1. Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann
Chap 2 Congruences and Residue Class Rings
Department of Computer Science and Information Engineering, Chaoyang University of Technology
朝陽科技大學資工系
Speaker: Fuw-Yi Yang 楊伏夷
伏夷非征番,
道德經 察政章(Chapter 58) 伏者潛藏也
道紀章(Chapter 14) 道無形象, 視之不可見者曰夷
Fuw-Yi Yang

2. Contents Congruences Semigroups Groups Residue class ring Fields
Division in the residue class ring
Analysis of the operation in the residue class ring
Multiplicative group of residue mod m
Order of group elements
Subgroups
Fermat’s Little Theorem
Fast exponentiation
Fuw-Yi Yang

3. Contents Fast evaluation of power products
Computation of element orders
The Chinese Remainder Theorem
Decomposition of the residue class ring
A formula for the Euler -function
Polynomials
Polynomials over fields
Construction of finite fields
The structure of the unit group of finite fields
Structure of the multiplicative group of residues modulo
a prime number
Fuw-Yi Yang

4. 2.1 Congruences: Definition
m is a positive integer, a and b are integers.
We say that a is congruent to b modulo m, and we write a  b mod m, if m divides the b – a.
Example 2.1.2
We have -2  19 mod 21, 10  0 mod 2.
Fuw-Yi Yang

5. 2.1 Congruences: satisfying equivalence relation
It can be easily verified that congruence modulo m is an equivalence relation on the integers. This means that
1. Reflexivity
Any integer is congruent to itself modulo m.
2. Symmetry
a  b mod m implies b  a mod m.
3. Transitivity
a  b mod m and b  c mod m implies a  c mod m.
Fuw-Yi Yang

6. 2.1 Congruences: equivalent statements
Lemma The following statements are equivalent:
1. a  b mod m .
2. There is k  Z with a = b + k  m.
3. When dividing by m, both a and b leave the same remainder.
Fuw-Yi Yang

7. 2.1 Congruences: Residue class of a mod m
The equivalent class of a consists of all integers that are obtained from a by adding integer multiplies of m; i.e.,
{b: b  a mod m} = a + mZ.
The equivalent class is called residue class of a mod m.
The set of residue classes mod m is denoted by Z/mZ.
Example 2.1.4~2.1.6
Fuw-Yi Yang

8. 2.1 Congruences: Residue class of a mod m
Theorem 2.1.7
a  b mod m and c  d mod m implies -a  -b mod m,
a + c  b + d mod m, and a  c  b  d mod m.
Proof. 1. a  b mod m  b  a mod m (Symmetry)
m | (a - b)  m | (-a + b)  -a  -b mod m
2. m | (a - b) and m | (c - d) 
m | [(a - b) - (c - d)] 
m | [(a + c) - (b + d)]  a + c  b + d mod m
3. a = b + k  m and c = d + l  m 
a  c = b  d + n  m  a  c  b  d mod m
Fuw-Yi Yang

9. 2.1 Congruences: Residue class of a mod m
Example We want to prove that the fifth Fermat number is divisible by 641.
Ans. 641 = = 5 
 5  27  -1 mod 641
 54  228  1 mod 641 (Theorem 2.1.7)
also 641 = =  54  -24 mod 641
Thus -232 1 mod 641
 0 mod 641.
Fuw-Yi Yang

10. 2.2 Semigroups
Definition If X is a set, a map ◦: X  X X which sends a pair (x1, x2) of elements from X to the element x1 ◦ x2 is called an operation on X.
Definition 2.2.3
The sum of the residue classes
a + mZ and b + mZ is (a + b) + mZ.
The product of the residue classes
a + mZ and b + mZ is (a  b) + mZ.
Fuw-Yi Yang

11. 2.2 Semigroups Definition 2.2.5 Let ◦ be an operation on the set X.
It is called associative
if (a ◦ b) ◦ c = a ◦( b ◦ c) holds for all a, b, c  X.
It is called commutative
if a ◦ b = b ◦ a for all a, b  X.
Example Addition and multiplication on the set of real numbers are associative and commutative. The same is true for addition and multiplication in Z/mZ.
Fuw-Yi Yang

