Euler Phi Function:

October 10, 2012

1 The Euler Phi Function
This lecture is dedicated to the study of another multiplicative functions, the Euler phi
function.
Denition 1.1. Let n 1 be an integer. Then we dene the Euler phi function by
(n) =the number of positive integers less than n that are relatively prime to n.
So let us do some examples.
Example 1.2. (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (15) = 8
The rst observation is how (n) behaves on the primes.
Observation 1. (n) = n 1 n is prime.
Proof. (n) = n 1 every integer in the set {1, 2, ..., (n 1)} is relatively prime to n
No prime p with p < n divides n n is prime.
So (n) is capable of producting somewhat of a test to determine when a given integer
is a prime. Thus being able to calculate (n) will be quite useful. The following theorem,
which might be quite surprising, facilitates this goal.
Theorem 1.3. The Euler phi function is multiplicative.
Proof. Let n and m be relatively prime integer. The statement clearly holds if n = 1 or
m = 1. So let us assume that n, m > 1. We would like to calculate (nm) and so below we
arrange the integers from 1 to nm in m columns of n integers.
1 2 r m
m + 1 m + 2 m + r 2m
2m + 1 2m + 2 2m + r 3m
.
.
.
.
.
.
.
.
.
.
.
.
(n 1)m + 1 (n 1)m + 2 (n 1)m + r nm
1
So to calculate (nm) we need to determine how many elements of this array are rela-
tively prime with nm, which are the elements that are relatively prime to both n and m.
So what was the point of us arranging the integers in such an array. We notice that since
gcd(km + r, m) =gcd(r, m) we see that an entry in the r
th
column is relatively prime to
m if and only if r is relatively prime to m, and in this case then all of the entries of the
column are relatively prime to m. So looking at it this way, there are (m) columns with
rs that are relatively prime to n, and so we need to show that in each column there are
(n) entries relatively prime to n and then we will be done.
So let us choose such a column, and let r be the corresponding element of the column
(mod m). So gcd(r, m)=1. The entries of this column are
r, m + r, 2m + r, ..., (n 1)m + r.
So we see that there are n integers in this column, so we would like to consider their
equivalence class module n.
Now if [km + r]
n
= [lm + r]
n
[km]
n
= [lm]
n
[k]
n
= [l]
n
since gcd(n, m)=1.
However, as we can see no two of the coeecients of m in the column are equivalent mod n.
Thus if we look at the column there are all of the equivalence classes modulo n. Therefore
the number of them that are relatively prime to n is (n).
So we have divided the numbers that are relatively prime to nm into (m) columns
where in each column with (n) such numbers in each column. Thus the total amount of
such numbers is (n)(m)
We would like to get a formula for (n), and now that we know that is multiplicative
the we only need to determine its value on powers of primes.
Theorem 1.4. Let p be prime and k > 0, then
(p
k
) = p
k
p
k1
= p
k
_
1
1
p
_
= p
k1
(p 1) (1)
Proof. This can be proven by a simple counting argument. The only numbers between 1
and p
k
that are not relatively prime to p
k
are the ones that are divisible by p. There are
p
k
p
= p
k1
of these. So we have that
(p
k
) = p
k
k
k1
With this knowledge we can completely calculate (n)
Corollary 1.5. Let n be a positive integer with factorization given by n = p
n
1
1
p
n
k
k
. Then
(n) is given by
(n) =

i
p
n
i
i
_
1
1
p
i
_
= n

i
_
1
1
p
i
_
Proof. This is immediate from theorem 1.4 so we leave the proof to the reader.
2
Before we move on to the next section we have one more interesting fact about Eulers
phi functions which we prove.
Proposition 1.6. Let n > 2, then (n) is even.
Proof. We split the proof into two cases:
(Case 1:)
n is a power of 2. In this case n = 2
k
and so by our above results we have that
(n) = 2
k
2
k1
which is even.
(Case 2:)
n is not a power of 2. Thus there is some odd prime p and integer k > 0 such that p
k
|n
and p
k+1
|n, and so we can write n = p
k
m. Using the fact that phi(n) is multiplicative we
can write phi(n) = (p
k
)(m) = p
k1
(p 1)(m). Since p is odd we are done.
2 Eulers Theorem
One of the motivations for Eulers phi function is that it allows us to generalize Fermats
theorem.
Theorem 2.1. Let n 1 be an integer and let a be a positive integer with gcd(a, n)=1.
Then
[a
(n)
]
n
= [1]
n
.
Proof. Clearly this is true if n = 1, so let us assume n > 1. We want to somewhat mimic
the proof of Fermats theorem but using numbers less than n that are relatively prime to
n rather that all numbers less than n. By the denition of (n) we can enumerate the
integers less that n that are relatively prime to n as a
1
, a
2
, ..., a
(n)
, and consider the classes
[aa
1
]
n
, ..., [aa
(n)
]
n
. Note that if [aa
i
]
n
= [aa
j
]
n
then since gcd(a, n) = 1 we would have
[a
i
]
n
= [a
j
]
n
.. Thus the a
i
all represent dierent classes modulo n.
Also note that since a
i
and a are both relatively prime to n then so is aa
i
. Thus the
classes [aa
1
]
n
, ..., [aa
(n)
]
n
are the same as the classes [a
1
]
n
, ..., [a
(n)
]
n
.
So we can now look at the simulaneous congruences
[aa
1
]
n
= [a

