Euler s, Fermat s and Wilson s Theorems

Similar documents
MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Discrete Mathematics with Applications MATH236

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

MATH 361: NUMBER THEORY FOURTH LECTURE

Wilson s Theorem and Fermat s Little Theorem

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

The Chinese Remainder Theorem

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Applied Cryptography and Computer Security CSE 664 Spring 2018

7.2 Applications of Euler s and Fermat s Theorem.

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

2 More on Congruences

Chapter 5. Modular arithmetic. 5.1 The modular ring

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Number Theory and Group Theoryfor Public-Key Cryptography

5 Group theory. 5.1 Binary operations

MATH 310: Homework 7

ORDERS OF ELEMENTS IN A GROUP

The Chinese Remainder Theorem

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

1 Structure of Finite Fields

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

A Generalization of Wilson s Theorem

ECEN 5022 Cryptography

1. multiplication is commutative and associative;

Mathematics for Cryptography

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Part II. Number Theory. Year

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

2 Lecture 2: Logical statements and proof by contradiction Lecture 10: More on Permutations, Group Homomorphisms 31

Contest Number Theory

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

K. Ireland, M. Rosen A Classical Introduction to Modern Number Theory, Springer.

Divisibility = 16, = 9, = 2, = 5. (Negative!)

Foundations of Cryptography

IRREDUCIBILITY TESTS IN F p [T ]

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

Number Theory A focused introduction

A Guide to Arithmetic

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

I216e Discrete Math (for Review)

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

Notes on Primitive Roots Dan Klain

Congruences and Residue Class Rings

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Lecture 4: Number theory

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

Numbers, Groups and Cryptography. Gordan Savin

NOTES ON FINITE FIELDS

A Curious Connection Between Fermat Numbers and Finite Groups

PREPARATION NOTES FOR NUMBER THEORY PRACTICE WED. OCT. 3,2012

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

* 8 Groups, with Appendix containing Rings and Fields.

Number Theory Homework.

CHAPTER 3. Congruences. Congruence: definitions and properties

Definition 1.2. Let G be an arbitrary group and g an element of G.

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Commutative Rings and Fields

Basic elements of number theory

Basic elements of number theory

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Chapter 3. Rings. The basic commutative rings in mathematics are the integers Z, the. Examples

Math 210B: Algebra, Homework 4

Error Correcting Codes Prof. Dr. P Vijay Kumar Department of Electrical Communication Engineering Indian Institute of Science, Bangalore

Lecture 6: Finite Fields

Homework 10 M 373K by Mark Lindberg (mal4549)

LECTURE NOTES IN CRYPTOGRAPHY

0 Sets and Induction. Sets

Modular Arithmetic Instructor: Marizza Bailey Name:

FERMAT S TEST KEITH CONRAD

Quadratic Congruences, the Quadratic Formula, and Euler s Criterion

Dirichlet Characters. Chapter 4

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Ma/CS 6a Class 4: Primality Testing

Quasi-reducible Polynomials

Theory of Numbers Problems

To hand in: (a) Prove that a group G is abelian (= commutative) if and only if (xy) 2 = x 2 y 2 for all x, y G.

Modular Arithmetic and Elementary Algebra

Math 4400/6400 Homework #8 solutions. 1. Let P be an odd integer (not necessarily prime). Show that modulo 2,

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

1 Overview and revision

MATH 3240Q Introduction to Number Theory Homework 4

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Algebra Review. Instructor: Laszlo Babai Notes by Vincent Lucarelli and the instructor. June 15, 2001

Lecture 2. The Euclidean Algorithm and Numbers in Other Bases

CPSC 467: Cryptography and Computer Security

6 Cosets & Factor Groups

CPSC 467b: Cryptography and Computer Security

I Foundations Of Divisibility And Congruence 1

Transcription:

Euler s, Fermat s and Wilson s Theorems R. C. Daileda February 17, 2018 1 Euler s Theorem Consider the following example. Example 1. Find the remainder when 3 103 is divided by 14. We begin by computing successive powers of 3 modulo 14. The computations can easily be carried out in our heads since at each line we can always be sure we re never dealing with a number larger than 13, and the next line is simply obtained by multiplying the result of the previous line by 3. 3 2 9 5 (mod 14), 3 3 15 1 (mod 14), 3 4 3 (mod 14), 3 5 9 5 (mod 14), 3 6 15 1 (mod 14). Why did we stop here? Divide the real exponent we care about, 103, by 6: 103 = 17 6 + 1. We then have 3 103 = 3 17 6+1 = (3 6 )17 3 1 17 3 3 (mod 14) which means the remainder is 3. We took advantage of the fact that 3 6 1(mod 14) and that multiplication by 1 is trivial to convert the problem of reducing 3 103 modulo 14 to the much more reasonable task of reducing the exponent 103 modulo 6. The reason we successively raised 3 to powers was to find the smallest exponent (namely 6) that would help us out. It turns out that what happened with the powers of 3 in the preceding example generalizes nicely to arbitrary moduli. As usual, we will introduce an abstract notion first and then return to congruences by applying it to Z/nZ. Definition 1. Let G be a group, g G. If the set {n n N and g n = e} is nonempty, we define the order of g to be its least element. Otherwise we say the order of g is infinite. We denote the order of g by ord(g). So, ord(g) is the least n N so that g n = e, if such an integer exists, and is infinite otherwise. Example 2. 1

