# Summary

In today's class we began by paying back some IOUs from last class, particular proving a lemma and a corollary which allow us to compute the order of a power of *a* once you know the order of *a* itself. Afterwards we settled on trying to determine which numbers have primitive roots, and we began our hunt with prime numbers. In particular we saw that polynomials "behave nicely" modulo *p*, in the sense that the number of solutions to a congruence $f(x) \equiv 0 \mod{p}$ is bounded by the degree of *f* (at least when the coefficients of *f* aren't all multiples of *p*). We used this to count exactly the number of solutions to a certain equation, which is a key step in showing that primitive roots exist modulo *p*.

# Paying back IOUs

Last class period we finished by stating the following

Lemma: Suppose that

mandaare integers satisfying $(a,m) = 1$. Then we have$\displaystyle \mbox{ord}_m(a^i) = \frac{\mbox{ord}_m(a)}{(\mbox{ord}_m(a),i)}$

Proof: Let's write *d* in place of $(\mbox{ord}_m(a),i)$. We'll also write $\mbox{ord}_m(a) = d \cdot b$ and $i = d\cdot k$. Notice that when we do this, we have $(b,k) = 1$. Now to compute the order of $a^i$, we need to find the smallest exponent which send this element to 1 mod *m*.

To start, notice that we have

(1)This implies that we have

(2)On the other hand, we know that

(3)by definition. Hence we know that $\mbox{ord}_m(a) \mid i \mbox{ord}_m(a^i).$ Considering $bd = \mbox{ord}_m(a)$ and $kd = i$, this means we get $bd \mid (kd)\mbox{ord}_m(a^i).$ Canceling the "d" on both sides then gives $b \mid k \mbox{ord}_m(a^i)$, and since $(b,k) = 1$ we conclude that

(4)Putting together Equations (2) and (4) gives $b = \mbox{ord}_m(a^i)$. $\square$

## Counting Primitive Roots

A nice consequence of the previous result is that we can count primitive roots — at least when they exist.

Corollary: Suppose that a primitive root exists mod

m. Then there are $\phi(\phi(m))$ many primitive roots.

Proof: Let *a* be a primitive root. We already know that all reduced residues take the form $a^k$ where $1 \leq k \leq \phi(m)$, and the previous result tells us that

Hence we see that $a^k$ has order equal to $\phi(m)$ precisely when $(\phi(m),k) = 1$. By the definition of the $\phi$ function, there are precisely $\phi(\phi(m))$ many choices for *k* that satisfy this criterion. $\square$

# Which numbers have primitive roots?

Now that we have these results, it's natural to ask: for what values of *m* are there primitive roots mod *m*? We'll start answering this question by investigating the situation when we have a prime modulus *p*.

To begin this investigation, we need to think about solutions to polynomials mod *p*. To motivate things, let's think about our usual experiences in solving equations of the form $f(x) = 0$. In this case, we have a result that tells us that a polynomial of a given degree doesn't have too many roots.

Fundamental Theorem of Algebra: A polynomial of degree

nwith real coefficients has exactlyncomplex solutions, and therefore at mostnreal solutions.

If we consider polynomials mod a given integer, though, this kind of result might not still hold.

##### Example

Consider the polynomial $f(x) = x^2-1$. How many solutions does it have mod 15? It turns out that there will be 4 solutions to this equation, which is more than we might typically expect since the polynomial has degree 2. $\square$

Though we might get more solutions to a given polynomial for a general modulus *m*, the situation for a prime modulus *p* is more in line with what we're used to.

Lagrange's Theorem: Let

pbe prime and let$f(x) = a_nx^n + a_{n-1}x^{n-1} + \cdots + a_1x + a_0$

be a polynomial of degree $n \geq 1$ with integer coefficients so that not every coefficient is divisible by

p. Then $f(x)$ has at mostndistinct solutions modp.

Proof: We'll prove the result by induction. In the case that $n=1$, we're looking to count the roots of a linear polynomial $a_1x + a_0 \equiv 0 \mod{p}$. Now if $p \nmid a_1$ then we get $(a_1,p) = 1$, and so the linear congruence

(6)has exactly one solution. In the case $p \nmid a_1$, then, we've established what we wanted to prove. If, on the other hand, we have $p \mid a_1$ then we can conclude that $p \nmid a_0$ (since not all the coefficients are allowed to be divisible by *p*). In this case we get

So the polynomial is a non-zero constant function, and hence has no solutions. In this case, then, we again have that the linear polynomial has no more than 1 solution mod *p*.

So suppose that we know the result for polynomials of degree *n*, and let $f(x)$ be a polynomial of degree *n+1* where not every coefficient of *f* is divisible by *p*. If *f* has no roots mod *p* then we're done. Otherwise, suppose that *a* is a solution; i.e., that $f(a) \equiv 0 \mod{p}$. Dividing the polynomial $f(x)$ by $x-a$ then gives

where *r* is a polynomial of degree 0 (i.e., *r* is just an integer) and $q(x)$ is a polynomial of degree *n*. Taking this equation mod *p* and evaluating at $x = a$ then shows that that

and hence we know $r \equiv 0 \mod{p}$.

Because of this, we can conclude that not every coefficient of *q* can be divisible by *p*. To see that this is true, notice that otherwise (i.e., if every coefficient of *q* was divisible by *p*), this would force every coefficient of *f* to be divisible by *p* — something we know doesn't hold.

Now if *b* is any solution to $f(x) \equiv 0 \mod{p}$ then we have $0 \equiv f(b) \equiv (b-a)q(b) \mod{p}$, meaning that $p \mid (b-a)q(b)$. By Euclid's Lemma we conclude that $p \mid b-a$ or $p \mid q(b)$. In the first case we have $b \equiv a \mod{p}$, and in the second we get that *b* is a root of $q(x)$ mod *p*. So we see that any root of *f* is either a root of $x-a$ or a root of $q(x)$, so that

Since $q(x)$ is a polynomial of degree *n* which doesn't have all its coefficients divisible by *p*, there are at most *n* roots of $q(x)$ mod *p*. Equation (10) then says that there are at most *n+1* solutions to $f(x)$ mod *p*. $\square$

Though this result gives an upper bound on the number of solutions a particular polynomial can have mod *p*, for certain special polynomials this is enough to count solutions exactly.

Lemma: For $d \mid p-1$, the polynomial $x^d-1$ has exactly

droots modp.

Proof:

Fermat's Little Theorem says that $a^{p-1} \equiv 1 \mod{p}$ whenever $(a,p) = 1$. This means that the polynomial $x^{p-1} - 1$ has $p-1$ distinct solutions mod *p*.

Now if $d \mid p-1$ then we get $de \ p-1$ for some integer *e*. Hence we can factor the polynomial $x^{p-1}-1$ has

Now the polynomial on the left hand side has exactly *p-1* roots. By Lagrange's theorem, the first polynomial in the factorization on the right hand side has at most *d* roots, and the second polynomial on the right hand side has at most $d(e-1)$ roots.

Notice that if $x^d-1$ has fewer than *d* distinct solutions, this means that the right side has at most $d-1+d(e-1) = d-1+de-d=p-2$ solutions — contrary to the fact that we know it has $p-1$ solutions because it's equal to the right-hand side of the equation. We conclude, then, that $x^d-1$ has *d* distinct solutions, as desired. $\square$

The benefit of the previous theorem is that it provides a means for calculating precisely how many elements of a given order exists mod *p*.

Here are the important consequences:

Theorem: If $d \mid p-1$, then there are precisely $\phi(d)$ elements of order

dmodp.

As a corollary to this result we have

Corollary: For any prime

p, there are exactly $\phi(p-1)$ many primitive roots. In particular, primitive roots exist for every primep.

We'll prove these results at the beginning of next class.