Groups

Definition. A binary operation on a set S is a function which takes a pair of elements s, t ∈ S and
produces another element f (s, t) ∈ S. That is, a binary operation is a function f : S × S → S.
Binary operations are usually denoted by infix operators:

s·t or s ∗ t or even st rather than f (s, t).

(The last notation — suppressing the operation symbol entirely — is what you do when you write “3x”
to mean “3 times x”. In this case, the operation is multiplication.)
When you are trying to show that you have a binary operation ∗ on a set S, the issue is usually whether
S is closed under the operation. This means that for all s, t ∈ S, you have s ∗ t ∈ S.
As with any universal statement (“for all s, t ∈ S”), to prove that ∗ is a binary operation on S you must
show that it holds for arbitrary s and t. You are not allowed to pick specific elements s and t in the set.
On the other hand, if you think that S is not closed under ∗, you need to give a specific counterexample.
You can disprove a universal statement with a single counterexample.

Most binary operations satisfy additional properties. Here are two that are particularly important.
Definition. Let ∗ be a binary operation on a set S.
(a) ∗ is associative if a ∗ (b ∗ c) = (a ∗ b) ∗ c for all a, b, c ∈ S.
(b) ∗ is commutative if a ∗ b = b ∗ a for all a, b ∈ S.
Note that associativity is stated for 3 elements. You can prove (using induction) that if associativity
holds for 3 elements, then it holds for n elements for any n ≥ 3.

Example. If ∗ is an associative binary operation, show that

a ∗ [(b ∗ c) ∗ d] = [(a ∗ b) ∗ c)] ∗ d.

Use 3-element associativity step-by-step:

a ∗ [(b ∗ c) ∗ d] = a ∗ [b ∗ (c ∗ d)]
= (a ∗ b) ∗ (c ∗ d)
= [(a ∗ b) ∗ c] ∗ d

Of course, this is just a particular case, but it should make it plausible that you could do this with any
two groupings of n elements.

Example. (Binary operations on familiar number systems) Are addition, subtraction, multiplication,
and division binary operations on the integers Z, the rational numbers Q, the real numbers R, and the
complex numbers C?
For those which are binary operations, are they associative? Commutative?
Addition, subtraction, and multiplication are binary operations on the integers Z, the rational numbers
Q, the real numbers R, and the complex numbers C.
For example, consider the operation of addition on the set of integers. If you add two integers, you get
a well-defined integer as the result. Addition is therefore a binary operation on Z.
Addition and multiplication are both associative and commutative operations on Z, Q, R, and C.

1
 Subtraction is not associative:

(3 − 4) − 6 = −1 − 6 = −7, but 3 − (4 − 6) = 3 − (−2) = 5.

Subtraction is also not commutative:

8 − 9 = −1, but 9 − 8 = 1.

Since the counterexamples I gave used only integers, which are elements of Z, Q, R, and C, the last two
statements are true for all of these sets.
Division is not a binary operation on any of these sets. For one thing, you cannot divide by 0. For
3
example, 0 ∈ Z and 3 ∈ Z but ∈ / Z.
0

Example. (A binary operation defined by a table) Consider the following operation table:

∗ a b
a b a
b a a

Find a ∗ a, a ∗ b, b ∗ a, and b ∗ b.
Is the operation commutative? Is the operation associative?

The first row says that

a∗a=b and a ∗ b = a.
The second row says that
b∗a=a and b ∗ b = a.
(The first element is the row element and the second element is the column element.)
∗ is commutative — in fact, this follows from the fact that the table is symmetric about the main diagonal
(the diagonal running from northwest to southeast).
However, ∗ is not associative:

b ∗ (a ∗ a) = b ∗ b = a, but (b ∗ a) ∗ a = a ∗ a = b.

It’s possible to define a binary operation using a table if the set is small. If the set is too large or the
set is infinite, this isn’t useful or possible.

Example. (Function composition as a binary operation) If X is a set and Hom(X, X) is the set of
functions from X to X, then function composition is a binary operation on Hom(X, X).

X
f ✒ ❅ g
❅
❘
❅
X ✲X
g◦f

As the diagram shows, if f : X → X and g : X → X are functions, then the composite g ◦ f : X → X

is another function from X to X.

2
Example. (An “operation” which isn’t well-defined) If a, b ∈ Z, can I define a ∗ b to be “an integer
bigger than ab”? That is, does this define a binary operation on Z?

In this case, the supposed operation apparently produces an integer, so the issue is not whether the set
is closed under the operation. The problem is that “an integer bigger than ab” does not define a unique
integer. For example, if a = 3 and b = 2, then ab = 3 · 2 = 6. The definition would allow a ∗ b to be 7 (since
7 > 6, but a ∗ b = 15 would also work (since 15 > 6).
The input (a, b) does not produce a unique output a ∗ b: that is, ∗ does not define a function from pairs
of integers to integers. Thus, ∗ is not a binary operation.

Definition. A group is a set G with a binary operation ∗ such that:

(a) (Associativity) a ∗ (b ∗ c) = (a ∗ b) ∗ c for all a, b, c ∈ G.

(b) (Identity) There is an element e ∈ G such that e ∗ a = a = a ∗ e for all a ∈ G.

(c) (Inverses) For each a ∈ G, there is an element a′ ∈ G (the inverse of a) such that a∗ a′ = e = a′ ∗ a.

The notations “∗” for the operation, “e” for the identity, and “a′ ” for the inverse of a are temporary,
for the sake of making the definition. In particular examples, you’ll see that other notations are used. And
I’ll say something about the general issue of notation in groups later on.

Notice that the operation in a group does not need to be commutative. That is, a ∗ b need not equal
b ∗ a.

Definition. A group is abelian if the group operation is commutative — that is, a ∗ b = b ∗ a for all a and
b.

The term “abelian” honors Niels Henrik Abel (1802–1829). Abel and Paolo Ruffini were the first to
demonstrate the unsolvability of the general quintic equation.
Most of the initial examples will be of abelian groups. I’ll give an example of a non-abelian group later.

Definition. The order of a group is the number of elements in the group, if it is finite. Otherwise, the
group has infinite order. |G| denotes the order of the group G.

A finite group is a group whose order is finite; an infinite group is a group whose order is infinite.

Example. (Group structures on familiar number systems) Consider the following sets:

Z - the set of integers

Q - the set of rational numbers

R - the set of real numbers

C - the set of complex numbers

Are these groups with addition as the operation?

All of them are infinite groups under addition.

Consider, for example, the case of (Z, +). The sum of two integers is an integer. Addition of integers is
associative. 0 is an identity for addition. And if x ∈ Z, the additive inverse of x is −x, another integer.

3
Example. (The nonnegative rationals under addition) Consider the set of nonzero rational numbers:

Q+ = {q ∈ Q | q > 0}.

Is Q+ a group under addition? Under multiplication?

Q+ is not a group under addition.
Q+ is certainly closed under addition, and addition of rational numbers is associative. However, it does
not contain an identity for addition.
Suppose e ∈ Q+ was the identity. Then, for instance,

e + 17 = 17, so e = 0.

/ Q+ .
But 0 ∈
(Note that in giving this proof by contradiction, I can’t begin by assuming that 0 is the identity: I had
to show it would have to be, by the definition.)
(Question: Suppose you try to fix this problem by considering the nonnegative rational numbers Q≥0
under addition. Now 0 is an identity for addition in Q≥0 . But something else goes wrong and Q≥0 is not a
group. Do you see what it is?)
Q+ is a group under multiplication. The product of two rational numbers is rational number:
a c ac
· = , a, b, c, d ∈ Z.
b d bd
Since, in addition, the product of two positive numbers is positive, Q+ is closed under multiplication.
Multiplication of rationals is associative. The identity for multiplication is 1, which is a positive rational
a b
number. Finally, if is a positive rational number, then so is its multiplicative inverse .
b a

Notation. It’s tedious to have to write “∗” for the operation in a group. It’s common to use either
multiplicative or additive notation instead. Here is how the various notations compare.

Notation ∗ Multiplicative Additive

Operation on elements a and b a∗b a · b or ab a+b
Identity e 1 0
′ −1
Inverse of a a or a a −a
2
Operation on a and a a∗a a a + a = 2a
3
Operation on a, a, and a a∗a∗a a a + a + a = 3a
Restrictions Must be commutative

Note that the convention is to use multiplicative notation for an arbitrary group (unless you know it’s
abelian, in which case you may use additive notation).
In multiplicative notation, “1” refers to the identity, which may or may not be the number 1. Likewise,
in additive notation, “0” refers to the identity, which may or may not be the number 0.
Of course, if there is a standard way to refer to the operation or the identity element in a group, you
use it instead of the general notation. For instance, in the group of integers under addition, you use “+” for
the operation — it would be silly and confusing to use “·”!
And in the group M (2, R) of 2 × 2 matrices with real entries under matrix addition, the identity is
 
0 0
.
0 0

4
Example. (a) Write the expression “a ∗ a ∗ a ∗ b′ ” in multiplicative notation and in additive notation.
(Assume the operation is commutative, and “b′ ” means the inverse of b.)
(b) Write “5a − b + 4c” in multiplicative notation. (Assume the operation is commutative.)
(c) Write “a−6 b3 ” in additive notation. (Assume the operation is commutative.)
(a) In multiplicative notation, this is a3 b−1 . In additive notation, this is 3a − b.
(b) In multiplicative notation, this is a5 b−1 c4 .
(c) In additive notation, this is −6a + 3b.

I’ve been referring to the identity of a group and the inverse of an element, but the axioms don’t say
that there is only one identity, or that an element has only one inverse. The next proposition asserts that
the identity and inverses are unique.
Proposition. Let G be a group.
(a) The identity element of G is unique.
(b) The inverse of an element is unique.
Proof. To show a thing is unique, you assume that you have two things of that kind, then show that the
two things must in fact be the same.
Suppose 1, 1′ are identity elements for G. Then 1 · 1′ = 1′ because 1 is an identity, but 1 · 1′ = 1 because
1 is an identity. Therefore, 1 = 1 · 1′ = 1′ . The identity element of G is unique.
′

Suppose g ∈ G and that I have elements a, b ∈ G which behave like the inverse of g. This means that

ag = 1 = ga and bg = 1 = gb.

Now
ag = 1 so (ag)b = 1 · b = b.
By associativity, a(gb) = b, but gb = 1. So a · 1 = b, and a = b. The inverse of an element is unique.
Associativity applies to 3 elements:

a · (b · c) = (a · b) · c).

It’s easy to show in particular cases that it applies to products with any number of factors.

Example. Suppose S is a set with an associative binary operation ·. Suppose a, b, c, d ∈ S. Prove that

(a · b) · (c · d) = a · [(b · c) · d].

(a · b) · (c · d) = a · [b · (c · d)]
= a · [(b · c) · d]

Proposition. Suppose S is a set with an associative binary operation. Then for all n ≥ 1, any two ways of
grouping a product of n factors give the same result.

5
 I won’t give the proof here, but it isn’t too difficult: Use induction. Given this result, from now on, I’ll
be a little casual about associativity of products with any number of factors.
Proposition. Let G be a group and let a, b, c ∈ G.
(a) If ab = ac, then b = c. If ba = ca, then b = c.
(b) (ab)−1 = b−1 a−1 .
(c) (a−1 )−1 = a.
Proof. For the first part of (a), I have
ab = ac
−1
a (ab) = a−1 (ac)
(a−1 a)b = (a−1 a)c
1·b=1·c
b=c
You can prove the second part of (a) in similar fashion.
For the proof of (b), I’m going to be a little casual about associativity. I have

b−1 a−1 · ab = b−1 · 1 · b = b−1 · b = 1.

Lkewise, ab · b−1 a−1 = 1. So b−1 a−1 must be the inverse of ab, i.e. (ab)−1 . (The rule (ab)−1 = b−1 a−1
may be familiar to you if you know about matrices, since this is the way you take the inverse of a product
of matrices.)
For (c), note that
a−1 · a = 1 = a · a−1 .
This shows that a is the inverse of a−1 — that is, a = (a−1 )−1 .
Notation. If a is an element of a group G with identity 1, then a0 = 1. If n is a positive integer,

n times
z }| {
an means a · ··· · a.

If n is a negative integer, an means (a−n )−1 . For example, a−3 is defined to be (a3 )−1 , the inverse of
3
a .
I’m assuming in giving this definition that any two ways of associating a product with n factors gives
the same result.
Proposition. Let G be a group and let a ∈ G.
n times
z }| {
(a) If n > 0, then a−n = a−1 · · · · · a−1 .
(b) am an = am+n for all m, n ∈ Z.
(c) (am )n = amn for all m, n ∈ Z.
I’ll omit the proof: It involves induction and is not that enlightening.

Example. (Computations with group elements) Suppose G is a group and a, b ∈ G.

6
(a) Simplify a2 b3 (ab2 )−2 ab3 as much as possible.
(b) Solve for x in terms of a and b:
a2 bxa2 b3 = a2 b2 ab2 .
(a) Note that I was not told that G was abelian, so I have to be careful not to commute elements (in general).

a2 b3 (ab2 )−2 ab3 = a2 b3 [(ab2 )−1 ]2 ab3

= a2 b3 [b−2 a−1 ]2 ab3
= a2 b3 (b−2 a−1 b−2 a−1 )ab3
= a2 ba−1 b

(b) I can multiply both sides of the equation by the same thing, but I have to be careful to multiply on the
same side of both sides. For example, in the second line below, I multiplied both sides on the left by a−2 .

a2 bxa2 b3 = a2 b2 ab2
a−2 a2 bxa2 b3 = a−2 a2 b2 ab2
bxa2 b3 = b2 ab2
b−1 bxa2 b3 = b−1 b2 ab2
xa2 b3 = bab2
xa2 b3 b−3 = bab2 b−3
xa2 = bab−1
xa2 a−2 = bab−1 a−2
x = bab−1 a−2

Definition. If G is a group and g ∈ G, the order of g is the smallest positive integer n such that g n = 1.
If g n 6= 1 for any postive integer n, then g has infinite order.
In this definition, “1” denotes the identity element of G, and I’m using multiplicative notation. Using
additive notation, the definition would read: If G is a group and g ∈ G, the order of g is the smallest
positive integer n such that ng = 0. If ng 6= 0 for any postive integer n, then g has infinite order.
Recall that the order of a group is the number of elements in the group; the preceding definition
pertains to the order of an element, which is the smallest positive power of the element which equals the
identity. Don’t confuse the two uses of the word “order”!

Example. (Orders of elements) This is a group of order 6:

· 1 a a2 a3 a4 a5
1 1 a a2 a3 a4 a5
a a a2 a3 a4 a5 1
a2 a2 a3 a4 a5 1 a
a3 a3 a4 a5 1 a a2
a4 a4 a5 1 a a2 a3
a5 a5 1 a a2 a3 a4

Find the orders of the elements of this group.

7
 The operation is multiplication and the identity is 1. To find the order of an element, I find the first
positive power which equals 1.
1 has order 1 — and in fact, in any group, the identity is the only element of order 1.
The element a has order 6 since a6 = 1, and no smaller positive power of a equals 1.
a2 has order 3, because

a2 6= 1, (a2 )2 = a4 6= 1, but (a2 )3 = a6 = 1.

a3 has order 2, because

a3 6= 1, but (a3 )2 = a6 = 1.
a4 has order 3, because

a4 6= 1, (a4 )2 = a8 = a2 6= 1, but (a4 )3 = a12 = (a6 )2 = 1.

a5 has order 6. Note that

(a5 )6 = a30 = (a6 )5 = 1.
You can check that no smaller positive power of a5 gives the identity.

√
Example. What is the order of 2 in R, the group of real numbers under addition?
√ √
The element 2 has infinite order: If I take positive multiples of 2, I’ll never get 0:
√ √ √
2, 2 2, 3 2, . . . .

Example. (The group of quaternions) This is the group table for Q, the group of quaternions. (Notice
that the way i, j, and k multiply is similar to the way the unit vectors ı̂, ̂, k̂ multiply under the cross
product in R3 .)

1 −1 i −i j −j k −k
1 1 −1 i −i j −j k −k
−1 −1 1 −i i −j j −k k
i i −i −1 1 k −k −j j
−i −i i 1 −1 −k k j −j
j j −j −k k −1 1 i −i
−j −j j k −k 1 −1 −i i
k k −k j −j −i i −1 1
−k −k k −j j i −i 1 −1

(a) Show that Q is not abelian.

(b) Find the orders of 1, −1, and i.
(a) Since ij = k but ji = −k (for instance), Q is not abelian.
(b) The identity 1 has order 1, −1 has order 2, and i has order 4:

i2 = −1, i3 = −i, i4 = (i2 )2 = (−1)2 = 1.

8
 It’s no coincidence that 1, 2, and 4 are divisors of 8, the order of the group. The order of an element
always divides the order of the group.
However, it doesn’t work the other way: 8 is obviously a divisor of 8, but there’s no element of order 8
in Q.
Definition. If G is a group with n elements and G has an element x of order n, G is said to be cyclic of
order n.
x is called a generator of the cyclic group, and the cyclic group consists of all powers of x.
Thus, Q is not cyclic, since it has no elements of order 8.
It turns out the Z is an infinite cyclic group, since you can get every element by taking multiples of 1
(or −1). I’ll discuss cyclic groups in more detail later.

c 2022 by Bruce Ikenaga 9

 8-23-2016
Examples of Groups
In this section, I’ll look at some additional examples of groups. Some of these will be discussed in more
detail later on.
In many of these examples, I’ll assume familiar things like associativity of addition or multiplication. A
really careful discussion would often require an extensive discussion of foundations: For instance, associativity
of addition for the integers would require a discussion of how the integers are constructed.

Example. (The integers mod n) Zn (read “Z mod n”) denote the set of equivalence classes of integers
under equality mod n. It’s a group under addition mod n.
If a and b are integers and n is a positive integer (in most cases, n > 1), then a and b are congruent
mod n if n divides a − b. In this case, you write a = b (mod n).
For example, −6 and 36 are congruent mod 14, since 14 divides 36 − (−6) = 42.
Equality mod n is an equivalence relation on Z, and therefore Z is partitioned into equivalence
classes. For example, the equivalence classes of integers mod 4 are

{. . . , −8, −4, 0, 4, 8, . . .},

{. . . − 7, −3, 1, 5, 9, . . .},
{. . . − 6, −2, 2, 6, 10, . . .},
{. . . − 5, −1, 3, 7, 11, . . .}.
To say that this is a partition of Z means that every integer is in exactly one of these sets.
Thus, Z4 = {0, 1, 2, 3}. Add elements of Zn by adding and reducing mod n. Thus, in Z4 ,

2 + 2 = 0, 3 + 2 = 1, and so on.

Relative to congruence mod n, there are n equivalence classes: The class containing 0, the class con-
taining 1, . . . , the class containing n − 1. As usual, I’ll abuse notation and denote the equivalence classes by
0, 1, . . . , n − 1. Then Zn is the set of these n equivalence classes.
Addition mod n gives a binary operation on Zn . It is associative, and the identity is 0. If 0 ≤ k < n,
then the inverse of k is −k = n − k.
With these definitions, Zn is a group. It is called the cyclic group of order n.
I’ll take the axioms for granted right now; later, they will follow from the construction of Zn as a
quotient group of Z.

Example. Find the order of 6 in Z10 .

Z10 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}.

The operation is addition and the identity is 0. To find the order of an element, I find the first positive
multiple which equals 0.
Thus, 6 has order 5, because

1 · 6 = 6 6= 0, 2 · 6 = 2 6= 0, 3 · 6 = 8 6= 0, 4 · 6 = 4 6= 0, but 5 · 6 = 0.

1
Example. (Guessing an identity and inverses) Define an operation ∗ on the real numbers by

a ∗ b = a + b + 2 for all a, b ∈ R.

Does this give a group structure on R?

∗ takes two real numbers and produces a real number, so ∗ is a binary operation on R.
Next, I’ll check associativity. Let a, b, c ∈ R. Then

(a ∗ b) ∗ c) = (a + b + 2) ∗ c = (a + b + 2) + c + 2 = a + b + c + 4,

a ∗ (b ∗ c) = a ∗ (b + c + 2) = a + (b + c + 2) + 2 = a + b + c + 4.
Thus, (a ∗ b) ∗ c) = a ∗ (b ∗ c), so ∗ is associative.
Next, I have to determine whether there is an identity for ∗. First, I’ll work backwards to guess what
the identity should be. This is not a proof ! Once I have my guess, I’ll confirm my guess (if possible).
Suppose e is the identity. Then in particular, e ∗ 3 = 3 (I picked 3 at random). This means that
e + 3 + 2 = 3, or e = −2.
My guess is that the identity is −2. To see if it works, let a ∈ R. Then

a ∗ (−2) = a + (−2) + 2 = a, (−2) ∗ a = (−2) + a + 2 = a.

This proves that −2 is the identity for ∗.

Finally, I want to show that every element has an inverse. Since −2 is the identity, this means that for
every element a, I must find an element a−1 such that a ∗ a−1 = −2 and a−1 ∗ a = −2.
As I did in the identity step, I’ll guess a−1 by working backwards, then confirm my guess. Since I want
a formula for a−1 in terms of a, I’ll work with an arbitrary a ∈ R — in contrast to picking a random element
of R, as I did to find the identity.
Start with a ∗ a−1 = −2. This means that a + a−1 + 2 = −2, so a−1 = −4 − a.
(Be sure you understand why I’m not finished yet! Finding a−1 = −4 − a does not prove that inverses
exist. Think about the reasoning: I started with a ∗ a−1 = −2, which assumes that a−1 is defined. I need to
confirm that −4 − a is the inverse of a under ∗, which I do by direct computation.)
I have

a ∗ (−4 − a) = a + (−4 − a) + 2 = −2 and (−4 − a) ∗ a = (−4 − a) + a + 2 = −2.

Therefore, −4 − a is the inverse of a.

I’ve verified all the axioms, so R is a group under the operation ∗.

Example. (A left identity and right inverses) Let R∗ denote the nonzero reals. Define a binary
operation on R∗ by
a · b = |a|b.
(The operation is ·, and I multiply as usual on the right side.)
Show that the operation is associative, has a left identity but not a right identity, and has right inverses
but not left inverses. If a and b are nonzero real numbers, so is a · b = |a|b. Therefore, the set is closed under
the operation.
Let a, b, c ∈ R∗ . Then

(a · b) · c = (|a|b) · c = ||a|b|c = |a||b|c, while a · (b · c) = a · (|b|c) = |a||b|c.

Therefore, (a · b) · c = a · (b · c), and · is associative.

1 is a left identity, in the sense that 1 · a = a for all a ∈ R∗ . But (for example)

(−3) · 1 = | − 3|1 = 3, so (−3) · 1 6= −3.

2
 In other words, 1 is not a two-sided identity, as required by the group definition.
1
There are also right inverses: a · = 1 for all a ∈ R∗ . But (for instance) there is no x ∈ R∗ such
|a|
that x · (−3) = 1, since
x · (−3) = |x|(−3) ≤ 0 for all x.
R∗ with · is not a group. This example shows why you have to be careful to check the identity and
inverse properties on “both sides” (unless you know the operation is commutative).
Note: It is true that if an associative operation has a left identity and every element has a left inverse,
then the set is a group.

Example. (A group which is a subset of the integers) Let

G = {8a + 14b | a, b ∈ Z}.

Is G a group under integer addition? (Assume that integer addition is associative.)

First, I’ll check whether integer addition actually gives a binary operation on G. To do this, I need to
check whether the set is closed under the operation. I’ll take two arbitrary elements of G, add them, and
see if the sum is an element of G.
Let 8a + 14b, 8a′ + 14b′ ∈ G. Then

(8a + 14b) + (8a′ + 14b′ ) = 8(a + a′ ) + 14(b + b′ ) ∈ G.

To show that the sum is in G, I have to write it in the form of a typical element of G, namely

8(stuff) + 14(junk).

Note that I didn’t pick two specific elements of G (like “22” and “0”): I used two general elements.
I also didn’t use “8a + 14b” and “8a + 14b”, since that would be using the same element twice.
Now I know that addition gives a binary operation on G.
I’m assuming that addition is associative.
Next, I must show that G has an identity element. 0 is an identity element for addition of integers, so
it will work for elements of G:

0 + (8a + 14b) = 8a + 14b, (8a + 14b) + 0 = 8a + 14b.

However, I also have to show that 0 is in G! To do this, write it as 8(stuff) + 14(junk):

0 = 8 · 0 + 14 · 0 ∈ G.

Therefore, 0 is the identity element of G.

Finally, let 8a + 14b ∈ G. I must show that it has an inverse under addition. The ordinary additive
inverse works:
(8a + 14) + (−8a − 14b) = 0, (−8a − 14b) + (8a + 14b) = 0.
However, as with the identity 0, I have to show that −8a − 14b is in G. To do this, just rewrite it so it
has the correct form:
−8a − 14b = 8(−a) + 14(−b) ∈ G.
This shows that every element of G has an inverse.
Therefore, G is a group.

3
Example. (Symmetry groups) A regular n-gon is a closed, convex polygon in the plane with n equal
sides. For example, a regular 3-gon is an equilateral triangle, and a regular 4-gon is a square.
A rigid motion of the plane is a map R2 → R2 which preserves distances. Dn , the dihedral group
of order 2n, is the group of rigid motions of the plane which carry a given regular n-gon onto itself. (Such a
rigid motion is said to preserve the figure. It is also called a symmetry of the figure.)
Construct D4 , the dihedral group of order 8 (the group of symmetrices of a square).

A map which carries the square onto itself must map vertices to vertices. Here is a picture of a square
with the vertices labelled.
3 4

1 2

Consider vertex 1. A rigid motion can map it to any of the 4 vertices. Once I know where 1 goes, 3 must
go to the vertex opposite it, since distance are preserved. Now there are only two possibilities for vertices 2
and 4. All together, I have 4 · 2 = 8 choices, so there at most 8 symmetries. I’ll show there are exactly 8 by
displaying 8 different symmetries.
(Before I do, note that the same argument shows that |Dn | ≤ 2n.)
I will take my square to be as pictured above. The 8 symmetries are as follows:

1. id, the identity symmetry.

π
2. r1 , counterclockwise rotation through .
2
3. r2 , counterclockwise rotation through π.
3π
4. r3 , counterclockwise rotation through .
2
5. mx , reflection across the horizontal line which bisects the square.

6. my , reflection across the vertical line which bisects the square.

7. m+ , reflection across the “southwest to northeast” line which bisects the square.

8. m− , reflection across the “northwest to southeast” line which bisects the square.

For example, here is m+ :

3 4 2 4

m+

1 2 1 3

The operation on D4 is function composition — do one rigid motion after another. It’s clear that this
is a binary operation, but I need to establish a convention concerning how I will write the operation. I will
write
m+ · r3 to mean r3 , then m+ .

In other words, I’ll apply the motions from right to left. This is consistent with the usual notation for
composing functions: f (g(x)) means g first, then f .

4
 The next picture shows the composite m+ · r3 . You can see that m+ · r3 = my .

3 4 1 3 4 3
r3 m+

1 2 2 4 2 1

my

With a little bit of patience (and perhaps a little cardboard square), you can generate the multiplication
table for D4 . Here it is:

id r1 r2 r3 m+ m− mx my
id id r1 r2 r3 m+ m− mx my
r1 r1 r2 r3 id my mx m+ m−
r2 r2 r3 id r1 m− m+ my mx
r3 r3 id r1 r2 mx my m− m+
m+ m+ mx m− my id r2 r1 r3
m− m− my m+ mx r2 id r3 r1
mx mx m− my m+ r3 r1 id r2
my my m+ mx m− r1 r3 r2 id

This table illustrates a number of ideas.

From the table, it is apparent that D4 is not abelian. For example, m+ r3 = my , but r3 m+ = mx .

The next proposition contains the result I mentioned about rows and columns of finite group tables.

Proposition. In a finite group operation table, each row or column contains each element of the group
exactly once.

Proof. Consider the row for the element a ∈ G. If x occurs in the b and c-columns, this means that
ab = x = ac. Multiply this equation on the left by a−1 :

a−1 · ab = a−1 · ac
b=c

That is, the b and c-columns are actually the same column. Hence, each row contains a given element
at most once.
On the other hand, consider again the row for a ∈ G. Take x ∈ G; does x occur in this row? Well,
x = a · (a−1 x), so x occurs in the column for a−1 x. That is, every element of G occurs in the row for a.
All together, every element of G occurs exactly once in the row for a. A similar argument works for
columns.

Example. (Products of groups) Consider the following set:

Z2 = Z × Z = {(a, b) | a, b ∈ Z}.

5
 Is this a group under componentwise-addition (“vector addition”)?
What about componentwise-multiplication?

Z × Z is a group under componentwise-addition. This is really just addition of two-dimensional (integer)

vectors: For example,
(3, −8) + (10, 15) = (3 + 10, −8 + 15) = (13, 7).
It’s associative, the identity is (0, 0), and the inverse of (a, b) is −(a, b) = (−a, −b).
Z × Z is not a group under componentwise-multiplication. Here the operation would look like this:

(3, −8) · (10, 15) = (3 · 10, (−8) · 15) = (30, −120).

It’s associative, and the identity is (1, 1). However, many pairs don’t have multiplicative inverses. For
example, suppose
(3, 0) · (a, b) = (1, 1).
Then
3a = 1 and 0 · b = 1.
The first equation has no integer solutions, and the second says “0 = 1”, so I have two contradictions!

Notes: If you use the notation “Z2 ” for this group, don’t confuse it with “Z2 ”.
You can replace Z with Q or R or C. Thus, Q×Q, R×R, and C×C are all groups under componentwise-
addition (and not under componentwise-multiplication). And you can extend this to more than two factors:
For example Z × Z × Z is a group under componentwise-addition.

Example. (Matrix groups) Consider the following sets:

M (n, R) - n × n matrices with real entries

GL(n, R) - n × n invertible matrices with real entries

Are these groups under matrix addition? Matrix multiplication?

M (n, R) is a group under matrix addition. Matrix addition is associative. The identity for addition is
the n × n zero matrix:
0 0 ··· 0
 
0 0 ··· 0
. . .. 
 .. .. .
0 0 ··· 0
The inverse of a matrix A is its negative −A (negate all the entries of A).
M (n, R) is not a group under matrix multiplication. Matrix multiplication is associative, and the
identity is the n × n identity matrix:
1 0 ··· 0
 
0 1 ··· 0
. . .. 
 .. .. .
0 0 ··· 1
But many matrices don’t have inverses under multiplication — for example, the zero matrix above.
With GL(n, R), the situation is reversed. GL(n, R) is a group under matrix multiplication. Matrix
multiplication is associative, and the identity is the n × n identity matrix.
By definition, GL(n, R) consists of invertible matrices, so every element has a multiplicative inverse.
You should know from linear algebra that matrix multiplication is not commutative. Thus, GL(n, R) is
not an abelian group. (Can you give a particular example of noncommuting 2 × 2 matrices?)

6
 However, GL(n, R) is not a group under matrix addition. In fact, you can add two invertible matrices
and get a non-invertible matrix; for example,
     
1 0 −1 0 0 0
+ = .
0 1 0 −1 0 0
Thus, addition of matrices is not a binary operation on GL(n, R).
Note: You can replace “R” in this example with Z, Q, C — in fact, you can even use the integers mod n
like Z5 . In the case of Z5 , you add and multiply elements of Z5 mod 5. And more generally, you can replace
“R” with any commutative ring with identity (I’ll discuss rings later).

Example. (Groups of order 2) Suppose G is a group of order 2: |G| = 2. Construct the multiplication
table for G.
Since G has two elements, G = {1, a}, where 1 is the identity and a 6= 1 is another element. a must
have an inverse; since a · 1 = a, the inverse of a is not 1. Therefore, the inverse of a is a, and a · a = 1. The
multiplication table for G looks like this:
· 1 a
1 1 a
a a 1

This group is called Z2 , the cyclic group of order 2. Here is another table for the same group:
+ 0 1
0 0 1
1 1 0

In this case, I think of Z2 as the set {0, 1}, with addition mod 2.
What do I mean when I say that they’re “the same group”?
I mean that I can get the second table from the first this way:
1 → 0, a → 1, b → 2.
This is an example of an isomorphism — a function which “matches up” elements of one group with
another, so the group table is preserved. (I’ll make this more precise later.) Isomorphic groups are the same
as groups. In this sense, Z2 is the only group of order 2.

Example. (Groups of order 3) Suppose that G is a group and |G| = 3. Construct the multiplication
table for G.
Let G = {1, a, b}, where 1, a, and b are different elements.
If aa = a, then aaa−1 = aa−1 = 1, or a = 1, contradicting the fact that a and 1 were distinct elements.
If aa = 1, then ab = b (because ab = a gives aab = aa = 1, or b = 1, contradicting the fact that b and 1 were
distinct elements). But then abb−1 = bb−1 = 1, so a = 1, the same contradiction as before. Hence, aa = b.
Using the principle that each row or column of a multiplication table contains each element exactly once, I
can fill in the rest of the table:
· 1 a b
1 1 a b
a a b 1
b b 1 a

7
 This is Z3 , the cyclic group of order 3. Here is another table for the same group:

+ 0 1 2
0 0 1 2
1 1 2 0
2 2 0 1

These two tables give groups which are isomorphic. Up to isomorphism, there is only one group of order
3, namely Z3 .
There are two groups of order 4, one group of order 5, two groups of order 6, and one group of order 7.
No one knows a practical formula for determining how many groups of order n there are. And the method
of the preceding examples — essentially, trial and error — is untenable once n gets large.

c 2016 by Bruce Ikenaga 8

 1-16-2018

Subgroups

Definition. Let G be a group. A subset H of G is a subgroup of G if:

(a) (Closure) H is closed under the group operation: If a, b ∈ H, then a · b ∈ H.

(b) (Identity) 1 ∈ H.

(c) (Inverses) If a ∈ H, then a−1 ∈ H.

The notation H < G means that H is a subgroup of G.

Notice that associativity is not part of the definition of a subgroup. Since associativity holds in the
group, it holds automatically in any subset.

Look carefully at the identity and inverse axioms for a subgroup; do you see how they differ from the
corresponding axioms for a group?

In verifying the identity axiom for a subgroup, the issue is not the existence of an identity; the group
must have an identity, since that’s part of the definition of a group. The question is whether the identity for
the group is actually contained in the subgroup.

???

group
In a group, the question is:
1
"Is there an identity?"

group

subgroup
In a subgroup, the question is: ???
"Is the identity contained in the
subgroup?" 1

Likewise, for subgroups the issue of inverses is not whether inverses exist; every element of a group
has an inverse. The issue is whether the inverse of an element in the subgroup is actually contained in the

1
subgroup.
???

group In a group, the question is:

"Does every element have an
inverse?"
x-1

group
x

subgroup
???

x-1
In a subgroup, the question is:
"Is the inverse of a subgroup
element also a subgroup element?"

Lemma. Let G be a group. Then {1} and G are subgroups of G.

{1} is called the trivial subgroup.

Proof. The proofs are almost too easy! Consider {1}. The only possible multiplication is 1 · 1 = 1, which
shows {1} is closed.
{1} obviously contains the identity 1.
{1} is closed under taking inverses, since 1−1 = 1.
The proof that G is a subgroup is equally easy; I’ll let you do it.

Example. (Subgroups of the integers) Let n ∈ Z. Let

nZ = {nx | x ∈ Z}.
Show that nZ is a subgroup of Z, the group of integers under addition.

nZ consists of all multiples of n.

First, I’ll show that nZ is closed under addition. If nx, ny ∈ nZ, then
nx + ny = n(x + y) ∈ nZ.
Therefore, nZ is closed under addition.
Next, the identity element of Z is 0. Now 0 = n · 0, so 0 ∈ nZ.
Finally, suppose nx ∈ Z. The additive inverse of nx in Z is −nx, and −nx = n(−x). This is n times
something, so it’s in nZ. Thus, nZ is closed under taking inverses.
Therefore, nZ is a subgroup of Z.
I’ll show later that every subgroup of the integers has the form nZ for some n ∈ Z.
Notice that 2Z ∪ 3Z is not a subgroup of Z. I have 2 ∈ 2Z and 3 ∈ 3Z, so 2 and 3 are elements of the
union 2Z ∪ 3Z. But their sum 5 = 2 + 3 is not an element of 2Z ∪ 3Z, because 5 is neither a multiple of 2
nor a multiple of 3.
This example shows that the union of subgroups need not be a subgroup.

Example. (A subset that isn’t closed under inverses) Z is a group under addition. Consider Z≥0 , the
set of nonnegative integers. Check each axiom for a subgroup. If the axiom holds, prove it. If the axiom
doesn’t hold, give a specific counterexample.

2
 If m, n ∈ Z≥0 , then m ≥ 0 and n ≥ 0, so m + n ≥ 0. Therefore, m + n ∈ Z≥0 , and the set is closed
under addition.
0 is a nonnegative integer, so 0 ∈ Z≥0 .
However, 3 ∈ Z≥0 , but the inverse −3 is not an element of Z≥0 . Therefore, Z≥0 is not closed under
taking inverses, so it’s not a subgroup of Z.

Example. (The integers as a subgroup of the rationals) Show that the set of integers Z is a subgroup
of Q, the group of rational numbers under addition.
If you add two integers, you get an integer: Z is closed under addition.
The identity element of Q is 0, and 0 ∈ Z.
Finally, if n ∈ Z, its additive inverse in Q is −n. But −n is also an integer, so Z is closed under taking
inverses.
Therefore,Z is a subgroup of Q.

Example. (A subgroup under multiplication) Let Q∗ be the group of nonzero integers under multipli-
cation. Consider the set  
1
H= m∈Z .
2m
Is H a subgroup of Q∗ ?
1 1
Let , ∈ H, where m, n ∈ Z. Then
2m 2n
1 1 1
· = m+n ∈ H.
2m 2n 2
Thus, H is closed under multiplication.
1
The identity of Q∗ is 1, and 1 = 0 ∈ H.
2
 −1
1 1 1 1
Finally, let m ∈ H. Then = −m , and −m ∈ H. Therefore, H is closed under taking
2 2m 2 2
inverses.
Therefore, H is a subgroup of Q∗ .

Example. Z2 = Z × Z denotes the set of pairs of integers:

Z2 = {(m, n) | m, n ∈ Z}.

It is a group under “vector addition”; that is,

(a, b) + (c, d) = (a + c, b + d).

The identity is (0, 0) and the inverse of (m, n) is −(m, n) = (−m, −n).
Taking this for granted, consider the set

H = {(x, y) | x + y ≥ 0}.

Check each axiom for a subgroup. If the axiom holds, prove it. If the axiom doesn’t hold, give a specific
counterexample.

In words, an element (x, y) is in H if the sum of its components is nonnegative.

3
 Suppose (a, b), (c, d) ∈ H. This means

a + b ≥ 0 and c + d ≥ 0.

Then
(a + c) + (b + d) = (a + b) + (c + d) ≥ 0 + 0 = 0.
Therefore,
(a, b) + (c, d) = (a + c, b + d) ∈ H.
Thus, H is closed under addition.
Since 0 + 0 = 0 ≥ 0, I have (0, 0) ∈ H.
(1, 2) ∈ H, because 1 + 2 = 3 ≥ 0. But −(1, 2) = (−1, −2) ∈
/ H, because

−1 + (−2) = −3 6≥ 0.

Thus, the inverse axiom fails (so H is not a subgroup).

Definition. If G is a group and g is an element oΥf G, the subgroup generated by g (or the cyclic
subgroup generated by g) is
hgi = {g k | k ∈ Z}.
In other words, hgi consists of all (positive or negative) powers of g.
This definition assumes multiplicative notation; if the operation is addition, the definition reads

hgi = {k · g | k ∈ Z}.

In this case, you’d say that hgi consists of all (positive or negative) multiples of g.
Be sure you understand that the difference between the two forms is simply notational: It’s the same
concept.
Since I’m calling hgi a subgroup, I’d better verify that it satisfies the subgroup axioms.

Lemma. If G is a group and g ∈ G, then hgi is a subgroup of G.

Proof. For closure, note that if g m , g n ∈ hgi, then

g m · g n = g m+n ∈ hgi.

1 = g 0 ∈ hgi. Finally, if g n ∈ hgi, its inverse is g −n , which is also in hgi.

Therefore, hgi is a subgroup of G.

In fact, hgi is the smallest subgroup of G which contains g.

Example. (Subgroups of a finite cyclic group) List the elements of the subgroups generated by elements
of Z8 .

h0i = {0},
h2i = h6i = {0, 2, 4, 6},
h4i = {0, 4},
h1i = h3i = h5i = h7i = {0, 1, 2, 3, 4, 5, 6, 7}.

4
 The way the subgroups are contained in one another can be pictured in a subgroup lattice diagram:

The following result is easy, so I’ll leave the proof to you. It says that the subgroup relationship is
transitive.

Lemma.(Subgroup transitivity) If H < K and K < G, then H < G: A subgroup of a subgroup is a

subgroup of the (big) group.

If you want to show that a subset H of a group G is a subgroup of G, you can check the three properties
in the definition. But here is a little shortcut.

Lemma. Let G be a group, and let H be a nonempty subset of G. H < G if and only if a, b ∈ H implies
a · b−1 ∈ H.
Proof. (⇒) Suppose H < G, and let a, b ∈ H. Then b−1 ∈ H (since H is closed under inverses), hence
a · b−1 ∈ H (since H is closed under products).

(⇐) Suppose that a, b ∈ H implies a · b−1 ∈ H. Since H 6= ∅, take a ∈ H. Then 1 = a · a−1 ∈ H.

If a ∈ H, then a−1 = 1 · a−1 ∈ H (since I already know 1 ∈ H). This shows H is closed under taking
inverses.
Finally, suppose a, b ∈ H. Then b−1 ∈ H, so ab = a · (b−1 )−1 ∈ H. Therefore, H < G.

Note: In order to use this criterion, you have to show that the set in question is nonempty before doing
the “a · b−1 ∈ H” check. Usually you show the set is nonempty by showing that it contains the identity
element. So you really have to do two checks, not just one.

Example. (A subgroup of a matrix group) Let GL(2, R) be the set of invertible 2 × 2 matrices with
real entries.

(a) Show that GL(2, R) is a group under matrix multiplication.

(b) Show that the following set is a subgroup of GL(2, R):
  
a 0
D= a∈R and a 6= 0 .
0 a

(a) If A, B ∈ GL(2, R), then det A 6= 0 and det B 6= 0. Hence,

det(AB) = (det A)(det B) 6= 0.

5
 Therefore, AB is invertible, so matrix multiplication is a binary operation on GL(2, R). (The point is
that the set is closed under the operation.)
From linear algebra, I know that matrix multiplication is associative.
The 2 × 2 identity matrix is invertible, so it’s in GL(2, R). It’s the identity for GL(2, R) under matrix
multiplication.
Finally, if A ∈ GL(2, R), then A−1 exists. It’s also an element of GL(2, R), since its inverse is A.
This proves that GL(2, R) is a group under matrix multiplication.

(b) First,  
1 0
∈ D.
0 1
Therefore, D isnonempty.
  
a 0 b 0
Next, suppose , ∈ D, where a, b ∈ R and a, b 6= 0. Note that
0 a 0 b
 −1  
b 0 b−1 0
= .
0 b 0 b−1

Then   −1     
a 0 b 0 a 0 b−1 0 ab−1 0
= = ∈ D.
0 a 0 b 0 a 0 b−1 0 ab−1
Therefore, D is a subgroup of GL(2, R).