1
]
n
[aa
2
]
n
= [a

2
]
n
.
.
.
.
.
.
[aa
(n)
]
n
= [a

(n)
]
n
where the [a

i
]
n
= [a
j
]
n
for distinct j.
Now we can take the product of these congruences to get
3
[(aa
1
) (aa
(n)
)]
n
= [a

1
a

(n)
]
n
(2)
Pulling out the as this becomes
[a
(n)
(a
1
a
(n)
]
n
= [a
1
a
(n)
]
n
Since we know that all of the a
i
are relatively prime to n, we can cancel them out of the
above equation to get our desired result.
3 Application: Periodic Decimal Expansions
Let us take a slight diversion. We will consider a neat application of Eulers theorem. With
a calculator we can see that various fractions have periodic decimal expansions, e.g.,
3
7
= .428571428571...
has a repeating block of length 6. Which numbers have periodic expansions? And
is anything predictable about the period length? To answer these questions, we start by
working in reverse. Lets write down a periodic expansion and try to see what kind of
number it turns out to be. For simplicity, we focus on purely periodic decimals, meaning
those with a repeating block right at the start (like
3
7
above and unlike
19
55
= .345454545...
which has the initial 3 that is not repeated).
If
x = .c
1
c
2
c
d
is a purely periodic decimal, where the periodic block we wrote down has length d, each
c
i
is repeated every d digits as we move through the decimal expansion of x. For instance, c
1
occurs in positions for 10
1
, 10
(d+1)
, 10
(2d+1)
, and so on. The digit c
2
occurs in positions
10
2
, 10
(d+2)
, 10
(d+3)
, and so on. Therefore
x = c
1

