Abstract Algebra LN

Introduction to Abstract Algebra
4CCM121A/5CCM121B
2016 – 2017 Lecture Notes
Lecturer: Dr Payman Kassaei

Contents
1 Introduction 5
1.1 What is abstract algebra? . . . . . . . . . . . . . . . . . . . . 5
1.2 Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Logic and proofs . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.4 Mathematical induction . . . . . . . . . . . . . . . . . . . . . 9
1.5 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 The integers 13
2.1 The Division Algorithm . . . . . . . . . . . . . . . . . . . . . 13
2.2 The Euclidean Algorithm . . . . . . . . . . . . . . . . . . . . . 15
2.3 Relatively prime integers . . . . . . . . . . . . . . . . . . . . . 18
2.4 Linear Diophantine equations . . . . . . . . . . . . . . . . . . 19
2.5 Prime factorization . . . . . . . . . . . . . . . . . . . . . . . . 23
3 Binary operations 29
3.1 Binary operations . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.2 Composition of functions . . . . . . . . . . . . . . . . . . . . . 33
3.3 Arithmetic modulo n . . . . . . . . . . . . . . . . . . . . . . . 35
4 Groups 41
4.1 Definition of a group . . . . . . . . . . . . . . . . . . . . . . . 41
4.2 Examples of groups . . . . . . . . . . . . . . . . . . . . . . . . 42
4.3 Permutation groups . . . . . . . . . . . . . . . . . . . . . . . . 46
4.4 Basic properties of groups . . . . . . . . . . . . . . . . . . . . 53
4.5 Powers of group elements . . . . . . . . . . . . . . . . . . . . . 56
4.6 Orders of group elements . . . . . . . . . . . . . . . . . . . . . 59
4.7 Subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
4.8 Cyclic groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.9 Cosets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
4.10 Lagrange’s Theorem . . . . . . . . . . . . . . . . . . . . . . . 75
4.11 Product groups . . . . . . . . . . . . . . . . . . . . . . . . . . 79
3
4 CONTENTS
4.12 Homomorphisms . . . . . . . . . . . . . . . . . . . . . . . . . 81
5 Rings 93
5.1 Definition of a ring . . . . . . . . . . . . . . . . . . . . . . . . 93
5.2 Examples of rings . . . . . . . . . . . . . . . . . . . . . . . . . 94
5.3 Basic properties of rings . . . . . . . . . . . . . . . . . . . . . 98
5.4 Subrings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
5.5 Groups of units . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5.6 Types of rings . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
5.7 Matrix rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
5.8 Ring homomorphisms . . . . . . . . . . . . . . . . . . . . . . . 111
5.9 The Chinese Remainder Theorem . . . . . . . . . . . . . . . . 115
5.10 Polynomial rings . . . . . . . . . . . . . . . . . . . . . . . . . 120
Chapter 1
Introduction
1.1 What is abstract algebra?

Abstract algebra is the study of algebraic structures. What then are “alge-
braic structures”? These are sets with binary operations satisfying certain
properties (or ”axioms”). Recall that a binary operation on a set S is a rule
that assigns an element of S to each ordered pair of elements of S. The binary
operation might be denoted ⇤, and then the element it assigns to the pair a
and b would be denoted a ⇤ b. (We say ordered pair because the order may
matter; a⇤b might not be the same as b⇤a.) We’ll return to binary operations
later. First let’s consider some examples of sets with binary operations that
turn out to be nice algebraic structures:
• Z (the set of integers) equipped with the operations + (addition) and
· (multiplication). Similarly, we could consider other familiar number
systems: Q (rational numbers), R (real numbers), C (complex num-
bers) with their addition and multiplication operations.
• the set of 2 ⇥ 2 real matrices (denoted M2 (R)) with the operations of
matrix addition and matrix multiplication. Recall that matrix addition
for 2 ⇥ 2-matrices is given by the formula:
✓ ◆ ✓ 0 0 ◆ ✓ ◆
a b a b a + a0 b + b 0
+ = ,
c d c0 d 0 c + c0 d + d 0
and matrix multiplication by
✓ ◆✓ 0 0 ◆ ✓ 0 ◆
a b a b aa + bc0 ab0 + bd0
= .
c d c0 d 0 ca0 + dc0 cb0 + dd0
(Note that there’s no explicit symbol for matrix multiplication. We
just write AB for the output of this operation applied to A and B.)
5
6 CHAPTER 1. INTRODUCTION
• The set of symmetries of an equilateral triangle, with the operation of

“composition.” To compose two symmetries (e.g., a 120 rotation, and
reflection in an axis through a vertex), you apply one symmetry and
then the other. This always gives you another symmetry (in this case,
reflection in the axis through a di↵erent vertex— draw the picture), so
defines a binary operation. More on this example later. . .
The first two above are examples of rings; the third is a group. These are two
particular types of algebraic structures. There are other types of algebraic
structures, but these two are the most fundamental. We’ll focus mainly on
groups this semester. We’ll start with the precise definition of a group in
the abstract; i.e., we’ll give the axioms which must be satisfied by the binary
operation on S in order for S to be called a group. Then we’ll deduce general
consequences from the axioms, i.e., we’ll prove theorems about groups. This
is the abstraction, an important tool in mathematics, but almost worthless
without examples. So along the way we’ll consider lots of examples and see
how the theorems apply to them.
Before studying groups though, we’ll study the most familiar and funda-
mental ring, namely Z, the set of integers. We’ll be considering its algebraic
properties, i.e., how the integers behave with respect to addition and mul-
tiplication. I’ll assume the most basic properties of the integers. The rest
of this chapter and the beginning of the next comprise a review of material
I’m assuming you’ve seen before, including the fact (see Theorem 2.2.2) that
the gcd of a and b is also the least positive integer of the form ax + by for
x, y 2 Z. Recall also that in practice you can compute gcd(a, b) and find x
and y using the Euclidean Algorithm; see Examples 2.2.4 and 2.2.5.
1.2 Sets
A set is a collection of things, called elements or members of the set. Here
are some familiar sets with special names:
• The set of integers (or whole numbers) is denoted by Z.
• The set of natural numbers (or positive integers) is denoted by N.

(Note: Some texts include 0 in the set N. We will not.)
• The set of rational numbers is denoted by Q.
• The set of real numbers is denoted by R.

1.3. LOGIC AND PROOFS 7
• The set of complex numbers is denoted by C. (Recall that a complex

number has the form x + iy where x and y are real numbers and i is
a square root of 1. Such a number is represented in the “complex
plane” by the point in R2 with coordinates (x, y).)
• The set with no elements is called the empty set and denoted ;.
You can define a particular set by describing it in words, or by listing

its members in braces { }. For example, you could say B is the set of even
integers, or you could write:
B = {. . . , 4, 2, 0, 2, 4, 6, . . .}.
The notation x 2 A means that x is an element of A (for example, 7 2 Z),

and x 62 A means that x is not an element of A (for example, 1/2 62 Z).
If A and B are sets, then A is a subset of B if every element of A is also
an element of B. The notation for this is A ✓ B. For example, N ✓ Z. We
say is a proper subset of B (denoted A ( B) if A ✓ B but A 6= B. (I’m
also used to writing A ⇢ B to mean that A is a subset of B, but some texts
use this to mean that A is a proper subset of B. So I’ll try to avoid this
notation altogether, but I might sometimes forget.)
Another way to describe a set involves specifying properties of its mem-
bers. For example,
{n 2 N|n  3}
means the set of natural numbers N such that n  3. The symbol | is used
here to mean “such that.” (Some people use : instead of |.)
Let’s recall a few more definitions. Suppose that A and B are subsets
of a set C. The intersection of A and B, denoted A \ B, is the set of
elements of C which belong to both A and B. The union of A and B,
denoted A [ B is the set of elements of C which belong to A or B (or both).
The complement of A in C is the set of elements of C which do not belong
to A. This is written as C \ A. More generally we write B \ A for the set of
elements of B which do not belong to A. For example:
N \ {n 2 Z| 3  n  3 } = { 4, 5, 6, . . . }.
1.3 Logic and proofs

In mathematics, we try to state general facts about the objects we’re studying
(for example, the integers), and prove them by a logical sequence of steps
starting from our definitions and basic principles and facts we’ve already
proved. We record such a fact as a Proposition. A proposition of particular

importance is called a Theorem. A Corollary is a proposition which follows
immediately from another. A Lemma is a proposition whose role is mainly
as a tool to prove others.
Here is some standard terminology and notation from the language of
logic and proofs:
• P ) Q means “If P, then Q” (or “P implies Q”). For example, n 2

Z ) n2 + 1 2 N.
• P , Q” means “P if and only if Q,” i.e., both of the following hold:

P ) Q, and Q ) P.
• 8 means “for all.” For example, n2 + 1 2 N8n 2 Z.
• 9 means “there exists.”
• 9!” means “there exists a unique.” For example, 9!n 2 N such that
n2 < 3.
I’ll sometimes use symbols such as ) or 8 as shorthand during lectures, but

not often when writing out lecture notes.
Mathematical proofs may be short and sweet, or long and complicated.
There’s no simple set of rules to follow when trying to come up with a proof.
You might be able to arrive at a proof by “following your nose” from the
definitions, or the proof might require some creative or clever ideas, or the
assertion you’re trying to prove might just be false. It’s very important
to be able to recognize a complete and correct proof. Beware of gaps and
mistakes—be skeptical. It’s always useful to consider examples of the state-
ment you’re trying to prove. This might give you an idea of how to prove
the general statement, or they might provide a counterexample showing the
general statement is false.
There are some standard “techniques of proof.” One such technique is
“proof by induction” reviewed below. Another is “proof by contradiction.”
You start by assuming the assertion you want to prove is false, proceed to
deduce a contradiction, and thereby conclude that the assertion you want to
prove must be true. Here’s an example:
p
Proposition 1.3.1 The real number 2 is irrational.
p
Proof. Recall that 2 is defined as the positive real number x such that
x2 = 2. We want to prove that x 62 Q. Let us suppose this is false, i.e., that
x 2 Q. This means that there exist m, n 2 Z with n 6= 0 such that x = m/n.
1.4. MATHEMATICAL INDUCTION 9
Changing the sign of m and n if necessary, we may suppose that n 2 N. We

may further assume that n is the least positive integer such that x = m/n for
some m 2 Z. Since (m/n)2 = x2 = 2, it follows that m2 = 2n2 . In particular
m2 is even, and therefore m must also be even. (If m were odd, then m2
would also be odd, contradicting that m2 is even.) So we can write m = 2a
for some a 2 Z. Substituting this into m2 = 2n2 gives 4a2 = m2 = 2n2 , so
2a2 = n2 , So n2 is even, and therefore so is n. Writing n = 2b for some b 2 Z,
we see that m/n = 2a/2b = a/b. Moreover 0 < b < n, contradicting our
assumption that n is the least positive integer such that x = m/n for some
m 2 Z. This contradiction shows that our initial assumption that x 2 Q
must be false. Therefore x is irrational. ⇤
(The symbol ⇤ is used to mark the end of a proof.)
1.4 Mathematical induction

We take for granted some basic properties of the integers Z. In particular, we
assume the existence and basic properties of the multiplication and addition
operations; for example, they satisfy the distributive law a(b+c) = ab+ac for
all a, b, c 2 Z. The integers also have an ordering: for any a, b 2 Z, exactly
one of the following three things is true: a < b, a = b, or a > b. Recall that
a  b means “a < b or a = b.” We assume basic properties of the ordering
as well, for example: If a  b and b  c, then a  c. So far, everything I’ve
said is true for the real numbers R as well, but Z has the following special
property:
The Well-ordering Principle1 : Every non-empty subset of Z that is
bounded below has a least element.
Recall that a subset A ✓ Z is bounded below if there exists n 2 Z such
that n  a for all a 2 A. Such an n is called a lower bound for A, and a
least element of A is an element of A which is also a lower bound for A. For
example, if A is any subset of N, then 1 is a lower bound for A, so A has a
least element. We see also that if A is a subset of Z which is bounded above,
then it has a greatest element. (Consider the set B = { b 2 Z | b 2 A }.
Check that B is bounded below, hence has a least element, the negative of
which is a greatest element for A.)
The principle of mathematical induction is based on the Well-Ordering
Principle.
Theorem 1.4.1 Suppose that P (n) is an assertion for each n 2 N. If

p
1
We actually already used this and other basic properties of Z in the proof that 2 is
irrational.
1. P (1) is true, and
2. for every integer n > 1, we have
P (1), P (2), . . . , P (n 1) ) P (n),
then P (n) is true for all n 2 N.

Proof. Let A be the set of positive integers n for which P (n) is false. We
want to show that A = ;. Suppose instead that A is non-empty. Then, by
the well-ordering principle, it has a least element m. Since P (1) is true, we
know that m > 1. Since m is the least element of A, we know that none of
1, 2, . . . , m 1 are elements of A. This means that P (1), P (2), . . . , P (m 1)
are all true. Therefore P (m) is true as well, a contradiction to our assumption
that m 2 A. Therefore A is empty, i.e., P (n) is true for all n 2 N. ⇤
A “proof by induction” is one which uses the above theorem. In order
to apply the theorem, we need to show that the hypotheses apply in our
situation, namely 1) that P(1) is true, and 2) that P (1), . . . , P (n 1) ) P (n)
for all n > 1. It is important to be very clear about what the assertion P (n)
is. (It may be the actual statement of the proposition, or it might be some
intermediate or partial result instead.) Often we just prove the stronger
hypothesis that P (n 1) ) P (n) for all n > 1. Since this implies 2) above,
we can still apply the theorem to conclude P (n) for all n 2 N. Note also that
we could just as well prove an assertion P (n) for all n 0 by showing 1)
that P (0) is true and 2) that P (0), . . . , P (n 1) ) P (n) for all n > 0. This
version of the induction principle can be proved in exactly the same way as
the preceding theorem, or deduced from it by applying the theorem to Q(n),
where Q(n) is the assertion P (n 1). In fact there’s nothing special about
0 or 1. For example, you could use mathematical induction to prove that an
assertion holds for all integers n 27.
1.5 Functions
Finally recall that a function from a set A to a set B is a rule that assigns
exactly one element of B to each element of A. We write f : A ! B to
mean that f is a function from A to B, and for a 2 A, we write f (a) for the
element of B that the function assigns to a. A function is often defined by a
formula. Consider for example the function f : R ! R defined by f (x) = x2 .
Note that some elements of B may be assigned to more than one element of
A, or to none at all. In the example of f (x) = x2 , we have f ( 3) = f (3) = 9,
but there is no x 2 R such that f (x) = 1.
1.5. FUNCTIONS 11
Recall that if A and B are sets, a function from A to B is a rule that

assigns exactly one element of B to each element of A. We write f : A ! B
to indicate that f is a function from A to B. The set A is called the domain
of f ; the set B is called the codomain (or target) of f . We write f (a) (read
“f of a”) for the element of B which f assigns to a; f (a) is called the value
of f at a. Here are a few examples:
• the function f : Z ! Z defined by f (n) = 2n + 1;
• the sine function sin : R ! R;
• the sign function sign : R ! {1, 1} defined by

⇢
1, if x > 0;
sign(x) =
1, if x < 0;
p
• the modulus function | | from C to R defined by |x + iy| = x2 + y 2 .
You can think an element a in the domain A as “input” for the function a,
and the value f (a) 2 B as “output.” You might also sometimes think of f
as a “mapping” from A to B and represent it in a diagram by an arrow from
A to B.
Note that di↵erent elements of A can be assigned the same value in B;
for example sin 0 = sin ⇡ = 0. Also, not every element of b needs to be a
value of the function; for example, there is no x 2 R such that sin x = 2.
What is required is that for each a 2 A, there is exactly one element of B
which we call f (a). So some non-examples of functions are
• f : R ! R defined by f (x) = 1/x, as it is not defined for x = 0;
• g : R ! Z defined by g(x) is the nearest integer to x, since the nearest

integer to x = 1/2, for example, is not unique.
Some functions do have the property that no two distinct elements of the
domain are assigned the same value; i.e., if a and a0 are assigned the same
value by f , then a = a0 . Such functions are called injective is one-to-one.
Def inition 1.5.1 Suppose that f is a function from A to B. We say f is

injective if it has the following property:
a, a0 2 A, f (a) = f (a0 ) ) a = a0 .
For example, the function f : Z ! Z defined by f (n) = 2n + 1 is injective

since if m, n 2 Z and 2m+1 = 2n+1, then m = n. The function sin : R ! R
is not injective.
Likewise, some functions have the property that every element of the
codomain B is a value of the function. Such functions are called surjective
or onto.

surjective if it has the following property:
b2B ) b = f (a) for some a 2 A.
For example, the function sign : R ! {±1} is surjective, but sin : R ! R is

not. We can also express this in terms of the set of values of the function,
called its range.
Def inition 1.5.3 Suppose that f is a function from A to B. The set
f (A) = { b 2 B | b = f (a) for some a 2 A } = { f (a) | a 2 A }
is called the range (or image) of f .
Observe the notation: instead of putting an element a of the domain in the

parentheses following f , we use the set A. While the value f (a) is an element
of the codomain B, the range f (A) is a subset of B. For example, if f : Z ! Z
is defined by f (n) = 2n+1, then the range of f is the set of odd integers. The
range of sin : R ! R is the closed interval [ 1, 1] = { x 2 R | 1  x  1 }.
A function f : A ! B is surjective if and only if f (A) = B, so neither of
these functions is surjective.
Def inition 1.5.4 A function f : A ! B is bijective if it is both injective

and surjective.
An example of a bijective function if the function f : R ! R defined by

f (x) = 2x + 1. It is injective since 2x + 1 = 2y + 1 ) 2x = 2y ) x = y. It
is surjective since if y 2 R, then y = f ((y 1)/2) is in the range of f .
Functions are sometimes described by formulas without specifying their
domain and codomain; for example, we might just write f (x) = 1/x. In that
case, it’s implicitly understood that the domain is the set of x 2 R such that
f (x) is defined (R \ {0} in this example) and the codomain is R. But for
the notions we’ll be discussing, such as bijectivity, it’s important to be clear
about the domain and codomain of the function.
Chapter 2
The integers
2.1 The Division Algorithm

Recall the definition of divisibility: Suppose that m, n 2 Z. We say m is
divisible by n (written n|m) if m = nk for some k 2 Z. We say also that
n is a divisor of m, and m is a multiple of n. The proof of the following
basic properties of divisibility is left as an exercise:
Proposition 2.1.1 Suppose that a, b, c, d 2 Z and n 2 N.
1. If a|b and b|c, then a|c.
2. If a|n, then a  n.
3. If n|a and n|b, then n|(ac + bd).
The following theorem is known as the Division Algorithm1 :
Theorem 2.1.2 Suppose that m 2 Z and n 2 N. Then there exist q, r 2 Z

such that both of the following hold:
1. m = qn + r, and
2. 0  r < n.
Moreover, q and r are the unique pair of integers such that these both hold.
1
An “algorithm” for finding quotients and remainders for integer division is embedded
in its proof. As an algorithm though it’s rather inefficient. You learned a more practical
method of finding q and r in primary school.
13
14 CHAPTER 2. THE INTEGERS
Proof. Let P (m) be the “existence” assertion, i.e., that there exist q, r 2 Z
such that 1) m = qn+r, and 2) 0  r < n. We first prove P (m) for m 0 by
induction on m (where n is now an arbitrary fixed positive integer). We start
the induction argument by noting not only that P (0) is true, but indeed that
P (0), P (1), . . . , P (n 1) are all true, for if 0  m < n, then we can take q = 0
and r = m. Now suppose that m n and that P (0), P (1), . . . , P (m 1) are
all true. Let m0 = m n. Then 0  m0 < m, so P (m0 ) is true. This means
we can write:
m0 = q 0 n + r 0 for some q 0 , r0 2 Z with 0  r0 < n.
Since m = n + m0 , we therefore have
m = n + q 0 n + r0 = (1 + q 0 )n + r0 = qn + r,
where q = q 0 + 1 and r = r0 . Since q, r 2 Z and 0  r = r0 < n, we conclude

that P (m) is true. The principle of induction now shows that P (m) is true
for all integers m 0.
Now suppose m < 0. Then m > 0, so we have already proved that
P ( m) is true. This means that there are integers q 0 , r0 such that
m = q 0 n + r0 and 0  r0 < n.
If r0 = 0, then we have m = qn + r where q = q 0 and r = 0, so P (m) is

true. On the other hand if 0 < r0 < n, then we have
m= q0n r0 = n q0n + n r0 = qn + r
where q = 1 q 0 and r = n r0 . Note that q, r 2 Z and 0  r < n, so

P (m) is true in this case as well. We have now shown that P (m) is true for
all m 2 Z.
We still need to prove the “uniqueness” assertion. Suppose we have two
pairs of integers, say q1 , r1 and q2 , r2 , so that 1) and 2) hold; i.e.,
m = q1 n + r1 = q2 n + r2 and 0  r1 , r2 < n.
We have to prove that q1 = q2 and r1 = r2 . We first show that r1 = r2 .

Suppose that r1 6= r2 . Without loss of generality, we can assume r1 < r2 .
Then 0 < r2 r1  r2 < n, but r2 r1 = (q1 q2 )n is a multiple of n, a
contradiction. Therefore r1 = r2 . Now it follows that (q1 q2 )n = 0, and
since n 6= 0, we conclude that q1 q2 = 0, so q1 = q2 . ⇤
2.2. THE EUCLIDEAN ALGORITHM 15
2.2 The Euclidean Algorithm

Def inition 2.2.1 Suppose a and b are integers, not both zero. Then the
greatest common divisor of a and b, denoted gcd(a, b), is the greatest
integer which divides both a and b. Thus g = gcd(a, b) if the following hold:
1. g|a and g|b, and
2. if d|a and d|b, then d  g.
For example, gcd(114, 42) = 6 since the (positive) divisors of 42 are 1, 2, 3,

6, 7, 14, 21 and 42, and those which also divide 114 are 1, 2, 3 and 6.
The following theorem gives two important properties of the gcd:
Theorem 2.2.2 Suppose that a, b 2 Z and that a and b are not both zero,
and let g = gcd(a, b). Then
1. g is the least positive integer of the form ax + by with x, y 2 Z;
2. if d|a and d|b, then d|g.
Proof. Let S be the set of positive integers n such that n = ax + by for

some x, y 2 Z. Then S is non-empty; for example |a| + |b| 2 S. So by the
Well-Ordering Principle, S has a least element, say m. Thus m is the least
positive integer of the form ax + by with x, y 2 Z.
We will show that 1) m|a and m|b, and 2) d|a and d|b ) d|m. Since
d|m ) d  m (as m > 0), it follows that m is in fact gcd(a, b) = g, and we
will have proved both parts of the theorem.
1) Let us prove that m|a. By Thm. 2.1.22 , a = mq + r for some q, r 2 Z,
and 0  r < m. We will prove by contradiction that r = 0. Suppose that
r > 0. Since m = ax + by for some x, y 2 Z, we have
r = a mq
= a (ax + by)q
= a(1 xq) + b( yq).
We have now written r in the form ax0 + by 0 for some x0 , y 0 2 Z. So if r

is positive, then r 2 S. But then r < m, contradicting that m is the least
element of S. We therefore conclude that r = 0 and a = mq is divisible by
m. The proof that m|b is similar.
2
This is a standard trick for proving divisibility: apply the Division Algorithm and
show the remainder has to be 0.
2) Since m = ax + by for some x, y 2 Z, it follows that if d|a and d|b,

then d|m (Prop. 2.1.1, part 3). ⇤
In the example of a = 114, b = 42, we could take x = 3, y = 8. Note
that there are other possible values of x and y; for example, x = 4, y = 11.
We’ll see later how to find all possible values of x and y.
You may have seen a di↵erent proof of Thm. 2.2.2 using the Euclidean
Algorithm. The Euclidean algorithm is a nice efficient way of computing
gcd(a, b) without having to find all the divisors of a and b. It works by
repeatedly applying the Division Algorithm (Thm. 2.1.2). Let’s assume that
b > 0 (we can swap a and b or change their signs without changing their
gcd).
We begin by dividing a by b to get a = qb + r with q, r 2 Z and 0  r < b.
Since we’re going to iterate this process, let q1 = q and r1 = r. Now divide
b by r1 to get b = q2 r1 + r2 with q2 , r2 2 Z, 0  r2 < r1 . Next divide r1 by
r2 to get r1 = q3 r2 + r3 with q3 , r3 2 Z, 0  r3 < r2 . Keep repeating this as
long as ri > 0, so having found r1 > r2 > · · · > ri 1 > ri , the (i + 1)st step
in the process gives
ri 1 = qi+1 ri + ri+1 with 0  ri+1 < ri .
Since the remainders keep decreasing, we must eventually get rn = 0 for some
n > 0.
To illustrate the roles of a and b in starting the process, we could let
r 1 = a and r0 = b, so that our sequence of equations now reads:
r 1 = q1 r 0 + r1
r0 = q2 r 1 + r2
r1 = q3 r 2 + r3
..
.
rn 3 = qn 1 rn 2 + rn 1
rn 2 = qn r n 1
with r0 > r1 > · · · > rn 1 > rn = 0.

Then the last non-zero remainder, namely rn 1 , turns out to be gcd(a, b).
To see why this works, note the following:
Proposition 2.2.3 If a, b, c, k 2 Z with b 6= 0 and a = kb+c, then gcd(a, b) =

gcd(b, c).
Proof. If d|a and d|b, then d|c since c = a bk. So if d is a common divisor
of a and b, then it is a common divisor of a and c as well. Similarly, if d|b
2.2. THE EUCLIDEAN ALGORITHM 17
and d|c, then d|a (and d|b), so in fact the common divisors of a and b are the
same as the common divisors of b and c. Therefore gcd(a, b) = gcd(b, c). ⇤
In view of the equations ri 1 = qi+1 ri + ri+1 for i = 0, . . . , n 2, the
proposition shows that
gcd(a, b) = gcd(r 1 , r0 ) = gcd(r0 , r1 ) = · · · = gcd(rn 2 , rn 1 ).
Since rn 1 |rn 2 , we have gcd(rn 2 , rn 1 ) = rn 1 .
Example 2.2.4 We work through the Euclidean algorithm for a = 114,
b = 42:
114 = 2 · 42 + 30
42 = 1 · 30 + 12
30 = 2 · 12 + 6
12 = 2 · 6 + 0.
So the last non-zero remainder is 6, and indeed gcd(114, 42) = 6.
The Euclidean algorithm also provides an algorithm for finding integers
x and y so that gcd(a, b) = ax + by. Note that we can rewrite the first n 1
equations of the Euclidean Algorithm, in reverse order, as:
rn 1 = rn 3 qn 1 r n 2
rn 2 = rn 4 qn 2 r n 3
..
.
r 2 = r 0 q2 r 1
r 1 = r 1 q1 r 0 .
Since gcd(a, b) = rn 1 , the first equation gives gcd(a, b) in terms of rn 3 and
rn 2 . Using the next equation to substitute for rn 2 , we get gcd(a, b) in terms
of rn 4 and rn 3 . Iterating this, we eventually get it in terms of r 1 = a and
r0 = b.
Example 2.2.5 Again consider a = 114, b = 42. “Unwinding” the equa-
tions from Example 2.2.4 gives:
6 = 30 2 · 12
12 = 42 30
30 = 114 2 · 42.
Substituting each equation into the previous one gives:
6 = 30 2 · 12
= 30 2 · (42 30) = 2 · 42 + 3 · 30
= 2 · 42 + 3(114 2 · 42) = 3 · 114 8 · 42.
So we get 6 = gcd(114, 42) in the form 114x 42y by taking x = 3, y = 8.
2.3 Relatively prime integers

The following notion is a useful one when working with divisibility:
Def inition 2.3.1 Suppose that a, b 2 Z and that a and b are not both zero.
We say that a and b are relatively prime if gcd(a, b) = 1.
For example, 15 and 28 are relatively prime. The integers 114 and 42 are not
relatively prime.
We have the following corollaries of Thm. 2.2.2 (recall this says gcd(a, b)
is the least positive integer of the form ax + by with x, y 2 Z):
Corollary 2.3.2 Suppose that a, b 2 Z, not both 0. Then a and b are rela-
tively prime if and only if ax + by = 1 for some x, y 2 Z.
Before explaining why this is immediate from Thm. 2.2.2, let’s read the
statement of the corollary carefully. Note that the conclusion is of the form
P if and only if Q, so we have to prove two things: 1) if P is true (for the
integers a and b), then Q is also true, and 2) if Q is true, then so is P. Let’s
prove 1): P is the statement that a and b are relatively prime. According
to Def. 2.3.1, this means that gcd(a, b) = 1. Thm. 2.2.2 then says that 1
is the least positive integer of the form ax + by. Therefore Q is true. Now
let’s prove 2): If ax + by = 1 for some x, y 2 Z, then 1 is certainly the least
positive integer of the form ax+by with x, y 2 Z. Applying Thm. 2.2.2 again
shows that gcd(a, b) = 1, i.e., that is true.
Corollary 2.3.3 Suppose that a, b 2 Z, not both 0. Let g = gcd(a, b). Then
a/g and b/g are relatively prime.
Proof. By Thm. 2.2.2, g = ax + by for some x, y 2 Z, so 1 = a

g
·x+ b
g
· y.
Now Cor. 2.3.2 shows that ag and gb are relatively prime. ⇤
For example, gcd(114, 42) = 6, so 19 = 114/6 and 7 = 42/6 are relatively
prime.
Corollary 2.3.4 Suppose that a, b, c 2 Z with a and b relatively prime. If
a|bc, then a|c.
Proof. Since a and b are relatively prime, we have ax + by = 1 for some
x, y 2 Z. Multiplying through by c gives acx + bcy = c, so if a|bc, then a
divides both terms of acx + bcy, so a|c. ⇤
Note that we need the assumption that a and b are relatively prime. For
example, if a = 6, b = 2 and c = 3, then a|bc, but neither b or c is divisible
by a.
2.4. LINEAR DIOPHANTINE EQUATIONS 19
Corollary 2.3.5 Suppose that a, b, c 2 Z with a and b relatively prime. If

a|c and b|c, then ab|c.
Proof. If b|c, then c = bm for some m 2 Z. If also a|c, then a|bm. Since
a and b are relatively prime, Cor. 2.3.4 implies that a|m. This means that
m = an for some n 2 Z. Therefore c = abn, so c is divisible by ab. ⇤
Again, note that it’s not always the case that if a|c and b|c, then ab|c.
(Take for example a = b = c = 2.) We need a and b to be relatively prime to
draw this conclusion.
2.4 Linear Diophantine equations

A linear Diophantine equation (in two variables) is an equation of the form
ax + by = c,
where a, b, c 2 Z and we regard x and y as variables taking only integer

values. (It is linear because the graph is a line; Diophantine, after the Greek
mathematician Diophantus, refers to the restriction to integer values.)
We will now show how to determine whether a given linear Diophantine
equation has solutions, and develop an algorithm for finding them whenever
it does.
Theorem 2.4.1 Suppose that a, b, c 2 Z and that a and b are not both zero.
Then the equation ax+by = c has solutions x, y 2 Z if and only if gcd(a, b)|c.
Proof. Suppose first that ax + by = c has a solution with x, y 2 Z. Let

g = gcd(a, b). Since g|a and g|b, we have g|(ax + by) = c by Prop. 2.1.1.
Conversely3 , suppose that g|c. This means that c = gk for some k 2 Z.
By Thm. 2.2.2, we know that g = am + bn for some m, n 2 Z. Multiplying
this by k gives
c = gk = (am + bn)k = a(mk) + (nk).
Since mk and nk are integers, we’ve shown that ax+by = c for some x, y 2 Z
(namely x = mk and y = nk). ⇤
3
Recall the “if and only if” means each assertion implies the other. We’ve just shown P
) Q. Now we have to prove the converse, that Q ) P, i.e., that if g|c, then the equation
has integer solutions.
Example 2.4.2 Consider the equation 114x + 42y = 660. We know that
gcd(114, 42) = 6 (see Example 2.2.4) and 6|660, the equation has solutions.
The Euclidean Algorithm gives 114 · 3 + 42 · ( 8) = 1 (see Example 2.2.5).
Multiplying through by 660/6 = 110 gives
114 · 330 + 42 · ( 880) = 660,
so x = 330, y = 880 is a solution.
Example 2.4.3 The equation 21x+35y = 900 has no integer solutions since
900 is not divisible by gcd(21, 35) = 7.
Example 2.4.4 If a = 0 (but b 6= 0), then ax + by = c becomes by = c,

which has integer solutions if and only if b|c. This is consistent with the
statement of the theorem since gcd(0, b) = b.
Now we explain how to find all the solutions assuming we’ve found one.
Theorem 2.4.5 Suppose that a, b, c 2 Z and that g = gcd(a, b). If x = x0 ,

y = y0 is an integer solution to ax + by = c, then all the integer solutions of
ax + by = c are given by
b a
x = x0 + k · , y = y0 k· for k 2 Z.
g g
Proof. We first observe that if x = x0 , y = y0 is an integer solution to

ax + by = c, then so is x = x0 + k · gb , y = y0 k · ag since
✓ ◆ ✓ ◆
b a kab kab
a x0 + k · + b y0 k· = ax0 + + by0 = ax0 + by0 = c.
g g g g
Next we show that if x, y 2 Z is a solution of the equation ax + by = c,

then it has the required form. Since ax0 +by0 = c, we can rewrite the equation
as ax + by = ax0 + by0 , which is equivalent to a(x x0 ) = b(y0 y). Dividing
through by g = gcd(a, b) gives ag (x x0 ) = gb (y0 y). Therefore gb (y0 y) is
divisible by ag . Since g = gcd(a, b), we know by Cor. 2.3.3, we know that ag
and gb are relatively prime. So by Cor. 2.3.4, we know that y0 y is divisible
by ag . This means that y0 y = k · ag for some k 2 Z, which implies that
y = y0 k · ag . Substituting y0 y = k · ag into the equation ag (x x0 ) = gb (y0 y)
gives
a b a
(x x0 ) = · k · ,
g g g
2.4. LINEAR DIOPHANTINE EQUATIONS 21
which implies4 that x x0 = k · gb . We have now shown that for x, y to be a

solution, we must have
b a
x = x0 + k · , y = y0 k· for k 2 Z.
g g
⇤
Example 2.4.6 Let’s apply this to find all solutions of 114x+42y = 660. We
already found one solution in Example 2.4.2, namely x0 = 330, y0 = 880.
Since a/g = 19, b/g = 7, Thm. 2.4.5 gives all the solutions as:
x = 330 + 7k, y= 880 19k for k 2 Z.
We might also want to find solutions subject to some constraints. For

example, we might be looking for solutions where x and y are positive, or
non-negative. This translates into solving the corresponding inequalities to
find suitable values of k (if there are any).
Example 2.4.7 Let’s find all solutions of 114x + 42y = 660 with x, y 2 N
(the set of positive integers). From Example 2.4.6, this translates into the
inequalities
x = 330 + 7k > 0, y = 880 19k > 0.
Solving the first inequality for k gives 7k > 330, so k > 330/7 ⇡ 47.1.
Solving the second gives 19k < 880, so k < 880/19 ⇡ 46.3. The only
integer satisfying these inequalities is k = 47. Substituting this into the
formulas for x and y gives the solution:
x = 1, y = 13.
We now sum up the method for solving ax + by = c with x, y 2 Z.

