Multiplicative group of integers modulo n

Group axioms

It is a straightforward exercise to show that, under multiplication, the set of congruence classes modulo n that are coprime to n satisfy the axioms for an abelian group.

Indeed, a is coprime to n if and only if . Integers in the same congruence class a ≡ b (mod n) satisfy ; hence one is coprime to n if and only if the other is. Thus the notion of congruence classes modulo n that are coprime to n is well-defined.

Since and implies , the set of classes coprime to n is closed under multiplication.

Integer multiplication respects the congruence classes; that is, a ≡ *a' * and b ≡ *b' * (mod n) implies ab ≡ *a'b' * (mod n). This implies that the multiplication is associative, commutative, and that the class of 1 is the unique multiplicative identity.

Finally, given a, the multiplicative inverse of a modulo n is an integer x satisfying ax ≡ 1 (mod n). It exists precisely when a is coprime to n, because in that case and by Bézout's lemma there are integers x and y satisfying . Notice that the equation implies that x is coprime to n, so the multiplicative inverse belongs to the group.

Notation

The set of (congruence classes of) integers modulo n with the operations of addition and multiplication is a ring. It is denoted \mathbb{Z}/n\mathbb{Z} or \mathbb{Z}/(n) (the notation refers to taking the quotient of integers modulo the ideal n\mathbb{Z} or (n) consisting of the multiples of n). Outside of number theory the simpler notation \mathbb{Z}_n is often used, though it can be confused with the p-adic integers when n is a prime number.

The multiplicative group of integers modulo n, which is the group of units in this ring, may be written as (depending on the author) (\mathbb{Z}/n\mathbb{Z})^\times, (\mathbb{Z}/n\mathbb{Z})^, \mathrm{U}(\mathbb{Z}/n\mathbb{Z}), \mathrm{E}(\mathbb{Z}/n\mathbb{Z}) (for German Einheit, which translates as unit), \mathbb{Z}_n^, or similar notations. This article uses (\mathbb{Z}/n\mathbb{Z})^\times.

The notation \mathrm{C}_n refers to the cyclic group of order n. It is isomorphic to the group of integers modulo n under addition. Note that \mathbb{Z}/n\mathbb{Z} or \mathbb{Z}_n may also refer to the group under addition. For example, the multiplicative group (\mathbb{Z}/p\mathbb{Z})^\times for a prime p is cyclic and hence isomorphic to the additive group \mathbb{Z}/(p-1)\mathbb{Z}, but the isomorphism is not obvious.

Structure

The order of the multiplicative group of integers modulo n is the number of integers in {0,1,\dots,n-1} coprime to n. It is given by Euler's totient function: | (\mathbb{Z}/n\mathbb{Z})^\times|=\varphi(n) . For prime p, \varphi(p)=p-1.

Cyclic case

Main article: primitive root modulo n

The group (\mathbb{Z}/n\mathbb{Z})^\times is cyclic if and only if n is 1, 2, 4, p**k or 2p**k, where p is an odd prime and k 0. For all other values of n the group is not cyclic. This was first proved by Gauss.

This means that for these n: : (\mathbb{Z}/n\mathbb{Z})^\times \cong \mathrm{C}_{\varphi(n)}, where \varphi(p^k)=\varphi(2 p^k)=p^k - p^{k-1}.

By definition, the group is cyclic if and only if it has a generator g; that is, the powers g^0,g^1,g^2,\dots, give all possible residues modulo n coprime to n (the first \varphi(n) powers g^0,\dots,g^{\varphi(n)-1} give each exactly once). A generator of (\mathbb{Z}/n\mathbb{Z})^\times is called a primitive root modulo n. If there is any generator, then there are \varphi(\varphi(n)) of them.

Powers of 2

Modulo 1 any two integers are congruent, i.e., there is only one congruence class, [0], coprime to 1. Therefore, (\mathbb{Z}/1,\mathbb{Z})^\times \cong \mathrm{C}_1 is the trivial group with element. Because of its trivial nature, the case of congruences modulo 1 is generally ignored and some authors choose not to include the case of n = 1 in theorem statements.

Modulo 2 there is only one coprime congruence class, [1], so (\mathbb{Z}/2\mathbb{Z})^\times \cong \mathrm{C}_1 is the trivial group.

Modulo 4 there are two coprime congruence classes, [1] and [3], so (\mathbb{Z}/4\mathbb{Z})^\times \cong \mathrm{C}_2, the cyclic group with two elements.

Modulo 8 there are four coprime congruence classes, [1], [3], [5] and [7]. The square of each of these is 1, so (\mathbb{Z}/8\mathbb{Z})^\times \cong \mathrm{C}_2 \times \mathrm{C}_2, the Klein four-group.

