We quickly did the proof that multiplication in Zm is well defined. It is very similar to the proof that addition of equivalence classes is well defined.
Proof sketch: Assume [a]=[a′] and [b]=[b′]. Unfolding these definitions gives a = a′−mc and b = b′−mc. Muliplying these gives ab = a′b′+m(⋯). Rearranging gives us ab − a′b′=m(⋯), so m|ab − a′b′, and thus [ab]=[a′b′] as required.
Raising an equivalence class to an integer power is well defined.
In more detail: exp : Zm × Z → Zm given by exp : [a],n ↦ [an] is well defined. We could prove this directly, but it follows from the fact that raising a to the n is just multiplying a by itself n times. One can do induction on n; the inductive step just uses the fact that multiplication is well defined.
Raising an integer (or an equivalence class) to the power of an equivalence class is not well defined.
In more detail: exp : Z × Zm → Zm given by exp : n, [a]↦[na] is not well defined. For example, working mod 5, we would hope that 2[3] = 2[8]. But 23 = 8 and 28 = 256, and [8]=[3]≠[1]=[256].
Summary: [a]n is okay, n[a] is not.
We will recover exponentiation next lecture.
Unlike the integers, you can divide by some of the elements of Zm.
If S is a set with some (reasonable) notion of multiplication, and if x ∈ S, then an inverse of x is an element y ∈ S such that xy = 1.
If x has an inverse, then x is called a unit
The units of Z are 1 (its inverse is 1) and −1 (its inverse is −1).
The units of R (the real numbers) are all reals except 0.
The units of Q (the rational numbers) are all rationals except 0
(if you're familiar with linear algebra) the units in the set of n × n matrices are those with non-zero determinants.
Important Fact: [a]∈Zm is a unit if and only if gcd(a, m)=1. This is only true if a and m share no common factors (other than 1). In this case, a and m are said to be coprime or relatively prime.
Proof (⇒): Suppose a and m are co-prime. Then by Bezout's identity, there exists s and t such that 1 = sm + ta. Reduing this equation mod m we find [1]=[sm + ta]=[s][m]+[t][a]. Note that [m]=[0] (we are working mod m, so [1]=[0]+[t][a]=[t][a]; thus [a] has an inverse [t].
We did not prove the converse in lecture.
Definition: (Zm)* is the set of units of Zm.
Examples:
(Z5)* = {[1],[2],[3],[4]}. Note that [0] is not a unit. By inspection, the inverse of [1] is [1], the inverse of [4] is [4], and [2] and [3] are inverses of each other.
More generally, if p is prime, then all non-zero elements of Zp are units, because they can't share a factor with p (since p is prime).
(Z6)* = {[1],[5]}. 2, 3, and 4 all share factors with 6, and are thus not units.
[0] is never a unit. [1] is always a unit. [m − 1]=[−1] is also always a unit (and is its own inverse).
Definition: The totient of m, written ϕ(m) is the number of units of Zm.
The proof that [a]−1 exists contains an algorithm for finding it. In particular, we use the proof of the existence of Bezout coefficients. We work an example here: suppose we wish to find the inverse of [25] in Z173.
The proof tells us we can find [25]−1 by writing 1 = 173s + 25t. Let's remind ourselves of the proof of Bezout's identity. Bezout's identity states that for any a and b there exist constants s, t such that gcd(a, b)=sa + tb.
We proved Bezout's identity inductively; for the inductive step we used the fact that g(a, b)=g(b, r) where a = qb + r. Inductively, we write g(b, r)=s′b + t′r. We wish to get rid of r, so we use the fact that r = a − qb. Substituting this in gives
g(a, b)=g(b, r)=s′b + t′r = s′b + t′(a − qb)=t′a + (s′−t′q)b = sa + tb if we choose s = t′ and t = s′−t′q.
Returning to our computation, we wish to compute s and t such that gcd(a, b)=sa + tb where a = 173 and b = 25. We divide:
a = 173, b = 25, q = 6, r = 23, s = ?, t = ?
The proof of Bezout's theorem tells us we must now compute s′ and t′ such that gcd(b, r)=s′b + t′r. Let's let a′=b and b′=r and recursively compute the gcd:
a′=25, b′=23, q′=1, r′=2, s′=?, t′=?
Again, the proof tells us to compute s″ and t″ such that gcd(b′,r′) = s″b′+t″r′.
a″=23, b″=2
We could continue recursively (it would take a few more steps). However, we can instead eyeball it to find s″ and t″ such that 1 = s″a″+t″b″: this holds if we chose s″=1 and t″= − 11.
We check that s″a″+t″b″=23 − 22 = 1, which is what we want. Now we can use the formulas we found in the proof of Bezout's identity to find s′ and t′: s′=t″ and t′=s″−t″q′:
s′= − 11, t′=1 + 11 = 12.
We double check that s′a′+t′b′=1: ( − 11)*25 + 12 * 23 = 1
Now we can compute s = t′=12 and t = s′−t′q = −11 − 12 * 6 = −83. We double check sa + tb = 12 * 173 − 83 * 25 = 1
This tells us that mod 173, [ − 83][25]=[1] so [ − 83] is [25]−1. If we like, we can choose the "canonical" representative −83 + 173 = 90. We can double check we got the right answer: rem(90 * 25, 173)=1