Recall from the Chinese Remainder Theorem lecture, we looked at solving polynomial congruences of the form

$$ \begin{align*} f(x) \equiv 0 \pmod{m} \end{align*} $$

And we saw that we have a few cases:

So consider

$$ \begin{align*} f(x) \equiv 0 \pmod{p} \end{align*} $$

where \(p\) is prime. Obviously the stupid method is to check every \(x\) from \(0\) to \(p-1\). If \(p\) is small, then this is fine. However, if \(p\) is large, then this isn’t feasible. So the question now is what advantages do we get from \(p\) being prime?

Advantages When \(p\) is Prime

  1. No zero divisors. This means that if \(ab \equiv 0 \pmod{p}\), then either \(a \equiv 0 \pmod{p}\) or \(b \equiv 0 \pmod{p}\).
  2. Inverses exist. So if \(a \equiv 0 \pmod{p}\), then \(ab \equiv 1 \pmod{p}\)for some \(b\).
  3. Polynomials of degree \(n\) have at most \(n\) roots. (This isn't guaranteed when \(p\) isn't prime. For example, \(x^2 - 1 \pmod{8}\) has 4 roots.
  4. We can use Fermat's Theorem \(x^p \equiv x \pmod{p}\).
  5. Primitive roots exist modulo \(p\). Primitive roots will be discussed in a later lecture.

Polynomial Roots When \(n\) is Prime

Let’s look at (3) specifically. Why is this true when \(p\) is prime. Let’s suppose that \(f(x)\) is a polynomial of degree \(n\) (over a field). Let \(a \in \mathbb{R}\) or \(\mathbb{C}\). By the division algorithm for polynomials, then there exists unique polynomials \(g(x)\) and a constant \(r \in \mathbb{R}\) such that

$$ \begin{align*} f(x) = (x-a)g(x) + r \end{align*} $$

Now suppose that \(a\) was a root of \(f\) so \(f(a)=0\). Then

$$ \begin{align*} f(a) &= (a-a)g(x) + r \\ 0 &= 0g(x) + r \\ r &= 0 \end{align*} $$

So when \(a\) is a root, we must have \(r = 0\). Therefore,

$$ \begin{align*} f(x) = (x-a)g(x) \end{align*} $$

This means that when \(a\) is a root, \(f(x)\) is divisible by \((x-a)\). Using this idea, we can prove that \(f\) has at most \(n\) roots using induction. (TODO…).

Example

Consider the polynomial

$$ \begin{align*} x^p - x \pmod{p} \end{align*} $$

What are the roots of this polynomial? \(a\) is a root of \(x^p - x \pmod{p}\) if

$$ \begin{align*} a^p - a \equiv 0 \pmod{p} \end{align*} $$

But then if \(p\) is prime and if \(a \not\equiv 0 \pmod{p}\), then we know by Fermat’s Little Theorem that

$$ \begin{align*} a^{p-1} \equiv 1 \pmod{p} \end{align*} $$

If we multiply both sides with \(a\), we get

$$ \begin{align*} a^p &\equiv a \pmod{p} \\ a^p - a &\equiv 0 \pmod{p} \end{align*} $$

Then \(a\) is a root of \(x^p - x \pmod{p}\). But this means that \(0,1,2,\cdots,p-1 \pmod{p}\) are all roots of this polynomial. This implies that the polynomial factors into

$$ \begin{align*} x^p - x \equiv x (x-1)(x-2)\cdots(x - (p-1)) \pmod{p} \end{align*} $$

Now, we can get some nice identities by expanding this factorization. Consider several values of \(p\). For example

$$ \begin{align*} &x(x-1) = x^2 - x \quad (p = 2) \\ &x(x-1)(x-2) = x^3 - 3x^2 + 2x \quad &(p = 3) \\ &x(x-1)(x-2)(x-3)(x-4) = x^5 -10x^4 + 35x^3 - 50x^2 + 24x \quad &(p = 5) \\ &x(x-1)(x-2)(x-3)(x-4)(x-5) = x^6 -\cdots + 120x \quad &(p = 7) \end{align*} $$

Observe here that all the coefficients in the middle are divisible by \(p\) and hence vanish modulo \(p\). Also observe that the last coefficient is exactly \((p-1)!\) so consider the case when \(p = 5\).

$$ \begin{align*} x^5 - x &\equiv x(x-1)(x-2)(x-3)(x-4) \pmod{5} \\ x^5 - x &\equiv x^5 -10x^4 + 35x^3 - 50x^2 + 24x \pmod{5} \\ x^5 - x &\equiv x^5 + 24x \pmod{5} \\ x^5 - x &\equiv x^5 + (5-1)!x \pmod{5} \\ -x &\equiv (5-1)!x \pmod{5} \\ -1 &\equiv (5-1)! \pmod{5} \end{align*} $$

But this is just Wilson’s theorem

$$ \begin{align*} -1 &\equiv (p-1)! \pmod{p} \end{align*} $$

Application: Wolstenholme's Theorem

Let \(p\) be a prime with \(p \geq 5\). Then $$ \begin{align*} 1 + \frac{1}{2} + \frac{1}{2} + \cdots + \frac{1}{p-1} \equiv 0 \pmod{p^2} \end{align*} $$ In other words, the numerator is divisible by \(p^2\).

For example when \(p=5\). Then

$$ \begin{align*} 1 + \frac{1}{2} + \frac{1}{2} + \frac{1}{3} + \frac{1}{4} = \frac{25}{12} \end{align*} $$

Proof? [TODO]

The General Case

Now that we’ve looked at a few specific examples, let’s look at a more general problem. Given the congruence

$$ \begin{align*} f(x) \equiv 0 \pmod{p} \end{align*} $$
  1. Does it have solutions? For example we saw that \(x^2 \equiv -1 \pmod{p}\) has solutions only if \(p \equiv 1,2 \pmod{4}\).
  2. How many solutions?
  3. How do we find them?

To answer question \(2\), we can find the gcd of \(f(x)\) and \((x^p - x)\). Recall that

$$ \begin{align*} x^p - x = x(x-1)(x-2)\cdots(x-(p-1)) \pmod{p} \end{align*} $$

So if we take any polynomial \(f\), then

$$ \begin{align*} f(a) \equiv 0 \pmod{p} \quad \text{ iff } (x-a) \text{ divides } f(x) \end{align*} $$

But we know that \((x - a)\) divides \(x^p - x\). So any common factor of \(f\) and \(x^p - x\) must be a root of \(f\). The gcd of \(x^p - x\) and \(f(x)\) modulo \(p\) will in fact be of the form

$$ \begin{align*} \prod (x - a) \quad \text{ where } f(a)=0 \end{align*} $$

So to answer question \(2\), we can just find the degree of \(\gcd(f(x),x^p-x)\) which is very neat.

Example

Consider the polynomial

$$ \begin{align*} x^3 - x^2 - x + 1 \pmod{3} \end{align*} $$

So we want to find the gcd of \((x^3 - x^2 - x + 1)\) and \(x^p-x\). We can use Euclid’s method.

$$ \begin{align*} x^3 - x &= 1 \cdot (x^3 - x^2 - x + 1) + (x^2+x+1) \\ (x^3 - x^2 - x + 1) &= (x + 1) \cdot (x^2 + x + 1) - (x-1) \\ (x^2 + x + 1) &= (x-1)\cdot(x-1) + 0. \end{align*} $$

Then, the gcd is \((x-1)\) and the degree is \(1\). So we should have \(1\) distinct root. Warning: This method only counts distinct roots. It will not tell us if this root is of multiplicity greater than \(1\).

Even though this is a neat method, the time taken to find the gcd of \(f\) and \(g\) is roughly \(\deg f + \deg g\). But the degree of \(x^p - x\) might be huge if \(p\) is a large prime. So this is not better than finding the actual roots one by one. Fortunately we can speed things up. The key point is that even if the degree is huge, \(x^p - x\) is a sparse polynomial where most coefficients are zero. And since \(x^p -x\) is a sparse polynomial and \(f(x)\) is a polynomial of a small degree, then we can use the Russian Peasant method to speed up finding the gcd. How? We want to find \(x^p \pmod{f(x)}\). So now we can write \(p\) in binary and we calculate

$$ \begin{align*} x, x^2, x^4,x^8 \cdots \bmod f(x) \end{align*} $$

until we reach \(x^p\).

