(* Title: HOL/Number_Theory/Residues.thy 
Author: Jeremy Avigad 
An algebraic treatment of residue rings, and resulting proofs of 
Euler's theorem and Wilson's theorem. 
*) 
section \<open>Residue rings\<close> 
theory Residues 

imports 
Cong 
"~~/src/HOL/Algebra/More_Group" 
"~~/src/HOL/Algebra/More_Ring" 
"~~/src/HOL/Algebra/More_Finite_Product" 
"~~/src/HOL/Algebra/Multiplicative_Group" 
Totient 
begin 
19 

definition QuadRes :: "int \<Rightarrow> int \<Rightarrow> bool" where 
"QuadRes p a = (\<exists>y. ([y^2 = a] (mod p)))" 
definition Legendre :: "int \<Rightarrow> int \<Rightarrow> int" where 
"Legendre a p = (if ([a = 0] (mod p)) then 0 
else if QuadRes p a then 1 
else 1)" 
subsection \<open>A locale for residue rings\<close> 
31719  29 

definition residue_ring :: "int \<Rightarrow> int ring" 
where 
"residue_ring m = 
33 
\<lparr>carrier = {0..m  1}, 

monoid.mult = \<lambda>x y. (x * y) mod m, 
one = 1, 
36 
zero = 0, 

37 
add = \<lambda>x y. (x + y) mod m\<rparr>" 

31719  38 

39 
locale residues = 

40 
fixes m :: int and R (structure) 

41 
assumes m_gt_one: "m > 1" 

defines "R \<equiv> residue_ring m" 
begin 
31719  44 

45 
lemma abelian_group: "abelian_group R" 

proof  
47 
have "\<exists>y\<in>{0..m  1}. (x + y) mod m = 0" if "0 \<le> x" "x < m" for x 

48 
proof (cases "x = 0") 

49 
case True 

50 
with m_gt_one show ?thesis by simp 

51 
next 

52 
case False 

53 
then have "(x + (m  x)) mod m = 0" 

54 
by simp 

55 
with m_gt_one that show ?thesis 

56 
by (metis False atLeastAtMost_iff diff_ge_0_iff_ge diff_left_mono int_one_le_iff_zero_less less_le) 

57 
qed 

58 
with m_gt_one show ?thesis 

59 
by (fastforce simp add: R_def residue_ring_def mod_add_right_eq ac_simps intro!: abelian_groupI) 

65899  60 
qed 
31719  61 

62 
lemma comm_monoid: "comm_monoid R" 

65066  63 
unfolding R_def residue_ring_def 
31719  64 
apply (rule comm_monoidI) 
65066  65 
using m_gt_one apply auto 
66 
apply (metis mod_mult_right_eq mult.assoc mult.commute) 

67 
apply (metis mult.commute) 

41541  68 
done 
31719  69 

70 
lemma cring: "cring R" 

65066  71 
apply (intro cringI abelian_group comm_monoid) 
72 
unfolding R_def residue_ring_def 

73 
apply (auto simp add: comm_semiring_class.distrib mod_add_eq mod_mult_left_eq) 

41541  74 
done 
31719  75 

76 
end 

77 

78 
sublocale residues < cring 

79 
by (rule cring) 

80 

81 

41541  82 
context residues 
83 
begin 

31719  84 

60527  85 
text \<open> 
86 
These lemmas translate back and forth between internal and 

87 
external concepts. 

88 
\<close> 

31719  89 

90 
lemma res_carrier_eq: "carrier R = {0..m  1}" 

44872  91 
unfolding R_def residue_ring_def by auto 
31719  92 

93 
lemma res_add_eq: "x \<oplus> y = (x + y) mod m" 

44872  94 
unfolding R_def residue_ring_def by auto 
31719  95 

96 
lemma res_mult_eq: "x \<otimes> y = (x * y) mod m" 

44872  97 
unfolding R_def residue_ring_def by auto 
31719  98 

99 
lemma res_zero_eq: "\<zero> = 0" 

44872  100 
unfolding R_def residue_ring_def by auto 
31719  101 

102 
lemma res_one_eq: "\<one> = 1" 

44872  103 
unfolding R_def residue_ring_def units_of_def by auto 
31719  104 

60527  105 
lemma res_units_eq: "Units R = {x. 0 < x \<and> x < m \<and> coprime x m}" 
65066  106 
using m_gt_one 
107 
unfolding Units_def R_def residue_ring_def 