Modulo 16 there are eight coprime congruence classes [1], [3], [5], [7], [9], [11], [13] and [15]. {\pm 1, \pm 7}\cong \mathrm{C}_2 \times \mathrm{C}_2, is the 2-torsion subgroup (i.e., the square of each element is 1), so (\mathbb{Z}/16\mathbb{Z})^\times is not cyclic. The powers of 3, {1, 3, 9, 11} are a subgroup of order 4, as are the powers of 5, {1, 5, 9, 13}. Thus (\mathbb{Z}/16\mathbb{Z})^\times \cong \mathrm{C}_2 \times \mathrm{C}_4.

The pattern shown by 8 and 16 holds for higher powers 2k, k 2: {\pm 1, 2^{k-1} \pm 1}\cong \mathrm{C}_2 \times \mathrm{C}_2, is the 2-torsion subgroup, so (\mathbb{Z}/2^k\mathbb{Z})^\times cannot be cyclic, and the powers of 3 are a cyclic subgroup of order , so:(\mathbb{Z}/2^k\mathbb{Z})^\times \cong \mathrm{C}2 \times \mathrm{C}{2^{k-2}}.

General composite numbers

By the fundamental theorem of finite abelian groups, the group (\mathbb{Z}/n\mathbb{Z})^\times is isomorphic to a direct product of cyclic groups of prime power orders.

More specifically, the Chinese remainder theorem says that if ;;n=p_1^{k_1}p_2^{k_2}p_3^{k_3}\dots, ; then the ring \mathbb{Z}/n\mathbb{Z} is the direct product of the rings corresponding to each of its prime power factors:

:\mathbb{Z}/n\mathbb{Z} \cong \mathbb{Z}/{p_1^{k_1}}\mathbb{Z}; \times ;\mathbb{Z}/{p_2^{k_2}}\mathbb{Z} ;\times; \mathbb{Z}/{p_3^{k_3}}\mathbb{Z}\dots;;

Similarly, the group of units (\mathbb{Z}/n\mathbb{Z})^\times is the direct product of the groups corresponding to each of the prime power factors:

:(\mathbb{Z}/n\mathbb{Z})^\times\cong (\mathbb{Z}/{p_1^{k_1}}\mathbb{Z})^\times \times (\mathbb{Z}/{p_2^{k_2}}\mathbb{Z})^\times \times (\mathbb{Z}/{p_3^{k_3}}\mathbb{Z})^\times \dots;.

For each odd prime power p^{k} the corresponding factor (\mathbb{Z}/{p^{k}}\mathbb{Z})^\times is the cyclic group of order \varphi(p^k)=p^k - p^{k-1}, which may further factor into cyclic groups of prime-power orders. For powers of 2 the factor (\mathbb{Z}/{2^{k}}\mathbb{Z})^\times is not cyclic unless k = 0, 1, 2, but factors into cyclic groups as described above.

The order of the group \varphi(n) is the product of the orders of the cyclic groups in the direct product. The exponent of the group; that is, the least common multiple of the orders in the cyclic groups, is given by the Carmichael function \lambda(n) . In other words, \lambda(n) is the smallest number such that for each a coprime to n, a^{\lambda(n)} \equiv 1 \pmod n holds. It divides \varphi(n) and is equal to it if and only if the group is cyclic.

Subgroup of false witnesses

If n is composite, there exists a possibly proper subgroup of \mathbb{Z}_n^\times, called the "group of false witnesses", comprising the solutions of the equation x^{n-1}=1, the elements which, raised to the power n − 1, are congruent to 1 modulo n. Fermat's Little Theorem states that for n = p a prime, this group consists of all x\in \mathbb{Z}p^\times; thus for n composite, such residues x are "false positives" or "false witnesses" for the primality of n. The number x = 2 is most often used in this basic primality check, and n = is notable since 2^{341-1}\equiv 1 \mod 341, and n = 341 is the smallest composite number for which x = 2 is a false witness to primality. In fact, the false witnesses subgroup for 341 contains 100 elements, and is of index 3 inside the 300-element group \mathbb{Z}{341}^\times.

Examples

''n'' = 9

The smallest example with a nontrivial subgroup of false witnesses is . There are 6 residues coprime to 9: 1, 2, 4, 5, 7, 8. Since 8 is congruent to −1 modulo 9, it follows that 88 is congruent to 1 modulo 9. So 1 and 8 are false positives for the "primality" of 9 (since 9 is not actually prime). These are in fact the only ones, so the subgroup {1,8} is the subgroup of false witnesses. The same argument shows that n − 1 is a "false witness" for any odd composite n.

