3.3: Multiplicative Order and Applications

Last updated

Jul 18, 2021
Save as PDF
- 3.2: Wilson's Theorem
- 3.4: Another Approach to Fermat's Little and Euler's Theorems

( \newcommand{\kernel}{\mathrm{null}\,}\)

In this section we prove two very useful results called Euler’s Theorem and Fermat’s Little Theorem (a special case of Euler’s). We do not follow the proof strategy of Euler and Fermat, however, instead using an approach inspired by abstract algebra and Lagrange’s Theorem in that subject.

First we need the

Definition: Multiplicative Order

Suppose $n \in N$ and $a \in Z$ satisfy $n \geq 2$ and $gcd (a, n) = 1$ . Then we define the multiplicative order of $a$ in mod $n$ (called just the order when the multiplicative and $n$ can be understood from context) to be the smallest $k \in N$ such that $a^{k} \equiv 1 (\mod n)$ . The order of $a$ in mod $n$ is written ${ord}_{n} (a)$ .

Let us verify something which should probably always be checked for a new definition:

Proposition $3.3.1$

Given relatively prime numbers $n \in N$ and $a \in Z$ with $n \geq 2$ , ${ord}_{n} (a)$ is well-defined.

Proof

The problem in the definition of ${ord}_{n} (a)$ might be that there might not be any value of $k \in N$ at all for which $a^{k} \equiv 1 (\mod n)$ .

But notice that this is a congruence, so we are really only concerned with the elements $a^{k}$ up to their congruence class.

So look at ${{[a^{p}]}_{n} ∣ p \in N}$ and imagine putting the natural numbers $p \in N$ into different boxes based on what is the corresponding congruence class $[a^{p}] \in Z / n Z$ . Since there are infinitely many elements in $N$ and only $n$ elements in $Z / n Z$ – $n$ boxes – by the Pigeonhole Principle (Theorem 1.1.1) there must be two (actually, infinitely many pairs of) distinct values $p, q \in N$ such that $p$ and $q$ end up in the same box, meaning $[a^{p}] = [a^{q}]$ . Assume without loss of generality that $p > q$ , so $p - q \in N$ .

We are given that $gcd (a, n) = 1$ , so by Corollary 2.2.1, $a^{- 1}$ exists in mod $n$ . Thus $\begin{matrix} (3.3.1) & a^{p - q} \equiv a^{p} {(a^{- 1})}^{q} \equiv a^{q} {(a^{- 1})}^{q} \equiv a^{0} \equiv 1 (\mod n) \end{matrix}$ (replacing $a^{p}$ with $a^{q}$ in the middle of this congruence since we know that $[a^{p}] = [a^{q}]$ , which means $a^{p} \equiv a^{q} (\mod n)$ ) and therefore the set of $k \in N$ for which $a^{k} \equiv 1 (\mod n)$ is non-empty. The order is the smallest such value, which exists by the Well-Ordering Principle.

Here now is a theorem from abstract algebra (Lagrange’s Theorem) translated into the current context:

Theorem $3.3.1$

Given relatively prime numbers $n \in N$ and $a \in Z$ , ${ord}_{n} (a) ∣ ϕ (n)$ .

Proof

Start by looking at the congruence classes $[a], [a^{2}], [a^{3}] \dots$ . They go up to $[a^{{ord}_{n} (a)}] = [1]$ and then start to repeat, so the set $\begin{matrix} (3.3.2) & ⟨ a ⟩ = {[a^{j}] ∣ j \in N, j \leq {ord}_{n} (a)} \end{matrix}$ is a set of ${ord}_{n} (a)$ elements of $Z / n Z$ (in group theory, this set $⟨ a ⟩$ is called the cyclic subgroup of ${(Z / n Z)}^{*}$ generated by $a$ ). Notice that because $a^{{ord}_{n} (a)} \equiv 1 (\mod n)$ , $[1] \in ⟨ a ⟩$ . Also, since if $a^{- 1}$ is the inverse of $a$ mod $n$ , ${(a^{- 1})}^{k}$ is the inverse of $a^{k}$ for $k \in N$ , we see that $⟨ a ⟩ \subseteq {(Z / n Z)}^{*}$ .

To finish, we shall show that ${(Z / n Z)}^{*}$ is made up of some number, say $m$ , of pieces, which we shall call cosets, each of which is bijective with $⟨ a ⟩$ . These pieces will thus all have ${ord}_{n} (a)$ elements, so $m \cdot {ord}_{n} (a) = # ({(Z / n Z)}^{*}) = ϕ (n)$ , from which our desired result follows.

A coset of $⟨ a ⟩$ is a set of the form $\begin{matrix} (3.3.3) & x ⟨ a ⟩ = {[x] \cdot [a^{j}] = [x a^{j}] ∣ j \in N, j \leq {ord}_{n} (a)} \end{matrix}$ where $[x] \in {(Z / n Z)}^{*}$ . We have observed that $[1] \in ⟨ a ⟩$ , so $\forall [x] \in {(Z / n Z)}^{*}$ , $[x] \in x ⟨ a ⟩$ , meaning that every congruence class $[x] \in {(Z / n Z)}^{*}$ is in some coset, i.e., $\begin{matrix} (3.3.4) & Z / n Z \subseteq ⋃_{[x] \in {(Z / n Z)}^{*}} x ⟨ a ⟩ . \end{matrix}$

In fact, each coset $x ⟨ a ⟩$ is bijective with $⟨ a ⟩$ . The bijection is the map $f_{x} : ⟨ a ⟩ \to x ⟨ a ⟩$ defined by $f_{x} ([a^{j}]) = [x a^{j}]$ for $j \in N$ with $j \leq {ord}_{n} (a)$ . This map is a bijection because it has an inverse $f_{x^{- 1}}$ , coming from the inverse mod $n$ of $x$ .

