Fields and Cyclotomic Polynomials

These notes prove the existence of primitive elements in a very different way than
the treatment in the textbook. Along the way we develop the theory of cyclotomic
polynomials and prove some nice statements about quadratic residues.

Introduction to Fields
Here we briefly review the definition of a field, and we extend the notion of the order
of an element to arbitrary fields.
Recall that a binary operation on a set S is a function S × S → S, i.e. a
function that takes two elements of S as input and outputs an element of S. Some
binary operations have certain special properties:

1. A binary operation ∗ is associative if

(x ∗ y) ∗ z = x ∗ (y ∗ z)

for all x, y, z ∈ S.

2. A binary operation ∗ is commutative if

x∗y = y∗x

for all x, y ∈ S.

3. An identity element for ∗ is an element e such that

x∗e = e∗x = x

for all x ∈ S.
 Fields and Cyclotomic Polynomials 2

4. If e is an identity element, an inverse for an element x ∈ S with respect to ∗

is any element y ∈ S such that
x ∗ y = y ∗ x = e.

5. Finally, if + and ∗ are binary operations on a set S, we say that ∗ distributes

over + if
x ∗ (y + z) = (x ∗ y) + (x ∗ z) and (x + y) ∗ z = (x ∗ z) + (y ∗ z)
for all x, y, z ∈ S.

Definition: Field
A field is a set F with at least two elements having two binary operations:

1. An addition operation, usually denoted x + y for x, y ∈ F.

2. A multiplication operation, usually denoted xy for x, y ∈ F.

These operations are required to satisfy the following conditions:

1. Addition is associative, commutative, has an identity element (usually de-

noted 0), and each element x ∈ F has an additive inverse (usually de-
noted −x).

2. Multiplication is associative, commutative, has an identity element (usually

denoted 1), and each element x ∈ F−{0} has a multiplicative inverse (usually
denoted x−1 )

3. Multiplication distributes over addition.

For any field F, we will let F× denote the set F − {0}. Thus every element of F×
has a multiplicative inverse.
For those familiar with group theory, axiom (1) says that a field forms an abelian
group under addition, and axiom (2) implies that F× forms an abelian group under
multiplication. Axiom (3) says that these two group structures are in a certain sense
compatible with one another.
Some examples of fields include:
• The rational numbers Q, under the usual operations of addition and multipli-
cation.
• The real numbers R, under the usual operations of addition and multiplication.
• The algebraic numbers A, under the usual operations of addition and multipli-
cation.
 Fields and Cyclotomic Polynomials 3

• The complex numbers C, under the usual operations of addition and multipli-
cation.
• For any prime p, the set Zp = {0, 1, . . . , p − 1}, under the operations of addition
and multiplication modulo p.
Of these examples, only Zp is a finite field, meaning that it has a finite number of
elements.
We now offer a few additional examples of fields.

EXAMPLE 1 Consider the set

√
 √ 
Q 2 = a + b 2  a, b ∈ Q .

This set forms a √field

under the usual operations of addition and multiplication.
In particular, Q 2 is clearly closed under addition, and it is also closed under
multiplication:
√
√


√
a1 + b1 2 a2 + b2 2 = a1 a2 + 2b1 b2 + a1 b2 + b1 a2 2.
√
√

Every element of Q 2 has an additive inverse in Q 2 , and similarly every ele-
√
× √

ment of Q 2 has a multiplicative inverse in Q 2 :
√
√
−1 1 a−b 2 a b √
a+b 2 = √ = √
√
= 2 + 2.
a+b 2 a+b 2 a−b 2 a − 2b2 a2 − 2b2

Note here that a2 − 2b2 can never be 0 if a and b are rational numbers. 

EXAMPLE 2 Note that −1 (= 2) has no square root in the field Z3 . Consider the
set

Z3 (i) = {a + bi | a, b ∈ Z3 } = {0, 1, 2, i, 1 + i, 2 + i, 2i, 1 + 2i, 2 + 2i}.

