of 47/47
Rajat Mittal * Lecture notes: Abstract algebra April 20, 2015 Springer * Thanks to the book from Dummit and Foote and the book from Norman Biggs. IIT Kanpur
• date post

18-Aug-2015
• Category

## Documents

• view

236

0

TAGS:

Embed Size (px)

description

CS203b @ iitk

### Transcript of Rajat Mittal CS203b

xA1[G(x)[=1[G[

xA[Gx[.Lets concentrate on the summation. The total summation is equal to the number of pairs (g G, x A),s.t., g(x) =x. Supposewemakeamatrixwithrowsindexedbyelementsof GandcolumnsindexedbyelementsofA.Theentry(g, x)isoneifg(x) = xand0otherwise.x1x2x|A|g10 1 1g20 0 1...............g|G|1 0 0Then

x[G(x)[ is thenumber of 1s inthematrixabove. Eachterminthesummation, [Gx[ is thenumberof1sinthecolumncorrespondingtox. Wecancountthenumberof1sinthematrixbytakingthesumrow-wisetoo.Suppose,S(g)issetofelementsofAxedbyg.S(g) = x : g(x) = x, x A.UsingS(g)wegettheorbit-counting(Burnsides)lemma.Lemma4.14. Burnsides lemma (Orbit-counting): Given a group action of G over A. The number of distinctorbitscanbewrittenas,Numberofdistinctorbits =1[G[

gG[S(g)[.Note4.15. ThesummationisnowoverGinsteadofA.Onenatural questionyoumightaskis, Howdidthisbenetus?Previouslyweweresummingoverallpossible x A and now we are summing up over all g G. The reason is, in general, the size G will be muchsmallerthansizeofA.Lets lookat anexample where Orbit-countinglemmawill helpus inansweringthe questionaboutnecklaces.Trytosolvethisexerciseyourselfrstandlateryoucanlookatthesolutiongivenbelow.Exercise4.16. Howmanynecklacescanbeformedwith2blackand6whitebeads?Arrangethebeads onthevertices of aregular 8-gon. Sincethenecklaces areobtainedbyxingthepositionof2blackbeads,thereare28elementsinA.ThesymmetrygroupisD16with16elements.FordierentelementsofGwecancalculatethenumberofelementsxedbyit. Identitye:Fixes28elements. Outof7otherrotations,onlyoneofthemxes4elements.Whatistheangleofthatrotation?Restdonotxanything. All reections x exactly 4 elements. It is easy to see by looking at the cycle structure of the permutation.Allbeadsofthesamecolorshouldfallinthesamecycle.22SobyOrbit-countinglemma,Numberofdistinctorbits =116(28 + 4 + 8 4) = 4.Exercise4.17. Whatarethefourcongurations?Canyoucharacterizethem?For other examples of application of Burnsides lemma, please look at section 21.4 of Norman Biggs book.ThereisaniceexampleinPeterCameronsnotesonGroupTheorytoo(section1.3).4.3Grouprepresentations(advanced)We looked at the permutation representation of every group. There is a matrix representation of every grouptoo. The study of that representation is called the group representation theory. Group representation theoryisoneofthemaintoolstounderstandthestructureofagroup.Wewillonlygiveaverybasicideaofthiseld.InterestedstudentscanlookatbookAlgebrabyArtin.DeneGLntobethegroupofinvertiblematricesofsizen nwithcomplexentries.Wecanalsothinkofthesematricesaslinearoperatorsover Cn.A linear representation (matrix representation) is a homomorphism from group G to the group GLn(sayR: G GLn). Thatmeans, wemapeveryelementof groupGtoaninvertiblematrix, s.t., itobeysthegroupcomposition,R(gh) = R(g)R(h).Ifthereisasubspaceof Cnwhichisxedbyeverygroupelement,thentherepresentationisreducible.Inotherwords, foranirreduciblerepresentation, thereisNOsubspacewhichisxedbyeveryelementofgroupG.Exercise4.18. Whatdoesitmeanthatthesubspaceisxed?Itcanbeshownthateveryrepresentationcanbebrokendownintoirreduciblerepresentations.Anotherquantityofinterestisthecharacter.Thecharacteroftherepresentationisafunction : G Cdenedby(g) = trace(R(g)).Thecharacters of irreduciblerepresentations areorthonormal toeachother andsatisfyvarious otherniceproperties.Manytheoremsingrouptheoryarederivedbystudyingthecharactersofthegroup.Again,interestedstudentscanndmoreinformationinthebookAlgebrabyArtin.4.4AssignmentExercise4.19. Showthatactionofdihedralgrouponthesetofnecklacesisagroupaction.Exercise4.20. ShowthatGisisomorphictoasubgroupofS|A|. RememberthatSnisthegroupofper-mutationsof[n].Hint: Firstshowthatactionof gonAisapermutationandthenusetheconsistencyof groupactionwiththegroupcomposition.Exercise4.21. Suppose we want to nd the number of necklaces with m black and n white beads. What isthesizeofGandwhatisthesizeofAintermsofm, n?Exercise4.22. Provethattheaveragenumberof elementsxedbyanelementof groupGundergroupactionisaninteger.Exercise4.23. ProvethatGLnisagroup.Whatcompositionruledidyouuse?23Exercise4.24. Biggs: Let G be a group of permutations of set A. If u, vare two elements in the same orbitofG,showthat [Gu[ = [Gv[.Exercise4.25. Biggs: Let A denote the set of corners of the cube and let G denote the group of permutationsofAwhichcorrespondtorotationofthecube.Showthat, Ghasjustoneorbit. Foranycornerx, [Gx[ = 3. [G[ = 24Exercise4.26. Biggs: Supposeyoumanufactureanidentitycardbypunchingtwoholesinan33grid.Howmanydistinctcardscanyouproduce.Lookattheguregivenbelow.Fig. 4.3. Dierentidentitycardswithcirclesshowingtheholes.Hint:ThegrouptoconsiderhereisD8.245QuotientgroupWehaveseenthatthecosetsof asubgrouppartitiontheentiregroupintodisjointparts. EveryparthasthesamesizeandhenceLagrangestheoremfollows. If youarenotcomfortablewithcosetsorLagrangestheorem,pleaserefertoearliernotesandrefreshtheseconcepts.So we have information about the size of the cosets and the number of them. But we lack the understandingof their structure andrelations betweenthem. Inthis lecture, the concept of normal subgroups will beintroducedandwewillformagroupofcosetsthemselves!!5.1NormalsubgroupSuppose we are given two elements g, n from a group G. The conjugateof n by gis the group element gng1.Exercise5.1. Whenistheconjugateofnequaltoitself?Clearlytheconjugateofnbygisnitselfinandgcommute.WecansimilarlydenetheconjugateofasetN Gbyg,gNg1:= gng1: n N.Denition5.2. Normal subgroup:AsubgroupNofGisnormalifforeveryelementginG,theconjugateofNisNitself.gNg1= N g G.Wenoticedthatgng1= nig, ncommutewitheachother.Exercise5.3. WhenisgNg1= N?InthiscasetheleftandrightcosetsarethesameforanyelementgwithrespecttosubgroupN.Hence,asubgroupisnormalifitsleftandrightcosetscoincide.Exercise5.4. Show that following are equivalent. So you need to show that each of them applies any other.1. Nisanormalsubgroup.2. ThesetS= g: gN= NgisGitself.3. Forallelementsg G,gNg1 N.Hint:Insteadofshowingall2