Now suppose $x ⟨ a ⟩$ and $y ⟨ a ⟩$ are two cosets. I claim that either $x ⟨ a ⟩ = y ⟨ a ⟩$ or $x ⟨ a ⟩ ⋂ y ⟨ a ⟩ = \emptyset$ . For this, suppose $x ⟨ a ⟩ ⋂ y ⟨ a ⟩ \neq \emptyset$ , so $\exists [z] \in x ⟨ a ⟩ ⋂ y ⟨ a ⟩$ . That means that $\exists j, k \in N$ such that $j \leq {ord}_{n} (a)$ , $k \leq {ord}_{n} (a)$ , and $[x a^{j}] = [z] = [y a^{k}]$ . In other words, $\begin{matrix} (3.3.5) & x a^{j} \equiv y a^{k} (\mod n) . \end{matrix}$ Without loss of generality, assume $j \leq k$ . Then if we multiply both sides of the above congruence by ${(a^{- 1})}^{j}$ , we have $x \equiv y a^{k - j} (\mod n)$ . But this means that every element $[x a^{p}] \in x ⟨ a ⟩$ is can be expressed as $[y a^{p + k - j}] \in y ⟨ a ⟩$ , and every element $[y a^{q}] \in y ⟨ a ⟩$ is can be expressed as $[x a^{q + j - k}] \in x ⟨ a ⟩$ . Thus $x ⟨ a ⟩ = y ⟨ a ⟩$ .

That was a lot of work, but now we get the famous theorems of Fermat’s Little and of Euler very easily.

Theorem $3.3.2$ : Euler's Theorem

Say $a \in Z$ and $n \in N$ satisfy $gcd (a, n) = 1$ . Then $a^{ϕ (n)} \equiv 1 (\mod n)$ .

Proof: The previous theorem, Theorem 3.3.1, told us that ${ord}_{n} (a) ∣ ϕ (n)$ , so $\exists m \in Z$ such that $m \cdot {ord}_{n} (a) = ϕ (n)$ . By the definition of order, this means $\begin{matrix} (3.3.6) & a^{ϕ (n)} \equiv a^{m {ord}_{n} (a)} \equiv {(a^{{ord}_{n} (a)})}^{m} \equiv 1^{m} \equiv 1 (\mod n) . \end{matrix}$

Corollary $3.3.1$ : Fermat's Little Theorem

If $p$ is a prime and $a \in Z$ satisfies $gcd (p, a) = 1$ then $a^{p - 1} \equiv 1 (\mod p)$ .

Proof: We have seen that for primes $p$ , $ϕ (p) = p - 1$ , so there is very little to do here.

Sometimes one sees Fermat’s Little Theorem in the following, different form:

Theorem $3.3.3$ : Alternative Fermat's Little Theorem

If $p$ is a prime then $\forall a \in Z$ , $a^{p} \equiv a (\mod p)$ .

Proof

If $gcd (a, p) = 1$ , then by Fermat’s Little, $a^{p - 1} \equiv 1 (\mod p)$ . Multiplying both sides of this congruence by $a$ yields the desired result.

If instead $gcd (a, p) \neq 1$ , it must be that $gcd (a, p) = p$ since that gcd is a divisor of $p$ , which is prime. The gcd is also a divisor of $a$ , so in fact $p ∣ a$ . But then $a$ and all its powers are congruent mod $p$ to $0$ , so $a^{p} \equiv 0 \equiv a (\mod p)$ .

Exercise $3.3.1$

What are the remainder when $15!$ is divided by $17$ and the remainder when $2 \cdot (26!)$ is divided by $29$ ?
We know $17$ is prime (it’s just a wonderful number, isn’t it?). But just to be sure, use Wilson’s Theorem to prove it.
Can we build a test for primality out of Fermat’s Little Theorem? If so, would it be better (more efficient) than one based on Wilson’s Theorem? How would it work? Write a clear, formal statement of your proposed primality test.
If you know a programming language, write some code to try out your primality test. If not (or, in any case, after the programming), do a little research to see if this question has already been investigated and, if so, what was the conclusion. Give either a formal statement of the test and formal result describing its efficacy or a counter-example to your test that you found in the literature.
Suppose $p$ is an odd prime. Prove that if the quadratic congruence $x^{2} + 1 \equiv 0 (\mod p)$ has a solution, then $p \equiv 1 (\mod 4)$ . [Hint: Apply Fermat’s Little Theorem to a solution $a$ of the congruence, then multiply and divide by $2$ in the power.]

Search

Text Color

Text Size

Margin Size

Font Type

Support Center

How can we help?