k0
1
10
dk+1
+ c
2

k0
1
10
dk+2
+ + c
d

k0
1
10
dk+d
=
_
c
1
10
+
c
2
10
2
+ +
c
d
10
d
_

k0
1
10
dk
=
_
c
1
10
+
c
2
10
2
+ +
c
d
10
d
_
_
1
1
1
10
d
_
4
where we summed a geometric series in the last step. Writing
1
(1
1
10
d
)
as
10
d
10
d
1
and using
10
d
in the numerator to clear out the powers of 10 in the denominators of the other factor,
we obtain
x =
c
1
10
d1
+ c
2
10
d2
+ + c
d
10
d
1
This is a rational number with denominator that is 1 less than a power of 10. The
numerator can be any positive integer with at most d decimal digits, so the ratio is a
fraction between 0 and 1.
Example 3.1. Let x = .33333... . The repeating block has length 1, so from the calculations
we made,
x =
3
10 1
=
1
3
Example 3.2. Let x = .002870028700287.... The repeating block has length 5 (not 3;
include the periodic 0s also), so
x =
287
10
5
1
=
287
9999
=
7
2439
In the last step, the greatest common divisor of 287 and 99999 is 41, so the numerator
and denominator are divided by 41.
We have shown that any number which has a purely periodic decimal expansion is
rational between 0 and 1 and admits an expression as a fraction whose denominator is
10
d
1 for some d. Now we want to go the other way: starting with a fraction, say
28
303
, can
we decided if its decimal expansion is (purely) periodic or not?
The calculations above, passing from a purely periodic decimal for a number x to its
expression as a fraction with denominator 10
d
1, can be read forwards and backwards.
Reading it in reverse shows that any fraction between 0 and 1 with a denominator of the
form 10
d
1 has a purely periodic decimal expansion. So the numbers which have purely
periodic decimal expansions are precisely the fractions between 0 and 1 with a denominator
of the form 10
d
1. Of course, a denominator having the form 10
d
1 might not be the
reduced form denominator, e.g.,
7
2439
from the above example has to be written as
287
99999
to get its denominator to be 1 less than a power of 10. So we ask: is there a simple
description of the fractions which admit a representation (not necessarily reduced!) with a
denominator of the form 10
d
1? Since 10
d
1 is not divisible by 2 or 5, and the reduced
form denominator is a factor of any other denominator for the fraction, if a fraction has a
denominator 10
d
1 then its reduced form denominator must be relatively prime to 10.
It turns out the converse is also true, and the key tool to prove this is Eulers theorem:
Theorem 3.3. Any reduced form fraction
a
b
with gcd(10, b) = 1 can be written as a fraction
with denominator 10
d
1 for some d 1. Moreover, the period length of the decimal
5
expansion for
a
b
is the smallest d 1 such that [10
d
]
b
= [1]
b
. In particular, d (b). and
the period length is independent of the numerator a.
Proof. Consider the fraction be
a
b
, where gcd(10, b) = 1. By Eulers theorem, [10
(b)
]
b
= [1]
b
.
That means 10
(b)
1 is a multiple of b, so we can rewrite
a
b
as a fraction with denominator
10
(b)
1
Let d 1 be minimal such that 1[10
d
]
b
= [1]
b
, so d (b). Write 10
d
1 = bn, so we
have
a
b
=
an
bn
=
an
10
d
1
Since
a
b
< 1, and an < bn = 10
d
1 then the base 10 expansion of an requires no more
than d digits, so we can write
an = c
1
10
d1
+ c
2
10
d2
+ + c
d
for some digits c
i
(Some of the top c
i
s may be 0 if an is substantially less than 10
d
1.)
Our earlier calculations showed that for any decimal digits c
1
, ..., c
d
, we have
.c
1
c
d
=
c
1
10
d1
+ c
2
10
d2
+ + c
d
10
d
1
So
a
b
=
c
1
10
d1
+c
2
10
d2
++c
d
10
d
1
has a periodic decimal expansion of length d.
To show d is the minimal period of the decimal expansion of
a
b
, assume we could write
a
b
as a decimal expansion with a repeating block of length l < d. Then
a
b
can be written as
a fraction with denominator 10
l
1.
Since
a
b
is the reduced form of the fraction, this means 10
l
1 is a multiple of b. This
contradicts the choice of d as the smallest such exponent satisfying 10. Therefore l isnt a
period length for the decimal expansion of
a
b
, so d is the minimal period length.
Notice in this proof that we used nothing about a so the period lenfth does not depend
on a
Example 3.4. A numerical computation suggests the decimal expansions of
1
7
,
2
7
,
3
7
,
4
7
,
5
7
,
and
6
7
all have period length 6 and the decimal expansions of
1
303
and
28
303
both have period
length 4. To prove this, check to see that the least d such that [10
d
]
7
= [1]
7
is 6 and that
the least d such that [10
d
]
303
= [1]
303
is 4.
By seeing explicitly how 10
6
1 is a multiple of 7 and 10
4
1 is a multiple of 303, we
can even gure out (without a calculator) what the decimal expansions of these fractions
are. Since 10
6
1 = 7 142857
3
7
=
3 142857
10
6
1
=
428571
10
6
1
= .428571428571...
Since 10
4
1 = 303 33
6
28
303
=
28 33
10
4
1
=
924
10
4
1
= .092409240924...
The whole theory of periodic decimals (e.g., determining which numbers have purely
periodic expansions, and how long the periods can be) is explained by Eulers theorem
and results related to it. So this is a concrete elementary application of number theory to
explain a persistent mystery from mathematics familiar to all students.
4 Further Properties of the Euler Phi Function:
In this section we investigate further properties of the Euler phi function.
Theorem 4.1. Let n 1 be a positive integer. Then
n =

d|n
(d)
Proof. Clearly the statement is true if n = 1. So assume that n > 1. Let n = p
n
1
1
p
n
k
k
be
the prime factorization of n. Let F(n) be the function dened by
F(n) =

d|n
(d).
From our previous work we know that F(n) is multiplicative, so let us calculate F(p
n
1
i
).
F(p
n
i
i
) = (1) +(p
i
) +(p
2
i
) + +(p
n
1
i
) = 1+(p1) +(p
2
p) + +(p
k
p
k1
) = p
n
i
i
So we have shown that the statement is true for powers of primes. Thus we can use the
multiplicativity of F(n) to conclude the statement for all n.
To conclude this section we mention one more interesting result concerning (n)
Theorem 4.2. Let n 1 be an integer. Consider the function F(n) dened by
F(n) =

d:gcd(d,n)=1
d
Then F(n) =
1
2
n(n).
Proof. First let us note that gcd(a, n) = 1 gcd(n a, n) = 1. So if we let a
1
, ..., a
(n)
be
the integers less than n that are relatively prime to n then {a
1
, ..., a
(n)
} = {(na
1
), ..., (n
a
(n)
)}. So adding all the elements of the set we get
F(n) = a
1
+ + a
(n)
= (n a
1
) + (n a
2
) + + (n a
r
)
7
If we add all the a
i
s over to the left we get
2(a
1
+ a
2
+ + a
(n)
) = n(n)
.
Diving by two we get our result.
Theorem 4.3. Let n be a positive integer. Then
(n) = n

