Group theory

Additional material on the integers, and congruence classes 1

In this note, we treat some material from ‘Preliminaries’ of the textbook. In particular, those
related to the greatest common divisor, the (extended) Euclidean algorithm, the congruence
classes modulo n, and Euler’s ϕ-function.

1 Integers
Definition 1.1. For a and b in Z, we say b is divisible by a, or a divides b, if there exists some
c in Z with b = ac. We write this as a | b. If such a c does not exist, then b is not divisible by a,
or a does not divide b, and we write this as a - b.

It is easily checked from the definition that a | b and b | c implies that a | c. Also, from a | b
and a | c it folows that a | (xb + yc) for all integers x and y.

Exercise 1.2. (a) For which a in Z is a | 0 true? And for which b in Z does 0 | b hold?

(b) Show that, for a and b in Z, we have: a | b and b | a if and only if a = b or a = −b.

Definition 1.3. For a and b in Z, the integer d is a greatest common divisor of a and b if:

(i) d | a and d | b;

(ii) if e in Z satisfies both e | a and e | b, then e | d;

(iii) d ≥ 0.

If d and d0 both satisfy (i) and (ii), then they divide each other, hence d0 = d or d0 = −d.
Hence (iii) makes the greatest common divisor (gcd for short) of a and b, denoted gcd(a, b),
unique, if it exists.
However, it is not obvious that gcd exists for integers which we will prove in Proposition 1.6.
First, we shall set up the following convention: if A, B, C and D are integers, then gcd(A, B) =
gcd(C, D) means that either both gcd’s exist and they are equal, or neither gcd exists. By the
symmetry in the definition, we have gcd(a, b) = gcd(b, a).

Exercise 1.4. (a) Show that gcd(a, 0) exists and equals |a| for all a in Z.

(b) Prove that gcd(a, b) = gcd(a − qb, b) for all q in Z. Hint: for gcd(a, b), consider the set
{e ∈ Z+ : e | a and e | b}2 of common divisors of a and b, and similarly for a − qb and b.

Division with remainder. The division (with remainder) of a by b is given as follows: for
a, b ∈ Z and b 6= 0, there exist unique q and r in Z such that

a = qb + r 0 ≤ r ≤ |b| − 1

where q is the quotient and r the remainder. This is also known as “long division” in elementary
arithmetic.
Using the properties of gcd, we have

gcd(a, b) = gcd(a − qb, b) = gcd(r, b) = gcd(b, r) .

1
Notes written by Rob de Jeu, updated by Ilke Canakci.
2
Throughout this note, we reserve the notation Z+ for positive integers.

1
Euclidean Algorithm3 . If r = 0, then gcd(a, b) = gcd(b, 0) = |b|, and if r 6= 0, then we repeat
this process iteratively until it terminates. For this, we introduce notation for iterated division
with remainder: let r−2 = a, r−1 = b, and for i ≥ 0 we define inductively ri = ri−2 − qi ri−1
if ri−1 6= 0, where ri−2 = qi ri−1 + ri is the division (with remainder ri ) of ri−2 by ri−1 . Since
r−1 > r0 > r1 > . . . is an inequality of non-negative integers, there exists some j with rj = 0,
where we stop the process. Since gcd(ri−2 , ri−1 ) = gcd(ri−2 − qi ri−1 , ri−1 ) = gcd(ri , ri−1 ) =
gcd(ri−1 , ri ) for i = 0, 1, . . . , j and gcd(rj−1 , 0) = rj−1 , we have

gcd(a, b) = gcd(r−2 , r−1 ) = gcd(r−1 , r0 ) = · · · = gcd(rj−1 , rj ) = rj−1 .

Extended Euclidean Algorithm. This is a recursion formula for the remainders ri in the
Euclidean algorithm in terms of a and b.
Let m−2 = 1, m−1 = 0, n−2 = 0 and n−1 = 1, then we can write ri = mi a + ni b for i = −2
and i = −1. By substituting ri = ri−2 − qi ri−1 , for i = 0, 1, . . . , j − 1, we inductively obtain

ri = ri−2 − qi ri−1
= mi−2 a + ni−2 b − qi (mi−1 a + ni−1 b)
= (mi−2 − qi mi−1 )a + (ni−2 − qi ni−1 )b
= mi a + ni b

where mi = mi−2 − qi mi−1 and ni = ni−2 − qi ni−1 .

Example 1.5. Let a = 300 and b = 138. Applying the (extended) Euclidean algorithm,

i ri mi ni qi ri−2 = qi ri−1 + ri
−2 300 1 0 -
−1 138 0 1 -
0 24 1 −2 2 300 = 2 · 138 + 24
1 18 −5 11 5 138 = 5 · 24 + 18
2 6 6 −13 1 24 = 1 · 18 + 6
3 0 18 = 3 · 6 + 0

Here r3 = 0, so |r2 | = gcd(300, 138), and we can write it as 6 = 6 · 300 − 13 · 138.

Proposition 1.6. For a and b in Z, their greatest common divisor gcd(a, b) exists, and there
are m and n in Z with gcd(a, b) = ma + nb.

Proof. If ab 6= 0, then we can compute gcd(a, b) as well as suitable m and n by using the
extended Euclidean algorithm. 

Remark 1.7. (i) If gcd(a, b) = 1, then a and b are called relatively prime or coprime.

(ii) The fact that gcd(a, b) = ma + nb for some m and n in Z is called Bézout’s identity 4 ,
the m and n are called Bézout coefficients.

Exercise 1.8. (a) Show that if a and b are in Z, with b 6= 0, then there exist q and r in Z with
a = qb + r and |r| ≤ |b|/2. Are such q and r always unique?
3
After Euclid, mid 4th century BC – mid 3rd century BC.
4
After Étienne Bézout (1730-1783) who proved this for polynomials in one variable. For integers, it is at-
tributed to Claude-Gaspard Bachet (1581-1638).

2
(b) Prove that the extended Euclidean algorithm also works with the condition given in part
(a). Compute the corresponding table for Example 1.5 above. Which of the two methods
is more efficient?

Exercise 1.9. Find and prove a formula for det( mmi−1i

ni−1
ni ), where i = −1, 0, . . . , j − 1 with
rj = 0 in the extended Euclidean algorithm. Does it also hold in the variation of Exercise 1.8?

Lemma 1.10. Let a, b, c ∈ Z such that a | bc and gcd(a, b) = 1, then a | c.

Proof. By Bézout’s identity, there exist integers m and n with 1 = gcd(a, b) = ma + nb, so
c = mac + nbc. The right-hand side here is divisible by a, so a | c. 

Definition 1.11. A positive integer p ≥ 2 is called a prime number if its only positive divisors
are 1 and p, i.e. if p = ab for p, a, b ∈ Z+ , then a = p or b = p.

Lemma 1.12 (Euclid’s lemma). If p is a prime number and p | b1 b2 for b1 , b2 ∈ Z, then p | b1

or p | b2 .

Proof. Note that gcd(p, b1 ) is a positive divisor of p, so it must be either 1 or p as p is a prime

number. If gcd(p, b1 ) = p, then p | b1 . If gcd(p, b1 ) = 1, then we have p | b2 by Lemma 1.10. 

Using induction on m, one can prove the following generalisation of Euclid’s lemma Lemma 1.12.

Lemma 1.13. If p is a prime number, and p | b1 . . . bm for m ≥ 1 and integers b1 , . . . , bm , then

p | bj for some j = 1, . . . , m.

Unique prime factorisation: Fundamental theorem of arithmetic. This theorem states

that every integer greater than 1 is either prime or can be written as the product of prime
numbers in a unique way.

Theorem 1.14 (Fundamental theorem of arithmetic). Every integer n ≥ 2 can be written as

n = p1 p2 . . . ps

for some s ≥ 1 and p1 ≤ p2 ≤ · · · ≤ ps prime numbers, and this representation of n is unique.

Proof. We will use induction on n. For the base case, we let n = 2 but this is a prime number
so the base case holds. Now fix n > 2 and for the induction hypothesis, assume that each of
2, 3, . . . , n − 1 has a representation as in the theorem. In the induction step, we want to show
that n also has such representation.
If n is a prime number, then we are done by setting s = 1 and p1 = n. If n is not prime,
then we can write it as n = ab for some a, b ∈ Z with a, b ≥ 2. Then, 2 ≤ a, b < n so we can
apply the induction hypothesis on both a and b. Hence, a and b have representations as in the
theorem. Taking the product of those and reordering the prime numbers in the result in the
form of the theorem, we obtain a desired representation for n.
Hence, every n ≥ 2 has a representation as a product of prime numbers We need to show
such representation is unique.
Claim. Suppose n = p1 p2 . . . ps with p1 ≤ p2 ≤ · · · ≤ ps prime numbers. Then this representa-
tion is unique.
In order to show the claim, we will apply induction on s (not n!). If s = 1 (base case), then
n = p1 is a prime number and it cannot be written as a product of more prime numbers.