Definition. Let G be a group. a, b ∈ G commute if ab = ba.

The center Z(G) of G is the set of elements which commute with everything in G:

Z(G) = {g ∈ G | gh = hg for all h ∈ G}.

Lemma. Z(G) < G.

Proof. Suppose a, b ∈ Z(G). I’ll show ab ∈ Z(G). To do this, I must show that ab commutes with everything
in G.
Let g ∈ G. Then
(ab)g = a(bg) (Associativity)
= a(gb) (Since b ∈ Z(G))
= (ag)b (Associativity)
= (ga)b (Since a ∈ Z(G))
= g(ab) (Associativity)
Therefore, ab ∈ Z(G)
Next, 1 · g = g = g · 1 for all g ∈ G, so 1 ∈ Z(G).
Finally, let a ∈ Z(G). I need to show that a−1 ∈ Z(G). Let g ∈ G. I need to show that ga−1 = a−1 g.
I have
ag −1 = g −1 a (Since a ∈ Z(G))
−1 −1 −1 −1
(ag ) = (g a) (Take inverses of both sides)
(g −1 )−1 a−1 = a−1 (g −1 )−1 (Inverse of a product formula)
ga−1 = a−1 g (Properties of inverses)
Therefore, a−1 ∈ Z(G).
Hence, Z(G) is a subgroup of G.

The union of subgroups is not necessarily a subgroup, but the intersection of subgroups is always a
subgroup. Before I prove this, a word about notation.

6
 In this result, I want to talk about a bunch of subgroups of a group G. How should I denote these
subgroups? I don’t want to write H1 , H2 , . . . , Hn , because I may want an infinite number of subgroups.
Well, how about H1 , H2 , . . . (where I think of the sequence as continuing forever)?
The problem in the second case is that I might not be able to list the subgroups in a sequence. You may
know that there are different kinds of “infinity” and some a bigger than others. Specifically, if the number
of subgroups under consideration is not countable, I can’t list them as “H1 , H2 , . . . ”.
I’ll use notation like {Ha }a∈A in situations like these. Each Ha is a subgroup, and A is an index set. In
other words, A is an unspecified set whose elements I use to subscript the H’s. Since A could be arbitrarily
big, this gets around the problems I had with the other notations.
Rather than get into technicalities, I will leave things at that and illustrate by example how you work
with infinite index sets. If the next proof confuses you, try writing out the proof for two subgroups: That
is, if H and K are subgroups of a group G, then H ∩ K is a subgroup of G.

Lemma. The intersection of a family of subgroups is a subgroup.

Proof. Let G be a group, and let {Ha }a∈A be a family of subgroups of G. Let H = ∩a∈A Ha . I claim that
H is a subgroup of G.
First, 1 ∈ Ha for all a ∈ A, because each Ha is a subgroup. Hence, 1 ∈ ∩a∈A Ha , and the intersection is
nonempty.
Next, let g, h ∈ H. I want to show that g · h−1 ∈ H. Since g, h ∈ H, I know g, h ∈ Ha for all a. Then
g · h ∈ Ha for all a, since each Ha is a subgroup. This implies that g · h−1 ∈ H, so H < G.
−1

Here is how I can use the preceding construction. Suppose G is a group, and S is a collection of elements
of G. S might not be a subgroup of G — it might not contain 1, or it might be missing the inverses of
some of its elements — but intuitively I ought to be able to add the “missing elements” and enlarge S to a
subgroup.
If you try to say precisely what you need to add to S, and how you will add it, you will quickly find
yourself tied in knots. Do you add elements one at a time? If you throw in an element, you have to throw in
the products of that element with everything else that is there (to ensure closure). If you do this sequentially,
how do you know the process actually terminates?
Instead of building up the subgroup from S, I’ll get at it “from above”. Consider the collection of all
subgroups {Ha }a∈A such that S ⊂ Ha . The collection is nonempty, because G is a subgroup of G and S ⊂ G.
Let H = ∩a∈A Ha . H is a subgroup of G, and S ⊂ H. H is the subgroup generated by S. It is
clearly the smallest subgroup of G containing S, in the following sense: If K is a subgroup of G and
S ⊂ K, then H < K.
It’s common to write hSi for the subgroup generated by S. So in case S = {x1 , x2 , . . . , xn } (a finite
set), write hx1 , x2 , . . . , xn i for the subgroup generated by the x’s.In the case of a single element x ∈ G, the
subgroup hxi generated by x is the cyclic subgroup generated by x that I discussed earlier.

Example. (Subgroups generated by elements) Let G = Z6 , the cyclic group of order 6. Show

h2i = {0, 2, 4}, but h2, 3i = Z6 .

The first statement is easy: 2 + 2 = 4, 2 + 2 + 2 = 0.

What about the second? By definition, h2, 3i is the smallest subgroup which contains 2 and 3. Since
subgroups are closed under addition, 2 + 2 + 3 = 1 must be in h2, 3i as well. But I can make any element of
Z6 by adding 1 to itself enough times, so h2, 3i must contain everything in Z6 — that is, h2, 3i = Z6 .

Example. R2 is a group under vector addition. Give an example of two subgroups R2 whose union is not
a subgroup.

R2 consists of the points in the x-y-plane, or equivalently 2-dimensional vectors with real components.

7
 Two elements of R2 are added as 2-dimensional vectors:

(a, b) + (c, d) = (a + c, b + d).

The following sets are subgroups of R2 :

A = {(a, 0) | a ∈ R} and B = {(0, b) | b ∈ R}.

A is the x-axis, and B is the y-axis.

For example, I’ll verify that A is a subgroup of R2 . It’s closed under addition: If (a1 , 0), (a2 , 0) ∈ A,
then
(a1 , 0) + (a2 , 0) = (a1 + a2 , 0) ∈ A.
2
The identity for R is (0, 0), which is contained in A.
If (a, 0) ∈ A, then
−(a, 0) = (−a, 0) ∈ A.
Try writing out the proof for B yourself.
However, the union A ∪ B is not a subgroup of R2 . A ∪ B is the union of the x-axis and the y-axis. This
set is not a subgroup because it’s not closed under addition. For example, (1, 0) ∈ A and (0, 1) ∈ B, but

(1, 0) + (0, 1) = (1, 1) ∈

/ A ∪ B.

This example shows that the union of subgroups need not be a subgroup.

c 2018 by Bruce Ikenaga 8

 1-17-2018

Group Homomorphisms
Here are the operation tables for two groups of order 4:

· 1 a a2 + 0 1 2
2
1 1 a a 0 0 1 2
2
a a a 1 1 1 2 0
2 2
a a 1 a 2 2 0 1

There is an obvious sense in which these two groups are “the same”: You can get the second table from
the first by replacing 0 with 1, 1 with a, and 2 with a2 .
When are two groups the same?
You might think of saying that two groups are the same if you can get one group’s table from the other
by substitution, as above. However, there are problems with this. In the first place, it might be very difficult
to check — imagine having to write down a multiplication table for a group of order 256! In the second
place, it’s not clear what a “multiplication table” is if a group is infinite.
One way to implement a substitution is to use a function. In a sense, a function is a thing which
“substitutes” its output for its input. I’ll define what it means for two groups to be “the same” by using
certain kinds of functions between groups. These functions are called group homomorphisms; a special
kind of homomorphism, called an isomorphism, will be used to define “sameness” for groups.

Definition. Let G and H be groups. A homomorphism from G to H is a function f : G → H such that

f (x · y) = f (x) · f (y) for all x, y ∈ G.

Group homomorphisms are often referred to as group maps for short.

Remarks. 1. In the definition above, I’ve assumed multiplicative notation for the operations in both G
and H. If the operation in one or both is something else, you must adjust the definition accordingly. For
instance:

Operation in G Operation in H Group map definition

+ + f (x + y) = f (x) + f (y)
+ · f (x + y) = f (x) · f (y)
· + f (x · y) = f (x) + f (y)
⋄ ⋆ f (x ⋄ y) = f (x) ⋆ f (y)

2. You have seen patterns like this before; for example, “The derivative of a sum is the sum of the
derivatives”.

Lemma. Let G be a group and let H be a subgroup.

(a) The identity map id : G → G defined by id(x) = x is a group map.

(b) The inclusion map i : H → G defined by ⊂ (x) = x is a group map.

Proof. I’ll prove (a); the proof of (b) is the same. Let x, y ∈ G. Then

id(x · y) = x · y = id(x) · id(y).

1
 Hence, id is a group map.

Example. (Constant maps are usually not group maps) For the group Z under addition, define
f : Z → Z by
f (n) = 3 for all n ∈ Z.

Show that f is not a group map.

f (1 + 1) = f (2) = 3, but f (1) + f (1) = 3 + 3 = 6.

Example. (Logs and exponentials) (a) Prove that the exponential function exp : (R, +) → (R+ , ·) given
by exp(x) = ex is a group map.

(b) Prove that the natural log function ln : (R+ , ·) → (R, +) is a group map.

(a) Let x, y ∈ R. Then by properties of exponentials,

exp(x + y) = ex+y = ex · ey = exp(y) · exp(y).

(b) Let x, y ∈ R+ . Then by properties of logarithms,

ln(x · y) = ln x + ln y.

Example. (Checking whether a function is a group map)

(a) Define f : Z → Z by
f (x) = 5x.

Prove or disprove: f is a group map.

(b) Define g : Z → Z by
g(x) = x2 .

Prove or disprove: f is a group map.

(a) f is a group map: If x, y ∈ Z, then

f (x + y) = 5(x + y) = 5x + 5y = f (x) + f (y).

(b)
g(2 + 3) = g(5) = 52 = 25, but g(2) + g(3) = 22 + 32 = 4 + 9 = 13.

Since g(2 + 3) 6= g(2) + g(3), g is not a homomorphism.

Lemma. Let V and W be vector spaces over a field F , considered as groups under vector addition. Let
T : V → W be a linear transformation. Then T is a group map.

Proof. This follows immediately from one of the axioms for a linear transformation: If x, y ∈ V , then

T (x + y) = T (x) + T (y).

2
Example. R3 and R2 are groups under vector addition. Define T : R3 → R2 by

T (x, y, z) = (2x + 8y − z, x + 5y − 3z).

Prove that T is a group map.

Write T as a matrix multiplication:

    
x 2 8 −1 x
T = .
y 1 5 −3 y

From linear algebra, this defines a linear transformation. Hence, T is a group map by the previous
lemma.

Example. (A group map on a matrix group) Let M (2, R) be the group of 2 × 2 reals matrices under
matrix addition. Let tr : M (2, R) → R denote the trace map:
 
a b
tr = a + d.
c d

Show that tr is a group homomorphism.

Now    ′   
a b a b′ a + a ′ b + b′
tr + ′ = tr = (a + a′ ) + (d + d′ ),
c d c d′ c + c ′ d + d′
   ′ 
a b a b′
tr + tr = (a + d) + (a′ + d′ ).
c d c ′ d′
Thus,    ′     
a b a b′ a b a′ b′
tr + ′ = tr + tr .
c d c d′ c d c′ d′
Therefore, tr is a homomorphism.

Lemma. Let f : G → H be a group homomorphism. Then:

(a) f (1G ) = 1H , where 1G is the identity in G and 1H is the identity in H.

(b) f (x−1 ) = f (x)−1 for all x ∈ G.

Proof. (a)
f (1G ) = f (1G · 1G ) = f (1G ) · f (1G ).
If I cancel f (1G ) off both sides, I obtain f (1G ) = 1H .

(b) Let x ∈ G.
f (x) · f (x−1 ) = f (x · x−1 ) = f (1G ) = 1H
f (x−1 ) · f (x) = f (x−1 · x) = f (1G ) = 1H
This shows that f (x−1 ) is the inverse of f (x), i.e. f (x)−1 = f (x−1 ).

Warning. The properties in the last lemma are not part of the definition of a homomorphism. To show
that f is a homomorphism, all you need to show is that f (a · b) = f (a) · f (b) for all a and b. The properties
in the lemma are automatically true of any homomorphism.

3
 On the other hand, if you want to show a function is not a homomorphism, do a quick check: Does it
send the identity to the identity? If not, then the lemma shows it’s not a homomorphism.

Example. (Group maps must take the identity to the identity) Let Z denote the group of integers
with addition. Define f : Z → Z by
f (x) = x + 1.
Prove that f is not a group map.

Note that f (0) = 1. Since the identity 0 ∈ Z is not mapped to the identity 0 ∈ Z, f cannot be a group
homomorphism.

Warning: If a function takes the identity to the identity, it may or may not be a group map. Consider
g : Z → Z given by
g(x) = sin x.
g(0) = sin 0 = 0, but this doesn’t mean that g is a homomorphism. In fact,
π π π π π π
g + = g(π) = sin π = 0, but g +g = sin + sin = 1 + 1 = 2.
2 2 2 2 2 2

The point is that simple-looking functions you may have seen in other math classes need not be homo-
morphisms. When in doubt, check the definition.

There are several important subsets associated to a group homomorphism f : G → H.

Definition. Let f : G → H be a group homomorphism.

(a) The kernel of f is

ker f = {g ∈ G | f (g) = 1}.

(b) The image of f is (as usual)

im f = {f (g) | g ∈ G}.

(c) Let H ′ < H. The inverse image of H ′ is (as usual)

f −1 (H ′ ) = {g ∈ G | f (g) ∈ H ′ }.

Warning. The notation f −1 (H ′ ) does not imply that the inverse of f exists. f −1 (H ′ ) is simply the set of
inputs which f maps into H ′ ; this is f −1 applied to the set H ′ if there is a f −1 (but there need not be).

Lemma. Let f : G → H be a group map.

(a) ker f is a subgroup of G.

(b) im f is a subgroup of H.

(c) If H ′ is a subgroup of H, then f −1 (H ′ ) is a subgroup of G.

Proof. (a) First,

f (1) = 1, so 1 ∈ ker f.
Suppose x, y ∈ ker f . Then
f (xy) = f (x)f (y) = 1 · 1 = 1.

4
 Hence, xy ∈ ker f .
Finally, suppose x ∈ ker f . Then

f (x−1 ) = f (x)−1 = 1−1 = 1.

Hence, x−1 ∈ ker f . Therefore, ker f is a subgroup of G.

(b) 1 ∈ im f since f (1) = 1.
Suppose f (x), f (y) ∈ im f . Then

f (x)f (y) = f (xy) ∈ im f.

Finally, suppose f (x) ∈ im f . Then

f (x)−1 = f (x−1 ) ∈ im f.

Therefore, im f is a subgroup of H.

(c) Let H ′ be a subgroup of H. I want to show that f −1 is a subgroup of G. Reminder: The criterion for
membership in f −1 (H ′ ) is that f takes the element into H ′ .
Since 1 ∈ H ′ and f (1) = 1, it follows that 1 ∈ f −1 (H ′ ).
Suppose x, y ∈ f −1 (H ′ ). This means that f (x) and f (y) are in H ′ . Since H ′ is a subgroup, f (x)f (y) is
in H ′ as well. But
f (x)f (y) = f (xy).
Therefore, f (xy) is in H ′ , which means that xy ∈ f −1 (H ′ ).
Finally, suppose x ∈ f −1 (H ′ ), so f (x) ∈ H ′ . Since H ′ is a subgroup, f (x)−1 ∈ H ′ . But f (x)−1 =
f (x ), so f (x−1 ) ∈ H ′ . This means that x−1 ∈ H ′ .
−1

Hence, f −1 (H ′ ) is a subgroup of G.

Example. (Finding the kernel and image) (a) Let

S 1 = {z ∈ C | |z| = 1}.

Show that S 1 is a group under multiplication of complex numbers.

(b) Define f : R → S 1 by
f (t) = e2πit .
Show that f is a group map, and find its kernel and image.

(a) Each element z ∈ S 1 can be uniquely written in the form

z = e2πit = cos(2πt) + i sin(2πt) for 0 ≤ t < 1.

Note that
e2πis e2πit = e2πi(s+t) .
This shows that multiplication is closed (hence a binary operation) on S.
Complex number multiplication is associative. The identity element is 1; the inverse of e2πit is e−2πit .

(b) To see that f is a homomorphism, note that

f (s + t) = e2πi(s+t) = e2πis e2πit = f (s)f (t).

5
 From the representation of elements of S as e2πit , I have im f = S 1 .
The kernel of f is
ker f = {t ∈ R | e2πit = 1}.
Using e2πit = cos(2πt) + i sin(2πt), you can see that ker f = Z.

Example. (Kernel, image, and inverse image) f : Z8 → Z12 is defined by

f (x) = 3x (mod 12) .

Take for granted that f is a group map. Find ker f , im f , and f −1 (H), where H is the subgroup {0, 6}
of Z12 .

The kernel consists of elements of Z8 which f takes to 0. Since 0 “is” 12 in Z12 , and since f multiplies
inputs by 3, I’ll get multiples of 12 out if I feed multiples of 4 in:

f (0) = 0, f (4) = 0.

Hence, ker f = {0, 4}.

im f consists of the set of outputs of f . Since f multiplies its inputs by 3, the outputs are the multiples
of 3:
im f = {0, 3, 6, 9}.
Finally, f −1 ({0, 6}) consists of elements of Z8 which are mapped by f to either 0 or 6. So you need to
find the elements in {0, 1, 2, 3, 4, 5, 6, 7} which give 0 or 6 when multiplied by 3. Obviously, an “odd” input
will give an “odd” output, and I already know 0 and 4 are mapped by f to 0, so I just try 2 and 6:

f (2) = 6, f (6) = 6.

Hence, f −1 ({0, 6}) = {0, 2, 4, 6}.

Definition. Let G and H be groups. An isomorphism from G to H is a bijective homomorphism

f : G → H. If there is an isomorphism f : G → H, G and H are isomorphic; notation: G ≈ H.

Remarks. 1. To say that two groups are isomorphic is to say that they are the same as groups. The
elements of the two groups and the group operations may be different, but the two groups have the same
structure. This means that if one has a certain group-theoretic property, the other will as well.
What is a group-theoretic property? Well, it’s a bit circular: a group-theoretic property is a property
preserved by isomorphism. For this to be a useful concept, I’ll have to provide specific examples of properties
that you can check.

2. Some older books define an isomorphism from G to H to be an injective homomorphism f : G → H.

That is, f need not map G onto H. One then says G and H are isomorphic if there is an isomorphism from
G onto H. Unfortunately, one then has the odd situation that there may be an isomorphism from G to H,
yet G and H may not be isomorphic! I’ll always use the word isomorphism to mean a bijective map.

Here is an easy way to tell that a group map is an isomorphism.

Lemma. A group map f : G → H is an isomorphism if and only if it is invertible. In this case, f −1 is also
a homomorphism, hence an isomorphism.
Proof. The first statement is trivial, since a map of sets is bijective if and only if it has an inverse.
Now suppose that f : G → H is an isomorphism. I must show the inverse f −1 : H → G is a
homomorphism. Let x, y ∈ H. I need to show that

f −1 (xy) = f −1 (x)f −1 (y).

6
 Since f : G → H is onto, there exist x, y ∈ G such that f (x) = x and f (y) = y. Then
f −1 (xy) = f −1 (f (x)f (y)) = f −1 (f (xy)) = xy = f −1 (x)f −1 (y).
Therefore, f −1 is a homomorphism.
Since f −1 is invertible — its inverse is f — it is an isomorphism by the first part of the lemma.

Example. (A group isomorphism) Show that the exponential map exp : (R, +) → (R+ , ·) given by
exp(x) = ex is a group isomorphism.

I showed earlier that exp and the natural log function ln : R+ → R are group maps. They’re also
inverses:
ln(exp(x)) = ln ex = x for x ∈ R.
exp(ln x) = eln x = x for x ∈ R+ .
By the lemma, exp is an isomorphism (as is ln). The groups (R, +) and R+ are isomorphic.

Example. (A group isomorphism on the integers mod 2) Consider the set G = {−1, 1}. Make G
into a group using multiplication as the group operation. Show that G is isomorphic to Z2 .

Define a map f : Z2 → G by
f (0) = 1, f (1) = −1.
Clearly, f is invertible: Its inverse is
f −1 (1) = 0, f −1 (−1) = 1.
I’ll show f is a homomorphism, hence an isomorphism, by simply checking cases:

a b f (a + b) f (a)f (b)
0 0 1 1·1=1
0 1 −1 1 · (−1) = −1
1 0 −1 (−1) · 1 = −1
1 1 1 (−1) · (−1) = 1

The brute force approach above can be used to construct an isomorphism from Z2 to any group of order
2. There is only one group of order 2, up to isomorphism.

Here are some examples of “group-theoretic properties”. Thus, if two groups are isomorphic and one of
the groups has such a property, the other must as well. On the other hand, if one of two groups has one of
these properties but the other group does not, then the two groups cannot be isomorphic.

Proposition. Suppose G and H are isomorphic groups. If G is abelian, so is H.

Proof. Let x, y ∈ H. I must show that xy = yx. Since f is surjective, there exist x′ , y ′ ∈ G such that
f (x′ ) = x and f (y ′ ) = y. Then
xy = f (x′ )f (y ′ )
= f (x′ y ′ ) (f is a group map)
= f (y ′ x′ ) (G is abelian)
= f (y ′ )f (x′ ) (f is a group map)
= yx

7
 Therefore, H is abelian.

Example. (Non-isomorphic groups) D3 is the group of symmetries of an equilateral triangle. D3 and

Z6 are both groups of order 6. Why aren’t they isomorphic?

Z6 is abelian, while S3 is nonabelian. Therefore, S3 and Z6 are not isomorphic.

Proposition. Suppose G and H are isomorphic groups. If G is finite, so is H. If G is infinite, so is H.

In other words, isomorphic groups have the same cardinality.

Proof. Since G and H are isomorphic, there is a bijective (group map) f : G → H. Since f is bijective,
|G| = |H| (since that’s what it means for two sets to have the same cardinality).

Example. (Groups of different cardinalities aren’t isomorphic) Why can’t Z and R be isomorphic?

Both groups are infinite, but the integers are countable, while the reals are uncountable. Since they
don’t have the same cardinality, they can’t be isomorphic.

Proposition. Suppose G and H are isomorphic groups. If G has a subgroup K of order 42, so does H.

Proof. If K < G and |K| = 42, then f (K) < H and (since f maps K bijectively onto f (K)) |f (K)| = 42.

Obviously, there’s nothing special about “42”. If G has a subgroup of order 117, so does H. If G has a
subgroup of order 91, so does H. And so on. This proposition is not very useful as is, and is just here to
show you a property shared by isomorphic groups.
There are clearly infinitely many properties that will be shared by isomorphic groups. However, the
earlier examples show that some properties are not shared by isomorphic groups. For example, the elements
of one group may be letters, while the elements of the other are numbers. “Having the same kind of elements”
is not a group-theoretic property. Likewise, the operation in one group may be addition of numbers, while
the operation in the other could be composition of functions. “Having the same kind of binary operation”
is not a group-theoretic property.

Example. (Showing groups aren’t isomorphic by considering orders of elements)

(a) Show that Z2 × Z2 and Z4 are not isomorphic.

(b) Show that Z2 × Z2 × Z2 , Z2 × Z4 , and Z8 are not isomorphic.

(a) Both groups have 4 elements; however, every element of Z2 × Z2 has order 1 or 2. If (x, y) ∈ Z2 × Z2 ,
then
2 · (x, y) = (2x, 2y) = (0, 0).

Therefore, the order of (x, y) divides 2, and the only positive divisors of 2 are 1 and 2.
On the other hand, Z4 has two elements of order 4 (namely 1 and 3). Having different numbers of
elements of a given order is a group property. Since these groups differ in this respect, they aren’t isomorphic.

(b) Z2 × Z2 × Z2 , Z2 × Z4 , and Z8 are all abelian groups of order 8. However, their elements have different
orders.

8
 Every element of Z2 × Z2 × Z2 has order 1 or 2. For if (x, y, z) ∈ Z2 × Z2 × Z2 , then

2 · (x, y, z) = (2x, 2y, 2z) = (0, 0, 0).

Therefore, the order of (x, y, z) divides 2, and the only positive divisors of 2 are 1 and 2.
Every element of Z2 × Z4 has order 1, 2, or 4. For if (x, y) ∈ Z2 × Z4 , then

4 · (x, y) = (4x, 4y) = (0, 0).

Therefore, the order of (x, y) divides 4, and the only positive divisors of 2 are 1, 2, and 4. Note that
(0, 1) is an element of order 4. This means that Z2 × Z4 can’t be isomorphic to Z2 × Z2 × Z2 , since the latter
has no elements of order 4.
Z8 has elements of order 8. (1 has order 8, for example.) Therefore, it can’t be isomorphic to Z2 ×Z2 ×Z2
or to Z2 × Z4 , since these two groups have no elements of order 8.
Therefore, the three groups aren’t isomorphic.

c 2018 by Bruce Ikenaga 9

 1-20-2018

Matrix Groups
Many groups have matrices as their elements. The operation is usually either matrix addition or matrix
multiplication.

Example. Let G denote the set of all 2 × 3 matrices with real entries. (Remember that “2 × 3” means the
matrices have 2 rows and 3 columns.) Here are some elements of G:
√ #
1.17 −2.46 π 3
    "
1 2 3 0 0 0
, , 22 .
4 5 6 0 0 0 147.2 0
7

Show that G is a group under matrix addition.

If you add two 2 × 3 matrices with real entries, you obtain another 2 × 3 matrix with real entries:
     
a b c u v w a+u b+v c+w
+ = .
d e f x y z d+x e+y f +z

That is, addition yields a binary operation on the set.

You should know from linear algebra that matrix addition is associative.
The identity element is the 2 × 3 zero matrix:
           
0 0 0 a b c a b c a b c 0 0 0 a b c
+ = , + = .
0 0 0 d e f d e f d e f 0 0 0 d e f

The inverse of a 2 × 3 matrix under this operation is the matrix obtained by negating the entries of the
original matrix:
           
a b c −a −b −c 0 0 0 −a −b −c a b c 0 0 0
+ = , + = .
d e f −d −e −f 0 0 0 −d −e −f d e f 0 0 0

Notice that I don’t get a group if I try to apply matrix addition to the set of all matrices with real
entries. This does not define a binary operation on the set, because matrices of different dimensions can’t
be added.
In general, the set of m × n matrices with real entries — or entries in Z, Q, C, or Zn for n ≥ 2 form a
group under matrix addition.
As a special case, the n × n matrices with real entries forms a group under matrix addition. This group
is denoted M (n, R). As you might guess, M (n, Q) denotes the group of n × n matrices with rational entries
(and so on).

Example. Let G be the group of 3 × 4 matrices with entries in Z3 under matrix addition.

(a) What is the order of G?

 
1 1 2
(b) Find the inverse of in G.
0 2 1

(a) A 3 × 4 matrix has 3 · 4 = 12 entries. Each entry can be any one of the 3 elements of Z3 . Therefore,
there are 312 = 531441 elements.

1
(b)      
1 1 2 2 2 1 0 0 0
+ = .
0 2 1 0 1 2 0 0 0
 
2 2 1
Hence, the inverse is .
0 1 2

Example. Let   
0 x
G= x, y ∈ R .
0 y
In words, G is the set of 2 × 2 matrices with real entries having zeros in the first column.
Show that G is a group under matrix addition.

First,      
0 x1 0 x2 0 x1 + x2
+ = ∈ G.
0 y1 0 y2 0 y1 + y2
That is, if you add two elements of G, you get another element of G. Hence, matrix addition gives a
binary operation on the set G.
From linear algebra,
 you  know that matrix addition is associative.
0 0
The zero matrix is the identity under matrix addition; it’s an element of G, since its first column
0 0
is all-zero.    
0 x 0 −x
Finally, the additive inverse of an element ∈ G is , which is also an element of G.
0 y 0 −y
Thus, every element of G has an inverse.
All the axioms for a group have been verified, so G is a group under matrix addition.

Example. Consider the set of matrices

  
1 x
G= x ∈ R, x≥0 .
0 1

(Notice that x must be nonnegative). Is G a group under matrix multiplication?

First, suppose that x, y ∈ R, x, y ≥ 0. Then

    
1 x 1 y 1 x+y
= .
0 1 0 1 0 1
 
1 x+y
Now x + y ≥ 0, so ∈ G. Therefore, matrix multiplication gives a binary operation on G.
0 1
I’ll take for granted the fact that 
matrixmultiplication is associative.
1 0
The identity for multiplication is , and this is an element of G.
0 1
However, not all elements of G have inverses. To give a specific counterexample, suppose that for x ≥ 0
    
1 x 1 2 1 0
=
0 1 0 1 0 1

Then    
1 x+2 1 0
= .
0 1 0 1

2
  
1 2
Hence, x + 2 = 0 and x = −2. This contradicts x ≥ 0. Hence, the element of G does not have
0 1
an inverse.
Therefore, G is not a group under matrix multiplication.

Example. GL(n, R) denotes the set of invertible n × n matrices with real entries, the general linear
group. Show that GL(n, R) is a group under matrix multiplication.

First, if A, B ∈ GL(n, R), I know from linear algebra that det A 6= 0 and det B 6= 0. Then

det(AB) = (det A) · (det B) 6= 0.

Hence, so AB ∈ GL(n, R). This proves that GL(n, R) is closed under matrix multiplication.
I will take it as known from linear algebra that matrix multiplication is associative.
The identity matrix is the n × n matrix

1 0 ··· 0
 
0 1 ··· 0
I=
 ... .. . . ..  .
. . .
0 0 ··· 1

It is the identity for matrix multiplication: AI = A = IA for all A ∈ GL(n, R).

Finally, since GL(n, R) is the set of invertible n × n matrices, every element of GL(n, R) has an inverse
under matrix multiplication.

Example. GL(2, Z3 ) denotes the set of 2 × 2 invertible matrices with entries in Z3 . The operation is matrix
multiplication — but note that all the arithmetic is performed in Z3 .
For example,     
2 1 1 1 1 0
= .
1 2 2 1 2 0

The proof that GL(2, Z3 ) is a group under matrix multiplication follows the proof in the last example.
(In fact, the same thing works with any commutative ring in place of R or Z3 ; commutative rings will be
discussed later.)
 
1 1
(a) What is the order of ?
0 1
 
2 1
(b) Find the inverse of .
2 2

(a) Notice that

 2    3  
1 1 1 2 1 1 1 0
= and = .
0 1 0 1 0 1 0 1
 
1 1
Therefore, has order 3 in GL(2, Z3 ).
0 1

(b) Recall the formula for the inverse of a 2 × 2 matrix:

 −1  
a b 1 d −b
= .
c d ad − bc −c a

3
 The formula works in this situation, but you have to interpret the fraction as a multiplicative inverse:
 −1  
a b d −b
= (ad − bc) −1
.
c d −c a

Thus,
 −1      
2 1 2 2 2 2 1 1
= (2−1 ) = 2 cdot = .
2 2 1 2 1 2 2 1

2 1
On the other hand, the matrix is not an element of GL(2, Z3 ). It has determinant 2·2−1·1 = 0,
1 2
so it’s not invertible.

Example. Show that the following set is a subgroup of GL(2, R):

n o
SL(2, R) = A ∈ GL(2, R) det A = 1

Suppose A, B ∈ SL(2, R). Then

det(AB) = (det A)(det B) = 1 · 1 = 1.

Hence, AB ∈ SL(2, R).

Since det I = 1, the identity matrix is in SL(2, R).
Finally, if A ∈ SL(2, R), then AA−1 = I implies that

(det A)(det A−1 ) = det I = 1.

But det A = 1, so det A−1 = 1, and hence A−1 ∈ SL(2, R).

Therefore, SL(2, R) is a subgroup of GL(2, R).

c 2018 by Bruce Ikenaga 4

 1-17-2018

Divisibility
You probably know that division can be defined in terms of multiplication. If m and n are integers, m
divides n if n = mk for some integer k. In this section, I’ll look at properties of the divisibility relation.
I’ll begin by discussing the Division Algorithm, which tells you something you’ve known since grade
school — namely, that you can divide one integer by another. Note that this isn’t the long-division algorithm,
which tells you how to divide one integer by another. The Division Algorithm follows from the Well-Ordering
Axiom for the nonnegative integers.

Well-Ordering Axiom. The positive integers Z+ are well-ordered — that is, every nonempty subset of
the positive integers has a smallest element.

Even though your experience with the integers may lead you to think this is obvious, it’s actually an
axiom of the positive integers Z+ . It has many important consequences; mathematical induction is one,
and the Division Algorithm is another.
Note that Well-Ordering applies to nonempty subsets of the nonnegative integers as well. If such a
subset contains 0, then 0 is the smallest element; if the subset doesn’t contain 0, then it consists of only
positive integers, and Well-Ordering for the positive integers implies that it has a smallest element.

Example. (Applying the Well-Ordering Axiom) Show that there is no positive integer less than 1.

In this proof, I’m going to assume familiar facts about inequalities involving integers, since the point is
to illustrate how you might use Well-Ordering.
Suppose that there is a positive integer less than 1. Let S be the set of positive integers less than 1.
Then S is nonempty, so by Well-Ordering, S has a smallest element.
Suppose that x is the smallest element of S. Now 0 < x < 1, so multiplying by x, I get

0 < x2 < x, and x < 1, so 0 < x2 < x < 1.

Thus, x2 is a positive integer less than 1 which is smaller than x. This is a contradiction. Therefore,
there is no positive integer less than 1.

Theorem. (The Division Algorithm) Let a and b be integers, with b > 0. There are unique integers q
and r such that
a = b · q + r, and 0 ≤ r < b.

Of course, q is the quotient and r is the remainder.

Proof. What is division? Division is successive subtraction. Therefore, you ought to be able to find r by
subtracting multiples of b from a until the result becomes negative. For example, if you’re dividing 23 by 7,
you’d do this:

23 − 7 = 16, 23 − 2 · 7 = 9, 23 − 3 · 7 = 2, 23 − 4 · 7 = −5. (Negative!)

The quotient is 3 — the last multiple of 7 which gave a nonnegative result. The last nonnegative result
is the remainder, which is 2.
To do the proof, I have to take the idea exhibited in this example and write it out in general (with a,
b, q, and r instead of specific numbers).
Look at the set of integers
S = {a − bn | n ∈ Z}.

1
 a
If I choose n < (as I can — there’s always an integer less than any number), then bn < a, so a−bn > 0.
b
This choice of n produces a positive integer a − bn in S. So the subset T consisting of nonnegative integers
in S is nonempty.
Since T is a nonempty set of nonnegative integers, I can apply Well-Ordering. It tells me that there is
a smallest element r ∈ T . Thus, r ≥ 0, and r = a − bq for some q (because r ∈ T , T ⊂ S, and everything in
S has this form).
Moreover, if r ≥ b, then r − b ≥ 0, so

a − bq − b ≥ 0, or a − b(q + 1) ≥ 0.

So a − b(q + 1) ∈ T , but r = a − bq > a − b(q + 1). This contradicts my assumption that r was the
smallest element of T .
All together, I now have r and q such that

a = b · q + r, and 0 ≤ r < b.

To show that r and q are unique, suppose r′ and q ′ also satisfy these conditions:

a = b · q ′ + r′ , and 0 ≤ r′ < b.

Then
b · q + r = b · q ′ + r′ , so b(q − q ′ ) = r′ − r.
But r and r′ are two nonnegative numbers less than b, so they are both in the range 0 ≤ x < b.
Therefore, they have to be less than b units apart. But the last equation says they are |b(q − q ′ )| units apart
— a multiple of b).
The only way r and r′ can be less than b units apart and a multiple of b units apart is if the multiple
in question is 0. That is, |b(q − q ′ )| = 0. Since b > 0, this means that q − q ′ = 0, or q = q ′ . If I plug q = q ′
back into b(q − q ′ ) = r′ − r, I find that r′ − r = 0, so r = r′ . This proves that r and q are unique.

Example. (Applying the Division Algorithm) (a) Find the quotient and remainder when the Division
Algorithm is applied to divide 99 by 13.

(b) Find the quotient and remainder when the Division Algorithm is applied to divide −99 by 13.
(a)
99 = 7 · 13 + 8.
The quotient is 7 and the remainder is 8. According to the proof of the theorem, 8 should be the smallest
positive number of the form 99 + k · 13. In this case,

8 = 99 + (−7) · 13.

Clearly, adding multiples of 13 to 99 + (−7) · 13 will give numbers larger than 8, whereas subtracting
multiples of 13 from 99 + (−7) · 13 will give negative numbers.

(b)
−99 = (−8) · 13 + 5.
Note that 0 ≤ 5 < 13. I don’t write −99 = (−7) · 13 + −8 (even though the equation is correct), because
−8 is not between 0 and 13. The Division Algorithm always produces a nonnegative remainder.

Definition. If m and n are integers, then m divides n if mk = n for some integer k.

2
 The notation m | n means that m divides n; m 6 | n means that m does not divide n.

Remarks. (a) Some people prefer to require that m 6= 0 when you write “m | n”. Note that if m = 0 and
m | n, then 0 | n. This means 0 · k = n for some k, so n = 0. So the only divisibility statement you can make
of the form “0 | n” is “0 | 0”, which isn’t that interesting.
This issue is different from the idea that “you can’t divide by 0”, which means that 0 does not have a
multiplicative inverse. We’ll see later that in any commutative ring with identity, 0−1 can’t be defined
(unless the ring is the zero ring).
The definition of divisibility above makes no reference to multiplicative inverses or an operation of
division: It’s defined entirely in terms of multiplication.
n
(b) Be careful not to write “ ”, “n/m”, or “n ÷ m” when you mean “m | n”!
m
n
“ ”, “n/m”, and “n ÷ m” all mean “n divided by m”. Notice that this isn’t a statement, since it’s not
m
a complete sentence that can be true or false — it’s an expression. On the other hand, “m | n” means “m
divides n”, which is a statement.

Example. Apply the definition of divisibility to show that:

(a) 6 | 72.

(b) −8 | 24.

(c) 1 | n for all n ∈ Z.

(d) n | 0 for all n ∈ Z.

(a) Since 6 · 12 = 72, I have 6 | 72.

(b) Since (−8) · (−3) = 24, I have −8 | 24.

(c) Since 1 · n = n, I have 1 | n for all n ∈ Z.

(d) Since n · 0 = 0, I have n | 0 for all n ∈ Z.

Proposition.

(a) Let m, n ∈ Z. If m | n and n | p, then m | p.

(b) Let m, n, p ∈ Z. If m | n and m | p, then m | an + bp for all a, b ∈ Z.

This is often expressed by saying that if m divides two numbers, it divides any integer linear combi-
nation of the two numbers.

(c) Let m, n ∈ Z. If m | n, then m | an for all a ∈ Z.

(d) Let m, n, p ∈ Z. If m | n and m | p, then m | n + p.

This is often expressed by saying that if m divides two numbers, it divides their sum. It’s also true that
if m divides two numbers, it divides their difference.

(e) If m | n and m, n ∈ Z+ , then m ≤ n.

Proof. The idea in divisibility proofs is often to translate statements like “m | n” into equations like
“mk = n”, then work with the equations.

(a) m | n implies mk = n for some k. n | p implies nj = p for some j. Substituting the first equation into

3
the second gives
(mk)j = p, i.e. m(kj) = p.
Therefore, m | p.

(b) m | n implies mj = n for some j. And m | p implies mk = p for some k. Then

an + bp = a(mj) + b(mk) = n(aj + bk).

Hence, m | an + bp.

(c) Taking b = 0 and p = 0 in (b), I find that m | n and m | 0 implies

m | an + 0 · 0 = an.

(d) Taking a = b = 1 in (b), I find that m | n and m | p implies

m | 1 · n + 1 · p = n + p.

(e) Suppose m | n and m, n ∈ Z+ . m | n implies mk = n for some k ∈ Z; k must be a positive integer, since
m and n are positive integers. Thus, k ≥ 1, and multiplying both sides of this inequality by m gives

n = mk ≥ m.

Example. (Proving a divisibility property) (a) Give an example of integers m and n such that | n and
n | n but m 6= n.

(b) Prove that if m and n are positive integers, m | n, and n | m, then m = n.

(a) 7 | −7 and −7 | 7, but 7 6= −7.

(b) One approach is to use property (e) of the preceding lemma. Since m and n are positive integers, m | n
implies m ≤ n, and n | m implies n ≤ m. The two inequalities imply that m = n.
Here’s another proof which uses the definition of divisibility.
Since m | n, ma = n for some a ∈ Z. Since n | m, nb = m for some b ∈ Z. Hence, m(ab) = m. Since
m > 0, I may cancel it from both sides to obtain ab = 1.
a and b are integers, so either a = b = 1 or a = b = −1. But if a = −1, then m · (−1) = n, which is
impossible since m and n are positive. Therefore, a = 1, so m = n.

Example. (Even and odd integers) An integer n ∈ Z is even if 2 | n. An integer is odd if it is not even.

(a) Prove that even integers can be written in the form 2m for some m ∈ Z, and odd integers can be written
in the form 2m + 1 for some m ∈ Z.

(b) Prove that if n ∈ Z is even, so is n2 + 5n + 6.

If n is even, then 2 | n, so 2m = n for some m ∈ Z.

Suppose n is odd. Use the Division Algorithm to divide n by 2, obtaining a quotient of m and a
remainder of r:
n = 2m + r, where 0 ≤ r < 2.
Now 0 ≤ r < 2 implies that r = 0 or r = 1. If r = 0, the equation says n = 2m, which means that n is
even. But n was odd, so this is a contradiction. Therefore, r = 1, and n = 2m + 1.

4
(b) Suppose n ∈ Z is even. By (a), n = 2m for some m ∈ Z. Then

n2 + 5n + 6 = (2m)2 + 5(2m) + 6
= 4m2 + 10m + 6
= 2(2m2 + 5m + 3)

I’ve expressed n2 + 5n + 6 as 2 times an integer, so n2 + 5n + 6 is even.

Note: In this proof, I’m only using properties of divisibility and the definition of “even”. So (for instance)
I can’t stop with “4m2 + 10m + 6” and say that “the sum of even numbers is even”, because I haven’t proven
yet that the sum of even numbers is even.

Example. Is there an integer n such that 7 | n2 + n + 1 and 7 | n + 1?

No. Assume that 7 | n2 + n + 1 and 7 | n + 1 for some n. Then 7 must divide any integer linear
combination of n2 + n + 1 and n + 1, so

7 | (n2 + n + 1) − n(n + 1) = n2 + n + 1 − n2 − n = 1.

This contradiction shows that there is no such n.

Example. Prove that if m is a positive integer and n is an integers such that m | 4n + 7 and m | 3n + 5,
then m = 1.

One of the divisibility properties implies that m must divide any integer linear combination of 4n + 7
and 3n + 5. So the idea is to construct a linear combination of 4n + 7 and 3n + 5 which adds up to 1. If
this is to happen, the n’s have to cancel; one way to get this to happen is to switch the “4” and the “3” and
negate one of them:
m | 3(4n + 7) − 4(3n + 5) = 1.
Since m is a positive integer which divides 1, I must have m = 1.

c 2018 by Bruce Ikenaga 5

 1-21-2018

Greatest Common Divisors

Definition. If m and n are integers, not both 0, the greatest common divisor (m, n) of m and n is
the largest integer which divides m and n. (0, 0) is undefined. I’ll often get lazy and abbreviate “greatest
common divisor” to “gcd”.