d|n
(d)
d
Proof. The proof is a simple application of the Mobius inversion formula. We know that
F(n) = n =

d|n
(d).
Thus if we apply the Mobius inversion formula to the above equation we get
(n) =

d|n
(d)F
_
n
d
_
=

d|n
(d)
n
d
= n

d|n
(d)
d
5 Group of Units in Z/nZ
In this section we use Eulers theorem to study the group of invertible element in Z/pZ
Denition 5.1. Let n > 1 be an integer. Recall that Z/nZ = {[0]
n
, [1]
n
, ..., [n 1]
n
}. We
say that a Z/nZ is a unit if there is an integer k such that a
k
= 1.
With this denition in mind we have the following immediate observation.
Observation 2. Let n > 1 be an integer. Then a Z/nZ is a unit gcd(a, n) = 1.
Proof. ()
Assume that a Z/nZ is a unit. This implies that the equation ax = [1]
n
has a solution.
Thus gcd(a, n)|1 gcd(a, n) = 1
()
If gcd(a, n) = 1 then by Eulers theorem we know that a
(n)
= [1]
n
.
With the observation we can show the following:
Theorem 5.2. Let a, b Z/nZ be units, then ab Z/nZ is a unit.
8
Proof. We give two proofs of this fact
Proof 1:
Since a, b are unit then by denition there are integers k and l such that a
k
= b
l
= 1.
Thus ab
kl
= (a
kl
)(b
kl
) = (a
k
)
l
(b
l
)
k
= 1
Proof 2:
By the above theorem we know that gcd(a, n)=gcd(b, n) = 1. Therefore the gcd(ab, n)=1.
So ab is a unit.
Following that we have the corollary
Corollary 5.3. Let a Z/nZ be a unit, then a
k
is a unit for all k. In particular, a
(n)1
=
a
1
is a unit.
Proof. We simply apply the above theorem with b = a, and proceed by induction. The
details are left to the reader.
So we have seen that given a unit a Z/nZ then raising a to powers we can get more
units. We are immediately led to ask, how many more units can we get? In particular, can
we get them all. The rst thing that we can say about this is that 1 is a unit and raising
1 to a power does not get any new units. Thus a better renement of the question is what
we state below.
Question 1. Let n > 1 be an integer. Is there a unit a Z/nZ such that the set
{a, a
2
, a
3
, ..., } is the set of all units?
When we rst look at this we should notice that in the above set there is quite a bit
of redundancy. In particular, since a
(n)
= 1 then a
phi(n)+1
= a, a
(n)+2
= a
2
, and so on.
Thus the proper question is
Question 2. Let n > 1 be an integer. Is there a unit a Z/nZ such that the set
{a, a
2
, a
3
, ..., a
(n)
} is the set of all units?
To investigate this question let us consider some examples.
Example 5.4. Notice that Z/2Z has only 1 as a unit so the question hold for n = 2
The units of Z/3Z are {1, 2} and 2
2
= 1 so the question holds for n = 3
The units of Z/4Z are {1, 3} and 3
2
= 1 so the question holds for n = 4
The units of Z/5Z are {1, 2, 3, 4} and 2
2
= 4, 2
3
= 3, 2
4
= 1 so the question holds for
n = 5
The units of Z/8Z are {1, 3, 5, 7}. Now 3
2
= 1, 5
2
= 1, and 7
2
= 1. Thus none of the
units of Z/8Z can generate the rest of the units
Before we proceed let us x some notations.
9
Denition 5.5. Let us denote the set of units in Z/nZ by Z/nZ

= {a Z/nZ : gcd(a, n) =
1}
Observation 3. The number of elements in Z/nZ

, denoted |Z/nZ

|=(n)
To proceed with our study of Z/nZ

we introduce the following notion.

Denition 5.6. Let a Z/nZ

. The order of a, denoted |a|, is the least positive integer

k > 0 such that a
k
= 1.
Let us rst note that by Eulers theorem we know that a
(n)
= 1, and so we know that
|a| (n). However, as we saw above the order of all of the units in Z/8Z (except 1) was
2, even though (8) = 4. So it need not be true that |a| = (n). However we do have the
following fact.
Theorem 5.7. Let a Z/nZ

, and let k = |a|. Then k|(n).

