Subgroups of cyclic groups

In group theory, a cyclic group is generated by a single element, and its subgroups possess a rigid and well-understood structure that reflects the group's abelian nature and simplicity. Every subgroup of a cyclic group is itself cyclic, generated by a power of the original generator.^[1] This property holds for both finite and infinite cyclic groups, making them a cornerstone for studying more complex group structures.^[1] For infinite cyclic groups, such as the integers under addition \mathbb{Z} = \langle 1 \rangle, the subgroups are exactly the sets k\mathbb{Z} for each integer k \geq 0, where k=0 yields the trivial subgroup \{0\} and k=1 recovers the full group.^[1] These subgroups form a total order under inclusion: m\mathbb{Z} \subseteq n\mathbb{Z} if and only if n divides m.^[1] Each nontrivial subgroup k\mathbb{Z} is isomorphic to \mathbb{Z} itself and has index k in the parent group.^[1] In finite cyclic groups, the situation is even more discrete and countable. If G = \langle g \rangle has order n, then for every positive divisor d of n, there exists exactly one subgroup of order d, generated by g^{n/d}.^[2] This subgroup has index n/d and is unique up to isomorphism among all subgroups of that order in G.^[2] Consequently, the number of subgroups equals the number of positive divisors of n, and the subgroup lattice mirrors the divisor lattice of n, with inclusion corresponding to divisibility relations.^[1] This classification extends to applications in number theory and algebra, such as understanding the structure of abelian groups via the fundamental theorem, where cyclic components determine subgroup behaviors.^[3] The uniqueness of subgroups per order in finite cyclic groups also implies that cyclic groups are subgroup-rigid, distinguishing them from non-cyclic groups of the same order, which may have multiple or non-cyclic subgroups of a given size.^[1]

General Properties

Cyclicity of Subgroups

A cyclic group G is generated by a single element g \in G, denoted G = \langle g \rangle = \{ g^k \mid k \in \mathbb{Z} \}.^[1] A fundamental property of cyclic groups is that every subgroup is also cyclic.^[1] To see this, suppose G = \langle g \rangle and let H be a subgroup of G. Consider the set S = \{ k \in \mathbb{Z} \mid g^k \in H \}. This set S forms an ideal in the ring \mathbb{Z}, and since \mathbb{Z} is a principal ideal domain, S = m\mathbb{Z} for some m \in \mathbb{Z}_{\geq 0}.^[1] Thus, H = \{ g^{mk} \mid k \in \mathbb{Z} \} = \langle g^m \rangle, so H is cyclic, generated by g^m.^[1] This proof holds regardless of whether G is finite or infinite, as it relies solely on the structure of \mathbb{Z}.^[1] The cyclicity of subgroups implies that they inherit the single-generator structure of the parent group, which greatly simplifies their classification and study within cyclic groups. For example, consider the finite cyclic group \mathbb{Z}/6\mathbb{Z} = \langle 1 \rangle = \{0, 1, 2, 3, 4, 5\} under addition modulo 6. The subgroup H = \{0, 3\} equals \langle 3 \rangle, which is cyclic of order 2.^[1]

Uniqueness of Cyclic Subgroups

In a finite cyclic group G of order n, there is exactly one subgroup for each divisor d of n, and this subgroup has order d.^[1]^[4] To see this, suppose H and K are subgroups of G each of order d. Then the product HK is a subgroup of G whose order is |H||K|/|H \cap K| = d^2 / |H \cap K|, which must divide n by Lagrange's theorem. Since G is cyclic, generated by some element g, both H and K are generated by powers of g; specifically, if H = \langle g^k \rangle and K = \langle g^l \rangle, the orders imply that the minimal positive exponents align uniquely via the greatest common divisor with n, forcing H = K.^[1] Explicitly, if G = \langle g \rangle with |g| = n, the unique subgroup of order d (where d \mid n) is \langle g^{n/d} \rangle, which has order d because the order of g^{n/d} is n / \gcd(n, n/d) = d.^[1] This uniqueness implies that cyclic groups have no distinct isomorphic subgroups of the same order, in stark contrast to non-cyclic groups like the Klein four-group, which has three distinct subgroups of order 2.^[1]^[4] The result generalizes to infinite cyclic groups: if G is infinite cyclic, isomorphic to \mathbb{Z}, then for each positive integer m, there is a unique subgroup of index m, namely m\mathbb{Z}.^[4] This rigid structure underscores the linear ordering of subgroups in infinite cyclic groups, where each is principal and distinguished by its index.^[1]

