Chapter status: ✅ in good shape ✅

TODO: some proofs missing

Groups

We cover the elementary theory of groups, one of the most fundamental algebraic structure consisting of a set with a binary operation satisfying associativity, the existence of an identity element, and the existence of an inverse for every element of the set. We focus in particular on abelian (commutative) groups and cyclic groups, which are of particular relevance for cryptography.

Basic Definitions
Additive/Multiplicative Notation
Repeated Group Operation
Direct Product
Subgroups
Cosets and Lagrange Theorem
Normal Subgroups
Quotient Groups
Homomorphisms and Isomorphisms
Group Generation
Properties of Cyclic Groups
Classification of Cyclic Groups
Cauchy's Theorem for Abelian Groups
Exponent of a Group
Structure Theorem for Finite Abelian Groups
Structure Theorem for Finitely Generated Abelian Groups

Basic Definitions

A binary operation over a set $S$ is a function $⋆ : S \times S \to S$ usually denoted in infix notation, meaning the image of $(a, b) \in S \times S$ is written $a ⋆ b .$

A group is a non-empty set $G$ equipped with a binary operation $⋆$ satisfying the following properties:

associativity: for every $a, b, c \in G,$ $(a ⋆ b) ⋆ c = a ⋆ (b ⋆ c);$
identity element: there exists $e \in G$ such that for every $a \in G,$ $e ⋆ a = a ⋆ e = a;$ such an $e$ is called the identity element of $G;$
inverse element: for every $a \in G,$ there exists $b \in G$ such that $a ⋆ b = b ⋆ a = e;$ such a $b$ is called the inverse of $a .$

The use of determiner the for the identity element and the inverse of an element $a$ is justified by the following proposition.

Proposition 5.1. Let $G$ be a group. Then $G$ has a unique identity element and every element $a \in G$ has a unique inverse.

Proof

Assume that $G$ has two identity elements $e$ and $e .$ Then $e ⋆ e^{'} = e$ (because $e^{'}$ is an identity element) and $e ⋆ e^{'} = e^{'}$ (because $e$ is an identity element), hence $e = e^{'} .$

Assume that some group element $a$ has two inverses $b$ and $b^{'} .$ Then $b = b ⋆ e = b ⋆ (a ⋆ b^{'}) = (b ⋆ a) ⋆ b^{'} = e ⋆ b^{'} = b^{'} .$

The group consisting of a single element $e$ such that $e ⋆ e = e$ is called the trivial group.

If the binary operation is commutative, i.e., for every $a, b \in G,$ $a ⋆ b = b ⋆ a,$ then $G$ is said to be abelian.

If $G$ is finite, the number of elements of $G$ is called the order of $G$ and denoted $∣ G ∣ .$ If $G$ is infinite, $G$ is said to have infinite order.

Note

A group consists of a set and a binary operation. Hence, strictly speaking, it is a pair $(G, ⋆),$ although one commonly speaks of "the group $G$ ", the binary operation being left implicit.

Example

$Z,$ $Q,$ $R,$ and $C$ equipped with addition are abelian groups of infinite order. The identity element is $0$ and the inverse of $a$ is $- a .$
$N$ is not a group for addition since non-zero elements don't have an inverse in $N .$
$Q^{*} = Q ∖ {0},$ $R^{*} = R ∖ {0},$ and $C^{*} = C ∖ {0}$ equipped with multiplication are abelian groups of infinite order. The identity element is $1$ and the inverse of $a$ is $a^{- 1} .$
Neither $Z$ nor $Z ∖ {0}$ are groups for multiplication since no elements except $1$ and $- 1$ have an inverse.
Given a set $S$ and two functions $f_{1}$ and $f_{2}$ from $S$ to $S,$ define the composition of $f_{1}$ and $f_{2},$ denoted $f_{2} \circ f_{1},$ as $f_{2} \circ f_{1} (s) = f_{2} (f_{1} (s))$ for every $s \in S .$ Then the set of all permutations (bijections) of a set $S$ of size $n$ is a group for the operation $\circ$ of finite order $n! = n (n - 1) \dots 2 \cdot 1.$ The identity element is the identity function and the inverse of $σ$ is the inverse function $σ^{- 1}$ mapping $t \in S$ to the unique $s \in S$ such that $σ (s) = t .$ This group is non-abelian when $n \geq 3.$

Additive/Multiplicative Notation

There are two standard notation types for the group operation:

additive: the group operation is denoted $+,$ the identity element is denoted $0$ (or $0_{G}$ if one wants to avoid confusion with integer $0),$ and the inverse of $a$ is denoted $- a;$
multiplicative: the group operation is denoted $\times$ or $\cdot,$ the identity element is denoted $1$ (or $1_{G}$ if one wants to avoid confusion with integer $1),$ and the inverse of $a$ is denote $a^{- 1} .$

In the case of multiplicative notation, the operation symbol might be omitted and the group law simply denoted by juxtaposition. By convention, for an "abstract" group, additive notation is restricted to abelian groups (meaning multiplicative notation is used either when the group is known to be non-abelian, or when the abelian/non-abelian character of the group is unspecified).

For the rest of this chapter, unless specified otherwise, the group operation will be denoted multiplicatively but the identity element will be denoted $e$ for clarity.

Repeated Group Operation

Give a group element $a \in G,$ it is possible to apply the group operation repeatedly to $a$ itself, i.e., compute $a ⋆ a ⋆ \dots ⋆ a .$

When the group operation is denoted additively, for $k \in Z,$ we define $ka : = ⎩ ⎨ ⎧ 0_{G} k terms a + \dots + a - k terms (- a) + \dots + (- a) if k = 0 if k > 0 if k < 0.$ This is usually called the scalar multiplication of $a$ by $k .$

When the group operation is denoted multiplicatively, for $k \in Z,$ we define $a^{k} : = ⎩ ⎨ ⎧ 1_{G} k terms a \times \dots \times a - k terms a^{- 1} \times \dots \times a^{- 1} if k = 0 if k > 0 if k < 0.$ This is usually called the exponentiation of $a$ by $k .$

Proposition 5.2. Let $G$ be a group denoted multiplicatively. Then for every $a \in G$ and every $k, ℓ \in Z,$ one has

$a^{k + ℓ} = a^{k} a^{ℓ},$
$a^{k ℓ} = (a^{k})^{ℓ} = (a^{ℓ})^{k},$
$(a^{k})^{- 1} = a^{- k} .$

Moreover, if $G$ is abelian, then for every $a, b \in G$ and every $k \in Z,$ $(ab)^{k} = a^{k} b^{k} .$

Direct Product

Let $(G, ⋆)$ and $(H, ∙)$ be two groups. The direct product of $G$ and $H$ is the Cartesian product $G \times H : = {(a, b) ∣ a \in G, b \in H}$ equipped with the binary operation $⋄$ defined component-wise: $(a, b) ⋄ (c, d) = (a ⋆ c, b ∙ d) .$

Proposition 5.3. The direct product as defined above is a group. Its identity element is $(e_{G}, e_{H}),$ where $e_{G}$ and $e_{H}$ are respectively the identity element of $G$ and $H .$ The inverse of $(a, b) \in G \times H$ is $(a^{- 1}, b^{- 1}) .$

For abelian groups, the direct product is sometimes called direct sum and denoted $G \oplus H .$ ¹

Subgroups

Let $G$ be a group and $H$ be a non-empty subset of $G .$ The subset $H$ is a subgroup of $G$ if $H$ equipped with the binary operation of $G$ is a group.