1. Use the Euclidean algorithm to find g = gcd(a, b). If g - c, then there
are no solutions (Thm. 2.4.1).
2. If g|c, then “unwind” the equations from the Euclidean algorithm to

get g = am + bn, so x0 = mc
g
, y0 = nc
g
is a solution.
3. If g|c, then all solutions are given by (Thm. 2.4.1)

b a
x = x0 + k · , y = y0 k· for k 2 Z.
g g
4
This assume a 6= 0. The case a = 0 is left as an exercise.
4. If there are sconstraints on the solutions (e.g., x and y need to be

positive), then solve the corresponding inequalities for k.
Example 2.4.8 You’re in a shop where apples cost 27p and oranges cost
69p. What are all the possible ways of spending exactly £8.40 on apples and
oranges? This translates into finding all solutions of
27x + 69y = 840
where x and y are non-negative integers5 .
1. We work through the Euclidean algorithm for a = 27, b = 69:
69 = 2 · 27 + 15
27 = 1 · 15 + 12
15 = 1 · 12 + 3
12 = 4·3 + 0.
The last non-zero remainder is 3, so g = gcd(27, 69) = 3. Since 3|840,

the equation has integer solutions.
2. Solving for the remainder in each of the above equations gives:
15 = 69 2 · 27
12 = 27 15
3 = 15 12.
Substituting each equation into the previous one gives:
3 = 15 12
= 15 (27 15) = 2 · 15 27
= 2 · (69 2 · 27) 27 = 2 · 69 5 · 27.
So we get 3 = gcd(27, 69) in the form 27m + 69n by taking m = 5,

n = 2. Multiplying through by 840/3 = 280 gives the solution
x0 = 1400, y0 = 560.
3. Since a/g = 9 and b/g = 23, Thm. 2.4.5 gives all integer solutions as:
x= 1400 + 23k, y = 560 9k for k 2 Z.

5
Assume you can buy no apples, but you can’t buy a negative apple or just part of an
apple.
2.5. PRIME FACTORIZATION 23
4. The values of k giving non-negative solutions must satisfy
1400 + 23k 0, 560 9k 0,
The first inequality is equivalent to 23k 1400, or k 1400/23 ⇡ 60.9;

the second is equivalent to 9k  560, or k  560/9 ⇡ 62.2. We can
therefore have k = 61 or 62, giving the two solutions:
• 3 apples and 11 oranges;

• 26 apples and 2 oranges.
2.5 Prime factorization

Recall the following definition:
Def inition 2.5.1 Suppose that n is an integer and n > 1. Then n is prime
if its only positive divisors are 1 and n; otherwise n is composite.
A fact which should be familiar to you, though you may not have seen a
proof, is that every integer bigger than 1 can be written as a product of prime
numbers (allowing repetition). Recall how to do this in practice, at least for
a reasonably small integer n. If n is not prime, then it factors as n0 · n00 where
n0 and n00 are positive integers less than n. Now similarly factor n0 and n00 ,
repeating this process, and stopping only after all the factors are prime. For
example, 36 = 2 · 18, 2 is prime, but 18 is not, so we factor 18 = 2 · 9, and
9 = 3 · 3, finally giving the prime factorization 36 = 2 · 2 · 3 · 3. We could
also write this is as 36 = 22 32 . Here are prime factorizations for the next few
integers:
37 = 37 (a prime) , 38 = 2 · 19, 39 = 3 · 13, 40 = 23 5.
Another important fact is that this factorization into primes is essentially

unique; the only possible di↵erence between two prime factorizations of the
same integer n would be to change the order of the factors. The existence and
uniqueness of such prime factorizations of integers is called the Fundamental
Theorem of Arithmetic. We give the statement and proof below; first we
prove a basic fact about divisibility by primes.
Proposition 2.5.2 Suppose that a, b 2 Z and p is a prime number. If p|ab
then p|a or p|b.
Proof. Suppose that p|ab but p - a. Then gcd(a, p) = 1, so by Cor. 2.3.4,
p|b. ⇤
Corollary 2.5.3 Suppose that a1 , a2 , . . . , ak 2 Z and p is a prime number.

If p|a1 a2 · · · ak then p|ai for some i 2 {1, 2, . . . , k}.
Proof. We prove the corollary by induction on k. Note that the corollary is

true if k = 1, in which case it just says that if p|a1 , then p|a1 ,
Suppose now that k > 1 and the corollary is true with k replaced by
k 1. If p|a1 a2 · · · ak+1 , then writing a1 a2 · · · ak = (a1 a2 · · · ak 1 )ak and
applying Prop. 2.5.2, we see that p|a1 a2 · · · ak 1 or p|ak . So if p - ak , then
p|a1 a2 · · · ak 1 , so the corollary for k 1 implies that p|ai for some i between
1 and k 1. So in any case then p|ai for some i between 1 and k. ⇤
Now we state and prove the Fundamental Theorem of Arithmetic:
Theorem 2.5.4 Suppose that n is an integer greater than 1. Then there is a

positive integer k and prime numbers p1 , p2 , . . . , pk such that n = p1 p2 . . . pk .
Moreover the factorization is unique, up to changing the order of the prime
factors p1 , p2 , . . . , pk .
We call such an expression for n a prime factorization. so the first part of

the theorem says that every n > 1 has a prime factorization. Note that the
primes pi are allowed to repeat. Before proving the theorem, let’s also clarify
the meaning of the uniqueness assertion. It means that if we have two prime
factorizations of n, say
n = p1 p2 · · · pk and n = q1 q2 · · · q` ,
then in fact k = ` and after reordering the list of primes q1 , q2 , . . . , q` , we have

p1 = q1 , p2 = q2 , . . . , pk = qk . Another way to formulate this would be to
require that p1  p2  · · · pk , and then there is exactly one such factorization.
Proof. We first note that if n is prime, then n has a prime factorization:
take k = 1 and p1 = n.
Now we prove by induction on n that if n > 1, then n has a prime
factorization. We begin with n = 2, which is prime, so it has a prime
factorization.
Now suppose that n > 2 and that the integers 2, 3, . . . , n 1 all have
prime factorizations. If n is prime, then it has a prime factorization, so we
can assume n is not prime. If n is not prime, then n is divisible by some
integer n0 with 1 < n0 < n. So n = n0 n00 for some integer n00 = n/n0 , and 1 <
n00 < n. By the induction hypothesis, n0 and n00 have prime factorizations, i.e.,
n0 = q1 q2 · · · qi for some i 1 and primes q1 , q2 , . . . , qi , and n00 = r1 r2 · · · rj
for some j 1 and primes r1 , r2 , . . . , rj . Therefore
n = n0 n00 = q1 q2 · · · qi r1 r2 · · · rj ,
so n has a prime factorization as well.

Now we prove the uniqueness assertion in the theorem. Again we first
show that it is true if n is prime. We saw that if n is prime, then n =
p1 is a prime factorization of n, so we must show that it’s the only prime
factorization of n. So suppose n = q1 q2 · · · q` with q1 , q2 , . . . , q` prime. Since
n is prime, q1 |n and q1 > 1, we must have q1 = n. This means that if ` > 1,
then q2 · · · q` = 1, contradicting that q2 > 1. So in fact ` = 1 and q1 = n = p1 .
Now we prove the uniqueness assertion for all n > 1 by induction on n.
Since n = 2 is prime, the assertion is true for n = 2. Now suppose that
n > 2 and that the prime factorizations of 2, 3, . . . , n 1 are unique (up to
the order of the factors). We know uniqueness of the prime factorization if
n is prime, so we can assume n is not prime. Suppose that
n = p 1 p 2 · · · p k = q1 q 2 · · · q`
are prime factorizations of n. Since p1 |n, we have p1 |q1 q2 · · · q` . By Cor. 2.5.3

we must have p1 |qi for some i 2 {1, 2 . . . , `}. reordering the qi , we can assume
i = 1, so p1 |q1 . Since p1 and q1 are both prime, we must have (as above) that
p1 = q1 . Dividing both sides of the equation
n = p 1 p 2 · · · p k = q1 q 2 · · · q`
by p1 = q1 gives p2 · · · pk = q2 · · · q` as prime factorizations of n/p1 . Since n

is not prime, we know that 1 < p1 < n, so 1 < n/p1 < n and the induction
hypothesis says that the prime factorization of n/p1 is unique. This means
that k 1 = ` 1, and that after reordering q2 , q3 , . . . , qk , we have pi = qi for
i = 2, . . . , k. It follows that k = ` and pi = qi for i = 1, 2, . . . , k, i.e., that the
prime factorization of n is unique, after reordering the qi if necessary. ⇤
Note the following corollary (which uses only the existence of prime fac-
torizations, not the uniqueness):
Corollary 2.5.5 Suppose that m and n are integers, not both 0. Then m
and n are relatively prime if and only if they have no common prime divisors.
Proof. Recall that m and n are relatively prime if their greatest common
divisor is 1. So if m and n have a common prime divisor, say p, they cannot
be relatively prime. This shows that if m and n are relatively prime, then
they have no common prime divisor.
Now suppose that m and n have no common prime divisor, and let g =
gcd(m, n). We must show that g = 1. We will assume that g > 1 and arrive
at a contradiction. If g > 1 by Thm. 2.5.4, g has a prime divisor p (take
p = p1 for example). Since p|g, and g|m and g|n, we conclude that p|m
and p|n, contradicting our assumption that m and n have no common prime
divisor. Therefore g = 1. ⇤
For example, we can see easily that 867 and 3500 are relatively prime,
without applying the Euclidean algorithm, or even finding all the prime fac-
tors of 867. We can just notice that 3500 = 102 · 35 = 22 53 7, and check
that 867 is not divisible by these primes: 2, 5 and 7. To see that 867 is not
divisible by 2 or 5, we can just look at the last digit. If 867 were divisible
by 7, then so would be 860, and therefore so would be 86 (since 10 is not
divisible by 7), but 86 = 12 · 7 + 2.
We can also give a criterion for one positive integer to be divisible by
another in terms of their prime factorizations. Suppose that m and n are
integers greater than 1. First write the prime factorization of m in the form
m = pr11 pr22 · · · prkk ,
where p1 , p2 , . . . , pk are distinct prime numbers (no two are the same), and
r1 , r2 , . . . , rk are positive integers (for example, 3500 = 22 53 7). Note that
the primes p1 , p2 , . . . , pk are precisely the prime divisors of m. It is clear that
each pi is a prime divisor of m; conversely if p|m and p is prime, then by
Cor. 2.5.3, p|pi for some i. Since pi is prime, and p > 1, it follows that p = pi .
Similarly we can write
n = q1s1 q2s2 · · · q`s` ,
where q1 , q2 , . . . , q` are the distinct prime divisors of n and s1 , s2 , . . . , s`
are positive integers. Now in the list q1 , q2 , . . . , q` of primes dividing n, some
might already be in the list p1 , p2 , . . . , pk of primes dividing m, while others
might not. Rather than distinguish between the possibilities and try to keep
extend the list of primes p1 , p2 , . . . , pk so that it includes all the prime divisors
of n, and we would still have an expression for m of the form:
m = pr11 pr22 · · · prkk ,
where p1 , p2 , . . . pk are distinct primes, and now the ri are allowed to be 0

(or positive). The advantage is that now we also have an expression
n = ps11 ps22 · · · pskk
with the same primes p1 , p2 , . . . , pk and some non-negative integers s1 , s2 ,

. . . , sk . For example, if m = 3500 = 22 53 7 and n = 504 = 23 32 7, then
combining the list of primes dividing m with those dividing n gives p1 = 2,
p2 = 3, p3 = 5, p4 = 7. We can then write both m and n in terms of these
primes:
3500 = 22 30 53 71 , 504 = 23 32 50 71 .
In the following statement, min(x, y) denotes the minimum of x and y,

i.e., the smaller of the two numbers x and y (naturally using either if x = y).
Corollary 2.5.6 Suppose that p1 , p2 , . . . , pk are distinct prime numbers and

r1 , r2 , . . . , rk , s1 , s2 , . . . , sk are non-negative integers. Let m = pr11 pr22 · · · prkk
and n = ps11 ps22 · · · pskk .
1. Then n|m if and only if s1  r1 , s2  r2 , . . . , sk 1  rk 1 and sk  rk .
2. gcd(m, n) = pt11 pt22 · · · ptkk where t1 = min(r1 , s1 ), t2 = min(r2 , s2 ), . . . ,

tk 1 = min(rk 1 , sk 1 ) and tk = min(rk , sk ).
Proof. 1. Suppose that n|m. This means that m = nx for some x 2 Z.

If p is a prime dividing x, then p|m, so p = pi for some i. So the prime
factorization of x provided by Thm. 2.5.4 has the form x = pu1 1 pu2 2 · · · puk k
where u1 , u2 , . . . , uk are non-negative integers. Now we have
pr11 pr22 · · · prkk = m = nx = ps11 +u1 ps22 +u2 · · · pskk +uk .
By the uniqueness assertion in Thm. 2.5.4, it follows that
r1 = s1 + u1 , r2 = s 2 + u 2 , ..., rk = sk + uk .
Since for each i we have ui 0, it follows that si  ri for i = 1, 2, . . . , k.

Conversely if si  ri for i = 1, 2, . . . , k, then letting ui = ri si gives
m = nx, where x is the integer pu1 1 pu2 2 · · · puk k . Therefore n|m.
2. Suppose that d is a common divisor of m and n. If p is a prime divisor
of d, then p divides m (and n), so p = pi for some i. Therefore the prime
factorization of d has the form
d = pv11 pv22 · · · pvkk
where v1 , v2 , . . . , vk are non-negative integers. Since d|m, part 1 of the corol-

lary says that vi  ri for each i = 1, 2, . . . , k. Similarly, since d|n, we have
vi  si for each i = 1, 2, . . . , k. Therefore vi  ti = min(ri , si ) for each i.
Setting g = pt11 pt22 · · · ptkk , we see that g|m and g|n, and that d|g every com-
mon divisor d of m and n. Therefore g = gcd(m, n). ⇤
Note that the corollary applies to any positive integers m and n; just
choose the set of primes p1 , p2 , . . . , pk so it includes all the prime divisors of
m and all the prime divisors of n. For example, to apply the theorem to the
integers m = 3500 and n = 504, we let:
• p1 = 2, p2 = 3, p3 = 5, p4 = 7,
• r1 = 2, r2 = 0, r3 = 3, r4 = 1,
• s1 = 3, s2 = 2, s3 = 0, s4 = 1.
Since s1 > r1 (or s2 > r2 ), we see by part 1 of the corollary that 3500 is
not divisible by 504. To compute gcd(m, n) using part 2 of the theorem,
we find t1 = min(2, 3) = 2, t2 = min(0, 2) = 0, t3 = min(3, 0) = 0 and
t4 = min(1, 1) = 1, so gcd(m, n) = 22 30 50 71 = 28.
Chapter 3
Binary operations
3.1 Binary operations

Recall that in the very first lecture, I mentioned the notion of a group,
which is a set with a binary operation having certain nice properties. I
gave the example of the set of symmetries of a triangle, the operation being
composition of symmetries. Another example is the set of integers with the
operation of addition. (It turns out that the set of integers with the operation
of multiplication is not a group. We’ll see why later.)
Before giving the precise definition of a group by listing the “group ax-
ioms” that need to be satisfied, here is some background on binary operations.
Def inition 3.1.1 Suppose that S is a set. A binary operation ⇤ on S is
a rule that assigns an element a ⇤ b to each ordered pair of elements a, b 2 S.
Here are some examples:
• The operation + on Z (or on N, Q, R or C).
• The operation · (multiplication) on Z (or N, etc.). Of course, we often
omit the symbol · and just write ab for the product of a and b.
• The operation on Z, but not on N. (Why not?)
• The division operation ÷ on the set of non-zero real numbers, but not
on R. (why not?)
• The operation of matrix addition on the set of 2 ⇥ 2 real matrices,
denoted M2 (R).
• The operation of matrix multiplication on M2 (R). (Note there’s no
explicit symbol for the operation; we just write AB for the product.)
29
30 CHAPTER 3. BINARY OPERATIONS
• The operation ⇤ on R defined by a ⇤ b = (a + b)/2.
• The operation ? on Z defined by a ? b = a.
• Let D3 denote the set of symmetries of an equilateral triangle. There

are 6 of these (draw the pictures. . . ):
– The identity; call this e.

– Two 120 rotations; call these ⇢1 (clockwise) and ⇢2 (counterclock-
wise).
– Three reflections (one axis through each vertex); call these A, B
and C (ordering the vertices clockwise).
If ↵ and are symmetries, we let ↵ denote the symmetry defined

by “do then ↵.” Thinking of a symmetry as a “shape-preserving
mapping” from the triangle back onto itself, it’s clear that this is again a
symmetry. This operation, called “composition,” is described explicitly
in the following table where the entry in the ↵-row and -column is ↵ .
e ⇢1 ⇢2 A B C
e e ⇢1 ⇢2 A B C
⇢1 ⇢1 ⇢2 e C A B
⇢2 ⇢2 e ⇢1 B C A
A A B C e ⇢2 ⇢1
B B C A ⇢1 e ⇢2
C C A B ⇢2 ⇢1 e
• We might sometimes define a binary operation on a set S by listing

its values in the form of a table like the one above. For example, let
S = {a, b, c} and define an operation ⇧ on S by the table:
a b c
a a b c
b b a c
c c a b,
so for example b ⇧ c = c.
• Let S = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11} and define a “clock addition”

operation as follows: a b is the remainder of a + b on division by
12. So for example, 7 9 = 4. We could similarly define a clock
multiplication operation: a ⌦ b is the remainder of ab on division by
12. So for example 7 ⌦ 9 = 3.
3.1. BINARY OPERATIONS 31
• Let F be the set of functions from R to R. If f and g are such functions,

then their composite is the function f g defined by:
(f g)(x) = f (g(x)),
i.e., the value of f g applied to x 2 R is gotten by applying g, and

then f . For example, if f (x) = x2 and g(x) = 2x, then (f g)(x) =
f (g(x)) = f (2x) = 4x2 . Note that (g f )(x) = 2x2 , so f g and g f
are di↵erent functions.
Def inition 3.1.2 Let ⇤ be a binary operation on a set S.
1. We say ⇤ is commutative if a ⇤ b = b ⇤ a for all a, b 2 S.
2. We say ⇤ is associative if a ⇤ (b ⇤ c) = (a ⇤ b) ⇤ c for all a, b, c 2 S.
Which of the above examples are commutative?
• Addition and multiplication on Z (or N, Q, R or C) are commutative.

Subtraction on Z is not; nor is division on { x 2 R | x 6= 0 }.
• Matrix addition on M2 (R) is commutative; matrix multiplication is

not. For example,
✓ ◆✓ ◆ ✓ ◆ ✓ ◆✓ ◆ ✓ ◆
0 0 0 1 0 0 0 1 0 0 1 0
= , but = .
1 0 0 0 0 1 0 0 1 0 0 0
Thus there are elements A, B 2 M2 (R) with the property that AB 6=

BA. (There are also pairs of elements with the property that AB =
BA, but since the equation fails for some A, B 2 M2 (R), the operation
is not commutative.)
• The operation a ⇤ b = (a + b)/2 on R is commutative; the operation

a ? b = a on Z is not.
• Composition of symmetries in D3 is not commutative; for example

⇢1 A = C , but A ⇢1 = B . Similarly the operation ⇧ on S = {a, b, c}
defined by the table above is not commutative.
• The clock addition and multiplication ( and ⌦) operations on the set

{0, 1, 2, 3, . . . , 11} are commutative. To see this for addition, recall that
a b is defined as the remainder of a + b on division by 12, and this is
the same as the remainder of b + a on division by 12. The same works
for multiplication.
• The example given for composition of functions in F shows this oper-

ation is not commutative.
Which of the examples are associative?
• You know that addition and multiplication on Z (or N, etc.) are as-
sociative, subtraction on Z and division on the set of non-zero real
numbers are not.
• Matrix addition is associative, and you’ve probably done the tedious

calculation that shows matrix multiplication on M2 (R) is associative.
For an associative operation ⇤, we can omit the parentheses indicating
the order for applying the operation to a sequence of elements, i.e., we
can just write a ⇤ b ⇤ c instead of (a ⇤ b) ⇤ c or a ⇤ (b ⇤ c) (since these define
the same element). Note however that the order of a, b and c matters
if the operation is not commutative. So for matrix multiplication, we
could just write ABC instead of (AB)C; this is the same as A(BC),
but might not be the same as BAC = (BA)C.
• The operation a ⇤ b = (a + b)/2 on R is not associative since
a+b (a + b)/2 + c a b c
(a ⇤ b) ⇤ c = ⇤c= = + +
2 2 4 4 2
is not always the same as
b+c a + (b + c)/2 a b c
a ⇤ (b ⇤ c) = a ⇤ = = + + .
2 2 2 4 4
On the other hand, the operation a ? b = a on Z is associative since
(a ? b) ? c = a ? c = a and a ? (b ? c) = a ? b = a.
• Composition of symmetries on D3 is associative. This is because com-

position of functions is associative. I’ll come back to this below.
• The operation ⇧ on {a, b, c} defined in the table is not associative. You

can check that (c ⇧ c) ⇧ c is not the same as c ⇧ (c ⇧ c)!
• The operations and ⌦ on {0, 1, 2, . . . , 11} are associative, but this is

less obvious than their commutativity. Let’s check an example for ,
say a = 3, b = 7, and c = 9. Then
a (b c) = 3 (7 9) = 3 4 = 7.
3.2. COMPOSITION OF FUNCTIONS 33
On the other hand,
(a b) c = (3 7) 9 = 10 9 = 7.
So the associativity formula holds in this particular example. You can

check more examples for yourself and keep finding that it holds, for ⌦
as for . This won’t prove that the operations are associative unless
all possible combinations of values of a, b and c (of which there 123 in
all!), but computing examples might reveal patterns and lead you to
a proof that the formulas hold in general. The idea would be to show
that a (b c) and (a b) c are both the same as the remainder of
a+b+c on division by 12, and similarly for multiplication. Rather than
prove associativity this way though, we’ll do it later using the notion of
congruences. This will change the set-up, making the definitions more
general and abstract, but in many ways easier to work with.
3.2 Composition of functions

Let’s turn to the last example: the composition operation on the set F
of functions from R to R. This operation is associative; here’s the proof:
Suppose f , g and h are in F. We have to show that for all real numbers
x, applying the function f (g h) to x gives the same number as applying
(f g) h to x. Indeed unravelling the definitions shows:
(f (g h))(x) = f ((g h)(x)) = f (g(h(x))),

and ((f g) h(x)) = (f g)(h(x)) = f (g(h(x))).
There is nothing special about our having considered functions on R here.

For any set A, we could consider the set S of functions from A to itself. Then
composition of functions defines an associative binary operation on S. For
example, we could take A to be the set of points on an equilateral triangle.
Then the set D3 of symmetries is a subset of S with the property that if
f, g 2 D3 , then f g 2 D3 (i.e., D3 is closed under the operation). The
formula (f g) h = f (g h) still holds, so the operation is associative.
The notion of composition of functions makes sense in more generality.
Instead of considering functions from a set A to itself, we can define compo-
sition as long as the domain and codomain are compatible in the following
sense: if f is a function from A to B and g is a function from B to C (i.e.,
f : A ! B and g : B ! C), their composite is the function
g f : A ! C, defined by (g f )(a) = g(f (a)) for a 2 A.

Note that since f (a) 2 B, we can evaluate g at f (a) to get an element

p (a)) 2 C. For example, if f : N ! R is the function defined by f (n) =
g(f
n ⇡, and g : R ! { 1, 0, 1} is the function defined by
8
< 1, if x < 0,
g(x) = 0, if x = 0,
:
1, if x > 0,
then g f is the function defined by (g f )(n) = 1 if 1  n  9, and
(g f )(n) = 1 if n 10.
We can describe g f in terms of input/output as follows: we start with
input a 2 A, apply the rule f to get an output f (a) 2 B, and use this as the
input for g to get a final output g(f (a)). In terms of mappings, we can think
of g f as the map f from A to B followed by the map g from B to C, and
represent it with arrows by:
f g
A ! B ! C.
In any case, note the order in which we write the functions in the notation
for composites: g f means “apply f , then apply g.” The reason for the
order is to maintain consistency with the order the functions appear in its
definition as g(f (a)) (read “g of f of a”). While we should perhaps refer to
g f as “f composed with g,” there’s a tendency to read it from left to right
and call it “g composed with f .” So while there may be some ambiguity in
the terminology “this composed with that,” there’s no ambiguity about the
meaning of g f . Note that for the composite g f to be defined, we need
the codomain of f to be the same set as the domain of g.
Let’s clarify what it means for two functions to be the same. Suppose
now we are given functions f : A ! B and g : C ! D. We say f and g are
equal and write f = g if all the following hold:
• A = C (the domains of f and g are the same);
• B = D (the codomains of f and g are the same);
• and f (a) = g(a) for all a 2 A = C.
Now composition of functions is associative in the following sense. Sup-
pose that f : A ! B, g : B ! C and h : C ! D are functions. We can then
form the composite g f : A ! C, and its composite with h is a function
h (g f ) : A ! D. On the other hand, we could first form the composite
h g : B ! C, and then the composite (h g) f , which is also a function
from A to D. Unsurprisingly,
(h g) f = h (g f ).
3.3. ARITHMETIC MODULO N 35
The proof consists simply of unravelling the definitions of all the composites.
We already noted the two functions in question both have domain A and
codomain D, and for all a 2 A, we have
((h g) f )(a) = (h g)(f (a)) = (h(g(f (a))) = h((g f )(a)) = (h (g f ))(a).
So we can omit the parentheses and just write h g f for this function,
which we can think of schematically as “combining” the three arrows in the
diagram
f g h
A ! B ! C ! D.
3.3 Arithmetic modulo n

Modular arithmetic, or arithmetic mod n, provides some interesting ex-
amples of binary operations. I already gave the example of “clock arith-
metic,” or arithmetic mod 12 on the set {0, 1, 2, . . . , 11} (or equivalently
{1, 2, 3, . . . , 12}), always replacing the output of an operation with its re-
mainder on division by 12. There’s nothing special about 12 (other than
a little familiarity with the operation in this context); we could in fact do
arithmetic mod n with the set { 0, 1, 2, . . . , n 1} for any positive integer n.
It turns out neater though if we set things up a little more abstractly using
the notion of congruence classes (also called residue classes).
Def inition 3.3.1 Suppose that a and b are integers. We say that a is con-
gruent to b modulo n if a b is divisible by n. The notation for this is
a ⌘ b (mod n).
For example 43 is congruent to 5 modulo 12, or 43 ⌘ 5 mod 12, because

the di↵erence 48 is divisible by 12. Some more examples:
748374 ⌘ 9833255574 mod 100, 7 6⌘ 4 mod 2,
where of course a 6⌘ b mod n means a is not congruent to b modulo n.

