Why does $\{m\in\mathbb N:b^m\operatorname{mod}N=1\}$ have a minimum?

Question

Let $b,N\in\mathbb N$ with $\gcd(b,N)=1$. How do we see that $$\operatorname{ord}_N(b):=\min\{m\in\mathbb N:b^m\operatorname{mod}N=1\}$$ is well-defined (i.e. the minimum exists)? And why is $\gcd(b,N)=1$ crucial and does this necessarily imply $b<N$?

Above $a\operatorname{mod}N:=a-\left\lfloor\frac aN\right\rfloor N$ for $a\in\mathbb Z$.

I'm quite sure that this question is not hard to answer, but it's been a long time since I've thought about elementary algebra.

Every subset of the natural numbers has a minimal element. https://math.stackexchange.com/q/1371078/293177 — Al.G., Feb 15 '22 at 09:14
I'm not sure anyone answered if $b<N$ is required, but I think the answer is no: it works if $b>N$ also. Important is that $\gcd(b,N)=1$ is required. — Adam Rubinson, Feb 15 '22 at 12:36
@AdamRubinson Indeed. The case $b>N$ can be reduced to $0\leq a=b-kN <N$ using the binomial theorem. I added some details to my answer. — GhostAmarth, Feb 15 '22 at 13:10
See the this $\rm\color{darkorange}{Lemma}$ in the linked dupe for this standard argument. — Bill Dubuque, Feb 15 '22 at 16:27

GhostAmarth · Accepted Answer · 2022-02-15T13:07:58.773

0

Bézout's lemma implies that there exist $x,y\in\Bbb Z$ such that $$ \gcd(b,N) = xb+yN $$ This implies for $\gcd(b,N)=1$ that $b$ is invertible (with respect to multiplication) $\operatorname{mod} N$ (and $x$ is an inverse).

Edit: On the other hand, if $b$ is invertible there exists an $x\in\Bbb N$ such that $xb \operatorname{mod} N = 1$ so there exists a $k\in\Bbb Z$ such that $xb+kN=1$. If $d\in\Bbb Z$ is a common divisor of $b$ and $N$ we would get $d\mid (xb+kN)$ so $d\mid 1$ which shows $\gcd(b,N)=1$. So actually $\gcd(b,N)=1 \Leftrightarrow b\text{ is invertible}$.

Now the existence of $m\in\Bbb N$ such that $b^m \operatorname{mod} N = 1$ implies that $b$ is invertible. So it only makes sense to talk about $ord(b)$ for invertible $b$, that is the $b$ which satisfy $\gcd(b,N)=1$.

For $\gcd(b,N)=1$ the set $\{m\in\Bbb N : b^m \operatorname{mod} N = 1\}$ is not empty. Its not hard to see that multiplication $\mod N$ with the invertible elements forms a (finite, as there are only finitely many possible values $\mod N$) group (identify $[n]=\{k\in\Bbb Z : k\operatorname{mod} N = n\}$). But in a finite group the values $$ 1 \operatorname{mod} N,\ b\operatorname{mod} N,\ b^2\operatorname{mod} N, \ldots, $$ can only take finitely many different values, so there exist $i,j\in\Bbb N$ with $j<i$ such that $b^j\operatorname{mod} N=b^i\operatorname{mod} N$ and hence $b^{i-j} \operatorname{mod} N = 1$.

Appendix: $b<N$ is not necessary. If $b>N$ there exists a $k\in\Bbb N$ such that $a=b-kN \in \{0,\ldots, N-1\}$. Now you can expand $b^m = (a+kN)^m$ using the binomial theorem and get $$ b^m=(a+kN)^m = \sum_{i=0}^m \binom{m}{i} a^{m-i} (kN)^{i} = \binom{m}{0}a^m = a^m \pmod{N}. $$

edited Feb 15 '22 at 13:07

answered Feb 15 '22 at 09:34

GhostAmarth

2,138

1

Thank you for your answer. I get that if $\gcd(b,N)=1$, then $xb\operatorname{mod}N=1\operatorname{mod}$ and hence $b$ is invertible modulo $N$ with inverse $x$. And if $m\in\mathbb N$ with $b^m\operatorname{mod}N=1$, then $bb^{m-1}\operatorname{mod}N=1$ and hence $b$ is invertible modulo $N$ with inverse $b^{m-1}$. But why does the latter imply $\gcd(b,N)=1$ so that we can actually conclude that $\gcd(b,N)$ is necessary? – 0xbadf00d Feb 15 '22 at 10:22
@0xbadf00d right I should have specified it. I edited the answer. We have an equivalence of invertibility of $b$ and $\gcd(b,N)=1$. – GhostAmarth Feb 15 '22 at 10:32
Please strive not to add more (dupe) answers to dupes of FAQs, cf. recent site policy announcement here. – Bill Dubuque Feb 15 '22 at 16:39
@BillDubuque Normally I would agree with you but in this case I don't directly see why it (the question; not my answer) should count as a duplicate to that specific post you linked. Surely your answer to the post also provides an answer to most of this post, but the question there differs quite a lot from this question. Especially as it mentions the question in this post as a known result. I think that would make it quite hard to find, if this post didn't exists and you didn't link your answer. – GhostAmarth Feb 15 '22 at 18:04
1

@GhostAmarth The SE dupe link says "this question already has answers here", not that the questions are exactly the same. If we required the latter then dupes would become so numerous that they would greatly obscure search results attempting to locate the "best" answers since, alas, there are many users who post half-baked FGITW answers to dupes. Eventually we hope that the dupe targets are iteratively refined to "proofs from the book" (which would be useless if we can't locate them because thet are needles among a haystack of dupes). – Bill Dubuque Feb 15 '22 at 18:09
@BillDubuque Okay I can agree with that. – GhostAmarth Feb 15 '22 at 18:15

Why does $\{m\in\mathbb N:b^m\operatorname{mod}N=1\}$ have a minimum?

1 Answers1