Proposition 5.4. Let $G$ be a group and $H$ be subset of $G .$ Then $H$ is a subgroup of $G$ if and only if the following three properties are satisfied:

$e \in H,$
for every $a, b \in H,$ $ab \in H,$
for every $a \in H,$ $a^{- 1} \in H .$

Note

The condition $e \in H$ can be replaced by the condition that $H$ is non-empty. Clearly, $e \in H ⟹ H \neq = \emptyset.$ Conversely, if the second and third conditions are met, then $H \neq = \emptyset$ implies that there is some $a \in H,$ which by the third condition implies that $a^{- 1} \in H,$ which by the second condition implies that $a a^{- 1} = e \in H .$

The following proposition gives a slightly more compact subgroup criterion.

Proposition 5.5. Let $G$ be a group and $H$ be subset of $G .$ Then $H$ is a subgroup of $G$ if and only if $e \in H$ and for every $a, b \in H,$ $a b^{- 1} \in H .$

A subgroup of $G$ is said to be proper if it is different from $G .$ Any non-trivial group has at least one proper subgroup, namely ${e},$ called the trivial subgroup.

Proposition 5.6. The intersection of a (finite or infinite) set of subgroups is a subgroup.

Proof

Let $H = \cap_{i \in I} H_{i}$ be the intersection of a collection of subgroups $H_{i},$ $i \in I .$ Then, by Proposition 5.5, $e \in H_{i}$ for every $i \in I$ and hence $e \in H .$ Let $a, b \in H .$ Then, for every $i \in I,$ $a, b \in H_{i}$ and hence $a b^{- 1} \in H_{i}$ again by Proposition 5.5. Thus, $a b^{- 1} \in H .$ It follows that $H$ is a subgroup.

Cosets and Lagrange Theorem

Let $H$ be a subgroup of a group $G .$ Consider the relation defined by $a \sim b$ if and only if $a b^{- 1} \in H$ and the dual one defined by $a \sim b$ if and only if $b^{- 1} a \in H .$ The following proposition shows that these are equivalence relations.

Proposition 5.7. Let $G$ be a group. Let $H$ be a subgroup of $G .$ Then the relation defined by $a \sim b$ if and only if $a b^{- 1} \in H$ is an equivalence relation. The proposition also holds by replacing $a b^{- 1} \in H$ by $b^{- 1} a \in H .$

Proof

Let $H$ be a subgroup of $G$ and $\sim$ be relation defined by $a \sim b$ if and only if $a b^{- 1} \in H .$ Let us show that $\sim$ is reflexive, symmetric, and transitive.

reflexivity: $e \in H$ implies that for every $a \in G,$ $a a^{- 1} \in H$ and hence $a \sim a;$
symmetry: $H$ being closed under under inverses implies that for every $a, b \in G,$ $a \sim b \Rightarrow a b^{- 1} \in H \Rightarrow (a b^{- 1})^{- 1} \in H \Rightarrow b a^{- 1} \in H \Rightarrow b \sim a;$
transitivity: $H$ being closed under the binary operation implies that for every $a, b, c \in G,$ $(a \sim b) \land (b \sim c) \Rightarrow (a b^{- 1} \in H) \land (b c^{- 1} \in H) \Rightarrow a b^{- 1} b c^{- 1} \in H \Rightarrow a c^{- 1} \in H \Rightarrow a \sim c .$

The proof is similar for the relation defined by $b^{- 1} a \in H .$

Let $H$ be a subgroup of $G$ and $\sim$ be the equivalence relation $a \sim b \Leftrightarrow a b^{- 1} \in H .$ An equivalence class for $\sim$ is called a right coset of $H .$ Being equivalence classes, right cosets form a partition of $G .$ For $g \in G,$ the right coset to which $g$ belongs is easily seen to be $H g : = {h g ∣ h \in H} .$ Similarly, an equivalence class for the relation relation $a \sim b \Leftrightarrow b^{- 1} a \in H$ is called a left coset of $H .$ Left cosets form a partition of $G$ and for $g \in G,$ the left coset to which $g$ belongs is $g H : = {g h ∣ h \in H} .$

When $G$ is abelian, the set of right cosets and the set of left cosets are the same, but when $G$ is non-abelian this is not necessarily the case. Note that $H$ itself is both a right and a left coset.

A cornerstone of group theory is Lagrange's theorem, which essentially follows from the fact that right cosets (as well as left cosets) all have the same size.

Theorem 5.1 (Lagrange's Theorem). Let $G$ be a finite group. Then the order of any subgroup $H$ of $G$ divides the order of $G .$

Proof

Let $H$ be a subgroup of $G .$ For every $g \in G,$ the mapping $h \mapsto h g$ is a bijection from $H$ to the right coset $H g :$ it is obviously surjective and $h g = h^{'} g \Rightarrow h g g^{- 1} = h^{'} g g^{- 1} \Rightarrow h = h^{'},$ hence it is injective. Hence, all right cosets have $∣ H ∣$ elements. Since right cosets form a partition of $G,$ we have $∣ G ∣ = n ∣ H ∣$ where $n$ is the number of right cosets.

A similar reasoning with left cosets shows that the number of left cosets is equal to the number of right cosets.

The number of right (or left) cosets of $H$ is called the index of $H$ in $G$ and denoted $[G : H] .$ Hence, Lagrange theorem states that $∣ G ∣ = [G : H] ∣ H ∣.$

Normal Subgroups

Having defined an equivalence relation associated with a subgroup, one may ask whether the set of right (or left) cosets can be equipped with a group structure. This is where the notion of normal subgroup comes into play.

Let $G$ be a group. A subgroup $H$ of $G$ is said to be normal if for every $g \in G,$ $g H = H g$ (i.e., left and right cosets are equal).

Normality can be characterized by a number of other equivalent conditions. The easiest to check is often the following one.

Proposition 5.8. A subgroup $H$ of $G$ is normal if and only if for every $g \in G,$ $g H g^{- 1} \subseteq H .$

For abelian groups, the situation is pretty simple.

Proposition 5.9. Every subgroup of an abelian group is normal.

Proof

If $G$ is abelian and $H$ is a subgroup of $G,$ then for any $h \in H,$ $g h g^{- 1} = g g^{- 1} h = h$ and hence $g H g^{- 1} = H .$ By Proposition 5.8, this implies that $H$ is normal.

Let us see now how normal subgroups allow us to construct quotient groups.

