<buttonid="sidebar-toggle"class="icon-button"type="button"title="Toggle Table of Contents"aria-label="Toggle Table of Contents"aria-controls="sidebar">
<inputtype="search"id="searchbar"name="searchbar"placeholder="Search this book ..."aria-controls="searchresults-outer"aria-describedby="searchresults-header">
operators <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">+</span></span></span></span> and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">×</span></span></span></span> such that various <ahref="https://en.wikipedia.org/wiki/Field_(mathematics)#Classic_definition">field axioms</a> hold. The real
numbers <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">R</span></span></span></span> are an example of a field with uncountably many elements.</p>
<li>if <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">F</span></span></span></span> is a finite field, it contains <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord">∣</span><spanclass="mord mathbb">F</span><spanclass="mord">∣</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0435em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal">p</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span> elements for some
integer <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8304em;vertical-align:-0.136em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≥</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> and some prime <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span>;</li>
all of the arithmetic in a prime field <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> is isomorphic to addition and
multiplication of integers modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span>, i.e. in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">Z</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span>. This is why we often
refer to <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span> as the <em>modulus</em>.</li>
<p>We'll write a field as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03588em;">q</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">q</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0435em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal">p</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>. The prime <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span> is called its
<em>characteristic</em>. In the cases where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7335em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">></span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> the field <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03588em;">q</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> is a <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span></span></span></span>-degree
extension of the field <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span>. (By analogy, the complex numbers
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">C</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord mathbb">R</span><spanclass="mopen">(</span><spanclass="mord mathnormal">i</span><spanclass="mclose">)</span></span></span></span> are an extension of the real numbers.) However, in Halo we do
not use extension fields. Whenever we write <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> we are referring to what
we call a <em>prime field</em> which has a prime <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span> number of elements, i.e. <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>.</p>
<li>There are two special elements in any field: <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span>, the additive identity, and
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>, the multiplicative identity.</li>
inverse (negation). This is because for some nonzero element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> which has a least
significant bit <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span> we have that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">−</span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> has a least significant bit <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>, and vice
versa. We could also use whether or not an element is larger than <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord">1</span><spanclass="mclose">)</span><spanclass="mord">/2</span></span></span></span> to give
<p>Groups are simpler and more limited than fields; they have only one binary operator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span>
and fewer axioms. They also have an identity, which we'll denote as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>.</p>
<p>Any non-zero element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> in a group has an <em>inverse</em><spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span></span></span></span>,
which is the <em>unique</em> element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span></span></span></span> such that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>.</p>
<p>For example, the set of nonzero elements of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> forms a group, where the
<h4id="aside-additive-vs-multiplicative-notation"><aclass="header"href="#aside-additive-vs-multiplicative-notation">(aside) Additive vs multiplicative notation</a></h4>
<p>If <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span> is written as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">×</span></span></span></span> or omitted (i.e. <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span></span></span></span> written as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">ab</span></span></span></span>), the
identity as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>, and inversion as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span></span></span></span>, as we did above, then we say that the group
is "written multiplicatively". If <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span> is written as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">+</span></span></span></span>, the identity as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span> or
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathcal"style="margin-right:0.02778em;">O</span></span></span></span>, and inversion as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord">−</span><spanclass="mord mathnormal">a</span></span></span></span>, then we say it is "written additively".</p>
<p>for nonnegative <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span></span></span></span> and call this "scalar multiplication"; we also often use uppercase
<p>and call this "exponentiation". In either case we call the scalar <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span></span></span></span> such that
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">[</span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mclose">]</span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> or <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.0435em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> the "discrete logarithm" of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> to base <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span>. We can extend