Example. (Greatest common divisors for small integers) Find by direct computation (4, 6), (−6, 15),
(0, 42), and (24, 25).

The largest integer which divides 4 and 6 is 2:

(4, 6) = 2.

The largest integer which divides −6 and 15 is 3:

(−6, 15) = 3.

The largest integer which divides 42 and 0 is 42:

(0, 42) = 42.

Finally, the largest integer which divides 24 and 25 is 1:

(24, 25) = 1.

Here are some easy properties of the greatest common divisor.

Proposition. Let a, b ∈ Z, and suppose a and b aren’t both 0.

(a) (a, b) | a and (a, b) | b.

(b) (a, b) exists, and (a, b) ≥ 1.

(c) (a, b) = (b, a).

(d) If a 6= 0, then (a, 0) = |a|.

(e) (a, b) = (|a|, |b|).

(f) (a, 1) = 1.

Proof. (a) That (a, b) | a and (a, b) | b follows directly from the definition of (a, b). (I’m singling this out
even though it’s easy, because it’s a property that is often used.)

(b) On the one hand, the set of common divisors is finite (because a common divisor can’t be larger than
|a| or |b|), so it must have a largest element.
Now 1 | a and 1 | b, so 1 is a common divisor of a and b. Hence, the greatest common divisor (a, b) must
be at least as big as 1 — that is, (a, b) ≥ 1.

(c) The largest integer which divides both a and b is the same as the largest integer which divides both b
and a.

1
(d) |a| | a, since (±1)|a| = a, and |a| | 0, since |a| · 0 = 0. Thus, |a| is a common divisor of a and 0, so
|a| ≤ (a, 0).
But (a, 0) | a | |a|, so (a, 0) ≤ |a|. Hence, (a, 0) = |a|.

(e) (a, b) divides a, so it divides |a|. Likewise, (a, b) divides |b|. Since (a, b) is a common divisor of |a| and
|b|, I have (a, b) ≤ (|a|, |b|).
In similar fashion, (|a|, |b|) is a common divisor of a and b, so (|a|, |b|) ≤ (a, b).
Therefore, (a, b) = (|a|, |b|).

(f) (a, 1) | 1, but (a, 1) ≥ 1. The only positive integer that divides 1 is 1. Hence, (a, 1) = 1.

I’ll use the Division Algorithm to derive a method for computing the greatest common divisor of two
numbers. The idea is to perform the Division Algorithm repeatedly until you get a remainder of 0. First, I
need a lemma which is useful in its own right.

Lemma. If a and b are integers, not both 0, and k is an integer, then

(a, b) = (a + kb, b).

Proof. If d divides a and b, then d divides kb, so d divides a + kb. Thus, d is a common divisor of a + kb
and b.
If d divides a + kb and b, then d divides kb, so d divides (a + kb) − kb = a. Thus, d is a common divisor
of a and b.
I’ve proved that the set of common divisors of a and b is the same as the set of common divisors of a + kb
and b. Since the two sets are the same, they must have the same largest element — that is, (a, b) = (a+kb, b).

The lemma says that the greatest common divisor of two numbers is not changed if I change one of the
numbers by adding or subtracting an integer multiple of the other. This can be useful by itself in determining
greatest common divisors.

Example. Prove that if n is an integer, then

(2n2 + 5n + 5, n2 + 2n + 2) = 1.

The idea is to subtract multiples of one number from the other to reduce the powers until I get an
expression which is clearly equal to 1.

(2n2 + 5n + 5, n2 + 2n + 2) = (2n2 + 5n + 5 − 2(n2 + 2n + 2), n2 + 2n + 2)

= (n + 1, n2 + 2n + 2)
= (n + 1, n2 + 2n + 2 − n(n + 1))
= (n + 1, n + 2)
= (n + 1, n + 2 − (n + 1)
= (n + 1, 1)
=1

Theorem. (The Euclidean Algorithm) Let a0 , a1 ∈ Z+ , and suppose a0 ≥ a1 . Define q1 , q2 , . . . and a2 ,

2
a3 , . . . by recursively applying the Division Algorithm:

a 0 = a 1 q1 + a 2 , where 0 ≤ a2 < a1
a 1 = a 2 q2 + a 3 , where 0 ≤ a3 < a2

..
.
ak = ak+1 qk+1 + ak+2 , where 0 ≤ ak+2 < ak+1
..
.

Then:

(a) The process will terminate with an+1 = 0 for some n.

(b) At the point when the process terminates, (a0 , a1 ) = an .

Proof. There is no question that I can apply the Division Algorithm as described above, as long as ak 6= 0.
First, I’ll show that the process terminates with an+1 = 0 for some n.
Note that a1 > a2 > a3 > · · · is a decreasing sequence of nonnegative integers. The well-ordering
principle implies that this sequence cannot be infinite. Since the only way the process can stop is if a
remainder is 0, I must have an+1 = 0 for some n.
Suppose an+1 is the first remainder that is 0. I want to show (a0 , a1 ) = an .
At any stage, I’m starting with ak and ak+1 and producing qk+1 and ak+2 using the Division Algorithm:

ak = ak+1 qk+1 + ak+2 , where 0 ≤ ak+2 < ak+1 .

Since ak+2 = ak − ak+1 qk+1 , the previous lemma implies that

(ak , ak+1 ) = (ak − ak+1 qk+1 , ak+1 ) = (ak+2 , ak+1 ) = (ak+1 , ak+2 ).

This means that

(a0 , a1 ) = (a1 , a2 ) = · · · = (an , an+1 ) = (an , 0) = an .
In other words, each step leaves the greatest common divisor of the pair of a’s unchanged. Thus,
(a0 , a1 ) = an .

Example. (Using the Euclidean algorithm to find a greatest common divisor) Use the Euclidean
algorithm to compute (51, 36).

Write
51 = 1 · 36 + 15
36 = 2 · 15 + 6
15 = 2·6 + 3
6 = 2·3 + 0
To save writing — and to anticipate the setup I’ll use for the Extended Euclidean Algorithm later —
I’ll arrange the computation in a table:
51 -
36 1
15 2
6 2
3 2

3
 The greatest common divisor is the last nonzero remainder (3). Hence, (51, 36) = 3.

Definition. If a and b are things, a linear combination of a and b is something of the form sa + tb, where
s and t are numbers. (The kind of “number” depends on the context.)

The next result is a key fact about greatest common divisors.

Theorem. (Extended Euclidean Algorithm) (a, b) is a linear combination of a and b: (a, b) = sa + tb

for some integers s and t.

Note: s and t are not unique.

Proof. The proof will actually give an algorithm which constructs a linear combination. It is called a
backward recurrence, and it appears in a paper by S. P. Glasby [2]. It will look a little complicated, but
you’ll see that it’s really easy to use in practice.
(a, b) is only defined if at least one of a, b is nonzero. If a 6= 0, (a, 0) = a and a = 1 · a + 0 · 0. This
proves the result if one of the numbers is 0, so I may as well assume both are nonzero. Moreover, since
(a, b) = (|a|, |b|), I can assume both numbers are positive.
Suppose a ≥ b. Apply the Euclidean Algorithm to a0 = a and a1 = b, and suppose that an is the last
nonzero remainder:
a0 = a1 q1 + a2 , where 0 ≤ a2 < a1
a 1 = a 2 q2 + a 3 , where 0 ≤ a3 < a2

..
.
ak = ak+1 qk+1 + ak+2 , where 0 ≤ ak+2 < ak+1
..
.
an−1 = an qn + 0.
I’m going to define a sequence of numbers yn , yn−1 , . . . y1 , y0 . They will be constructed recursively,
starting with yn , yn−1 and working downward to y0 . (This is why this is called a backward recurrence.)
Define yn = 0 and yn−1 = 1. Then define

yk−1 = qk yk + yk+1 for k = n − 2, . . . , 2, 1.

Now I claim that

(−1)n+k+1 ak−1 yk + (−1)n+k ak yk−1 = an for 1 ≤ k ≤ n.

I will prove this by downward induction, starting with k = n and working downward to k = 1.
For k = n, I have

(−1)2n+1 an−1 yn + (−1)2n an yn−1 = −an−1 yn + an yn−1 = −an−1 · 0 + an · 1 = an .

The result holds for k = n.

Next, suppose 1 < k < n. Suppose the result holds for k + 1, i.e.

(−1)n+k+2 ak yk+1 + (−1)n+k+1 ak+1 yk = an .

I want to prove the result for k. Substitute yk+1 = yk−1 − qk yk in the preceding equation and simplify:

an = (−1)n+k+2 ak yk+1 + (−1)n+k+1 ak+1 yk = (−1)n+k+2 ak (yk−1 − qk yk ) + (−1)n+k+1 ak+1 yk =

(−1)n+k ak (yk−1 − qk yk ) + (−1)n+k+1 ak+1 yk = (−1)n+k ak yk−1 + (−1)n+k+1 ak qk yk + (−1)n+k+1 ak+1 yk =

4
 (−1)n+k ak yk−1 + (ak qk + ak+1 )(−1)n+k+1 yk = (−1)n+k ak yk−1 + (−1)n+k+1 ak−1 yk .
This proves the result for k, so the result holds for 1 ≤ k ≤ n, by downward induction.
In particular, for k = 1, the result says

an = (−1)n+1 a1 y0 + (−1)n+2 a0 y1 = (−1)n+1 a1 y0 + (−1)n a0 y1 = ((−1)n y1 ) a0 + (−1)n+1 y0 a1 .

Since an = (a0 , a1 ), I’ve expressed (a0 , a1 ) as a linear combination of a0 and a1 .

Remark. There are many algorithms (like the one in the proof) which produce a linear combination. This
one is pretty good for small computations which you’re doing by hand.
One drawback of this algorithm is that you need to know all of the quotients (the q’s) in order to work
backwards to get the linear combination. This isn’t bad for small numbers, but if you’re using large numbers
on a computer, you’ll need to store all the intermediate results. There are algorithms which are better if
you’re doing large computations on a computer (see [1], page 300).

It’s difficult to overemphasize the importance of this result! It has many applications — from proving
results about greatest common divisors, to solving Diophantine equations. I’ll give some examples which
illustrate the result, then discuss how you use the algorithm in the theorem.
Before I give examples of the algorithm, I’ll look at some other ways of finding a linear combination.

Definition. Let a, b ∈ Z. a and b are relatively prime if (a, b) = 1.

Example. (A linear combination for a greatest common divisor) Show that 12 and 25 are relatively
prime. Write their greatest common divisor as as linear combination with integer coefficients of 12 and 25.
In some cases, the numbers are nice enough that you can figure out a linear combination by trial and error.
In this case, it’s clear that 12 = 22 · 3 and 25 = 52 are relatively prime. So (12, 25) = 1; to get a linear
combination, I need multiples of 12 and 25 which differ by 1. Here’s an easy one:

(−2) · 2 + 1 · 25 = 1.

Note that 23 · 12 + (−11) · 25 = 1, so the linear combination is not unique.

Example. (Finding a linear combination by algebra) Use the Division Algorithm computations in the
Euclidean algorithm to find an integer linear combination of 51 and 36 that is equal to (51, 36) = 3.

It’s possible — but tedious — to use the computations in the Euclidean algorithm to find linear combi-
nations. For (51, 36), I have
51 = 1 · 36 + 15
36 = 2 · 15 + 6
15 = 2 · 6 + 3
6=2·3+0
The third equation says 3 = 15 − 2 · 6.
By the second equation, 6 = 36 − 2 · 15, so

3 = 15 − 2 · (36 − 2 · 15) = 5 · 15 − 2 · 36.

The first equation says 15 = 51 − 36, so

3 = 5 · (51 − 36) − 2 · 36 = 5 · 51 − 7 · 36.

I’ve expressed the greatest common divisor 3 as a linear combination of the original numbers 51 and 36.
I don’t recommend this approach, since the proof of the Extended Euclidean Algorithm gives a method
which is much easier and less error-prone.

5
Example. (Finding a linear combination using the backward recursion) Find (187, 102) and express
it as a linear combination with integer coefficients of 187 and 102.

In this example, I’ll show how you can use the bakcward recursion to obtain a linear combination. I’ll
arrange the computations in the form of a table; the table is simply an extension of the table I used for the
Euclidean algorithm.
In this example only, I’m labelling the columns with the variable names a, q, and y from the proof so
you can see the correspondence. Normally, I’ll omit them.
Here’s how you start:

a q y

187 -

102

(You can save a step by putting the larger number first.)

The a and q columns are filled in using the Euclidean algorith, i.e. by successive division: Divide the
next-to-the-last a by the last a. The quotient goes into the q-column, and the remainder goes into the
a-column.
a q y a q y

187 - 187 -

102 1 102 1

85 85 1

17

Divide 187 by 102; Divide 102 by 85;

Quotient 1, remainder 85. Quotient 1, remainder 17.
When the division comes out evenly, you stop adding rows to the table. In this case, 85 divided by 17
is 5, and the remainder is 0.

a q y

187 -

102 1

85 1

17 5

The last entry in the a-column is the greatest common divisor. Thus, (187, 102) = 17.

6
 Having filled in the a and q columns, you now fill in the y-column from bottom to top. You always start
in the same way: The last y is always 0 and the next-to-the-last y is always 1:

a q y

187 -

102 1

85 1 1

17 5 0

Then, working from bottom to top, fill in the y’s using the rule

(next y) = (last q) · (last y) + (next-to-last y).

This comes from the recursion formula in the Extended Euclidean Algorithm Theorem:

ak = ak+1 qk+1 + ak+2 .

It’s probably easier to show than it is to explain:

a q y a q y

187 - 187 - 2

102 1 1 102 1 1

85 1 1 85 1 1

17 5 0 17 5 0

1·1+0=1 1·1+1=2

To get the linear combination, form the products of the top two a’s and y’s diagonally and subtract one
from the other:
a q y

187 - 2

102 1 1

85 1 1

17 5 0

Thus,
17 = (187, 102) = (2)(102) − (1)(187).

7
 How do you know the order for the subtraction? The proof gives a formula, but the easiest thing is to
pick one of the two ways, then fix it if it isn’t right. If you subtract “the wrong way”, you’ll get a negative
number. For example,
(1)(187) − (2)(102) = −17.

Since I know the greatest common divisor should be 17 — it’s the last number in the a-column — I just
multiply this equation by −1:
(−1)(187) + (2)(102) = 17.

This way, you don’t need to memorize the exact formula.

Example. (Finding a linear combination using the backward recursion) Compute (246, 194) and
express it as an integer linear combination of 246 and 194.

246 - 52
194 1 41
52 3 11
38 1 8
14 2 3
10 1 2
4 2 1
2 2 0

Thus,
2 = (246, 194) = 52 · 194 − 41 · 246.

Example. (The converse of the linear combination result) Give specific numbers a, b, m, n and d
such that
am + bn = d but (m, n) 6= d.

The converse of the linear combination result is not always true. That is, if sa+tb = z for some numbers
s and t, it’s not necessarily true that z = (a, b).
For example, 15 = 1 · 51 + (−1) · 36. But (51, 36) = 3 6= 15.

There’s an important situation in which the linear combination result does work backwards: namely,
when the greatest common divisor is 1. The next result makes this precise, and also shows how you can use
the linear combination rule to prove results about greatest common divisors.

Proposition. Let a, b ∈ Z. Then (a, b) = 1 if and only if

sa + tb = 1 for some s, t ∈ Z.

Proof. The greatest common divisor of a and b can be written as a linear combination of a and b. Therefore,
if (a, b) = 1, then
1 = (a, b) = sa + tb for some s, t ∈ Z.

8
 Conversely, suppose that sa + tb = 1 for some s, t ∈ Z. (a, b) divides a and (a, b) divides b, so (a, b)
divides sa+tb = 1. But (a, b) is a positive integer, and the only positive integer that divides 1 is 1. Therefore,
(a, b) = 1.

Example. (Using a linear combination to prove relative primality) Prove that if k is any integer,
10k + 6
then the fraction is in lowest terms.
12k + 7
116
For example, if k = 11, the fraction is , which is in lowest terms.
139
A fraction is in lowest terms if the numerator and denominator are relatively prime. So I want to show
that 10k + 6 and 12k + 7 are relatively prime.
I’ll use the previous result, noting that

6(10k + 6) + (−5)(12k + 7) = 1.

I found the coefficients by playing with numbers, trying to make the k-terms cancel.
Since a linear combination of 10k + 6 and 12k + 7 equals 1, the last proposition shows that 10k + 6 and
12k + 7 are relatively prime.

The linear combination rule is often useful in proofs involving greatest common divisors. If you’re
proving a result about a greatest common divisor, consider expressing the greatest common divisor as a linear
combination of the two numbers.

Proposition. Let a and b be integers, not both 0. If c | a and c | b, then c | (a, b).

Proof.(a, b) is a linear combination of a and b, so

(a, b) = sa + tb for some s, t ∈ Z.

Now c | a and c | b, so c | sa + tb = (a, b).

(a, b) was defined to be the greatest common divisor of a and b, in the sense that it was the largest
common divisor of a and b. The last lemma shows that you can take greatest in a different sense — namely,
that (a, b) must be divisible by any other common divisor of a and b.

Example. (Using the linear combination result to prove a greatest common divisor property)
Prove that if (a, b) = 1 and k > 0, then (ka, kb) = k.

Since (a, b) = 1,
ma + nb = 1 for some m, n ∈ Z.
Multiplying by k, I get
kma + knb = k.
(ka, kb) | ka and (ka, kb) | kb, so (ka, kb) | kma + knb = k.
On the other hand, k | ka and k | kb, so k | (ka, kb).
Since k and (ka, kb) are positive integers, (ka, kb) = k.

9
[1] Alfred Aho, John Hopcroft, and Jeffrey Ullman, The Design and Analysis of Computer Algorithms.
Reading, Massachusetts: Addison-Wesley Publishing Company, 1974.

[2] S. P. Glasby, Extended Euclid’s algorithm via backward recurrence relations, Mathematics Magazine,
72(3)(1999), 228–230.

c 2018 by Bruce Ikenaga 10

 10-14-2019

Prime Numbers
Definition. An integer n greater than 1 is prime if the only positive divisors of n are 1 and n.
A positive integer n which has a positive divisor other than 1 or n is composite.

People are often puzzled by the fact that 1 is not considered to be prime. Excluding 1 is a convention
which makes other things more convenient (such as the statement of the Fundamental Theorem of
Arithmetic).

Example. (Small prime numbers and composite numbers) List the prime and composite numbers
in the set {1, 2, . . . 10}.

Primes:
2, 3, 5, 7, ....

Composite numbers:
4, , 6, , 8, 9.

Lemma. Every integer greater than 1 is divisible by a prime number.

Proof. The result is true for 2, since 2 is prime and 2 | 2.

Let n > 2, and suppose the result is true for all positive integers greater than 1 and less than n. I want
to show that n is divisible by a prime number.
If n is prime, then n is divisible by a prime number — itself.
If n isn’t prime, then it’s composite. Therefore, n has a positive divisor m such that m 6= 1 and m 6= n.
Plainly, m can’t be larger than n, so 1 < m < n. By induction, m is divisible by some prime number p. Now
p | m and m | n, so p | n. This proves that n is divisible by a prime number, and completes the induction
step. Hence, then result is true for all integers greater than 1 by induction.

You’ve probably seen the classical proof of the next result, which goes back to Euclid. Well, in case you
haven’t (or you’ve forgotten), here it is.

Theorem. There are infinitely many prime numbers.

Proof. Suppose on the contrary that there were only finitely many primes p1 , p2 , . . . pn . Every integer
greater than 1 is either prime — so it’s one of the p’s — or it’s composite, and by the preceding lemma,
divisible by one of the p’s.
Consider the number m = p1 p2 · · · pn + 1. m leaves a remainder of 1 when it’s divided by p1 , p2 , . . . pn .
Therefore, it’s not composite. But it can’t be one of the primes, since it’s larger than all of the p’s. This is
a contradiction, so there must be infinitely many primes.

Prime numbers used to be a mathematical curiosity. In the last few decades, they’ve found important
applications — for example, to the field of cryptography. But there’s still a lot to be curious about.

Question. (Goldbach’s conjecture) Can every even integer greater than 4 be expressed as the sum
of two primes?

Goldbach’s conjecture has been verified for even numbers up to around 1014 .

Question. (Twin Prime conjecture) Twin primes are prime number which are 2 units apart (such
as 5 and 7). Are there infinitely many twin primes?

1
 The largest known twin primes as of this writing are 2996863034895 · 21290000 ± 1. They have 388 342
digits.

Question. A Mersenne prime is a prime number of the form 2n − 1, where n is a positive integer
(such as 31 = 25 − 1). Are there infinitely many Mersenne primes?

The Mersenne prime 277 232 917 − 1 is the largest known prime number as of January, 2018. It was
discovered on December 26, 2017 by Jonathan Pace as a part of GIMPS (the Great Internet Mersenne Prime
Search: www.mersenne.org). It has 23 249 425 decimal digits.

Lemma. Suppose p is prime. Then p is relatively prime to a if and only if p 6 | a.

Proof. Suppose that (p, a) = 1. I want to show that p 6 | a. Suppose on the contrary that p | a. Since p | p,
p is a common divisor of p and a. Therefore, p | (p, a) = 1. This is a contradiction, since p is prime.
Conversely, suppose p 6 | a. I want to show that (p, a) = 1.
Now (p, a) | p, and the only positive numbers that divide p and 1 and p. Therefore, (p, a) = 1 or
(p, a) = p.
Suppose (p, a) = p. Then p = (p, a) | a, which contradicts my assumption that p 6 | a.
Therefore, (p, a) 6= p, so (p, a) = 1.

Theorem. (Euclid’s lemma) Let p be prime, and suppose p | ab. Then p | a or p | b.

Proof. Let p be prime, and suppose p | ab. To show that p | a or p | b, I’ll assume that p 6 | a and prove that
p | b.
Since p 6 | a, the preceding result says that (p, a) = 1. Therefore, I can find integers m and n such that

mp + na = 1.

Multiply by b:
mpb + nab = b.

p | mpb, and by assumption p | ab, so p | nab. Therefore, p | mpb + nab = b, which is what I wanted to
prove.

Remarks. 1. There is a general version of Euclid’s lemma: If p is prime and p | a1 a2 · · · an , then p divides
at least one of the a’s.

2. If p and q are primes and p | q, then p = q. (Only 1 and q divide q, and p isn’t 1, so it must be q.) Using
this fact and the general version of Euclid’s lemma, you can show that if p and q are primes, n ≥ 1, and
p | q n , then p = q.

Example. (Using Euclid’s lemma to prove a divisibility statement) Prove that if p is prime and
p | a2 , then p | a.

Since p | a2 = a · a, Euclid’s lemma implies that p | a or p | a. Hence, p | a.

Try writing out the induction proof that shows that if p is prime, n > 2, and p | an , then p | a.

Example. (A problem on primes and squares) For what prime numbers p is 13p + 1 a perfect square?

Suppose 13p + 1 = x2 , where x ∈ Z. First, if x = 0, then 13p + 1 = 0, so 13p = −1. Since p is prime, it
is positive, and this is a contradiction.

2
 Therefore, x 6= 0, and I may assume without loss of generality that x is positive: If x is negative, then
−x is positive, and 13p + 1 = (−x)2 holds.
Thus, I’m now assuming that x > 0.
I’ll rule out another special case: If x = 1, I have 13p + 1 = 1, or 13p = 0. Since p is prime, p > 1, so
this is impossible.
Now I can assume that x > 1. This means that x − 1 > 0. Moreover, x + 1 > x − 1, so x + 1 > 0. In
other words, x − 1 and x + 1 are positive numbers.
Now I’ll proceed with the main part of the proof. I have

13p = x2 − 1 = (x − 1)(x + 1).

This says that x − 1 and x + 1 are positive factors of 13p. Since 13 and p are prime, the only positive
factors of 13p are 1, p, 13, and 13p. There are four cases.
Suppose that 13 = x − 1 and p = x + 1. The first equation gives x = 14, so p = 15. This contradicts
the fact that p is prime.
Suppose that 13 = x + 1 and p = x − 1. The first equation gives x = 12, so p = 11. 11 is prime, and
13 · 11 + 1 = 144 = 122 .
Suppose that 13p = x − 1 and 1 = x + 1. The second equation gives x = 0, but I’m assuming x > 0.
This contradiction rules out this case.
Finally, suppose that 1 = x − 1 and 13p = x + 1. The first equation gives x = 2, which yields 13p = 3 in
the second equation. But p is prime, so p > 1, and 13p > 13. Thus, 13p can’t equal 3, and this contradiction
rules out this case.
Thus, the only prime p for which 13p + 1 is a perfect square is p = 11.

Theorem. (The Fundamental Theorem of Arithmetic) Let n be an integer, n > 1. Then n can be
written as a product of prime numbers, and this product is unique up to the order of the factors.

“Up to the order of the factors” means that 2 · 3 and 3 · 2 are considered to be “the same” factorization
of 6.

Proof. First, I’ll show that every integer greater than 1 can be factored into a product of primes.
I’ll use induction. Start with n = 2; this is prime, so the result holds for n = 2.
Next, let n > 2, and suppose every integer greater than 1 and less than n can be factored into a product
of primes. If n is prime, then n is a product of primes (namely, itself), and I’m done.
Otherwise, n is composite. This implies that there are integers a and b with 1 < a, b < n such that
n = ab. Since a and b are between 1 and n, each of them can be factored into a product of primes, by the
induction hypothesis. Then n = ab shows that the same is true of n.
By induction, every integer greater than 1 can be factored into a product of primes.
Next, I want to show that the prime factorization of a positive integer is unique, up to the order of the
factors.
Suppose I have two prime factorizations of the same number:

pr11 pr22 · · · prmm = q1s1 q2s2 · · · qnsn .

Thus, the p’s and q’s are primes, all the p’s are distinct and all the q’s are distinct (but some p’s may
be q’s, and vice versa), and all the exponents are positive.
Start with p1 . It’s prime, and it divides the left side, so it divides the right side:

p1 | q1s1 q2s2 · · · qnsn .

k 1
By the general version of Euclid’s lemma, p1 must divide some qks . I can assume p1 | q1s (because if p1
1
divided one of the other q-powers, I could stop and rename everything so the one it divides is q1s ). By the
second remark following Euclid’s lemma, this implies p1 = q1 .

3
 Now the equation looks like this:

pr11 pr22 · · · prmm = ps11 q2s2 · · · qnsn .

I cancel as many p1 ’s off both sides as I can. Suppose I wind up with some left-over p1 ’s on the right:

pr22 · · · prmm = pt1 q2s2 · · · qnsn .

Now I repeat the divisibility argument. p1 divides the right side, so it divides the left side pr22 · · · prmm .
As before, this means that p1 is one of p2 , . . . , pm . This is a contradiction, because I assumed at the start
that the p’s were distinct.
This means that there can’t be any left-over p1 ’s on the right, and a similar argument shows that there
can’t be any left-over p1 ’s on the left. Hence, all the p1 ’s must have cancelled, and I have

pr22 · · · prmm = q2s2 · · · qnsn .

I continue in this way, matching up prime powers on the two sides. Eventually, everything must match
up (just as pr11 and q1s1 did), which shows that the two original factorizations were identical.
This proves that the prime factorization of an integer is unique, up to order.

Example. (Factoring a number into primes) Apply the Fundamental Theorem of Arithmetic to 3768.

I can do this by trial division:

3768 = 2 · 1884 = 2 · 2 · 942 = 2 · 2 · 2 · 471 = 2 · 2 · 2 · 3 · 157.

(157 is prime, so that’s where I stop.) Therefore, 3768 = 23 · 3 · 157.

Trial division is not a useful way of factoring numbers once they get too large. In general factoring big
integers is a hard problem involving many sophisticated methods.

Definition. If m and n are positive integers, the least common multiple of m and n is the smallest
positive integer which is divisible by both m and n. The least common multiple of m and n is denoted
[m, n].

Example. (Least common multiples) (a) Compute [24, 16].

(b) Suppose p and q are distinct primes. Compute [p2 q 5 , p4 , q 3 ].

(a) [24, 16] = 48, since 24 | 48 and 16 | 48, and no smaller positive integer is divisible by both 24 and 16.

(b) The least common multiple of p2 and p4 is p4 , since it’s clearly the smallest power of p divisible by both
p2 and p4 . You can see that for two positive powers of a prime, their least common multiple is the largest
of the two powers. So for q 5 and q 3 , the least common multiple is q 5 . Hence, [p2 q 5 , p4 , q 3 ] = p4 q 5 .

The prime factorization of a number provides a way of visualizing greatest common divisors and least
common multiples.

Example. (Finding greatest common divisors and least common multiples using prime factor-
izations) Represent the greatest common divisor and least common multiple of 120 and 280 by drawing a
Venn diagram involving their prime factorizations.

Note that
120 = 2 · 2 · 2 · 3 · 5 and 280 = 2 · 2 · 2 · 5 · 7.

4
 Arrange the prime factors of the two numbers in a Venn diagram:

120
280
3 2 2

5 2
7

The factors 2, 2, 2, and 5 are common to the two numbers. They go in the intersection (shaded), and
their product 2 · 2 · 2 · 5 = 40 is equal to the greatest common divisor (120, 280).
The least common multiple [120, 280] is the product of all the numbers in the diagram (counted once
each):
[120, 280] = 3 · (2 · 2 · 2 · 5) · 7 = 1680.
Note that if you multiply 120 and 280, this counts the primes in the intersection — whose product is
(120, 280) — twice, whereas [120, 280] counts the primes in the intersection once. It follows that

120 · 280 = [120, 280] · (120, 280).

This is true in general: If m and n are positive integers, then mn = [m, n] · (m, n). The argument above
isn’t a proof, but it makes the result plausible.

c 2018 by Bruce Ikenaga 5

 2-9-2018

Modular Arithmetic
Modular arithmetic is a way of systematically ignoring differences involving a multiple of an integer.
If n is an integer, two integers are equal mod n if they differ by a multiple of n; it is as if multiples of n are
“set equal to 0”.

Definition. Let n, x, and y be integers. x is congruent to y mod n if n | x − y. Notation:

x = y (mod n) .

Remarks. n | x − y is equivalent to the following statements:

(a) n | y − x.

(b) x = y + jn for some j ∈ Z.

(c) y = x + kn for some k ∈ Z.

I’ll often use any of these four statements as the definition of x = y (mod n).

A lot of people like to write “x ∼

= y (mod n)” instead of “x = y (mod n)”. I don’t think there’s any
harm in using an ordinary equal sign, since the “ (mod n)” makes the meaning clear. It’s also a bit shorter
to write.

Example. (Examples of congruences with numbers) (a) Demonstrate that 7 = 1 (mod 6) and
57 = −13 (mod 7).

(b) Express “x is even” and “x is odd” in terms of congruences.

(c) What does x = 0 (mod n) means in terms of divisibility?

(a)
7 = 1 (mod 6) , since 6 | 7 − 1.
57 = −13 (mod 7) , since 7 | 57 − (−13).
(b) x is even if and only if x = 0 (mod 2) and x is odd if and only if x = 1 (mod 2).
(c) x = 0 (mod n) if and only if n | x. Thus, congruences provide a convenient notation for dealing with
divisibility relations.

The following proposition says that you can work with modular equations in many of the ways that you
work with ordinary equations.

Proposition. Let n ∈ Z.

(a) If a = b (mod n) and c = d (mod n), then

a + c = b + d (mod n) .

(b) If a = b (mod n) and c = d (mod n), then

ac = bd (mod n) .

1
 (c) If a = b (mod n), then
ac = bc (mod n) .
Proof. Two ideas for these kinds of proofs:
1. You can often prove statements about congruences by reducing them to statements about divisibility.

2. You can often prove statements about divisibility by reducing them to (ordinary) equations.

(a) Suppose a = b (mod n) and c = d (mod n).

a = b (mod n) means n | a − b and c = d (mod n) means n | c − d. By properties of divisibility,

n | (a − b) + (c − d) = (a + c) − (b + d).

Therefore, a + c = b + d (mod n).

(b) Suppose a = b (mod n) and c = d (mod n).

a = b (mod n) means n | a − b, which means a − b = jn for some j ∈ Z. c = d (mod n) means n | c − d,
which means c − d = kn for some k ∈ Z. Thus, a = b + jn, c = d + kn, and hence

ac = (b + jn)(d + kn) = bd + bkn + djn + jkn2 = bd + n(bk + dj + jkn).

This gives ac − bd = n(bk + dj + jkn), so n | ac − bd, and hence ac = bd (mod n).

(c) Suppose a = b (mod n). This means that n | a − b. By properties of divisibility,

n | (a − b)c = ac − bc.

Therefore, ac = bc (mod n).

Example. (Solving a congruence) Solve 3x + 4 = 2x + 8 (mod 9).

In this case, I’ll solve the modular equation by adding or subtracting the same thing from both sides.

3x + 4 = 2x + 8 (mod 9)
− 4 = 4 (mod 9)
3x = 2x + 4 (mod 9)
− 2x = 2x (mod 9)
x = 4 (mod 9)

The solution is x = 4 (mod 9).

Example. Reduce 497 · 498 · 499 (mod 500) to a number in the range {0, 1, . . . 499}, doing the computation
by hand.

Note that

497 = −3 (mod 500) , 498 = −2 (mod 500) , 499 = −1 (mod 500) .

So
497 · 498 · 499 = (−3)(−2)(−1) = −6 = 494 (mod 500) .

The next result says that congruence mod n is an equivalence relation.

2
Proposition.

(a) (Reflexivity) a = a (mod n) for all a ∈ Z.

(b) (Symmetry) Let a, b ∈ Z. If a = b (mod n), then b = a (mod n).

(c) (Transitivity) Let a, b, c ∈ Z. If a = b (mod n) and b = c (mod n), then a = c (mod n).

Proof. (a) If a ∈ Z, then n | a − a, so a = a (mod n).

(b) If a = b (mod n), then n | a − b, so n | −(a − b) = b − a. Therefore, b = a (mod n).

(c) Suppose a = b (mod n) and b = c (mod n). a = b (mod n) means n | a − b; b = c (mod n) means
n | b − c. Therefore,
n | (a − b) + (b − c) = a − c.

Hence, a = c (mod n).

An equivalence relation on a set gives rise to a partition of the set into equivalence classes. In the case
of congruence mod n, an equivalence class consists of integers congruent to each other mod n.

Definition. Zn (read “Z mod n”) is the set of equivalence classes under congruence mod n.

Example. (Congruence classes mod 3) Find the equivalence classes of the relation congruence mod 3
on the set of integers.

Relative to the equivalence relation of congruence mod 3 on Z, the integers break up into three disjoint
sets:
-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10

-10 -7 -4 -1 2 5 8

-9 -6 -3 0 3 6 9

-8 -5 -2 1 4 7 10

All the elements of a given set are congruent mod 3, and no element in one set is congruent mod 3 to
an element of another. The sets divide up the integers like three puzzle pieces.
It’s cumbersome to write and use equivalence classes as is, since each equivalence class is a set (infinite, in
this case). It’s customary to choose a representative from each equivalence class and use the representatives
to do arithmetic. I’ll choose
0 from {. . . , −9, −6, −3, 0, 3, 6, 9, . . .},

1 from {. . . , −8, −5, −2, 1, 4, 7, 10, . . .},

2 from {. . . , −7, −4, −1, 2, 5, 8, 11, . . .}.

I’ll abuse notation and write

Z3 = {0, 1, 2}.

3
 Z3 is called the cyclic group of order 3. The “cyclic” nature of Z3 can be visualized by arranging
the integers in a spiral, with each congruence class on a ray.

8 6
5 3
2 0
-1 -3

-2

When you do arithmetic in Z3 , it is as if you count in a circle: 0, 1, 2, then back to 0 again.

You can form other cyclic groups in an analogous way. For example,

Z6 = {0, 1, 2, 3, 4, 5}.

You can do arithmetic in Zn by adding and multiplying as usual, but reducing the results mod n.

Example. (Operation tables for Z3 ) Construct addition and multiplication tables for Z3 .

+ 0 1 2 · 0 1 2
0 0 1 2 0 0 0 0
1 1 2 0 1 0 1 2
2 2 0 1 2 0 2 1

For example, as integers 2 + 2 = 4. I divide 4 by the modulus 3 and get a remainder of 1. Hence,
2 + 2 = 1.
Likewise, 2 · 2 = 4 = 1 in Z3 .

Example. (Equations in Zn ) Find 6 · 7 in Z11 , 13 + 19 in Z21, and −8 in Z17 .

6 · 7 = 9 in Z11 .
13 + 19 = 11 in Z21 .
−8 = 9 in Z17 .
−8 means the additive inverse of 8. The last statement is just another way of saying −8 = 9 (mod 17).

Example. (Using modular arithmetic in a divisibility proof) Prove that if n is an integer, then
2n2 + 3n + 2 is not divisible by 5.

4
 Every integer n is congruent to one of 0, 1, 2, 3, or 4 mod 5. Therefore, I have 5 cases. In each case, I
want to show that 2n2 + 3n + 2 is not divisible by 5 — or to say it in terms of congruences, I want to show
that 2n2 + 3n + 2 6= 0 (mod 5).
I set n = 0, 1, 2, 3, 4 (mod 5) and “substitute” the value into 2n2 + 3n + 2. This substitution is justified
by the properties of congruences I discussed above.
For example, if n = 3 (mod 5), then

n · n = 3 · 3 (mod 5)
n2 = 9 = 4 (mod 5)
2 · n2 = 2 · 4 (mod 5)
2n2 = 8 = 3 (mod 5)

Likewise, 3n = 3 · 3 = 9 = 4 (mod 5). So

2n2 + 3n + 2 = 3 + 4 + 2 = 9 = 4 (mod 5) .

Essentially, I can plug n = 3 into 2n2 + 3n + 2, then reduce the result mod 5 to one of 0, 1, 2, 3, or 4.
Continuing in this way, I get the following table:

n (mod 5) 0 1 2 3 4
2
2n + 3n + 2 (mod 5) 2 2 1 4 1

In all five cases, 2n2 + 3n + 2 6= 0 (mod 5). Therefore, 2n2 + 3n + 2 is never divisible by 5.

I showed earlier how to use algebraic operations to solve simple modular equations. How would you
solve something like this:
6x = 13 (mod 25)?
I’d like to divide both sides by 6, but I only know how to add and multiply. I can subtract, but that’s
because I can add additive inverses. Well, division is multiplication by the multiplicative inverse; what is a
multiplicative inverse mod 25?

Definition. Let a, b ∈ Zn . a and b are multiplicative inverses if ab = 1 (mod n) (or ab = 1 in Zn ).

If a is the multiplicative inverse of b, you can write a = b−1 .
1
(You don’t write “ ” unless you’re in a number system like the rational numbers where fractions are in
b
use.)

Example. (Modular multiplicative inverses) (a) Prove that 6 and 2 are multiplicative inverses mod 11.

(b) Show that 8 does not have a multiplicative inverse mod 12.

(a) 6 · 2 = 1 (mod 11).

(b) One tedious way is to take cases:

n 0 1 2 3 4 5
8n (mod 12) 0 8 4 0 8 4
n 6 7 8 9 10 11
8n (mod 12) 0 8 4 0 8 4

5
 No number multiplied by 8 gives 1 mod 12.
I could try all the possibilities because the numbers were small. How would you do this kind of problem
if the numbers were larger?
One approach is to simply appeal to the result following this example. However, I can also give a proof
by contradiction.
Suppose that 8 has a multiplicative inverse mod 12. Let x be the multiplicative inverse. Then 8x =
1 (mod 12). Multiplying both sides by 3, I get

24x = 3 (mod 12) , or 0 = 3 (mod 12) .

This is a contradiction, since 0 and 3 do not differ by a multiple of 12. Therefore, 8 does not have a
multiplicative inverse mod 12.

Proposition. m ∈ Zn has a multiplicative inverse if and only if (m, n) = 1.

Proof. Suppose m ∈ Zn has a multiplicative inverse, so

km = 1 for some k ∈ Zn .

I can regard this as a statement in Z:

km = 1 (mod n) .

This means that km and 1 differ by a multiple of n:

km − 1 = an for some a ∈ Z.

Thus,
km − an = 1.
This is a linear combination of m and n which gives 1. Therefore, (m, n) = 1.
Conversely, suppose (m, n) = 1. I may find integers a and b such that

am + bn = 1.

That is,
am = 1 (mod n) .
Now regarded as an equation in Zn , this says

am = 1 in Zn .

That is, m has multiplicative inverse a.

Example. (Using the Extended Euclidean algorithm to find modular inverses) Find the multi-
plicative inverse of 31 in Z52 .

Note that (31, 52) = 1. Apply the Extended Euclidean Algorithm:

52 - 5
31 1 3
21 1 2
10 2 1
1 10 0

6
 Thus,
1 = 3 · 52 + (−5) · 31.
In Z52 , 52 = 0 and −5 = 47. The equation says 1 = 47 · 31. Thus, 47 is the multiplicative inverse of 31
in Z52 .

Theorem. If (a, n) = 1, then the following equation has a unique solution:

ax = b in Zn .

Proof. If (a, n) = 1, then a has a multiplicative inverse a−1 in Zn . Thus, aa−1 = 1 in Zn .

First, this means that x = a−1 b is a solution, since

a(a−1 b) = (aa−1 )b = 1 · b = b.

Second, if x′ is another solution, then ax′ = b. Multiplying both sides by a−1 , I get

a−1 ax′ = a−1 b, x′ = a−1 b.

That is, x′ = x. This means the solution is unique.

Example. (Solving modular equations using modular inverses) Solve

13x = 12 (mod 15) .

There is a solution, since (13, 15) = 1. I need to find a multiplicative inverse for 13 mod 15.

15 - 7
13 1 6
2 6 1
1 2 0

The Extended Euclidean Algorithm says that

(−6)(15) + (7)(13) = 1.

Hence, 7 · 13 = 1 (mod 15), i.e. 7 is the multiplicative inverse of 13 mod 15.

Multiply the original equation by 7:

7 · 13x = 7 · 12 (mod 15) , x = 84 = 9 (mod 15) .

Proposition. Suppose
ac = bc (mod n) .
Then  
n
a=b mod .
(n, c)

7
Proof. I have

ac = bc (mod n)
 
c c n
a =b mod
(n, c) (n, c) (n, c)
c c n
a −b =k· for some k ∈ Z
(n, c) (n, c) (n, c)
c n
(a − b) = k ·
(n, c) (n, c)
c n n
(Note that (n, c) | c and (n, c) | n, so and are actually integers.) Now divides
(n, c) (n, c) (n, c)
c
(a − b), but
(n, c)  
n c
, = 1.
(n, c) (n, c)
n
By Euclid’s lemma, | a − b. Hence,
(n, c)
 
n
a=b mod .
(n, c)

I can use the preceding result to solve some congruences when I can’t immediately use modular inversion.

Example. Solve
12x = 30 (mod 34) .
Since (12, 34) = 2 6= 1, 12 doesn’t have a multiplicative inverse mod 34. I’ll use the preceding result. I
“cancel” a factor of 6 from 12x and 30, and divide the modulus 34 by (6, 34) = 2:

12x = 30 (mod 34)

6 · 2x = 6 · 5 (mod 34)
2x = 5 (mod 17)
9 · 2x = 9 · 5 (mod 17)
x = 45 = 11 (mod 17)

Since the original congruence was mod 34, I must find all numbers in {0, 1, 2, . . . 33} which satisfy
x = 11 (mod 17). One is obviously 11. Adding 17, I find that 11 + 17 = 28 also works. (Adding 17 again
takes me out of the set {0, 1, 2, . . . 33}.)
The solutions are x = 11 (mod 17) and x = 28 (mod 17).

c 2018 by Bruce Ikenaga 8

 10-1-2019

Cyclic Groups

Cyclic groups are groups in which every element is a power of some fixed element. (If the group is
abelian and I’m using + as the operation, then I should say instead that every element is a multiple of some
fixed element.) Here are the relevant definitions.

