Lecture 13: modular division and exponentiation


We quickly did the proof that multiplication in Zm is well defined. It is very similar to the proof that addition of equivalence classes is well defined.

Proof sketch: Assume [a]=[a′] and [b]=[b′]. Unfolding these definitions gives a = a′−mc and b = b′−mc. Muliplying these gives ab = ab′+m(⋯). Rearranging gives us ab − ab′=m(⋯), so m|ab − ab, and thus [ab]=[ab′] as required.


Raising an equivalence class to an integer power is well defined.

In more detail: exp : Zm × Z → Zm given by exp : [a],n ↦ [an] is well defined. We could prove this directly, but it follows from the fact that raising a to the n is just multiplying a by itself n times. One can do induction on n; the inductive step just uses the fact that multiplication is well defined.

Raising an integer (or an equivalence class) to the power of an equivalence class is not well defined.

In more detail: exp : Z × Zm → Zm given by exp : n, [a]↦[na] is not well defined. For example, working mod 5, we would hope that 2[3] = 2[8]. But 23 = 8 and 28 = 256, and [8]=[3]≠[1]=[256].

Summary: [a]n is okay, n[a] is not.

We will recover exponentiation next lecture.


Unlike the integers, you can divide by some of the elements of Zm.



Units in Zm

Important Fact: [a]∈Zm is a unit if and only if gcd(a, m)=1. This is only true if a and m share no common factors (other than 1). In this case, a and m are said to be coprime or relatively prime.

Proof (): Suppose a and m are co-prime. Then by Bezout's identity, there exists s and t such that 1 = sm + ta. Reduing this equation mod m we find [1]=[sm + ta]=[s][m]+[t][a]. Note that [m]=[0] (we are working mod m, so [1]=[0]+[t][a]=[t][a]; thus [a] has an inverse [t].

We did not prove the converse in lecture.

Definition: (Zm)* is the set of units of Zm.


Definition: The totient of m, written ϕ(m) is the number of units of Zm.

Finding [a]−1

The proof that [a]−1 exists contains an algorithm for finding it. In particular, we use the proof of the existence of Bezout coefficients. We work an example here: suppose we wish to find the inverse of [25] in Z173.

The proof tells us we can find [25]−1 by writing 1 = 173s + 25t. Let's remind ourselves of the proof of Bezout's identity. Bezout's identity states that for any a and b there exist constants s, t such that gcd(a, b)=sa + tb.

We proved Bezout's identity inductively; for the inductive step we used the fact that g(a, b)=g(b, r) where a = qb + r. Inductively, we write g(b, r)=sb + tr. We wish to get rid of r, so we use the fact that r = a − qb. Substituting this in gives

g(a, b)=g(b, r)=sb + tr = sb + t′(a − qb)=ta + (s′−tq)b = sa + tb if we choose s = t and t = s′−tq.

Returning to our computation, we wish to compute s and t such that gcd(a, b)=sa + tb where a = 173 and b = 25. We divide:

a = 173, b = 25, q = 6, r = 23, s = ?, t = ?

The proof of Bezout's theorem tells us we must now compute s and t such that gcd(b, r)=sb + tr. Let's let a′=b and b′=r and recursively compute the gcd:

a′=25, b′=23, q′=1, r′=2, s′=?, t′=?

Again, the proof tells us to compute s and t such that gcd(b′,r′) = sb′+tr.

a″=23, b″=2

We could continue recursively (it would take a few more steps). However, we can instead eyeball it to find s and t such that 1 = sa″+tb: this holds if we chose s″=1 and t″= − 11.

We check that sa″+tb″=23 − 22 = 1, which is what we want. Now we can use the formulas we found in the proof of Bezout's identity to find s and t: s′=t and t′=s″−tq:

s′= − 11, t′=1 + 11 = 12.

We double check that sa′+tb′=1: ( − 11)*25 + 12 * 23 = 1

Now we can compute s = t′=12 and t = s′−tq = −11 − 12 * 6 = −83. We double check sa + tb = 12 * 173 − 83 * 25 = 1

This tells us that mod 173, [ − 83][25]=[1] so [ − 83] is [25]−1. If we like, we can choose the "canonical" representative −83 + 173 = 90. We can double check we got the right answer: rem(90 * 25, 173)=1