12. 2.2 Semigroups
Definition A pair (H, ◦) consisting of a set H and an associative operation ◦ on H is called a semigroup. The semigroup is called commutative or abelian if the operation ◦ is commutative.
Example Commutative semigroups are
(Z, +), (Z, ), (Z/mZ, +), (Z/mZ, ).
Let (H, ◦) be a semigroup, and a1 = a and an+1 = a ◦an for a  H and n  N. Then an ◦am = an+m , (an)m = amn.
If a, b  H and a ◦b =b ◦a then (a ◦b)n =an ◦bn
Fuw-Yi Yang

13. 2.2 Semigroups
Definition A neutral element of the semigroup (H, ◦) is an element e  H which satisfies e ◦ a = a ◦ e for all a  H. If the semigroup contains a neutral element, then it is called monoid.
A semigroup has at most one neutral element (exercise ).
Definition If e is the neutral element of the semigroup (H, ◦) and if a  H, then b  H is called an inverse of a if a ◦ b = b ◦ a = e. If a has an inverse, then a is called invertible in the semigroup H.
In a monoid, each element has at most one inverse (exercise ).
Fuw-Yi Yang

14. 2.2 Semigroups
Example
The neutral element of the semigroup (Z, +) is 0.
The inverse of a is -a.
The neutral element of the semigroup (Z, ) is 1.
The only invertible elements are 1 and -1.
The neutral element of the semigroup (Z/mZ, +) is the residue class mZ.
The inverse of a + mZ is -a + mZ.
The neutral element of the semigroup (Z/mZ, ) is 1 + mZ.
The invertible elements are ….
Fuw-Yi Yang

15. 2.3 Groups
Definition A group is a monoid in which any element is invertible. The group is called commutative or abelian if the monoid is commutative.
Fuw-Yi Yang

16. 2.3 Groups Example 2.3.2 The monoid (Z, +) is an abelian group.
The monoid (Z, ) is not a group because not every element is invertible.
The monoide (Z/mZ, +) is an abelian group.
Let (G, ) be a group, and a1 = a, an+1 = a ◦an, a-1 denotes the inverse of a and a-n = (a-1)n for a  G and n  N.
Then an ◦am = an+m , (an)m = amn.
If a, b  G and a ◦b =b ◦a then (a ◦b)n =an ◦bn
Fuw-Yi Yang

17. 2.3 Groups Theorem 2.3.3 (cancellation rules)
Let (G, ) be a group and a,b,c  G.
Then ca = cb implies a = b and ac = bc implies a = b .
(multiplied by c-1)
Definition 2.3.4
The order of a group or a semigroup is the number of its elements.
Example 2.3.5
The additive group Z has infinite order.
The additive group Z/mZ has order m.
Fuw-Yi Yang

18. 2.4 Residue class ring
Definition A ring is a triple (R, +, ) such that (R, +) is an abelian group and (R, ) is a semigroup.
In addition, x  (y + z) = x  y + x  z and (x + y)  z = x  z + y  z
for x, y , z  R. (distributive law)
The ring is called commutative if the semigroup (R, ) is commutative.
A unit element of the ring is a neutral element of the semigroup (R, ).
Example 2.4.2
The triple (Z, +, ) is a commutative ring with unit element 1.
The triple (Z/mZ, +, ) is a commutative ring with unit element 1+mZ. (Called residue class ring modulo m)
Fuw-Yi Yang

19. 2.4 Residue class ring Definition 2.4.3 (writing R for (R, +, ) )
Let R be a ring with unit element. An element a of R is called invertible or a unit if it is invertible in the multiplicative semigroup of R.
The element a is called a zero divisor if it is nonzero and there is a nonzero b  R with ab = 0 or ba = 0.
Exercise
The units of a commutative ring R form a group. It is called the unit group of R and is denoted by R*.
Fuw-Yi Yang

20. 2.4 Residue class ring Example 2.4.4
The ring of integers contains no zero divisors.
The zero divisor of the residue class ring Z/mZ are the residue classes
a + mZ with 1 < gcd(a, m) < m.
In fact, if a + mZ is a zero divisor of Z/mZ, then there is an integer b with ab  0 mod m but neither a  0 mod m nor b  0 mod m. Hence m is a divisor of ab but neither of a nor of b. This means that 1 < gcd(a, m) < m. If, conversely, 1 < gcd(a, m) < m and b = m/gcd(a, m), then a  0 mod m, b  0 mod m, ab  0 mod m. Therefore, a + mZ is a zero divisor of Z/mZ.
If p is a prime, then Z/pZ contains no zero divisors.
Fuw-Yi Yang