32

implications,youcanshow1) 2) 3) 1.5.2QuotientgroupWehaveintroducedtheconcept of normal subgroupswithout reallyemphasizingwhyit isdened. Letsmovetoouroriginalquestion.Whatcanbesaidaboutthesetofcosets,dotheyformagroup?SupposeGisagroupandHisasubgroup.DenotebyS,thesetofcosetsofGwithrespecttoH.ForStobeagroupitneedsalawofcomposition.Themostnaturalcompositionrulewhichcomestomindis,(gH)(kH) = (gk)H.HeregHandkHrepresenttwodierentcosets. Theproblemwiththisdenitionisthatitmightnotbewell-dened. Itmighthappenthatg

gHandk

kHwhenmultipliedgiveatotallydierentcoset(g

k

)Hthen(gk)H.Exercise5.5. Showthatthisoperationiswell-denedforcommutative(abelian)groups.Whataboutthegeneralgroups?Herecomesthenormalsubgrouptotherescue.Theorem5.6. SupposeGisagroupandHisitssubgroup,theoperation,(gH)(kH) = (gk)H,iswell denedifandonlyifHisanormal subgroup.Note5.7. Everysubgroupofacommutativegroupisnormal.Proof. ): Weneedtoshowthatiftheoperationiswell denedthenghg1Hforeveryg G, h H.ConsiderthemultiplicationofHwithg1H.Sincee, h H,weknoweH= hH.Sincethemultiplicationiswelldened,(eg1)H= (eH)(g1H) = (hH)(g1H) = (hg1)H g1H= (hg1)H.Againusingthefactthate H, hg1g1H. Thisimplieshg1=g1h

ghg1=h

forsomeh

H.):SupposeNisanormalsubgroup.Giveng

= gnandk

= kn

,whereg, g

, k, k

Gandn, n

N,weneedtoshowthat(gk)N= (g

k

)N.(g

k

)N= (gnkn

)N.Exercise5.8. Showthatthereexistm N,s.t.,nk = km.Hencecompletetheproof. .Withthiscompositionrulewecaneasilyprovethatthesetofcosetsformagroup(exercise).Denition5.9. GivenagroupGandanormal subgroupN, thegroupof cosetsformedisknownasthequotientgroupandisdenotedbyGN.UsingLagrangestheorem,Theorem5.10. GivenagroupGandanormal subgroupN,[G[ = [N[[GN[265.3RelationshipbetweenquotientgroupandhomomorphismsLetusrevisittheconceptof homomorphismsbetweengroups. ThehomomorphismbetweentwogroupsGandHisamapping : G Hthatpreservescomposition.(gg