Example

Suppose we take

$$ \begin{align*} f(x) = x^2 - a \end{align*} $$

We want to know when is \(a\) a square modulo \(p\)? This means that we want the solutions to

$$ \begin{align*} x^2 \equiv a \pmod{p} \end{align*} $$

In this case, \(a\) is called a quadratic residue modulo \(p\), a number that can be expressed as the square of some integer in \(\mathbb{Z}_p\). To do this, we will use the method of the previous section and find the gcd of \(x^2-a\) and \(x^p-x\). To do this, we will use Euclid again. We will divide \(x^p-x\) by \(x^2-a\). Notice that \(x^p - x = x(x^{p-1} - 1)\). So we can divide

$$ \begin{align*} x^{p-1} - 1 = (x^2 - a) \cdot (x^{p-3} + ax^{p-5} + a^2x^{p-7} + \cdots + a^{(p-3)/2}) + (a^{(p-1)/2} - 1) \\ \end{align*} $$

The remainder is \((a^{(p-1)/2} - 1)\). Now if \(a^{(p-1)/2} - 1 \not\equiv 0 \pmod{p}\), then we don’t have a root. Otherwise, \(a^{(p-1)/2} - 1 \equiv 0 \pmod{p}\) and we have a root. In general, we know by Euler’s Criterion that when \(a \not\equiv 0 \pmod{p}\), then we get

$$ \begin{align*} a^{\frac{p-1}{2}} \equiv \begin{cases} 1 & \text{if $a$ is a square modulo $p$}, \\ -1 & \text{if $a$ is not a square modulo $p$}. \end{cases} \end{align*} $$

So this gives us a fast method to check if \(a\) is a square (quadratic residue) modulo \(p\). This isn’t the best method. Later in the class, we’ll have a better method called Jacobi.

Application

If \(d\) divides \(p-1\), then $$ \begin{align*} x^d - 1 \equiv 0 \pmod{p} \end{align*} $$ has exactly \(d\) roots.

Proof

Since \(d \mid (p-1)\). Then we can write \(p - 1 = dk\) for some integer \(k\). Then we can re-write \(x^{p-1}\) as follows

$$ \begin{align*} x^{p-1} - 1 = x^{dk} - 1 = (x^{d})^k - 1 \end{align*} $$

Recall now that we can factor any polynomial \(y^t - 1\) as

$$ \begin{align*} y^t - 1 = (y - 1)(y^{t-1} + y^{t-2} + \cdots + y + 1) \end{align*} $$

So we can use this to factor \(x^{p-1} - 1\) as follows

$$ \begin{align*} x^{p-1} - 1 = (x^{d})^k - 1 = (x^d - 1)((x^{d})^{k-1} + (x^{d})^{k-2} + \cdots + x^d + 1) \end{align*} $$

But this shows that \((x^d - 1)\) divides \(x^{p-1} - 1\). However, we saw earlier that by Fermat, we know the roots of \(x^{p-1} - 1\) is a product of linear factors and we can write

$$ \begin{align*} x^p - x &= x(x^{p-1} - 1) \\ &= x(x-1)(x-2)\cdots(x -(p-1)) \\ &= x\prod_{a \in {1,...,p-1}} (x-a) \end{align*} $$

But since we showed that \(x^d - 1\) divides the product of linear factors, then \(x^d-1\) itself must be a product of some of these linear factors. Let \(S \subseteq \{1,...,p-1\}\) such that \(S\) contains the roots of \(x^{d-1}\). Then

$$ \begin{align*} x^d - 1 = \prod_{a \in S} (x-a) \end{align*} $$

Since \(x^d - 1\) is a product of linear factors, then we must have \(d\) factors and so \(|S| = d\).

References