This action might not be possible to undo. Are you sure you want to continue?

Welcome to Scribd! Start your free trial and access books, documents and more.Find out more

W. Edwin Clark

Department of Mathematics

University of South Florida

Revised June 2, 2003

Copyleft 2002 by W. Edwin Clark

Copyleft means that unrestricted redistribution and modiﬁcation are per-

mitted, provided that all copies and derivatives retain the same permissions.

Speciﬁcally no commerical use of these notes or any revisions thereof is per-

mitted.

i

ii

Preface

Number theory is concerned with properties of the integers:

. . . , −4, −3, −2, −1, 0, 1, 2, 3, 4, . . . .

The great mathematician Carl Friedrich Gauss called this subject arithmetic

and of it he said:

Mathematics is the queen of sciences and arithmetic the queen of

mathematics.”

At ﬁrst blush one might think that of all areas of mathematics certainly

arithmetic should be the simplest, but it is a surprisingly deep subject.

We assume that students have some familiarity with basic set theory, and

calculus. But very little of this nature will be needed. To a great extent the

book is self-contained. It requires only a certain amount of mathematical

maturity. And, hopefully, the student’s level of mathematical maturity will

increase as the course progresses.

Before the course is over students will be introduced to the symbolic

programming language Maple which is an excellent tool for exploring number

theoretic questions.

If you wish to see other books on number theory, take a look in the QA 241

area of the stacks in our library. One may also obtain much interesting and

current information about number theory from the internet. See particularly

the websites listed in the Bibliography. The websites by Chris Caldwell [2]

and by Eric Weisstein [11] are especially recommended. To see what is going

on at the frontier of the subject, you may take a look at some recent issues

of the Journal of Number Theory which you will ﬁnd in our library.

iii

iv PREFACE

Here are some examples of outstanding unsolved problems in number the-

ory. Some of these will be discussed in this course. A solution to any one

of these problems would make you quite famous (at least among mathemati-

cians). Many of these problems concern prime numbers. A prime number is

an integer greater than 1 whose only positive factors are 1 and the integer

itself.

1. (Goldbach’s Conjecture) Every even integer n > 2 is the sum of two

primes.

2. (Twin Prime Conjecture) There are inﬁnitely many twin primes. [If p

and p + 2 are primes we say that p and p + 2 are twin primes.]

3. Are there inﬁnitely many primes of the form n

2

+ 1?

4. Are there inﬁnitely many primes of the form 2

n

− 1? Primes of this

form are called Mersenne primes.

5. Are there inﬁnitely many primes of the form 2

2

n

+ 1? Primes of this

form are called Fermat primes.

6. (3n+1 Conjecture) Consider the function f deﬁned for positive integers

n as follows: f(n) = 3n+1 if n is odd and f(n) = n/2 if n is even. The

conjecture is that the sequence f(n), f(f(n)), f(f(f(n))), always

contains 1 no matter what the starting value of n is.

7. Are there inﬁnitely many primes whose digits in base 10 are all ones?

Numbers whose digits are all ones are called repunits.

8. Are there inﬁnitely many perfect numbers? [An integer is perfect if it

is the sum of its proper divisors.]

9. Is there a fast algorithm for factoring large integers? [A truly fast algo-

ritm for factoring would have important implications for cryptography

and data security.]

v

Famous Quotations Related to Number Theory

Two quotations from G. H. Hardy:

In the ﬁrst quotation Hardy is speaking of the famous Indian mathe-

matician Ramanujan. This is the source of the often made statement that

Ramanujan knew each integer personally.

I remember once going to see him when he was lying ill at Putney.

I had ridden in taxi cab number 1729 and remarked that the

number seemed to me rather a dull one, and that I hoped it

was not an unfavorable omen. “No,” he replied, “it is a very

interesting number; it is the smallest number expressible as the

sum of two cubes in two diﬀerent ways. ”

Pure mathematics is on the whole distinctly more useful than ap-

plied. For what is useful above all is technique, and mathematical

technique is taught mainly through pure mathematics.

Two quotations by Leopold Kronecker

God has made the integers, all the rest is the work of man.

The original quotation in German was Die ganze Zahl schuf der liebe Gott,

alles

¨

Ubrige ist Menschenwerk. More literally, the translation is “ The whole

number, created the dear God, everything else is man’s work.” Note in

particular that Zahl is German for number. This is the reason that today we

use Z for the set of integers.

Number theorists are like lotus-eaters – having once tasted of this

food they can never give it up.

A quotation by contemporary number theorist William Stein:

A computer is to a number theorist, like a telescope is to an

astronomer. It would be a shame to teach an astronomy class

without touching a telescope; likewise, it would be a shame to

teach this class without telling you how to look at the integers

through the lens of a computer.

vi PREFACE

Contents

Preface iii

1 Basic Axioms for Z 1

2 Proof by Induction 3

3 Elementary Divisibility Properties 9

4 The Floor and Ceiling of a Real Number 13

5 The Division Algorithm 15

6 Greatest Common Divisor 19

7 The Euclidean Algorithm 23

8 Bezout’s Lemma 25

9 Blankinship’s Method 27

10 Prime Numbers 31

11 Unique Factorization 37

12 Fermat Primes and Mersenne Primes 43

13 The Functions σ and τ 47

14 Perfect Numbers and Mersenne Primes 53

vii

viii CONTENTS

15 Congruences 57

16 Divisibility Tests for 2, 3, 5, 9, 11 65

17 Divisibility Tests for 7 and 13 69

18 More Properties of Congruences 71

19 Residue Classes 75

20 Z

m

and Complete Residue Systems 79

21 Addition and Multiplication in Z

m

83

22 The Groups U

m

87

23 Two Theorems of Euler and Fermat 93

24 Probabilistic Primality Tests 97

25 The Base b Representation of n 101

26 Computation of a

N

mod m 107

27 The RSA Scheme 113

A Rings and Groups 117

Chapter 1

Basic Axioms for Z

Since number theory is concerned with properties of the integers, we begin by

setting up some notation and reviewing some basic properties of the integers

that will be needed later:

N = ¦1, 2, 3, ¦ (the natural numbers or positive integers)

Z = ¦ , −3, −2, −1, 0, 1, 2, 3, ¦ (the integers)

Q =

n

m

[ n, m ∈ Z and m = 0

¸

(the rational numbers)

R = the real numbers

Note that N ⊂ Z ⊂ Q ⊂ R. I assume a knowledge of the basic rules of high

school algebra which apply to R and therefore to N, Z and Q. By this I

mean things like ab = ba and ab + ac = a(b + c). I will not list all of these

properties here. However, below I list some particularly important properties

of Z that will be needed. I call them axioms since we will not prove them in

this course.

Some Basic Axioms for Z

1. If a, b ∈ Z, then a + b, a −b and ab ∈ Z. (Z is closed under addition,

subtraction and multiplication.)

2. If a ∈ Z then there is no x ∈ Z such that a < x < a + 1.

3. If a, b ∈ Z and ab = 1, then either a = b = 1 or a = b = −1.

4. Laws of Exponents: For n, m in N and a, b in R we have

1

2 CHAPTER 1. BASIC AXIOMS FOR Z

(a) (a

n

)

m

= a

nm

(b) (ab)

n

= a

n

b

n

(c) a

n

a

m

= a

n+m

.

These rules hold for all n, m ∈ Z if a and b are not zero.

5. Properties of Inequalities: For a, b, c in R the following hold:

(a) (Transitivity) If a < b and b < c, then a < c.

(b) If a < b then a + c < b + c.

(c) If a < b and 0 < c then ac < bc.

(d) If a < b and c < 0 then bc < ac.

(e) (Trichotomy) Given a and b, one and only one of the following

holds:

a = b, a < b, b < a.

6. The Well-Ordering Property for N: Every non-empty subset of N

contains a least element.

7. The Principle of Mathematical Induction: Let P(n) be a state-

ment concerning the integer variable n. Let n

0

be any ﬁxed integer.

P(n) is true for all integers n ≥ n

0

if one can establish both of the

following statements:

(a) P(n) is true if n = n

0

.

(b) Whenever P(n) is true for n

0

≤ n ≤ k then P(n) is true for

n = k + 1.

We use the usual conventions:

1. a ≤ b means a < b or a = b,

2. a > b means b < a, and

3. a ≥ b means b ≤ a.

Important Convention. Since in this course we will be almost exclu-

sively concerned with integers we shall assume from now on (unless otherwise

stated) that all lower case roman letters a, b, . . . , z are integers.

Chapter 2

Proof by Induction

In this section, I list a number of statements that can be proved by use of

The Principle of Mathematical Induction. I will refer to this principle as

PMI or, simply, induction. A sample proof is given below. The rest will be

given in class hopefully by students.

A sample proof using induction: I will give two versions of this proof.

In the ﬁrst proof I explain in detail how one uses the PMI. The second proof

is less pedagogical and is the type of proof I expect students to construct. I

call the statement I want to prove a proposition. It might also be called a

theorem, lemma or corollary depending on the situation.

Proposition 2.1. If n ≥ 5 then 2

n

> 5n.

Proof #1. Here we use The Principle of Mathematical Induction. Note that

PMI has two parts which we denote by PMI (a) and PMI (b).

We let P(n) be the statement 2

n

> 5n. For n

0

we take 5. We could write

simply:

P(n) = 2

n

> 5n and n

0

= 5.

Note that P(n) represents a statement, usually an inequality or an equation

but sometimes a more complicated assertion. Now if n = 4 then P(n) be-

comes the statement 2

4

> 5 4 which is false! But if n = 5, P(n) is the

statement 2

5

> 5 5 or 32 > 25 which is true and we have established PMI

(a).

3

4 CHAPTER 2. PROOF BY INDUCTION

Now to prove PMI (b) we begin by assuming that

P(n) is true for 5 ≤ n ≤ k.

That is, we assume

2

n

> 5n for 5 ≤ n ≤ k. (2.1)

The assumption (2.1) is called the induction hypothesis. We want to

use it to prove that P(n) holds when n = k + 1. So here’s what we do. By

(2.1) letting n = k we have

2

k

> 5k.

Multiply both sides by two and we get

2

k+1

> 10k. (2.2)

Note that we are trying to prove 2

k+1

> 5(k + 1). Now 5(k + 1) = 5k + 5 so

if we can show 10k ≥ 5k + 5 we can use (2.2) to complete the proof.

Now 10k = 5k + 5k and k ≥ 5 by (2.1) so k ≥ 1 and hence 5k ≥ 5.

Therefore

10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).

Thus

2

k+1

> 10k ≥ 5(k + 1)

so

2

k+1

> 5(k + 1). (2.3)

that is, P(n) holds when n = k + 1. So assuming the induction hypothesis

(2.1) we have proved (2.3). Thus we have established PMI (b).

We have established that parts (a) and (b) of PMI hold for this particular

P(n) and n

0

. So the PMI tells us that P(n) holds for n ≥ 5. That is, 2

n

> 5n

holds for n ≥ 5.

I now give a more streamlined proof.

Proposition 2.2. If n ≥ 5 then 2

n

> 5n.

5

Proof #2. We prove the proposition by induction on the variable n.

If n = 5 we have 2

5

> 5 5 or 32 > 25 which is true.

Assume

2

n

> 5n for 5 ≤ n ≤ k (the induction hypothesis).

Taking n = k we have

2

k

> 5k.

Multiplying both sides by 2 gives

2

k+1

> 10k.

Now 10k = 5k + 5k and k ≥ 5 so k ≥ 1 and therefore 5k ≥ 5. Hence

10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).

It follows that

2

k+1

> 10k ≥ 5(k + 1)

and therefore

2

k+1

> 5(k + 1).

Hence by PMI we conclude that 2

n

> 5n for n ≥ 5.

The 8 major parts of a proof by induction:

1. First state what proposition you are going to prove. Precede the state-

ment by Proposition, Theorem, Lemma, Corollary, Fact, or To Prove:.

2. Write the Proof or Pf. at the very beginning of your proof.

3. Say that you are going to use induction (some proofs do not use induc-

tion!) and if it is not obvious from the statement of the proposition

identify clearly P(n), the statement to be proved, the variable n and

the starting value n

0

. Even though this is usually clear, sometimes

these things may not be obvious. And, of course, the variable need not

be n. It could be represented in many diﬀerent ways.

4. Prove that P(n) holds when n = n

0

.

5. Assume that P(n) holds for n

0

≤ n ≤ k. This assumption will be

referred to as the induction hypothesis.

6 CHAPTER 2. PROOF BY INDUCTION

6. Use the induction hypothesis and anything else that is known to be

true to prove that P(n) holds when n = k + 1.

7. Conclude that since the conditions of the PMI have been met then

P(n) holds for n ≥ n

0

.

8. Write QED or or // or something to indicate that you have com-

pleted your proof.

Exercise 2.1. Prove that 2

n

> 6n for n ≥ 5.

Exercise 2.2. Prove that 1 + 2 + + n =

n(n + 1)

2

for n ≥ 1.

Exercise 2.3. Prove that if 0 < a < b then 0 < a

n

< b

n

for all n ∈ N.

Exercise 2.4. Prove that n! < n

n

for n ≥ 2.

Exercise 2.5. Prove that if a and r are real numbers and r = 1, then for

n ≥ 1

a + ar + ar

2

+ + ar

n

=

a (r

n+1

−1)

r −1

.

This can be written as follows

a(r

n+1

−1) = (r −1)(a + ar + ar

2

+ + ar

n

).

And important special case of which is

(r

n+1

−1) = (r −1)(1 + r + r

2

+ + r

n

).

Exercise 2.6. Prove that 1 + 2 + 2

2

+ + 2

n

= 2

n+1

−1 for n ≥ 1.

Exercise 2.7. Prove that 111 1

. .. .

n1’s

=

10

n

−1

9

for n ≥ 1.

Exercise 2.8. Prove that 1

2

+2

2

+3

2

+ +n

2

=

n(n + 1)(2n + 1)

6

if n ≥ 1.

Exercise 2.9. Prove that if n ≥ 12 then n can be written as a sum of 4’s

and 5’s. For example, 23 = 5 + 5 + 5 + 4 + 4 = 3 5 + 2 4. [Hint. In this

case it will help to do the cases n = 12, 13, 14, and 15 separately. Then use

induction to handle n ≥ 16.]

7

Exercise 2.10. (a) For n ≥ 1, the triangular number t

n

is the number of

dots in a triangular array that has n rows with i dots in the i-th row. Find

a formula for t

n

, n ≥ 1. (b) Suppose that for each n ≥ 1. Let s

n

be the

number of dots in a square array that has n rows with n dots in each row.

Find a formula for s

n

. The numbers s

n

are usually called squares.

Exercise 2.11. Find the ﬁrst 10 triangular numbers and the ﬁrst 10 squares.

Which of the triangular numbers in your list are also squares? Can you ﬁnd

the next triangular number which is a square?

Exercise 2.12. Some propositions that can be proved by induction can also

be proved without induction. Prove Exercises 2.2 and 2.5 without induction.

[Hints: For 2.2 write s = 1+2+ +(n−1)+n. Directly under this equation

write s = n+(n−1)+ +2+1. Add these equations to obtain 2s = n(n+1).

Solve for s. For Exercise 2.5 write p = a+ar+ar

2

+ +ar

n

. Then multiply

both sides of this equation by r to get a new equation with rp as the left hand

side. Subtract these two equation to obtain pr − p = ar

n+1

− a. Now solve

for p.]

8 CHAPTER 2. PROOF BY INDUCTION

Chapter 3

Elementary Divisibility

Properties

Deﬁnition 3.1. d [ n means there is an integer k such that n = dk. d n

means that d [ n is false.

Note that a [ b = a/b. Recall that a/b represents the fraction

a

b

.

The expression d [ n may be read in any of the following ways:

1. d divides n.

2. d is a divisor of n.

3. d is a factor of n.

4. n is a multiple of d.

Thus, the following ﬁve statements are equivalent, that is, they are all

diﬀerent ways of saying the same thing.

1. 2 [ 6.

2. 2 divides 6.

3. 2 is a divisor of 6.

4. 2 is a factor of 6.

5. 6 is a multiple of 2.

9

10 CHAPTER 3. ELEMENTARY DIVISIBILITY PROPERTIES

Deﬁnitions will play an important role in this course. Students should learn

all deﬁnitions and be able to state them precisely. An alternative way to

state the deﬁnition of d [ n is as follows.

Deﬁnition 3.2. d [ n ⇐⇒ n = dk for some k.

or maybe

Deﬁnition 3.3. d [ n iﬀ n = dk for some k.

Keep in mind that we are assuming that all letters a, b, . . . , z represent inte-

gers. Otherwise we would have to add this fact to our deﬁnitions. One might

also see the following deﬁnition sometimes.

Deﬁnition 3.4. d [ n if n = dk for some k.

Note that ⇐⇒, iﬀ, and if and only if, all mean the same thing. In deﬁnitions

such as Deﬁnition 3.4 if is interpreted to mean if and only if. It should be

emphasized that all the above deﬁnitions are acceptable. Take your pick.

But be careful about making up your own deﬁnitions.

11

Theorem 3.1 (Divisibility Properties). If n, m, and d are integers then

the following statements hold:

1. n [ n (everything divides itself )

2. d [ n and n [ m =⇒d [ m (transitivity)

3. d [ n and d [ m =⇒d [ an + bm for all a and b (linearity property)

4. d [ n =⇒ad [ an (multiplication property)

5. ad [ an and a = 0 =⇒ d [ n (cancellation property)

6. 1 [ n (one divides everything)

7. n [ 1 =⇒n = ±1 (1 and −1 are the only divisors of 1.)

8. d [ 0 (everything divides zero)

9. 0 [ n =⇒n = 0 (zero divides only zero)

10. If d and n are positive and d [ n then d ≤ n (comparison property)

Exercise 3.1. Prove each of the properties 1 through 10 in Theorem 3.1.

Deﬁnition 3.5. If c = as + bt for some integers s and t we say that c is a

linear combination of a and b.

Thus, statement 3 in Theorem 3.1 says that if d divides a and b, then d

divides all linear combinations of a and b. In particular, d divides a + b and

a −b. This will turn out to be a useful fact.

Exercise 3.2. Prove that if d [ a and d [ b then d [ a −b.

Exercise 3.3. Prove that if a ∈ Z then the only positive divisor of both a

and a + 1 is 1.

12 CHAPTER 3. ELEMENTARY DIVISIBILITY PROPERTIES

Chapter 4

The Floor and Ceiling of a Real

Number

Here we deﬁne the ﬂoor, a.k.a., the greatest integer, and the ceiling, a.k.a.,

the least integer, functions. Kenneth Iverson introduced this notation and

the terms ﬂoor and ceiling in the early 1960s — according to Donald Knuth

[6] who has done a lot to popularize the notation. Now this notation is

standard in most areas of mathematics.

Deﬁnition 4.1. If x is any real number we deﬁne

x| = the greatest integer less than or equal to x

x| = the least integer greater than or equal to x

x| is called the ﬂoor of x and x| is called the ceiling of x The ﬂoor x| is

sometimes denoted [x] and called the greatest integer function. But I prefer

the notation x|. Here are a few simple examples:

1. 3.1| = 3 and 3.1| = 4

2. 3| = 3 and 3| = 3

3. −3.1| = -4 and −3.1| = -3

From now on we mostly concentrate on the ﬂoor x|. For a more detailed

treatment of both the ﬂoor and ceiling see the book Concrete Mathemat-

ics [5]. According to the deﬁnition of x| we have

x| = max¦n ∈ Z [ n ≤ x¦ (4.1)

13

14 CHAPTER 4. THE FLOOR AND CEILING OF A REAL NUMBER

Note also that if n is an integer we have:

n = x| ⇐⇒n ≤ x < n + 1. (4.2)

From this it is clear that

x| ≤ x holds for all x,

and

x| = x ⇐⇒x ∈ Z.

We need the following lemma to prove our next theorem.

Lemma 4.1. For all x ∈ R

x −1 < x| ≤ x.

Proof. Let n = x|. Then by (4.2) we have n ≤ x < n + 1. This gives

immediately that x| ≤ x, as already noted above. It also gives x < n + 1

which implies that x −1 < n, that is, x −1 < x|.

Exercise 4.1. Sketch the graph of the function f(x) = x| for −3 ≤ x ≤ 3.

Exercise 4.2. Find π|, π|,

√

2|,

√

2|, −π|, −π|, −

√

2|, and −

√

2|.

Deﬁnition 4.2. Recall that the decimal representation of a positive in-

teger a is given by a = a

n−1

a

n−2

a

1

a

0

where

a = a

n−1

10

n−1

+ a

n−2

10

n−2

+ + a

1

10 + a

0

(4.3)

and the digits a

n−1

, a

n−2

, . . . , a

1

, a

0

are in the set ¦0, 1, 2, 3, 4, 5, 6, 7, 8, 9¦ with

a

n−1

= 0. In this case we say that the integer a is an n digit number or

that a is n digits long.

Exercise 4.3. Prove that a ∈ N is an n digit number where n = log(a)|+1.

Here log means logarithm to base 10. Hint: Show that if ( 4.3) holds with

a

n−1

= 0 then 10

n−1

≤ a < 10

n

. Then apply the log to all terms of this

inequality.

Exercise 4.4. Use the previous exercise to determine the number of digits

in the decimal representation of the number 2

3321928

. Recall that log(x

y

) =

y log(x) when x and y are positive.

Chapter 5

The Division Algorithm

The goal of this section is to prove the following important result.

Theorem 5.1 (The Division Algorithm). If a and b are integers and

b > 0 then there exist unique integers q and r satisfying the two conditions:

a = bq + r and 0 ≤ r < b. (5.1)

In this situation q is called the quotient and r is called the remainder

when a is divided by b. Note that there are two parts to this result. One

part is the EXISTENCE of integers q and r satisfying (5.1) and the second

part is the UNIQUENESS of the integers q and r satisfying (5.1).

Proof. Given b > 0 and any a deﬁne

q =

a

b

¸

r = a −bq

Cleary we have a = bq + r. But we need to prove that 0 ≤ r < b. By

Lemma 4.1 we have

a

b

−1 <

a

b

¸

≤

a

b

.

Now multiply all terms of this inequality by −b. Since b is positive, −b is

negative so the direction of the inequality is reversed, giving us:

b −a > −b

a

b

¸

≥ −a.

15

16 CHAPTER 5. THE DIVISION ALGORITHM

If we add a to all sides of the inequality and replace a/b| by q we obtain

b > a −bq ≥ 0.

Since r = a −bq this gives us the desired result 0 ≤ r < b.

We still have to prove that q and r are uniquely determined. To do this

we assume that

a = bq

1

+ r

1

and 0 ≤ r

1

< b,

and

a = bq

2

+ r

2

and 0 ≤ r

2

< b.

We must show that r

1

= r

2

and q

1

= q

2

. If r

1

= r

2

without loss of generality

we can assume that r

2

> r

1

. Subtracting these two equations we obtain

0 = a −a = (bq

1

+ r

1

) −(bq

2

+ r

2

) = b(q

1

−q

2

) + (r

1

−r

2

).

This implies that

r

2

−r

1

= b(q

1

−q

2

). (5.2)

This implies that b [ r

2

−r

1

. By Theorem 3.1(10) this implies that b ≤ r

2

−r

1

.

But since

0 ≤ r

1

< r

2

< b

we have r

2

−r

1

< b. This contradicts b ≤ r

2

−r

1

. So we must conclude that

r

1

= r

2

. Now from (5.2) we have 0 = b(q

1

−q

2

). Since b > 0 this tells us that

q

1

−q

2

= 0, that is, q

1

= q

2

. This completes the proof of the uniqueness of r

and q in (5.1).

Deﬁnition 5.1. An integer n is even if n = 2k for some k, and is odd if

n = 2k + 1 for some k.

Exercise 5.1. Prove using the Division Algorithm that every integer is either

even or odd, but never both.

Deﬁnition 5.2. By the parity of an integer we mean whether it is even or

odd.

Exercise 5.2. Prove n and n

2

always have the same parity. That is, n is

even if and only if n

2

is even.

17

Exercise 5.3. Find the q and r of the Division Algorithm for the following

values of a and b:

1. Let b = 3 and a = 0, 1, −1, 10, −10.

2. Let b = 345 and a = 0, −1, 1, 344, 7863, −7863.

Exercise 5.4. Devise a method for solving problems like those in the previ-

ous exercise for large positive values of a and b using a calculator. Illustrate

by using a = 123456 and b = 123. Hint: If a = bq + r and 0 ≤ r < b then

a

b

= q +

r

b

and so

r

b

is the fractional part of the decimal number

a

b

. So q is

what you get when you drop the fractional part. Once you have q you can

solve a = bq + r for r.

Sometimes a problem in number theory can be solved by dividing the integers

into various classes depending on their remainders when divided by some

number b. For example, this is helpful in solving the following two problems.

Exercise 5.5. Show that for all integers n the number n

3

−n always has 3

as a factor. (Consider the three cases: n = 3k, n = 3k + 1, n = 3k + 2.)

Exercise 5.6. Show that the product of any three consecutive integers has

6 as a factor. (How many cases should you use here?)

Deﬁnition 5.3. For b > 0 deﬁne a mod b = r where r is the remainder given

by the Division Algorithm when a is divided by b, that is, a = bq + r and

0 ≤ r < b.

For example 23 mod 7 = 2 since 23 = 7 3 + 2 and −4 mod 5 = 1 since

−4 = 5 (−1) + 1.

Note that some calculators and most programming languages have a func-

tion often denoted by MOD(a, b) or mod(a, b) whose value is what we have

just deﬁned as a mod b. When this is the case the values r and q in the

Division Algorithm for given a and b > 0 are given by

r = a mod b

q =

a −(a mod b)

b

If also the ﬂoor function is available we have

r = a mod b

q = a/b|

18 CHAPTER 5. THE DIVISION ALGORITHM

Exercise 5.7. Prove that if b > 0 then b [ a ⇐⇒ a mod b = 0.

Exercise 5.8. Prove that if b = 0 then b [ a ⇐⇒a/b ∈ Z.

Exercise 5.9. Calculate the following:

1. 0 mod 10

2. 123 mod 10

3. 10 mod 123

4. 457 mod 33

5. (−7) mod 3

6. (−3) mod 7

7. (−5) mod 5

Exercise 5.10. Use the Division Algorithm to prove the following more

general version: If b = 0 then for any a there exists unique q and r such that

a = bq + r and 0 ≤ r < [ b [. (5.3)

Hint: Recall that [ b [ is b if b ≥ 0 and is −b if b < 0. We know the statement

holds if b > 0 so we only need to consider the case when b < 0. If b is

negative then −b is positive, so we can apply the Division Algorithm to a and

−b. Note that a as well as q can be any integers. This exercise may come in

handy later.

Chapter 6

Greatest Common Divisor

Deﬁnition 6.1. Let a, b ∈ Z. If a = 0 or b = 0, we deﬁne gcd(a, b) to be the

largest integer d such that d [ a and d [ b. We deﬁne gcd(0, 0) = 0.

Discussion. If e [ a and e [ b we call e a common divisor of a and b. Let

C(a, b) = ¦e : e [ a and e [ b¦,

that is, C(a, b) is the set of all common divisors of a and b. Note that since

everything divides 0

C(0, 0) = Z

so there is no largest common divisor of 0 with 0. This is why we must deﬁne

gcd(0, 0) = 0.

Example 6.1.

C(18, 30) = ¦−1, 1, −2, 2, −3, 3, −6, 6¦.

So gcd(18, 30) = 6.

Lemma 6.1. If e [ a then −e [ a.

Proof. If e [ a then a = ek for some k. Then a = (−e)(−k). Since −e and

−k are also integers −e [ a.

Lemma 6.2. If a = 0, the largest positive integer that divides a is [a[.

19

20 CHAPTER 6. GREATEST COMMON DIVISOR

Proof. Recall that

[a[ =

a if a ≥ 0

−a if a < 0.

First note that [a[ actually divides a: If a > 0, since we know a [ a we have

[a[ [ a. If a < 0, [a[ = −a. In this case a = (−a)(−1) = [a[(−1) so [a[ is a

factor of a. So, in either case [a[ divides a, and in either case [a[ > 0, since

a = 0.

Now suppose d [ a and d is positive. Then a = dk some k so −a = d(−k)

for some k. So d [ [a[. So by Theorem 3.1 (10) we have d ≤ [a[.

The following lemma shows that in computing gcd’s we may restrict our-

selves to the case where both integers are positive.

Lemma 6.3. gcd(a, b) = gcd([a[, [b[).

Proof. If a = 0 and b = 0, we have [a[ = a and [b[ = b. So gcd(a, b) =

gcd([a[, [b[). Suppose one of a or b is not 0. Note that d [ a ⇔ d [ [a[. See

Exercise 6.1. It follows that

C(a, b) = C([a[, [b[).

So the largest common divisor of a and b is also the largest common divisor

of [a[ and [b[.

Exercise 6.1. Prove that

d [ a ⇔d [ [a[

[Hint: recall that [a[ = a if a ≥ 0 and [a[ = −a if a < 0. So you need to

consider two cases.]

Lemma 6.4. gcd(a, b) = gcd(b, a).

