Notes on Primitive Roots Dan Klain

Similar documents
Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

1 Structure of Finite Fields

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Wilson s Theorem and Fermat s Little Theorem

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Basic elements of number theory

Theory of Numbers Problems

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

Basic elements of number theory

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

The Chinese Remainder Theorem

LECTURE NOTES IN CRYPTOGRAPHY

Number Theory Proof Portfolio

Homework 7 solutions M328K by Mark Lindberg/Marie-Amelie Lawn

Discrete Mathematics with Applications MATH236

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Public-key Cryptography: Theory and Practice

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Notes on Systems of Linear Congruences

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

Mathematics for Cryptography

NOTES ON SIMPLE NUMBER THEORY

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Solving the general quadratic congruence. y 2 Δ (mod p),

Euler s, Fermat s and Wilson s Theorems

M381 Number Theory 2004 Page 1

Homework 8 Solutions to Selected Problems

18. Cyclotomic polynomials II

The primitive root theorem

Number Theory Homework.

MATH 361: NUMBER THEORY FOURTH LECTURE

MINIMAL GENERATING SETS OF GROUPS, RINGS, AND FIELDS

Number Theory and Group Theoryfor Public-Key Cryptography

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

(January 14, 2009) q n 1 q d 1. D = q n = q + d

Math 110 HW 3 solutions

Part II. Number Theory. Year

Section X.55. Cyclotomic Extensions

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

CSC 474 Information Systems Security

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

Elementary Number Theory Review. Franz Luef

Number Theory. Henry Liu, 6 July 2007

Number Theory and Algebra: A Brief Introduction

A SURVEY OF PRIMALITY TESTS

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Part V. Chapter 19. Congruence of integers

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Homework #2 solutions Due: June 15, 2012

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Elementary Number Theory MARUCO. Summer, 2018

MATH 537 Class Notes

Factorization in Integral Domains II

Lecture 8: Finite fields

A. Algebra and Number Theory

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

a mod a 2 mod

Introduction to Number Theory 1. c Eli Biham - December 13, Introduction to Number Theory 1

Congruences and Residue Class Rings

x = π m (a 0 + a 1 π + a 2 π ) where a i R, a 0 = 0, m Z.

ECEN 5022 Cryptography

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Elementary Properties of Cyclotomic Polynomials

A Guide to Arithmetic

TC10 / 3. Finite fields S. Xambó

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

Number Theory Alex X. Liu & Haipeng Dai

Chapter 8. Introduction to Number Theory

Chinese Remainder Theorem

Mathematics of Cryptography

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Introduction to Number Theory

MATH 145 Algebra, Solutions to Assignment 4

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

1 Overview and revision

arxiv: v1 [math.ho] 12 Sep 2008

4.4 Solving Congruences using Inverses

Numbers. Çetin Kaya Koç Winter / 18

Explicit Methods in Algebraic Number Theory

University of Toronto Faculty of Arts and Science Solutions to Final Examination, April 2017 MAT246H1S - Concepts in Abstract Mathematics

a = mq + r where 0 r m 1.

A Readable Introduction to Real Mathematics

Section 33 Finite fields

Chapter 5. Modular arithmetic. 5.1 The modular ring

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Solutions to Practice Final

Groups in Cryptography. Çetin Kaya Koç Winter / 13

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

The Chinese Remainder Theorem

4 Powers of an Element; Cyclic Groups

CHAPTER 3. Congruences. Congruence: definitions and properties

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

Winter Camp 2009 Number Theory Tips and Tricks

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Summary Slides for MATH 342 June 25, 2018

Transcription:

Notes on Primitive Roots Dan Klain last updated March 22, 2013 Comments and corrections are welcome These supplementary notes summarize the presentation on primitive roots given in class, which differed slightly from the approach in the textbook. Denote by U n the group of units mod n. The order of a unit u U n is the smallest positive integer k such that u k 1 mod n. This value is denoted ord n (u). For example, if we compute the powers of 2 mod 7 we have so that ord 7 (2) = 3. 2 1 2, 2 2 4, 2 3 1 mod 7, Proposition 1. If α = ord n (u), then u m 1 mod n if and only if α m. Proof. If α m then m = αk for some integer k, so that u m u αk (u α ) k 1 k 1 mod n. To prove the converse, suppose that u m 1. Write m = αq + r, where 0 r < α. Since u α 1, we have 1 u m u αq+r (u α ) q u r u r mod n. Since r < α, this violates the minimality of the order α, unless r = 0. By Euler s Theorem, u φ(n) 1 mod n for every u U n. previous proposition that ord n (u) φ(n) for all u U n. It follows from the In the discussion that follows we will often focus the order properties of units modulo a prime p. In this case we know that ord p (u) (p 1) for all units u U p. If we take the powers of 2 mod 5 we have 2 1 2 2 2 4 2 3 3 2 4 1 mod 5 1

