Translation:Disquisitiones Arithmeticae/Third Section

Recherches_arithmétiques

Article 45
The residues of the terms of a geometric progression starting from unity constitute a periodic series.

Let $a$ be relatively prime to $p.$  Then the geometric progression $1,$  $a,$  $a a,$  $a^3$  etc. has at least one term $a^{t},$  aside than the first term $1,$  which is congruent to unity modulo $p,$  and whose exponent $t$  is  $< p.$

Proof. Since the modulus $p$ is relatively prime to $a,$  and consequently is also relatively prime to any power of $a,$  no term of the progression will be $\equiv 0\pmod{p}$  but each of them will be congruent to one of the numbers $1,$  $2,$  $3 \dots p-1.$  Since the multitude of this series of numbers is $p-1,$  it is clear that if more than $p-1$  terms of the progression are considered, they cannot all have different minimal residues. So among the numbers $1,$ $a,$  $a^2,$  $a^3 \dots a^{p-1},$  at least two will be congruent. Therefore, letting $a^m\equiv a^n$ with $m>n,$  and dividing by $a^n$  (Art. 22), we obtain $a^{m-n}\equiv 1,$  where $m-n0.$  Q.E.D.

Ex. In the progression $1,$ $2,$  $4,$  $8$  etc., the first term congruent to unity modulo $13$  is $2^{12}=4096,$  but in the same progression modulo $23,$  we have $2^{11}=2048\equiv 1;$  similarly, $5^6 =15625\equiv 1\pmod{7}$  and $5^5 =3125\equiv 1\pmod{11}.$  Thus in some cases, the exponent of the power congruent to unity is smaller than $p-1,$  and in other cases, one must go all the way to the ${p-1}^{st}$  power.

Article 46
When the progression is continued beyond the term congruent to unity, one will find the same residues as those obtained from the beginning. Thus, if $a^t\equiv 1,$ we will have $a^{t+1}\equiv a,$  $a^{t+2}\equiv a^2$ etc., until we reach the term $a^{2t}$  whose minimal residue will again be $\equiv 1,$  and the period of residues will begin again. We will thus have a period of $t$ residues, which always repeats itself from the beginning as soon as it is finished; and no residues other than those in this period can occur in the entire progression. In general, we will have $a^{mt}\equiv 1$ and $a^{mt+n}\equiv a^n;$  which can be represented in our notation as follows:

If $r\equiv\rho\pmod{t},$ then $a^r\equiv a^\rho\pmod{p}.$ 

Article 47
This theorem provides an expeditious method of finding residues of powers, regardless of the magnitude of the exponent they are raised to, as soon as the power congruent to unity is known. If e.g. one asks for the remainder which arises upon dividing $3^{1000}$ by $13,$  then since $3^3\equiv 1\pmod{13},$  we have $t\equiv 3,$  and therefore, since $1000\equiv 1\pmod{3},$  we obtain $3^{1000}\equiv 3\pmod{13}.$

Article 48
If $a^t$ is the smallest power congruent to unity, (excluding $a^0 =1,$  a case which we do not consider), then the $t$  residues that make up the period will all be distinct, as can be easily seen from the demonstration in Art. 45. Then the proposition from Art. 46 can be reversed; namely, if $a^m\equiv a^n\pmod{p},$ we will have $m\equiv n\pmod{t}.$  For if $m$  and $n$  were incongruent modulo $t,$  their minimal residues $\mu$  and $\nu$  would be different. But $a^\mu\equiv a^m$ and $a^\nu\equiv a^n,$  hence $a^\mu\equiv a^\nu,$  meaning that all powers below $a^t$  would not be incongruent, contrary to the hypothesis.

So if $a^k\equiv 1\pmod{p},$ we will have $k\equiv 0\pmod{t},$  meaning that $k$  will be divisible by $t.$

So far we have only discussed moduli that are relatively prime to $a.$ We will now separately consider absolutely prime moduli, and establish a more general investigation on this foundation.

Article 49
On moduli which are prime numbers.

If $p$ is a prime number that does not divide $a,$  and $a^t$  is the smallest power of $a$  congruent to unity, the exponent $t$  will be $= p-1,$  or an aliquot part of $p-1.$

See Art. 45 for examples.

Since we have already proved that $t$ is $=p-1$  or $n$ ) we would have $a^{m-n}\equiv 1,$  and $m-n<t,$  which is absurd, since $a^t$  is the smallest power of $a$  congruent to unity (by hypothesis). Moreover, all numbers $\alpha,$ $\alpha',$  $\alpha''$ etc. are included in the series $1,$  $2,$  $3,$  $4\dots p-1,$  a series they do not exhaust when $t<p-1.$  We will denote by $(A)$  the complex of all these residues, which includes a total of $t$  terms.

II. Let $\beta$ be an arbitrary number from the series $1,$  $2,$  $3\dots p-1$  which is missing from $(A).$  Compute the products of $\beta$  with $\alpha,$  $\alpha',$  $\alpha$  etc., and let their minimal residues be $\beta,$  $\beta',$  $\beta$  etc., the number of which will also be $t.$  These residues will be distinct, both from each other and also from the numbers $\alpha,$  $\alpha',$  $\alpha$ etc. Indeed, if the former'' assertion were false, we would have $\beta a^m\equiv\beta a^n,$  and dividing by $\beta$  would give us $a^m\equiv a^n,$  contrary to what we have just demonstrated. If the latter were false, then we would have $\beta a^m\equiv a^n.$ When $m<n,$  this yields $\beta\equiv a^{n-m},$  i.e. $\beta$  would be congruent to one of the numbers $\alpha,$  $\alpha',$  $\alpha''$ etc., contrary to the hypothesis; and when $n<m,$  we will have, upon multiplying by $a^{t-m},$  $\beta a'\equiv a^{t+n-m}$  or, since $a^t\equiv 1,$  $\beta\equiv a^{t-(m-n)},$  which is the same absurdity. Letting $(B)$ denote the complex of the numbers $\beta,$  $\beta',$  $\beta''$  etc., whose multitude is $t,$  we now have $2t$  numbers from the series $1,$  $2,$  $3,$  $$ etc. $p-1.$  So, if $(A)$  and $(B)$  exhaust this series, then we have $t=\frac{p-1}{2}.$

III. If some are missing, let $\gamma$ be one of those. Multiply $\alpha,$ $\alpha',$  $\alpha$ etc., by $\gamma,$  let $\gamma,$  $\gamma',$  $\gamma$ etc., be the minimal residues of these products, and let $(C)$  denote the complex of all such residues. Then $(C)$ will include $t$  numbers taken from the series $1,$  $2,$  $3 \dots p-1,$  which are distinct from both each other and the numbers in $(A)$  and $(B).$  The first two assertions are proven as in II. For the third, if we had $\gamma a^m\equiv\beta a^n,$ we would obtain either $\gamma\equiv\beta a^{n-m},$  or $\gamma\equiv\beta a^{t+n-m},$  depending on whether $mn.$  In either case, $\gamma$  would be congruent to one of the numbers in $(B),$  contrary to the hypothesis. We will therefore have $3t$ numbers from the series $1,$  $2,$  $3\dots p-1,$  and if none are left over, then we will have $t=\frac{p-1}{3},$  and the theorem has been demonstrated.

IV. But if there are still some left over, we will arrive in the same way at a fourth complex of numbers $(D),$ and so on. Since the series $1,$ $2,$  $3 \dots p-1$  is finite, it will eventually be exhausted, and therefore $p-1$  will be a multiple of $t:$  thus $t$  will be an aliquot part of $p-1.$  Q.E.D.

Article 50
Fermat's Theorem.

Since $\frac{p-1}{t}$ is an integer, raising each member of the congruence $a^t\equiv 1\pmod{p}$  to the power $\frac{p-1}{t}$ shows that $a^{p-1}\equiv 1\pmod{p};$  that is, $a^{p-1}-1$  will always be divisible by $p,$  when $p$  is prime and does not divide $a.$ 

This theorem, which is remarkable both for its elegance and its great utility, is usually called Fermat’s theorem, after the name of the inventor. See ''Fermatii Opera Mathem. Tolosae 1679 fol. p.'' 163. Fermat did not provide a proof, although he claimed to have found one. Euler was the first to publish it in his dissertation entitled Theorematum quorundam ad numeros primos spectantium demonstratio, ''Comm. Ac. Pétrop. T.'' VIII. It is derived from the expansion of $(a+1)^p.$ From the form of the coefficients in this expansion, it is easy to deduce that $(a+1)^p-a^p-1$  is always divisible by $p,$  and consequently $(a+1)^p-(a+1)$  will be divisible by $p$  whenever $a^p-a$  is. Now since $1^p-1$ is always divisible by $p,$  $2^p-2$  will be as well; hence so will be $3^p-3,$  and generally $a^p-a.$  Therefore, if $p$  does not divide $a,$  $a^{p-1}-1$  will be divisible by $p.$  What we have just said is sufficient to understand the nature of the method. Lambert gave a similar proof in Actis Erudit. 1769, p. 109. But since the binomial expansion of a power seems alien to number theory, Euler provided another proof ''Comment. nov. Petr. T. VIII, p.'' 70. that exactly agrees with the one we have just presented. In the future, other proofs will be presented: here we will be content to give another one derived from the same principle as Euler’s. The following proposition, of which the theorem in question is only a particular case, will be useful for other investigations below.

Article 51
''If $p$ is a prime number, then the $p^{th}$  power of $a+b+c+$ etc. is

$$\equiv a^p+b^p+c^p+$$

etc. modulo'' $p.$

It is known that $(a+b+c+\text{ etc.})^p$ is composed of terms of the form $Pa^\alpha b^\beta c^\gamma$ etc. where we have $\alpha+\beta+\gamma+\text{ etc.} =p,$  $P$  being the number of permutations of $p$  objects, of which $\alpha,$  $\beta,$  $\gamma$  etc. are respectively equal to $a,$  $b,$  $c$  etc. But in Art. 41 above we have shown that this number is always divisible by $p,$ unless all the letters are equal to each other; i.e. unless one of the numbers $\alpha,$  $\beta,$  $\gamma$  etc., is $=p$  and the others are $=0.$  From this it follows that all the terms of the expansion, except $a^p,$  $b^p$  etc. are divisible by $p,$  and therefore $(a+b+c+\text{ etc.})^p \equiv a^p+b^p+c^p+\text{ etc.} \pmod{p}.$  If all the quantities $a,$  $b,$  $c$  etc. are assumed to be $=1,$  and their number is $k,$  then we will have $k^p \equiv k,$  as in the previous article.

