Introduction to the theory of congruences
Elad Aigner-Horev
§1. Congruence classes
Definition 1.1. Let m ∈ Z+ and let a, b ∈ Z. We say that a is congruent b modulo m, and write
a ≡ b (mod m) if m | a − b. If m 6 |a − b then we say that a is incongruent to b modulo m and we write
a 6≡ b (mod m).
When m = 1 we get a triviality as 1 | a − b for any a, b ∈ Z.
Example 1.2.
−1 ≡ 1 (mod 2) as 2 | 1 − (−1)
5 ≡ 1 (mod 2) as 2 | 5 − 1
−1 ≡ (n − 1) (mod n) as n | (n − 1) − (−1)
−2 ≡ (n − 2) (mod n) as n | (n − 2) − (−2)
−i ≡ (n − i) (mod n) as n | (n − i) − (−i)
Theorem 1.3. Let m ∈ Z+ . If a, b ∈ Z then a ≡ b (mod m) if and only if a = b + km for some k ∈ Z.
Proof. If a ≡ b (mod m) then m | a − b so that km = a − b for some k ∈ Z and the claim follows in this
direction. Conversely, if a = b + km for some k ∈ Z then a − b = km so that m | a − b and the claim
follows in this direction.
Theorem 1.4. Let a, b ∈ Z and m ∈ Z+ . Then a ≡ b (mod m) if and only if a = km + r and
b = k 0 m + r for some k, k 0 ∈ Z and 0 ≤ r < m. That is, both a and b have the same remainder after
division by m.
Proof. If a ≡ b (mod m) then a = b + km for some k ∈ Z by Theorem 1.3. In addition, by the division
algorithm b = k 0 m + r for some k 0 ∈ Z and 0 ≤ r < m. Then
a = b + km = k 0 m + r + km = (k 0 + k)m + r
and the first direction is complete.
Conversely, suppose that a = km + r and b = k 0 m + r for some k, k 0 ∈ Z. Then a − b = (k − k 0 )m so
that m | a − b and the claim follows.
The following result summarises the fundamental properties of congruences through which arithmetic
of congruences is available.
Theorem 1.5. Let m ∈ Z+ . Congruences modulo m satisfy the following properties.
1. Reflexive property: a ≡ a (mod m) for every a ∈ Z.
1
Number Theory ArielU 2016
Elad Aigner-Horev
2. Symmetric property: If a, b ∈ Z then a ≡ b (mod m) ⇐⇒ b ≡ a (mod m).
3. Transitive property: If a, b, c ∈ Z such that a ≡ b (mod m) and b ≡ c (mod m) then a ≡ c (mod m).
Proof. The reflexive property follows from the fact that m | a − a for every a ∈ Z. The symmetric
property follows from the observation that m | a − b if and only if m | b − a. Finally, the transitive
property follows from the fact that if m | a − b and m | b − c then a = b + k1 m and b = c + k2 m. Then
a − c = b + k1 m − (b − k2 m) = (k1 + k2 )m so that m | a − c.
Given a m ∈ Z+ we have just defined a relation on the members of Z, namely,
{(a, b) ∈ Z2 : a ≡ b (mod m)}.
By Theorem 1.5 this relation is an equivalence relation on Z. That is, this relation partitions the set Z
into disjoint sets to which we refer as the congruence classes of m which are the equivalence classes of this
relation.
By the Division Algorithm we may write a = km + r with 0 ≤ r < m. The number r is called the least
non-negative residue of a modulo m. We say that r is the result of reducing a modulo m. A commonly
used notation here is a mod m = r. In fact, we have that a ≡ r (mod m). That is to say that every integer
a ∈ Z is congruent to precisely one of the numbers {0, 1, . . . , m − 1}. The latter are pairwise incongruent
giving rise to the following definition.
Definition 1.6. A complete system of residues modulo m is a set of integers such that every a ∈ Z is
congruent to precisely one member of the set modulo m.
Through the Division Algorithm we learn that for m ∈ Z+ the set {0, 1 . . . , m − 1} is a complete
system of residues modulo m. Consequently, one often refers to the congruence classes modulo m as
0 (mod m), 1 (mod m), . . . , (m − 1) (mod m). This is the canonical choice for such a set and we refer to
it as the set of least non-negative residues modulo m.
Another complete system of residues modulo m is
−
m−1 m−3
m−3 m−1
,−
, . . . , −1, 0, 1, . . . ,
,
.
2
2
2
2
in case m is odd.
§2. Modular arithmetics
Theorem 2.1. Let a, b, c ∈ Z and let m ∈ Z+ such that a ≡ b (mod m). Then the following holds.
1. Addition. a + c ≡ b + c (mod m).
2. Subtraction. a − c ≡ b − c (mod m).
3. Multiplication. ac ≡ bc (mod m).
Proof.
1. As m | a − b and a − b = (a + c) − (b + c) we have that m | ((a + c) − (b + c)) and the addition
property follows.
2. The subtraction property is proved is a similar manner using the identity a − b = (a − c) − (b − c).
3. For the multiplication property note that ac − bc = c(a − b). As m | a − b it follows that m | c(b − a)
and the claim follows.
2
Number Theory ArielU 2016
Elad Aigner-Horev
Division though is an operation that is not supported by congruences classes. For instance we have
that 14 ≡ 8 (mod 6) as 6 | 14 − 8. Rewriting this we have that 7 · 2 ≡ 4 · 2 (mod 6). The common factor 2
cannot be reduced, however. Indeed, 7 6≡ 4 (mod 6).
Theorem 2.2. Let a, b, c ∈ Z, let m ∈ Z+ , and let d = (c, m). If ac ≡ bc (mod m) then a ≡ b (mod m/d).
Proof. As m | c(a − b), by assumption, then ca − cb = km for some k ∈ Z. We may write c = dr and
m = ds where (s, r) = 11 . Substituting we get r(a − b) = ks. That is s | r(a − b). As (s, r) = 1, it follows
that s | (a − b), by Lemma 1.8 in the Primes lecture. As s = m/d the claim follows.
In Theorem 2.2 suppose that c ≡ 0 (mod m) so that c = km for some k ∈ Z. Then (c, m) = m. The
assertion of Theorem 2.2 in this case would be that a ≡ b (mod 1) which is a triviality.
Example 2.3. Rewrite 50 ≡ 20 (mod 15) as 10 · 5 ≡ 2 · 10 (mod 15). As (15, 10) = 5 we have that
5 ≡ 2 (mod 3).
Theorem 2.2 becomes very powerful when (c, m) = 1 as then there is no change in the modulus.
Corollary 2.4. Let a, b, c ∈ Z and let m ∈ Z+ such that (c, m) = 1. If ac ≡ bc (mod m) then
a ≡ b (mod m).
Another corollary of interest in the venue of Theorem 2.2 is the case that m = p is prime. In which case
(c, p) = 1 is equivalent to p 6 |c.
Corollary 2.5.
a ≡ b (mod p).
Let a, b, c ∈ Z and let p be prime such that p 6 |c. Then if ac ≡ bc (mod p) then
Example 2.6. It is trivial that if a ≡ 0 (mod m) and b ≡ 0 (mod m) then ab ≡ 0 (mod m).
Indeed, this is implied by the multiplication property in Theorem 2.7 (below) or more simply from the
fact that the product of two numbers divisible by m results in a number divisible by m. Suppose now that
a 6≡ 0 (mod m) and that b 6≡ 0 (mod m). Is it true that ab 6≡ 0 (mod m)? Not necessarily. For instance
5 6≡ 0 (mod 25) yet 5 · 5 ≡ 0 (mod 25).
Theorem 2.7. Let a, b, c, d ∈ Z and let m ∈ Z+ such that a ≡ b (mod m) and c ≡ d (mod m). Then:
1. Addition. a + c ≡ b + d (mod m).
2. Subtraction. a − c ≡ b − d (mod m).
3. Multiplication. ac ≡ bd (mod m).
Proof. By assumption we have that
a − b = km and c − d = `m.