31719  108 
apply auto 
60527  109 
apply (subgoal_tac "x \<noteq> 0") 
31719  110 
apply auto 
55352  111 
apply (metis invertible_coprime_int) 
31952
apply (subst (asm) coprime_iff_invertible'_int) 
apply (auto simp add: cong_int_def mult.commute) 
41541  114 
done 
31719  115 

116 
lemma res_neg_eq: "\<ominus> x = ( x) mod m" 

65066  117 
using m_gt_one unfolding R_def a_inv_def m_inv_def residue_ring_def 
118 
apply simp 

31719  119 
apply (rule the_equality) 
65066  120 
apply (simp add: mod_add_right_eq) 
121 
apply (simp add: add.commute mod_add_right_eq) 

122 
apply (metis add.right_neutral minus_add_cancel mod_add_right_eq mod_pos_pos_trivial) 

41541  123 
done 
31719  124 

44872  125 
lemma finite [iff]: "finite (carrier R)" 
by (simp add: res_carrier_eq) 
31719  127 

44872  128 
lemma finite_Units [iff]: "finite (Units R)" 
65416
f707dbcf11e3
more approproiate placement of theories MiscAlgebra and Multiplicate_Group
haftmann
parents:
65066
diff
changeset

129 
by (simp add: finite_ring_finite_units) 
31719  130 

60527  131 
text \<open> 
63167  132 
The function \<open>a \<mapsto> a mod m\<close> maps the integers to the 
60527  133 
residue classes. The following lemmas show that this mapping 
134 
respects addition and multiplication on the integers. 

135 
\<close> 

31719  136 

60527  137 
lemma mod_in_carrier [iff]: "a mod m \<in> carrier R" 
138 
unfolding res_carrier_eq 

139 
using insert m_gt_one by auto 

31719  140 

141 
lemma add_cong: "(x mod m) \<oplus> (y mod m) = (x + y) mod m" 

44872  142 
unfolding R_def residue_ring_def 
by (auto simp add: mod_simps) 
31719  144 

145 
lemma mult_cong: "(x mod m) \<otimes> (y mod m) = (x * y) mod m" 

55352  146 
unfolding R_def residue_ring_def 
by (auto simp add: mod_simps) 
31719  148 

149 
lemma zero_cong: "\<zero> = 0" 

44872  150 
unfolding R_def residue_ring_def by auto 
31719  151 

152 
lemma one_cong: "\<one> = 1 mod m" 

44872  153 
using m_gt_one unfolding R_def residue_ring_def by auto 
31719  154 

60527  155 
(* FIXME revise algebra library to use 1? *) 
31719  156 
lemma pow_cong: "(x mod m) (^) n = x^n mod m" 
65066  157 
using m_gt_one 
31719  158 
apply (induct n) 
41541  159 
apply (auto simp add: nat_pow_def one_cong) 
57512
cc97b347b301
reduced name variants for assoc and commute on plus and mult
haftmann
parents:
55352
diff
changeset

160 
apply (metis mult.commute mult_cong) 
41541  161 
done 
31719  162 

163 
lemma neg_cong: "\<ominus> (x mod m) = ( x) mod m" 

55352  164 
by (metis mod_minus_eq res_neg_eq) 
31719  165 

60528  166 
lemma (in residues) prod_cong: "finite A \<Longrightarrow> (\<Otimes>i\<in>A. (f i) mod m) = (\<Prod>i\<in>A. f i) mod m" 
55352  167 
by (induct set: finite) (auto simp: one_cong mult_cong) 
31719  168 

60528  169 
lemma (in residues) sum_cong: "finite A \<Longrightarrow> (\<Oplus>i\<in>A. (f i) mod m) = (\<Sum>i\<in>A. f i) mod m" 
55352  170 
by (induct set: finite) (auto simp: zero_cong add_cong) 
31719  171 

lemma mod_in_res_units [simp]: 
assumes "1 < m" and "coprime a m" 
shows "a mod m \<in> Units R" 
proof (cases "a mod m = 0") 
case True with assms show ?thesis 
by (auto simp add: res_units_eq gcd_red_int [symmetric]) 
next 
case False 
from assms have "0 < m" by simp 
with pos_mod_sign [of m a] have "0 \<le> a mod m" . 
with False have "0 < a mod m" by simp 
with assms show ?thesis 
by (auto simp add: res_units_eq gcd_red_int [symmetric] ac_simps) 
qed 
31719  186 

60528  187 
lemma res_eq_to_cong: "(a mod m) = (b mod m) \<longleftrightarrow> [a = b] (mod m)" 
31719  188 
unfolding cong_int_def by auto 
189 