Finite Cyclic Groups

Subgroup-Divisor Correspondence

In a finite cyclic group G of order n, there exists a bijection between the subgroups of G and the positive divisors of n. For each positive divisor d of n, there is a unique subgroup H_d of G having order d.^[1]^[5] Let G = \langle g \rangle, where g is a generator of order n. The subgroup corresponding to the divisor d is explicitly given by H_d = \langle g^{n/d} \rangle. This subgroup has order d, since (g^{n/d})^d = g^n = e and no smaller positive exponent works: the order of g^{n/d} is n / \gcd(n/d, n) = n / (n/d) = d.^[1] Every subgroup of G arises in this manner, as all subgroups are cyclic (by the general properties of cyclic groups) and thus generated by some power of g, with the uniqueness of cyclic subgroups of each order ensuring the bijection.^[1] For example, consider G = \langle g \rangle of order 12. The positive divisors of 12 are 1, 2, 3, 4, 6, and 12, yielding the subgroups H_1 = \langle g^{12} \rangle = \{e\}, H_2 = \langle g^6 \rangle, H_3 = \langle g^4 \rangle, H_4 = \langle g^3 \rangle, H_6 = \langle g^2 \rangle, and H_{12} = \langle g \rangle = G.^[5] This subgroup-divisor correspondence builds on Lagrange's theorem that subgroup orders divide the group order and was first established for cyclic groups by Gauss in 1801, later systematized in foundational group theory texts around the early 20th century to highlight the structure of abelian groups.^[6]^[1]

Counting and Generating Subgroups

In a finite cyclic group G of order n, generated by an element g, there is a unique subgroup for each positive divisor d of n, namely the subgroup H_d = \langle g^{n/d} \rangle of order d. Consequently, the total number of subgroups of G equals the number of positive divisors of n, denoted \tau(n) or d(n).^[1] For example, if n = p^k where p is prime and k \geq 1, then the divisors are $1, p, p^2, \dots, p^k, so \tau(p^k) = k+1 and G has exactly k+1 subgroups. Similarly, for n=6=2 \cdot 3, the divisors are $1, 2, 3, 6, yielding \tau(6)=4 subgroups: the trivial subgroup, subgroups of orders 2 and 3, and G itself.^[1] Within the subgroup H_d = \langle g^{n/d} \rangle of order d, the generators are precisely the elements h \in H_d of order d, and there are \phi(d) such elements, where \phi is Euler's totient function. More broadly, in the full group G, the number of elements of order d is \phi(d) if d \mid n, and 0 otherwise.^[7] This distribution of generators across subgroups underscores the structured nature of cyclic groups. The explicit counting of subgroups and their generators via divisors and the totient function enables efficient enumeration, which is particularly valuable in cryptographic applications involving cyclic groups, such as the Diffie-Hellman key exchange, where identifying and mitigating risks from small subgroups prevents confinement attacks.^[8]