1. Note that a + c − (b + d) = (a − b) + (c − d); the claim follows by (2.8).
2. Note that a − c − (b − d) = (a − b) − (c − d); the claim follows by (2.8).
3. Here we note that
ac − bd = ac − bc + bc − bd = c(a − b) + b(c − d) = kmc + `mb = m(kc + b`);
and the claim follows.
1
If (s, r) > 1 then d(s, r) is a common multiple of m and c greater than d.
3
(2.8)
Number Theory ArielU 2016
Elad Aigner-Horev
Example 2.9. As 13 ≡ 3 (mod 5) and 7 ≡ 2 mod 5 then 13 + 7 ≡ 3 + 2 (mod 5).
Corollary 2.10. Let a, b ∈ Z and let m ∈ Z+ . If ab ≡ 0 (mod m) and (a, m) = 1 then b ≡ 0 (mod m).
Proof. Surely ab ≡ a · 0 (mod m). As (a, m) = 1 we have by Corollary 2.4 that b ≡ 0 (mod m).
Corollary 2.11.
b ≡ 0 (mod m).
Let a, b ∈ Z and let p be prime. If ab ≡ 0 (mod p) then a ≡ 0 (mod p) or
Proof. Suppose that a 6≡ 0 (mod p). Then (a, p) = 1 and b ≡ 0 (mod p) by Corollary 2.10.
We conclude this section with the operation of raising congruence classes to a power. The polynomial
factoring identity
a2 − b2 = (a − b)(a + b)
is known to us from high school. This identity generalises as follows for k ≥ 2.
ak − bk = (a − b)(ak−1 + ak−2 b + ak−3 b2 + · · · + abk−2 + bk−1 ).
(2.12)
The following asserts that congruence is preserved if both sides are raised to the power of the same positive
integer.
Theorem 2.13. Let a, b ∈ Z and let k, m ∈ Z+ . If a ≡ b (mod m) then ak ≡ bk (mod m).
Proof. By (2.12) we have that (a − b) | (ak − bk ). As m | a − b, by assumption, it follows that m | ak − bk .
An alternative proof would be to simply apply the multiplication property seen in Theorem 2.7 k times
with a on the left and b on the right.
Example 2.14. Suppose that a2 ≡ b2 (mod m). Does that imply that a ≡ b (mod m)? Not necessarily.
Note that 52 ≡ 42 (mod 3) as 25 − 16 = 9. However, 5 6≡ 4 (mod 3).
§3. Complete sets of residues
The pigeonhole principle. if n pigeons are distributed into at most n − 1 pigeonholes then after
the distribution there would be a pigeonhole with at least two pigeons in it.
Proposition 3.1. Let m ∈ Z+ . A(ny) set of m incongruent integers forms a complete set of residues
modulo m.
Proof. For a set S of size m we have that each s ∈ S satisfies s = ks m + rs , by the division algorithm.
Put R := {rs : s ∈ S}. Suppose now towards contradiction that S consists of incongruent integers and
yet does not form a complete set of residues modulo m. Then |R| ≤ m − 1 so that there exist s, s0 ∈ S
with s 6= s0 such that rs = rs0 , by the pigeonhole principle. Then s and s0 are congruent modulo m;
contradiction.
Given a finite set X = {x1 , . . . , xk } ⊆ Z, the set
aX + b := {ax1 + b, . . . , axk + b}
is called a generalised arithmetic progression.
Proposition 3.2. Let R be a complete set of residues modulo m, and let a ∈ Z such that (a, m) = 1.
4
Number Theory ArielU 2016
Elad Aigner-Horev
Then the generalised arithmetic progressions aR +b is a complete set of residues modulo m for every b ∈ Z.
Proof. Fix b ∈ Z. By Proposition 3.1, it suffices to show that the members of a + bR are incongruent
modulo m. To that end, fix r, r0 ∈ R such that r 6= r and consider ar + b and ar0 + b and assume towards
a contradiction that
ar + b ≡ ar0 + b (mod m).