21. 2.5 Fields
Definition A field is commutative ring in which every nonzero element is invertible.
Example 2.5.2
The set of integers is not a field.
The set of real numbers forms a field.
The set of complex numbers forms a field.
The residue class ring modulo a prime number is a field.
Fuw-Yi Yang

22. 2.6 Division in the residue class ring
Definition Let R be a ring and a, n  R.
We say that a divides n if there is a b  R such that n = ab.
If the ring element a divides n, then a is called a divisor of n and n is called a multiple of a, and we write a|n.
The residue class a + mZ is invertible in Z/mZ if and only if the congruence ax  1 mod m is solvable. See Theorem 2.6.2
Fuw-Yi Yang

23. 2.6 Division in the residue class ring
Theorem 2.6.2
The residue class a + mZ is invertible in Z/mZ if and only if
gcd(a, m) = 1.
If gcd(a, m) = 1, then the inverse of a + mZ is uniquely determined.
Proof. Let g = gcd(a, m) and x be a solution of ax  1 mod m.
g | m, g | a, and g | ax - 1  g | 1  g = 1
Conversely, let g = 1.  x, y such that ax + my = 1,  ax -1= my
 x is a solution of ax  1 mod m
 x + mZ is an inverse of a + mZ
Let v + mZ be another inverse of a + mZ.  ax  av mod m
 a(x - v)  0 mod m  m | a(x - v), together with 1 = gcd(a, m)
 m | (x - v)  x  v mod m
Fuw-Yi Yang

24. 2.6 Division in the residue class ring
Example 2.6.3
Let m = 12. The residue class a + 12Z is invertible in Z/12Z if and only if gcd(a, 12) = 1.
The invertible residue classes mod 12 are therefore
1 + 12Z , Z , Z , Z.
To find the inverse of element a with gcd(a, m) = 1, we use the extended Euclidean algorithm.
Theorem The residue class ring Z/mZ is a field if and only if m is a prime number.
Proof. By theorem 2.6.2, the ring Z/mZ is a field if and only if 1 = gcd(a, m) for all a with 1  a  m. This is true iff m is a peime number.
Fuw-Yi Yang

25. 2.7 Analysis of the operations in the residue class ring
We assume that the elements of the residue class ring Z/mZ are represented by their smallest nonnegative representatives. Under this assumption, we estimate the running time of the operations in the residue class ring.
Let a, b  {0, 1,…,m - 1}.
Theorem 2.7.1
Two residue classes modulo m can be added and substracted using time and space O(size m).
They can be multiplied and divided using time O((size m)2) and space O(size m).
Fuw-Yi Yang

26. 2.8 Multiplicative group of residues mod m
Theorem 2.8.1
The set of all invertible residue classes modulo m is a finite abelian group with respect to multiplication.
Proof. By Theorem 2.6.2, this set is the unit group of the residue class rings mod m. (R*)
Fuw-Yi Yang

27. 2.8 Multiplicative group of residues mod m
The group of invertible residue classes modulo m is called the multiplicative group of residues modulo m and is written (Z/mZ)*.
Its order is denoted by φ(m).
The function
N  N, m  φ(m)
is called the Euler φ-function.
φ(m) is the number of integers a in {1,2,…,m} with gcd(a, m) = 1.
Fuw-Yi Yang

28. 2.8 Multiplicative group of residues mod m
Example The multiplicative group of residues modulo 12 is (Z/12Z)* = { Z, Z, Z, Z}.
Its order is φ(12) = 4.
Theorem If p is a prime number, then φ(p) = p - 1.
Proof. All numbers a between 1 and p - 1 are prime to p.
Theorem 2.8.4
Fuw-Yi Yang

29. 2.9 Order of group elements
Let G be a group that is multiplicatively written with neutral element 1.
Definition Let g  G. If there is a positive integer e with ge = 1, then the smallest such integer is called the order of g in G. Otherwise, we say that the order of g in G is infinite.
Theorem Let g  G and e  Z. Then ge = 1 iff e is divisible by the order of g in G.
Proof. Let n be the order of g in G.
If e = kn, then ge = gkn = (gn)k = 1k = 1.
Conversely, let ge = 1 and e = qn + r with 0  r < n.
Then gr = ge-qn = geg-nq = 1.  r = 0.  n | e.
Fuw-Yi Yang