Infinite Cyclic Groups

Characterization of Subgroups

The infinite cyclic group G is isomorphic to the additive group \mathbb{Z} of integers under addition, generated by the element 1.^[1] Every subgroup H of \mathbb{Z} is of the form m\mathbb{Z} for some nonnegative integer m \geq 0, where m is the smallest positive element in H if H is nontrivial, and m = 0 corresponds to the trivial subgroup \{0\}.^[1] This characterization arises because H, as a subgroup of \mathbb{Z}, is an additive ideal in the ring \mathbb{Z}, and all ideals in \mathbb{Z} are principal, generated by the greatest common divisor of the elements in H.^[9] To see this explicitly, if H is nontrivial, let m be the smallest positive integer in H; then, for any h \in H, the division algorithm yields h = mq + r with $0 \leq r < m, and since H is a subgroup, r = h - mq \in H, implying r = 0 (as m is minimal), so h \in m\mathbb{Z}; thus, H = m\mathbb{Z}.^[1] The trivial subgroup is \{0\} = 0\mathbb{Z}, which consists solely of the identity element.^[1] For example, the subgroup generated by 3 is $3\mathbb{Z} = \{\dots, -6, -3, 0, 3, 6, \dots \}, the set of all integer multiples of 3.^[1] All nontrivial subgroups of \mathbb{Z} are themselves infinite cyclic groups, each isomorphic to \mathbb{Z}.^[1]

Index and Generation

In the infinite cyclic group \mathbb{Z}, every nontrivial subgroup H takes the form H = m\mathbb{Z} for some integer m \geq 1. The index [ \mathbb{Z} : H ] is defined as the number of distinct cosets of H in \mathbb{Z}, which equals m.^[1] Specifically, the cosets are \{0 + m\mathbb{Z}, 1 + m\mathbb{Z}, \dots, (m-1) + m\mathbb{Z}\}, partitioning \mathbb{Z} into m residue classes modulo m.^[1] For the trivial subgroup H = \{0\}, the index is infinite, as there are infinitely many cosets k + \{0\} for each k \in \mathbb{Z}.^[1] The subgroup generated by an integer k \in \mathbb{Z} is \langle k \rangle = |k| \mathbb{Z}, consisting of all integer multiples of |k|.^[10] This follows from the fact that any multiple of k is a multiple of \gcd(k, \mathbb{Z}) = |k|, and conversely, multiples of |k| can be expressed using positive and negative coefficients to reach all elements in \langle k \rangle.^[10] For k = 0, \langle 0 \rangle = \{0\}, the trivial subgroup.^[1] For example, \langle 2 \rangle = 2\mathbb{Z}, the even integers, which has index 2 in \mathbb{Z} with cosets $2\mathbb{Z} (evens) and $1 + 2\mathbb{Z} (odds).^[1] Similarly, \langle 0 \rangle = \{0\} has infinite index.^[1] This index m corresponds to the order of the quotient group \mathbb{Z} / m\mathbb{Z}, which is isomorphic to the cyclic group \mathbb{Z}_m of order m.^[1] By the first isomorphism theorem, such quotients arise naturally from homomorphisms whose kernels are m\mathbb{Z}.^[11] An important implication is that any group homomorphism \phi: \mathbb{Z} \to F, where F is a finite group, must have finite kernel m\mathbb{Z} for some m, and thus factors through the finite quotient \mathbb{Z} / m\mathbb{Z} \to F.^[11] This reflects the universal property of \mathbb{Z} as a free group on one generator, where the image of 1 in F has finite order dividing |F|.^[12]