Then, by the addition property (see Theorem 2.1),
ar ≡ ar0 (mod m).
By Theorem 2.2 then we have that
r ≡ r0 (mod m);
contradiction to the assumption that r and r0 are incongruent.
§4. Combining moduli
Definition 4.1. The least common multiple of k non-zero integers m1 , . . . , mk , denoted lcm(m1 , . . . , mk ),
is the positive integer m satisfying:
1. mi | m for every i ∈ [k], and
2. whenever mi | ` for every i ∈ [k] then m | `.
Proposition 4.2. Let m1 , . . . , mk be positive integers. If a ≡ b (mod mi ) for every i ∈ [k] then
a ≡ b (mod lcm(m1 , . . . , mk )).
Proof. By assumption mi | a − b for every i ∈ [k]. Then a − b is a common multiple of (mi )i∈[k] and thus
lcm(m1 , . . . , mk ) | a − b and the claim follows.
If m1 , . . . , mk are relatively prime then lcm(m1 , . . . , mk ) = m1 · m2 · · · · mk . Indeed, by Theorem 5.3
in the Divisibility lecture of our course we have that lcm(m1 , m2 ) = m1 m2 /(m1 , m2 ). This extends to
lcm(m1 , . . . , mk ) = (m1 · m2 · · · · mk )/(m1 , . . . , mk ) (by induction). This fact together with Proposition 4.2
yields the following.
Corollary 4.3. Let m1 , . . . , mk be positive integers that are pairwise co-prime. If a ≡ b (mod mi ) for
every i ∈ [k] then a ≡ b (mod m1 · m2 · · · · mk ).
§5. Linear congruences
An equation of the form
ax ≡ b (mod m)
(5.1)
with x unknown is called a linear congruence. If x0 is a solution, i.e., ax0 ≡ b (mod m) and x1 ≡
x0 (mod m) then ax1 ≡ ax0 (mod m) so that x1 is a solution to the equation as well. To see this suppose
that ax0 − b = km and that x0 − x1 = k 0 m. Then ax1 − b = a(x0 − k 0 m) − b = ax0 − b − ak 0 m = m(k − ak 0 )
so that m | ax1 − b. We arrive at the following message:
if x0 is a solution to (5.1) then every y ≡ x (mod M ) forms a solution to (5.1) as well.
5
Number Theory ArielU 2016
Elad Aigner-Horev
Consequently, we are rather interested in how many incongruent solutions Equation (5.1) yields.
Note now that Theorem 1.3 yields that linear congruences are equivalent to linear Diophantine equations (see § 6 of the Divisibility lecture for details on the latter). Indeed, by Theorem 1.3 we have that
ax ≡ b (mod m) if and only if ax = b + km for some k ∈ Z. This means that in order to solve (5.1) we
actually have to solve the linear Diophantine equation
ax − my = b,
(5.2)
where x and y are the sole variables that we seek in Z. By Lemma 6.2 in the Divisibility lecture
(5.2) has a solution if and only if (a, m) | b.
(5.3)
By Lemma 6.3 in the Divisibility lecture, if the diophantine equation (5.2) has a solution it in fact has
infinitely many solutions given by
m
a
x = x0 +
t, y = y0 +
t, t ∈ Z
(a, m)
(a, m)
where x = x0 and y = y0 is a particular solution to the equation. The following theorem asserts that these
infinitely many solutions can be arranged in precisely (a, m) congruence classes modulo m. Moreover, the
proof of this theorem will reveal that in order to find these congruence classes modulo m into which the
solutions fit it suffices to consider a complete set of residues modulo (a, m) (see (5.5) below for details).
Theorem 5.4. Let a, b ∈ Z, let m ∈ Z+ , and put d = (a, m).