2 exhausting the units mod 5, so that ord 5 (2) = 4. In other words, 2 generates the entire multiplicative group U 5, which turns out to be a cyclic group. A similar computation reveals that 3 generates the group U 7 ; that is ord 7 (3) = 6 = φ(7). We say that r is a primitive root mod n if U n = {1, r, r 2,..., r φ(n) 1 }. In other words, r is a primitive root for n iff ord n (r) = φ(n). In this case, the group U n is cyclic, with r as a generator. Exercise: Show that there is no primitive root mod 8. Some moduli have primitive roots, and some do not. We will show (eventually) that every prime modulus p has at least one primitive root. It is not always easy to find a primitive root, when they exist at all. However, once we have found a primitive root r mod n, it is easy to find the others. Proposition 2. If u U n has order α, then u k is has order α if and only if gcd(k, α) = 1. Proof. Let d = gcd(k, α), and let β = ord n (u k ). We need to show that β = α if and only if d = 1. If d > 1 then k = dx and α = dy, where x, y Z, and where 1 y < α. In this case, (u k ) y u ky u dxy u αx (u α ) x 1 x 1 mod p. The minimality of the order β now implies that β y < α. Suppose instead that d = 1. Since β = ord n (u k ), we have u kβ = (u k ) β = 1. It follows from Proposition 1 that α kβ. co-prime, so that α β. Meanwhile, (u k ) α (u α ) k 1 k 1 mod p, Since d = 1, the values α and k are so that β α, again by Proposition 1. It now follows that β = α. Corollary 1. If Z n has a primitive root r, then the primitive roots for Z n are precisely those units r k where gcd(k, φ(n)) = 1. In particular, there are φ(φ(n)) primitive roots mod n. Proof. If r is a primitive root mod n, then ord n (r) = φ(n). The previous proposition then implies that ord n (r k ) = φ(n) iff k is relatively prime to φ(n), giving φ(φ(n)) distinct cases. Since every u U n has the form r k for some k (because r is primitive), this exhausts all possibilities for primitive roots mod n.

Assuming that there is at least one primitive root modulo a prime p (to be shown below), it follows there are exactly φ(p 1) = φ(φ(p)) primitive roots for p. 3 The following lemma is useful for generating elements of higher order, given elements of smaller order. Lemma 1 (Multiplicative Lemma). Suppose that ord n (α) = a and ord n (β) = b. If gcd(a, b) = 1, then ord n (αβ) = ab. Proof. Let c = ord n (αβ). Evidently (αβ) ab = α ab β ab = (α a ) b (β b ) a = 1 b 1 a = 1, so that c ab, by Proposition 1. Meanwhile, 1 = 1 a = ((αβ) c ) a = (αβ) ac = α ac β ac = β ac, so that b ac, again by Proposition 1. Since gcd(a, b) = 1, it follows that b c. By a similar and symmetrical argument, we also have a c. Again, since gcd(a, b) = 1, we have ab c. It now follows that c = ab. This lemma can be useful for finding primitive roots. For example, it is easy to see that 2 has order 5 mod 31, since 2 5 32 1 mod 31. And we always know that 1 has order 2 modulo an odd prime. If we can find and element c of order 3, the Multiplicative Lemma implies that 2c will have order 30, so it is primitive. Looking at a list of cubes: 1, 8, 27, 64, 125, 216, 343,... we see that 5 3 = 125 1 mod 31, so that 10 21 is a primitive root. The complete list of primitive roots mod 31 will be congruent to some 21 k for k relatively prime to 30, that is, the values: or (listed in the same order): 21, 21 7, 21 11, 21 13, 21 17, 21 19, 21 23, 21 29 mod 31 21, 11, 12, 22, 24, 13, 17, 3 mod 31 We now present a series of lemmas leading to a proof that, if p is prime, then Z p has a primitive root. It is a consequence of Fermat s Theorem that the polynomial x p 1 1 has at least p 1 roots mod p. By Lagrange s Theorem this polynomial has at most p 1 roots, so it therefore has exactly the p 1 roots 1, 2,..., p 1.

