Lecture 17

It turns out that that we can get an explicit result. First we’ll do a relatively easy case, valid when the modulus is prime.

Before we prove it, we’ll talk a while longer about invertible elements and multiplication modulo a prime.

Let’s start with an example, and consider the seven integers 0,3,6,9,12,15,18.0,3,6,9,12,15,18. Regarded modulo 7, each is congruent to something different: 00184151125926633\begin{aligned} {0}&{\equiv 0} & {18}&{\equiv 4} \\ {15}&{\equiv 1} & {12}&{\equiv 5} \\ {9}&{\equiv 2} & {6}&{\equiv 6} \\ {3}&{\equiv 3} &&\end{aligned} Can we explain this systematically?

It comes down to the fact that 33 is invertible modulo 77 (with inverse 55, as 3×51(mod7)3\times 5\equiv{1}\pmod{7}).

By multiplying congruences, 3×5×aa(mod7)3\times 5\times a\equiv a\pmod{7} so if we want to solve 3xa(mod7)3x\equiv a\pmod{7}, we simply take x5a(mod7)x\equiv 5a\pmod{7}.

So as there are seven numbers in the list, and one is congruent to each possible residue 0,1,,60,1,\ldots,6 (modulo 7), they’re all different.

This is true in general, for the same reason: if aa is coprime to mm, then the integers 0,a,2a,,(m1)a0,a,2a,\ldots,(m-1)a contain each of the mm residues (and so exactly once each, because there’s mm of them).

Proof

Consider the product a(2a)(3a)((p1)a),a\cdot(2a)\cdot(3a)\cdot\cdots\cdot((p-1)a), regarded up to congruence modulo pp.

One way of thinking about it is that it’s (p1)!(p-1)! but with every term multiplied by an aa, so is congruent to ap1(p1)!a^{p-1}(p-1)!.

Another is that, since the product contains a copy of every nonzero residue modulo pp, it is congruent to (p1)!(p-1)!.

But, putting these observations together, we discover that ap1(p1)!(p1)!(modp).a^{p-1}(p-1)! \equiv (p-1)!\pmod{p}. But all the residues from 11 to p1p-1 are invertible, and the product of invertible residues is invertible, so (p1)!(p-1)! is invertible. Multiplying both sides by (p1)!1(p-1)!^{-1} leaves us with ap11(modp),a^{p-1}\equiv1\pmod{p}, exactly as promised.

Fermat’s Little Theorem should not be confused with Fermat’s Last Theorem. The latter says there are no solutions in positive integers to an+bn=cna^n+b^n=c^n with n3n\geq 3, and was much, much harder to prove.

In the proof of Fermat’s Little Theorem, we multiplied one representative of each invertible residue class together. It turns out we can prove a substantially more general theorem, but it’s a little more complicated. First we need a definition:
Definition: Euler’s function (sometimes known as the totient function) φ:NN\varphi:\mathbb{N}\rightarrow\mathbb{N} is defined by taking φ(n)\varphi(n) to be the number of integers from 11 to nn which are coprime to nn.

For example, φ(p)=p1\varphi(p) = p-1 if pp is prime, since every number from 11 to p1p-1 is coprime to pp (and pp isn’t coprime to pp).

For another example, φ(6)=2\varphi(6) = 2, since 11 and 55 are the only numbers between 11 and 66 which are coprime to 66.

Using this concept, we can generalise Fermat’s Little Theorem considerably:

Proof

The proof is exactly the same as Fermat’s Little Theorem, but instead of working with all the integers 1,2,,n11,2,\ldots,n-1, we just consider those that are invertible modulo nn: let’s write these as x1,x2,,xφ(n)x_1,x_2,\ldots,x_{\varphi(n)}.

