4 The group of units mod \(m\)
4.1 Inverses modulo \(m\)
Recall that if \(R\) is a (commutative) ring, an element \(r \in R\) is said to be invertible, or a unit in \(R,\) if there exists \(s \in R\) such that \(r s = 1.\)
Proposition 4.1
Let \(m \in \mathbb{N}_+,\) and \(a \in \mathbb{Z}.\) Then \(a \bmod m\) is invertible in \(\mathbb{Z}/ m\mathbb{Z}\) if and only if \(\gcd(a, m) = 1.\)
Proof. We have \[\begin{aligned} \gcd(a, m) = 1 &\iff \exists u, v \in \mathbb{Z}\ \text{ such that }\ ua + v m = 1\\ &\iff \exists u, v\in\mathbb{Z}\ \text{ such that }\ ua = 1 - v m\\ &\iff \exists u \in \mathbb{Z}\ \text{ such that } ua = 1 \bmod m\\ &\iff a \bmod m \ \text{is invertible}. \end{aligned}\]
In particular, if \(p\) is prime, then any non-zero element in \(\mathbb{Z}/ p\mathbb{Z}\) is invertible, so \(\mathbb{Z}/ p\mathbb{Z}\) is not just a ring but a field (and conversely, if \(n\) is non-prime, then \(\mathbb{Z}/ n\mathbb{Z}\) is not a field.)
Definition 4.2
For \(p\) prime we frequently use the alternative notation \(\mathbb{F}_p\) for \(\mathbb{Z}/ p\mathbb{Z}\) (to emphasise that it is a field).
Remark 4.3
One can show that for any \(p \in \mathbb{P}\) and \(k \geqslant 1,\) there exists a finite field of size \(p^k,\) unique up to isomorphism (and any finite field must be one of these). It’s conventional to denote this field by \(\mathbb{F}_{p^k}\); but be warned that if \(k > 1,\) then \(\mathbb{F}_{p^k}\) and \(\mathbb{Z}/ p^k \mathbb{Z}\) aren’t the same thing (one is a field and the other is not). Some of you may have seen the field \(\mathbb{F}_4\) before, as an example in the Linear Algebra module.
We won’t use the fields \(\mathbb{F}_{p^k}\) for \(k > 1\) in this course (except very briefly in section 7.3); but you might encounter them in textbooks, so it’s worth being aware that if \(k > 1\) the notations \(\mathbb{F}_{p^k}\) and \(\mathbb{Z}/ p^k \mathbb{Z}\) both mean something, but they aren’t the same object.
4.2 The group of units and the \(\varphi\) function
Recall that for \(R\) a ring, the symbol \(R^\times\) denotes the set of invertible elements in \(R,\) and this is naturally a group under multiplication (an abelian group if \(R\) is commutative).
Definition 4.4
We write \(U_m = (\mathbb{Z}/ m\mathbb{Z})^\times\) for the units in \(\mathbb{Z}/ m\mathbb{Z}\) (as a group under multiplication); and we define a function \(\varphi : \mathbb{N}_+ \to \mathbb{N}_+\) by \(\varphi(m) = \#U_m.\)
Concretely, \(\varphi(m)\) is the number of integers in the range \(\{0, \dots, m - 1\}\) which are coprime to \(m.\) (By convention \(\varphi(1) = 1.\))
Example 4.5
We have \(\varphi(12) = 4,\) since the only integers in the range \(\{0, \dots, 11\}\) that are coprime to 12 are \(\{1, 5, 7, 11\}.\)
If \(p\) is prime, then \(\varphi(p) = p-1,\) since every non-zero integer \(< p\) is coprime to \(p.\)
Exercise 4.6
Notice that \(\varphi(12) / 12 = \tfrac{1}{3}\) is quite small. Can you find an integer with \(\varphi(n) / n < \tfrac{1}{4}\)?
Proposition 4.7
If \(m, n\) are coprime, then we have an isomorphism \(U_{mn} \cong U_m \times U_n\) (direct product of groups). In particular, \(\varphi(mn) = \varphi(m) \varphi(n).\)
Proof. Thanks to the Chinese remainder theorem, we know that the rings \(\mathbb{Z}/ mn\mathbb{Z}\) and \((\mathbb{Z}/ m\mathbb{Z}) \times (\mathbb{Z}/ n\mathbb{Z})\) are isomorphic. It follows that their unit groups are isomorphic; but the unit group of \((\mathbb{Z}/ m\mathbb{Z}) \times (\mathbb{Z}/ n\mathbb{Z})\) is obviously just \(U_m \times U_n.\)
This means \(\varphi(n)\) is determined for all \(n\) by its values when \(n\) is a prime power, which are computed as follows:
Proposition 4.8
If \(n = p^k\) is a prime power, then \(\varphi(p^k) = p^{k-1} (p - 1).\)
Proof. An integer is coprime to \(p^k\) iff it is not a multiple of \(p.\) Out of the \(p^k\) integers \(\{0, 1, \dots, p^{k-1} - 1\},\) exactly \(p^{k-1}\) of them are multiples of \(p.\) So \(\varphi(p^k) = p^k - p^{k-1} = p^{k-1}(p - 1).\)
Exercise 4.9
Show that for any \(k\) there are only finitely many \(n\) with \(\varphi(n) = k.\)
Does there exist an \(n \in \mathbb{N}_+\) with \(\varphi(n) = 14\)?