Definition. Let G be a group, g ∈ G. The order of g is the smallest positive integer n such that g n = 1.
If there is no positive integer n such that g n = 1, then g has infinite order.

In the case of an abelian group with + as the operation and 0 as the identity, the order of g is the
smallest positive integer n such that ng = 0.

Definition. If G is a group and g ∈ G, then the subgroup generated by g is

hgi = {g n | n ∈ Z}.

If the group is abelian and I’m using + as the operation, then

hgi = {ng | n ∈ Z}.

Definition. A group G is cyclic if G = hgi for some g ∈ G. g is a generator of hgi.

If a generator g has order n, G = hgi is cyclic of order n. If a generator g has infinite order, G = hgi
is infinite cyclic.

Example. (The integers and the integers mod n are cyclic) Show that Z and Zn for n > 0 are cyclic.

Z is an infinite cyclic group, because every element is a multiple of 1 (or of −1). For instance, 117 = 117·1.
(Remember that “117 · 1” is really shorthand for 1 + 1 + · · · + 1 — 1 added to itself 117 times.)
In fact, it is the only infinite cyclic group up to isomorphism.
Notice that a cyclic group can have more than one generator.
If n is a positive integer, Zn is a cyclic group of order n generated by 1.
For example, 1 generates Z7 , since

1+1=2
1+1+1=3
1+1+1+1=4
1+1+1+1+1=5
1+1+1+1+1+1=6
1+1+1+1+1+1+1=0

1
 In other words, if you add 1 to itself repeatedly, you eventually cycle back to 0.

6 1

5 2

4 3

a cyclic group of order 7

Notice that 3 also generates Z7 :

3+3=6
3+3+3=2
3+3+3+3=5
3+3+3+3+3=1
3+3+3+3+3+3=4
3+3+3+3+3+3+3=0

The “same” group can be written using multiplicative notation this way:

Z7 = {1, a, a2 , a3 , a4 , a5 , a6 }.

In this form, a is a generator of Z7 .

It turns out that in Z7 = {0, 1, 2, 3, 4, 5, 6}, every nonzero element generates the group.
On the other hand, in Z6 = {0, 1, 2, 3, 4, 5}, only 1 and 5 generate.

Lemma. Let G = hgi be a finite cyclic group, where g has order n. Then the powers {1, g, . . . , g n−1 } are
distinct.

Proof. Since g has order n, g, g 2 , . . . g n−1 are all different from 1.

Now I’ll show that the powers {1, g, . . . , g n−1 } are distinct. Suppose g i = g j where 0 ≤ j < i < n. Then
0 < i − j < n and g i−j = 1, contrary to the preceding observation.
Therefore, the powers {1, g, . . . , g n−1 } are distinct.

Lemma. Let G = hgi be infinite cyclic. If m and n are integers and m 6= n, then g m 6= g n .

Proof. One of m, n is larger — suppose without loss of generality that m > n. I want to show that g m 6= g n ;
suppose this is false, so g m = g n . Then g m−n = 1, so g has finite order. This contradicts the fact that a
generator of an infinite cyclic group has infinite order. Therefore, g m 6= g n .

The next result characterizes subgroups of cyclic groups. The proof uses the Division Algorithm for
integers in an important way.

Theorem. Subgroups of cyclic groups are cyclic.

Proof. Let G = hgi be a cyclic group, where g ∈ G. Let H < G. If H = {1}, then H is cyclic with generator
1. So assume H 6= {1}.

2
 To show H is cyclic, I must produce a generator for H. What is a generator? It is an element whose
powers make up the group. A thing should be smaller than things which are “built from” it — for example,
a brick is smaller than a brick building. Since elements of the subgroup are “built from” the generator, the
generator should be the “smallest” thing in the subgroup.
What should I mean by “smallest”?
Well, G is cyclic, so everything in G is a power of g. With this discussion as motivation, let m be the
smallest positive integer such that g m ∈ H.
Why is there such an integer m? Well, H contains something other than 1 = g 0 , since H 6= {1}. That
“something other” is either a positive or negative power of g. If H contains a positive power of g, it must
contain a smallest positive power, by well ordering.
On the other hand, if H contains a negative power of g — say g −k , where k > 0 — then g k ∈ H, since
H is closed under inverses. Hence, H again contains positive powers of g, so it contains a smallest positive
power, by Well Ordering.
So I have g m , the smallest positive power of g in H. I claim that g m generates H. I must show that
every h ∈ H is a power of g k . Well, h ∈ H < G, so at least I can write h = g n for some n. But by the
Division Algorithm, there are unique integers q and r such that

n = mq + r, where 0 ≤ r < m.

It follows that

g n = g mq+r = (g m )q · g r , so h = (g m )q · g r , or g r = (g m )−q · h.

Now g m ∈ H, so (g m )−q ∈ H. Hence, (g m )−q · h ∈ H, so g r ∈ H. However, g m was the smallest positive

power of g lying in H. Since g r ∈ H and r < m, the only way out is if r = 0. Therefore, n = qm, and
h = g n = (g m )q ∈ hg m i.
This proves that g m generates H, so H is cyclic.

Example. (Subgroups of the integers) Describe the subgroups of Z.

Every subgroup of Z has the form nZ for n ∈ Z.

For example, here is the subgroup generated by 13:

13Z = h13i = {. . . − 26, −13, 0, 13, 26, . . .}.

Example. Consider the following subset of Z:

H = {30x + 42y + 70z | x, y, z ∈ Z}.

(a) Prove that H is a subgroup of Z.

(b) Find a generator for H.

(a) First,
0 = 30 · 0 + 42 · 0 + 70 · 0 ∈ H.
If 30x + 42y + 70z ∈ H, then

−(30x + 42y + 70z) = 30(−x) + 42(−y) + 70(−z) ∈ H.

If 30a + 42b + 70c, 30d + 42e + 70f ∈ H, then

(30a + 42b + 70c) + (30d + 42e + 70f ) = 30(a + d) + 42(b + e) + 70(c + f ) ∈ H.

3
 Hence, H is a subgroup.

(b) Note that 2 = (30, 42, 70). I’ll show that H = h2i.
First, if 30x + 42y + 70z ∈ H, then

30x + 42y + 70z = 2(15x + 21y + 35z) ∈ h2i.

Therefore, H ⊂ h2i.
Conversely, suppose 2n ∈ h2i. I must show 2n ∈ H.
The idea is to write 2 as a linear combination of 30, 42, and 70. I’ll do this in two steps.
First, note that (30, 42) = 6, and
30 · 3 + 42 · (−2) = 6.
(You can do this by juggling numbers or using the Extended Euclidean algorithm.) Now (6, 70) = 2,
and
6 · 12 + 70 · (−1) = 2.
Plugging 6 = 30 · 3 + 42 · (−2) into the last equation, I get

(30 · 3 + 42 · (−2)) · 12 + 70 · (−1) = 2

30 · 36 + 42 · (−24) + 70 · (−1) = 2

Now multiply the last equation by n:

2n = 30 · 36n + 42 · (−24n) + 70 · (−n) ∈ H.

This shows that h2i ⊂ H.

Therefore, H = h2i.

Lemma. Let G be a group, and let g ∈ G have order m. Then g n = 1 if and only if m divides n.

Proof. If m divides n, then n = mq for some q, so g n = (g m )q = 1.

Conversely, suppose that g n = 1. By the Division Algorithm,

n = mq + r where 0 ≤ r < m.

Hence,
g n = g mq+r = (g m )q g r so 1 = g r .
Since m is the smallest positive power of g which equals 1, and since r < m, this is only possible if
r = 0. Therefore, n = qm, which means that m divides n.

Example. (The order of an element) Suppose an element g in a group G satisfies g 45 = 1. What are
the possible values for the order of g?

The order of g must be a divisor of 45. Thus, the order could be

1, 3, 5, 9, 15, or 45.

And the order is certainly not (say) 7, since 7 doesn’t divide 45.

4
 Thus, the order of an element is the smallest power which gives the identity the element in two ways.
It is smallest in the sense of being numerically smallest, but it is also smallest in the sense that it divides
any power which gives the identity.
Next, I’ll find a formula for the order of an element in a cyclic group.
n
Proposition. Let G = hgi be a cyclic group of order n, and let m < n. Then g m has order .
(m, n)
Remark. Note that the order of g m (the element) is the same as the order of hg m i (the subgroup).
m mn
Proof. Since (m, n) divides m, it follows that is an integer. Therefore, n divides , and by the
(m, n) (m, n)
last lemma,
n
(g m ) (m,n) = 1.

Now suppose that (g m )k = 1. By the preceding lemma, n divides mk, so

n m
k· .
(m, n) (m, n)
 
n m n n
However, , = 1, so divides k. Thus, divides any power of g m which is 1,
(m, n) (m, n) (m, n) (m, n)
so it is the order of g m .
n
In terms of Zn , this result says that m ∈ Zn has order .
(m, n)

Example. (Finding the order of an element) Find the order of the element a32 in the cyclic group
G = {1, a, a2 , . . . a37 }. (Thus, G is cyclic of order 38 with generator a.)

In the notation of the Proposition, n = 38 and m = 32. Since (38, 32) = 2, it follows that a32 has order
38
= 19.
2

Example. (Finding the order of an element) Find the order of the element 18 ∈ Z30 .

In this case, I’m using additive notation instead of multiplicative notation. The group is cyclic with
order n = 30, and the element 18 ∈ Z30 corresponds to a18 in the Proposition — so m = 18.
30
(18, 30) = 6, so the order of 18 is = 5.
6

Next, I’ll give two important Corollaries of the proposition.

Corollary. The generators of Zn = {0, 1, 2, . . . , n − 1} are the elements of {0, 1, 2, . . . , n − 1} which are
relatively prime to n.
n
Proof. If m ∈ {0, 1, 2, . . . , n − 1} is a generator, its order is n. The Proposition says its order is .
(m, n)
n
Therefore, n = , so (m, n) = 1.
(m, n)
Conversely, if (m, n) = 1, then the order of m is

n n
= = n.
(m, n) 1

Therefore, m is a generator of Zn .

5
Example. (Finding the generators of a cyclic group) List the generators of:

(a) Z12 .

(b) Zp , where p is prime.

(a) The generators of Z12 are 1, 5, 7, and 11. These are the elements of {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11} which
are relatively prime to 12.
(b) If p is prime, the generators of Zp are 1, 2, . . . , p − 1.

Example. (a) List the generators of Z9 .

(b) List the elements of the subgroup h3i of Z27 .

(c) List the generators of the subgroup h3i of Z27 .

(a) The generators are the elements relatively prime to 9, namely 1, 2, 4, 5, 7, and 8.

(b)
h3i = {0, 3, 6, 9, 12, 15, 18, 21, 24}.

(c) h3i is cyclic of order 9, so its generators are the elements corresponding to the generators 1, 2, 4, 5, 7,
and 8 of Z9 . Since 27 = 3 · 9, I can just multiply these generators by 3.
Thus, the generators of h3i are 3, 6, 12, 15, 21, and 24.

Corollary. A finite cyclic group of order n contains a subgroup of order m for each positive integer m which
divides n.

Proof. Suppose G is a finite cyclic group of order n with generator g, and suppose m | n. Thus, mp = n
for some p.
I claim that g p generates a subgroup of order m. The preceding proposition says that the order of g p is
n
. However, p | n, so (p, n) = p. Therefore, g p has order
(p, n)

n n
= = m.
(p, n) p

In other words, g p generates a subgroup of order m.

In fact, it’s possible to prove that there is a unique a subgroup of order m for each m dividing n.
Note that for an arbitrary finite group G, it isn’t true that if n | |G|, then G contains a cyclic subgroup
of order n.

Example. (Subgroups of a cyclic group) (a) List the subgroups of Z15 .

(b) List the subgroups of Z24 .

(a) Z15 contains subgroups of order 1, 3, 5, and 15, since these are the divisors of 15. The subgroup of order
1 is the identity, and the subgroup of order 15 is the entire group.
The last result says: If n divides 15, then there is a subgroup of order n — in fact, a unique subgroup
of order n.

6
 Since Z15 is cyclic, these subgroups must be cyclic. They are generated by 0 and the nonzero elements
in Z15 which divide 15: 1, 3, and 5.
Lagrange’s theorem (which I’ll discuss later) says that in any finite group, the order of a subgroup
must divide the order of the group. In this context, Lagrange’s theorem says if H is a subgroup of order n,
then n divides 15.
Putting these results together, this means that you can find all the subgroups of Z15 by taking {0} (the
trivial subgroup), together with the cyclic subgroups generated by the nonzero elements in Z15 which divide
15: 1, 3, and 5.
1 generates Z15 .
5 generates a subgroup of order 3:
h5i = {0, 5, 10}.
3 generates a subgroup of order 5:

h3i = {0, 3, 6, 9, 12}.

(b) Since the divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24, the subgroups of Z24 are:

h0i, h1i, h2i, h3i, h4i, h6i, h8i, h12i.

The subgroup generated by 3 has order 8:

h3i = {0, 3, 6, 9, 12, 15, 18, 21}.

Example. (A product of cyclic groups) Consider the group

Z2 × Z3 = {(m, n) | m ∈ Z2 , n ∈ Z3 }.

Show that Z2 × Z3 is cyclic by finding a generator.

The operation is componentwise addition:

(m, n) + (m′ , n′ ) = (m + m′ , n + n′ ).

It is routine to verify that this is a group, the direct product of Z2 and Z3 .

The element (1, 1) ∈ Z2 × Z3 has order 6:

(1, 1) + (1, 1) = (0, 2),

(1, 1) + (0, 2) = (1, 0),
(1, 1) + (1, 0) = (0, 1),
(1, 1) + (0, 1) = (1, 2),
(1, 1) + (1, 2) = (0, 0).

Hence, Z2 × Z3 is cyclic of order 6. More generally, if (m, n) = 1, then Zm × Zn is cyclic of order mn.
Be careful! — Z2 × Z2 is not the same as Z4 !

c 2019 by Bruce Ikenaga 7

 2-22-2018

The Group of Units in the Integers mod n

The group Zn consists of the elements {0, 1, 2, . . . , n − 1} with addition mod n as the operation. You can
also multiply elements of Zn , but you do not obtain a group: The element 0 does not have a multiplicative
inverse, for instance.
However, if you confine your attention to the units in Zn — the elements which have multiplicative
inverses — you do get a group under multiplication mod n. It is denoted Un , and is called the group of
units in Zn .

Proposition. Let Un be the set of units in Zn , n ≥ 1. Then Un is a group under multiplication mod n.

Proof. To show that multiplication mod n is a binary operation on Un , I must show that the product of
units is a unit.
Suppose a, b ∈ Un . Then a has a multiplicative inverse a−1 and b has a multiplicative inverse b−1 . Now

(b−1 a−1 )(ab) = b−1 (a−1 a)b = b−1 (1)b = b−1 b = 1,

(ab)(b−1 a−1 ) = a(bb−1 )a−1 = a(1)a−1 = aa−1 = 1.

Hence, b−1 a−1 is the multiplicative inverse of ab, and ab is a unit. Therefore, multiplication mod n is a
binary operation on Un .
(By the way, you may have seen the result (ab)−1 = b−1 a−1 when you studied linear algebra; it’s a
standard identity for invertible matrices.)
I’ll take it for granted that multiplication mod n is associative.
The identity element for multiplication mod n is 1, and 1 is a unit in Zn (with multiplicative inverrse
1).
Finally, every element of Un has a multiplicative inverse, by definition.
Therefore, Un is a group under multiplication mod n.

Before I give some examples, recall that m is a unit in Zn if and only if m is relatively prime to n.

Example. (The groups of units in Z14 ) Construct a multiplication table for U14 .

U14 consists of the elements of Z14 which are relatively prime to 14. Thus,

U14 = {1, 3, 5, 9, 11, 13}.

You multiply elements of U14 by multiplying as if they were integers, then reducing mod 14. For example,

11 · 13 = 143 = 3 (mod 14) , so 11 · 13 = 3 in Z14 .

Here’s the multiplication table for U14 :

* 1 3 5 9 11 13
1 1 3 5 9 11 13
3 3 9 1 13 5 11
5 5 1 11 3 13 9
9 9 13 3 11 1 5
11 11 5 13 1 9 3
13 13 11 9 5 3 1

1
 Notice that the table is symmetric about the main diagonal. Multiplication mod 14 is commutative,
and U14 is an abelian group.
Be sure to keep the operations straight: The operation in Z14 is addition mod 14, while the operation
in U14 is multiplication mod 14.

Example. (The groups of units in Zp ) What are the elements of Up if p is a prime number?
Construct a multiplication table for U11 .

If p is prime, then all the positive integers smaller than p are relatively prime to p. Thus,

Up = {1, 2, 3, . . . , p − 1}.

For example, in Z11 , the group of units is

U11 = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}.

The operation in U11 is multiplication mod 11. For example, 8 · 6 = 4 in U11 . Here’s the multiplication
table for U11 :

* 1 2 3 4 5 6 7 8 9 10
1 1 2 3 4 5 6 7 8 9 10
2 2 4 6 8 10 1 3 5 7 9
3 3 6 9 1 4 7 10 2 5 8
4 4 8 1 5 9 2 6 10 3 7
5 5 10 4 9 3 8 2 7 1 6
6 6 1 7 2 8 3 9 4 10 5
7 7 3 10 6 2 9 5 1 8 4
8 8 5 2 10 7 4 1 9 6 3
9 9 7 5 3 1 10 8 6 4 2
10 10 9 8 7 6 5 4 3 2 1

Example. (The subgroup generated by an element) List the elements of h7i in U18 .

The elements in {0, 1, 2, . . . , 17} which are relatively prime to 18 are the elements of U18 :

U18 = {1, 5, 7, 11, 13, 17}.

The operation is multiplication mod 18.

Since the operation is multiplication, the cyclic subgroup generated by 7 consists of all powers of 7:

70 = 1, 71 = 7, 72 = 13.

I can stop here, because 73 = 343 = 1 mod 18. So

h7i = {1, 7, 13}.

2
 For the next result, I’ll need a special case of Lagrange’s theorem: The order of an element in a finite
group divides the order of the group. I’ll prove Lagrange’s theorem when I discuss cosets.
As an example, in a group of order 10, an element may have order 1, 2, 5, or 10, but it may not have
order 8.

Theorem. (Fermat’s Theorem) If a and p are integers, p is prime, and p 6 | a, then

ap−1 = 1 (mod p) .

Proof. If p is prime, then

Up = {1, 2, 3, . . . , p − 1}.
In particular, |Up | = p − 1.
Now if p 6 | a, then
a = b (mod p) , where b ∈ {1, 2, 3, . . . , p − 1}.
Lagrange’s theorem implies that the order of an element divides the order of the group. As a result,
bp−1 = 1 in Up . Hence,
ap−1 = bp−1 = 1 (mod p) .

Example. (Using Fermat’s Theorem to reduce a power) Compute 772401 (mod 97).

The idea is to use Fermat’s theorem to reduce the power to smaller numbers where you can do the
computations directly.
97 is prime, and 97 6 | 77. By Fermat’s theorem,

7796 = 1 (mod 97) .

So
772401 = 772400 · 77 = (7796 )25 · 77 = 1 · 77 = 77 (mod 97) .

Example. 157 is prime. Reduce 138155 (mod 157) to a number in {0, 1, . . . 156}.

By Fermat’s Theorem, 138156 = 1 (mod 157). So

x = 138155 (mod 157)

138x = 138156 = 1 (mod 157)

Next,
157 - 33
138 1 29
19 7 4
5 3 1
4 1 1
1 4 0

(−29) · 157 + 33 · 138 = 1

33 · 138 = 1 (mod 157)

3
 Hence, 138−1 = 33 (mod 157).
So
33 · 138x = 33 · 1 (mod 157)
x = 33 (mod 157)

Here is a result which is related to Fermat’s Theorem.

Theorem. (Wilson’s Theorem) p is prime if and only if

(p − 1)! = −1 (mod p) .

Proof. If p is prime, consider the numbers in {1, 2, . . . p − 1}. Note that if x = x−1 (mod p), then
x · x = 1 (mod p), so
x2 − 1 = 0 (mod p)
(x − 1)(x + 1) = 0 (mod p)
Hence, p | (x − 1)(x + 1), and by Euclid’s lemma either p | x − 1 and x = 1 (mod p) or p | x + 1 and
x = −1 = p − 1 (mod p).
In other words, the only two numbers in {1, 2, . . . p − 1} which are their own multiplicative inverses are
1 and p − 1. The other numbers in this set pair up as a and a−1 with a 6= a−1 (mod p). Hence, the product
simplifies to
1 · (pairs whose product is 1) · (−1) = −1 (mod p) .
On the other hand, if p is not prime, then p is composite. If p = ab where 1 < a < b < p, then

(p − 1)! = 1 · · · a · · · b · (p − 1) = 0 (mod p) .

Thus, (p − 1)! 6= −1 (mod p).

The only other possibility is that p = q 2 , where q is a prime.
If q > 2, then
p = q 2 > 2q > q.
Then both 2q and q appear in the set {1, 2, . . . p − 1}, so the product 1 · 2 · · · (p − 1) contains a factor
of 2q · q = 2p = 0modp. Once again, (p − 1)! = 0 6= −1 (mod p).
The final case is q = 2 and p = q 2 = 4. Then

(p − 1)! = 1 · 2 · 3 = 6 = 2 6= 0 (mod 4) .

130!
Example. 131 is prime. Reduce (mod 131) to a number in {0, 1, . . . 130}.
33
By Wilson’s Theorem, 130! = −1 (mod 131). So

130!
x= (mod 131)
33
33x = 130! = −1 (mod 131)
4 · 33x = 4 · (−1) (mod 131)
x = −4 = 127 (mod 131)

c 2018 by Bruce Ikenaga 4

 3-7-2022
Permutation Groups
Recall that the notation f : X → Y means that f is a function whose domain (set of inputs) is X and
whose outputs lie in the set Y . Note that there may be elements of Y which are not outputs of f .
Definition. Let f : X → Y be a function from a set X to a set Y .
1. f is injective (or one-to-one) if f (x1 ) = f (x2 ) implies x1 = x2 for all x1 , x2 ∈ X.
2. f is surjective (or onto) if for all y ∈ Y , there is an x ∈ X such that f (x) = y.
3. f is bijective (or a one-to-one correspondence) if it is both injective and surjective.
Informally, a function is injective if different inputs always produce different outputs. A function is
surjective if everything in the target set is an output of the function.

Example. (Injective and surjective functions) Show that the function f : R → R given by f (x) = x2
is not injective or surjective.
f is not injective, because
f (1) = 12 = 1 and f (−1) = (−1)2 = 1.
Nor is f surjective. There is no x ∈ R, for instance, such that f (x) = −1.
Note, however, that if g : R → R≥0 is defined by g(x) = x2 , then g is surjective. (R≥0 denotes the set
of real numbers greater than or equal to 0.) I just shrunk the target set so that it coincides with the set of
outputs of x2 .

Example. (Injective and surjective functions) Show that the function f : R → R given by f (x) = ex
is injective but not surjective.
f is injective: If two outputs are the same, say
f (a) = f (b), then ea = eb , so ln ea = ln eb , and a = b.
That is, the inputs must have been the same.
This is one way to show that a function f is injective: Assume that f (a) = f (b), and prove that a = b.
However, f is not surjective: There is no x ∈ R such that f (x) = −1, i.e. such that ex = −1, because
ex is always positive.
20

15

10

-3 -2 -1 1 2 3

You may know that there is a graphical test for injectivity for functions R → R. A function R → R is
injective if and only if every horizontal line intersects the graph at most once. You can see that this is true
for the graph of y = ex .

1
Example. (Injective and surjective functions) Define f : R → R by
x if x ≤ 0
(
f (x) = 0 if 0 < x ≤ 1 .
x − 1 if x > 1
4

-4 -2 2 4

-2

-4

Show that f is not injective, but that f is surjective.

f is not injective, since f (0.5) = 0 and f (1) = 0: Different inputs can produce the same output.
f is surjective: You can see from the graph that every y-value is an output of the function. To prove
this algebraically, I have to show that every y ∈ R is an output of f .
If y ≤ 0, f (y) = y.
If y > 0, then y + 1 > 1, so f (y + 1) = (y + 1) − 1 = y.
To prove a function is surjective, take an arbitrary output y and find an input that produces it. As in
this example, your input may be specified in terms of y, since that is given.

While you can show that a function is bijective by showing that it’s injective and surjective, there’s a
method which is usually easier: Simply produce an inverse function.
Definition. Let f : X → Y be a function from a set X to a set Y . An inverse for f is a function
f −1 : Y → X such that:
1. For all x ∈ X, f −1 (f (x)) = x.


2. For all y ∈ Y , f f −1 (y) = y.
The next result is extremely useful. It asserts that being bijective is the same as having an inverse.
Lemma. Let f : X → Y be a function from a set X to a set Y . f is bijective if and only if f has an inverse
f −1 : Y → X.
Proof. (⇒) Suppose that f is bijective. I’ll construct the inverse function f −1 : Y → X.
Take y ∈ Y . Since f is surjective, there is an element x ∈ X such that f (x) = y. Moreover, x is unique:
If f (x) = y and f (x′ ) = y, then f (x) = f (x′ ). But f is injective, so x = x′ .
Define
f −1 (y) = x.
I have defined a function f −1 : Y → X. I must show that it is the inverse of f .
Let x ∈ X. By definition of f −1 , to compute f −1 (f (x)) I must find an element Moe ∈ X such that
f (Moe) = f (x). But this is easy — just take Moe = x. Thus, f −1 (f (x)) = x.

Going the other way, let y ∈ Y . By definition of f −1 , to compute f f −1 (y) I must find an element
x ∈ X such that f (x) = y. Then f −1 (y) = x, so
f f −1 (y) = f (x) = y.

2
 Therefore, f −1 really is the inverse of f .

(⇐) Suppose f has an inverse f −1 : Y → X. I must show f is
bijective.

To show that f is surjective, take y ∈ Y . Then f f −1 (y) = y, so I’ve found an element of X — namely
f −1 (y) — which f maps to y. Therefore, f is surjective.
To show that f is injective, suppose x1 , x2 ∈ X and f (x1 ) = f (x2 ). Then

f −1 (f (x1 )) = f −1 (f (x2 )) , so x1 = x2 .

Therefore, f is injective.
Since f is injective and surjective, it’s bijective.

This result says that if you want to show a function is bijective, all you have to do is to produce an
inverse. In many cases, it’s easy to produce an inverse, because an inverse is the function which “undoes”
the effect of f .

Example. (Proving that a function is bijective) Define f : R → R by f (x) = x3 . Show that f is

bijective.
√
The opposite of cubing is taking the cube root, so I’ll guess that the inverse is g(x) = 3 x. Check it:
√ √ √
g(f (x)) = g(x3 ) = f (g(x)) = f ( 3 x) = ( 3 x)3 = x.
3
x3 = x,

Thus, g is the inverse of f . By the lemma, f is bijective.

Definition. Let A be a set. A permutation of (or on) A is a bijection A → A.

Proposition. The set SA of permutations of a set A is a group under function composition.

Proof. First, the composition of bijections is a bijection: The inverse of σ · τ is τ −1 · σ −1 . Thus, function
composition is a binary operation on the set of bijections from A to A.
Function composition is always associative. The identity map id : A → A is a permutation of A, and
serves as an identity under function composition. Since bijective maps have inverses which are bijections, if
σ : A → A is a bijection, so is σ −1 . Therefore, SA is a group.

SA is called the symmetric group on A. If S has n elements, you may as well take S = {1, 2, . . . , n}
(since it doesn’t matter what you call the elements). The corresponding symmetric group is denoted Sn , the
symmetric group on n letters.

I’ll use id to denote the identity permutation that sends every element to itself.
One way to write a permutation is to show where each element goes. For example, suppose
 
1 2 3 4 5 6
σ= ∈ S6 .
3 2 4 1 6 5

I’ll refer to this as permutation notation. This means that

σ(1) = 3, σ(2) = 2, σ(3) = 4, σ(4) = 1, σ(5) = 6, σ(6) = 5.

Thus, the identity permutation in S6 is

 
1 2 3 4 5 6
id = .
1 2 3 4 5 6

3
Example. (Computing a product of permutations) Suppose
   
1 2 3 4 1 2 3 4
σ= and τ = .
2 3 4 1 1 3 4 2

Compute the product τ σ.

The product τ σ means “σ first, then τ ”.
Here’s how to compute it:
1 2 3 4
σ
2 3 4 1
τ
3 4 2 1
So  
1 2 3 4
τσ = .
3 4 2 1
Some people prefer to multiply permutations left-to-right: For them, τ σ means “τ first, then σ”. You
should probably choose one method and use it all the time, to avoid confusing yourself. The right-to-left
approach I used above is consistent with the fact that permutations are functions: In function notation,
(f ◦ g)(x) means f (g(x)), i.e. ”g first, then f ”.

Example. (Finding the inverse of a permutation) Find the inverse of the permutation
 
1 2 3 4 5
σ= .
3 5 2 4 1

I can find σ −1 by simply reading σ “upside-down”.

For example, σ(5) = 1, so σ −1 (1) = 5. In this way, I get
 
−1 1 2 3 4 5
σ = .
5 3 1 4 2

Permutation notation is fine for computations, but is cumbersome for writing permutations. We can
represent permutations more concisely using cycle notation. The idea is like factoring an integer into a
product of primes; in this case, the elementary pieces are called cycles.
Definition. A cycle is a permutation which maps a finite subset {x1 , x2 , . . . , xn } by

x1 7→ x2 7→ · · · 7→ xn 7→ x1 .

This cycle will be denoted (x1 x2 . . . xn ).

The cycle (x1 x2 . . . xn ) has length n. For example, the cycle (7 2 4) has length 3.
Note that a cycle of length n has order n as an element of Sn . For example,

(1 4 2)3 = id .

A cycle of length 2 is called a transposition. A transposition is a permutation that swaps two elements
and leaves everything else fixed. For example, (3 6) is the transposition that swaps 3 and 6.

4
Example. (Examples of cycles) (a) Write the cycle (4 25) ∈ S5 in permutation notation.
 
1 2 3 4 5
(b) Write the permutation as a cycle.
5 1 4 2 3
(a) The cycle (4 2 5) in S5  
1 2 3 4 5
.
1 5 3 2 4
(b)  
1 2 3 4 5
= (1 5 3 4 2).
5 1 4 2 3

Example. (The inverse of a cycle) Find the inverse of (4 6 2 7 3).

To find the inverse of a cycle, just run the cycle backwards. Thus,

(4 6 2 7 3)−1 = (3 7 2 6 4).

Example. (Solving a permutation equation) Solve for x:

(1 4 2)2 · x = (2 3 4)−1 .

(1 4 2)2 = (1 2 4) and (2 3 4)−1 = (4 3 2). So the equation is

(1 2 4) · x = (4 3 2).

Hence,

(1 2 4)−1 (1 2 4) · x = (1 2 4)−1 (4 3 2), x = (1 2 4)−1 (4 3 2) = (4 2 1)(4 3 2) = (1 4 3).

Example. (A permutation which is not a cycle) Show that the following permutation is not a cycle.
 
1 2 3 4 5
3 4 5 2 1

In fact,  
1 2 3 4 5
= (1 3 5)(2 4).
3 4 5 2 1
Note that the cycles (1 3 5) and (2 4) are disjoint — no element is moved by both of them. In fact, an
arbitrary permutation may be written as a product of disjoint cycles. Every permutation may also be written
as a product of transpositions.

The last example is a particular case of the following theorem.

Theorem. Every permutation on a finite set can be written as a product of disjoint cycles.

5
Proof. Induct on the number of elements in the set.
First, prove the result for a set with 1 element. This is easy — there is only one permutation (the
identity), and it is the cycle (1).
Next, assume that the result is known for sets with fewer than n elements and try to prove the result for
a set with n elements. Suppose, then, that a permutation on a set with less than n elements can be written
as a product of disjoint cycles. I have to show that a permutation on a set with n elements — that is, an
element σ ∈ Sn — can be written as a product of disjoint cycles.
Since Sn is a finite group, σ has finite order. Let m be the order of σ. Consider the set

Q = {1, σ(1), σ 2 (1), . . . , σ m−1 (1)}.

If Q = S, σ is the cycle
(1 σ(1) σ 2 (1) . . . σ m−1 (1)).
Otherwise, Q 6= S, so |S − Q| < n.
Now σ restricted to S − Q is a permutation on S − Q, so by the inductive assumption it can be written
as a product τ1 τ2 · · · τk of disjoint cycles. Then

σ = (1 σ(1) σ 2 (1) . . . σ m−1 (1))τ1 τ2 · · · τk .

Thus, σ has been expressed as a product of disjoint cycles. This completes the induction step, and
establishes the result for all n.

The proof actually contains an algorithm for decomposing a permutation into a product of disjoint
cycles. Start with an element and follow its “orbit” under the permutation until the orbit closes up. If
you’ve exhausted all the elements, you’re done. Otherwise, pick an element which wasn’t in the orbit of the
first element and follow the new element’s orbit. Keep going.
Example. (Writing a permutation as a product of cycles) Write the following permutation as a
product of disjoint cycles:  
1 2 3 4 5 6
6 3 2 1 4 5

 
1 2 3 4 5 6
= (1 6 5 4)(2 3).
6 3 2 1 4 5
Here’s a picture which shows how I got (1 6 5 4): 1 goes to 6, which goes to 5, which goes to 4, which
goes back to 1.
1 2 3 4 5 6

6 3 2 1 4 5
After finishing a cycle, I start with the next element that hasn’t been “used” so far. I keep going until
all the elements have been accounted  for. 
1 2 3
If you have a permutation like in which an element doesn’t move — in this case, 2 — you
3 2 1
don’t need to write “(2 2)”. 2 is simply omitted from the cycle list, since an element which isn’t listed doesn’t
move.

6
 As a general rule, I’ll express results of permutation computations as products of disjoint cycles. Note
that, for instance, (1 2 3) = (2 3 1) = (3 1 2), so a given cycle can be written in different ways. You can pick
one way by specifying that the first element be the smallest element in the cycle. Moreover, disjoint cycles
can be listed in different orders, as the next result shows.

Lemma. Disjoint cycles commute.

Proof. Roughly speaking, if two cycles move different sets of elements, then their effects are independent
and it doesn’t matter in which order they’re applied.
Suppose σ and τ are disjoint cycles:

σ = (a1 a2 . . . am ) and τ = (b1 b2 . . . bn ).

Thus, {a1 , a2 , . . . , am } ∩ {b1 , b2 , . . . bn } = ∅.

Then
σ(i) if i ∈ {a1 , a2 , . . . , am }
(
στ (i) = τ σ(i) = τ (i) if i ∈ {b1 , b2 , . . . bn }
i otherwise

Definition. A transposition is a permutation which interchanges two elements and leaves everything else
fixed. (That is, a transposition is a cycle of length 2.)

Proposition. Every permutation is a product of transpositions.

Proof. It suffices to show that every cycle is a product of transpositions, since every permutation is a
product of cycles. Just observe that

(1 2 . . . n) = (1 n) · · · (1 3)(1 2).

To do the same for an arbitrary cycle (a1 a2 . . . an ), just add a’s to the equation above.

Remark. While the decomposition of a permutation into disjoint cycles is unique up to order and repre-
sentation of the cycles (i.e. (1 2 3) = (2 3 1)), a permutation may be written as a product of transpositions
in infinitely many ways. You can always tack on trivial terms of the form (a b)(a b) = 1.

Example. (Writing a permutation as a product of transpositions) Express (2 7 4 5) as a product

of transpositions in two different ways.

(2 7 4 5) = (2 5)(2 4)(2 7) and (2 7 4 5) = (2 5)(2 4)(2 7)(3 6)(3 6).

The decomposition of a permutation into a product of transpositions is not unique.

Lemma. A permutation cannot be written as a product of both an odd and an even number of transpositions.

Proof. Suppose
σ1 σ2 · · · σm = τ1 τ2 · · · τn .
Assume m is even and n is odd, and all the σ’s and τ ’s are transpositions.
Since τi−1 = τi ,
τn · · · τ2 τ1 σ1 σ2 · · · σm = id .
Note that the identity permutation id has been written as a product of an odd (m + n) number of
transpositions. If this is impossible, I have a contradiction.

7
 It therefore suffices to show that the identity permutation id cannot be written as a product of an odd
number of transpositions. I’ll give a proof by contradiction.
Suppose m is odd and
id = σ1 σ2 · · · σm .
Here is a clever idea. Consider a polynomial f (x1 , . . . , xn ) in n variables. A permutation σ ∈ Sn
transforms f into another polynomial by “permuting the variables”:

σ(f ) = f (xσ(1) , . . . , xσ(n) ).

For example, suppose f (x1 , x2 , x3 ) = x31 + 3x1 x3 − 5x72 x43 + 1. Suppose σ = (2 1 3). Then

σ(f ) = x33 + 3x3 x2 − 5x71 x42 + 1.

Now consider the polynomial Y

f (x1 , . . . , xn ) = (xi − xj ).
i>j

For example, if n = 3,
f (x1 , x2 , x3 ) = (x3 − x1 )(x3 − x2 )(x2 − x1 ).
Obviously, the identity permutation takes f to itself.
On the other hand, a transposition (i j) for i > j takes the factor xi − xj to xj − xi = −(xi − xj ). In
other words, a factor of −1 is introduced for each transposition. Since σ1 σ2 · · · σm contains an odd number
of transpositions, it will send f to (−1)m f = −f .
This is a contradiction: If id and σ1 σ2 · · · σm are the same permutation, they should have the same effect
on f . Therefore, the identity cannot be written as a product of an odd number of transpositions. Hence, a
permutation cannot be written as a product of both an even and an odd number of transpositions.
Since the lemma shows that you can’t write a given permutation as a product of both an even and an
odd number of transpositions, the following definition makes sense.
Definition. A permutation is even if it can be written as a product of an even number of transpositions;
a permutation is odd if it can be written as a product of an odd number of transpositions.
Remark. Consider the decomposition

(1 2 . . . n) = (1 n) · · · (1 3)(1 2).

This shows that a cycle of length n is an even permutation if n is odd, and is an odd permutation if n
is even. For example, the cycle (6 2 5) is even, since it has length 3 and 3 is odd.
Definition. The alternating group An on n letters is the subgroup of Sn consisting of the even permu-
tations.
I should check that An really is a subgroup. First, id is even, so id ∈ An . Next, if σ and τ are even,
then τ −1 is even (decompose τ into transpositions, and write the product backwards). Therefore, στ −1 is
even (by concatenating decompositions of σ and τ −1 into products of transpositions). Hence, στ −1 ∈ An .
If n ≥ 3, there are an equal number of even and odd permutations. Therefore, (Sn : An ) = 2. In fact,
An is a normal subgroup of Sn .

Example. List the elements of A3 , the alternating group on 3 letters.

Here is the multiplication table for S3 :

8
 id (1 2 3) (1 3 2) (2 3) (1 3) (1 2)
id id (1 2 3) (1 3 2) (2 3) (1 3) (1 2)
(1 2 3) (1 2 3) (1 3 2) id (1 2) (2 3) (1 3)
(1 3 2) (1 3 2) id (1 2 3) (1 3) (1 2) (2 3)
(2 3) (2 3) (1 3) (1 2) id (1 2 3) (1 3 2)
(1 3) (1 3) (1 2) (2 3) (1 3 2) id (1 2 3)
(1 2) (1 2) (2 3) (1 3) (1 2 3) (1 3 2) id

The alternating group on 3 letters is the “rotation subgroup”:

A3 = {id, (1 2 3), (1 3 2)}.

c 2022 by Bruce Ikenaga 9

 3-2-2018

Direct Products
Definition. Let G and H be groups. The direct product G × H of G and H is the set of all ordered pairs
{(g, h) | g ∈ G, h ∈ H} with the operation

(g1 , h1 ) · (g2 , h2 ) = (g1 g2 , h1 h2 ).

Remarks. 1. In the definition, I’ve assumed that G and H are using multiplication notation. In general,
the notation you use in G × H depends on the notation in the factors. Examples:

Product Identity Inverse

G H (G × H) (G × H) (G × H)
g1 · g2 h1 · h2 (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 h2 ) (1, 1) (g, h)−1 = (g −1 , h−1 )
g1 + g2 h1 + h2 (g1 , h1 ) + (g2 , h2 ) = (g1 + g2 , h1 + h2 ) (0, 0) −(g, h) = (−g, −h)
g1 · g2 h1 + h2 (g1 , h1 )(g2 , h2 ) = (g1 g2 , h1 + h2 ) (1, 0) (g, h)−1 = (g −1 , −h)

2. You can construct products of more than two groups in the same way. For example, if G1 , G2 , and G3
are groups, then
G1 × G2 × G3 = {(x, y, z) | x ∈ G1 , y ∈ G2 , z ∈ G3 }.
Just as with the two-factor product, you multiply elements componentwise.

Example. (A product of cyclic groups which is cyclic) Show that Z2 × Z3 is cyclic.

Since Z2 = {0, 1} and Z3 = {0, 1, 2},

Z2 × Z3 = {(0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2)}.

If you take successive multiples of (1, 1), you get

(1, 1), (0, 2), (1, 0), (0, 1), (1, 2), (0, 0).

Since you can get the whole group by taking multiples of (1, 1), it follows that Z2 × Z3 is actually cyclic
of order 6 — the same as Z6 .

Example. (A product of cyclic groups which is not cyclic) Show that Z2 × Z2 is not cyclic.

Since Z2 = {0, 1},

Z2 × Z2 = {(0, 0), (1, 0), (0, 1), (1, 1)}.
Here’s the operation table:

(0, 0) (1, 0) (0, 1) (1, 1)

(0, 0) (0, 0) (1, 0) (0, 1) (1, 1)
(1, 0) (1, 0) (0, 0) (1, 1) (0, 1)
(0, 1) (0, 1) (1, 1) (0, 0) (1, 0)
(1, 1) (1, 1) (0, 1) (1, 0) (0, 0)

1
 Note that this is not the same group as Z4 . Both groups have 4 elements, but Z4 is cyclic of order 4.
In Z2 × Z2 , all the elements have order 2, so no element generates the group.
Z2 × Z2 is the same as the Klein 4-group V , which has the following operation table:

1 a b c
1 1 a b c
a a 1 c b
b b c 1 a
c c b a 1

If G and H are finite, then |G × H| = |G||H|. (This is true for sets G and H; it has nothing to do with
G and H being groups.) For example, |Z5 × Z6 | = 30.

Lemma. The product of abelian groups is abelian: If G and H are abelian, so is G × H.

Proof. Suppose G and H are abelian. Let (g, h), (g ′ , h′ ) ∈ G × H, where g, g ′ ∈ G and h, h′ ∈ H. I have

(g, h)(g ′ , h′ ) = (gg ′ , hh′ ) (Definition of multiplication in a product)

= (g ′ g, h′ h) (G and H are abelian)
= (g ′ , h′ )(g, h) (Definition of multiplication in a product)

This proves that G × H is abelian.