) = (g)(g

)Foreveryhomomorphismwecandenetwoimportantsets. Image:ThesetofallelementshofH,s.t.,thereexistsg Gforwhich(g) = h.Img() = h H: g G (g) = hGenerally,youcanrestrictyourattentiontoImg()insteadoftheentireH. Kernel:ThesetofallelementsofGwhicharemappedtoidentityinH.Ker() = g G : (G) = eHNoticehowwehaveusedthesubscripttodierentiatebetweentheidentityofGandH.Note5.11. Img()isasubsetofHandKer()isasubsetofG.Exercise5.12. ProvethatImg()andKer(phi)formagroupundercompositionwithrespecttoHandGrespectively.Exercise5.13. ShowthatKer()isanormalsubgroup.Thereisabeautiful relationbetweenthequotientgroupsandhomomorphisms. WeknowthatKer()is the set of elements of Gwhichmaptoidentity. What dothe cosets of Ker() represent. Lets taketwoelementsg, hof acosetgKer(). Henceh=gkwhere(k)=eH. Thenbythecompositionruleofhomomorphism(g) = (h).Exercise5.14. Provethat(g) =(h)if andonlyif gandhbelongtothesamecosetwithrespecttoKer().ThesetofelementsofGwhichmaptothesameelementinHarecalledthebersof. ThepreviousexercisetellusthatbersareessentiallythecosetswithrespecttoKer()(thequotientgroup).The bers are mapped to some element in Img() by . Hence there is a one to one relationship betweenthequotientgroupGKer()andImg().Actuallytherelationismuchstronger.It is an easy exercise to show that the mapping between quotient groupGKer()and Img() is an isomor-phism.Exercise5.15. Provethattheabovemappingisanisomorphism.AgainapplyingtheLagrangestheorem,[G[ = [Ker()[[Img()[.The gure 5.11 depict that every element of quotient group is mapped to one element of image of . Nowweknowthatthismappingiswell-behavedwithrespecttocompositiontoo.((gKer())(hKer())) = (gKer())(hKer())Thereisanabuseofnotationwhichhighlightsthemainpointalso.Thenotation(gKer())representsthe value of onanyelement of gKer(). We knowthat theyall give the same value. The studyofhomomorphism is basically the study of quotient group. The study of quotient group can be done by choosingarepresentativeforeverycosetanddoingthecomputationoverit(insteadofthecosets).WehaveshownthatKer()isnormal.ItcanalsobeshownthatanynormalsubgroupNisakernelofsomehomomorphism(exercise).27GHThe rectangles are the cosetsFor a homomorphism from G to HFig. 5.1. Relationshipbetweenthequotientgroupandtheimageofhomomorphism5.4AssignmentExercise5.16. GivenasubgroupHof G, twoelementsx, y Garerelated(x y)if x1y H. Provethatthisrelationisanequivalencerelation.Whataretheequivalenceclassesofthisrelation?Exercise5.17. GivenagroupGandanormal subgroupN. Saythe set of cosets is calledSandhascompositionoperation(gH)(kH) = (gk)H.Showthat, Identityexistsinthisset. Inversesexistinthisset. Associativityissatised.SinceClosureisobviouswegetthatSisagroupwithrespecttotheabovementionedcompositionrule.Exercise5.18. Given a group G and a subgroup Nas a set. Write a program to nd if Nis normal or not.Assumethatyouaregivenafunctionmult(x, y), whichcancomputethebinaryoperationofthegroupGbetweenanytwoelementsx, yofG.Exercise5.19. WhatisthequotientgroupofD2nwithrespecttothesubgroupgeneratedbyreection?Exercise5.20. SupposeGisanabeliangroupandHisasubgroup.ShowthatGHisabelian.Exercise5.21. GivenNisanormalsubgroup,provethatgk(N) = (gN)k.Exercise5.22. SupposeNisnormalinG,showthatforasubgroupH,H NisanormalsubgroupinH.Exercise5.23. ShowthatasubgroupNisnormal inGiitisthekernel ofahomomorphismfromGtosomegroupH.286RingsWe have shownthat Znis agroupunder additionandZ+nis agroupunder multiplication(set of allnumbersco-primetoninZn). Till now, thetwooperations+and havebeentreateddierently. Butfromourexperiencewithintegersandevenmatrices,theseoperationssatisfypropertieslikedistribution(a(b +c) = ab +ac).Hence,aftersuccess indening anabstractstructure withone operation (group),now we dene anotherabstractstructurewith2operations. Therstquestionis, whatshouldbethedeningpropertiesof thisnewabstractstructure.WewillbeinspiredbyintegersagainanddenetheconceptofRings.6.1RingsConsidertwooperations+and inasetR.Denition6.1. ThesetRwiththetwooperations+and isaring,if, Risacommutativegroupunder+. Risassociative,closedandhasanidentitywithrespecttotheoperation . Thetwooperations+and followthedistributivelaw,i.e.,a (b +c) = a b +a cand(a +b) c = a c +b c.Note6.2. We will always assume that the multiplicative identityis dierent fromadditive identity. Theadditiveidentitywillbedenotedby0andmultiplicativeidentityby1.Forbrevity,wewilldenoteabasab.Exercise6.3. Arethetwoconditionsunderthedistributivelawsame?Exercise6.4. Whydidweassumecommutativityunderadditionforaring?Therearemanyexamplesofrings,manyofthesesetswehaveencounteredbefore. Thesets Z,Q,R,Careringswithadditionandmultiplication. Thesetofintegersmodulom, Zm,isaringwithadditionandmultiplication. Thesetof2 2matriceswithintegerentriesisaring.ActuallyifRisaringthensetof2 