30. 2.9 Order of group elements
Corollary Let g  G with order n. Let k, l be integers.
Then gk = gl iff l  k mod n.
Proof. Let e = l – k. Then by Theorem we have n | e.
It follows that l  k mod n.
Theorem We determine the order of Z in (Z/13Z)*. k 1 2 3 4 5 6 7 8 9 10 11 12
2k mod 13
Fuw-Yi Yang

31. 2.9 Order of group elements
Theorem If g  G is of finite order e and n  Z,
then the order of gn = e/gcd(e, n).
Proof. We have (gn)e/gcd(e, n) = (ge)n/gcd(e, n) = 1.
Theorem implies that e/gcd(e, n) is a multiple of the order of gn. Suppose 1 = (gn)k = gnk. Theorem implies that e is a divisor of nk and e/gcd(e, n) is a divisor of k.
 the order of gn = e/gcd(e, n).
Fuw-Yi Yang

32. 2.10 Subgroups
Definition A subset U of G is called a subgroup of G if U together with the group operation of G is a group.
Example
For all g  G, the set {gk: k  Z} is a subgroup of G.
It is called the subgroup generated by g and is denoted by g.
If g has finite order e, then g = {gk: 0  k < e}.
In fact, for any integer x we have gx = gx mod e by Corollary
Corollary also implies that the order of g is e.
Example 2+13Z generates the full group (Z/13Z)*,
 4+13Z generates the group {k + 13Z: k = 1, 3, 4, 9, 10, 12}.
Fuw-Yi Yang

33. 2.10 Subgroups
Definition If G = g for some g  G, then G is called cyclic and g is called a generator of G.
Example The additive group Z is cyclic. It has two generators, namely 1 and -1.
Theorem If G is finite and cyclic, then G has exactly (|G|) generators and they are all of order |G|.
Example Since the order of Z in (Z/13Z)* is 12, the group (Z/13Z)* is cyclic.
Fuw-Yi Yang

34. 2.10 Subgroups A map f: XY is called
injective if f(x) = f(y) implies x = y for all x, y  X,
surjective if for any y  Y there is x  X with f(x) = y,
bijective if it is injective and surjective.
A bijective map is also called a bijection. If there is a bijection between two finite sets, then the sets have the same number of elements.
Example The map f: NN, n  f(n) = n. It is bijective.
The map f: NN, n  f(n) = n2. It is injective but not bijective.
The map f: {1, 2, 3, 4, 5 ,6} {0, 1, 2, 3, 4, 5}, n  f(n) = n mod 6. It is bijective.
Fuw-Yi Yang

35. 2.10 Subgroups
Theorem If G is a finite group, then the order of each subgroup of G divides the order of G.
Definition If H is a subgroup of G, then the positive integer |G| / |H| is called the index of H in G.
Fuw-Yi Yang

36. 2.11 Fermat’s little theorem
Theorem If gcd(a, m) = 1 then a(m) 1 mod m.
Proof. (Z/mZ)* is a finite abelian group of order (m),
This Theorem follows from Corollary
Theorem The order of every group element divides the group order |G|.
Proof. By Theorem
Corollary We have g|G| = 1 for all g  G.
Proof. By Theorem and
Fuw-Yi Yang

37. 2.12 Fast Exponentiation
Let g  G and e be a positive integer. Let be the binary
expansion of e. Note that eis are either 0 or 1.
From the formula, the following idea for computing ge are obtained.
1. Compute the successive squares g2i, 0  i  k.
2.Determine ge as the product of those g2i for which ei = 1.
3. g2i+1 = (g2i)2
Fuw-Yi Yang

38. Example 2.12.1 We determine 673 mod 100. 1. 73 = 1 + 23 + 26
2.12 Fast Exponentiation
Example We determine 673 mod 100.
1. 73 =
2. 62 = 36, 622 = -4, 623 = 16, 624= 56, 625 = 36, 626 = -4 mod 100
673 = 6 623626 = 16 mod 100.
Fuw-Yi Yang

39. pow(group Element base, int exponent, groupElement result)
2.12 Fast Exponentiation
pow(group Element base, int exponent, groupElement result)
begin result = 1
while (exponent > 0)
if (isEven(exponent) == false)
result = result  base
base = base  base
exponent = exponent / 2
end end while
Theorem Algorithm pow() computes baseexponent using at most size(exponent) - 1 squarings and multiplications. It only stores a constant number of group elements.
Fuw-Yi Yang

