Order, Primitive Roots and Quadratic Residue

BdMO National Camp 2021

Atonu Roy Chowdhury

[email protected]
April 29, 2021

§1 Order!
Let’s recall two of the theorems that we’ve seen before.

Theorem 1.1 (Fermat’s Little Theorem and Euler’s Theoem)

Let p be a prime number and a be an integer coprime with p. Then

ap−1 ≡ 1 (mod p)

More generally, if m and a are positive integers with gcd(a, m) = 1, then

aφ(m) ≡ 1 (mod m)

That is, if you take the sequence a1 , a2 , a3 , . . . in mod m, then the sequence eventually reaches
1 at aφ(m) , and thus it becomes periodic. But, does the sequence reach 1 before φ(m)?
The answer is yes. You can easily find examples. One simple example is: taking a = 2 and
m = 7. Then φ(m) = φ(7) = 6, but 23 ≡ 1 (mod 7). So 6 is not the smallest n such that
2n ≡ 1 (mod 7). We shall call this smallest such n “order”.

Definition 1.1 (Order modulo m). Let a and m be coprime positive integers. Then the
order of a modulo m, denoted by ordm (a) is defined as follows:

ordm (a) := min {n ∈ N : an ≡ 1 (mod m)}

That means, if ordm (a) = d, then ad ≡ 1 (mod m) and for every positive integer k smaller
than d, we have ak ̸≡ 1 (mod m).

Now a natural question arises: is there some formula using which we can calculate order? Sadly,
the answer is no. But hey, don’t get frustrated. You don’t really have to check every integer
from 1 to φ(m). To reduce your hardwork, there comes our next theorem. Evan Chen named
it “Fundamental Theorem of Orders”, so I’m keeping the name.

Theorem 1.2 (Fundamental Theorem of Orders)

aN ≡ 1 (mod m) if and only if ordm (a) | N .

1
Proof. Let ordm (a) = d. The if direction is trivial. If
( )q
d | N =⇒ N = dq =⇒ aN ≡ adq ≡ ad ≡ 1q ≡ 1 (mod m)

For the other direction, we just need to use the division algorithm to arrive at contradiction.
Assume for the sake of contradiction that d - N . That means, N leaves some non-zero remainder
upon division by d. So N = dq + r, where 0 < r < d. Now,
( )q
1 ≡ aN ≡ adq+r ≡ ad ar ≡ 1q ar ≡ ar (mod m) =⇒ ar ≡ 1 (mod m)

By definition of order, for every positive integer k smaller than d, we have ak ̸≡ 1 (mod m). Here,
r is a positive integer smaller than d, but ar ≡ 1 (mod m). Thus we arrive at a contradiction.
Hence d must divide N .

This theorem immediately gives us a corollary.

Corollary 1.3
If gcd(a, m) = 1, then ordm (a) | φ(m)

Now we shall see an application of the Fundamental Theorem of Orders.

Lemma 1.4
Let d = ordm (a). Then ax ≡ ay (mod m) if and only if x ≡ y (mod d).

Proof. WLOG, we can assume that x ≥ y. Order is defined only when gcd(a, m) = 1. Therefore,
we can actually divide both sides of the modular equation by ay .

ax ≡ ay (mod m) ⇐⇒ ax−y ≡ 1 (mod m) ⇐⇒ d | x − y ⇐⇒ x ≡ y (mod d)

Thus, we are done.

Alright, time for a fun exercise.

Exercise 1.1
Let a and n be coprime integers. Show that n | φ(an − 1)

Solution. Let N = an − 1. Obviously gcd(a, N ) = gcd(a, an − 1) = 1. Then by Corollary 1.3,

ordN (a) | φ(N )

If we can show that ordN (a) = n, then we are basically done. It’s actually not hard at all to
show. Obviously, an ≡ 1 (mod N ). Now,

0 < k < n =⇒ ak − 1 < an − 1 =⇒ N - ak − 1 =⇒ ak ̸≡ 1 (mod N )

Therefore, ordN (a) = n and we are done. 

2
§2 Primitive Roots
We’ve seen a few example in the Orders section that ϕ(m) may not be the smallest positive
integer to raise power such that it becomes 1 modulo m. But occasionally it is the smallest
such positive integer. That’s when things start getting interesting.

Definition 2.1 (Primitive Root). An integer g is said to be a primitive root modulo n if

gcd(g, n) = 1 and
ordn (g) = φ(n)

Notice that primitive roots might not always exist. Also, even if they do, they need not be
unique. So, what’s interesting about primitive roots? Well, they exist when we need them the
most.