Article 52
How many numbers generate a period whose multitude is a given divisor of $\,p-1.$

Since the divisors of $p-1$ are the only numbers that can serve as exponents for the smallest powers congruent to unity, one is led to ask whether all divisors of $p-1$  enjoy this property; and, when classifying all numbers not divisible by $p$  according to the exponent of their smallest power congruent to unity, how many there are for each exponent. We immediately observe that it suffices to consider positive numbers from $1$ to $p-1{:}$  for it is clear that congruent numbers must be raised to the same power to become congruent to unity, and therefore any number must be raised to the same exponent as its minimum positive residue. We must therefore investigate how the numbers $1, 2, 3\dots p-1$ are distributed among the factors of $p-1,$  in this respect.

For the sake of brevity, if $d$ is one of the divisors of $p-1,$  (among which which $1$  and $p-1$  are to be included), we will denote by $\psi d$  the multitude of positive numbers less than $p,$  whose $d^{th}$  power is the smallest power congruent to unity.

Article 53
In order to make ourselves more easily understood, we will first present an example. For $p=19,$ the numbers $1, 2, 3\dots 18$  are distributed among the divisors of $18$  as follows:

$$ \begin{array}{r|rrrrrr} 1&1.&&&&&\\ 2&18.&&&&&\\ 3&7,&11.&&&&\\ 6&8,&12.&&&&\\ 9&4,&5,&6,&9,&16,&17.\\ 18&2,&3,&10,&13,&14,&15. \end{array} $$

So in this case $\psi 1=1,$ $\psi 2=1,$  $\psi 3=2,$  $\psi 6=2,$  $\psi 9=6,$  $\psi 18=6.$  With a little attention, one can see that the multitude of numbers belonging to each exponent is equal to the multitude of numbers relatively prime to and not greater than that exponent. Equivalently, retaining the notation of Art. 39, we have $\psi d=\phi d.$  This observation can be proved in general, as follows.

I. If there is a number $a$ belonging to the exponent $d,$  i.e. one whose $d^{th}$  power is congruent to unity, and whose lower powers are incongruent, then its powers $a a,$  $a^3,$  $a^4 \dots a^d,$  or equivalently their minimal residues, will also have the property that their $d^{th}$  powers are congruent to unity. In other words, the minimal residues of the numbers $a,$ $a a,$  $a^3 \dots a^d,$  which are all distinct, will be roots of the congruence $x^d \equiv 1.$  Since this congruence can have no more than $d$  distinct roots, it is clear that the minimal residues of $a,$  $a^2,$  $a^3 \dots a^d,$  are the only numbers between $1$  and $p - 1$  whose $d^{th}$  powers are congruent to unity. Hence it follows that the numbers belonging to the exponent $d$ can be found among the minimal residues of the numbers $a,$  $a^2,$  $a^3 \dots a^d.$  Which these are, and what their multitude is, will now be determined. If $k$ is a number relatively prime to $d,$  then none of the powers of $a^k,$  with exponent $<d,$  will be congruent to unity. Indeed, suppose that $\frac{1}{k} \pmod{d} \equiv m$ (see Art. 31). Then we will have $a^{km} \equiv a,$ and thus if the $e^{th}$  power of $a^k$  were congruent to unity, with $e<d,$  then we would also have $a^{kme} \equiv 1,$  and consequently $a^e \equiv 1,$  contrary to the hypothesis. Hence it is clear that the minimal residue of $a^k$ belongs to the exponent $d.$  On the other hand, if $k$  had a common divisor $\delta$  with $d,$  then the minimal residue of $a^k$  would not belong to the exponent $d,$  since the $\frac{d}{\delta}^{th}$  power of $a^k$  is congruent to unity (for $\frac{kd}{\delta}$  is divisible by $d,$  or equivalently $\equiv 0 \pmod{d},$  and therefore $a^{\frac{kd}{\delta}} \equiv 1$ ). From this we conclude that there are as many numbers belonging to the exponent $d$ as there are numbers relatively prime to $d$  in the series $1,$  $2,$  $3, \dots, d.$  But it must be remembered that this conclusion is based on the supposition that there is already a number $a$  belonging to the exponent $d.$  Therefore, it remains doubtful whether every exponent has a number belonging to it, and the only conclusion we can draw is that $\psi d$  is either $=0$  or $=\phi d.$

Article 54
II. Let $d,$ $d',$  $d''$  etc. be the divisors of $p-1.$  Since the numbers $1,$  $2,$  $3 \dots p-1$  must be distributed among these divisors, we will have

$$\psi d + \psi d' + \psi d'' + \dots = p-1.$$

But (Art. 40) we have shown that

$$\phi d + \phi d' + \phi d'' + \dots = p-1,$$

and in the previous article we saw that $\psi d$ is less than or equal to $=\phi d.$  The same goes for $\psi d'$  and $\phi d',$  etc. Therefore, if one or more of the terms in the sequence $\psi d,$ $\psi d'',$  $$ etc., were less than the corresponding term in the sequence $\phi d,$  $\phi d',$  $$ etc., then the sum of the former could not be equal to the sum of the latter. Hence, we conclude that $\psi d$ and $\phi d$  are always equal to each other, regardless of the magnitude of $p-1.$

Article 55
The particular case of the previous proposition which most deserves our attention is the following: there always exist numbers such that none of their powers below the ${p-1}^{st}$ is congruent to unity, and indeed, there are as many between the $1^{st}$  and ${p-1}^{st}$  as there are numbers less than and relatively prime to $p-1.$  Since the demonstration of this theorem is by no means as obvious as it may appear to be at first sight, it is worth giving another demonstration which is slightly different from the previous one, especially because a diversity of methods often contributes a great deal to the elucidation of obscure matters.

First decompose $p-1$ into prime factors, so that $p-1=a^\alpha b^\beta c^\gamma$ etc., where $a,$  $b,$  $c$ etc. are distinct prime numbers. The proof of the theorem then proceeds according to the following steps:

I. We can always find a number $A$ (or several) belonging to the exponent $a^\alpha,$  and similarly numbers $B,$  $C$  etc. belonging to the exponents $b^\beta,$  $c^\gamma$  etc.,

II. The product of the numbers $A,$ $B,$  $C$  etc., or the minimal residue of this product, belongs to the exponent $p-1.$  This can be proved as follows.

I. Since the congruence $x^{\frac{p-1}{a}}\equiv 1\pmod{p}$ has degree $<p-1,$  it cannot be satisfied by all numbers in the series $1,$  $2,$  $3 \dots p-1.$   Therefore, we can find such a number $g$  which does not satisfy the congruence. If we then set $h = g^{\frac{p-1}{a}}$, I claim that the minimal residue of $h$ belongs to the exponent $a^\alpha.$

Indeed, it is clear that $h^{a^\alpha}$ is congruent to $g^{p-1},$  i.e. to unity, but $h^{a^{\alpha-1}}$  is congruent to $g^{\frac{p-1}{a}},$  which is not congruent to unity. No less will the powers $h^{a^{\alpha-2}},$ $h^{a^{\alpha-3}}$  be congruent to unity. But the exponent of the smallest power of $h$ which is congruent to unity, that is the exponent to which $h$  belongs, must be a divisor of $a^\alpha$  (Art. 48); and since $a^\alpha$  is only divisible by itself and by lower powers of $a,$  it necessarily follows that $a^\alpha$  will be the exponent to which $b$  belongs. It can be shown by a similar method that one can find numbers belonging to the exponents $b^\beta,$ $c^\gamma$ etc.

II. If we assume that the product of all numbers $A,$ $B,$  $C$  etc. does not belong to the exponent $p-1$  etc., but rather to a smaller exponent $t,$  then $t$  must be one of the divisors of $p-1$  (Art. 48), or in other words $\frac{p-1}{t}$  will be an integer greater than unity. It follows that this quotient will be one of the prime numbers $a,$ $b,$  $c$  etc., or at least divisible by one of them (Art. 17), e.g. by $a,$  as the reasoning would be the same for the others. Thus $t$ will divide $\frac{p-1}{a},$  and so the product $ABC$  etc., raised to the power $\frac{p-1}{a},$  would still be congruent to unity (Art. 46). But it is clear that all numbers $B,$ $C,$  $D$  etc. (except $A$ ) become congruent to unity when raised to the power $\frac{p-1}{a},$  since the exponents $b^\beta,$  $c^\gamma, $ etc. to which they belong, divide $\frac{p-1}{a}.$  Therefore

$$A^{\frac{p-1}{a}} B^{\frac{p-1}{a}} C^{\frac{p-1}{a}} \text{etc.} \equiv A^{\frac{p-1}{a}}\equiv 1,$$

so $a^\alpha$ must divide $\frac{p-1}{a}$  (Art. 48), i.e. $\frac{p-1}{a^{\alpha+1}}$  is an integer; but $\frac{p-1}{a^{\alpha+1}}\equiv \frac{b^{\beta}c^{\gamma}\text{etc.}}{a}$  is not an integer (Art. 15). Therefore our assumption cannot hold, i.e. the product $ABC$ etc. actually belongs to the exponent $p-1.$

This proof seems a bit longer than the first one, but it is more direct.

Article 56
This theorem provides us with a remarkable example of the circumspection needed in number theory, so as not to consider as proven things that are not. Lambert, refers to this proposition in the dissertation we have praised above, Acta Erudit. 1769 p. 127, but he says nothing about the necessity of proving it. No one has even attempted to do so, except the great Euler, ''Comment. nov. Ac. Petrop. T. XVIII, 1774, p. 85, Demonstrationes circa residua ex divisione potestatum per numeros primos resultantia''. See especially article 37, in which he extensively discussed the need to prove this proposition. However, the demonstration of this penetrating man has two defects; one is that he tacitly assumes, starting in article 31, that the congruence $x^n\equiv 1$ (translating his arguments into our notation) actually has $n$  different roots, while it was only demonstrated that this congruence cannot have more; the other is that he only deduces the formula of Art. 34 by induction.

Article 57
Primitive roots, bases, indices.