1. If d 6 |b then (5.1) has no solutions.
2. Otherwise (5.1) has d incongruent solutions modulo m.
Proof. By (5.2) the equation ax ≡ b (mod m) has no solutions if d 6 |b. If on the other hand d | b then by
Lemma 6.3 in the Divisibility lecture, the diophantine equation ax − my = b has infinitely many solutions
of the form
m
a
x = x0 +
t, y = y0 +
t, t ∈ Z
d
d
where x = x0 and y = y0 is a particular solution to the equation. The values of x given by x = x0 + m
d t
are all solutions to ax ≡ b (mod b).
It remains to show that these infinitely many solutions are partitioned into precisely d congruence
classes modulo m. To that end we find a condition in order to determine when
two solutions forx are
congruent modulo m. In particular we show the following. Let x1 = x0 + m
t
and
x2 = x0 + m
1
d
d t2 be
two solutions for x.
x1 ≡ x2 (mod m) if and only if t1 ≡ t2 (mod d).
(5.5)
This in turn implies that if we let t range over a complete set of residues modulo d then this will produce
a set of size d of values for x that are all incongruent modulo m. As a complete set of residues modulo d
has size d this in particular shows that one cannot generate more than d incongruent values for x that are
incongruent modulo m.
It remains to prove (5.5). We show one direction as one can note that the proof can easily be reversed
to yield to other direction. Suppose that
m
m
x0 +
t1 ≡ x0 +
t2 (mod m).
d
d
Then by Theorem 2.1 we may cancel x0 so that
m
m
t1 ≡
t2 (mod m).
d
d
6
Number Theory ArielU 2016
Elad Aigner-Horev
By Theorem 2.2
t1 ≡ t2 (mod
where D = (m, m/d). As
m
d
m
),
D
| m we have that D = m/d so that
t1 ≡ t2 (mod d),
and (5.5) follows and thus concluding the proof of the theorem.
Example 5.6. Find all incongruent solutions to the equation 2x ≡ 1 (mod 2). Here we have that
(2, 2) = 2 6 |1 so the are no solutions to this equation. More generally, mx ≡ 1 (mod m) has no solutions
for the same reason.
Example 5.7.
Find all solutions to the equation 9x ≡ 12 (mod 15). We start by noting that
(15, 9) = 3 | 12 so that there are three incongruent solutions modulo 15, by Theorem 5.4. From the proof
of this theorem we know that the solutions have the form
x = x0 + (15/3) · t, t ∈ Z.
We are missing x0 . To find x0 we consider the linear diophantine equation 9x − 15y = 12. We have learned
how to solve such equations in the lecture on Divisibility. We are now looking for some solution to this
diophantine equation the x-part of which we will use as x0 .
We apply the extended Euclid’s algorithm. Euclid’s algorithm for (15, 9); the first phase of which is to
generate the equation of Euclid’s algorithm for (15, 9):
15 = 1 · 9 + 6
9=1·6+3
6 = 2 · 3 + 0.
Using these equations we express 3 = (15, 9) as a linear combination of 15 and 9.
3 = 9 − 6 = 9 − (15 − 9) = (−1) · 15 + 2 · 9.
As 3 · 4 = 12 then ((−1) · 15 + 2 · 9) · 4 = 12 so that
9 · 8 + 15 · (−4) = 12.
The value x0 = 8 and y0 = −4 form a solution to the linear diophantine equation 9x + 15y = 12. We use
x0 = 8 to generate all solution to the linear congruence 9x ≡ 12 (mod 15):
x = 8 + (15/3)t = 8 + 5t, t ∈ Z.
This infinite set of solutions is partitioned into precisely three congruences classes modulo 15. To discover
which classes are those it is sufficient to let t range over a complete set of residues modulo 3. The canonical
choice is naturally {0, 1, 2}. This gives us that the solutions to 9x ≡ 12 (mod 15) are partitioned amongst
the congruence classes 8 (mod 15), 13 (mod 15), and 18 (mod 15), where the latter is equivalent to
3 (mod 15).
7
Number Theory ArielU 2016
Elad Aigner-Horev
§5.1 Modular inverse.