Proof. For the proof we will actually prove something stronger, we will show that if h is
any integer such that a
h
=1, then k|h. Since, by Eulers theorem, (n) is such an h, we will
have our result.
So let us assume by way of contradiction that k |h. Since a
h
= 1 we know that h > k.
So we can write h = qk +r with 0 < r < k. Note that since k |h we know that r = 0. Now
we have
1 = a
h
= a
qk+r
= (a
k
)
q
(a
r
) = a
r
However, we assumed that k was the least such integer and r < k. So we have our
result.
Thus if we want to nd the order of a unit, we only need to try for numbers which divide
(n). Now we would like to continue to answer the question of when we can get all units of
the form {a, a
2
, ..., a
(n)
} for some a Z/nZ

, and if so, then how many such a are there.

Toward this end we have the following denition.
Denition 5.8. Let a Z/nZ

. Then a is a primitive root of unity mod n if |a| = (n)

So the idea here is that any unit is a root of unity, (unity is 1) and so a is a root of
unity if a
k
= 1 for some k > 0.
Example 5.9. 3 is a primitive root of unity mod 5 since [3
1
]
5
= [3]
5
, [3
2
]
5
= [4]
5
, [3
3
]
5
=
[2]
5
, [3
4
]
5
= [1]
5
. So 3=4 mod 5.
3 is a root of unity mod 8 since [3
2
]
8
= [1]
8
, but 3 is not a primitive root of unity since
3=2 mod 8
From the work above we can see that if a is a root of unity then a
k
will be a root of
unity for any k. So the idea of a primitive root of unity is that you can get all other roots
of unity from it. We formalize this idea with the next theorem.
10
Theorem 5.10. Let a Z/nZ

. Then a is a primitive root of unity mod n Z/nZ

=
{a, a
2
, ..., a

(n)}
Proof. ()
Let i, j {1, ..., (n)}, with i j. If a
i
= a
j
then a
ij
= 1. Now we know that i j <
(n) so we must have that i = j. Thus all elements of {a, a
2
, ..., a
(n)
} are distinct, and so
there are (n) elements in it. By our previous work we know that {a, a
2
, ..., a
(n)
} Z/nZ

,
and Z/nZ

has (n) elements. So these two sets must be the same.

()
Let G
a
= {a, a
2
, a
3
, ..., a
(n)
}, and let k = |a|. Note that since a
k
= 1, a
k+1
= a, a
k+2
=
a
2
and so on that G
a
= {a, a
2
, ..., a
k
} has exactly k elements. So since Z/nZ

has (n)
many elements, then if G
a
= Z/nZ

we must have that k = (n).

Now we turn to the question of amount of primitive roots. Before we state the theorem
we need some preliminaries.
Theorem 5.11. Let n > 1 be an integer. Assume that a Z/nZ

is a primitive root of
unity mod n, then there are ((n)) many primitive roots of unity mod n.
Proof. By the above theorem we know that Z/nZ

= {a, a
2
, ..., a

(n)}. So if b Z/nZ

then
there is a k such that b = a
k
. Now b is a primitive root of unity h {1, ..., (n) 1}
we have b
h
= 1.
Now b
h
= a
kh
= 1 (n) |kh h {1, ..., (n) 1} gcd(k, (n)) = 1
Thus the primitive roots of unity are the a
k
where k and (n) are relatively prime, and
since there are ((n)) of those we are done.
6 Relation to the Golden Ratio
In the section we describe an interesting relationship between the golden ratio, the Mobius
function, the Euler phi function and the natural logarithmcentral players in the theory of
numbers.
Denition 6.1. Let denote the golden ratio
=
1 +

5
2
This is a constant that has historically attracted much attention. In fact consider the
following
Observation 4.
= 1 +
1

11
Proof. We are asking which numbers satisfy x = 1 +
1
x
then we get x
2
x 1 = 0. Using
the quadratic formula we get
x =
1
_
1 (4)(1)(1)
2
So we see that is one of the solutions.
6.1 Golden identities
We would like to state some interesting identities but before we do we need to establish
some formulas involving the log function.
Recall that if 0 < r < 1 then we have the following formula for the geometric series
1 + r + r
2
+ + r
k
=
1 r
k+1
1 r
Since 0 < r < 1 as k the sum on the left converges and so we have that
1 + r + r
2
+ =
1
1 r
.
This is the Taylor series for
1
1r
So if we integrate both sides of the equation we get
r +
r
2
2
+
r
3
3
+ =

i=1
r
i
i
= log(1 r)
With these notations, we can state a theorem that highlights a connection between the
golden ratio and the factorization of integers that is not obvious; and displays a sort of
inverse relationship between the Mobius function and Euler phi function. However, before
we do this we need to prove a lemma.
Lemma 6.2. Let 0 < x < 1. Then we have the following two identities.