Following Euler, we will call the numbers that belong to the exponent $p-1$ primitive roots. So if $a$  is a primitive root, then all the minimal residues of the powers $a,$  $a^2,$  $a^3 \dots a^{p-1}$  will be distinct, from which one easily deduces that they all lie among the numbers $1,$  $2,$  $3 \dots p-1,$  which are in the same number as them, i.e. that every number not divisible by $p$  is congruent to some power of $a.$  This remarkable property is of great utility, and can considerably shorten the arithmetic operations related to congruences, in much the same way that the introduction of logarithms shortens the operations of ordinary arithmetic. We will take an arbitrarily chosen primitive root $a$ as the base, to which we will refer all numbers not divisible by $p,$  and if $a^e\equiv b\pmod{p},$  we will call $e$  the index of $b.$  E.g. for the modulus $19,$  if we take the primitive root $2$  as the base, then $$ \begin{matrix} &\text{the numbers} & 1& 2& 3& 4& 5& 6& 7& 8& 9& 10& 11& 12& 13& 14& 15& 16& 17& 18 \\ &\text{have indices} & 0& 1& 13& 2& 16& 14& 6& 3& 8& 17& 12& 15& 5& 7& 11& 4& 10& 9 \end{matrix} $$

Moreover, it is clear that for a given base each number has several indices, but these are all congruent modulo $p-1;$ thus indices which are congruent modulo $p-1$  will be considered equivalent, just as numbers are considered equivalent when they are congruent modulo $p.$

Article 58
Algorithm for computing indices.

The theorems concerning indices are precisely analogous to those concerning logarithms.

The index of a product of any number of factors is congruent to the sum of the indices of the different factors, modulo $p-1.$ 

The index of a power of a number is congruent, modulo $p-1,$ to the product of the exponent by the index of the given number.

We omit the proofs because of their simplicity.

Thus if we wanted to construct a table that gives the indices of all numbers for various moduli, then all numbers larger than the modulus and all composite numbers could be omitted. An attempt at such a table can be found at the end of this work (Tab. I). The prime numbers and powers of prime numbers from $3$ to $97,$  which are to be regarded as moduli, can be found in the first column. The numbers taken as bases are in the nexdt column; then follow the indices of successive prime numbers, which are written in groups of five each; at the top are the prime numbers arranged in the same order, so that one can easily find the index that corresponds to a given prime number, for a given modulus.

E.g. if $p=67,$ then the index of the number $60,$  with $12$  taken as the base, will be

$$\equiv 2\operatorname{Ind.} 2+\operatorname{Ind.} 3+\operatorname{Ind.}5\equiv{58}+9+39\equiv 40 \pmod{66}$$

Article 59
The index of the value of any expression $\frac{a}{b}\pmod{p},$ (Art. 31) is congruent modulo $p-1$  to the difference of the indices of the numerator $a$  and the denominator $b,$  provided that the numbers $a$  and $b$  are not divisible by $p.$

Let $c$ be any value of this expression; we will have $bc\equiv a\pmod{p};$  hence

$$\operatorname{Ind.} b+\operatorname{Ind.} c\equiv\operatorname{Ind.} a\pmod{p-1},$$

and therefore

$$\operatorname{Ind.} c\equiv\operatorname{Ind.} a-\operatorname{Ind.} b.$$

Therefore, if we have two tables, one giving the indices corresponding to each number for some modulus, and the other giving the numbers corresponding to given indices, then we can easily solve all linear congruences, since they can always be reduced to others with prime moduli (Art. 30). E.g. for the congruence

$$29x+7\equiv 0\pmod{47}$$

we have

$$x\equiv\tfrac{-7}{29}\pmod{47}$$

Thus,

$$\operatorname{Ind.} x\equiv\operatorname{Ind.}-7-\operatorname{Ind.}{29}\equiv\operatorname{Ind.} 40-\operatorname{Ind.} 29\equiv 15-43\equiv 18\pmod{46};$$

Now $3$ is the number with index $18;$  therefore $x\equiv 3\pmod{47}.$  We have not added the second table; but another can be used in its place, as we will show in Sect. VI.

Article 60
On the roots of the congruence

Just as we introduced notation for the roots of first degree congruencesin Art. 31, in what follows we will introduce another sign for the roots of pure congruences of higher degrees. Just as the symbol $\sqrt[n]{A}$ represents nothing other than a root of the equation $x^n\equiv A,$  so will the symbol ${\sqrt[n]{A}}\pmod{p}$  represent an arbitrary root of the congruence $x^n\equiv A\pmod{p}.$  Thus we will say that the expression ${\sqrt[n]{A}}\pmod{p}$  has as many values as it has incongruent ones modulo $p,$  because all those congruent modulo $p$  must be considered equivalent (Art. 26). Furthermore, it is clear that if $A$ and $B$  are congruent modulo $p,$  then the expressions ${\sqrt[n]{A}}\pmod{p}$  and ${\sqrt[n]{B}}\pmod{p}$  will be equivalent.

Now if we take ${\sqrt[n]{A}}\equiv x\pmod{p},$ we will have $n\operatorname{Ind.} x\equiv\operatorname{Ind.} A\pmod{p-1}.$  From this congruence, and the rules of the previous section, we can deduce the values of $\operatorname{Ind.} x,$  and hence the corresponding values of $x.$  However, it is easy to see that $x$  has as many values as there are roots of the congruence $n \operatorname{Ind.} x\equiv\operatorname{Ind.} A \pmod{p-1}.$  Therefore, $\sqrt[n]{A}$  will have only one value when $n$  is coprime to $p-1,$  but when the greatest common divisor of $n$  and $p-1$  is $\delta,$  there will be $\delta$  incongruent values of $\operatorname{Ind.} x$  modulo $p-1,$  and consequently $\sqrt[n]{A}$  will have equally many incongruent values modulo $p,$  provided that $\operatorname{Ind.} A$  is divisible by $\delta.$  Without this condition, $\sqrt[n]{A}$  will have no real values.

For instance, if one seeks the values of the expression ${\sqrt[15]{11}}\pmod{19},$ one must solve the congruence $15\operatorname{Ind.} x\equiv\operatorname{Ind.} 11\equiv 6\pmod{18},$  from which one obtains three values $\operatorname{Ind.} x\equiv 4,$  $10,$  $16\pmod{18}.$  The values of $x$  corresponding to these are $6,$  $9,$  $4.$

Article 61
Although this method is very expedient when the necessary tables are available, we should not forget that it is indirect. So, it will be worthwhile to investigate how fruitful direct methods can be. We will now present some observations that can be deduced from the previous notions; others, which require more subtle considerations, will be reserved until Section VIII.

Let us begin with the simplest case, in which $A=1,$ or equivalently, in which one seeks the roots of the congruence $x^n\equiv 1\pmod{p}.$  Taking an arbitrary primitive root as the base, we have $\operatorname{Ind.} x\equiv 0\pmod{p-1}.$  When $n$  is relatively prime to $p-1,$  this congruence will have only one root, namely $\operatorname{Ind.} x\equiv 0\pmod{p-1}{:}$  so in this case ${\sqrt[n]{1}}\pmod{p}$  will have only one value, namely $\equiv 1.$  However, when $n$  and $p-1$  have $\delta$  as their greatest common divisor, the complete solution of the congruence $n\operatorname{Ind.} x\equiv 0\pmod{p-1}$  will be $x\equiv 0\pmod{\frac{p-1}{\delta}}$  (see Art. 29), i.e. $\operatorname{Ind.} x$  must be congruent to one of the numbers

$$0, \frac{p-1}{\delta}, \frac{2(p-1)}{\delta}, \frac{3(p-1)}{\delta}, \dots \frac{(\delta-1)(p-1)}{\delta}$$

modulo $p-1,$ and so will have $\delta$  incongruent values modulo $p-1;$  thus $x$  will also have $\delta$  distinct values (incongruent modulo $p.$ ). From this one can see that the expression ${\sqrt[\delta]{1}}\pmod{p}$ has $\delta$  distinct values, whose indices are the numbers listed above; therefore the expression ${\sqrt[\delta]{1}}\pmod{p}$  is entirely equivalent to the expression ${\sqrt[n]{1}}\pmod{p},$  i.e. the congruence $x^\delta\equiv 1\pmod{p}$  and the congruence $x^n\equiv 1\pmod{p}$  have the same roots; but the former will be of a lower degree unless $\delta =n.$

Ex. ${\sqrt[15]{1}}\pmod{19}$ has three values, because $3$  is the greatest common divisor of $15$  and $18;$  these will also be the values of the expression ${\sqrt[3]{1}}\pmod{19}.$  The three values are $1,$  $7,$  $11.$

Article 62
This reduction offers us a great advantage, since we no longer need to solve congruences of the form $x^n \equiv 1 \pmod{p}$ other than those where $n$  is a divisor of the reduced module by unity. Later we will show that congruences of this form can be reduced even further, although the method above is insufficient to do so. However, there is one case that we can fully address here, namely the case $n=2.$ Indeed, it is clear that the values of the expression ${\sqrt[2]{1}}\pmod{p}$  will always be $+1$  and $-1,$  since it cannot have more than two values, and $+1$  and $-1$  are incongruent, unless the modulus is $=2,$  in which case it is clear that $\sqrt[2]{1}$  will only have  one value. It follows that $+1$ and $-1$  are also the values of the expression ${\sqrt[2m]{1}}\pmod{p},$  whenever $m$  is relatively prime with $\frac{p-1}{2}.$  This will happen for any modulus such that $\frac{p-1}{2}$  is an absolutely prime number (unless $p-1=2m,$  in which case all numbers $1,$  $2,$  $3\dots p-1$  are roots) e.g. when $p=3,$  $5,$  $7,$  $11,$  $23,$  $47,$  $59,$  $83,$  $107$  etc. As a corollary, we observe that the index of $-1$  is always $\equiv \frac{p-1}{2}\pmod{p-1},$  regardless of the primitive root chosen as the base. Indeed, $2\operatorname{Ind.}(-1)\equiv 0\pmod{p-1}.$ Thus $\operatorname{Ind.}(-1)$  will either be $\equiv 0$  or $\equiv \frac{p-1}{2}:$  but $0$  is always the index of $+1,$  and $+1$  and $-1$  always have different indices (except in the case where $p=2,$  which is not worth considering here).

Article 63
We have shown (Art. 60) that the expression ${\sqrt[n]{A}}\pmod{p}$ either has $\delta$  different values or none at all, if $\delta$  is the greatest common divisor of  $n$  and $p-1.$  Just as we found that $\sqrt[n]{A}$  and $\sqrt[\delta]{A}$  were equivalent when $A\equiv 1,$  we will prove more generally that the expression $\sqrt[n]{A}$  can always be reduced to another equivalent expression $\sqrt[\delta]{B}$. Let $x$ denote any value such that $x^n\equiv A,$  and let  $t$  denote any value of the expression $\frac{\delta}{n}\pmod{p-1},$  which will always have real values, as we saw in Art. 31. Then we will have $x^{tn}\equiv A^t;$ but because $tn\equiv\delta\pmod{p-1},$  we will have $x^{tn}\equiv x^\delta.$  Thus $x^\delta\equiv A^t,$  and therefore any value of $\sqrt[n]{A}$  will also be a value of $\sqrt[\delta]{A^t}.$  So, whenever $\sqrt[n]{A}$  has real values, it will be precisely equivalent to the expression $\sqrt[\delta]{A^t},$  since it can neither have different nor fewer values, although it is true that $\sqrt[\delta]{A^t}$  can have real values without necessarily $\sqrt[n]{A}$  having them.