ord(g) = 1 if and only if g = e. In the example above, we see that ord(3) = 6 in (Z/14Z). For n Z, ord(n) is infinite if n 0 (ord(0) = 1 by our first observation). This is because if n 0 and k N, then kn 1 so that kn 0 (remember Z is additive, not multiplicative, so we don t use exponents). On the other hand, every element of Z/nZ has finite order, since n(a+nz) = na+nz = 0 + nz. Lemma 1. If G is a finite group and g G, then ord(g) is finite. Proof. Since the list g, g 2, g 3, g 4, cannot contain infinitely many distinct elements, there exist exponents i > j so that g i = g j. Cancelling we obtain g i j = e. Since i j N, this proves g has finite order. 1 Corollary 1. Let n N. Every element of (Z/nZ) has finite order. Remark 1. Z/nZ possesses two binary operations (although is only a group under one of them), hence has two notions of order. By caveat, from now on when we speak of order in Z/nZ we will always mean multiplicative order (see below). When n is understood, we will write ord(a) for ord(a + nz) in (Z/nZ). We will call it the order of a modulo n. If g n = e in G, then g nm = (g n ) m = e m = e for all m Z. Proposition 1. Let G be a group and g G an element of finite order. Then {n n Z and g n = e} = ord(g)z. Proof. The final remark above shows that we have the containment. For the other, let n belong to the left hand side. Use the division algorithm to write n = q ord(g) + r with 0 r < ord(g). Then e = g n = (g ord(g) ) q g r = e q g r = g r. This contradicts the minimality of ord(g) unless r = 0, so that n ord(g)z, as claimed. In words, the proposition states that the only exponents that annihilate a group element are multiples of its order. Given a finite group G, a somewhat natural question to ask is if there is a common power that will annihilate every element. According to the proposition, an obvious, although probably cumbersome to compute, choice is the least common multiple of all of the orders of the elements of G. But there is a more natural choice, as the next result indicates. 1 Note that we are not claiming that ord(g) = i j, just that the set of positive powers of g equal to e is nonempty. 2

Theorem 1. Let G be a finite abelian group, g G. Then In particular, ord(g) divides G. g G = e. Proof. Recall from HW that the left translation L g : G G, given by x gx, is a bijection. Hence 2 L g (x) = x e = g G, x G x = x G by cancellation of the product from both sides. x Ggx = g G x G Remark 2. The preceding result holds for all finite groups G, although the proof, while still very elegant, is not quite as simple. It requires a fundamental group-theoretic result known as Lagrange s Theorem. We are almost ready to state Euler s Theorem, which is simply the theorem above couched in the language of congruences. To simplify its statement somewhat, and because it will later be of independent interest, we introduce our first number-theoretic function. Definition 2. The Euler ϕ function (or totient function), ϕ : N N, is defined by ϕ(n) = (Z/nZ) = {a N 1 a n and (a, n) = 1}. Remark 3. Since Z/Z consists of a single element, it isn t technically a ring, so we can t talk about its unit group, meaning ϕ(1) = (Z/Z) doesn t make sense. However, the alternate characterization given above does make sense when n = 1 and shows that we should take ϕ(1) = 1. Example 3. n (Z/nZ) ϕ(n) 1-1 2 {1} 1 3 {1, 2} 2 4 {1, 3} 2 5 {1, 2, 3, 4} 4 6 {1, 5} 2 7 {1, 2, 3, 4, 5, 6} 6 8 {1, 3, 5, 7} 4 9 {1, 2, 4, 5, 7, 8} 6 10 {1, 3, 7, 9} 4 11 {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} 10 12 {1, 5, 7, 11} 4 2 The products below are well-defined since G is abelian so we need not specify an order of multiplication. 3

