Folioby Interconnected
Log InSign Up

Primitive Roots and Discrete Logarithms — $(\mathbb{Z}/p\mathbb{Z})^*$ as a Cyclic Group

We prove that (Z/pZ)* is cyclic for every prime p and that the number of primitive roots is phi(p-1). We introduce the discrete logarithm (index), determine the structure of (Z/p^k Z)*, and discuss the computational hardness of the discrete logarithm problem (DLP).

FO
Folio Official
March 1, 2026

1 Definition of Primitive Roots

Definition 1 (Primitive root).
For a positive integer n, an integer g with ordn​(g)=φ(n) is called a primitive root modulo n. When such a g exists, (Z/nZ)∗ is a cyclic group generated by gˉ​.

2 Cyclicity of(Z/pZ)∗

Lemma 2.
A polynomial of degree d over a field F has at most d roots.
Proof.
By induction on d. The case d=0 is clear. For d≥1, if a is a root, then f(x)=(x−a)g(x) with degg=d−1, so f has at most 1+(d−1)=d roots. □
Theorem 3.
For every prime p, (Z/pZ)∗ is a cyclic group of order p−1.
Proof.
The group (Z/pZ)∗ is a finite abelian group of order p−1. For each positive divisor d of p−1, set ψ(d)=∣{a∈(Z/pZ)∗∣ord(a)=d}∣. If an element a of order d exists, then 1,a,a2,…,ad−1 are d roots of xd−1=0. Over a field, a degree-d polynomial has at most d roots, so these are the only elements whose order divides d. Among them, exactly φ(d) have order precisely d. Thus ψ(d)∈{0,φ(d)} for each d∣(p−1).

On the other hand, ∑d∣(p−1)​ψ(d)=p−1=∑d∣(p−1)​φ(d) (the latter being a standard identity for the totient function). It follows that ψ(d)=φ(d) for every d∣(p−1). In particular, ψ(p−1)=φ(p−1)≥1, so elements of order p−1 exist. □
Corollary 4.
The number of primitive roots modulo p is φ(p−1).

3 The Index (Discrete Logarithm)

Definition 5 (Index).
Let g be a primitive root modulo n and gcd(a,n)=1. The unique non-negative integer k with 0≤k<φ(n) satisfying gk≡a(modn) is called the index (or discrete logarithm) of a with respect to g, and is written indg​(a).
Theorem 6 (Properties of the index).
For a primitive root g modulo n:

  1. indg​(ab)≡indg​(a)+indg​(b)(modφ(n)).

  2. indg​(ak)≡k⋅indg​(a)(modφ(n)).

  3. ordn​(a)=φ(n)/gcd(indg​(a),φ(n)).

Proof.
(1) From gindg​(a)≡a and gindg​(b)≡b, we get gindg​(a)+indg​(b)≡ab≡gindg​(ab)(modn). Since g has order φ(n), the exponents agree modulo φ(n). (2) Follows by repeated application of (1). (3) The equation ak≡1 is equivalent to k⋅indg​(a)≡0(modφ(n)), and the smallest positive k satisfying this is φ(n)/gcd(indg​(a),φ(n)). □

4 Structure of(Z/pkZ)∗

Theorem 7.
For an odd prime p and a positive integer k, (Z/pkZ)∗ is a cyclic group of order φ(pk)=pk−1(p−1). In particular, primitive roots exist modulo pk.
Remark 8.
The case p=2 is different: (Z/2Z)∗≅{1}, (Z/4Z)∗≅Z/2Z, and for k≥3, (Z/2kZ)∗≅Z/2Z×Z/2k−2Z (which is not cyclic).

5 The Discrete Logarithm Problem

Definition 9 (Discrete logarithm problem (DLP)).
Let g be a primitive root modulo a prime p and let h∈(Z/pZ)∗. The problem of finding x such that gx≡h(modp) is called the discrete logarithm problem.
Remark 10.
The DLP is believed to be computationally hard and serves as the security foundation for the Diffie–Hellman key exchange and the ElGamal cryptosystem. The most efficient known classical algorithm is the number field sieve, which runs in time exp(O((logp)1/3(loglogp)2/3)). The baby-step giant-step method solves the DLP in O(p​) time and serves as a general-purpose approach.
Number TheoryAlgebraTextbookPrimitive RootsDiscrete Logarithm
FO
Folio Official

Mathematics "between the lines" — exploring the intuition textbooks leave out, written in LaTeX on Folio.

1 followers·107 articles
Number Theory TextbookPart 6 of 13
Previous
Applications of Congruences and the Group of Units — The Structure of $(\mathbb{Z}/n\mathbb{Z})^*$
Next
The Chinese Remainder Theorem and Its Applications — Systems of Congruences and Direct Products of Rings

Share your expertise with the world

Write articles with LaTeX support, build your audience, and earn from your knowledge.

Start Writing — It's Free

More from Folio Official

Folio Official·March 1, 2026

Introduction to Algebraic Integers — Extending the Notion of Integer

Using the Gaussian integers Z[i] and the Eisenstein integers Z[omega] as concrete examples, we introduce rings of algebraic integers. We demonstrate the failure of unique factorization in Z[sqrt(-5)] and show how ideals and prime ideal factorization restore uniqueness. We define the class number and discuss its significance.

Number TheoryAlgebraTextbook
2
Folio Official·March 1, 2026

Arithmetic Functions and Multiplicative Functions — Functions on the Integers

We systematically define the principal multiplicative functions (phi, sigma, mu, d), develop the ring structure of Dirichlet convolution, and give a rigorous proof of the Moebius inversion formula. We also clarify the connection to the inclusion-exclusion principle.

Number TheoryAlgebraTextbook
Folio Official·March 1, 2026

Primes and the Fundamental Theorem of Arithmetic — The Atomic Decomposition of Integers

We define prime numbers and establish their basic properties, including Euclid's proof of the infinitude of primes. We then give a rigorous proof of the fundamental theorem of arithmetic (existence and uniqueness of prime factorization), and discuss the sieve of Eratosthenes and the Miller--Rabin primality test.

Number TheoryAlgebraTextbook
Folio Official·March 1, 2026

Chebyshev's Estimates: 0.92 x/ln x < π(x) < 1.11 x/ln x and the Prime Number Theorem

Chebyshev proved that 0.92 x/ln x < π(x) < 1.11 x/ln x for sufficiently large x. This article gives a complete proof via binomial coefficients and the Chebyshev functions θ(x) and ψ(x), then traces the path to the prime number theorem π(x) ~ x/ln x.

Number TheoryAlgebraTextbook