Proof. Clearly C(a, b) = C(b, a). It follows that the largest integer in C(a, b)

is the largest integer in C(b, a), that is, gcd(a, b) = gcd(b, a).

Lemma 6.5. If a = 0 or b = 0, then gcd(a, b) exists and satisﬁes

0 < gcd(a, b) ≤ min¦[a[, [b[¦.

21

Proof. Note that gcd(a, b) is the largest integer in the set C(a, b) of common

division of a and b. Since 1 [ a and 1 [ b we know that 1 ∈ C(a, b). So

the largest common divisor must be at least 1 and is therefore positive. On

the other hand d ∈ C(a, b) ⇒ d [ [a[ and d [ [b[ so d is no larger than [a[

and no larger than [b[. So d is at most the smaller of [a[ and [b[. Hence

gcd(a, b) ≤ min¦[a[, [b[¦.

Example 6.2. From the above lemmas we have

gcd(48, 732) = gcd(−48, 732)

= gcd(−48, −732)

= gcd(48, −732).

We also know that

0 < gcd(48, 732) ≤ 48.

Since if d = gcd(48, 732), then d [ 48, to ﬁnd d we may check only which

positive divisors of 48 also divide 732.

Exercise 6.2. Find gcd(48, 732) using Example 6.2.

Exercise 6.3. Find gcd(a, b) for each of the following values of a and b:

(1) a = −b, b = 14

(2) a = −1, b = 78654

(3) a = 0, b = −78

(4) a = 2, b = −786541

22 CHAPTER 6. GREATEST COMMON DIVISOR

Chapter 7

The Euclidean Algorithm

Unlike the Division Algorithm, the Euclidean Algorithm really is an algo-

rithm. It provides a method to compute gcd(a, b). Since as already noted

gcd(0, 0) = 0, gcd(a, b) = gcd([a[, [b[), and gcd(a, b) = gcd(b, a), it suﬃces to

give a method to compute gcd(a, b) when a ≥ b ≥ 0.

Lemma 7.1. If a > 0, then gcd(a, 0) = a.

Proof. Since every integer divides 0, C(a, 0) is just the set of divisors of a.

By Lemma 6.2 the largest divisor of a is [a[. Since a > 0, [a[ = a. This shows

that gcd(a, 0) = a.

Remark 7.1. So we are now reduced to the problem of ﬁnding gcd(a, b) when

a ≥ b > 0.

Exercise 7.1. Prove that if a > 0 then gcd(a, a) = a.

Now having done Exercise 7.1 we only need to consider the case a > b > 0.

Lemma 7.2. Let a > b > 0. If a = bq + r, then

gcd(a, b) = gcd(b, r).

Proof. It suﬃces to show that C(a, b) = C(b, r), that is, the common divisors

of a and b are the same as the common divisors of b and r. To show this

ﬁrst let d [ a and d [ b. Note that r = a − bq, which is a linear combination

of a and b. So by Theorem 3.1(3) d [ r. Thus d [ b and d [ r. Next assume

d [ b and d [ r. Using Theorem 3.1(3) again and the fact that a = bq + r is

a linear combination of b and r, we have d [ a. So d [ a and d [ b. We have

thus shown that C(a, b) = C(b, r). So gcd(a, b) = gcd(b, r).

23

24 CHAPTER 7. THE EUCLIDEAN ALGORITHM

Remark 7.2. The Euclidean Algorithm is the process of using Lemmas 7.2

and 7.1 to compute gcd(a, b) when a > b > 0.

Rather than give a precise statement of the algorithm I will give an ex-

ample to show how it goes.

Example 7.1. Let’s compute gcd(803, 154).

gcd(803, 154) = gcd(154, 33) since 803 = 154 5 + 33

gcd(154, 33) = gcd(33, 22) since 154 = 33 4 + 22

gcd(33, 22) = gcd(22, 11) since 33 = 22 1 + 11

gcd(22, 11) = gcd(11, 0) since 22 = 11 1 + 0

gcd(11, 0) = 11.

Hence gcd(803, 154) = 11.

Remark 7.3. Note that we have formed the gcd of 803 and 154 without fac-

toring 803 and 154. This method is generally much faster than factoring and

can ﬁnd gcd’s when factoring is not feasible.

Exercise 7.2. Let a > b > 0. Show that gcd(a, b) = gcd(b, a mod b).

Remark 7.4. So if your calculator can compute a mod b you may use it when

executing the Euclidean Algorithm.

Exercise 7.3. Find gcd(a, b) using the Euclidean Algorithm for each of the

values below:

(1) a = 37, b = 60

(2) a = 793, b = 3172

(3) a = 25174, b = 42722

(4) a = 377, b = 233

Chapter 8

Bezout’s Lemma

Lemma 8.1 (Bezout’s Lemma). For all integers a and b there exist inte-

gers s and t such that

gcd(a, b) = sa + tb.

Proof. If a = b = 0 then s and t may be anything since

gcd(0, 0) = 0 = s 0 + t 0.

So we may assume that a = 0 or b = 0. Let

J = ¦na + mb : n, m ∈ Z¦.

Note that J contains a, −a, b and −b since

a = 1 a + 0 b

−a = (−1) a + 0 b

b = 0 a + 1 b

−b = 0 a + (−1) b.

Since a = 0 or b = 0 one of the elements a, −a, b, −b is positive. So we can

say that J contains some positive integers. Let S denote the set of positive

integers in J. That is,

S = ¦na + mb : na + mb > 0, n, m ∈ Z¦.

By the Well-Ordering Property for N, S contains a smallest positive in-

teger, call it d. Let’s show that d = gcd(a, b). Note that since d ∈ S we have

25

26 CHAPTER 8. BEZOUT’S LEMMA

d = sa+tb for some integers, s and t. Note also that d > 0. Let e = gcd(a, b).

Then e [ a and e [ b, so by Theorem 3.1 (3) e [ sa + tb, that is e [ d. Since e

and d are positive, by Theorem 3.1 (10) we have e ≤ d. So if we can show

that d is a common divisor of a and b we will know that e = d. To show d [ a

using the Division Algorithm we write a = dq + r where 0 ≤ r < d. Now

r = a −dq

= a −(sa + tb)q

= (1 −sq)a + (−tq)b.

Hence r ∈ J. If r > 0 then r ∈ S. But this cannot be since r < d and d is the

smallest integer in S. So we must have r = 0. That is, a = dq. Hence d [ a.

By a similar argument we can show that d [ b. Thus, d is indeed a common

divisor of a and b since d ≥ e = gcd(a, b), we must have d = gcd(a, b). As

noted already d = sa + tb, so the theorem is proved.

Example 8.1. 1 = gcd(2, 3) and we have 1 = (−1)2 + 1 3. Also we have

1 = 2 2+(−1)3. So the numbers s and t in Bezout’s Lemma are not uniquely

determined. In fact, as we will see later there are inﬁnitely many choices for

s and t for each pair a, b.

Remark 8.1. The above proof is an existence theorem. It asserts the existence

of s and t, but does not provide a way to actually ﬁnd s and t. Also the proof

does not give any clue about how to go about calculating s and t. We will

give an algorithm in the next chapter for ﬁnding s and t.

Chapter 9

Blankinship’s Method

In an article in the August-September 1963 issue of the American Mathe-

matical Monthly, W.A. Blankinship

1

gave a simple method to produce the

integers s and t in Bezout’s Lemma and at the same time produce gcd(a, b):

Given a > b > 0 we start with the array

¸

a 1 0

b 0 1

**Then we continue to add multiples of one row to another row, alternating
**

choice of rows until we reach an array of the form

¸

0 x

1

x

2

d y

1

y

2

or

¸

d y

1

y

2

0 x

1

x

2

Then d = gcd(a, b) = y

1

a + y

2

b. [The goal is to get a 0 in the ﬁrst column.]

Examples 9.1. First take a = 35, b = 15.

¸

35 1 0

15 0 1

Note 35 = 15 2 + 5, hence

35 + 15(−2) = 5.

1

Thanks to Chris Miller for bringing this method to my attention.

27

28 CHAPTER 9. BLANKINSHIP’S METHOD

So we multiply row 2 by −2 and add it to row 1, getting

¸

5 1 −2

15 0 1

**Now 3 5 = 15 or 15 +(−3)5 = 0, so we multiply row 1 by −3 and add it to
**

row 2, getting

¸

5 1 −2

0 −3 7

.

Now we can say that

gcd(35, 15) = 5

and

5 = 1 35 + (−2) 15.

Let’s now consider a more complicated example: Take a = 1876, b = 365.

¸

1876 1 0

365 0 1

**Now 1876 = 365 5 +51 so we add −5 times the second row to the ﬁrst row,
**

getting:

¸

51 1 −5

365 0 1

**Now 365 = 51 7 + 8, so we add −7 times row 1 to row 2, getting:
**

¸

51 1 −5

8 −7 36

**Now 51 = 8 6 + 3, so we add −6 times row 2 to row 1, getting:
**

¸

3 43 −221

8 −7 36

**Now 8 = 3 2 + 2, so we add −2 times row 1 to row 2, getting:
**

¸

3 43 −221

2 −93 478

**Then 3 = 2 1 + 1, so we add −1 times row 2 to row 1, getting:
**

¸

1 136 −699

2 −93 478

29

Finally, 2 = 1 2 so if we add −2 times row 1 to row 2 we get:

(∗)

¸

1 136 −699

0 −365 1876

.

This tells us that

gcd(1876, 365) = 1

and

(∗∗) 1 = 136 1876 + (−699)365.

Note that it was not necessary to compute the last two entries −365 and

1876 in (∗). It is a good idea however to check that equation (∗∗) holds. In

this case we have:

136 1876 = 255136

(−699) 365 = −255135

1

So it is correct.

Why Blankinship’s Method works: Note that just looking at what

happens in the ﬁrst column you see that we are just doing the Euclidean

Algorithm, so when one element in column 1 is 0, the other is, in fact, the

gcd. Note that at the start we have

¸

a 1 0

b 0 1

and

a = 1 a + 0 b

b = 0 a + 1 b.

One can show that at every intermediate step

¸

a

1

x

1

x

2

b

1

y

1

y

2

**we always have
**

a

1

= x

1

a + x

2

b

b

1

= y

1

a + y

2

b,

and the result follows. I will omit the details.

30 CHAPTER 9. BLANKINSHIP’S METHOD

Exercise 9.1. Use Blankinship’s method to compute the s and t in Bezout’s

Lemma for each of the following values of a and b.

(1) a = 267, b = 112

(2) a = 216, b = 135

(3) a = 11312, b = 11321

Exercise 9.2. Show that if 1 = as + bt then gcd(a, b) = 1.

Exercise 9.3. Find integers a, b, d, s, t such that all of the following hold

(1) a > 0, b > 0,

(2) d = sa + tb, and

(3) d = gcd(a, b).

Note that d in Exercise 9.3 cannot be 1 by Exercise 9.2.

Chapter 10

Prime Numbers

Deﬁnition 10.1. An integer p is prime if p ≥ 2 and the only positive

divisors of p are 1 and p. An integer n is composite if n ≥ 2 and n is not

prime.

Remark 10.1. The number 1 is neither prime nor composite.

Lemma 10.1. An integer n ≥ 2 is composite if and only if there are integers

a and b such that n = ab, 1 < a < n, and 1 < b < n.

Proof. Let n ≥ 2. If n is composite there is a positive integer a such that

a = 1, a = n and a [ n. This means that n = ab for some b. Since n and a

are positive so is b. Hence 1 ≤ a and 1 ≤ b. By Theorem 3.1(10) a ≤ n and

b ≤ n. Since a = 1 and a = n we have 1 < a < n. If b = 1 then a = n, which

is not possible, so b = 1. If b = n then a = 1, which is also not possible. So

1 < b < n. The converse is obvious.

Lemma 10.2. If n > 1, there is a prime p such that p [ n.

Proof. Assume there is some integer n > 1 which has no prime divisor. Let

S denote the set of all such integers. By the Well-Ordering Property there

is a smallest such integer, call it m. Now m > 1 and has no prime divisor.

So m cannot be prime. Hence m is composite. Therefore by Lemma 10.1

m = ab, 1 < a < m, 1 < b < m.

Since 1 < a < m then a is not in the set S. So a must have a prime divisor,

call it p. Then p [ a and a [ m so by Theorem 3.1, p [ m. This contradicts

the fact that m has no prime divisor. So the set S must be empty and this

proves the lemma.

31

32 CHAPTER 10. PRIME NUMBERS

Theorem 10.1 (Euclid’s Theorem). There are inﬁnitely many prime

numbers.

Proof. Assume, by way of contradiction, that there are only a ﬁnite number

of prime numbers, say:

p

1

, p

2

, . . . , p

n

.

Deﬁne

N = p

1

p

2

p

n

+ 1.

Since p

1

≥ 2, clearly N ≥ 3. So by Lemma 10.2 N has a prime divisor p. By

assumption p = p

i

for some i = 1, . . . , n. Let a = p

1

p

n

. Note that

a = p

i

(p

1

p

2

p

i−1

p

i+1

p

n

) ,

so p

i

[ a. Now N = a + 1 and by assumption p

i

[ a + 1. So by Exercise 3.2

p

i

[ (a + 1) − a, that is p

i

[ 1. By Basic Axiom 3 in Chapter 1 this implies

that p

i

= 1. This contradicts the fact that primes are > 1. It follows that

the assumption that there are only ﬁnitely many primes is not true.

Exercise 10.1. Use the idea of the above proof to show that if q

1

, q

2

, . . . , q

n

are primes there is a prime q / ∈ ¦q

1

, . . . , q

n

¦. Hint: Take N = q

1

q

n

+1. By

Lemma 10.2 there is a prime q such that q [ N. Prove that q / ∈ ¦q

1

, . . . , q

n

¦.

Exercise 10.2. Let p

1

= 2, p

2

= 3, p

3

= 5, . . . and, in general, p

i

= the i-th

prime. Prove or disprove that

p

1

p

2

p

n

+ 1

is prime for all n ≥ 1. [Hint: If n = 1 we have 2 + 1 = 3 is prime. If n = 2

we have 2 3 + 1 = 7 is prime. If n = 3 we have 2 3 5 + 1 = 31 is prime.

Try the next few values of n. You may want to use the next theorem to check

primality.]

Theorem 10.2. If n > 1 is composite then n has a prime divisor p ≤

√

n.

Proof. Let n > 1 be composite. Then n = ab where 1 < a < n and 1 < b < n.

I claim that one of a or b is ≤

√

n. If not then a >

√

n and b >

√

n. Hence

n = ab >

√

n

√

n = n. This implies n > n, a contradiction. So a ≤

√

n or

b ≤

√

n. Suppose a ≤

√

n. Since 1 < a, by Lemma 10.2 there is a prime p

such that p [ a. Hence, by Theorem 3.1 since a [ n we have p [ n. Also by

Theorem 3.1 since p [ a we have p ≤ a ≤

√

n.