If aa is invertible, then ax1,,axφ(n)ax_1,\ldots,ax_{\varphi(n)} are all invertible too, and any invertible residue is of this form: bb can be written as a(a1b)a(a^{-1}b). Hence ax1,ax2,,axφ(n)ax_1,ax_2,\ldots,ax_{\varphi(n)} are congruent to x1,x2,,xφ(n)x_1,x_2,\ldots,x_{\varphi(n)} in some order.

Hence if we consider the products of these we have x1x2xφ(n)(ax1)(ax2)(axφ(n))aφ(n)x1x2xφ(n)(modn)\begin{aligned} & x_1x_2\cdots x_{\varphi(n)}\\ \equiv& (ax_1)(ax_2)\cdots(ax_{\varphi(n)})\\ \equiv& a^{\varphi(n)}x_1x_2\cdots x_{\varphi(n)}\pmod{n}\end{aligned} Since all the elements x1,x2,,xφ(n)x_1,x_2,\ldots,x_{\varphi(n)} are invertible, we can cancel them out to get aφ(n)1(modn)a^{\varphi(n)}\equiv 1\pmod{n}.

We worked with the factorial in the proof of Fermat’s Little Theorem without ever needing to calculate it. It turns out we can calculate it, using a clever trick.

However, we’ll need a fact first:

Proposition

Let pp be a prime, and let aa be an integer with the property that a21(modp)a^2\equiv 1\pmod{p}. Then either a1(modp)a\equiv1\pmod{p} or a1(modp)a\equiv-1\pmod{p}.

Proof

If a21(modp)a^2\equiv 1\pmod{p}, then a210(modp)a^2-1\equiv 0\pmod{p}, ie (a1)(a+1)0(modp)(a-1)(a+1)\equiv 0\pmod{p}. In other words, p(a1)(a+1)p\mid(a-1)(a+1).

But then, either pa1p\mid a-1 (in which case a1(modp)a\equiv1\pmod{p}), or pa+1p\mid a+1 (in which case a1(modp)a\equiv-1\pmod{p}).

This theorem is not true for some composite moduli! For example, 123252721(mod8)1^2\equiv 3^2\equiv 5^2\equiv 7^2\equiv 1\pmod{8}.

I regard this as more evidence that prime moduli behave very nicely indeed!

This means that if we have aa not congruent to ±1\pm 1 modulo a prime pp, then the inverse of aa (modulo pp) is different to aa.

Indeed, if aa1a\equiv a^{-1} then 1aa1a21\equiv aa^{-1}\equiv a^2.

Now, this allows us to do this:

Proof

I’ll show firstly that if nn is composite, we don’t get (n1)!1(modn)(n-1)!\equiv-1\pmod{n}.

Indeed, suppose that nn has a factor aa such that 1<a<n1<a<n. Then we certainly have a(n1)!a\mid(n-1)!, and so (n1)!0(moda)(n-1)!\equiv 0\pmod{a}. However, if (n1)!1(modn)(n-1)!\equiv -1\pmod{n} and ana|n, then (n1)!1(moda)(n-1)!\equiv -1\pmod{a}, which gives a contradiction.

Now I’ll show that if nn is prime we do get (n1)!1(modn)(n-1)!\equiv-1\pmod{n}.

Given that nn is prime, the product (n1)!=12(n1)(n-1)! = 1\cdot 2\cdot\cdots\cdot(n-1) consists of one representative of each invertible residue class.

We can pair each up with its inverse; each element gets paired with another, except for 11 and 1-1. So, the product consists of a lot of pairs of inverses (whose product modulo nn is 11), together with the odd ones out 11 and 1-1: so the product is 1-1 as claimed.

Here are some examples:

You could use this as a way of testing if a number is prime.

As a matter of fact, it’s not a good way of doing it: if we want to check a large number NN, it’s quicker to do trial division to see if NN has any factors, than it is to multiply lots of numbers together.

But this result was psychologically important in the development of modern fast primality tests: it was the first evidence that there are ways of investigating whether a number NN is prime or not by looking at how arithmetic modulo NN behaves.