Corollary 5.8. If in (5.1) we have (a, m) = 1 then (5.1) has a unique solution modulo m.
That is, if (a, m) = 1 in (5.1) then there are infinitely many solutions in the integers but they all fall into
a single congruence class modulo m.
Of special interest to us are equations of the form
ax ≡ 1 (mod m);
(5.9)
such equations have a unique solution modulo m if and only if (a, m) = 1 giving rise to the following
definition.
Definition 5.10. Let a ∈ Z and let m ∈ Z+ such that (a, m) = 1. The (unique) solution modulo m
to (5.9) is called the inverse of a modulo m.
An alternative way to define the inverse relation is to say that two integers a and ã are called inverses of
one another modulo m if ãa ≡ 1 (mod m).
There is a subtle point here in the phrase inverse of a modulo m. This phrase poses the following
question. Consider the congruence class of m containing a. Which of the other congruence classes of m
should serve as the inverse to this class? Now, as the members of any congruence class are equivalent to
one another (with respect to division by m) we can reduce this problem to working in the integers by
choosing any element we wish from a congruence class, say a, and ask for another integer x such that
ax ≡ 1 (mod m). Then we have to remember it is not that a and x are inverse of one another it is the
congruence class modulo m containing a and the congruence class modulo m containing x that are inverse
to one another.
Example 5.11. What is the inverse of 7 modulo 31? We start with the equation 7x ≡ 1 (mod 31).
Solving this linear congruence we find that all solutions x to this equation must satisfy x ≡ 9 (mod 31).
This means that the inverse of the class 7 (mod 31) is the class 9 (mod 31). It is not the case that 7 is
the inverse of 9 in the integers.
Example 5.12. As (5, 10) 6= 1, 5 has no inverse modulo 10.
Example 5.13. Let us consider the equation ax ≡ b (mod m) and multiply both of its sides with the
inverse of a, namely ã. We get ã(ax) ≡ (ãa)x ≡ ãb (mod m) so that x ≡ ãb (mod m).
A corollary of Theorem 5.4 is the following.
Corollary 5.14. Let p be a prime. Then for every a ∈ [1, p − 1] has an inverse modulo p.
In Definition 5.10 we do not require that a 6= ã. According to this definition if a2 ≡ 1 (mod m) then a
is its own inverse modulo m. Consider for instance the integer 6 which satisfies 6 ≡ 1 (mod 5). Note that
36 = 7 · 5 + 1 so that 36 ≡ 1 (mod 5). We reach that 6 is its own inverse modulo 5. The following lemma
aids in classifying when an integer is its own inverse.
The following lemma asserts that only 1 and p − 1 are their own inverses modulo p where p is a prime.
Lemma 5.15. Let a ∈ Z and let p be a prime. Then a is its own inverse modulo p if and only if
a ≡ 1 (mod p) or a ≡ −1 (mod p).
Proof. Assume first that a ≡ 1 (mod p) or a ≡ −1 (mod p). Then a2 ≡ 1 (mod p) in both cases so
that a is its own inverse modulo p by definition. Assume second that a is its own inverse modulo p. Then
a2 ≡ 1 (mod p) so that p | a2 − 1. As a2 − 1 = (a − 1)(a + 1) we have that p | a − 1 or p | a + 1, by
Corollary 1.9 in the Primes lecture. In the former case a ≡ 1 (mod m). In the latter case a ≡ −1 (mod m).
8
Number Theory ArielU 2016
Elad Aigner-Horev
We used the fact that p is prime when we applied Corollary 1.9 from the Primes lecture. This corollary
does not hold for composite numbers. Consequently we cannot replace p in Lemma 5.15 with a composite
number m. The following result shows that the behaviour seen in Lemma 5.15 persists also for powers of
primes as long as the base of the power is bigger than 2.
Lemma 5.16. Let p ≥ 3 be prime, let k ∈ Z+ , and let a ∈ Z. Then a is its own inverse modulo pk if and
only if a ≡ ±1 (mod pk ).