40. 2.12 Fast Exponentiation
Corollary If e is an integer and a  {0, …, m-1}, then the computation of ae mod m requires time O((size e)(size m)2) and space O(size e + size m).
Fuw-Yi Yang

41. 2.13 Fast evaluation of power products
Let G be a finite abelian group, g1, …, gk be elements of G, and e1,…,ek be nonnegative integers. We want to evaluate the power product .
Assume that the binary expansion of the exponents ei are normalized to equal length, and are represented as bi,n-1bi,n-2…bi,0 1  i  k. For at least one i, let bi,n-1 be nonzero.
Fuw-Yi Yang

42. 2.14 Computation of element orders
We discuss the problem of finding the order of an element g of a finite group G or to check whether a given positive integer is the order of g.
Assume that is known.
(If the prime factorization of |G| is unknown, then it is not easy to find the order of g.)
Theorem For a prime divisor p of |G|, let f(p) be the greatest
integer such that g|G|/pf(p) = 1. Then order of g =
Fuw-Yi Yang

43. 2.14 Computation of element orders
Example Let G be the multiplicative group of residues modulo 101. Its order is 100 = 22  52. Hence, e(2) = e(5) = 2.
We compute the order of Z.
1. Compute the number f(p) from Theorem ,
for each p  factorization of | G |
p= 2 , let f(2) =1, g|G|/pf(p) = 222  52/21 = 250 = -1 mod 101  f(2) = 0.
p= 5 , let f(5) =1, g|G|/pf(p) = 222  52/51 = 220 = -6 mod 101  f(5) = 0.
2. The order of 2 is computed as
Fuw-Yi Yang

44. 2.14 Computation of element orders
Example Let G be the multiplicative group of residues modulo 101. Its order is 100 = 22  52. Hence, e(2) = e(5) = 2.
We compute the order of Z.
1. Compute the number f(p) from Theorem ,
for each p  factorization of | G |
p= 2 , let f(2) =1, g|G|/pf(p) = 522  52/21 = 550 = 1 mod 101
let f(2) =2, 522  52/22 = 525 = 1 mod  f(2) = 2.
p= 5 , let f(5) =1, g|G|/pf(p) = 522  52/51 = 520 = -6 mod 101  f(5) = 0.
2. The order of 5 is computed as
Fuw-Yi Yang

45. 2.14 Computation of element orders
Corollary Let n  N. If gn = 1 and gn / p  1 for each prime divisor p of n, then n is the order of g.
Example We claim that 25 is the order of the residue class Z in the multiplicative group of residues modulo 101.
In fact, 525  1 mod 101 and 55  -6 mod 101. Hence, the assertion follows from Corollary
Fuw-Yi Yang

46. 2.15 The Chinese Remainder Theorem
Let m1,…mn be positive integers that are pairwise co-prime.
Let a1,…an be integers. We explain how to solve the following simultaneous congruence:
x  a1 mod m1, x  a2 mod m2,…, x  an mod mn.
Set m = m1m2 …  mn, Mi = m/mi, 1  i  n.
gcd(mi, Mi) = 1  yi s.t. yi  Mi  1 mod mi.
Then we set x = (a1y1M1) +…+ (anynMn) mod m.
Clearly, x is the solution of the above simultaneous congruence. Since x  (a1y1M1) +… + (aiyiMi) +… + (anynMn)  ai mod mi , 1  i  n.
Fuw-Yi Yang

47. 2.15 The Chinese Remainder Theorem
Example We want to solve the following simultaneous congruence:
x  2 mod 4, x  1 mod 3, x  0 mod 5.
Set m = 4  3 5 = 60, M1 = 60/4 = 15, M2 = 60/3 = 20, M3 = 60/5 = 12.
Solve for y1M1  1 mod 4  y1 = -1
y2M2  1 mod 3  y2 = -1
y3M3  1 mod 3  y3 = 3
Then we set x = (a1y1M1) +…+ (anynMn)
= 2  -1   -1   3 12
= -50 = 10 mod 60.
Fuw-Yi Yang

48. 2.15 The Chinese Remainder Theorem
Theorem Chinese remainder theorem Let m1,…mn be pairwise co-prime positive integers and let a1,…an be integers. Then the simultaneous congruence:
x  a1 mod m1, x  a2 mod m2,…, x  an mod mn,
has a solution x which is unique mod m = m1 m2 …  mn.
Proof. The existence has been proved in previous pages. We prove the uniqueness. Let x and x be two such solutions. Then
x  x mod mi, 1  i  n.
Since the numbers mi are pairwise co-prime, it follows that
x  x mod m.
Fuw-Yi Yang

49. 2.15 The Chinese Remainder Theorem
crt(int moduli[], int x[], int numberOfModuli, int result)
begin
int multipliers[numberOfModuli], modulus, i, result = 0 ;
modulus = 1;
crtPrecomp(moduli, numberOfModuli, modulus, multipliers)
for (i = 0; i < numberOfModuli; i++)
result = result + multipliers[i] * x[i]) % modulus;
end
Fuw-Yi Yang

50. 2.15 The Chinese Remainder Theorem
crtPrecomp(int moduli[], int numberOfModuli, int modulus, int multipliers[])
begin
int i, m, M, inverse, gcd, y;
modulus = 1;
for (i = 0; i < numberOfModuli; i++)
modulus = modulus * moduli[i];
m = moduli[i]; M = modulus / m;
Xeuclid(M, m, gcd, inverse, y);
multipliers[i] = inverse * M % modulus;
end
Fuw-Yi Yang

51. 2.15 The Chinese Remainder Theorem
Theorem Chinese remainder theorem The algorithm for solving the simultaneous congruence
x  a1 mod m1, x  a2 mod m2,…, x  an mod mn,
requires time O((size m)2) and space O(size m).
Fuw-Yi Yang

52. 2.16 Decomposition of the residue class ring
We use the Chinese remainder theorem to decompose the residue class ring Z/mZ. Using the decomposition, we can reduce computations in a large residue class ring Z/mZ to computations in many small residue class rings Z/miZ.
Definition Let R1, R2,…, Rn be rings. Their direct product
is the set of all tuples (r1, r2, …, rn)  R1 R2  …  Rn
together with component-wise addition and multiplication.
Fuw-Yi Yang

53. 2.16 Decomposition of the residue class ring
Example Let R1 = Z/2Z and R2 = Z/9Z. Then
R = R1 R2 consists of all pairs (a + 2Z, b + 9Z), 0  a < 2, 0  b < 9.
Hence R has exactly 18 elements.
The unit element in R is (1 + 2Z, 1 + 9Z).
Fuw-Yi Yang

54. 2.16 Decomposition of the residue class ring
Definition Let (X, O1, …, On) and (Y, P1, …, Pn) be two sets with n operations.
A map f : X  Y is called a homomorphism if
f(a Oi b) = f(a) Pi f(b) gilt for a, b  X and 1  i  n.
If the map is bijective, it is called an isomorphism.
Fuw-Yi Yang

55. 2.16 Decomposition of the residue class ring
Example If m is a positive integer, then the map
f : Z  Z/mZ, a a + mZ is a ring homomorphism.
f(a Oi b) = f(a) Pi f(b) gilt for a, b  X and 1  i  n.
Exercise If G is a cyclic group of order n with generator g, then
f : Z/nZ  G, e + nZ ge is an isomorphism of groups.
Fuw-Yi Yang

56. 2.16 Decomposition of the residue class ring
Theorem Let m1,…mn be pairwise co-prime positive integers and let m = m1 m2 …  mn. Then the map
Z/mZ  , a + mZ (a + m1Z ,…, a + mnZ)
is an isomorphism of rings.
Proof.
1. If a  b mod m, then a  b mod mi for 1  i  n. (well defined)
2. The map is homomorphism.
3. The map is surjective and injective:
let (a1 + m1Z ,…, an + mnZ) By Theorem
the tuple has unique preimage in Z/mZ.
Fuw-Yi Yang

57. 2.17 A formula for the Euler φ-function
Theorem Let m1,…mn be pairwise co-prime positive integers and let m = m1 m2 …  mn. Thenφ(m) = φ(m1)  …  φ(mn).
Proof. Theorem implies the map
(Z/mZ)*  , a + mZ (a + m1Z ,…, a + mnZ)
is an isomorphism of groups.
Therefore the number φ(m) of the elements of (Z/mZ)* is equal to
the number of elements of
Fuw-Yi Yang