Theorem 2.1
Let p be a prime number. Then there exists a primitive root modulo p.

This theorem has a stronger generalization. We don’t need it now.

Proof. Before jumping into the proof, we need a lemma. I’ll leave the proof of the lemma as an
exercise for the reader.

Lemma 2.2
For every positive integer n, ∑
φ(d) = n
d|n

That is, a number is exactly equal to the sum of its divisor’s φ.

We know that ap−1 ≡ 1 (mod p), and hence ordp (a) is a divisor of p − 1 for every a with
1 ≤ a ≤ p − 1. Let d | p − 1. For every such d, we shall consider this set

Sd = {a : 1 ≤ a ≤ p − 1 and ordp (a) = d}

Notice that, if we take union of Sd over all the divisors of p − 1, we shall get the whole reduced
residue system of p. Furthermore, all these Sd ’s are disjoint. Therefore,
∪ ∑
Sd = RRS(p) =⇒ |Sd | = p − 1
d|p−1 d|p−1

We shall prove in the next class that, the{number of solutions} (modulo p) to xd ≡ 1 (mod p) is
at most d. The elements of the set X = a, a2 , a3 , . . . , ad satisfies this modular equation and
there are d different elements in X. Therefore, Sd must be a subset of this X.
Now we claim that, if a ∈ Sd , then ai ∈ Sd if and only if gcd(i, d) = 1. To prove our claim, let
gcd(i, d) = g > 1 and d = gx, i = gy where x and y are coprime.
( )y
b = ai = agy =⇒ bx = agxy = ad ≡ 1 (mod p)

Obviously x is smaller than d because g > 1. Thus b = ai does not have order d. It can be
shown easily that, if gcd(i, d) = 1, then ai has order d, in other words ai ∈ Sd .

3
 { }
From this, we can conclude that, Sd = ai : gcd(i, d) = 1 , and there are at most φ(d) such
elements. Therefore, |Sd | ≤ φ(d). Putting all the pieces of the puzzle together,
∑ ∑
p−1= φ(d) ≥ |Sd | = p − 1
d|p−1 d|p−1

Therefore, we must have |Sd | = φ(d) for every d. Hence, Sp−1 = φ(p − 1) > 0. So such element
with order p − 1 exists.

Not only have we showed that element with order p − 1 exists, we’ve also showed that there
are φ(p − 1) such elements with order p − 1.

Lemma 2.3
If g is a primitive root modulo m and φ(m) is even, then
φ(m)
g 2 ≡ −1 (mod m)

Proof. We shall prove the case of m being prime here. The composite case can be shown using
the stronger generalization of Theorem 2.1.
When m is prime, φ(m) = m−1 = 2n. g is a primitive root modulo m, so definitely gcd(g, m) =
1. So

g 2n ≡ 1 (mod m) =⇒ m | g 2n − 1 = (g n + 1)(g n − 1) =⇒ g n ≡ ±1 (mod m)

If g n ≡ 1 (mod m), then we get ordm (g) < φ(m). Thus we arrive at a contradiction. Therefore,
g n ≡ 1 (mod m)

Lemma 2.4
{ }
If g is a primitive root modulo m, then the set S = g, g 2 , g 3 , . . . , g φ(m) is a reduced
residue system modulo m.

Proof. gcd(g, m) = 1 =⇒ gcd(g i , m) = 1. Therefore, every element of S is coprime to m. So

all we need to show is every element of S is distinct modulo m.
Assume for the sake of contradiction that there exists some a, b with g a ≡ g b (mod m). WLOG,
a > b. Since g is coprime with m, we can actually divide both sides by g b . Then we get,

g a−b ≡ 1 (mod m)

a and b lie between 1 and φ(m). So their difference should be strictly smaller than φ(m). Thus
we get g has order smaller than φ(m), which contradicts with the fact that g is a primitive root
modulo m.

Now we shall prove Wilson’s theorem, but not the proof you usually see in textbooks. We shall
prove it using primitive roots.

Theorem 2.5 (Wilson’s Theorem)

If p is a prime number, then
(p − 1)! ≡ −1 (mod p)

4
Proof. p = 2 is trivial, so we shall consider the case of p being odd prime.
p is a prime, so it has a primitive root, namely g. By Lemma 2.4,
{ 2 3 }
g, g , g , . . . , g p−1 ≡ {1, 2, 3, . . . , p − 1} (mod p)

If we multiply all these, we shall get,

(p − 1)! ≡ 1 · 2 · 3 · · · (p − 1)
≡ g · g 2 · g 3 · · · g p−1
≡ g 1+2+3+···+(p−1)
(p−1)p
≡g 2
( p−1 )p
≡ g 2
≡ (−1)p ≡ −1 (mod p)

Thus, we are done.

Theorem 2.6 (Generalization of Theorem 2.1)

Let n be a positive integer. A primitive root modulo n exists if and only if
{ }
n ∈ 2, 4, pk , 2pk

where p is an odd prime number.

I’m not stating the proof here. I’m gonna added it as an exercise problem.

5
§3 Quadratic Residue
The word “Quadratic” suggests that it has something to do with squares, and from the word
“Residue” you’re probably guessing that we will probably work with remainders. Yes, it is what
it sounds like. Basically “Quadratic residue” deals with the remainders of square numbers. Let’s
jump into definition.

Definition 3.1 (Quadratic Residue). Let m be a positive integer. An integer n is called a

quadratic residue modulo m if there exists some x such that x2 ≡ n (mod m).

For example, 4 is a quadratic residue modulo 5, because 72 ≡ 4 (mod 5). But 3 is not a quadratic
residue modulo 5, because there does not exist any integer x such that x2 ≡ 3 (mod 5).

Definition 3.2 (Quadratic Residue Class). Let m be a positive integer. The Quadratic
Residue Class of m, denoted by qr(m), is defined as follows:

qr(m) = {n : n is a quadratic reisude modulo m}

There is an equivalent definition:

{ }
qr(m) = x2 mod m : 0 ≤ x ≤ m − 1

It’s not that hard to see that x2 ≡ (m − x)2 (mod m). As a result, the set qr(m) will have at
most m 2 + 1 elements. Because two elements contribute to the same quadratic residue.
Now, let’s talk about a fundamental result about quadratic residue and primes.

Proposition 3.1
Let p be an odd prime. If −1 is a quadratic residue modulo p, then p ≡ 1 (mod 4)

Proof. Assume for the sake of contradiction that p ≡ 3 (mod 4), and −1 is a quadratic residue
modulo p. That is, there exists some positive integer x such that x2 ≡ −1 (mod p).
As p ≡ 3 (mod 4), we can express p as 4k + 3 form. Also, p | x2 + 1 gives us gcd(x, p) = 1.
Therefore, by Fermat’s Little Theorem,
( )2k+1
xp−1 ≡ 1 (mod p) =⇒ 1 ≡ x4k+2 ≡ x2 ≡ (−1)2k+1 ≡ −1 (mod p)

which leads to a contradiction. Therefore, p ≡ 1 (mod 4).

However, this proposition does not necessarily imply that −1 is a quadratic residue for every
prime of the form 4k + 1. But it can be shown easily that for every prime of such form, you can
find a positive integer x with x2 ≡ −1 (mod p).

Lemma 3.2
If p ≡ 1 (mod 4) is a prime, then there exists a positive integer x with x2 ≡ −1 (mod p).

Proof. We shall prove it by constructing such x. The construction is motivated by Wilson’s

Theorem. Wilson’s theorem says that, if p is a prime, then (p − 1)! ≡ −1 (mod p). We are given
that p is a prime of the form 4k + 1. Substituting this into Wilson’s theorem, we get that

1 · 2 · 3 · · · (2k) · (2k + 1) · · · (4k − 1) · 4k ≡ −1 (mod p)

6
Our main idea is to express the LHS as a square. How can we do it? Notice that,
4k ≡ −1 (mod p)
4k − 1 ≡ −2 (mod p)
4k − 2 ≡ −3 (mod p)
···
2k + 2 ≡ −(2k − 1) (mod p)
2k + 1 ≡ −2k (mod p)
If we multiply all these, we would get,

(2k + 1)(2k + 2) · · · (4k − 2)(4k − 1)4k ≡ 1 · 2 · 3 · · · (2k − 1) · 2k (mod p)

The negative signs got canceled out because an even number of negative numbers are multiplied.
Now, if we substitute this into Wilson’s theorem, we get

(1 · 2 · 3 · · · (2k − 1) · 2k) (1 · 2 · 3 · · · (2k − 1) · 2k) ≡ −1 (mod p) =⇒ ((2k)!)2 ≡ −1 (mod p)

Thus we have successfully constructed such x. So we are done.

I intend to discuss about quadratic residues more in the diophantine equations note. In this
note, I wanna introduce about Legendre Symbol.