Remark 4. Carmichael s conjecture is that ϕ is always at least 2-to-1, i.e. given any n N there exists an m N, m n, so that ϕ(m) = ϕ(n). Corollary 2 (Euler s Theorem). Let n N and a Z. If (a, n) = 1, then a ϕ(n) 1 (mod n). In particular, the order of a modulo n divides ϕ(n). Proof. If (a, n) = 1, then a + nz (Z/nZ). Since ϕ(n) = (Z/nZ), the theorem implies that (a + nz) ϕ(n) = 1 + nz a ϕ(n) + nz = 1 + nz a ϕ(n) 1 (mod n). The equation (a + nz) ϕ(n) = 1 + nz also shows that the order of a modulo n divides ϕ(n), since it implies the order of a + nz in (Z/nZ) divides ϕ(n). Remark 5. Note that if n N, a Z with (a, n) = 1 and s t(mod ϕ(n)), then a s a t (mod n). Indeed, we have s = t + k ϕ(n) for some k so that by Euler s theorem a s = (a ϕ(n) ) k a t 1 k a t a t (mod n). Hence we can reduce the exponent modulo ϕ(n) in order to reduce the overall power modulo n. Example 4. Find the remainder when 7 2018 is divided by 20. Rather than compute the order of 7 modulo 20 as we did with our initial example, we use Euler s theorem as a substitute. Since ϕ(20) = 8 and 2018 2(mod 8), we have 7 2018 7 2 (mod 20) 9 (mod 20) so that the remainder is 9. Remark 6. In the preceding example, the actual order of 7 modulo 20 is 4, which probably is no harder to compute directly than ϕ(20). However, once we have some rules for computing ϕ(n) we will see that it is frequently much easier to find than the order of a given element and therefore much more convenient to work with in problems like the one above. We conclude this section with Fermat s Little Theorem. Historically Fermat s theorem preceded Euler s, and the latter served to generalize the former. However, in our presentation it is more natural to simply present Fermat s theorem as a special case of Euler s result. Nonetheless, it is a valuable result to keep in mind. Corollary 3 (Fermat s Little Theorem). Let p be a prime and a Z. If p a, then a p 1 1 (mod p). Proof. Since p is prime, ϕ(p) = p 1 and p a implies (a, p) = 1. The result then follows immediately from Euler s theorem. 4

2 Wilson s Theorem Let G be an abelian group and consider the product that occurred in the proof of Theorem 1: P = x G x. Notice that if p is prime and G = (Z/pZ), then this product is just the congruence class (p 1)! + pz. It is natural to ask how this product depends on the group G. To answer this question we define G(2) = {g G g 2 = e}. Note that G(2) consists of the identity element and the elements of G of order 2 (if there are any). Remark 7. Let G be a group and suppose g G has order 2. Then g 2 = e which implies g 1 = g. So G(2) can also be thought of as the set of all elements of G that are their own inverses. For an abelian group G, the subset G(2) is closed under the binary operation on G and itself satisfies the axioms of a group, i.e. is a subgroup of G. It is called the 2-torsion subgroup of G. Example 5. If G = (Z/nZ), then x+nz (Z/nZ) belongs to G(2) if and only if x 2 +nz = 1+nZ if and only if x 2 1(mod n). In the homework you found that x 2 1 (mod 35) if and only if x ±1, ±6(mod 35). Hence, if G = Z/35Z, then G(2) = {±1 + 35Z, ±6 + 35Z}. If p is prime, then x 2 1(mod p) if and only if p x 2 1 = (x 1)(x + 1) if and only if p (x 1) or p (x + 1) if and only if x 1(mod p) or x 1(mod p). Hence, for the group G = (Z/pZ) G(2) = {±1 + pz}. We now prove our primary abstract result. Theorem 2. Let G be an abelian group. Then P = x G x = x G(2) Proof. In the product P pair each element with its inverse, when its inverse is distinct from itself. This leaves behind only those elements that are their own inverses. x. 5

Corollary 4 (Wilson s Theorem). If p is prime, then (p 1)! 1 (mod p). Proof. Let G = (Z/pZ). We have already observed that x = (p 1)! + pz. We have also seen that G(2) = {±1 + pz} so that x = (1 + pz)( 1 + pz) = 1 + pz. x G(2) x G By the theorem, we therefore have (p 1)! + pz = 1 + pz which is equivalent to the statement of the corollary. Remark 8. The converse of Wilson s theorem is also true. So given n N, determining the congruence class of (n 1)! modulo n serves as a primality test for n. Unfortunately it is extremely inefficient. Example 6. Find the remainder when 99! is divided by 103. We note that 103 is prime and so by Wilson s theorem Hence 1 102! 99! 100 101 102 99!( 3)( 2)( 1) 99! 3 2 (mod 103). 99! 2 1 3 1 (mod 103) where the the negative exponents indicate inverses modulo 103 (i.e. in (Z/103Z) ). The extended Euclidean algorithm takes a single step for both 2 and 3 and immediately yields the inverses 52 and 69, respectively. Hence 99! 52 69 3588 86 (mod 103) so that the remainder is 86. Given that 99! has 156 digits, the fact that we were able to compute its remainder so easily (by hand!) demonstrates the utility of Wilson s theorem. 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback