# CYCLICITY OF (Z/(p))

Size: px
Start display at page:

Transcription

1 CYCLICITY OF (Z/(p)) KEITH CONRAD 1. Introduction For each prime p, the group (Z/(p)) is cyclic. We will give seven proofs of this fundamental result. A common feature of the proofs that (Z/(p)) is cyclic is that they are non-constructive. Up to this day, there is no algorithm known for finding a generator of (Z/(p)) that is substantially faster than a brute force search: try a = 2, 3,... until you find an element with order p 1. While the proof that a generator of (Z/(p)) exists is non-constructive, in practice it does not take long to find a generator using brute force. The non-constructive proof that a generator exists gives us the confidence that our search for a generator will be successful before we even begin. Unlike prime moduli, for most (but not all) non-prime m the group (Z/(m)) is not cyclic. For example, (Z/(12)) has size 4 but each element of it has order 1 or 2. While the cyclicity of (Z/(p)) is important in algebra, it also has practical significance. A choice of generator of (Z/(p)) is one of the ingredients in two public key cryptosystems: Diffie-Hellman (this is the original public key system, if we discount earlier classified work by British intelligence) and ElGamal. You can find out how these cryptosystems work by doing a web search on their names. The following result is needed in all but one proof that (Z/(p)) is cyclic, so we state it first. Theorem 1.1. For any r 1, there are at most r solutions to the equation a r = 1 in Z/(p). A proof of Theorem 1.1 is given in Appendix A. Theorem 1.1 is a special case of a broader result on polynomials: any polynomial with coefficients in Z/(p) has no more roots in Z/(p) than its degree. (The link to Theorem 1.1 is that the solutions to the equation a r = 1 are the roots of the polynomial T r 1, whose degree is r.) This upper bound breaks down in Z/(m) for non-prime m, e.g., the polynomial T 2 1 has four solutions in Z/(8). 2. First Proof: A ϕ-identity For our first proof that (Z/(p)) is cyclic, we are going to count the elements with various orders. In (Z/(p)), which has size p 1, the order of any element divides p 1. For each positive divisor of p 1, say d, let N p (d) be the number of elements of order d in (Z/(p)). For instance, N p (1) = 1 and the cyclicity of (Z/(p)), which we want to prove, is equivalent to N p (p 1) > 0. Every element has some order, so counting the elements of the group by order yields (2.1) N p (d) = p 1. Theorem 2.1. Let d p 1. If N p (d) > 0, then N p (d) = ϕ(d). 1

2 2 KEITH CONRAD Proof. When N p (d) > 0, there is an element of order d in (Z/(p)), say a. Then the different solutions to x d = 1 are 1, a, a 2,..., a d 1. There are at most d solutions, by Theorem 1.1, and there are d different powers of a, so the powers of a provide all the solutions to x d = 1 in Z/(p). Any element of order d is a solution to x d = 1, and therefore the elements of order d in (Z/(p)) are exactly the powers a k which have order d. Since a k has order d/(k, d), which is d exactly when (k, d) = 1, N p (d) is the number of k from 1 to d which are relatively prime to d. That number is ϕ(d). Now we can say, for any d dividing p 1, that (2.2) N p (d) ϕ(d). Indeed, Theorem 2.1 tells us that N p (d) = 0 or N p (d) = ϕ(d). We now feed (2.2) into (2.1): (2.3) p 1 = N p (d) ϕ(d). We have obtained an inequality for each prime p: (2.4) p 1 ϕ(d). If the inequality in (2.2) is strict (that is, <) for some d dividing p 1, then the inequality in (2.3) is strict, and thus the inequality in (2.4) is strict. How sharp is (2.4)? Let s look at some examples. Example 2.2. If p = 5, then d 4 ϕ(d) = ϕ(1) + ϕ(2) + ϕ(4) = = 4. Example 2.3. If p = 11, then d 10 ϕ(d) = ϕ(1)+ϕ(2)+ϕ(5)+ϕ(10) = = 10. Example 2.4. If p = 29, then d 28 ϕ(d) = ϕ(1) + ϕ(2) + ϕ(4) + ϕ(7) + ϕ(14) + ϕ(28) = = 28. It appears that (2.4) might be an equality! This inspires us to prove it, and the number being of the form p 1 is completely irrelevant. Theorem 2.5. For any n 1, d n ϕ(d) = n. ϕ(d) = p 1. In particular, for a prime p we have Proof. We will count the n fractions 1 (2.5) n, 2 n, n 1 n, n n according to their denominator when put in reduced form. For such a fraction m/n with denominator n, its reduced form denominator is a divisor of n. How many of these reduced form fractions have a given denominator? Writing m/n = a/d, where (a, d) = 1, the condition 1 m n is equivalent to 1 a d. Therefore the number of fractions in (2.5) with reduced form denominator d is the number of a between 1 and d with (a, d) = 1. There are ϕ(d) such numbers. Thus, counting the fractions in (2.5) according to the reduced form denominator, we get n = d n ϕ(d).

3 CYCLICITY OF (Z/(p)) 3 Theorem 2.5 tells us (2.4) is an equality, so the inequalities in (2.2) must all be equalities: we can t have N p (d) = 0 at all. (Reread the discussion right after (2.4) if you don t see this.) In particular, N p (p 1) > 0, so there is an element of order p 1. We ve (non-constructively) proved the existence of a generator! Let s summarize the argument again. Theorem 2.6. For each prime p, the group (Z/(p)) is cyclic. Proof. For d (p 1), let N p (d) be the number of elements of order d in (Z/(p)). By Theorem 2.1, N p (d) ϕ(d). Therefore p 1 = N p (d) ϕ(d). By Theorem 2.5, the sum on the right is p 1, so the is an equality. That means the inequalities N p (d) ϕ(d) for all d have to be equalities. In particular, N p (p 1) = ϕ(p 1), which is positive, so there is an element of (Z/(p)) with order p Second Proof: One Subgroup per Size We begin our second proof by establishing a divisibility property among orders of elements which is peculiar to finite abelian groups. In any finite group, all elements have order dividing the size of the group. In the abelian setting all orders also divide something else: the maximal order. Lemma 3.1. Let G be a finite abelian group. If n is the maximal order among the elements in G, then the order of every element divides n. For example, in (Z/(56)), which has size 24, the orders of elements turn out to be 1, 2, 3, and 6. All orders divide the maximal order 6. In S 4, also of size 24, the orders of elements are 1, 2, 3, and 4. Note 3 does not divide the maximal order 4. (Lemma 3.1 does not apply to S 4, as S 4 is non-abelian.) The reader might want to jump ahead to Theorem 3.3 to see how Lemma 3.1 gets used, before diving into the proof of Lemma 3.1. Proof. Let g have the maximal order n. Pick any other h G, and let h G have order m. We want to show m n. We will assume m does not divide n (this forces m > 1) and use this non-divisibility to construct an element with order exceeding n. That would be a contradiction, so m n. For instance, if (m, n) = 1, then gh has order mn > n. But that is too easy: we can t expect m to have no factors in common with n. How can we use g and h to find an element with order larger than n just from knowing m (the order of h) does not divide n (the order of g)? The following example will illustrate the idea before we carry it out in general. Example 3.2. Suppose n = 96 and m = 18. (That is, g has order 96 and h has order 18.) Look at the prime factorizations of these numbers: 96 = 2 5 3, 18 = Here m does not divide n because there are more 3 s in m than in n. The least common multiple of m and n is , which is larger than n. We can get an element of that order by reduction to the relatively prime order case: kill the 3 in 96 by working with g 3 and kill the 2 in 18 by working with h 2. That is, g 3 has order 96/3 = 2 5 and h 2 has order 18/2 = 9.

4 4 KEITH CONRAD These orders are relatively prime, and the group is abelian, so the product g 3 h 2 has order > 96. Thus, 96 is not the maximal order in the group. Now we return to the general case. If m does not divide n, then there is some prime p whose multiplicity (exponent) as a factor of m exceeds that of n. Let p e be the highest power of p in m and p f be the highest power of p in n, so e > f. (Quite possibly f = 0, although in Example 3.2 both e and f were positive.) Now consider g pf and h m/pe. The first has order n/p f, which is not divisible by p, and the second has order p e, which is a pure p-power. These orders are relatively prime. Since G is abelian, the product g pf h m/pe has order n p f pe = np e f > n. This contradicts the maximality of n as an order in G, so we have reached a contradiction. The following theorem will be our criterion for showing a group is cyclic. Recall that in a cyclic group there is just one subgroup of any size. Assuming the group is abelian, the converse holds. Theorem 3.3. Let G be a finite abelian group with at most one subgroup of any size. Then G is cyclic. Proof. Let n be the maximal order among the elements of G, and let g G be an element with order n. We will show every element of G is a power of g, so G = g. Pick any h G, and say h has order d. Since d n by Lemma 3.1, we can write down another element of order d: g n/d. Thus we have two subgroups of size d: h and g n/d. By hypothesis, these subgroups are the same: h = g n/d. In particular, h g n/d g, so h is a power of g. Since h was arbitrary in G, G = g. Remark 3.4. Is the abelian hypothesis in Theorem 3.3 necessary? That is, are there any non-abelian groups with one subgroup of each size? No. A finite group with at most one subgroup of each size must be cyclic, even if we don t assume at first that the group is abelian. However, to prove this without an abelian hypothesis is quite a bit more involved than the proof of Theorem 3.3. (Where did we use the abelian hypothesis in the proof of Theorem 3.3?) Now we are ready to show (Z/(p)) is cyclic. Theorem 3.5. For each prime p, the group (Z/(p)) is cyclic. Proof. We will show (Z/(p)) satisfies the hypothesis of Theorem 3.3: it has at most one subgroup of any size. Let H (Z/(p)) be a subgroup, with size (say) d. Then every a H satisfies a d = 1 in Z/(p), so H is a subset of the solutions to x d = 1. By Theorem 1.1, there are at most d solutions to x d = 1 in Z/(p). Since d is the size of H (by definition), we filled up the d-th roots of unity using H: H = {x Z/(p) : x d = 1}. The right side is determined by d (and p), so there is at most one subgroup of (Z/(p)) with size d, for any d. Thus Theorem 3.3 applies, which shows (Z/(p)) is cyclic.

5 CYCLICITY OF (Z/(p)) 5 4. Third Proof: Bounding with the Maximal Order Our third proof that (Z/(p)) is cyclic will apply Lemma 3.1 from the second proof, but in a different way. That lemma says that in any finite abelian group, the order of any element divides the maximal order of the elements in the group. Review Lemma 3.1 after seeing how it gets used here. Theorem 4.1. For each prime p, the group (Z/(p)) is cyclic. Proof. Let n be the maximal order among the elements in (Z/(p)). We want to show n = p 1, so there is an element of order p 1. Obviously n p 1. (More precisely, n (p 1), but the crude inequality will suffice.) Every element has order dividing n, by Lemma 3.1, so each a (Z/(p)) satisfies a n = 1. Theorem 1.1 says the equation x n = 1 has at most n solutions in Z/(p). We already produced p 1 different solutions (namely all of (Z/(p)) ), so p 1 n. Comparing the two inequalities, n = p 1. Thus there is an element of order p 1, so (Z/(p)) is cyclic. 5. Fourth proof: induction and homomorphisms For the fourth proof that (Z/(p)) is cyclic we will show something superficially stronger: every subgroup of (Z/(p)) is cyclic. This is superficially stronger because of the general theorem in group theory that every subgroup of a cyclic group is cyclic: it means that once (Z/(p)) is proved cyclic by any method, it follows that its subgroups are all cyclic. We are going to prove directly that all subgroups of (Z/(p)) are cyclic, rather than only that (Z/(p)) is cyclic, so that we can argue by induction on the order of the subgroup. I learned the argument below from David Feldman and Paul Monsky in a Mathoverflow post 1. Theorem 5.1. For each prime p, every subgroup of (Z/(p)) is cyclic. Proof. We argue by induction on the order of the subgroup of (Z/(p)). The only subgroup of order 1 is the trivial subgroup, which is obviously cyclic. Let H be a subgroup of (Z/(p)) with order n > 1 and assume all subgroups of (Z/(p)) with order less than n are cyclic. To prove H is cyclic, we consider two cases. Case 1: The order of H is a prime power. Let H = q k, where q is prime. If H is not cyclic, each element of H has order dividing q k and not equal to q k, so the order divides q k 1 (since q is prime). Then all x H satisfy x qk 1 = 1. That means this equation has at least q k solutions in Z/(p) (namely all the elements of H), but the equation has degree q k 1, so in Z/(p) it has at most q k 1 solutions. This is a contradiction, so H must have an element of order q k, so H is cyclic. Case 2: The order of H is not a prime power. This means n = H has at least two different prime factors, so we can write n as ab where a > 1, b > 1, and (a, b) = 1. (For example, let a be the highest power of one prime dividing n and b = n/a.) Let f : H H by f(x) = x a. This is a homomorphism since the group H is abelian. For x H we have x ab = x n = 1, so f(x) b = 1. Thus we can say about the kernel and image of f that ker f = {x H : x a = 1}, im f {y H : y b = 1}, so ker f a < n and im f b < n by Theorem 1.1. By induction, the subgroups ker f and im f are cyclic. That means ker f = h and im f = h for some h and h in H. 1 See

6 6 KEITH CONRAD By the first isomorphism theorem for groups we have H/ ker f = im f, so H = ker f im f ab = n = H. Therefore the inequalities ker f a and im f b have to be equalities, so h has order a and h has order b. Since (a, b) = 1 and h and h commute, by group theory hh has order ab, which is H. Thus hh, which lies in H, is a generator of H, so H is cyclic. By this inductive argument all subgroups of (Z/(p)) are cyclic, so (Z/(p)) is cyclic. 6. Fifth Proof: Prime-Power Subgroups are Cyclic Our next proof that (Z/(p)) is cyclic is going to use the theory of polynomials over Z/(p) in a more substantial manner than just Theorem 1.1. We will need to know that polynomials with coefficients in Z/(p) have unique factorization into irreducible polynomials. Example 6.1. With coefficients in Z/(3), the irreducible factorization of T 7 + 2T 6 + T 5 + T 4 + T + 2 is (T 2 + T + 2) 2 (T 3 + 2T + 2). This is analogous to unique factorization of integers into primes; both follow from the division algorithm (for integers or for polynomials). Find a proof of unique factorization in Z and check it carries over almost verbatim to polynomials with coefficients in Z/(p). (We are not saying there is unique factorization in Z/(p), but in polynomials with coefficients in Z/(p), like T 2 + T + 3 and so on.) While the proof for unique factorization in Z uses induction on the size of integers, the proof for polynomials uses induction on the degree of polynomials. That is about the only difference between the two proofs. We start our study of (Z/(p)) with a polynomial factorization. Theorem 6.2. Working with coefficients in Z/(p), the polynomial T p 1 1 is a product of linear factors: T p 1 1 = (T 1)(T 2)(T 3) (T (p 1)). Proof. For every a 0 mod p, a p 1 1 mod p, or a p 1 = 1 in Z/(p). Therefore the polynomial T p 1 1, considered over Z/(p), has a as a root. Since a is a root, T a is a factor (see Lemma A.2). Thus, T p 1 1 is divisible by each T a as a runs over (Z/(p)). This gives us factors T 1, T 2,..., T (p 1). These p 1 factors are relatively prime to each other (they re linear, with different roots), so (by a polynomial analogue of Bezout) their product is a factor: T p 1 1 = (T 1)(T 2)(T 3) (T (p 1))h(T ) for some polynomial h(t ). Comparing degrees on both sides, we see h(t ) has degree 0, so h(t ) is a constant. Now comparing leading coefficients on both sides, we must have h(t ) = 1. Example 6.3. Take p = 7. Treating coefficients as elements of Z/7Z, the polynomial (T 1)(T 2)(T 3)(T 4)(T 5)(T 6) can be rewritten as (T 1)(T 2)(T 3)(T + 3)(T + 2)(T + 1) = (T 2 1)(T 2 4)(T 2 9) = (T 4 5T 2 + 4)(T 2 9) = T 6 14T T 2 36 = T 6 1.

7 CYCLICITY OF (Z/(p)) 7 Corollary 6.4. If d (p 1), there are exactly d solutions to the equation T d = 1 in Z/(p). Notice this strengthens Theorem 1.1, and it could be used in place of Theorem 1.1 to shorten the first two proofs that (Z/(p)) is cyclic. Proof. Since d (p 1), the polynomial T d 1 is a factor of T p 1 1. p 1 = dm. Then we have a polynomial identity T m 1 = (T 1)(T m 1 + T m T + 1). Indeed, write Replace T with T d in this identity; T m 1 becomes T p 1 1 and T 1 becomes T d 1. The other factor on the right side becomes another polynomial. We have an equation showing T d 1 is a factor of T p 1 1. Over Z/(p), T p 1 1 breaks up into distinct linear factors by Theorem 6.2. Therefore, by unique factorization of polynomials over Z/(p), its factor T d 1 must be a product of some of those linear factors. Counting degrees, T d 1 must be a product of d of those linear factors. The linear factors all have different roots, so T d 1 has d different solutions in Z/(p) when d (p 1). Corollary 6.4 tells us T d = 1 has d solutions in Z/(p), but it does not tell us there is an element of order d. For the case of prime power d, however, we will now derive exactly such a result. Corollary 6.5. If q e is a prime power dividing p 1, with e 1, then there is an element of order q e in (Z/(p)). Proof. By Corollary 6.4, the polynomial T qe 1 has q e different roots in Z/(p) and T qe 1 1 has q e 1 different roots (this would be nonsense if e = 0; we really do need e > 0). Since q e > q e 1, our count of roots shows there must be a root, say a, of T qe 1 which is not a root of T qe 1 1. That means a qe = 1 but a qe 1 1, so a has order q e in (Z/(p)). Theorem 6.6. For each prime p, the group (Z/(p)) is cyclic. Proof. Write p 1 as a product of primes: p 1 = q e 1 1 qe 2 2 qem m. By Corollary 6.5, for each i from 1 to m there is an element a i of (Z/(p)) with order q e i i. These orders are relatively prime, and (Z/(p)) is abelian, so the product of the a i s has order equal to the product of the q e i i s, which is p 1. Thus, the product a 1a 2 a m is a generator of (Z/(p)). 7. Sixth proof: the Chinese Remainder Theorem The sixth proof that (Z/(p)) is cyclic will, like the fifth proof, focus on prime power factors of p 1. Our new tool is the following theorem about finite abelian groups whose order is a prime power. Theorem 7.1. Let A be a finite abelian group of order q s, where q is a prime. If A is not cyclic, then there are more than q solutions in A to the equation x q = 1. Proof. All elements of A have q-power order. Since A is not cyclic, s 2. Let the maximal order of an element of A be q t, so t < s. Pick g A with this order: g = q t.

8 8 KEITH CONRAD The element g qt 1 has order q, and its powers provide q solutions to the equation x q = 1. We now aim to find an element of A outside of the subgroup g which also has order q. This will provide another solution to x q = 1, and thus prove the theorem. For any h A with h g, there is some q-power h qk which lies in g. After all, h has q-power order, so at the very least some q-power of h is the identity (which is in g ). Necessarily k 1. It may happen that the first q-power of h which lands in g is not the identity. After all, a q-power of h could land inside g before we run through every possible power of h (hitting the identity at the last exponent). Let l be the smallest integer 1 such that some element in A outside of g has its q l -th power inside g. We claim l = 1. That is, some element outside g has its q-th power inside g. Indeed, suppose l > 1 and let h 0 be an element outside of g with h ql 0 g. Then h ql 1 0 g by minimality of l, yet this element itself satisfies (h ql 1 0 ) q g, so there is an element whose l is 1. Thus l = 1. Take h 1 to be such an element outside g with h q 1 g, say hq 1 = gn. Since h 1 has (like all elements of A) order dividing q t, the order of h q 1 is at most qt 1. Then g n has order at most q t 1, so q must divide n. (Otherwise n is relatively prime to the order of g, which would imply g n = h q 1 has order qt, and that is not correct.) Setting n = qr, we have h q 1 = gqr. Then (h 1 g r ) q = 1 and h 1 g r g (after all, h 1 g ), so h 1 g r is an element of order q in A which lies outside of g. Remark 7.2. In Remark 3.4, it was noted that Theorem 3.3 is true (but harder to prove) without an abelian hypothesis. What about Theorem 7.1? Is its conclusion correct if we don t make an initial abelian hypothesis? Yes if q is an odd prime, but no if q = 2. For instance, Q 8 is not cyclic but it has only two solutions to x 2 = 1. This is not a quirk about Q 8 : there are infinitely many non-abelian groups of 2-power order having only two solutions to x 2 = 1. Theorem 7.3. For each prime p, the group (Z/(p)) is cyclic. Proof. Write p 1 = q e 1 1 qe 2 2 qem m, where the q i s are different primes (and each e i is positive). Set A i = {a (Z/(p)) : a qe i i = 1}. This is a subgroup of (Z/(p)), and all of its elements have q i -power order, so A i is a power of q i by Cauchy s theorem. If A i is not cyclic, then Theorem 7.1 says A i has more than q i solutions to the equation x q i = 1. However, we know this equation has no more than q i solutions in Z/(p) by Theorem 1.1. Thus we have reached a contradiction, so A i is cyclic. (We do not yet, however, know the order of A i, except that it is a q i -power. We may expect, though, that A i = q e i i.) Write A i = a i. We are going to show a 1, a 2,..., a m together generate (Z/(p)). Then we will show the single product a 1 a 2 a m is a generator of the group. Dividing p 1 by each of q e 1 1,..., qem m, we get the integers p 1 q e 1 1, p 1 q e 2 2,..., p 1. qm em