2matriceswithentriesinRisalsoaring.Another ring which willbe of our particular interest is the ring of polynomials. The set R[x] is the setofallpolynomialswithcoecientsfromringR.IfthemultiplicationinRiscommutativethenR[x]isalsoacommutativering.Note6.5. The addition and multiplication of polynomials is dened in the same way as in regular polynomials.Exercise6.6. CheckthatyoucandenetheseoperationsonpolynomialswithentriesfromaringR.Whydoweneedthatmultiplicationiscommutativeintheoriginalring?Hencewehavepolynomialrings Z[x], Q[x], R[x], C[x]havingcommutativemultiplication.6.1.1UnitsofaringThe ring is not a group with respect to multiplication. That is because inverses need not exist in a ring (e.g.,integers).Theelementsofringswhichhaveinversesinsidetheringwithrespecttomultiplicationarecalledunitsorinvertibleelements.Thesetofunitsfor Zarejust 1.Exercise6.7. Provethatthesetofunitsformagroupundermultiplication.6.1.2CharacteristicofaringRingshavetwoidentitieseande+(wewilldenotethemby1and0respectively).Foraringanimportantcriteriaistheadditivegroupgeneratedby1.Theelementsofthatgroupare1,1 + 1,1 + 1 + 1andsoon.Thesmallestnumberoftimesweneedtosum1toget0iscalledthecharacteristicofthering.Forsomecases,likereals,thesumneverreachestheadditiveidentity0.Inthesecaseswesaythatthecharacteristiciszero.Exercise6.8. Provethat1 0 = 0inaring.6.1.3HomomorphismforaringWehavealreadydenedthehomomorphismforagroup. Howshouldwedenethehomomorphismforaring?Exercise6.9. Try to come up with a denition of ring homomorphism. Remember that the mapping shouldbewellbehavedwithrespecttoboththeoperators.Whennotclearfromthecontext,wespecifyifitisagrouphomomorphismoraringisomorphism.Wecandenethekernel ofahomomorphism : R SfromaringRtoringSasthesetofelementsofRwhichmaptotheadditiveidentity0ofS.Abijectivehomomorphismiscalledanisomorphism.Weshowedinpreviouslecturesthatthekernel ofagrouphomomorphismisanormal subgroup. Whataboutthekernelofaringhomomorphism?Forthis,theconceptofidealswillbedened.6.1.4IdealTheringRisagroupunderaddition.AsubgroupIofRunderadditioniscalledanideal ifx I, r R : xr, rx IForexample,thesetofallelementsdivisiblebynisanidealin Z.Exercise6.10. ShowthatnZisanidealof Z.Idealissimilartothenormalsubgroup,butbelongstoaring.SupposeIisanideal.ThenwecandenethesetofcosetsofIwithrespecttoRasRI .Wedenotetheelementsofthesetbyr +I.WeknowthatRIisagroup(why?),butitcanbeshownthatitisaringunderthefollowingoperationstoo.(r +I) + (S +I) = (r +s) +I (r +I) (s +I) = (rs) +I30Exercise6.11. Showthatthekernelofaringhomomorphismisanideal.Kernel ofaanyringhomomorphismisanideal andeveryideal canbeviewedthisway. Wecandenequotientringusingidealsaswedenedquotientgroupusingnormalsubgroup.Itturnsout,Theorem6.12. Givenahomomorphism : R S,RKer()= Img()Given a set S I, we can always come up with the ideal generated by the set. Suppose the multiplicationiscommutative,thenI= r1x1 +r2x2 + +rnxn: i ri R, xi S,istheidealgeneratedbyS.Exercise6.13. Provethatitisanideal.6.2ChineseremaindertheoremOneofthemostimportantwaystocreateabigringusingtwosmallringsiscalleddirectproduct.SupposethetwogivenringsareRandS. ThedirectproductT=RSisaringwithrstelementfromRandsecondelementfromS.T= (r, s) : r Rands SThetwobinaryoperationsinringTaredenedbytakingtheoperationscomponent-wiseinRandS.(r1, s1) + (r2, s2) = (r1 +r2, s1 +s2)and(r1, s1)(r2, s2) = (r1r2, s1s2)ThemotivationforChineseremaindertheoremistobreakthering Zmintosmallerparts(ringsmodulosmallernumbers).Exercise6.14. Comeupwithanisomorphismbetween Z6and Z2 Z3.Itmightseemthatwecanbreak Zmnto Zm Zn.Exercise6.15. Showthatthereisnoisomorphismbetween Z4and Z2 Z2.Itturnsout, inthelastexercise, 2and3beingco-primetoeachotherisimportant. Weneedtodenewhentwoidealsareco-primetoeachother.Denition6.16. TheidealsAandBaresaidtobecomaximal ifA + B= R.HereA + B= a + b : a Aandb B.Thedenitionofcomaximalbasicallysaysthatthereexistx Aandy B,s.t.,x +y= 1.Note6.17. SimilarlywecandeneABtobetheidealwithnitesumsofkindabwherea Aandb B.Exercise6.18. NoticethatS= ab : a A, b Bneednotbeanideal.ShowthatABasdenedaboveisanideal.Exercise6.19. IfA1, A2, , AkarepairwisecomaximalthenshowthatA1andA2 Akarecomaximaltoo.Withall thesedenitions(directproduct, comaximal)wearereadytostatetheChineseremainderingtheorem.Wewillassumethattheringiscommutative.31Theorem6.20. Chineseremainder theorem(CRT): Let A1, A2, , Akbeideals inringR. Thenaturalmapwhichtakesr Rto(r +A1, r +A2, , r +Ak) RA1

RA2 RAkisaringhomomorphism.IfallpairsAi, Ajarecomaximal thenthehomomorphismisactuallysurjective(onto)and,RA1A2 Ak=RA1

RA2 RAk.Proof. Wewillrstshowthisfork= 2andthenitcanbeextendedbyinduction(theexercisethatA1andA2 Akarecomaximalwillproveit).Theproofcanbebrokendownintothreeparts.1. Themapwhichtakesrtor +A1, r +A2isahomomorphism.2. ThekernelisA1A2 Ak.3. TheimageisRA1