scalars to negative integers by inversion, i.e. <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">[</span><spanclass="mord">−</span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mclose">]</span><spanclass="mord mathnormal">A</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">+</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">[</span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mclose">]</span><spanclass="mord mathnormal">A</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathcal"style="margin-right:0.02778em;">O</span></span></span></span> or
<p>The <em>order</em> of an element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> of a finite group is defined as the smallest positive integer
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span></span></span></span> such that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> (in multiplicative notation) or <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">[</span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mclose">]</span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathcal"style="margin-right:0.02778em;">O</span></span></span></span> (in additive
notation). The order <em>of the group</em> is the number of elements.</p>
<p>Groups always have a <ahref="https://en.wikipedia.org/wiki/Generating_set_of_a_group">generating set</a>, which is a set of elements such that we can produce
any element of the group as (in multiplicative terminology) a product of powers of those
elements. So if the generating set is <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.3361em;"><spanstyle="top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">1..</span><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span>, we can produce any element of the group
as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:2.5138em;vertical-align:-0.9777em;"></span><spanclass="mop op-limits"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:1.5361em;"><spanstyle="top:-2.1223em;margin-left:0em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">i</span><spanclass="mrel mtight">=</span><spanclass="mord mtight">1</span></span></span></span><spanstyle="top:-3em;"><spanclass="pstrut"style="height:3em;"></span><span><spanclass="mop op-symbol small-op">∏</span></span></span><spanstyle="top:-3.95em;margin-left:0em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.9777em;"><span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7463em;"><spanstyle="top:-2.4231em;margin-left:-0.0359em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span><spanstyle="top:-3.1449em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">a</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.3281em;"><spanstyle="top:-2.357em;margin-left:0em;margin-right:0.0714em;"><spanclass="pstrut"style="height:2.5em;"></span><spanclass="sizing reset-size3 size1 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.143em;"><span></span></span></span></span></span></span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2769em;"><span></span></span></span></span></span></span></span></span></span>. There can be many different generating sets for a
a single element — call it <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span>. In that case we can say that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span> generates the group, and
that the order of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span> is the order of the group.</p>
<p>Any finite cyclic group <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span></span></span></span> of order <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span> is <ahref="https://en.wikipedia.org/wiki/Isomorphism">isomorphic</a> to the integers
modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span> (denoted <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord mathbb">Z</span><spanclass="mord">/</span><spanclass="mord mathnormal">n</span><spanclass="mord mathbb">Z</span></span></span></span>), such that:</p>
<li>the operation <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span> in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span></span></span></span> corresponds to addition modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span>;</li>
<li>the identity in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span></span></span></span> corresponds to <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span>;</li>
<li>some generator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7335em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span></span></span></span> corresponds to <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>.</li>
<p>Given a generator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span>, the isomorphism is always easy to compute in the
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord mathbb">Z</span><spanclass="mord">/</span><spanclass="mord mathnormal">n</span><spanclass="mord mathbb">Z</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">→</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span></span></span></span> direction; it is just <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.522em;vertical-align:-0.011em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">↦</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8588em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.6644em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">a</span></span></span></span></span></span></span></span></span></span></span>
(or in additive notation, <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.522em;vertical-align:-0.011em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">↦</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">[</span><spanclass="mord mathnormal">a</span><spanclass="mclose">]</span><spanclass="mord mathnormal"style="margin-right:0.03588em;">g</span></span></span></span>).
It may be difficult in general to compute in the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6889em;"></span><spanclass="mord mathbb">G</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">→</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord mathbb">Z</span><spanclass="mord">/</span><spanclass="mord mathnormal">n</span><spanclass="mord mathbb">Z</span></span></span></span>
<p>If the order <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span> of a finite group is prime, then the group is cyclic, and every
<h3id="the-multiplicative-group-of-a-finite-field"><aclass="header"href="#the-multiplicative-group-of-a-finite-field">The multiplicative group of a finite field</a></h3>
<p>We use the notation <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> for the multiplicative group (i.e. the group
operation is multiplication in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span>) over the set <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">{</span><spanclass="mord">0</span><spanclass="mclose">}</span></span></span></span>.</p>
<p>A quick way of obtaining the inverse in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> is <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">p</span><spanclass="mbin mtight">−</span><spanclass="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span>.