Here we have added a new element i to Z3 whose square is −1, in the same way that
one adjoins a square root of −1 to R to obtain C. The result is a set with exactly 9
elements (since there are three choices each for a and b).
We can define an addition operation on Z3 (i) by

(a1 + b1 i) + (a2 + b2 i) = (a1 + a2 ) + (b1 + b2 )i

where a1 + a2 and b1 + b2 represent addition in Z3 . Similarly, we can define multipli-

cation on Z3 (i) by

(a1 + b1 i)(a2 + b2 i) = (a1 a2 − b1 b2 ) + (a1 b2 + b1 a2 )i.

 Fields and Cyclotomic Polynomials 4

It is easy to check that these operations are associative and commutative, and have
identity elements. Each element a + bi has an additive inverse −a − bi. It is less
obvious that every element Z3 (i)× has a multiplicative inverse, but indeed

(1)(1) = (2)(2) = 1, (i)(2i) = 1, (1 + i)(2 + i) = 1, and (2 + i)(1 + 2i) = 1.

Thus Z3 (i) is a finite field of order 9. 

Though we will not be able to prove it here, finite fields have been completely
classified.

Theorem 1 Classification of Finite Fields

If F is a finite field, then |F| = pn for some prime p and some n ≥ 1. Moreover:

1. For each prime p and each n ≥ 1, there exists a finite field with exactly pn
elements.

2. Any two finite fields with the same number of elements are isomorphic.

Here two fields are isomorphic if the only difference between them is the names of
the elements, i.e. if there exists a bijection between them that preserves the algebraic
operations. For example, let Z5 = {0, 1, 2, 3, 4}, and let F = {−2, −1, 0, 1, 2} under
the operations of addition and multiplication modulo 5. Then F is isomorphic to Z5 ,
with the corresponding bijection being

0 7→ 0, 1 7→ 1, 2 7→ 2, −2 7→ 3, −1 7→ 4.

Indeed, according to the theorem above, any field with exactly 5 elements must be
isomorphic to Z5 .
Though the above theorem states that there is a finite field with pn elements
for any prime power pn , the only finite fields we have seen so far are the fields Zp ,
which have a prime number of elements, and the field Z3 (i), which has 9 elements.
In general, if p is prime and a ∈ Zp is not a quadratic residue, then one can obtain a
field with p2 elements by adjoining a square root of a to Zp . For example:

• Z7 (i) is a field with 72 = 49 elements, and Z11 (i) is a field with 112 = 121
elements. However, the field with 25 elements cannot be described as Z5 (i),
since −1 already has a square root in Z5 .
√

• The field with 25 elements can be described as Z5 2 , since 2 has no square
√

root in Z5 . Similarly, Z13 2 is a field with 132 = 169 elements.
 Fields and Cyclotomic Polynomials 5

Finally, we will need some information about polynomials over fields. If F is a

field and
p(x) = cn xn + cn−1 xn−1 + · · · + c1 x + c0
is a polynomial with integer coefficients, then any element a ∈ F is said to be a root
of p if
cn an + cn−1 an−1 + · · · + a1 x + a0 = 0.
We will assume the following fact.

Theorem 2 Roots of Polynomials Over Fields

If F is a field and p(x) is a polynomial of degree n with integer coefficients, then

p has at most n different roots in F.

Orders of Elements
The idea of the order of an element can be extended to any field.

Definition: Order of an Element

Let F be a field, and let a ∈ F× . The order of a in F, denoted ordF (a), is the
smallest positive integer k for which ak = 1. If no such k exists, then we say that
a has infinite order.

For example, the only elements of R× that have finite order are 1 and −1, with
ordR (1) = 1 and ordR (−1) = 2.
By the way, in the case of Zp , we use the same notation is the textbook and write
ordp (a) instead of ordZp (a) for the order of an element a ∈ Z×
p.

EXAMPLE 3 The element 1 + i has order 8 in Z3 (i)× , since

(1 + i)1 = 1 + i, (1 + i)2 = 2i, (1 + i)3 = 1 + 2i, (1 + i)4 = 2,

(1 + i)5 = 2 + 2i, (1 + i)6 = i, (1 + i)7 = 2 + i, (1 + i)8 = 1. 

Proposition 3 Powers That Equal One

Let F be a field, let a ∈ F× , and let n ≥ 1. Then an = 1 if and only if ordF (a) | n.
 Fields and Cyclotomic Polynomials 6

PROOF Let k = ordF (a). If k | n, then n = mk for some m ≥ 1, so

an = amk = (ak )m = 1m = 1.

Conversely, suppose that am = 1, and let i and j be integers so that

im + jk = gcd(m, k)

Then
agcd(m,k) = aim+jk = (am )i (ak )j = 1i 1j = 1.
Then gcd(m, k) must be greater than or equal to k, so it follows that gcd(m, k) = k,
and hence k | m. 

The following proposition determines the order of any power of an element.

Corollary 4 Orders of Powers

Let F be a field, let a ∈ F, and suppose that ordF (a) = k. Then for any n ≥ 1,

k
ordF (an ) = .
gcd(n, k)

PROOF By the previous proposition, (an )m = 1 if and only if k | mn. This occurs
if and only if m is a multiple of k/ gcd(n, k). 

One of the most important properties of Zp is Fermat’s little theorem, which states
that ap−1 = 1 for every a ∈ Z×p . By Proposition 3, the order of any element of Zp
×

must be a divisor of p − 1.
The following proposition generalizes Fermat’s little theorem to any finite field.

Theorem 5 Lagrange’s Theorem for Finite Fields

Let F be a finite field with m elements. Then

am−1 = 1

for every a ∈ F× .
 Fields and Cyclotomic Polynomials 7

PROOF This follows from Lagrange’s theorem in group theory. Specifically, the
group F× has |F| − 1 elements, so the multiplicative order of each element must be a
divisor of |F| − 1. 

For example, recall that the field Z7 (i) has 49 elements. According to the above
theorem,
(a + bi)48 = 1
for any element a + bi ∈ Z7 (i).

Corollary 6

If F is a finite field with m elements and a ∈ F× , then ordF (a) | m − 1.

Roots of Unity

Definition: Root of Unity

If n is a positive integer, an nth root of unity is a complex number ζ such that

ζ n = 1.

For example, 1 is the only first root of unity, and 1 and −1 are the only square
roots of unity. It is easy to check that

1, i, −1, and −i

are fourth roots of unity, and indeed these are the only possibilities.

Proposition 7 Formula for the nth Roots of Unity

For any positive integer n, there are exactly n different nth roots of unity, namely
the numbers    
2kπi/n 2kπ 2kπ
e = cos + i sin
n n
for 0 ≤ k < n.
 Fields and Cyclotomic Polynomials 8

PROOF Note first that the n different numbers e2kπi/n for 0 ≤ k < n are all distinct,
since they lie on the unit circle in the complex plane at angles of 2kπ/n from the origin.
Each of these numbers is an nt root of unity, since

n
e2kπi/n = e2kπi = 1
for all k. But since any nth root of unity is a root of the polynomial z n − 1, which
has degree n, there can be at most n different nth roots of unity, and therefore the
numbers e2kπi/n for 0 ≤ k < n are the only possibilities. 

According to this proposition, if we let

   
2πi/n 2π 2π
ω = e = cos + i sin ,
n n
then the nth roots of unity are precisely the numbers
1, ω, ω2, ..., ω n−1 ,
since ω k = e2kπi/n for each k. For example, if n = 4 then ω = i, and the fourth roots
of unity are the powers of i:
i0 = 1, i1 = i, i2 = −1, i3 = −i.

EXAMPLE 1 The cube roots of unity consist of the number 1 together with
√ √
2πi/3 −1 + i 3 2 4πi/3 −1 − i 3
ω = e = and ω = e = .
2 2
Note that ω and ω 2 lie on the unit circle in the complex plane at angles of 2π/3 = 120◦
and 4π/3 = 240◦ , respectively. 

EXAMPLE 2 The fifth roots of unity are the numbers 1, ω, ω 2 , ω 3 , ω 4 , where

    √ p √
2π 2π −1 + 5 + i 10 + 5
ω = e2πi/5 = cos + i sin = .
5 5 4
The five roots lie at equally spaced points on the unit circle, with angles of
0, 2π/5 = 72◦ , 4π/5 = 144◦ , 6π/5 = 216◦ , and 8π/5 = 288◦ . 

EXAMPLE 3 The sixth roots of unity are the numbers 1, ω, ω 2 , ω 3 , ω 4 , ω 5 , where

    √
iπ/3 π π 1+i 3
ω = e = cos + i sin = .
3 3 2
 Fields and Cyclotomic Polynomials 9

Note that ω 3 = −1 is a square root of unity, and that

√ √
−1 + i 3 −1 − i 3
ω2 = and ω4 =
2 2
are cube roots of unity. The last root is ω 5 , which is the complex conjugate of ω. 

We saw in the last example that the sixth roots of unity include elements of orders
1, 2, 3, and 6. The following proposition generalizes this observation.

Proposition 8 Orders of Roots of Unity

Let ζ ∈ C and let n ≥ 1. Then ζ is an nth root of unity if and only if ordC (ζ) | n.

PROOF This follows immediately from Proposition 3. 

Definition: Primitive Roots of Unity

A primitive nth root of unity is any nth root of unity ζ for which ordC (ζ) = n.
We will let P (n) denote the set of all primitive nth roots of unity.

That is, ζ ∈ C× is a primitive nth root of unity if ζ n = 1 but ζ k 6= 1 for any

k < n. Applying Proposition 3, we obtain the following characterization of the nth
roots in terms of primitive roots.

Corollary 9 Structure of the Set of nth Roots

The set of all nth roots of unity is the union

[
P (d),
d|n

For example, the fourth roots of unity are the union

P (1) ∪ P (2) ∪ P (4) = {1} ∪ {−1} ∪ {i, −i}
and the sixth roots of unity are the union
n √ √ o n √ √ o
−1+i 3 −1−i 3 1+i 3 1−i 3
P (1) ∪ P (2) ∪ P (3) ∪ P (6) = {1} ∪ {−1} ∪ 2
, 2
∪ 2
, 2
.
 Fields and Cyclotomic Polynomials 10

Proposition 10 Characterization of Primitive nth Roots

Let n be a positive integer, let ω = e2πi/n , and let

ζ = ωk

be an nth root of unity. Then ζ is a primitive nth root of unity if and only if

gcd(k, n) = 1.

PROOF Clearly ordC (ω) = n. Then ordC (ω k ) = n/ gcd(n, k) by Corollary 4. In

particular, ordC (ω k ) = n if and only if gcd(n, k) = 1. 

Corollary 11 Number of Primitive Roots

For each n ≥ 1, there are exactly φ(n) primitive nth roots of unity.

Combining this with Corollary 9, we obtain the following interesting formula in-
volving the totient function.

Corollary 12 Sum of the Totient Function

If n is a positive integer, then

X
φ(d) = n.
d|n

For example,
φ(1) + φ(2) + φ(4) = 1 + 1 + 2 = 4
and
φ(1) + φ(2) + φ(3) + φ(6) = 1 + 1 + 2 + 2 = 6.
 Fields and Cyclotomic Polynomials 11

Cyclotomic Polynomials

Definition: Cyclotomic Polynomial

The nth cyclotomic polynomial Φn is defined by
Y
Φn (x) = (x − ζ)
ζ∈P (n)

where P (n) denotes the set of all primitive nth roots of unity.

For example:

• Since P (1) = {1} and P (2) = {−1}, the first and second cyclotomic polynomials
are respectively

Φ1 (x) = x − 1 and Φ2 (x) = x + 1.

√

• Recall that P (3) = {ω, ω 2 }, where ω = −1+i 3 /2. Thus the third cyclotomic
polynomial is
Φ3 (x) = (x − ω) x − ω 2 = x2 + x + 1

• Since P (4) = {i, −i}, the fourth cyclotomic polynomial is

Φ4 (x) = (x − i)(x + i) = x2 + 1.

In general, since there are exactly φ(n) primitive nth roots of unity, the nth cyclo-
tomic polynomial always has degree φ(n). Table 1.1 shows the first ten cyclotomic
polynomials.
The following proposition is fundamental to the theory of cyclotomic polynomials.

n Φn (x) n Φn (x)
1 x−1 6 x2 − x + 1
2 x+1 7 x6 + x5 + x4 + x3 + x2 + x + 1
3 x2 + x + 1 8 x4 + 1
4 x2 + 1 9 x6 + x3 + 1
5 x4 + x3 + x 2 + x + 1 10 x4 − x3 + x 2 − x + 1
Table 1.1: The first ten cyclotomic polynomials.
 Fields and Cyclotomic Polynomials 12

Proposition 13 Fundamental Relation

For any positive integer n,

Y
xn − 1 = Φd (x).
d|n

PROOF The roots of xn − 1 are precisely the nth roots of unity. But every nth
root of unity is a primitive dth root of unity for some divisor d of n, and these are
precisely the roots of the product on the right. 

For example,
• x2 − 1 = Φ1 (x) Φ2 (x) = (x − 1)(x + 1).


• x3 − 1 = Φ1 (x) Φ3 (x) = (x − 1) x2 + x + 1 .


• x4 − 1 = Φ1 (x) Φ2 (x) Φ4 (x) = (x − 1)(x + 1) x2 + 1 .


• x5 − 1 = Φ1 (x) Φ5 (x) = (x − 1) x4 + x3 + x2 + x + 1 .



• x6 − 1 = Φ1 (x) Φ2 (x) Φ3 (x) Φ6 (x) = (x − 1)(x + 1) x2 + x + 1 x2 − x + 1 .
We can use the fundamental relation to compute the cyclotomic polynomials induc-
tively. The following example illustrates this technique.

EXAMPLE 4 Compute the fifteenth cyclotomic polynomial Φ15 (x).

SOLUTION By the fundamental relation,
x15 − 1 = Φ1 (x) Φ3 (x) Φ5 (x) Φ15 (x)
and hence
x15 − 1 x15 − 1
Φ15 (x) = =

.
Φ1 (x) Φ3 (x) Φ5 (x) (x − 1) x2 + x + 1 x4 + x3 + x2 + x + 1
Multiplying out the denominator gives
x15 − 1
Φ15 (x) = .
x7 + x6 + x5 − x2 − x − 1
This fraction can be simplified using polynomial long division, which is tedious but
straightforward. The result is
Φ15 (x) = x8 − x7 + x5 − x4 + x3 − x + 1. 
 Fields and Cyclotomic Polynomials 13

In addition to being useful for computation, the fundamental relation also al-
lows us to prove things about the cyclotomic polynomials inductively. The following
proposition illustrates this technique.

Proposition 14 Integer Coefficients

Every cyclotomic polynomial Φn (x) has integer coefficients.

PROOF This follows by induction on n. For n = 1, we have that Φ1 (x) = x − 1 has

integer coefficients. For n > 1, we can write

xn − 1 = Φd1 (x) Φd2 (x) · · · Φdk (x) Φn (x)

where d1 , . . . , dk are the proper divisors of n. By our induction hypothesis, each

Φdi (x) has integer coefficients, and since each Φdi is monic it follows that Φn (x) has
integer coefficients.1 

Since the cyclotomic polynomials are monic and have integer coefficients, it follows
immediately that their roots (i.e. the roots of unity) are algebraic integers.
Regarding the coefficients, you may have noticed that each of the cyclotomic
polynomials in Table 1.1 has the property that all of its coefficients are either 0, 1,
or −1. It turns out that this pattern holds for Φn (x) whenever n has at most two
odd prime factors, but in general the coefficients of Φn (x) can be arbitrary integers.
Since 3 × 5 × 7 = 105, the first such example is Φ105 (x), which has two coefficients
of −2.
Incidentally, it is a theorem of Gauss that every cyclotomic polynomial is actually
irreducible over Q, meaning that it cannot be factored into polynomials of smaller
degree that have rational coefficients. It follows that the fundamental relation
Y
xn − 1 = Φd (x).
d|n

is the complete factorization of the polynomial xn − 1 over the rational numbers.

1
We are using here the fact that if p(x) and q(x) are monic polynomials with integer coefficients
and q(x) is a factor of p(x), then the quotient p(x)/q(x) also has integer coefficients. This is because
no non-integers can arise during the long division of p(x) by q(x).
 Fields and Cyclotomic Polynomials 14

Proposition 15 Φp (x) and Φ2p (x).

If p > 2 is prime, then

Φp (x) = xp−1 + xp−2 + · · · + x + 1

and
Φ2p (x) = xp−1 − xp−2 + · · · − x + 1.

PROOF Since p is prime, we have xp − 1 = Φ1 (x) Φp (x), so

xp − 1 xp − 1
Φp (x) = = = xp−1 + xp−2 + · · · + x + 1.
Φ1 (x) x−1

Moreover,

x2p − 1 x2p − 1
Φ2p (x) = = p
Φ1 (x) Φ2 (x) Φp (x) (x − 1) Φ2 (x)
x2p − 1 xp + 1
= = = xp−1 − xp−2 + · · · − x + 1. 
(xp − 1) (x + 1) x+1

For example,

Φ11 (x) = x10 + x9 + x8 + x7 + x6 + x5 + x4 + x3 + x2 + x + 1

and
Φ14 (x) = x6 − x5 + x4 − x3 + x2 − x + 1.

Lemma 16 Orders of Roots

Let F be a field, and let k and n be positive integers with k | n. Then for each
a ∈ F× ,
ordF (a) = nk if and only if ordF (ak ) = n.

PROOF If ordF (a) = nk, then by Corollary 4, it follows that

nk nk
ordF (ak ) = = = n.
gcd(k, nk) k
 Fields and Cyclotomic Polynomials 15

For the converse, suppose that ordF (ak ) = n, and let m = ordF (a). By Corollary 4,
we know that
m
ordF (ak ) =
gcd(m, k)
so
m
= n.
gcd(m, k)
Since k | n and m = n gcd(m, k), we know that k | m, and therefore gcd(m, k) = k.
It follows that m = nk. 

Proposition 17 A Formula for Φnk (x)

Let n and k be positive integers with k | n. Then

Φnk (x) = Φn (xk ).

PROOF Let ζ ∈ C× . By the lemma, ζ ∈ P (nk) if and only if ζ k ∈ P (n). Thus ζ

is a root of Φnk (x) if and only if ζ k is a root of Φn (xk ). Then Φnk (x) and Φn (xk ) are
monic polynomials with the same roots, so they must be equal. 

For example, it follows from this proposition that

Φ18 (x) = Φ6 (x3 ) = (x3 )2 − (x3 ) + 1 = x6 − x3 + 1

and
Φ64 (x) = Φ8 (x8 ) = (x8 )4 + 1 = x32 + 1.

Primitive Elements
The notion of a primitive element makes perfect sense over any finite field.

Definition: Primitive Element

Let F be a finite field with m elements. An element a ∈ F× is called a primitive
element of F if ordF (a) = m − 1.

We shall now use cyclotomic polynomials to prove the existence of primitive ele-
ments. We begin with the following theorem.
 Fields and Cyclotomic Polynomials 16

Theorem 18 Order and Cyclotomic Polynomials

Let F be a field, let a ∈ F× , and suppose that ordF (a) = n. Then Φn (a) = 0.

PROOF By Proposition 13, we know that

Y
Φd (a) = an − 1 = 0.
d|n

But for d < n, the polynomial Φd (x) is also a factor of xd − 1. Since a is not a
root of xd − 1 for any d < n, it follows that Φd (a) 6= 0 for any d < n, and therefore
Φn (a) = 0. 

For example, observe that 2 has order 3 modulo 7, since

21 ≡ 2 (mod 7), 22 ≡ 4 (mod 7) and 23 ≡ 1 (mod 7).

Then 2 must be a root of Φ3 (x) = x2 + x + 1 modulo 7. This is easy to check:

Φ3 (2) = 22 + 2 + 1 ≡ 0 (mod 7).

Similarly, 4 also has order 3 modulo 7, so

Φ3 (4) = 42 + 4 + 1 ≡ 0 (mod 7)

as well. Indeed,
x2 + x + 1 ≡ (x − 2)(x − 4) (mod 7).
By the way, the converse of the previous theorem does not hold in general. For
example,
Φ2 (1) ≡ 0 (mod 2),
but 1 does not have order two in Z2 . Similarly,

Φ6 (2) ≡ 0 (mod 3),

but 2 does not have order six in Z3 .

Theorem 19 Orders of Elements in Finite Fields

Let F be a finite field with m elements, and let d be a divisor of m − 1. Then
the polynomial Φd (x) has exactly φ(d) roots in F, and these are precisely the
elements of F× that have order d.
 Fields and Cyclotomic Polynomials 17

PROOF For each divisor d of m − 1, let R(d) be the set of all roots of Φd (x) in F× .
By the previous proposition, if a ∈ F× has order d, then d ∈ R(d). By Lagrange’s
theorem for finite fields, we know that the order of a divides m − 1 for all a ∈ F× ,
and hence [
R(d) = F× .
d | m−1

But since each Φd (x) has degree φ(d), we know that |R(d)| ≤ φ(d) for each d. By
Corollary 12, we have X
φ(d) = m − 1 = |F× |,
d | m−1

so indeed |R(d)| = φ(d) for each d | m − 1, Moreover, these sets must all be disjoint,
so each element a ∈ F× of order d lies only in R(d), and therefore each element of
R(d) must have order d. 

Corollary 20 Existence of Primitive Elements

Let F be a finite field with m elements. Then F has exactly φ(m − 1) primitive
elements.

Indeed, these primitive elements are precisely the roots of Φm−1 (x) in F. For
example, the primitive elements of Z7 are 3 and 5, and these are precisely the roots
of the polynomial Φ6 (x) = x2 − x + 1 in Z7 . Indeed, it is easy to check that

x2 − x + 1 ≡ (x − 3)(x − 5) (mod 7).

We can state this sort of factorization of Φk (x) in general.

Corollary 21 Factorization of Φd (x) Modulo p

Let p be a prime and let d be a divisor of p − 1. Then

Y
Φd (x) ≡ (x − ζ) (mod p)
ζ∈O(d)

where O(d) denotes the set of elements of Z×

p of order d.
 Fields and Cyclotomic Polynomials 18

Application to Quadratic Residues

Recall that a number k ∈ Z is called a quadratic residue modulo n if the congruence

x2 ≡ k (mod n)

has at least one solution. That is, k is a quadratic residue modulo n if k has a square
root modulo n.

Theorem 22 Square Roots of −1

Let p > 2 be a prime. Then −1 is a quadratic residue modulo p if and only if

p ≡ 1 (mod 4).

PROOF Observe that −1 is the only root of Φ2 (x) = x + 1, so it is the only element
of Zp of order 2. Then −1 has a square root in Zp if and only if Zp has elements
of order 4, i.e. if and only if 4 | p − 1. This is equivalent to the condition that
p ≡ 1 (mod 4). 

For example, −1 has a square root modulo 5, 13, or 17:

22 ≡ −1 (mod 5), 52 ≡ −1 (mod 13), 42 ≡ −1 (mod 17)

but −1 has no square root modulo 3, 7, or 11.

Of course, the reasoning used in the proof of this theorem can also be applied to
any finite field. That is, if F is a finite field with m elements, then −1 has a square
root in F if and only if m ≡ 1 (mod 4).

Theorem 23 Primes Congruent to 1 (mod 4)

There are infinitely many primes congruent to 1 (mod 4).

PROOF Observe that if n is any even integer, then every prime divisor of n2 + 1
must be congruent to 1 modulo 4. For if p is a prime divisor of n2 + 1, then p 6= 2
since n is even, and since n2 ≡ −1 (mod p) it follows that p ≡ 1 (mod 4).
Now suppose there are only finitely many primes p1 , . . . , pm congruent to 1 mod-
ulo 4, and let n = 2p1 · · · pm . Then n2 + 1 is not divisible by any of the pi , but every
prime factor of n2 + 1 is congruent to 1 modulo 4, a contradiction. 
 Fields and Cyclotomic Polynomials 19

The following theorem is based on an interesting trick. Recall that the primitive
cube roots of unity are the numbers
√ √
−1 + i 3 2 −1 − i 3
ω = and ω = .
2 2
Then √
ω − ω2 = i 3
is a square root of −3. This suggests a possible way of making square roots of −3 in
any field: if we can find an element a in the field of order 3, then perhaps a − a2 will
be a square root of −3.

Theorem 24 Square Roots of −3

Let p > 3 be a prime. Then −3 is a quadratic residue modulo p if and only if

p ≡ 1 (mod 3).

PROOF Suppose first that p ≡ 1 (mod 3). Then 3 is a divisor of p − 1, so there

exists an element a ∈ Zp of order 3. Note then that a is a root of the cyclotomic
polynomial Φ3 (x) = x2 + x + 1, so a2 + a = −1. Then

2
a − a2 = a2 − 2a3 + a4 = a2 − 2 + a = −3,
so −3 is a quadratic residue modulo p.
Conversely, suppose that −3 is a quadratic residue modulo p, and let b ∈ Zp so
that b2 = −3. Let c = 2−1 (−1 + b), and note that c 6= 1 since b 6= 3. But
(−1 + b)3 = −1 + 3b − 3b2 + b3 = −1 + 3b − 3(−3) + b(−3) = 8

3
3
so c3 = 2−1 (−1 + b)3 = 2−1 (8) = 1. Then c has order 3 in Zp , which implies
that 3 | p − 1, and hence p ≡ 1 (mod 3). 

For example, −3 has a square root modulo 7, 13, or 19:

22 ≡ −3 (mod 7), 62 ≡ −3 (mod 13), 42 ≡ −3 (mod 19)
but −3 has no square root modulo 5, 11, or 17.

Corollary 25 Primes Congruent to 1 (mod 3)

There are infinitely many primes congruent to 1 (mod 3).

 Fields and Cyclotomic Polynomials 20

PROOF Observe that if n is any even integer and n is not a multiple of 3, then
every prime factor of n2 + 3 is congruent to 1 modulo 3. For neither 2 nor 3 can be a
prime factor of n2 + 3, and if p > 3 is a prime factor of n2 + 3 then n2 ≡ −3 (mod p)
and hence p ≡ 1 (mod 3).
Now suppose that there are only finitely many primes p1 , . . . , pm congruent to 1
modulo 3, and let n = 2p1 · · · pm . Then n is even and is not a multiple of 3, so every
prime factor of n2 + 3 is congruent to 1 modulo 3. But none of the primes p1 , . . . , pm
divide n2 + 3, a contradiction. 

Corollary 26 Square Roots of 3

Let p be prime. If p ≡ 1 (mod 12), then 3 is a quadratic residue modulo p

PROOF Since p ≡ 1 (mod 4), there exists an element a ∈ Zp so that a2 = −1.

Since p ≡ 1 (mod 3), there exists an element b ∈ Zp so that b2 = −3. Then

(ab)2 = a2 b2 = (−1)(−3) = 3,

so 3 is a quadratic residue. 

Note that the converse of this last corollary is false. That is, there exist prime
numbers p with p 6≡ 1 (mod 12) for which 3 is a quadratic residue. A simple example
is 11, for which
52 ≡ 3 (mod 11).
Indeed, it is a consequence of quadratic reciprocity that 3 is a quadratic residue
modulo p if and only if p ≡ ±1 (mod 12).