''n'' = 91

For n = 91 (= 7 × 13), there are \varphi(91)=72 residues coprime to 91, half of them (i.e., 36 of them) are false witnesses of 91, namely 1, 3, 4, 9, 10, 12, 16, 17, 22, 23, 25, 27, 29, 30, 36, 38, 40, 43, 48, 51, 53, 55, 61, 62, 64, 66, 68, 69, 74, 75, 79, 81, 82, 87, 88, and 90, since for these values of x, x90 is congruent to 1 mod 91.

''n'' = 561

n = 561 (= 3 × 11 × 17) is a Carmichael number, thus s560 is congruent to 1 modulo 561 for any integer s coprime to 561. The subgroup of false witnesses is, in this case, not proper; it is the entire group of multiplicative units modulo 561, which consists of 320 residues.

Examples

This table shows the cyclic decomposition of (\mathbb{Z}/n\mathbb{Z})^\times and a generating set for n ≤ 128. The decomposition and generating sets are not unique; for example,

\displaystyle \begin{align}(\mathbb{Z}/35\mathbb{Z})^\times & \cong (\mathbb{Z}/5\mathbb{Z})^\times \times (\mathbb{Z}/7\mathbb{Z})^\times \cong \mathrm{C}_4 \times \mathrm{C}_6 \cong \mathrm{C}_4 \times \mathrm{C}_2 \times \mathrm{C}_3 \cong \mathrm{C}2 \times \mathrm{C}{12} \cong (\mathbb{Z}/4\mathbb{Z})^\times \times (\mathbb{Z}/13\mathbb{Z})^\times \ & \cong (\mathbb{Z}/52\mathbb{Z})^\times \end{align}

(but \not\cong \mathrm{C}_{24} \cong \mathrm{C}_8 \times \mathrm{C}_3). The table below lists the shortest decomposition (among those, the lexicographically first is chosen – this guarantees isomorphic groups are listed with the same decompositions). The generating set is also chosen to be as short as possible, and for n with primitive root, the smallest primitive root modulo n is listed.

For example, take (\mathbb{Z}/20\mathbb{Z})^\times. Then \varphi(20)=8 means that the order of the group is 8 (i.e., there are 8 numbers less than 20 and coprime to it); \lambda(20)=4 means the order of each element divides 4; that is, the fourth power of any number coprime to 20 is congruent to 1 (mod 20). The set {3,19} generates the group, which means that every element of (\mathbb{Z}/20\mathbb{Z})^\times is of the form 3a × 19b (where a is 0, 1, 2, or 3, because the element 3 has order 4, and similarly b is 0 or 1, because the element 19 has order 2).

Smallest primitive root mod n are (0 if no root exists) :0, 1, 2, 3, 2, 5, 3, 0, 2, 3, 2, 0, 2, 3, 0, 0, 3, 5, 2, 0, 0, 7, 5, 0, 2, 7, 2, 0, 2, 0, 3, 0, 0, 3, 0, 0, 2, 3, 0, 0, 6, 0, 3, 0, 0, 5, 5, 0, 3, 3, 0, 0, 2, 5, 0, 0, 0, 3, 2, 0, 2, 3, 0, 0, 0, 0, 2, 0, 0, 0, 7, 0, 5, 5, 0, 0, 0, 0, 3, 0, 2, 7, 2, 0, 0, 3, 0, 0, 3, 0, ...

Numbers of the elements in a minimal generating set of mod n are :1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 2, 1, 1, 2, 2, 1, 1, 1, 2, 2, 1, 1, 3, 1, 1, 1, 2, 1, 2, 1, 2, 2, 1, 2, 2, 1, 1, 2, 3, 1, 2, 1, 2, 2, 1, 1, 3, 1, 1, 2, 2, 1, 1, 2, 3, 2, 1, 1, 3, 1, 1, 2, 2, 2, 2, 1, 2, 2, 2, 1, 3, 1, 1, 2, 2, 2, 2, 1, 3, 1, 1, 1, 3, 2, 1, 2, 3, 1, 2, ...

Notes

References

The Disquisitiones Arithmeticae has been translated from Gauss's Ciceronian Latin into English and German. The German edition includes all of his papers on number theory: all the proofs of quadratic reciprocity, the determination of the sign of the Gauss sum, the investigations into biquadratic reciprocity, and unpublished notes.

• {{citation | author-link = Carl Friedrich Gauss | translator-last = Clarke | translator-first = Arthur A.
• {{citation | translator-last = Maser | translator-first = H.
• {{citation
• {{citation | chapter-url = https://books.google.com/books?id=xlIfdGPM9t4C&pg=PA105}}

References

1. "Primitive root - Encyclopedia of Mathematics".
2. {{Harvnb. Vinogradov. 2003
3. Riesel covers all of this. {{Harvnb. Riesel. 1994
4. (1986). "On the number of false witnesses for a composite number". [[Mathematics of Computation]].