Chapter 8

Rings and modular

arithmetic

So far, we have been working with just one operation at a time. But standard
number systems, such as Z, have two operations + and · which interact. It is
useful to give a name to this sort of thing.
Definition 8.1. A ring consists of a set R with elements 0, 1 2 R, and binary
operations + and · such that: (R, +, 0) is an Abelian group, · is associative with
1 as the identity, and · distributes over + on the left and right:

x · (y + z) = x · y + x · z

(y + z) · x = y · x + z · x
Definition 8.2. A ring is commutative if in addition

x·y =y·x

Here are some basic examples that everyone should already know.
Example 8.3. Let Z (respectively Q, R , C) be the set of integers (respectively
rational numbers, real numbers, complex numbers) with the usual operations.
These are all commutative rings.

Example 8.4. The set Mnn (R) of n ⇥ n matrices over R with the usual matrix
operations forms a ring. It is not commutative when n > 1.
We now focus on a new example. Let n be a positive integer, and write
Zn = Z/nZ = {0, 1, . . . , n 1}, where x = x + nZ. We already know that this
has an addition given by addition of cosets:

a+b=a+b

40
For hereon in, we’ll stop writing . We will try to define multiplication the
same way by
ab = ab
However, we have to prove that this definition makes sense. In other words, we
have to show that right side depends only on a and b rather than a and b.
Lemma 8.5. If a = a0 and b = b0 , then ab = a0 b0
Proof. The equality x = x0 holds if and only if x x0 is divisible by n. Therefore
a0 = a + nx and b = b0 + ny for some x, y 2 Z. It follows that a0 b0 = ab + n(xb0 +
ya0 + nxy).

Theorem 8.6. Zn is a commutative ring.

Proof. The laws follow from the fact that Z is a commutative ring, the definition
of the operations in Zn , and the fact that the map Z ! Zn is onto. For example,
here is a proof of the distributive law

(x + y)z = (x + y)z = (x + y)z

When it’s clear we’re working in Zn , we usually just write x instead of x̄.
To get a feeling for modular multiplication, lets write down the table for Z6

· 0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 0 2 4
3 0 3 0 3 0 3
4 0 4 2 0 4 2
5 0 5 4 3 2 1

One curious fact is that some nonzero numbers, such as 2, can be multiplied by
other nonzero numbers to get 0. We say that such a number is a zero divisor.
Lemma 8.7. An element m 2 Zn is a zero divisor if m > 1 and m divides n.
Proof. We have that n = mm0 for some 0 < m0 < n. So that mm0 = 0

Also notice that the number 5 has a reciprocal, namely 5.

Definition 8.8. An element x 2 R of a ring is invertible if there exists an
element y such that xy = yx = 1. Let R⇤ denote the set of invertible elements.
(When R is commutative, invertible elements are also called units.)
Lemma 8.9. If R is a ring R⇤ is a group with respect to multiplication.

41
 This will be proven in the exercises. The group of invertible elements are
easy to determine for the previous examples. For example, Mnn (R)⇤ = GLn (R).
Given two integers a, b, a common divisor is an integer d such that d|a and
d|b. The greatest common divisor is exactly that, the common divisor greater
than or equal to all others (it exists since the set of common divisors is finite).
We denote this by gcd(a, b).
Lemma 8.10 (Euclid). If a, b are natural numbers then gcd(a, b) = gcd(b, a mod b)
Proof. Let r = a mod b. Then the division algorithm gives a = qb + r for some
integer q. SInce gcd(b, r) divides b and r, it divides qb + r = a. Therefore
gcd(b, r) is a common divisor of a and b, so that that gcd(b, r)  gcd(a, b). On
the other hand, r = a qb implies that gcd(a, b)|r. Therefore gcd(a, b) is a
common divisor of b and r, so gcd(a, b)  gcd(b, r), which forces them to be
equal.
This lemma leads to a method for computing gcds. For example

gcd(100, 40) = gcd(40, 20) = gcd(20, 0) = 20.

For our purposes, a diophantine equation is an equation with integer co-

efficients where the solutions are also required to be integers. The simplest
examples are the linear ones: given integers a, b, c, find all integers m, n such
that am + bn = c.