190 

60528  191 
text \<open>Simplifying with these will translate a ring equation in R to a congruence.\<close> 
31719  192 
lemmas res_to_cong_simps = add_cong mult_cong pow_cong one_cong 
193 
prod_cong sum_cong neg_cong res_eq_to_cong 

194 

60527  195 
text \<open>Other useful facts about the residue ring.\<close> 
31719  196 
lemma one_eq_neg_one: "\<one> = \<ominus> \<one> \<Longrightarrow> m = 2" 
197 
apply (simp add: res_one_eq res_neg_eq) 

57512
cc97b347b301
reduced name variants for assoc and commute on plus and mult
haftmann
parents:
55352
diff
changeset

198 
apply (metis add.commute add_diff_cancel mod_mod_trivial one_add_one uminus_add_conv_diff 
60528  199 
zero_neq_one zmod_zminus1_eq_if) 
41541  200 
done 
31719  201 

202 
end 

203 

204 

60527  205 
subsection \<open>Prime residues\<close> 
31719  206 

207 
locale residues_prime = 

fixes p :: nat and R (structure) 
31719  209 
assumes p_prime [intro]: "prime p" 
defines "R \<equiv> residue_ring (int p)" 
31719  211 

212 
sublocale residues_prime < residues p 

65066  213 
unfolding R_def residues_def 
31719  214 
using p_prime apply auto 
62348  215 
apply (metis (full_types) of_nat_1 of_nat_less_iff prime_gt_1_nat) 
41541  216 
done 
31719  217 

44872  218 
context residues_prime 
219 
begin 

31719  220 

221 
lemma is_field: "field R" 

65066  222 
proof  
223 
have "\<And>x. \<lbrakk>gcd x (int p) \<noteq> 1; 0 \<le> x; x < int p\<rbrakk> \<Longrightarrow> x = 0" 

224 
by (metis dual_order.order_iff_strict gcd.commute less_le_not_le p_prime prime_imp_coprime prime_nat_int_transfer zdvd_imp_le) 

225 
then show ?thesis 

226 
apply (intro cring.field_intro2 cring) 

44872  227 
apply (auto simp add: res_carrier_eq res_one_eq res_zero_eq res_units_eq) 
65066  228 
done 
229 
qed 

31719  230 

231 
lemma res_prime_units_eq: "Units R = {1..p  1}" 

232 
apply (subst res_units_eq) 

233 
apply auto 

62348  234 
apply (subst gcd.commute) 
55352  235 
apply (auto simp add: p_prime prime_imp_coprime_int zdvd_not_zless) 
41541  236 
done 
31719  237 

238 
end 

239 

240 
sublocale residues_prime < field 

241 
by (rule is_field) 

242 

243 

60527  244 
section \<open>Test cases: Euler's theorem and Wilson's theorem\<close> 
31719  245 

60527  246 
subsection \<open>Euler's theorem\<close> 
31719  247 

lemma (in residues) totient_eq: 
"totient (nat m) = card (Units R)" 
55261
ad3604df6bc6
new lemmas involving phi from Lehmer AFP entry
paulson <lp15@cam.ac.uk>
parents:
55242
diff
changeset

250 
proof  
have *: "inj_on nat (Units R)" 
by (rule inj_onI) (auto simp add: res_units_eq) 
define m' where "m' = nat m" 
from m_gt_one have m: "m = int m'" "m' > 1" by (simp_all add: m'_def) 
from m have "x \<in> Units R \<longleftrightarrow> x \<in> int ` totatives m'" for x 
unfolding res_units_eq 
by (cases x; cases "x = m") (auto simp: totatives_def transfer_int_nat_gcd) 
hence "Units R = int ` totatives m'" by blast 
hence "totatives m' = nat ` Units R" by (simp add: image_image) 
then have "card (totatives (nat m)) = card (nat ` Units R)" 
by (simp add: m'_def) 
also have "\<dots> = card (Units R)" 
using * card_image [of nat "Units R"] by auto 
finally show ?thesis by (simp add: totient_def) 
qed 
lemma (in residues_prime) totient_eq: "totient p = p  1" 
using totient_eq by (simp add: res_prime_units_eq) 
lemma (in residues) euler_theorem: 
assumes "coprime a m" 
shows "[a ^ totient (nat m) = 1] (mod m)" 
proof  
65465
have "a ^ totient (nat m) mod m = 1 mod m" 
by (metis assms finite_Units m_gt_one mod_in_res_units one_cong totient_eq pow_cong units_power_order_eq_one) 
then show ?thesis 
277 
using res_eq_to_cong by blast 