33

Remark 10.2. We can use Theorem 10.2 to help decide whether or not an

integer is prime: To check whether or not n > 1 is prime we need only try

to divide it by all primes p ≤

√

n. If none of these primes divides n then n

must be prime.

Example 10.1. Consider the number 97. Note that

√

97 <

√

100 = 10.

The primes ≤ 10 are 2, 3, 5, and 7. One easily checks that 97 mod 2 = 1,

97 mod 3 = 1, 97 mod 5 = 2, 97 mod 7 = 6. So none of the primes 2, 3, 5, 7

divide 97 and 97 is prime by Theorem 10.2.

Exercise 10.3. By using Theorem 10.2, as in the above example, determine

the primality

1

of the following integers:

143, 221, 199, 223, 3521.

Deﬁnition 10.2. Let x ∈ R, x > 0. π(x) denotes the number of primes p

such that p ≤ x.

For example, since the only primes p ≤ 10 are 2, 3, 5, and 7 we have

π(10) = 4.

Here is a table of values of π(10

i

) for i = 2, . . . , 10. I also include known

approximations to π(x). Note that the formulas for the approximations do

not give integer values, but for the table I have rounded each to the nearest

integer. The values in the table were computed using Maple.

x π(x)

x

ln(x)

x

ln(x)−1

x

2

1

ln(t)

dt

10

2

25 22 28 29

10

3

168 145 169 177

10

4

1229 1086 1218 1245

10

5

9592 8686 9512 9629

10

6

78498 72382 78030 78627

10

7

664579 620421 661459 664917

10

8

5761455 5428681 5740304 5762208

10

9

50847534 48254942 50701542 50849234

10

10

455052511 434294482 454011971 455055614

**You may judge for yourself which approximations appear to be the best. This
**

table has been continued up to 10

21

, but people are still working on ﬁnding

1

This means determine whether or not each number is prime.

34 CHAPTER 10. PRIME NUMBERS

the value of π(10

22

). Of course, the approximations are easy to compute with

Maple but the exact value of π(10

22

) is diﬃcult to ﬁnd.

The above approximations are based on the so-called Prime Number The-

orem ﬁrst conjectured by Gauss in 1793 but not proved till over 100 years

later by Hadamard and Vall´ee Poussin.

Theorem 10.3 (The Prime Number Theorem).

(∗) π(x) ∼

x

ln(x)

for all x > 0.

Remark 10.3. (∗) means that

lim

x→∞

π(x)

x

ln(x)

= 1.

Although there are inﬁnitely many primes there are long stretches of

consecutive integers containing no primes.

Theorem 10.4. For any positive integer n there is an integer a such that

the n consecutive integers

a, a + 1, a + 2, . . . , a + (n −1)

are all composite.

Proof. Given n ≥ 1 let a = (n + 1)! + 2. We claim that all the numbers

a + i, 0 ≤ i ≤ n −1

are composite. Since (n + 1) ≥ 2 clearly 2 [ (n + 1)! and 2 [ 2. Hence

2 [ (n + 1)! + 2. Since (n + 1)! + 2 > 2, (n + 1)! + 2 is composite. Consider

a + i = (n + 1)! + i + 2

where 0 ≤ i ≤ n−1 so 2 ≤ i +2 ≤ n+1. Thus i +2 [ (n+1)! and i +2 [ i +2.

Therefore i + 2 [ a + i. Now a + i > i + 2 > 1, so a + i is composite.

Exercise 10.4. Use the Prime Number Theorem and a calculator to approx-

imate the number of primes ≤ 10

8

. Note ln(10

8

) = 8 ln(10).

Exercise 10.5. Find 10 consecutive composite numbers.

35

Exercise 10.6. Prove that 2 is the only even prime number. (Joke: Hence

it is said that 2 is the ”oddest” prime.)

Exercise 10.7. Prove that if a and n are positive integers such that n ≥ 2

and a

n

−1 is prime then a must be 2. [Hint: By Exercise 2.4

1 + x + x

2

+ + x

n−1

=

(x

n

−1)

x −1

that is,

x

n

−1 = (x −1)

1 + x + x

2

+ + x

n−1

if x = 1 and n ≥ 1.]

Exercise 10.8. (a) Is 2

n

−1 always prime if n ≥ 2? Explain. (b) Is 2

n

−1

always prime if n is prime? Explain.

Exercise 10.9. Show that if p and q are primes and p [ q, then p = q.

36 CHAPTER 10. PRIME NUMBERS

Chapter 11

Unique Factorization

Our goal in this chapter is to prove the following fundamental theorem.

Theorem 11.1 (The Fundamental Theorem of Arithmetic). Every

integer n > 1 can be written uniquely in the form

n = p

1

p

2

p

s

,

where s is a positive integer and p

1

, p

2

, . . . , p

s

are primes satisfying

p

1

≤ p

2

≤ ≤ p

s

.

Remark 11.1. If n = p

1

p

2

p

s

where each p

i

is prime, we call this the prime

factorization of n. Theorem 11.1 is sometimes stated as follows:

Every integer n > 1 can be expressed as a product n = p

1

p

2

p

s

,

for some positive integer s, where each p

i

is prime and this fac-

torization is unique except for the order of the primes p

i

.

Note for example that

600 = 2 2 2 3 5 5

= 2 3 2 5 2 5

= 3 5 2 2 2 5

etc.

Perhaps the nicest way to write the prime factorization of 600 is

600 = 2

3

3 5

2

.

37

38 CHAPTER 11. UNIQUE FACTORIZATION

In general it is clear that n > 1 can be written uniquely in the form

(∗) n = p

a

1

1

p

a

2

2

p

as

s

, some s ≥ 1,

where p

1

< p

2

< < p

s

and a

i

≥ 1 for all i. Sometimes (∗) is written

n =

s

¸

i=1

p

a

i

i

.

Here

¸

stands for product, just as

¸

stands for sum.

To prove Theorem 11.1 we need to ﬁrst establish a few lemmas.

Lemma 11.1. If a [ bc and gcd(a, b) = 1 then a [ c.

Proof. Since gcd(a, b) = 1 by Bezout’s Lemma there are s, t such that

1 = as + bt.

If we multiply both sides by c we get

c = cas + cbt = a(cs) + (bc)t.

By assumption a [ bc. Clearly a [ a(cs) so, by Theorem 3.1, a divides the

linear combination a(cs) + (bc)t = c.

Deﬁnition 11.1. We say that a and b are relatively prime if gcd(a, b) = 1.

So we may restate Lemma 11.1 as follows: If a [ bc and a is relatively

prime to b then a [ c.

Example 11.1. It is not true generally that when a [ bc then a [ b or a [ c.

For example, 6 [ 4 9, but 6 4 and 6 9. Note that Lemma 11.1 doesn’t

apply here since gcd(6, 4) = 1 and gcd(6, 9) = 1.

Lemma 11.2 (Euclid’s Lemma). If p is a prime and p [ ab, then p [ a or

p [ b.

Proof. Assume that p [ ab. If p [ a we are done. Suppose p a. Let

d = gcd(p, a). Note that d > 0 and d [ p and d [ a. Since d [ p we have d = 1

or d = p. If d = 1 then d = p. But this says that p [ a, which we assumed

was not true. So we must have d = 1. Hence gcd(p, a) = 1 and p [ ab. So by

Lemma 11.1, p [ b.

39

Lemma 11.3. Let p be prime. Let a

1

, a

2

, . . . , a

n

, n ≥ 1, be integers. If

p [ a

1

a

2

a

n

, then p [ a

i

for at least one i ∈ ¦1, 2, . . . , n¦.

Proof. We use induction on n. The result is clear if n = 1. Assume that the

lemma holds for n such that 1 ≤ n ≤ k. Let’s show it holds for n = k +1. So

assume p is a prime and p [ a

1

a

2

a

k

a

k+1

. Let a = a

1

a

2

a

k

and b = a

k+1

.

Then p [ a or p [ b by Lemma 11.2. If p [ a = a

1

a

k

, by the induction

hypothesis, p [ a

i

for some i ∈ ¦1, . . . , k¦. If p [ b = a

k+1

then p [ a

k+1

. So we

can say p [ a

i

for some i ∈ ¦1, 2, . . . , k+1¦. So the lemma holds for n = k+1.

Hence by PMI it holds for all n ≥ 1.

Lemma 11.4 (Existence Part of Theorem 11.1). If n > 1 then there

exist primes p

1

, . . . , p

s

for some s ≥ 1 such that

n = p

1

p

2

p

s

and p

1

≤ p

2

≤ ≤ p

s

.

Proof. Proof by induction on n, with starting value n = 2: If n = 2 then

since 2 is prime we can take p

1

= 2, s = 1. Assume the lemma holds for n

such that 2 ≤ n ≤ k. Let’s show it holds for n = k + 1. If k + 1 is prime we

can take s = 1 and p

1

= k +1 and we are done. If k +1 is composite we can

write k + 1 = ab where 1 < a < k + 1 and 1 < b < k + 1. By the induction

hypothesis there are primes p

1

, . . . , p

u

and q

1

, . . . , q

v

such that

a = p

1

p

u

and b = q

1

q

v

.

This gives us

k + 1 = ab = p

1

p

2

p

u

q

1

q

2

q

v

,

that is k + 1 is a product of primes. Let s = u + v. By reordering and

relabeling where necessary we have

k + 1 = p

1

p

2

p

s

where p

1

≤ p

2

≤ ≤ p

s

. So the lemma holds for n = k +1. Hence by PMI,

it holds for all n > 1.

Lemma 11.5 (Uniqueness Part of Theorem 11.1). Let

n = p

1

p

2

p

s

for some s ≥ 1,

40 CHAPTER 11. UNIQUE FACTORIZATION

and

n = q

1

q

2

q

t

for some t ≥ 1,

where p

1

, . . . , p

s

, q

1

, . . . , q

t

are primes satisfying

p

1

≤ p

2

≤ ≤ p

s

and

q

1

≤ q

2

≤ ≤ q

t

.

Then, t = s and p

i

= q

i

for i = 1, 2, . . . , t.

Proof. Our proof is by induction on s. Suppose s = 1. Then n = p

1

is prime

and we have

p

1

= n = q

1

q

2

q

t

.

If t > 1, this contradicts the fact that p

1

is prime. So t = 1 and we have

p

1

= q

1

, as desired. Now assume the result holds for all s such that 1 ≤ s ≤ k.

We want to show that it holds for s = k + 1. So assume

n = p

1

p

2

p

k

p

k+1

and

n = q

1

q

2

q

t

where p

1

≤ p

2

≤ ≤ p

k+1

and q

1

≤ q

2

≤ ≤ q

t

. Clearly p

k+1

[ n so

p

k+1

[ q

1

q

t

. So by Lemma 11.3 p

k+1

[ q

i

for some i ∈ ¦1, 2, . . . , t¦. It

follows from Exercise 10.9 that p

k+1

= q

i

. Hence p

k+1

= q

i

≤ q

t

.

By a similar argument q

t

[ n so q

t

[ p

1

p

k+1

and q

t

= p

j

for some j.

Hence q

t

= p

j

≤ p

k+1

. This shows that

p

k+1

≤ q

t

≤ p

k+1

so p

k+1

= q

t

. Note that

p

1

p

2

p

k

p

k+1

= q

1

q

2

q

t−1

q

t

Since p

k+1

= q

t

we can cancel this prime from both sides and we have

p

1

p

2

p

k

= q

1

q

2

q

t−1

.

Now by the induction hypothesis k = t − 1 and p

i

= q

i

for i = 1, . . . , t − 1.

Thus we have k + 1 = t and p

i

= q

i

for i = 1, 2, . . . , t. So the lemma holds

for s = k + 1 and by the PMI, it holds for all s ≥ 1.

41

Now the proof of Theorem 11.1 follows immediately from Lemmas 11.4

and 11.5.

Remark 11.2. If a and b are positive integers we can ﬁnd primes p

1

, . . . , p

k

and integers a

1

, . . . , a

k

, b

1

, . . . , b

k

each ≥ 0 such that

(∗∗)

a = p

a

1

1

p

a

2

2

p

a

k

k

b = p

b

1

1

p

b

2

2

p

b

k

k

For example, if a = 600 and b = 252 we have

600 = 2

3

3

1

5

2

7

0

252 = 2

2

3

2

5

0

7.

It follows that

gcd(600, 252) = 2

2

3

1

5

0

7

0

.

In general, if a and b are given by (∗∗) we have

gcd(a, b) = p

min(a

1

,b

1

)

1

p

min(a

2

,b

2

)

2

p

min(a

k

,b

k

)

k

.

This gives one way to calculate the gcd provided you can factor both numbers.

But generally speaking factorization is very diﬃcult! On the other hand, the

Euclidean algorithm is relatively fast.

Exercise 11.1. Find the prime factorizations of 1147 and 1716 by trying all

primes p ≤

√

1147 (p ≤

√

1716) in succession.

42 CHAPTER 11. UNIQUE FACTORIZATION

Chapter 12

Fermat Primes and Mersenne

Primes

Finding large primes and proving that they are indeed prime is not easy. One

way to ﬁnd large primes is to look at numbers that have some special form,

for example, numbers of the form a

n

+1 or a

n

−1. It is easy to rule out some

values of a and n. For example we have:

Theorem 12.1. Let a > 1 and n > 1. Then

(1) a

n

−1 is prime ⇒a = 2 and n is prime

(2) a

n

+ 1 is prime ⇒a is even and n = 2

k

for some k ≥ 1.

Proof of (1). We know from Exercise 2.5, page 6, that

(∗) a

n

−1 = (a −1)(a

n−1

+ + a + 1)

Note that if a > 2 and n > 1 then a−1 > 1 and a

n−1

+ +a+1 > a+1 > 3

so both factors in (∗) are > 1 and a

n

− 1 is not prime. Hence if a

n

− 1 is

prime we must have a = 2. Now suppose 2

n

− 1 is prime. We claim that n

is prime. If not n = st where 1 < s < n, 1 < t < n. Then

2

n

−1 = 2

st

−1 = (2

s

)

t

−1

is prime. But we just showed that if a

n

−1 is prime we must have a = 2. So

we must have 2

s

= 2. Hence s = 1, t = n. So n is not composite. Hence n

must be prime. This proves (1).

43

44 CHAPTER 12. FERMAT PRIMES AND MERSENNE PRIMES

Proof of (2). From (∗) on p. 43 we have

(∗) a

n

−1 = (a −1)(a

n−1

+ a

n−2

+ + a + 1).