58. 2.17 A formula for the Euler φ-function
Theorem Let m be a positive integers and m =
Its prime factorization.
Thenφ(m) =
Proof. Theorem implies φ(m) =
φ(m) is the number of integers a in {1,…, m} with gcd(a, m) = 1.
φ(pe) is the number of integers a in {1,…, pe} with gcd(a, pe) = 1.
{1,2,…,p, p+1, p+2,…,2p, 2p+1,…,3p, …,pe}
There are pe/p = pe-1 subgroups , each has (p - 1) elements with gcd(a, pe) = 1. Thus φ(pe) = (p - 1) pe-1.
Fuw-Yi Yang

59. Let R be a commutative ring with unit element 1 ≠0.
2.18 Polynomials
Let R be a commutative ring with unit element 1 ≠0.
A polynomial in one variable over R is an expression
f(X) = anXn + an-1Xn -1 + …+ a1X + a0,
where X is the variable and the coefficients a0,…,an of the polynomial are elements of R.
The set of all polynomials over R in the variable X is denoted by R[X].
Let an ≠0. Then n is called the degree of the polynomial. We write n = deg f.
Fuw-Yi Yang

60. The polynomials 2X3 + X + 1, X, 1 are elements of Z[X].
Example
The polynomials 2X3 + X + 1, X, 1 are elements of Z[X].
The first polynomial has degree 3, the second has degree 1, and the third has degree 0.
If r  R, then
f(r) = anrn + an-1rn -1 + …+ a1r + a0
is the value of f at r.
If f(r) = 0, then r is called zero of f.
Fuw-Yi Yang

61. The value of the polynomials 2X3 + X + 1  Z[X] at -1 is -2.
Example
The value of the polynomials 2X3 + X + 1  Z[X] at -1 is -2.
Example Denote the elements of Z/2Z by 0 and 1.
Then X2 + 1  (Z/2Z)[X] has the zero 1.
Fuw-Yi Yang

62. f(X) = anXn + an-1Xn -1 + …+ a1X + a0
2.18 Polynomials
If r  R, m  n , and
f(X) = anXn + an-1Xn -1 + …+ a1X + a0
g(X) = bmXm + bm-1Xm -1 + …+ b1X + b0
Then the sum of the polynomials f and g is
(f + g)(X) = (an+bn)Xn + …+ (a0+b0). (bn,…,bm+1 are 0)
The product of the polynomials f and g is
(f g)(X) = cn+mXn+m + …+ c0,
where , 0  k  m+n.
Fuw-Yi Yang

63. Assume that the operations of sum (+) and product () are defined as
2.18 Polynomials
Assume that the operations of sum (+) and product () are defined as
previously, (R[X], +, ) is a commutative ring with unit element 1.
Fuw-Yi Yang

64. 2.19 Polynomials over fields
Let K be a field.
Lemma
The ring K[X] of polynomials over K contains no zero divisors.
Lemma
If f, g  K[x], f, g ≠ 0, then deg(fg) = deg f + deg g.
Theorem
Let f, g  K[x], g ≠ 0. Then there are uniquely determined polynomials q, r  K[x] with f = qg + r and r = 0 or deg r < deg g.
q is called quotient, and r remainder, written r = f mod g.
Fuw-Yi Yang

65. 2.19 Polynomials over fields
Example
Let K = Z/2Z be the residue class ring mod 2. This ring is a field. The elements are represented by their least nonnegative representatives, so we write Z/2Z = {0, 1}. Let
f(x) = x3 + x + 1, g(x) = x2 + x.
We divide f with remainder by g.
f(x) = g(x) (x + 1) + 1
The quotient q = (x + 1), remainder r = 1.
Fuw-Yi Yang

66. 2.19 Polynomials over fields
Theorem
Let f, g  K[x] with g ≠ 0, then the division with remainder of f by g requires O((deg g + 1)(deg q + 1)) operations in K, if the quotient q of the division is nonzero, and O(deg g) operation in K otherwise.
Theorem implies the following corollary:
Corollary If f is a nonzero polynomial in K[x] and if a is a zero of f, then f = (x - a)q with q  K[x]. (i.e. (x - a) | f )
Proof. By Theorem , there are polynomials q,r  K[x] with
f = (x - a)q + r and r = 0. This implies 0 = f(a) = r; hence f = (x - a)q.
Fuw-Yi Yang

