Abstract Algebra
Groups, rings, and fields — the structures behind modular arithmetic, polynomials, and modern cryptography. We end with the Discrete Log problem and Diffie–Hellman key exchange.
4.1 Group Axioms
- Closure. $a, b \in G \Rightarrow a*b \in G$.
- Associativity. $(a*b)*c = a*(b*c)$.
- Identity. $\exists e \in G$ such that $e*a = a*e = a$ for all $a$.
- Inverse. $\forall a \in G, \exists a^{-1} \in G$ such that $a*a^{-1}=a^{-1}*a=e$.
The standard checklist
To prove a structure is a group, verify the four axioms in order. To disprove one, exhibit a failure of one axiom.
Example. Is $(\mathbb{Z}, +)$ a group?
- Closure: $a + b \in \mathbb{Z}$. ✓
- Associative: $(a+b)+c = a+(b+c)$. ✓
- Identity: $0$, since $0+a = a$. ✓
- Inverse: $-a$. ✓
Yes, $(\mathbb{Z}, +)$ is a group (and it's abelian).
Example. Is $(\mathbb{Z}, \times)$ a group?
Closure ✓, associative ✓, identity $1$ ✓. Inverses fail: there's no integer $b$ with $2b = 1$. So not a group.
Mini-tricks to verify quickly
- If the operation is "obviously" associative (matrix multiplication, function composition, modular addition/multiplication), don't waste time proving it — just say so.
- The identity is usually $0$ (additive group) or $1$ (multiplicative).
- Finite group, want to check it's a group? Build a Cayley table and ensure each row and column contains every element exactly once (this proves bijectivity, which gives identity + inverses if combined with closure + associativity).
Useful basic facts (proved in lecture, used freely)
- The identity is unique.
- Inverses are unique.
- $(a^{-1})^{-1} = a$.
- $(ab)^{-1} = b^{-1}a^{-1}$ (order swaps!).
- Cancellation: $ab = ac \Rightarrow b = c$; $ba = ca \Rightarrow b = c$.
4.2 Addition Modulo Groups $(\mathbb{Z}_n, +_n)$
$\mathbb{Z}_n = \{0, 1, 2, \ldots, n-1\}$ with addition $\pmod n$ is the canonical example of a finite group.
Example. $\mathbb{Z}_5 = \{0,1,2,3,4\}$.
Identity: $0$. Inverse of $2$: $3$ (since $2+3 \equiv 5 \equiv 0$). Inverse of $1$: $4$.
Cayley table $(+_5)$:
| + | 0 | 1 | 2 | 3 | 4 |
|---|---|---|---|---|---|
| 0 | 0 | 1 | 2 | 3 | 4 |
| 1 | 1 | 2 | 3 | 4 | 0 |
| 2 | 2 | 3 | 4 | 0 | 1 |
| 3 | 3 | 4 | 0 | 1 | 2 |
| 4 | 4 | 0 | 1 | 2 | 3 |
$(\mathbb{Z}_n, +_n)$ is always abelian and always a group, for any $n \geq 1$.
4.3 Multiplication Modulo Groups $(\mathbb{Z}_n^*, \times_n)$
$\mathbb{Z}_n^*$ is the set of elements of $\mathbb{Z}_n$ that are coprime to $n$. With multiplication mod $n$, it forms a group.
If $p$ is prime, $\mathbb{Z}_p^* = \{1, 2, \ldots, p-1\}$ and $|\mathbb{Z}_p^*| = p - 1$.
Example. $\mathbb{Z}_5^* = \{1,2,3,4\}$ under $\times_5$.
| × | 1 | 2 | 3 | 4 |
|---|---|---|---|---|
| 1 | 1 | 2 | 3 | 4 |
| 2 | 2 | 4 | 1 | 3 |
| 3 | 3 | 1 | 4 | 2 |
| 4 | 4 | 3 | 2 | 1 |
Identity: $1$. Inverse of $2$: $3$ (since $2\cdot 3 = 6 \equiv 1$). Inverse of $4$: $4$ itself.
Why not $\{1,2,\ldots,n-1\}$ for composite $n$? Take $n = 6$. Then $2 \cdot 3 = 6 \equiv 0$ — closure fails because $0$ is not in $\{1,\ldots,5\}$. Moreover, $2$ has no inverse mod 6 (since $\gcd(2,6) = 2 \neq 1$). $\mathbb{Z}_6^* = \{1, 5\}$ only.
4.4 Other Important Groups
| Name | Set | Operation | Order |
|---|---|---|---|
| $\mathbb{Z}$ | Integers | $+$ | infinite |
| $\mathbb{Q}^*, \mathbb{R}^*, \mathbb{C}^*$ | Nonzero rationals/reals/complex | $\times$ | infinite |
| $D_n$ (dihedral) | Symmetries of regular $n$-gon | composition | $2n$ — non-abelian |
| $S_n$ (symmetric) | Permutations of $\{1,\ldots,n\}$ | composition | $n!$ — non-abelian for $n\geq 3$ |
| $GL_n(\mathbb{R})$ | $n\times n$ invertible matrices | $\times$ | infinite, non-abelian |
| $SL_n(\mathbb{R})$ | determinant-1 matrices | $\times$ | infinite, non-abelian |
| $U(n)$ | $\{a : \gcd(a,n)=1\} = \mathbb{Z}_n^*$ | $\times_n$ | $\varphi(n)$ |
The dihedral group $D_4$ (square symmetries)
$D_4$ has 8 elements: 4 rotations $\{e, r, r^2, r^3\}$ (by $0°, 90°, 180°, 270°$) and 4 reflections. It is non-abelian: rotating then reflecting differs from reflecting then rotating.
4.5 Order of an Element / Order of a Group
The order of an element $a \in G$, denoted $\text{ord}(a)$, is the smallest positive integer $n$ such that $a^n = e$ (for multiplicative groups) or $na = e$ (for additive groups). If no such $n$ exists, $\text{ord}(a) = \infty$.
Example. In $\mathbb{Z}_{12}$ under addition, order of $4$?
$4, 8, 12\equiv 0$. So $\text{ord}(4) = 3$.
General formula: in $\mathbb{Z}_n$, $\text{ord}(a) = n/\gcd(a,n)$.
Example. In $\mathbb{Z}_5^*$, order of $2$?
$2^1=2, 2^2=4, 2^3=8\equiv 3, 2^4=16\equiv 1$. So $\text{ord}(2)=4 = |\mathbb{Z}_5^*|$. Hence $2$ is a generator.
Properties
- $\text{ord}(e) = 1$.
- $\text{ord}(a) = \text{ord}(a^{-1})$.
- If $a^m = e$, then $\text{ord}(a)$ divides $m$. (Key lemma; comes up in many problems.)
- If $\text{ord}(a) = n$, then $a^k = e \iff n \mid k$.
- $\text{ord}(a^k) = n/\gcd(n, k)$ where $n = \text{ord}(a)$.
4.6 Cyclic Groups
Examples
- $\mathbb{Z}$ is cyclic, generated by $1$ (also by $-1$).
- $\mathbb{Z}_n$ is cyclic for every $n$. Generators are the elements coprime to $n$. There are $\varphi(n)$ generators.
- $\mathbb{Z}_p^*$ for prime $p$ is cyclic of order $p - 1$.
- $D_4$ is NOT cyclic (it's non-abelian, but cyclic groups are always abelian).
Key theorems about cyclic groups
- Every cyclic group is abelian. Because $g^a \cdot g^b = g^{a+b} = g^b \cdot g^a$.
- Every subgroup of a cyclic group is cyclic.
- In a cyclic group of order $n$ generated by $g$, the subgroup generated by $g^k$ has order $n/\gcd(n,k)$.
- The generators of $\mathbb{Z}_n$ are exactly $\{k : \gcd(k, n) = 1\}$.
Example. Generators of $\mathbb{Z}_{12}$?
$k$ such that $\gcd(k, 12) = 1$: $k \in \{1, 5, 7, 11\}$. So $4$ generators.
Is $4$ a generator? $\gcd(4,12) = 4 \neq 1$. No — the subgroup generated by $4$ is $\{0,4,8\}$, of order $3$.
Example. Generators of $\mathbb{Z}_{24}$?
$k$ coprime to 24, $1 \leq k \leq 23$: $\{1, 5, 7, 11, 13, 17, 19, 23\}$ — that's $\varphi(24) = 8$ generators.
4.7 Lagrange's Theorem
Two crucial corollaries
Corollary 2. If $|G| = p$ (prime), then $G$ is cyclic and every non-identity element generates $G$.
Proof sketch of Corollary 1: $\langle a \rangle$ is a subgroup with $|\langle a \rangle| = \text{ord}(a)$. By Lagrange, this divides $|G|$.
Application. $|G| = 33$. Possible orders of elements?
Divisors of $33 = 3\cdot 11$ are $\{1, 3, 11, 33\}$. So $\text{ord}(a) \in \{1, 3, 11, 33\}$ for any $a \in G$. Specifically, $\text{ord}(a) = 1$ iff $a = e$.
Application. Group of order 30 — does an element of order 8 exist?
$8 \nmid 30$, so no. Possible orders: $\{1, 2, 3, 5, 6, 10, 15, 30\}$.
Application (Fermat's Little Theorem from Lagrange). If $p$ is prime and $\gcd(a, p) = 1$: $$a^{p-1} \equiv 1 \pmod p.$$ Proof: $|\mathbb{Z}_p^*| = p - 1$. So $\text{ord}(a)$ divides $p-1$, meaning $a^{p-1} = e = 1$. ∎
4.8 Rings
- $(R, +)$ is an abelian group (identity $0$).
- Multiplication is associative: $(ab)c = a(bc)$.
- Distributive laws: $a(b+c) = ab + ac$ and $(b+c)a = ba + ca$.
Standard examples
- $\mathbb{Z}, \mathbb{Q}, \mathbb{R}, \mathbb{C}$ are commutative rings with identity.
- $\mathbb{Z}_n$ for any $n$.
- $M_n(\mathbb{R})$, $n \times n$ real matrices, is a non-commutative ring with identity.
- $R[x]$ — polynomials over a ring $R$ — is a ring.
- $n\mathbb{Z} = \{0, \pm n, \pm 2n, \ldots\}$: ring without identity (for $n \neq 1$).
Units, zero-divisors, integral domains
- A unit is an element $a$ with a multiplicative inverse. The units of $\mathbb{Z}_n$ are $\mathbb{Z}_n^*$.
- A zero divisor is a nonzero $a$ with $ab = 0$ for some nonzero $b$. e.g., $2\cdot 3 = 0$ in $\mathbb{Z}_6$ — both 2 and 3 are zero divisors.
- An integral domain is a commutative ring with identity and no zero divisors.
- A field is a commutative ring with identity where every nonzero element is a unit.
Useful: $(-1)\cdot a = -a$ in any ring with identity
Proof: $0 = 0\cdot a = (1 + (-1))a = a + (-1)a$, so $(-1)a = -a$. ✓
4.9 Polynomial Rings $R[x]$
$R[x]$ is the set of polynomials $a_n x^n + \cdots + a_1 x + a_0$ with coefficients in $R$. Operations are the usual sum and product, with coefficient arithmetic in $R$.
Computing in $\mathbb{Z}_5[x]$.
$(3x^2 + 2x - 4) + (4x^2 + 2)$. Add coefficients mod 5:
- $x^2$: $3+4 = 7 \equiv 2$.
- $x^1$: $2 + 0 = 2$.
- $x^0$: $-4 + 2 = -2 \equiv 3$.
Sum: $2x^2 + 2x + 3$.
Product: $(3x^2 + 2x + 1)(4x^2 + 2)$ (using $-4 \equiv 1$):
$3x^2\cdot 4x^2 = 12x^4 \equiv 2x^4$$3x^2 \cdot 2 = 6x^2 \equiv x^2$
$2x \cdot 4x^2 = 8x^3 \equiv 3x^3$
$2x \cdot 2 = 4x$
$1\cdot 4x^2 = 4x^2$
$1 \cdot 2 = 2$
Sum: $2x^4 + 3x^3 + (1+4)x^2 + 4x + 2 = 2x^4 + 3x^3 + 0 \cdot x^2 + 4x + 2 = 2x^4 + 3x^3 + 4x + 2$.
Listing polynomials in $\mathbb{Z}_2[x]$ of degree $\leq 3$
Coefficients are 0 or 1. We have $a_3, a_2, a_1, a_0 \in \{0,1\}$ — that's $2^4 = 16$ polynomials. Examples: $0, 1, x, x+1, x^2, x^2+1, \ldots, x^3+x^2+x+1$.
Key facts
- If $R$ is a commutative ring with identity, so is $R[x]$.
- If $R$ is an integral domain, so is $R[x]$.
- $R[x]$ is never a field, even when $R$ is — because $x$ is not a unit (no polynomial $q(x)$ satisfies $x \cdot q(x) = 1$, since degrees don't match).
- In $F[x]$ where $F$ is a field, every polynomial of degree $n$ has at most $n$ roots in $F$.
4.10 Fields
Examples and non-examples
- ✓ $\mathbb{Q}, \mathbb{R}, \mathbb{C}$ — classic infinite fields.
- ✓ $\mathbb{Z}_p$ for $p$ prime. (Because every nonzero element is coprime to $p$, so invertible.) These are called $\mathbb{F}_p$.
- ✗ $\mathbb{Z}$ — only $\pm 1$ have inverses, so it's an integral domain but not a field.
- ✗ $\mathbb{Z}_n$ for $n$ composite — has zero divisors. e.g., $\mathbb{Z}_6$: $2\cdot 3 = 0$.
- ✓ $\mathbb{Q}(\sqrt 2) = \{a + b\sqrt 2 : a, b \in \mathbb{Q}\}$ — a field.
- ✗ $\mathbb{Z}[\sqrt 2]$ — not a field (e.g., $\sqrt 2$ has no inverse here).
Finite fields
A finite field has $p^k$ elements for some prime $p$ and $k \geq 1$. The simplest example is $\mathbb{F}_p = \mathbb{Z}_p$. For $p^k$ with $k\geq 2$, you build the field as $\mathbb{F}_p[x]/(f(x))$ where $f$ is an irreducible polynomial of degree $k$.
4.11 Primitive Elements (Generators of $\mathbb{Z}_p^*$)
How to test primitivity
To check if $g$ is a primitive root mod $p$:
- Factor $p - 1 = q_1^{a_1} q_2^{a_2} \cdots q_k^{a_k}$.
- For each prime factor $q_i$, compute $g^{(p-1)/q_i} \pmod p$.
- If any of these equals $1$, $g$ is NOT primitive. Otherwise, $g$ IS primitive.
Example. Test $g = 2$ in $\mathbb{Z}_{13}^*$.
$p - 1 = 12 = 2^2 \cdot 3$. Prime factors: $\{2, 3\}$.
$2^{12/2} = 2^6 = 64 = 4\cdot 13 + 12 \equiv 12 \pmod{13}$. Not $1$. ✓
$2^{12/3} = 2^4 = 16 \equiv 3 \pmod{13}$. Not $1$. ✓
So $2$ is a primitive root mod 13. ✓
Compute all powers of 2 mod 13:
| $n$ | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| $2^n \pmod{13}$ | 2 | 4 | 8 | 3 | 6 | 12 | 11 | 9 | 5 | 10 | 7 | 1 |
All 12 distinct nonzero residues appear → 2 is primitive.
Test $g = 3$ in $\mathbb{Z}_{13}^*$.
$3^{6} \pmod{13}$: $3^2 = 9$, $3^4 = 81 \equiv 81 - 6\cdot 13 = 3$, $3^6 = 3^4 \cdot 3^2 = 3 \cdot 9 = 27 \equiv 1$. So $3^6 \equiv 1$ — fails. $3$ is NOT a primitive root mod 13.
4.12 Cryptography: Discrete Log & Diffie–Hellman
The Discrete Logarithm Problem (DLP)
For small $p$ this is easy by exhaustive search. For $p$ a 2048-bit prime, this is currently infeasible — no known polynomial-time algorithm. This asymmetry (easy to exponentiate, hard to invert) is what cryptography relies on.
Diffie–Hellman Key Exchange
Allows Alice and Bob to establish a shared secret over an insecure channel.
- Public agreement. Both agree on a prime $p$ and a primitive root $g$. These are public.
- Alice picks a private $a$, sends Bob $A = g^a \bmod p$.
- Bob picks a private $b$, sends Alice $B = g^b \bmod p$.
- Alice computes $K = B^a \bmod p$.
- Bob computes $K = A^b \bmod p$.
- Both have $K = g^{ab} \bmod p$ as their shared secret.
Example. $p = 13, g = 2$. Alice picks $a = 4$, Bob picks $b = 3$.
- $A = 2^4 \bmod 13 = 16 \bmod 13 = 3$.
- $B = 2^3 \bmod 13 = 8$.
- Alice: $K = B^a \bmod 13 = 8^4 \bmod 13$. $8^2 = 64 \equiv 12$, $8^4 = 12^2 = 144 \equiv 1 \cdot 144 - 11 \cdot 13 = 144 - 143 = 1$. So $K = 1$.
- Bob: $K = A^b \bmod 13 = 3^3 = 27 \equiv 1$. ✓ Match.
(Aside: $K = 1$ here is a degenerate but valid outcome. In practice $a, b$ are huge random numbers and $K$ is far from special.)
Eve's challenge
An eavesdropper Eve sees $p, g, A, B$. To recover $K$, she needs $a$ (or $b$) — but extracting $a$ from $A = g^a$ is the discrete log problem. For 2048-bit $p$, infeasible.
Cracking small DH. $p = 13, g = 2$, public keys $A = 3, B = 8$.
Eve solves $2^a \equiv 3 \pmod{13}$. From the powers-of-2 table above, $2^4 = 3$, so $a = 4$.
Shared key: $K = B^a = 8^4 \equiv 1 \pmod{13}$.
Modular arithmetic playground
Enter any modulus $n$ (2–100) and see Euler's totient, units, generators, element orders, and primitive roots — all computed instantly.
For prime $n$, primitive roots are listed. For composite $n$, you'll see the units and their orders.
Interactive — Cayley table generator
Pick a group; see its full Cayley table and the order of each element. Hover any cell to highlight its row, column, and the result.
Interactive — Diffie–Hellman walkthrough
Pick a small prime $p$, primitive root $g$, and the private keys $a$ and $b$. Step through the protocol and see what Alice, Bob, and Eve each know at every stage.
Problem Bank — Abstract Algebra
Define $a * b = a + b - 1$ on $\mathbb{Z}$. Show $(\mathbb{Z}, *)$ is a group.
Show solution
- Closure. $a + b - 1 \in \mathbb{Z}$. ✓
- Associativity. $(a*b)*c = (a+b-1)+c-1 = a+b+c-2$. And $a*(b*c) = a + (b+c-1) - 1 = a+b+c-2$. ✓
- Identity. Want $e * a = a$, i.e. $e + a - 1 = a$, so $e = 1$.
- Inverse. Want $a * a' = 1$, i.e. $a + a' - 1 = 1$, so $a' = 2 - a \in \mathbb{Z}$. ✓
Hence a group. ∎
$|G| = 33$. What are possible orders of elements?
Show solution
By Lagrange, $\text{ord}(a)$ divides $|G| = 33 = 3\cdot 11$. So $\text{ord}(a) \in \{1, 3, 11, 33\}$.
(a) Verify $G = \{1, -1, i, -i\}$ is a group under complex multiplication. (b) Order of each element. (c) Is $G$ cyclic? Find generators.
Show solution
(a) Closure: check Cayley table:
| × | 1 | −1 | $i$ | $-i$ |
|---|---|---|---|---|
| 1 | 1 | −1 | $i$ | $-i$ |
| −1 | −1 | 1 | $-i$ | $i$ |
| $i$ | $i$ | $-i$ | $-1$ | $1$ |
| $-i$ | $-i$ | $i$ | $1$ | $-1$ |
(b) Orders: $\text{ord}(1)=1$, $\text{ord}(-1)=2$, $\text{ord}(i)=4$ (since $i^1=i, i^2=-1, i^3=-i, i^4=1$), $\text{ord}(-i)=4$.
(c) $G$ is cyclic of order 4. Generators are elements of order 4: $\{i, -i\}$.
Show that $\{1,2,3,4,5\}$ under multiplication mod 6 is NOT a group.
Show solution
$\gcd(2,6) = 2$, so $2$ has no multiplicative inverse mod 6. Also, $2 \times_6 3 = 6 \equiv 0 \notin \{1,\ldots,5\}$, so closure fails. Two strikes — not a group.
Construct the Cayley table for $U(10) = \mathbb{Z}_{10}^*$ and identify the order of each element.
Show solution
$U(10) = \{1, 3, 7, 9\}$ (coprime to 10).
| × | 1 | 3 | 7 | 9 |
|---|---|---|---|---|
| 1 | 1 | 3 | 7 | 9 |
| 3 | 3 | 9 | 1 | 7 |
| 7 | 7 | 1 | 9 | 3 |
| 9 | 9 | 7 | 3 | 1 |
Orders: $\text{ord}(1)=1$. $\text{ord}(3)$: $3,9,7,1$ — order 4. $\text{ord}(7)=4$. $\text{ord}(9) = 2$. Cyclic, generated by 3 (or 7).
$\sigma_1(\spadesuit)=\diamondsuit, \sigma_1(\heartsuit)=\heartsuit, \sigma_1(\diamondsuit)=\spadesuit$ and $\sigma_2(\spadesuit)=\heartsuit, \sigma_2(\heartsuit)=\spadesuit, \sigma_2(\diamondsuit)=\diamondsuit$. Compute $\sigma_2\circ\sigma_1$ and $\sigma_1\circ\sigma_2$. Are they equal?
Show solution
$(\sigma_2\circ\sigma_1)(\spadesuit) = \sigma_2(\sigma_1(\spadesuit)) = \sigma_2(\diamondsuit) = \diamondsuit$.
$(\sigma_2\circ\sigma_1)(\heartsuit) = \sigma_2(\heartsuit) = \spadesuit$.
$(\sigma_2\circ\sigma_1)(\diamondsuit) = \sigma_2(\spadesuit) = \heartsuit$.
$(\sigma_1\circ\sigma_2)(\spadesuit) = \sigma_1(\heartsuit) = \heartsuit$.
$(\sigma_1\circ\sigma_2)(\heartsuit) = \sigma_1(\spadesuit) = \diamondsuit$.
$(\sigma_1\circ\sigma_2)(\diamondsuit) = \sigma_1(\diamondsuit) = \spadesuit$.
Not equal ⟹ permutations don't always commute; $S_3$ is non-abelian.
Find all generators of $\mathbb{Z}_{24}$ under addition.
Show solution
Generators are $\{k : \gcd(k, 24) = 1, 1 \leq k \leq 23\}$.
$24 = 2^3 \cdot 3$, so $k$ avoids factors of 2 and 3. Generators: $\{1, 5, 7, 11, 13, 17, 19, 23\}$ — eight of them, matching $\varphi(24) = 24(1-1/2)(1-1/3) = 8$.
$|G| = 33$. $x \neq e$ and $x^{11} \neq e$. Possible orders of $x$? Justify.
Show solution
By Lagrange, $\text{ord}(x) \in \{1, 3, 11, 33\}$. Eliminate 1 ($x \neq e$) and 11 ($x^{11}=e$ would hold then). So $\text{ord}(x) \in \{3, 33\}$.
Prove every cyclic group is abelian.
Show solution
Let $G = \langle g \rangle$. Any two elements are $g^a, g^b$. Then $$g^a \cdot g^b = g^{a+b} = g^{b+a} = g^b \cdot g^a.$$ ∎
$D_5$ has order 10. What's the maximum element order? Is $D_5$ cyclic?
Show solution
$D_5$ contains rotations $\{e, r, r^2, r^3, r^4\}$ where $r$ has order 5, and reflections each of order 2. Max element order: 5.
For $D_5$ to be cyclic, it would need an element of order 10. None exists. Hence $D_5$ is not cyclic.
If $\text{ord}(a) = n$ and $a^m = e$, prove $n \mid m$.
Show solution
Write $m = qn + r$ with $0 \leq r < n$. Then $$e = a^m = a^{qn + r} = (a^n)^q \cdot a^r = e^q \cdot a^r = a^r.$$ So $a^r = e$ with $r < n$. By minimality of $n$, $r = 0$, hence $n \mid m$. ∎
In $\mathbb{Z}_{30}$, find $\text{ord}(21)$. List all other elements with the same order.
Show solution
$\text{ord}(a) = 30/\gcd(a, 30)$. $\gcd(21, 30) = 3$. So $\text{ord}(21) = 10$.
Elements with order 10: those with $\gcd(a, 30) = 3$, i.e., $a$ divisible by 3 but not by 2 or 5. Multiples of 3 in $\{1,\ldots,29\}$: $\{3, 6, 9, 12, 15, 18, 21, 24, 27\}$. Filter out multiples of 2: remove $\{6, 12, 18, 24\}$. Filter out multiples of 5: remove $\{15\}$. Remaining: $\{3, 9, 21, 27\}$.
A ring $R$ is Boolean if $a^2 = a$ for all $a$. Show every Boolean ring is commutative.
Show solution
For any $a$: $(a+a)^2 = a + a$. Expand: $(a+a)^2 = a^2 + a^2 + a^2 + a^2 = 4a$ (using $a^2 = a$). So $4a = 2a$, hence $2a = 0$, i.e., $a + a = 0$, i.e., $-a = a$.
Now $(a+b)^2 = a+b$. Expand: $a^2 + ab + ba + b^2 = a + ab + ba + b$. So $ab + ba = 0$, hence $ab = -ba = ba$. Commutative. ∎
Show that $\{a + ib\sqrt 2 : a, b \in \mathbb{Z}\}$ is a ring. Find the units.
Show solution
Closure under addition obvious. For multiplication: $(a+ib\sqrt 2)(c+id\sqrt 2) = ac - 2bd + i(ad+bc)\sqrt 2$, still in the form. Inherits associativity and distributivity from $\mathbb{C}$. Identity: $1 = 1 + 0\cdot i\sqrt 2$. So it's a (commutative) ring with identity.
Units: Norm $N(a+ib\sqrt 2) = a^2 + 2b^2$ is multiplicative: $N(zw) = N(z)N(w)$. If $z$ is a unit, $N(z) \cdot N(z^{-1}) = N(1) = 1$ in $\mathbb{Z}_{\geq 0}$, so $N(z) = 1$. Thus $a^2 + 2b^2 = 1$ forces $b = 0, a = \pm 1$. Units: $\{1, -1\}$.
Show $(-1)a = -a$ in any ring with identity.
Show solution
$a + (-1)a = 1\cdot a + (-1)\cdot a = (1 + (-1))a = 0 \cdot a = 0$. By uniqueness of additive inverse, $(-1)a = -a$. ∎
Compute $(3x^2+2x-4)(4x^2+2)$ in $\mathbb{Z}_5[x]$.
Show solution
Reduce $-4 \equiv 1$: $(3x^2+2x+1)(4x^2+2)$. Expand:
- $3x^2 \cdot 4x^2 = 12x^4 \equiv 2x^4$.
- $3x^2 \cdot 2 = 6x^2 \equiv x^2$.
- $2x \cdot 4x^2 = 8x^3 \equiv 3x^3$.
- $2x \cdot 2 = 4x$.
- $1 \cdot 4x^2 = 4x^2$.
- $1\cdot 2 = 2$.
List all units in: (a) $\mathbb{Z}_{10}$, (b) $\mathbb{Z}_{12}$, (c) $\mathbb{Z}_7$.
Show solution
(a) $\gcd(k, 10) = 1$ for $k \in \{1, 3, 7, 9\}$.
(b) $\gcd(k, 12) = 1$ for $k \in \{1, 5, 7, 11\}$.
(c) $7$ is prime, so $\{1, 2, 3, 4, 5, 6\}$ — all nonzero elements.
Find $5^{-1}$ in $\mathbb{Z}_6$ if it exists. Find a non-unit. Is $\mathbb{Z}_6$ a field?
Show solution
$\gcd(5,6) = 1$, so $5$ is a unit. Try: $5\cdot 5 = 25 \equiv 1 \pmod 6$. So $5^{-1} = 5$.
Non-unit: $2$ (since $\gcd(2,6)=2$). Verify: $2\cdot 1=2, 2\cdot 2=4, 2\cdot 3 = 0, \ldots$ never $1$.
Not a field — $2, 3, 4$ are non-units.
(GATE-2024) Find $|GL_2(\mathbb{F}_3)|$, the number of invertible $2\times 2$ matrices over $\mathbb{F}_3$.
Show solution
An invertible $2\times 2$ matrix has linearly independent rows.
- First row: any nonzero vector in $\mathbb{F}_3^2$: $3^2 - 1 = 8$ choices.
- Second row: any vector not a scalar multiple of the first. There are $3^2 = 9$ vectors total; $3$ are scalar multiples of the first (including $0$). So $9 - 3 = 6$ choices.
Total: $8 \cdot 6 = \boxed{48}$.
Prove $1 + 2x$ is a unit in $\mathbb{Z}_4[x]$.
Show solution
Compute $(1+2x)(1-2x) = 1 - 4x^2 \equiv 1 \pmod 4$. So $(1+2x)^{-1} = 1 - 2x$. ✓
(Note: in $\mathbb{Z}_4$, $-2 \equiv 2$, so $1 - 2x = 1 + 2x$ in coefficients; either way, the inverse exists.)
Is $g=2$ a primitive root in $\mathbb{Z}_{13}^*$? Compute $2^n \bmod 13$ for $n=1,\ldots,12$.
Show solution
$2^1=2, 2^2=4, 2^3=8, 2^4=16\equiv 3, 2^5=6, 2^6=12, 2^7=24\equiv 11, 2^8=22\equiv 9, 2^9=18\equiv 5, 2^{10}=10, 2^{11}=20\equiv 7, 2^{12}=14\equiv 1$.
All 12 distinct nonzero residues mod 13. So $\text{ord}(2) = 12 = |\mathbb{Z}_{13}^*|$, hence $2$ is a primitive root.
$p=13, g=2$. Alice picks $a=4$, Bob picks $b=3$. Compute $A, B$, and the shared key.
Show solution
$A = 2^4 \bmod 13 = 3$. $B = 2^3 \bmod 13 = 8$.
Alice: $K = B^a \bmod 13 = 8^4 \bmod 13$. $8^2 = 64 \equiv 12$, $8^4 \equiv 12^2 = 144 \equiv 1$.
Bob: $K = A^b \bmod 13 = 3^3 = 27 \equiv 1$.
Shared key $K = 1$.
Eve sees $p=13, g=2, A=3, B=8$. Find $a$ and the shared key $K$. Why isn't this practical for 2048-bit $p$?
Show solution
From the table, $2^4 \equiv 3$, so $a = 4$. Then $K = B^a = 8^4 \equiv 1 \pmod{13}$.
For 2048-bit $p$, $\mathbb{Z}_p^*$ has $\sim 2^{2048}$ elements; exhaustive search is computationally infeasible. The Discrete Log Problem has no known polynomial-time algorithm, which underpins DH's security.
Which of these are fields? (a) $\mathbb{Z}_{18}$, (b) $\mathbb{Q}(\sqrt 2)$, (c) $\mathbb{Z}[\sqrt 3]$, (d) $\mathbb{Z}_3[i]$.
Show solution
- (a) Not a field. $18 = 2\cdot 3^2$ composite; $\mathbb{Z}_{18}$ has zero divisors.
- (b) Field. Inverse of $a + b\sqrt 2$ is $\frac{a - b\sqrt 2}{a^2 - 2b^2}$, in $\mathbb{Q}(\sqrt 2)$.
- (c) Not a field. Inverse of $\sqrt 3$ would be $1/\sqrt 3$, not in $\mathbb{Z}[\sqrt 3]$.
- (d) Field of size $9$. Need $x^2 + 1$ to be irreducible over $\mathbb{F}_3$ — it is, since $0^2+1=1, 1^2+1=2, 2^2+1=5\equiv 2$, no roots. So $\mathbb{Z}_3[i] \cong \mathbb{F}_9$.
- Group axioms checklist: closure → associativity → identity → inverse. Don't skip any.
- $\mathbb{Z}_n^*$ has $\varphi(n)$ elements, all coprime to $n$.
- Lagrange: order of subgroup / element divides order of group.
- Cyclic generators of $\mathbb{Z}_n$ are exactly those $k$ with $\gcd(k,n)=1$ — there are $\varphi(n)$ of them.
- Fields = "no zero divisors AND every nonzero has inverse." $\mathbb{Z}_p$ is a field for $p$ prime, never for $p$ composite.
- Primitive root test: for each prime $q \mid p-1$, check $g^{(p-1)/q} \not\equiv 1$.
- DH security rests entirely on DLP being hard. If anyone can compute discrete logs efficiently, DH is broken.