31719  278 
qed 
279 

280 
lemma euler_theorem: 

fixes a m :: nat 
assumes "coprime a m" 
shows "[a ^ totient m = 1] (mod m)" 
proof (cases "m = 0  m = 1") 
285 
case True 

44872  286 
then show ?thesis by auto 
31719  287 
next 
60527  288 
case False 
41541  289 
with assms show ?thesis 
using residues.euler_theorem [of "int m" "int a"] transfer_int_nat_cong 
by (auto simp add: residues_def transfer_int_nat_gcd(1)) force 
qed 
293 

294 
lemma fermat_theorem: 

fixes p a :: nat 
assumes "prime p" and "\<not> p dvd a" 
shows "[a ^ (p  1) = 1] (mod p)" 
proof  
65465
from assms prime_imp_coprime [of p a] have "coprime a p" 
by (auto simp add: ac_simps) 
then have "[a ^ totient p = 1] (mod p)" 
by (rule euler_theorem) 
also have "totient p = p  1" 
by (rule totient_prime) (rule assms) 
finally show ?thesis . 
qed 
307 

308 

60526  309 
subsection \<open>Wilson's theorem\<close> 
31719  310 

60527  311 
lemma (in field) inv_pair_lemma: "x \<in> Units R \<Longrightarrow> y \<in> Units R \<Longrightarrow> 
312 
{x, inv x} \<noteq> {y, inv y} \<Longrightarrow> {x, inv x} \<inter> {y, inv y} = {}" 

31719  313 
apply auto 
55352  314 
apply (metis Units_inv_inv)+ 
41541  315 
done 
31719  316 

317 
lemma (in residues_prime) wilson_theorem1: 

318 
assumes a: "p > 2" 

59730
shows "[fact (p  1) = (1::int)] (mod p)" 
proof  
60527  321 
let ?Inverse_Pairs = "{{x, inv x} x. x \<in> Units R  {\<one>, \<ominus> \<one>}}" 
322 
have UR: "Units R = {\<one>, \<ominus> \<one>} \<union> \<Union>?Inverse_Pairs" 

31719  323 
by auto 
60527  324 
have "(\<Otimes>i\<in>Units R. i) = (\<Otimes>i\<in>{\<one>, \<ominus> \<one>}. i) \<otimes> (\<Otimes>i\<in>\<Union>?Inverse_Pairs. i)" 
31732  325 
apply (subst UR) 
31719  326 
apply (subst finprod_Un_disjoint) 
55352  327 
apply (auto intro: funcsetI) 
60527  328 
using inv_one apply auto[1] 
329 
using inv_eq_neg_one_eq apply auto 

31719  330 
done 
60527  331 
also have "(\<Otimes>i\<in>{\<one>, \<ominus> \<one>}. i) = \<ominus> \<one>" 
31719  332 
apply (subst finprod_insert) 
333 
apply auto 

334 
apply (frule one_eq_neg_one) 

60527  335 
using a apply force 
31719  336 
done 
60527  337 
also have "(\<Otimes>i\<in>(\<Union>?Inverse_Pairs). i) = (\<Otimes>A\<in>?Inverse_Pairs. (\<Otimes>y\<in>A. y))" 
338 
apply (subst finprod_Union_disjoint) 

339 
apply auto 

55352  340 
apply (metis Units_inv_inv)+ 
31719  341 
done 
342 
also have "\<dots> = \<one>" 

60527  343 
apply (rule finprod_one) 
344 
apply auto 

345 
apply (subst finprod_insert) 

346 
apply auto 

55352  347 
apply (metis inv_eq_self) 
31719  348 
done 
60527  349 
finally have "(\<Otimes>i\<in>Units R. i) = \<ominus> \<one>" 
31719  350 
by simp 
60527  351 
also have "(\<Otimes>i\<in>Units R. i) = (\<Otimes>i\<in>Units R. i mod p)" 
65066  352 
by (rule finprod_cong') (auto simp: res_units_eq) 
60527  353 
also have "\<dots> = (\<Prod>i\<in>Units R. i) mod p" 
65066  354 
by (rule prod_cong) auto 
31719  355 
also have "\<dots> = fact (p  1) mod p" 
64272  356 
apply (simp add: fact_prod) 
65066  357 
using assms 
55242
413ec965f95d
Number_Theory: prime is no longer overloaded, but only for nat. Automatic coercion to int enabled.
apply (subst res_prime_units_eq) 
apply (simp add: int_prod zmod_int prod_int_eq) 
31719  360 
done 
60527  361 
finally have "fact (p  1) mod p = \<ominus> \<one>" . 
362 
then show ?thesis 