Quotient Groups

Let $G$ be a group and let $\sim$ be an equivalence relation on $G .$ We say that $\sim$ is compatible with the group structure of $G$ if $a \sim b$ and $c \sim d$ implies $a c \sim b d .$ If $\sim$ is compatible with the group structure of $G,$ then one can equip the quotient set $G / \sim$ (the set of all equivalence classes) with a binary operation defined as $[a] [b] = [ab],$ where $[a]$ denotes the equivalence class of $a \in G .$ This is well defined as compatibility of $\sim$ with the group structure ensures that this binary operation does not depend on the specific representatives $a$ and $b$ of each equivalence class. The following proposition states that normal subgroups completely characterize the equivalence relations $\sim$ which are compatible with the group structure of $G .$

Proposition 5.10. Let $G$ be a group and $H$ be a normal subgroup of $G .$ Then the equivalence relation defined by $a \sim b \Leftrightarrow a b^{- 1} \in H$ is compatible with the group structure of $G .$ Conversely, let $\sim$ be an equivalence relation compatible with the group structure of $G .$ Then $H : = [e]$ is a normal subgroup of $G$ and $a \sim b \Leftrightarrow a b^{- 1} \in H .$

Proof

Let $H$ be a normal subgroup of $G .$ Let us show that $\sim$ defined by $a \sim b \Leftrightarrow a b^{- 1} \in H$ (which is an equivalence relation by Proposition 5.7) is compatible with the group structure of $G .$ Let $a, b, c, d \in G$ such that $a \sim b$ and $c \sim d .$ We want to show that $a c \sim b d,$ i.e., $a c (b d)^{- 1} \in H .$ Note that $a c (b d)^{- 1} = a c d^{- 1} b^{- 1} = a c d^{- 1} a^{- 1} a b^{- 1} .$ We have $c d^{- 1} \in H$ because $c \sim d,$ which implies that $g : = a (c d^{- 1}) a^{- 1} \in H$ because $H$ is normal. We also have $a b^{- 1} \in H$ because $a \sim b,$ hence $g (a b^{- 1}) = a c d^{- 1} a^{- 1} a b^{- 1} = a c (b d)^{- 1} \in H$ and $a c \sim b d .$

Conversely, assume that $\sim$ is an equivalence relation which is compatible with the group structure of $G .$ Define $H$ as $[e],$ the equivalence class of the identity element. Let us first show that $H$ is a normal subgroup. Clearly, $e \in H .$ Let $a, b \in H,$ i.e., $a \sim e$ and $b \sim e .$ Then, by compatibility of $\sim$ with the group structure, we have $a \sim e \Rightarrow a b^{- 1} \sim e b^{- 1} \Rightarrow a b^{- 1} e \sim b^{- 1} b \Rightarrow a b^{- 1} \sim e . (b^{- 1} \sim b^{- 1}) (e \sim b)$ Hence $a b^{- 1} \in H$ and by Proposition 5.5, $H$ is a subgroup.

To show that $H$ is normal, let us show that for every $g \in G,$ $g H g^{- 1} \subseteq H .$ Let $g \in G$ and $h \in H .$ Then $h \sim e \Rightarrow g h \sim g \Rightarrow g h g^{- 1} \sim g g^{- 1} \Rightarrow g h g^{- 1} \sim e . (g \sim g) (g^{- 1} \sim g^{- 1})$ Hence $g h g^{- 1} \in H$ and $H$ is normal.

It remains to show $a \sim b \Leftrightarrow a b^{- 1} \in H .$ By compatibility of $\sim$ with the group structure, we have $a \sim b \Rightarrow a b^{- 1} \sim b b^{- 1} \Rightarrow a b^{- 1} \sim e$ and $a b^{- 1} \sim e \Rightarrow a b^{- 1} b \sim b \Rightarrow a \sim b .$ Hence $a \sim b \Leftrightarrow a b^{- 1} \sim e \Leftrightarrow a b^{- 1} \in H,$ which concludes the proof.

Let $H$ be a normal subgroup of $G$ and let $\sim$ be the equivalence relation defined by $a \sim b \Leftrightarrow a b^{- 1} \in H .$ Then the quotient set $G / \sim$ equipped with the binary operation defined by $[a] [b] = [ab]$ is a group (as shown in the proposition below) called the quotient group associated with $H$ and denoted $G / H .$ Note that the order of $G / H$ is $[G : H],$ the index of $H .$

Proposition 5.11. Let $G$ be a group and $H$ be a normal subgroup of $G .$ Then $G / H$ is a group. Its identity element is $[e]$ and the inverse of $[a]$ is $[a]^{- 1} : = [a^{- 1}] .$ If $G$ is abelian then so is $G / H .$

Proof

This follows straightforwardly from the definition of the binary operation $[a] [b] = [ab] .$

Homomorphisms and Isomorphisms

Let $G$ and $G^{'}$ be two groups.

A group homomorphism is a function $f$ from $G$ to $G^{'}$ such that for every $a, b \in G,$ $f (ab) = f (a) f (b) .$
If $G = G^{'},$ then $f$ is called a group endomorphism.
If $f$ is bijective, then $f$ is called a group isomorphism and groups $G$ and $G^{'}$ are said isomorphic, denoted $G ≅ G^{'} .$
If $G = G^{'}$ and $f$ is bijective, then $f$ is called a group automorphism (hence, a group automorphism is both a group endomorphism and a group isomorphism).

The following proposition gives a number of properties of group homomorphisms.

Proposition 5.12. Let $G$ and $G^{'}$ be two groups and $f : G \to G^{'}$ be a group homomorphism. Then:

$f (e_{G}) = e_{G^{'}};$
for every $a \in G,$ $f (a^{- 1}) = f (a)^{- 1};$
for every subgroup $H$ of $G,$ $f (H) : = {f (a) ∣ a \in H}$ is a subgroup of $G^{'};$
for every subgroup $H^{'}$ of $G^{'},$ $f^{- 1} (H^{'}) : = {a \in G ∣ f (a) \in H^{'}}$ is a subgroup of $G;$
if $f$ is a group isomorphism, then the inverse function $f^{- 1} : G^{'} \to G$ is also a group isomorphism;
if $G^{'}$ is another group and $f^{'} : G^{'} \to G^{''}$ is a group homomorphism, then $f^{'} \circ f$ is a group homomorphism from $G$ to $G^{''} .$

Let $f : G \to G^{'}$ be a group homomorphism. Two sets related to $f$ are particularly important:

The kernel of $f$ is the subset of $G$ defined as $ker (f) : = {a \in G ∣ f (a) = e_{G^{'}}} .$
The image of $f$ is the subset of $G^{'}$ defined as $im (f) : = {f (a) ∣ a \in G} .$

By Proposition 5.12, $ker (f)$ is a subgroup of $G$ since it is equal to $f^{- 1} ({e_{G^{'}}})$ and $im (f)$ is a subgroup of $G^{'}$ since it is equal to $f (G) .$

Theorem 5.2 (First Isomorphism Theorem). Let $f : G \to G^{'}$ be a group homomorphism. Then $ker (f)$ is a normal subgroup of $G$ and $G / ker (f) ≅ im (f) .$

Proof

Let us first show that $ker (f)$ is normal. Let $g \in G$ and $h \in ker (f) .$ Then $f (g h g^{- 1}) = f (g) f (h) f (g^{- 1}) = f (g) e_{G^{'}} f (g)^{- 1} = f (g) f (g)^{- 1} = e_{G^{'}} .$ Hence $g ker (f) g^{- 1} \subseteq ker (f)$ and hence $ker (f)$ is normal.

Consider now the mapping $\overset{ˉ}{f} : G / ker (f) \to im (f)$ defined by $\overset{ˉ}{f} ([a]) = f (a) .$ It is well-defined since $[a] = [b] ⟺ a b^{- 1} \in ker (f) ⟺ f (a b^{- 1}) = e_{G^{'}} ⟺ f (a) = f (b) .$ In other words, equivalence classes of $G / ker (f)$ are just subsets of elements of $G$ with the same image under $f .$ Consequently, the definition of $\overset{ˉ}{f}$ does not depend on the representative of the equivalence class.