Theorem 8.11. Given integers a, b, c, am+bn = c has a solution with m, n 2 Z

if and only if gcd(a, b)|c.
Proof. Since (m0 , n0 ) = (±m, ±n) is a solution of ±an0 + ±bm0 = c, we may as
well assume that a, b 0. We now prove the theorem for natural numbers a, b
by induction on the minimum min(a, b).
If min(a, b) = 0, then one of them, say b = 0. Since a = gcd(a, b) divides
c by assumption, (c/a, 0) gives a solution of am + bn = c. Now assume that
a0 m + b0 n = c0 has a solution whenever min(a0 , b0 ) < min(a, b) and the other
conditions are fulfilled. Suppose b  a, and let r = r(a, b) = a mod b and
q = q(a, b) be given as in theorem 4.5. Then rm0 + bn0 = c has a solution since
min(r, b) = r < b = min(a, b) and gcd(b, r) = gcd(a, b) divides c. Let m = n0
and n = m0 qn0 , then

am + bn = an0 + b(m0 qn0 ) = bm0 + rn0 = c.

From the last proof, we can deduce:

Corollary 8.12. Given a, b 2 Z, there exists m, n 2 Z such that am + bn =

gcd(a, b).
We can now determine the invertible elements

42
Theorem 8.13. m 2 Zn is invertible if and only if gcd(m, n) = 1 (we also say
that m and n are relatively prime or coprime).
Proof. If gcd(m, n) = 1, then mm0 + nn0 = 1 or mm0 = n0 n + 1 for some
integers by corollary 8.12. After replacing (m0 , n0 ) by (m0 + m00 n, n0 m00 ) for
some suitable m00 , we can assume that 0  m0  n. Since have r(mm0 , n) = 1,
mm0 = 1.
The converse follows by reversing these steps.
Definition 8.14. A ring is called a division ring if R⇤ = R {0}. A commu-
tative division ring is called a field.
For example Q, R and C are fields. We will see a noncommutative division
ring later on. The previous theorem implies the following:
Theorem 8.15. The ring Zn is a field if and only if n is prime.
Corollary 8.16 (Fermat’s little theorem). When p is a prime and n and inte-
ger, then p divides np n.

Proof. If p divides n, then clearly it divides np n. Now suppose that p does not
divide n, then n 2 Z⇤p . This is a group of order p 1. So by Lagrange’s theorem,
n has order dividing p 1. This implies that np 1 = 1, or that np 1 1 = 0.
This implies that p divides np 1 1 (which is usually taken as the statement of
Fermat’s little theorem) and therefore np n.

8.17 Exercises
1. Let R be a commutative ring. Prove that 0 · x = 0. (This might appear
to be a completely obvious statement, but it isn’t – the only things you
know about R are what follows from the axioms.)

2. Let R be a commutative ring. Prove that ( 1) · x = x, where x is the

additive inverse of x, that is ( x) + x = 0.
p
3. The Gaussian integers Z[i] = {a + bi | a, b 2 Z}, where i = 1.
(a) Check that is closed under addition and multiplication, and is there-
fore a ring.
(b) Determine the group Z[i]⇤ of invertible elements.
4. Check that the Gaussian field Q[i] = {a + bi | a, b 2 Q} is a field when
equipped with the usual operations.
5. Prove that there are no zero divisors in a field, i.e. if xy = 0 then x = 0
or y = 0.

43
6. If R1 and R2 are commutative rings, define R = R1 ⇥ R2 with operations
(a1 , a2 ) + (b1 , b2 ) = (a1 + b1 , a2 + b2 ) and (a1 , a2 ) · (b1 , b2 ) = (a1 b1 , a1 b2 ).
Check that this is a commutative ring with appropriate choice of constants.
Show that this has zero divisors.
7. An element x of a commutative ring is nilpotent if xN = 0 for some integer
N 0. Determine the nilpotent elements of Zn .
8. Prove that the sum and product of nilpotent elements in a commutative
ring are also nilpotent.
9. Sequences of “random” numbers are often generated on a computer by
the following method: Choose integers n 2, a, b, x0 , and consider the
sequence
xi+1 = (axi + b) mod n.
This sequence will eventually repeat itself. The period is the smallest k
such that xi+k = xi for all i large enough. Obviously, short periods are
less useful, since the pattern shouldn’t be too predictable.

(a) Prove that the period is at most n.

(b) Explain why picking a nilpotent in Zn would be a really bad choice.

44