Lecture 24: The Primitive Root Theorem

Summary

Today we stated and proved the primitive root theorem, giving a full description of those integers m for which there exists a primitive root modulo m. This involved showing that certain integers can't have primitive roots (based on their prime factorization), and then showing the existence of primitive roots for other moduli. In particular we saw that primitive roots mod $p^2$ can be used to find primitive roots mod $p^m$, where p is an odd prime.

Recap

Last class period we talked about primitive roots modulo p, where p was an odd prime number. The key result was a proof of the following

Lemma: For $d \mid p-1$, the number of integers a with $1 \leq a \leq p-1$ such that $\mbox{ord}_p(a) = d$ is exactly $\phi(d)$.

In particular this result told us that primitive roots do exist modulo p. This result did not, however, give us a method for actually finding these primitive roots; it just promised that they exist.

Example: Orders of Elements mod 17

Last class period we started writing down orders for elements mod 17. Notice that an element mod 17 must have order from the set $\{1,2,4,8,16\}$, since these are the divisors of $\phi(17) = 16$. Using this fact, notice that we have

(1)
\begin{split} 3^1 &\not\equiv 1 \mod{17}\\ 3^2 &\equiv 9 \not\equiv 1 \mod{17}\\ 3^{4} &\equiv 9^2 \equiv 81 \equiv 13 \mod{17} \quad \quad (\mbox{since }81 = 4*17+13)\\ 3^{8} &\equiv (13)^2 \equiv (-4)^2 \equiv 16 \equiv -1 \not\equiv 1 \mod{17}. \end{split}

Hence 3 is a primitive root. This will make computing the orders of other elements easier.

$3^j$ $\mbox{gcd}(16,j)$ $\mbox{ord}_{17}(3^j)$ $3^j$ $\mbox{gcd}(16,j)$ $\mbox{ord}_{17}(3^j)$
31 1 16 39 1 16
32 2 8 310 2 8
33 1 16 311 1 16
34 4 4 312 4 4
35 1 16 313 1 16
36 2 8 314 2 8
37 1 16 315 1 16
38 8 2 316 16 1

Notice that we have $\phi(16) = 8$ elements of order 16, $\phi(8) = 4$ elements of order 8, $\phi(4) = 2$ elements of order 4, $\phi(2)=1$ element of order 2, and $\phi(1) = 1$ element of order 1.

Moduli Without Primitive Roots

Now that we've spent some time talking about moduli m which do have primitive roots, let's find a few that don't have primitive roots. We've already seen in class that 8 has no primitive roots. What about higher powers of 2?

Proposition: There is no primitive root modulo $2^m$, where $m \geq 3$.

Proof: We'll prove this result by induction. The base case ($m=3$) was done in class some time ago. Now let a be a given integer relatively prime to $2^m$. This means that a is an odd number. We'll show that

(2)
\begin{align} a^{2^{m-2}} \equiv 1 \mod{2^m}. \end{align}

Since $\phi(2^m) = 2^{m-1}$, this will prove that there is no primitive root mod $2^m$.

Now by induction we know $a^{2^{m-3}} \equiv 1 \mod{2^{m-1}}$. Hence

(3)
$$a^{2^{m-3}} = 1 + c2^{m-1}.$$

Squaring both sides of this equation gives

(4)
\begin{align} a^{2^{m-2}} = 1 + c2^m + c^22^{2(m-1)} \equiv 1 \mod{2^m}. \end{align}

$\square$

This rules out an infinite class of integers from having primitive roots. This next result will cut out even more.

Proposition: There are no primitive roots modulo mn if m,n are relatively prime integers greater than 2.

Proof: Since m,n are relatively prime, this implies $\phi(mn) = \phi(m)\phi(n)$. Hence a primitive root mod mn would need to have order $\phi(m)\phi(n)$. Instead, we'll show that if $(a,mn) = 1$, then we have

(5)
\begin{align} a^{\frac{\phi(m)\phi(n)}{2}} \equiv 1 \mod{mn}. \end{align}

This means that no element mod mn can be a primitive root, and so it gives the result we want.

Now since $m,n>2$ we know that 2 is a common divisor of $\phi(m)$ and $\phi(n)$. Now we'll compute a raised to $\frac{\phi(m)\phi(n)}{2}$ mod m and n, then stitch these results together. We have

(6)
\begin{split} a^{\frac{\phi(m)\phi(n)}{2}} &\equiv \left(a^{\phi(m)}\right)^{\frac{\phi(n)}{2}} \equiv 1^{\frac{\phi(n)}{2}} \equiv 1 \mod{m}\\ a^{\frac{\phi(n)\phi(m)}{2}} &\equiv \left(a^{\phi(n)}\right)^{\frac{\phi(m)}{2}} \equiv 1^{\frac{\phi(m)}{2}} \equiv 1 \mod{n}.\\ \end{split}

Putting these together with CRT, we see that Equation (5) is true. $\square$

The two previous results together tells us that

Corollary: If m has a primitive root, then m is either 1,2,4, a power of an odd prime, or twice a power of an odd prime.

Integers that do have primitive roots

We're going to prove that all these remaining integers actually do have primitive roots. We already know that primitive roots exist modulo primes p. Let's see if we can't step that up to prove there exist primitive roots mod a power of a prime number. We'll get there in a few steps. First we'll try to prove there exist primitive roots mod $p^2$.

Proposition: If p is an odd prime, then there exists a primitive root mod $p^2$.

Proof: Suppose that r is a primitive root mod p; such an element exists from the work we did in Friday's class. Now we know that if $n = \mbox{ord}_{p^2}(r)$, then we have $n \mid \phi(p^2) = p(p-1)$. We also know that $r^n \equiv 1 \mod{p^2}$ implies $r^n \equiv 1 \mod{p}$, and so we get $p-1 = \mbox{ord}_p(r) \mid n$. Together, this means that we have either $n = p-1$ or $n = p(p-1)$. If the latter case is true, then we're finished: such an r is a primitive root mod $p^2$.

Otherwise, consider the element $r+p$. Since it is congruence to r mod p, it is still a primitive root mod p. Hence its order is either $p-1$ or $p(p-1)$. We'll show that the former is impossible, and so we will be able to conclude that $r+p$ is a primitive root mod $p^2$. To see that $r+p$ can't have order $p-1$, we compute:

(7)
\begin{split} (r+p)^{p-1} = r^{p-1} + \left(\begin{array}{c}p-1\\1\end{array}\right) r^{p-2}p + \left(\begin{array}{c}p-1\\2\end{array}\right) r^{p-3}p^2 + \cdots. \end{split}

Now the "tail" of this expression is clearly divisible by $p^2$, and so modulo $p^2$ we have

(8)
\begin{split} (r+p)^{p-1} \equiv r^{p-1} + (p-1) r^{p-2}p \equiv r^{p-1} - pr^{p-2}.\mod{p^2} \end{split}

We are already assuming that the order of r mod $p^2$ is $p-1$, and hence we get $r^{p-1} \equiv 1 \mod{p^2}$. Also, we know that $pr^{p-2} \not\equiv 0 \mod{p^2}$ since $(r,p) = 1$. Therefore the previous equation says

(9)
\begin{align} (r+p)^{p-1} \equiv 1 - pr^{p-2} \not\equiv 1 \mod{p^2}. \end{align}

Hence we get that $\mbox{ord}_{p^2}(r+p) \neq p-1$, and so we must have that $r+p$ is a primitive root mod $p^2$. $\square$

This might seem like we've only made slight progress, moving from primitive roots mod p to primitive roots mod $p^2$. As it turns out, though, this firs step is all one needs to do: primitive roots mod $p^2$ are always primitive roots mod $p^m$.

Proposition: Any primitive root mod $p^2$ is a primitive root mod $p^m$, where p is an odd prime.

Proof: Let r be a primitive root mod $p^2$, and write n for $\mbox{ord}_{p^m}(r)$. As before, we know that

(10)
\begin{align} r^{\phi(p^m)} \equiv r^{p^{m-1}(p-1}} \equiv 1 \mod{p^m} \LongRightarrow n \mid p^{m-1}(p-1). \end{align}

Moreover we have that

(11)
\begin{align} r^{n} \equiv 1 \mod{p^m} \Rightarrow r^n \equiv 1 \mod{p^2} \Rightarrow \mbox{ord}_{p^2}(r) \mid n. \end{align}

Since we know that $\mbox{ord}_{p^2}(r) = p(p-1)$ (since r is a primitive root mod $p^2$), Equations (10) and (11) together imply

(12)
\begin{align} n = \mbox{ord}_{p^m}(r) = p^k(p-1) \quad \mbox{for some }1 \leq k \leq m-1. \end{align}

Now we would like to show that $n = p^{m-1}(p-1)$, so we need to show that no choice of $k<m-1$ is possible in the above equation. To do this, we'll show that

(13)
\begin{align} r^{p^{m-2}(p-1)} \not\equiv 1 \mod{p^m} \end{align}

in the next lemma. In particular, this equation will force $\mbox{ord}_{p^m}(r) \neq p^k(p-1)$ for $k<m-1$, and hence we will be forced into the condition $\mbox{ord}_{p^m}(r) = p^{m-1}(p-1)$; i.e., r will be a primitive root. $\square$

Lemma: Suppose that r is a primitive root mod $p^2$. Then

$r^{p^{m-2}(p-1)} \not\equiv 1 \mod{p^m}$.

Proof: We'll prove this result by induction. The case $m=2$ is already taken care of since we know that

(14)
\begin{align} r^{p-1} \not\equiv 1 \mod{p^2} \end{align}

(since r is a primitive root, the smallest exponent which sends r to 1 is $\phi(p^2) = p(p-1)$). So assume that we know the result holds for $m-1$.

Now we know that

(15)
\begin{align} r^{\phi(p^{m-2})} \equiv 1 \mod{p^{m-2}}, \end{align}

and hence we have

(16)
$$r^{p^{m-3}(p-1)} = 1 + cp^{m-2};$$

notice that $p \nmid c$ since otherwise we'd have $r^{p^{m-3}(p-1)} \equiv 1 \mod{p^m-1}$, contrary to the induction hypothesis. Now we'll raise both sides of Equation (16) to the pth power. We get

(17)
\begin{split} r^{p^{m-2}(p-1)} &= (1+cp^{m-2})^p \\&= 1+\left(\begin{array}{c}p\\1\end{array}\right)cp^{m-2} + \left(\begin{array}{c}p\\2\end{array}\right)(cp^{m-2})^2 + \cdots \end{split}

Notice that all the first two terms are the only which survive when we consider this equation mod $p^m$: for instance, we know that $(cp^{m-2})^2 = c^2p^{2m-4}$, with the right hand side divisible by $p^2$ since $2m-4 \geq 2$. Hence we get

(18)
\begin{align} r^{p^{m-2}(p-1)} \equiv 1+pcp^{m-2} \equiv 1 + cp^{m-1} \mod{p^m}. \end{align}

Now since $p \nmid c$ we get $cp^{m-1} \not\equiv 0 \mod{p^m}$, and so we have

(19)
\begin{align} r^{p^{m-2}(p-1)}\equiv 1+cp^{m-1} \not\equiv 1 \mod{p^m} \end{align}

as desired. $\square$