Note that a ⌘ b mod n if and only if b ⌘ a mod n, so we also sometimes
just say “a and b are congruent modulo n” (instaed of “a congruent to b
modulo n” or “b congruent to a modulo n”).
Proposition 3.3.2 Suppose that a, b and n are integers and n > 0. Then
the following are equivalent:
(a) a ⌘ b mod n;
(b) a = b + kn for some k 2 Z;

(c) a and b have the same remainder on division by n.
Before giving the proof, let’s make sure to understand the statement of the
proposition. The statement is that the three assertions ((a), (b) and (c))
are equivalent. This means we have to prove that each assertion implies the
others. It will be enough to prove that (a) ) (b), (b) ) (c), and (c) ) (a).
(To deduce for example that (c) ) (b), note that we will have shown (c) )
(a) ) (b).)
Proof. (a) ) (b): By definition, a ⌘ b mod n means that a b is divisible
by n, which means that a b = kn for some k 2 Z, so a = b + kn for some
k 2 Z.
(b) ) (c): For b to have remainder r on division by n means that b =
nq+r for some q, r 2 Z with 0  r < n. If a = b+kn, then a = (nq+r)+kn =
n(q + k) + r, so a also has remainder r on division by n.
(c) ) (a): Suppose that a and b have the same remainder, say r, on
division by n. This means that a = nq + r for some q 2 Z and b = ns + r for
some s 2 Z. Therefore a b = n(q k) is divisible by n, which means that
a ⌘ b mod n. ⇤
Note the following immediate consequence (which is also easy to prove
directly from the definition):
Corollary 3.3.3 If a ⌘ b (mod n) and b ⌘ c (mod n), then a ⌘ c (mod n).
Proof. If a and b have the same remainder on division by n, and so do b
and c, then so do b and c. ⇤
Here is another useful property of congruences:
Proposition 3.3.4 Suppose that a, b, c, d and n are integers and n > 0. If
a ⌘ b mod n and c ⌘ d mod n, then
1. a + c ⌘ b + d mod n, and
2. ac ⌘ bd mod n.
Proof. If a ⌘ b mod n, then by Prop. 3.3.2, a = b + kn for some k 2 Z.
Similarly if c ⌘ d mod n, then c = d + jn for some j 2 Z. Therefore
a + c = b + kn + d + jn = (b + d) + (k + j)n,
so a + c ⌘ b + d mod n by Prop. 3.3.2 again. Similarly the formula
ac = (b + kn)(d + jn) = bd + (bj + kd + jkn)n.
shows that ac ⌘ bd mod n as well. ⇤
Def inition 3.3.5 If n 2 N and a 2 Z, then we call the set
{ b 2 Z | b ⌘ a (mod n)}
the congruence (or residue) class of a modulo n, and denote it by [a]n .
So for example
[5]12 = { b 2 Z | b ⌘ 5 mod 12 } = {. . . , 19, 7, 5, 17, . . .}.
Note that in general

[a]n = { a + kn | k 2 Z}
by Prop. 3.3.2. Note also the following:
Proposition 3.3.6 Suppose a, b 2 Z, n 2 N. Then
a ⌘ b mod n , [a]n = [b]n .
Proof. ): Suppose that a ⌘ b mod n, If c 2 [a]n , then c ⌘ a mod n, so

Cor. 3.3.3 implies that c ⌘ b mod n, which means that c 2 [b]n . Similarly, if
c 2 [b]n , then c 2 [a]n . Therefore [a]n = [b]n .
(: Suppose that [a]n = [b]n . Then a 2 [a]n (since a ⌘ a mod n), so
a 2 [b]n (since [a]n = [b]n ), so a ⌘ b mod n (by definition of [b]n ). ⇤
According to the Division Algorithm (Thm. 2.1.2), we can always write
a = nq + r for some q, r 2 Z with 0  r  n 1. Then a ⌘ r mod n, so by
Prop. 3.3.6, [a]n = [r]n . Therefore every congruence class [a]n modulo n can
be written in the form [r]n for some r between 0 and n 1. For example,
[ 1000]7 = [1]7 since 1000 ⌘ 1 mod 7. So even though there are infinitely
many integers a, they define only finitely many congruence classes modulo
n, namely
[0]n , [1]n , . . . , [n 1]n .
Furthermore, it’s easy to see these n congruence classes are di↵erent since if
r and s are between 0 and n 1, and [r]n = [s]n , then r ⌘ s mod n, so r s
is divisible by n, but r s is between 1 n and n 1, so the only way it can
be divisible by n is if r s = 0, i.e., r = s.
Now we let Zn denote the set of congruence classes modulo n, so:
Zn = { [0]n , [1]n , . . . , [n 1]n }
is a set with n elements; each element of Zn is itself a a set of infinitely many

integers. So for example
Z3 = { [0]3 , [1]3 , [2]3 },

where
[0]3 = { . . . , 6, 3, 0, 3, 6, 9, 12, . . . },
[1]3 = { . . . , 5, 2, 1, 4, 7, 10, 13, . . . },
and [2]3 = { . . . , 4, 1, 2, 5, 8, 11, 14, . . . }.
We are now going to define binary operations, namely an addition and a
multiplication, on Zn . We begin with addition. We’d like to define the sum
of two congruence classes, say [a]n and [b]n , by the formula
[a]n + [b]n = [a + b]n
(the + inside the brackets being the usual addition of integers), but there
could be a problem with this. To define the binary operation + on the set Zn ,
we have to define the element X + Y 2 Zn for each X, Y 2 Zn . But for any
given X, there are infinitely many integers a such that X = [a]n , and similarly
for Y (using capital letters here to remind us that X and Y are in fact sets).
For example, our proposed definition says that [3]10 + [8]10 = [3 + 8] = [11]10 ,
but [3]10 is the same congruence class modulo 10 as [ 17]10 , so it had better be
true that [3]10 + [8]10 = [ 17]10 + [8]10 . And indeed it is, since [11]10 = [ 9]10 .
This was just an example. We need to check that whenever [a]n = [a0 ]n , our
formula gives the same value for the sum [a0 ]n + [b]n as for the sum [a]n + [b]n .
Similarly we could have chosen another integer in the congruence class of b
to compute the sum of [a]n and [b]n , and the result shouldn’t depend on this
choice. So to check that the sum is well-defined, we have to check that if
[a]n = [a0 ]n and [b]n = [b0 ]n , then [a + b]n = [a0 + b0 ]n . Similarly, we’d like to
define the product of [a]n and [b]n by the formula
[a]n [b]n = [ab]n ,
but for this to be well-defined, we need to check that if [a]n = [a0 ]n and
[b]n = [b0 ]n , then [ab]n = [a0 b0 ]n . Fortunately, we essentially proved this
already in Prop. 3.3.4.
Proposition 3.3.7 Suppose that n 2 N and a, b, a0 , b0 2 Z. If [a]n = [a0 ]n

and [b]n = [b0 ]n , then [a + b]n = [a0 + b0 ]n and [ab]n = [a0 b0 ]n .
Proof. If [an ] = [a0 ]n and [b]n = [b0 ]n , then a ⌘ a0 mod n and b ⌘ b0 mod n
by Prop. 3.3.2. So by Prop. 3.3.4,
a + b ⌘ a0 + b0 mod n and ab ⌘ a0 b0 mod n,
and this implies that [a + b]n = [a0 + b0 ]n and [ab]n = [a0 b0 ]n . ⇤

We can now define our binary operations on Zn . For X, Y 2 Zn , choose

any a, b 2 Z so that X = [a]n and Y = [b]n . We then define
X + Y = [a + b]n and XY = [ab]n .
According to the proposition, the congruence classes we just defined are
independent of the choices of a and b in the congruence classes X and Y .
Suppose for example that n = 10, X = { . . . , 17, 7, 3, 13, 23, . . . } and
Y = { . . . , 12, 2, 8, 18, 28, . . . , . . . , } and let’s compute X + Y and XY .
Since X = [3]10 and Y = [8]10 , we have
X + Y = [3]10 + [8]10 = [11]10 = [1]10
and XY = [3]10 [8]10 = [24]10 = [4]10 .
As you can see, if we systematically choose to express the congruence
classes in the form [r]n with r 2 {0, 1, . . . , n 1}, this works just like
our “clock arithmetic” where we defined the binary operation on the set
{0, 1, . . . , n 1} (in the case n = 12). That set is defined very concretely
as a set of integers, and so easier to grasp conceptually. On the other hand,
the set Zn of congruence classes is defined more abstractly; each element is
itself a set of integers. The advantage of the more abstract definition is that
it is often easier to work with; for example the proof of associativity is much
simpler.
Proposition 3.3.8 The addition and multiplication operations on Zn are
commutative and associative.
Proof. We just give the proof for addition since the proofs for multiplication
work in exactly the same way.
For commutativity, we must show that for all X, Y 2 Zn , we have X +Y =
Y + X. Choose a, b 2 Z so X = [a]n and Y = [b]n . Then
X + Y = [a]n + [b]n = [a + b]n = [b + a]n = [b]n + [a]n = Y + X.
For associativity, we must show that for all X, Y, Z 2 Zn , we have (X +
Y ) + Z = X + (Y + Z). Choose a, b, c 2 Z so that X = [a]n , Y = [b]n and
Z = [c]n . Then by the definition of addition of Zn , we have
(X + Y ) + Z = ([a]n + [b]n ) + [c]n
= [a + b]n + [c]n = [(a + b) + c]n
and X + (Y + Z) = [a]n + ([b]n + [c]n )
= [a]n + [b + c]n = [a + (b + c)]n ,
and these are the same since a + (b + c) = (a + b) + c by the associativity law
for the usual addition of integers. ⇤
Chapter 4
Groups
4.1 Definition of a group

I’ve already mentioned some examples of groups; now I’ll give the precise def-
inition of a group by listing the properties that a set with a binary operation
needs to satisfy in order to be called a group.
Def inition 4.1.1 A group is a set G with a binary operation ⇤ satisfying

the following properties:
1. ⇤ is associative;
2. there is an element e 2 G such that e ⇤ g = g ⇤ e = g for all g 2 G;
3. if g 2 G, then there is an element h 2 G such that g ⇤ h = h ⇤ g = e.
Before considering examples, here are some remarks about the properties:
1. You might also have seen the definition of a group include a closure
axiom, stating that if g, h 2 G, then g ⇤ h 2 G. This is already included
in the definition I gave (Defn. 3.1.1) for ⇤ to be a binary operation on
G.
2. Recall that property 1), associativity, means that g⇤(h⇤k) = (g⇤h)⇤k

for all g, h, k 2 G.
3. An element e as in 2) is called an identity element for ⇤. It’s easy

to see that a set with a binary operation can have at most one identity
element. Indeed if e and e0 are both identity elements, then e ⇤ e0 = e0
(since e is an identity element), and e ⇤ e0 = e0 since e0 is an identity
element, so e = e ⇤ e0 = e0 .
41
42 CHAPTER 4. GROUPS
4. An element h in 3) is called an inverse of g (with respect to ⇤). Note

that h depends on g, but we’ll see that if G is a group, then each g 2 G
has exactly one inverse.
4.2 Examples of groups

Example 4.2.1 The set Z with the operation + is a group since 1) + is
associative, 2) 0 is an identity element since
0 + n = n + 0 = n 8n 2 Z,
and 3) if n 2 Z, then n 2 Z is an inverse of n since
n + ( n) = ( n) + n = 0.
We’ll usually just write (G, ⇤) instead of “G with the operation ⇤.” So the
preceding example would be denoted (Z, +). We’ll even often omit ⇤ when
it’s clear from the context.
Example 4.2.2 (Z, ·) is not a group. 1) and 2) are satisfied (the identity
element being 1), but not every element of Z has an inverse with respect to
multiplication. For example, there is no integer n such that 2n = 1. (In fact
the only elements with inverses are ±1.)
Example 4.2.3 Let’s try to fix the last example by considering (R, ·) instead
of (Z, ·). Now 2 has an inverse, namely 1/2. But no, it’s still not a group; 0
has no inverse.
Example 4.2.4 Let’s try again. Let R⇥ = R \ {0} be the set of non-zero
real numbers1 . Note that the product of two elements of R⇥ is again in R⇥ ,
and now 1), 2) and 3) are satisfied, so (R⇥ , ·) is a group.
Example 4.2.5 (M2 (R), +) is a group. Recall M2 (R) denotes the set
✓ of 2⇥2◆
0 0
real matrices. 1) Matrix addition is associative, 2) the matrix
✓ 0 ◆
0
a b
is an identity element, and 3) the (additive) inverse of A = is
✓ ◆ c d
a b
A= .
c d
1
See Section 1.2 for the \ notation
4.2. EXAMPLES OF GROUPS 43
Example 4.2.6 M2 (R) is not a group under matrix multiplication.

✓ ◆ The
1 0
operation is associative and has the identity element I = , but
0 ✓1 ◆
0 0
there are matrices without (multiplicative) inverses, for example .
0 0
Example 4.2.7 Let GL2 (R) = { A 2 M2 (R) | det A 6= 0 }. Recall that if

A 2✓ M2 (R),◆ then det A (the determinant of A) is defined by the formula
a b
det = ad bc. The determinant has the following important prop-
c d
erties:
• det(AA0 ) = (det A)(det A0 ) for all A, A0 2 M2 (R). (The proof, which

you’ve probably seen before, is left as an exercise.)
✓ ◆
a b
• If det A 6= 0, then A has an inverse matrix. Proof: If A =
c d
and ad bc 6= 0, then setting
✓ ◆ ✓ d b
◆
1 d b ad bc ad bc
B = (ad bc) = c a
c a ad bc ad bc
gives AB = BA = I.
The first property shows that GL2 (R) is closed under matrix multiplication,
i.e., if A, A0 2 GL2 (R), then AA0 2 GL2 (R). Note also that if A 2 GL2 (R)
and B is its inverse matrix, then
(det A)(det B) = det(AB) = det I = 1,
so det B is also non-zero. So every matrix in GL2 (R) has a (multiplicative)

inverse in GL2 (R). Thus GL2 (R) is a group.
Example 4.2.8 Let D3 denote the set of symmetries of an equilateral tri-

angle. There are 6 of these (draw the pictures. . . ):
• The identity; call this e.
• Two 120 rotations; call these ⇢1 (clockwise) and ⇢2 (counterclockwise).
• Three reflections (one axis through each vertex); call these 1, 2 and
3 (ordering the vertices clockwise).
If ↵ and are symmetries, we let ↵ denote the symmetry defined by “do

then ↵.” Thinking of a symmetry as a “shape-preserving mapping” from
the triangle back onto itself, it’s clear that this is again a symmetry and that
the resulting binary operation (composition) is associative. The operation is
described explicitly in the following table where the entry in the ↵-row and
-column is ↵ .
e ⇢ 1 ⇢2 1 2 3
e e ⇢ 1 ⇢2 1 2 3
⇢1 ⇢1 ⇢2 e 3 1 2
⇢2 ⇢2 e ⇢ 1 2 3 1
1 1 2 3 e ⇢ 1 ⇢2
2 2 3 1 ⇢2 e ⇢1
3 3 1 2 ⇢ 1 ⇢ 2 e
In particular, note that e is the identity element, and each element has an
inverse since ⇢1 ⇢2 = ⇢2 ⇢1 = e and = e for each reflection . Note
also that each element of the group appears exactly once in each row, and
once in each column. We’ll see this is always the case in the “multiplication
table” for a group.
We could just as well consider symmetry groups of other geometric ob-
jects; for example, the set of symmetries of a square (see the exercises), the
binary operation always being composition. This group, denoted D4 has 8
elements. More generally, the symmetry group of a regular n-sided polygon
(or n-gon, n 3) is denoted Dn ; it has 2n elements, of which n are rotations
and n are rotations. We can also consider symmetry groups of objects in 3
(or more) dimensions; for example, we’ll see that the symmetry group of a
cube has 48 elements. Note also that symmetry groups, such as that of a
circle, can be infinite.
Example 4.2.9 (Zn , +) is a group. Recall that
Zn = { [a]n | a 2 Z } = { [0]n , [1]n , . . . , [n 1]n }
is the set of congruence classes modulo n, and addition modulo n is defined
by [a]n + [b]n = [a + b]n . We saw that the operation is associative, it’s clear
that [0]n is an identity element, and the inverse of [a]n is [ a]n .
Example 4.2.10 (Zn , ·) is not a group (unless n = 1). The operation is
associative and 1 is an identity element, but 0 has no inverse (unless n = 1 in
which case 0 is the only element, so it’s the identity and its own inverse). We
could try to fix this up, like we did for multiplication on R and M2 (R), by
just working with elements that have multiplicative inverses. Note that for
[a]n to have a multiplicative inverse in Zn means there’s a congruence class
[b]n 2 Zn such that [a]n · [b]n = [1]n .
4.2. EXAMPLES OF GROUPS 45
Proposition 4.2.11 Suppose a, n 2 Z with n 1. Then [a]n has a multi-

plicative inverse in Zn if and only if a and n are relatively prime.
Proof. ): Suppose that [a]n has an inverse. Then
[ab]n = [a]n · [b]n = [1]n
for some b 2 Z. This means that ab ⌘ 1 mod n, which means that ab 1 = nk

for some k 2 Z. Therefore ab + n( k) = 1, so ax + ny = 1 for some x, y 2 Z.
Cor. 2.5.5 therefore implies that a and n are relatively prime.
(: Suppose that a and n are relatively prime. Then by Cor. 2.5.5,
ax + ny = 1 for some x, y 2 Z. Therefore ax ⌘ 1 mod n, so
[a]n [x]n = [x]n [a]n = [1]n ,
showing that [a]n has a multiplicative inverse modulo n. ⇤

Also note the following:
Proposition 4.2.12 Suppose that a, b, n 2 Z with n > 0. If a ⌘ b mod n,

then gcd(a, n) = gcd(b, n).
Proof. If a ⌘ b mod n, then a = b + nk for some k 2 Z. If d is a common

divisor of a and n, then also d|b = a nk, so d is a common divisor of b
and n. Similarly if d is a common divisor of b and n, then it is a common
divisor of b and n. Since the common divisors of a and n are the same as the
common divisors of b and n, it follows that gcd(a, n) = gcd(b, n). ⇤
We are now ready to define
Z⇥
n = { [a]n 2 Zn | gcd(a, n) = 1 },
so Z⇥
n is the set of congruence classes [a]n whose elements are relatively prime
to n. (Note that we can replace a by any b congruent to a modulo n and this
won’t change the congruence class [b]n = [a]n . Either of the two preceding
propositions shows that the condition gcd(a, n) = 1 in the definition of Z⇥ n
depends only on [a]n , not on the choice of integer a in the congruence class.
Some examples are
Z⇥
6 = {1, 5}, and Z⇥
7 = {1, 2, 3, 4, 5, 6}.
Note that if n = p is prime, then Z⇥

p = {[1]p , [2]p , . . . , [p 1]p }.
Proposition 4.2.13 (Z⇥

n , ·) is a group.
Proof. First we have to check that · defines a binary operation on Z⇥ n , i.e.,

if [a]n , [b]n 2 Zn , then [ab]n = [a]n [b]n 2 Zn (not just in Zn ). So we have to
⇥ ⇥
check that if a, b 2 Z are relatively prime to n, then so is ab. (This was an

exercise.)
We already saw that · is associative. Its identity element is [1]n , which is
in Z⇥ n since gcd(1, n) = 1. Finally Prop. 4.2.11 shows that if [a]n 2 Zn , then
⇥
[a]n has a multiplicative inverse [b]n 2 Zn . To complete the proof that Z⇥ n is

a group, we just need to check that [b]n 2 Z⇥ n , but this is immediate from
(the pther direction of) Prop. 4.2.11. Indeed [b]n has a multiplicative inverse
[a]n , so [b]n 2 Z⇥n. ⇤
4.3 Permutation groups

Suppose that A is a set and f and g are functions from A to A. Then their
composite f g is also a function from A to A. So if we define FA as the
set of functions from A to A, then composition defines a binary operation
on FA . Is FA a group? Well we know composition is associative (see end of
Section 3.2). We also have an identity element:
Def inition 4.3.1 For any set A, we define the identity function on A as
the function
idA : A ! A, where idA (a) = a for all a 2 A.
Thus identity functions have the following property: if f is any function

from A to a set B, then f idA = f , and idB f = f . This is clear
from the definitions; for example, idB f is also function from A to B, and
(idB f )(a) = idB (f (a)) = f (a) for all a 2 A. In particular, taking A = B,
we see that idA is an identity element for the composition operation on FA .
Now for FA to be a group, we would just need every element f 2 FA to
have an inverse with respect to composition. But not every element does. An
inverse would have to be a function g : A ! A such that g f = f g = idA ;
in other words, g would be an inverse function of f .
Def inition 4.3.2 Suppose that f is a function from A to B. We say that a

function g : B ! A is an inverse function of f if
g f = idA and f g = idB .
Note that the condition g f = idA means that g(f (a)) = a for all a 2 A;
and the condition f g = idB means that f (g(b)) = b for all b 2 B. For
4.3. PERMUTATION GROUPS 47
example, if f : R ! R is defined by f (x) = 2x + 1, then g : R ! R defined

by g(y) = (y 1)/2 is an inverse function of f since g(f (x)) = x for all x 2 R
and and f (g(y)) = y for all y in R.
In the preceding example, A and B were the same set, but A and B can
be di↵erent. For example, let A = R and let B be the set of positive real
numbers. Then the function f : A ! B defined by f (x) = ex (an element of
B since ex > 0) has an inverse function g : B ! A, namely g(y) = ln y, since
g(f (x)) = ln(ex ) = x for all real numbers x and f (g(y)) = eln y = y for all
positive real numbers y.
We can think of f and g in terms of the diagram
f
!
A B,
g
where each of the two functions f and g reverses what the other does. So if
f (a) = b, then g(b) = g(f (a)) = a, and if g(b) = a, then f (g(b)) = idB (b) = b.
We will characterize the functions that have inverses, but first recall the
definitions:
injective if it has the following property:
a, a0 2 A, f (a) = f (a0 ) ) a = a0 .
We say f is surjective if it has the following property:
b2B ) b = f (a) for some a 2 A.
A function f : A ! B is bijective if it is both injective and surjective.
So f is injective (or one-to-one) if no two distinct elements of A are assigned
the same value in B. For f to be surjective (or onto) means that its range
f (A) = { b 2 B | b = f (a) for some a 2 A } = { f (a) | a 2 A }
is all of B. For example, the function f : Z ! Z defined by f (n) = 2n + 1 is
injective since if m, n 2 Z and 2m + 1 = 2n + 1, then m = n. But f is not
surjective since its range is the set of odd integers. The function g : Z ! Z
defined by ⇢
n/2, if n is even,
g(n) =
(n 1)/2, if n is odd,
is surjective but not injective. Note that g f is the identity function on Z,
but f and g are not inverse functions since f g is not the identity (since for
example, f (g(0)) = 1).
Composition of functions preserve injectivity and surjectivity:
Proposition 4.3.4 Suppose that f : A ! B and g : B ! C are functions.
1. If f and g are injective, then so is g f .
2. If f and g are surjective, then so is g f .
3. If f and g are bijective, then so is g f .
Proof. 1) Assuming f and g are injective, we need to show that if a, a0 2 A

and (g f )(a) = (g f )(a0 ), then a = a0 . Now
(g f )(a) = (g f )(a0 ) ) g(f (a)) = g(f (a0 )) (by definition of g f )

) f (a) = f (a0 ) (since g is injective)
0
) a=a (since f is injective).
Therefore g f is injective.
2) Suppose next that f and g are surjective. We need to show that if
c 2 C, then b = (g f )(a) for some a 2 A. Since g is surjective, we know
that c = g(b) for some b 2 B. Since f is surjective, we know that this
b = f (a) for some a 2 A. So (g f )(a) = g(f (a)) = g(b) = c. Therefore g f
is surjective.
3) This is immediate from parts 1) and 2). ⇤
We are now ready to describe which functions have inverse functions.
Proposition 4.3.5 Suppose that f : A ! B is a function. Then f has an

inverse function if and only if f is bijective.
Proof. We must prove 1) if f has an inverse function, then f is bijective,

and 2) if f is bijective, then f has an inverse function.
1) Suppose that f has an inverse function, say g : B ! A, so g(f (a)) = a
for all a 2 A and f (g(b)) = b for all b 2 B. We must show that f is bijective;
i.e., that it is both injective and surjective.
First we prove that f is injective. For a, a0 2 A, we have
f (a) = f (a0 ) ) g(f (a)) = g(f (a0 )) ) a = a0 .
Therefore f is injective.
Now we prove f is surjective. Suppose that b 2 B. We must show that
b = f (a) for some a 2 A. Let a = g(b). Then
f (a) = f (g(b)) = b.
Therefore f is surjective, so we conclude that f is bijective.

2) Now suppose that f is bijective. Recall that this means for each b 2 B,
there is a unique a 2 A such that f (a) = b. We want to show that f has an
inverse function g : B ! A. We define g : B ! A as follows: For b 2 B,
we let g(b) be the unique element a 2 A such that f (a) = b. This is a
function from B to A, since for each b 2 B, we have specified a single value
a = g(b) 2 A. We now show that g is an inverse function of f . We must
again show two things: that g(f (a)) = a for all a 2 A, and that f (g(b)) = b
for all b 2 B.
Suppose first that b 2 B. Then f (g(b)) = f (a) where a = g(b) is, by the
definition of the function g, the unique element of A such that f (a) = b. So
f (g(b)) = f (a) = b.
Now suppose that a 2 A. We must show that g(f (a)) = a. We just saw
that f (g(b)) = b for all b 2 B. Applying this to b = f (a) gives f (g(f (a))) =
f (a). Thus letting a0 = g(f (a)), we have f (a0 ) = f (a), and since f is assumed
to be injective, this implies that a = a0 , i.e., g(f (a)) = a. Therefore g is an
inverse function of f . ⇤
We are now ready to define symmetric groups, or permutation groups. Let
A be any set. We’ll mainly be concerned with the case where A is a finite
set, but we’ll start out working in more generality. We define SA to be the
set of bijective functions from A to A.
Proposition 4.3.6 If A is a set, then SA is a group under .
Proof. First we have to check that if f, g 2 SA , then f g 2 SA , so that is
indeed a binary operation on SA . By definition, the composite f g is again
a function from A to A, and it is bijective by Part 3 of Prop. 4.3.4.
Now we need to check SA with the binary operation satisfies the group
axioms. We already know that is associative. we also already saw that the
identity function idA on A satisfies
idA f = f idA = f
for all functions f : A ! A, so in particular for all f 2 SA . Note also that idA
is bijective, so idA 2 SA is an identity element for the operation . Finally
Prop. 4.3.5 shows that f has an inverse function g : A ! A. We have to
check that g 2 SA , i.e., that g is bijective. One way to see that it is bijective
is to note that it has an inverse function, namely f , and apply Prop. 4.3.5
again.
Thus (SA , ) satisfies the group axioms. ⇤
The group SA under is called the symmetric group, or permutation
group, on A, and its elements are called permutations of A. Now let’s sup-
pose that A is finite. Assume even more specifically, that A = {1, 2, . . . , n}
where n is a positive integer. Rather than write S{1,2,...,n} , we write simply

Sn , and call Sn the nth symmetric group. We write e, instead of idA , for the
identity element of Sn , and generally omit the when writing composites.
There are two standard ways of denoting elements of Sn . One of these is
to write ✓ ◆
1 2 ··· n
a1 a2 · · · an
for the function (or permutation) 2 Sn such that (1) = a1 , (2) = a2 , . . . ,
(n) = an . Note that a1 , a2 , . . . , an must be a reordering, or permutation, of
the integers 1, 2, . . . , n. So for example
✓ ◆
1 2 3 4 5 6
=
2 3 5 6 1 4
is the element of 2 S6 such that (1) = 2, (2) = 3, (3) = 5, (4) = 6,

(5) = 1 and (6) = 4.
This notation makes it easy to count the elements of Sn . Note that there
are n possibilities for a1 , and having chosen a1 , there remain n 1 possibilities
for a2 (as it can’t equal a1 ), n 2 possibilities for a3 , . . . , 2 possibilities for
an 1 and only 1 remaining for an . Therefore there are
n! = n(n 1)(n 2) · · · 2 · 1
elements of Sn . For example, the 3! = 6 elements of S3 are

✓ ◆ ✓ ◆
1 2 3 1 2 3
, ,
✓ 1 2 3 ◆ ✓ 1 3 2 ◆
1 2 3 1 2 3
, ,
✓ 2 1 3 ◆ ✓ 2 3 1 ◆
1 2 3 1 2 3
, .
3 1 2 3 2 1
Here is an example to illustrate how to compute composites with this nota-

tion:
Example 4.3.7 Suppose that is the element of S6 described above, and
✓ ◆
1 2 3 4 5 6
⌧= .
2 3 4 1 5 6
To compute ⌧ , we write ⌧ above

✓ ◆
1 2 3 4 5 6
= ,
2 3 5 6 1 4
and chase through what happens to each integer under first ⌧ , and then ,
giving ✓ ◆
1 2 3 4 5 6
⌧= .
3 5 6 2 1 4
The other standard notation is cycle notation. If a1 , a2 , . . . , ak are distinct
elements of {1, 2, . . . , n} (so k  n), we write
(a1 a2 a · · · ak )
for the permutation such that (a1 ) = a2 , (a2 ) = a3 , . . . , (ak 1 ) = ak

and (ak ) = a1 , and (b) = b otherwise. In other words, cycles through the
elements a1 , a2 , . . . , ak (going from ak back to the beginning a1 ), and leaves
the remaining elements of {1, 2, . . . , n} alone. So for example the element
(1234) 2 S6 is the permutation above we denoted by ⌧ . An element of Sn of
the form (a1 a2 · · · ak ) is called a k-cycle (or just a cycle). For example, the
permutation denoted ⌧ in Example 4.3.7 is the 4-cycle (1234) in S6 , since
⌧ (1) = 2, ⌧ (2) = 3, ⌧ (3) = 4, ⌧ (4) = 1,
and ⌧ (b) = b otherwise (i.e., b = 5 or 6). Every element of S3 is a cycle (the

identity can be viewed as the 1-cycle (1) for example). Maintaining the order
in which the elements are listed above, we have
S3 = {e, (23), (12), (123), (132), (13)}.
If n > 3, then Sn has elements which are not cycles. A general fact is
that every element can be written as a product of disjoint cycles, i.e., in the
form
(a1 a2 · · · ak1 )(ak1 +1 ak1 +2 · · · ak1 +k2 ) · · · (ak1 +k2 +···+kr 1 +1 · · · ak1 +k2 +···+kr ),
where a1 , a2 , . . . , ak1 +k2 +···+kr are distinct. We won’t prove this, but here’s
how it works in practice: Take an element a 2 {1, 2, . . . , n} and list the
values a1 = a, a2 = (a1 ), a3 = (a2 ), . . . until we get back to a. If k is the
least integer such that (ak ) = a, then one of the cycles in the expression for
is (a1 a2 · · · ak ), whose e↵ect is described by:
a1 ! a2 ! · · · ! ak ! a1 .
Once an element b 2 {1, 2, . . . , n} appears in such a list, there’s no need to

compute the values with b1 = b, b2 = (b1 ), etc., since we have already found
the cycle in which it appears.
Let’s carry this out for the cycle of Example 4.3.7. Starting from a = 1
gives:
1 ! 2 ! 3 ! 5 ! 1,
yielding the 4-cycle (1235). We have now accounted for 1, 2, 3 and 5, and
starting from 4 gives (46). So a cycle expression for is
(1235)(46).
Note that we can “cycle” through the entries in a cycle without changing
it, so we could have written, say (3512) instead of (1235). It’s also the
case that we can write disjoint cycles in any order without altering their
composite. In other words, disjoint cycles “commute.” So we could just as
well write the cycle expression for as (46)(1235). For the sake of being
systematic though, I’ve been writing the cycles starting with the smallest
integer whenever there’s a choice.
As an example of computing a composite in cycle notation, let’s redo the
calculation of ⌧ in Example 4.3.7. We’ve already seen that = (1235)(46)
and ⌧ = (1234), so we want to compute
(1235)(46)(1234).
Beginning with 1, we find that (1234) sends 1 to 2. Then 2 is not a↵ected

by (46), and finally (1235) sends 2 to 3, or more visually:
(1234) (46) (1235)
1 ! 2 !2 ! 3.
Note that we start with the rightmost cycle (1234) and “move” to the left
since that is the convention for composition of functions, but within each
cycle, the entries “move” from left to right (until we get to the last entry).
Since we want to write our answer in cycle notation, we next compute the
value at 3:
(1234) (46) (1235)
3 ! 4 ! 6 ! 6,
and then 6:
(1234) (46) (1235)
6 ! 6 !4 ! 4,
and then 4 and so on until we get back to 1. Eventually we find ⌧ has the
e↵ect:
1 ! 3 ! 6 ! 4 ! 2 ! 5 ! 1.
Since this accounts for all the elements {1, 2, 3, 4, 5, 6}, we conclude that ⌧
is the 6-cycle (136425), which is indeed consistent with the calculation in
Example 4.3.7.
4.4. BASIC PROPERTIES OF GROUPS 53
4.4 Basic properties of groups

Recall that a group is a set G with a binary operation ⇤ satisfying:
1. ⇤ is associative;
2. there’s an identity element e 2 G for ⇤;
3. every element g 2 G has an inverse under ⇤.
We have now seen a lot of examples of groups, including:
• (Z, +),
• (R⇥ , ·),
• (M2 (R), +),
• GL2 (R) under matrix multiplication,
• (Zn , +),
• (Z⇥
n , ·),
• Dn (for n 3) under composition,

• Sn under composition.
Now we’ll establish some basic properties that all groups have. I already
mentioned that the identity element is unique, i.e., there is only one element
e 2 G with the property that e⇤a = a⇤e = a for all a 2 G. (If e0 were another
element with this property, we’d have e = e ⇤ e0 = e0 , a contradiction.) Now
we’ll show that the inverse of each element is unique.
Proposition 4.4.1 Suppose (G, ⇤) is a group and a 2 G. Then there is a
unique b 2 G such that a ⇤ b = b ⇤ a = e.
Proof. We already know from the definition of a group that a ⇤ b = b ⇤ a = e
for some b 2 G; we have to show there is exactly one element b 2 G with this
property. So suppose b and b0 are two such elements, i.e.,
a ⇤ b = b ⇤ a = e and a ⇤ b0 = b0 ⇤ a = e.
Then the above formulas and associativity imply
b = b ⇤ e = b ⇤ (a ⇤ b0 ) = (b ⇤ a) ⇤ b0 = e ⇤ b0 = b0 .
⇤
We’ve already been referring to the element b as in the proposition as an
inverse of a. Now we can call it the inverse of a.
Def inition 4.4.2 Suppose that (G, ⇤) is a group and a 2 G. Then the
inverse of a is the unique element b 2 G such that a ⇤ b = b ⇤ a = e; we
denote this element by a 1 .
Here are some more notational conventions: just as for multiplication of
real numbers, we often omit the symbol for the binary operation in a group
(especially for an “abstract” group) and simply write ab instead of a ⇤ b.
A binary operation is often denoted + When some sort of “addition” un-
derlies the definition (for example, addition of matrices). In that case, we
would denote the inverse of a by a instead of a 1 . The symbol + is also
usually reserved for commutative binary operations. Groups for which the bi-
nary operation is commutative have a special name, after the mathematician
Abel.
Def inition 4.4.3 We say a group (G, ⇤) is an abelian group if the operation
⇤ is commutative; i.e., a ⇤ b = b ⇤ a for all a, b 2 G.
Among the above examples, (Z, +), (R⇥ , ·), (M2 (R), +), (Zn , +) and (Z⇥
n , ·)
are abelian groups, but GL2 (R), Dn and Sn (for n 3) are non-abelian.
Here’s an important property that applies to all groups; it’s called the
Cancellation Law:
Proposition 4.4.4 Suppose that G is a group and a, b, c 2 G. If ab = ac or
ba = ca, then b = c.
Proof. If ab = ac, then
b = eb = (a 1 a)b = a 1 (ab) = a 1 (ac) = (a 1 a)c = ec = c.
The proof that ba = ca ) b = c is similar. ⇤

Make sure you understand the justification at each step in the string of
equalities in the proof, and can supply the “similar” part of the proof yourself.
In particular, note that it was important to “multiply” by a 1 on the left in
the above argument since the operation is not necessarily commutative, and
that to prove the other implication, you will need to multiply by a 1 on the
right.
Note that if G is a group and a, b 2 G, then there’s an element x 2 G
such that ax = b, namely x = a 1 b. Moreover the cancellation law says that
x is the unique such element. Similarly there’s a unique y 2 G such that
ya = b, namely y = ba 1 . (Note that y may or may not be the same as x.)
Let’s record this consequence of the cancellation law:
Corollary 4.4.5 If G is a group and a, b 2 G, then there is a unique x 2 G
such that ax = b and a unique y 2 G such that ya = b.
4.4. BASIC PROPERTIES OF GROUPS 55
You can think of this as a statement about the “multiplication table” for the
group. Suppose G has only finitely many elements, say g1 , g2 , . . . , gn . The
entries in the row of a are then
ag1 , ag2 , . . . , agn .
The corollary says that each element b 2 G appears exactly once in this list.
So b appears exactly once in each row of the table. Similarly, b appears
exactly once in each column of the table.
Here are some more general properties of inverses:
Proposition 4.4.6 Suppose G is a group and g, h 2 G. Then
1
1. If ab = e, then a = b and b = a 1 .
1
2. (ab) = b 1a 1.
3. (a 1 ) 1
= a.
Proof. 1) If ab = e, then since b 1 b = e, Prop. 4.4.4 implies that a = b 1 .
Similarly, since aa 1 = e, Prop. 4.4.4 implies that b = a 1 .
2) Note that
(ab)(b 1 a 1 ) = a(b(b 1 a 1 )) = a((bb 1 )(a 1 )) = a(ea 1 ) = aa 1
= e.
So applying part 1) (with ab in place of a and b 1 a 1 in place of b) shows
that b 1 a 1 = (ab) 1 .
3) Since aa 1 = e, part 1) with a 1 in place of b shows that a = (a 1 ) 1 . ⇤
Recall that b = a 1 means that ab = e and ba = e. The content of part
1) is that it’s enough to know that either of these equalities hold; the other
follows. Also, note in part 2) that the inverse of ab is given by b 1 a 1 (the
order reverses), and this is not necessarily the same as a 1 b 1 unless G is
abelian.
Finally one more remark on notation. So far I’ve been very careful to
place parentheses and show how associativity is being applied. For example,
the proof of part 2) of the above proposition begins with 3 applications of
associativity to shift around the parentheses, replacing an expression of the
form a(bc) with (ab)c or vice-versa. By now you should realize that we don’t
really need the parentheses. Since a(bc) = (ab)c, we just write abc instead
(or a ⇤ b ⇤ c if the operation is ⇤), and more generally we write a1 a2 · · · an .
Note that the order of placement of the elements matters (unless the group is
abelian), but the order in which the operation is applied to adjacent elements
doesn’t matter. With this mind, the formula in the proof of part 2) above
becomes:
(ab)(b 1 a 1 ) = abb 1 a 1 = aea 1 = aa 1 = e.
4.5 Powers of group elements

If (G, ⇤) is a group and g 2 G, then we define the nth power of g for positive
integers n by
gn = g ⇤ g ⇤ · ⇤ g .
| {z }
n times
We extend this to a define g n for all n 2 Z by setting g 0 = e and g n = (g n ) 1

for n < 0 (note that we’ve already defined g n in this case since n > 0,
so we’re defining g n as the inverse of g n . Notice there’s no inconsistency in
the definition of g 1 . Taking n = 1 just gives the inverse of g 1 = g, which
is what we’ve already been calling g 1 . Here are some examples:
• Suppose G = D3 and g = ⇢1 . Then ⇢21 = ⇢2 , ⇢31 = e, ⇢41 = ⇢1 . Of course

⇢01 = e and ⇢11 = ⇢1 by definition. Some negative powers are ⇢1 1 = ⇢2
and ⇢1 2 = (⇢21 ) 1 = ⇢2 1 = ⇢1 .
• For the group of non-zero real numbers under multiplication, xn has its
usual meaning for x 2 R⇥ , n 2 Z.
0 1
• Suppose G = S6 and is the 6-cycle (123456). Then = e, = ,
and 2 = = (123456)(123456) has the e↵ect:
1 ! 2 ! 3, 2 ! 3 ! 4
3 ! 4 ! 5, 4 ! 5 ! 6
5 ! 6 ! 1, 6 ! 1 ! 2,
which in cycle notation is (135)(246). Similarly

3 4 5 6
= (14)(25)(46), = (153)(264), = (165432), = e,
and then the powers begin repeating, so 7 = , 8 = 2 , etc. As

1
for negative powers, is the inverse functions of , which could be
described as:
1 ! 6 ! 5 ! 4 ! 3 ! 2 ! 1,
5 2
which is the same as , and we find = ( 2) 1
= 4
, etc.
• Consider Z under addition. Whenever the operation is denoted +, then

we’ll write ng or n · g instead of g n , and call these multiples instead of
powers. Then nm has its usual meaning for m, n 2 Z.
4.5. POWERS OF GROUP ELEMENTS 57
• Consider the group (Z10 , +). Since the group operation is based on ad-
dition, we’ll use the “additive” notation. Let’s compute some multiples
of [4] in Z10 : 1 · [4] = [ 4] = [6], 0 · [4] = [0], 1 · [4] = [4], 2 · [4] = [8],
3 · [4] = [2], etc. It’s easy to see that n · [a], the nth multiple of [a] in
Zm , is given by [na]. If n > 0, this is clear from definitions since
n · [a] = [a] + [a] + · · · + [a] = [a

|+a+{z· · · + a}].
| {z }
n times n times
It’s also clear from the definition if n = 0. If n < 0, then n · [a] is

defined as the (additive) inverse of ( n) · [a], and since n > 0, we
know that ( n) · [a] = [( n)a]. Therefore
n · [a] = [( n)a] = [ ( n)a] = [na].
• Recall that Z⇥m = { [a]m | gcd(a, m) = 1 } is a group under multiplica-

tion of congruence classes. For example,
Z⇥
100 = { [1], [3], [7], [9], [11], [13], . . . , [97], [99] },
the included residue classes being those with last digits 1, 3, 7, 9. Com-
puting a few powers of [19], we have
[19]2 = [19][19] = [361] = [61], [19]3 = [19]2 [19] = [61][19] = [59].
Just as with addition of congruence classes, it’s easy to see that [a]nm =
[an ]m is n is positive (where an is the “usual” nth power of a). Note
though that this formula makes no sense if n is negative since an is not
an integer. To see how to compute [19] 1 in Z⇥ 100 for example, let’s
recall what this means (see the proof of Prop. 4.2.13). We need to find
a congruence class [x] 2 Z⇥ 100 so that [19x] = [19][x] = [1]. In other
words, we want 19x ⌘ 1 mod 100, or 19x 100y = 1 for some y 2 Z.
We can solve this using the Euclidean Algorithm:
100 = 5 · 19 + 5, 19 = 3 · 5 + 4, 5 = 4 + 1,
which gives
1 = 5 4 = 5 (19 3·5) = 4·5 19 = 4(100 5·19) 19 = 4(100) 21(19).
We can therefore take x = 21 and conclude

1
[19] = [ 21] = [79].
What about [19] 2 ? By definition, this is the inverse of [19]2 = [61],

so we apply the Euclidean Algorithm again. Alternatively, we can use
the fact that [19] 2 = ([19] 1 )2 by the Laws of Exponents we’ll prove
in a moment, and conclude
2
[19] = [ 21]2 = [441] = [41].
Now let’s return to the general situation and show that the powers of an
element satisfy the laws of exponents.
Proposition 4.5.1 Suppose G is a group, g 2 G and m, n 2 Z. Then

g m g n = g m+n and (g m )n = g mn .
Proof. We’ll just prove the first formula and leave the second as an exercise.
If m and n are both positive, then it is clear that g m g n = g m+n since
gg · · · g gg · · · g = gg · · · g .
| {z } | {z } | {z }
m times n times (m + n) times
(More formally, we would have defined g 0 = e and g n for n 1 inductively

by g n = g n 1 g, and then proved g m g n = g m+n in this case by induction on
n.)
The formula is also clear if m = 0 or n = 0.
So now suppose m and n are both negative. In that case g m = (g m ) 1 ,
g = (g n ) 1 and g m+n = (g (m+n) ) 1 by definition. But since m, n are
n
positive, we’ve already proved that g n g m = g n m = g (m+n) . Applying

Prop. 4.4.6, part 2) then gives
g m g n = (g m
) 1 (g n
) 1
= (g n
g m
) 1
= (g (m+n)
) 1
= g m+n .
Now suppose m < 0 and n > 0. If m + n 0, then since m < 0, we

already know that g m g m+n = g m+m+n = g n . But since g m = (g m ) 1 ,
multiplying by g m on the left gives
gmgn = gmg m m+n

g = eg m+n = g m+n .
If on the other hand, m + n < 0, then we already know that g m+n g n = g m

(all the exponents being negative), and multiplying on the right by g n gives
g m g n = g m+n .
Finally if m > 0 and n < 0, the preceding cases show g m g m+n = g n
(regardless of the sign of m + n), and it follows as above that g m g n = g m+n .
⇤
4.6. ORDERS OF GROUP ELEMENTS 59
Note that when using additive notation, the laws of “exponents” become:
(m · a) + (n · a) = (m + n) · a, m · (n · a) = (mn) · a
for all m, n 2 Z and a 2 G (a group with operation +).

Finally a word a caution. One of the usual laws of exponents for real
numbers is that xn y n = (xy)n for x, y 6= 0, n 2 Z. It’s easy to see that
g n hn = (gh)n for g, h in an abelian group G, but this rule will not apply in
a non-abelian group. Taking n = 2 for example, g 2 h2 = gghh, but (gh)2 =
ghgh, and these might not be the same.
4.6 Orders of group elements

Recall that if G is a group, then for g 2 G, n 2 Z, we defined g n (the nth
power of g) by setting
• g n = gg · · · g (n times) for n > 0;
• g 0 = e;
• g n = (g n
) 1
for n < 0.
For example, the powers of g = ⇢1 2 D3 are given by
n 4 3 2 1 0 1 2 3 4 5 6 7
···
gn ⇢2 e ⇢1 ⇢2 e ⇢1 ⇢2 e ⇢1 ⇢2 e ⇢1
Notice the pattern, which can be expressed as:

8
< e if n ⌘ 0 (mod 3),
n
⇢1 = ⇢1 if n ⌘ 1 (mod 3),
:
⇢2 if n ⌘ 2 (mod 3).
Similarly, for G = Z10 under + taking powers of [4] (or “multiples” since the
operation is additive) gives
n 4 3 2 1 0 1 2 3 4 5 6 7
···
n · [4] [4] [8] [2] [6] [0] [4] [8] [2] [6] [0] [4] [8]
On the other hand, if we take powers of 2 in R⇥ , there is no repetition.

These phenomena can be explained in general in terms of the order of the
element, defined as follows:
Def inition 4.6.1 Let g be an element of a group G. We say that g has

finite order (in G) if g n = e for some n 2 N. In that case the least n 2 N
such that g n = e is called the order of g. If no such positive integer n exists,
we say that g has infinite order.
For example, the element ⇢1 2 D3 has order 3, and the element [4] 2 Z10 has
order 5. The element 2 2 R⇥ has infinite order; in fact the only elements of
R⇥ with finite order are ±1. Note that the identity element e in any group
has order 1.
Theorem 4.6.2 Suppose that g is an element of a group G.
1. If g has infinite order, then g n = e , n = 0.
2. If g has finite order d, then g n = e , d|n.

Proof. 1) Suppose that g has infinite order. Then by the definition of infinite
order, there is no positive integer n such that g n = e. It is also true by
definition that g 0 = e, so we just have to prove that there is no negative
integer n such that g n = e. Suppose then that n < 0 and g n = e. Then by
definition of g n in this case, we have (g n ) 1 = e. But then it follows that
g n = e, and since n > 0, this would contradict g having infinite order.
2) Suppose now that g has order d, i.e., d is the least positive integer such
that g d = e.
If d|n, then n = dm for some m 2 Z. Since g d = e, we find that
g n = g dm = (g d )m = em = e
(where the second equality is by the laws of exponents, Prop. 4.5.1).

Suppose conversely that g n = e. By the Division Algorithm Thm. 2.1.2,
we can write n = dq + r for some q, r 2 Z with 0  r < d. Applying
Prop. 4.5.1 again gives
e = g n = g dq+r = g dq g r = (g d )q g r = eq g r = g r .
But since r < d and d is the least positive integer such that g d = e, it follows
that r cannot be a positive integer. The only possibility then is that r = 0,
so n = dq is divisible by d. ⇤
Corollary 4.6.3 Suppose that g is an element of a group G.

1. If g has infinite order, then the powers of g are distinct; i.e., g m =
g n , m = n.
2. If g has finite order d, then g m = g n , m ⌘ n (mod d).

4.6. ORDERS OF GROUP ELEMENTS 61
Proof. 1) Suppose that g has infinite order. Clearly if m = n, then g m = g n .

Suppose conversely that g m = g n . Then g m n = g m g n = g n g n = e (where
the first equality is by Prop. 4.5.1), so part 1) of Thm. 4.6.2 implies that
m n = 0, so m = n.
2) Suppose now that g has order d. Then
gm = gn ) gm n = e (as in part 1)
) d|(m n) (by Thm. 4.6.2)
) m ⌘ n (mod d) by definition of congruence.
Note also that we can “reverse” the argument; i.e., each ) can be replaced
by ,, so we see in fact that g m = g n , m ⌘ n (mod d). ⇤
Note that part 2) of the corollary describes what we saw in the examples
of ⇢1 2 D3 and [4] 2 Z10 ; part 1) describes what we saw for 2 2 R⇥ .
We’ve been considering the order of an element of a group (Defn. 4.6.1).
There is also the notion of the order of a group, which is just its size.
Def inition 4.6.4 Suppose that G is a group. If G has infinitely many ele-
ments, we say G has infinite order. Otherwise we say G has finite order,
and we define the order of G to be the number of elements in G.
So for example, the group D3 has order 6; its element ⇢1 has order 3. We’ll see
later how the two notions are related. For now let’s just note the following:
Corollary 4.6.5 If a group G has finite order, then so does every element
of G.
Proof. If g 2 G has infinite order, then Cor. 4.6.3 shows that its powers g n
would give infinitely many distinct elements of G. ⇤
Let’s consider the order of some permutations. The computation of the
powers of = (123456) in S6 shows that has order 6. We saw also that its
inverse is (165432) = (654321). In fact, in general:
Proposition 4.6.6 Suppose that a1 , a2 , . . . , ak are distinct elements of the

set {1, 2, . . . , n}, and let = (a1 a2 · · · ak ). Then
1
1. = (ak ak 1 · · · a1 );
2. has order k.
Proof. 1) Let ⌧ = (ak ak 1 · · · a1 ). We have to show that ⌧ = 1 . Since Sn

is a group, we only have to show that ⌧ = e, which means that ⌧ ( (a)) = a
for each a 2 {1, 2, . . . , n}.
• We find that ⌧ ( (a1 )) = ⌧ (a2 ) = a1 , ⌧ ( (a2 )) = ⌧ (a3 ) = a2 , . . . ,

⌧ ( (ak 1 )) = ⌧ (ak ) = ak 1 , and ⌧ ( (ak )) = ⌧ (a1 ) = ak .
• If b 6= ai for any i = 1, 2, . . . , k, then ⌧ ( (b)) = b.

So ⌧ = e, and therefore ⌧ = 1 .
2) We have to show that k = e, and that i 6= e for i = 1, 2, . . . k 1. We
first compute i (a1 ) for each i. Recall that i = · · · , repeated i times. So
by the definition of , we have (a1 ) = a2 , 2 (a1 ) = ( (a1 )) = (a2 ) = a3 ,
and by induction on i, we find that
i
(a1 ) = (ai+1 ) if 1  i  k 1.
(The induction step is i (a1 ) = ( i 1 (a1 )) = (ai ) = ai+1 .) Since i (a1 ) =

ai+1 6= a1 , this already shows that i is not the identity for 1  i  k 1.
We must still show that k is the identity. To see this, first note that
k k 1
(a1 ) = ( (a1 )) = (ak ) = a1 .
Furthermore for i = 1, 2, . . . , k 1, we have

k k
(ai+1 ) = ( i (a1 )) = i+k
(a1 ) = i
( k
(a1 )) = i
(a1 ) = ai+1 .
We have now shown that k (a1 ) = a1 , (a2 ) = a2 , . . . , k (ak ) = ak . Finally

if b 6= ai for any i = 1, 2, . . . , k, then (b) = b, so by induction on i, we get
i
(b) = b for all i 1, and in particular, k (b) = b. We have now shown that
k
= e. ⇤
4.7 Subgroups
Def inition 4.7.1 Suppose that (G, ⇤) is a group. A subset H ✓ G is called
a subgroup of G if H, with the operation ⇤, is a group.

• The subset H = { even numbers } of Z (under addition) is a subgroup.
Note first that + defines a binary operation on H since the sum of two
even numbers is even; the operation is associative; there is an identity
element 0 2 H; and if n 2 H, then it has an inverse n 2 H.
• The subset N of Z is not a subgroup. Though + defines a binary

operation on N, there is no identity element (or inverses).
• The subset H = { e, ⇢1 , ⇢2 } of D3 is a subgroup.

4.7. SUBGROUPS 63
We will now establish a list of criteria which determine whether a given

subset H of a group G is in fact a subgroup.
Note first of all that for H to be a subgroup of G, we need ⇤ to define a
binary operation on H. This means that if h and h0 are elements of H, then
the output h ⇤ h0 of the binary operation on G, is in fact in the subset H.
We therefore require H to be closed under the operation ⇤; i.e.,
1) h, h0 2 H ) h ⇤ h0 2 H.
If 1) is satisfied, then we have a set H with a binary operation ⇤. It
is a group if it satisfies the three properties in the definition of a group
(Definition 4.1.1). Note first that since G is a group, the operation ⇤ is
associative on G, so it must be associative on the subset H as well.
The second property is that there be an identity element for ⇤ in H.
We know already that G has an identity element e for ⇤. Denote by e0 the
identity element for ⇤ in H, so e0 2 H satisfies
e0 ⇤ h = h ⇤ e0 = h for all h 2 H.
In particular e0 ⇤ e0 = e0 . But since e is the identity element for ⇤ on G, and

e0 2 G, we also have e ⇤ e0 = e0 . Therefore e ⇤ e0 = e0 ⇤ e0 , and the Cancellation
Law (Prop. 4.4.4) implies that e = e0 . So if there is an identity element for ⇤
in H, that element must be e. So the second property we need for H to be
a subgroup amounts to the requirement:
2) e 2 H.
The last condition is that every h 2 H have an inverse in H with respect
to ⇤. This means that if h 2 H, then there is an h0 2 H such that h ⇤ h0 =
h0 ⇤ h = e. But we know already that h has an inverse in G, which we’ve
denoted h 1 . Since h ⇤ h0 = h ⇤ h 1 = e, Prop. 4.4.6 implies that h0 = h 1 .
So the third property amounts to the condition:
1
3) h 2 H ) h 2 H.
We have now proved the following:
Proposition 4.7.2 Suppose that (G, ⇤) is a group and H ✓ G. Then H is

a subgroup of G if and only if the following conditions are all satisfied:
1. h, h0 2 H ) h ⇤ h0 2 H;
2. e 2 H;
1
3. h 2 H ) h 2 H.
Example 4.7.3 Let G = Z under addition and suppose m 2 Z. Consider

the subset
H = { integer multiples of m } = { n 2 Z | n is divisible by m }.
We will check that H is a subgroup of Z by verifying that it satisfies the

three conditions of Prop. 4.7.2.
1. Suppose n, n0 2 H. Then n = km, n0 = k 0 m for some k, k 0 2 Z, so

n + n0 = km + k 0 m = (k + k 0 )m is also divisible by m, so n + n0 2 H.
(I.e., the sum of two multiples of m is again a multiple of m; we knew
this already as part of Prop. 2.1.1.)
2. Since 0 = 0 · m is a multiple of m, we have 0 2 H.
3. Suppose n 2 H. Then n = km for some k 2 Z, so its inverse n=

km is a multiple of k, so n 2 H.
Note that the set of even integers is the special case where m = 2. Taking
m = 1 instead gives all of Z; taking m = 0 would give the subgroup {0}.
The set of integer multiples of m is usually denoted mZ. We shall see that
every subgroup of Z is of this form.
Remark 4.7.4 In the statement of the proposition, we really need all three
conditions to guarantee that H is a subgroup. You might wonder if two of
the conditions imply the third and are therefore sufficient to imply that H
is a subgroup, but this isn’t the case. For example, taking G = Z:
1. The subset {0, 1, 2, 3, . . .} satisfies 1) and 2) but not 3), so it is not a

subgroup.
2. The subset { 1, 0, 1} satisfies 2) and 3) but not 1) (since 1 is in the

subset, but 1 + 1 is not), so it is not a subgroup.
3. The empty set ; satisfies 1) and 3) but not 2), so it is not a subgroup.
(Note that 3) for example means that n must be in the subset when-
ever n is, but n is never in this subset, so the condition is automatically
satisfied.)
Example 4.7.5 Let G = GL2 (R) and let
SL2 (R) = { A 2 GL2 (R) | det A = 1 }.
(The GL is for general linear, and SL for special linear.)

4.8. CYCLIC GROUPS 65
1. Suppose A, B 2 SL2 (R). Then det A = det B = 1, so det(AB) =

(det A)(det B) = 1 (an exercise) and AB 2 SL2 (R).
✓ ◆
1 0
2. We have I = 2 SL2 (R) since det I = 1.
0 1
3. Suppose A 2 SL2 (R). Then det A = 1, so det(A 1 ) = (det A) 1

= 1,
so A 1 2 SL2 (R).
Since SL2 (R) satisfies 1), 2) and 3) of Prop. 4.7.2, it is a subgroup of GL2 (R).
4.8 Cyclic groups

We now turn our attention to a special type of subgroup:
Proposition 4.8.1 Suppose that G is a group and g 2 G. Then
H = { gn | n 2 Z }
is a subgroup of G.
Proof. As usual, we verify 1), 2) and 3) of Prop. 4.7.2.
0
1. Suppose h, h0 2 H. Then h = g n , h0 = g n for some n, n0 2 Z, so
0 0
hh0 = g n g n = g n+n by Prop. 4.5.1, so hh0 2 H.
2. By definition e = g 0 , so e 2 H.
3. Suppose h 2 H. Then h = g n for some n 2 Z, so h 1

= (g n ) 1
=g n
by Prop. 4.5.1, so h 1 2 H.
So H is a subgroup. ⇤
Def inition 4.8.2 If g is an element of a group G, then { g n | n 2 Z } is

denoted hgi and called the subgroup of G generated by g.

• The subgroup of D3 generated by ⇢1 is h⇢1 i = {e, ⇢1 , ⇢2 } (since ⇢1 has
order 3, Cor. 4.6.3 shows that ⇢01 , ⇢11 , ⇢21 already gives all the powers of
⇢1 ).
• The subgroup of Z (under +) generated by m is the set of multiples of

m (Example 4.7.3), so for example h4i is the set of integer multiples of
4.
• The subgroup of R⇥ generated by 4 is h4i = { 4n | n 2 Z }. (Note in

particular that the meaning of “hgi” depends on the group G in which
we’re working.)
• The subgroup of Z10 generated by [4] consists of all multiples of [4]

(since the operation is +). Therefore h[4]i = {[0], [4], [8], [2], [6]} (this
is all since [4] has order 5 in Z10 ).
• The subgroup of Z5 generated by [4] is {[0], [4], [3], [2], [1]}, which is all
of Z5 .
• The subgroup of Z⇥ ⇥
5 generated by [4] is {[1], [4]} since [4] = [1] in Z5 .
2
• The subgroup of S6 generated by (123456) is
{e, (123456), (135)(246), (14)(25)(36), (153)(264), (165432)}.
• In any group G, we have hei = {e} (where e is the identity element).
Recall we defined the order of an element of a group in Defn. 4.6.1. There

is also the notion of the order of a group (Defn. 4.6.4) which is just its size.
So for example, D3 has order 6; the element ⇢1 of D3 has order 3. Here is
one way in which the two notions are related:
Proposition 4.8.3 Suppose that g is an element of a group G.
1. If g has infinite order, then so does hgi.
2. If g has order d 2 N, then so does hgi.
Proof. 1) Recall from Corollary 4.6.3 that if g has infinite order, then the
group elements g n for n 2 Z are distinct. Since these are in hgi, we see that
hgi has infinitely many elements.
2) The second part of Corollary 4.6.3 says that if g has order d, then g m = g n
precisely when m ⌘ n (mod d), or equivalently, when m and n have the same
remainder on division by d. Therefore the elements of hgi are precisely the
elements g r as r runs through the possible remainders {0, 1, . . . , d 1}. So
hgi = {e, g, g 2 , . . . , g d 1 } has precisely d elements. ⇤
Going back to some of the examples:
• ⇢1 (in D3 ) has order 3, and so does h⇢1 i = {e, ⇢1 , ⇢2 }.
• If m 6= 0, then m 2 Z has infinite order, and so does hmi (the set of

mutliples of m).
• [4] in Z10 has order 5, and so does h[4]i = {[0], [4], [8], [2], [6]}.
• [4] in Z5 has order 5, and so does h[4]i = {[0], [4], [3], [2], [1]}.
In the last example, the subgroup generated by g was the whole group G.
Def inition 4.8.4 Suppose that G is a group. We say that G is a cyclic

group if G = hgi for some g 2 G. If G = hgi, then we say that g is a
generator (of G).
• Z is cyclic since the subgroup generated by 1 is the set of multiples of

1, which is all of Z.
• Zn is cyclic since the subgroup generated by [1] is all of Zn . To see this

note that if [k] 2 Zn , then [k] = k · [1] is a multiple of [1].
• Z⇥n might or might not be cyclic, depending on n. It’s easy to see that
the group is cyclic for the first few values n = 1, 2, . . . , 7; for example
Z⇥ ⇥
7 = h[3]i since the powers of [3] in Z7 are:
n 0 1 2 3 4 5
[3]n [1] [3] [2] [6] [4] [5].
On the other hand Z⇥

8 = {[1], [3], [5], [7]} is not cyclic since
h[1]i = {[1]}, h[3]i = {[1], [3]}, h[5]i = {[1], [5]}
and h[7]i = {[1], [7]},

none of which is all of Z⇥
8.
• For any g 2 G, the subgroup H = hgi for any g 2 G is a cyclic group

because the subgroup of H generated by g is the same as the subgroup
of G generated by g (as can be seen directly from the definition), and
this is all of H = hgi.
Note that G is cyclic if some element of G is a generator. There may be

several elements which are generators; for example, Z5 is generated by [1],
but we saw it was also generated by [4]. We’ll see later how to tell exactly
which elements of Zn are generators. First here’s a general criterion for an
element of a finite cyclic group to be a generator.
Proposition 4.8.5 Suppose that G is a finite group of order n.

1. If g 2 G, then g has order at most n.
2. G is cyclic if and only if G has an element of order n.
3. If G is cyclic and g 2 G, then g is a generator of G if and only if g

has order n.
Proof. Suppose that g 2 G. Recall from Prop. 4.8.3 that the order of g is
the number of elements of hgi. Since hgi ✓ G, we see that the order of g is
at most n. Moreover hgi = G if and only if g has order n. ⇤
For example:
• D3 has order 6, and the orders of its elements are 1 (the identity), 2
(the reflections) and 3 (the rotations). Therefore D3 is not cyclic.
• Z10 has order 10, and the orders of its elements are:
element [0] [1] [2] [3] [4] [5] [6] [7] [8] [9]
order 1 10 5 10 5 2 5 10 5 10.
So the elements of Z10 which are generators are [1], [3], [7] and [9].
Recall that an abelian group is one in which the binary operation is com-
mutative.
Proposition 4.8.6 If G is a cyclic group, then G is abelian.
Proof. If G is cyclic, then G = hgi for some g 2 G. We must show that
hk = kh for all h, k 2 G. Since G = hgi, we know that h = g m and k = g n
for some m, n 2 Z. Therefore
hk = g m g n = g m+n = g n+m = g n g m = kh,
by one of the laws of exponents (Prop. 4.5.1). ⇤

This gives another way of seeing that D3 is not cyclic (since it’s not
abelian). The proposition states that every cyclic group is abelian. On the
other hand, there are abelian groups that aren’t cyclic, for example Z⇥8 . For
an example of an infinite abelian which isn’t cyclic, consider R , the group
⇥
of non-zero real numbers under multiplication. To see that R⇥ is not cyclic,

we’ll suppose that it is and arrive at a contradiction. Suppose that R⇥ = hxi
for some x 2 R⇥ . Since x 2 R⇥ , we must have x = xn for some n 2 Z.
It follows that 1 = xn 1 , which implies that x = 1 (and n is even). But
then R⇥ = hxi = h 1i = {1, 1} is clearly a contradiction, so R⇥ is not
cyclic.
Recall that if g is an element of a group G, then
hgi = { g n | n 2 Z }
is the subgroup of G generated by g. For example, the subgroup of D3 gener-

ated by ⇢1 is h⇢1 i = {e, ⇢1 , ⇢2 }, and the subgroup of Z generate by m is the
set of multiples of m. We say G is cyclic if G = hgi for some g 2 G, and then
we call g a generator of G. For example, Zn is cyclic since it is generated
by the element [1]n . Note though that there may be other generators; for
example [4]5 is also a generator of Z5 . We’ll see in a moment how to tell
exactly which elements of Zn are generators. Note that the generators are
the elements of order n. In fact, if we know the order of g, then a simple
formula gives the order of any power of g (or multiple of g if the operation
is +):
Theorem 4.8.7 Suppose that G is a group, g 2 G has order d, and a 2 Z.

Then g a has order d/ gcd(a, d).
Proof. Recall that the order of g a is the least positive integer n such that
g an = (g a )n = e. Since we are assuming g has order d, Thm. 4.6.2 shows
that g an = e if and only if d|an. Now let b = gcd(a, d). Since b divides both
a and d, we see that d/b, a/b and na/b are all integers. Moreover
d|na , (d/b)|(a/b)n.
(To see this, note that na = kd for some k 2 Z if and only if na/b = k(d/b)
for some k 2 Z.) By Cor. 2.3.3, a/b and d/b are relatively prime, so by
Cor. 2.3.4, we see that if (d/b)|n(a/b), then (d/b)|n. Also, if n is divisible by
d/b, then so of course is n(a/b), so
(d/b)|n(a/b) , (d/b)|n.
Therefore
(g a )n = e , (d/b)|n.
So the smallest positive integer n for which (g a )n = e is the smallest positive
integer divisible by d/b, which of course is d/b itself. Therefore the order of
g a is d/b. ⇤
This gives a quick way to compute the order of any element of a cyclic
group, once we have a generator. Consider for example the group G = Z⇥ 7.
We saw this was cyclic, generated by [3]7 , so [3]7 has order 6 and each element
can be written as a power of 3. Here then is a table with the order of each
element of Z⇥
7:
a 0 1 2 3 4 5
[3]a [1] [3] [2] [6] [4] [5]
gcd(a, 6) 6 1 2 3 2 1
order of g a 1 6 3 2 3 6.
As another example, consider the element [4]10 in Z10 . Since [1]10 has
order 10, the order of [4]10 = 4 · [1]10 is 10/ gcd(4, 10) = 10/2 = 5. In fact,
we can now easily compute the order of any element of Zn :
Corollary 4.8.8 Suppose that a 2 Z and N 2 N. Then the element [a]n in

Zn has order n/ gcd(a, n).
Proof. The element [1]n has order n, so Theorem 4.8.7 shows that [a]n =
a·[1]n has order n/ gcd(a, n). Recall from Prop. 4.8.5 that [a]n generates Zn if
and only if [a]n has order n, which by Cor. 4.8.8 is equivalent to gcd(a, n) = 1.
So we have:
Corollary 4.8.9 Suppose that a 2 Z and N 2 N. Then [a]n generates Zn if

and only if a and n are relatively prime.
Cyclic groups have the following convenient property:
Theorem 4.8.10 Every subgroup of a cyclic group is cyclic.
Proof. Suppose that G is a cyclic group and H is a subgroup of G. We must

prove that H is cyclic.
Suppose first that H = {e}. Then H = hei, so H is cyclic.
Suppose now that H 6= {e}, so there is some element h 2 H such that
h 6= e. Since G is cyclic, G = hgi = { g n | n 2 Z } for some g 2 G. Since h
is in G, we must have h = g m for some m 2 Z. Since h 6= e, it follows that
m 6= 0. If m < 0, then h 1 = g m is also in H, and m > 0. This shows
that g n 2 H for some positive integer n (taking either n = m or n = m).
Now let b be the least positive integer such that g b 2 H. Then
hg b i = { (g b )k | k 2 Z}
is the subgroup of H generated by g b . We shall prove that in fact H = hg b i,

and therefore H is cyclic.
Since hg b i ✓ H, we just need to show that H ✓ hg b i. So suppose h0 2 H.
We must show that h0 is in hg b i. Since h0 2 G = hgi, we know that h0 = g a
for some a 2 Z. By the division algorithm, a = bq + r for some q, r 2 Z with

0  r < b. Substituting for a and applying Prop. 4.5.1 gives
g a = g bq+r = g bq g r = (g b )q g r .
Therefore g r = (g b ) q g a . By assumption g a = h0 2 H. But also (g b ) q 2
hg b i ✓ H, and since H is a subgroup, it follows that g r 2 H. Since r < b
and b was assumed to be the least positive integer such that g r 2 H, it
follows that r cannot be positive. This means that r = 0, so a = bq and
h0 = g a = (g b )q is in hg b i. ⇤
Corollary 4.8.11 If H is a subgroup of Z, then
H = hmi = { km | k 2 Z }
for some m 2 Z.
Proof. Since Z is cyclic, we can apply Thm. 4.8.10 to deduce that H is
cyclic. Therefore it is generated by some m 2 H ✓ Z. ⇤
Example 4.8.12 Suppose that a, b 2 Z, and let
H = { ax + by | x, y 2 Z }
(the set of integer linear combinations of a and b). Then H is a subset of Z,
but we will check that H is in fact a subgroup of Z. As usual, we check the
three conditions in Prop. 4.7.2:
1. Suppose that h, h0 2 H, so h = ax + by, h0 = ax0 + by 0 for some
x, y, x0 , y 0 2 Z. Then
h + h0 = (ax + by) + (ax0 + by 0 ) = a(x + x0 ) + b(y + y 0 )
which has the form required to be in H (since x + x0 and y + y 0 are
integers).
2. 0 2 H since 0 = a · 0 + b · 0.
3. If h 2 H, then h = ax + by for some x, y 2 Z, and its inverse in the
group is h = (ax + by) = a( x) + b( y), which is again in H sicne
x, y 2 Z.
Since H is a subgroup of Z, we must have that H is the set of multiples of
some integer m. Furthermore if a or b is non-zero, then H contains non-zero
elements, so we can take m > 0. But you already know this; the integer m
is gcd(a, b). (Recall from Thm. 2.4.1 that an integer c is of the form ax + by
for some x, y 2 Z if and only if c is a multiple of gcd(a, b).)
4.9 Cosets
Now we’ll introduce the notion of the cosets of a subgroup. We’ll use this to
prove an important theorem about finite groups, called Lagrange’s Theorem.
Def inition 4.9.1 Suppose that (G, ⇤) is a group, H is a subgroup of G, and

g is an element of G. The subset g ⇤ H ✓ G defined by
g ⇤ H = {g ⇤ h|h 2 H }
is called a left coset of H in G.
If omitting the symbol for the binary operation, we would write gH instead
of g ⇤ H.
Example 4.9.2 Let G = D3 , H = {e, 1 } and g = ⇢1 (in the notation of

Example 4.2.8). Then H is a subgroup of G, and
⇢1 H = { ⇢1 h | h 2 H } = {⇢1 e, ⇢1 1} = {⇢1 , 3}
is a left coset of H in G. For each g 2 G, we have a left coset gH of H in G,

but note that di↵erent values of G can give the same coset gH; for example,
eH = {ee, e 1 } = {e, 1} and 1H = { 1 e, 1 1} = { 1 , e}
are the same subsets of G, so eH = 1 H is a single coset. (Note that for any
G and H, we have H = eH, so the subgroup H is itself a left coset of H in
G.) Let’s compute all the left cosets of H in D3 . We’ve already computed
gH for g = e, 1 and ⇢1 ; the remaining values of g give
⇢2 H = {⇢2 , 2 }, 2H = { 2 , ⇢2 } and 3H = { 3 , ⇢1 }.
So all together there are 3 left cosets of H in D3 , namely
eH = 1H = {e, 1 },
⇢1 H = 3 H = {⇢1 , 3 }
and ⇢2 H = 2 H = {⇢2 , 2 }.
Note that each left coset of H in D3 contains the same number of elements.
Furthermore each element of D3 appears in exactly one of the left cosets of
H. We’ll see this is what happens in general, but first let’s consider another
example.
4.9. COSETS 73
Example 4.9.3 Let G = Z, n 2 N and H = hni. Recall that H is the set

of integer multiples of n. For a 2 Z, we can form a left coset of hni in Z:
a + hni = { a + kn | k 2 Z }
(since hni = { kn | k 2 Z }). For example,
7 + h12i = { . . . , 19, 7, 5, 17, 29, 41, . . . }.
Recall from Prop. 3.3.2 that b is of the form a+kn for some k 2 Z if and only
if b ⌘ a mod n; i.e., if and only b is in the congrunce class [a]n . So the left
coset a + hni is simply the congruence class [a]n . In particular each integer
is in exactly one of these left cosets; there is no overlap among them.
There is a completely analogous notion of right cosets. If H is a subgroup

of a group G and g is an element of G, the set Hg = { hg | h 2 H } is called
a right coset of H in G. For example, if G = D3 and H = {e, 1 }, then
H⇢1 = {e⇢1 , 1 ⇢1 } = {⇢1 , 2 }. Similarly computing all the right cosets, we
find they are:
He = H 1 = {e, 1 },
H⇢1 = H 2 = {⇢1 , 2 }
and H⇢2 = H 3 = {⇢2 , 3 }.
Note that there are 3 right cosets (the same number as there were left cosets,
computed in Example 4.9.2), and that H = He is a right coset (as well as
left coset), but that the other two right cosets do not coincide with any left
cosets.
For our purposes, it will suffice to work systematically with left cosets.
We leave some properties and computations of right cosets as exercises. Of
course if G is abelian, then gH = Hg, so there is no di↵erence between left
cosets and right cosets, and we could just call gH a coset.
The following proposition establishes a basic property of left cosets.
Proposition 4.9.4 Suppose that G is a group, H is a subgroup of G, and g

and g 0 are elements of G. Then the following are equivalent:
1. g 0 H = gH;
2. g 0 2 gH;
3. g 1 g 0 2 H.
Proof. We first show that 1) ) 2): Note that g 0 = g 0 e 2 g 0 H (since e 2 H),

so if g 0 H = gH, then g 0 2 gH.
Now we show that 2) ) 3): If g 0 2 gH, then g 0 = gh for some h 2 H.

Therefore g 1 g 0 = g 1 gh = eh = h 2 H.
Finally we show that 3) ) 1). So we assume that g 1 g 0 2 H and we will
show that g 0 H = gH. Let h = g 1 g 0 . Note that this equation implies that
gh = g 0 , and that g = g 0 h 1 .
To prove that g 0 H = gH, we will show that g 0 H ✓ gH and gH ✓ g 0 H.
Suppose that x 2 g 0 H, so x = g 0 h0 for some h0 2 H (note we didn’t say g 0 h
because we’ve already used h to denote a particular element of H, namely
g 1 g 0 ). Substituting g 0 = gh into x = g 0 h0 gives x = (gh)h0 . Since H is a
subgroup of G and h, h0 2 H, we have hh0 2 H, so x = (gh)h0 = g(hh0 ) 2 gH.
We have now shown that g 0 H ✓ gH.
Now suppose y 2 gH, so y = gh00 for some h00 2 H. Substituting g =
g h 1 gives y = g 0 h 1 h00 . Since H is a subgroup and h, h00 2 H, we have
0
h 1 h00 2 H, so y = g 0 h 1 h00 2 g 0 H. We have now also shown that gH ✓ g 0 H,

so now it follows that gH = g 0 H.
We have now shown that 1) ) 2) ) 3) ) 1). It follows that the 3
assertions are equivalent, since we can get from any one of them to any of
the others by a sequence of proven implications. ⇤
In the context of Example 4.9.3, Prop. 4.9.4 says that
[b]n = [a]n , b 2 [a]n , b ⌘ a mod n,
which we already knew.
Corollary 4.9.5 Suppose that G is a group, H is a subgroup of G and g is

an element of G. Then g is in exactly one left coset of H in G, namely gH.
Proof. We have g = ge 2 gH, so g 2 gH. To see that this is the only left
coset of H in G containing g, suppose that g is in the left coset g 0 H, where
g 0 2 G. Prop. 4.9.4 (with the roles of g and g 0 reversed) shows that in fact
gH = g 0 H. ⇤
Since we now know that gH is the only left coset of H in G containing g,
we can call it the left coset of H in G containing g,
We saw the assertion of the corollary explicitly in Examples 4.9.2 and
4.9.3, but let’s consider one more example:
Example 4.9.6 Consider
G = Z⇥
13 = {[1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12]}
and H = h[3]i = {[1], [3], [9]}. (Since 33 ⌘ 1 mod 13, we get that [3] has
order 3 in G and there are 3 elements in h[3]i.) We know that H = eH is a
4.10. LAGRANGE’S THEOREM 75
left coset of H in G. Another left coset is [2]H = {[2], [6], [5]}. We now know
[a]H for a = [1], [2], [3], [5], [6], [9]. We find also that [4]H = {[4], [12], [10]}
and [7]H = {[7], [8], [11]}. We’ve now accounted for all the elements of G in
some left coset of H in G, so we have a complete list of the left cosets:
{[1], [3], [9]}, {[2], [5], [6]}, {[4], [10], [12]} and {[7], [8], [11]}.
4.10 Lagrange’s Theorem

We now turn our attention to Lagrange’s Theorem. Recall that the order
of a finite group is simply the number of elements in the group. If G has
order n, then every subset of G has at most n elements, so in particular any
subgroup of G has order at most n. Lagrange’s Theorem tells us something
much stronger. Namely that if H is a subgroup of G, then the order of H is
in fact a divisor of n.
The key idea in the proof of Lagrange’s Theorem is to show that G can
be divided into disjoint subsets each having the same as H. These subsets
are precisely the left cosets of H in G. Recall that a left coset of H in G is
a subset of G of the form
gH = { gh | h 2 H }
for some g 2 G. We showed in Cor. 4.9.5 that each element of G is in exactly

one left coset of H. The other ingredient we need for the proof of Lagange’s
Theorem is that the left cosets of H in G all have the same size.
Lemma 4.10.1 Suppose that H is subgroup of a group G, and that H has

finite order d. Then every left coset of H in G has d elements.
Proof. Suppose that gH is a left coset of H in G. We will show that the

function f : H ! gH defined by f (h) = gh is bijective. It is surjective since
the range of f is all of gH (by the definition of gH, each element has the
form gh = f (h) for some h 2 H). The function is injective since f (h) = f (h0 )
means gh = gh0 , which implies h = h0 by the Cancellation Law. Therefore f
is bijective, so H and gH have the same number of elements. ⇤
We are now ready to prove Lagrange’s Theorem.
Theorem 4.10.2 Suppose that G is a group of finite order. If H is a sub-

group of G, then the order of G is divisible by the order of H.
Proof. The proof is now a simple counting argument using Cor. 4.9.5 and
Lemma 4.10.1.
Let n be the order of G and let d be the order of H. According to
Cor. 4.9.5, each element of G is in exactly one left coset of H in G. So n, the
number of elements of G, is gotten by adding up the numbers of elements in
these left cosets. But Lemma 4.10.1 states that the number of elements in
each coset is d. Therefore
n = d
|+d+{z· · · + d},
k times
where k is the number of left cosets of H in G. Therefore n = kd, so n is
divisible by d. ⇤
The idea of the proof is already visible in our computations of cosets in
Examples 4.9.2 and 4.9.3. In Example 4.9.2 where G = D3 and H = {e, 1 },
we saw that the 6 elements of D3 were divided into the 3 left cosets of H in
G, each of which had exactly 2 elements (2 being the order of H), so 6 = 3·2.
Similarly for G = Z⇥
13 and H = {1, 4, 9}, we found that the 12 elements of G
were divided into the 4 cosets of H in G, each of which had 3 elements, so
12 = 4 · 3.
Def inition 4.10.3 If H is a subgroup of a group G, then the number of left
cosets of H in G is called the index of H in G, and denoted [G : H].
If G is finite, then we see that [G : H] is the number k = n/d in the above
proof of Lagrange’s Theorem. For example, the index of {e, 1 } in D3 is 3.
But if G is infinite we can still define the index of a subgroup H, and this
index may be finite or infinite. For example, if n > 0, then the index of hni
in Z is the number of left cosets of hni in Z, i.e., the number of congruence
classes modulo n, which is simply n. The subgroup {0} has infinite index
in Z, but for a more interesting example with infinite index, consider the
subgroup SL2 (R) of GL2 (R) If A 2 GL2 (R), then the left coset
ASL2 (R) = { AB | B 2 SL2 (R) }
is the set of 2 ⇥ 2-matrices with the same determinant as A since
C 2 ASL2 (R) , A 1 C 2 SL2 (R) , det(A 1 C) = 1 , det A = det C.
So there is one left coset for each possible determinant; i.e., for each non-zero
real number.
Lagrange’s Theorem is a statement about the order of any subgroup of G,
but it also tells us something about the order of any element of G. Recall if
g 2 G, then the order of g is the smallest positive integer d such that g d = e.
4.10. LAGRANGE’S THEOREM 77
Corollary 4.10.4 Suppose that G is a group of finite order n, and that

g 2 G. Then the order of g is a divisor of n.
Proof. Recall (Prop. 4.8.3) that the order of g is the same as the order of
hgi, the subgroup of G generated by g. So apply Lagrange’s Theorem to
H = hgi to conclude that the order of g divides the order of G. ⇤
Recall for example that the possible orders of elements of D3 are 1 (the
identity), 2 (the three rotations) and 3 (the two rotations). These are all
divisors of 6 (the order of D3 ), confirming what Cor. 4.10.4 says in this
example. Note that Cor. 4.10.4 does not say that every positive divisor of n
is the order of an element of G. The order of D3 is 6, which has divisors 1,
2, 3 and 6. While D3 has elements of orders 1, 2 and 3, it has no element
of order of 6. (Indeed if it did, the group would have to be cyclic, but it is
not even abelian.) Similarly, Lagrange Theorem (4.10.2) does not say that
every divisor of n occurs as the order of a subgroup of G. It happens to be
the case for G = D3 that it has subgroups of orders 1, 2, 3 and 6, but we’ll
see examples later where not every divisor occurs.
Here’s another consequence of Thm. 4.10.2:
Corollary 4.10.5 Suppose that G is a group of order p, where p is a prime

number. Then G is cyclic.
Proof. Since p > 1, we can choose some element g 2 G with g 6= e. Consider

the subgroup hgi of G, and let d be its order. Then d|p by Thm. 4.10.2 and
d > 1 since e and g are elements of hgi. Therefore d = p, so hgi = G is
cyclic. ⇤
Here’s an immediate consequence of Cor. 4.10.4:
Corollary 4.10.6 Suppose that G is a group of order n, and g is an element

of G. Then g n = e.
Proof. Let d denote the order of g. Cor. 4.10.4 tells us that d|n, i.e., that
n = dk for some k 2 Z. Therefore g n = g dk = (g d )k = ek = e. ⇤
The following consequence of Lagrange’s Theorem is called Fermat’s
Little Theorem:
Corollary 4.10.7 Suppose that p is a prime number and a is an integer.
1. ap ⌘ a mod p;
2. if a is not divisible by p, then ap 1

⌘ 1 mod p.
Proof. We prove Part 2) first. If a is not divisible by p, then gcd(a, p) = 1,

so [a]p 2 Z⇥
p . Since Zp has order p
⇥
1, Cor. 4.10.6 shows that
[ap 1 ]p = [a]pp 1
= [1]p ,
which means that ap 1 ⌘ 1 mod p.

Now let’s deduce Part 1). If p 6 |a, then Part 2) shows that ap 1 ⌘ 1 mod p,
from which it follows that ap ⌘ a mod p. On the other hand if p|a, then p|ap ,
so ap ⌘ a ⌘ 0 mod p. ⇤
Fermat’s Little Theorem lets you do some fun calculations of remainders.
For example, let’s compute the remainder 5050 on division by 13. We can first
simplify the problem by noting that 50 ⌘ 2 mod 13, so 5050 ⌘ ( 2)50 mod
13. Since 2 is not divisible by 13, Fermat’s Little Theorem tells us that
( 2)12 ⌘ 1 mod 13, but better yet, ( 2)12k ⌘ 1k ⌘ 1 mod 13 for every k 2 N.
Therefore
( 2)50 = ( 2)48 ( 2)2 ⌘ ( 2)2 ⌘ 4 mod 13,
so the remainder of 5050 on division by 13 is 4. Alternatively, in terms of
residue classes modulo 13 the calculation becomes
[5050 ] = [50]50 = [ 2]50 = [ 2]48 [ 2]2

4
= [ 2]12 [( 2)2 ] = [1]4 [4] = [4].
For another example, let’s compute 50100 mod 103. Now 103 is prime, and
50 is not divisible by 103, so by Fermat’s Little Theorem, 50102 ⌘ 1 mod 103.
At first glance that doesn’t seem to help much, but we can think of this as
saying that
50100 · 502 ⌘ 1 (mod 103),
or that [50100 ] is the inverse of [502 ] in Z⇥ 2
103 . So we could compute 50 , find
the remainder on division by 13, and then use the Euclidean Algorithm to
find the multiplicative inverse. (An alternative would be to first find the
multiplicative inverse of 50 and then square; either works.) Since 2500 ⌘
28 mod 103, we compute:
103 = 3 · 28 + 19, 28 = 19 + 9, 19 = 2 · 9 + 1,
giving
1 = 19 2 · 9 = 19 2(28 19) = 3 · 19 2 · 28
= 3(103 3 · 28) 2 · 28 = 3 · 103 11 · 28.
4.11. PRODUCT GROUPS 79
Therefore 50100 ⌘ 11 ⌘ 92 mod 103, so the remainder is 92. Again in terms

of residue classes modulo 103
[50100 ] = [50]100 = [50]102 [50] 2

= [50] 2 = [502 ] 1 = [28] 1
= [ 11] = [92],
where [a] 2 means ([a]2 ) 1 , and this is computed as above using the Euclidean
algorithm.
4.11 Product groups

Before defining product groups, we need the notion of the product of two sets.
Def inition 4.11.1 Suppose that A and B are sets. The product of A and
B is defined to be the set
A ⇥ B = { (a, b) | a 2 A, b 2 B }.
Thus an element of A ⇥ B is an ordered pair (a, b), where a is an element of

A and b is an element of B. You should already be familiar with the example
with A = B = R; their product is the plane R ⇥ R, often denoted R2 . This
construction makes sense for any sets A and B. If it happens that A = B,
we might write A2 instead of A ⇥ A (and more generally An for the n-fold
product A ⇥ A ⇥ · · · ⇥ A), but let’s consider an example where A and B are
di↵erent: If A = {0, 1} and B = {0, 1, 2}, then
A ⇥ B = {(0, 0), (0, 1), (0, 2), (1, 0), (1, 1), (1, 2)}.
Now if G and H are groups, we will define a binary operation on the

product
G ⇥ H = { (g, h) | g 2 G, h 2 H }
making it into a group. The two groups G and H have binary operations
we’ll temporarily denote by ⇤G and ⇤H . Now define a binary operation ⇤ on
G ⇥ H by
(g, h) ⇤ (g 0 , h0 ) = (g ⇤G g 0 , h ⇤H h0 ).
Note that in the first coordinate we applied the binary ⇤G to the elements
g, g 0 2 G and got an element g ⇤G g 0 2 G, and in the second coordinate we
applied ⇤H to elements of H to get h ⇤H h0 2 H, so that ⇤ is indeed a binary
operation on G ⇥ H. Now as usual, we’ll suppress the symbols for the binary
operations when working with abstract groups.
Proposition 4.11.2 If G and H are groups, then G ⇥ H is a group under

the binary operation defined above.
Proof. First we check that the binary operation on G ⇥ H is associative. So

suppose (g, h), (g 0 , h0 ), (g 00 , h00 ) 2 G ⇥ H. From the definition of the binary
operation, we get
(g, h)((g 0 , h0 )(g 00 , h00 )) = (g, h)(g 0 g 00 , h0 h00 ) = (g(g 0 g 00 ), h(h0 h00 )),
and similarly
((g, h)(g 0 , h0 ))(g 00 , h00 ) = (gg 0 , hh0 )(g 00 , h00 ) = ((gg 0 )g 00 ), (hh0 )h00 ).
Since G and H are groups, the binary operations on G and H are associative,
so g(g 0 g 00 ) = (gg 0 )g 00 and h(h0 h00 ) = (hh0 )h00 . Therefore
(g(g 0 g 00 ), h(h0 h00 )) = ((gg 0 )g 00 ), (hh0 )h00 ),
showing that the binary operation on G ⇥ H is indeed associative.

Next we must show that there is an identity element for the binary op-
eration on G ⇥ H. Since G and H are groups, there are identity elements
eG 2 G and eH 2 H for their binary operations, so
eG g = g = geG and eH h = h = heH
for all g 2 G and h 2 H. It follows that
(eG , eH )(g, h) = (eG g, eH h) = (g, h) = (geG , heH ) = (g, h)(eG , eH )
for all (g, h) 2 G ⇥ H. This shows that the element e = (eG , eH ) 2 G ⇥ H is

an identity element for the binary operation on G ⇥ H.
Finally we have to show that every element of G⇥H has an inverse under
the binary operation. So suppose that (g, h) 2 G ⇥ H. Since G is a group,
g has an inverse g 1 in G, and similarly h has an inverse h 1 2 H. Now
(g 1 , h 1 ) 2 G ⇥ H is an inverse of (g, h) since
(g, h)(g 1 , h 1 ) = (gg 1 , hh 1 ) = (eG , eH ) = (g 1 g, h 1 h) = (g 1 , h 1 )(g, h).
We have now shown that G ⇥ H is a group. ⇤
Example 4.11.3 Suppose that m and n are positive integers, and consider
the groups Zm (under addition modulo m) and Zn (under addition modulo
n). We can then form the product group Zm ⇥ Zn . Since Zm has m elements
and Zn has n elements, it follows that Zm ⇥ Zn has mn elements.
4.12. HOMOMORPHISMS 81
For example, if m = 2 and n = 3, then Zm and Zn are precisely the sets

A and B in the example above, so
Z2 ⇥ Z3 = {([0]2 , [0]3 ), ([0]2 , [1]3 ), ([0]2 , [2]3 ), ([1]2 , [0]3 ), ([1]2 , [1]3 ), ([1]2 , [2]3 )}.
The resulting binary operation is given in the table:
([0]2 , [0]3 ) ([0]2 , [1]3 ) ([0]2 , [2]3 ) ([1]2 , [0]3 ) ([1]2 , [1]3 ) ([1]2 , [2]3 )
([0]2 , [0]3 ) ([0]2 , [0]3 ) ([0]2 , [1]3 ) ([0]2 , [2]3 ) ([1]2 , [0]3 ) ([1]2 , [1]3 ) ([1]2 , [2]3 )
([0]2 , [1]3 ) ([0]2 , [1]3 ) ([0]2 , [2]3 ) ([0]2 , [0]3 ) ([1]2 , [1]3 ) ([1]2 , [2]3 ) ([1]2 , [0]3 )
([0]2 , [2]3 ) ([0]2 , [2]3 ) ([0]2 , [0]3 ) ([0]2 , [1]3 ) ([1]2 , [2]3 ) ([1]2 , [0]3 ) ([1]2 , [1]3 )
([1]2 , [0]3 ) ([1]2 , [0]3 ) ([1]2 , [1]3 ) ([1]2 , [2]3 ) ([0]2 , [0]3 ) ([0]2 , [1]3 ) ([0]2 , [2]3 )
([1]2 , [1]3 ) ([1]2 , [1]3 ) ([1]2 , [2]3 ) ([1]2 , [0]3 ) ([0]2 , [1]3 ) ([0]2 , [2]3 ) ([0]2 , [0]3 )
([1]2 , [2]3 ) ([1]2 , [2]3 ) ([1]2 , [0]3 ) ([1]2 , [1]3 ) ([0]2 , [2]3 ) ([0]2 , [0]3 ) ([0]2 , [1]3 ).
Note that the element ([1]2 , [1]3 ) has order 6 since its positive multiples are
2([1]2 , [1]3 ) = ([0]2 , [2]3 ), 3([1]2 , [1]3 ) = ([1]2 , [0]3 ), 4([1]2 , [1]3 ) = ([0]2 , [1]3 ),
5([1]2 , [1]3 ) = ([1]2 , [2]3 ) and finally 6([1]2 , [1]3 ) = ([0]2 , [0]3 ) is the identity.
Therefore Z2 ⇥ Z3 is cyclic.
Consider on the other hand Z2 ⇥ Z4 . This group has 8 elements, but it’s
easy to see that 4(a, b) = (4 · a, 4 · b) = ([0]2 , [0]4 ), so there are no elements
of order 8, i.e., the group is not cyclic.
Example 4.11.4 For another example of a product group, consider R2 =
R ⇥ R (so G = H = R, as a group under addition). The binary operation on
the product is then defined by
(x, y) + (x0 , y 0 ) = (x + x0 , y 0 + y 0 ),
so this is just the usual vector addition on R2 .
Consider also the group
Z ⇥ Z = { (a, b) | a, b 2 Z }.
The operation is defined in the same way as for R ⇥ R; in fact Z ⇥ Z is a
subgroup of R ⇥ R, and can be viewed as the set of points in the plane with
integer coordinates. (In general if G and H are groups, and K is a subgroup
of G and L is a subgroup of H, then K ⇥ L is a subgroup of G ⇥ H.)
4.12 Homomorphisms
Roughly speaking, a homomorphism is a function from one group to another
that is compatible with their algebraic structure. Since more than one group
is involved in defining this notion, it’s helpful at first to have symbols in place
for their binary operations.
Def inition 4.12.1 Let (G, ⇤G ) and (H, ⇤H ) be groups. A function :G!
H is a homomorphism (of groups) if
(g ⇤G g 0 ) = (g) ⇤H (g 0 ) for all g, g 0 2 G.
Note that g and g 0 are elements of the group G (the domain of ), so it makes
sense to apply ⇤G to them. This gives an element g ⇤G g 0 2 G, and as this is
the domain of , we can apply to g ⇤G g 0 to get an element (g ⇤G g 0 ) of
the codomain H. On the other hand, it also makes sense to apply to g and
g 0 , giving elements (g), (g 0 ) 2 H. We can then apply the binary operation
⇤H on H to get an element (g) ⇤H (g 0 ) 2 H. The definition says that is
a homomorphism if for every pair of elements g, g 0 2 G, these two di↵erent
procedures:
• apply ⇤G and then ,
• apply and then ⇤H ,
always give the same element of H. So carries any “product” in G to the

corresponding “product” in H (where here product is refering to the output
of the relevant binary operation). When we drop the symbols for the binary
operations, the criterion for to be a homomorphism is that
(gg 0 ) = (g) (g 0 ).
Example 4.12.2 Let n be a positive integer, and define : Z ! Zn by

(a) = [a]n . To show that is a homomorphism, we need to check that
(a + b) = (a) + (b) for all a, b 2 Z
(where + on the left-hand-side is the usual addition on Z, and + on the

right-hand-side is the addition operation on Zn ). Indeed
(a + b) = [a + b]n = [a]n + [b]n = (a) + (b)
for all a, b 2 Z, where the middle equality is just the definition of the opera-
tion + on Zn .
Example 4.12.3 If H is a subgroup of a group G, then the inclusion func-

tion i : H ! G defined by i(h) = h is a homomorphism, since i(hh0 ) = hh0 .
(Recall the binary operation on a subgroup H is the same as the binary
operation on G.)
Example 4.12.4 The determinant function det : GL2 (R) ! R⇥ is a homo-

morphism since det(AB) = det(A) det(B) for all A, B 2 GL2 (R).
For a non-example of a homomorphism, consider the determinant as a
function from M2 (R) to R. For this to be a homomorphism, we would need
det(A + B) to be the same as det(A) +✓det(B)◆for all A, B✓2 M2 (R),
◆ but
1 0 0 0
this isn’t the case. For instance if A = and B = , then
0 0 0 1
det(A + B) = det(I) = 1, but det(A) = det(B) = 0, so det A + det B =
0 + 0 = 0.
Example 4.12.5 Let exp : R ! R⇥ be the exponential function exp(x) =
ex . Now the binary operation on the domain R is addition, and the binary
operation on the codomian R⇥ is multiplication. Since
exp(x + y) = ex+y = ex ey = exp(x) exp(y) for all x, y 2 R,
we see that exp is a homomorphism.
Example 4.12.6 We will now define a homomorphism from Dn to Sn by
considering the e↵ect of a symmetry on the set of vertices of the regular
n-gon. If 2 Dn , then for each vertex Pi (where 1  i  n), (Pi ) is
also a vertex. So restricting to the set of vertices V = {P1 , P2 , . . . , Pn }
gives a function from V to V , which is still injective, hence is bijective (since
V is finite). Therefore defines a permutation of V . To get an element
f ( ) 2 Sn (the set of permutations of {1, 2, . . . , n}), we replace the vertex
Pi by i; in other words, we let f ( ) = ⌧ , where ⌧ 2 Sn is the permutation
such that (Pi ) = P⌧ (i) for i = 1, 2, . . . , n. We have now defined a function
f : Dn ! Sn . For example if n = 6, then the function f : D6 ! S6 is
described explicitly in the table, where ⇢ is a 60 clockwise rotation and is
the reflection in the axis through P1 (and P4 ):
f( ) f( )
e e (26)(35)
⇢ (123456) ⇢ (16)(25)(34)
⇢2 (135)(246) ⇢2 (15)(24)
⇢3 (14)(25)(36) ⇢3 (14)(23)(56)
⇢4 (153)(264) ⇢4 (13)(46)
⇢5 (165432) ⇢5 (12)(36)(45).
To see that f is a homomorphism, suppose that , 0 2 Dn . Let ⌧ = f ( )
and ⌧ 0 = f ( 0 ). To compute f ( 0 ), we compute 0
(Pi ), which is
( 0 (Pi )) = (P⌧ 0 (i) ) = P⌧ (⌧ 0 (i)) = P⌧ ⌧ 0 (i) .
0
Therefore f ( ) = f ( )f ( 0 ) for all , 0
2 Dn , and f is a homomorphism.
Example 4.12.7 Now fix an integer n and consider the function : Z ! Z

defined by (a) = na, i.e., is multiplication by n. Then is a homomor-
phism since
(a + b) = n(a + b) = na + nb = (a) + (b) for all a, b 2 Z.
Example 4.12.8 Now let G be any group and g an element of G. We define

: Z ! G by (a) = g a . Then is a homomorphism since
(a + b) = g a+b = g a g b = (a) (b) for all a, b 2 Z.
(the middle equality being a consequence of Prop. 4.5.1, the law of exponents
in groups). Note that the preceding example is a special case of this one,
with G = Z and g = n.
Proposition 4.12.9 If : G ! H is a homomorphism of groups, then

1. (eG ) = eH ;
2. (g 1 ) = ( (g)) 1 .
Proof. 1) Since is a homomorphism and eG and eH are the identity ele-

ments in the respective groups, we have
(eG ) (eG ) = (eG eG ) = (eG ) = eH (eG ).
Therefore the Cancellation Law (Prop. 4.4.4) implies that (eG ) = eH .

2) Since is a homomorphism, we have
(g) (g 1 ) = (gg 1 ) = (eG ) = eH
(the last equality by Part 1). Therefore Prop. 4.4.6 implies that (g 1 ) =
( (g)) 1 . (Note that the inverse on the left-hand-side is with respect to the
operation on G, and on the right it is with respect to the operation on H.)
⇤
The parts of the proposition can be viewed as special cases (n = 0 and
n = 1) of the following general property of homomorphisms, for which the
proof is left as an exercise.
Proposition 4.12.10 Suppose : G ! H is a homomorphism of groups.
If g 2 G and n 2 Z, then (g)n = (g n ).
We also note another general property of homomorphisms whose proof
is left as an exercise: the composite of two homomorphisms is a homomor-
phisms.
Proposition 4.12.11 Suppose that G, H and K are groups, and that :

G ! H and : H ! K are homomorphisms. Then : G ! K is a
homomorphism.
We now turn to a special class of homomorphisms:
Def inition 4.12.12 If G and H are groups, then a function : G ! H is

an isomorphism if it is a bijective homomorphism.
Example 4.12.13 Recall that in Example 4.12.6, we defined a homomor-

phism f : Dn ! Sn for all n 3. If 2 Dn , then f ( ) is given by the
correponding permutation of the vertices of the n-gon. This homomorphism
is always injective since is determined by its e↵ect on the vertices, i.e., by
the values of (Pi ) for i = 1, 2, . . . , n. So if f ( ) = f ( 0 ), then (Pi ) = 0 (Pi )
for all i, and this implies that = 0 .
In the case n = 3, the groups D3 and S3 each have 6 elements, so f must
be bijective. Therefore the function f : D3 ! S3 is an isomorphism. With
our usual notation for elements of D3 , we have:
f( ) f( )
e e (23)
⇢ (123) ⇢ (13)
⇢2 (132) ⇢2 (12).
For n > 3, the group Sn has more elements than Dn , so f cannot be an

isomorphism; however f does define an isomorphism to a subgroup of Dn .
Example 4.12.14 Define : R ⇥ R ! C by ((x, y)) = x + iy for x, y 2 R.

Then is bijective because, by definition, every complex number z has a
unique expression in the form z = x + iy with x, y 2 R, so z = ((x, y)) for
a unique (x, y) 2 R ⇥ R. Furthermore is a homomorphism since
((u, v) + (x, y)) = ((u + x, v + y)) = (u + x) + i(v + y)

= (u + iv) + (x + iy) = (u, v) + (x, y).
Therefore is an isomorphism.
On the other hand, consider the function : R⇥ ⇥ R⇥ ! C⇥ de-
fined by ((x, y)) = x + iy. This function is not a homomorphism since
((u, v)(x, y)) = ((ux, vy)) = ux + ivy is not in general the same as
((u, v)) ((x, y)) = (u + iv)(x + iy) = (ux vy) + i(uy + vx). (The function
also fails to be surjective since 1 = 1 + i · 0 is not the value of ((x, y)) for
any x, y 2 R⇥ .)
Example 4.12.15 Consider the groups Z⇥ 8 = {[1]8 , [3]8 , [5]8 , [7]8 } and Z2 ⇥
Z2 = {([0]2 , [0]2 ), ([0]2 , [1]2 ), ([1]2 , [0]2 ), ([1]2 , [1]2 )}. Define : Z⇥ 8 ! Z2 ⇥
Z2 by ([1]8 ) = ([0]2 , [0]2 ), ([3]8 ) = ([0]2 , [1]2 ), ([5]8 ) = ([1]2 , [0]2 ) and
([7]8 ) = ([1]2 , [1]2 ). This is clearly a bijection, and comparing the tables:
[1]8 [3]8 [5]8 [7]8

[1]8 [1]8 [3]8 [5]8 [7]8
[3]8 [3]8 [1]8 [7]8 [5]8
[5]8 [5]8 [7]8 [1]8 [3]8
[7]8 [7]8 [5]8 [3]8 [1]8
and
([0]2 , [0]2 ) ([0]2 , [1]2 ) ([1]2 , [0]2 ) ([1]2 , [1]2 )
([0]2 , [0]2 ) ([0]2 , [0]2 ) ([0]2 , [1]2 ) ([1]2 , [0]2 ) ([1]2 , [1]2 )
([0]2 , [1]2 ) ([0]2 , [1]2 ) ([0]2 , [0]2 ) ([1]2 , [1]2 ) ([1]2 , [0]2 )
([1]2 , [0]2 ) ([1]2 , [0]2 ) ([1]2 , [1]2 ) ([0]2 , [0]2 ) ([0]2 , [1]2 )
([1]2 , [1]2 ) ([1]2 , [1]2 ) ([1]2 , [0]2 ) ([0]2 , [1]1 ) ([0]2 , [0]2 ),
shows that is in fact a homomorphism. (The table for H is gotten from
the table for G by replacing each g by (g).) Therefore is an isomorphism.
We now turn to some general properties of isomorphisms.

Proposition 4.12.16 Suppose that G, H and K are groups, and that :
G ! H and : H ! K are isomorphisms. Then : G ! K is an
isomorphism.
Proof. Recall (Prop. 4.3.4) that the composite of two bijective functions
is bijective, and (Prop. 4.12.11) that the composite of two homomorphisms
is a homomorphism. Therefore the composite of two isomorphisms is an
isomorphism. ⇤
Proposition 4.12.17 Suppose that G and H are groups and : G ! H is

an isomorphism. Let = 1 : H ! G be the inverse function of . Then
is an isomorphism.
Proof. First note that since is an isomorphism, it is bijective, hence has an

inverse function by Prop. 4.3.5. Moreover the inverse function is bijective
(since it too has an inverse function, namely , and Prop. 4.3.5 states that
a function is bijective if and only if it has an inverse function). So we only
need to show that is a homomorphism, i.e., that (hh0 ) = (h) (h0 ) for
all h, h0 2 H. Since = idH , we see that
( (hh0 )) = hh0 = ( (h)) ( (h0 )).

Since is a homomorphism, (gg 0 ) = (g) (g 0 ) for all g, g 0 2 G. Applying

this to g = (h), g 0 = (h0 ) gives
( (h) (h0 )) = ( (h)) ( (h0 )).
we have now shown that
( (hh0 )) = ( (h) (h0 )).
Since is bijective, is in particular injective, so it follows from the preceding

equation that (hh0 ) = (h) (h0 ). Therefore is a bijective homomorphism,
i.e., an isomorphism. ⇤
Recall that a homomorphism from a group G to group H is a function
: G ! H such that
(gg 0 ) = (g) (g 0 ) for all g, g 0 2 G.
For example, the functions
• : Z ! Zn defined by (a) = [a]n (Example 4.12.2),
• : GL2 (R) ! R⇥ defined by (A) = det A (Example 4.12.4),
• : R ! R⇥ defined by (x) = ex (Example 4.12.5),
are all homomorphisms.

An isomorphism is a bijective homomorphisms; for example the functions
f : D3 ! S3 defined in Example 4.12.13 is an isomorphism. So we say that
D3 is isomorphic to S3 .
Def inition 4.12.18 If G and H are groups, then we say G is isomorphic

to H if there is an isomorphism : G ! H.
Note that a group is isomorphic to itself (by the identity function). According
to Prop. 4.12.17 says that G is isomorphic to H if and only if H is isomorphic
to G. Since the order doesn’t matter, we’ll often simply say instead that G
and H are isomorphic. Prop. 4.12.16 says that if G and H are isomorphic
and H and K are isomorphic, then G and K are isomorphic.
Proposition 4.12.19 Suppose that G is a cyclic group.
1. If G has infinite order, then G is isomorphic to Z.
2. If G has order n, then G is isomorphic to Zn .

Proof. Let g be a generator of G, so G = hgi. Then g has the same order

as G (Prop. 4.8.3).
1) If G has infinite order, then we define : Z ! G by (a) = g a as in
Example 4.12.8. Then is a homomorphism (by the Laws of exponents).
The range of is
{ g a | a 2 Z } = hgi = G,
so is surjective. If (a) = (b), then g a = g b , so a = b by Cor. 4.6.3.
Therefore is injective. Therefore is an isomorphism.
2) If G has order n, then we would like to define : Zn ! G by ([a]n ) =
a
g , but we first have to check that this makes sense. We have to check that if
a and b are integers in the same residue class modulo n (so [a]n = [b]n ), then
the formula for the output of gives the same element of G (i.e., g a = g b ).
This is part of Cor 4.6.3, which says in fact that
[a]n = [b]n , ga = gb.
So not only is well-defined, but it is injective. We see also that is surjective

as in part 1. Finally, since
([a]n ) ([b]n ) = g a g b = g a+b = ([a + b]n ) = ([a]n + [b]n )
for all [a]n , [b]n 2 Zn , we see that is a homomorphism, and therefore an

isomorphism. ⇤
We now also have the following corollary of Lagrange’s Theorem:
Corollary 4.12.20 If G is a group of prime order p, then G is isomorphic

to Zp .
Proof. By Cor. 4.10.5, G is cyclic. Therefore by Prop. 4.12.19, G is isomor-

phic to Zp . ⇤
A key point about isomorphisms is that isomorphic groups are essentially
interchangeable; they have exactly the same properties (at least as groups).
We’ll see in a moment how this works in practice for specific properties.
Now we make precise how various properties are shared by isomorphic
groups.
Proposition 4.12.21 Suppose that G and H are isomorphic groups. Then
1. G is abelian if and only if H is abelian;
2. G is cyclic if and only if H is cyclic.

Proof. 1) Let : G ! H be an isomorphism. Suppose that G is abelian.

We wish to show that H is abelian, i.e., hh0 = h0 h for all h, h0 2 H. Since
is surjective, we have h = (g) and h0 = (g 0 ) for some g, g 0 2 G. Since g is
abelian,
gg 0 = g 0 g ) (gg 0 ) = (g 0 g)
) (g) (g 0 ) = (g 0 ) (g) since is a homomorphism)
) hh0 = h0 h.
Therefore H is abelian.
Conversely, if H is abelian, then we use the existence of an isomorphism
: H ! G to deduce that G is abelian.
2) Let : G ! H be an isomorphism and suppose that G = hgi is
cyclic. Then every element of G is of the form g n for some n 2 Z. Since
is surjective, every element of H is of the form (g n ) for some n 2 Z. By
Prop. 4.12.10, (g n ) = (g)n , so every element of H is in h (g)i. Therefore
H = h (g)i is cyclic.
As in Part 1), we see that if H is cyclic, then (using the inverse isomor-
phism ) so is G. ⇤
Example 4.12.22 It follows from the proposition that if G is abelian and
H is not, then G is not isomorphic to H. For example, the groups Z6 and
D3 both have order 6, but Z6 is abelian and D3 is not, so the groups are not
isomorphic.
Example 4.12.23 Similarly we see that if G is cyclic and H is not, then G
and H are not isomorphic. For example, Z4 and Z2 ⇥ Z2 are both abelian
groups of order 4, but Z4 is cyclic and Z2 ⇥ Z2 is not. Therefore these groups
are not isomorphic.
an isomorphism. Then for each g 2 G, the order of g in G is the same as
the order of (g) in H.
Proof. Suppose that g has finite order d, and let h = (g). Then g d = eG ,
so
hd = (g)d = (g d ) = (eG ) = eH
by Prop. 4.12.10. Therefore d is a multiple of the order of h. On the other
hand, = 1 : H ! G is an isomorphism and (h) = g, so the order of g
is a multiple of the order of h. Therefore g and h have the same order.
Since we’ve shown that if either of g or h has finite order, then so does
the other, it also follows that if either has infinite order, then so does the
other. ⇤
Example 4.12.25 Consider the two groups S4 and D12 . Both are non-
abelian groups of order 24, but D12 has an element of order 12 (a 30 rotation)
and S4 does not. Therefore the two groups are not isomorphic.
We now return to general homomorphisms (not necessarily bijective).

Given any homomorphism : G ! H, we shall associate to it a subgroup of
G called the kernel of , and a subgroup of H called the image of . We’ve
already defined the image of ; it’s just the range of , or
(G) = { (g) | g 2 G },
also denoted image( ). This is by definition a subset of H; now we show it

is in fact a subgroup of H.

a homomorphism. Then (G) is a subgroup of H.
Proof. We verify the usual criteria to check that (G) is a subgroup:

1) The identity element is in (G) since eH = (eG ) 2 (G).
2) Suppose that h, h0 2 (G). Then h = (g), h0 = (g 0 ) for some
g, g 0 2 G, so
hh0 = (g) (g 0 ) = (gg 0 ) 2 (G).
3) Suppose that h 2 (G). Then h = (g) for some g 2 G. Therefore
1 1
h = (g) = (g 1 ) 2 (G).
It follows that (G) is a subgroup of H. ⇤

Before giving examples, we define the kernel of a homomorphism.
Def inition 4.12.27 Suppose that : G ! H is a homomorphism of groups.

The kernel of is the following subset of G:
ker( ) = { g 2 G | (g) = eH }.

a homomorphism. Then ker( ) is a subgroup of G.
Proof. Again we verify the usual criteria:

1) The identity element eG is in ker( ) since (eG ) = eH .
2) Suppose that g, g 0 2 ker( ). Then (g) = (g 0 ) = eH , so
(gg 0 ) = (g) (g 0 ) = eH eH = eH .
Therefore gg 0 2 ker( ).
3) Suppose that g 2 ker( ). Then (g) = eH , so
(g 1 ) = (g) 1
= eH1 = eH .
Therefore g 1 2 ker( ).
It follows that ker( ) is a subgroup of G. ⇤
Example 4.12.29 Recall the homomorphism : Z ! Zn defined by (a) =

[a]n from Example 4.12.2. Then is surjective since every element of Zn is
of the form [a]n for some a 2 Z. Therefore the image of is (Z) = Zn .
Now we compute the kernel of . The criterion for an integer a to be
in the kernel is that (a) = [0]n (the identity element of Zn ). Since (a) =
[a]n = [0]n if and only if a is divisible by n, the kernel of is the set of
integers divisible by n; i.e.,
ker( ) = hni ✓ Z.
Example 4.12.30 If : G ! H is an isomorphism, then is surjective, so

(G) = H. And is injective, so
g 2 ker( ) , (g) = eH = (eG ) , g = eG .
Therefore ker( ) = {eG }.
Example 4.12.31 If H is a subgroup of G, then the inclusion function

i : H ! G defined by i(h) = h is a homomorphism (Example 4.12.3), with
(H) = H and ker( ) = {e}.
Example 4.12.32 Recall that the determinant function det : GL2 (R) ! R⇥
is a homomorphism (Example
✓ ◆ 4.12.4). The function
✓ is surjective
◆ since for
x 0 x 0
any x 2 R⇥ , we have 2 GL2 (R) and det = x. Therefore
0 1 0 1
the image of det is R⇥ . The kernel of det is
SL2 (R) = { A 2 GL2 (R) | det A = 1 }.
Example 4.12.33 Let n 2 N and consider the homomorphism : Z ! Z

defined by (a) = na (Example 4.12.7). The image of consists of the
integer multiples of n, so (Z) = hni. On the other hand, the kernel of n
consists of the integers a such that na = 0. Since n 6= 0, this implies that
a = 0, so ker( ) = {0}.
Example 4.12.34 As a final example, suppose that G is a group and g 2 G,

and define : Z ! G by (a) = g a (Example 4.12.8). Then the image of
is
(Z) = { g a | a 2 Z } = hgi.
The kernel of consists of the integers a such that g a = (a) = e. According
to Thm. 4.6.2, we therefore have
ker( ) = hdi
if g has finite order d, and ker( ) = {0} if g has infinite order.

Chapter 5
Rings
5.1 Definition of a ring

Up until now, we’ve mainly been discussing groups. The remaining lectures
will focus on another type of algebraic structure, called a ring. A ring is a set
with two binary operations satisfying certain axioms. We’ve actually already
worked quite a bit with a particular ring, namely the set of integers with
its binary operations of addition and multiplication. The division algorithm,
Thm. 2.1.2, for example, is really about the ring Z, since it involves both of
these binary operations. The set of integers is the “model” for an abstract
ring. The axioms are based on the key properties satisfied by the binary
operations of addition and multiplication on Z.
Def inition 5.1.1 A ring is a set R with binary operations + and ⇤ satis-
fying:
1. (R, +) is an abelian group;
2. the operation ⇤ is associative and has an identity element in R;
3. x ⇤ (y + z) = (x ⇤ y) + (x ⇤ z) and (y + z) ⇤ x = (y ⇤ x) + (z ⇤ x) for all

x, y, z 2 R.
Just as we used (G, ⇤) to denote G with its binary operation ⇤, we will

use (R, +, ⇤) to denote R with its binary operations + and ⇤t. Since the
first operation plays a role analogous to addition in Z, it is often called the
addition operation for the ring R and denoted by +. Similarly the second
operation ⇤ is often called the multiplication on R, but as with the usual
multiplication, the symbol for it is sometimes omitted. Since both operations
are associative, we generally don’t bother to write parentheses to keep track
93
94 CHAPTER 5. RINGS
of the order in which the operation + or ⇤ is performed in a single “sum” or

“product.” Furthermore, it’s understood that multiplications are performed
before additions unless parentheses indicate otherwise, so for example xy + z
means (xy) + z rather than x(y + z).
Note that we demand that + be associative, commutative, have an iden-
tity element and that there be an additive inverse for each element (as (R, +)
has to be an abelian group), but we demand less of the ⇤ operation, just that
it be associative and have an identity element. Note also that the last con-
dition relates the operations + and ⇤. This relation is called the distributive
law, or rather laws, since there are two equations which need to be satisfied
for each x, y and z in R. (We could call one of these laws right distributive
and the other left distributive, but I’ll refrain since it’s not worth remem-
bering which is which.) Of course the two equations are equivalent if ⇤ is
commutative, but we haven’t assumed this.
5.2 Examples of rings

Of course, the set Z with the usual addition and multiplication operations
is a ring. We’ve already seen that (Z, +) is an abelian group, we know that
multiplication is associative and has identity element 1, and the distributive
law holds:
a(b + c) = ab + ac for all a, b, c 2 Z.
Similarly, Q, R and C are all rings with their usual addition and multiplica-
tion operations.
Example 5.2.1 Another example is Zn = {[0]n , [1]n , . . . , [n 1]n }, the set

of residue classes modulo n, with its addition and multiplication operations:
[a]n + [b]n = [a + b]n , [a]n [b]n = [ab]n .
We’ve already seen that (Zn , +) is an abelian group, and that multiplication
is associative (Prop. 3.3.8) with identity element [1]n . In order to conclude
that Zn is a ring, we just have to check that X(Y + Z) = XY + XZ for all
X, Y, Z 2 Zn , i.e., that
[a]n ([b]n + [c]n ) = [a]n [b]n + [c]n for all a, b, c 2 Z.
(Since multiplication on Zn is commutative, the other distributive law (Y +

Z)X = Y X + ZX is equivalent.) For a, b, c 2 Z, we have
[a]n ([b]n + [c]n ) = [a]n [b + c]n = [a(b + c)]n

5.2. EXAMPLES OF RINGS 95
by definition of the operations. On the other hand
[a]n [b]n + [a]n [c]n = [ab]n + [ac]n = [ab + ac]n ,
also by definition. The distributive law for Z states that a(b + c) = ab + ac,
so it follows that
[a]n ([b]n + [c]n ) = [a(b + c)]n = [ab + ac]n = [a]n [b]n + [a]n [c]n .
So Zn is a ring.
Example 5.2.2 Another important example is that of a polynomial ring.

For the moment, let’s just consider polynomials with real coefficients, i.e.,
expressions of the form:
f (x) = am xm + am 1 xm 1
+ · · · + a1 x + a0 ,
where m is a non-negative integer and a0 , a1 , . . . , am are real numbers. The

set of such polynomials is denoted R[x]. Let’s recall the definition of addition
and multiplication of polynomials. Suppose that f (x) is as above and
g(x) = bn xn + bn 1 xn 1
+ · · · + b1 x + b0 , with b0 , b1 , . . . , bn 2 R.
So using summation notation,

m
X n
X
f (x) = ai x i and g(x) = bj x j .
i=0 j=0
To write down the formula for f (x) + g(x), it’s convenient to assume the
leading terms have the same degree, which we can do by writing f (x) as
0xn + 0xn 1
+ · · · + 0xm+1 + am xn m + am 1 xm 1
+ · · · + a1 x + a0 ,
if m < n (i.e., setting an+1 = · · · = am 1 = am = 0), and similarly modifying

the expression for g(x) if n < m. Then we define
n
X
f (x)+g(x) = (ai +bi )xi = (an +bn )xn +(an 1 +bn 1 )x
n 1
+(a1 +b1 )x+(a0 +b0 ),
i=0
an element of R[x] since ai + bi 2 R for i = 0, . . . , n. To define the multipli-

cation operation, we set
m+n
X
f (x)g(x) = d k xk ,
k=0
96 CHAPTER 5. RINGS
where dk is the sum of terms of the form ai bj for which i + j = k, so

k
X
dk = ai b k i
i=0
(where we set ai = 0 if i > m and bj = 0 if j > n). These are just formulas
for the familiar algebraic operations on polynomials, written in a way that
shows the output is again a polynomial. For example if f (x) = x3 + 2x + 1
and g(x) = x2 + 1, then
f (x) + g(x) = x3 + x2 + 2x + 2 and f (x)g(x) = x5 + 3x3 + x2 + 2x + 1.
To see that R[x] with these operations is a ring, we first check that the
operations are associative. So suppose that f (x) and g(x) are as above, and
X̀
h(x) = ck xk . Then
k=0
n
X n
X n
X
i i
(f (x) + g(x)) + h(x) = (ai + bi )x + ci x = ((ai + bi ) + ci )xi
i=0 i=0 i=0
(where we’ve assumed m = n = ` as above), and similarly

n
X
f (x) + (g(x) + h(x)) = (ai + (bi + ci ))xi ,
i=0
These agree since (ai + bi ) + ci = ai + (bi + ci ) for each i, so polynomial

addition is associative. As for multiplication, we have
m+n
! ! m+n+`
X X̀ X
r k
(f (x)g(x))h(x) = dr x ck x = e s xs
r=0 k=0 s=0
where dr is the sum of the ai bj such that i + j = r, and es is the sum of the
dr ck such that r + k = s. Therefore es is the sum of the (ai bj )ck such that
(i + j) + k = s. (Note that we have just used the distributive law for real
numbers to rewrite each term in the sum for es as
dr ck = (a0 br + ai br 1 + · · · + ar b0 )ck = (a0 br )ck + (a1 br 1 )ck + · · · + (ar b0 )ck .)
Similarly the coefficient of xs in f (x)(g(x)h(x)) is the sum of the terms

ai (bj ck ) for which i+(j +k) = s. It follows that for s = 0, 1, . . . , m+n+`, the
coefficients of xs are the same for the two polynomials, so (f (x)g(x))h(x) =
f (x)(g(x)h(x)) and the multiplication operation is associative.
5.2. EXAMPLES OF RINGS 97
Note also that both operations are commutative and have identity ele-
ments. (The identity elements are simply the constant polynomials 0 and
1.) To conclude that (R[x], +) is an abelian group, we just have to note that
each polynomial
f (x) = am xm + am 1 xm 1
+ · · · + a1 x + a0
in R[x] has an additive inverse in R[x], namely
( am )xm + ( am 1 )xm 1
+ · · · + ( a1 )x + ( a0 ).
So the only thing remaining to check in order to conclude that (R[x], +, ·) is

a ring is the distributive law, which is left as an exercise.
Example 5.2.3 In all the preceding examples, the multiplication operation

was commutative, but here is an example where it’s not. Recall that on
M2 (R) we have the binary operations of matrix addition and matrix multipli-
cation. We have already know that (M2 (R), +) is an abelian group,✓and that
◆
1 0
matrix multiplication is associative and has identity element I = .
0 1
Finally we need to check both distributive laws. Suppose then that
✓ ◆ ✓ ◆ ✓ ◆
a1 a2 b1 b2 c1 c2
A= , B= and C =
a3 a4 b3 b4 c3 c4
are elements of M2 (R). Then

✓ ◆✓ ◆
a1 a2 b1 + c 1 b2 + c 2
A(B + C) =
a3 a4 b3 + c 3 b4 + c 4
✓ ◆
a1 (b1 + c1 ) + a2 (b3 + c3 ) a1 (b2 + c2 ) + a2 (b4 + c4 )
=
a3 (b1 + c1 ) + a4 (b3 + c3 ) a3 (b2 + c2 ) + a4 (b4 + c4 )
✓ ◆
a1 b 1 + a1 c 1 + a2 b 3 + a2 c 3 a1 b 2 + a1 c 2 + a2 b 4 + a2 c 4
=
a3 b 1 + a3 c 1 + a4 b 3 + a4 c 3 a3 b 2 + a3 c 2 + a4 b 4 + a4 c 4
✓ ◆ ✓ ◆
a1 b 1 + a2 b 3 a1 b 2 + a2 b 4 a1 c 1 + a2 c 3 a1 c 2 + a2 c 4
= +
a3 b 1 + a4 b 3 a3 b 2 + a4 b 4 a3 c 1 + a4 c 3 a3 c 2 + a4 c 4
= AB + AC,
which proves one of the distributive laws. I’ll leave you to check the proof of
the other, which is very similar.
Now let’s consider some non-examples of rings. Let E denote the set of
even integers under the usual binary operations of addition and multiplica-
tion. Then E is a subgroup of Z under addition, hence is an abelian group.
98 CHAPTER 5. RINGS
The operation · is associative and satisfies the distributive law with respect
to addition, but there is no identity element in E for multiplication, so E is
not a ring.
Here is an example where only the distributive law fails. Consider the set
R with the operations + and •, where + is the usual addition operation and
• is defined by
x • y = x + y + xy = (x 1)(y 1) + 1, for x, y 2 R.
We already know that (R, +) is an abelian group. The operation • is asso-

ciative since
(x • y) • z = (x + y + xy) • z = (x + y + xy) + z + (x + y + xy)z

= x + y + z + xy + xz + yz + xyz,
and
x • (y • z) = x • (y + z + yz) = x + (y + z + yz) + x(y + z + yz)

= x + y + z + xy + xz + yz + xyz.
The operation is also obviously commutative since x • y = y • x, and 0 is an

identity element since x • 0 = 0 • x = 0 + x + 0x = x for all x 2 R. However
the distributive law fails since
x • (y + z) = x + (y + z) + x(y + z) = x + y + z + xy + xz,
which coincides with
(x • y) + (x • z) = x + y + xy + x + z + xz
only if x = 0. So for example 1•(0+0) = 1•0 = 1, but 1•0+1•0 = 1+1 = 2.

Therefore (R, +, •) is not a ring.
5.3 Basic properties of rings

We now establish a few basic properties which hold for all rings since they
can be deduced from the axioms in the definition. When working with an
abstract ring (R, +, ⇤), we will write 0R for the additive identity element, 1R
for the multiplicative identity element, and x for the additive inverse of x.
Proposition 5.3.1 Suppose that (R, +, ⇤) is a ring.

1. 0R ⇤ x = 0R = x ⇤ 0R for all x 2 R.
5.3. BASIC PROPERTIES OF RINGS 99
2. ( x) ⇤ y = xy = x ⇤ ( y) for all x, y 2 R.
Proof. 1) Since 0R is the additive identity element, we know 0R + 0R = 0R .

So by the distributive law,
0R ⇤ x = (0R + 0R ) ⇤ x = (0R ⇤ x) + (0R ⇤ x)
for all x 2 R. Since 0R + (0R ⇤ x) = 0R ⇤ x, we get that
0R + (0R ⇤ x) = (0R ⇤ x) + (0R ⇤ x).
Now since (R, +) is a group, we can apply the cancellation law (Prop. 4.4.4)
to conclude that 0R = 0R ⇤ x. Similarly,
0R + (x ⇤ 0R ) = x ⇤ 0R = x ⇤ (0R + 0R ) = (x ⇤ 0R ) + (x ⇤ 0R ),
so 0R = x ⇤ 0R as well, completing the proof of 1).

2) For all x, y 2 R, we have
(( x) ⇤ y) + (x ⇤ y) = (( x) + x) ⇤ y (by distributivity)
= 0R ⇤ y (by definition of )
= 0R (by Part 1).
Therefore ( x) ⇤ y is the additive inverse of x ⇤ y, i.e., ( x) ⇤ y = xy.

Similarly
(x ⇤ ( y)) + (x ⇤ y) = x ⇤ (( y) + y) = x ⇤ 0R = 0R
shows that ( x) ⇤ y = xy. ⇤

Recall that if G is a group, then for g 2 G and n 2 Z, we defined the
element g n 2 G, called the nth power of g in G. In particular, if n > 0, then
gn = gg · · · g
| {z }
n times.
For groups where the binary operation is being denoted by +, we instead call
it the nth multiple of g and denote it n · g.
In particular, if (R, +, ⇤) is a ring, then (R, +) is a group, so we can speak
of the multiples n · x of an element x 2 R for n 2 Z. We can also define its
powers
xn = x | ⇤ x{z· · · x}
n times,
provided n 0. (We can define x0 = 1, but recall that defining xn for n < 0
requires having multiplicative inverses.)
100 CHAPTER 5. RINGS
Example 5.3.2 Consider for example an element [a]n in the ring Zn . Then
one finds that m · [a]n = [ma]n for m 2 Z, and [a]m
n = [a ]n for m 2 N.
m
Example 5.3.3 The nth power of the element f (x) = x in the polynomial
ring R[x] is, of course, what we’ve been denoting as xn all along.
We’ll refer to the additive version of Prop. 4.5.1 as the law of multiples:
(m · x) + (n · x) = (m + n) · x and m · (n · x) = (mn) · x
for m, n 2 Z, x 2 R. Moreover since (R, +) is abelian, we have (n·x)+(n·y) =

n · (x + y) for n 2 Z, x, y 2 R. The proof of Prop. 4.5.1 applies also apply to
the powers of x, provided m, n 0, giving
xm xn = xm+n and (xm )n = xmn
(but note that we can’t conclude anything about xn y n without assuming that
· is commutative).
We also have the following behavior of the multiples of elements with
respect to multiplication in the ring:
Proposition 5.3.4 If R is a ring, then
(n · x)y = n · (xy) = x(n · y)
for all x, y 2 R and n 2 Z.
The proof is left as an exercise, but let’s look carefully at the meaning of
the equation. Note that (n · x)y is the product of two elements of the ring
R, namely n · x and y; the first of these elements n · x is defined as the nth
multiple of the element x. On the other hand, n · (xy) is the nth multiple of
the element xy, where xy is the product in R of the elements x and y. We
can’t simply apply associativity since · is not the multiplication operation in
R, and indeed the integer n might not even be an element of R. Consider the
case n = 2, which already gives the key idea for how to prove the proposition
in general. The first equality is saying that (x + x)y = (xy) + (xy), which is
of course a consequence of the distributive law.
It is often useful to consider the multiples of the multiplicative identity
element 1R , and there is the following notation for them: If m 2 Z, then
we let mR = m · (1R ) denote the mth multiple of 1R . (Note that for m = 1,
this gives 1R = 1R , and for m = 0, we have that 0 · (1R ) is by definition
the additive identity element 0R , so there is no conflict in notation.) So for
example
5.4. SUBRINGS 101
• for R = Z, we have mR = m;
• for R = Zn , we have mR = m · [1]n = [m]n ;

✓ ◆
m 0
• for R = M2 (R), we have mR = .
0 m
Proposition 5.3.5 Suppose that R is a ring. Then
1. mR x = m · x = xmR for all m 2 Z, x 2 R;
2. mR + nR = (m + n)R and mR nR = (mn)R for all m, n 2 Z;
3. (mR )n = (mn )R for all m 2 Z, n 2 N.
Proof. 1) This is a corollary of Prop. 5.3.4; the proof is left as an exercise.

2) Since mR = m · (1R ) and nR = n · (1R ), the law of multiples shows that
mR + nR = m · (1R ) + n · (1R ) = (m + n) · (1R ) = (m + n)R .
According to Part 1, applied with x = nR , we have
mR · nR = m · (nR ) = m · (n · (1R )) = (mn) · (1R ) = (mn)R
by the law of multiples (and the definitions of nR and (mn)R ).

3) We prove this by induction on n. For n = 1 there is nothing to prove.
If n 1 and (mR )n = (mn )R , it follows that
(mR )n+1 = mR · (mR )n = mR · (mn )R = (mn+1 )R ,
where the last equality is by Part 2) with mn in place of n. ⇤
5.4 Subrings
Recall that a subgroup of a group G is a subset of G which itself is a group
with the same binary operation as on G. There’s a similar notion of a subring
of a ring.
Def inition 5.4.1 Suppose that (R, +, ⇤) is a ring and S is a subset of R.

Then S is a subring of R if S, with the operations + and ⇤, is a ring and
1 S = 1R .
Note the extra technical condition that 1S = 1R in the definition. We didn’t

need this in the definition of a subgroup since it was automatically the case
that the identity elements had to agree (see the discussion before Prop. 4.7.2).
For this reason we don’t need to explicitly require that 0S = 0R (as it follows
from S being a subgroup of R under +).
Example 5.4.2 We have the inclusions
Z ⇢ Q ⇢ R ⇢ C,
where each subset is a subring of all the larger rings.

Note that the set of positive integers N is not a subring of these since N
is not a group under + (it lacks an identity element and inverses). The set of
even integers is not a subring of these since it lacks a multiplicative identity
element.
Another non-example to note is the subset {0} of any of the above rings.
Even though {0} is a ring under + and multiplication, it is not a subring of
Z since its multiplicative identity element is 0, which is di↵erent from the
multiplicative identity element 1 of the ring Z. The extra condition that
1R = 1S rules this out from being considered a subring.
Example 5.4.3 Identifying the real number a 2 R with the constant poly-
nomial f (x) = a, we can view R as a subring of the ring R[x] of Example 5.2.2.
Proposition 5.4.4 Suppose that (R, +, ⇤) is a ring and S ✓ R. Then S is

a subring of R if and only if all of the following hold:
1. 0R 2 S and 1R 2 S;
2. if x, y 2, then x + y 2 S and x ⇤ y 2 S;
3. if x 2 S, then x 2 S.
Proof. Suppose first that S is a subring of R. Then S is a group under +,

so it is a subgroup of (R, +). Therefore by Prop. 4.7.2, we have
• if x, y 2 S, then x + y 2 S;
• 0R 2 S;
• if x 2 S, then x 2 S.
5.4. SUBRINGS 103
The fact that 1R 2 S follows from the definition of a subring, which requires
that 1R = 1S . Finally if x, y 2 S, then since ⇤ is a binary operation on S, we
must have x ⇤ y 2 S. We have now shown that 1), 2) and 3) are all satisfied.
Now suppose that 1), 2) and 3) are satisfied by S, and we will show that
S is a subring. From 2), we know that + and ⇤ define binary operations on
S. Since 0R 2 S (by 1) and x 2 S whenever x 2 S (by 3), we know that S
is a subgroup of (R, +), and so (S, +) is an abelian group. Since R is a ring,
the operation · is associative on R, hence associative on S. Since 1R 2 S, we
have that 1R is the identity element for ⇤ on S. Finally since the distributive
laws hold for the operations + and ⇤ on R, they must hold for the operations
on S as well. Therefore S is a ring under the operations + and ⇤. Since
its multiplicative identity is 1R , we have that 1S = 1R , so S is a subring of
R. ⇤
Example 5.4.5 Consider the subset of diagonal matrices

⇢✓ ◆
a 0
S= a, d 2 R .
0 d
in the ring R = M2 (R) of Example 5.2.3: We verify the conditions 1), 2) and
3) of Prop. 5.4.4. ✓ ◆ ✓ ◆
0 0 1 0
1) The matrices 0R = and 1R = are both in S.
✓ ◆ 0 0 ✓ ◆ 0 1
a 0 a0 0
2) If A = and A0 = are in S, then so is
0 d 0 d0
✓ ◆
0 a + a0 0
A+A = .
0 d + d0
✓ ◆ ✓ ◆
a 0 0 a0 0
3) If A = and A = are in S, then so is
0 d 0 d0
✓ ◆
0 aa0 0
A+A = .
0 dd0
Let’s take note though of a non-example. The subset

⇢✓ ◆
a 0
T = a2R
0 0
✓ ◆
1 0
of R satisfies conditions 2 )and 3), but not 1) since is not in S.
0 1
5.5 Groups of units

Suppose that (R, +, ⇤) is a ring. It is part of the definition of a ring that
(R, +) needs to be a group, but we don’t require that (R, ⇤) be a group.
We require only that ⇤ be associative and have an identity element in R,
but not that every element have an inverse. In fact, since 0R ⇤ x = 0R for all
x 2 R, the additive identity 0R will never have a multiplicative inverse unless
0R = 1R , in which case x = x ⇤ 1R = x ⇤ 0R = 0R for all x 2 R, so R = {0R }
has only one element. So except in that very special case, (R, ⇤) will not be
a group. However, we can still associate a multiplicative group to the ring,
called the group of units of R.
Def inition 5.5.1 Suppose that (R, +, ⇤) is a ring. An element x 2 R is
called a unit in R if x has a multiplicative inverse in R, i.e.,if there exists an
element y 2 R such that
x ⇤ y = 1R = y ⇤ x.
Example 5.5.2 Let R = Zn as in Example 5.2.1, and suppose that [a]n 2
Zn . Then [a]n is a unit in Zn if there is a residue class [b]n 2 Zn such that
[a]n [b]n = [1]n . Since [a]n [b]n = [ab]n , we see that the condition for [a]n to be
a unit in Zn is that
ab ⌘ 1 (mod n) for some b 2 Z.
So by Prop. 4.2.11, [a]n is a unit in Zn if and only if gcd(a, n) = 1, i.e., if and
only
[a]n 2 Z⇥ n = { [a]n 2 Zn | gcd(a, n) = 1 }.
More generally, for any ring R we let R⇥ denote the set of units in R. So
for example, if R = R, then the set of units is R⇥ = {non-zero real numbers}.
In fact, whenever we used the superscript ⇥ before, it was consistent with
the definition just given.
We have seen already that Z⇥ n and R were groups under multiplication
⇥
(Prop. 4.2.13 for Zn ). These are special cases of the more general fact:
⇥
Theorem 5.5.3 Suppose that (R, +, ⇤) is a ring. Then (R⇥ , ⇤) is a group.

Proof. We must first show that ⇤ defines a binary operation on R⇥ , i.e., if
x and x0 are elements of R⇥ , then so is x ⇤ x0 . So we must show that if x
and x0 have multiplicative inverses in R, then so does x · x0 . Let y be the
multiplicative inverse of x and y 0 that of x0 . So x ⇤ y = y ⇤ x = 1R and
x0 ⇤ y 0 = y 0 ⇤ x0 = 1R . Then y 0 ⇤ y is the multiplicative inverse of x ⇤ x0 since
(x ⇤ x0 ) ⇤ (y 0 ⇤ y) = x ⇤ (x0 ⇤ y 0 ) ⇤ y = x ⇤ 1R ⇤ y = x ⇤ y = 1R ,
5.6. TYPES OF RINGS 105
and similarly (y 0 ⇤ y) ⇤ (x ⇤ x0 ) = 1R .
We must now show that R with the binary operation ⇤ satisfies the defi-
nition of a group. First of all, since ⇤ is associative on R, it is also associative
on the subset R⇥ ✓ R. To see that there is an identity element for ⇤ on R⇥ ,
note that 1R 2 R⇥ since 1R has a multiplicative inverse in R, namely 1R .
Finally we have to show that if x 2 R⇥ , then x has an inverse element in R⇥
for ⇤. By the definition of R⇥ , we know that x has an inverse element y 2 R.
We need only show that y 2 R⇥ , i.e., that y has a multiplicative in R, and
indeed it does, namely x. We have now shown that (R⇥ , ⇤) is a group. ⇤
Example 5.5.4 Let R = M2 (R) as in Example 5.2.3. Recall that a matrix

A has a multiplicative inverse in M2 (R) if and only if det A 6= 0. Indeed if
AB = I for some B 2 M2 (R), then
(det A)(det B) = det(AB) = det I = 1,

✓ ◆
a b
so det A 6= 0. Conversely if A = and ad bc 6= 0, then A has
c d
✓ ◆
1 1 d b
A =
ad bc c a
as its multiplicative inverse. Therefore (M2 (R))⇥ = GL2 (R).
Finally we remark that if x 2 R⇥ , then xm is defined as an element of the

group R⇥ for all integers m, not just for positive integers. So for example if
R = Zn for some positive integer n, and a 2 Z is such that gcd(a, n) = 1,
n is defined for all m 2 Z, and in particular [a]n is defined. Note
then [a]m 1
1 1
though that [a ]n is not usually defined since a is not an integer unless
a = ±1. So for example, [3]7 1 = [5]7 .
5.6 Types of rings

Recall that a ring is a set R with associative binary operations + and ⇤ such
that:
• (R, +) is an abelian group,
• ⇤ has an identity element
• and the distributive laws hold.

We saw several examples, the most basic being Z. Some others were R, Zn ,
R[x] and M2 (R), each with their addition and multiplication operations. We
defined the notions of subring and unit group of a ring, and multiples and
(non-negative) powers of elements.
Here is another example of a ring:
Example 5.6.1 Let R = Z ⇥ Z = { (m, n) | m, n 2 Z } with addition and
multiplication defined componentwise, so for (m, n), (m0 , n0 ) 2 R,
(m, n) + (m0 , n0 ) = (m + m0 , n + n0 ) and (m, n)(m0 , n0 ) = (mm0 , nn0 ).
This is an example of a product ring. More generally if R and S are rings,

we can make R ⇥ S a ring by defining the binary operations on the product
componentwise. This is left as an exercise.
We now define some special types of rings. Recall that in the ring axioms
we require the addition operation to be commutative, but the multiplication
operation need not be.
Def inition 5.6.2 We say that a ring (R, +, ⇤) is commutative if the op-
eration ⇤ on R is commutative, i.e.,
x ⇤ y = y ⇤ x for all x, y 2 R.
Most of the examples we’ve considered have been commutative. In particular,

the rings Z, Q, R, C, Zn , Z ⇥ Z and R[x] are commutative. On the other
hand, the matrix ring M2 (R) is not commutative.
Def inition 5.6.3 We say that a ring R is an integral domain (or simply
a domain) if R is commutative, 0R 6= 1R and
x, y 2 R, xy = 0R ) x = 0R or y = 0R .
For example, Z, Q, R, C and R[x] are integral domains. To prove that R[x]
is a domain, suppose that
f (x) = am xm +am 1 xm 1 +· · ·+a1 x+a0 , g(x) = bn xn +bn 1 xn 1 +· · ·+b1 x+b0
are non-zero elements of R[x]. Since some coefficient ai is non-zero, we can

assume that am 6= 0 by removing any leading terms whose coefficient is 0.
Similarly we can assume bn 6= 0. Then the coefficient of xm+n in f (x)g(x) is
am bn , which is non-zero.
The ring Z ⇥ Z (Example 5.6.1) is an example of a ring which is not an
integral domain since (1, 0)(0, 1) = (0, 0).
As for Zn , we have:
5.6. TYPES OF RINGS 107
Proposition 5.6.4 Let n be a positive integer. Then Zn is a domain if and

only if n is prime.
Proof. For n = 1, we have [0]n = [1]n , so Zn is not an integral domain. Nor
is 1 prime, so the proposition holds in this case.
If n > 1 and n is composite, then n = ab for some integers a, b with
1 < a < n and 1 < b < n. So [a]n 6= [0]n and [b]n 6= [0]n , but [a]n [b]n =
[ab]n = [n]n = [0]n , so Zn is not an integral domain, and the proposition
holds in this case as well.
Finally suppose n = p is prime. If [a]p , [b]p 2 Zp and [a]p [b]p = [0]p , then
[ab]p = [0]p , so p|ab. By Prop. 2.5.2, p|a or p|b. Therefore either [a]p = [0]p
or [b]p = [0]p . Note also that [1]p 6= [0]p , so Zp is an integral domain, and the
proposition holds in all cases. ⇤
The nice thing about integral domains is that a cancellation law holds:
Proposition 5.6.5 Suppose that R is an integral domain, x, y, z 2 R and
x 6= 0R . If xy = xz, then y = z.
Proof. If xy = xz, then
0R = xz xz = xy + x( z) = x(y z).
Since R is an integral domain and x 6= 0R , it follows that y z = 0R . Adding
z to both sides of the equation then gives y = z. ⇤
A type of ring even nicer than an integral domain is called a field.
Def inition 5.6.6 A ring R is called a field if R is an integral domain and
every non-zero element of R is a unit (where non-zero means di↵erent from
0R ).
Proposition 5.6.7 Suppose that R is a commutative ring. Then R is a field

if and only if
R⇥ = R \ {0R } = { x 2 R | x 6= 0R }.
Proof. Suppose R is a field (as in Defn. 5.6.6). Then R is an integral domain,

so 0R 6= 1R . Therefore 0R r = 0R never equals 1R , so 0R cannot be a unit.
On the other hand every non-zero element of R is a unit, so R⇥ = R \ {0R }.
Conversely suppose that R⇥ = R \ {0R }. Then every non-zero element
of R is a unit, so we just have to show that R is an integral domain in order
to conclude that R is a field. Since 0R 62 R⇥ and 1 2 R⇥ , we know that
0R 6= 1R . So suppose that xy = 0R , but x 6= 0R . Then x 2 R⇥ , so x has a
multiplicative inverse x 1 2 R, and
y = 1R y = x 1 xy = x 1 0R = 0R .
Recall we assumed R was commutative. Therefore R satsifies all the criteria

in the Def. 5.6.3. ⇤
The fields we’ve met so far are Q, R, C, and Zp for p prime.
5.7 Matrix rings

Let M2 (Z) denote the set of matrices in M2 (R) with integer entries, so
⇢✓ ◆
a b
M2 (Z) = a, b, c, d 2 Z .
c d
Then it’s easy to see that M2 (Z) satisfies the conditions of Prop. 5.4.4, so
is therefore a subring of M2 (R). In fact if R is any ring and n 1, we let
Mn (R) denote the set of n⇥n-matrices with entries in R. We can then define
binary operations on Mn (R) using the usual formulas for matrix addition and
multiplication. Using the subscript ij to denote the entry in the ith row and
j th column, this means that if
0 1 0 1
a11 a12 · · · a1n b11 b12 · · · b1n
B a21 a22 · · · a2n C B b21 b22 · · · b2n C
B C B C
A = B .. .. .. C and B = B .. .. .. C ,
@ . . . A @ . . . A
an1 an2 · · · ann bn1 bn2 · · · bnn
then 0 1
a11 + b11 a12 + b12 · · · a1n + b1n
B a21 + b21 a22 + b22 · · · a2n + b2n C
B C
A+B =B .. .. .. C
@ . . . A
an1 + bn1 an2 + bn2 · · · ann + bnn
and AB is the matrix
0 1
a11 b11 + a12 b21 + · · · + a1n bn1 · · · a11 b1n + a12 b2n + · · · + a1n bnn
B a21 b11 + a22 b21 + · · · + a2n bn1 · · · a21 b1n + a22 b2n + · · · + a2n bnn C
B C
B .. .. C.
@ . . A
an1 b11 + an2 b21 + · · · + ann bn1 · · · an1 b1n + an2 b2n + · · · + ann bnn
In other words, the ij entry of A + B is aij + bij , and the ij-entry of AB is

n
X
aik bkj = ai1 b1j + ai2 b2j + · · · + ain bnj .
k=1
5.7. MATRIX RINGS 109
(Note that since addition on R being associative, we don’t need parentheses

to specify the order in which to perform the addition operations.) We now
check that these operations make Mn (R) a ring, called the ring of n ⇥ n-
matrices over R.
Proposition 5.7.1 If R is a ring, then Mn (R) is a ring under matrix addi-

tion and multiplication.
Proof. We first check that Mn (R) is an abelian group under +. To see that
matrix addition is associative, suppose A, B, C 2 Mn (R) with ij-entries are
aij , bij and cij . Then the ij-entry of (A + B) + C is (aij + bij ) + cij , which
is the same as aij + (bij + cij ) since the operation + is associative on the
original ring R. Therefore the ij-entries of A + (B + C) and (A + B) + C
are the same for all i, j (with 1  i  n, 1  j  n). Similarly we see that
since + is commutative on R, so is matrix addition on Mn (R). There is an
identity element, namely the matrix 0 all of whose entries are 0R . Finally
the additive inverse of A is A, whose ij-entry is aij (the negative of aij
in the ring R). Therefore Mn (R) is an abelian group under matrix addition.
Next we check that matrix multiplication on Mn (R) is associative and
has an identity element. We compute the ij-entry of (AB)C and compare to
that of A(BC). Using sumation notation, we have that the ij-entry of AB
Xn
is rij = aik bkj . Therefore the ij-entry of (AB)C is
k=1
n n n
! n n
!
X X X X X
ri` c`j = aik bk` c`j = (aik bk` )c`j
`=1 `=1 k=1 `=1 k=1
by one of the distributive laws on the original ring R. Similarly, letting sij
denote the ij-entry of BC, we see that the ij-entry of A(BC) is
n n n
! n n
!
X X X X X
aik ekj = aik bk` c`j = aik (bk` c`j )
k=1 k=1 `=1 k=1 `=1
by the other distributive law on R. Since addition on R is commutative,

the double sums don’t depend on the order in which we arrange their n2
terms (with k and ` each running from 1 to n). Since multiplication on R
is associative, we have (aik bk` )c`j = aik (bk` c`j ), so we have exactly the same
terms in the two double sums. This shows that the ij-entries of (AB)C and
A(BC) coincide for all i, j, so (AB)C = A(BC). The identity element is the
matrix 1 whose entries are 1R along the diagonal and 0R otherwise. To check
this, denote the entries of 1 by ij , so ij is 1R or 0R according to whether or

not i = j. Then the ij-entry of 1A is
n
X
ij akj = i1 a1j + i2 a2j + ··· + in anj .
k=1
For k 6= i, we have ik akj = 0R akj = 0R , so the only term in the sum other
than 0R is ii aij = 1R aij = aij . Therefore 1A = A. Similarly we see that
A1 = A, so 1 is an identity element.
Finally we have to check the distributive laws. We compare the ij-entries
of A(B + C) and AB + AC. Let tij denote the ij-entry of B + C. Then the
ij entry of A(B + C) is
ai1 t1j + ai2 t2j + · · · + ain tnj

= ai1 (b1j + c1j ) + ai2 (b2j + c2j ) + · · · + ain (bnj + cnj )
= ai1 b1j + ai1 c1j + ai2 b2j + ai2 c2j ) + · · · + ain bnj + ain cnj
= (ai1 b1j + ai2 b2j + · · · + ain bnj ) + (ai1 c1j + ai2 c2j + · · · + ain cnj ),
where the first equality is from the definition of matrix addition (tkj = bkj +
ckj ), the second by a distributive law on R, and the third by commutativity
of + on R. Since ai1 b1j + ai2 b2j + · · · + ain bnj is the ij-entry of AB and
ai1 c1j +ai2 c2j +· · ·+ain cnj is the ij-entry of AC, we conclude that A(B +C) =
AB + AC. Similarly we find that (A + B)C = AC + BC for all A, B, C 2 R.
⇤
4
Consider
✓ for◆example M✓2 (Z3 ). This
◆ is a ring with 81 = 3 elements. Let
[2] [1] [1] [0]
A= and B = . Let’s compute A + B, AB and BA:
[1] [0] [1] [1]
✓
◆ ✓ ◆
[2] [1] [1] [0]
A+B = +
✓ [1] [0] [1] ◆[1]
[2] + [1] [1] + [0]
=
✓ [1] + [1] ◆ [0] + [1]
[0] [1]
= ,
[2] [1]
✓ ◆✓ ◆
[2] [1] [1] [0]
AB =
✓ [1] [0] [1] [1] ◆
[2][1] + [1][1] [2][0] + [1][1]
= ,
✓ [1][1] + [0][1]
◆ [1][0] + [0][1]
[0] [1]
= ,
[1] [0]
5.8. RING HOMOMORPHISMS 111
✓ ◆✓ ◆
[1] [0] [2] [1]
BA =
✓ [1] [1] [1] [0] ◆
[1][2] + [0][1] [1][1] + [0][0]
=
✓ [1][2] + [1][1]
◆ [1][1] + [1][0]
[2] [1]
= .
[0] [1]
It is an exercise to check that if R is a commutative ring, then the unit group
of M2 (R) is
GL2 (R) = { A 2 M2 (R) | det(A) 2 R⇥ }.
This gives a way of constructing some interesting finite groups. For example,
the above matrices A and B are elements of the group GL2 (Z3 ), which has
order 48.
5.8 Ring homomorphisms

Recall that a homomorphism of groups is a function from one group to an-
other that is compatible with their binary operations (see Definition 4.12.1).
There is an analogous notion of a homomorphism of rings.
Def inition 5.8.1 Suppose that (R, +R , ⇤R ) and (S, +S , ⇤S ) are rings. A
function : R ! S is a homomorphism (of rings) if all of the following
hold:
1. (x +R y) = (x) +S (y) for all x, y 2 R;
2. (x ⇤R y) = (x) ⇤S (y) for all x, y 2 R;
3. (1R ) = 1S .
Condition 1) just says that is a group homomorphism from the abelian

group R (under +R ) to the abelian group S (under +S ). Condition 2) is
the analogous one for the multiplication operations. Recall (Prop. 4.12.9)
that the condition in the definition of a group homomorphism guarantees
that one identity element is sent to the other, so in particular 1) implies
that (0R ) = 0S . On the other hand R and S are not groups under their
multiplication operations, so condition 2) might not imply that (1R ) = 1S .
We require it explicitly by imposing condition 3). The subscripts are included
above to emphasize which binary operations are being applied, but they will
not usually appear in practice (nor will the ⇤).
Example 5.8.2 Define : Z ! Zn by (a) = [a]n . We check that this func-

tion satisfies the three conditions in the definition of a ring homomorphism.
If a and b are any integers, then
(a + b) = [a + b]n = [a]n + [b]n = (a) + (b),
where the middle equality is precisely the definition of the + operation on
Zn . Similarly we see that
(ab) = [ab]n = [a]n [b]n = (a) (b).
Finally (1) = [1]n , which is the multiplicative identity element of Zn . There-
fore is a ring homomorphism.
Example 5.8.3 If R is any ring, then we can define a homomorphism :
Z ! R by (n) = nR = n · 1R (the nth multiple of 1R in R). Then
(m + n) = (m + n) · 1R = m · 1R + n · 1R = (m) + (n),
where the middle equality is by the laws of multiples (i.e., the additive version
of Prop. 4.5.1). We also have
(mn) = (mn) · 1R = m · (n · 1R ),
again by the laws of multiples. Applying Prop. 5.3.4 with m in place of n,
1R in place of x and nR = n · 1R in place of y gives
m · (n · 1R ) = (m · 1R )(n · 1R ) = (m) (n).
Finally (1) = 1R by definition. So is a homomorphism. Example 5.8.2 is
just the special case of this example with R = Zn .
Example 5.8.4 If R is a subring of S, then the inclusion function i : R ! S
defined by i(r) = r is a homomorphism.
Example 5.8.5 If m and n are positive integers and n|m, then we can define
a function : Zm ! Zn by ([a]m ) = [a]n . Note that we have to check that
this function is well-defined. (Recall what this means. An element of Zm is a
residue class, say X. There are infinitely many ways to write X in the form
[a]m where a 2 Z; indeed X = [a]m for any a 2 X. We have to check that
our formula for (X) doesn’t depend on which a we choose.) So suppose
[a]m = [a0 ]m . Then a ⌘ a0 mod m; i.e., m|(a a0 ). We are assuming n|m,
which then implies that n|(a a0 ), so [a]n = [a0 ]n . Therefore is well-defined
(but note we had to assume n|m). Moreover is a homomorphism since:
([a]m + [b]m ) = ([a + b]m ) = [a + b]n = [a]n + [b]n = ([a]m ) + ([b]m )
for all [a]m , [b]m 2 Zm Similarly we find that ([a]m [b]m ) = ([a]m ) ([b]m ).
And ([1]m ) = [1]n by definition, so is a homomorphism.
5.8. RING HOMOMORPHISMS 113
Example 5.8.6 Recall that R[x] denotes the ring of polynomials in the vari-
able x with coefficients in R (Example 5.2.2). If ↵ is any real number, then
we can define a function
v↵ : R[x] ! R
by v↵ (f (x)) = f (↵) which we could call evaluation-at-↵. Then v↵ is a homo-
morphism since
v↵ (f (x) + g(x)) = f (↵) + g(↵) = v↵ (f (x)) + v↵ (g(x)).
Similarly v↵ (f (x)g(x)) = f (↵)g(↵) = v↵ (f (x))v↵ (g(x)). Finally v↵ (1) = 1,

so v↵ is a homomorphism.
Example 5.8.7 Consider the function : R ! R ⇥ R (the product ring)

defined by (x) = (x, 0). Then satisfies conditions a) and b), but not c),
so is not a homomorphism.
Now let’s note a few general properties of homomorphisms.
Proposition 5.8.8 Suppose that : R ! S is a homomorphism of rings.

Then (nR ) = nS for all n 2 Z.
Proof. Recall that nR = n · 1. According to Defn. 5.8.1, is a homomor-

phism of groups (under +) and (1R ) = 1S , so by Prop. 4.12.10 (with additive
notation), we have
(nR ) = (n · 1R ) = n · (1R ) = n · 1S = nS
for all n 2 Z. ⇤
The proof of the following proposition is left as an exercise:
Proposition 5.8.9 If : R ! S and : S ! T are homomorphisms of

rings, then so is : R ! T.
Recall that if R is a ring, then the unit group of R is the group
R⇥ = { r 2 R | rr0 = r0 r = 1R for some r0 2 R }
under the multiplication operation of the ring (See Def. 5.5.1 and Thm. 5.5.3).
Proposition 5.8.10 Suppose that : R ! S is a homomorphism of rings.

Then the restriction of defines a homomorphism of groups from R⇥ to S ⇥ .
(In particular, if r 2 R⇥ , then (r) 2 S ⇥ .)
Proof. If r 2 R⇥ , then there is an element r0 2 R such that rr0 = r0 r = 1R .

Since is a homomorphism, this implies that
(r) (r0 ) = (rr0 ) = (1R ) = 1S .
Similarly (r0 ) (r) = 1S . Therefore (r) has an inverse in S, namely (r0 ),

so (r) 2 R⇥ .
Restricting the domain of to R⇥ therefore defines a function
⇥
: R⇥ ! S ⇥
(i.e., ⇥ is defined by ⇥ (r) = (r) for r 2 R⇥ ). Since is a homomorphism

of rings, (rr0 ) = (r) (r0 ) for all r, r0 2 R. Therefore ⇥
(rr0 ) = ⇥ (r) ⇥ (r0 )
for all r, r0 2 R⇥ . ⇤
Recall that if a homomorphism of groups is bijective, it is called an iso-
morphism (Definition 4.12.12). There’s a similar notion for rings:
Def inition 5.8.11 If R and S are rings, then a function : R ! S is called

an isomorphism (of rings) if is a bijective homomorphism (of rings). In
that case we say R is isomorphic to S.
Example 5.8.12 Let S denote the subring of M2 (R) consisting of the diag-
onal matrices (Example 5.4.5), and let R denote the product ring R ⇥ R (see
Example
✓ ◆5.6.1). Consider the function : R ! S defined by ((x, y)) =
x 0
. We check that is a homomorphism. Let r = (x, y) and
0 y
r0 = (x0 , y 0 ) be elements of R = R ⇥ R. Then 1)
✓ ◆
0 0 0 x + x0 0
(r + r ) = ((x + x , y + y )) = 0
✓ 0 ◆y+ ✓y 0 ◆
x 0 x 0
= + = (r) + (r0 ),
0 y 0 y0
✓◆
0 0 1 0
and similarly 2) (rr ) = (r) (r ). Since 1R = (1, 1) and 1S = , we
0 1
also have 3) (1R ) = 1S . So is a homomorphism. Since it is also obviously
bijective, is an isomorphism.
We’ll have an important example of a ring isomorphism in the next sec-

tion. For now, let’s note some general properties of isomorphisms.
Proposition 5.8.13 Suppose that : R ! S is an isomorphism of rings.

5.9. THE CHINESE REMAINDER THEOREM 115
1
1. The inverse function : S ! R is also an isomorphism of rings.
2. If : S ! T is also an isomorphism of rings, then so is the composite

: R ! T.
The proofs are almost identical to Prop. 4.12.16 and Prop. 4.12.17 and left
as an exercise.
Corollary 5.8.14 If : R ! S is an isomorphism of groups, then its re-

striction R⇥ ! S ⇥ is an isomorphism of groups.
Proof. Let denote the inverse of , a ring isomorphism by Prop. 5.8.13.

According to Prop. 5.8.10, the restrictions of and define group homo-
morphisms from R⇥ to S ⇥ and vice-versa. Denote these ⇥ and ⇥ as in
the proof of Prop. 5.8.10 (so these are the “same” functions as and but
viewed with smaller domain and codomain). Since ( (r)) = r for all r 2 R
and ( (s)) = s for all s 2 S, it follows that ⇥ ( ⇥ (r)) = r for all r 2 R⇥
and ⇥ ( ⇥ (s)) = s for all s 2 S ⇥ . Therefore ⇥ and ⇥ are inverse functions
of each other, so they are bijective, and are therefore isomorphisms. ⇤
Example 5.8.15 Consider the isomorphism : R ! S of Example 5.8.12.

The unit group of R = R ⇥ R is R⇥ = R⇥ ⇥ R⇥ (an exercise). The restriction
of defines an isomorphism from this group to
⇢✓ ◆
⇥ x 0
S = x, y 2 R⇥ .
0 y
5.9 The Chinese Remainder Theorem

Suppose that m and n are positive integers. According to Example 5.8.5,
since m|mn, there is a homomorphism : Zmn ! Zm defined by ([a]mn ) =
[a]m . Similarly, we have the homomorphism 0 : Zmn ! Zn defined by
0
([a]mn ) = [a]n . It follows that the function
: Zmn ! Zm ⇥ Zn defined by ([a]mn ) = ([a]m , [a]n )
is a homomorphism. (In general if : R ! S and 0 : R ! S 0 are homomor-

phisms, then so is the function : R ! S⇥S 0 defined by (r) = ( (r), 0 (r));
this is left as an exercise.) Note that the two rings Zmn and Zm ⇥Zn have the
same number of elements (namely mn), but computing a few examples shows
that |psi may or may not be an isomorphism. For example, if m = n = 2,

then the table of values:
[a]4 ([a]4 )
[0]4 ([0]2 , [0]2 )
[1]4 ([1]2 , [1]2 )
[2]4 ([0]2 , [0]2 )
[3]4 ([1]2 , [1]2 )
shows that is not bijective in this case. On the other hand if m = 2 and
n = 3, then the table
[a]6 ([a]6 )
[0]6 ([0]2 , [0]3 )
[1]6 ([1]2 , [1]3 )
[2]6 ([0]2 , [2]3 )
[3]6 ([1]2 , [0]3 )
[4]6 ([0]2 , [1]3 )
[5]6 ([1]2 , [2]3 )
shows that is bijective in this case. It turns out to depend on whether m
and n are relatively prime.
Theorem 5.9.1 If m and n are relatively prime positive integers, then the
function
: Zmn ! Zm ⇥ Zn
defined by ([a]mn ) = ([a]m , [a]n ) is an isomorphism of rings.
Proof. We already know that is a homomorphism of rings, and that the

two rings have the same number of elements. So it sufiices to prove that
is injective, in which case it must also be surjective, hance an isomorphism.
We have to show that if ([a]mn ) = ([b]mn ), then [a]mn = [b]mn . Now
([a]mn ) = ([b]mn ) means that ([a]m , [a]n ) = ([b]m , [b]n ), which means [a]m =
[b]m and [a]n = [b]n , which means that m|(b a) and n|(b a). Since
gcd(m, n) = 1, it follows from Cor. 2.3.5 that mn|(b a), i.e., that [a]mn =
[b]mn . ⇤
We can view the theorem as a statement about simultaneous solutions of
linear congruences. In this form it is known as the Chinese Remainder
Theorem:
Corollary 5.9.2 Suppose that a, b, m, n 2 Z with m, n > 0. If m and n are

relatively prime, then there are integers x 2 Z which simultaneously satisfy
the congruences
x ⌘ a mod m and x ⌘ b mod n.

Morevoer the solution is uniquely determined modulo mn in the sense that if

x0 satisfies both congruences, then x satisfies both congruences if and only if
x ⌘ x0 mod mn.
Proof. Note that x is a solution of the congruences if and only if [x]m = [a]m
and [x]n = [a]n . So letting : Zmn ! Zm ⇥ Zn be the isomorphism of
Thm. 5.9.1, we see that x is a solution if and only ([x]mn ) = ([x]m , [x]n ) =
([a]m , [b]n ). Since is bijective, there is a unique element [x]mn 2 Zmn such
that ([x]mn ) = ([a]m , [b]n ). ⇤
The Corollary doesn’t say how to find the solution [x]mn in practice. this
is done as follows: Use the Euclidean Algorithm to find r, s 2 Z such that
mr + ns = 1. Note then that
mr ⌘ 0 mod m, mr ⌘ 1 mod n,
ns ⌘ 1 mod n, ns ⌘ 0 mod n.
Therefore letting x0 = b(mr) + a(ns) gives
x0 ⌘ b · 0 + a · 1 ⌘ a modm
and x0 ⌘ b · 1 + a · 0 ⌘ b modn.
Therefore the general solution is x ⌘ bmr + ans mod mn.
Example 5.9.3 Let’s find all simultaneous solutions in Z of the congruences
x ⌘ 121 mod 611 and x ⌘ 86 mod 421.
Applying the Euclidean algorithm gives:
611 = 1 · 421 + 190 26 = 1 · 15 + 11
421 = 2 · 190 + 41 15 = 1 · 11 + 4
190 = 4 · 41 + 26 11 = 2·4+3
41 = 1 · 26 + 15 4 = 1 · 3 + 1.
Therefore
1=4 3 = 4 (11 2 · 4) = 3 · 4 11
= 3(15 11) 11 = 3 · 15 4 · 11
= 3 · 15 4(26 15) = 7 · 15 4 · 26
= 7(41 26) 4 · 26 = 7 · 41 11 · 26
= 7 · 41 11(190 4 · 41) = 51 · 41 11 · 190
= 51(421 2 · 190) 11 · 190 = 51 · 421 113 · 190
= 51 · 421 113 · (611 421) = 164 · 421 113 · 611.
Since 611 · 421 = 257231, the solution is
x ⌘ 121 · 164 · 421 86 · 113 · 611 = 2416626 ⌘ 101547 mod 257231.
Example 5.9.4 Now let’s work another example, but where a little work
is required before applying the above algorithm. We’ll find all simultaneous
solutions of the congruences:
4x ⌘ 23 mod 57 and 22x ⌘ 26 mod 84.
We first find the solutions of the individual congruences. It is easy to spot

that the inverse of [4]57 is [ 14]57 , so the solution of the first congruence is
x⌘ 14 · 23 ⌘ 20 mod 57.
For the second congruence note that gcd(22, 84) = 2, which divides 26, so
there are solutions and the congruence is equivalent to 11x ⌘ 13 mod 42.
The Euclidean Algorithm applies to 11 and 42 yields 1 = 5 · 42 19 · 11, so
the inverse of [11]42 is [ 19]42 , and the solution of the second congruence is
x⌘ 19 · 13 ⌘ 5 mod 42.
So we are reduced to solving
x ⌘ 20 mod 57 and x ⌘ 5 mod 42.
But note that 42 and 57 are not relatively prime; their gcd is 3. Since
57 = 3·19, and 3 and 19 are relatively prime, we can view the first congruence
as equivalent to the pair of congruences
x ⌘ 20 mod 3 and x ⌘ 20 mod 19,
or more simply x ⌘ 2 mod 3 and x ⌘ 1 mod 19. Similarly the second congru-
ence is equivalent to the pair of congruences x ⌘ 2 mod 3 and x ⌘ 5 mod 14.
We are therefore looking for simultaneous solutions of the three congruences
x ⌘ 2 mod 3, x ⌘ 1 mod 19, and x ⌘ 5 mod 14.
We already know that the simultaneous solution of the first two of these
congruences is x ⌘ 20 mod 57. So we are finally reduced to solving the pair
of congruences
x ⌘ 20 mod 57 and x ⌘ 5 mod 14.
Since 1 = 57 4 · 14 and 57 · 14 = 798, the solution is
x ⌘ 5 · 57 20 · 4 · 14 = 835 ⌘ 37 mod 798.

We can also apply Thm. 5.9.1 to derive a formula for the order of Z⇥ n.
The order of this group is denoted '(n). We can view ' as a function from
N to N, called Euler’s '-function. Thus '(n) is the number of integers in
{0, 1, 2, . . . , n 1} which are relatively prime to n. Computing a few values
we find:
n 1 2 3 4 5 6 7 8 9
'(n) 1 1 2 2 4 2 6 4 6.
Recall that if p is prime then Z⇥p = {[0], [1], . . . , [p 1]} has order p 1, so
'(p) = p 1. It is also easy to compute the value of ' for prime powers
pr , with r 1. Indeed the only integers among {0, 1, 2, . . . , pr 1} which
are not relatively prime to pr are precisely thos which are multiples of p, of
which there are exactly pr 1 (namely 0, p, 2p, . . . , pr p). Therefore
'(pr ) = pr pr 1
= (p 1)pr 1 .
For example Z⇥ 9 = {[1], [2], [4], [5], [7], [8]} contains all 9 elements of Z9 except
for the 3 multiples of [3], namely [0], [3] and [6].
To find a general formula, we use the following corollary of Thm. 5.9.1:
Corollary 5.9.5 If m and n are relatively prime, then Z⇥
mn is isomorphic to
Zm ⇥ Zn . In particular, if gcd(m, n) = 1, then '(mn) = '(m)'(n).
⇥ ⇥
Proof. Thm. 5.9.1 gives an isomorphism of rings from Zmn to Zm ⇥ Zn .

Cor. 5.8.14 then shows that Z⇥ mn is isomorphic to (Zm ⇥ Zn ) . According to
⇥
an exercise, this last group is the same as Z⇥

m ⇥ Zn .
⇥
⇤
If n is any integer greater than 1, then by the Fundamental Theorem of
Arithmetic (Thm. 2.5.4) it has a prime factorization
n = pr11 pr22 · · · prkk
where p1 , p2 , . . . , pk are distinct primes and each ri is a positive integer.
Cor. 5.9.5 then shows that
'(n) = '(m)'(prkk )
r
where m = pr11 pr22 · · · pkk 11 . Repeatedly applying Cor. 5.9.5 (i.e., by induction
on k), we conclude that
'(n) = '(pr11 )'(pr22 ) · · · '(prkk )
= (p1 1)pr11 1 (p2 1)pr22 1
· · · (pk 1)prkk 1 .
So for example,
'(2200) = '(23 · 52 · 11) = '(23 )'(52 )'(11) = 22 · 4 · 5 · 10 = 800.
Finally let’s record the following corollary of Lagrange’s Theorem, gener-
alizing Fermat’s Little Theorem.
Corollary 5.9.6 Suppose that n is a positive integer and a is an integer

relatively prime to n. Then
a'(n) ⌘ 1 mod n.
For example, if a is an integer not divisible by 2, 5 or 11, then gcd(a, 2200) =

1, so a800 ⌘ 1 mod 2200.
5.10 Polynomial rings

Let R be any commutative ring. The same construction that defines the
polynomial ring R[x] (Example 5.2.2) can be used to define a commutative
ring R[x], called the polynomial ring over R (in the variable x). Its elements
are expressions of the form
m
X
ai x i = am x m + am 1 x m 1
+ · · · + a1 x + a0 , where a0 , a1 , . . . , am 2 R.
i=0
While the polynomial defines a function from R to R, we don’t view it as

such. Instead we just work purely formally with the algebraic expressions.
We define the addition and multiplication operations exactly as for R[x], and
the proof that R[x] is a ring is exactly the same as in the case R = R.
Example 5.10.1 Taking R = Z, the ring Z[x] can be viewed as the subring
of R[x] consisting of polynomials with integer coefficients. In general, if R is
a subring of S, then R[x] can be identified with a subring of S[x].
Example 5.10.2 We will sometimes consider the example where R = Zn .

The elements of Zn [x] are then expressions of the form
[am ]xm + [am 1 ]xm 1

+ · · · + [a1 ]x + [a0 ],
where a0 , a1 , . . . , am 2 Z and the residue classes are modulo n. Addition and

multiplication operations are performed on these polynomials using arith-
metic modulo n. For example, if n = 4,
f (x) = [2]x2 + [3]x + [1] and g(x) = [2]x + [1],
then
f (x) + g(x) = [2]x2 + [1]x + [2]
and f (x)g(x) = [4]x3 + [8]x2 + [5]x + [1] = [1]x + [1].
5.10. POLYNOMIAL RINGS 121
Example 5.10.3 Consider the example where R itself the polynomial ring
R[x]. Since we’re already using x as a variable in the notation for R[x], we’ll
instead consider the ring R[y] of polynomials over R = R[x] in the variable
y. The elements of R[y] = (R[x])[y] are then polynomials in the variable
y, with coefficients that are themselves polynomials in the variable x. So
Xn
an element of R[y] is an expression of the form pi (x)y i , where for each
i=0
mi
X
i = 0, 1, . . . , n, the coefficient pi (x) 2 R[x] has the form pi (x) = ai,j xj for
j=0
some ai,0 , ai,1 , . . . , ai,mi 2 R. Here mi is the degree of pi (x), but including
higher order terms to pi (x) with coefficient 0, we can assume all the mi
are the same, say m, to simplify notation. So an element of (R[x])[y] is an
expression of the form
m n
! m X n
X X X
j i
f (x, y) = ai,j x y = ai,j xj y i ,
i=0 j=0 i=0 j=0
i.e., a polynomial in the two variables x and y with coefficients in R. There is

no di↵erence between the roles of x and y in the last expression, and simply
write R[x, y] for the ring of such polynomials. More generally, for any ring R
and any integer n 1, we can consider the polynomial ring R[x1 , x2 , . . . , xn ]
over R in n variables.
Recall the definition of the degree of a polynomial.
Def inition 5.10.4 Suppose that R is a ring and f (x) 2 R[x]. We say that
f (x) has degree n, or deg(f (x)) = n, if
f (x) = an xn + an 1 xn 1
+ · · · + a1 x + a0
with an 6= 0R .
So if f (x) is any non-zero polynomial, then deg(f (x)) is a non-negative in-

teger; for example f (x) = x4 + x + 1 2 R[x] has degree 4.
In the case where R itself is a polynomial ring, such as in Example 5.10.3,
the notation should specify the variable in which the degree is considered.
For example, the element
f (x, y) = x2 y 3 + xy 3 x4 y + 3xy 2
= (x2 + x)y 3 + ( x4 + 3x)y 2
= ( y)x4 + y 3 x2 + (y 3 + 3y)x 2
of R[x, y] has degree 3 when viewed as a polynomial in the variable y (with

coefficients in R[x]), so we write degy f (x, y) = 3, but the degree 4 in the
variable x, i.e., degx f (x, y) = 4.
Our convention for handling the polynomial f (x) = 0R is to define its
degree as 1. This is convenient since it’s consistent with formulas like
those in the foollowing proposition.
Proposition 5.10.5 Suppose that R is a commutative ring and f (x), g(x) 2

R[x]. Let m = deg(f (x)) and n = deg(g(x)).
1. deg(f (x) + g(x))  max(m, n), and equality holds if m 6= n;
2. deg(f (x)g(x))  m + n, and equality holds if R is an integral domain.
Proof. First note that if f (x) = 0R , then m = 1 f (x) + g(x) = g(x)

has degree max(m, n) = n (with the obvious convention that 1  n),
and f (x)g(x) has degree m + n = 1 (again with an obvious convention
1 + n = 1). So the formulas hold in this case, and similarly so if
g(x) = 0R .
Now assume that f (x) and g(x) are both non-zero, so
f (x) = am xm + · · · a0 and g(x) = bn xn + · · · b0 .
If m > n, then the leading term of f (x) + g(x) is am xm , so its degree is

m = max(m, n). Similarly if n > m, we find the degree is n = max(m, n).
If n = m, then am + bm may be 0R and the remaining terms of f (x) + g(x)
have lower exponent, so the degree is at most m = max(m, n).
Consider now the degree of
f (x)g(x) = am bn xm+n + (am 1 bn + am bn 1 )xm+n 1

+ · · · + a0 b0 .
If R is an integral domain, then am 6= 0R and bn 6= 0R implies that am bn 6= 0R ,

so the degree of f (x)g(x) is m + n. Without the assumption that R is an
integral domain, we still have that the degree is at most m + n. ⇤
Note that in Example 5.10.2 we had deg(f (x)g(x)) = 1, which is strictly
less than deg(f (x)) + deg(g(x)) = 2 + 1 = 3. (Of course Z4 is not an integral
domain since [2][2] = [0].)
Corollary 5.10.6 Suppose that R is an integral domain. Then
1. R[x] is an integral domain;
2. (R[x])⇥ = R⇥ .
Proof. 1) We have to prove that if f (x) and g(x) are non-zero elements
of R[x], then f (x)g(x) is also not zero. This is immediate from the part
2) of Prop. 5.10.5, since deg(f (x)) 0 and deg(g(x)) 0 implies that
deg(f (x)g(x)) = deg(f (x)) + deg(g(x)) 0.
2) Suppose that f (x) 2 (R[x])⇥ . This means that there is a polyno-
mial g(x) 2 R[x] such that f (x)g(x) = 1R . Note that deg(f (x)) 0 and
deg(g(x)) 0 (since they are non-zero polynomials). Applying part 2) of
Prop. 5.10.5 again gives that
deg(f (x)) + deg(g(x)) = deg(f (x)g(x)) = deg(1R ) = 0,
which is only possible if deg(f (x)) = deg(g(x)) = 0. In other words f (x) = a

and g(x) = b for some a, b 2 R. Since ab = 1R , we in fact have f (x) = a 2
R⇥ . ⇤
Example 5.10.7 Since R is an integral domain (in fact, a field), Cor. 5.10.6
shows that R[x] is an integral domain and (R[x])⇥ = R⇥ . Applying Cor. 5.10.6
again (now with R = R[x]), shows that R[x, y] = R[y] is also an integral do-
main and that (R[x, y])⇥ = (R[x])⇥ = R⇥ . In fact, we see that in general if
R is an integral domain, then so is R[x1 , x2 , . . . , xn ] and its unit group is R⇥
(i.e., the constant poynomials where the constant is in R⇥ ).
Example 5.10.8 Consider the ring Zn [x]. If n is prime, then Zn is an

integral domain (in fact a field), so Prop. 5.10.6 implies that Zn [x] is a domain
and its unit group is Z⇥p . On the other hand if n is composite, then Zn is not
an integral domain and clearly neither is Zn [x]. It may also be the case that
there are units in Zn [x] which are not in Zn . For example, if n = 4 then
([2]x + [1])([2]x + [1]) = [4]x2 + [4]x + [1] = [1],
so [2]x + [1] is a unit in Z4 [x].
We will now focus on the case where R is not just an integral domain, but
a field. Recall this means that every non-zero element of R has a multipicative
inverse; for example R, C and Zp (for p prime) are fields. If R is a field, then
the polynomial ring R[x] turns out to have some nice properties similar to
the ring Z.
Recall that the division algorithm for integers (Thm. 2.1.2) states that if
a 2 Z and b 2 N, then there are unique integers q and r such that
a = bq + r and 0  r < b.
Let’s state it slightly di↵erently to emphasize the analogy with the version
for polynomial rings which we’re about to prove: If a, b 2 Z and b 6= 0, then
there are unique integers q and r such that
a = bq + r and 0  r < |b|.
There is a similar Division Algorithm for polynomial rings, with the role of
the absolute value played by the degree.
Theorem 5.10.9 Suppose that R is a field and f (x), g(x) 2 R[x] with g(x) 6=
0R . Then there are unique polynomials q(x), r(x) 2 R[x] such that
• f (x) = g(x)q(x) + r(x), and
• either r(x) = 0R or deg(r(x)) < deg(g(x)).

Proof. First we prove existence of q(x) and r(x) as in the theorem.
Let us first take care of the case where g(x) = b is a non-zero constant
polynomial. Since R is assumed to be a field, there is an element b 1 2 R,
and we can set q(x) = b 1 f (x) and r(x) = 0R to get f (x) = g(x)q(x) + r(x).
Now suppose that n = deg g(x) > 0. We view g(x) as fixed and prove
the existence of q(x) and r(x) by induction on m = deg f (x). If m < n
(or f (x) = 0R ), then we can take q(x) = 0 and r(x) = f (x). So suppose
that m n and that the existence part of the theorem holds (for our g(x))
with f (x) replaced by any polynomial of degree less than m (including the
zero polynomial). Write f (x) = am xm + am 1 xm 1 + · · · + a0 and g(x) =
bn xn + bn 1 xn 1 + · · · + b0 with am 6= 0R and bn 6= 0R . Then the polynomial
h(x) = f (x) am bn 1 xm n g(x)

= (am xm + am 1 xm 1 + · · · + a0 )
(am xm + am bn 1 bn 1 xn 1 + · · · + am bn 1 b0 )
= (am 1 am bn 1 bn 1 )xm 1 + · · · + (a0 am bn 1 b0 )
has degree at most m 1, so the induction hypothesis implies that there are
polynomials s(x), r(x) 2 R[x] such that
• h(x) = g(x)s(x) + r(x), and
• either r(x) = 0R or deg(r(x)) < deg(g(x)).

Therefore
f (x) = am bn 1 xm n
g(x) + h(x)
= am b n 1 x m n
g(x) + g(x)s(x) + r(x) = g(x)q(x) + r(x)
where q(x) = am bn 1 xm n + s(x). This proves the existence of q(x) and r(x)
as in the theorem.
Now we prove uniqueness. Suppose that
f (x) = g(x)q(x) + r(x) = g(x)s(x) + t(x)
with q(x), r(x), s(x) and t(x) in R[x] and the degrees of r(x) and t(x) being
less than n = deg(g(x)) (including the possibility that r(x) or t(x) be 0R ).
We then have
g(x)(q(x) s(x)) = t(x) r(x),
so if q(x) s(x) is non-zero, then it has some degree k 0, and t(x) r(x)
has degree n+k n. On the other hand, since t(x) and r(x) have degree less
than n, so does t(x) r(x). This contradiction shows that q(x) s(x) = 0R ,
so q(x) = s(x). It follows that t(x) r(x) = 0 as well, so r(x) = t(x). ⇤
You probably already know the “algorithm” for finding q(x) and r(x) by
long division of polynomials, which resembles long division of integers. Let’s
do an example, which also illustrates the idea of the proof: the successive
terms ci xi in the quotient are gotten by dividing the leading of f (x) by that
of g(x), and then replacing f (x) by the polynomial f (x) ci xi which has
lower degree than f (x).
Example 5.10.10 Let f (x) = x5 + 2x3 + x2 + 1 and g(x) = x3 + x in Q[x].

Long division gives
x2 + 0x + 1
3 5 4 3
x + x ) x + 0x + 2x + x2 + 0x + 1
x5 + x3
x3 + x2 + 0x + 1
x3 + 0x2 + x
x2 x + 1.
So q(x) = x2 + 1 and r(x) = x2 x + 1. (Note that this is easy to check by

calculating g(x)q(x) + r(x) and making sure it agrees with f (x).)
Recall that if m, n 2 Z, then we say m divides n (written m|n) if m = nk

for some k 2 Z. There is a similar notion of divisibility for any commutative
ring R:
Def inition 5.10.11 Suppose that R is a ring and r, s 2 R. Then we say r

is divisible by s (in R) if r = st for some t 2 R. If r is divisible by s, we
write s|r.
(If R is not commutative, then there are obvious notions of left divisibility
and right divisibility.)
Example 5.10.12 If R = Z, this is just the familiar definition.
Example 5.10.13 In R = Z8 , we have that [6]|[4] since [4] = [6][2].
Example 5.10.14 The only element of R divisible by 0R is 0R .
Example 5.10.15 If s 2 R⇥ , then every element r 2 R is divisible by s

since r = st with t = s 1 r. In particular if R is a field, then s|r for all
r, s 2 R, unless s = 0R anad r 6= 0R .
Example 5.10.16 We will focus on divisiblity in polynomial rings R[x]

where R is a field. For example, the polynomial x4 1 2 R[x] is divisi-
ble by x2 + 1 since x4 1 = (x2 + 1)(x2 1).
Some basic properties of divisibility, in particular parts 1) and 3) of

Prop. 2.1.1, are valid for any commutative ring. For example, if s|r and
t|s, then r = ss0 and s = tt0 for some s0 , t0 2 R. Therefore r = ss0 = tt0 s0 is
divisible by t. If R is an integral domain, then there is an analogue of part
2) as well for the polynomial ring R[x]. Indeed if g(x)|f (x) and f (x) 6= 0R ,
then Prop. 5.10.5 part 2) shows that deg(g(x))  deg(f (x)).
Recall that if R is a field and f (x) and g(x) are polynomials in R[x] with
g(x) 6= 0R , then the Division Algorithm (Thm. 5.10.9) yields polynomials
q(x), r(x) 2 R[x] such that
• f (x) = g(x)q(x) + r(x), and
• deg(r(x)) < deg(g(x)).
Moreover the polynomials q(x) and r(x) are unique in the sense that they
are the only polynomials in R[x] satisfying these criteria. So if g(x)|f (x),
then we get f (x) = g(x)q(x) and r(x) = 0R . (Recall our convention that
deg(r(x)) = 1.)
Considering the special case where g(x) = x ↵ for some ↵ 2 R, we have
the following corollary of the Division Algorithm.
Corollary 5.10.17 Suppose that R is a field, f (x) 2 R[x] and ↵ 2 R. Then
1. f (x) = (x ↵)q(x) + f (↵) for some q(x) 2 R[x];
2. (x ↵)|f (x) if and only if f (↵) = 0.

Proof. The Division Algorithm applied with g(x) = x ↵ states that there
are polynomials q(x), r(x) 2 R[x] such that f (x) = (x ↵)q(x) + r(x) and
deg(r(x)) < deg(x ↵) = 1, so either r(x) = 0R or deg(r(x)) = 0. In either
case we have r(x) = for some 2 R (i.e., r(x) is a constant polynomial).
Substituting ↵ for x gives
f (↵) = (↵ ↵)q(↵) + = .
this proves part 1). Part 2) follows immediately since
(x ↵)|g(x) , r(x) = 0R , f (↵) = 0.
Example 5.10.18 Consider f (x) = xn + 1 2 R[x]. If n is even, then the

remainder of f (x) on division by x + 1 = x ( 1) is f ( 1) = ( 1)n + 1 = 2,
and f (x) is not divisible by x + 1. On the other hand, if n is odd, then
f ( 1) = ( 1)n + 1 = 0, so f (x) is divisible by x + 1. In fact, if n is odd then
xn + 1 = (x + 1)(xn 1
xn 2
+ ··· x + 1).
Example 5.10.19 Let f (x) = x4 [1] in Z5 [x]. Then f ([1]) = [1]4 [1] = [0],
so f (x)is divisible by x [1]. In fact f ([2]) = [2]4 [1] = [15] = [0], so f (x)
is also divisible by x [2], and by x [3] since f ([3]) = f ([ 2]) = [0], and
by x [4] since f ([4]) = f ([ 1]) = [0].
In fact for any prime p and any [a] 2 Z⇥p , Fermat’s Little Theorem implies
that [a]p 1 [1] = [0], so the polynomial xp 1 [1] is divisible by x [a].
Def inition 5.10.20 Suppose that R is a commutative ring, f (x) 2 R[x]

and ↵ 2 R. We say that ↵ is a root of f (x) if f (↵) = 0R .
Corollary 5.10.21 Suppose that R is a field and f (x) 2 R[x] is a polynomial

of degree n. If f (x) 6= 0R , then f (x) has at most n roots in R.
Proof. We prove the corollary by induction on n. If n = 0, then f (x) = a0

is a non-zero constant polynomial, and therefore has no roots.
Suppose now that n > 0 and that the corollary is true for polynomials of
degree n 1. Suppose that f (x) 2 R[x] is a polynomial of degree n and that
↵ 2 R is a root of f (x). Since f (↵) = 0R , Cor. 5.10.17 implies that f (x) is
divisible by x ↵, i.e., that f (x) = (x ↵)g(x) for some g(x) 2 R[x]. Note
that deg(g(x)) = n 1 since
n = deg(f (x)) = deg((x ↵)g(x)) = deg(x ↵) + deg(g(x)) = 1 + deg(g(x)).

So by the induction hypothesis g(x) has at most n 1 roots.

To complete the proof of the corollary, we will show that if 2 R is a
root of f (x) di↵erent from ↵, then is root of g(x). So suppose that 2 R,
6= ↵ and f ( ) = 0R . Then
0R = f ( ) = ( ↵)g( ),
but ↵ 6= 0R . Since R is a field (and in particular an integral domain), it

follows that g( ) = 0R , so is a root of g(x). ⇤
We will asssume from now on that R is a field.
Example 5.10.22 Suppose that f (x) 2 R[x] has degree 1; i.e., f (x) is lin-
ear. Then f (x) = a1 x + a0 for some a0 , a1 2 R with a0 6= 0. Since R is a
field, a0 2 R⇥ and a0 x + a1 = 0R has a unique solution, namely x = a0 1 a1 ;
thus f (x) has exactly one root.
Example 5.10.23 A polynomial f (x) 2 R[x] can have fewer than n roots
in R (where n = deg(f (x))). In fact it might not have any roots; take for
example, f (x) = x2 + 1 2 R[x]. The polynomial x4 1 2 R[x] has two roots,
namely 1 and 1. Note that either of these polynomials has n roots in C,
since i and i are roots. An example of a polynomial in C[x] with fewer than
n roots is f (x) = x2 ; its only root in C is 0. (There is of course a notion of
a repeated root, of which this is an example.)
Example 5.10.24 If p is prime, then the polynomial f (x) = xp x 2 Zp [x]

has p roots, since by Fermat’s Little Theorem, every element [a] 2 Zp satisfies
f ([a]) = [0].
A polynomial is irreducible if it can’t be written as a product of polyno-

mials of lower degree. (Recall that we are assuming R is a field.)
Def inition 5.10.25 Suppose that f (x) 2 R[x] is a polynomial of degree

n > 0. We say that f (x) is irreducible (in R[x]) if the following holds:
g(x)|f (x) ) deg(g(x)) 2 {0, n};
otherwise we say f (x) is reducible (in R[x]).
Example 5.10.26 A polynomial of degree 1 (i.e., a linear polynomial) is

automomatically irreducible.
Example 5.10.27 A polynomial f (x) 2 R[x] of degree 2 is reducible if and

only if it is divisible by a polynomial g(x) of degree 1. Since g(x) has a root
in R (Example 5.10.22), it follows that if f (x) is reducible then f (x) has a
root in R. Conversely, if f (x) has a root ↵ 2 R, then (x ↵)|f (x), so f (x)
is reducible.
Let’s consider the polynomial f (x) = x2 + 1R 2 R[x] for various fields R.
• If R = R, then f (x) is irreducible.
• If R = C, then f (x) has roots ±i, and f (x) = (x + i)(x i) is reducible.
• If R = Z2 , then f (x) has [1] as a root, so f (x) is reducible. (In fact

f (x) = (x [1])2 and [1] is a repeated root.)
• If R = Z3 , then f (x) is irreducible.
• If R = Z5 , then f (x) has roots [2] and [3] and f (x) = (x [2])(x [3])
is reducible.
Example 5.10.28 Suppose f (x) 2 R[x] is a polynomial of degree 3. Then

f (x) is reducible if and only if f (x) = g(x)h(x) where g(x) and h(x) have
degrees 1 and 2. So just as in Example 5.10.27, we see that f (x) is reducible
if and only if f (x) has a root in R. So for example
f (x) = x3 + x + [1]2 2 Z2 [x]
is irreducible since f ([0]) = f ([1]) = [1]. The polynomial
f (x) = x3 + x + [1]3 2 Z3 [x]
is reducible since f ([1]) = [0].
Example 5.10.29 Suppose f (x) 2 R[x] is a polynomial of degree n > 3. If

f (x) has a root ↵ 2 R, then of course (x ↵)|f (x) by Cor. 5.10.17, so f (x) is
reducible. (So for example, x4 1 is reducible in R[x].) On the other hand,
f (x) can be reducible without having a root. For example,
f (x) = x4 + 3x2 + 2 = (x2 + 1)(x2 + 2)
is reducible in R[x], but it has no root in R.
It turns out that the polynomial ring R[x] (where R is a field) has many
properties in common with the ring Z. There is for example a Euclidean
Algorithm which computes greatest (in degree) common divisors, but we
don’t have time for this.
The notion of an irreducible polynomial f (x) 2 R[x] is similar to that

of a prime number p 2 Z in the sense that neither can be written as a
product of “smaller” factors. To carry the analogy further, we impose a
further condition on f (x) which is in some sense like the requirement that p
be positive.
Def inition 5.10.30 A polynomial f (x) 2 R[x] is monic if
f (x) = xn + an 1 xn 1
+ · · · + a0 ,
i.e., if an = 1R where n = deg(f (x)).
We can then view monic irreducible polynomials in R[x] as playing a role
similar to that of prime numbers in Z. In particular, there is the following
analogue of the Fundamental Theorem of Arithmetic:
Theorem 5.10.31 Suppose that f (x) 2 R[x] is a monic polynomial of pos-
itive degree. Then
f (x) = p1 (x)p2 (x) · · · pk (x)
for some monic irreducible polynomials p1 (x), p2 (x), . . . , pk (x) 2 R[x]. More-
over this expression is unique except for the possibility of permuting the fac-
tors.
We will not give the proof, but it is very similar to the proof of the
Fundamental Theorem of Arithmetic. Instead we close with a few examples:
Example 5.10.32 The polynomial f (x) = x4 1 2 R[x] of Example 5.10.23
has the factorization
f (x) = (x 1)(x + 1)(x2 + 1)
into monic ireducibles in R[x]. The polynomial x4 + 3x2 + 2 2 R[x] of
Example 5.10.29 has factorization (x2 + 1)(x2 + 2).
Example 5.10.33 The polynomial f (x) = x3 + x + [1] 2 Z3 [x] of Exam-
ple 5.10.28 has factorization
f (x) = (x [1])(x2 + x [1]);
note that x2 + x [1] is irreducible in Z3 [x] since it has degree 2 and has no
roots in Z3 .
Example 5.10.34 The polynomial f (x) = xp x 2 Zp [x] of Example 5.10.24
has factorization
f (x) = x(x [1])(x [2]) · · · (x [p 1])
since [0], [1], . . . , [p 1] are all roots of f (x).

Abstract Algebra LN

Uploaded by

Abstract Algebra LN

Uploaded by

Introduction to Abstract Algebra

2016 – 2017 Lecture Notes

Lecturer: Dr Payman Kassaei

1.1 What is abstract algebra?

• The set of symmetries of an equilateral triangle, with the operation of

• The set of integers (or whole numbers) is denoted by Z.

• The set of natural numbers (or positive integers) is denoted by N.

• The set of rational numbers is denoted by Q.

• The set of real numbers is denoted by R.

• The set of complex numbers is denoted by C. (Recall that a complex

You can define a particular set by describing it in words, or by listing

The notation x 2 A means that x is an element of A (for example, 7 2 Z),

1.3 Logic and proofs

proved. We record such a fact as a Proposition. A proposition of particular

• P ) Q means “If P, then Q” (or “P implies Q”). For example, n 2

• P , Q” means “P if and only if Q,” i.e., both of the following hold:

• 8 means “for all.” For example, n2 + 1 2 N8n 2 Z.

• 9 means “there exists.”

I’ll sometimes use symbols such as ) or 8 as shorthand during lectures, but

Changing the sign of m and n if necessary, we may suppose that n 2 N. We

1.4 Mathematical induction

Theorem 1.4.1 Suppose that P (n) is an assertion for each n 2 N. If

1. P (1) is true, and

2. for every integer n > 1, we have

P (1), P (2), . . . , P (n 1) ) P (n),

then P (n) is true for all n 2 N.

Recall that if A and B are sets, a function from A to B is a rule that

• the function f : Z ! Z defined by f (n) = 2n + 1;

• the sine function sin : R ! R;

• the sign function sign : R ! {1, 1} defined by

• f : R ! R defined by f (x) = 1/x, as it is not defined for x = 0;

• g : R ! Z defined by g(x) is the nearest integer to x, since the nearest

Def inition 1.5.1 Suppose that f is a function from A to B. We say f is

For example, the function f : Z ! Z defined by f (n) = 2n + 1 is injective

Def inition 1.5.2 Suppose that f is a function from A to B. We say f is

b2B ) b = f (a) for some a 2 A.

For example, the function sign : R ! {±1} is surjective, but sin : R ! R is

Def inition 1.5.3 Suppose that f is a function from A to B. The set

f (A) = { b 2 B | b = f (a) for some a 2 A } = { f (a) | a 2 A }

is called the range (or image) of f .

Observe the notation: instead of putting an element a of the domain in the

Def inition 1.5.4 A function f : A ! B is bijective if it is both injective

An example of a bijective function if the function f : R ! R defined by

2.1 The Division Algorithm

Proposition 2.1.1 Suppose that a, b, c, d 2 Z and n 2 N.

1. If a|b and b|c, then a|c.

3. If n|a and n|b, then n|(ac + bd).

The following theorem is known as the Division Algorithm1 :

Theorem 2.1.2 Suppose that m 2 Z and n 2 N. Then there exist q, r 2 Z

m0 = q 0 n + r 0 for some q 0 , r0 2 Z with 0  r0 < n.

Since m = n + m0 , we therefore have

where q = q 0 + 1 and r = r0 . Since q, r 2 Z and 0  r = r0 < n, we conclude

If r0 = 0, then we have m = qn + r where q = q 0 and r = 0, so P (m) is

where q = 1 q 0 and r = n r0 . Note that q, r 2 Z and 0  r < n, so

We have to prove that q1 = q2 and r1 = r2 . We first show that r1 = r2 .

2.2 The Euclidean Algorithm

1. g|a and g|b, and

2. if d|a and d|b, then d  g.

For example, gcd(114, 42) = 6 since the (positive) divisors of 42 are 1, 2, 3,

1. g is the least positive integer of the form ax + by with x, y 2 Z;

2. if d|a and d|b, then d|g.

Proof. Let S be the set of positive integers n such that n = ax + by for

We have now written r in the form ax0 + by 0 for some x0 , y 0 2 Z. So if r

2) Since m = ax + by for some x, y 2 Z, it follows that if d|a and d|b,

ri 1 = qi+1 ri + ri+1 with 0  ri+1 < ri .

with r0 > r1 > · · · > rn 1 > rn = 0.

Proposition 2.2.3 If a, b, c, k 2 Z with b 6= 0 and a = kb+c, then gcd(a, b) =

2.3 Relatively prime integers

Proof. By Thm. 2.2.2, g = ax + by for some x, y 2 Z, so 1 = a

Corollary 2.3.5 Suppose that a, b, c 2 Z with a and b relatively prime. If

2.4 Linear Diophantine equations

where a, b, c 2 Z and we regard x and y as variables taking only integer

Proof. Suppose first that ax + by = c has a solution with x, y 2 Z. Let

c = gk = (am + bn)k = a(mk) + (nk).

114 · 330 + 42 · ( 880) = 660,

so x = 330, y = 880 is a solution.