Replace a by −a in (∗) and we get

(∗∗) (−a)

n

−1 = (−a −1)

(−a)

n−1

+ (−a)

n−2

+ + (−a) + 1

**Since n is odd, n − 1 is even, n − 2 is odd, . . . , etc., we have (−a)
**

n

=

−a

n

, (−a)

n−1

= a

n−1

, (−a)

n−2

= −a

n−2

, . . . , etc. So (∗∗) yields

−(a

n

+ 1) = −(a + 1)

a

n−1

−a

n−2

+ +−a + 1

.

Multiplying both sides by −1 we get

(a

n

+ 1) = (a + 1)(a

n−1

−a

n−2

+ −a + 1)

when n is odd. If n ≥ 2 we have 1 < a + 1 < a

n

+ 1. This shows that if n is

odd and a > 1, a

n

+1 is not prime. Suppose n = 2

s

t where t is odd. Then if

a

n

+1 is prime we have (a

2

s

)

t

+1 is prime. But by what we just showed this

cannot be prime if t is odd and t ≥ 2. So we must have t = 1 and n = 2

s

.

Also a

n

+1 prime implies that a is even since if a is odd so is a

n

. Then a

n

+1

would be even. The only even prime is 2. But since we assume a > 1 we

have a ≥ 2 so a

n

+ 1 ≥ 3.

Deﬁnition 12.1. A number of the form M

n

= 2

n

− 1, n ≥ 2, is said to be

a Mersenne number. If M

n

is prime, it is called a Mersenne prime. A

number of the form F

n

= 2

(2

n

)

+ 1, n ≥ 0, is called a Fermat number. If

F

n

is prime, it is called a Fermat prime.

One may prove that F

0

= 3, F

1

= 5, F

2

= 17, F

3

= 257 and F

4

= 65537

are primes. As n increases the numbers F

n

= 2

(2

n

)

+ 1 increase in size

very rapidly, and are not easy to check for primality. It is known that F

n

is

composite for many values of n ≥ 5. This includes all n such that 5 ≤ n ≤ 30

and a large number of other values of n including 382447 (the largest one I

know of). It is now conjectured that F

n

is composite for n ≥ 5. So Fermat’s

original thought that F

n

is prime for n ≥ 0 seems to be pretty far from

reality.

Exercise 12.1. Use Maple to factor F

5

. [Go to any campus computer lab.

Click or double-click on the Maple icon—or ask the lab assistant where it is

located. When the window comes up, type at the prompt > the following:

45

> ifactor(2^32 + 1);

Hit the return key and you will get the answer.]

M

3

= 2

3

−1 = 7 is a Mersenne prime and M

4

= 2

4

−1 = 15 is a Mersenne

number which is not a prime. At ﬁrst it was thought that M

p

= 2

p

− 1 is

prime whenever p is prime. But M

11

= 2

11

−1 = 2047 = 23 89 is not prime.

Over the years people have continued to work on the problem of deter-

mining for which primes p, M

p

= 2

p

− 1 is prime. To date 39 Mersenne

primes have been found. It is known that 2

p

− 1 is prime if p is one of the

following 39 primes 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279,

2203, 2281, 3217, 4253, 4423, 9689, 9941, 11213, 19937, 21701, 23209, 44497,

86243, 110503, 132049, 216091, 756839, 859433, 1257787, 1398269, 2976221,

3021377, 6972593, 13466917.

The largest one, M

13466917

= 2

13466917

− 1, was found on November 14,

2001. The decimal representation of this number has 4, 053, 946 digits. It was

found by the team of Michael Cameron, George Woltman, Scott Kurowski et

al, as a part of the Great Internet Mersenne Prime Search (GIMPS),

see Chris Caldwell’s page for more about this. This prime could be the 39th

Mersenne prime (in order of size), but we will only know this for sure when

GIMPS completes testing all exponents below this one.You can ﬁnd the link

to Chris Caldwell’s page on the class syllabus on my homepage. Later we

show the connection between Mersenne primes and perfect numbers.

Lemma 12.1. If M

n

is prime, then n is prime.

Proof. This is immediate from Theorem 12.1 (1).

The most basic question about Mersenne primes is: Are there inﬁnitely many

Mersenne primes?

Exercise 12.2. Determine which Mersenne numbers M

n

are prime when

2 ≤ n ≤ 12. You may use Maple for this exercise. The Maple command for

determining whether or not an integer n is prime is

isprime(n);

The following primality test for Mersenne numbers makes it easier to

check whether or not M

p

is prime when p is a large prime.

46 CHAPTER 12. FERMAT PRIMES AND MERSENNE PRIMES

Theorem 12.2 (The Lucas-Lehmer Mersenne Prime Test). Let p be

an odd prime. Deﬁne the sequence

r

1

, r

2

, r

3

, . . . , r

p−1

by the rules

r

1

= 4

and for k ≥ 2,

r

k

= (r

2

k−1

−2) mod M

p

.

Then M

p

is prime if and only if r

p−1

= 0.

[The proof of this is not easy. One place to ﬁnd a proof is the book “A

Selection of Problems in the Theory of Numbers” by W. Sierpinski, Pergamon

Press, 1964.]

Example 12.1. Let p = 5. Then M

p

= M

5

= 31.

r

1

= 4

r

2

= (4

2

−2) mod 31 = 14 mod 31 = 14

r

3

= (14

2

−2) mod 31 = 194 mod 31 = 8

r

4

= (8

2

−2) mod 31 = 62 mod 31 = 0.

Hence by the Lucas-Lehmer test, M

5

= 31 is prime.

Exercise 12.3. Show using the Lucas-Lehmer test that M

7

= 127 is prime.

Remark 12.1. Note that the Lucas-Lehmer test for M

p

= 2

p

− 1 takes only

p−1 steps. On the other hand, if one attempts to prove M

p

prime by testing

all primes ≤

M

p

one must consider about 2

p

2

steps. This is MUCH larger

than p in general.

Chapter 13

The Functions σ and τ

Deﬁnition 13.1. For n > 0 deﬁne:

τ(n) = the number of positive divisors of n,

σ(n) = the sum of the positive divisors of n.

Example 13.1. 12 = 3 2

2

has positive divisors

1, 2, 3, 4, 6, 12.

Hence

τ(12) = 6

and

σ(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28.

Deﬁnition 13.2. A positive divisor d of n is said to be a proper divisor

of n if d < n. We denote the sum of all proper divisors of n by σ

∗

(n).

Note that if n ≥ 2 then

σ

∗

(n) = σ(n) −n.

Example 13.2. σ

∗

(12) = 16.

Deﬁnition 13.3. n > 1 is perfect if σ

∗

(n) = n.

Example 13.3. The proper divisors of 6 are 1, 2 and 3. So σ

∗

(6) = 6.

Therefore 6 is perfect.

47

48 CHAPTER 13. THE FUNCTIONS σ AND τ

Exercise 13.1. Prove that 28 is perfect.

The next theorem shows a simple way to compute σ(n) and τ(n) from

the prime factorization of n.

Theorem 13.1. Let

n = p

e

1

1

p

e

2

2

p

er

r

, r ≥ 1,

where p

1

< p

2

< < p

r

are primes and e

i

≥ 0 for each i ∈ ¦1, 2, . . . , r¦.

Then

(1) τ(n) = (e

1

+ 1)(e

2

+ 1) (e

r

+ 1)

(2) σ(n) =

p

e

1

+1

1

−1

p

1

−1

p

e

2

+1

2

−1

p

2

−1

p

er+1

r

−1

p

r

−1

.

Before proving this let’s look at an example. Take n = 72 = 8 9 = 2

3

3

2

.

The theorem says

τ(72) = (3 + 1)(2 + 1) = 12

σ(72) =

2

4

−1

2 −1

3

3

−1

3 −1

= 15 13 = 195.

[Proof of Theorem 13.1 (1)] From the Fundamental Theorem of Arithmetic

every positive factor d of n will have its prime factors coming from those of

n. Hence d [ n iﬀ d = p

f

1

1

p

f

2

2

p

fr

r

where for each i:

0 ≤ f

i

≤ e

i

.

That is, for each f

i

we can choose a value in the set of e

i

+ 1 numbers

¦0, 1, 2, . . . , e

i

¦. So, in all, there are (e

1

+ 1)(e

2

+ 1) (e

r

+ 1) choices for

the exponents f

1

, f

2

, . . . , f

r

. So (1) holds.

[Proof of (2)] We ﬁrst establish two lemmas.

Lemma 13.1. Let n = ab where a > 0, b > 0 and gcd(a, b) = 1. Then

σ(n) = σ(a)σ(b).

Proof. Since a and b have only 1 as a common factor, using the Fundamental

Theorem of Arithmetic it is easy to see that d [ ab ⇔ d = d

1

d

2

where d

1

[ a

49

and d

2

[ b. That is, the divisors of ab are products of the divisors of a and

the divisors of b. Let

1, a

1

, . . . , a

s

denote the divisors of a and let

1, b

1

, . . . , b

t

denote the divisors of b. Then

σ(a) = 1 + a

1

+ a

2

+ + a

s

,

σ(b) = 1 + b

1

+ b

2

+ + b

t

.

The divisors of n = ab can be listed as follows

1, b

1

, b

2

, . . . , b

t

,

a

1

1, a

1

b

1

, a

1

b

2

, . . . , a

1

b

t

,

a

2

1, a

2

b

1

, a

2

b

2

, . . . , a

2

b

t

,

.

.

.

a

s

1, a

s

b

1

, a

s

b

2

, . . . , a

s

b

t

.

It is important to note that since gcd(a, b) = 1, a

i

b

j

= a

k

b

implies that

a

i

= a

k

and b

j

= b

**. That is there are no repetitions in the above array.
**

If we sum each row we get

1 + b

1

+ + b

t

= σ(b)

a

1

1 + a

1

b

1

+ + a

1

b

t

= a

1

σ(b)

.

.

.

a

s

1 + a

s

b

1

+ + a

s

b

t

= a

s

σ(b).

By adding these partial sums together we get

σ(n) = σ(b) + a

1

σ(b) + a

2

σ(b) + + a

3

σ(b)

= (1 + a

1

+ a

2

+ + a

s

)σ(b)

= σ(a)σ(b).

This proves the lemma.

50 CHAPTER 13. THE FUNCTIONS σ AND τ

Lemma 13.2. If p is a prime and k ≥ 0 we have

σ(p

k

) =

p

k+1

−1

p −1

.

Proof. Since p is prime, the divisors of p

k

are 1, p, p

2

, . . . , p

k

. Hence

σ(p

k

) = 1 + p + p

2

+ + p

k

=

p

k+1

−1

p −1

,

as desired.

Proof of Theorem 13.1 (2) (continued). Let n = p

e

1

1

p

e

2

2

p

er

r

. Our proof is

by induction on r. If r = 1, n = p

e

1

1

and the result follows from Lemma 13.2.

Suppose the result is true when 1 ≤ r ≤ k. Consider now the case r = k +1.

That is, let

n = p

e

1

1

p

e

k

k

p

e

k+1

k+1

where the primes p

1

, . . . , p

k

, p

k+1

are distinct and e

i

≥ 0. Let a = p

e

1

1

p

e

k

k

,

b = p

e

k+1

k+1

. Clearly gcd(a, b) = 1. So by Lemma 13.1 we have σ(n) = σ(a)σ(b).

By the induction hypothesis

σ(a) =

p

e

1

+1

1

−1

p

1

−1

p

e

k

+1

k

−1

p

k

−1

and by Lemma 13.2

σ(b) =

p

e

k+1

+1

k+1

−1

p

k+1

−1

and it follows that

σ(n) =

p

e

1

+1

1

−1

p

1

−1

p

e

k+1

+1

k+1

−1

p

k+1

−1

.

So the result holds for r = k + 1. By PMI it holds for r ≥ 1.

Exercise 13.2. Find σ(n) and τ(n) for the following values of n.

(1) n = 900

(2) n = 496

(3) n = 32

51

(4) n = 128

(5) n = 1024

Exercise 13.3. Determine which (if any) of the numbers in Exercise 13.2

are perfect.

Exercise 13.4. Does Lemma 13.1 hold if we replace σ by σ

∗

? [Hint: The

answer is no, but ﬁnd explicit numbers a and b such that the result fails yet

gcd(a, b) = 1.]

52 CHAPTER 13. THE FUNCTIONS σ AND τ

Chapter 14

Perfect Numbers and Mersenne

Primes

If you do a search for perfect numbers up to 10, 000 you will ﬁnd only the

following perfect numbers:

6 = 2 3,

28 = 2

2

7,

496 = 2

4

31,

8128 = 2

6

127.

Note that 2

2

= 4, 2

3

= 8, 2

5

= 32, 2

7

= 128 so we have:

6 = 2 (2

2

−1),

28 = 2

2

(2

3

−1),

496 = 2

4

(2

5

−1),

8128 = 2

6

(2

7

−1).

Note also that 2

2

−1, 2

3

−1, 2

5

−1, 2

7

−1 are Mersenne primes. One might

conjecture that all perfect numbers follow this pattern. We discuss to what

extent this is known to be true. We start with the following result.

Theorem 14.1. If 2

p

−1 is a Mersenne prime, then 2

p−1

(2

p

−1) is perfect.

Proof. Write q = 2

p

− 1 and let n = 2

p−1

q. Since q is odd and prime, by

Theorem 13.1 (2) we have σ(n) = σ (2

p−1

q) =

2

p

−1

2−1

q

2

−1

q−1

= (2

p

−1)(q +

1) = (2

p

−1)2

p

= 2n. That is, σ(n) = 2n and n is perfect.

53

54 CHAPTER 14. PERFECT NUMBERS AND MERSENNE PRIMES

Now we show that all even perfect numbers have the conjectured form.

Theorem 14.2. If n is even and perfect then there is a Mersenne prime

2

p

−1 such that n = 2

p−1

(2

p

−1).

Proof. Let n be even and perfect. Since n is even, n = 2m for some m. We

take out as many powers of 2 as possible obtaining

(∗) n = 2

k

q, k ≥ 1, q odd.

Since n is perfect σ

∗

(n) = n, that is, σ(n) = 2n. Since q is odd, gcd(2

k

, q) = 1,

so by Lemmas 13.1 and 13.2:

σ(n) = σ(2

k

)σ(q) = (2

k+1

−1)σ(q).

So we have

2

k+1

q = 2n = σ(n) = (2

k+1

−1)σ(q),

hence

(∗∗) 2

k+1

q = (2

k+1

−1)σ(q).

Now σ

∗

(q) = σ(q) −q, so

σ(q) = σ

∗

(q) + q.