that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6644em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.6644em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord mathnormal">p</span><spanclass="mclose">)</span></span></span></span> for any integer <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span>. If <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> is nonzero, we can divide by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> twice
to get <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">p</span><spanclass="mbin mtight">−</span><spanclass="mord mtight">2</span></span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mord">.</span></span></span></span></p>
<p>Let's assume that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span> is a generator of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>, so it has order <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>
(equal to the number of elements in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>). Therefore, for any element in
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.5782em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> there is a unique integer <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6986em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">{</span><spanclass="mord">0..</span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord">2</span><spanclass="mclose">}</span></span></span></span> such that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span></span></span></span>.</p>
<p>Notice that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6667em;vertical-align:-0.0833em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">×</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span></span></span></span> where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">a</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> can really be interpreted as
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.908em;vertical-align:-0.0833em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">×</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span></span></span></span> and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span>. Indeed, it holds that
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.908em;vertical-align:-0.0833em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">×</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">i</span><spanclass="mbin mtight">+</span><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span></span> for all <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7804em;vertical-align:-0.136em;"></span><spanclass="mord">0</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≤</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.854em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">i</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord mathnormal"style="margin-right:0.05724em;">j</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel"><</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>. As a result
the multiplication of nonzero field elements can be interpreted as addition modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>
with respect to some fixed generator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span>. The addition just happens "in the exponent."</p>
<p>This is another way to look at where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">a</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">p</span><spanclass="mbin mtight">−</span><spanclass="mord mtight">2</span></span></span></span></span></span></span></span></span></span></span></span> comes from for computing inverses in the
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>, which are quite computationally expensive compared to multiplication.</p>
<p>Imagine we need to compute the inverses of three nonzero elements <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">a</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord mathnormal">b</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord mathnormal">c</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>.
Instead, we'll compute the products <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">x</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">ab</span></span></span></span> and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">y</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">x</span><spanclass="mord mathnormal">c</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">ab</span><spanclass="mord mathnormal">c</span></span></span></span>, and compute the inversion</p>
<p>We can now multiply <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.04398em;">z</span></span></span></span> by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">x</span></span></span></span> to obtain <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1901em;vertical-align:-0.345em;"></span><spanclass="mord"><spanclass="mopen nulldelimiter"></span><spanclass="mfrac"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8451em;"><spanstyle="top:-2.655em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">c</span></span></span></span><spanstyle="top:-3.23em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="frac-line"style="border-bottom-width:0.04em;"></span></span><spanstyle="top:-3.394em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">1</span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.345em;"><span></span></span></span></span></span><spanclass="mclose nulldelimiter"></span></span></span></span></span> and multiply <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.04398em;">z</span></span></span></span> by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">c</span></span></span></span> to obtain
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1901em;vertical-align:-0.345em;"></span><spanclass="mord"><spanclass="mopen nulldelimiter"></span><spanclass="mfrac"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8451em;"><spanstyle="top:-2.655em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight">ab</span></span></span></span><spanstyle="top:-3.23em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="frac-line"style="border-bottom-width:0.04em;"></span></span><spanstyle="top:-3.394em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">1</span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.345em;"><span></span></span></span></span></span><spanclass="mclose nulldelimiter"></span></span></span></span></span>, which we can then multiply by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">a</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord mathnormal">b</span></span></span></span> to obtain their respective inverses.</p>
<p>A <em>subgroup</em> of a group <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal">G</span></span></span></span> with operation <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span>, is a subset of elements of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal">G</span></span></span></span> that
also form a group under <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4445em;"></span><spanclass="mord">⋅</span></span></span></span>.</p>