Proof. Instead of proving an if and only if statement in the traditional sense (as we did in Lemma 5.15)
let us phrase the problem as a congruence problem. This comes in the following form. We seek all the
numbers x satisfying x2 ≡ 1 mod pk . We will show that this quadratic congruence has precisely two
solutions, namely x ≡ ±1 (mod pk ).
If x2 ≡ 1 (mod pk ) then pk | x2 − 1 = (x − 1)(x + 1). As the difference between x + 1 and x − 1 is 2
and as p ≥ 3 then p, and consequently pk , can divide precisely one of these terms (recall that amongst 3
consecutive numbers only one is a multiple of 3)2 . If pk | x − 1 we have that x ≡ 1 (mod p). If pk | x + 1
we have that x ≡ −1 (mod p).
Lemma 5.16 left the case of p = 2 unanswered. We shall deal with this case in the practical session.
Example 5.17.
1. Inverses modulo 3:
Class
Inverse
0 (mod 3)
None
1 (mod 3)
1 (mod 3)
2 (mod 3)
2 (mod 3)
0 (mod 5)
None
1 (mod 5)
1 (mod 5)
2 (mod 5)
3 (mod 5)
3 (mod 5)
2 (mod 5)
4 (mod 5)
4 (mod 5)
1 (mod 7)
1 (mod 7)
2 (mod 7)
4 (mod 7)
3 (mod 7)
5 (mod 7)
4 (mod 7)
2 (mod 7)
5 (mod 7)
3 (mod 7)
2. Inverses modulo 5:
Class
Inverse
3. Inverses modulo 7:
Class
Inverse
0 (mod 7)
None
6 (mod 7)
6 (mod 7)
At this stage we are only capable to determine the inverse of an a ∈ [1, p − 1] modulo a prime p by
solving the related linear congruence. In the sequel we shall prove the so called Euler’s theorem through
which we a corollary of which is that
a · ap−2 ≡ 1 (mod p)
(5.18)
for every a ∈ [1, p − 1]. That is ap−2 is the inverse of a modulo p.
Example 5.19. What is the inverse of 3 (mod 11)? We seek 311−2 = 39 (mod 11). We start by noticing
that 27 = 33 ≡ 5 (mod 11). Then:
34 ≡ 5 · 1 ≡ 15 ≡ 4 (mod 11)
35 ≡ 3 · 4 ≡ 12 ≡ 1 (mod 11)
36 ≡ 3 (mod 11)
37 ≡ 9 (mod 11)
38 ≡ 27 ≡ 5 (mod 11)
39 ≡ 3 · 5 ≡ 15 ≡ 4 (mod 11).
2
This is precisely the point where the proof fails for p = 2 as for p = 2 we may have p | x − 1 and p | x + 1 simultaneously.
9
Number Theory ArielU 2016
Elad Aigner-Horev
The inverse of 3 (mod 11) is 4 (mod 11).
Example 5.20. The last example required quite a bit of effort just to find a single inverse element
modulo 11. Let us now demonstrate an easier way of finding all inverse pairings modulo 11. We may
ignore 1 (mod 11) and 10 (mod 11) as these are their own inverses. For the rest of the classes between
2 and 9 we are looking for pairs of numbers whose multiplication gives rise to a multiple of 11 plus 1 as
follows.
The first multiple of 11 is 11 itself. Here we note that
2 · 6 ≡ 12 ≡ 1 (mod 11) and 3 · 4 ≡ 12 ≡ 1 (mod 11),
so 2 (mod 11) and 6 (mod 11) are inverses of one another as well as 3 (mod 11) and 4 (mod 11). To
find the inverse of 5 (mod 11) we look for a multiple of 11 closet to a multiple of 5. Here we have that
5 · 9 ≡ 45 ≡ 1 (mod 11) so 5 (mod 11) and 9 (mod 11) are inverses of one another. At this point
we are left with 7 (mod 11) and 8 (mod 11) so we know these are inverses of one another. Indeed,
7 · 8 ≡ 56 ≡ 1 (mod 11).
10