It is a group homomorphism since $\overset{ˉ}{f} ([a] [b]) = \overset{ˉ}{f} ([ab]) = f (ab) = f (a) f (b) = \overset{ˉ}{f} ([a]) \overset{ˉ}{f} ([b]) .$ Moreover, it is injective since $\overset{ˉ}{f} ([a]) = \overset{ˉ}{f} ([b]) \Leftrightarrow f (a) = f (b) \Leftrightarrow [a] = [b] .$ It is also surjective since any element in $h \in im (f)$ is of the form $f (a)$ for some $a \in G$ and hence $h = \overset{ˉ}{f} ([a]) .$ Hence, $\overset{ˉ}{f}$ is a group isomorphism.

There are three other isomorphism theorems but they are not as useful as the first one.

Group Generation

Let $G$ be a group and $A$ be a subset of $G .$ The subgroup generated by $A$ , denoted $⟨ A ⟩,$ is the intersection of all subgroups of $G$ containing $A .$ (Recall that by Proposition 5.6, an intersection of subgroups is a subgroup.) Informally, it is the "smallest" (for inclusion) subgroup of $G$ which contains $A :$ any subgroup containing $A$ contains $⟨ A ⟩ .$

The following proposition gives a more explicit characterization.

Proposition 5.13. Let $G$ be a group and $A$ be a subset of $G .$ Then $⟨ A ⟩$ is the subgroup of all elements of $G$ that can be expressed as the finite product of elements of $A$ and inverse of elements of $A .$

Note in particular that $⟨ \emptyset ⟩ = {e}$ (in which case Proposition 5.13 still holds with the convention that an empty product of group elements is equal to $e) .$

If $A = {a_{1}, \dots, a_{k}}$ is finite, the subgroup generated by $A$ is also denoted $⟨ a_{1}, \dots, a_{k} ⟩ .$ When $G$ is abelian, then $⟨ a_{1}, \dots, a_{k} ⟩ = {a_{1}^{z_{1}} \dots a_{k}^{z_{k}} ∣ z_{1}, \dots, z_{k} \in Z} .$

A group $G$ is said to be finitely generated is there exists a finite number of elements $g_{1}, \dots g_{k} \in G$ such that $G = ⟨ g_{1}, \dots, g_{k} ⟩,$ in which case ${g_{1}, \dots, g_{k}}$ is called a generating set of $G .$

A group $G$ is said cyclic (or monogenous²) if there exists $g \in G$ such that $G = ⟨ g ⟩,$ in which case $g$ is called a generator of $G .$

The order of an element $a \in G$ is the order of the subgroup $⟨ a ⟩ .$ If $G$ has infinite order, the order of an element $a \in G$ can be finite or infinite.

Below we list a number of properties of the order of an element.

Proposition 5.14. Let $G$ be a group and $a \in G$ be a group element. Then $a$ has finite order if and only if there exists $k \in N^{*}$ such that $a^{k} = e .$ In that case, $a$ 's order is the smallest integer $n \geq 1$ such that $a^{n} = e$ and one has $⟨ a ⟩ = {e, a, a^{2}, \dots, a^{n - 1}} .$

Proposition 5.15. If $G$ has finite order $n,$ then the order of any element $a \in G$ divides $n .$ In particular, for any $a \in G,$ $a^{n} = e .$

Proof

The first part is a direct consequence of Lagrange's Theorem. For the second part, let $m$ be the order of $a$ and write $n = d m .$ Then $a^{n} = a^{d m} = (a^{m})^{d} = e^{d} = e .$

Proposition 5.16. Let $G$ be a group and $a \in G$ be an element of order $n .$ Then for every $k \in Z,$ $a^{k} = e$ if and only if $n$ divides $k .$

Proof

If $n$ divides $k$ then $k = d n$ for some integer $d,$ which implies $a^{k} = a^{d n} = (a^{n})^{d} = e^{d} = e .$ Conversely, assume that $a^{k} = e .$ By Euclid's division lemma, there exists $q, r \in Z$ such that $k = q n + r$ and $0 \leq r < n .$ Then $a^{k} = a^{q n + r} = (a^{n})^{q} a^{r} = a^{r}$ and consequently $a^{r} = e .$ This implies that $r = 0$ as otherwise $a$ would have order $r < n .$ Hence, $k = q n$ and $n$ divides $k .$

Proposition 5.17. Let $G$ be a group, $a \in G$ be an element of order $n,$ and $k \in Z .$ Then the order of $g^{k}$ is $n / g cd (n, k) .$

Proof

Let $d = g cd (k, n)$ and let $ℓ$ be the order of $g^{k} .$ Then $(g^{k})^{ℓ} = g^{k ℓ} = e$ and hence by Proposition 5.16, $n ∣ k ℓ,$ which implies $(\frac{n}{d}) ∣ (\frac{k}{d}) ℓ .$ Since $g cd (\frac{n}{d}, \frac{k}{d}) = 1,$ this implies $\frac{n}{d} ∣ ℓ .$

On the other hand, $(g^{k})^{\frac{n}{d}} = (g^{n})^{\frac{k}{d}} = e^{\frac{k}{d}} = e,$ and hence by Proposition 5.16, $ℓ ∣ \frac{n}{d} .$ We conclude that $ℓ = n / d .$

Properties of Cyclic Groups

Proposition 5.18. Any cyclic group is abelian.

Proof

Let $G$ be a cyclic group, let $g$ be a generator of $G,$ and let $a, b \in G$ be two group elements. Then there exists $k, ℓ \in Z$ such that $a = g^{k}$ and $b = g^{ℓ},$ which implies that $ab = g^{k} g^{ℓ} = g^{k + ℓ} = g^{ℓ} g^{k} = ba .$

Proposition 5.19. Let $G$ be a cyclic group and $H$ be a subgroup of $G .$ Then $H$ and $G / H$ are cyclic.

Proof

Let $G$ be a cyclic group, $g$ be a generator of $G,$ and $H$ be a subgroup of $G .$ Let us first show that $H$ is cyclic. If $H = {e}$ then $H$ is clearly cyclic. Otherwise, let $n \geq 1$ be the smallest integer such that $g^{n} \in H$ (which necessarily exists since $H$ contains at least one element different from $e$ and either this element or its inverse can be written $g^{m}$ for some $m \geq 1) .$ We will prove that $H = ⟨ g^{n} ⟩ .$ Clearly, $⟨ g^{n} ⟩ \subseteq H$ since $H$ is a subgroup. Conversely, let $a \in H .$ Then $a = g^{k}$ for some $k \in Z .$ By Euclid's division lemma, there exists $q, r \in Z$ such that $k = q n + r$ and $0 \leq r < n .$ Then $a = g^{k} = g^{q n + r} = (g^{n})^{q} g^{r},$ and consequently $g^{r} \in H .$ This implies that $r = 0$ as otherwise this would contradict the minimality of $n .$ Hence $a = (g^{n})^{q} \in ⟨ g^{n} ⟩$ and $H \subseteq ⟨ g^{n} ⟩ .$ Thus, $H = ⟨ g^{n} ⟩$ and hence $H$ is cyclic.

Let us now show that $G / H$ is cyclic. More precisely, let us prove that $G / H = ⟨[g]⟩ .$ Let $[a] \in G / H$ be an element of the quotient group specified by an arbitrary representative $a \in G .$ Then there exists $k \in Z$ such that $a = g^{k} .$ Thus, $[a] = [g^{k}] = [g]^{k}$ and hence $[g]$ is a generator of $G / H .$

Proposition 5.20. Any group with prime order is cyclic and any element different from the identity element is a generator of $G .$

Proof

Let $G$ be a group of prime order $p .$ Let $a \in G$ be an element different from the identity element and let $n$ be the order of $a .$ Since the order of an element divides the order of the group by Proposition 5.15, one has either $n = 1$ or $n = p .$ Since $a \neq = e,$ one cannot have $n = 1,$ hence $n = p$ and $a$ generates $G .$

Proposition 5.21. Let $G$ be a cyclic group of order $n,$ $g$ be a generator of $G,$ and $k \in Z .$ Then $⟨ g^{k} ⟩ = G$ if and only if $g cd (n, k) = 1.$ In particular, $G$ has $ϕ (n)$ generators, where $ϕ$ is Euler's function.