Remark. If either G or H is not abelian, then G × H is not abelian. Suppose, for instance, that G is not
abelian. This means that there are elements g1 , g2 ∈ G such that

g1 g2 6= g2 g1 .

Then

(g1 , 1)(g2 , 1) = (g1 g2 , 1), while (g2 , 1)(g1 , 1) = (g2 g1 , 1).

Since (g1 g2 , 1) 6= (g2 g1 , 1), it follows that (g1 , 1)(g2 , 1) 6= (g2 , 1)(g1 , 1), so G × H is not abelian.
A similar argument works if H is not abelian.

Example. (A product of an abelian and a nonabelian group) Construct the multiplication table for
Z2 × D3 . (Recall that D3 is the group of symmetries of an equilateral triangle.) The number of elements is

|Z2 × D3 | = |Z2 | · |D3 | = 2 · 6 = 12.

2
 Here’s the multiplication table for Z2 × D3 :

· (0, id) (0, r1 ) (0, r2 ) (0, m1 ) (0, m2 ) (0, m3 )

(0, id) (0, id) (0, r1 ) (0, r2 ) (0, m1 ) (0, m2 ) (0, m3 )
(0, r1 ) (0, r1 ) (0, r2 ) (0, id) (0, m3 ) (0, m1 ) (0, m2 )
(0, r2 ) (0, r2 ) (0, id) (0, id) (0, m2 ) (0, m3 ) (0, m1 )
(0, m1 ) (0, m1 ) (0, m2 ) (0, m3 ) (0, id) (0, r1 ) (0, r2 )
(0, m2 ) (0, m2 ) (0, m3 ) (0, m1 ) (0, r2 ) (0, id) (0, r1 )
(0, m3 ) (0, m3 ) (0, m1 ) (0, m2 ) (0, r1 ) (0, r2 ) (0, id)
(1, id) (1, id) (1, r1 ) (1, r2 ) (1, m1 ) (1, m2 ) (1, m3 )
(1, r1 ) (1, r1 ) (1, r2 ) (1, id) (1, m3 ) (1, m1 ) (1, m2 )
(1, r2 ) (1, r2 ) (1, id) (1, id) (1, m2 ) (1, m3 ) (1, m1 )
(1, m1 ) (1, m1 ) (1, m2 ) (1, m3 ) (1, id) (1, r1 ) (1, r2 )
(1, m2 ) (1, m2 ) (1, m3 ) (1, m1 ) (1, r2 ) (1, id) (1, r1 )
(1, m3 ) (1, m3 ) (1, m1 ) (1, m2 ) (1, r1 ) (1, r2 ) (1, id)

· (1, id) (1, r1 ) (1, r2 ) (1, m1 ) (1, m2 ) (1, m3 )

(0, id) (1, id) (1, r1 ) (1, r2 ) (1, m1 ) (1, m2 ) (1, m3 )
(0, r1 ) (1, r1 ) (1, r2 ) (1, id) (1, m3 ) (1, m1 ) (1, m2 )
(0, r2 ) (1, r2 ) (1, id) (1, id) (1, m2 ) (1, m3 ) (1, m1 )
(0, m1 ) (1, m1 ) (1, m2 ) (1, m3 ) (1, id) (1, r1 ) (1, r2 )
(0, m2 ) (1, m2 ) (1, m3 ) (1, m1 ) (1, r2 ) (1, id) (1, r1 )
(0, m3 ) (1, m3 ) (1, m1 ) (1, m2 ) (1, r1 ) (1, r2 ) (1, id)
(1, id) (0, id) (0, r1 ) (0, r2 ) (0, m1 ) (0, m2 ) (0, m3 )
(1, r1 ) (0, r1 ) (0, r2 ) (0, id) (0, m3 ) (0, m1 ) (0, m2 )
(1, r2 ) (0, r2 ) (0, id) (0, id) (0, m2 ) (0, m3 ) (0, m1 )
(1, m1 ) (0, m1 ) (0, m2 ) (0, m3 ) (0, id) (0, r1 ) (0, r2 )
(1, m2 ) (0, m2 ) (0, m3 ) (0, m1 ) (0, r2 ) (0, id) (0, r1 )
(1, m3 ) (0, m3 ) (0, m1 ) (0, m2 ) (0, r1 ) (0, r2 ) (0, id)

The operation in Z2 is addition mod 2, while the operation in D3 is written using multiplicative notation.
When you multiply two pairs, you add in Z2 in the first component and multiply in D3 in the second
component:
(1, r2 )(1, m2 ) = (1 + 1, r2 · m2 ) = (0, m3 ).
The identity is (0, id), since 0 is the identity in Z2 , while id is the identity in D3 .
Z2 × D3 is not abelian, since D3 is not abelian. A particular example:

(1, m2 )(0, r2 ) = (1, m1 ), but (0, r2 )(1, m2 ) = (1, m3 ).

Example. (Using products to construct groups) Use products to construct 3 different abelian groups
of order 8. The groups Z2 × Z2 × Z2 , Z4 × Z2 , and Z8 are abelian, since each is a product of abelian groups.

3
Z8 is cyclic of order 8, Z4 × Z2 has an element of order 4 but is not cyclic, and Z2 × Z2 × Z2 has only elements
of order 2. It follows that these groups are distinct.
In fact, there are 5 distinct groups of order 8; the remaining two are nonabelian.
The group D4 of symmetries of the square is a nonabelian group of order 8.
The fifth (and last) group of order 8 is the group Q of the quaternions.
D4 or Q are not that same as Z2 × Z2 × Z2 , Z4 × Z2 , or Z8 , since Z2 × Z2 × Z2 , Z4 × Z2 , and Z8 are
abelian while D4 or Q are not.
Finally, D4 is not the same as Q. D4 has 5 elements of order 2: The four reflections and rotation
through 180◦ . Q has one element of order 2, namely −1.
I’ve shown that these five groups of order 8 are distinct; it takes considerably more work to show that
these are the only groups of order 8.

Definition. Let m and n be positive integers. The least common multiple [m, n] of m and n is the
smallest positive integer divisible by m and n.

Remark. Since mn is divisible by m and n, the set of positive multiples of m and n is nonempty. Hence, it
has a smallest element, by well-ordering. It follows that the least common multiple of two positive integers
is always defined. For example, [18, 30] = 90.

Lemma. If s is a common multiple of m and n, then [m, n] | s.

Proof. By the Division Algorithm,

s = q · [m, n] + r, where 0 ≤ r < [m, n].

Thus, r = s − q · [m, n]. Since m | s and m | [m, n], I have m | r. Since n | s and n | [m, n], I have n | r.
Therefore, r is a common multiple of m and n. Since it’s also less than the least common multiple [m, n], it
can’t be positive. Therefore, r = 0, and s = q · [m, n], i.e. [m, n] | s.

Remark. The lemma shows that the least common multiple is not just “least” in terms of size. It’s also
“least” in the sense that it divides every other common multiple.

Theorem. Let m and n be positive integers. Then

mn = (m, n)[m, n].

Proof. I’ll prove that each side is greater than or equal to the other side.
m n
Note that and are integers. Thus,
(m, n) (m, n)
mn n m
=m· = · n.
(m, n) (m, n) (m, n)
mn
This shows that is a multiple of m and a multiple of n. Therefore, it’s a common multiple of m
(m, n)
and n, so it must be greater than or equal to the least common multiple. Hence,
mn
≥ [m, n], and mn ≥ (m, n)[m, n].
(m, n)

Next, [m, n] is a multiple of n, so [m, n] = sn for some s. Then

mn mn m
= = | m.
[m, n] sn s
mn
(Why is an integer? Well, mn is a common multiple of m and n, so by the previous lemma
[m, n]
[m, n] | mn.)

4
 Similarly, [m, n] is a multiple of m, so [m, n] = tm for some t. Then
mn mn n
= = | n.
[m, n] tm t
mn
In other words, is a common divisor of m and n. Therefore, it must be less than the greatest
[m, n]
common divisor:
mn
≤ (m, n), and mn ≤ (m, n)[m, n].
[m, n]
The two inequalities I’ve proved show that mn = (m, n)[m, n].

Example. Verify that mn = (m, n)[m, n] if m = 54 and n = 72.

(54, 72) = 18, [54, 72] = 216, and

(54, 72)[54, 72] = 18 · 216 = 3888 = 54 · 72.

Proposition. The element (1, 1) has order [m, n] in Zm × Zn .

Proof.
[m, n](1, 1) = ([m, n], [m, n]).
The first component is 0, since it’s divisible by m; the second component is 0, since it’s divisible by n.
Hence, [m, n](1, 1) = (0, 0).
Next, I must show that [m, n] is the smallest positive multiple of (1, 1) which equals the identity. Suppose
k(1, 1) = (0, 0), so (k, k) = (0, 0). Consider the first components. k = 0 in Zm means that m | k; likewise,
the second components show that n | k. Since k is a common multiple of m and n, it must be greater than
or equal to the least common multiple [m, n]: that is, k ≥ [m, n]. This proves that [m, n] is the order of
(1, 1).

Example. Find the order of (1, 1) in Z4 × Z6 . Find the order of (1, 1) ∈ Z5 × Z6 .

The element (1, 1) has order [4, 6] = 12.

On the other hand, the element (1, 1) ∈ Z5 × Z6 has order [5, 6] = 30. Since Z5 × Z6 has order 30, the
group is cyclic; in fact, Z5 × Z6 ≈ Z30 .

Remark. More generally, consider (x1 , . . . , xn ) ∈ G1 × . . . × Gn , and suppose xi has order ri in Gi . (The
Gi ’s need not be cyclic.) Then (x1 , . . . , xn ) has order [r1 , . . . , rn ].

Corollary. Zm × Zn is cyclic of order mn if and only if (m, n) = 1.

Note: In the next proof, “(a, b)” may mean either the ordered pair (a, b) or the greatest common divisor
of a and b. You’ll have to read carefully and determine the meaning from the context.

Proof. If (m, n) = 1, then [m, n] = mn. Thus, the order of (1, 1) is [m, n] = mn. But Zm × Zn has order
mn, so (1, 1) generates the group. Hence, Zm × Zn is cyclic.
Suppose on the other hand that (m, n) 6= 1. Since (m, n)[m, n] = mn, it follows that [m, n] 6= mn.
Since mn is a common multiple of m and n and since [m, n] is the least common multiple, it follows that
[m, n] < mn.

5
 Now consider an element (a, b) ∈ Zm × Zn . Let p be the order of a in Zm and let q be the order of b in
Zn .
Since p | m | [m, n], I may write pj = [m, n] for some j. Since q | n | [m, n], I may write qk = [m, n] for
some k. Then
[m, n](a, b) = ([m, n]a, [m, n]b) = (j(pa), k(qb)) = (j · 0, k · 0) = (0, 0).
Hence, the order of (a, b) is less than or equal to [m, n]. But [m, n] < mn, so the order of (a, b) is less
than (and not equal to) mn.
Since (a, b) was an arbitrary element of Zm × Zn , it follows that no element of Zm × Zn has order mn.
Therefore, Zm × Zn can’t be cyclic of order mn, since a generator would have order mn.

Remark. More generally, if m1 , . . . , mk are pairwise relatively prime, then Zm1 × . . . × Zmk is cyclic of
order m1 · · · mk .

Example. (Orders of elements in products) Find the order of (2, 4, 4) ∈ Z4 × Z12 × Z6 .

2 has order 2 in Z4 , 4 has order 3 in Z12 , and 4 has order 3 in Z6 . Hence, the order of (2, 4, 4) is
[2, 3, 3] = 6.

Example. (A product of cyclic groups which is not cyclic) Prove directly that Z2 × Z4 is not cyclic
of order 8.

If (a, b) ∈ Z2 × Z4 , then
4(a, b) = (4a, 4b) = (0, 0).
Thus, every element of Z2 × Z4 has order less than or equal to 4. In particular, there can be no elements
of order 8, i.e. no cyclic generators.

c 2018 by Bruce Ikenaga 6

 3-7-2018

Finitely Generated Abelian Groups

There is no (known) formula which gives the number of groups of order n for any n > 0. However,
it’s possible to classify the finite abelian groups of order n. This classification follows from the structure
theorem for finitely generated abelian groups.

Definition. Let G be an abelian group. The torsion subgroup of G is

T = {g ∈ G | ng = 0 for some n ∈ Z+ }.

I’d better check that the definition makes sense!

Proposition. Let G be an abelian group. The torsion subgroup of G is a subgroup of G.

Proof. Let T be the torsion subgroup of G. 0 ∈ T , so T is nonempty. Let a, b ∈ T . I must show a − b ∈ T .

Find positive integers m, n, such that ma = 0 and nb = 0. Then

mn(a − b) = mna − mnb = 0 − 0 = 0.

Therefore, a − b ∈ T , and T < G.

Definition. A group G is torsion free if the only element of finite order is the identity.

Definition. An abelian group G is finitely generated if there are elements x1 , . . . , xn ∈ G such that every
element x ∈ G can be written as

x = a1 x 1 + · · · + an x n , ai ∈ Z.

Note that this expression need not be unique.

Definition. A free abelian group is a direct sum of copies of Z (possibly infinitely many copies).
The number of copies (in the sense of cardinality) is the rank of the free abelian group. It’s possible to
prove that the rank of a free abelian group is well-defined.

Theorem. Let G be a finitely generated abelian group.

(a) G = T × F , where T is the torsion subgroup and F is a free abelian group.

(b) The rank of F is uniquely determined by G.

(c) The torsion part T can be written as a direct sum of cyclic groups in the following ways. Each
decomposition is unique (in the first case, up to the order of the factors):

T ≈ Z p1 r 1 × Z p2 r 2 × · · · × Z pn r n .

T ≈ Zd1 × Zd2 × · · · × Zdm , 1 ≤ d 1 | d2 | · · · | dm .

In the first case, the p’s are primes (not necessarily distinct), and ri > 0 for all i. The first case is called
a primary decomposition while the second case is called an invariant factor decomposition.

The proof of this result is outside the scope of this course. But I should mention that it is related to
the Jordan canonical form and rational canonical form that you may have seen in linear algebra. The
structure theorem for finitely generated abelian groups and the results on canonical forms are special cases

1
of a more general structure theorem: The structure theorem for finitely generated modules over a principal
ideal domain.
structure theorem
for
finitely generated modules
over a PID
ւ ց
structure theorem
for rational and Jordan
finitely generated canonical forms
abelian groups
Let’s concentrate for now on the case of a finite abelian group. Since any factor of Z would make the
group infinite, there can’t be any Z’s in the decomposition. The result then says that every finite abelian
can be written as
Z p1 r 1 × Z p2 r 2 × · · · × Z pn r n .
Here the p’s are primes and the r’s are positive integers (primary decomposition).
Alternatively, you can write the same group as
Zd1 × Zd2 × · · · × Zdm .
In this case, the d’s are positive integers and d1 | · · · | dm (invariant factor decomposition).

Example. (Listing all the primary and invariant factor decompositions) Find the primary decom-
positions and corresponding invariant factor decompositions for all abelian groups of order 360.

First, factor 360 into a product of primes: 360 = 23 · 32 · 5.

Next, write each prime power in all possible ways:
23 : 23 , 2 · 22 , 2 · 2 · 2
32 : 32 , 3 · 3
5: 5
You get the primary decompositions by using one of the 24 factorizations, one of the 32 factorizations, and
the lone 5. I’ll list the possibilities below, together with the corresponding invariant factor decompositions.

Primary decomposition Invariant factor decomposition

Z2 × Z2 × Z2 × Z3 × Z3 × Z5 Z2 × Z6 × Z30
Z2 × Z2 × Z2 × Z9 × Z5 Z2 × Z2 × Z90
Z2 × Z4 × Z3 × Z3 × Z5 Z6 × Z60
Z2 × Z4 × Z9 × Z5 Z2 × Z180
Z8 × Z3 × Z3 × Z5 Z3 × Z120
Z8 × Z9 × Z5 Z360

The two groups in each row are isomorphic — they’re “the same” as groups.
Here’s an example which shows how I got the invariant factor decompositions. Consider Z2 × Z2 × Z2 ×
Z3 × Z3 × Z5 . Write the numbers for each prime in a row, right-justified:
2 2 2
3 3
5
2 6 30

2
 Multiply the numbers in each column. These give the numbers for the invariant factor decomposition.
Note that 2 divides 6 and 6 divides 30.

Example. (Finding the primary and invariant factor decompositions for a specific group) Find
the primary decomposition and invariant factor decomposition for Z4 × Z12 × Z18 .
First, I take each of the factors apart into direct products of groups of prime power order.

Z4 × Z12 × Z18 ≈ Z4 × (Z4 × Z3 ) × (Z2 × Z9 ).

I’m using the fact that Zm × Zn ≈ Zmn if and only if m and n are relatively prime. Thus, Z12 ≈ Z4 × Z3
because 3 and 4 are relatively prime.
I can’t replace Z4 with Z2 × Z2 because 2 is not relatively prime to 2 (2 and 2 have the common factor
2!).
Thus, the primary decomposition is

Z2 × Z4 × Z4 × Z3 × Z9 .

Next, I find the invariant factor decomposition:

2 4 4
3 9
2 12 36
So the invariant factor decomposition is

Z2 × Z12 × Z36 .

Note that 2 divides 12 and 12 divides 36.

Example. (Finding primary decompositions satisfying a condition on orders of elements) Sup-

pose G is an abelian group of order 24, and no element has order greater than 12. What are the possible
primary decompositions for G?

Since 24 = 23 · 3, the primary decompositions for abelian groups of order 24 are

Z8 × Z3 , Z2 × Z4 × Z3 , Z2 × Z2 × Z2 × Z3 .

Let (a, b, c) ∈ Z2 × Z4 × Z3 . Then

12(a, b, c) = (12a, 12b, 12c) = (0, 0, 0).

Therefore, no element of Z2 × Z4 × Z3 has order greater than 12.

Let (a, b, c, d) ∈ Z2 × Z2 × Z2 × Z3 . Then

12(a, b, c, d) = (12a, 12b, 12c, 12d) = (0, 0, 0, 0).

Therefore, no element of Z2 × Z2 × Z2 × Z3 has order greater than 12.

However, for (1, 1) ∈ Z8 × Z3 , I have

12(1, 1) = (4, 0) 6= (0, 0).

So (1, 1) does not have order less than 12 — in fact, it has order 24.
Therefore, the possible primary decompositions for G are Z2 × Z4 × Z3 and Z2 × Z2 × Z2 × Z3 .

c 2018 by Bruce Ikenaga 3

 3-17-2018

Cosets
If H is a subgroup of G, you can break G up into pieces, each of which looks like H:

aH
G

cH

bH

These pieces are called cosets of H, and they arise by “multiplying” H by elements of G.

Definition. Let G be a group and let H < G. A left coset of H in G is a subset of the form

gH = {gh | h ∈ H} for some g ∈ G.

The element g is a representative of the coset gH. The collection of left cosets is denoted G/H.
Likewise, a right coset is a subset of the form

Hg = {hg | h ∈ H} for some g ∈ G.

The set of right cosets is denoted H\G.

Thus, the left coset gH consists of g times everything in H; Hg consists of everything in H times g.
I’ve written everything as if the operation in the group was “multiplication”. The case when the
operation is “addition” is discussed in an example below.

Example. (Listing the elements of cosets) (a) List the elements of U28 and the elements of the cyclic
subgroup generated by 9.

(b) List the elements of the cosets of h9i in U28 .

(a)
U28 = {1, 3, 5, 9, 11, 13, 15, 17, 19, 23, 25, 27}.
h9i = {1, 9, 25}.
(b) The subgroup is always a coset. I’ll list that first:

h9i = {1, 9, 25}.

Take an element of U28 which is not in the subgroup — say 3. Multiply the subgroup by the element:

3 · h9i = 3 · {1, 9, 25} = {3 · 1, 3 · 9, 3 · 25} = {3, 27, 19}.

Take an element of U28 which is not in either of the two known cosets — say 5. Multiply the subgroup
by the element:
5 · h9i = 5 · {1, 9, 25} = {5 · 1, 5 · 9, 5 · 25} = {5, 17, 13}.

1
 Notice that all the cosets have 3 elements — the same as the number of elements in the subgroup.
At this point, there are only 3 elements which aren’t in any of the known cosets. These elements make
up the last coset: {11, 15, 23}. You can check that

11 · h9i = {11, 15, 23}.

3 represents the coset 3 · h9i, but a given coset can be represented by any of its elements. For example,

19 · h9i = 19 · {1, 9, 25} = {19 · 1, 19 · 9, 19 · 25} = {19, 3, 27} = 3 · h9i.

Example. (Listing the elements of cosets) List the elements of the cosets of 2Z in Z.

Z/2Z consists of two cosets: the even numbers 2Z and the odd numbers. Explicitly,

0 + 2Z = {. . . , −4, −2, 0, 2, 4, . . .} and 1 + 2Z = {. . . , −3, −1, 1, 3, . . .}.

Notice that when the operation in the group is +, a coset of a subgroup H is written a + H.

Example. (Listing the elements of cosets) List the elements of the cosets of the subgroup {1, −1} of
the group of quaternions.

Here is the table for the group of quaternions:

1 −1 i −i j −j k −k
1 1 −1 i −i j −j k −k
−1 −1 1 −i i −j j −k k
i i −i −1 1 k −k −j j
−i −i i 1 −1 −k k j −j
j j −j −k k −1 1 i −i
−j −j j k −k 1 −1 −i i
k k −k j −j −i i −1 1
−k −k k −j j i −i 1 −1

Consider the subgroup {1, −1}. Its cosets are

1 · {1, −1} = {1, −1}, (−1) · {1, −1} = {−1, 1} = {1, −1},

i · {1, −1} = {i, −i}, (−i) · {1, −1} = {−i, i} = {i, −i},
j · {1, −1} = {j, −j}, (−j) · {1, −1} = {−j, j} = {j, −j},
k · {1, −1} = {k, −k}, (−k) · {1, −1} = {−k, k} = {k, −k}.
There are four distinct cosets. Notice that 2 · 4 = 8. This is a special case of Lagrange’s theorem:
The order of a subgroup times the number of cosets of the subgroup equals the order of the group.

Example. (Identifying a set of cosets with another set) Show that the set of cosets R/Z can be
identified with S 1 , the group of complex numbers of modulus 1 under complex multiplication.

2
 The cosets R/Z are
x+Z where 0 ≤ x < 1.
Thus, there is one coset for each number in the half-open interval [0, 1).
On the other hand, you can “wrap” the half-open interval around the circle S 1 in the complex plane:
Use f (t) = e2πit , 0 ≤ t < 1. It’s easy to show this is a bijection by constructing an inverse using the
logarithm.
Thus, there is a bijection from the set of cosets R/Z to the circle S 1 .
In fact, this is an example of an isomorphism of groups.

Theorem. Let G be a group and let H < G. The left cosets of H in G form a partition of G.

Proof. I need to show that the union of the left cosets is the whole group, and that different cosets do not
overlap.
Let g ∈ G. Since 1 ∈ H, it follows that g · 1 = g is in gH. This shows that every element of G lies in
some coset of H, so the union of the cosets is all of G.
Next, suppose aH and bH are two cosets of H, and suppose they are not disjoint. I must show they’re
identical: aH = bH. As usual, I can show two sets are equal by showing that each is contained in the other.
Since aH and bH are not disjoint, I can find an element g ∈ aH ∩ bH. Write g = ah1 = bh2 for
h1 , h2 ∈ H. Then
a = bh2 h−1
1 .

Now let ah ∈ aH. Then

ah = bh2 h−1
1 h.

The element on the right is in bH, since it is b times something in H. Therefore, ah ∈ bH, and aH ⊂ bH.
By symmetry, bH ⊂ aH, so aH = bH.

Theorem. Any two left cosets have the same number of elements.

Proof. Let H be a subgroup of a group G, and let a, b ∈ G. I must show that aH and bH have the same
number of elements. By definition, this means that I must construct a bijective map from aH to bH.
An element of aH looks like ah, for some h ∈ H. So it is tempting to simply define f : aH → bH by

f (ah) = bh.

But how do you know this is well-defined? How do you know that the same element of aH might not
be expressed as both ah and ah′ , where h and h′ are different elements of H?
Fortunately, this can’t happen; if ah = ah′ , then

a−1 ah = a−1 ah′ , so h = h′ .

Thus, it’s legitimate for me to define a function f as above.

Likewise, I can define g : bH → aH by

g(bh) = ah for bh ∈ bH.

This is well-defined, just as f was.

Since f and g are clearly inverses, f (or g) is a bijection, and aH and bH have the same number of
elements.

Definition. If G is a group and H < G, |G/H| is called the index of H in G, and is denoted (G : H).

The way I’ve defined it, the index of H in G is the number of left cosets of H. It turns out that this is
the same as the number of right cosets.

3
Theorem. (Lagrange’s theorem) Let G be a finite group and let H be a subgroup of G. Then

|G|
(G : H) = .
|H|

Proof. The cosets of H partition G into (G : H) pieces, and each piece contains |H| elements. So the total
number of elements in the (G : H) pieces is (G : H) · |H|, but this is all of G:

(G : H) · |H| = |G|.

Now divide both sides by |H|.

Note that this result implies that the order of a subgroup divides the order of the group. Thus, a group
of order 14 could have subgroups of order 1, 2, 7, or 14, but could not have a subgroup of order 5.

Example. (A specific example of Lagrange’s theorem) Verify Lagrange’s theorem for the subgroup
H = {0, 3} of Z6 .

The cosets are

0 + H = {0, 3}, 1 + H = {1, 4}, 2 + H = {2, 5}.
Notice there are 3 cosets, each containing 2 elements, and that the cosets form a partition of the group.

Example. (A specific example of Lagrange’s theorem) List the elements of the cosets of h(2, 2)i in
Z4 × Z6 .

First, list the elements of the subgroup:

h(2, 2)i = {(0, 0), (2, 2), (0, 4), (2, 0), (0, 2), (2, 4)}.

The subgroup is a coset.

The subgroup has 6 elements and the group has 24. By Lagrange’s theorem, there are 4 cosets.
(1, 1) isn’t in the subgroup; add it to the subgroup:

(1, 1) + h(2, 2)i = {(1, 1), (3, 3), (1, 5), (3, 1), (1, 3), (3, 5)}.

(2, 1) isn’t in either of the known cosets; add it to the subgroup:

(2, 1) + h(2, 2)i = {(2, 1), (0, 3), (2, 5), (0, 1), (2, 3), (0, 5)}.

The remaining elements make up the fourth coset. I can find them by noting that (1, 2) isn’t in the
three known cosets, so the fourth coset is represented by (1, 2):

(1, 2) + h(2, 2)i = {(1, 2), (3, 4), (1, 0), (3, 2), (1, 4), (3, 0)}.

Notice that there are 4 cosets, each containing 6 elements, and the cosets form a partition of the group.

Corollary. Every group of prime order is cyclic.

Proof. Suppose G is a group of order p, where p is prime. Let g ∈ G, g 6= 1. hgi is a subgroup of G, and
since g 6= 1, |hgi| 6= 1.

4
 But |hgi| divides |G| by Lagrange’s theorem, and the only positive numbers which divide |G| = p are 1
and p. Therefore, |hgi| = p, which means that hgi is all of G. That is, G is cyclic with generator g.

For example, this means that the only group of order 17 is the cyclic group of order 17.

I noted earlier that the number of left cosets equals the number of right cosets; here’s the proof.

Proposition. Let G be a group, H < G. The set of left cosets G/H may be put in 1-1 correspondence with
the set of right cosets H\G.

Proof. Define φ : G/H → H\G by φ(gH) = Hg −1 . I need to show φ is well-defined.

Suppose aH = bH. Then a = a · 1 ∈ aH = bH, so a = bh for some h ∈ H. Then

φ(aH) = Ha−1 = H(bh)−1 = Hh−1 b−1 = Hb−1 = φ(bH).

Next, define ψ : H\G → G/H by ψ(Hg) = g −1 H. A computation similar to the one I just did shows ψ
is well-defined. φ and ψ are inverses, so either one gives a bijection of G/H with H\G.

While there are the same number of left and right cosets, the left and right cosets may be different as
sets. In fact, if the left and right cosets are the same as sets, the subgroup is said to be normal. It’s a
very important condition on a subgroup, since it will allow us to turn the set of left (or right) cosets into a
quotient group.

Example. (A subgroup whose left and right cosets are different) List the elements of the left cosets
and the right cosets of the subgroup {id, (1 2)} of S3 .

The left cosets are

{id, (1 2)}, (1 3){id, (1 2)} = {(1 3), (1 2 3)}, (2 3){id, (1 2)} = {(2 3), (1 3 2)}.

The right cosets are

{id, (1 2)}, {id, (1 2)}(1 3) = {(1 3), (1 3 2)}, {id, (1 2)}(2 3) = {(2 3), (1 2 3)}.

The left and right cosets aren’t the same, though there are the same number of left and right cosets.

c 2018 by Bruce Ikenaga 5

 3-17-2018

Normal Subgroups and Quotient Groups

Under what conditions will the set of cosets form a group? That is, under what conditions will coset
addition or multiplication be well-defined?
If H is a subgroup of a group G, I’d like to multiply two cosets of H this way:

aH · bH = (ab)H.

Here’s the problem. A coset like aH can be represented by different elements: That is, I can have
aH = a′ H where a 6= a′ . Remember that a coset aH is a set of elements, not a single element. For example,
if you consider cosets of the subgroup 2Z in Z,

1 + 2Z = 13 + 2Z.

Both of these sets consist of all the odd integers, even though 1 6= 13.
So in writing aH · bH = (ab)H, I should be able to replace aH with a′ H, since they’re equal. Then I’d
get
a′ H · bH = (a′ b)H.
I should have (ab)H = (a′ b)H, because the two cosets I multiplied were the same in both cases. But how
do I know this will work? For that matter, what if I replace bH with b′ H, using a different representative
for the second coset?
It turns out that this doesn’t work in general: I need to have a condition on the subgroup H.

Definition. A subgroup H < G is normal if

gHg −1 ⊂ H for all g ∈ G.

The notation H ⊳ G means that H is a normal subgroup of G.

Remark. (a) Since the statement runs over all g ∈ G, I can replace “g” in the definition with “g −1 ”, because
every g ∈ G is the inverse of some element, namely g −1 ). Thus, I could just as well say “g −1 Hg ⊂ H”.

(b) As usual, to check the set inclusion gHg −1 ⊂ H, you can verify that it holds for elements: Let h ∈ H
and g ∈ G, and show that ghg −1 ∈ H.

(c) For a fixed g ∈ G, I have gHg −1 ⊂ H. But I also have

g −1 Hg ⊂ H
g(g −1 Hg)g −1 ⊂ gHg −1
H ⊂ gHg −1

Hence, gHg −1 = H. So I actually have equality, not just subset inclusion. If you’re showing a subgroup
is normal, you are better off doing less work and just proving inclusion, as in the definition: You get equality
for free.

The next two results give some easy examples of normal subgroups.

Proposition. Let G be a group. Then {1} and G are normal subgroups of G.

Proof. To show that {1} is normal, let g ∈ G. The only element of {1} is 1, and g · 1 · g −1 = 1 ∈ {1}.
Therefore, {1} is normal.
To show that G is normal, let g ∈ G and let h ∈ G. Then ghg −1 ∈ G, because g, h, and g −1 are all in
G, and G must be closed under its operation.

1
Proposition. If G is abelian, every subgroup is normal.

Proof. If g ∈ G, then gHg −1 = Hgg −1 = H.

Example. (Showing a subgroup is not normal) Show that the subgroup {id, (1 3)} of S3 is not normal.

Here’s the multiplication table for S3 , the group of permutations of {1, 2, 3}.

id (1 2 3) (1 3 2) (2 3) (1 3) (1 2)
id id (1 2 3) (1 3 2) (2 3) (1 3) (1 2)
(1 2 3) (1 2 3) (1 3 2) id (1 2) (2 3) (1 3)
(1 3 2) (1 3 2) id (1 2 3) (1 3) (1 2) (2 3)
(2 3) (2 3) (1 3) (1 2) id (1 2 3) (1 3 2)
(1 3) (1 3) (1 2) (2 3) (1 3 2) id (1 2 3)
(1 2) (1 2) (2 3) (1 3) (1 2 3) (1 3 2) id

I have to find an element g ∈ S3 such that

g{id, (1 3)}g −1 6⊂ {id, (1 3)}.

There are several possibilities. For example,

(1 2){id, (1 3)}(1 2)−1 = (1 2){id, (1 3)}(1 2) = {(1 2)id(1 2), (1 2)(1 3)(1 2)} = {id, (2 3)}.

Since {id, (2 3)} 6⊂ {id, (1 3)}, the subgroup {id, (1 3)} is not normal in S3 .

Example. (A normal subgroup of the quaternions) Show that the subgroup {1, −1, i, −i} of the group
of quaternions is normal.

Here’s the multiplication table for the group of the quaternions:

1 −1 i −i j −j k −k
1 1 −1 i −i j −j k −k
−1 −1 1 −i i −j j −k k
i i −i −1 1 k −k −j j
−i −i i 1 −1 −k k j −j
j j −j −k k −1 1 i −i
−j −j j k −k 1 −1 −i i
k k −k j −j −i i −1 1
−k −k k −j j i −i 1 −1

To show that the subgroup is normal, I have to compute g{1, −1, i, −i}g −1 for each element g in the
group and show that I always get the subgroup {1, −1, i, −i}.
It’s a bit tedious to do this for all the elements, so I’ll just do the computation for one of them by way
of example.
Take g = j. Then g −1 = −j (since j(−j) = 1), so

j{1, −1, i, −i}j −1 = j{1, −1, i, −i}(−j) = {j · 1 · (−j), j · (−1) · (−j), j · i · (−j), j · (−i) · (−j)} =

2
 {1, −1, (−k)(−j), k(−j)} = {1, −1, −i, i}.
This is the same set as the original subgroup, so the verification worked with this element.
If I do the same computation with the other elements in Q, I’ll always get the original subgroup back.
Therefore, {1, −1, i, −i} is normal.

As this example indicates, it is generally infeasible to show a subgroup is normal by checking the
definition for all the elements in the group!

Here’s another special case where subgroups satisfying a certain condition are normal.
Proposition. Let H be a subgroup of G. If (G : H) = 2, then H is normal.

Proof. Since (G : H) = 2, I know that H has two left cosets and two right cosets. One coset is always H
itself. Take g ∈
/ H. Then gH is the other left coset, Hg is the other right coset, and

H ∪ gH = G = H ∪ Hg.

But these are disjoint unions, so gH = Hg, and therefore gHg −1 = H. This equation holds for any g in
the coset gH. The equation clearly holds for any element of the trivial coset H. Hence, the equation holds
for all elements of G, and H is normal.

Example. Show that the alternating group An is a normal subgroup of Sn .

The even permutations make up half of Sn , so (Sn : An ) = 2. Therefore, An is normal.

Example. (Checking normality in a product) Let G and H be groups. Let

G × {1} = {(g, 1) | g ∈ G}.

Prove that G × {1} is a normal subgroup of the product G × H.

First, I’ll show that it’s a subgroup.

Let (g1 , 1), (g2 , 1) ∈ G × {1}, where g1 , g2 ∈ G. Then

(g1 , 1) · (g2 , 1) = (g1 g2 , 1) ∈ G × {1}.

Therefore, G × {1} is closed under products.

The identity (1, 1) is in G × {1}.
If (g, 1) ∈ G × {1}, the inverse is (g, 1)−1 = (g −1 , 1), which is in G × {1}.
Therefore, G × {1} is a subgroup.
To show that G × {1} is normal, let (a, b) ∈ G × H, where a ∈ G and b ∈ H. I must show that

(a, b)(G × {1})(a, b)−1 ⊂ G × {1}.

I can show one set is a subset of another by showing that an element of the first is an element of the
second. An element of (a, b)(G × {1})(a, b)−1 looks like (a, b)(g, 1)(a, b)−1 , where (g, 1) ∈ G × {1}. Now

(a, b)(g, 1)(a, b)−1 = (a, b)(g, 1)(a−1 , b−1 ) = (aga−1 , b(1)b−1 ) = (aga−1 , 1).

aga−1 ∈ G, since a, g ∈ G. Therefore, (a, b)(g, 1)(a, b)−1 ∈ G × {1}. This proves that (a, b)(G ×
{1})(a, b)−1 ⊂ G × {1}. Therefore, G × {1} is normal.

3
 Now I need to show that the condition of normality allows me to turn the set of cosets of a subgroup
into a quotient group under coset multiplication or addition. I need a few preliminary results on cosets first.

Theorem. Let G be a group, and let H be a subgroup of G. The following statements are equivalent:

(a) a and b are elements of the same coset of H.

(b) a H = b H.

(c) b−1 a ∈ H.

Proof. To show that several statements are equivalent, I must show that any one of them follows from
any other. To do this efficiently, I’ll show that statement (a) implies statement (b), statement (b) implies
statement (c), and statement (c) implies statement (a).

((a) → (b)) Suppose a and b are elements of the same coset gH of H. Since a ∈ aH ∩ gH, and since cosets
are either disjoint or identical, aH = gH. Likewise, b ∈ bH ∩ gH implies bH = gH. Therefore, aH = bH.

((b) → (c)) Suppose aH = bH. Since 1 ∈ H, it follows that a = a · 1 ∈ aH = bH. Therefore, a = bh for
some h ∈ H. Hence, b−1 a = h ∈ H.

((c) → (a)) Suppose b−1 a = h ∈ H. Then b−1 aH = hH = H, so aH = bH. Therefore, a and b are elements
of the same coset of H, namely aH = bH.

Corollary. aH = H if and only if a ∈ H.

Proof. The equivalence of the second and third conditions says that aH = bH if and only if b−1 a ∈ H.
Taking b = 1, this says that aH = H if and only if a ∈ H, which is what I wanted to prove.

Now I’ll show that the definition of normality does what I wanted it to.

Theorem. Let G be a group, H < G. The following statements are equivalent:

(a) H ⊳ G

(b) For all g ∈ G, gH = Hg. (Thus, every left coset is a right coset and every right coset is a left coset.)

(c) Coset multiplication is well-defined.

By (c), I mean that if a1 H = a2 H and b1 H = b2 H, then a1 b1 H = a2 b2 H. Once I know that multipli-

cation is well-defined, I can define multiplication of cosets by (aH)(bH) = (ab)H.

Proof. ((a) → (b)) If H ⊳ G and g ∈ G, then gHg −1 = H, so gHg −1 g = Hg, or gH = Hg.

((b) → (c)) Suppose gH = Hg for all g ∈ G. Suppose

a1 H = a2 H and b1 H = b2 H.

Then
a1 b1 H = a1 b2 H = a1 Hb2 = a2 Hb2 = a2 b2 H.

((c) → (a)) Suppose coset multiplication is well defined. I want to show H ⊳ G. Let g ∈ G. I will show
gHg −1 ⊂ H.
Let h ∈ H. I will show ghg −1 ∈ H.
By an earlier result, hH = 1H, and surely gH = gH, so (since coset multiplication is well-defined)

(gH)(hH) = (gH)(1H)
(gh)H = gH

4
 And since g −1 H = g −1 H,
[(gh)H](g −1 H) = (gH)(g −1 H)
(ghg −1 )H = (gg −1 )H
(ghg −1 )H = H

An earlier result shows that this implies ghg −1 ∈ H. Therefore, H ⊳ G.

The point of all this was to make the set of cosets G/H into a group via coset multiplication or addition.

Theorem. If H ⊳ G, the set of left cosets G/H becomes a group under coset multiplication.

Proof. I’ll check that axioms. For associativity, note that

(aH · bH) · cH = (ab)H · cH = (abc)H and aH · (bH · cH) = aH · (bc)H = (abc)H.

I have
1H · aH = aH = aH · 1H for all a ∈ G.
Hence, H = 1H is the identity for coset multiplication.
Finally
aH · a−1 H = 1H = a−1 H · aH for all a ∈ G.
Therefore, (aH)−1 = a−1 H, and every coset has an inverse.

Definition. Let G be a group, and let H ⊳ G. The set G/H of left cosets under coset multiplication is the
quotient group (or factor group) of G by H.

Because coset multiplication (or addition) is independent of the choice of representatives, you do compu-
tations in quotient groups by doing the corresponding computations on coset representatives. The following
examples illustrate this idea.

Example. (Adding cosets) Let G = Z8 = {0, 1, 2, 3, 4, 5, 6, 7} and let H be the subgroup {0, 4}.

(a) List the cosets of {0, 4}.

Z8
(b) Construct the addition table for the quotient group using coset addition as the operation.
{0, 4}
(c) Identify the quotient group as a familiar group.

(a) The cosets of H are

{0, 4}, 1 + {0, 4} = {1, 5}, 2 + {0, 4} = {2, 6}, 3 + {0, 4} = {3, 7}.

Z8
(b) Make the set of cosets into a group by using coset addition. This means that to add two cosets
{0, 4}
you add their representatives, then take the coset containing the sum as the sum of the cosets. Here’s the
addition table:
+ {0, 4} {1, 5} {2, 6} {3, 7}
{0, 4} {0, 4} {1, 5} {2, 6} {3, 7}
{1, 5} {1, 5} {2, 6} {3, 7} {0, 4}
{2, 6} {2, 6} {3, 7} {0, 4} {1, 5}
{3, 7} {3, 7} {0, 4} {1, 5} {2, 6}

5
 To see how the table was constructed, consider the entry

{2, 6} + {3, 7} = {1, 5}.

Use representatives for the cosets:

{2, 6} = 2 + {0, 4} and {3, 7} = 3 + {0, 4}.

You add cosets by adding their representatives — in this case, 2 and 3 — and attaching the sum to the
subgroup — in this case, {0, 4}:

{2, 6} + {3, 7} = (2 + {0, 4}) + (3 + {0, 4}) = (2 + 3) + {0, 4} = 5 + {0, 4} = {1, 5}.

You can also use individual elements. Take an element from {2, 6} and an element from {3, 7} and add
them. Find the coset that contains the sum. That coset is the sum of the cosets.
For example, if I use 6 from {2, 6} and 3 from {3, 7}, I get 6 + 3 = 1, which is in {1, 5}. Therefore,
{2, 6} + {3, 7} = {1, 5}.
What happens if you choose different elements? Take 2 from {2, 6} and 7 from {3, 7}. Then 2 + 7 = 1,
which is in {1, 5} again. Just as before, {2, 6} + {3, 7} = {1, 5}.
This is what it means to say that coset addition is well-defined: No matter which elements you choose
from the two sets, the sum of the elements will always be in the same coset.

(c) The table above is a group table for a group of order 4. There are only two groups of order 4: Z4 and
Z2 × Z2 . Hence, the group above must be isomorphic to one of these groups. Replace

{0, 4} with 0, {1, 5} with 1, {2, 6} with 2, and {3, 7} with 3.

This gives the table:

+ 0 1 2 3
0 0 1 2 3
1 1 2 3 0
2 2 3 0 1
3 3 0 1 2

Z8
Thus, ≈ Z4 .
{0, 4}

Example. The cosets of the subgroup h19i in U20 are

h19i = {1, 19}

3 · h19i = {3, 17}
7 · h19i = {7, 13}
9 · h19i = {9, 11}

(a) Compute {3, 17} · {9, 11}.

(b) Compute {3, 17}−1 .

(c) Compute {9, 11}3 .