RA2 RAk.Inotherwordsthemapisonto(surjective).Therstpartisanexercise.Itfollowsfromthefactthattheindividualmaps(i: R RAi)whichtakertor +Aiarehomomorphisms.The kernel for this individual maps are Ais and hence for the combined map , it is A1A2. The secondpartoftheproofrequiresustoprovethatifA1, A2arecomaximalthenA1 A2= A1A2.Suppose A1andA2are comaximal. Hence, there exist x A1, yA2for whichx+y =1. Evenwithout the comaximal conditionA1A2A1 A2. For the opposite direction, sayc A1 A2, thenc = c1 = cx +cy A1A2(thereexistx A1, y A2forwhichx +y= 1).HenceA1 A2= A1A2.Nowweonlyneedtoprovethethirdpart,toshowthatthemap:r (r + A1, r + A2)issurjective.Since x+y= 1, (x) = (0, 1) and (y) = (1, 0). For any element (r1+A1, r2+A2) ofRA1

RA2, we can prove(r2x +r1y) = (r1 +A1, r2 +A2).Henceissurjective.(r2x +r1y) = (r2x) +(r1y) = (A1, r2 +A2) + (r1 +A1, A2) = (r1 +A1, r2 +A2). .We will see various applications of Chinese remainderingtheoremthroughout this course. The mostimportantoneis,givenanumbern = pa11 parr,Zn = Zpa11Zpa22 Zparr.Theproofisleftasanexercise.Thisisomorphismanditsproof will enableustoansweroneof thequestionspostedearlier. Supposeweneedtondanumberrwhichleavesremainderr1modulon1andremainderr2modulon2. Chineseremaindertheoremtellsusthatsucharalwaysexistsifn1andn2areco-primetoeachother.ThroughtheproofofCRT,r = r1n2(n12modn1) +r2n1(n11modn2).Exercise6.21. Checkthattheabovesolutionworks.Thesamecanbegeneralizedtomorethan2numbers.How(trytogivetheexplicitformula)?Now, wewill consider twoabstract structures whicharespecializationof rings, integral domains andelds.6.3IntegraldomainOur main motivation was to study integers. We know that integers are rings but they are not elds. We alsosaw (through exercise) that integers are more special than rings. The next abstract structure is very close tointegersandiscalledintegral domain.An integral domainis a commutative ring (multiplication is commutative) where product of two non-zeroelementsisalsonon-zero.Inotherwords,ifab = 0theneithera = 0orb = 0orboth.32Exercise6.22. Give some examples of anintegral domain. Give some examples of rings whichare notintegraldomains.Wesaidthatintegral domainisclosertointegersthanrings. Therstthingtonoticeisthatintegraldomainshavecancellationproperty.Exercise6.23. Ifab = acinanintegraldomain,theneithera = 0orb = c.Nowwewillseethatthepropertiesofdivisibility,primesetc.canbedenedforintegraldomains.Giventwoelementsa, b R, wesaythatadivides b(bisamultipleofa)ifthereexistanx R, s.t.,ax = b.Exercise6.24. Ifadividesbandbdividesathentheyarecalledassociates.Show, Beingassociatesisanequivalencerelation. aandbareassociatesia = ubwhereuisaunit.You can guess (from the example of integers), the numbers 0 and units (1) are not relevant for divisibility.A non-zero non-unit x is irreducibleif it cant be expressed as a product of two non-zero non-units. A non-zeronon-unitxisprimeifwheneverxdividesab,itdivideseitheraorb.Noticethatforintegersthedenitionofirreducibleandprimeisthesame.Butthisneednotbetrueingeneralforintegraldomain.Forexamples,lookatanystandardtext.Exercise6.25. Whatistheproblemwithdeningdivisibilityinring?6.4FieldsIf you look at the denition of rings, it seems we were a bit unfair towards multiplication. R was a commutativegroup under addition but for multiplication the properties were very relaxed (no inverses, no commutativity).Fieldistheabstractstructurewherethesetisalmost acommutativegroupundermultiplication.Denition6.26. ThesetFwiththetwooperations+and isaeld,if, Fisacommutativegroupunder+. F 0isacommutativegroupunder (ithasinverses). Thetwooperations+and followthedistributivelaw,i.e.,a (b +c) = a b +a cand(a +b) c = a c +b c.Exercise6.27. Whyareweexcludingtheidentityofadditionwhenthemultiplicativegroupisdened?As you can see Field has the strongest structure (most properties) among the things (groups, rings etc..)wehavestudied. Hencemanytheorems canbeprovenusingFields. Fields is oneof themost importantabstractstructureforcomputerscientists.Note6.28. Thenotionofdivisibilityetc.aretrivialinelds.Letuslookatsomeoftheexamplesofelds. ZisNOTaeld. Q, Rand Careelds. Zmisaeldimisa .Ex:Fillintheblank.The last example is of elds which have nite size. These elds are called niteeldsand will be of greatinteresttous.336.5Thechainofabstractstructures(advanced)We have studied three dierent abstract structures this week, ring, integral domain and elds. Actually thereare a lot of abstract structures which can arise in between rings and elds. They are dened by the propertieswhichhavebeenfundamental inthestudyof numbertheory. Takealookatthedenitionof all of thesestructuresandtherelation(order)betweentheproperties.Exercise6.29. Forhowmanyofthemcanyouguessthedeningproperties?Rings Commutative Rings Integral domain Unique factorization domain Principal ideal domainEuclideandomain FieldThis list is taken from Wikipedia. You can interpret this chain of inclusion as the fact that Euclidean gcdalgorithm (Euclidean domain) implies the every any number of the form ax+bycan be written as dgcd(x, y)(principal ideal domain). And principal ideal domain implies unique factorization. Then unique factorizationimplies,ab = ac b = cassuminga ,= 0.Exercise6.30. Provealltheaboveassertions.6.6AssignmentExercise6.31. GivearulethatissatisedbyIntegersbutneednotbesatisedbyringsingeneral.Exercise6.32. Findthesetofunitsinthering Z8.Exercise6.33. Ifalltheidealsintheringcanbegeneratedbyasingleelementthenitiscalledaprincipalideal domain.Showthat Zisaprincipalidealdomain.Exercise6.34. Showthatifab = 0fora, binaeldFthenshowthateithera = 0orb = 0.Exercise6.35. Whataretheunitsofaeld?Exercise6.36. Showthataniteintegraldomainisaeld.Exercise6.37. Showthatthecharacteristicofaniteeldisalwaysaprime.Exercise6.38. Findanumbernwhichleavesremainder23with31,2with37and61with73.Exercise6.39. Givenanumbern = pa11 parr,showthat,Zn = Zpa11Zpa22 Zparr.Where =denotesthattworingsareisomorphic.Exercise6.40. Findanumbernwhichleavesremainder3whendividedby33and62whendividedby81.Hint:Trickquestion.Exercise6.41. Suppose(n)isthenumberofelementsco-primeton.Provethatifmandnareco-prime,then(mn) = (m)(n).Hint:Chineseremaindertheorem.Exercise6.42. ShowthatmZandnZarecomaximalin Z.347PolynomialsYouhaveseenpolynomialsmanyatimestillnow.Thepurposeofthislectureistogiveaformaltreatmentto constructing polynomials and the rules over them. We will re derive many properties of polynomials withtheonlyassumptionthatthecoecientsarisefromaringoraeld.Weareusedtothinkingofapolynomial(like4x2+2x +6)asanexpressionofcoecients(in Z, Retc.)andvariables (x, yetc.). Mostlythepurposeis tosolveequations andndout thevalueof thevariableor indeterminate. But thepolynomials areuseful not just togureout thevalueof thevariablebut asastructureitself. Thevaluesx, x2,shouldbethoughtof asplaceholdertosignifythepositionof thecoecients.Usingthisviewletsdeneaformal polynomial.7.1PolynomialsoveraringApolynomial overaringRisaformal sumanxn++ a1x + a0, wherethecoecientscomefromtheringR. Thesetof all polynomials(inonevariable)overaringRaredenotedbyR[x]. Thedegreeof thepolynomialisthehighestpowerofxwithanon-zerocoecient.Wecandenetheadditionandmultiplicationoverpolynomials(inR[x])soastomatchthedenitionslearned till now. Given two polynomials a(x) = anxn+ +a1x+a0and b(x) = bnxn+ +b1x+b0, theirsumisdenedas,a(x) +b(x) = (an +bn)xn+ + (a1 +b1)x + (a0 +b0).Ifthedegreeoftwopolynomialsisnotequal,wecanintroduceextrazerocoecientsinthepolynomialwiththe smaller degree. For multiplication, giventwo polynomials a(x) =anxn+ +a1x+a0andb(x) = bmxm+ +b1x +b0,theirproductisdenedas,p(x) = a(x)b(x) = (anbm)xn+m+ + (a2b0 +a1b1 +a0b2)x2+ (a0b1 +a1b0)x + (a0b0).Moreformally,theproductisdenedusingdistributionandthefactthat(axi)(bxj) = (ab)xi+j.Exercise7.1. Whatisthedegreeofa(x)b(x)ifthedegreeofa(x)isnandb(x)ism?Hint:Itneednotben +m.why?We mentioned while giving examples of rings that if R is a commutative ring then R[x] is a commutativering too. Using the denition above, the polynomials in multiple variables can be dened using induction. Wecan consider R[x1, x2, , xk] to be the ring of polynomials whose coecients come from R[x1, x2, , xk1].Anotherdenitionofinterestisthemonicpolynomial whoseleadingcoecient(non-zerocoecientofthehighestdegree)is1.Apolynomialisconstant itheonlynon-zerocoecientisthedegree0one(a0).Themostimportantpolynomialringsforuswouldbe Zm[x]and Z[x], R[x]etc..Exercise7.2. Supposea(x) = 2x3+ 2x2+ 2isapolynomialin Z4[x],whatisa(x)2?7.2PolynomialsovereldsAfterdeningadditionandmultiplicationwewouldliketodenedivisionandgcdofpolynomials.ItturnsoutthatthesedenitionsmakesensewhenRisaeld.Forthissection,wewillassumethatwearegivenaeldFandthepolynomialsareinF[x].WeknowthatF[x]isanintegraldomainsinceFisone.Exercise7.3. ShowthatF[x]isanintegraldomainifFisanintegraldomain.Exercise7.4. Fortheremainingsection, notewhereweusethattheunderlyingringofcoecientsFisaeld.Theorem7.5. Division: Giventwopolynomialsf(x) andg(x), thereexist twouniquepolynomialscalledquotientq(x)andremainderr(x),s.t.,f(x) = q(x)g(x) +r(x).wherethedegreeofr(x)islessthanthedegreeofg(x).Proof. Existence: Suppose the degree of f(x) is less than degree of g(x) then q(x) = 0 and r(x) = f(x). Thiswillbethebasecaseandwewillapplyinductiononthedegreeoff(x).Say f(x) = fnxn+ +f1x+f0and g(x) = gmxm+ +g1x+g0with m n. Multiply gby fng1mxnmandsubtractitfromf.f(x) fng1mxnmg(x) = (fn1 gm1fng1m)xnm1+ = l(x).Sol isapolynomial withlowerdegreeandbyinductionitcanbewrittenasl(x)=q