9 CYCLICITY OF (Z/(p)) 9 These have no collective common prime factor, so some Z-combination of them is equal to 1 (iterated Bezout?): m p 1 c i q e = 1, i i where c i Z. Then any a (Z/(p)) can be written as a = a 1 = a m i c i(p 1)/q e i i = a c i(p 1)/q e i i. i=1 Since the i-th factor has order dividing q e i i (raise it to the q e i i -th power as a check), it lies in A i and thus the i-th factor is a power of a i. Therefore a is a product of powers of the a i s, which means (Z/(p)) = a 1, a 2,..., a m. To end the proof, we show that any product of powers a n 1 1 an 2 2 anm m is equal to a single power (a 1 a 2 a m ) n. Considering that each a i has order dividing q e i i, we could find such an n by trying to solve the simultaneous congruences n n 1 mod q e 1 1, n n 2 mod q e 2 2,..., n n m mod qm em. (Then a n i i = a n i.) Can we solve all of these congruences with a common n? Absolutely: the moduli are pairwise relatively prime, so just use the Chinese Remainder Theorem. Remark 7.4. The arguments in this proof really showed something quite general about finite abelian groups. If A is a finite abelian group and p is any prime, let A p be the subgroup of elements with p-power order. Then A is cyclic if and only if A p is cyclic for every p. (If p does not divide A, then A p is trivial.) i=1 8. Seventh Proof: Cyclotomic Polynomials In our seventh proof that (Z/(p)) is cyclic, we will actually write down a polynomial factor of T p 1 1 whose roots in Z/(p) are (precisely) the generators of (Z/(p))! It almost sounds like a constructive proof of cyclicity. But there is a catch: while we will construct a polynomial and show its roots in Z/(p) generate (Z/(p)), the proof of the existence of these roots in Z/(p) will give no recipe for finding them (and thus no recipe for finding generators). So this proof is just as non-constructive as the other proofs. Like the fifth proof, we will use unique factorization for polynomials with coefficients in Z/(p). The new polynomials we now meet are the cyclotomic polynomials. We will define them first as polynomials with complex coefficients. Then we will prove that the coefficients of are in fact integers, so it makes sense to reduce the coefficients modulo p. Finally we will show one of the cyclotomic polynomials, when reduced modulo p, decomposes into linear factors and its roots in Z/(p) are generators of (Z/(p)). In the complex numbers, let ρ n be the basic n-th root of unity cos(2π/n) + i sin(2π/n) = e 2πi/n. It has order n and the other roots of unity with order n are ρ j n where 1 j n and (j, n) = 1. Define the n-th cyclotomic polynomial Φ n (T ) to be the polynomial having for its roots the roots of unity in C with order n: n (8.1) Φ n (T ) := (T ρ j n). j=1 (j,n)=1 For instance, Φ 1 (T ) = T 1, Φ 2 (T ) = T + 1, and Φ 4 (T ) = (T i)(t + i) = T

10 10 KEITH CONRAD Since (8.1) is a product of linear polynomials, indexed by integers from 1 to n which are relatively prime to n, Φ n (T ) has degree ϕ(n) (hence the notation for the polynomial itself; Φ is a capital Greek ϕ). While the definition of Φ n (T ) involves complex linear factors, the polynomials themselves, after all the factors are multiplied out, actually have integer coefficients. Here is a table listing the first 12 cyclotomic polynomials. n Φ n (T ) 1 T 1 2 T T 2 + T T T 4 + T 3 + T 2 + T T 2 T T 6 + T 5 + T 4 + T 3 + T 2 + T T T 6 + T T 4 T 3 + T 2 T T 10 + T 9 + T 8 + T 7 + T 6 + T 5 + T 4 + T 3 + T 2 + T T 4 T There are evidently a lot of patterns worth exploring here. For instance, Φ 8 resembles Φ 4, which resembles Φ 2, Φ 10 is similar to Φ 5, Φ 12 seems related to Φ 6, which is close to Φ 3. The constant term of Φ n (T ), for n > 1, seems to be 1. Maybe the most striking pattern, which persists for the first 100 cyclotomic polynomials, is that the coefficients are all 0, 1, or 1. We will not determine whether or not this is always true (life needs some tantalizing mysteries), but let s show at least that all the coefficients are integers. First a factorization lemma is needed. Lemma 8.1. For n 1, T n 1 = d n Φ d(t ). Proof. The roots of T n 1 are the n-th roots of unity, so (by the same reasoning as in Theorem 6.2) we can write (8.2) T n 1 = (T ρ), ρ n =1 where the product runs over the n-th roots of unity ρ C. Every n-th root of unity has some order dividing n. For each d dividing n, collect together the linear factors T ρ corresponding to roots of unity with order d. The product of these factors is Φ d (T ), by the definition of Φ d (T ). Thus, we have transformed (8.2) into the desired formula. Example 8.2. Taking n = 4, Φ d (T ) = Φ 1 (T )Φ 2 (T )Φ 4 (T ) = (T 1)(T + 1)(T 2 + 1) = T 4 1. d 4 Example 8.3. Taking n = p a prime number, T p 1 = (T 1)Φ p (T ). explicitly compute Φ p (T ) = T p 1 T 1 = 1 + T + T T p 1. Notice the coefficients here all equal 1. Theorem 8.4. For every n 1, the coefficients of Φ n (T ) are in Z. Thus, we can

11 CYCLICITY OF (Z/(p)) 11 Proof. We will argue by induction on n. Since Φ 1 (T ) = T 1, we can take n > 1 and assume Φ m (T ) has integer coefficients for m < n. In Lemma 8.1, we can pull out the term at d = n: (8.3) T n 1 = d n d n Let B n (T ) = d n,d n Φ d(t ), so Φ d (T ) Φ n (T ). (8.4) T n 1 = B n (T )Φ n (T ). By induction, Φ d (T ) has integer coefficients when d is a proper divisor of n, so B n (T ) has integer coefficients. Each Φ d (T ) has leading coefficient 1, so B n (T ) does as well. All we know about Φ n (T ) is that it has complex coefficients. We want to deduce from (8.4) that its coefficients are integers. Let s cook up a second divisibility relation between T n 1 and B n (T ) in a completely different way: the usual division of (complex) polynomials, leaving a quotient and remainder. We have (8.5) T n 1 = B n (T )Q(T ) + R(T ), where R(T ) = 0 or 0 deg R < deg B n. When we divide one polynomial by another and both have integer coefficients, the quotient and remainder may not have integer coefficients. For instance, ( 1 T = (2T + 1) 2 T 1 ) However, if the divisor has leading coefficient 1, then everything stays integral, e.g., T 2 +1 = (T + 1)(T 1) + 2. Briefly, the source of all denominators in the quotient and remainder comes from the leading coefficient of the divisor, so when it is 1, no denominators are introduced. Thus, since B n (T ) has integer coefficients and leading coefficient 1, Q(T ) and R(T ) have integer coefficients. We now compare our two relations (8.4) and (8.5). Since division of polynomials (with, say, complex coefficients) has unique quotient and remainder, we must have Φ n (T ) = Q(T ) and 0 = R(T ). In particular, since Q(T ) has integer coefficients, we have proved Φ n (T ) has integer coefficients! Theorem 8.5. For each prime p, the group (Z/(p)) is cyclic. Proof. Consider the factorization (8.6) T p 1 1 = Φ d (T ). All polynomials appearing here have integer coefficients. Collect the Φ d (T ) with d p 1 into a single term: (8.7) T p 1 1 = Φ p 1 (T )H(T ), where H(T ) has integer coefficients. Reducing the coefficients in (8.7) modulo p lets us view (8.7) as a polynomial identity over Z/(p). By Theorem 6.2, the left side of (8.7) breaks up into distinct linear factors over Z/(p). Therefore, by unique factorization for polynomials with coefficients in Z/(p), the two factors on the right side of (8.7) are products of linear polynomials over Z/(p) (as many linear polynomials as the degree of the factor). Therefore Φ p 1 (T ) does have a root (in