<p>In the previous section we said that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span> is a generator of the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mord">1</span><spanclass="mclose">)</span></span></span></span>-order
multiplicative group <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>. This group has <em>composite</em> order, and so by
let's imagine that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">11</span></span></span></span>, and so <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> factors into <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">5</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>. Thus, there is a
generator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span></span></span></span> of the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">5</span></span></span></span>-order subgroup and a generator <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05556em;">γ</span></span></span></span> of the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>-order
subgroup. All elements in <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>, therefore, can be written uniquely as
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05556em;">γ</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> for some <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span></span></span></span> (modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">5</span></span></span></span>) and some <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.854em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05724em;">j</span></span></span></span> (modulo <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>).</p>
<p>If we have <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05556em;">γ</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> notice what happens when we compute</p>
<p>we have effectively "killed" the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">5</span></span></span></span>-order subgroup component, producing a value in the
<p><ahref="https://en.wikipedia.org/wiki/Lagrange%27s_theorem_(group_theory)">Lagrange's theorem (group theory)</a> states that the order of any subgroup
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal"style="margin-right:0.08125em;">H</span></span></span></span> of a finite group <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal">G</span></span></span></span> divides the order of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal">G</span></span></span></span>. Therefore, the order of any subgroup
of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> must divide <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1.</span></span></span></span></p>
<p>with <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal"style="margin-right:0.05764em;">S</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">32</span></span></span></span> and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6833em;"></span><spanclass="mord mathnormal"style="margin-right:0.13889em;">T</span></span></span></span> odd (i.e. <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> has 32 lower zero-bits). This means they have
multiplicative subgroups of order <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span> for all <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8304em;vertical-align:-0.136em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≤</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">32</span></span></span></span>. These 2-adic subgroups are
<p>In a field <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.975em;vertical-align:-0.2861em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.1514em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2861em;"><span></span></span></span></span></span></span></span></span></span> exactly half of all nonzero elements are squares; the remainder
are non-squares or "quadratic non-residues". In order to see why, consider an <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span>
that generates the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>-order multiplicative subgroup of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> (this exists
because <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> is divisible by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span> since <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span> is a prime greater than <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>) and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span></span></span></span> that
generates the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span>-order multiplicative subgroup of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span><spanclass="mord mathnormal">t</span></span></span></span>.
Then every element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.5782em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> can be written uniquely as
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> with <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6986em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8389em;vertical-align:-0.15em;"></span><spanclass="mord"><spanclass="mord mathbb">Z</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.3011em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight">2</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span> and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.854em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05724em;">j</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8389em;vertical-align:-0.15em;"></span><spanclass="mord"><spanclass="mord mathbb">Z</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.2806em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">t</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span>. Half of all
elements will have <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span> and the other half will have <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span>.</p>
<p>Let's consider the simple case where <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6582em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≡</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">3</span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord">4</span><spanclass="mclose">)</span></span></span></span> and so <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> is odd (if <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> is
even, then <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> would be divisible by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">4</span></span></span></span>, which contradicts <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span></span></span></span> being <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">3</span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord">4</span><spanclass="mclose">)</span></span></span></span>).
If <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.5782em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> is a square, then there must exist
