x)
= f(x)−d(x)
q(x) +b−m1cx−m
= r(x)−d(x)b−1mcx−m
is a polynomial of degree at most−1. This contradicts the minimality of , and so < m.
Next we prove that the polynomialsq(x) and r(x) are unique. Suppose that
f(x) =d(x)q1(x) +r1(x) =d(x)q2(x) +r2(x),
whereq1(x), q2(x), r1(x), r2(x) are polynomials in F[x] such thatri(x) = 0 or deg(ri)<deg(d) fori= 1,2. Then
d(x)(q1(x)−q2(x)) =r2(x)−r1(x).
Ifq1(x)=q2(x), then
deg(d)≤deg(d(q1−q2)) = deg(r2−r1)<deg(d),
which is absurd. Therefore, q1(x) = q2(x), and so r1(x) = r2(x). This completes the proof.2
Theorem 3.2 Letf(x)∈F[x],f(x)= 0, and letN0(f)denote the number of distinct zeros of f(x) in F. Then N0(f) does not exceed the degree of f(x), that is,
N0(f)≤deg(f).
Proof. We use the division algorithm for polynomials. Letα ∈F. Di- vidingf(x) byx−α, we obtain
f(x) = (x−α)q(x) +r(x),
wherer(x) = 0 or deg(r)<deg(x−α) = 1, that is,r(x) =r0is a constant.
Lettingx=α, we see thatr0=f(α), and so f(x) = (x−α)q(x) +f(α)
for every α ∈ F. In particular, if αis a zero of f(x), thenx−αdivides f(x).
We prove the theorem by induction on n= deg(f). If n= 0, thenf(x) is a nonzero constant and N0(f) = 0. If n = 1, then f(x) = a0+a1x with a1= 0, and N0(f) = 1 since f(x) has the unique zeroα=−a−11 a0. Suppose that n≥2 and the theorem is true for all polynomials of degree
3.1 Polynomials and Primitive Roots 87 at mostn−1. IfN0(f) = 0,we are done. IfN0(f)≥1, letα∈F be a zero off(x). Then
f(x) = (x−α)q(x), and
deg(q) =n−1.
Ifβ is a zero off(x) andβ=α, then
0 =f(β) = (β−α)q(β),
and soβ is a zero ofq(x). Since deg(q) =n−1, the induction hypothesis implies that
N0(f)≤1 +N0(q)≤1 + deg(q) =n.
This completes the proof.2
Theorem 3.3 Let G be a finite subgroup of the multiplicative group of a field. Then Gis cyclic.
Proof. Let |G| = m. By Theorem 2.15, if a ∈ G, then the order of a is a divisor of m. For every divisor d of m, let ψ(d) denote the number of elements of G of order d. If ψ(d) = 0, then there exists an element a of order d, and every element of the cyclic subgroup a generated by a satisfiesad= 1. By Theorem 3.2, the polynomialf(x) =xd−1∈F[x] has at most dzeros, and so every zero of f(x) belongs to the cyclic subgroup a. In particular, every element ofG of order d must belong to a. By Theorem 2.18, a cyclic group of orderdhas exactlyϕ(d) generators, where ϕ(d) is the Euler phi function. Therefore, ψ(d) = 0 or ψ(d) = ϕ(d) for every divisordofm. Since every element ofGhas orderdfor some divisor dofm, it follows that
d|m
ψ(d) =m.
By Theorem 2.8,
d|m
ϕ(d) =m,
and soψ(d) =ϕ(d) for every divisordofm. In particular,ψ(m) =ϕ(m)≥ 1, and soGis a cyclic group of orderm.2
Theorem 3.4 For every primep, the multiplicative group of the finite field Z/pZis cyclic. This group hasϕ(p−1)generators. Equivalently, for every prime p, there exist ϕ(p−1) pairwise incongruent primitive roots modulo p.
Proof. This follows immediately from Theorem 3.3, since |(Z/pZ)×|= p−1.2
The following table lists the primitive roots for the first six primes.
p ϕ(p−1) primitive roots
2 1 1
3 1 2
5 2 2,3
7 2 3,5
11 4 2,6,7,8 13 4 2,6,7,11
Letpbe a prime, and letgbe a primitive root modulop. Ifais an integer not divisible byp, then there exists a unique integerksuch that
a≡gk (modp) and
k∈ {0,1, . . . , p−2}.
This integerk is called theindex ofawith respect to the primitive rootg, and is denoted by
k= indg(a).
Ifk1 andk2 are any integers such thatk1≤k2 and a≡gk1≡gk2 (modp), then
gk2−k1 ≡1 (modp), and so
k1≡k2 (modp−1).
Ifa≡gk (mod p) andb≡g (mod p), thenab≡gkg=gk+ (modp), and so
indg(ab)≡k+≡indg(a) + indg(b) (mod p−1).
The index map indg is also called the discrete logarithm to the base g modulop.
For example, 2 is a primitive root modulo 13. Here is a table of ind2(a) fora= 1, . . . ,12:
a ind2(a) a ind2(a)
1 0 7 11
2 1 8 3
3 4 9 8
4 2 10 10
5 9 11 7
6 5 12 6
3.1 Polynomials and Primitive Roots 89 By Theorem 2.18, if gis a primitive root modulo p, then gk is a primitive root if and only if (k, p−1) = 1. For example, forp= 13 there areϕ(12) = 4 integersksuch that 0≤k≤11 and (k,12) = 1, namely,k= 1,5,7,11, and so the four pairwise incongruent primitive roots modulo 13 are
21 ≡ 2 (mod 13), 25 ≡ 6 (mod 13), 27 ≡ 11 (mod 13), 211 ≡ 7 (mod 13).
Exercises
1. Find a primitive root modulo 23.
2. Find a primitive root modulo 41.
3. Prove that 2 is a primitive root modulo 101.
4. Compute ind2(27) modulo 101.
5. Compute ind2(19) modulo 101.
6. What is the order of 3 modulo 101? Is 3 a primitive root modulo 101?
7. Prove that 2 is a primitive root modulo 53.
8. Find all solutions of the congruence 2x≡22 (mod 53).
9. Compute ind2(a) for all anot divisible by 53.
10. Letpbe an odd prime, and letgbe a primitive root modulop. Prove that
(p−1)!≡g(p−2)(p−1)/2≡ −1 (modp).
Hint:Observe that
(p−1)!≡1·g·g2· · ·gp−2 (mod p)
and (p−2)(p−1)
2 = p(p−1)
2 −(p−1).
This gives another proof of Wilson’s theorem (Theorem 2.4).
11. Prove that ifmhas one primitive root, then there are exactlyϕ(ϕ(m)) pairwise incongruent primitive roots modulom.
12. Letg andrbe primitive roots modulop. Prove that indr(a)≡indg(a)indr(g) (modp−1) for every integerarelatively prime top.
13. Letgbe a primitive root modulo the odd primep. Prove thatg(p−1)/2≡
−1 (modp).
14. Letg be a primitive root modulo the odd primep. Prove that−gis a primitive root modulopif and only ifp≡1 (mod 4).
15. Let f(x) = n
i=0aixi and g(x) = n
i=0bixi be polynomials with integer coefficients. Thenf(x) andg(x) are calledcongruent modulo m, written f(x) ≡ g(x) (mod m), if ai ≡ bi (modm) for i = 0,1, . . . , n. Letpbe an odd prime, and let
f(x) =xp−1−1 and
g(x) = (x−1)(x−2)· · ·(x−(p−1)).
Prove the following statements:
(a) The polynomialf(x)−g(x) has degreep−2.
(b)
f(c)≡g(c)≡0 (mod p) forc= 1,2, . . . , p−1.
(c)
f(x)≡g(x) (modp).
Hint:Apply Theorem 3.2.
16. Prove that Exercise (15c) implies Wilson’s theorem, (p−1)!≡ −1 (modp).
17. Prove that for every primep≥5,
1≤i<j≤p−1
ij≡0 (modp)
and
1≤i<j<k≤p−1
ijk≡0 (modp).
Hint:Exercise (15c).
18. LetRbe a commutative ring with identity. AnidealofRis an additive subgroupI ⊆ R such that, ifa∈ I and r ∈R, then ar∈ I. Prove that ifI={0} is an ideal of the polynomial ringF[x], whereF is a field, then there is a unique monic polynomiald(x)∈I such that I consists of all multiples ofd(x), that is,
I={q(x)d(x) :q(x)∈F[x]}.
Hint:If I = {0}, choose d(x) ∈ I of minimal degree. The proof is similar to the proof of Theorem 1.3.