U20
(d) Construct a multiplication table for the quotient group . Determine whether the quotient group is
h19i
isomorphic to Z4 or to Z2 × Z2 .

6
(a) Take an element (it doesn’t matter which one) from each coset, say 3 ∈ {3, 17} and 11 ∈ {9, 11}.
Perform the operation on the elements you chose. In this case, it’s multiplication:

3 · 11 = 33 = 13.

Find the coset containing the answer: 13 ∈ {7, 13}.

Hence,
{3, 17} · {9, 11} = {7, 13}.

(b) Take an element (it doesn’t matter which one) from the coset, say 3 ∈ {3, 17}.
Perform the operation on the elements you chose. In this case, it’s finding the inverse (use the Extended
Euclidean Algorithm, or trial and error):
3−1 = 7.

Find the coset containing the answer: 7 ∈ {7, 13}.

Hence,
{3, 17}−1 = {7, 13}.

(c) Take an element (it doesn’t matter which one) from the coset, say 11 ∈ {9, 11}.
Perform the operation on the elements you chose. In this case, it’s cubing:

113 = 1331 = 11.

Find the coset containing the answer: 11 ∈ {9, 11}.

Hence,
{9, 11}3 = {9, 11}.

(d) To save writing, I’ll use 1, 3, 7, and 9 to represent the cosets. I did the multiplications to construct the
table the way I did the multiplication in (a) above.

· 1 3 7 9
1 1 3 7 9
3 3 9 1 7
7 7 1 9 3
9 9 7 3 1

U20
I can see that {3, 17} has order 4. Therefore, ≈ Z4 .
h19i

Example. The cosets of h(1, 3)i in Z4 × Z4 are

h(1, 3)i = {(0, 0), (1, 3), (2, 2), (3, 1)}
(0, 1) + h(1, 3)i = {(0, 1), (1, 0), (2, 3), (3, 2)}
(0, 2) + h(1, 3)i = {(0, 2), (1, 1), (2, 0), (3, 3)}
(0, 3) + h(1, 3)i = {(0, 3), (1, 2), (2, 1), (3, 0)}

(a) Compute [(0, 2) + h(1, 3)] + [(0, 3) + h(1, 3)].

Z4 × Z4
(b) Construct an addition table for the quotient group . Determine whether the quotient group is
h(1, 3)i
isomorphic to Z4 or to Z2 × Z2 .

7
(a) Take an element (it doesn’t matter which one) from the cosets, say (0, 2) ∈ (0, 2) + h(1, 3) and (0, 3) ∈
(0, 3) + h(1, 3). (I’ll just use the coset representatives, but again, I could choose any elements from the two
cosets.)
Perform the operation on the elements you chose. In this case, it’s addition:

(0, 2) + (0, 3) = (0, 1).

Find the coset containing the answer:

(0, 1) ∈ {(0, 1), (1, 0), (2, 3), (3, 2)} = (0, 1) + h(1, 3).

Hence,
[(0, 2) + h(1, 3)] + [(0, 3) + h(1, 3)] = (0, 1) + h(1, 3).
(b) To save writing, I’ll use (0, 0), (0, 1), (0, 2), and (0, 3) to represent the cosets. I did the additions to
construct the table the way I did the addition in (a) above.

+ (0, 0) (0, 1) (0, 2) (0, 3)

(0, 0) (0, 0) (0, 1) (0, 2) (0, 3)
(0, 1) (0, 1) (0, 2) (0, 3) (0, 0)
(0, 2) (0, 2) (0, 3) (0, 0) (0, 1)
(0, 3) (0, 3) (0, 0) (0, 1) (0, 2)

Z4 × Z4
I can see that (0, 1) + h(1, 3) has order 4, so ≈ Z4 .
h(1, 3)i

Example. (A quotient group of a dihedral group) This is the table for D3 , the group of symmetries
2π 4π
of an equilateral triangle. r1 is rotation through , r2 is rotation through , and m1 , m2 , and m3 are
3 3
reflections through the altitude through vertices 1, 2, and 3, respectively.

id r1 r2 m1 m2 m3
id id r1 r2 m1 m2 m3
r1 r1 r2 id m3 m1 m2
r2 r2 id r1 m2 m3 m1
m1 m1 m2 m3 id r1 r2
m2 m2 m3 m1 r2 id r1
m3 m3 m1 m2 r1 r2 id

(a) Show that the rotation subgroup H = {id, r1 , r2 } is a normal subgroup of D3 .

(b) Construct the multiplication table for the quotient group D3 /H and identify the quotient group as a
familiar group.

(c) Consider the subgroup H ′ = {id, m1 }. Show that H ′ is not normal in D3 .

6
(a) Since H has 3 elements, it has index = 2, so it must be normal.
3
You can check this directly but tediously by checking that gHg −1 ⊂ H for each g ∈ D3 . For example,

m1 Hm−1
1 = m1 Hm1 = m1 {id, r1 , r2 }m1 = {m1 id m1 , m1 r1 m1 , m1 r2 m1 } = {id, r2 , r1 } = H.

8
 And so on for the other elements.
It’s also possible to show it’s normal geometrically, by reasoning about orientation.

(b) D3 /H is a group with two elements:

D3 /H = {H = {id, ρ1 , ρ2 }, m1 H = {m1 , m2 , m3 }}.

Here is the group table for D3 /H:

H m1 H
H H m1 H
m1 H m1 H H

Up to notation, this is “the” group of order 2, namely Z2 .

(More generally, consider the group D2n of symmetries of the regular n-gon. This group has a subgroup
2πk
of rotations H consisting of rotations through the angles , where 0 ≤ k < n. This subgroup is normal,
n
since it has index 2. To see this geometrically, observe that if ρ is a rotation and τ is also a rotation, τ ρτ −1
is obviously a rotation. On the other hand, suppose τ is a reflection. Then τ ρτ −1 is orientation-preserving,
so it must also be a rotation.)

(c) I must find a g ∈ D3 such that gH ′ g −1 6= H ′ . Here’s an example:

m2 {id, m1 }m−1
2 = m2 {id, m1 }m2 = {m2 id m2 , m2 m1 m2 } = {id, m3 } =
6 {id, m1 }.

Another way to prove that the subgroup isn’t normal is to compare the left and right cosets. The left
cosets are
{id, m1 }, m2 {id, m1 } = {m2 , r2 }, m3 {id, m1 } = {m3 , r1 }.
The right cosets are

{id, m1 }, {id, m1 }m2 = {m2 , r1 }, {id, m1 }m3 = {m3 , r2 }.

As you can see, the left and right cosets are not the same.

Remember that when a subgroup is normal, there is a well-defined multiplication on the set of cosets
of the subgroup. Let’s see how this works out for the two subgroup I discussed above.
The first table below is the multiplication table for D3 , the group of symmetries of a triangle. The
subgroup H = {id, r1 , r2 } has two cosets: H itself and the set {m1 , m2 , m3 }. Notice that the row and
column headings have been set up with the two cosets one after another.
Get out your coloring pencils! Color the two cosets in the table below in such a way that all the elements
of a given coset are the same color, and different cosets have different colors. For example, leave the elements
of H = {id, r1 , r2 } uncolored and color the elements {m1 , m2 , m3 } green.

id r1 r2 m1 m2 m3
id id r1 r2 m1 m2 m3
r1 r1 r2 id m3 m1 m2
r2 r2 id r1 m2 m3 m1
m1 m1 m2 m3 id r1 r2
m2 m2 m3 m1 r2 id r1
m3 m3 m1 m2 r1 r2 id

9
 Consider the product of two elements ab. The coloring shows that the coset containing the product
depends only on the cosets containing a and b. Suppose ab is in the coset colored green. Take a′ in the same
coset as a and b′ in the same coset as b. Then a′ b′ will also be in the coset colored green. This proves that
you can multiply cosets by multiplying coset representatives and get a well-defined multiplication.
Here is the same table rearranged to fit the non-normal subgroup H ′ = {id, m1 } and its cosets r1 H ′ =
{r1 , m3 } and r2 H ′ = {r2 , m2 }. Color the elements of the three cosets with different colors as in the last
example.
id m1 r1 m3 r2 m2
id id m1 r1 m3 r2 m2
m1 m1 id m2 r2 m3 r1
r1 r1 m3 r2 m2 id m1
m3 m3 r1 m1 id m2 r2
r2 r2 m2 id m1 r1 m3
m2 m2 r2 m3 r1 m1 id

In this case, the coset containing a product a · b depends on the particular elements a and b, not just
on the cosets containing a and b. The coloring produces a table that is not arranged in nice “blocks” like
the previous table. For example, r1 · r1 = r2 , which is in the third coset. On the other hand, m3 · m3 = id,
which is in the first coset. You get different cosets, even though the factors in the two products are all in the
second coset. In this case, coset multiplication by multiplication of representatives is not well-defined.

It is natural to see how a new construction interacts with things like unions and intersections. Since the
union of subgroups is not a subgroup in general, it’s unreasonable to expect a union of normal subgroups to
be a normal subgroup. However, intersections work properly.

Proposition. The intersection of a family of normal subgroups is a normal subgroup.

Proof. Let G be a group, and let {Ha }a∈A be a family of normal subgroups of G. Let H = ∩a∈A Ha . I
want to show that H ⊳ G. Since the intersection of a family of subgroups is a subgroup, it remains to show
that H is normal.
Let g ∈ G and let h ∈ H. I must show ghg −1 ∈ H. Now h ∈ H implies h ∈ Ha for all a, so (since
Ha ⊳ G for all a) ghg −1 ∈ Ha for all a. Therefore, ghg −1 ∈ ∩a∈A Ha = H. Therefore, H is normal.

Definition. Let G be a group, and let S ⊂ G. The intersection of all normal subgroups of G containing S
is the normal subgroup generated by S.

Why are normal subgroups and quotient groups important? The idea is that you might be able to
understand groups by taking them apart into pieces, the way that you can factor a positive integer into a
product of primes. If you’re trying to understand a group G, you try to find a normal subgroup H. This
allows you to decompose G into smaller groups H and G/H. Now you try to find normal subgroups of H
and of G/H, and you keep going.
At some point, you may be unable to find any normal subgroups (other than {1} and the group itself).

Definition. A group G is simple if its only normal subgroups are {1} and G.

Thus, simple groups are to groups as prime numbers are to positive integers.

Proposition. Let n ≥ 2. Then n is prime if and only if Zn is simple.

Proof. Suppose n is prime. The order of a subgroup must divide the order of the group (by Lagrange’s

10
theorem), and the only positive divisors of n are 1 and n. Therefore, the only subgroups — and hence the
only normal subgroups — are {0} and Zn . Therefore, Zn is simple.
Suppose n is composite. Then there is an integer m such that m | n and 1 < m < n. Since Zn is cyclic,
it has a subgroup with m elements; since Zn is abelian, that subgroup must be normal. Since Zn has a
normal subgroup other than {0} and Zn , it is not simple.

The hope is that if you know all the possible simple groups, and you know all the ways of putting them
together, then you’ll know all about groups. In its complete generality, this ideal is unattainable. However,
progress has been made in this endeavor for finite groups. The finite simple groups were completely classified
around 1980; estimates suggested that the complete proof (pieces of which were finished by many people
over the course of decades) ran to thousands of pages.

There is a fundamental relationship between kernels of group maps and normal subgroups; in fact,
normal subgroups are exactly the kernels of group maps. The first part of the next result proves part of this
assertion.

Proposition. Let f : G → H be a group homomorphism.

(a) ker f ⊳ G.

(b) If H ′ ⊳ H, then f −1 (H ′ ) ⊳ G.

Proof. (a) I showed earlier that ker f is a subgroup of G. So I only need to show that ker f is normal. Let
x ∈ ker f (so f (x) = 1) and let g ∈ G. I need to show that gxg −1 ∈ ker f .

f (gxg −1 ) = f (g)f (x)f (g −1 ) = f (g)f (g)−1 = 1.

Hence, gxg −1 ∈ ker f , and ker f ⊳ G.

(b) I showed earlier that f −1 (H ′ ) is a subgroup of G. I only need to show that if H ′ is normal in H, then
f −1 (H ′ ) is normal in G.
Let x ∈ f −1 (H ′ ), so f (x) ∈ H ′ , and let g ∈ G. I must show that gxg −1 ∈ f −1 (H ′ ). Apply f and see if
it winds up in H ′ .

f (gxg −1 ) = f (g)f (x)f (g −1 ) = f (g)f (x)f (g)−1 ∈ f (g)H ′ f (g)−1 ⊂ H ′ .

(The last inclusion follows from normality of H ′ .) Hence, gxg −1 ∈ f −1 (H ′ ), and f −1 (H ′ ) ⊳ G.

Remarks. (a) It’s not true in general that the image of a normal subgroup is normal. It is true if the map
is a surjection. (Try it yourself!)

(b) The lemma above says that kernels of group maps are normal subgroups. In fact, the converse is true,
and I’ll prove it later: Every normal subgroup is the kernel of a group map.

c 2018 by Bruce Ikenaga 11

 3-19-2018

The Universal Property of the Quotient

Let H ⊳ G. Then G/H becomes a group under coset multiplication. Define the quotient map (or
canonical projection) π : G → G/H by
π(g) = gH.
Proposition. If H ⊳ G, the quotient map π : G → G/H is a surjective homomorphism with kernel H.

Proof. If a, b ∈ G, then
π(ab) = (ab)H = aH · bH = π(a)π(b).
Therefore, π is a group map.
Obviously, if gH ∈ G/H, then π(g) = gH. Hence, π is surjective.
Finally, I’ll show that ker π = H. If h ∈ H, then π(h) = hH = H, and H is the identity in G/H.
Therefore, h ∈ ker π, so H ⊂ ker π.
Conversely, suppose g ∈ ker π. Then π(g) = H, so gH = H, so g ∈ H. Therefore, ker π ⊂ H, and hence
H = ker π.

The preceding lemma shows that every normal subgroup is the kernel of a homomorphism: If H is a
normal subgroup of G, then H = ker π, where π : G → G/H is the quotient map. On the other hand, the
kernel of a homomorphism is a normal subgroup.

Corollary. Normal subgroups are exactly the kernels of group homomorphisms.

Normality was defined with the idea of imposing a condition on subgroups which would make the set
of cosets into a group. Now an apparently independent notion — that of a homomorphism — gives rise to
the same idea! This strongly suggests that the definition of a normal subgroup was a good one.
You can think of quotient groups in an even more subtle way. The general theme is something like this.
In modern mathematics, it is important to study not only objects — like groups — but the maps between
objects — in this case, group homomorphisms. The maps, after all, describe the relationships between
different objects. (This theme is elaborated in a branch of mathematics called category theory.)
It turns out that more is true. In a sense, the maps carry all of the information about the objects; one
could even be perverse and “build up” objects out of maps! I won’t go to such extremes, but in some cases,
an object can be characterized by certain maps. Here’s an important example.

Theorem. (Universal Property of the Quotient) Let H ⊳ G, and let φ : G → K be a group homomor-
phism such that H ⊂ ker φ. Then there is a unique homomorphism φ̃ : G/H → K such that the following
diagram commutes:

G

πy ցφ


G/H −→ K
φ̃
(To say that the diagram commutes means that φ̃ · π = φ.)

Proof. Define φ̃ : G/H → K by

φ̃(gH) = φ(g).
This is forced by the requirement that φ̃π = φ, since plugging g ∈ G into both sides yields φ̃π(g) = φ(g),
or φ̃(gH) = φ(g).
I need to check that this map is well-defined. The point is that a given coset gH may in general be
written as g ′ H, where g 6= g ′ . I must verify that the result φ(g) or φ(g ′ ) is the same regardless of how I write
the coset.

1
 (If φ(g) 6= φ(g ′ ) in this situation, then a single input — the coset gH = g ′ H — produces different
outputs, which contradicts what it means to be a function.)
So suppose that gH = g ′ H, so g = g ′ h for some h ∈ H.

φ̃(gH) = φ(g) = φ(g ′ h) = φ(g ′ )φ(h) = φ(g ′ ) · 1 = φ(g ′ ) = φ̃(g ′ H).

This shows that φ̃ is indeed well-defined.

I was forced to define φ̃ as I did in order to make the diagram commute. Hence, φ̃ is unique.
Now I’ll show that φ̃ is a homomorphism. Let a, b ∈ G. Then

φ̃ ((aH)(bH)) = φ̃ ((ab)H) = φ(ab) = φ(a)φ(b) = φ̃(aH)φ̃(bH).

Therefore, φ̃ is a homomorphism.

The universal property of the quotient is an important tool in constructing group maps: To define a
map out of a quotient group G/H, define a map out of G which maps H to 1.

G G’

The map you construct goes from G to G′ ; the universal property automatically constructs a map
G/H → G′ for you. The advantage of using the universal property rather than defining a map out of G/H
directly is that you don’t repeat the verification that the map is well-defined — it’s been done once and for
all in the proof above.
Should you ever need to know how the magic map φ̃ is defined, refer to the proof (and the commutativity
of the diagram).

Remarks. (a) Many other constructions are characterized by universal properties. In each case, one finds
that the appropriate conditions imply the existence of a unique map with certain properties.

(a) The use of diagrams of maps — particularly commutative ones — is pervasive in modern mathe-
matics. They are a powerful language, and another outgrowth of the categorical point of view. In general,
one says a diagram commutes if following the “paths” indicated by the arrows (maps) in different ways
between two objects produces the same result. For example, consider the diagram
f
A −→ B
 
gy
 
yh
C −→ D
i
To say that this diagram commutes means that h · f = i · g.

Example. Use the universal property to show that f : Z8 → Z12 given by f (x) = 3x is a well-defined group
map.

2
 Z
I can regard Z8 as . To define f , begin by defining f ′ : Z → Z12 by
8Z

f ′ (x) = 3x.

Let 8n ∈ 8Z. Then since 24 is a multiple of 12,

f ′ (8n) = 3 · 8n = 24n = 0.

This means that f ′ maps the subgroup 8Z of Z to the identity 0 ∈ Z12 . By the universal property of
Z
the quotient, f ′ induces a map f : → Z12 given by
8Z

f (x + 8Z) = 3x.

Z
I can identify x + 8Z with x (mod 8) ∈ Z8 by reducing mod 8 if needed. (Thus, 11 + 8Z ∈ is
8Z
identified with 3 ∈ Z8 .) Then the definition of f becomes

f (x) = 3x.

This is the group map I wanted to construct.

Example. (Using the universal property to construct a group map) Use the universal property to
Z×Z
construct a homomorphism from the quotient group to Z.
h(5, 2)i
The universal property tells me to construct a group map from Z × Z to Z which contains h(5, 2)i in
its kernel — that is, which sends h(5, 2)i to 0. Now h(5, 2)i consists of all multiples of (5, 2), so what I’m
looking for is a group map which sends (5, 2) to 0.
To ensure that what I get is a group map, I should probably guess a linear function — something like

f (x, y) = ax + by.

If f (5, 2) = 0, then 5a + 2b = 0. There is no question of solving this equation for a and b, since there is
one equation and two variables. But I just need some a and b that work — and one “obvious” way to do
this is to set a = 2 and b = −5, since
5(2) + 2(−5) = 0.
Notice that a = 8, b = −20 would work, too. In fact, there are infinitely many possibilities.
So I define f : Z × Z → Z by
f (x, y) = 2x − 5y.
It’s easy to check that this is a group map, and I constructed it so that h(5, 2)i ⊂ ker f . Therefore, the
Z×Z
universal property automatically produces a group map f˜ : → Z. It is defined by
h(5, 2)i

f˜ ((x, y) + h(5, 2)i) = 2x − 5y.

Why not just define the map this way to begin with? If you did, you’d have to check that the map was
well-defined. It’s less messy to use the universal property to construct the map as above.

c 2018 by Bruce Ikenaga 3

 3-22-2018

The First Isomorphism Theorem

The First Isomorphism Theorem helps identify quotient groups as “known” or “familiar” groups.
I’ll begin by proving a useful lemma.

Proposition. Let φ : G → H be a group map. φ is injective if and only if ker φ = {1}.

Proof. (→) Suppose φ is injective. Since φ(1) = 1, {1} ⊂ ker φ. Conversely, let g ∈ ker φ, so φ(g) = 1.
Then φ(g) = 1 = φ(1), so by injectivity g = 1. Therefore, ker φ ⊂ {1}, so ker φ = {1}.

(→) Suppose ker φ = {1}. I want to show that φ is injective. Suppose φ(a) = φ(b). I want to show that
a = b.
φ(a) = φ(b)
φ(a)φ(b)−1 = φ(b)φ(b)−1
φ(a)φ(b−1 ) = 1
φ(ab−1 ) = 1
Hence, ab−1 ∈ ker φ = {1}, so ab−1 = 1, and a = b. Therefore, φ is injective.

Example. (Proving that a group map is injective) Define f : R2 → R2 by

f (x, y) = (3x + 2y, x + y).

Prove that f is injective.

As usual, R2 is a group under vector addition. I can write f in the form

    
x 3 2 x
f = .
y 1 1 y

Since f has been represented as multiplication by a constant matrix, it is a linear transformation, so

it’s a group map.
To show f is injective, I’ll show that the kernel of f consists of only the identity: ker f = {(0, 0)}.
Suppose (x, y) ∈ ker f . Then     
3 2 x 0
= .
1 1 y 0
 
3 2
Since det = 1 6= 0, I know by linear algebra that the matrix equation has only the trivial
1 1
solution: (x, y) = (0, 0). This proves that if (x, y) ∈ ker f , then (x, y) = (0, 0), so ker f ⊂ {(0, 0)}. Since
(0, 0) ∈ ker f , it follows that ker f = {(0, 0)}.
Hence, f is injective.

Theorem. (The First Isomorphism Theorem) Let φ : G → H be a group map, and let π : G → G/ ker φ
be the quotient map. There is an isomorphism φ̃ : G/ ker φ → im φ such that the following diagram commutes:

G

ցφ

πy

G/ ker φ −→ im φ
φ̃

1
Proof. Since φ maps G onto im φ and ker φ ⊂ ker φ, the universal property of the quotient yields a map
φ̃ : G/ ker φ → im φ such that the diagram above commutes. Since φ is surjective, so is φ̃; in fact, if
φ(g) ∈ im φ, by commutativity
φ̃(π(g)) = φ(g).
It remains to show that φ̃ is injective.
By the previous lemma, it suffices to show that ker φ̃ = {1}. Since φ̃ maps out of G/ ker φ, the “1”
here is the identity element of the group G/ ker φ, which is the subgroup ker φ. So I need to show that
ker φ̃ = {ker φ}.
However, this follows immediately from commutativity of the diagram. For g ker φ ∈ ker φ̃ if and only if
φ̃(g ker φ) = 1. This is equivalent to φ̃(π(g)) = 1, or φ(g) = 1, or g ∈ ker φ — i.e. ker φ̃ = {ker φ}.

Example. (Using the First Isomorphism Theorem to show two groups are isomorphic) Use the
First Isomorphism Theorem to prove that

R∗
≈ R+ .
{1, −1}

R∗ is the group of nonzero real numbers under multiplication. R+ is the group of positive real numbers
under multiplication. {1, −1} is the group consisting of 1 and −1 under multiplication (it’s isomorphic to
Z2 ).
I’ll define a group map from R∗ onto R+ whose kernel is {1, −1}.
Define φ : R∗ → R+ by
φ(x) = |x|.
φ is a group map:
φ(xy) = |xy| = |x||y| = φ(x)φ(y).
If z ∈ R+ is a positive real number, then

φ(z) = |z| = z.

Therefore, φ is surjective: im φ = R+ .
Finally, φ clearly sends 1 and −1 to the identity 1 ∈ R+ , and those are the only two elements of R∗
which map to 1. Therefore, ker φ = {1, −1}.
By the First Isomorphism Theorem,

R∗ R∗
= ≈ im φ = R+ .
{1, −1} ker φ

R∗
Note that I didn’t construct a map → R+ explicitly; the First Isomorphism Theorem constructs
{1, −1}
the isomorphism for me.

Example. R2 is a group under componentwise addition and R is a group under addition. Let
n √ o
H = x · ( 5, −π) x ∈ R .

R2
Prove that ≈ R.
H

2
 Define f : R2 → R by √
f (x, y) = πx + 5y.
Note that
√
   
x x
f = [π 5] .
y y
Since f can be expressed as multiplication by a constant matrix, it’s a linear transformation, and hence
a group map.√
Let x · ( 5, −π) ∈ H. Then
√ √ √ √
f [x · ( 5, −π)] = f ( 5x, −πx) = π( 5x) + 5(−πx) = 0.
√
Therefore, x · ( 5, −π) ∈ ker f , and hence H ⊂ ker f .
Let (x, y) ∈ ker f . Then
f (x, y) = 0
√
πx + 5y = 0
√
5y = −πx
π
y = −√ x
5
Hence,
√
 
π 1
(x, y) = x, − √ x = √ x · ( 5, −π) ∈ H.
5 5
Therefore, ker f ⊂ H. Hence, ker f = H.
Let z ∈ R. Note that
√
 
1 1
f z, 0 = π · z + 5 · 0 = z.
π π
Hence, im f = R.
Thus,
R2 R2
= ≈ im f = R.
H ker f

Example. Z × Z is a group under componentwise addition and Z is a group under addition. Prove that

Z×Z
≈ Z.
h(12, 17)i

Define f : Z × Z → Z by
f (x, y) = 17x − 12y.
f can be represented by matrix multiplication:
   
x x
= [ 17 −12 ] .
y y

Hence, it’s a group map.

Let n(12, 17) = (12n, 17n) ∈ h(12, 17)i. Then

f ((12n, 17n) = 17(12n) − 12(17n) = 0.

Thus, h(12, 17)i ⊂ ker f .

3
 Let (x, y) ∈ ker f . Then
f (x, y) = 0
17x − 12y = 0
17x = 12y
Now 17 | 12y but (12, 17) = 1. By Euclid’s lemma, 17 | y. Say y = 17n. Then

17x = 12(17n), so x = 12n.

Therefore,
(x, y) = (12n, 17n) = n(12, 17) ∈ h(12, 17)i.
Thus, ker f ⊂ h(12, 17)i.
Hence, h(12, 17)i = ker f .
Let z ∈ Z. Note that
1 = (17, −12) = 5 · 17 + 7 · (−12).
Multiplying by z, I get
z = 17(5z) − 12(7z).
Then
f (5z, 7z) = 17(5z) − 12(7z) = z.
This proves that im f = Z.
Hence,
Z×Z Z×Z
= ≈ im f = Z.
h(12, 17)i ker f

Example. R × R × R is a group under componentwise addition. Consider the subgroup

n o
H = x · (1, 2, 3) x ∈ R .

R×R×R
Prove that ≈ R × R.
H
(R × R is a group under componentwise addition.)

Define f : R × R × R → R × R by

f (x, y, z) = (y − 2x, z − 3x).

Note that     
x   x
−2 1 0  
f   y   = y .
−3 0 1
z z
Since f is defined by matrix multiplication, it is a linear transformation. Hence, it’s a group map.
Let x · (1, 2, 3) = (x, 2x, 3x) ∈ H. Then

f (x, 2x, 3x) = (2x − 2x, 3x − 3x) = (0, 0).

Hence, (x, 2x, 3x) ∈ ker f , and H ⊂ ker f .

Let (x, y, z) ∈ ker f . Then
f (x, y, z) = (0, 0)
(y − 2x, z − 3x) = (0, 0)

4
 Equating the first components, I have y − 2x = 0, so y = 2x. Equating the second components, I have
z − 3x = 0, so z = 3x. Thus,
(x, y, z) = (x, 2x, 3x) ∈ H.
Therefore, ker f ⊂ H, and so H = ker f .
Let (a, b) ∈ R × R. Then
f (0, a, b) = (a − 2 · 0, b − 3 · 0) = (a, b).
Hence, im f = R × R.
Thus,
R×R×R R×R×R
= ≈ im f = R × R.
H ker f
The first equality follows from H = ker f . The isomorphism follows from the First Isomorphism Theo-
rem. The second equality follows from im f = R × R.

Proposition. If φ : G → H is a surjective group map and K ⊳ G, then φ(K) ⊳ H.

Proof. 1 ∈ K, so 1 = φ(1) ∈ φ(K), and φ(K) 6= ∅.

Let a, b ∈ K, so φ(a), φ(b) ∈ φ(K). Then

φ(a)φ(b)−1 = φ(a)φ(b−1 ) = φ(ab−1 ) ∈ φ(K), since ab−1 ∈ K.

Therefore, φ(K) is a subgroup.

(Notice that this does not use the fact that K is normal. Hence, I’ve actually proved that the image of
a subgroup is a subgroup.)
Now let h ∈ H, a ∈ K, so φ(a) ∈ φ(K). I want to show that hφ(a)h−1 ∈ φ(K). Since φ is surjective,
h = φ(g) for some g ∈ G. Then


hφ(a)h−1 = φ(g)φ(a)φ(g)−1 = φ gag −1 .


But gag −1 ∈ K because K is normal. Hence, φ gag −1 ∈ φ(K). It follows that φ(K) is a normal
subgroup of H.

Theorem. (The Second Isomorphism Theorem) Let K, H ⊳ G, K < H. Then

G
K ≈ G.
H H
K

G G
Proof. I’ll use the First Isomorphism Theorem. To do this, I need to define a group map → .
K H
To define this group map, I’ll use the Universal Property of the Quotient.
G
The quotient map π : G → is a group map. By the lemma preceding the Universal Property of the
H
Quotient, H = ker π. Since K ⊂ H, it follows that K ⊂ ker π.
G
Since π : G → is a group map and K ⊂ ker π, the Universal Property of the Quotient implies that
H
G G
there is a group map π̃ : → given by
K H

π̃(gK) = gH.

G
If gH ∈ , then π̃(gK) = gH. Therefore, π̃ is surjective.
H

5
 H
I claim that ker π̃ = .
K
H G
First, if hK ∈ (so h ∈ H), then π̃(hK) = hH = H. Since H is the identity in , it follows that
K H
hK ∈ ker π̃.
Conversely, suppose gK ∈ ker π̃, so

π̃(gK) = H, or gH = H.

H
The last equation implies that g ∈ H, so gK ∈ .
K
H
Thus, ker π̃ = .
K
By the First Isomorphism Theorem,

G G
K = K ≈ im π̃ = G .
H ker π̃ H
K

There is also a Third Isomorphism Theorem (sometimes called the Modular Isomorphism, or
the Noether Isomorphism). It asserts that if H < G and K ⊳ G, then

H HK
≈ .
H ∩K K
You can prove it using the First Isomorphism Theorem, in a manner similar to that used in the proof
of the Second Isomorphism Theorem.

c 2018 by Bruce Ikenaga 6

 Group Maps Between Finite Cyclic Groups
Group maps Zm → Zn are determined by the image of 1 ∈ Zm : The image is an element whose order
divides (m, n), and all such elements are the image of such a group map.
Theorem.
(a) If f : Zm → Zn is a group map, then ord f (1) | (m, n).
(b) If p ∈ Zn satisfies ord p | (m, n), then there is a group map f : Zm → Zn such that f (1) = p.
Proof. (a) Suppose f : Zm → Zn is a group map. Now m · 1 = 0 in Zm , so

m · f (1) = f (m · 1) = f (0) = 0.

This shows that ord f (1) | m.

Since f (1) ∈ Zn , I have ord f (1) | n.
Hence, ord f (1) | (m, n).
(b) Let p ∈ Zn , and suppose d = ord p | (m, n). Define g : Z → Zn by

g(x) = px.

Since d | m, I have m = jd for some j ∈ Z.

Now
g(km) = pkm
= pk(jd) (Since m = jd)
= 0 (Since ord p = d)
Since g sends mZ to 0, the Universal Property of the Quotient produces a (unique) group map g̃ : Zm →
Zn defined by
g̃(x) = px.
Then g̃(1) = p, and g̃ is the desired group map.
Corollary. The number of group maps Zm → Zn is (m, n).
Proof. The number of elements of order d in a cyclic group is φ(d) (where φ denotes the Euler φ-function).
The divisor sum of the Euler φ-function is the identity:
X
φ(d) = k.
d|k

So the number of elements whose orders divide (m, n) is (m, n), and the theorem shows that each such
element gives rise to a group map Zm → Zn .
Example. (a) Enumerate the group maps Z18 → Z30 .
(b) Show by direct computation that f : Z18 → Z30 given by f (x) = 14x is not a group map.
(a) Since (18, 30) = 6, there are 6 such maps by the Corollary. They are determined by sending 1 ∈ Z18 to
an element whose order divides 6.

order elements in Z30 of that order

1 0
2 15
3 10, 20
6 5, 25

1
 Thus, the possible group maps f : Z18 → Z30 have

f (1) = 0, f (1) = 15, f (1) = 10, f (1) = 20, f (1) = 5, f (1) = 25.

For example, the group map

f (x) = 20x has f (1) = 20.
It is easy to determine the kernel and the image. The image is the unique subgroup of Z30 of order 3,
so
im f = {0, 10, 20}.
18
By the First Isomorphism Theorem, the kernel must have order = 6. The unique subgroup of Z18
3
of order 6 is
ker f = {0, 3, 6, 9, 12, 15}.
(b) Consider the function f : Z18 → Z30 given by f (x) = 14x.Then

f (3 + 15) = f (0) = 0, but f (3) + f (15) = 12 + 0 = 12.

Therefore, f (3 + 15) 6= f (3) + f (15), so f is not a group map.

c 2016 by Bruce Ikenaga 2

 7-29-2022
Rings
Definition. A ring is an abelian group R with binary operation + (“addition”), together with a second
binary operation · (“multiplication”). The operations satisfy the following axioms:
1. Multiplication is associative: For all a, b, c ∈ R,

(a · b) · c = a · (b · c).

2. The Distributive Law holds: For all a, b, c ∈ R,

a · (b + c) = a · b + a · c and (a + b) · c = a · c + b · c.

Remark. 1. To say that R is an abelian group under addition means that the following axioms hold:
(a) (Associativity) (a + b) + c = a + (b + c) for all a, b, c ∈ R.
(b) (Identity) There is an element 0 ∈ R such that a + 0 = a and 0 + a = a for all a ∈ R.
(c) (Inverses) For all a ∈ R, there is an element −a ∈ R such that a + (−a) = 0 and (−a) + a = 0.
(d) (Commutativity) a + b = b + a for all a, b ∈ R.
Definition. A ring R has a multiplicative identity if there is an element 1 ∈ R such that 1 6= 0, and
such that for all a ∈ R,
1 · a = a and a · 1 = a.
A ring satisfying this axiom is called a ring with 1, or a ring with identity.
Note that in the term “ring with identity”, the word “identity” refers to a multiplicative identity. Every
ring has an additive identity (“0”) by definition.
Remark. I’ll often suppress the multiplication symbol and simply write “ab” for “a · b”. As usual, a2 means
a · a, a3 means a · a · a, and so on.
However, note that negative powers of elements are not always defined: An element in a ring might not
have a multiplicative inverse. This means that you don’t always have “division”; you do have “subtraction”,
since that’s the same as adding the additive inverse.
Many elementary algebraic operations work the way you’d expect. (There will be some surprises later,
however.)
Proposition. Let R be a ring.
(a) If r ∈ R, then r · 0 = 0 = 0 · r.
(b) Let r ∈ R, and let −r denote the additive inverse of r. If R is a ring with identity, then (−1)·r = −r.
(c) Let r, s ∈ R. Then (−r) · s = −(rs) = r · (−s).
Proof. (a) Let r ∈ R. Note that
r · 0 = r · (0 + 0) = r · 0 + r · 0.
Therefore 0 = r · 0.
(b) Suppose R is a ring with identity, and let r ∈ R. Then

(−1) · r + r = (−1) · r + 1 · r = (−1 + 1) · r = 0 · r = 0.

1
 Therefore, (−1) · r is the additive inverse of r, i.e. (−1) · r = −r.
(c) The proof is similar to the proof of (b).
Notation. If R is a ring and n is a positive integer, nr is short for r + r + · · · r (n summands). Likewise, if
n is a negative integer, nr is (−n)r. (This is the usual convention for an abelian group.)
Notice that, for example, 13 · 1 ∈ Z6 makes sense according to this convention: It is 1 added to itself 13
times. However, you should not write “13 ∈ Z6 ”, since 13 is not an element of Z6 .
Definition. If R is a ring and ab = ba for all a, b ∈ R, R is a commutative ring.
Note that the adjective “commutative” applies to the multiplication operation; the addition operation
is always commutative by definition.

Example. Which of the following sets are rings under the usual operations? Are they commutative? Do
they have an identity element?
Z, 2Z, Q, Q+ , R, C.
Z is a commutative ring with identity.
2Z is a commutative ring, but it does not have an identity.
Q is a commutative ring with identity.
Q+ , the set of positive rationals, is not a ring. It does not contain an identity for addition.
R is a commutative ring with identity.
C is a commutative ring with identity.

The ring of quaternions.

The ring of quaternions is the set

H = {w + xi + yj + zk | w, x, y, z ∈ R}.

The “H” honors William Rowan Hamilton, who discovered the quaternions in the 1840’s.
You add elements in the obvious way, e.g.

(2 + 4i − 9j + 11k) + (13 − i + 5j + 17k) = 15 + 3i − 4j + 28k.

Multiply elements using the following multiplication table:

× 1 −1 i −i j −j k −k
1 1 −1 i −i j −j k −k
−1 −1 1 −i i −j j −k k
i i −i −1 1 k −k −j j
−i −i i 1 −1 −k k j −j
j j −j −k k −1 1 i −i
−j −j j k −k 1 −1 −i i
k k −k j −j −i i −1 1
−k −k k −j j i −i 1 −1

(This is the multiplication table for the group of the quaternions Q; in H, 1, i, j, and k can be multiplied
by real numbers as if they were vectors. In fact, ignoring the multiplication, H is just a 4-dimensional vector
space over R.)

2
 For example,
(3i − 2k) · (3 + 2j) = 15i.
H is a noncommutative ring, since (e.g.) ij = k but ji = −k. In fact, Hamilton apparently was stuck
on this point for many years. He knew that complex numbers could be used to represent rotations in two
dimensions, and he was trying to construct an algebraic system for representing rotations in three dimensions.
The problem is that rotations in three dimensions don’t commute, whereas he expected his algebraic system
to have a commutative multiplication — as did all the number systems known up to that time.
Verifying the other ring axioms is routine, but very tedious! We’ll add H to our collection of common
number systems, along with the integers, the rationals, the real numbers, and the complex numbers.

Example. (The integers mod n as rings) Construct a multiplication table for Z3 . What kind of ring is
it?

* 0 1 2
0 0 0 0
1 0 1 2
2 0 2 1

For example, 2 · 2 = 1, since as integers 2 · 2 = 4, and 4 reduces to 1 mod 3.

With these operations, Z3 becomes a commutative ring with 1.
In general, Zn is a commutative ring with 1.

Example. (A ring without an identity) Prove that the set of even integers 2Z with the usual operations
is a ring without an identity.
Suppose that e ∈ 2Z is an identity. Then e = 2n for some n ∈ Z. Since e is an identity, I must have (for
instance)
e·6=6
2n · 6 = 6
2n = 1
Since there is no integer n for which this is true, 2Z cannot have an identity.

Example. (A ring of matrices) M (2, R) is the set of 2 × 2 matriceswith real

 entries. The operations are
0 0
the usual matrix addition and multiplication. The additive identity is ; the multiplicative identity is
  0 0
1 0
.
0 1
Show by example that M (2, R) is a noncommutative ring.

         
1 2 2 1 10 3 2 1 1 2 5 3
= , but = .
3 −1 4 1 2 2 4 1 3 −1 7 7

Example. (A ring of functions) C[0, 1] is the set of continuous functions f : [0, 1] → R. Operations are
pointwise addition and multiplication:
(f + g)(x) = f (x) + g(x) and (f g)(x) = f (x)g(x).

3
 Is C[0, 1] a commututative ring? What are the additive and multiplicative identities?
C[0, 1] is a commutative ring, since by commutativity of real number multiplication,

(f g)(x) = f (x)g(x) = g(x)f (x) = (gf )(x).

The constant functions 0 and 1 are the additive and multiplicative identities, respectively.

Polynomial rings.
Let R be a commutative ring. R[x] denotes the ring of polynomials in one variable with coefficients
in R. Add and multiply polynomials as usual.
For example, R[x] consists of all polynomials with real coefficients: things like

x + 2, 3 − 7x2 + 54x17 , 42, . . . .

The formal, precise way to define R[x] is to define it to be the collection of finite ordered n-tuples

{(r0 , r1 , . . . , rn ) | n ≥ 0, ri ∈ R}.

(That is, a polynomial is the “vector” of its coefficients.) Now you can define addition and multiplication
by writing down some ugly, unenlightening formulas. The point of mentioning this is to show that we’re not
doing something invalid by thinking of polynomials as “formal sums in powers of x” — you could do things
in a perfectly rigorous way if you chose.
Note that polynomials are not functions in this context. For example, let R = Z2 and look at f (x) =
x2 + x. This is not zero as a polynomial, even though f (0) = 0 and f (1) = 0; i.e., even though it vanishes
on every element of the ring.

c 2022 by Bruce Ikenaga 4

 4-8-2018

Ring Homomorphisms
Definition. Let R and S be rings. A ring homomorphism (or a ring map for short) is a function
f : R → S such that:

(a) For all x, y ∈ R, f (x + y) = f (x) + f (y).

(b) For all x, y ∈ R, f (xy) = f (x)f (y).

Usually, we require that if R and S are rings with 1, then

(c) f (1R ) = 1S .

This is automatic in some cases; if there is any question, you should read carefully to find out what
convention is being used.

The first two properties stipulate that f should “preserve” the ring structure — addition and multipli-
cation.

Example. (A ring map on the integers mod 2) Show that the following function f : Z2 → Z2 is a ring
map:
f (x) = x2 .

First,
f (x + y) = (x + y)2 = x2 + 2xy + y 2 = x2 + y 2 = f (x) + f (y).
2xy = 0 because 2 times anything is 0 in Z2 .
Next,
f (xy) = (xy)2 = x2 y 2 = f (x)f (y).
The second equality follows from the fact that Z2 is commutative.
Note also that f (1) = 12 = 1.
Thus, f is a ring homomorphism.

Example. (An additive function which is not a ring map) Show that the following function g : Z → Z
is not a ring map:
g(x) = 2x.

Note that
g(x + y) = 2(x + y) = 2x + 2y = g(x) + g(y).
Therefore, g is additive — that is, g is a homomorphism of abelian groups.
But
g(1 · 3) = g(3) = 2 · 3 = 6, while g(1)g(3) = (2 · 1)(2 · 3) = 12.
Thus, g(1 · 3) 6= g(1)g(3), so g is not a ring map.

Lemma. Let R and S be rings and let f : R → S be a ring map.

(a) f (0) = 0.

(b) f (−r) = −f (r) for all r ∈ R.

1
Proof. (a)
f (0) = f (0 + 0) = f (0) + f (0), so f (0) = 0.
(b) By (a),
0 = f (0) = f (r + (−r)) = f (r) + f (−r).
But this says that f (−r) is the additive inverse of f (r), i.e. f (−r) = −f (r).