Definition 3.3 (Legendre

( )Symbol). The Legendre symbol for a positive integer n and a
n
prime p is denoted by and defined as:
p

( )  0 if p | n
n
= 1 if n ∈ qr(p)
p 
−1 if n ̸∈ qr(p)
( )
n
The definition is basically saying that, if p | n, then is 0. When p - a, we have two cases.
( ) p
n
If n is a quadratic residue modulo p, then is 1, otherwise it’s −1.
p
Now you may ask, “0 is always a quadratic residue modulo p. p | n means ( )n ≡ 0 (mod p), so n
n
is a quadratic residue modulo p. Why didn’t we put 1 as the value of ? Doesn’t it make
p
more sense to have 1 for all quadratic residues?” Well, the definition is of Legendre Symbol has
a greater purpose to serve other than denoting quadratic residue. That greater purpose is our
next theorem.

Theorem 3.3 (Euler’s Criterion)

( )
n p−1
= n 2 mod p
p

Proof. If p | n, then the result is trivial. So let’s assume p - n.

If n is a quadratic residue, then n ≡ x2 (mod p). By Fermat’s Little Theorem,
( )
n ( ) p−1 p−1
x p−1
≡ 1 (mod p) =⇒ = 1 ≡ x2 2 ≡ n 2 (mod p)
p

7
 p−1
Now, all we are left with is, whenever n is not a quadratic residue, n 2 ≡ −1 (mod p). We
shall need Wilson’s theorem for this.
Take any integer x with 1 ≤ x ≤ p − 1. Take y = nx−1 , where x−1 denotes the multiplicative
inverse of x modulo p1 . Therefore, we have

xy ≡ x (mod p)

Notice that, x and y can’t be equal. Because if x and y are equal, then n becomes a quadratic
residue modulo p.
If we choose a different x, we shall get a different y. Thus, we can divide all the integers from
1 to p − 1 in p−1
2 pairs of (x, y). Let the pairs are (x1 , y1 ), (x2 , y2 ), . . . , (x p−1 , y p−1 ). Using
2 2
Wilson’s theorem,

−1 ≡ (p − 1)! ≡ 1 · 2 · 3 · · · (p − 1)
≡ (x1 y1 ) · (x2 y2 ) · · · (x p−1 y p−1 )
2 2

≡ n · n···n
p−1
≡n 2 (mod p)

Thus, we are done.

Legendre Symbol has some very nice properties. I’m not proving these, you should try to prove
them yourself.

Lemma 3.4 ( )
n
The Legendre Symbol has the following properties:
p
( ) ( )( )
ab a b
i. If p - ab, then =
p p p
( )
2 p2 −1
ii. = (−1) 8
p
( )( )
q p p−1 q−1
iii. If p and q are distinct odd primes, then = (−1) 2 2
p q

The last one is known as “The Law of Quadratic Reciprocity”.

1
This basically means that xx−1 ≡ 1 (mod p)

8
§4 Exercise Problems
Problem 4.1. Find all positive integers n such that n | 2n − 1.

Problem 4.2. Find all pairs of prime numbers p, q such that pq | (5p − 2p )(5q − 2q ).

Problem 4.3. Find all triplets of prime numbers p, q, r such that

p | q r + 1, q | rp + 1, r | pq + 1

Problem 4.4. Let p ≥ 2 be a prime number. Find all positive integer k such that p divides

1k + 2k + 3k + · · · + (p − 1)k

Problem 4.5. Let g be a primitive root modulo n. Then g m is also a primitive root modulo n
if and only if m is relatively prime to φ(n).

Problem 4.6. Let n be an odd positive integer. Show that there exists a primitive root modulo
n if and only if there exists a primitive root modulo 2n

Problem 4.7. Let p be an odd prime and g be a primitive root modulo p. Then either g or
g + p is a primitive root modulo pk for every k ≥ 1.

Problem 4.8. If any exists, there are exactly φ(φ(n)) primitive roots modulo n.

Problem 4.9. For each non-negative integer m, let nm = 101m − 100 · 2m . Let a, b, c, d be
integers with 0 ≤ a, b, c, d ≤ 99 such that

na + nb ≡ nc + nd (mod 10100)

Problem 4.10. Find all pairs of positive integers (a, b) such that ab(a + b) is not divisible by
7 , but (a + b)7 − a7 − b7 is divisible by 77 .

Problem 4.11. Find all pairs of positive integers x, y such that 4xy − x − y is a perfect square.

Problem 4.12. a, b are coprime positive integers and p is an odd prime number. If p | a2 + b2 ,
show that p ≡ 1 (mod 4)

Problem 4.13. Find all triplets of positive integers a, b, c such that a2 + 1 = b(2c − 1)

Problem 4.14. Prove Lemma 3.4

Problem 4.15. Prove Theorem 2.6