Proof

We have $⟨ g^{k} ⟩ = G$ if and only if the order of $g^{k}$ is $n,$ which by Proposition 5.17 is equivalent to $g cd (n, k) = 1.$

For the second part of the proposition, write $G = {e, g, \dots, g^{n - 1}} .$ Then generators of $G$ are exactly elements of the form $g^{k}$ with $g cd (n, k) = 1$ and hence there are $ϕ (n)$ such elements.

Proposition 5.22. Let $G_{1}$ and $G_{2}$ be two cyclic groups of order $n_{1}$ and $n_{2}$ respectively. Then the direct product $G_{1} \times G_{2}$ is cyclic if and only if $g cd (n_{1}, n_{2}) = 1.$ Moreover, $(g_{1}, g_{2})$ is a generator of $G_{1} \times G_{2}$ if and only if $g_{1}$ is a generator of $G_{1}$ and $g_{2}$ is a generator of $G_{2} .$

Proof

Let us first show the following lemma: Let $a_{1} \in G_{1}$ be an element of order $k_{1}$ and $a_{2} \in G_{2}$ be an element of order $k_{2} .$ Then $(a_{1}, a_{2})$ has order $lcm (k_{1}, k_{2}) .$

Let $e_{1}$ be the identity element of $G_{1}$ and $e_{2}$ be the identity element of $e_{2} .$ Then $(a_{1}, a_{2})^{k} = (e_{1}, e_{2}) ⟺ a_{1}^{k} = e_{1} \land a_{2}^{k} = e_{2} ⟺ k_{1} ∣ k \land k_{2} ∣ k .$ The smallest such positive integer $k$ is by definition $lcm (k_{1}, k_{2}),$ which proves the lemma.

Let us now prove the proposition. Assume that $G_{1} \times G_{2}$ is cyclic and let $(g_{1}, g_{2})$ be a generator of $G_{1} \times G_{2} .$ Then clearly $g_{1}$ must be a generator of $G_{1}$ and $g_{2}$ a generator of $G_{2} .$ By the previous lemma, $(g_{1}, g_{2})$ has order $lcm (n_{1}, n_{2}) .$ On the other hand, $(g_{1}, g_{2})$ has order $∣ G_{1} \times G_{2} ∣ = n_{1} n_{2}$ as it generates $G_{1} \times G_{2} .$ Hence, $lcm (n_{1}, n_{2}) = n_{1} n_{2},$ which implies $g cd (n_{1}, n_{2}) = 1.$

Conversely, assume that $g cd (n_{1}, n_{2}) = 1$ and let $g_{1}$ be a generator of $G_{1}$ and $g_{2}$ be a generator of $G_{2} .$ By the lemma, $(g_{1}, g_{2})$ has order $lcm (n_{1}, n_{2}) = n_{1} n_{2} = ∣ G_{1} \times G_{2} ∣$ and hence generates $G_{1} \times G_{2} .$

Classification of Cyclic Groups

The set of integers $Z = {\dots, - 2, - 1, 0, 1, 2, \dots}$ equipped with addition is a cyclic group of infinite order with identity element $0$ and generators $1$ and $- 1.$

What are its subgroups? In general, a simple way to construct subgroups of any group is given by the following proposition.

Proposition 5.23. Let $G$ be a group denoted additively and $n \in Z$ be an integer. Then $n G : = {na ∣ a \in G}$ is a subgroup of $G .$

Proof

First, one has $0 \in n G$ since $0 = n 0.$ Second, let $a, b \in n G .$ Then $a = n a^{'}$ and $b = n b^{'}$ for some $a^{'}, b^{'} \in G .$ Hence, $a - b = n (a^{'} - b^{'}) \in n G .$ Thus, by Proposition 5.5, $n G$ is a subgroup of $G .$

Hence, for any integer $n \in N,$ the set $n Z : = {n z ∣ z \in Z}$ is a subgroup of $Z .$ By Proposition 5.19, it is cyclic. One can easily check that it has infinite order and that it is generated by $n$ and $- n .$ These are in fact the only subgroups of $Z .$

Proposition 5.24. Let $G$ be a subgroup of $Z .$ Then there exists a unique $n \in N$ such that $G = n Z .$

Proof

Le us show existence first. If $G = {0}$ then $G = 0 Z .$ Assume now that $G \neq = {0},$ implying that $G$ contains at least one positive integer (it contains at least one non-zero integer $a$ and either $a$ or $- a$ is positive). Let $n$ be the smallest positive integer in $G .$ Let us show that $G = n Z .$ Clearly, $n Z \subseteq G$ since $n \in G .$ Conversely, let $k \in G .$ By Euclid's division lemma, there exists $q, r \in Z$ such that $k = q n + r$ and $0 \leq r < n .$ Since $n$ and $k$ are in $G,$ $r = k - q n$ is also in $G,$ which implies $r = 0$ as otherwise this would contradict the minimality of $n .$ Thus, $k = q n \in n Z$ and $G \subseteq n Z .$ Hence, $G = n Z$ which proves existence.

For uniqueness, assume that $G = n Z = n^{'} Z$ for $n, n^{'} \in N .$ Then $n \in n^{'} Z$ implies $n^{'} ∣ n$ and $n^{'} \in n Z$ implies $n ∣ n^{'},$ and consequently $n = n^{'}$ since $n$ and $n^{'}$ are in $N .$

For any $n \in N,$ we can consider the quotient group $Z / n Z .$ The equivalence class of $a \in Z$ is $[a] = {a + n z ∣ z \in Z},$ also called the residue class of $a$ modulo $n$ . There are $n$ distinct classes, namely $[[0]], \dots, [[n - 1]] .$ Hence, the index of $n Z$ is $n$ and $Z / n Z$ has order $n .$ It is cyclic with generator $[1]$ (and $[- 1]) .$ More generally, by Proposition 5.21, the generators of $Z / n Z$ are $[k]$ for $k \in Z$ such that $g cd (k, n) = 1.$

Another way to think of $Z / n Z$ is as the set ${0, 1, \dots, n - 1}$ equipped with "modulo $n$ " addition and inverses. More precisely, let $Z_{n}$ be the set of symbols ${[[0]], [[1]], \dots, [[n - 1]]}$ equipped with the binary operation $[[a]] + [[b]] = [[(a + b) mod n]] .$ This is a group with identity $[[0]]$ and inverse $- [[a]] = [[(- a) mod n]] .$ One can easily see that $Z / n Z$ and $Z_{n}$ are isomorphic, the isomorphism being $[a] \mapsto [[a mod n]] .$ From now on, we will work with the latter formalism.