k=1
(k)
k
(log(1 x
k
)) =
x
1 x
(3)

k=1
(k)
k
(log(1 x
k
)) = x (4)
Proof. To prove equation (3) we rst observe that, by our formula for log, the left hand
side of (3) is equal to

k=1
(k)
k

i=1
(x
k
)
i
i
For any n 1, the coecient of x
n
in the preceding expression is
12

k|n
(k)
n
= 1
Therefore the left side of (3) is equal to the geometric series
x + x
2
+ x
3
+ = x(1 + x + x
2
+ ) =
x
1 x
To prove (4), observe that the left-hand side of (24) is equal to

k=1
(k)
k

i=1
(x
k
)
i
i
For any n 1 , the coecient of x
n
in the preceding expression is

k|n
(k)
n
=
_
1 if n = 1
0 if n > 1
Every coecient but the rst equals zero; therefore the left side of (24) is equal to .
With this lemma we can now state our main identity.
Theorem 6.3. We have the pair of reciprocal summation identities
=

k=1
(k)
k
log
_
1
1

k
_
1

k=1
(k)
k
log
_
1
1

k
_
Proof. Now that we have the two identities this is quite easy. We note that 0 <
1

< 1 and
so we can substitute x = . First let us notice that using the identity
1

= 1 we get
that
1

1
1

=
1
1
=
1
1

=
Thus by plugging in
1

= x we get our desired result.

13
7 Primitive Roots for Primes
We return not to our discussion of primitive roots, and we focus on primitive roots of primes.
From our earlier discussion we noticed that 5 has primitive roots, but 8 does not. So an
interesting question is which integers have primitive roots. The goal of this section is to
show that all primes have primitive roots. First let is show the following statement.
Theorem 7.1 (Lagrange). Let p be a prime and d|p 1. Then if we let
x
d
1
be a polynomial in Z/pZ. Then the polynomial has exactly d roots.
Proof. Recall from our earlier discussion we showed that a polynomial in Z/pZ of degree d
has at most d roots. So we need to show that it has at least d.
This however, follows from Fermats theorem. In particular, we know that the equation
x
p1
= 1 has exactly p1 solutions by Fermats theorem (in fact the solutions are 1, 2, ..., p
1). Now because d|(p 1) we know p 1 = dk then by an argument similar to one in the
rst midterm we can factor
x
p1
1 = (x
d
1)f(x)
where f(x) is the polynomial f(x) = x
d(k1)
+x
d(k2)
+ +x
d
+1. Now we know that
f(x) has at most dk d solutions. Let a be a solution of x
p1
1 = 0. Then since p is
prime we know that a must be a solution of x
d
1 or f(x). Since f(x) has at most dk d
solutions and there are a total of p 1 = dk solutions, we must have that x
d
1 has at
least dk (dk d) = d solutions. Thus we are done.
Example 7.2. Let p 7 and let us consider the equation x
2
= 1. Then by the above
theorem is should have 2 solutions. 1
2
= 1, 2
2
= 4, 3
2
= 6, 4
2
= 2, 5
2
= 4, 6
2
= 1. So
this works. Also we should have that x
3
= 1 has 3 solutions. 1
3
= 1, 2
3
= 1, 3
3
=
6, 4
3
= 1, 5
3
= 6, 6
3
= 6
Let p = 11 and let us consider the equation x
2
= 1. Then by the above theorem it
should have 2 solutions. 1
2
= 1, 2
2
= 4, 3
2
= 1, 4
2
= 5, 5
2
= 3, 6
2
= 3, 7
2
= 5, 8
2
=
9, 9
2
= 4, 10
2
= 1. So this works. Also we should have that x
5
= 1 has 5 solutions.
1
5
= 1, 2
5
= 10, 3
5
= 1, 4
5
= 1, 5
5
= 1, 6
5
= 10, 7
5
= 10, 8
5
= 10, 9
5
= 1, 10
5
= 10 so it
works
Theorem 7.3. If p is prime and d|p 1 then there are exactly (d) distinct elements in
Z/pZ with order d mod p.
Proof. Let (p) denote the number of integers k with 1 k p 1 such that |k| = d in
Z/pZ. Let us not that
p 1 =

d|(p1)
(d)
14
because every integer 1, 2, ..., p-1 has some order between 1 and p-1. Now we have
already shown (theorem 4.1 above) that
n =

d|n
(d)
You might want to say that at this point we can just apply the Mobius inversion formula
to get that (d) = (d). However, this does not work. The reason is that we only know that
theorem for concerning (d) in the case that p is prime. Instead we try a dierent strategy.
We will show that if d|(p 1) then (d) (d). This, in conjunction with the statement
above that