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> such that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">b</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight">2</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span>. But this means that</p>
<p>In other words, all squares in this particular field do not generate the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>-order
multiplicative subgroup, and so since half of the elements generate the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>-order subgroup
assume all squares can be written as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.6644em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">m</span></span></span></span></span></span></span></span></span></span></span> for some <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">m</span></span></span></span>, and therefore finding the
square root is a matter of exponentiating by <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord mathnormal">t</span><spanclass="mclose">)</span></span></span></span>.</p>
<p>In the event that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6582em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≡</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord">4</span><spanclass="mclose">)</span></span></span></span> then things get more complicated because
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord mathnormal">t</span><spanclass="mclose">)</span></span></span></span> does not exist. Let's write <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> with <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> odd. The
case <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0</span></span></span></span> is impossible, and the case <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span></span></span></span> is what we already described, so consider
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8304em;vertical-align:-0.136em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≥</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">2</span></span></span></span>. <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span> generates a <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>-order multiplicative subgroup and <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span></span></span></span> generates
the odd <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span>-order multiplicative subgroup. Then every element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.5782em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">a</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span>
can be written as <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0191em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span></span></span></span></span></span></span></span></span></span></span> for <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6986em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8915em;vertical-align:-0.2026em;"></span><spanclass="mord"><spanclass="mord mathbb">Z</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.3448em;"><spanstyle="top:-2.4974em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight"><spanclass="mord mtight">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.782em;"><spanstyle="top:-2.786em;margin-right:0.0714em;"><spanclass="pstrut"style="height:2.5em;"></span><spanclass="sizing reset-size3 size1 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2026em;"><span></span></span></span></span></span></span></span></span></span> and
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.854em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.05724em;">j</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8389em;vertical-align:-0.15em;"></span><spanclass="mord"><spanclass="mord mathbb">Z</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.2806em;"><spanstyle="top:-2.55em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">t</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.15em;"><span></span></span></span></span></span></span></span></span></span>. If the element is a square, then there exists some <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal">b</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.04em;vertical-align:-0.2397em;"></span><spanclass="mord sqrt"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8003em;"><spanclass="svg-align"style="top:-3em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="mord"style="padding-left:0.833em;"><spanclass="mord mathnormal">a</span></span></span><spanstyle="top:-2.7603em;"><spanclass="pstrut"style="height:3em;"></span><spanclass="hide-tail"style="min-width:0.853em;height:1.08em;"><svgxmlns="http://www.w3.org/2000/svg"width='400em'height='1.08em'viewBox='0 0 400000 1080'preserveAspectRatio='xMinYMin slice'><pathd='M95,702 c-2.7,0,-7.17,-2.7,-13.5,-8c-5.8,-5.3,-9.5,-10,-9.5,-14 c0,-2,0.3,-3.3,1,-4c1.3,-2.7,23.83,-20.7,67.5,-54 c44.2,-33.3,65.8,-50.3,66.5,-51c1.3,-1.3,3,-2,5,-2c4.7,0,8.7,3.3,12,10 s173,378,173,378c0.7,0,35.3,-71,104,-213c68.7,-142,137.5,-285,206.5,-429 c69,-144,104.5,-217.7,106.5,-221 l0 -0 c5.3,-9.3,12,-14,20,-14 H400000v40H845.2724 s-225.272,467,-225.272,467s-235,486,-235,486c-2.7,4.7,-9,7,-19,7 c-6,0,-10,-1,-12,-3s-194,-422,-194,-422s-65,47,-65,47z M834 80h400000v40h-400000z'/></svg></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.2397em;"><span></span></span></span></span></span></span></span></span>
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">≡</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.7519em;"></span><spanclass="mord">2</span><spanclass="mord"><spanclass="mord mathnormal">i</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7519em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">′</span></span></span></span></span></span></span></span></span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0991em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mclose">)</span></span></span></span> for any <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7519em;"></span><spanclass="mord"><spanclass="mord mathnormal">i</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7519em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">′</span></span></span></span></span></span></span></span></span></span></span></span>. In the case that <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">a</span></span></span></span> is not a square, then <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span></span></span></span> is
<p>and then raise this result to the power <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8141em;"></span><spanclass="mord"><spanclass="mord mathnormal">t</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8141em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mspace allowbreak"></span><spanclass="mspace"style="margin-right:0.4444em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.0991em;vertical-align:-0.25em;"></span><spanclass="mopen">(</span><spanclass="mord"><spanclass="mord"><spanclass="mord mathrm">mod</span></span></span><spanclass="mspace"style="margin-right:0.3333em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mclose">)</span></span></span></span> to undo the effect of the