3
 As for induction hypothesis, suppose the claim is true, i.e. every integer greater than 2
which has a presentation as a product of at most s − 1 primes has a unique such factorisation.
Now fix n ≥ 2 such that n can be written as a product of s primes, i.e. n = p1 p2 . . . ps with
p1 ≤ p2 ≤ · · · ≤ ps primes and s ≥ 2. Assume also that n = q1 q2 . . . qt with q1 ≤ q2 ≤ · · · ≤ qt
primes and q ≥ 2. (We are going to compare each pi with qi ).
If p1 6= q1 , then either p1 < q1 or q1 < p1 . Suppose first p1 < q1 . Since p1 | q1 . . . qt , by the
generalisation of Euclid’s lemma 1.13, we have p1 | qj for some j = 1, . . . , t. Since qj is prime
and p1 > 1, it follows that qj = p1 . Then, q1 ≤ qj = p1 < q1 , a contradiction. Thus, p1 < q1
does not occur. A similar argument shows q1 < p1 does not occur either. Thus, p1 = q1 .
After dividing n by p1 = q1 , we obtain n0 = p2 . . . ps = q2 . . . qt with n = p1 n0 . Then n0 is
written as a product of s − 1 prime numbers ordered by size. We also have n0 ≥ 2 (because
otherwise n would be equal to p1 which is a prime number). By the induction hypothesis, the
factorisation of n0 is unique, so s − 1 = t − 1 and qi = pi for i = 2, . . . s. Hence, n has a unique
such prime factorisation as required.


Problems

1.1 Suppose a, b ∈ Z. Show that gcd(a, b) = 0 if and only if a = b = 0.

1.2 Compute gcd(a, b), as well as integers m and n with gcd(a, b) = ma + nb, for the following
numbers: (i) a = 91 and b = 234; (ii) a = 169 and b = 221; (iii) a = 123 and b = 321;
(iv) a = 1234 and b = 4321; (v) a = 1234 and b = 5678; (vi) a = 10101 and b = 11011.

1.3 Suppose ma + nb = gcd(a, b) for some integers m, n, a and b. Determine all integers m0 and
n0 satisfying m0 a + n0 b = gcd(a, b).

1.4 If a, b ∈ Z and ma + nb = d for some integers m and n, when can we conclude that
gcd(a, b) = d?

1.5 Let a, b ∈ Z+ with gcd(a, b) = 1. What is the smallest integer x ≥ 0 such that x, x + 1, x +
2, . . . can all be written in the form ma + nb with m ≥ 0 and n ≥ 0 integers?

1.6 For a, b ∈ Z, the integer M is a least common multiple of a and b, denoted lcm(a, b), if

(i) a | M and b | M ;
(ii) if N ∈ Z satisfies both a | N and b | N , then M | N ;
(iii) M ≥ 0.

Prove that for all a and b in Z a least common multiple exists and is unique. Also prove
that gcd(a, b) lcm(a, b) = |ab|.
Hint: Treat the cases ab = 0 and ab 6= 0 separately.

1.7 Let b ≥ 2 be an integer. Show that for each integer n ≥ 1, we have

n = am bm + am−1 bm−1 + · · · + a1 b + a0

for m ≥ 0, with all ai in {0, 1, . . . , b − 1} and am 6= 0, and that this way of presentation of a
given n is unique. [We call (am am−1 . . . a0 )b the representation of n with respect to base b.
If b = 2, we also call it its binary representation.]

4
1.8 The ai in Problem 1.7 for a given n ≥ 1 can be computed as follows, using iterated division
with remainder by b. Define c0 = n, and then ci+1 for i ≥ 0 inductively by ci = ci+1 b + ri
with ri = 0, 1, . . . , b − 1 as long as ci 6= 0. Show that cm+1 = 0, and that ri = ai for
i = 0, 1, . . . , m. Apply this in order to find the representations, as in Problem 1.7, for
n = 147 with respect to base 2 and with respect to base 6.