- Exponentiation
- [
*a*]^{n}is well defined,*n*^{[a]}is not.

- [
- Some elements of
*Z*_{m}have inverses- key terms: inverse, unit, relatively prime/coprime, totient
- key fact: [
*a*]_{m}has an inverse if*g**c**d*(*a*,*m*)=1.

- Teaser for next lecture: [
*a*]_{m}^{[b]ϕ(m)}is well defined.

We quickly did the proof that multiplication in *Z*_{m} is well defined. It is very similar to the proof that addition of equivalence classes is well defined.

Proof sketch: Assume [*a*]=[*a*′] and [*b*]=[*b*′]. Unfolding these definitions gives *a* = *a*′−*m**c* and *b* = *b*′−*m**c*. Muliplying these gives *a**b* = *a*′*b*′+*m*(⋯). Rearranging gives us *a**b* − *a*′*b*′=*m*(⋯), so *m*|*a**b* − *a*′*b*′, and thus [*a**b*]=[*a*′*b*′] as required.

Raising an equivalence class to an integer power **is** well defined.

In more detail: *e**x**p* : *Z*_{m} × *Z* → *Z*_{m} given by *e**x**p* : [*a*],*n* ↦ [*a*^{n}] is well defined. We could prove this directly, but it follows from the fact that raising *a* to the *n* is just multiplying *a* by itself *n* times. One can do induction on *n*; the inductive step just uses the fact that multiplication is well defined.

Raising an integer (or an equivalence class) to the power of an equivalence class is **not** well defined.

In more detail: *e**x**p* : *Z* × *Z*_{m} → *Z*_{m} given by *e**x**p* : *n*, [*a*]↦[*n*^{a}] is not well defined. For example, working mod 5, we would hope that 2^{[3]} = 2^{[8]}. But 2^{3} = 8 and 2^{8} = 256, and [8]=[3]≠[1]=[256].

**Summary:** [*a*]^{n} is okay, *n*^{[a]} is not.

We will recover exponentiation next lecture.

Unlike the integers, you can divide by some of the elements of *Z*_{m}.

If

*S*is a set with some (reasonable) notion of multiplication, and if*x*∈*S*, then an**inverse**of*x*is an element*y*∈*S*such that*x**y*= 1.If

*x*has an inverse, then*x*is called a**unit**

The units of

*Z*are 1 (its inverse is 1) and −1 (its inverse is −1).The units of

*R*(the real numbers) are all reals except 0.The units of

*Q*(the rational numbers) are all rationals except 0(if you're familiar with linear algebra) the units in the set of

*n*×*n*matrices are those with non-zero determinants.

**Important Fact:** [*a*]∈*Z*_{m} is a unit if and only if *g**c**d*(*a*, *m*)=1. This is only true if *a* and *m* share no common factors (other than 1). In this case, *a* and *m* are said to be **coprime** or **relatively prime**.

**Proof (⇒):** Suppose *a* and *m* are co-prime. Then by Bezout's identity, there exists *s* and *t* such that 1 = *s**m* + *t**a*. Reduing this equation mod *m* we find [1]=[*s**m* + *t**a*]=[*s*][*m*]+[*t*][*a*]. Note that [*m*]=[0] (we are working mod *m*, so [1]=[0]+[*t*][*a*]=[*t*][*a*]; thus [*a*] has an inverse [*t*].

We did not prove the converse in lecture.

Definition: **( Z_{m})^{*}** is the set of units of

Examples:

(

*Z*_{5})^{*}= {[1],[2],[3],[4]}. Note that [0] is not a unit. By inspection, the inverse of [1] is [1], the inverse of [4] is [4], and [2] and [3] are inverses of each other.More generally, if

*p*is prime, then all non-zero elements of*Z*_{p}are units, because they can't share a factor with*p*(since*p*is prime).(

*Z*_{6})^{*}= {[1],[5]}. 2, 3, and 4 all share factors with 6, and are thus not units.[0] is never a unit. [1] is always a unit. [

*m*− 1]=[−1] is also always a unit (and is its own inverse).

Definition: The **totient** of *m*, written ** ϕ(m)** is the number of units of

- By examples above,
*ϕ*(5)=4,*ϕ*(6)=2, and*ϕ*(*p*)=*p*− 1 if*p*is prime.

The proof that [*a*]^{−1} exists contains an algorithm for finding it. In particular, we use the proof of the existence of Bezout coefficients. We work an example here: suppose we wish to find the inverse of [25] in *Z*_{173}.

The proof tells us we can find [25]^{−1} by writing 1 = 173*s* + 25*t*. Let's remind ourselves of the proof of Bezout's identity. Bezout's identity states that for any *a* and *b* there exist constants *s*, *t* such that *g**c**d*(*a*, *b*)=*s**a* + *t**b*.

We proved Bezout's identity inductively; for the inductive step we used the fact that *g*(*a*, *b*)=*g*(*b*, *r*) where *a* = *q**b* + *r*. Inductively, we write *g*(*b*, *r*)=*s*′*b* + *t*′*r*. We wish to get rid of *r*, so we use the fact that *r* = *a* − *q**b*. Substituting this in gives

*g*(*a*, *b*)=*g*(*b*, *r*)=*s*′*b* + *t*′*r* = *s*′*b* + *t*′(*a* − *q**b*)=*t*′*a* + (*s*′−*t*′*q*)*b* = *s**a* + *t**b* if we choose *s* = *t*′ and *t* = *s*′−*t*′*q*.

Returning to our computation, we wish to compute *s* and *t* such that *g**c**d*(*a*, *b*)=*s**a* + *t**b* where *a* = 173 and *b* = 25. We divide:

*a* = 173, *b* = 25, *q* = 6, *r* = 23, *s* = ?, *t* = ?

The proof of Bezout's theorem tells us we must now compute *s*′ and *t*′ such that *g**c**d*(*b*, *r*)=*s*′*b* + *t*′*r*. Let's let *a*′=*b* and *b*′=*r* and recursively compute the *g**c**d*:

*a*′=25, *b*′=23, *q*′=1, *r*′=2, *s*′=?, *t*′=?

Again, the proof tells us to compute *s*″ and *t*″ such that *g**c**d*(*b*′,*r*′) = *s*″*b*′+*t*″*r*′.

*a*″=23, *b*″=2

We could continue recursively (it would take a few more steps). However, we can instead eyeball it to find *s*″ and *t*″ such that 1 = *s*″*a*″+*t*″*b*″: this holds if we chose *s*″=1 and *t*″= − 11.

We check that *s*″*a*″+*t*″*b*″=23 − 22 = 1, which is what we want. Now we can use the formulas we found in the proof of Bezout's identity to find *s*′ and *t*′: *s*′=*t*″ and *t*′=*s*″−*t*″*q*′:

*s*′= − 11, *t*′=1 + 11 = 12.

We double check that *s*′*a*′+*t*′*b*′=1: ( − 11)*25 + 12 * 23 = 1

Now we can compute *s* = *t*′=12 and *t* = *s*′−*t*′*q* = −11 − 12 * 6 = −83. We double check *s**a* + *t**b* = 12 * 173 − 83 * 25 = 1

This tells us that mod 173, [ − 83][25]=[1] so [ − 83] is [25]^{−1}. If we like, we can choose the "canonical" representative −83 + 173 = 90. We can double check we got the right answer: *r**e**m*(90 * 25, 173)=1