Lattice of Subgroups

Divisor Lattice in the Finite Case

In a finite cyclic group G of order n, the set of all subgroups, ordered by inclusion, forms a lattice. The meet operation is the intersection of subgroups, while the join is the subgroup generated by their union, which coincides with the product since G is abelian.^[1]^[13] This subgroup lattice is isomorphic to the lattice of positive divisors of n, denoted (D_n, \mid), where the partial order is divisibility. Each divisor d of n corresponds to a unique cyclic subgroup H_d of order d, and H_d \leq H_e if and only if d \mid e.^[1]^[13] Under this isomorphism, the intersection of subgroups H_d \cap H_e corresponds to H_{\gcd(d,e)}, and the join \langle H_d \cup H_e \rangle corresponds to H_{\mathrm{lcm}(d,e)}.^[13] The divisor lattice (D_n, \mid) is distributive, meaning it satisfies the identities x \wedge (y \vee z) = (x \wedge y) \vee (x \wedge z) and x \vee (y \wedge z) = (x \vee y) \wedge (x \vee z) for all elements, and hence modular.^[1]^[14] The height of the lattice, or the length of the longest chain from the bottom element (corresponding to the trivial subgroup) to the top element (corresponding to G), equals \Omega(n), the total number of prime factors of n counted with multiplicity.^[1] For example, consider n = 12 = 2^2 \cdot 3, with divisors $1, 2, 3, 4, 6, 12. The lattice consists of two maximal chains: $1 \mid 2 \mid 4 \mid 12 and $1 \mid 3 \mid 6 \mid 12, which merge at the endpoints, reflecting the prime factorization and yielding height $3.^[13] In contrast, the subgroup lattices of non-cyclic finite groups of order n are generally more complex and may fail to be distributive; for instance, the lattice of the Klein four-group (non-cyclic of order $4) is modular but not distributive.^[1]^[14]

Divisibility Lattice in the Infinite Case

The lattice of subgroups of the infinite cyclic group \mathbb{Z} under addition consists of all subgroups of the form n\mathbb{Z} for nonnegative integers n \geq 0, where $0\mathbb{Z} = \{0\} is the trivial subgroup and n\mathbb{Z} = \{nk \mid k \in \mathbb{Z}\} for n \geq 1. These subgroups are ordered by inclusion, with m\mathbb{Z} \subseteq k\mathbb{Z} if and only if k divides m. This partial order corresponds to the reverse of the usual divisibility order on the nonnegative integers: larger multiples yield smaller subgroups under inclusion.^[1] This structure forms a distributive lattice. The meet of two subgroups m\mathbb{Z} and k\mathbb{Z} (their intersection) is \operatorname{lcm}(m,k)\mathbb{Z}, as the common multiples are precisely the multiples of the least common multiple. The join of m\mathbb{Z} and k\mathbb{Z} (the subgroup they generate) is \operatorname{gcd}(m,k)\mathbb{Z}, since the subgroup generated by multiples of m and k consists of all integer linear combinations, which are multiples of their greatest common divisor.^[1] For instance, consider the even integers $2\mathbb{Z} and the multiples of three $3\mathbb{Z}. Their meet is $6\mathbb{Z}, the multiples of six, while their join is \mathbb{Z} itself, as \operatorname{gcd}(2,3) = 1. This example illustrates how incomparable subgroups—neither $2\mathbb{Z} \subseteq 3\mathbb{Z} nor $3\mathbb{Z} \subseteq 2\mathbb{Z}—combine to generate the full group.^[1] The lattice is complete, admitting arbitrary meets and joins: for any family \{n_i \mathbb{Z} \mid i \in I\}, the join is d\mathbb{Z} where d = \gcd\{n_i \mid i \in I\} (conventionally d=0 if the family includes \{0\} or has gcd 0, yielding the trivial subgroup), and the meet is e\mathbb{Z} where e = \operatorname{lcm}\{n_i \mid i \in I\} (with infinite lcm yielding \{0\} if unbounded). This completeness arises from the well-defined gcd and lcm operations extended to sets in the nonnegative integers. In contrast to the finite cyclic case, the infinite lattice features unbounded chains, such as the descending chain \mathbb{Z} \supseteq 2\mathbb{Z} \supseteq 4\mathbb{Z} \supseteq \cdots, reflecting its non-finite height. The entire poset is isomorphic to the dual of the divisibility lattice on the nonnegative integers, providing a precise algebraic structure without branches in the sense of modular branches but with incomparable elements like prime-powered subgroups.^[1]