(x)g(x) + r(x).This implies f(x) = (fng1mxnm+q

(x))g(x) +r(x). So we can always nd q(x) and r(x) with the conditiongivenabove.Thismethodiscalledlongdivisionandistheusualmethodofdividingtwonumbers.Exercise7.6. What is the relation between the usual division between two integers you learnt in elementaryclassesandlongdivision.Uniqueness:Supposetherearetwosuchdecompositionsf=q1g + r1andf=q2g + r2(noticethatwehavesuppressedxforthesakeofbrevity).Thensubtractingonefromanother,0 = (q1 q2)g + (r1 r2).Exercise7.7. Showthatthisimpliesqandrareunique. .Usingthedivisionalgorithm,wecandenetheEuclideanGCDalgorithm.Exercise7.8. ReadandunderstandtheEuclideangcdalgorithmfortwopositivenumbers.Lets dene greatest common divisor (gcd) rst. Given two polynomials f, g, their greatest common divisoristhehighestdegreepolynomialwhichdividedbothf, g.TheimportantobservationforEuclideangcdis,iff= gq1 +r1thengcd(f, g) = gcd(g, r1).Withoutlossofgeneralitywecanassumethatfhashigherdegreethangandhencerhaslowerdegreethangandf.Wecancontinuethisprocess,sayg= q2r1 + r2.Thenthetaskreducestondingthegcdofr1andr2.Ultimatelywegettwopolynomials,s.t.,rn [ rn1.Thenrnisthegcdoffandg.Exercise7.9. Showthatanypolynomialwhichdividesbothfandgwillalsodividernmentionedabove.Showthatrndividesbothfandg.36Fromthepreviousexerciseitisclearthatrnisoneofthegcd(itdividesbothandhashighestdegree).Exercise7.10. Whyisgcdunique?Exercise7.11. Imp: Showthat usingEuclideanalgorithmforgcd, if gcd(f, g) =dthenthereexist twopolynomialsp, q,s.t.,d = pf+qg.Lets dene primes in the ring of polynomials. They are called irreducible polynomials (irreducible elementsofintegraldomainF[x]).ApolynomialfisirreducibleiitisnotconstantandtheredoesNOTexisttwonon-constantpolynomialsgandh,s.t.,f= gh.Exercise7.12. Giventhatamonicpolynomialgisirreducible,show,anypolynomialfisdivisiblebygortheir gcd is 1. This property can be re-stated, any irreducible polynomial cant have a non-trivial gcd (trivialgcd:1orthepolynomialitself).Withthisdenitionwecanstartndingthefactorsof anypolynomial f. Eitherf isirreducibleoritcanbewrittenasgh.Ifwekeepapplyingthisproceduretogandh.Wegetthatanypolynomialfcanbewrittenas,f= cg1g2 gk.WheregisareirreduciblemonicpolynomialsandcisaconstantintheeldF.Cantwosuchfactorizationsexist?Itturnsout, likeinthecaseof natural numbers, thisfactorizationisuniqueuptoorderingof polynomials. Forthecontradiction, supposetherearetwosuchfactorizationscg1 gkandch1 hl.Exercise7.13. Whycanweassumethattheconstantisthesameforbothfactorizations?Weknowthatsinceg1isirreducibleitcanthaveanon-trivialgcdwitheitherh = h1 hl1orhl.Wewillalsoshowthatitcanthavegcd1withboth.Supposegcd(hl, g1)is1.ThenusingEuclideangcd,1 = phl +qg1 h = pf+qg1h.Sinceg1dividesbothtermsontheR.H.S, itdividesh. Hencethegcdof handg1isg1. Sog1eitherdivideshlorh = h1 hl1.If itdividesh1 hl1, wecanfurtherdivideitandultimatelygetthatg1divideshiforsomei. Butsinceg1andhibothareirreducibleandmonic,henceg1= hi.Thisgivesthetheorem,Theorem7.14. Uniquefactorization:Givenapolynomial fitcanbewritteninauniquewayasaproductofirreduciblemonicpolynomialsuptoordering.f(x) = cg1(x)g2(x)gk(x)WherecisaconstantinF(theleadingcoecientoff)andgisareirreduciblemonicpolynomials.Exercise7.15. Theorderof goingfromdivisionalgorithmtoEuclideanGCDtouniquefactorizationisimportant.Whereelsehaveyouseenthis?Thereisaneasywaytondoutwhetheradegree1polynomial x adividesapolynomial f ornot.Substituteainthepolynomial f (wecall theevaluationf(a)), if itevaluatestozerothenx adividesfotherwisenot.Iff(a) = 0,wesaythataisaroot off.Theproofofthisisgivenasanexercise.Usingthefactorizationtheoremwecanshowthatanypolynomialofdegreedcanhaveatmostdroots.Theproofofthistheoremisleftasanexercise.Theorem7.16. Givenapolynomial pofdegreedoveraeldF.Thereareatmostddistinctrootsofp.377.3FieldextensionExercise7.17. Whydoweneedcomplexnumbers?It might seem a weird question given the context. But lets look at the answer rst. Mathematician didnthavetherootsofpolynomialx2+1intheeld R.Sotheycameupwithanothereld Cwherethesolutionexisted.Canwedoitforothereldsandotherpolynomials?Thiscanbedoneandisknownaseldextension.Letstrytoconstructsuchaeldextension.Suppose we are given a eld Fand a polynomial p in it. We can look at the set of all polynomial in F[x]modulothepolynomialp.ThissetisknownasF[x](p).Thereasonforthisisthat(p)isanidealgeneratedbypolynomialp(itcontainsallmultiplesofp).Exercise7.18. Showthat(p)isanideal.SoF[x](p)isjustthequotientringgeneratedbytheideal(p).Amoreintuitivewaytounderstandthisringis, itisthesetofpolynomialsinF[x] assumingthattwopolynomials areequal if theyonlydier byamultipleof p. Usingthedivisionalgorithmwecanalwaysreduceanypolynomialftoapolynomialr,s.t.,f= qp +r.Thenbyabovediscussionr = finF[x](p).Inthealgebraiclanguage,ristherepresentativeoftheadditivecosetofF[x]containingf.Exercise7.19. Show that the elements ofF[x](p)are basically all the polynomials with degree less than deg(p).TheringF[x](p)isaeldipisirreducible(proofisleftasanexercise). ThiseldF[x](p)iscalledtheeldextensionofF.ItiseasytoseethatanisomorphiccopyofFisasubeldofF[x](p).Thegreatthingisthatthereisarootofpinthisneweld.Ifyouthinkforaminutetherootisx!!TheeldF[x](p)canalsobeviewedasavectorspaceoverF.Exercise7.20. Whatisthedimensionofthatvectorspace?Weareinterestedintheseeldextensionsbecausetheywillhelpuscharacterizeniteelds.7.3.1AnotherwaytolookateldextensionMoregeneralwaytodeneeldextensionsisthroughsubelds.SupposeKisasubsetofaeldL,s.t.,Kiselditself.ThenwesaythatKisasub-eldofLorLisanextensionofK.SupposesisanelementofLnotinK.WecanextendKtoincludes.ThesmallestsubeldofLwhichcontainsKaswellassiscalledK(s).WecansimilarlydeneK(S),whereSisaset.Whyarethetwointerpretationsgivenabovesimilar.IfswasarootofanirreduciblepolynomialpinKthentheeldK(s)ispreciselyK[x](p). All theelementsof K(s)canbeviewedaspolynomialsinK[x] withdegreelessthandeg(p)(substitutingsforx).Exercise7.21. Showthat Q(2) = a +b2 : a, b Qisasubeldof R.Noticethatcomplexnumberscanbeviewedas R(i)orasR[x]x2+1.SupposeLisaeldextensionofK.ThenLcanbeseenasavectorspaceoverK.Thedimensionofthevectorspaceisknownasthedegreeoftheextension.Note7.22. Youmighthaveseenvectorspacesoverrealsandcomplexnumbers. Theycanbedenedoverarbitrary eld Fby assuming that the coecients (scalars) come from Fand any addition and multiplicationofscalarscanbedoneinaccordancewiththeeld.Exercise7.23. WhatisthedegreeofextensionK[x]p.Notethatthesubeldperspectiveofeldextensionismoregeneralthantheeldextensionusingpoly-nomials.Realsareanextensionofrationals.Itcanbeshownthatsuchanextensioncannotbeobtainedbyanyirreduciblepolynomialoverrationals.387.4AssignmentExercise7.24. Writeaprogramtocomputethecoecientof xiina(x)b(x)giventwopolynomialsa(x)andb(x).Exercise7.25. Computetheproductof7x3+ 2x2+ 2x + 4and2x2+ 5x + 1in Z14.Exercise7.26. Showthatin Zp(pisaprime),(x +y)p= xp+yp.Exercise7.27. ShowthatifRisanintegraldomainthensoisR[x].Exercise7.28. Showthatf(x)inF[x]hasaninverseif(x)isaconstantpolynomial(zeroexcluded).Exercise7.29. Findoutthequotientandremainderwhenx3+ 5x2+ 2x + 3isdividedbyx2+ 1in Z7.Exercise7.30. IfFisaeld,isF[x]alsoaeld?Exercise7.31. Whatisthegcdofxn+ 1andxm1in Z2[x].Exercise7.32. Showthatx adividesfif(a) = 0.Exercise7.33. Hard:ProvethattheringF[x](p)isaeldipisirreducible.Exercise7.34. Provethetheorem7.16.398FiniteFieldsWehavelearntaboutgroups,rings,integraldomainsandeldstillnow.Fieldshavethemaximumrequiredpropertiesandhencemanynicetheoremscanbeprovedaboutthem.Forinstance,inpreviouslectureswesawthatthepolynomialswithcoecientsfromeldshaveuniquefactorizationtheorem.Oneoftheimportantsubcaseofeldsiswhentheyarenite.Inthiscasetheeldscanbecompletelycharacterized up to isomorphism and have lot of applications in computer science. We will cover the charac-terizationandanapplicationintheselecturenotes.8.1CharacteristicofaeldWehaveseenhowthecharacteristicofaringwasdened.Exercise8.1. Whatisthecharacteristicofaring?Sinceeldisaspecial caseof rings, thedenitioncanbeappliedtoeldstoo. Thecharacteristicof aeldFistheminimumn N,s.t.,n1 = 0.Heren1denotestheadditionofmultiplicativeidentityntimes,1 + 1 + + 1