Ex. To find the values of the expression ${\sqrt[21]{2}}\pmod{31},$ we observe that the greatest common divisor of the numbers $21$  and $30$  is $3,$  and $3$  is a value of $\frac{3}{21}\pmod{30},$  so if $\sqrt[21]{2}$  has real values, it will be equivalent to the expression $\sqrt[3]{2^3}$  or $\sqrt[3]{8},$  and indeed we find that the values of the latter are $2,$  $10,$  and $19,$  which also satisfy the former.

Article 64
In order to not undertake this operation unnecessarily, we must look for rules by which we can immediately deduce whether $\sqrt[n]{A}$ admits real values or not. If we have a table of indices, the matter is easy, because it is clear from Art. 60 that $\sqrt[n]{A}$ will have real values whenever the index of  $A$  is divisible by $\delta,$  no matter which primitive root is taken as the base, and otherwise it will not have real values. However, we can also discover this without the help of this table. If $k$ is the index of $A,$  and $k$  is divisible by $\delta,$  then $\frac{k(p-1)}{\delta}$  will be divisible by $p-1,$  and vice versa. But the index of the number $A^{\frac{p-1}{\delta}}$ is $\frac{k(p-1)}{\delta}.$  Therefore, if ${\sqrt[n]{A}}\pmod{p}$  has real values, $A^{\frac{p-1}{\delta}}$  will be congruent to unity, and otherwise it will not be congruent to unity. Thus in the example of the previous article, we have $2^{10} = 1024\equiv 1\pmod{31},$ from which we conclude that ${\sqrt[21]{2}}\pmod{31}$  has real values. Similarly, we see from this that ${\sqrt[2]{-1}}\pmod{p}$ always has two real values when $p$  is of the form $4m+1,$  and has none when $p$  is of the form $4m+3;$  for $(-1)^{2m}=1$  and $(-1)^{2m+1}=-1.$  This elegant theorem, which is usually stated as follows: If $p$  is a prime number of the form $4m+1,$  then we can find a square $a a$  such that $a a+1$  is divisible by $p;$  but if $p$  is of the form $4m-1,$  no such square can be found, was demonstrated in this way by Euler, ''Comm. nov. Acad. Petrop. T. XVIII, p.'' 112, in 1773. He had given another proof of it much earlier, ''Comm. nov. T. V, p''. 5, which came out in 1760. In an earlier dissertation (T. iv, p. 25), he had not yet reached the goal. Lagrange later also provided a proof of this theorem, ''Nouveaux Mém. de l’Ac. de Berlin, 1775, p.'' 342. We will present yet another proof in the following section, in which this topic will be treated properly.

Article 65
After examining how one can reduce all expressions ${\sqrt[n]{A}}\pmod{p}$ to others in which $n$  is a divisor of $p-1,$  and after finding a criterion which allows to recognize whether there are real roots or not, let us consider with more care the expressions ${\sqrt[n]{A}}\pmod{p},$  where $n$  is a divisor of $p-1.$  We will first discuss the relationship between the different values of this expression, and then we will indicate some tricks through which one can often find one of the values.

First, when $A\equiv 1,$ and $r$  is one of the $n$  values of the expression ${\sqrt[n]{1}}\pmod{p},$  or equivalently $r^n\equiv 1\pmod{p},$  then all powers of $r$  will also be values of this expression; and there will be as many different values as there are units in the exponent to which $r$  belongs (Art. 48). So, if $r$ is a value belonging to the exponent $n,$  then its powers $r,$  $r^2,$  $r^3 \dots r^n$  (where the last can be replaced with unity) will include all values of the expression ${\sqrt[n]{1}}\pmod{p}.$  We will explain in more detail in section VIII how one can find these values belonging to the exponent $n.$

Second, when $A$ is not congruent to unity, and one knows a value $z$  of the expression ${\sqrt[n]{A}}\pmod{p},$  then the other values can be found as follows. Let

$$1, r, r^2 \dots r^{n-1}$$

be the values of the expression $\sqrt[n]{1}.$ Then

$$z, zr, zr^2 \dots zr^{n-1}$$

will be the values of $\sqrt[n]{A}.$ For it is clear that all these numbers satisfy the congruence $x^n\equiv A.$  Indeed, if one of them is $\equiv zr^k$, then since $r^k\equiv 1$  and $z^n\equiv A,$  its $n^{th}$  power $z^nr^{nk}$  will be congruent to $A:$  from Art. 23 it is easy to see that all these values are distinct; thus the expression $\sqrt[n]{A}$ cannot have other values, as it cannot have more than $n.$  For example, if one value of $\sqrt[2]{A}$  is $z,$  then the other will be $-z.$  From all of this, it must be concluded that one cannot find all the values of $\sqrt[n]{A}$  unless one also has all the values of $\sqrt[n]{1}.$

Article 66
The second topic that we had promised to discuss was how to determine when a single value of the expression ${\sqrt[n]{A}}\pmod{p}$ (where $n$  is assumed to be a divisor of $p-1$ ) can be found directly. This occurs whenever there is a value congruent to a power of $A,$ and since this case is very common, it is appropriate to dwell on it briefly. Let $z$ be this value, if it exists, so that $z\equiv A^k$  and $z^n\equiv A\pmod{p}.$  Then we have $A \equiv A^{kn};$  and if one can determine $k$  in such a way that this condition is satisfied, then $A^k$  will be the required value; but the previous condition is equivalent to $kn\equiv 1\pmod{t},$  where $t$  is the exponent to which $A$  belongs (Art. 46, 48). If $n$ and $t$  are relatively prime, then it is possible to solve this congruence, and indeed we will have $k={\frac{1}{n}}\pmod{t};$  on the other hand, if $t$  and $n$  have a common divisor, then no value of $z$  will be congruent to any power of $A.$

Article 67
Since the above solution requires us to know the number $t,$ let us see how to proceed when it is not known. First of all, it is easy to see that $t$ must be a divisor of $\frac{p-1}{n},$  provided that ${\sqrt[n]{A}}\pmod{p}$  has real values, which we assume here. Let $y$ be any of these values. Then we will have $y^{p-1}\equiv 1,$ and $y^n\equiv A\pmod{p};$  raising both parts of the latter congruence to the $\frac{p-1}{n}^{th}$  power, we find that $A^{\frac{p-1}{n}}\equiv 1;$  therefore $\frac{p-1}{n}$  is divisible by $t$  (Art. 48). Now if $\frac{p-1}{n}$ is relatively prime to $n,$  then the congruence $kn\equiv 1$  can be solved modulo $\frac{p-1}{n},$  and it is clear that any value of $k$  that satisfies this congruence will satisfy the same congruence modulo $t,$  this being a divisor of $\frac{p-1}{n}$  (Art. 5), and thus we have found what we were looking for. On the other hand, if $\frac{p-1}{n}$ is not relatively prime to $n,$  then we first remove all prime factors of $\frac{p-1}{n}$  which also divide $n$. From this we obtain a number $\frac{p-1}{nq},$ which is relatively prime to $n,$  where $q$  denotes the product of the remaining prime factors of $\frac{p-1}{n}.$  Then if the condition that $t$  is relatively prime to $n$  holds, $t$  will also be relatively prime to $q,$  and therefore it will divide $\frac{p-1}{nq}.$  If we now solve the congruence $kn\equiv 1\pmod{\frac{p-1}{nq}}$  (which is possible because $n$  and $\frac{p-1}{nq}$  are relatively prime), then the value we find for $k$  will satisfy the same congruence modulo $t,$  as required. The art here lies in finding a number that can replace $t,$ which we do not know. However, we must be mindful of the fact that when $\frac{p-1}{n}$ is not relatively prime to $n,$  the condition assumed in the previous article is not met, and all of the resulting conclusions are false; and if by blindly following the rules, we find a value for $z$  whose $n^{th}$  power is not congruent to $A,$  this merely shows the condition does not hold, and therefore the method is not applicable.

Article 68
But even in this case, it is often useful to carry out the above procedure, and it is well worth the effort, because the resulting false values may be related to true ones. Indeed, suppose that the numbers $k$ and $z$  have been thus determined, but $z^n$  is not $\equiv A\pmod{p}.$  Then if the values of ${\sqrt[n]{\frac{A}{z^n}}}\pmod{p}$  could be determined, multiplying these different values by $z$  would give those of ${\sqrt[n]{A}}.$  Indeed, if $\nu$  is a value of $\sqrt[n]{\frac{A}{z^n}},$  we will have $\nu^n z^n\equiv A;$  but the expression $\sqrt[n]{\frac{A}{z^n}}$  is simpler than $\sqrt[n]{A},$  because $\frac{A}{z^n}$  usually belongs to a smaller exponent than $A.$  Namely, if $d$  is the greatest common divisor of $t$  and $q,$  then $\frac{A}{z^n}\pmod{p}$  will belong to the exponent $d,$  which can be demonstrated as follows. Substituting the value $z \equiv A^k$ gives $\frac{A}{z^n} \equiv \frac{1}{ A^{kn-1}} \pmod{p};$  but $kn-1$  is divisible by $\frac{p-1}{nq}$  (by the previous article), and $\frac{p-1}{n}$  is divisible by $t$  (ibid.), or equivalently $\frac{p-1}{nd}$  is divisible by $\frac{t}{d}.$  Also, $\frac{t}{d}$  is relatively prime to $\frac{q}{d};$  thus $\frac{p-1}{nd}$  is divisible by $\frac{tq}{dd},$  or equivalently $\frac{p-1}{nq}$  is divisible by $\frac{t}{d},$  and therefore $kn-1$  is divisible by $\frac{t}{d},$  or equivalently $(kn-1)d$  is divisible by $t.$  Thus $A^{(kn-1)d}\equiv 1\pmod{p};$  from which it easily follows that $\frac{A}{z^n}$  raised to the $d^{th}$  power is congruent to unity. It would be easy to show that $\frac{A}{z^n}$ cannot belong to an exponent smaller than $d,$  but since this is not required for our purposes, we will not dwell on it. We are thus certain that $\frac{A}{z^n}\pmod{p}$ always belongs to a smaller exponent than that of $A,$  except in the case where $q$  divides $t$, and therefore $d=t.$

Now how does it help, when $\frac{A}{z^n}$ belongs to a smaller exponent than $A$ ? More numbers are possible for $A$ than there are for $\frac{A}{z^n},$  so when we have occasion to solve many expressions of the form $\sqrt[n]{A},$  following the same modulus, we gain the ability to draw several solutions from the same source. So e.g. we can always find at least one value of ${\sqrt[n]{A}} \pmod{29},$ given only the values of ${\sqrt[2]{-1}} \pmod{29},$  which are $\pm 12.$  Indeed, it is easy to see, from the previous articles, that we will determine a value directly when $t$  is odd, and that $d$  will be $=2$  when $t$  is even; but only $-1$  belongs to the exponent $2.$

Examples. Suppose we want to find ${\sqrt[3]{31}}\pmod{37}.$ Here we have $p-1=36,$  $n=3,$  $\frac{p-1}{n}=12,$  and hence $q=3:$  so we must have $3k\equiv 1\pmod{4},$  from which we obtain $k\equiv 3.$  Therefore $z\equiv 31^3 \equiv 6 \pmod{37},$  and indeed we find that $6^3\equiv 31\pmod{37}.$  Given the values of the expression ${\sqrt[3]{1}}\pmod{37}$, we could also determine the remaining values of the expression $\sqrt[3]{31}.$  In fact, the values of ${\sqrt[3]{1}}\pmod{37}$  are $1,$  $10,$  $26;$  and multiplying these by $6$  we obtain $6,$  $23,$  $8.$

Now suppose we want to find the values of expression ${\sqrt[2]{3}}\pmod{37}.$ Then we have $p-1=36,$  $n=2;$  $\frac{p-1}{n}=18,$  therefore $q=2.$  Hence we must have $2k\equiv 1\pmod{9},$  from which we obtain $k\equiv 5.$  Therefore $z\equiv 3^5\equiv 21\pmod{37};$  but $21^2$  is not congruent to $3,$  but rather $34;$  so we have ${\frac{3}{34}}\pmod{37}\equiv-1$  and ${\sqrt[2]{-1}}\pmod{37}\equiv\pm 6;$  thus we obtain the correct values $\pm 6\cdot 21\equiv\pm 15.$

This is all we are able to present here on solving these expressions. It is clear that direct methods will often escape from being too verbose; but this inconvenience applies to almost all direct methods in number theory, so we did not wish to neglect to show how much they can achieve here. It is also worth noting that it was not our intention to explain individually the specific techniques that often present themselves to the experienced practitioner.

Article 69
Relationships between indices in different systems.

We now return to the roots we have called primitive. We have shown that, if we take an arbitrary primitive root as a base, then all numbers whose indices are relatively prime to $p-1$ will also be primitive roots, and that there are no others: from this we have deduced the number of such roots. See Art. 53. Since the choice of the base we take is generally arbitrary, we see that here, as with logarithms, we can have many different systems. Let us look for the relations that link them together. Let $a$ and $b$  be two primitive roots, and $m$  another number. Suppose that the index of $b$ is $=\beta$  and the index of $m$  is $\equiv\mu\pmod{p-1}$  when $a$  is taken as base. On the other hand, let $\operatorname{Ind.} a\equiv\alpha \pmod{p-1}$ and $\operatorname{Ind.} m\equiv\nu\pmod{p-1}$  when $b$  is taken as the base. Then we will have $\alpha\beta \equiv 1 \pmod{p-1};$ indeed $a^\beta\equiv b,$  so $a^{\alpha\beta} \equiv b^\alpha\equiv a \pmod{p}$ (by hypothesis), hence $\alpha\beta\equiv 1\pmod{p-1}.$  By similar reasoning, we find that $\nu\equiv\alpha$  and $\mu\equiv\beta\nu\pmod{p-1}.$  Therefore, if we have created an index table for the base $a,$  we can easily change it to another one with base $b.$  Indeed, if the index of $b$  is $\equiv\beta$  for the base $a$, then the index of $a$  will be $\equiv\frac{1}{\beta}\pmod{p-1}$  for the base $b,$  and by multiplying all of the indices in the table by this number, we will have all the indices for the base $b.$

Article 70
However, although a given number may have many different indices, depending on which primitive root is taken as the base, all of these indices will have a common property, that their greatest common divisor with $p-1$ is the same. In fact, if the index of a given number is $m$ for the base $a$  and $n$  for base $b,$  and if the greatest common divisors $\mu,$  $\nu$  of these indices with $p-1$  are assumed to be different, e.g. $\mu >\nu,$  then $\mu$  will not divide $n.$  On the other hand, if $\alpha$  denotes the index of $a$  for the base $b,$  then we will have (by the previous article) $n\equiv\alpha m\pmod{p-1},$  and hence $\mu$  will divide $n.$  Q.E.A.

We can also show that this common divisor of the indices of a given number and $p-1$ is independent of the base by observing that it is equal to $\frac{p-1}{t},$  where $t$  is the exponent to which the number belongs. Indeed, if the index is $k$ for any base, then as we saw in Arts. 48, 58, $t$ will be the smallest number (excluding zero), that when multiplied by $k,$  gives a product divisible by $p-1,$  or equivalently it will be the smallest value of the expression $\frac{0}{k}\pmod{p-1}$  except for zero; but it is easy to deduce from Art. 29 that this value is the greatest common divisor of the numbers $k$ and $p-1.$

Article 71
It is easy to show that one can always find a base such that a number belonging to the exponent $t$ has a given index, as long as the greatest common divisor of this index and $p-1$  is $=\frac{p-1}{t}.$   For the sake brevity, denote this divisor by $d,$  let the index be $\equiv dm,$  and let $dn$  be the index of the given number when some primitive root $a$  is chosen as the base. Then $m$ and $n$  will be relatively prime to $\frac{p-1}{d}$, i.e. to $t.$  Now if $\varepsilon$  is a value of the expression $\frac{dn}{dm}\pmod{p-1},$  which is also relatively prime to $p-1,$  then $a^\varepsilon$  will be the desired primitive root, because we will have $a^{\varepsilon dm}\equiv a^{dn}\equiv$  the proposed number $\pmod{p},$  as desired. But it can be shown that the expression $\frac{dn}{dm}\pmod{p-1}$ admits arbitrary values coprime to $p-1.$  Indeed, it is equivalent to $\frac{n}{m}\pmod{\frac{p-1}{d}}$  or $\frac{n}{m}\pmod{t},$  as we saw in Arts. 2, 31, and all such values will be coprime with $t;$ for if one such value $e$  had a common divisor with $t,$  this divisor would also have to divide $me,$  and consequently it would divide $n,$  which is congruent to $me$  modulo $t,$  contrary to the hypothesis that $n$  is relatively prime to $t.$  Thus, when all the prime divisors of $p-1$  also divide $t,$  all values of the expression $\frac{n}{m}\pmod{t}$  will be relatively prime to $p-1,$  and their multitude will be $=d;$  but when $p-1$  still contains other prime factors $f,$  $g,$  $h$  etc. which do not divide $t,$  let $e$  be an arbitrary value of $\frac{n}{m}\pmod{t}.$   Then since $t,$  $f,$  $g,$  $h$ etc. are mutually relatively prime, one can find a number $\varepsilon,$  which is congruent to $e$  modulo $t,$  and which is congruent modulo $f,$  $g,$  $h$  etc. to arbitrary given numbers that are relatively prime to the corresponding modulus (Art. 32). Such a number will not be divisible by any factor of $p-1,$ and thus will be relativley prime with it, as required. It can be easily shown from the theory of combinations that the number of these values is $\frac{p-1}{t} \cdot \frac{f-1}{f} \cdot \frac{g-1}{g} \cdot \frac{h-1}{h} $ etc.; but we omit this demonstration, which will not be necessary for us.

Article 72
Bases adapted to particular purposes.

Although in general one can arbitrarily choose any primitive root as a base, certain particular advantages may make one base preferred over another. In Table I we have always taken $10$ as the base when it was a primitive root, and in other cases we have chosen the base in such a way that the index of the number $10$  was as small as possible, i.e. so that it would be $=\frac{p-1}{t},$  where $t$  is the exponent to which $10$  belongs. The advantage of this will be recognized in Sect. VI, where the same table will be used for other purposes. But since this still leaves a degree of arbitrariness, as we saw in the previous article, we have always chosen, among all primitive roots that satisfy this requirement, the smallest one as the base. So, for $p=73,$ we have $t=8,$  $d=9,$  and $a^\varepsilon$  has $\frac{72.2}{8.3},$  i.e. 6 values, which are $5,$  $14,$  $20,$  $28,$  $39,$  $40.$  We have therefore chosen $5$  to be the base.

Article 73
Method for finding primitive roots.

Most of the methods used to find primitive roots rely largely on trial and error. If we combine what we have said in Art. 55 with what we will say below about solving the congruence $x^n\equiv 1,$ then we will have almost everything that can be done using general methods. Euler admits (Opuscula analyt. T. i, p. 152.) that it seems extremely difficult to determine these numbers, and that their nature must be considered as one of the most thorny points of number theory. However, they can be found quite easily using the following method. Experienced individuals can easily shorten the calculation by using various tricks; but these are better learned by practice than by rules.

1st. Choose an arbitrary number $a,$ (often the calculation becomes simpler when one chooses $a$  as small as possible, e.g. $2;$ ) which is relatively prime to the given modulus $p$  (we will always denote the modulus with this letter), and determine its period (Art. 46), i.e. the minimal residues of its powers up to the first  power $a^t$  which has $1$  as its minimal residue. If $t=p-1,$ then $a$  is a primitive root.

2nd. On the other hand, if $t<p-1,$ one can choose another number $b$  that is not in the period of $a,$  and determine its period in exactly the same way. Letting $u$ denote the exponent to which $b$  belongs, it is easy to see that $u$  is neither equal to $t,$  nor one of its aliquot parts, for in both cases we would have $b^t\equiv 1,$  which is impossible, since the period of $a$  contains all numbers whose $t^{th}$  power is congruent to unity (Art. 53). Now, if $u$ is $=p-1,$  then $b$  will be a primitive root; but if $u$  is not $=p-1,$  but instead a multiple of $t,$  then we still have the advantage of knowing a number that belongs to a larger exponent, and thus we are closer to our goal, since we are looking for the number that belongs to the maximum exponent. Finally, if $u$ is neither $=p-1,$  nor a multiple of $t,$  we can find a number belonging to an exponent larger than $t$  and $u;$  namely, this exponent will be the least common multiple of $t$  and $u.$  Indeed, letting this $=y,$  we can decompose $y$  into two relatively prime factors $m$  and $n$, with the former dividing $t$  and the latter dividing $u$. If we set $a^{\frac{\epsilon}{m}} \equiv A$ and $b^{\frac{u}{n}} \equiv B \pmod{p},$  then $AB$  will belong to the exponent $y;$  it is easy to see that $A$  belongs to the exponent $m$  and $B$  to the exponent $n,$  and therefore the product $AB$  will belong to the exponent $mn,$  since $m$  and $n$  are relatively prime, as can be demonstrated by following exactly the procedure of Art. 55, II.

3rd. If $y=p-1,$ then $AB$  will be a primitive root; otherwise one can similarly find a third number which does not appear in the period of $AB;$  this number will either be a primitive root, or it will belong to an exponent $>y,$  or finally, it can be used to determine a number belonging to an exponent $>y.$  Since the numbers produced by repeating this operation belong to exponents which are always increasing, it is clear that one will eventually find a number that belongs to the maximum exponent $p-1,$  i.e. a primitive root, q.e.f.

Article 74
Let us clarify the above with an example. Let $p=73$ for which we seek a primitive root. Let us first try the number $2,$ whose period is

$$\begin{matrix} 1&2&4&8&16&32&64&55&37&1&\dots \\     0&1&2&3&4&5&6&7&8&9&\dots \end{matrix}$$

Therefore, since its $9^{th}$ power is congruent to unity, $2$  is not a primitive root. Let us try another number, which is not in the period of $2,$ e.g. $3,$  whose period is

$$\begin{matrix} 1 &3 &9 &27 & 8 & 24 & 72 & 70 &64 & 46 & 65 & 49 & 1 &\dots \\ 0 &1 &2 &  3 &  4&  5 &   6 &  7 &  8 &   9 & 10 & 11 & 12 &\dots \end{matrix}$$

So $3$ is also not a primitive root; but the least common multiple of the exponents to which $2$  and $5$  belong (i.e. the numbers $9$  and $12$ ), is $36,$  which can then be resolved into factors $m=9$  and $n=4,$  according to the rules from the previous article. Therefore, raising $2$ to the power $\frac{9}{9}=1,$  raising $3$  to the power $\frac{12}{4}=3,$  and taking the product, we obtain of $54,$  which will belong to the exponent $36.$  Finally, if we calculate the period of $54$  and try a number not contained in it, e.g. $5,$  we find that it is a primitive root.

Article 75
Various theorems on periods and primitive roots.

Before leaving this subject, we will present some propositions that do not seem unworthy of attention due to their simplicity.

The product of all terms in the period of any number is $\equiv 1$ when their multitude, or the exponent to which the number in question belongs, is odd, and $\equiv -1$  when the exponent is even.

Ex. For the modulus $13,$ the period of $5$  is composed of the terms $1,$  $5,$  $12,$  $8,$  whose product  $480\equiv-1\pmod{13}.$

For the same modulus, the period of $3$ is composed of the terms $1,$  $3,$  $9,$  whose product $27\equiv 1\pmod{13}.$

Proof. Letting $t$ be the exponent to which the number belongs, we can always find (Art.71) a base for which the index of the number is $\frac{p-1}{t}.$  The index of the product of all the terms will be

$$\equiv(1+2+3+\text{etc.}+t-1)\frac{p-1}{t}=\frac{(t-1)(p-1)}{2}$$

i.e. $\equiv 0\pmod{p-1},$ when $t$  is odd; and $\equiv\frac{p-1}{2},$  when $t$  is even; hence in the first case, the product is $\equiv 1\pmod{p};$  but in the second it is $\equiv-1\pmod{p}.$  Q.E.D.

Article 76
If the number in the previous theorem is a primitive root, then its period will include all of the numbers $1,$ $2,$  $3 \dots p-1,$  whose product will therefore always be $\equiv-1$  (for $p-1$  is always even, except when $p=2,$  in which case $+1$  and $-1$  are equivalent. This elegant theorem, which is usually stated in the following way: The product of all numbers smaller than a prime number, increased by unity, is divisible by this prime number, was published by Waring who attributes it to Wilson Meditationes algeb. Ed. 3, p. 380.  Yet neither of them could prove it, and Waring admits that the proof seems to him all the more difficult as there is no notation in which a prime number can be expressed.  As for us, we believe that the proofs of these kinds of truths must be drawn from principles rather than from notation. Lagrange subsequently provided a proof, ''Nouv. Mém. de l’Ac. de Berlin'', 1771. It is based on considering of the coefficients that are found by expanding the product

$$x+1. x+2. x+3 \dots x+p-1$$

Namely, he shows that by setting this product

$$=x^{p-1}+x^{p-2}+x^{p-3}+\dots+Mx+N,$$

the coefficients $A,$ $B$  etc., $M$  are divisible by $p;$  and therefore $N=1. 2. 3 \dots p-1.$ Now, for $x=1,$  the product is divisible by $p;$  but then it will be $\equiv 1+N\pmod{p};$  therefore $1+N$  must necessarily be divisible by $p.$

Finally Euler (Opusc. analyt. T. i, p. 529) provided a proof that is similar to the one we have just explained. Since such men judged this theorem not unworthy of their reflections, we hope it will not meet with disapproval if we add yet another demonstration.

Article 77
When the product of two numbers $a,$ $b$  is congruent to unity modulo $p,$  we will say that $a,$  $b$  are associated, as did Euler. Then by the preceding section, every positive number less than $p$ will always have one and only one associated number that is positive and less than $p.$  Now, it is easy to prove that among the numbers $1,$  $2,$  $3 \dots p-1,$  only $1$  and $p-1$  are associated with themselves, because those that enjoy this property will be given by the congruence $xx\equiv 1,$  which is of the second degree and can therefore only have two roots,  i.e.  apart from $1$  and $p-1$  we can have no others. Therefore, upon removing these, the remaining numbers $2,$ $3 \dots p-2$  will be associated in pairs; thus their product will be $\equiv 1,$  and therefore the product of all the numbers$1,$  $2,$  $3 \dots p-1$  will be $\equiv p-1,$  or $\equiv -1.$  Q.E.D.

E.g. for $p=13,$ the numbers $2,$  $3,$  $4 \dots 11$  are associated as follows: $2$  with $7;$  $3$  with $9;$  $4$  with $10;$  $5$  with $8;$  $6$  with $11;$  so that $2.7\equiv1;$  $3.9\equiv 1$  etc.  Hence $2 \cdot 3 \cdot 4 \dots 11\equiv 1;$  therefore $1 \cdot 2 \cdot 3 \dots 12\equiv 12\equiv -1.$

Article 78
Wilson's theorem can be made more general by stating it as follows: The product of all numbers less than and relatively prime to a given number $A$ is congruent, modulo $A,$  to a positive or negative unit. The unit should be taken negatively when $A$ is of the form $p^m$  or $2p^m,$  where $p$  is a prime number different from $2,$  or when $A=4;$  in all other cases it should be taken positively. Wilson’s theorem falls within the first case. E.g. For $A=15,$ the product of the numbers $1,$  $2,$  $4,$  $7,$  $8,$  $11,$  $13,$  $14$  is $\equiv 1\pmod{15}.$  For the sake of brevity,we omit the the demonstration: we merely observe that we can achieve it in the same way as in the previous article, except that the congruence $x^2\equiv 1$  can have more than two roots, which requires certain particular considerations. One could also derive it from the consideration of indices, as in Art. 75, in combination with that which we will say shortly about composite moduli.

Article 79
Let us return to the enumeration of the other propositions (Art. 75).

The sum of all terms in the period of any number is $\equiv 0,$ as in the example of article 75,

$$1+5+12+8=26\equiv 0\pmod{13}.$$

Proof. Let $a$ be the number in question, and let $t$  be the exponent to which it belongs. The sum of all terms in the period will be

$$\equiv 1+a+a^2+a^3+\dots+a^{t-1}\equiv\frac{a^t-1}{a-1}\pmod{p}$$

However, $a^t-1\equiv 0:$ thus the sum must be $\equiv 0$  (Art. 22) if $a-1$  is not divisible by $p,$  or $a \equiv 1;$  thus we must exclude this case if we wish to call even a single term a period.

Article 80
The product of all primitive roots is $\equiv 1$ unless $p=3;$  because in this case there is only one primitive root, $2.$

Proof. If we take an arbitrary primitive root as a base, then the indices of all primitive roots will be numbers less than and relatively prime to $p-1.$ However, the sum of all these numbers, i.e. the index of the product of all primitive roots, is $\equiv 0 \pmod{p-1},$  and therefore the product is $\equiv 1 \pmod{p};$  it is easy to see that if $k$  is a number relatively prime to $p-1,$  then $p-1-k$  will also be relatively prime to $p-1,$  and therefore the sum of the numbers relatively prime to $p-1$  is composed of pairs whose sum is divisible by $p-1.$  (but $k$  can never be equal to $p-1-k,$  except in the case $p-1 =2,$  or $p=3,$  which we excluded; for it is clear that in all other cases $\frac{p-1}{2}$  is not relatively prime to $p-1$.

Article 81
The sum of all primitive roots is $\equiv 0$  (when $p-1$ is divisible by a square), or $\equiv \pm 1,$  (when $p-1$  is the product of distinct prime factors; the sign is positive when the number of factors is even, and it is negative when the number of factors is odd).

Ex 1. For $p=13,$ the primitive roots are $2,$  $6,$  $7,$  $11,$  and their sum is $26\equiv 0 \pmod{13}.$

Ex 2. For $p=11,$ the primitive roots are $2,$  $6,$  $7,$  $8,$  and their sum is $23\equiv +1 \pmod{11}.$

Ex 3. For $p=31,$ the primitive roots are $5,$  $11,$  $12,$  $13,$  $17,$  $21,$  $22,$  $24,$  and their sum is $123\equiv -1 \pmod{31}.$

We have shown earlier (Art. 55, II) that if $p-1$ is $=a^\alpha b^\beta c^\gamma$ etc. (where $=a,$  $=b,$  $=c$  etc. are distinct prime numbers), and $A,$  $B,$  $C$  etc. are arbitrary numbers that belong to the exponents $a^\alpha,$  $b^\beta,$  $c^\gamma$  etc., then all products $ABC$ etc. will be primitive roots. However, it is easy to show that any primitive root can only be expressed in one way as a product of this form.

It follows from this that the primitive roots can be replaced with products of this form; but in these products we must combine all values of $A$ with all those of $B$ etc. So, by the theory of combinations, the sum of all such products will be equal to the product of the sum of all values of $A,$  the sum of the values of $B,$  the sum of the values of $C$  etc. Denoting the values of $A$  by $A,$  $A',$  $A$ etc., and the values of $B$  by $B,$  $B',$  $B$ etc. etc.,  it follows that the sum of all primitive roots will be

$$(A+A'+\text{etc.})(B+B'+\text{etc.})\text{etc.}$$

Now I say that if $\alpha=1,$ the sum $A+A'+A''+$ etc. will be $\equiv -1\pmod{p},$  and if $\alpha > 1,$  this sum will be $\equiv 0,$  and likewise for $\beta,$  $\gamma$ etc., If these two assertions are proved, then the truth of the theorem will be evident. Indeed, when $p-1$ is divisible by a square, one of the exponents $\alpha,$  $\beta,$  $\gamma$  etc., will be greater than unity, hence one of the factors, whose product is congruent to the sum of primitive roots, will be $\equiv 0,$  and thus so will be the product itself: but when $p-1$  is not divisible by any square, all of the exponents $\alpha,$  $\beta,$  $\gamma$ etc., will be equal to one, so the sum of the primitive roots will be congruent to the product of as many factors $\equiv -1,$  as there are numbers $a,$  $b,$  $c$ etc., and therefore the product will be $\equiv \pm 1,$  depending on whether the number of such factors is even or odd. This can be shown as follows:

1st. When $\alpha =1,$ and $A$  is a number belonging to the exponent $a,$  the remaining numbers belonging to the same exponent will be $A^2,$  $A^3 \dots A^{a-1};$  But

$$1+A+A^2+A^3+A^4+\dots A^{a-1}$$

is the sum of a complete period, and therefore is $\equiv 0$ (Art. 79), and thus

$$A+A^2+A^3+A^4+\dots A^{a-1}\equiv-1.$$

2nd. When $\alpha >1,$ and $A$  is a number belonging to the exponent $a^\alpha,$  the remaining numbers belonging to the same exponent are obtained by removing $A^a,$  $A^{2a},$  $A^{3a}$  etc. from the sequence $A^2,$  $A^3,$  $A^4,$  $$ etc. $A^{a^\alpha-1},$  see Art. 53. Thus their sum will be

$$\equiv 1+A+A^2+\dots+A^{a^\alpha-1}-(1+A^a+A^{2a}+\dots+A^{a^\alpha-a})$$

i.e. it will be congruent to the difference of two periods, and therefore $\equiv 0.$ Q.E.D.

Article 82
On moduli which are prime powers.

All that we have explained so far assumes that the modulus is a prime number. We still need to consider the case where we take a composite number as the modulus. However, there are not as many elegant properties in this case as in the first one, and there is no need for very delicate devices to find them, as everything is deduced almost solely from the application of the previous principles, so it would be superfluous and tedious to exhaust all the details here. Therefore, we will briefly explain what this second case has in common with the first, and what distinguishes it.

Article 83
The propositions of Arts. 45–48 have already been proved in general, but the one in Art. 49 must be modified as follows:

If $f$ denotes the number of integers less than and relatively prime to $m$, i.e., if $f=\phi m$  (Art. 38), and $a$  is a given number which is relatively prime to $m,$  then the smallest exponent $t$  such that $a^t$  is congruent to unity modulo $m$  will be $= f,$  or an aliquot part of $f.$ 

The proof of the proposition in Art. 49 can also be applied in this case, by substituting $m$ for $p$  and $f$  for $p-1,$  and instead of the numbers $1,$  $2,$  $3,$  $\dots p-1,$  the numbers relatively prime to $m$  and less than it. We leave this to the reader. But the other proofs we have mentioned (Arts. 50, 51), can only be applied in this case after many modifications. As for the following propositions (Art. 52 and onwards), there is a great difference between moduli that are powers of a prime number and those that are divisible by several prime numbers. Therefore, we will separately consider moduli of the first type.

Article 84
If the modulus is $m=p^\alpha,$ where $p$  is a prime number, then we have $f=p^{\alpha-1}(p-1),$  (Art. 38). Now, if we apply the investigations of Arts. 53, 54 in this case, mutatis mutandis as in the previous article, we find that everything that has been shown there would also hold if it could be shown that the congruence $x^t-1\equiv 0\pmod{p^n}$ does not have more than $t$  different roots. It is from a more general proposition (Art. 43) that we deduced this truth for a prime modulus, but this proposition only holds for prime modules, and therefore cannot be applied to this case. We will therefore prove it by a more specialized method. Later (Sect. VIII) we will prove it even more easily.

Article 85
We aim to prove the following theorem:

If the greatest common divisor of the numbers $t$ and $p^{n-1}(p-1)$  is $e,$  then the congruence $x^t\equiv 1\pmod{p^n}$  will have $e$  distinct roots.

Let $e=kp^\nu,$ where $k$  is not divisible by $p,$  and therefore divides $p-1.$  Then the congruence $x^t\equiv 1$  will have $k$  distinct roots modulo $p,$  and if these are denoted by $A,$  $B,$  $C$  etc., then any root of this same congruence modulo $p^n$  must be congruent to one of the numbers $A,$  $B,$  $C$  etc. modulo $p.$  We will prove that the congruence $x^t\equiv 1\pmod{p^n}$  has $p^\nu$  roots congruent to $A,$  just as many congruent to $B$  etc. modulo $p.$   Thus the total number of roots will be $kp^\nu$  or $e,$  as we claimed. To carry this out, we will show that first, if $\alpha$ is a root congruent to $A$  modulo $p,$  then

$$\alpha+p^{n-\nu}, \alpha+2p^{n-\nu}, \alpha+3p^{n-\nu},\dots \alpha+p^{\nu-1}p^{n-\nu},$$

will also be roots; and second, no number congruent to $A$ can be a root, unless it is of the form $\alpha+hp^{n-\nu}$  (where $h$  is an integer); hence there will clearly be $p$  distinct roots, and no more; the same thing will happen with respect to $B,$  $C$  etc.; and third, we will show how one can always find a root congruent to $A$  modulo $p.$

Article 86
Theorem. ''If, as in the preceding article, $t$ is a number divisible by $p^\nu$  and not by $p^{\nu+1},$  then

$$(\alpha+hp^\mu)^t-\alpha^t\equiv 0\pmod{p^{\mu+\nu}}, \text{ and } \equiv\alpha^{t-1}hp^\mu t\pmod{p^{\mu+\nu+1}}.$$

The second part of the theorem does not hold when $p=2$ and $\mu =1.$

We could deduce this theorem from the binomial formula, if we were to show that all terms, after the second, are divisible by $p^{\mu+\nu+1};$ but since considering the denominators of the coefficients leads to some confusion, we prefer the following method.

We assume first that $\mu >1$ and $\nu =1.$  Then because

$$x^t-y^t =(x-y)(x^{t-1}+x^{t-2}y+x^{t-3}y^2+\text{etc.}+y^{t-1})$$

we have

$$(\alpha+hp^\mu)^t-\alpha^t = hp^\mu\{(\alpha+hp^\mu)^{t-1}+(\alpha+hp^\mu)^{t-2}\alpha+\text{etc.}+\alpha^{t-1}\};$$

But

$$\alpha+hp^\mu\equiv\alpha\pmod{p^2}$$

and therefore each term $(\alpha+hp^\mu)^{t-1},$ $(\alpha+hp^\mu)^{t-2}\alpha$  etc., will be $\equiv\alpha^{t-1}\pmod{p^2},$  and therefore the sum of all terms will be $\equiv t\alpha^{t-1}\pmod{p^2},$  or equivalently this sum will be of the form $t\alpha^{t-1}+Vp^2,$  for some number $V$. Hence $(\alpha+hp^\mu)^t-\alpha^t$ will be of the form

$$\alpha^{t-1}hp^\nu, \text{ i.e. } \equiv\alpha^{t-1}hp^\mu t\pmod{p^{\mu+2}}\text{ and }\equiv 0\pmod{p^{\mu+1}}.$$

For this case, the theorem is proved.

If the theorem were not true for the other values of $\nu,$ with $\mu$  still being $>1,$  then there would necessarily be a limit up to which the theorem would be true, and beyond which it would be false. Let $\varphi$ be the smallest value of $\nu$  for which the theorem is false. It is easy to see that the theorem is true if $t$ is divisible by $p^{\varphi-1}$  and not by $p^\varphi,$  but if $tp$  is substituted for $t,$  it is no longer true. Therefore, we have

$$(\alpha+hp^\nu)^t\equiv\alpha^t+\alpha^{t-1}hp^\mu t\pmod{p^{\mu+\varphi}},\text{ or }=\alpha^t+\alpha^{t-1}hp^\mu t+up^{\mu+\varphi},$$

for some integer $u$ ; but since the theorem is already proven for $\nu =1,$ we will have

$$\left(\alpha^t+\alpha^{t-1}hp^\mu t+up^{\mu+\varphi}\right)^p\equiv\alpha^{tp}+\alpha^{tp-1}hp^{\mu+1}t+\alpha^{tp-1}up^{\mu+\varphi+1}\pmod{p^{\mu+\varphi+1}}$$

and hence

$$(\alpha+hp^\mu)^{tp}\equiv\alpha^{tp}+\alpha^{tp-1}hp^\mu tp\pmod{p^{\mu+\varphi+1}}$$

i.e. the theorem is still true if we substitute $tp$ in place of $t$  or $\varphi+1$  instead of $\varphi,$  contradicting the assumption. Thus the theorem is true for all values of $\nu.$

Article 87
The case where $\mu =1$ remains. By a method precisely similar to that of the previous article, we will prove, without using the binomial theorem, that

$$\begin{aligned} (\alpha+hp)^{t-1}&\equiv\alpha^{t-1}+\alpha^{t-2}(t-1)hp\pmod{p^2} \\ \alpha(\alpha+hp)^{t-2}&\equiv\alpha^{t-1}+\alpha^{t-2}(t-2)hp \\ \alpha^2(\alpha+hp)^{t-3}&\equiv\alpha^{t-1}+\alpha^{t-2}(t-3)hp \\ \text{etc.}& \end{aligned}$$

and therefore (since the number of terms is $t$ )

$$\equiv t\alpha^{t-1}+\frac{(t-1)t}{2}\alpha^{t-2}hp\pmod{p^2}$$

However, since $t$ is divisible by $p,$  $\frac{(t-1)t}{2}$  will also be divisible by $p,$, except in the case where $p=2,$  which we have excluded in the previous article. In the remaining cases, we have $\frac{(t-1)t}{2}\alpha^{t-2}hp \equiv 0 \pmod{p^2},$  and therefore the sum will be $\equiv t\alpha^{t-1}\pmod{p^2}.$  The rest of the proof proceeds as before.

It generally follows from this that, except in the case where $p=2,$ we have

$$(\alpha+hp^\mu)^t\equiv\alpha^t\pmod{p^{\mu+\nu}}$$

and $(\alpha+hp^\mu)$ not $\equiv\alpha^t,$  for any modulus that is a power of $p$  higher than $p^{\mu+\nu},$  provided that $h$  is not divisible by $p,$  and that $p^\nu$  is the highest power of $p$  that divides $t.$

From this the first two propositions of that we set out to prove in Art. 85 follow immediately: namely

First, if $\alpha^{t}\equiv 1,$ then we also have $(\alpha+hp^{n-\nu})^t\equiv 1\pmod{p^n}.$

Second, if a number $\alpha'$ is congruent to $A$  and consequently to $\alpha$  modulo $p,$  then it cannot satisfy the congruence $x^t\equiv 1\pmod{p^n}$  unless it is congruent to $\alpha$  modulo $p^{n-\nu}.$  Indeed, if we had $\alpha'=\alpha+lp^\lambda$, where $l$  is not divisible by $p$  and $\lambda < n-\nu,$  then we would have $(\alpha+lp^\lambda)^t\equiv\alpha^t$  modulo $p^{\lambda+\nu},$  but not modulo the higher power $p^n,$  so $\alpha'$  would not be a root of the congruence $x^t\equiv 1.$

Article 88
Third, we must find a root of the congruence $x^t\equiv 1\pmod{p^n}$ which is congruent to $A$  modulo $p.$  It will suffice to show how this can be achieved if we know a root of the congruence modulo $p^{n-1},$  since we can then proceed from the modulus $p,$  for which $A$  is a root, to the modulus $p^2,$  and from there to all consecutive powers.

Let $\alpha$ be a root of the congruence $x^t\equiv 1\pmod{p^{n-1}},$  and let us seek a root of the same congruence modulo $p^n,$  which we assume to be $=\alpha+hp^{n-\nu-1},$  since the previous article tells us it must have this form (later we will separately consider the case where $\nu =n-1;$  $\nu$  cannot be greater than $n-1$ ). We will then have

$$(\alpha+hp^{n-\nu-1})^t\equiv 1\pmod{p^n}$$

but also

$$(\alpha+hp^{n-\nu-1})^t\equiv\alpha^t+\alpha^{t-1}htp^{n-\nu-1}\pmod{p^n}$$

Thus if we determine $h$ in such a way that  $1\equiv\alpha^t+\alpha^{t-1}htp^{n-\nu-1}\pmod{p^n};$  or (since $1\equiv\alpha^t\pmod{p^{n-1}},$  and $t$  is divisible by $p^\nu$  by hypothesis) in such a way that $\frac{\alpha^t-1}{p^{n-1}}+\alpha^{t-1}h\frac{t}{p^t}$  is divisible by $p,$  the problem will be solved. Since $t$ cannot be divisible by a power of $p$  higher than $p^\nu,$  and therefore $\alpha^{t-1}\frac{t}{p}$  is relatively prime with $p,$  so it follows from what was shown in the Sect. II that this is always possible.

On the other hand, if $\nu =n-1,$ i.e. if $t$  is divisible by $p^{n-1}$  or by a higher power of $p,$  then any value $A$  that satisfies the congruence $x^t\equiv 1$  modulo $p,$  will satisfy the same congruence modulo $p^n.$  Indeed, if $t=p^{n-1}\tau,$  then we will have $t\equiv\tau\pmod{p-1};$  and therefore, since $A^t\equiv 1\pmod{p},$  we will also have $A^\tau\equiv 1\pmod{p}.$  Thus if $A^\tau =1+hp,$  we will have $A^t =(1+hp)p^{n-1}\equiv 1\pmod{p^n}$  (Art. 87).

Article 89
Everything that we have demonstrated, starting in Art. 57, with the help of the theorem that the congruence $x^t \equiv 1$ can have no more than $t$  roots, can be applied to a modulus that is a power of a prime number, and if we call primitive roots the numbers that belong to the exponent $p^{n-1}(p-1),$  that is to say those whose period contains all numbers not divisible by $p,$  then there will also be primitive roots in this case. Everything we have said about indices and their use, including the solution of the congruence $x^t\equiv 1,$ can be applied in this case as well. Since the proofs are not difficulty, it would be superfluous to repeat them. We have also shown how one can deduce from the roots of the congruence $x^t\equiv 1\pmod{p},$ those of the congruence $x^t\equiv 1\pmod{p^n};$  but something must be added about the case $p=2,$  which we had excluded above.

Article 90
On moduli which are powers of two.

If the modulus is a power of two, say $2^n,$ and $n$  is greater than $2,$  then any odd number will become congruent to unity when it is raised to the power $2^{n-2}.$  

E.g. $3^8 =6561\equiv 1\pmod{32}.$

Indeed, every odd number is either of the form $1+4h$ or of form $-1+4h,$  from which the proposition follows immediately (theor. Art. 86).

Therefore, the exponent to which any given odd number belongs modulo $2^n$ must be a divisor of $2^{n-2};$  such a number will therefore belong to one of the exponents $1,$  $2,$  $4,$  $8,$  $\dots 2^{n-2};$  and moreover it is easy to determine the exponent to which it belongs. Let the proposed number be $=4h\pm 1,$ and let $2^m$  the largest power of $2$  that divides $h$  (here $m$  is $=0$  when $h$  is odd); then the exponent to which the given number belongs will be $=2^{n-m-2},$  if $n>m+2;$  but if $n=$  or is $ <m+2,$  the proposed number will be $\equiv\pm 1,$  and therefore will belong to the exponent $1$  or to the exponent $2.$  Indeed, a number of the form $\pm 1+2^{m+2}k$  (or equivalently, $4h\pm 1$ ) becomes congruent to unity modulo $p^n$  when raised to the power $2^{n-m-2},$  but will not be congruent to unity when raised to any power of lower degree. Thus any number of the form $\pm 1+4h,$ where $h$  is odd, that is any number of the form $8k+3$  or $8k+5,$  belongs to the exponent $p^{n-2}.$

Article 91
It follows that in this case there are no primitive roots, in the sense that we have given to this expression. That is, there are no numbers whose period contains all the numbers less than and relatively prime to the modulus. However, it is easy to see that something analogous happens here. Indeed, every odd power of a number of the form $8k+3$ is itself of the form $8k+3,$  and every even power is of the form $8k+1;$  therefore no power can be of the form $8k+5$  or $8k+7.$   Therefore, because the period of a number of the form $8k+3$  is composed of $2^{n-2}$  distinct terms, each of which is of the form $8k+1$  or $8k+3,$  and there are no more than $2^{n-2}$  such numbers which are smaller than the modulus, it is evident that every number of the form $8k+1$  or $8k+3$  is congruent to a power of a certain number of the form $8k+3$  modulo $2^n.$  It can be shown in a similar way that the period of a number of the form $8k+5$  includes all numbers of the form $8k+1$  and $8k+5.$  So, if we take a number of the form $8k+5$  as a base, we will find real indices for all numbers of the form $8k+1$  and $8k+5$  taken positively, and for all numbers of the form $8k+3$  and $8k+7$  taken negatively, where the indices are considered to be equivalent if they are congruent modulo $2^{n-2}.$  This is how we must understand Table I, in where for the moduli $16,$  $32$  and $64$  (no table is needed for the modulus $8$ ), we always took the number $5$  as the base. E.g. the number $19,$ which is of the form $8n+3$  and so must be taken negatively, has the index $7$  modulo $64,$  which means that $5^7\equiv-19\pmod{64}.$  If one were to take numbers of the form $8n+1$  and $8n+5$  negatively, and those of the form $8n+3$  and $8n+7$  positively, one would have to give them indices that are, in a sense, imaginary. Introducing these would reduce the indicial calculus to a very simple algorithm; but as we would be led too far if we wanted to treat this subject with complete rigor, we reserve this point for another occasion, when perhaps we will undertake to treat in more detail the theory of imaginary quantities, which, in our opinion, has not yet been reduced to clear notions by anyone. Experts will easily find this algorithm for themselves; those who are less practiced can nevertheless use the table, provided they have properly understood the principles established above, just as those who are not familiar with modern knowledge on imaginary logarithms use logarithms.

Article 92
On moduli which are composed of several prime factors.

For a modulus which is composed of several prime numbers, everything related to residues of powers can be deduced from the general theory of congruences; but since we will present a method below to reduce congruences whose modulus is composed of several prime numbers to others whose modulus is a prime number, or a power of a prime number, we will not dwell much on this matter. We will content ourselves to merely observe that the beautiful property that holds for other moduli, namely that there always exist numbers whose period contains all numbers relatively prime to the modulus, does not hold here, except in the case where the module is twice a prime number, or a power of a prime number. Indeed, if we reduce the modulus $m$ to the form $A^a B^b C^c$  etc., with $A,$  $B,$  $C$  etc. being distinct prime numbers, and if we also denote $A^{a-1}(A-1)$  by $\alpha,$  $B^{b-1}(B-1)$  by $\beta,$  etc., and let $z$  be relatively prime wto $m,$  then we will have $z^\alpha\equiv 1\pmod{A^a},$  $z^\beta\equiv 1\pmod{B^b}$  etc. Therefore, if $\mu$  is the least common multiple of $\alpha,$  $\beta,$  $\gamma$ etc., we will have $z^\mu\equiv 1$  with respect to each of the moduli $A^a,$  $B^b$  etc., and therefore, modulo $m$  which is equal to their product. However, except in the case where $m$ is twice a prime number or a power of a prime number, we will always have $\mu <\alpha\beta\gamma$  etc., since the numbers $\alpha,$  $\beta$  etc. are all divisible by $2,$  and thus cannot be relatively prime. Therefore no number can have a period which contains as many terms as there are numbers less than and relatively prime to the modulus, since the number of the latter is equal to the product $\alpha\beta\gamma$ etc. E.g. for $m=1001=7\cdot 11\cdot 13,$  the $60^{th}$  power of any number relatively prime to $m$  is congruent to unity, since $60$  is the least common multiple of $6,$  $10,$  and $12.$  Finally, the case where the module is twice a prime number or twice a power of a prime number is exactly similar to the case where the modulus is a prime number or a power of a prime number.

Article 93
We have occasionally mentioned the works in which other geometers have spoken about the subject treated in this section. However, those who wish to have certain things explained more fully than our desire for brevity has permitted, we refer them above all to the following works of Euler, which are highly commendable due to the perspicuity that has always distinguished this great man above all others.


 * Theoremata circa residua ex divisione potestatum relicta Comm. nov. Petr. T. VII, p. 49 sqq.


 * Demonstrationes circa residua ex divisione potestatum per numeros primos resultantia. (Ibid. T. xviii, p. 85).

To these can also be added ''Opusculorum analyt. T. I, Diss.'' 5 and 8.