Computing \(φ(m)\), \([a]^{-1}\)
As we saw last lecture, the set of units of \(ℤ_m\) is quite important. In this lecture we will show how to compute the greatest common divisor and how it relates to units.
Let \(g : ℕ \times ℕ → ℕ\) be defined inductively on its second input as follows: \(g(a,0) := a\) and \(g(a,b) = g(b,r)\) where \(r\) is the remainder of \(a\) divided by \(b\). Note that this inductive definition is reasonable in the same way that a proof by strong induction is reasonable, because \(r \lt b\); you might say this is a "strongly inductively" defined function.
I claim that \(g(a,b)\) is the greatest common divisor of \(a\) and \(b\). We will prove this inductively. Note that the form of induction here follows the form of induction we used to define \(g\); in this case \(g(a,b)\) is defined by strong induction on \(b\), and our proofs use strong induction on \(b\).
The proof proceeds in two parts: First, it is a common divisor; Second, it is greater than any other common divisor.
Claim 1: \(g(a,b)\) divides \(a\) and \(g(a,b)\) divides \(b\).
Proof: By strong induction. Let \(P(b)\) be the statement "for all \(a\), \(g(a,b)\) divides both \(a\) and \(b\)".
\(P(0)\) is clear: \(g(a,0) = a\); since \(a = a \cdot 1\), \(g(a,0)\) divides \(a\); while \(0 = a \cdot 0\) so \(g(a,0)\) divides \(0\).
We now prove \(P(b)\) assuming \(P(k)\) for all \(k \lt b\). For brevity, let \(g = g(a,b)\). We want to show that \(g \mid a\) and \(g \mid b\). Well, by definition, \(g = g(b,r)\) where \(r\) is the remainder of \(a\) by \(b\) (in other words, \(a = qb + r\) and \(0 \leq r \lt b\)). Since \(r \lt b\), we have assumed \(P(r)\), so we know that \(g(b,r) \mid b\) and \(g(b,r) \mid r\). This immediately shows us that \(g = g(b,r) \mid b\), so all that's left to show is that \(g \mid a\).
Since \(g(b,r)\) divides \(b\) and \(r\), we have \(b = kg\) and \(r = ℓg\). We also know \(a = qb+r = qkg + ℓg = (qk + ℓ)g\), which shows \(g \mid a\) as required.
Now we show that \(g\) is the greatest common divisor:
Claim 2: \(g(a,b)\) is the greater than any other common divisor of \(a\) and \(b\). In other words, if \(c \mid a\) and \(c \mid b\) then \(g(a,b) \geq c\).
We will actually prove something stronger:
Claim 2': if \(c \mid a\) and \(c \mid b\) then \(c \mid g(a,b)\).
This is stronger because if \(a \mid b\) then \(b \geq a\).
Proof of 2': Again, by strong induction on \(b\). Choose an arbitrary \(c\). Let \(P(b)\) be the statement "for all \(a\), if \(c \mid a\) and \(c \mid b\) then \(c \mid g(a,b)\)".
To see \(P(0)\), assume that \(c \mid a\) and \(c \mid 0\). Well, \(g(a,0) = a\), so \(c \mid g(a,0)\) by assumption.
Now, assume \(P(k)\) for all \(k \lt b\), and assume that \(c \mid a\) and \(c \mid b\). We wish to show that \(c \mid g(a,b)\). As above, we'll write \(g = g(a,b)\) for brevity. Now, \(g(a,b) = g(b,r)\) where \(a = qb+r\). Since we are interested in \(g(b,r)\), we want to use our inductive hypothesis \(P(r)\). \(P(r)\) says "for any \(a\), \(c \mid g(a,r)\)", so we will choose \(a = b\), so that we have "if \(c \mid b\) and \(c \mid r\) then \(c \mid g(b,r)\)".
In order to use this fact, we must show that \(c \mid r\) (we already know \(c \mid b\)). Well, since \(c \mid a\) and \(c \mid b\), we have \(a = kc\) and \(b = ℓc\) for some \(k\) and \(ℓ\). Since \(a = qb + r\) we have \(r = a - qb = kc - qℓc = (k - qℓ)c\), so \(c \mid r\). Therefore, \(P(r)\) gives us \(c \mid g(b,r) = g(a,b)\) as required.
The following result is helpful for relating the gcd to the set of units:
Claim 3 (Bézout's identity): For all \(a\) and \(b \in ℤ\), there exist constants \(s\) and \(t\) such that \(gcd(a,b) = sa + tb\).
\(s\) and \(t\) are referred to as the Bézout coefficients of \(a\) and \(b\).
Before the proof, let us see how this relates to units.
Corollary: \([a]_m\) is a unit if \(gcd(a,m) = 1\). Indeed, since \(1 = sa + tm\), we can take equivalence classes mod \(m\) on both sides we get \(\[1\] = \[s\]\[a\] + \[t\]\[m\] = \[s\]\[a\]\) since \([m]_m = [0]\). Thus \([s]\) is the inverse of \([a]\).
Proof of claim: By strong induction on \(b\). Let \(P(b)\) be the statement "for all \(a\), there exists \(s\) and \(t \in ℤ\) such that \(gcd(a,b) = sa + tb\).
\(P(0)\) is obvious, because \(gcd(a,0) = a = 1 \cdot a + 0 \cdot 0\); thus we can choose \(s = 1\) and \(t = 0\).
To see \(P(b)\), assume \(P(k)\) for all \(k \lt b\). Then we have \(gcd(a,b) = gcd(b,r) = s'b + t'r\) for some \(s'\) and \(t'\) (by \(P(r)\)). Since \(a = qb + r\), we have that \(r = a - qb\). Plugging this in, we see \(gcd(a,b) = s'b + t'(a - qb) = t'a + (s' - t'q)b\). Therefore, choosing \(s = t'\) and \(t = s' - t'q\) gives the result.