d|p1
(d) =

d|p1
(d)
will give us our desired result.
So let us consider a d with d|p 1. Now if (d) = 0 we are clearly done so assume that
(d) > 0, thus there is an a Z/pZ with |a| = d. Then we know that since |a| = d then the
set {a, a
2
, ..., a
d
} are all dierent elements in Z/pZ. Also it is clear that all of these elements
solve the equation x
d
= 1. Thus since there are d such elements we have just shown that
all elements of order d in Z/pZ must be in the set {a, a
2
, ..., a
d
}. However, not all of these
elements will have order d.
In fact, for k with 1 k d, a
k
will have order d if and only if gcd(k, d) = 1. Thus
there are (d) such elements. So (d) (d) (in fact we have shown they are equal). Thus
we are done.
Now we can apply the theorem above with d = p 1 to get the following corollary.
Corollary 7.4. If p is a prime, then there are exactly (p 1) distinct (mod p) primitive
roots of unity.
Example 7.5. Let p = 13. Then p 1 = 12, and (12) = 4.
2
1
= 2, 2
2
= 4, 2
3
= 8, 2
4
= 3, 2
5
= 6, 2
6
= 12, 2
7
= 11, 2
8
= 9, 2
9
= 5, 2
1
0 = 10, 2
1
1 =
7, 2
1
2 = 1. So |2| = 12 = (12). So 12 is a primitive root.
3
1
= 3, 3
2
= 9, 3
3
= 1, so 3 is not a primitive root.
4
6
= 2
1
2 = 1, so 4 is not a primitive root.
5
1
= 5, 5
2
= 12, 5
3
= 8, 5
4
= 1, so 5 is not a primitive root.
6
1
= 6, 6
2
= 10, 6
3
= 8, 6
4
= 9, 6
5
= 2, 6
6
= 12, 6
7
= 7, 6
8
= 3, 6
9
= 5, 6
1
0 = 4, 6
1
1 =
11, 6
1
2 = 1, so 6 is a primitive root.
7
1
= 7, 7
2
= 10, 7
3
= 5, 7
4
= 9, 7
5
= 11, 7
6
= 12, 7
7
= 6, 7
8
= 3, 7
9
= 8, 7
1
0 = 4, 7
1
1 =
2, 7
1
2 = 1, so 7 is a primitive root.
15
8
1
= 8, 8
2
= 12, 8
3
= 5, 8
4
= 1, so 8 is not a primitive root.
9
1
= 9, 9
2
= 3.9
3
= 1, so 9 is not a primitive root.
10
1
= 10, 10
2
= 9, 10
3
= 12, 10
4
= 3, 10
5
= 4, 10
6
= 1, so 10 is not a primitive root.
11
1
= 11, 11
2
= 4, 11
3
= 5, 11
4
= 3, 11
5
= 7, 11
6
= 12, 11
7
= 2, 11
8
= 9, 11
9
=
8, 11
1
0 = 10, 11
1
1 = 6, 11
1
2 = 1, so 11 is a primitive root.
12
1
= 12, 12
2
= 1, so 12 is not a primitive root.
Thus the primitive roots for p = 13 are 2, 6, 7, and 11.
The preceding example is quite illustrative. In particular, we know that for p = 13 there
are primitive roots, and we know that there are 4. However, the problem of actually know
which elements are primitive roots remains illusive. As the previous example shows, there
are not obvious way to know which elements are primitive roots.
8 Compositve Numbers Having Primitive Roots
In the preceding section we settled the question of whether primes have primitive roots, and
moreover we determined how many primitive roots they have. Now we focus our attention
on composite numbers. We begin with the following theorem.
Theorem 8.1. For k 3, the integer 2
k
has no primitive roots.
Proof. We know that in order for a to be a primitive root then, in particular, a must be a
unit. By our previous work we know that this means a must be relatively prime to 2
k
. In
other words, a must be odd, so rst let us show that if a is odd then
[a
2
k2
]
2
k = [1]
2
k
We will prove this by induction on k starting at k = 3.
(Base Case:) For the base case let k = 3. Then 2
k
=8, and so a = 1, 3, 5, or 7. In each
of these cases we can check to see that a
2
k2
= a
2
= 1
(Induction Step:) Assume that the statement holds for k. Thus we know that there is
an integer b such that
a
2
k2
= 1 + b2
k
We can square both sides of the above equation to get
a
2
k1
= 1 + 2(b2
k
) + (b2
k
)
2
= 1 + 2
k+1
(b + b
2
2
k1
)
Thus we have that [a
2
(k+12)
]
2
k = a
2
k1
2
k
= [1]
2
k.
16
Now we continue with the proof of the theorem. We know that the integers less than
2
k
that are relatively prime to 2
k
are precisely the odd integers, and so (2
k
) = 2
k1
. By
what we have shown above we know that
a
(2
k
)
2
= 1
Thus a is not a primitive root of unity.
Along the same lines we have the following theorem.
Theorem 8.2. Let m, n > 2 be integers with gcd(n, m)=1. Then nm has no primitive
roots.
Proof. Let a be an integer relatively prime to nm. Then you have that a is also relatively
prime to both n and m. Let h =lcm((n), (m)) and d =gcd((n), (m)). From our
previous work we know that (n) and (m) are both even and thus d 2. Thus we have
h =
(n)(m)
d