Remark 4.10
Carmichael’s conjecture is that for any \(k,\) if the equation \(\varphi(n) = k\) has any solutions, then it has at least two solutions. (This has been an open problem for over 100 years.) \(\circledast\)
One of the main reasons for introducing \(\varphi\) is the following:
Theorem 4.11
(Euler’s theorem): Let \(m \in \mathbb{N}_+.\) Then for all \(a \in \mathbb{Z}\) coprime to \(m,\) we have \(a^{\varphi(m)} = 1 \bmod m.\)
(Fermat’s little theorem): Let \(p \in \mathbb{P}.\) Then for all \(a \in \mathbb{Z}\) with \(p \nmid a,\) we have \(a^{(p-1)} = 1 \bmod p.\) Moreover, for any \(a \in \mathbb{Z}\) we have \(a^p = a \bmod p.\)
Proof. Euler’s result is just Lagrange’s theorem from group theory (“the order of any element of a group divides the size of the group”) applied to the group \(U_m.\)
For Fermat’s little theorem, specialising Euler’s theorem shows that \(a^{p-1} = 1 \bmod p\) for all \(a\) coprime to \(p,\) and it follows that \(a^p = a \bmod p.\) On the other hand, if \(a\) is not coprime to \(p,\) then \(p \mid a,\) so \(a^p = a = 0 \bmod p\) and the result holds in this case too.
Exercise 4.12
If \(n \in \mathbb{N}\) satisfies \(n > 1\) and \(a^n =a \bmod n\) for all \(a,\) but \(n\) is not prime, then \(n\) is said to be a Carmichael number.
Show that 561 is a Carmichael number. (Note \(561 = 3 \times 11 \times 17\)).
Prove that the product of two distinct primes cannot be Carmichael.
4.3 Primitive roots
We’ll now prove an important result about the structure of \(U_p\) for \(p\) prime. First we need a preparatory lemma:
Lemma 4.13
For any \(n \in \mathbb{N}_+,\) we have \[\sum_{\substack{d \in \mathbb{N}_+ \\ d \mid n}} \varphi(d) = n.\]
Proof. For each \(d\) dividing \(n,\) the map \(r \mapsto \tfrac{n}{d} \cdot r\) gives a bijection between the sets \[S_d = \left\{ r \in \{0, \dots, d - 1\} : \gcd(r, d) = 1\right\}\] and \[T_d = \left\{ s \in \{0, \dots, n - 1\} : \gcd(s, n) = \tfrac{n}{d} \right\}.\] So we have \(\# T_d = \# S_d = \varphi(d).\) However, each \(s \in T = \{0, \dots, n-1\}\) lies in exactly one of the sets \(T_d\); so the sum of their sizes must be \(\#T = n.\)
Theorem 4.14
If \(p\) is prime, then \(U_p\) is a cyclic group. That is, there exists an element \(g \in U_p\) such that every \(x \in U_p\) is equal to some power of \(g.\)
Such a \(g\) is called a primitive root mod \(p.\)
Proof. Note that \(a\) is a primitive root iff the order of \(a\) in \(U_p\) is exactly \(p - 1\) (so Euler’s theorem is the “best possible” bound).
Let \(n = p - 1\); and for \(d \mid n,\) let \(\psi(d)\) denote the number of elements of \(U_p\) whose order is precisely \(d.\) We claim that for any \(d \mid n,\) either \(\psi(d) = 0,\) or \(\psi(d) = \varphi(d).\)
To see this, suppose \(\psi(d) > 0.\) Then there exists some element \(a\) of order exactly \(d.\) Hence the set \(\{1, a, \dots, a^{d-1}\}\) has \(d\) distinct elements, and all of them have order dividing \(d\); that is, they are roots of \(X^d - 1.\) Since this polynomial has degree \(d\) (and \(\mathbb{F}_p\) is a field), it can’t have more than \(d\) roots in \(\mathbb{F}_p.\) So our set is actually all of the elements of \(U_p\) of order dividing \(d.\) In particular, \(\psi(d)\) is the number of \(h\) in \(\{0, \dots, d-1\}\) such that \(a^h\) has order exactly \(d.\) However, \(a^h\) has order exactly \(d\) iff \(h\) is coprime to \(d\); so we conclude that \(\psi(d) = \varphi(d).\)
So it certainly follows that \(\psi(d) \leqslant\varphi(d)\) for every \(d.\) But every element of \(U_n\) must have some order, so \[\sum_{d \mid n} \psi(d) = n = \sum_{d \mid n} \varphi(d).\] It follows that in fact \(\psi(d) = \varphi(d)\) for all \(d,\) and in particular \(\psi(n) = \varphi(n).\) As \(\varphi(n) > 0,\) this shows that elements of order exactly \(n\) exist.
Example 4.15
The integer 2 is a primitive root mod 11: we have \[\{1, 2, 2^2, \dots, 2^{10}\} = \{1, 2, 4, 8, 5, 10, 9, 7, 3, 6\} = U_{11}.\] However, 2 isn’t a primitive root modulo 7.
(Artin’s primitive root conjecture predicts that there are infinitely many primes \(p\) such that 2 is a primitive root mod \(p.\) This is an open problem. \(\circledast\))
Exercise 4.16 • hard!
The converse of Theorem 4.14 is false: for instance, \((\mathbb{Z}/ 18\mathbb{Z})^\times\) is cyclic (but 18 is clearly not prime). Can you classify, in terms of their prime factorisations, which integers \(n\) have the property that \(U_n\) is cyclic?