ntimes.Ingeneral,thecharacteristicmightnotexistforeld(say R).Inthatcasewesaythatcharacteristiciszero.Forthecaseofniteeldthough,thecharacteristicisalwaysapositivenumber.Why?Supposenisacharacteristicof aniteeld. If niscomposite, sayn=pq, then(p1)(q1)=0. ButFdoesnothaveazerodivisor(itisaeld)andhenceeitherp1 = 0orq1 = 0,establishingcontradiction.Sowegetthetheorem,Theorem8.2. Thecharacteristicofaniteeldisalwaysaprime.Note8.3. p1 = 0impliesthatpf= 0forallf F,theproofisgivenasanexercise.How does a eld with characteristic p looks like? We can look at the additive structure. It turns out thatitcanbeseenasavectorspaceover Zp.Exercise8.4. Reviewthedenitionofavectorspaceoveraeld.Theorem8.5. AniteeldF of characteristicpis avector spaceoverZp. Hence, if therearer basiselementsthen [F[ = pr.Proof. Dene nf tobe f+f+ +f

ntimes. Fromthe previous discussion, the onlyrelevant values of nare0, 1, , p 1.LetuslookatthesetgeneratedbyS= f1, f2, , fk.Wecallitthespan,span(S) = n1f1 +n2f2 + +nkfk: ni 0, 1, , p 1 i.Exercise8.6. Showthatspan(S)isthesmallestadditivegroupcontainingS.Clearlyonesetexistforwhichspanistheentireeld(theelditself).Exercise8.7. ShowthatFisavectorspaceover Zp.Say a basis B= b1, b2, , br is the minimal set of elements such that span(B) = F. We have assumedthatBhasrelements.Then,span(B) = n1b1 +n2b2 + +nrbr: ni 0, 1, , p 1 i.Weclaimthatnotwoelementsof theabovesetaresame. If theyarethensomeelementof Bcanbewrittenasalinearcombinationofothers,violatingtheminimalnessofB.Hencespan(B)hasnoduplicatesanditisequaltoF.SothecardinalityofFispr. .Note8.8. Thetheoremshowsthatasanadditivegroup,aeldofsizepr,isisomorphicto(Zp)r.Bytheprevious theoremwehaveprovedthat everyniteeldhas characteristicsomeprimepandnumberofelementsarepr, somepowerofitscharacteristic. Hencethenumberofelementsinaniteeldcanonlybeaprimepower.Doesthereexistaniteeldforeveryprimepower.Clearlyforeveryp, Zpisaeld.8.1.1FiniteeldsoforderprToconstruct elds of cardinalitypr, we use the concept of eldextension. Suppose g is anirreduciblepolynomialin Zp.ThenweknowthatZp[x](g)isaeld(fromeldextensions).Exercise8.9. ShowthatZ3[x]x2+1isaeld.Whatisitscardinality?Whatisthecharacteristic?It is clear that insuchaeldp1=0. That shows that characteristicof theeldis p. Thedierentelementsof thiseldareall theremainderpolynomialsmodulog. Inotherwords, all thepolynomialsofdegreedeg(g) 1withcoecientsfrom Zp.Sothenumberofelementsinthiseldarepdeg(g).This shows that to construct a nite eld of size pr, we need to nd an irreducible polynomial of degree r.It is known that such an irreducible polynomial always exist. The proof of this statement will not be coveredinthisclass.Sotherealwaysexistatleastoneeldofsizepr.Itcanactuallybeshownthatallsucheldsofsizeprareisomorphicandwecallthem Fpr .Forr = 1,thiseldis Zp,wewillalsocallit Fp.Exercise8.10. Whatisthedierencebetweenvectorspace Z23andeldZ3[x]x2+1?We wont prove that there exist a unique eld of size prup to isomorphism. But we will provide a partialjustication.Wehaveseenthattheadditivegroupofanyeldofsizeprisisomorphicto(Zp)r.Inthenextsectionwewillshowthattheirmultiplicativegroupisalsoisomorphicto Zpr1(itiscyclic).Soforanytwoniteeldsofsamesize,theiradditivegroupsandmultiplicativegroupsareisomorphic.Exercise8.11. Whyisthisapartialandnotfullproofthattwoeldsofthesamesizeareisomorphic?8.1.2PrimitiveelementWeneedtoshowthatthemultiplicativegroupof anyeldiscyclic. Thatmeans, thereexistanelementf F,s.t.,theorderoffis [F[ 1(whydidwesubtract1?).SuchanelementgeneratesthewholegroupF 0 = f0, f1, , f|F|2.Denition8.12. Primitiveelement:AnelementfofFwhichgeneratesthemultiplicativegroupoftheeldFiscalledtheprimitiveelementofF.42Toshowthatanyeldsmultiplicativegroupiscyclic,wejustneedtoshowtheexistenceofaprimitiveelement.Theorem8.13. ForanyniteeldF,therealwaysexistaprimitiveelementofF.Proof. LetscallthemultiplicativegroupF= F 0and [F[ = n.SinceFhasordern,forallelementsxofF,xn1 = 0Sothereareexactlynrootsoftheaboveequation(whyexactlyn?).Foranyelementx, theorderddividesn, hencexisasolutionofp(d)=xd 1forsomed [n. Noticethatthepolynomialp(d)hasatmostdroots.Forthesakeof contradiction, supposetherearenoprimitiveelements. Theneveryelementhasorderstrictlylessthann.Wewouldliketoshowthattherearenotenoughroots(n)forthepolynomialxn1.Sowewouldliketoshow,

d 1.Theorem8.20. Ifn = pkforsomepowerkofanoddprimepthenG = Zniscyclic.Note8.21. Thisisnottrueforevenprime,wehaveseenthat Z8isnotcyclic.Exercise8.22. Findoutwheredidweusethefactthatpisodd.Proof. Assumethatt = pk1(p 1),theorderofthegroupG.Weknowthat Fpiscyclicandhencehaveageneratorg. Wewill usegtocomeupwithageneratorofG.Firstnoticethat,(g +p)p1= gp1+ (p 1)gp2p ,= gp1modp2.So either (g +p)p1or gp1is not 1 modp2. We can assume the latter case, otherwise replace gby g +pintheargumentbelow.Sogp1= 1 +k1pwherepk1.Sousingbinomialtheorem,gp(p1)= (1 +k1p)p= 1 +k2p2.Wherepk2Exercise8.23. Continuingthisprocess,showthat,gpe1(p1)= 1 +kepe,withpke.Fromthepreviousexercisegt=1 modpkbutgt/p,=1 modpk. Theonlypossibleorderof gthenispk1dwheredisadivisorofp 1(becausetheorderhastodividet,Lagrangestheorem).Iftheorderispk1d,thengpk1d= 1 modpk= 1 modp.Butgp= g modp(why?).Thatimpliesgd= 1 modp.Sincep 1istheorderofgmodulop(gisthegenerator),impliesd = p 1.Henceproved. .8.2Application:TheclassicalpartofquantumalgorithmforfactorizationOne of the most important achievements of quantum computing has been to solve factorization in polynomialtime. Thereisnoknownecient classical algorithmtofactorizeanumber. Theproblemiseasytostate,givenanumbern,ndthefactorizationofn.Note8.24. Anecientalgorithmforfactorizationrunsintimepolynomial inlog n, sincetheinputsizeislog n(thenumberofbitsneededtospecifyn).Thequantumalgorithmworksbyreducingtheproblemclassicallytosomethingknownasthehiddensubgroup problem (HSP). Shors factorization algorithm (1994) can be reduced to giving an ecient algorithmtosolveHSPonaquantumcomputer.The quantum algorithm for HSP is out of scope of this course. But we will present the classical reductionfromfactorizationtoHSP,aneatapplicationofmanythingswelearntinthiscourse.448.2.1Hiddensubgroupproblem(HSP)Inthehiddensubgroupproblem,wearegivenagroupGandafunctionf: G RwhichhidesasubgroupH. Byhidingasubgroupmeansthatthefunctionsassignthesamevaluetotwoelementsfromthesamecosetanddierentvaluestoelementsfromadierentcoset.ThesubgroupHisnotknownandthetaskistondthissubgroup.Note8.25. Forthiscase, weassumethatablack-boxisgivenwhichcomputesthevalueof afunctionongroupelements.Inpractice,ifwecancomputethefunctionecientlythenthealgorithmforndinghiddensubgroupisecienttoo.The interest inthis problemis because manyproblems like order-nding, discrete logarithmcanbethought of as HSPs over nite abelian groups. Their is a quantum algorithm for solving HSP over any niteabeliangroup.IfwecansolveHSPonnon-abeliangroupsthenitcanbeusedtosolveimportantproblemslikegraphisomorphismandshortestvectorprobleminalattice.Theproblemoforder-ndingisthatgivenanelementginagroupG,ndtheorderofginG(smallestr,s.t.,gr= 1).Letsseehoworder-ndingcanbethoughtofasanexampleofHSPin Z.Suppose the order is r (the quantity we need to nd). The set of multiples of r form a subgroup of Z knownasrZ.Thecosetsaretheresidueclassesmodulor.Givenanelementx Z,thefunctionax=ax modrisconstantoncosetsanddistinctondierentcosets.Exercise8.26. Provetheaboveassertion.This function can be computed eciently (repeated squaring) and hence order-nding can be posed as ahiddensubgroupproblem.Note8.27. Abovediscussionshows that order-ndingis anHSPover anabeliangroup(Z, whichis notnite).Thequantumalgorithmforniteabeliangroupscanbemodiedtohandlethiscasetoo.8.2.2Factorizationtoorder-ndingInthissectionwewill reducethefactorizationofntoorder-ndinginthegroup Zn. Hence, completethereductionfromfactorizationtohiddensubgroupproblem.Wewillrstgetridofthetrivialcases,itcanbeeasilycheckedifthenumberisevenorifn = mk(takethesquareroot,cubicrootetc.uptolog n).Soitcanbeassumedthatnisanumberoftypekk

wherekandk

areco-primeandodd.Weareinterestedinndinganon-trivialfactorofn(not1orn).Oncefoundonefactor,wecanrepeattheproceduretondthecompletefactorization.Lookatthesquarerootsof 1 modn, i.e., bforwhichb2=1 modn. Clearlytherearetwosolutionsb = 1 modn.Supposethereexistab ,= 1 modn.Thenb21isdivisiblebynandb 1isnot.Sothegcd(b 1, n)willgivenon-trivialfactorsofn.Thereductionfromfactorizationtoorder-ndingbasicallysearchesforsuchab.ItcanbeshownusingChineseremaindertheoremthatsuchabalwaysexists(exercise).Exercise8.28. Intheifstatementofthealgorithmwhydidntwecheckthatb = 1 modn?Theonlythingweneedtoshowis that thereareenoughas for whichb =ar/2,= 1 modnis asquare-rootof1 modn.Note8.29. The quantum algorithm is a probabilistic algorithm, hence showing that there are enough goodasworks.Theorem8.30. Supposenisaproduct of twoco-primenumbersk, k

>1. Forarandomlychosena, theprobabilitythatahasanevenorderrandar/2,= 1 modnisatleast1/4.45Checkifnisevenoroftheformn = mk;Pickana,s.t.,gcd(a, n) = 1(elsewehavealreadyfoundanon-trivialfactorofn);fori = 1, doFindtheorderofaandcallitr(usethequantumalgorithmfororder-nding);if risoddorar/2= 1 modnthenPickanotheraco-primeton;elseFoundb = ar/2= 1 modn,squarerootof1;Findthenon-trivialfactorsfromgcd(b 1, n);Break;endendAlgorithm1:Algorithmforfactorizationusingorder-ndingProof. Thisproof istakenfromthebookQuantumcomputingandQuantuminformationbyNielsenandChuang.Weintroduceanotation,pow2(z),thehighestpowerof2thatdividesanynumberz.Firstweprovealemmaforanumberq=pk, whichisaprimepower. Saym=(q)=pk1(p 1)(exercise). By theorem 8.20, Zqis cyclic, say gis the generator (m is the least number, s.t., gm= 1 modq).Supposel = pow2(m)(misevenandhencel 1).Lemma8.31. Say, we choose a randomelement fromZq . With probability 1/2, the order r satisespow2(r) = l.Proof. Weknowthatgthasordermgcd(m,t).Thenitcanbeeasilyseenthatpow2(r) = litisodd. .Nowconsidertheprimefactorizationn = pi11piss.ByChineseremaindertheorem,Zn= Zpi11 Zpiss.So,torandomlychosea,wecanpickrandoma1, , asfromtherespective Zpis.Sayrjaretheordersofajmodulopijj.Claim. Supposetheorderrofaisoddorar/2= 1 modn.Thenpow2(rj)issameforallj.Proof. Theorderisoddiallrjsareodd.Otherwise,ifar/2= 1 modpijjthennoneofrjdivider/2(weusethefactthatpisarenot2).Alltherjsdividerbutnotr/2,sopow2(rj)isthesame. .Fromlemma8.31, withhalftheprobability, Theorderrjofajwill besuchthatpow2(rj)=lj(wherelj= pow2(pij1j(pj 1))).Callthecasewhenpow2(rj) = ljastherstcaseandotherthesecondcase.Weknowthatbothcaseshappenwithprobability1/2.Notice that ljs only depend on n. If all ljare equal, pick a1s from rst case and a2from the second case.Iftheyareunequal,sayl1 ,=l2,thenpickthea1, a2fromtherstcase.Soineitherscenario,rjscantbeallequal.Whichimpliesrisevenandar2 ,= 1 modn(byclaim).Sincewehaveonlyxedatmost2casesoutofs,theprobabilityisatleast1/4. .Hencethereductionfromfactorizationtoorderndingiscomplete.468.3AssignmentExercise8.32. Biggs:Provethatthesetofallelementsoftype1 + 1 + + 1

ntimesformasubeld.Exercise8.33. Ifp1 = 0,provethatpf= 0forallf F.Exercise8.34. SupposeinaeldF,p1 = 0foraprimep.Showthatthecharacteristicofthateldisp.Exercise8.35. Showthatanyeldofsizepisisomorphicto Zp.Hint:0and1shouldexistinthateld.Nowconstructtheobviousisomorphism.Exercise8.36. Findaprimitiveelementineld F23Exercise8.37. Writeaprogramtondifadegree2polynomialisirreducibleornotin Fpforaprimep.Exercise8.38. Constructtheeld F49.Hint:Lookatsquarerootsmodulo7.Exercise8.39. Provetheclaim8.16.Hint:Lookatanynumbermlessthannasm = gcd(m, n).m

.Exercise8.40. Discrete logarithm: Given an element a and a generator gin the group G = Zm, the discretelogistheproblemofndingleastl,s.t.,gl= a.ShowthatitcanbecastasanHSP.Hint:Usethefunctionaxgywherex, y Z|G|.Exercise8.41. Show that for n = kk

where k, k

are co-prime, there exist a square root of 1 modn whichisnot 1 modn.Exercise8.42. Ifn = pk,showthat(n) = pk1(p 1).47