Further clarify notation and make sure that the discussion is correct for non-cyclic groups.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

book/src/background/fields.md

@@ -58,11 +58,14 @@ group operation is given by multiplication on the field.
 [group]: https://en.wikipedia.org/wiki/Group_(mathematics)
 
 > #### (aside) Additive vs multiplicative notation 
-> If $\cdot$ is written as $+$ and the identity as $0$ or $\mathcal{O}$, then we say the
-> group is "written additively". If $\cdot$ is written as $\times$ or omitted (i.e.
-> $a \cdot b$ written as $ab$) and the identity as $1$, then we say it is "written
-> multiplicatively". It's conventional to use additive notation for elliptic curve
-> groups, and multiplicative notation when the elements come from a finite field.
+> If $\cdot$ is written as $\times$ or omitted (i.e. $a \cdot b$ written as $ab$), the
+> identity as $1$, and inversion as $a^{-1}$, as we did above, then we say that the group
+> is "written multiplicatively". If $\cdot$ is written as $+$, the identity as $0$ or
+> $\mathcal{O}$, and inversion as $-a$, then we say it is "written additively".
+>
+> It's conventional to use additive notation for elliptic curve groups, and multiplicative
+> notation when the elements come from a finite field.
+>
 > When additive notation is used, we also write
 >
 > $$[k] A = \underbrace{A + A + \cdots + A}_{k \text{ times}}$$
@@ -78,29 +81,32 @@ group operation is given by multiplication on the field.
 > scalars to negative integers by inversion, i.e. $[-k] A + [k] A = \mathcal{O}$ or
 > $a^{-k} \times a^k = 1$.
 
-The _order_ of an element $a$ of a finite group is defined (in multiplicative notation)
-as the smallest positive integer $k$ such that $a^k = 1$. The order _of the group_ is
-the number of elements, which (for finite groups) is also the maximum order of any element.
+The _order_ of an element $a$ of a finite group is defined as the smallest positive integer
+$k$ such that $a^k = 1$ (in multiplicative notation) or $[k] a = \mathcal{O}$ (in additive
+notation). The order _of the group_ is the number of elements.
 
-Groups always have [generators] which are elements that, when the group operation is
-applied repeatedly with the same element some number of times, produce every other element
-of the group. That is, a generator has maximal order, which we also call the order of the
-group. There can be many different generators.
+Groups always have a [generating set], which is a set of elements such that we can produce
+any element of the group as (in multiplicative terminology) a product of powers of those
+elements. So if the generating set is $g_{1..k}$, we can produce any element of the group
+as $\prod\limits_{i=1}^{k} g_i^{a_i}$. There can be many different generating sets for a
+given group.
 
-[generators]: https://en.wikipedia.org/wiki/Generating_set_of_a_group
+[generating set]: https://en.wikipedia.org/wiki/Generating_set_of_a_group
 
-A group is called [cyclic] if the whole group can be generated by a (not necessarily
-unique) single element.
+A group is called [cyclic] if it has a (not necessarily unique) generating set with only
+a single element — call it $g$. In that case we can say that $g$ generates the group, and
+that the order of $g$ is the order of the group.
 
 Any finite cyclic group $\mathbb{G}$ of order $n$ is [isomorphic] to the integers
 modulo $n$ (denoted $\mathbb{Z}/n\mathbb{Z}$), such that:
 
 - the operation $\cdot$ in $\mathbb{G}$ corresponds to addition modulo $n$;
-- the identity $\mathcal{O} \in \mathbb{G}$ corresponds to $0$;
-- some generator $G \in \mathbb{G}$ corresponds to $1$.
+- the identity in $\mathbb{G}$ corresponds to $0$;
+- some generator $g \in \mathbb{G}$ corresponds to $1$.
 
-Given a generator $G$, the isomorphism is always easy to compute in the
-$\mathbb{Z}/n\mathbb{Z} \rightarrow \mathbb{G}$ direction; it is just $a \mapsto [a] G$.
+Given a generator $g$, the isomorphism is always easy to compute in the
+$\mathbb{Z}/n\mathbb{Z} \rightarrow \mathbb{G}$ direction; it is just $a \mapsto g^a$
+(or in additive notation, $a \mapsto [a] g$).
 It may be difficult in general to compute in the $\mathbb{G} \rightarrow \mathbb{Z}/n\mathbb{Z}$
 direction; we'll discuss this further when we come to [elliptic curves](curves.md).