Putting this in (∗∗) we get

2

k+1

q = (2

k+1

−1)(σ

∗

(q) + q)

or

2

k+1

q = (2

k+1

−1)σ

∗

(q) + 2

k+1

q −q

which implies

(∗ ∗ ∗) σ

∗

(q)(2

k+1

−1) = q.

In other words, σ

∗

(q) is a divisor of q. Since k ≥ 1 we have 2

k+1

− 1 ≥

4 − 1 = 3. So σ

∗

(q) is a proper divisor of q. But σ

∗

(q) is the sum of all

proper divisors of q. This can only happen if q has only one proper divisor.

This means that q must be prime and σ

∗

(q) = 1. Then (∗ ∗ ∗) shows that

q = 2

k+1

− 1. So q must be a Mersenne prime and k + 1 = p is prime. So

n = 2

p−1

(2

p

−1), as desired.

55

Corollary 14.1. There is a 1–1 correspondence between even perfect num-

bers and Mersenne primes.

Three Open Questions:

1. Are there inﬁnitely many even perfect numbers?

2. Are there inﬁnitely many Mersenne primes?

3. Are there any odd perfect numbers?

So far no one has found a single odd perfect number. It is known that if

an odd perfect number exists, it must be > 10

50

.

Remark 14.1. Some think that Euclid’s knowledge that 2

p−1

(2

p

−1) is perfect

when 2

p

−1 is prime may have been his motivation for deﬁning prime numbers.

56 CHAPTER 14. PERFECT NUMBERS AND MERSENNE PRIMES

Chapter 15

Congruences

Deﬁnition 15.1. Let m ≥ 0. We write a ≡ b (mod m) if m [ a − b, and

we say that a is congruent to b modulo m. Here m is said to be the modulus

of the congruence. The notation a ≡ b (mod m) means that it is false that

a ≡ b (mod m).

Examples 15.1.

(1) 25 ≡ 1 (mod 4) since 4 [ 24

(2) 25 ≡ 2 (mod 4) since 4 23

(3) 1 ≡ −3 (mod 4) since 4 [ 4

(4) a ≡ b (mod 1) for all a, b since “1 divides everything.”

(5) a ≡ b (mod 0) ⇐⇒a = b for all a, b since “0 divides only 0.”

Remark 15.1. As you see, the cases m = 1 and m = 0 are not very interesting

so mostly we will only be interested in the case m ≥ 2.

WARNING. Do not confuse the use of mod in Deﬁnition 15.1 with that

of Deﬁnition 5.3. We shall see that the two uses of mod are related, but have

diﬀerent meanings: Recall

a mod b = r where r is the remainder given by

the Division Algorithm when a is divided by b

57

58 CHAPTER 15. CONGRUENCES

and by Deﬁnition 15.1

a ≡ b (mod m) means m [ a −b.

Example 15.2.

25 ≡ 5 (mod 4) is true ,

since 4 [ 20 but

25 = 5 mod 4 is false ,

since the latter means 25 = 1.

Remark 15.2. The mod in a ≡ b (mod m) deﬁnes a binary relation, where-

as the mod in a mod b is a binary operation.

More terminology: Expressions such as

x = 2

4

2

= 16

x

2

+ 2x = sin(x) + 3

are called equations. By analogy, expressions such as

x ≡ 2 (mod 16)

25 ≡ 5 (mod 5)

x

3

+ 2x ≡ 6x

2

+ 3 (mod 27)

are called congruences. Before discussing further the analogy between equa-

tions and congruences, we show the relationship between the two diﬀerent

deﬁnitions of mod.

Theorem 15.1. For m > 0 and for all a, b:

a ≡ b (mod m) ⇐⇒a mod m = b mod m.

Proof. “⇒” Assume that a ≡ b (mod m). Let r

1

= a mod m and r

2

=

b mod m. We want to show that r

1

= r

2

. By deﬁnition we have

(1) m [ a −b,

(2) a = mq

1

+ r

1

, 0 ≤ r

1

< m, and

59

(3) b = mq

2

+ r

2

, 0 ≤ r

2

< m

From (1) we obtain

a −b = mt

for some t. Hence

a = mt + b.

Using (2) and (3) we see that

a = mq

1

+ r

1

= m(q

2

+ t) + r

2

.

Since 0 ≤ r

1

< m and 0 ≤ r

2

< m by the uniqueness part of the Division

Algorithm we obtain r

1

= r

2

, as desired.

“ ⇐” Assume that a mod m = b mod m. We must show that a ≡ b

(mod m). Let r = a mod m = b mod m, then by deﬁnition we have

a = mq

1

+ r, 0 ≤ r < m,

and

b = mq

2

+ r, 0 ≤ r < m.

Hence

a −b = m(q

1

−q

2

) .

This shows that m [ a −b and hence a ≡ b (mod m), as desired.

Exercise 15.1. Prove that for all m > 0 and for all a:

a ≡ a mod m (mod m).

Exercise 15.2. Using Deﬁnition 15.1 show that the following congruences

are true

385 ≡ 322 (mod 3)

−385 ≡ −322 (mod 3)

1 ≡ −17 (mod 3)

33 ≡ 0 (mod 3).

Exercise 15.3. Use Theorem 15.1 to show that the congruences in Exercise

15.2 are valid.

60 CHAPTER 15. CONGRUENCES

Exercise 15.4. (a) Show that a is even ⇔ a ≡ 0 (mod 2) and a is odd

⇔ a ≡ 1 (mod 2). (b) Show that a is even ⇔ a mod 2 = 0 and a is odd

⇔a mod 2 = 1.

Exercise 15.5. Show that if m > 0 and a is any integer, there is a unique

integer r ∈ ¦0, 1, 2, . . . , m−1¦ such that a ≡ r (mod m).

Exercise 15.6. Find integers a and b such that 0 < a < 15, 0 < b < 15 and

ab ≡ 0 (mod 15).

Exercise 15.7. Find integers a and b such that 1 < a < 15, 1 < b < 15, and

ab ≡ 1 (mod 15).

Exercise 15.8. Show that if d [ m and d > 0, then

a ≡ b (mod m) ⇒a ≡ b (mod d).

The next two theorems show that congruences and equations share many

similar properties.

Theorem 15.2 (Congruence is an equivalence relation). For all a, b,

c and m > 0 we have

(1) a ≡ a (mod m) [reﬂexivity]

(2) a ≡ b (mod m) ⇒b ≡ a (mod m) [symmetry]

(3) a ≡ b (mod m) and b ≡ c (mod m) ⇒a ≡ c (mod m) [transitivity]

Proof of (1). a −a = 0 = 0 m, so m [ a −a. Hence a ≡ a (mod m).

Proof of (2). If a ≡ b (mod m), then m [ a − b. Hence a − b = mq. Hence

b −a = m(−q), so m [ b −a. Hence b ≡ a (mod m).

Proof of (3). If a ≡ b (mod m) and b ≡ c (mod m) then m [ a − b and

m [ b −c. By the linearity property m [ (a −b) +(b −c). That is, m [ a −c.

Hence a ≡ c (mod m).

Recall that a polynomial is an expression of the form

f(x) = a

n

x

n

+ a

n−1

x

n−1

+ + a

1

x + a

0

.

Here we will assume that the coeﬃcients a

n

, . . . , a

0

are integers and x also

represents an integer variable. Here, of course, n ≥ 0 and n is an integer.

61

Theorem 15.3. If a ≡ b (mod m) and c ≡ d (mod m), then

(1) a ±c ≡ b ±d (mod m)

(2) ac ≡ bd (mod m)

(3) a

n

≡ b

n

(mod m) for all n ≥ 1

(4) f(a) ≡ f(b) (mod m) for all polynomials f(x) with integer coeﬃcients.

Proof of (1). To prove (1) since a − c = a + (−c), it suﬃces to prove only

the “+ case.” By assumption m [ a − b and m [ c − d. By linearity, m [

(a −b) + (c −d), that is m [ (a + c) −(b + d). Hence

a + c ≡ b + d (mod m).

Proof of (2). Since m [ a −b and m [ c −d by linearity

m [ c(a −b) + b(c −d).

Now c(a −b) + b(c −d) = ca −bd, hence

m [ ca −bd,

and so ca ≡ bd (mod m), as desired.

Proof of (3). We prove a

n

≡ b

n

(mod m) by induction on n. If n = 1, the

result is true by our assumption that a ≡ b (mod m). Assume it holds for

n = k. Then we have a

k

≡ b

k

(mod m). This, together with a ≡ b (mod m)

using (2) above, gives aa

k

≡ bb

k

(mod m). Hence a

k+1

≡ b

k+1

(mod m). So

it holds for all n ≥ 1, by the PMI.

Proof of (4). Let f(x) = c

n

x

n

+ +c

1

x +c

0

. We prove by induction on n

that if a ≡ b (mod m) then

c

n

a

n

+ + c

0

≡ c

n

b

n

+ + c

0

(mod m).

If n = 0 we have c

0

≡ c

0

(mod m) by Theorem 15.2 (1). Assume the result

holds for n = k. Then we have

(∗) c

k

a

k

+ + c

1

a + c

0

≡ c

k

b

k

+ + c

1

b + c

0

(mod m).

62 CHAPTER 15. CONGRUENCES

By part (3) above we have a

k+1

≡ b

k+1

(mod m). Since c

k+1

≡ c

k+1

(mod m)

using (2) above we have

(∗∗) c

k+1

a

k+1

≡ c

k+1

b

k+1

(mod m).

Now we can apply Theorem 15.3 (1) to (∗) and (∗∗) to obtain

c

k+1

a

k+1

+ c

k

a

k

+ + c

0

≡ c

k+1

b

k+1

+ c

k

b

k

+ + c

0

(mod m).

So by the PMI, the result holds for n ≥ 0.

Before continuing to develop properties of congruences, we give the fol-

lowing example to show one way that congruences can be useful.

Example 15.3. (This example was taken from [1] Introduction to Analytic

Number Theory, by Tom Apostol.)

The ﬁrst ﬁve Fermat numbers

F

0

= 3, F

1

= 5, F

2

= 17, F

3

= 257, F

4

= 65, 537

are primes. We show using congruences without explicitly calculating F

5

that

F

5

= 2

32

+ 1 is divisible by 641 and is therefore not prime :

2

2

= 4

2

4

=

2

2

2

= 4

2

= 16

2

8

=

2

4

2

= 16

2

= 256

2

16

=

2

8

2

= 256

2

= 65, 536

65, 536 ≡ 154 (mod 641).

So we have

2

16

≡ 154 (mod 641).

By Theorem 15.3 (3):

2

16

2

≡ (154)

2

(mod 641).

That is,

2

32

≡ 23, 716 (mod 641).

Since

23, 716 ≡ 640 (mod 641)

63

and

640 ≡ −1 (mod 641)

we have

2

32

≡ −1 (mod 641)

and hence

2

32

+ 1 ≡ 0 (mod 641).

So 641 [ 2

32

+1, as claimed. Clearly 2

32

+1 = 641, so 2

32

+1 is composite. Of

course, if you already did Exercise 12.1 (p. 44) you will already know that

2

32

+ 1 = 4, 294, 967, 297 = (641) (6, 700, 417)

and that 641 and 6, 700, 417 are indeed primes. Note that 641 is the 116

th

prime, so if you used trial division you would have had to divide by 115

primes before reaching one that divides 2

32

+ 1, and that assumes that you

have a list of the ﬁrst 116 primes.

Theorem 15.4. If m > 0 and

a ≡ r (mod m) where 0 ≤ r < m

then a mod m = r.

Exercise 15.9. Prove Theorem 15.4. [Hint: The Division Algorithm may

be useful.]

Exercise 15.10. Find the value of each of the following (without using

Maple!).

(1) 2

32

mod 7

(2) 10

35

mod 7

(3) 3

35

mod 7

[Hint: Use Theorem 15.4 and the ideas used in the example on page 62.]

Exercise 15.11. Let gcd (m

1

, m

2

) = 1. Prove that

(15.1) a ≡ b (mod m

1

) and a ≡ b (mod m

2

)

if and only if

(15.2) a ≡ b (mod m

1

m

2

).

[Hint. Use Lemma 11.1, page 38.]

64 CHAPTER 15. CONGRUENCES

Chapter 16

Divisibility Tests for 2, 3, 5, 9, 11

Recall from Deﬁnition 4.2 on page 14 that the decimal representation of the

positive integer a is given by

(1) a = a

n−1

a

n−2

a

1

a

0

when

a = a

n−1

10

n−1

+ a

n−2

10

n−2

+ + a

1

10 + a

0

and 0 ≤ a

i

≤ 9 for i = 0, 1, . . . , n −1.

Theorem 16.1. Let the decimal representation of a be given by (1), then

(a) a mod 2 = a

0

mod 2,

(b) a mod 5 = a

0

mod 5,

(c) a mod 3 = (a

n−1

+ + a

0

) mod 3,

(d) a mod 9 = (a

n−1

+ + a

0

) mod 9,

(e) a mod 11 = (a

0

−a

1

+ a

2

−a

3

+ ) mod 11.

Before proving this theorem, let’s give some examples.

1457 mod 2 = 7 mod 2 = 1

1457 mod 5 = 7 mod 5 = 2

1457 mod 3 = (1 + 4 + 5 + 7) mod 3 = 17 mod 3

= 8 mod 3 = 2

65

66 CHAPTER 16. DIVISIBILITY TESTS FOR 2, 3, 5, 9, 11

1457 mod 9 = (1 + 4 + 5 + 7) mod 9

= 17 mod 9

= 8 mod 9

= 8

1457 mod 11 = 7 −5 + 4 −1 mod 11

= 5 mod 11

= 5.

Proof of Theorem 16.1. Consider the polynomial

f(x) = a

n−1

x

n−1

+ + a

1

x + a

0

.

Note that 10 ≡ 0 (mod 2). So by Theorem 15.3 (4)

a

n−1

10

n−1

+ + a

1

10 + a

0

≡ a

n−1

0

n−1

+ + a

1

0 + a

0

(mod 2).

That is,

a ≡ a

0

(mod 2).

This, together with Theorem 15.1, proves part (a). Since 10 ≡ 0 (mod 5),

the proof of part (b) is similar.

Note that 10 ≡ 1 (mod 3) so applying theorem 15.3 (4) again, we have

a

n−1

10

n−1

+ + a

1

10 + a

0

≡ a

n−1

1

n−1

+ + a

1

1 + a

0

(mod 3).

That is,

a ≡ a

n−1

+ + a

1

+ a

0

(mod 3).

This using Theorem 15.1 proves part (c). Since 10 ≡ 1 (mod 9), the proof

of part (d) is similar.

Now 10 ≡ −1 (mod 11) so

a

n−1

10

n−1

+ + a

1

10 + a

0

≡ a

n−1

(−1)

n−1

+ + a

1

(−1) + a

0

(mod 11).