60528  363 
by (metis of_nat_fact Divides.transfer_int_nat_functions(2) 
364 
cong_int_def res_neg_eq res_one_eq) 

31719  365 
qed 
366 

55352  367 
lemma wilson_theorem: 
60527  368 
assumes "prime p" 
369 
shows "[fact (p  1) =  1] (mod p)" 

55352  370 
proof (cases "p = 2") 
59667
651ea265d568
case True 
55352  372 
then show ?thesis 
64272  373 
by (simp add: cong_int_def fact_prod) 
55352  374 
next 
375 
case False 

376 
then show ?thesis 

377 
using assms prime_ge_2_nat 

378 
by (metis residues_prime.wilson_theorem1 residues_prime.intro le_eq_less_or_eq) 

379 
qed 

31719  380 

text {* 
This result can be transferred to the multiplicative group of 
$\mathbb{Z}/p\mathbb{Z}$ for $p$ prime. *} 
lemma mod_nat_int_pow_eq: 
fixes n :: nat and p a :: int 
assumes "a \<ge> 0" "p \<ge> 0" 
shows "(nat a ^ n) mod (nat p) = nat ((a ^ n) mod p)" 
using assms 
by (simp add: int_one_le_iff_zero_less nat_mod_distrib order_less_imp_le nat_power_eq[symmetric]) 
theorem residue_prime_mult_group_has_gen : 
fixes p :: nat 
assumes prime_p : "prime p" 
shows "\<exists>a \<in> {1 .. p  1}. {1 .. p  1} = {a^i mod pi . i \<in> UNIV}" 
proof  
have "p\<ge>2" using prime_gt_1_nat[OF prime_p] by simp 
interpret R:residues_prime "p" "residue_ring p" unfolding residues_prime_def 
by (simp add: prime_p) 
have car: "carrier (residue_ring (int p))  {\<zero>\<^bsub>residue_ring (int p)\<^esub>} = {1 .. int p  1}" 
by (auto simp add: R.zero_cong R.res_carrier_eq) 
obtain a where a:"a \<in> {1 .. int p  1}" 
and a_gen:"{1 .. int p  1} = {a(^)\<^bsub>residue_ring (int p)\<^esub>ii::nat . i \<in> UNIV}" 
apply atomize_elim using field.finite_field_mult_group_has_gen[OF R.is_field] 
by (auto simp add: car[symmetric] carrier_mult_of) 
{ fix x fix i :: nat assume x: "x \<in> {1 .. int p  1}" 
hence "x (^)\<^bsub>residue_ring (int p)\<^esub> i = x ^ i mod (int p)" using R.pow_cong[of x i] by auto} 
note * = this 
have **:"nat ` {1 .. int p  1} = {1 .. p  1}" (is "?L = ?R") 
proof 
{ fix n assume n: "n \<in> ?L" 
then have "n \<in> ?R" using `p\<ge>2` by force 
} thus "?L \<subseteq> ?R" by blast 
{ fix n assume n: "n \<in> ?R" 
then have "n \<in> ?L" using `p\<ge>2` Set_Interval.transfer_nat_int_set_functions(2) by fastforce 
} thus "?R \<subseteq> ?L" by blast 
qed 
have "nat ` {a^i mod (int p)  i::nat. i \<in> UNIV} = {nat a^i mod p  i . i \<in> UNIV}" (is "?L = ?R") 
proof 
{ fix x assume x: "x \<in> ?L" 
then obtain i where i:"x = nat (a^i mod (int p))" by blast 
hence "x = nat a ^ i mod p" using mod_nat_int_pow_eq[of a "int p" i] a `p\<ge>2` by auto 
hence "x \<in> ?R" using i by blast 
} thus "?L \<subseteq> ?R" by blast 
{ fix x assume x: "x \<in> ?R" 
then obtain i where i:"x = nat a^i mod p" by blast 
hence "x \<in> ?L" using mod_nat_int_pow_eq[of a "int p" i] a `p\<ge>2` by auto 
} thus "?R \<subseteq> ?L" by blast 
qed 
hence "{1 .. p  1} = {nat a^i mod p  i. i \<in> UNIV}" 
using * a a_gen ** by presburger 
moreover 
have "nat a \<in> {1 .. p  1}" using a by force 
ultimately show ?thesis .. 
qed 
end 