As for $Z,$ let us characterize the subgroups of $Z_{n} .$ By Proposition 5.23, for any integer $m \in Z,$ $m Z_{n} : = {m [[u]] ∣ [[u]] \in Z_{n}}$ is a subgroup of $Z_{n} .$ What does this subgroup look like? One has $[[a]] \in m Z_{n} \Leftrightarrow \exists [[u]] \in Z_{n}, [[a]] = m [[u]] \Leftrightarrow \exists u \in {0, 1, \dots, n - 1}, a = m u mod n \Leftrightarrow \exists u \in Z, a = m u mod n \Leftrightarrow \exists u, v \in Z, a = u m + v n \Leftrightarrow g cd (m, n) ∣ a,$ where the last equivalence follows from Bézout's lemma.

Hence, letting $d = g cd (m, n),$ we see that $m Z_{n}$ is the subset of $Z_{n}$ containing multiples of $d,$ i.e., $m Z_{n} = {[[k d]] ∣ k = 0, \dots, n / d - 1} = d Z_{n} .$ In particular, $m Z_{n}$ has order $n / d$ and index $d .$ (As we will see shorty, $m Z_{n}$ being cyclic, one has $m Z_{n} ≅ Z_{n / d} .$ )

Again, we can show that these are in fact the only subgroups of $Z_{n} .$

Proposition 5.25. Let $n \in N$ and $G$ be a subgroup of $Z_{n} .$ Then there is a unique $d \in N$ such that $d ∣ n$ and $G = d Z_{n} .$

Proof

Let $G$ be a subgroup of $Z_{n} .$ Let us prove existence first. Let $H : = {a + kn ∣ [[a]] \in G, k \in Z} .$ Then $H$ is a subgroup of $Z :$ it is clearly non-empty and for $b, b^{'} \in H,$ $b = a + kn$ and $b^{'} = a^{'} + k^{'} n,$ one has $b - b^{'} = (a - a^{'}) + (k - k^{'}) n = (a - a^{'} mod n) + k^{''} n for some k^{''} \in Z,$ hence $b - b^{'} \in H .$ Thus, there exists $d \in N$ such that $H = d Z .$ Moreover, since $0 \in G,$ $n \in H$ and hence $d ∣ n .$ Since $G = {[[a]] ∣ a \in H \cap {0, \dots, n - 1}},$ it follows that $G = d Z_{n} .$

Let us now prove uniqueness. Assume that $G = d Z_{n} = d^{'} Z_{n}$ for $d, d^{'} \in N$ with $d$ and $d^{'}$ dividing $n .$ Since $[[d]] \in d Z_{n},$ this implies $[[d]] \in d^{'} Z_{n} = {[[k d^{'}]] ∣ k = 0, \dots, n / d^{'} - 1}$ and hence $d^{'} ∣ d .$ Conversely, $d ∣ d^{'}$ and hence $d = d^{'}$ since $d$ and $d^{'}$ are in $N .$

We can now prove the following two "structure theorems" stating that, up to isomorphism, $Z$ and $Z_{n}$ are the only cyclic groups of infinite, resp. finite order $n .$

Theorem 5.3 (Fundamental Theorem of Cyclic Groups). Let $G$ be a cyclic group. Then:

If $G$ has infinite order, then it is isomorphic to $Z$ and the subgroups of $G$ are exactly the subsets $G^{n} : = {a^{n} ∣ a \in G}$ for $n \in N;$
If $G$ has finite order $n,$ then it is isomorphic to $Z_{n}$ and the subgroups of $G$ are exactly the subsets $G^{d} : = {a^{d} ∣ a \in G}$ for $d \in N$ such that $d ∣ n .$ In particular, $G$ has exactly one subgroup of order $d$ for each divisor $d$ of $n,$ namely $G^{n / d} .$

Proof

Let $G$ be a cyclic group and $g$ be a generator of $G .$ Consider the mapping $f : Z \to G$ defined by $f (k) = g^{k} .$ Then $f$ is a group homomorphism since $f (k + ℓ) = g^{k + ℓ} = g^{k} g^{ℓ} = f (k) f (ℓ) .$ It is clearly surjective since $g$ is a generator of $G .$

Consider first the case where $G$ has infinite order. Let us show that $f$ is injective. Assume that $f (k) = f (ℓ)$ for distinct integers $k$ and $ℓ$ with $k < ℓ .$ Then $f (ℓ - k) = g^{ℓ - k} = e,$ contradicting the fact that $g$ has infinite order. Hence, $f$ is an isomorphism from $Z$ to $G .$ Since the subgroups of $Z$ are exactly $n Z$ for $n \in N,$ the subgroups of $G$ are exactly $f (n Z) = {g^{k} ∣ k \in n Z} = {g^{kn} ∣ k \in Z} = {a^{n} ∣ a \in G},$ where the last equality follows from $g$ being a generator and hence $G = {g^{k} ∣ k \in Z} .$

Consider now the case where $G$ has finite order $n .$ Let us show that $ker (f) = n Z .$ Since $g$ has order $n,$ by Proposition 5.16, for every $k \in Z,$ $g^{k} = e \Leftrightarrow k ∣ n,$ which exactly means that $k \in ker (f) \Leftrightarrow k \in n Z .$ Hence, $ker (f) = n Z .$ By the First Isomorphism Theorem, $im (f) = G ≅ Z / n Z ≅ Z_{n} .$

Let $\overset{ˉ}{f} : Z_{n} \to G$ be the isomorphism defined by $\overset{ˉ}{f} ([[k]]) = g^{k} .$ Since the subgroups of $Z_{n}$ are exactly $d Z_{n}$ for $d \in N$ such that $d ∣ n,$ the subgroups of $G$ are exactly $\overset{ˉ}{f} (d Z_{n}) = {g^{k} ∣ [[k]] \in d Z_{n}} = {g^{k d} ∣ k = 0, \dots, n - 1} = {a^{d} ∣ a \in G} .$

Cauchy's Theorem for Abelian Groups

Lagrange's theorem states that the order of a subgroup of a finite group divides the order of the group. Conversely, given a divisor $d$ of the order of the group, does there always exist a subgroup of order $d$ ? A group where this property holds is called a converse Lagrange theorem (CLT) group. The answer is no in general. However, there are specific cases where the existence of a subgroup is guaranteed. Cauchy's theorem states that for every group $G$ (non-necessarily abelian) of finite order and every prime divisor $p$ of $∣ G ∣,$ $G$ has a subgroup of order $p .$ Cauchy's theorem is a special case of Sylow's (first) theorem.

Here, we will only prove it in the easier case where $G$ is abelian. Actually, a more general result (that will follow easily from the fundamental theorem of finite abelian groups) is that any finite abelian group is CLT. In other words, for a finite abelian group of order $n,$ the existence of a subgroup of order $d$ is guaranteed for any divisor $d$ of $n,$ not only for prime divisors.

Theorem 5.4 (Cauchy's Theorem, Abelian Case). Let $G$ be an abelian group of finite order $n .$ Then, for every prime divisor $p$ of $n,$ there exists a subgroup of $G$ of order $p$ (or, equivalently, there exists an element of $G$ of order $p) .$

Proof

The equivalence between the two conclusions follows from the fact that a group of prime order is necessarily cyclic.