That is,

a ≡ a

0

−a

1

+ a

2

− (mod 11)

and by Theorem 15.1 we are done.

67

Remark 16.1. Note that

m [ a ⇔a mod m = 0,

so from Theorem 16.1 we obtain immediately the following corollary.

Corollary 16.1. Let a be given by (1), p. 65. Then

(a) 2 [ a ⇔a

0

= 0, 2, 4, 6 or 8

(b) 5 [ a ⇔a

0

= 0 or 5

(c) 3 [ a ⇔3 [ a

0

+ a

1

+ + a

n−1

(d) 9 [ a ⇔9 [ a

0

+ a

1

+ + a

n−1

(e) 11 [ a ⇔11 [ a

0

−a

1

+ a

2

−a

3

+ .

Note that in applying (c), (d) and (e) we can use the fact that

(a + m) mod m = a

to “cast out” 3’s (for (c)) and 9’s (for (d)). Here’s an example of “casting

out 9’s:”

1487 mod 9 = (1 + 4 + 8 + 7) mod 9

= (9 + 4 + 7) mod 9

= (4 + 7) mod 9

= (2 + 9) mod 9

= 2 mod 9 = 2.

So 1487 mod 9 = 2.

Note that if 0 ≤ r < m then

r mod m = r.

Exercise 16.1. Let a = 18726132117057. Find a mod m for m = 2, 3, 5, 9

and 11.

68 CHAPTER 16. DIVISIBILITY TESTS FOR 2, 3, 5, 9, 11

Exercise 16.2. Let a = a

n

a

1

a

0

be the decimal representation of a. Then

prove

(a) a mod 10 = a

0

.

(b) a mod 100 = a

1

a

0

.

(c) a mod 1000 = a

2

a

1

a

0

.

Exercise 16.3. Prove that if b is a positive square, i.e., b = a

2

, a > 0, then

the least signiﬁcant digit of b is one of 0, 1, 4, 5, 6, 9. [Hint: b mod 10 is the

least signiﬁcant digit of b. Write a = a

n−1

a

0

. Then a ≡ a

0

(mod 10) so

a

2

≡ a

2

0

(mod 10). For each digit a

0

∈ ¦0, 1, 2, . . . , 9¦ ﬁnd a

2

0

mod 10. Use

Theorem 15.4, among other results.]

Exercise 16.4. Are any of the following numbers squares? Explain.

10, 11, 16, 19, 24, 25, 272, 2983, 11007, 1120378

Chapter 17

Divisibility Tests for 7 and 13

Theorem 17.1. Let a = a

r

a

r−1

a

1

a

0

be the decimal representation of a.

Then

(a) 7 [ a ⇔7 [ a

r

a

1

−2a

0

.

(b) 13 [ a ⇔13 [ a

r

a

1

−9a

0

.

[Here a

r

a

1

=

a−a

0

10

= a

r

10

r−1

+ + a

2

10 + a

1

.]

Before proving this theorem we illustrate it with two examples.

7 [ 2481 ⇔7 [ 248 −2

⇔7 [ 246

⇔7 [ 24 −12

⇔7 [ 12

since 7 12 we have 7 2481.

13 [ 12987 ⇔13 [ 1298 −63

⇔13 [ 1235

⇔13 [ 123 −45

⇔13 [ 78

since 6 13 = 78, we have 13 [ 78. So, by Theorem 17.1 (b), 13 [ 12987.

69

70 CHAPTER 17. DIVISIBILITY TESTS FOR 7 AND 13

Proof of 17.1 (a). Let c = a

r

a

1

. So we have a = 10c + a

0

. Hence −2a =

−20c −2a

0

. Now 1 ≡ −20 (mod 7) so we have

−2a ≡ c −2a

0

(mod 7).

It follows from Theorem 15.1 that

−2a mod 7 = c −2a

0

mod 7.

Hence, 7 [ −2a ⇔7 [ c −2a

0

. Since gcd(7, −2) = 1 we have 7 [ −2a ⇔7 [ a.

Hence 7 [ a ⇔7 [ c −2a

0

, which is what we wanted to prove.

Proof of 17.1 (b). (This has a similar proof to that for 17.1 (a) and is left

for the interested reader.)

Exercise 17.1. Use Theorem 17.1 (a) to determine which of the following

are divisible by 7:

(a) 6994 (b) 6993

Exercise 17.2. In the notation of Theorem 17.1, show that a mod 7 need

not be equal to (a

r

a

1

−2a

0

) mod 7..

Chapter 18

More Properties of

Congruences

Theorem 18.1. Let m ≥ 2. If a and m are relatively prime, there exists a

unique integer a

∗

such that aa

∗

≡ 1 (mod m) and 0 < a

∗

< m.

We call a

∗

the inverse of a modulo m. Note that we do not denote a

∗

by

a

−1

since this might cause some confusion. Of course, if c ≡ a

∗

(mod m)

then ac ≡ 1 (mod m) so a

∗

is not unique unless we specify that 0 < a

∗

< m.

Proof. If gcd(a, m) = 1, then by Bezout’s Lemma there exist s and t such

that

as + mt = 1.

Hence

as −1 = m(−t),

that is, m [ as −1 and so as ≡ 1 (mod m). Let a

∗

= s mod m. Then a

∗

≡ s

(mod m) so aa

∗

≡ 1 (mod m) and clearly 0 < a

∗

< m.

To show uniqueness assume that ac ≡ 1 (mod m) and 0 < c < m. Then

ac ≡ aa

∗

(mod m). So if we multiply both sides of this congruence on the

left by c and use the fact that ca ≡ 1 (mod m) we obtain c ≡ a

∗

(mod m).

It follows from Exercise 15.5 that c = a

∗

.

Remark 18.1. From the above proof we see that Blankinship’s Method may

be used to compute the inverse of a when it exists, but for small m we may

71

72 CHAPTER 18. MORE PROPERTIES OF CONGRUENCES

often ﬁnd a

∗

by “trial and error.” For example, if m = 15 take a = 2. Then

we can check each element 0, 1, 2, . . . , 14:

2 0 ≡ 1 (mod 15)

2 1 ≡ 1 (mod 15)

2 2 ≡ 1 (mod 15)

2 3 ≡ 1 (mod 15)

2 4 ≡ 1 (mod 15)

2 5 ≡ 1 (mod 15)

2 6 ≡ 1 (mod 15)

2 7 ≡ 1 (mod 15)

2 8 ≡ 1 (mod 15) since 15 [ 16 −1.

So we can take 2

∗

= 8.

Exercise 18.1. Show that the inverse of 2 modulo 7 is not the inverse of 2

modulo 15.

Theorem 18.2. Let m > 0. If ab ≡ 1 (mod m) then both a and b are

relatively prime to m.

Proof. If ab ≡ 1 (mod m), then m [ ab − 1. So ab − 1 = mt for some t.

Hence,

ab + m(−t) = 1.

By Exercise 9.2 on page 30, this implies that gcd(a, m) = 1 and gcd(b, m) = 1,

as claimed.

Corollary 18.1. a has an inverse modulo m if and only if a and m are

relatively prime.

Theorem 18.3 (Cancellation). Let m > 0 and assume that gcd(c, m) = 1.

Then

(∗) ca ≡ cb (mod m) ⇒a ≡ b (mod m).

Proof. If gcd(c, m) = 1, there is an integer c

∗

such that c

∗

c ≡ 1 (mod m).

Now since c

∗

≡ c

∗

(mod m) and ca ≡ cb (mod m) by Theorem 15.3, p. 61,

c

∗

ca ≡ c

∗

cb (mod m).

73

But c

∗

c ≡ 1 (mod m) so

c

∗

ca ≡ a (mod m)

and

c

∗

cb ≡ b (mod m).

By reﬂexivity and transitivity this yields

a ≡ b (mod m).

Exercise 18.2. Find speciﬁc positive integers a, b, c and m such that c ≡ 0

(mod m), gcd(c, m) > 0, and ca ≡ cb (mod m), but a ≡ b (mod m).

Although (∗) above is not generally true when gcd(c, m) > 1, we do have

the following more general kinds of “cancellation:”

Theorem 18.4. If c > 0, m > 0 then

a ≡ b (mod m) ⇔ca ≡ cb (mod cm).

Exercise 18.3. Prove Theorem 18.4.

Theorem 18.5. Let m > 0 and let d = gcd(c, m). Then

ca ≡ cb (mod m) ⇒a ≡ b (mod

m

d

).

Proof. Since d = gcd(c, m) we can write c = d(

c

d

) and m = d(

m

d

). Then

gcd(

c

d

,

m

d

) = 1. Now rewriting ca ≡ cb (mod m) we have

d

c

d

a ≡ d

c

d

b (mod d

m

d

).

Since m > 0, d > 0, so by Theorem 18.4 we have

c

d

a ≡

c

d

b (mod

m

d

).

Now since gcd(

c

d

,

m

d

) = 1, by Theorem 18.3

a ≡ b (mod

m

d

).

74 CHAPTER 18. MORE PROPERTIES OF CONGRUENCES

Theorem 18.6. If m > 0 and a ≡ b (mod m) we have

gcd(a, m) = gcd(b, m).

Proof. Since a ≡ b (mod m) we have a−b = mt for some t. So we can write

(1) a = mt + b

and

(2) b = m(−t) + a.

Let d = gcd(m, a) and e = gcd(m, b). Since e [ m and e [ b, from (1) e [ a so

e is a common divisor of m and a. Hence e ≤ d. Using (2) we see similarly

that d ≤ e. So d = e.

Corollary 18.2. Let m > 0. Let a ≡ b (mod m). Then a has an inverse

modulo m if and only if b does.

Proof. Immediate from Theorems 18.1, 18.2 and 18.6.

Exercise 18.4. Determine whether or not each of the following is true. Give

reasons in each case.

(1) x ≡ 3 (mod 7) ⇒gcd(x, 7) = 1

(2) gcd(68019, 3) = 3

(3) 12x ≡ 15 (mod 35) ⇒4x ≡ 5 (mod 7)

(4) x ≡ 6 (mod 12) ⇒gcd(x, 12) = 6

(5) 3x ≡ 3y (mod 17) ⇒x ≡ y (mod 17)

(6) 5x ≡ y (mod 6) ⇒15x ≡ 3y (mod 18)

(7) 12x ≡ 12y (mod 15) ⇒x ≡ y (mod 5)

(8) x ≡ 73 (mod 75) ⇒x mod 75 = 73

(9) x ≡ 73 (mod 75) and 0 ≤ x < 75 ⇒x = 73

(10) There is no integer x such that

12x ≡ 7 (mod 33).

Chapter 19

Residue Classes

Deﬁnition 19.1. Let m > 0 be given. For each integer a we deﬁne

(1) [a] = ¦x : x ≡ a (mod m)¦.

In other words, [a] is the set of all integers that are congruent to a modulo

m. We call [a] the residue class of a modulo m. Some people call [a] the

congruence class or equivalence class of a modulo m.

Theorem 19.1. For m > 0 we have

(2) [a] = ¦mq + a [ q ∈ Z¦.

Proof. x ∈ [a] ⇔ x ≡ a (mod m) ⇔ m [ x − a ⇔ x − a = mq for some

q ∈ Z ⇔ x = mq + a for some q ∈ Z. So (2) follows from the deﬁnition

(1).

Note that [a] really depends on m and it would be more accurate to write

[a]

m

instead of [a], but this would be too cumbersome. Nevertheless it should

be kept clearly in mind that [a] depends on some understood value of m.

Remark 19.1. Two alternative ways to write (2) are

(3) [a] = ¦mq + a [ q = 0, ±1, ±2, . . . ¦

or

(4) [a] = ¦. . . , −2m + a, −m + a, a, m + a, 2m + a, . . . ¦.

75

76 CHAPTER 19. RESIDUE CLASSES

Exercise 19.1. Show that if m = 2 then [1] is the set of all odd integers and

[0] is the set of all even integers. Show also that Z = [0] ∪[1] and [0] ∩[1] = ∅.

Exercise 19.2. Show that if m = 3, then [0] is the set of integers divisible

by 3, [1] is the set of integers whose remainder when divided by 3 is 1, and

[2] is the set of integers whose remainder when divided by 3 is 2. Show also

that Z = [0] ∪ [1] ∪ [2] and [0] ∩ [1] = [0] ∩ [2] = [1] ∩ [2] = ∅.

Theorem 19.2. For a given modulus m > 0 we have:

[a] = [b] ⇔a ≡ b (mod m).

Proof. “⇒” Assume [a] = [b]. Note that since a ≡ a (mod m) we have

a ∈ [a]. Since [a] = [b] we have a ∈ [b]. By deﬁnition of [b] this gives a ≡ b

(mod m), as desired.

“⇐” Assume a ≡ b (mod m). We must prove that the sets [a] and [b] are

equal. To do this we prove that every element of [a] is in [b] and vice-versa.

Let x ∈ [a]. Then x ≡ a (mod m). Since a ≡ b (mod m), by transitivity

x ≡ b (mod m) so x ∈ [b]. Conversely, if x ∈ [b], then x ≡ b (mod m). By

symmetry since a ≡ b (mod m), b ≡ a (mod m), so again by transitivity

x ≡ a (mod m) and x ∈ [a]. This proves that [a] = [b].

Theorem 19.3. Given m > 0. For every a there is a unique r such that

[a] = [r] and 0 ≤ r < m.

Proof. Let r = a mod m. Then by Exercise 15.1 (p. 59) we have a ≡ r

(mod m). By deﬁniton of a mod m we have 0 ≤ r < m. Since a ≡ r

(mod m) by Theorem 19.2, [a] = [r]. To prove that r is unique, suppose

also [a] = [r

] where 0 ≤ r

< m. By Theorem 19.2 this implies that a ≡ r

(mod m). This, together with 0 ≤ r

**< m, implies by Theorem 15.4 that
**

r

= a mod m = r.

Theorem 19.4. Given m > 0, there are exactly m distinct residue classes

modulo m, namely,

[0], [1], [2], . . . , [m−1].

Proof. By Theorem 19.3 we know that every residue class [a] is equal to one

of the residue classes: [0], [1], . . . , [m − 1]. So there are no residue classes

not in this list. These residue classes are distinct by the uniqueness part of

Theorem 19.3, namely if 0 ≤ r

1

< m and 0 ≤ r

2

< m and [r

1

] = [r

2

], then

by the uniqueness part of Theorem 19.3 we must have r

1

= r

2

.

77

Exercise 19.3. Given the modulus m > 0 show that [a] = [a + m] and

[a] = [a −m] for all a.

Exercise 19.4. For any m > 0, show that if x ∈ [a] then [a] = [x].

Deﬁnition 19.2. Any element x ∈ [a] is said to be a representative of the

residue class [a].