12 12 KEITH CONRAD fact, ϕ(p 1) roots) in Z/(p). Let a Z/(p) be a root of Φ p 1 (T ). Certainly a 0, since 0 is not a root of T p 1 1. Thus a (Z/(p)). We will show the order of a in (Z/(p)) is p 1, so it is a generator. Let d be the order of a in (Z/(p)), so d p 1. Could we have d < p 1? Assume so. (We will get a contradiction and then we will be done.) Since d is the order of a, a d 1 = 0 in Z/(p). Now consider the factorization of T d 1 given by Theorem 8.1: T d 1 = k d Φ k (T ). This identity between polynomials with integer coefficients can be viewed as an identity between polynomials with coefficients in Z/(p) by reducing all the coefficients modulo p. Setting T = a in this formula, the left side vanishes (in Z/(p)), so Φ k (a) is 0 for some k dividing d. (In fact, it is Φ d (a) which vanishes, but we don t need to know that.) Once Φ k (a) vanishes, Lemma A.2 tells us T a is a factor of Φ k (T ). Thus, in (8.6), T a is a factor twice: once in Φ p 1 (T ) (that is how we defined a) and also as a factor in Φ k (T ) for some k dividing d. But the factorization of T p 1 1 in Theorem 6.2 has distinct linear factors. We have a contradiction with unique factorization, so our assumption that d < p 1 was in error: d = p 1, so a is a generator of (Z/(p)). Example 8.6. Taking p = 7, Φ p 1 (T ) = Φ 6 (T ) = T 2 T + 1. Its roots in Z/7Z are 3 and 5 (note Φ 6 (3) = 7 and Φ 6 (5) = 21, which both vanish modulo 7). These are the generators of (Z/7Z), as you can check directly. Appendix A. Proof of Theorem 1.1 Theorem 1.1 says that, for any integer r 1, there are at most r solutions to the equation x r = 1 in Z/(p). We are going to prove this as a special case of a more general result. Theorem A.1. Let f(t ) be a non-constant polynomial with coefficients in Z/(p), of degree d. Then f(t ) has at most d roots in Z/(p). Theorem 1.1 is the special case f(t ) = T r 1. To prove Theorem A.1, we will need a preliminary lemma connecting roots and linear factors. (We state the theorem with coefficients in either C or Z/(p) because both versions are needed in different proofs that (Z/(p)) is cyclic.) Lemma A.2. Let f(t ) be a non-constant polynomial with coefficients in C or in Z/(p). For a in C or Z/(p), f(a) = 0 if and only if T a is a factor of f(t ). Proof. If T a is a factor of f(t ), then f(t ) = (T a)h(t ) for some polynomial h(t ), and substituting a for T shows f(a) = 0. Conversely, suppose f(a) = 0. Write the polynomial as (A.1) f(t ) = c n T n + c n 1 T n c 1 T + c 0, where c j C or Z/(p). Then (A.2) 0 = c n a n + c n 1 a n c 1 a + c 0. Subtracting (A.2) from (A.1), the terms c 0 cancel and we get (A.3) f(t ) = c n (T n a n ) + c n 1 (T n 1 a n 1 ) + + c 1 (T a).

13 Since CYCLICITY OF (Z/(p)) 13 T j a j = (T a)(t j 1 + at j a i T j 1 i + + a j 2 T + a j 1 ), each term on the right side of (A.3) has a factor of T a. Factor this out of each term, and we obtain f(t ) = (T a)g(t ), where g(t ) is another polynomial with coefficients in C or Z/(p). Now we prove Theorem A.1. Proof. We induct on the degree d of f(t ). Note d 1. A polynomial of degree 1 has the form f(t ) = at + b, where a and b are in Z/(p) and a 0. This has exactly one root in Z/(p), namely b/a, and thus at most one root in Z/(p). That settles the theorem for d = 1. Now assume the theorem is true for all polynomials with coefficients in Z/(p) of degree d. We verify the theorem for all polynomials with coefficients in Z/(p) of degree d + 1. A polynomial of degree d + 1 is (A.4) f(t ) = c d+1 T d+1 + c d T d + + c 1 T + c 0, where c j Z/(p) and c d+1 0. If f(t ) has no roots in Z/(p), then we re done, since 0 d + 1. If f(t ) has a root in Z/(p), say r, then Lemma A.2 tells us f(t ) = (T r)g(t ), where g(t ) is another polynomial with coefficients in Z/(p), of degree d (why degree d?). We can therefore apply the inductive hypothesis to g(t ) and conclude that g(t ) has at most d roots in Z/(p). Since f(a) = (a r)g(a), and a product of numbers in Z/(p) is 0 only when one of the factors is 0 (this would be false if our modulus was composite rather than prime!), we see that any root of f(t ) in Z/(p) is either r or is a root of g(t ). Thus, f(t ) has at most d + 1 roots in Z/(p). As f(t ) was an arbitrary polynomial of degree d + 1 with coefficients in Z/(p), we are done with the inductive step. Remark A.3. There were two cases considered in the inductive step: when f(t ) has a root in Z/(p) and when it does not. Certainly one of those cases must occur, but in any particular example we don t know which occurs without actually searching for roots. This is why the theorem is not effective. It gives us an upper bound on the number of roots, but does not give us any tools to decide if there is even one root in Z/(p) for a particular polynomial.

### ORDERS OF ELEMENTS IN A GROUP

ORDERS OF ELEMENTS IN A GROUP KEITH CONRAD 1. Introduction Let G be a group and g G. We say g has finite order if g n = e for some positive integer n. For example, 1 and i have finite order in C, since

### SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

SUBGROUPS OF CYCLIC GROUPS KEITH CONRAD 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by g = {g k : k Z}. If G = g, then G itself is cyclic, with g as a generator. Examples

### Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Page 1 Definitions Tuesday, May 8, 2018 12:23 AM Notations " " means "equals, by definition" the set of all real numbers the set of integers Denote a function from a set to a set by Denote the image of

### THE DIVISION THEOREM IN Z AND R[T ]

THE DIVISION THEOREM IN Z AND R[T ] KEITH CONRAD 1. Introduction In both Z and R[T ], we can carry out a process of division with remainder. Theorem 1.1. For any integers a and b, with b nonzero, there

### THE DIVISION THEOREM IN Z AND F [T ]

THE DIVISION THEOREM IN Z AND F [T ] KEITH CONRAD 1. Introduction In the integers we can carry out a process of division with remainder, as follows. Theorem 1.1. For any integers a and b, with b 0 there

### ORDERS OF UNITS IN MODULAR ARITHMETIC

ORDERS OF UNITS IN MODULAR ARITHMETIC KEITH CONRAD. Introduction If a mod m is a unit then a ϕ(m) mod m by Euler s theorem. Depending on a, it might happen that a n mod m for a positive integer n that

### DIHEDRAL GROUPS II KEITH CONRAD

DIHEDRAL GROUPS II KEITH CONRAD We will characterize dihedral groups in terms of generators and relations, and describe the subgroups of D n, including the normal subgroups. We will also introduce an infinite

### The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

The group (Z/nZ) February 17, 2016 1 Introduction In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer. If we factor n = p e 1 1 pe, where the p i s are distinct

### IRREDUCIBILITY TESTS IN F p [T ]

IRREDUCIBILITY TESTS IN F p [T ] KEITH CONRAD 1. Introduction Let F p = Z/(p) be a field of prime order. We will discuss a few methods of checking if a polynomial f(t ) F p [T ] is irreducible that are

### Factorization in Polynomial Rings

Factorization in Polynomial Rings Throughout these notes, F denotes a field. 1 Long division with remainder We begin with some basic definitions. Definition 1.1. Let f, g F [x]. We say that f divides g,

### CONSEQUENCES OF THE SYLOW THEOREMS

CONSEQUENCES OF THE SYLOW THEOREMS KEITH CONRAD For a group theorist, Sylow s Theorem is such a basic tool, and so fundamental, that it is used almost without thinking, like breathing. Geoff Robinson 1.