(mn)
2
(5)
Now we know that a
(m)
= 1 (mod m). Thus if we raise each side of equation (5) to the
(n)
d
power we get
a
h
= (a
(m)
)
n
d
= 1
Similarly we can show that a
h
= 1 (mod n). Thus using that gcd(n, m)=1 we get that
a
h
= 1 (mod nm). Thus |a|
(nm)
2
. Thus a is not a primitive root.
Example 8.3. Consider n = 15
2
1
= 2, 2
2
= 4, 2
3
= 8, 2
4
= 1
4
1
= 4, 4
2
= 1
7
1
= 7, 7
2
= 4, 7
3
= 13, 7
4
= 1
8
1
= 8, 8
2
= 4, 8
3
= 2, 8
4
= 1
11
1
= 11, 11
2
= 1
13
1
= 13, 13
2
= 4, 13
3
= 7, 13
4
= 1
14
1
= 14, 14
2
= 1
So again we see that there are not primitive roots of unity mod 15.
17
So we have gotten some negative results conerning composite numbers, so let us try to
get some positive ones. Before we do this let us establish some lemmas.
Lemma 8.4. If p is an odd prime, then there exists a primitive root r of p such that
r
p1
= 1 (mod p
2
).
Proof. We know that p has primitive roots. Let us call one such roots r. If r
p1
= 1 (mod
p
2
) then we are done.
Otherwise, let r

= r + p. Then r

is also a primitive root and if we expand we get

(r

)
p1
= (r + p)
p1
= r
p1
+ (p 1)pr
p2
(mod p
2
)
Here we have used that these are the rst two terms of the binomial expansion and all
other terms have a p
2
in them. Now we know that r
p1
= 1 (mod p
2
). Thus the above
equation becomes
(r

)
p1
= 1 pr
p2
Now we know that r is a root of unity to gcd(r, p) = 1 p |r
p2
. So p
2
|pr
p2
thus
(r

)
p1
= 1 (mod p
2
).
Lemma 8.5. Let p be an odd prime and let r be a primitive root of p such that r
p1
= 1
(mod p
2
). Then for each k 2 we have
r
p
k2
(p1)
= 1 (modp
k
)
Proof. We will proceed by induction on k. Lemma 1 proves it for the base case of k = 2.
(Induction Step:)
Assume it is true for k. Since gcd(r, p
k1
) =gcd(r, p
k
) = 1, then by Eulers theorem we
know that
r
p
k2
(p1)
= r
(p
k1
)
= 1 (modp
k1
)
Thus there is a b such that
r
p
k2
(p1)
= 1 + bp
k1
and by our induction hypothesis we know that p |a. Now we raise both sides of the
equation to the p
th
power to get
r
p
k1
(p1)
= (1 + ap
k1
)
p
= 1 + ap
k
(modp
k+1
)
this we have shown
r
p
k1
(p1)
= 1 (modp
k+1
)
and so we are done.
18
Now that we have these lemmas we can state and prove our desired result.
Theorem 8.6. If p is an odd prime and k 1 there there is a primitive root of p
k
.
Proof. By the two previous lemmas we know that there is a primitive root of p such that
r
p
k2
(p1)
= 1 (modp
k
)
Let us choose such an r. Let n
k
= |r|(mod p
k
). We know that n
k
|(p
k
) = p
k1
(p 1).
Because r
n
k
= 1 mod p
k
then we also have r
n
k
= 1 mod p. Thus we have (p 1)|n
k
.
Therefore we must have that n
k
= p
m
(p 1) for some m with 0 m k 1.
Now we know that
r
p
k2
(p1)
= 1 (modp
k
)
Thus, n |p
k2
(p1). This means that n = p
k1
(p1) = (p
k
) and so we are done.
Finally we have one more positive result.
Theorem 8.7. Let p be an odd prime then for k 1, 2p
k
has primitive roots.
Proof. Let r be a primitive root of p
k
. Note that without loss of generality we can assume
that r is odd because we can simply replace r by r + p
k
.
Now gcd(r, 2p
k
) = 1. Thus n = |r| mod 2p
k
must divide
(2p
k
) = (2)(p
k
) = (p
k
)
But since [r
n
]
2p
k = [1]
2p
k then we have [r
n
]
p
k = [1]
p
k. Thus we have that (p
k
)|n since
r is primitive for p
k
. Thus we have that n = (2p
k
) and so we are done.
So we have an exact description of all n such that Z/nZ has primitive roots. There
exactly the elements of the following sets
{2, 4, p
k
, 2p
k
: p is an odd prime }
19