These properties are useful, and they also lend support to the idea that ring maps “preserve” the ring
structure. Now I know that a ring map not only preserves addition and multiplication, but 0 and additive
inverses as well.
Warning! A ring map f must satisfy f (0) = 0 and f (−r) = −f (r), but these are not part of the
definition of a ring map. To check that something is a ring map, you check that it preserves sums and
products.
On the other hand, if a function does not satisfy f (0) = 0 and f (−r) = −f (r), then it isn’t a ring map.

Example. (Showing that a function is not a ring map) (a) Show that the following function f : Z → Z
is not a ring map:
f (x) = 2x + 5.

(b) Show that the following g : Z → Z is not a ring map:

g(x) = 3x.

(a) f (0) = 5 6= 0.

(b) g(0) = 0 and g(−n) = −g(n) for all n ∈ Z. Nevertheless, g is not a ring map:

g(3 · 2) = g(6) = 3 · 6 = 18, but g(3) · g(2) = (3 · 3) · (3 · 2) = 54.

Thus, g(3 · 2) 6= g(3) · g(2), so g does not preserve products.

Lemma. Let R, S, and T be rings, and let f : R → S and g : S → T be ring maps. Then the composite
g · f : R → T is a ring map.

Proof. Let x, y ∈ R. Then

(g · f )(x + y) = g(f (x + y)) = g(f (x) + f (y)) = g(f (x)) + g(f (y)) = (g · f )(x) + (g · f )(y).

(g · f )(x · y) = g(f (x · y)) = g(f (x) · f (y)) = g(f (x)) · g(f (y)) = (g · f )(x) · (g · f )(y).
If, in addition, R, S, and T are rings with identity, then

(g · f )(1) = g(f (1)) = g(1) = 1.

Therefore, g · f is a ring map.

There is an important relationship between ring maps and ideals. I’ll consider half of the relationship
now.

Definition. The kernel of a ring map φ : R → S is

ker φ = {r ∈ R | φ(r) = 0}.

2
 The image of a ring map φ : R → S is

im φ = {φ(r) | r ∈ R}.

The kernel of a ring map is like the null space of a linear transformation of vector spaces. The image of
a ring map is like the column space of a linear transformation.

Proposition. The kernel of a ring map is a two-sided ideal.

In fact, I’ll show later that every two-sided ideal arises as the kernel of a ring map.

Proof. Let φ : R → S be a ring map. Let x, y ∈ ker φ, so φ(x) = 0 and φ(y) = 0. Then

φ(x + y) = φ(x) + φ(y) = 0 + 0 = 0.

Hence, x + y ∈ ker φ.
Since φ(0) = 0, 0 ∈ ker φ.
Next, if x ∈ ker φ, then φ(x) = 0. Hence, −φ(x) = 0, so φ(−x) = 0 (why?), so −x ∈ ker φ.
Finally, let x ∈ ker φ and let r ∈ R.

φ(rx) = φ(r)φ(x) = φ(r) · 0 = 0,

φ(xr) = φ(x)φ(r) = 0 · φ(r) = 0.

It follows that rx, xr ∈ ker φ. Hence, ker φ is a two-sided ideal.

I’ll omit the proof of the following result. Note that it says the image of a ring map is a subring, not an
ideal.

Proposition. Let φ : R → S be a ring map. Then im φ is a subring of S.

Definition. Let R and S be rings. A ring isomorphism from R to S is a bijective ring homomorphism
f : R → S.
If there is a ring isomorphism f : R → S, R and S are isomorphic. In this case, we write R ≈ S.

Heuristically, two rings are isomorphic if they are “the same” as rings.
An obvious example: If R is a ring, the identity map id : R → R is an isomorphism of R with itself.

Since a ring isomorphism is a bijection, isomorphic rings must have the same cardinality. So, for example,
Z6 6≈ Z42 , because the two rings have different numbers of elements.
However, Z and Q have the “same number” of elements — the same cardinality — but they are not
isomorphic as rings. (Quick reason: Q is a field, while Z is only an integral domain.)

I’ve been using this construction informally in some examples. Here’s the precise definition.

Definition. Let R and S be rings. The product ring R × S of R and S is the set consisting of all ordered
pairs (r, s), where r ∈ R and s ∈ S. Addition and multiplication are defined component-wise: For a, b ∈ R
and x, y ∈ S,
(a, x) + (b, y) = (a + b, x + y).
(a, x) · (b, y) = (a · b, x · y).
I won’t go through the verification of all the axioms; basically, everything works because everything
works in each component separately. For example, here’s the verification of the associative law for addition.
Let a, b, c ∈ R, x, y, z ∈ S. Then

[(a, x) + (b, y)] + (c, z) = (a + b, x + y) + (c, z) = ((a + b) + c, (x + y) + z) = (a + (b + c), x + (y + z)) =

3
 (a, x) + (b + c, y + z) = (a, x) + [(b, y) + (c, z)].

The third equality used associativity of addition in R and in S.

The additive identity is (0, 0); the additive inverse −(r, s) of (r, s) is (−r, −s). And so on. Try out one
or two of the other axioms for yourself just to get a feel for how things work.

Example. (A ring isomorphic to a product of rings) Show that Z6 ≈ Z2 × Z3 .

Z6 ≈ {0, 1, 2, 3, 4, 5} with addition and multiplication mod 6. On the other hand,

Z2 × Z3 = {(0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2)}.

One ring consists of single elements, while the other consists of pairs. Nevertheless, these rings are
isomorphic — they are the same as rings.
Here are the addition and multiplication tables for Z6 :

+ 0 1 2 3 4 5
0 0 1 2 3 4 5
1 1 2 3 4 5 0
2 2 3 4 5 0 1
3 3 4 5 0 1 2
4 4 5 0 1 2 3
5 5 0 1 2 3 4

· 0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 0 2 4
3 0 3 0 3 0 3
4 0 4 2 0 4 2
5 0 5 4 3 2 1

Here are the addition and multiplication tables for Z2 × Z3 .

+ (0, 0) (0, 1) (0, 2) (1, 0) (1, 1) (1, 2)

(0, 0) (0, 0) (0, 1) (0, 2) (1, 0) (1, 1) (1, 2)
(0, 1) (0, 1) (0, 2) (0, 0) (1, 1) (1, 2) (1, 0)
(0, 2) (0, 2) (0, 0) (0, 1) (1, 2) (1, 0) (1, 1)
(1, 0) (1, 0) (1, 1) (1, 2) (0, 0) (0, 1) (0, 2)
(1, 1) (1, 1) (1, 2) (1, 0) (0, 1) (0, 2) (0, 0)
(1, 2) (1, 2) (1, 0) (1, 1) (0, 2) (0, 0) (0, 1)

4
 · (0, 0) (0, 1) (0, 2) (1, 0) (1, 1) (1, 2)
(0, 0) (0, 0) (0, 0) (0, 0) (0, 0) (0, 0) (0, 0)
(0, 1) (0, 0) (0, 1) (0, 2) (0, 0) (0, 1) (0, 2)
(0, 2) (0, 0) (0, 2) (0, 1) (0, 0) (0, 2) (0, 1)
(1, 0) (0, 0) (0, 0) (0, 0) (1, 0) (1, 0) (1, 0)
(1, 1) (0, 0) (0, 1) (0, 2) (1, 0) (1, 1) (1, 2)
(1, 2) (0, 0) (0, 2) (0, 1) (1, 0) (1, 2) (1, 1)

The two rings each have 6 elements, so it’s easy to define a bijection from one to the other — for example,

f (0) = (0, 0), f (1) = (0, 1), f (2) = (0, 2), f (3) = (1, 0), f (4) = (1, 1), f (5) = (1, 2).

However, this is not a ring isomorphism:

f (1 + 2) = f (3) = (1, 0), while f (1) + f (2) = (0, 1) + (0, 2) = (0, 0).

Thus, f (1 + 2) 6= f (1) + f (2).

It turns out, however, that the following map gives a ring isomorphism Z6 → Z2 × Z3 :

f (0) = (0, 0), f (1) = (1, 1), f (2) = (0, 2), f (3) = (1, 0), f (4) = (0, 1), f (5) = (1, 2).

It’s obvious that the map is a bijection. To prove that this is a ring isomorphism, you’d have to check
36 cases for f (r + s) = f (r) + f (s) and another 36 cases for f (r · s) = f (r) · f (s).

Example. (Showing that a product of rings which is not isomorphic to another ring) Show that
the rings Z4 and Z2 × Z2 are not isomorphic.
Z4 and Z2 × Z2 aren’t isomorphic as groups under addition. Since a ring isomorphism must give an
isomorphism of the two rings considered as groups under addition, Z4 and Z2 × Z2 can’t be isomorphic as
rings.
To see this directly, suppose f : Z4 → Z2 × Z2 is an isomorphism. Then f (1) + f (1) = (0, 0), because
everything in Z2 × Z2 gives 0 when added to itself. But since f is a ring map,

f (1) + f (1) = f (1 + 1) = f (2).

Therefore, f (2) = (0, 0).

But I know that f (0) = (0, 0), because any ring map takes the additive identity to the additive identity.
Now I have two elements 2 and 0 which both map to (0, 0), and this contradicts the fact that f is injective.
Therefore, there is no such f , and the rings aren’t isomorphic.

c 2018 by Bruce Ikenaga 5

 4-8-2018

Ideals and Subrings

A subgroup of a group is a subset of the group which is a group in its own right, using the operation
it inherits from its parent group. Likewise, a subring of a ring is a subset of the ring which is a ring in its
own right, using the addition and multiplication it inherits from its parent ring.

Definition. Let R be a ring. A subring is a subset S ⊂ R such that:

(a) S is closed under addition: If a, b ∈ S, then a + b ∈ S.

(b) The zero element of R is in S: 0 ∈ S.

(c) S is closed under additive inverses: If a ∈ S, then −a ∈ S.

(d) S is closed under multiplication: If a, b ∈ S, then ab ∈ S.

It turns out to be useful to consider certain other kinds of “subobjects” of rings: Ideals. I’ll use ideals
to construct quotient rings, which just as I used normal subgroups to construct quotient groups.

Definition. Let R be a ring. An ideal S of R is a subset S ⊂ R such that:

(a) S is closed under addition: If a, b ∈ S, then a + b ∈ S.

(b) The zero element of R is in S: 0 ∈ S.

(c) S is closed under additive inverses: If a ∈ S, then −a ∈ S.

(d) If r ∈ R and x ∈ S, then rx ∈ S and xr ∈ S. In other words, S is closed under multiplication (on
either side) by arbitrary ring elements.

What’s the difference between a subring and an ideal? A subring must be closed under multiplication
of elements in the subring. An ideal must be closed under multiplication of an element in the ideal by any
element in the ring.
ring ring
subring subring
a then a ab
b b

ring ring
a ideal a ideal

b then b ab
ba

Since the ideal definition requires more multiplicative closure than the subring definition, every ideal is
a subring. The converse is false, as I’ll show by example below.
In the course of attempting to prove Fermat’s Last Theorem, mathematicians were led to introduce
rings in which unique factorization failed — that is, it might be possible to factor a ring element into
primes in more than one way. They were led to introduce ideal numbers (essentially what are now called
ideals) in an attempt to restore unique factorization.
What I’ve defined above is usually called a two-sided ideal. If I only require that rx ∈ S for r ∈ R
and x ∈ S, I get left ideals. Likewise, if I only require that xr ∈ S for r ∈ R and x ∈ S, I get right ideals.
From now on, if I just say “ideal”, I will mean a two-sided ideal.

1
 If R is commutative, then rb = br, so you only need to check that one of rb, br, is in S. In the
commutative case, there’s no difference between left ideals, right ideals, and two-sided ideals.

Lemma. Let R be a ring. Then R and {0} are ideals.

Proof. R is a group under addition, and as such I’ve already proved that R (the whole group) and {0} (the
set consisting of the identity) are subgroups of R. Thus, they are both closed under addition, contain 0, and
are closed under taking additive inverses. I only have to verify the fourth ideal axiom in each case.
For R, if x ∈ R and r ∈ R, then xr, rx ∈ R, because R is closed under multiplication (being the whole
ring!). Therefore, R is an ideal.
For {0}, take 0 ∈ {0} — what other choice do you have? — and r ∈ R. Then

r · 0 = 0 ∈ {0} and 0 · r = 0 ∈ {0}.

Therefore, {0} is an ideal.

Definition. Let R be a ring. A proper ideal is an ideal other than R; a nontrivial ideal is an ideal
other than {0}.

Example. (The integers as a subset of the reals) Show that Z is a subring of R, but not an ideal.

Z is a subring of R: It contains 0, is closed under taking additive inverses, and is closed under addition
and multiplication. With regard to multiplication, note
√ that the product of√two integers is an integer.
However, Z is not an ideal in R. For example, 2 ∈ R and 3 ∈ Z, but 2 · 3 ∈ / Z.

Example. (An ideal in the ring of integers) Show that the subset nZ is an ideal in Z for n ∈ Z.

We already know that nZ is a subgroup of Z under addition. So I just need to check closure under
multiplication.
Let k ∈ Z and let nx ∈ nZ, where x ∈ Z. Then

k · (nx) = n(kx) ∈ nZ.

Therefore, nZ is an ideal.

Example. (An ideal in a product ring) In the ring Z4 × Z4 , consider the subset

I = {(0, 0), (1, 1), (2, 2), (3, 3)}.

Show that I is a subring, but not an ideal.

It’s easy to check that I is a subring of Z4 × Z4 . First, I contains the additive identity (0, 0).
Next, a typical element of I has the form (n, n). The additive inverse is

−(n, n) = (−n, −n) = (4 − n, 4 − n) ∈ I.

If you add two elements of I, you get an element of I:

(a, a) + (b, b) = (a + b, a + b).

2
 (Of course, you’ll reduce a + b mod 4, but the two components remain the same.)
Finally, if you multiply two elements of I, you get an element of I:

(a, a)(b, b) = (ab, ab).

However, I is not an ideal; for example, (2, 2) ∈ I, but

(3, 0) · (2, 2) = (2, 0) ∈

/ I.

In other words, I is closed under multiplication of elements inside I, but not closed under multiplication
by an element from outside I.

Definition. Let R be a commutative ring, and let a ∈ R. The principal ideal generated by a is

hai = {ra | r ∈ R}.

For example, in the ring of polynomials with real coefficients R[x], this is the principal ideal generated
by x2 + 4:
hx2 + 4i = {(x2 + 4) · f (x) | f (x) ∈ R[x]}.
It’s the set consisting of all multiples of x2 + 4. For example, here are some elements of hx2 + 4i:
√
(2x + 5) · (x2 + 4), (−πx50 + 2) · (x2 + 4), 0 = 0 · (x2 + 4).

We’d better check that the principal ideal really is an ideal!

Lemma. Let R be a commutative ring, and let a ∈ R. Then hai is a two-sided ideal in R.

Proof. First, 0 = 0 · a ∈ hai.

If ra ∈ hai, then −(ra) = (−r)a ∈ hai.
Finally, if ra, sa ∈ hai, then ra + sa = (r + s)a ∈ hai.
Thus, hai is an additive subgroup of R.
If ra ∈ hai and s ∈ R, then

s(ra) = (sr)a ∈ hai and (ra)s = (rs)a ∈ hai.

Therefore, hai is a two-sided ideal.

Definition. Let I1 , . . . , In be ideals in a ring R. The ideal sum is

X
n
Ik = {x1 + · · · + xn | xk ∈ Ik }.
k=1

Definition. Let I and J be ideals in a ring R. The ideal product is

IJ = {x1 y1 + · · · + xn yn | xi ∈ I, yi ∈ J}.

Thus, IJ consists of all finite sums of products xy, x ∈ I, y ∈ J.

Proposition. Let R be a ring.

(a) Suppose R has an identity and I is an ideal. If 1 ∈ I, then I = R.

c 2018 by Bruce Ikenaga 3

 (b) The intersection I ∩ J of (left, right, two-sided) ideals I and J is a (left, right, two-sided) ideal.

(c) If I1 , . . . , In are (left, right, two-sided) ideals, the ideal sum is a (left, right, two-sided) ideal.

(d) If I and J are (left, right, two-sided) ideals, the ideal product is a (left, right, two-sided) ideal.

Proof. I’ll prove the first statement by way of example. Let I be an ideal in a ring with 1. I ⊂ R, so I need
to prove R ⊂ I. Let r ∈ R. Now 1 ∈ I, so by the definition of an ideal, r = r · 1 ∈ I. Therefore, R ⊂ I, so
R = I.

c 2018 by Bruce Ikenaga 4

 4-10-2018

Integral Domains and Fields

Definition. (a) Let R be a commutative ring. A zero divisor is a nonzero element a ∈ R such that ab = 0
for some nonzero b ∈ R.
(b) A commutative ring with 1 having no zero divisors is an integral domain.
The most familiar integral domain is Z. It’s a commutative ring with identity. If a, b ∈ Z and ab = 0,
then at least one of a or b is 0.

Definition. (a) Let R be a ring with identity, and let a ∈ R. A multiplicative inverse of a is an element
a−1 ∈ R such that
a · a−1 = 1 and a−1 · a = 1.
An element which has a multiplicative inverse is called a unit.

Definition. (a) A ring with identity in which every nonzero element has a multiplicative inverse is called a
division ring.

(b) A commutative ring with identity in which every nonzero element has a multiplicative inverse is called a
field.

Q, R, and C are all fields. H is an example of a division ring which is not a field — it isn’t commutative,
since (for example) ij = k but ji = −k.

Example. (Units and zero divisors in the integers mod n) (a) What are the units in Zn ?
(b) List the units and zero divisors in Z12

(a) The units in Zn are the elements of Un ; that is, the elements of Zn which are relatively prime to n.

Thus, in Z12 , the elements 1, 5, 7, and 11 are units. For example, 7−1 = 7.
The zero divisors in Z12 are 2, 3, 4, 6, 8, 9, and 10. For example 2 · 6 = 0, even though 2 and 6 are
nonzero.

Example. (The units in a matrix ring) What are the units in M (2, R)?

The units in M (2, R) are the invertible matrices — i.e. the elements of GL(2, R).

Example. (A ring of functions which is not a domain) Show that C[0, 1] is not an integral domain.

Let
1

0
 if 0 ≤ x ≤
f (x) = 2
1 1
x −
 if < x ≤ 1
2 2
1 1

 −x
 if 0 ≤ x ≤
g(x) = 2 1
2
0
 if < x ≤ 1
2
Then f, g 6= 0, but f g = 0.

1
Lemma. (Cancellation) Let R be a commutative ring with 1. Then R is an integral domain if and only
if for all r, s, t ∈ R, rs = rt and r 6= 0 implies s = t.

In other words, you can “cancel” nonzero factors in an integral domain. Note that this is not the same
as division, which is multiplication by a multiplicative inverse.

Proof. Suppose R is a domain. Let r, s, t ∈ R, where r 6= 0, and suppose rs = rt. Then rs − rt = 0, so

r(s − t) = 0. Since r 6= 0 and since R has no zero divisors, s − t = 0. Therefore, s = t.
Conversely, suppose for all r, s, t ∈ R, rs = rt and r 6= 0 implies s = t. I will show that R has no zero
divisors. Suppose ab = 0, where a 6= 0. Now ab = 0 = a · 0, and by cancellation, b = 0. This shows that R
has no zero divisors, so R is a domain.

Example. (Domains and solving by factoring) Show that x2 + 3x − 4 ∈ Z12 [x] has 4 roots.

x 0 1 2 3 4 5
2
x + 3x − 4 (mod 12) 8 0 6 2 0 0
x 6 7 8 9 10 11
2
x + 3x − 4 (mod 12) 2 6 0 8 6 6

Thus, a polynomial of degree n can have more than n roots in a ring. The problem is that Z12 is not a
domain: (x + 4)(x − 1) = 0 does not imply one of the factors must be zero.

Remark. Here is a picture which shows how the various types of rings are related:
ring
ւ ց
commutative ring
↓ division ring
domain
ց ւ
field
Thus, a field is a special case of a division ring, just as a division ring is a special case of a ring.
The objects of mathematics are primarily built up from sets by adding axioms to make more complicated
structures. For instance, a group is a set with one binary operation satisfying certain axioms. A ring is a
set with two binary operations, satisfying certain axioms. You get special kinds of rings by adding axioms
to the basic ring definition.
There are many advantages to doing things this way. For one, if you prove something about a simple
structure, you know the result will be true about more complicated structures which are built from the
simple structure. For another, by using the smallest number of axioms to prove results, you get a deeper
understanding of why the result is true.

Lemma. Fields are integral domains.

Proof. Let F be a field. I must show that F has no zero divisors. Suppose ab = 0 and a 6= 0. Then a has
an inverse a−1 , so a−1 ab = a−1 · 0, or b = 0. Therefore, F has no zero divisors, and F is a domain.

Lemma. If R is a field, the only ideals are {0} and R.

Proof. Let R be a field, and let I ⊂ R be an ideal. Assume I 6= {0}, and find x 6= 0 in I. Since R is a field,
x is invertible; since I is an ideal, 1 = x−1 · x ∈ I. Therefore, I = R.

2
Example. (A field which extends the rationals) Consider
√ √
Q[ 2] = {a + b 2 | a, b ∈ Q}.

Use the operations

√ inherited from the reals. Show that every nonzero element has a multiplicative
inverse (so Q[ 2] is a field).
√
This is clearly a commutative ring. To show that it’s a field, suppose a + b 2 6= 0. Then multiplying
top and bottom by the conjugate, I have
√
1 a−b 2
√ = 2 .
a+b 2 a − 2b2

I must show that a2 − 2b2 6= 0. √

If a = 0 and b 6= 0 or if a 6= 0 and b = 0, then a2 − 2b2 6= 0. Since a + b 2 6= 0, the only other possibility
is a, b 6= 0.
Thus, a2 = 2b2 with a, b 6= 0. Clearing denominators if necessary, I may assume that a and b are integers
— in fact, positive integers, thanks to the squares. Now 2 divides 2b2 , so 2 | a2 . This forces 2 | a, so a = 2c
for some integer c. Plugging in gives 4c2 = 2b2 , or 2c2 = b2 .
Repeat the argument: 2 | b2 , so 2 | b, so b = 2d. Plugging in gives 2c2 = 4d2 , or c2 = 2d2 .
I can continue this process indefinitely. Notice that a > c > . . . and b > d > . . .. This yields infinite
descending sequences of positive integers, contradicting well-ordering. Therefore, a2 − 2b2 6= 0. (This is
called an argument by infinite descent.) √ √
It follows that every nonzero element of Q[ 2] is invertible, so Q[ 2] is a field.

Proposition. A finite integral domain is a field.

Proof. Let R be a finite domain. Say
R = {r1 , r2 , . . . , rn }.
I must show that nonzero elements are invertible. Let r ∈ R, r 6= 0.
Consider the products rr1 , rr2 , . . . , rrn . If rri = rrj , then ri = rj by cancellation. Therefore, the rri
are distinct. Since there are n of them, they must be exactly all the elements of R:

R = {rr1 , rr2 , . . . , rrn }.

Then 1 ∈ R equals rri for some i, so r is invertible.

For the proposition that follows, I need the following result on greatest common divisors.

Proposition. m ∈ Zn is a zero divisor if and only if (m, n) 6= 1.

Proof. First, I’ll show that if (m, n) = 1, then m is not a zero divisor. Suppose (m, n) = 1, so am + bn = 1
for some a, b ∈ Z. Reducing the equation mod n, a′ m = 1 for some a′ ∈ Zn , where a = a′ mod n.
Now suppose k ∈ Zn and mk = 0. Then

a′ m = 1
a′ mk = k
0=k

Therefore, m is not a zero divisor.

Conversely, suppose that (m, n) = k > 1. Say n = ka, where 1 < a < n. In particular, I may regard a
as a nonzero element of Zn .
n n
The order of m in Zn is = = a. Thus, ma = 0 in Zn , and m is a zero divisor.
(m, n) k

3
Example. (Zero divisors in the integers mod n) (a) Find the zero divisors in Z15 .

(b) Find the zero divisors in Z7 .

(a) The zero divisors are those elements in {1, 2, . . . , 14} which are not relatively prime to 15:

3, 5, 6, 9, 10, 12.

For example, 5 · 12 = 0 ∈ Z15 shows directly that 5 and 12 are zero divisors.

(b) Since 7 is prime, all the elements in {1, 2, 3, 4, 5, 6} are relatively prime to 7. There are no zero divisors
in Z7 . In fact, Z7 is an integral domain; since it’s finite, it’s also a field by an earlier result.

Example. List the units and zero divisors in Z4 × Z2 .

The units are (1, 1) and (3, 1):

(1, 1) · (1, 1) = (1, 1) and (3, 1) · (3, 1) = (1, 1).

The zero divisors are

(1, 0), (2, 0), (3, 0), (2, 1), (0, 1).
To see this, note that
(1, 0) · (0, 1) = (0, 0)
(2, 0) · (0, 1) = (0, 0)
(3, 0) · (0, 1) = (0, 0)
(2, 1) · (2, 0) = (0, 0)
(0, 1) · (1, 0) = (0, 0)

Proposition. Zn is a field if and only if n is prime.

Proof. If n is composite, I may find a, b such that 1 < a, b < n and ab = n. Regarding a and b as elements
of Zn , I obtain ab = 0 in Zn . Therefore, Zn has zero divisors, and is not a domain. Since fields are domains,
Zn is not a field.
Suppose n is prime. The nonzero elements 1, . . . , n − 1 are all relatively prime to n. Hence, they are
not zero divisors in Zn , by the preceding result. Therefore, Zn is a domain. Since it’s finite, it’s a field.

The fields Zp for p prime are examples of fields of finite characteristic.

Definition. The characteristic of a ring R is the smallest positive integer n such that n · r = 0 for all
r ∈ R. If there is no such integer, the ring has characteristic 0. Denote the characteristic of R by char R.

Z, R, and C are fields of characteristic 0. If p is prime, Zp is a field of characteristic p.

Proposition. If F is a field of characteristic n > 0, then n is prime.

Proof. If n is composite, write n = rs, where 1 < r, s < n. Then

(r · 1)(s · 1) = rs · 1 = n · 1 = 0.

4
 But r · 1 6= 0 and s · 1 6= 0 since r, s < n. Therefore, F has zero divisors, contradicting the fact that
fields are domains.

Note, however, that Zp for p prime is not the only field of characteristic p. In fact, for each n > 0, there
is a unique field F of characteristic p such that |F | = pn .

Proposition. Let R be a ring with identity.

(a) If there is no positive integer n such that n · 1 = 0, then char R = 0.

(b) If n · 1 = 0 for some positive integer n, then the smallest positive integer for which this is true is char R.

Proof. Suppose there is no positive integer n such that n · 1 = 0. If n is a positive integer such that n · r = 0
for all r ∈ R, then in particular n · 1 = 0, which is a contradiction. Therefore, there is no positive integer n
such that n · r = 0 for all r ∈ R, and by definition this means that char R = 0.
Suppose n · 1 = 0 for some positive integer n. By Well-Ordering, there is a smallest positive integer m
such that m · 1 = 0. If r ∈ R, then

(m · 1) · r = 0 · r, or m · (1 · r) = 0, so m · r = 0.

This means that char R 6= 0, and in fact, char R ≤ m. But if char R = k < m, then k · 1 = 0, which
contradicts the assumption that m is the smallest integer such that m · 1 = 0. Therefore, char R = m.

Definition. An integral domain R is called a principal ideal domain (or PID for short) if every ideal in
R is principal.

The integers Z and polynomial rings over fields are examples of principal ideal domains.
Let’s see how this works for a polynomial ring. Consider the set

I = {a(x) · (x2 − 4) + b(x) · (x2 − x − 2) | a(x), b(x) ∈ Q[x]}.

It’s straightforward to show that I is an ideal. I’ll show that in fact I is principal — that is, it actually
consists of all multiples of a mystery polynomial f (x).
What could f (x) be? Well, if I take a(x) = 1 and b(x) = 0, I see that x2 − 4 is in I. Likewise, a(x) = 0
and b(x) = 1 shows that x2 − x − 2 is in I. So if everything in I is a multiple of f , then in particular these
two polynomials must be multiples of f — or what is the same, f divides x2 − 4 and x2 − x − 2.
Note that
x2 − 4 = (x − 2)(x + 2) and x2 − x − 2 = (x − 2)(x + 1).
Now I can see something which divides x2 − 4 and x2 − x − 2, namely x − 2. I’m going to guess that
f (x) = x − 2 is my mystery polynomial.
In the first place,

a(x) · (x2 − 4) + b(x) · (x2 − x − 2) = a(x) · (x − 2)(x + 2) + b(x) · (x − 2)(x + 1).

So x − 2 divides everything in I.
Now I want to show that anything divisible by x−2 is in I. So suppose x−2 | g(x), or g(x) = (x−2)h(x)
for some h(x). Why is g(x) ∈ I?
The key is to observe that x − 2 is the greatest common divisor of x2 − 4 and x2 − x − 2. Thus, I can
write x − 2 as a linear combination of x2 − 4 and x2 − x − 2. Here’s one:

x − 2 = (x2 − 4) − (x2 − x − 2).

5
 Hence,
g(x) = (x2 − 4) − (x2 − x − 2) h(x) = h(x) · (x2 − 4) − h(x) · (x2 − x − 2).
 

The last expression is in I, since it’s a linear combination of x2 − 4 and x2 − x − 2. So g(x) ∈ I, as I

wanted to show.
Therefore, I is principal:
I = hx − 2i.
Now you can see how to do this in a more general case. Suppose you have the ideal

{a1 (x)f1 (x) + · · · + an (x)fn (x) | a1 (x), . . . , an (x) ∈ F [x]}.

It will be generated by the single element (f1 (x), . . . , fn (x)), the greatest common divisor of the f ’s.

Example. (Finding a generator for a principal ideal) Consider the ring Z[x] of polynomials with
integer coefficients. Show that the following ideal is not principal:

I = hx, x + 2i = {a(x)(x + 2) + b(x)x | a(x), b(x) ∈ Z[x]}.

I is an ideal in Z[x]. It consists of all linear combinations (with polynomial coefficients) of x + 2 and x.
For example, the following polynomials are elements of I:

(x2 + 5x + 1)(x + 2) + (x117 − 89)(x), (−2x + 3)(x + 2) + 47x, (1)(x + 2) + (0)(x), (0)(x + 2) + (1)(x).

I’ll let you verify that I satisfies the axioms for an ideal. Taking this for granted, I’ll show that I is not
principal — that is, I does not consist of multiples of a single polynomial p(x).
Suppose on the contrary that every element of I is a multiple of a polynomial p(x) ∈ Z[x]. Look at the
last two sample elements above;

x + 2 = (1)(x + 2) + (0)(x) ∈ I and (0)(x + 2) + (1)(x) = x ∈ I.

Since I is an ideal, their difference (x + 2) − x = 2 is also an element of I.

By assumption, every element of I is a multiple of p(x), so 2 is a multiple of p(x). Thus, 2 = a(x)p(x)
for some polynomial a(x).
However, the only integer polynomials which divide the polynomial 2 are ±1 and ±2. So p(x) is −1, 1,
−2, or 2.
x is also an element of I, so x is a multiple of p(x). Of the possibilities −1, 1, −2, or 2, only −1 and 1
divide x. So p(x) = 1 or p(x) = −1.
However, remember that elements of I have the form a(x)(x + 2) + b(x)(x). The constant term of this
polynomial is the constant term of a(x) times 2 — that is, the constant term must be divisible by 2. Since
neither 1 nor −1 are divisible by 2, it follows that p(x) can’t be 1 or −1.
This contradiction shows that there is no such p(x): The ideal I is not principal.
Consequently, Z[x] is not a principal ideal domain.

c 2018 by Bruce Ikenaga 6

 4-15-2018

Polynomial Rings
If R is a ring, the ring of polynomials in x with coefficients in R is denoted R[x]. It consists of
all formal sums
∞
X
ai x i .
i=0

Here ai = 0 for all but finitely many values of i.

If the idea of “formal sums” worries you, replace a formal sum with the infinite vector whose components
are the coefficients of the sum:
∞
X
ai xi = (a0 , a1 , a2 , . . .).
i=0

All of the operations which I’ll define using formal sums can be defined using vectors. But it’s traditional
to represent polynomials as formal sums, so this is what I’ll do.
X∞
A nonzero polynomial ai xi has degree n if n ≥ 0 and an 6= 0, and n is the largest integer with this
i=0
property. The zero polynomial is defined by convention to have degree −∞. (This is necessary in order to
make the degree formulas work out.) Alternatively, you can say that the degree of the zero polynomial is
undefined; in that case, you will need to make minor changes to some of the results below.
Polynomials are added componentwise, and multiplied using the “convolution” formula:
∞
X ∞
X ∞
X
ai x i + bi x i = (ai + bi )xi
i=0 i=0 i=0

∞
! ∞ 
∞
X X X X
ai x i ·  bj x j  = ck xk , where ck = a i bj
i=0 j=0 i=0 i+j=k

These formulas say that you compute sums and products as usual.

Example. (Polynomial arithmetic) (a) Compute

(x2 + 2x + 2) + (x2 + 3) and (x2 + 2x + 2) · (x2 + 3) in Z5 [x].

(b) Compute
(2x2 + 1) + (4x2 + 5) and (3x + 2) · (2x + 3) in Z6 [x].

(a)
(x2 + 2x + 2) + (x2 + 3) = 2x2 + 2x.
(x2 + 2x + 2) · (x2 + 3) = x4 + 2x3 + x + 1.
(b)
(2x2 + 1) + (4x2 + 5) = 0.
(3x + 2) · (2x + 3) = 6x2 + 13x + 6 = x.

Let R be an integral domain. Then If f ∈ R[x], write deg f to denote the degree of f . It’s easy to show
that the degree function satisfies the following properties:

deg(f + g) ≤ max(deg f, deg g).

1
 deg(f · g) = deg f + deg g.
The verifications amount to writing out the formal sums, with a little attention paid to the case of the
zero polynomial. These formulas do work if either f or g is equal to the zero polynomial, provided that −∞
is understood to behave in the obvious ways (e.g. −∞ + c = −∞ for any c ∈ Z).

Example. (Degrees of polynomials) (a) Give examples of polynomials f, g ∈ R[x] such that deg(f + g) <
max(deg f, deg g).

(b) Give examples of polynomials f, g ∈ Z4 [x] such that deg(f · g) 6= deg f + deg g.

(a)
deg (x2 + 2) + (−x2 + 5) = deg 7 = 0, max deg(x2 + 2), deg(−x2 + 5) = 2.
   
whereas
This shows that equality might not hold in deg(f + g) ≤ max(deg f, deg g).

(b)
deg([(2x) · (2x + 1)] = deg(2x) = 1, but deg(2x) + deg(2x + 1) = 1 + 1 = 2.

Proposition. Let F be a field, and let F [x] be the polynomial ring in one variable over F . The units in
F [x] are exactly the nonzero elements of F .

Proof. It’s clear that the nonzero elements of F are invertible in F [x], since they’re already invertible
in F . Conversely, suppose that f (x) ∈ F [x] is invertible, so f (x)g(x) = 1 for some g(x) ∈ F [x]. Then
deg f + deg g = deg 1 = 0, which is impossible unless f and g both have degree 0. In particular, f is a
nonzero constant, i.e. an element of F .

Theorem. (Division Algorithm) Let F be a field, and let f, g ∈ F [x]. Suppose that g 6= 0. There are
unique polynomials q, r ∈ F [x] such that

f (x) = g(x)q(x) + r(x), and deg r(x) < deg g(x).

Proof. The idea is to imitate the proof of the Division Algorithm for Z.
Let
S = {f (x) − g(x)q(x) | q(x) ∈ F [x]}.
The set {deg s(x) | s(x) ∈ S} is a subset of the nonnegative integers, and therefore must contain a
smallest element by well-ordering. Let r(x) ∈ S be an element in S of smallest degree, and write

r(x) = f (x) − g(x)q(x), where q(x) ∈ F [x].

I need to show that deg r(x) < deg g(x).

If r(x) = 0, then since g(x) 6= 0, I have deg g(x) ≥ 0 > −∞ = deg r(x).
Suppose then that r(x) 6= 0. Assume toward a contradiction that deg r(x) ≥ deg g(x). Write

r(x) = rn xn + · · · + r1 x + r0 ,

g(x) = gm xm + · · · + g1 x + g0 .
Assume rn , gm 6= 0, and n ≥ m.
Consider the polynomial
 
rn n−m rn n−1
r(x) − x g(x) = (rn xn + · · · + r1 x + r0 ) − rn xn + x + ··· .
gm gm

2
 Its degree is less than n, since the n-th degree terms cancel out.
However,
 
rn n−m rn n−m rn n−m
r(x) − x g(x) = f (x) − g(x)q(x) − x g(x) = f (x) − g(x) q(x) + x g(x) .
gm gm gm
The latter is an element of S.
I’ve found an element of S of smaller degree than r(x), which is a contradiction. It follows that
deg r(x) < deg g(x).
Finally, to prove uniqueness, suppose
f (x) = g(x)q(x) + r(x) = g(x)q ′ (x) + r′ (x), and deg r(x), deg r′ (x) < deg g(x).
Rearranging the equation, I get
g(x)(q(x) − q ′ (x)) = r′ (x) − r(x).
Then
deg(r′ (x) − r(x)) = deg[g(x)(q(x) − q ′ (x))] = deg g(x) + deg(q(x) − q ′ (x)).
But deg(r′ (x) − r(x)) < deg g(x). The equation can only hold if
deg(r′ (x) − r(x)) = −∞ and deg(q(x) − q ′ (x)) = −∞.
This means
r′ (x) − r(x) = 0 and q(x) − q ′ (x) = 0.
Hence, r(x) = r′ (x) and q(x) = q ′ (x).

Example. (Polynomial division) Divide 3x4 + 2x3 + x + 2 by x2 + 4 in Z5 [x].

Remember as you follow the division that −4 = 1, −3 = 2, and −2 = 3 — I’m doing arithmetic mod 5.

3 x 2 + 2x + 3
x 2+ 4 3x 4 + 2 x 3 + x + 2
3x 4 + 2 x 2
2 x 3+ 3 x 2+ x
2x3 + 3x
2
3x + 3x + 2
3x 2 +2
3x
If you prefer, you can do long division without writing the powers of x — i.e. just writing down the
coefficients. Here’s how it looks:
3 2 3
1 0 4 3 2 0 1 2
3 0 2
2 3 1
2 0 3

3 3 2
3 0 2
3 0

3
 Either way, the quotient is 3x2 + 2x + 3 and the remainder is 3x:

3x4 + 2x3 + x + 2 = (3x2 + 2x + 3)(x2 + 4) + 3x.

Definition. Let R be a commutative ring and let f (x) ∈ R[x]. An element c ∈ R is a root of f (x) if
f (c) = 0.

Note that polynomials are actually formal sums, not functions. However, it is obvious how to plug a
number into a polynomial. Specifically, let

f (x) = an xn + an−1 xn−1 + · · · + a1 x + a0 ∈ R[x].

For c ∈ R, define
f (c) = an cn + an−1 cn−1 + · · · + a1 c + a0 .
Observe that a polynomial can be nonzero as a polynomial even if it equals 0 for every input! For
example, take f (x) = x2 + x ∈ Z2 [x] is a nonzero polynomial. However, plugging in the two elements of the
coefficient ring Z2 gives
f (0) = 0 + 0 = 0 and f (1) = 1 + 1 = 0.

Theorem. Let F be a field, and let f (x) ∈ F [x], where deg f (x) = n ≥ 0.

(a) (The Root Theorem) c is a root of f (x) in F if and only if x − c | f (x).

(b) f (x) has at most n roots in F .

Proof. (a) Suppose f (c) = 0. Write

f (x) = (x − c)q(x) + r(x), where deg r(x) < deg(x − c) = 1.

Then deg r(x) = 0 or deg r(x) = −∞.

In the first case, r is a nonzero constant. However, this implies that

0 = f (c) = 0 · g(c) + r(c) 6= 0.

This contradiction shows that r(x) = 0, and f (x) = (x − c)q(x).

Conversely, if x − c is a factor of f (x), then f (x) = (x − c)q(x) for some q(x). Hence,

f (c) = q(c)(c − c) = 0.

Hence, c is a root of f .

(b) If c1 , . . . , cm are the distinct roots of f in F , then

(x − c1 ) · · · (x − cm ) | f (x).

Taking degrees on both sides gives m ≤ deg f (x).

Example. (Applying the Root Theorem) In R[x], show:

(a) x − 1 is a factor of x71 − 5x42 + 4.

(b) x − 1 is a factor of xn − 1 for any n ≥ 1.

4
(a) If p(x) = x71 − 5x42 + 4, then p(1) = 1 − 5 + 4 = 0. Hence, 1 is a root of p(x), and by the Root Theorem
x − 1 is a factor of x71 − 5x42 + 4.

(b) If p(x) = xn − 1, then p(1) = 1 − 1 = 0. Hence, 1 is a root of p(x), so x − 1 is a factor of xn − 1 by the

Root Theorem.

Example. (Applying the Root Theorem) Prove that 2x51 − 4x49 − 251 is divisible by x − 2 in Q[x].

Plugging in x = 2 into 2x51 − 4x49 − 251 gives

2 · 251 − 4 · 249 − 251 = 252 − 251 − 251 = 252 − 2 · 251 = 252 − 252 = 0.

Since x = 2 is a root, x − 2 is a factor by the Root Theorem.

Remark. If the ground ring isn’t a field, it’s possible for a polynomial to have more roots than its degree.
For example, the quadratic polynomial (x − 2)(x − 6) ∈ Z12 [x] has roots x = 0, x = 2, x = 6, x = 8. The
previous result does not apply, because Z12 is not a field.

Corollary. (The Remainder Theorem) Let F be a field, c ∈ F , and let f (x) ∈ F [x]. When f (x) is
divided by x − c, the remainder is f (c).

Proof. Divide f (x) by x − c:

f (x) = q(x)(x − c) + r(x).
Since deg r(x) < deg(x − c) = 1, it follows that r(x) is a constant. But

f (c) = q(c)(c − c) + r(c) = r(c).

Therefore, the constant value of r(x) is r(c) = f (c).

Example. (Applying the Remainder Theorem) Suppose p(x) ∈ R[x] leaves a remainder of 5 when
divided by x − 1 and a remainder of −1 when divided by x + 2. What is the remainder when p(x) is divided
by (x − 1)(x + 2)?

By the Remainder Theorem,

p(1) = 5 and p(−2) = −1.
Now divide p(x) by (x − 1)(x + 2). The remainder r(x) has degree less than deg(x − 1)(x + 2) = 2, so
r(x) = ax + b for some a, b ∈ R:

p(x) = q(x)(x − 1)(x + 2) + (ax + b).

Then
5 = p(1) = 0 + (a + b) − 1 = p(−2) = 0 + (−2a + b).
Solving the two equations for a and b, I get a = 2 and b = 3. Thus, the remainder is 2x + 3.

Definition. Let R be an integral domain.

(a) If x, y ∈ R, then x divides y if xz = y for some z ∈ R. Write x | y to mean that x divides y.

(b) x and y are associates if xu = y, where u is a unit.

5
 (Recall that a unit in a ring is an element with a multiplicative inverse.)

(c) An element x ∈ R is irreducible if x 6= 0, x is not a unit, and if x = yz implies either y is a unit

or z is a unit.

(d) An element x ∈ R is prime if x 6= 0, x is not a unit, and x | yz implies x | y or x | z.

Proposition. A nonzero nonconstant polynomial f (x) ∈ F [x] is irreducible if and only if f (x) = g(x)h(x)
implies that either g or h is a constant.