Let ${a_{1}, \dots, a_{r}}$ be a generating set of $G$ and for $i \in {1, \dots, r}$ let $n_{i}$ denote the order of $a_{i} .$ Consider the mapping $f : ⟨ a_{1} ⟩ \times \dots \times ⟨ a_{r} ⟩ \to G$ defined by $f (x_{1}, \dots, x_{r}) = x_{1} \dots x_{r} .$ Since $G$ is abelian, it is a group homomorphism. Moreover, since ${a_{1}, \dots, a_{r}}$ is a generating set, $f$ is surjective (indeed, by definition of a generating set of an abelian group, any element $y \in G$ can be written as $y = a_{1}^{k_{1}} \dots a_{r}^{k_{r}}$ for some integers $k_{1}, \dots, k_{r} \in Z$ and for each $i \in {1, \dots, r},$ $a_{i}^{k_{i}} \in ⟨ a_{i} ⟩) .$ By the First Isomorphism Theorem, $G$ is isomorphic to $(⟨ a_{1} ⟩ \times \dots \times ⟨ a_{r} ⟩) / ker (f),$ which implies that $∣ G ∣ \cdot ∣ ker (f) ∣ = ∣ ⟨ a_{1} ⟩ \times \dots \times ⟨ a_{r} ⟩ ∣ = n_{1} \dots n_{r},$ and hence $n = ∣ G ∣$ divides $n_{1} \dots n_{r} .$

Let $p$ be a prime divisor of $n .$ Then $p$ divides $n_{1} \dots n_{r}$ and hence $p$ divides $n_{i}$ for some $i \in {1, \dots, r} .$ Then we can write $n_{i} = k p$ and by Proposition 5.17, $a_{i}^{k}$ has order $n_{i} / g cd (n_{i}, k) = n_{i} / k = p,$ which concludes the proof.

Exponent of a Group

Let $G$ be a group. Consider the subset of $Z$ defined as ${k \in Z ∣ \forall a \in G, a^{k} = e} .$ One can easily check that this is a subgroup of $Z .$ Hence, by Proposition 5.24, there is a unique integer $m \in N$ such that this subgroup is equal to $m Z .$ This integer $m$ is called the exponent of $G .$ Equivalently, it is defined as the smallest positive integer $m \geq 1$ such that $\forall g \in G,$ $g^{m} = e .$ If no such integer exists, depending on the convention, $G$ is said to have exponent 0 or infinite exponent. A finite group of order $n$ necessarily has finite exponent $m$ satisfying $m ∣ n$ (since by Proposition 5.15, $a^{n} = e$ for every $a \in G$ and hence $n \in m Z) .$ Moreover, the order of any group element divides $m$ by Proposition 5.16. Conversely, a group with infinite exponent necessarily has infinite order. However, a group with finite exponent is not necessarily finite.

In the following, we prove that an abelian group with finite exponent $m$ always contains an element of order $m .$ This will be a key lemma for proving the fundamental theorem of finite abelian groups. Note that none of the three following propositions holds for a non-abelian group.

Proposition 5.26. Let $G$ be an abelian group and $a_{1}$ and $a_{2}$ be two elements of respective order $n_{1}$ and $n_{2}$ such that $g cd (n_{1}, n_{2}) = 1.$ Then the order of $a_{1} a_{2}$ is $n_{1} n_{2} .$ More generally, if $a_{1}, \dots, a_{r}$ are $r$ group elements of respective orders $n_{1}, \dots, n_{r}$ such that $g cd (n_{1}, \dots, n_{r}) = 1,$ then the order of $a_{1} \dots a_{r}$ is $n_{1} \dots n_{r} .$

Proof

Let $n$ be the order of $a_{1} a_{2} .$ Since $(a_{1} a_{2})^{n_{1} n_{2}} = (a_{1}^{n_{1}})^{n_{2}} (a_{2}^{n_{2}})^{n_{1}} = e,$ by Proposition 5.16, we have $n ∣ n_{1} n_{2} .$

On the other hand, since $(a_{1} a_{2})^{n} = e,$ one has $a_{1}^{n} = a_{2}^{- n}$ and hence $a_{1}^{n} \in ⟨ a_{2} ⟩ .$ This implies that $(a_{1}^{n})^{n_{2}} = a_{1}^{n n_{2}} = e,$ hence $n_{1} ∣ n n_{2} .$ But since $g cd (n_{1}, n_{2}) = 1,$ $n_{1} ∣ n .$ Symmetrically, one also has $n_{2} ∣ n .$ Since $g cd (n_{1}, n_{2}) = 1,$ this implies $n_{1} n_{2} ∣ n$ and hence $n = n_{1} n_{2} .$ The generalization can be proved by induction on $r .$

Proposition 5.27. Let $G$ be an abelian group and $a_{1}$ and $a_{2}$ be two elements of respective order $n_{1}$ and $n_{2} .$ Then there exists an element of $G$ of order $lcm (n_{1}, n_{2}) .$

Proof

Let $p_{1}^{r_{1}} \dots p_{t}^{r_{t}}$ be the prime factor decomposition of $lcm (n_{1}, n_{2}) .$ For each $i \in {1, \dots, t},$ $p_{i}^{r_{i}}$ divides either $n_{1}$ or $n_{2} .$ Say it divides $n_{1}$ (the reasoning is similar if it divides $n_{2}) .$ Then, by Proposition 5.17, $a_{1}^{n_{1} / p_{i}^{r_{i}}}$ has order $n_{1} / g cd (n_{1}, n_{1} / p_{i}^{r_{i}}) = p_{i}^{r_{i}} .$ Hence, for each $i \in {1, \dots, t},$ there exists an element $b_{i}$ of order $p_{i}^{r_{i}} .$ By Proposition 5.26, $b_{1} \dots b_{r}$ has order $p_{1}^{r_{1}} \dots p_{t}^{r_{t}} = lcm (n_{1}, n_{2}) .$

Proposition 5.28. Let $G$ be an abelian group of finite exponent $m .$ Then there exists an element of $G$ of order $m .$

Proof

By Proposition 5.16, the order of any group element divides $m .$ In particular, all group elements have order at most $m$ and hence there exists a group element of maximal order $m^{'} \leq m .$ Assume towards a contradiction that $m^{'} < m .$ If the order of every group element divides $m^{'},$ then for every $a \in G,$ $a^{m^{'}} = e,$ contradicting the minimality of $m .$ Otherwise, assume that there is a group element of order $m^{''}$ which does not divide $m^{'} .$ Then, by Proposition 5.27, there exists an element of order $lcm (m^{'}, m^{''}) > m^{'}$ contradicting the maximality of $m^{'} .$ Hence, it must be that $m = m^{'},$ which concludes the proof.

As a direct corollary, we have that a finite abelian group is cyclic if and only if its order is equal to its exponent.

Structure Theorem for Finite Abelian Groups

This section presents the fundamental theorem of finite abelian groups, sometimes called Kronecker theorem. As we will see, finite abelian groups can be "decomposed" in two ways. The equivalence between these two decompositions relies on the following theorem.

Theorem 5.5 (Chinese Remainder Theorem for Groups). Let $n_{1}$ and $n_{2}$ be two positive integers. Then $Z_{n_{1}} \times Z_{n_{2}} ≅ Z_{n_{1} n_{2}} ⟺ g cd (n_{1}, n_{2}) = 1.$

Proof

Assume that $g cd (n_{1}, n_{2}) = 1.$ Consider the mapping $f : Z \to Z_{n_{1}} \times Z_{n_{2}}$ defined by $f (z) = (z mod n_{1}, z mod n_{2}) .$ One can easily check that $f$ is a group homomorphism. Moreover, $z \in ker (f) \Leftrightarrow (n_{1} ∣ z) \land (n_{2} ∣ z) \Leftrightarrow n_{1} n_{2} ∣ z,$ where the last equivalence follows from $g cd (n_{1}, n_{2}) = 1.$ Hence, $ker (f) = n_{1} n_{2} Z .$ By the First Isomorphism Theorem, $Z_{n_{1} n_{2}} ≅ Z / n_{1} n_{2} Z$ is isomorphic to $im (f) .$ In particular, $∣ im (f) ∣ = ∣ Z_{n_{1} n_{2}} ∣ = n_{1} n_{2} = ∣ Z_{n_{1}} \times Z_{n_{2}} ∣,$ hence $im (f) = Z_{n_{1}} \times Z_{n_{2}} .$ Thus, $Z_{n_{1} n_{2}} ≅ Z_{n_{1}} \times Z_{n_{2}} .$

Conversely, assume that $g cd (n_{1}, n_{2}) = d > 1.$ By Proposition 5.22, $Z_{n_{1}} \times Z_{n_{2}}$ is not cyclic. As $Z_{n_{1} n_{2}}$ is cyclic, these two groups cannot be isomorphic.

Theorem 5.6 (Fundamental Theorem of Finite Abelian Groups). Let $G$ be a non-trivial finite abelian group. Then:

(primary decomposition): $G$ is isomorphic to a direct product of cyclic groups $Z_{p_{1}^{r_{1}}} \times \dots \times Z_{p_{t}^{r_{t}}},$ where the $p_{i}$ 's are (not necessarily distinct) primes and the $r_{i}$ 's are positive integers. This decomposition is unique up to the order of factors. The prime powers $p_{1}^{r_{1}}, \dots, p_{t}^{r_{t}}$ are called the elementary divisors of $G .$
(invariant factor decomposition): $G$ is isomorphic to a direct product of cyclic groups $Z_{n_{1}} \times \dots \times Z_{n_{ℓ}},$ where the $n_{i}$ 's are positive integers such that for $i = 1, \dots, ℓ - 1,$ $n_{i} ∣ n_{i + 1} .$ This decomposition is unique and $n_{ℓ}$ is the exponent of the group. The integers $n_{1}, \dots, n_{ℓ}$ are called the invariant factors of $G .$

Proof

TODO

Consider for example $Z_{6} \times Z_{15} .$ What are the primary and invariant factor decompositions of this group? By the Chinese remainder theorem, we have $Z_{6} \times Z_{15} = Z_{2 \times 3} \times Z_{3 \times 5} ≅ Z_{2} \times Z_{3} \times Z_{3} \times Z_{5} ≅ Z_{3} \times Z_{30} .$ The penultimate form is the primary decomposition, while the last form is the invariant factor decomposition.

The smallest abelian non-cyclic group is $Z_{2} \times Z_{2}$ of order 4, usually called the Klein group.

Proposition 5.29. A finite abelian group is cyclic if and only if $ℓ = 1$ in its invariant factor decomposition.

For an integer $n,$ one may ask how many different abelian groups of order $n$ there are, up to isomorphism. Let $π$ denote the partition function defined as follows: for an integer $n,$ $π (n)$ is the number of distinct ways of writing $n$ as a sum of positive integers, where the order of these integers does not matter. For example, $π (3) = 3$ since $3$ has $3$ partitions: $1 + 1 + 1,$ $1 + 2,$ and $3.$

Proposition 5.30 (Number of Finite Abelian Groups of Fixed Order). Let $n \geq 1$ be an integer and let its decomposition in prime factors be $n = p_{1}^{r_{1}} \dots p_{k}^{r_{k}} .$ Then the number of abelian groups of order $n,$ up to isomorphism, is $π (r_{1}) \dots π (r_{k}),$ where $π$ is the partition function. In particular, there is a unique abelian group of order $n$ up to isomorphism (namely $Z_{n})$ if and only if $n$ is square-free, i.e., $r_{1} = \dots = r_{k} = 1.$

For example, there is a unique (up to isomorphism) abelian group of order $15 = 3 \times 5,$ namely $Z_{3} \times Z_{5} ≅ Z_{15}$ (primary/invariant factor decomposition). On the other hand, there are two (up to isomorphism) abelian groups of order $12 = 2^{2} \times 3,$ namely $Z_{4} \times Z_{3} ≅ Z_{12}$ and $Z_{2} \times Z_{2} \times Z_{3} ≅ Z_{2} \times Z_{6} .$

Structure Theorem for Finitely Generated Abelian Groups

We now consider abelian groups which are finitely generated (but not necessarily of finite order).

Let $G$ be an abelian group. For $n \in N^{*},$ an element $a \in G$ is said to be an $n$ -torsion element if $a^{n} = e$ (or equivalently, if $a$ has finite order $k$ dividing $n) .$ An element $a \in G$ is said to be a torsion element if it has finite order.

Proposition 5.31. Let $G$ be an abelian group. Then the set of all $n$ -torsion elements of $G,$ denoted $G [n],$ is a subgroup called the $n$ -torsion subgroup of $G$ and the set of all torsion elements of $G,$ denoted $G_{T},$ is a subgroup called the torsion subgroup of $G .$

Proof

First, $e$ is clearly an $n$ -torsion element. Let $a$ and $b$ be two $n$ -torsion elements. Then $(a b^{- 1})^{n} = a^{n} (b^{n})^{- 1} = e e^{- 1} = e,$ hence $a b^{- 1}$ is an $n$ -torsion element. Hence $G [n]$ is a subgroup of $G$ by Proposition 5.5.

Similarly, $e$ is a torsion element. Let $a$ and $b$ be two torsion elements of order respectively $k$ and $ℓ .$ Then $(a b^{- 1})^{k ℓ} = a^{k ℓ} (b^{ℓ k})^{- 1} = e^{ℓ} (e^{k})^{- 1} = e .$ Hence $a b^{- 1}$ has finite order, i.e., it is a torsion element. Hence $G_{T}$ is a subgroup of $G .$

If $G = G_{T}$ then $G$ is called a torsion group (or periodic group). If $G = {0}$ then $G$ is said torsion-free.

Theorem 5.7 (Fundamental Theorem of Finitely Generated Abelian Groups). Let $G$ be a finitely generated abelian group. Let $G_{T}$ be the torsion subgroup of $G .$ Then $G_{T}$ is finite and abelian and there exists a free abelian subgroup $F$ such that $G = F \times G_{T} .$ In particular, there exists an integer $r \in N$ (called the free rank or simply rank of $G)$ and integers $n_{1}, \dots, n_{ℓ}$ with $n_{1} ∣ \dots ∣ n_{ℓ}$ such that $G ≅ Z^{r} \times Z_{n_{1}} \times \dots \times Z_{n_{ℓ}} .$ Integers $r$ and $n_{1}, \dots, n_{ℓ}$ are unique.

Proof

TODO

1: While the direct sum is the same as the direct product for a finite number of groups, this is not the case for a infinite number of groups. See this StackExchange question.

2: Sometimes cyclic is used for groups which are both monogenous and finite, which makes sense since for an infinite monogenous group such as $Z$ one never "cycles back" when computing $g, g^{2}, \dots$

Crypto Book (Work in Progress)

Groups

Contents

Basic Definitions

Additive/Multiplicative Notation

Repeated Group Operation

Direct Product

Subgroups

Cosets and Lagrange Theorem

Normal Subgroups

Quotient Groups

Homomorphisms and Isomorphisms

Group Generation

Properties of Cyclic Groups

Classification of Cyclic Groups

Cauchy's Theorem for Abelian Groups

Exponent of a Group

Structure Theorem for Finite Abelian Groups

Structure Theorem for Finitely Generated Abelian Groups