4 A similar argument yields the following. Lemma 2. If x p 1 1 = g(x)h(x), where deg(g) = k and deg(h) = l, then g(x) has exactly k roots, and h(x) has exactly l roots mod p. Proof. Note that k + l = p 1, since degrees (leading exponents) are added when polynomials are multiplied. If r is a root of x p 1 1, then g(r)h(r) 0 mod p, so that either g(r) 0 or h(r) 0 mod p. If g has fewer than k roots, then there are more than l = p 1 k distinct roots of x p 1 1 remaining, all of which must then be roots of h. But h cannot have more than l roots. Therefore g must have exactly k roots, and similarly h must have exactly p 1 k = l roots. The following algebraic identity is a variant of the geometric sum formula. Lemma 3. If n = kl, then x n 1 = (x k ) l 1 = (x k 1)(x k(l 1) + x k(l 2) + + x k + 1). Proof. Begin with the geometric sum identity: u l 1 = (u 1)(u l 1 + u l 2 + + u + 1). The lemma follows after substituting u = x k. We are now ready to prove the main theorem. Theorem 1. If p is prime, then Z p has a primitive root. Proof. Suppose p 1 has the prime power factorization where q 1 < < q k. By Lemma 3, we have p 1 = q a 1 1 qa k k, x p 1 1 = (x qa 1 1 1)h(x), where h(x) is a polynomial. By Lemma 2 the factor x qa 1 1 1 has exactly q a 1 1 roots mod p. If s is a root of x qa 1 1 1, then s qa 1 1 1 mod p. It follows from Proposition 1 that ord p (s) q a 1 1. Therefore, ord p(s) = q b 1 1, for some 0 b 1 a 1. If every root of x qa 1 1 1 has order strictly less than q a 1 1, then every root of 1 xqa 1 1 is also a root of of x qa 1 1 1 1. In other words, this polynomial of degree q a 1 1 1 would have q a 1 1 roots, which is impossible. It follows that at least one of the roots

of x qa 1 1 1 has order q a 1 1. In other words, there exists an element r 1 U p having order q a 1 1. Repeating this argument for each q i, we find, for each i, an element r i U p of order q a i i. By the Multiplicative Lemma, the unit r = r 1 r k has order q a 1 1 qa k k = p 1, so that r is a primitive root mod p. 5 Exercise: Suppose that φ(p) = p 1 = q a 1 1 qa s s, where q 1 < < q s are prime, and each a i > 0. Prove that r is a primitive root mod p iff for every q i. r p 1 q i 1 mod p This result in this exercise speeds the process of checking whether a value r is primitive. For example, if p = 31 then p 1 = 30 = 2 3 5. To determine if 3 is primitive mod 31 we need only check that 3 6 1, 3 10 1, 3 15 1, mod 31. First, use repeated squaring to determine that It is then easy to compute 3 2 9, 3 4 12, 3 8 20, 3 16 3 mod 31. so that 3 must be primitive mod 31. 3 6 16, 3 10 25, 3 15 1 mod 31 We have shown that if p is prime then Z p has a primitive root. More generally, it can be shown that primitive roots exist for Z n if and only if n = 1, 2, 4, p e or 2p e, where p is an odd prime, and e is a positive integer. Moreover, it is a consequence of Euler s theorem and the Chinese Remainder Theorem that Z n has no primitive roots if n is divisible by two distinct odd primes. Since Z 8 has no primitive roots (by inspection), it follows from an induction argument (with respect to the exponent e) that Z 2 e has no primitive roots for e 3.

6 To prove that Z p 2 has a primitive root, find a primitive root r for Z p. One can show that either r or r + p is primitive for Z p 2. To prove that Z p e has a primitive root for e > 2, find a primitive root r for Z p 2. One can show that r is also primitive for Z p e, using induction on e. To prove that Z 2p e has a primitive root for e > 2, find a primitive root r for Z p e. Either r or r + p e is odd. The odd choice is also primitive for Z 2p e. Details are given in the textbook (Jones & Jones).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback