A First Course in Number Theory

3.2 Primitive Roots to Composite Moduli

Proof. Letaandmbe integers such that (a, m) = 1 andm≥3. Suppose that

m=m₁m₂, where (m₁, m₂) = 1 andm₁≥3,m₂≥3. (3.2) Then (a, m1) = (a, m2) = 1. The Euler phi functionϕ(m) is even form≥3 (Exercise 4 in Section 2.2). Let

n=ϕ(m)

2 =ϕ(m₁)ϕ(m₂)

2 .

By Euler’s theorem,

a^ϕ(m1)≡1 (modm1), and so

aⁿ=

a^ϕ(m1)

ϕ(m2)/2

≡1 (mod m1).

Similarly,

aⁿ=

a^ϕ(m2)

ϕ(m1)/2

≡1 (mod m2).

Since (m1, m2) = 1 and m=m1m2, we have aⁿ≡1 (mod m),

and so the order ofamodulomis strictly smaller thanϕ(m). Consequently, if we can factor min the form (3.2), then there does not exist a primitive root modulom. In particular, ifmis divisible by two distinct odd primes, thenmdoes not have a primitive root. Similarly, ifm= 2p^k, where≥2, thenmdoes not have a primitive root. Therefore, the only modulim= 2 for which primitive roots can exist are of the formm=p^k or m= 2p^k for some odd primep.2

To prove the converse of Theorem 3.5, we use the following result about the exponential increase in the order of an integer modulo prime powers.

Theorem 3.6 Let p be an odd prime, and let a = ±1 be an integer not divisible byp. Letdbe the order ofamodulop. Letk0be the largest integer such that a^d ≡ 1 (modp^k0). Then the order of a modulo p^k is d for k= 1, . . . , k₀ anddp^k−k0 fork≥k₀.

Proof. There exists an integeru₀ such that

a^d= 1 +p^k0u0 and (u0, p) = 1. (3.3) Let 1≤k≤k0, and letebe the order ofamodulop^k. Ifa^e≡1 (mod p^k), then a^e ≡ 1 (mod p), and so d divides e. By (3.3), we have a^d ≡ 1 (mod p^k), and so edividesd. It follows thate=d.

3.2 Primitive Roots to Composite Moduli 93

Letj≥0. We shall show that there exists an integeruj such that a^dpj = 1 +p^j+k0uj and (uj, p) = 1. (3.4) The proof is by induction on j. The assertion is true for j = 0 by (3.3).

Suppose we have (3.4) for some integer j ≥0. By the binomial theorem, there exists an integerv_j such that

a^dpj+1 =

1 +p^j+k0u_jp

= 1 +p^j+1+k0uj+ p i=2

p i

p^i(j+k0)uⁱ_j

= 1 +p^j+1+k0uj+p^j+2+k0vj

= 1 +p^j+1+k0(uj+pvj)

= 1 +p^j+1+k0u_j+1,

and the integer uj+1=uj+pvj is relatively prime to p. Thus, (3.4) holds for allj≥0.

Letk≥k0+ 1 andj=k−k0≥1.Suppose that the order ofamodulo p^k−1isdp^j−1. Letek denote the order ofamodulop^k. The congruence

a^ek ≡1 (modp^k) implies that

a^ek ≡1 (mod p^k−1), and so dp^j−1divides ek. Since

a^dpj−1 = 1 +p^k−1u_j−1≡1 (mod p^k),

it follows that dp^j−1is a proper divisor ofe_k. On the other hand, a^dpj = 1 +p^kuj≡1 (mod p^k),

and so e_k divides dp^j. It follows that the order of a modulop^k is exactly e_k =dp^j=dp^k−k0. This completes the proof.2

Theorem 3.7 Let p be an odd prime. If g is a primitive root modulo p, then either g org+pis a primitive root modulop^k for all k≥2. If g is a primitive root modulop^k andg1∈ {g, g+p^k} is odd, theng1 is a primitive root modulo2p^k.

Proof. Let g be a primitive root modulo p. The order of g modulo p is p−1. Let k0 be the largest integer such thatp^k0 divides g^p−1−1. By

Theorem 3.6, ifk0= 1,then the order ofgmodulop^kis (p−1)p^k−1=ϕ(p^k), andg is a primitive root modulop^k for allk≥1.

Ifk0≥2, then

g^p−1= 1 +p²v for some integerv. By the binomial theorem,

(g+p)^p−1 =

p−1

i=0

p−1 i

g^p−1−ipⁱ

≡ g^p−1+ (p−1)g^p−2p (modp²)

≡ 1 +p²v+g^p−2p²−g^p−2p (mod p²)

≡ 1−g^p−2p (modp²)

≡ 1 (modp²).

Theng+pis a primitive root modulopsuch that

(g+p)^p−1= 1 +pu₀ and (u₀, p) = 1.

Therefore,g+pis a primitive root modulo p^k for allk≥1.

Next we prove that primitive roots exist for all moduli of the form 2p^k. If gis a primitive root modulop^k, theng+p^k is also a primitive root modulo p^k. Since p^k is odd, it follows that one of the two integers g andg+p^k is odd, and the other is even. Letg₁be the odd integer in the set{g, g+p^k}.

Since (g+p^k, p^k) = (g, p^k) = 1, it follows that (g1,2p^k) = 1. The order of g1 modulo 2p^k is not less thanϕ(p^k), which is the order ofg1 modulop^k, and not greater thanϕ(2p^k). However, sincepis an odd prime, we have

ϕ(2p^k) =ϕ(p^k),

and so g1 has order ϕ(2p^k) modulo 2p^k, that is, g1 is a primitive root modulo 2p^k. This completes the proof.2

For example, 2 is a primitive root modulo 3. Since 3 is the greatest power of 3 that divides 2²−1, it follows that 2 is a primitive root modulo 3^k for allk≥1, and 2 + 3^k is a primitive root modulo 2·3^k for allk≥1.

Finally, we consider primitive roots modulo powers of 2.

Theorem 3.8 There exists a primitive root modulom= 2^k if and only if m= 2 or4.

Proof. We note that 1 is a primitive root modulo 2,and 3 is a primitive root modulo 4. We shall prove that ifk≥3, then there is no primitive root modulo 2^k. Sinceϕ(2^k) = 2^k−1, it suffices to show that

a^2k−2≡1 (mod 2^k) (3.5)

3.2 Primitive Roots to Composite Moduli 95 for a odd and k ≥ 3. We do this by induction on k. The case k = 3 is congruence (3.1). Letk≥3, and suppose that (3.5) is true. Then

a^2k−2−1 is divisible by 2^k. Since ais odd, it follows that

a^2k−2+ 1 is even. Therefore,

a^2k−1−1 =

a^2k−2−1 a^2k−2+ 1

is divisible by 2^k+1, and so

a^2k−1 ≡1 (mod 2^k+1).

This completes the induction and the proof of theorem. 2

Letk ≥3. By Theorem 3.8, there is no primitive root modulo 2^k, that is, there does not exist an odd integer whose order modulo 2^k is 2^k−1. However, there do exist odd integers of order 2^k−2 modulo 2^k.

Theorem 3.9 For every positive integerk,

5^2k ≡1 + 3·2^k+2 (mod 2^k+4).

Proof. The proof is by induction onk. Fork= 1 we have 5²¹ = 25≡1 + 3·2³ (mod 2⁵).

Similarly, for k= 2 we have

5²²= 625 = 1 + 48 + 576≡1 + 3·2⁴ (mod 2⁶).

If the theorem holds fork≥1, then there exists an integer usuch that 5^2k = 1 + 3·2^k+2+ 2^k+4u= 1 + 2^k+2(3 + 4u).

Since 2k+ 4≥k+ 5, we have 5^2k+1 =

5^2k

2

=

1 + 2^k+2(3 + 4u)2

≡ 1 + 2^k+3(3 + 4u) (mod 2^2k+4)

≡ 1 + 3·2^k+3 (mod 2^k+5).

This completes the proof.2

Theorem 3.10 If k ≥ 3, then 5 has order 2^k−2 modulo 2^k. If a ≡ 1 (mod 4), then there exists a unique integer i ∈ {0,1, . . . ,2^k−2−1} such that

a≡5ⁱ (mod 2^k).

Ifa≡3 (mod 4), then there exists a unique integeri∈ {0,1, . . . ,2^k−2−1}

such that

a≡ −5ⁱ (mod 2^k).

Proof. In the casek= 3, we observe that 5 has order 2 modulo 8, and 1 ≡ 5⁰ (mod 8),

3 ≡ −5¹ (mod 8), 5 ≡ 5¹ (mod 8), 7 ≡ −5⁰ (mod 8).

Letk≥4. By Theorem 3.9, we have

5^2k−2 ≡ 1 + 3·2^k (mod 2^k+2)

≡ 1 (mod 2^k) and

5^2k−3 ≡ 1 + 3·2^k−1 (mod 2^k+1)

≡ 1 + 3·2^k−1 (mod 2^k)

≡ 1 (mod 2^k).

Therefore, 5 has order exactly 2^k−2 modulo 2^k, and so the integers 5ⁱ are pairwise incongruent modulo 2^k for i = 0,1, . . . ,2^k−2−1. Since 5ⁱ ≡ 1 (mod 4) for all i, and since exactly half, that is, 2^k−2, of the 2^k−1 odd numbers between 0 and 2^k are congruent to 1 modulo 4, it follows that the congruence

5ⁱ≡a (mod 2^k)

is solvable for every a ≡ 1 (mod 4). If a ≡ 3 (mod 4), then −a ≡ 1 (mod 4) and so the congruence

−a≡5ⁱ (mod 2^k), or, equivalently,

a≡ −5ⁱ (mod 2^k), is solvable. This completes the proof. 2

In algebraic language, Theorem 3.10 states that for all k≥3, (Z/2^kZ)^×=−1 × 5 ∼=Z/2Z×Z/2^k−2Z,

where a denotes the cyclic subgroup of (Z/2^kZ)^× generated by a for a=−1 anda= 5.

3.2 Primitive Roots to Composite Moduli 97

Exercises

1. Find an integer g that is a primitive root modulo 5^k for allk ≥ 1.

Find a primitive root modulo 10. Find a primitive root modulo 50.

2. Fork≥1, letek be the order of 5 modulo 3^k. Prove that ek= 2·3^k−1.

3. Prove thatpdivides the binomial coefficient_p

i

fori= 1,2, . . . , p−1.

4. Prove that if g is a primitive root modulop², then g is a primitive root modulop^k for allk≥2.

5. Letpbe an odd prime. Prove that

(1 +px)^pk≡1 +p^k+1x (mod p^k+2) for every integerxand every nonnegative integerk.

6. (Nathanson [100]; see also Wagstaff [151]) Let p be an odd prime, and leta =±1 be an integer not divisible by p. Letd be the order of a modulo p, and let k0 be the largest integer such that a^d ≡ 1 (modp^k0). Prove that if k≥ k₀ is a solution of the exponential congruence

a^k≡1 (modp^k), (3.6)

then

p^k k < a^d

d,

and so congruence (3.6) has only finitely many solutions.

Hint:Apply Theorem 3.6.

7. Use Exercise 6 to prove that the exponential congruence 9^k≡1 (mod 7^k)

has no solutions.

8. Find all solutions of the exponential congruence 17^k≡1 (mod 15^k).

9. Find all solutions of the exponential congruence 3^k≡1 (mod 2^k).

10. Let{x} denote the fractional part ofx. Compute 3

2 n

forn= 1, . . . ,10. Letr_nbe the least nonnegative residue of 3ⁿmodulo

2ⁿ. Show that

3 2

n

= rn

3ⁿ.

Remark.It is an important unsolved problem in number theory to understand the distribution of the fractional parts of the powers of 3/2 in the interval [0,1).