original exponentiation on the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>-order component:</p>
<p>(since <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> is relatively prime to <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>). This leaves bare the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8247em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8247em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">i</span></span></span></span></span></span></span></span></span></span></span> value which we
can trivially handle. We can similarly kill the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>-order component to obtain
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:1.1814em;vertical-align:-0.1944em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.05278em;">β</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.9869em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.05724em;">j</span><spanclass="mbin mtight">⋅</span><spanclass="mord mtight"><spanclass="mord mtight">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8913em;"><spanstyle="top:-2.931em;margin-right:0.0714em;"><spanclass="pstrut"style="height:2.5em;"></span><spanclass="sizing reset-size3 size1 mtight"><spanclass="mord mtight"><spanclass="mord mtight">−</span><spanclass="mord mtight">1</span></span></span></span></span></span></span></span></span><spanclass="mspace allowbreak mtight"></span><spanclass="mspace mtight"style="margin-right:0.5204em;"></span><spanclass="mopen mtight">(</span><spanclass="mord mtight"><spanclass="mord mtight"><spanclass="mord mathrm mtight">mod</span></span></span><spanclass="mspace mtight"style="margin-right:0.3903em;"></span><spanclass="mord mathnormal mtight">t</span><spanclass="mclose mtight">)</span></span></span></span></span></span></span></span></span></span></span></span>, and put the values together to obtain the square root.</p>
<p>It turns out that in the cases <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8389em;vertical-align:-0.1944em;"></span><spanclass="mord">2</span><spanclass="mpunct">,</span><spanclass="mspace"style="margin-right:0.1667em;"></span><spanclass="mord">3</span></span></span></span> there are simpler algorithms that merge several
of these exponentiations together for efficiency. For other values of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03148em;">k</span></span></span></span>, the only known
way is to manually extract <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span></span></span></span> by squaring until you obtain the identity for every single
bit of <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6595em;"></span><spanclass="mord mathnormal">i</span></span></span></span>. This is the essence of the <ahref="https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm">Tonelli-Shanks square root algorithm</a> and
<p>In the previous sections we wrote <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7778em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal">p</span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">⋅</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> with <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.6151em;"></span><spanclass="mord mathnormal">t</span></span></span></span> odd, and stated that an
element <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.5782em;vertical-align:-0.0391em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">∈</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:1.1544em;vertical-align:-0.3831em;"></span><spanclass="mord"><spanclass="mord mathbb">F</span><spanclass="msupsub"><spanclass="vlist-t vlist-t2"><spanclass="vlist-r"><spanclass="vlist"style="height:0.7713em;"><spanstyle="top:-2.453em;margin-left:0em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">p</span></span></span><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mbin mtight">×</span></span></span></span><spanclass="vlist-s"></span></span><spanclass="vlist-r"><spanclass="vlist"style="height:0.3831em;"><span></span></span></span></span></span></span></span></span></span> generated the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8491em;"></span><spanclass="mord"><spanclass="mord">2</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.8491em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight"style="margin-right:0.03148em;">k</span></span></span></span></span></span></span></span></span></span></span>-order subgroup. For
are known as the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span>th <ahref="https://en.wikipedia.org/wiki/Root_of_unity">roots of unity</a>.</p>
<p>The <strong>primitive root of unity</strong>, <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.625em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.03588em;">ω</span><spanclass="mpunct">,</span></span></span></span> is an <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span>th root of unity such that
<p>If <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span> is an <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span>th root of unity, <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span></span></span></span> satisfies <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.7477em;vertical-align:-0.0833em;"></span><spanclass="mord"><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="msupsub"><spanclass="vlist-t"><spanclass="vlist-r"><spanclass="vlist"style="height:0.6644em;"><spanstyle="top:-3.063em;margin-right:0.05em;"><spanclass="pstrut"style="height:2.7em;"></span><spanclass="sizing reset-size6 size3 mtight"><spanclass="mord mathnormal mtight">n</span></span></span></span></span></span></span></span><spanclass="mspace"style="margin-right:0.2222em;"></span><spanclass="mbin">−</span><spanclass="mspace"style="margin-right:0.2222em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">1</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel">=</span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.6444em;"></span><spanclass="mord">0.</span></span></span></span> If
<spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="mord mathnormal"style="margin-right:0.0037em;">α</span><spanclass="mspace"style="margin-right:0.2778em;"></span><spanclass="mrel"><spanclass="mrel"><spanclass="mord vbox"><spanclass="thinbox"><spanclass="rlap"><spanclass="strut"style="height:0.8889em;vertical-align:-0.1944em;"></span><spanclass="inner"><spanclass="mord"><spanclass="mrel"></span></span></span><spanclass="fix"></span></span></span></span></span><spanclass="mrel">=</span></span><spanclass="mspace"style="margin-right:0.2778em;"></span></span><spanclass="base"><spanclass="strut"style="height:0.8389em;vertical-align:-0.1944em;"></span><spanclass="mord">1</span><spanclass="mpunct">,</span></span></span></span> then
In other words, if we square each element in the <spanclass="katex"><spanclass="katex-html"aria-hidden="true"><spanclass="base"><spanclass="strut"style="height:0.4306em;"></span><spanclass="mord mathnormal">n</span></span></span></span>th roots of unity, we would get back
<p><ahref="http://www.math.columbia.edu/~rf/numbertheory2.pdf">Friedman, R. (n.d.) "Cyclic Groups and Elementary Number Theory II" (p. 5).</a></p>