Proof. Suppose f (x) is irreducible and f (x) = g(x)h(x). Then one of g(x), h(x) is a unit. But we showed
earlier that the units in F [x] are the constant polynomials.
Suppose that f (x) is a nonzero nonconstant polynomial, and f (x) = g(x)h(x) implies that either g or
h is a constant.
Since f is nonconstant, it’s not a unit. Note that if f (x) = g(x) = h(x), then g, h 6= 0, since f 6=.
Therefore, the condition that f (x) = g(x)h(x) implies that either g or h is a constant means that
f (x) = g(x)h(x) implies that either g(x) or h(x) is a unit — again, since the nonzero constant polynomials
are the units in F [x]. This is what it means for f to be irreducible.

Example. Show that x2 + 1 is irreducible in R[x] but not in C[x].

x2 + 1 has no real roots, so by the Root Theorem it has no linear factors. Hence, it’s irreducibile in
R[x].
However, x2 + 1 = (x + i)(x − i) in C[x].

Corollary. Let F be a field. A polynomial of degree 2 or 3 in F [x] is irreducible if and only if it has no
roots in F .

Proof. Suppose f ∈ F [x] has degree 2 or 3.

If f is not irreducible, then f (x) = g(x)h(x), where neither g nor h is constant. Now deg g ≥ 1 and
deg h ≥ 1, and

deg g + deg h = deg f = 2 or 3.

This is only possible if at least one of g or h has degree 1. This means that at least one of g or h is a
linear factor ax + b, and must therefore have a root in F . Since f (x) = g(x)h(x), it follows that f has a root
in F as well.
Conversely, if f has a root c in F , then x − c is a factor of f by the Root Theorem. Since f has degree
2 or 3, x − c is a proper factor, and f is not irreducible.

Remark. The result is false for polynomials of degree 4 or higher. For example, (x2 + 1)2 has no roots in
R, but it is not irreducible over R.

Example. (Checking for irreducibility of a quadratic or cubic) Show that x3 + x + 1 ∈ Z5 [x] is

irreducible.

6
 Since this is a cubic polynomial, I only need to see whether it has any roots.

x x3 + x + 1
0 1
1 3
2 1
3 1
4 4

Since x3 + x + 1 has no roots in Z5 , it’s irreducible.

Proposition. In an integral domain, primes are irreducible.

Proof. Let x be prime. I must show x is irreducible. Suppose x = yz. I must show either y or z is a unit.
x = yz, so obviously x | yz. Thus, x | y or x | z. Without loss of generality, suppose x | y.
Write xw = y. Then x = yz = xwz, and since x 6= 0 (primes are nonzero) and we’re in a domain,
1 = wz. Therefore, z is a unit, and x is irreducible.

Definition. Let R be an integral domain, and let x, y ∈ R. d ∈ R is a greatest common divisor of x

and y if:

(a) d | x and d | y.

(b) If d′ | x and d′ | y, then d′ | d.

The definition says “a” greatest common divisor, rather than “the” greatest common divisor, because
greatest common divisors are only unique up to multiplication by units.
The definition above is the right one if you’re dealing with an arbitrary integral domain. However, if
your ring is a polynomial ring, it’s nice to single out a “special” greatest common divisor and call it the
greatest common divisor.

Definition. A monic polynomial is a polynomial whose leading coefficient is 1.

For example, here are some monic polynomials over Q:

2
x3 − 3x + 5, x100 − x17 , x + 42.
3

Definition. Let F be a field, let F [x] be the ring of polynomials with coefficients in F , and let f, g ∈ F [x],
where f and g are not both zero. The greatest common divisor of f and g is the monic polynomial which
is a greatest common divisor of f and g (in the integral domain sense).

Example. (Polynomial greatest common divisors) Find the greatest common divisor of x2 − 4 and
x2 − x − 2 in Q[x].

x − 2 is a greatest common divisor of x2 − 4 and x2 − x − 2:

x2 − 4 = 1 · (x2 − x − 2) + (x − 2)

x2 − x − 2 = (x + 1)(x − 2) + 0

7
 Notice that any nonzero constant multiple of x − 2 is also a greatest common divisor of x2 − 4 and
1
x2 − x − 2 (in the integral domain sense): For example, (x − 2) works. This makes sense, because the
100
units in Q[x] are the nonzero elements of Q. But by convention, I’ll refer to x − 2 — the monic greatest
common divisor — as the greatest common divisor of x2 − 4 and x2 − x − 2.

The preceding definition assumes there is a greatest common divisor for two polynomials in F [x]. In
fact, the greatest common divisor of two polynomials exists — provided that both polynomials aren’t 0 —
and the proof is essentially the same as the proof for greatest common divisors of integers.
In both cases, the idea is to use the Division Algorithm repeatedly until you obtain a remainder of 0.
This must happen in the polynomial case, because the Division Algorithm for polynomials specifies that the
remainder has strictly smaller degree than the divisor.
Just as in the case of the integers, each use of the Division Algorithm does not change the greatest
common divisor. So the last pair has the same greatest common divisor as the first pair — but the last pair
consists of 0 and the last nonzero remainder, so the last nonzero remainder is the greatest common divisor.
This process is called the Euclidean algorithm, just as in the case of the integers.
Let h and h′ be two greatest common divisors of f and g. By definition, h | h′ and h′ | h. From this, it
follows that h and h′ have the same degree, and are constant multiples of one another. If h and h′ are both
monic — i.e. both have leading coefficient 1 — this is only possible if they’re equal. So there is a unique
monic greatest common divisor for any two polynomials.
Finally, the same proofs that I gave for the integers show that you can write the greatest common divisor
of two polynomials as a linear combination of the two polynomials. You can use the Extended Euclidean
Algorithm that you learned for integers to find a linear combination. To summarize:

Theorem. Let F be a field, f, g ∈ F [x], f and g not both 0.

(a) f and g have a unique (monic) greatest common divisor.

(b) There exist polynomials u, v ∈ F [x] such that

(f (x), g(x)) = u(x)f (x) + v(x)g(x).

Example. (Applying the Extended Euclidean Algorithm) Find the greatest common divisor of
x4 − x3 + x2 − 1 and x3 − x2 + 3x − 3 in R[x] and express the greatest common divisor as a linear combination
of x3 + 1 and x2 + 4x + 3 with coefficients in R[x].

1 2 1
x4 − x3 + x2 − 1 - x − x+1
2 4
1 1
x3 − x2 + 3x − 3 x − x−
2 4
1 1
−2x2 + 3x − 1 − x− 1
2 4
13 13 8 4
x− − x+ 0
4 4 13 13
13 13
The greatest common divisor is x− . The greatest common divisor is only determined up to
4 4
4
multiplying by a unit, so multiplying by gives the monic greatest common divisor x − 1.
13
You can check that
   
1 1 1 1
13 13
x4 − x3 + x2 − 1 + − x2 − x + 1 x3 − x2 + 3x − 3 =


− − x− x− .
2 4 2 4 4 4

8
Example. (Applying the Extended Euclidean Algorithm) Find the greatest common divisor of x3 + 1
and x2 + 4x + 3 in Z5 [x] and express the greatest common divisor as a linear combination of x3 + 1 and
x2 + 4x + 3 with coefficients in Z5 [x].

x3 + 1 x+1
2
x + 4x + 3 x+1 1
3x + 3 2x + 1 0

The greatest common divisor is 3x + 3, and

3x + 3 = −(x + 1) · (x2 + 4x + 3) + 1 · (x3 + 1) = 4(x + 1) · (x2 + 4x + 3) + 1 · (x3 + 1).

The greatest common divisor is only determined up to multiplying by a unit. So, for example, I can
multiply the last equation by 2 to get

x + 1 = (3x + 3) · (x2 + 4x + 3) + 2 · (x3 + 1).

c 2018 by Bruce Ikenaga 9

 4-21-2018
The Quotient Field of an Integral Domain
The rationals Q are constructed from the integers Z by “forming fractions”. This amounts to making
all the nonzero elements of Z invertible. In fact, you can perform this construction for an arbitrary integral
domain.

Theorem. Let R be an integral domain.

(a) There is a field Q, the quotient field of R, and an injective ring map i : R → Q.

(b) If F is a field and φ : R → F is an injective ring map, there is a unique ring map φ̃ : Q → F such
that the following diagram commutes:
φ ✲F
R
✸
✑
✑
i ✑
✑ φ̃
✑
❄✑
Q
Heuristically, this means that Q is the “minimal” way of inverting the nonzero elements of R.

Proof. The first step is to form the fractions. Let

S = {(a, b) | a, b ∈ R, b 6= 0}.

a
(Think of (a, b) as corresponding to the fraction . The elements of Q aren’t actually fractions, but
b
1 2
equivalence classes of fractions. Think of the situation in the rationals Q: and are really the same
2 4
element of Q.)
a c
Two rational fractions and are equal if and only if ad = bc. I’ll use this idea to put an equivalence
b d
relation on S.
If (a, b), (c, d) ∈ S, write (a, b) ∼ (c, d) if and only if ad = bc. I claim this is an equivalence relation.

(a) Since ab = ab, I have (a, b) = (a, b).

(b) If (a, b) ∼ (c, d), then ad = bc. So bc = ad, and hence (c, d) ∼ (a, b).

(c) Suppose (a, b) ∼ (c, d) and (c, d) ∼ (e, f ). Then ad = bc and cf = de. I want to show that af = be.
The first equation yields adf = bcf , while the second equation yields bcf = bde. Therefore, adf = bde. Now
(c, d) ∈ S implies d 6= 0, and since R is a domain, I may cancel d to obtain af = be. Hence, (a, b) = (e, f ),
which completes the proof of transitivity.

Let Q be the set of equivalence classes. Let [a, b] ∈ Q denote the equivalence class of (a, b) ∈ S. I want
to show that Q is a field with the appropriate properties.
First, I’ll define the operations. For [a, b], [c, d] ∈ Q, define

[a, b] + [c, d] = [ad + bc, bd]

[a, b][c, d] = [ac, bd]

Note that in each case b, d 6= 0 so bd 6= 0, and the expressions on the right at least make sense.
I now have some routine but extremely tedious verifications to perform. Since these operations are
defined on equivalence classes, I must check that they’re well-defined — i.e. that they’re independent of the
choices of representatives for the equivalence classes.
Once I have well-defined operations, I have to check all the axioms for a field. This entails checking all
the ring axioms, commutativity, and the existence of inverses for nonzero elements. For example, I’ll show
that [0, 1] functions as an additive identity, while [1, 1] is the multiplicative identity.

1
 It is probably a little much to expect you to wade through all of the ugly computations. Nevertheless,
I’ll show all the work below. I suggest that you at least verify that one of the two operations is well-defined,
and that you work through the proof for at least one of the ring axioms.
First, I’ll prove that addition and multiplication are well-defined. Suppose that [a, b] = [a′ , b′ ], so
ab = a′ b, and [c, d] = [c′ , d′ ] so cd′ = c′ d.
′

1. Addition is well-defined.

[a, b] + [c, d] = [ad + bc, bd] and [a′ , b′ ] + [c′ , d′ ] = [a′ d′ + b′ c′ , b′ d′ ].

Now
(ad + bc)b′ d′ = ab′ dd′ + bb′ cd′ = a′ bdd′ + bb′ c′ d = (a′ d′ + b′ c′ )bd,
Hence, [ad + bc, bd] = [a′ d′ + b′ c′ , b′ d′ ].
2. Multiplication is well-defined.

[a, b][c, d] = [ac, bd] and [a′ , b′ ][c′ , d′ ] = [a′ c′ , b′ d′ ].

Now
(ac)(b′ d′ ) = ab′ cd′ = a′ bc′ d = (a′ c′ )(bd).
Hence, [ac, bd] = [a′ c′ , b′ d′ ].

Next, I’ll verify that Q is a field. I have to verify the ring axioms, that multiplication is commutative,
and that nonzero elements have inverses.

3. Addition is associative.

([a, b] + [c, d]) + [e, f ] = [ad + bc, bd] + [e, f ] = [adf + bcf + bde, bdf ],

[a, b] + ([c, d] + [e, f ]) = [a, b] + [cf + de, df ] = [adf + bcf + bde, bdf ].
4. Addition is commutative.

[a, b] + [c, d] = [ad + bc, bd] and [c, d] + [a, b] = [bc + ad, bd].

5. [0, 1] is the additive identity.

[a, b] + [0, 1] = [a · 1 + b · 0, b] = [a, b].

6. −[a, b] = [−a, b].

[a, b] + [−a, b] = [ab − ab, b2 ] = [0, b2 ].
However, [0, b2 ] = [0, 1], since 0 · 1 = b2 · 0.

7. Multiplication is associative.

([a, b][c, d]) [e, f ] = [ace, bdf ] = [a, b] ([c, d][e, f ]) .

8. Multiplication is commutative.

[a, b][c, d] = [ac, bd] = [c, d][a, b].

9. [1, 1] is the multiplicative identity.

[a, b][1, 1] = [a, b].
10. Multiplication distributes over addition.

2
 By commutativity of multiplication, it suffices to check this on one side.

[a, b] ([c, d] + [e, f ]) = [a, b][cf + de, df ] = [acf + ade, bdf ],

[a, b][c, d] + [a, b][e, f ] = [ac, bd] + [ae, bf ] = [abcf + abde, b2 df ].

However,

(acf + ade)b2 df = ab2 cdf 2 + ab2 d2 ef and (abcf + abde)bdf = ab2 cdf 2 + ab2 d2 ef.

Therefore, [acf + ade, bdf ] = [abcf + abde, b2 df ].

11. Nonzero elements have multiplicative inverses.

Suppose [a, b] 6= [0, 1], so a 6= 0. Then using ab · 1 = 1 · ab, I have

[a, b][b, a] = [ab, ab] = [1, 1].

Hence, [b, a] = [a, b]−1 .

This completes the verification that Q is a field. Next, I’ll construct the imbedding of R into Q.

Define i : R → Q by i(r) = [r, 1]. I’ll check that i is a ring map. First, i(1) = [1, 1].
Next,
i(a) + i(b) = [a, 1] + [b, 1] = [a + b, 1] = i(a + b),
i(a)i(b) = [a, 1][b, 1] = [ab, 1] = i(ab).
Next, I’ll show that i is injective. Suppose i(x) = [0, 1] (since [0, 1] is the zero element of Q). Then
[x, 1] = [0, 1], or x = 0. Therefore, ker i = {0}, so i is injective.

Finally, I’ll complete the proof by verifying the universal property. Suppose that F is a field and
φ : R → F is an injective ring map. Define φ̃ : Q → F by

φ̃ ([a, b]) = φ(a)φ(b)−1 .

Observe that since b 6= 0, φ(b) 6= 0 (injectivity), so φ(b) is invertible in the field F .

I have to check that the map is well-defined. Suppose that [a, b] = [a′ , b′ ], so ab′ = a′ b. Then

φ(a)φ(b′ ) = φ(a′ )φ(b),

φ(a)φ(b)−1 = φ(a′ )φ(b′ )−1 ,
φ̃ ([a, b]) = φ̃ ([a′ , b′ ]) .

Next, I’ll check that φ̃ is a ring map. First,

φ̃ ([1, 1]) = φ(1)φ(1)−1 = 1 · 1 = 1.

Next,

φ̃ ([a, b] + [c, d]) = φ̃ ([ad + bc, bd]) = φ(ad + bc)φ(bd)−1 = φ(ad)φ(bd)−1 + φ(bc)φ(bd)−1 =

φ(a)φ(d)φ(b)−1 φ(d)−1 + φ(b)φ(c)φ(b)−1 φ(d)−1 = φ(a)φ(b)−1 + φ(c)φ(d)−1 = φ̃ ([a, b]) + φ̃ ([c, d]) .
Finally,

φ̃ ([a, b][c, d]) = φ̃ ([ac, bd]) = φ(ac)φ(bd)−1 = φ(a)φ(b)−1 φ(c)φ(d)−1 = φ̃ ([a, b]) φ̃ ([c, d]) .

3
 I need to check that φ̃ makes the diagram commute. If a ∈ R,

φ̃ · i(a) = φ̃ ([a, 1]) = φ(a)φ(1)−1 = φ(a).

Finally, I’ll show that φ̃ is the only map which could satisfy these conditions. If ψ was another injective
ring map filling in the diagram, then for a ∈ R,

ψ · i(a) = φ(a).

Hence, ψ ([a, 1]) = φ(a).

Now let b ∈ R, b 6= 0. Since ψ is a ring map,

1 = ψ ([1, 1]) = ψ ([b, 1][1, b]) = ψ ([b, 1]) ψ ([1, b]) = φ(b)ψ ([1, b]) .

φ is injective, so φ(b) 6= 0, and it’s invertible in F . Therefore, ψ ([1, b]) = φ(b)−1 .

Now put the results of the last two paragraphs together, again using the fact that ψ is a ring map:

ψ ([a, b]) = ψ ([a, 1][1, b]) = ψ ([a, 1]) ψ ([1, b]) = φ(a)φ(b)−1 = φ̃ ([a, b]) .

Thus, φ̃ is the unique map filling in the diagram, and the proof is (finally!) complete.

The standard argument for objects defined by universal properties shows that the quotient field of an
integral domain is unique up to ring isomorphism. That is, if R is a domain and Q and Q′ are fields satisfying
the universal property for the quotient field of R, then Q ≈ Q′ .

If R is a field, then it is its own quotient field. To prove this, use uniqueness of the quotient field, and
the fact that the identity map id : R → R satisfies the universal property.
In most cases, it is easy to see what the quotient field “looks like”. For example, let R be the domain
Q[x] of polynomials with rational coefficients. The quotient field is Q(x), the field of rational functions
p(x)
with rational coefficients. It consists of all quotients , where p, q ∈ Q[x] and q 6= 0, under the usual
q(x)
operations.
This may seem like a lot of work to produce something that is “obvious”. But the reason this may seem
“obvious” to you is that you’ve had lots of experience working with the the rational numbers Q, the quotient
field of the integers Z.

c 2018 by Bruce Ikenaga

 4-21-2018

Quotient Rings
Let R be a ring, and let I be a (two-sided) ideal. Considering just the operation of addition, R is a
group and I is a subgroup. In fact, since R is an abelian group under addition, I is a normal subgroup, and
R
the quotient group is defined. Addition of cosets is defined by adding coset representatives:
I
(a + I) + (b + I) = (a + b) + I.

The zero coset is 0 + I = I, and the additive inverse of a coset is given by −(a + I) = (−a) + I.
R
However, R also comes with a multiplication, and it’s natural to ask whether you can turn into a
I
ring by multiplying coset representatives:

(a + I) · (b + I) = ab + I.

I need to check that that this operation is well-defined, and that the ring axioms are satisfied. In fact,
everything works, and you’ll see in the proof that it depends on the fact that I is an ideal. Specifically, it
depends on the fact that I is closed under multiplication by elements of R.
R
By the way, I’ll sometimes write “ ” and sometimes “R/I”; they mean the same thing.
I
Theorem. If I is a two-sided ideal in a ring R, then R/I has the structure of a ring under coset addition
and multiplication.

Proof. Suppose that I is a two-sided ideal in R. Let r, s ∈ I.

Coset addition is well-defined, because R is an abelian group and I a normal subgroup under addition.
I proved that coset addition was well-defined when I constructed quotient groups.
I need to show that coset multiplication is well-defined:

(r + I)(s + I) = rs + I.

As before, suppose that

r + I = r′ + I, so r = r′ + a, a∈I
s + I = s′ + I, so s = s′ + b, b∈I
Then

(r + I)(s + I) = rs + I = (r′ + a)(s′ + b) + I = r′ s′ + r′ b + as′ + ab + I = r′ s′ + I = (r′ + I)(s′ + I).

The next-to-last equality is derived as follows: r′ b + as′ + ab ∈ I, because I is an ideal; hence r′ b +

′
as + ab + I = I. Note that this uses the multiplication axiom for an ideal; in a sense, it explains why the
multiplication axiom requires that an ideal be closed under multiplication by ring elements on the left and
right.
Thus, coset multiplication is well-defined.
Verification of the ring axioms is easy but tedious: It reduces to the axioms for R.
For instance, suppose I want to verify associativity of multiplication. Take r, s, t ∈ R. Then

((r + I)(s + I)) (t + I) = (rs + I)(t + I) = (rs)t + I = r(st) + I = (r + I)(st + I) = (r + I) ((s + I)(t + I)) .

(Notice how I used associativity of multiplication in R in the middle of the proof.) The proofs of the
other axioms are similar.

Definition. If R is a ring and I is a two-sided ideal, the quotient ring of R mod I is the group of cosets
R
with the operations of coset addition and coset multiplication.
I

1
Proposition. Let R be a ring, and let I be an ideal

(a) If R is a commutative ring, so is R/I.

(b) If R has a multiplicative identity 1, then 1 + I is a multiplicative identity for R/I. In this case, if
r ∈ R is a unit, then so is r + I, and (r + I)−1 = r−1 + I.

Proof. (a) Let r + I, s + I ∈ R/I. Since R is commutative,

(r + I)(s + I) = rs + I = sr + I = (s + I)(r + I).

Therefore, R/I is commutative.

(b) Suppose R has a multiplicative identity 1. Let r ∈ R. Then

(r + I)(1 + I) = r · 1 + I = r + I and (1 + I)(r + I) = 1 · r + I = r + I.

Therefore, 1 + I is the identity of R/I.

If r ∈ R is a unit, then

(r−1 + I)(r + I) = r−1 r + I = 1 + I and (r + I)(r−1 + I) = rr−1 + I = 1 + I.

Therefore, (r + I)−1 = r−1 + I.

Example. (A quotient ring of the integers) The set of even integers h2i = 2Z is an ideal in Z. Form
Z
the quotient ring .
2Z
Construct the addition and multiplication tables for the quotient ring.

Here are some cosets:

2 + 2Z, −15 + 2Z, 841 + 2Z.
But two cosets a + 2Z and b + 2Z are the same exactly when a and b differ by an even integer. Every
even integer differs from 0 by an even integer. Every odd integer differs from 1 by an even integer. So there
are really only two cosets (up to renaming): 0 + 2Z = 2Z and 1 + 2Z.
Here are the addition and multiplication tables:

+ 0 + 2Z 1 + 2Z × 0 + 2Z 1 + 2Z
0 + 2Z 0 + 2Z 1 + 2Z 0 + 2Z 0 + 2Z 0 + 2Z
1 + 2Z 1 + 2Z 0 + 2Z 1 + 2Z 0 + 2Z 1 + 2Z

Z
You can see that is isomorphic to Z2 .
2Z
Z
In general, is isomorphic to Zn . I’ve been using “Zn ” informally to mean the set {0, 1, . . . , n − 1}
nZ
with addition and multiplication mod n, and taking for granted that the usual ring axioms hold. This
Z
example gives a formal contruction of Zn as the quotient ring .
nZ

Example. Z3 [x] is the ring of polynomials with coefficients in Z3 . Consider the ideal h2x2 + x + 2i.
Z3 [x]
(a) How many elements are in the quotient ring ?
h2x2 + x + 2i

2
 Z3 [x]
(b) Reduce the following product in to the form (ax + b) + h2x2 + x + 2i:
h2x2 + x + 2i

(2x + 1 + h2x2 + x + 2i) · (x + 1 + h2x2 + x + 2i).

Z3 [x]
(c) Find [x + 2 + h2x2 + x + 2i]−1 in .
h2x2 + x + 2i
Z3 [x] Z
The ring is analogous to Zn = . In the case of Zn , you do computations mod
h2x2 + x + 2i hni
n: To “simplify”, you divide the result of a computation by the modulus n and take the remainder. In
Z3 [x] Z3 [x]
, the polynomial 2x2 + x + 2 acts like the “modulus”. To do computations in ,
h2x2 + x + 2i h2x2 + x + 2i
you divide the result of a computation by 2x2 + x + 2 and take the remainder.

(a) By the Division Algorithm, any f (x) ∈ Z3 [x] can be written as

f (x) = (2x2 + x + 2)q(x) + r(x), where deg r(x) < deg(2x2 + x + 2).

This means that r(x) = ax + b, where a, b ∈ Z3 . Then

f (x) + h2x2 + x + 2i = [(2x2 + x + 2)q(x) + r(x)] + h2x2 + x + 2i = (ax + b) + h2x2 + x + 2i.

Since there are 3 choices for a and 3 choices for b, there are 9 cosets.

(b) First, multiply the coset representatives:

(2x + 1)(x + 1) = 2x2 + 1.

Dividing 2x2 + 1 by 2x2 + x + 2, I get

2x2 + 1 = (2x2 + x + 2)(1) + (2x + 2).

Then

2x2 + 1 + h2x2 + x + 2i = [(2x2 + x + 2)(1) + (2x + 2)] + h2x2 + x + 2i = 2x + 2 + h2x2 + x + 2i.

(c) To find multiplicative inverses in Zn , you use the Extended Euclidean Algorithm. The same idea works
in quotient rings of polynomial rings.

2x2 + x + 2 - 2x
x+2 2x 1
2 2x + 1 0

(1)(2x2 + x + 2) − (2x)(x + 2) = 2
(1)(2x2 + x + 2) + (x)(x + 2) = 2
(2)(2x2 + x + 2) + (2x)(x + 2) = 1
(2)(2x2 + x + 2) + (2x)(x + 2) + h2x2 + x + 2i = 1 + h2x2 + x + 2i
(2x)(x + 2) + h2x2 + x + 2i = 1 + h2x2 + x + 2i
Thus,
[x + 2 + h2x2 + x + 2i]−1 = 2x + h2x2 + x + 2i.

3
Example. (a) List the elements of the cosets of h(2, 2)i in the ring Z4 × Z6 .
Z4 × Z6
(b) Is the quotient ring an integral domain?
h(2, 2)i
(a) If x is an element of a ring R, the ideal hxi consists of all multiples of x by elements of R. It is not
necessarily the same as the additive subgroup generated by x, which is

{. . . , −3x, −2x, −x, 0, x, 2x, 3x, . . .}.

In this example, the additive subgroup generated by (2, 2) is

{(0, 0), (2, 2), (0, 4), (2, 0), (0, 2), (2, 4)}.

As usual, I get it by starting with the zero element (0, 0) and the generator (2, 2), then adding (2, 2)
until I get back to (0, 0).
This set is contained in the ideal h(2, 2)i; I need to check whether it is the same as the ideal.
If (a, b) ∈ Z4 × Z6 , then
(a, b) · (2, 2) = (2a, 2b).

Thus, an element of the ideal h(2, 2)i consists of a pair (2a, 2b), where each component is even. There
are two even elements in Z4 (namely 0 and 2) and 3 even elements in Z6 (namely 0, 2, and 4), so there are
2 · 3 = 6 such pairs. Thus, the ideal h(2, 2)i has a maximum of 6 elements. Since the additive subgroup
above already has 6 elements, it must be the same as the ideal.
I can list the elements of the cosets of the ideal as I would for subgroups.

h(2, 2)i = {(0, 0), (2, 2), (0, 4), (2, 0), (0, 2), (2, 4)}
(0, 1) + h(2, 2)i = {(0, 1), (2, 3), (0, 5), (2, 1), (0, 3), (2, 5)}
(1, 0) + h(2, 2)i = {(1, 0), (3, 2), (1, 4), (3, 0), (1, 2), (3, 4)}
(1, 1) + h(2, 2)i = {(1, 1), (3, 3), (1, 5), (3, 1), (1, 3), (3, 5)}

(b) Note that

[(0, 1) + h(2, 2)i][(1, 0) + h(2, 2)i] = h(2, 2)i.
Z4 × Z6
Hence, is not an integral domain.
h(2, 2)i

Example. In the ring Z2 × Z10 , consider the principal ideal h(1, 5)i.

(a) List the elements of h(1, 5)i.

(b) List the elements of the cosets of h(1, 5)i.

Z2 × Z10
(c) Is the quotient ring a field?
h(1, 5)i
(a) Note that the additive subgroup generated by (1, 5) has only two elements. It’s not the same as the
ideal generated by (1, 5), so I can’t find the elements of the ideal by taking additive multiples of (1, 5). I’ll
find the elements of the ideal h(1, 5)i by multiplying (1, 5) by the elements of Z2 × Z10 , then throwing out
duplicates. The computation is routine, if a bit tedious.

element (0, 0) (0, 1) (0, 2) (0, 3) (0, 4)

·(1, 5) (0, 0) (0, 5) (0, 0) (0, 5) (0, 0)

4
 element (0, 5) (0, 6) (0, 7) (0, 8) (0, 9)
·(1, 5) (0, 5) (0, 0) (0, 5) (0, 0) (0, 5)

element (1, 0) (1, 1) (1, 2) (1, 3) (1, 4)

·(1, 5) (1, 0) (1, 5) (1, 0) (1, 5) (1, 0)

element (1, 5) (1, 6) (1, 7) (1, 8) (1, 9)

·(1, 5) (1, 5) (1, 0) (1, 5) (1, 0) (1, 5)

Removing duplicates, I have

h(1, 5)i = {(0, 0), (0, 5), (1, 0), (1, 5)}.

(b) Since the ideal has 4 elements and the ring has 20, there must be 5 cosets.

h(1, 5)i = {(0, 0), (0, 5), (1, 0), (1, 5)}
(0, 1) + h(1, 5)i = {(0, 1), (0, 6), (1, 1), (1, 6)}
(0, 2) + h(1, 5)i = {(0, 2), (0, 7), (1, 2), (1, 7)}
(0, 3) + h(1, 5)i = {(0, 3), (0, 8), (1, 3), (1, 8)}
(0, 4) + h(1, 5)i = {(0, 4), (0, 9), (1, 4), (1, 9)}

(c) Note that (0, 1) + h(1, 5)i is the identity.

[(0, 2) + h(1, 5)i][(0, 3) + h(1, 5)i] = (0, 1) + h(1, 5)i.

[(0, 4) + h(1, 5)i][(0, 4) + h(1, 5)i] = (0, 1) + h(1, 5)i.

Since every nonzero coset has a multiplicative inverse, the quotient ring is a field.

c 2018 by Bruce Ikenaga 5

 4-12-2020
Quotient Rings of Polynomial Rings
In this section, I’ll look at quotient rings of polynomial rings.
Let F be a field, and suppose p(x) ∈ F [x]. hp(x)i is the set of all multiples (by polynomials) of p(x),
F [x]
the (principal) ideal generated by p(x). When you form the quotient ring , it is as if you’ve set
hp(x)i
multiples of p(x) equal to 0.
If a(x) ∈ F [x], then a(x) + hp(x)i is the coset of hp(x)i represented by a(x).
Define a(x) = b(x) (mod p(x)) (a(x) is congruent to b(x) mod p(x)) to mean that

p(x) | a(x) − b(x).

In words, this means that a(x) and b(x) are congruent mod p(x) if they differ by a multiple of p(x). In
equation form, this says a(x) − b(x) = k(x) · p(x) for some k(x) ∈ F [x], or a(x) = b(x) + k(x) · p(x) for some
k(x) ∈ F [x].
Lemma. Let R be a commutative ring, and suppose a(x), b(x), p(x) ∈ R[x]. Then a(x) = b(x) (mod p(x))
if and only if a(x) + hp(x)i = b(x) + hp(x)i.
Proof. Suppose a(x) = b(x) (mod p(x)). Then a(x) = b(x) + k(x) · p(x) for some k(x) ∈ R[x]. Hence,

a(x) + hp(x)i = b(x) + k(x) · p(x) + hp(x)i = b(x) + hp(x)i.

Conversely, suppose a(x) + hp(x)i = b(x) + hp(x)i. Then

a(x) ∈ a(x) + hp(x)i = b(x) + hp(x)i.

Hence,
a(x) = b(x) + k(x) · p(x) for some k(x) ∈ R[x].
This means that a(x) = b(x) (mod p(x)).
Depending on the situation, I may write a(x) = b(x) (mod p(x)) or a(x) + hp(x)i = b(x) + hp(x)i.

Example. (A quotient ring of the rational polynomial ring) Take p(x) = x − 2 in Q[x]. Then two
polynomials are congruent mod x − 2 if they differ by a multiple of x − 2.
(a) Show that 2x2 + 3x + 5 = x2 + 4x + 7 (mod x − 2).

(b) Find a rational number r such that x3 − 4x2 + x + 11 = r (mod x − 2).

Q[x]
(c) Prove that ≈ Q.
hx − 2i
(a)

(2x2 + 3x + 5) − (x2 + 4x + 7) = x2 − x − 2 = (x + 1)(x − 2), so 2x2 + 3x + 5 = x2 + 4x + 7 (mod x − 2) .

(b) By the Remainder Theorem, when f (x) = x3 − 4x2 + x + 11 is divided by x − 2, the remainder is

f (2) = 23 − 4 · 22 + 2 + 11 = 5.

Thus,
x3 − 4x2 + x + 11 = (x − 2)q(x) + 5
x3 − 4x2 + x + 11 = 5 (mod x − 2)

1
(c) I’ll use the First Isomorphism Theorem. Define φ : Q[x] → Q by
φ (f (x)) = f (2).
That is, φ evaluates a polynomial at x = 2. Note that
φ (f (x) + g(x)) = f (2) + g(2) = φ (f (x)) + φ (g(x)) and φ (f (x)g(x)) = f (2)g(2) = φ (f (x)) φ (g(x)) ,
It follows that φ is a ring map.
I claim that ker φ = hx − 2i. Now f (x) ∈ ker φ if and only if
f (2) = φ (f (x)) = 0.
That is, f (x) ∈ ker φ if and only if 2 is a root of f . By the Root Theorem, this is equivalent to
x − 2 | f (x), which is equivalent to f (x) ∈ hx − 2i.
Next, I’ll show that φ is surjective. Let q ∈ Q. I can think of q as a constant polynomial, and doing so,
φ(q) = q. Therefore, φ is surjective.
Using these results,
Q[x] Q[x]
= ≈ im φ = Q.
hx − 2i ker φ
The first equality follows from the fact that hx − 2i = ker φ. The isomorphism follows from the First
Isomorphism Theorem. The second equality follows from the fact that φ is surjective.

F [x]
In the last example, was a field. The next result says that this is the case exactly when p(x) is
hp(x)i
irreducible.
F [x]
Theorem. is a field if and only if p(x) is irreducible.
hp(x)i
F [x]
Proof. Since F [x] is a commutative ring with identity, so is .
hp(x)i
F [x]
Suppose p(x) is irreducible. I need to show that is a field. I need to show that nonzero elements
hp(x)i
are invertible.
F [x]
Take a nonzero element of — say a(x) + hp(x)i, for a(x) ∈ F [x]. What does it mean for
hp(x)i
a(x) + hp(x)i to be nonzero? It means that a(x) ∈ / hp(x)i, so p(x) 6 | a(x).
Now what is the greatest common divisor of a(x) and p(x)? Well, (a(x), p(x)) | p(x), but p(x) is
irreducible — its only factors are units and unit multiples of p(x).
Suppose (a(x), p(x)) = k · p(x), where k ∈ F and k 6= 0. Then k · p(x) | a(x), i.e. k · p(x)b(x) = a(x) for
some b(x). But then p(x)[k · b(x)] = a(x) shows that p(x) | a(x), contrary to assumption.
The only other possibility is that (a(x), p(x)) = k, where k ∈ F and k 6= 0. So I can find polynomials
m(x), n(x), such that
a(x)m(x) + p(x)n(x) = k.
Then    
1 1
a(x) · m(x) + p(x) · n(x) = 1.
k k
Hence,    
1 1
a(x) · m(x) + p(x) · n(x) + hp(x)i = 1 + hp(x)i
k k
 
1
a(x) · m(x) + hp(x)i = 1 + hp(x)i
k
 
1
(a(x) + hp(x)i) m(x) + hp(x)i = 1 + hp(x)i
k

2
 1
This shows that m(x) + hp(x)i is the multiplicative inverse of a(x) + hp(x)i. Therefore, a(x) + hp(x)i
k
F [x]
is invertible, and is a field.
hp(x)i
Going the other way, suppose that p(x) is not irreducible. Then I can find polynomials c(x), d(x) such
that p(x) = c(x)d(x), where c(x) and d(x) both have smaller degree than p(x).
Because c(x) and d(x) have smaller degree than p(x), they’re not divisible by p(x). In particular,

c(x) + hp(x)i =
6 0 and d(x) + hp(x)i =
6 0.

But p(x) = c(x)d(x) gives

p(x) + hp(x)i = c(x)d(x) + hp(x)i

0 = (c(x) + hp(x)i) (d(x) + hp(x)i)

F [x]
This shows that has zero divisors. Therefore, it’s not an integral domain — and since fields are
hp(x)i
integral domains, it can’t be a field, either.

Q[x]
Example. (A quotient ring which is not an integral domain) Prove that is not an integral
hx2 − 1i
domain by exhibiting a pair of zero divisors.

(x − 1) + hx2 − 1i and (x + 1) + hx2 − 1i are zero divisors, because

(x − 1)(x + 1) = x2 − 1 = 0 mod x2 − 1 .

Q[x]
Example. (A quotient ring which is a field) (a) Show that is a field.
hx2 + 2x + 2i
Q[x]
(b) Find the inverse of (x3 + 1) + hx2 + 2x + 2i in .
hx2 + 2x + 2i
(a) Since x2 + 2x + 2 = (x + 1)2 + 1 > 0 for all x ∈ Q, it follows that x2 + 2x + 2 has no rational roots.
Hence, it’s irreducible, and the quotient ring is a field.

(b) Apply the Extended Euclidean algorithm to x3 + 1 and x2 + 2x + 2:

x2 5x 3
x3 + 1 - − +
2 4 2
x 1
x2 + 2x + 2 x−2 −
2 4
x 1
2x + 5 − 1
2 4
13 8x 20
+ 0
4 13 13

Therefore,
x2
   
13 5x 3 x 1
= − + (x2 + 2x + 2) − − (x3 + 1).
4 2 4 2 2 4

3
 Hence,
x2
   
4 5x 3 4 x 1
1= − + (x2 + 2x + 2) − − (x3 + 1).
13 2 4 2 13 2 4
Reducing mod x2 + 2x + 2, I get
 
4 x 1
1 + hx2 + 2x + 2i = − − (x3 + 1) + hx2 + 2x + 2i
13 2 4
   
4 x 1
1 + hx2 + 2x + 2i = − + hx2 + 2x + 2i (x3 + 1) + hx2 + 2x + 2i


−
13 2 4
 
4 x 1
Thus, − − + hx2 + 2x + 2i is the inverse of (x3 + 1) + hx2 + 2x + 2i.
13 2 4

Z2 [x]
Example. (A field with 4 elements) (a) Prove that is a field.
hx2 + x + 1i
(b) Find ax + b ∈ Z2 [x] so that

(x4 + x3 + 1) + hx2 + x + 1i = (ax + b) + hx2 + x + 1i.

Z2 [x]
(c) Construct addition and multiplication tables for .
hx2 + x + 1i
(a) Let f (x) = x2 + x + 1. Then f (0) = 1 and f (1) = 1. Since f has no roots in Z2 , it’s irreducible. Hence,
Z2 [x]
2
is a field.
hx + x + 1i
(b) By the Division Algorithm,

x4 + x3 + 1 = (x2 + x + 1)(x2 + 1) + x.

This equation says that x4 + x3 + 1 and x differ by a multiple of x2 + x + 1, so they represent the same
coset mod x2 + x + 1.
Therefore,
(x4 + x3 + 1) + hx2 + x + 1i = x + hx2 + x + 1i.
(c) By the Division Algorithm, if f (x) ∈ Z2 [x], then

f (x) = (x2 + x + 1)q(x) + (ax + b), where a, b ∈ Z2 .

Z2 [x]
There are two possibilities for a and two for b, a total of 4. It follows that is a field with
hx2 + x + 1i
4 elements. The elements are

0 + hx2 + x + 1i, 1 + hx2 + x + 1i, x + hx2 + x + 1i, (x + 1) + hx2 + x + 1i.

Z2 [x]
Here are the addition and multiplication tables for :
hx2 + x + 1i

+ 0 1 x x+1
0 0 1 x x+1
1 1 0 x+1 x
x x x+1 0 1
x+1 x+1 x 1 0

4
 · 0 1 x x+1
0 0 0 0 0
1 0 1 x x+1
x 0 x x+1 1
x+1 0 x+1 1 x

The addition table is fairly easy to understand: For example, x + (x + 1) = 1, because 2x = 0 (mod 2).
For the multiplication table, take x · x as an example. x · x = x2 ; I apply the Division Algorithm to get

x2 = 1 · (x2 + x + 1) + (x + 1).


So x · x = x + 1 mod x2 + x + 1 .
Alternatively, you can use the fact that in the quotient ring x2 + x + 1 = 0 (omitting the coset notation),
2
so x = x + 1 (remember that −1 = 1 in Zs ).

Remark. In the same way, you can construct a field of order pn for any prime n and any n ≥ 1. Just take
Zp [x]
Zp [x] and form the quotient ring , where f (x) is an irreducible polynomial of degree n.
hf (x)i
Z3 [x]
Example. (Computations in a quotient ring) (a) Show that is a field.
hx3 + 2x + 1i
Z3 [x]
(b) How many elements are there in ?
hx3 + 2x + 1i
(c) Compute  2
(x + x + 2) + hx3 + 2x + 1i (2x2 + 1) + hx3 + 2x + 1i .
 

Express your answer in the form (ax2 + bx + c) + hx3 + 2x + 1i, where a, b, c ∈ Z3 .

 −1
(d) Find (x2 + 1) + hx3 + 2x + 1i .
(a) x3 + 2x + 1 has no roots in Z3 :

x 0 1 2
x3 + 2x + 1 (mod 3) 1 1 1

Z3 [x]
Since x3 + 2x + 1 is a cubic, it follows that it’s irreducible. Hence, is a field.
hx3 + 2x + 1i
Z3 [x]
(b) By the Division Algorithm, every element of can be written in the form
hx3 + 2x + 1i

(ax2 + bx + c) + hx3 + 2x + 1i, where a, b, c ∈ Z3 .

Z3 [x]
There are 3 choices each for a, b, and c. Therefore, has 33 = 27 elements.
hx3 + 2x + 1i
(c)

(x2 + x + 2) + hx3 + 2x + 1i (2x2 + 1) + hx3 + 2x + 1i = (2x4 + 2x3 + 2x2 + x + 2) + hx3 + 2x + 1i.

  

By the Division Algorithm,

2x4 + 2x3 + 2x2 + x + 2 = (2x + 2)(x3 + 2x + 1) + x2 .

5
 Therefore,
(2x4 + 2x3 + 2x2 + x + 2) + hx3 + 2x + 1i = x2 + hx3 + 2x + 1i.
(d) Apply the Extended Euclidean algorithm:

x3 + 2x + 1 - x2 + 2x + 1
x2 + 1 x x+2
x+1 x+2 1
2 2x + 2 0

(x2 + 2x + 1)(x2 + 1) − (x + 2)(x3 + 2x + 1) = 2

(2x2 + x + 2)(x2 + 1) − (2x + 1)(x3 + 2x + 1) = 1
Therefore,
 2
(2x + x + 2) + hx3 + 2x + 1i (x2 + 1) + hx3 + 2x + 1i = 1 + hx3 + 2x + 1i.
 

Hence,
(x2 + 1) + hx3 + 2x + 1i = (2x2 + x + 2) + hx3 + 2x + 1i.
 −1

c 2018 by Bruce Ikenaga 6