Inverse

I Recall that gcd(m, n) is the greatest common divisor1 of two

integers m, n.
I Last time we had the observation that 3x ≡ 4 (mod 10) has a
unique solution while 6x ≡ 4 (mod 10) does not, because
gcd(3, 10) = 1 and gcd(6, 10) = 2 > 1.
I More precisely, we want to have an inverse of 3 in the mod 10
arithmetic.
I What does that mean?
I When we are really young, 1/3 mean one-third of something. But
then “something” goes more and more general and eventually 1/3 is
really just a quantity for which 3 × (1/3) = 1.
I If so, and 3 × 7 ≡ 1 (mod 10), and wouldn’t 7 be an inverse in our
mathematical/data structure?
I Test:
3x ≡ 4 (mod 10) ⇒ (3 × 7)x ≡ 4 × 7 (mod 10) ⇒ x ≡ 8 (mod 10).
It works!

1 Unless they are both 0, in which case some manually define gcd(0, 0) = 0.
Inverse, II
3x ≡ 4 (mod 10) ⇒ (3 × 7)x ≡ 4 × 7 (mod 10) ⇒ x ≡ 8 (mod 10)

I Fix a positive integer n > 0. Let us say integer b is an

(multiplicative) inverse of integer a modulo n if ab ≡ 1 (mod n).
I If b, b 0 are inverses of a mod n, then
b ≡ b(ab 0 ) = (ba)b 0 ≡ b 0 (mod n).
I That is, this notion is (expectedly) unique in the world of modular
arithmetic.
I Not everything has an inverse, e.g. 6 does not have an inverse mod
10.
I Why? If 6b ≡ 1 (mod 10), then 6b = 1 + 10x which gives even =
odd, contradiction.
I In general, if d = gcd(a, n) > 1, and if a had an inverse b mod n,
then ab = 1 + nx which gives 1 = ab − nx. As d|a and d|n, we also
have d|ab − nx = 1 which contradicts with d > 1.
I Prop. If gcd(a, n) > 1, then a has no inverse modulo n.
Euclid’s algorithm
Prop. If gcd(a, n) > 1, then a has no inverse modulo n.
I On the other hand, let us suppose gcd(a, n) = 1. We want an
inverse of a modulo n - if it ever exists?
I The proof of Prop. is inspiring: to have an inverse b we want
ab = 1 + xn, or 1 = ab − xn, for some b and x to be found.
I In other words, we want to express 1 as a combination of a multiple
of a and a multiple of n.
I Example: Suppose we have a = 7 and n = 10. Then we might begin
with ... say n − a = 3. Then we try to make 1 out of 7, 10 and 3 ...
how about 1 = 7 − 2 × 3? This suggests
1 = a − 2(n − a) = 3a − 2n. Great!
I Now time for a general algorithm, the Euclid’s algorithm:
Step 0. The input should be two integers n ≥ a ≥ 0. Let us also name
a0 = n, a1 = a. We want to express ai = abi + xi n in general.
Step 1. We have b0 = 0, x0 = 1, b1 = 1, x1 = 0. Let index i = 1.
Step 2. If ai = 0, exit the loop to Step 5, otherwise
Step 3. Divide ai−1 by ai to get ai−1 = ai q + r . Let ai+1 = r . Since
ai+1 = ai−1 − ai q, we set bi+1 = bi−1 − bi q and xi+1 = xi−1 − xi q.
Step 4. Increase i by 1 and loop back to Step 2.
Step 5. Output “ai−1 = gcd(a, n)” and “ai−1 = abi−1 + xi−1 n.”
 Euclid’s algorithm, II
ep 0. The input should be two integers n ≥ a > 0. Name a0 = n, a1 = a.
ep 1. Put b0 = 0, x0 = 1, b1 = 1, x1 = 0. Put i = 1.
ep 2. If ai = 0, exit the loop to Step 5, otherwise
ep 3. Divide ai−1 by ai to get ai−1 = ai q + r . Let ai+1 = r . Since ai+1 = ai−1 − ai q, we set
bi+1 = bi−1 − bi q and xi+1 = xi−1 − xi q.
ep 4. Increase i by 1 and loop back to Step 2.
ep 5. Output “ai−1 = gcd(a, n)” and “ai−1 = abi−1 + xi−1 n.”

I For example, if a = 8 and n = 14, then we have a0 = 14, a1 = 8,

a2 = 6, a3 = 2 and a4 = 0. In short this is
gcd(14, 8) = gcd(8, 6) = gcd(6, 2) = gcd(2, 0) = 2.
I If any number divides 14 and 8, it must also divide 6. Conversely if
any number divides 8 and 6, it must also divides 14. This explains
the identities above, and thus why Euclid’s algorithm works.
I If one doesn’t like the condition n ≥ a > 0, one can switch a and n
or change a to −a, etc.
Inverse again
I In particular, Euclid’s algorithm gives a constructive proof that:
I Theorem. Integer a has an inverse mod n iff2 gcd(a, n) = 1.
−1
I We write a(n) or even a−1 (when we are lazy) for the inverse of a
mod n.
I Corollary. If integers a, b are both coprime to n, then so is ab.
I Proof. a, b both have inverses mod n. But then ab has the inverse
−1 −1 −1 −1 −1 −1
a(n) b(n) ; indeed aba(n) b(n) = aa(n) bb(n) ≡ 1 · 1 = 1 (mod n). So ab
is coprime to n.
I So being coprime is convenient. As the name suggests, it’s easy for
a prime number to be coprime to others; since the only positive
prime divisors of a prime number p are 1 and p, as long as p - a we
have gcd(a, p) = 1. That is:
I Lemma. Prime p - a iff gcd(p, a) = 1.
I In particular, any number not divisible by p has an inverse mod p.
This is convenient; our error correcting code would work if it’s
modulo 11, as 11 is a prime!
2 This is a shorthand for “if and only if.”
Finite field
I So we have seen that arithmetic modulo p (for a prime number p) is
convenient; everything not divided by p has an inverse mod p.
I Note p|a iff a ≡ 0 (mod p). In other words, this is saying anything
that is “non-zero” - not equal to zero in our mathematical/data
structure has an inverse mod p.
I It’s like rational numbers, that every non-zero number can find its
inverse! Such a structure is called a field.
I Our mod p arithmetic is such a nice finite field, that we give it a
name Fp .
I Real-life example: Last year Cheng-Chiang needs a program to do
some computations that involve heavily arithmetic of rational
numbers. But
1. Cheng-Chiang is lazy to write rational number as a data structure.
2. Iterated arithmetic of rational numbers make their
denominator/numerator grow exponentially and is horrible in practice
(when one needs the accuracy and can’t use floating numbers).
I So instead of computing rational numbers, they choose a large prime
p = 100000007 and work in Fp ; when 2/3 is needed, they will put it
as 2 × 3−1 (mod p). Happy!
Factorization
Lemma. If integers a, b are both coprime to p, i.e. not divisible by p, then so is ab.
I The above lemma that appeared earlier has an extremely important
application in another direction.
I Corollary. If p - a, b, then p - ab. Equivalently, if p|ab, then p|a or
p|b.
I Corollary. If p|a1 a2 ...ak for a bunch of integers a1 , ..., ak . Then p
divides at least one of them.
I Theorem. Any non-zero integer m can be uniquely factored as
m = ±p1 ...pk
where p1 , ..., pk are primes and they are unique up to switching
order. Sometimes it might be preferred to write it as
m = ±p1e1 ...pses
with p1 , .., ps distinct (or p1 < ... < ps , or p1 > ... > ps , whichever
one finds convenient.)
I Why is this? Like, how do I know
3 × 7 × 11 × 13 × 101 6= 67 × 71 × 73? (yes they are all primes.)
I Indeed not, because if they were equal, then 3 divides 67 × 71 × 73
so 3 divides one of them. But prime number don’t like to be divided.