### IRREDUCIBILITY TESTS IN Q[T ]

IRREDUCIBILITY TESTS IN Q[T ] KEITH CONRAD 1. Introduction For a general field F there is no simple way to determine if an arbitrary polynomial in F [T ] is irreducible. Here we will focus on the case

### The primitive root theorem

The primitive root theorem Mar Steinberger First recall that if R is a ring, then a R is a unit if there exists b R with ab = ba = 1. The collection of all units in R is denoted R and forms a group under

### Math 120 HW 9 Solutions

Math 120 HW 9 Solutions June 8, 2018 Question 1 Write down a ring homomorphism (no proof required) f from R = Z[ 11] = {a + b 11 a, b Z} to S = Z/35Z. The main difficulty is to find an element x Z/35Z

### AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS The integers are the set 1. Groups, Rings, and Fields: Basic Examples Z := {..., 3, 2, 1, 0, 1, 2, 3,...}, and we can add, subtract, and multiply

### NOTES ON FINITE FIELDS

NOTES ON FINITE FIELDS AARON LANDESMAN CONTENTS 1. Introduction to finite fields 2 2. Definition and constructions of fields 3 2.1. The definition of a field 3 2.2. Constructing field extensions by adjoining

### TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS. 1. Introduction

TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS KEITH CONRAD A (monic) polynomial in Z[T ], 1. Introduction f(t ) = T n + c n 1 T n 1 + + c 1 T + c 0, is Eisenstein at a prime p when each coefficient

### = 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

8. p-adic numbers 8.1. Motivation: Solving x 2 a (mod p n ). Take an odd prime p, and ( an) integer a coprime to p. Then, as we know, x 2 a (mod p) has a solution x Z iff = 1. In this case we can suppose

### TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS. 1. Introduction

TOTALLY RAMIFIED PRIMES AND EISENSTEIN POLYNOMIALS KEITH CONRAD A (monic) polynomial in Z[T ], 1. Introduction f(t ) = T n + c n 1 T n 1 + + c 1 T + c 0, is Eisenstein at a prime p when each coefficient

### MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION

MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION 1. Polynomial rings (review) Definition 1. A polynomial f(x) with coefficients in a ring R is n f(x) = a i x i = a 0 + a 1 x + a 2 x 2 + + a n x n i=0

### Algebra SEP Solutions

Algebra SEP Solutions 17 July 2017 1. (January 2017 problem 1) For example: (a) G = Z/4Z, N = Z/2Z. More generally, G = Z/p n Z, N = Z/pZ, p any prime number, n 2. Also G = Z, N = nz for any n 2, since

### CYCLOTOMIC POLYNOMIALS

CYCLOTOMIC POLYNOMIALS 1. The Derivative and Repeated Factors The usual definition of derivative in calculus involves the nonalgebraic notion of limit that requires a field such as R or C (or others) where

### φ(xy) = (xy) n = x n y n = φ(x)φ(y)

Groups 1. (Algebra Comp S03) Let A, B and C be normal subgroups of a group G with A B. If A C = B C and AC = BC then prove that A = B. Let b B. Since b = b1 BC = AC, there are a A and c C such that b =

### Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald) 1 Euclid s Algorithm Euclid s Algorithm for computing the greatest common divisor belongs to the oldest known computing procedures

### THE MINIMAL POLYNOMIAL AND SOME APPLICATIONS

THE MINIMAL POLYNOMIAL AND SOME APPLICATIONS KEITH CONRAD. Introduction The easiest matrices to compute with are the diagonal ones. The sum and product of diagonal matrices can be computed componentwise

### CYCLOTOMIC POLYNOMIALS

CYCLOTOMIC POLYNOMIALS 1. The Derivative and Repeated Factors The usual definition of derivative in calculus involves the nonalgebraic notion of limit that requires a field such as R or C (or others) where

### The Chinese Remainder Theorem

The Chinese Remainder Theorem R. C. Daileda February 19, 2018 1 The Chinese Remainder Theorem We begin with an example. Example 1. Consider the system of simultaneous congruences x 3 (mod 5), x 2 (mod

### D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

D-MAH Algebra II FS18 Prof. Marc Burger Solution 26 Cyclotomic extensions. In the following, ϕ : Z 1 Z 0 is the Euler function ϕ(n = card ((Z/nZ. For each integer n 1, we consider the n-th cyclotomic polynomial

### THE MILLER RABIN TEST

THE MILLER RABIN TEST KEITH CONRAD 1. Introduction The Miller Rabin test is the most widely used probabilistic primality test. For odd composite n > 1 at least 75% of numbers from to 1 to n 1 are witnesses

### A connection between number theory and linear algebra

A connection between number theory and linear algebra Mark Steinberger Contents 1. Some basics 1 2. Rational canonical form 2 3. Prime factorization in F[x] 4 4. Units and order 5 5. Finite fields 7 6.

### EULER S THEOREM KEITH CONRAD

EULER S THEOREM KEITH CONRAD. Introduction Fermat s little theorem is an important property of integers to a prime modulus. Theorem. (Fermat). For prime p and any a Z such that a 0 mod p, a p mod p. If

### GROUPS OF ORDER p 3 KEITH CONRAD

GROUPS OF ORDER p 3 KEITH CONRAD For any prime p, we want to describe the groups of order p 3 up to isomorphism. From the cyclic decomposition of finite abelian groups, there are three abelian groups of

### GALOIS GROUPS AS PERMUTATION GROUPS

GALOIS GROUPS AS PERMUTATION GROUPS KEITH CONRAD 1. Introduction A Galois group is a group of field automorphisms under composition. By looking at the effect of a Galois group on field generators we can

### A Generalization of Wilson s Theorem

A Generalization of Wilson s Theorem R. Andrew Ohana June 3, 2009 Contents 1 Introduction 2 2 Background Algebra 2 2.1 Groups................................. 2 2.2 Rings.................................

### Solutions to odd-numbered exercises Peter J. Cameron, Introduction to Algebra, Chapter 3

Solutions to odd-numbered exercises Peter J. Cameron, Introduction to Algebra, Chapter 3 3. (a) Yes; (b) No; (c) No; (d) No; (e) Yes; (f) Yes; (g) Yes; (h) No; (i) Yes. Comments: (a) is the additive group

### GALOIS GROUPS OF CUBICS AND QUARTICS (NOT IN CHARACTERISTIC 2)

GALOIS GROUPS OF CUBICS AND QUARTICS (NOT IN CHARACTERISTIC 2) KEITH CONRAD We will describe a procedure for figuring out the Galois groups of separable irreducible polynomials in degrees 3 and 4 over

ISOMORPHISMS KEITH CONRAD 1. Introduction Groups that are not literally the same may be structurally the same. An example of this idea from high school math is the relation between multiplication and addition

### Notes on Systems of Linear Congruences

MATH 324 Summer 2012 Elementary Number Theory Notes on Systems of Linear Congruences In this note we will discuss systems of linear congruences where the moduli are all different. Definition. Given the

### FACTORING IN QUADRATIC FIELDS. 1. Introduction

FACTORING IN QUADRATIC FIELDS KEITH CONRAD For a squarefree integer d other than 1, let 1. Introduction K = Q[ d] = {x + y d : x, y Q}. This is closed under addition, subtraction, multiplication, and also

### Homework 10 M 373K by Mark Lindberg (mal4549)

Homework 10 M 373K by Mark Lindberg (mal4549) 1. Artin, Chapter 11, Exercise 1.1. Prove that 7 + 3 2 and 3 + 5 are algebraic numbers. To do this, we must provide a polynomial with integer coefficients

### THE GAUSSIAN INTEGERS

THE GAUSSIAN INTEGERS KEITH CONRAD Since the work of Gauss, number theorists have been interested in analogues of Z where concepts from arithmetic can also be developed. The example we will look at in

### CYCLOTOMIC EXTENSIONS

CYCLOTOMIC EXTENSIONS KEITH CONRAD 1. Introduction For a positive integer n, an nth root of unity in a field is a solution to z n = 1, or equivalently is a root of T n 1. There are at most n different

### 18. Cyclotomic polynomials II

18. Cyclotomic polynomials II 18.1 Cyclotomic polynomials over Z 18.2 Worked examples Now that we have Gauss lemma in hand we can look at cyclotomic polynomials again, not as polynomials with coefficients

### IDEAL CLASSES AND RELATIVE INTEGERS

IDEAL CLASSES AND RELATIVE INTEGERS KEITH CONRAD The ring of integers of a number field is free as a Z-module. It is a module not just over Z, but also over any intermediate ring of integers. That is,

### Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

6 Prime Numbers Part VI of PJE 6.1 Fundamental Results Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively D (p) = { p 1 1 p}. Otherwise

### Roots of Unity, Cyclotomic Polynomials and Applications

Swiss Mathematical Olympiad smo osm Roots of Unity, Cyclotomic Polynomials and Applications The task to be done here is to give an introduction to the topics in the title. This paper is neither complete

### Theorem 5.3. Let E/F, E = F (u), be a simple field extension. Then u is algebraic if and only if E/F is finite. In this case, [E : F ] = deg f u.

5. Fields 5.1. Field extensions. Let F E be a subfield of the field E. We also describe this situation by saying that E is an extension field of F, and we write E/F to express this fact. If E/F is a field

### (1) A frac = b : a, b A, b 0. We can define addition and multiplication of fractions as we normally would. a b + c d

The Algebraic Method 0.1. Integral Domains. Emmy Noether and others quickly realized that the classical algebraic number theory of Dedekind could be abstracted completely. In particular, rings of integers

### Chapter 8. P-adic numbers. 8.1 Absolute values

Chapter 8 P-adic numbers Literature: N. Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions, 2nd edition, Graduate Texts in Mathematics 58, Springer Verlag 1984, corrected 2nd printing 1996, Chap.

### (January 14, 2009) q n 1 q d 1. D = q n = q + d

(January 14, 2009) [10.1] Prove that a finite division ring D (a not-necessarily commutative ring with 1 in which any non-zero element has a multiplicative inverse) is commutative. (This is due to Wedderburn.)

### and this makes M into an R-module by (1.2). 2

1. Modules Definition 1.1. Let R be a commutative ring. A module over R is set M together with a binary operation, denoted +, which makes M into an abelian group, with 0 as the identity element, together

### ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION PAVEL RŮŽIČKA 9.1. Congruence modulo n. Let us have a closer look at a particular example of a congruence relation on

### Factorization in Integral Domains II

Factorization in Integral Domains II 1 Statement of the main theorem Throughout these notes, unless otherwise specified, R is a UFD with field of quotients F. The main examples will be R = Z, F = Q, and

GENERATING SETS KEITH CONRAD 1 Introduction In R n, every vector can be written as a unique linear combination of the standard basis e 1,, e n A notion weaker than a basis is a spanning set: a set of vectors

### Standard forms for writing numbers

Standard forms for writing numbers In order to relate the abstract mathematical descriptions of familiar number systems to the everyday descriptions of numbers by decimal expansions and similar means,

### MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM

MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM Basic Questions 1. Compute the factor group Z 3 Z 9 / (1, 6). The subgroup generated by (1, 6) is

### Groups of Prime Power Order with Derived Subgroup of Prime Order

Journal of Algebra 219, 625 657 (1999) Article ID jabr.1998.7909, available online at http://www.idealibrary.com on Groups of Prime Power Order with Derived Subgroup of Prime Order Simon R. Blackburn*

### CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CHAPTER 6 Prime Numbers Part VI of PJE. Definition and Fundamental Results 6.1. Definition. (PJE definition 23.1.1) An integer p is prime if p > 1 and the only positive divisors of p are 1 and p. If n

### D-MATH Algebra I HS 2013 Prof. Brent Doran. Solution 3. Modular arithmetic, quotients, product groups

D-MATH Algebra I HS 2013 Prof. Brent Doran Solution 3 Modular arithmetic, quotients, product groups 1. Show that the functions f = 1/x, g = (x 1)/x generate a group of functions, the law of composition

Quadratic Congruences, the Quadratic Formula, and Euler s Criterion R. C. Trinity University Number Theory Introduction Let R be a (commutative) ring in which 2 = 1 R + 1 R R. Consider a quadratic equation

### LECTURE NOTES IN CRYPTOGRAPHY

1 LECTURE NOTES IN CRYPTOGRAPHY Thomas Johansson 2005/2006 c Thomas Johansson 2006 2 Chapter 1 Abstract algebra and Number theory Before we start the treatment of cryptography we need to review some basic

### Introduction to Arithmetic Geometry Fall 2013 Lecture #24 12/03/2013

18.78 Introduction to Arithmetic Geometry Fall 013 Lecture #4 1/03/013 4.1 Isogenies of elliptic curves Definition 4.1. Let E 1 /k and E /k be elliptic curves with distinguished rational points O 1 and

### Galois theory (Part II)( ) Example Sheet 1

Galois theory (Part II)(2015 2016) Example Sheet 1 c.birkar@dpmms.cam.ac.uk (1) Find the minimal polynomial of 2 + 3 over Q. (2) Let K L be a finite field extension such that [L : K] is prime. Show that

### Congruences and Residue Class Rings

Congruences and Residue Class Rings (Chapter 2 of J. A. Buchmann, Introduction to Cryptography, 2nd Ed., 2004) Shoichi Hirose Faculty of Engineering, University of Fukui S. Hirose (U. Fukui) Congruences

### A. Algebra and Number Theory

A. Algebra and Number Theory Public-key cryptosystems are based on modular arithmetic. In this section, we summarize the concepts and results from algebra and number theory which are necessary for an understanding

### Part II. Number Theory. Year

Part II Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2017 Paper 3, Section I 1G 70 Explain what is meant by an Euler pseudoprime and a strong pseudoprime. Show that 65 is an Euler

### WHY WORD PROBLEMS ARE HARD

WHY WORD PROBLEMS ARE HARD KEITH CONRAD 1. Introduction The title above is a joke. Many students in school hate word problems. We will discuss here a specific math question that happens to be named the

### MATH 115, SUMMER 2012 LECTURE 12

MATH 115, SUMMER 2012 LECTURE 12 JAMES MCIVOR - last time - we used hensel s lemma to go from roots of polynomial equations mod p to roots mod p 2, mod p 3, etc. - from there we can use CRT to construct

### Primes in arithmetic progressions

(September 26, 205) Primes in arithmetic progressions Paul Garrett garrett@math.umn.edu http://www.math.umn.edu/ garrett/ [This document is http://www.math.umn.edu/ garrett/m/mfms/notes 205-6/06 Dirichlet.pdf].

### The Chinese Remainder Theorem

Chapter 5 The Chinese Remainder Theorem 5.1 Coprime moduli Theorem 5.1. Suppose m, n N, and gcd(m, n) = 1. Given any remainders r mod m and s mod n we can find N such that N r mod m and N s mod n. Moreover,

### FINITE GROUP THEORY: SOLUTIONS FALL MORNING 5. Stab G (l) =.

FINITE GROUP THEORY: SOLUTIONS TONY FENG These are hints/solutions/commentary on the problems. They are not a model for what to actually write on the quals. 1. 2010 FALL MORNING 5 (i) Note that G acts

### Honors Algebra 4, MATH 371 Winter 2010 Assignment 4 Due Wednesday, February 17 at 08:35

Honors Algebra 4, MATH 371 Winter 2010 Assignment 4 Due Wednesday, February 17 at 08:35 1. Let R be a commutative ring with 1 0. (a) Prove that the nilradical of R is equal to the intersection of the prime

### Fermat s Last Theorem for Regular Primes

Fermat s Last Theorem for Regular Primes S. M.-C. 22 September 2015 Abstract Fermat famously claimed in the margin of a book that a certain family of Diophantine equations have no solutions in integers.

### 1 The Galois Group of a Quadratic

Algebra Prelim Notes The Galois Group of a Polynomial Jason B. Hill University of Colorado at Boulder Throughout this set of notes, K will be the desired base field (usually Q or a finite field) and F

### Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Note 7

EECS 70 Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Note 7 Polynomials Polynomials constitute a rich class of functions which are both easy to describe and widely applicable in topics

### Lecture Notes, Week 6

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Week 6 (rev. 3) Professor M. J. Fischer February 15 & 17, 2005 1 RSA Security Lecture Notes, Week 6 Several

### FINITE ABELIAN GROUPS Amin Witno

WON Series in Discrete Mathematics and Modern Algebra Volume 7 FINITE ABELIAN GROUPS Amin Witno Abstract We detail the proof of the fundamental theorem of finite abelian groups, which states that every

### Algebraic Structures Exam File Fall 2013 Exam #1

Algebraic Structures Exam File Fall 2013 Exam #1 1.) Find all four solutions to the equation x 4 + 16 = 0. Give your answers as complex numbers in standard form, a + bi. 2.) Do the following. a.) Write

### NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two operations defined on them, addition and multiplication,

### Lecture 8: Finite fields

Lecture 8: Finite fields Rajat Mittal IIT Kanpur We have learnt about groups, rings, integral domains and fields till now. Fields have the maximum required properties and hence many nice theorems can be

### Lecture 6: Finite Fields

CCS Discrete Math I Professor: Padraic Bartlett Lecture 6: Finite Fields Week 6 UCSB 2014 It ain t what they call you, it s what you answer to. W. C. Fields 1 Fields In the next two weeks, we re going

### Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014 A typical course in abstract algebra starts with groups, and then moves on to rings, vector spaces, fields, etc. This sequence

### ECEN 5022 Cryptography

Elementary Algebra and Number Theory University of Colorado Spring 2008 Divisibility, Primes Definition. N denotes the set {1, 2, 3,...} of natural numbers and Z denotes the set of integers {..., 2, 1,

### Math 4400, Spring 08, Sample problems Final Exam.

Math 4400, Spring 08, Sample problems Final Exam. 1. Groups (1) (a) Let a be an element of a group G. Define the notions of exponent of a and period of a. (b) Suppose a has a finite period. Prove that

### MA4H9 Modular Forms: Problem Sheet 2 Solutions

MA4H9 Modular Forms: Problem Sheet Solutions David Loeffler December 3, 010 This is the second of 3 problem sheets, each of which amounts to 5% of your final mark for the course This problem sheet will

### 1 First Theme: Sums of Squares

I will try to organize the work of this semester around several classical questions. The first is, When is a prime p the sum of two squares? The question was raised by Fermat who gave the correct answer

MODULAR ARITHMETIC KEITH CONRAD. Introduction We will define the notion of congruent integers (with respect to a modulus) and develop some basic ideas of modular arithmetic. Applications of modular arithmetic

### 1 Overview and revision

MTH6128 Number Theory Notes 1 Spring 2018 1 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction

### Modern Algebra I. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

1 2 3 style total Math 415 Please print your name: Answer Key 1 True/false Circle the correct answer; no explanation is required. Each problem in this section counts 5 points. 1. Every group of order 6

### Mathematics for Cryptography

Mathematics for Cryptography Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, Ontario, N2L 3G1, Canada March 15, 2016 1 Groups and Modular Arithmetic 1.1

### MINIMAL GENERATING SETS OF GROUPS, RINGS, AND FIELDS

MINIMAL GENERATING SETS OF GROUPS, RINGS, AND FIELDS LORENZ HALBEISEN, MARTIN HAMILTON, AND PAVEL RŮŽIČKA Abstract. A subset X of a group (or a ring, or a field) is called generating, if the smallest subgroup

PYTHAGOREAN TRIPLES KEITH CONRAD 1. Introduction A Pythagorean triple is a triple of positive integers (a, b, c) where a + b = c. Examples include (3, 4, 5), (5, 1, 13), and (8, 15, 17). Below is an ancient

### GENERALIZED QUATERNIONS

GENERALIZED QUATERNIONS KEITH CONRAD 1. introduction The quaternion group Q 8 is one of the two non-abelian groups of size 8 (up to isomorphism). The other one, D 4, can be constructed as a semi-direct

### PRIME NUMBERS YANKI LEKILI

PRIME NUMBERS YANKI LEKILI We denote by N the set of natural numbers: 1,2,..., These are constructed using Peano axioms. We will not get into the philosophical questions related to this and simply assume

### Zsigmondy s Theorem. Lola Thompson. August 11, Dartmouth College. Lola Thompson (Dartmouth College) Zsigmondy s Theorem August 11, / 1

Zsigmondy s Theorem Lola Thompson Dartmouth College August 11, 2009 Lola Thompson (Dartmouth College) Zsigmondy s Theorem August 11, 2009 1 / 1 Introduction Definition o(a modp) := the multiplicative order

### Winter Camp 2009 Number Theory Tips and Tricks

Winter Camp 2009 Number Theory Tips and Tricks David Arthur darthur@gmail.com 1 Introduction This handout is about some of the key techniques for solving number theory problems, especially Diophantine

### Algebra Exam Fall Alexander J. Wertheim Last Updated: October 26, Groups Problem Problem Problem 3...

Algebra Exam Fall 2006 Alexander J. Wertheim Last Updated: October 26, 2017 Contents 1 Groups 2 1.1 Problem 1..................................... 2 1.2 Problem 2..................................... 2