67. 2.19 Polynomials over fields
Example
The polynomial x2 + 1  (Z/2Z)[x] has the zero 1 and therefore
x2 + 1 = (x - 1)2.
Corollary
A nonzero polynomial in f  K[x] has at most deg f zeros.
Proof. We prove the assertion by induction on n = deg f.
For n = 0, the assertion holds because f  K and f ≠0.
Let n > 0. If f has no zeros, then the assertion is true.
If f has a zero a, Corollary implies f = (x - a)q and deg q = n - 1. By the induction hypothesis, q has at most n - 1 zeros.
Therefore, f has at most n zeros.
Fuw-Yi Yang

68. 2.19 Polynomials over fields
Example
The polynomial x2 + x  (Z/2Z)[x] has the zeros 0 and 1 in (Z/2Z).
By Corollary , it cannot have more zeros.
The polynomial x2 +1  (Z/2Z)[x] has the only zero 1 in (Z/2Z).
By Corollary , it could have at most two zeros.
The polynomial x2 + x +1  (Z/2Z)[x] has no zeros in (Z/2Z).
By Corollary , it could also have at most two zeros.
Fuw-Yi Yang

69. 2.20 Construction of finite fields
We describe a method for constructing a finite field with pn elements for any prime p and any positive integer n.
Up to isomorphy, this field is uniquely determined. It is denoted by GF(pn). The prime number p is called the characteristic of the field. The abbreviation GF stands for Galois field.
We already know from Theorem that Z/pZ is a field with p elements. It is denoted by GF(p).
Fuw-Yi Yang

70. 2.20 Construction of finite fields
Let p be a prime number, let n be a positive integer, and let f be a polynomial with coefficients in Z/pZ of degree n.
Assume that this polynomial is irreducible; that is, it cannot be written as a product f = gh, where g and h are polynomials in (Z/pZ)[X] of degree > 0.
The elements of the finite field , which is constructed now, are residue classes mod f.
The residue class of a polynomial g  (Z/pZ)[X] consists of all polynomials h in (Z/pZ)[X] such that g - h is a multiple of f.
For this residue class we write g + f (Z/pZ)[X]. We have
g + f(Z/pZ)[X] = {g + hf: h  (Z/pZ)[X] }
Fuw-Yi Yang

71. 2.20 Construction of finite fields
Example
The residue classes in Z/2Z[X] mod f(X) = X2 + X + 1 are
f(Z/2Z), 1 + f(Z/2Z), X + f(Z/2Z), X f(Z/2Z).
Let g, h  (Z/pZ)[X].
The sum of the residue classes of g and h mod f is defined as the residue class of g + h.
The product of the residue classes of g and h mod f is the residue class of the product of g and h.
With the addition and multiplication, the set of residue classes mod f becomes a commutative ring with unit element 1 + f(Z/pZ)[X].
Fuw-Yi Yang

72. 2.20 Construction of finite fields
Example
Let p = 2 and f(X) = X2 + X + 1.
The residue classes mod f are the residue classes of the polynomials
0, 1, X, X + 1 mod f .
Addition in GF(4)
Multiplication in GF(4) + 1 X
X+1  1 X
X+1
Fuw-Yi Yang

73. 2.21 The structure of the unit group of finite fields
Theorem
Let K be a finite field with q elements. Then for any divisor d of q - 1 there are exactly φ(d) elements of order d in the unit group K*.
Example Consider the finite field Z/13Z. Its unit group is of order 12. In this group, there is one element of order 1, one element of order 2, two elements of order 3, two elements of order 4, two elements of order 6, and four order of 12.
φ(1)=1, φ(2)=1, φ(3)=2, φ(4)=2, φ(6)=2, φ(12)=4
base
Order 1 2 3 4 5 6 7 8 9 10 11 12
Fuw-Yi Yang

74. 2.21 The structure of the unit group of finite fields
Corollary
If K is a finite field with q elements, then its unit group K* is cyclic of order q - 1. It has exactly φ(q - 1) generators.
Fuw-Yi Yang

75. 2.22 Structure of the multiplicative group of residues modulo a prime number
Corollary
The multiplicative group of residues modulo p is cyclic of order p - 1.
An integer a for which the residue class a + pZ generates the multiplicative group of residues (Z + pZ)* is called a primitive root mod p.
Example Consider the finite field Z/13Z. There are four primitive roots mod 13.
Fuw-Yi Yang