By Exercise 19.4 if x is a representative of [a] then [x] = [a], that is, any

element of a residue class may be used to represent it.

Exercise 19.5. For any m > 0, show that if [a] ∩ [b] = ∅ then [a] = [b].

Exercise 19.6. For any m > 0, show that if [a] = [b] then [a] ∩ [b] = ∅.

Exercise 19.7. Let m = 2. Show that

[0] = [2] = [4] = [32] = [−2] = [−32]

and

[1] = [3] = [−3] = [31] = [−31].

78 CHAPTER 19. RESIDUE CLASSES

Chapter 20

Z

m

and Complete Residue

Systems

Throughout this section we assume a ﬁxed modulus m > 0.

Deﬁnition 20.1. We deﬁne

Z

m

= ¦[a] [ a ∈ Z¦,

that is, Z

m

is the set of all residue classes modulo m. We call Z

m

the ring

of integers modulo m. In the next chapter we shall show how to add and

multiply residue classes. This makes Z

m

into a ring. See Appendix A for

the deﬁnition of ring. Often we drop the ring and just call Z

m

the integers

modulo m. From Theorem 19.4

Z

m

= ¦[0], [1], . . . , [m−1]¦

and since no two of the residue classes [0], [1], . . . , [m − 1] are equal we see

that Z

m

has exactly m elements. By Exercise 19.4 if we choose

a

0

∈ [0], a

1

∈ [1], . . . , a

m−1

∈ [m−1]

then

[a

0

] = [0], [a

1

] = [1], . . . , [a

m−1

] = [m−1].

So we also have

Z

m

= ¦[a

0

], [a

1

], . . . , [a

m−1

]¦.

79

80 CHAPTER 20. Z

M

AND COMPLETE RESIDUE SYSTEMS

Example 20.1. If m = 4 we have, for example,

8 ∈ [0], 5 ∈ [1], −6 ∈ [2], 11 ∈ [3].

And hence:

Z

4

= ¦[8], [5], [−6], [11]¦.

Deﬁnition 20.2. A set of m integers

¦a

0

, a

1

, . . . , a

m−1

¦

is called a complete residue system modulo m if

Z

m

= ¦[a

0

], [a

1

], . . . , [a

m−1

]¦.

Remark 20.1. A complete residue system modulo m is sometimes called a

complete set of representatives for Z

m

.

Example 20.2. By Theorem 19.4, p. 76, for m > 0

¦0, 1, 2, . . . , m−1¦

is a complete residue system modulo m.

Example 20.3. From the above discussion it is clear that for each m > 0

there are inﬁnitely many distinct complete residue systems modulo m. For

example, here are some examples of complete residue systems modulo 5:

1. ¦0, 1, 2, 3, 4¦

2. ¦0, 1, 2, −2, −1¦

3. ¦10, −9, 12, 8, 14¦

4. ¦0 +5n

1

, 1 +5n

2

, 2 +5n

3

, 3 +5n

4

, 4 +5n

4

¦ where n

1

, n

2

, n

3

, n

4

, n

5

may

be any integers.

Deﬁnition 20.3. The set ¦0, 1, . . . , m−1¦ is called the set of least nonneg-

ative residues modulo m.

Theorem 20.1. Let m > 0 be given.

81

(1) If m = 2k, then

¦0, 1, 2, . . . , k −1, k, −(k −1), . . . , −2, −1¦

is a complete residue system modulo m.

(2) If m = 2k + 1, then

¦0, 1, 2, . . . , k, −k, . . . , −2, −1¦

is a complete residue system modulo m.

Proof of (1). Since if m = 2k

Z

m

= ¦[0], [1], . . . , [k], [k + 1], . . . , [k + i], [k + k −1]¦,

it suﬃces to note that by Exercise 19.3 we have

[k + i] = [k + i −2k] = [−k + i] = [−(k −i)].

So

[k + 1] = [−(k −1)], [k + 2] = [−(k −2)], . . . , [k + k −1] = [−1],

as desired.

Proof of (2). In this case

[k + i] = [−(2k + 1) + k + i] = [−k + i + 1] = [−(k −i + 1)]

so

[k + 1] = [−k], [k + 2] = [−(k −1)], . . . , [2k] = [−1],

as desired.

Deﬁnition 20.4. The complete residue system modulo m given in Theorem

20.1 is called the least absolute residue system modulo m.

Remark 20.2. If one chooses in each residue class [a] the smallest nonnegative

integer one obtains the least nonnegative residue system. If one chooses

in each residue class [a] an element of smallest possible absolute value one

obtains the least absolute residue system.

Exercise 20.1. Find both the least nonnegative residue system and the least

absolute residues for each of the moduli given below. Also, in each case ﬁnd

a third complete residue system diﬀerent from these two.

m = 3, m = 4, m = 5, m = 6, m = 7, m = 8.

82 CHAPTER 20. Z

M

AND COMPLETE RESIDUE SYSTEMS

Chapter 21

Addition and Multiplication in

Z

m

In this chapter we show how to deﬁne addition and multiplication of residue

classes modulo m. With respect to these binary operations Z

m

is a ring as

deﬁned in Appendix A.

Deﬁnition 21.1. For [a], [b] ∈ Z

m

we deﬁne

[a] + [b] = [a + b]

and

[a][b] = [ab].

Example 21.1. For m = 5 we have

[2] + [3] = [5],

and

[2][3] = [6].

Note that since 5 ≡ 0 (mod 5) and 6 ≡ 1 (mod 5) we have [5] = [0] and

[6] = [1] so we can also write

[2] + [3] = [0]

[2][3] = [1].

83

84 CHAPTER 21. ADDITION AND MULTIPLICATION IN Z

M

Since a residue class can have many representatives, it is important to

check that the rules given in Deﬁnition 21.1 do not depend on the represen-

tatives chosen. For example, when m = 5 we know that

[7] = [2] and [11] = [21]

so we should have

[7] + [11] = [2] + [21]

and

[7][11] = [2][21].

In this case we can check that

[7] + [11] = [18] and [2] + [21] = [23].

Now 23 ≡ 18 (mod 5) since 5 [ 23 − 18. Hence [18] = [23], as desired. Also

[7][11] = [77] and [2][21] = [42]. Then 77 − 42 = 35 and 5 [ 35 so 77 ≡ 42

(mod 5) and hence [77] = [42], as desired.

Theorem 21.1. For any modulus m > 0 if [a] = [b] and [c] = [d] then

[a] + [c] = [b] + [d]

and

[a][c] = [b][d].

Proof. (This follows immediately from Theorem 15.3 (p. 61) and Theorem

19.2 (p. 76).)

Exercise 21.1. Prove Theorem 21.1.

When performing addition and multiplication in Z

m

using the rules in

Deﬁnition 21.1, due to Theorem 21.1, we may at any time replace [a] by [a

]

if a ≡ a

**(mod m). This will sometimes make calculations easier.
**

Example 21.2. Take m = 151. Then 150 ≡ −1 (mod 151) and 149 ≡ −2

(mod 151), so

[150][149] = [−1][−2] = [2]

and

[150] + [149] = [−1] + [−2] = [−3] = [148]

since 148 ≡ −3 (mod 151).

85

When working with Z

m

it is often useful to write all residue classes in

the least nonnegative residue system, as we do in constructing the following

addition and multiplication tables for Z

4

.

+ [0] [1] [2] [3]

[0] [0] [1] [2] [3]

[1] [1] [2] [3] [0]

[2] [2] [3] [0] [1]

[3] [3] [0] [1] [2]

[0] [1] [2] [3]

[0] [0] [0] [0] [0]

[1] [0] [1] [2] [3]

[2] [0] [2] [0] [2]

[3] [0] [3] [2] [1]

Recall that by Exercise 15.1 (p. 59) we have for all a and m > 0

a ≡ a mod m (mod m).

So using residue classes modulo m this gives

[a] = [a mod m].

Hence,

[a] + [b] = [(a + b) mod m]

[a][b] = [(ab) mod m]

So if a and b are in the set ¦0, 1, . . . , m − 1¦, these equations give us a

way to obtain representations of the sum and product of [a] and [b] in the

same set. This leads to an alternative way to deﬁne Z

m

and addition and

multiplication in Z

m

. For clarity we will use diﬀerent notation.

Deﬁnition 21.2. For m > 0 deﬁne

J

m

= ¦0, 1, 2, . . . , m−1¦

and for a, b ∈ J

m

deﬁne

a ⊕b = (a + b) mod m

a b = (ab) mod m.

86 CHAPTER 21. ADDITION AND MULTIPLICATION IN Z

M

Remark 21.1. J

m

with ⊕and as deﬁned is isomorphic to Z

m

with addition

and multiplication given by Deﬁnition 21.1. [Students taking Elementary

Abstract Algebra will learn a rigorous deﬁnition of the term isomorphic. For

now, we take “isomorphic” to mean “has the same form.”] The addition and

multiplication tables for J

4

are:

⊕ 0 1 2 3

0 0 1 2 3

1 1 2 3 0

2 2 3 0 1

3 3 0 1 2

0 1 2 3

0 0 0 0 0

1 0 1 2 3

2 0 2 0 2

3 0 3 2 1

Exercise 21.2. Prove that for every modulus m > 0 we have for all a, b ∈ J

m

[a] + [b] = [a ⊕b],

and

[a][b] = [a b].

Exercise 21.3. Construct addition and multiplication tables for J

5

.

Exercise 21.4. Without doing it, tell how to obtain addition and multipli-

cation tables for Z

5

from the work in Exercise 21.3.

Example 21.3. Let’s solve the congruence

(1) 272x ≡ 901 (mod 9).

Using residue classes modulo 9 we see that (1) is equivalent to

(2) [272x] = [901]

which is equivalent to

(3) [272][x] = [901]

which is equivalent to

(4) [2][x] = [1].

Now we know [x] ∈ ¦[0], [1], . . . , [8]¦ so by trial and error we see that x = 5

is a solution.

Chapter 22

The Groups U

m

Deﬁnition 22.1. Let m > 0. A residue class [a] ∈ Z

m

is called a unit if

there is another residue class [b] ∈ Z

m

such that [a][b] = [1]. In this case [a]

and [b] are said to be inverses of each other in Z

m

.

Theorem 22.1. Let m > 0. A residue class [a] ∈ Z

m

is a unit if and only

if gcd(a, m) = 1.

Proof. Let [a] be a unit. Then there is some [b] such that [a][b] = [1]. Hence

[ab] = [1] so ab ≡ 1 (mod m). So by Theorem 18.2, p. 72, gcd(a, m) = 1.

To prove the converse, let gcd(a, m) = 1. Then by Theorem 18.1, page

71, there is an integer a

∗

such that aa

∗

≡ 1 (mod m). Hence, [aa

∗

] = [1]. So

[a][a

∗

] = [aa

∗

] = [1], and we can take b = a

∗

.

Note that from Theorem 18.6 we see that if [a] = [b] (i.e., a ≡ b (mod m))

then gcd(a, m) = 1 ⇔gcd(b, m) = 1. So in checking whether or not a residue

class is a unit we can use any representative of the class.

Exercise 22.1. Show that [1] and [m − 1] are always units in Z

m

. Hint:

[m−1] = [−1].

Deﬁnition 22.2. The set of all units in Z

m

is denoted by U

m

and is called

the group of units of Z

m

. See Appendix A for the deﬁnition of a group.

Theorem 22.2. Let m > 0, then

U

m

= ¦[i] [ 1 ≤ i ≤ m and gcd(i, m) = 1¦.

87

88 CHAPTER 22. THE GROUPS U

M

Proof. We know that if [a] ∈ Z

m

then [a] = [i] where 0 ≤ i ≤ m − 1. If

m = 1 then Z

m

= Z

1

= ¦[0]¦ = ¦[1]¦ and since [1][1] = [1], [1] is a unit,

U

1

= ¦[1]¦ and the theorem holds. If m ≥ 2, then gcd(i, m) = 1 can only

happen if 1 ≤ i ≤ m − 1, since gcd(0, m) = gcd(m, m) = m = 1. So the

theorem follows from Theorem 22.1 and the above remarks.

Theorem 22.3. (U

m

is a group

1

under multiplication.)

(1) If [a], [b] ∈ U

m

then [a][b] ∈ U

m

.

(2) For all [a], [b], [c] in U

m

we have ([a][b])[c] = [a]([b][c]).

(3) [1][a] = [a][1] = [a] for all [a] ∈ U

m

.

(4) For each [a] ∈ U

m

there is a [b] ∈ U

m

such that [a][b] = [1].

(5) For all [a], [b] ∈ U

m

we have [a][b] = [b][a].

Exercise 22.2. Prove Theorem 22.3.

Example 22.1. Using Theorem 22.2 we see that

U

15

= ¦[1], [2], [4], [7], [8], [11], [13], [14]¦

= ¦[1], [2], [4], [7], [−7], [−4], [−2], [−1]¦.

Note that using absolute least residue modulo 15 simpliﬁes multiplication

somewhat. Rather than write out the entire multiplication table, we just ﬁnd

the inverse of each element of U

15

:

[1][1] = [1]

[2][−7] = [2][8] = [1]

[4][4] = [1]

[7][−2] = [7][13] = [1]

[−4][−4] = [11][11] = [1]

[−1][−1] = [14][14] = [1].

Exercise 22.3. Find the elements of U

7

in both least nonnegative and abso-

lute least residue form and ﬁnd the inverse of each element, as in the example

above.

1

Actually (1)–(4) are all that is required for U

n

to be a group. Property (5) says that

U

n

is an Abelian group. See Appendix A.

89

Deﬁnition 22.3. If X is a set, the number of elements in X is denoted by

[X[.

Example 22.2. [¦1¦[ = 1, [¦0, 1, 3, 9¦[ = 4, [Z

m

[ = m if m > 0.

Deﬁnition 22.4. If m ≥ 1,

φ(m) = [¦i ∈ Z [ 1 ≤ i ≤ m and gcd(i, m) = 1¦[.

The function φ is called the Euler phi function or the Euler totient function.

Corollary 22.1. If m > 0,

[U

m

[ = φ(m).

Note that

U

1

= ¦[1]¦ so φ(1) = 1

U

2

= ¦[1]¦ so φ(2) = 1

U

3

= ¦[1], [2]¦ so φ(3) = 2

U

4

= ¦[1], [3]¦ so φ(4) = 2

U

5

= ¦[1], [2], [3], [4]¦ so φ(5) = 4

U

6

= ¦[1], [5]¦ so φ(6) = 2

U

7

= ¦[1], [2], [3], [4], [5], [6]¦ so φ(7) = 6.

Generally φ(m) is not easy to calculate. However, the following theorems

show that once the prime factorization of m is given, computing φ(m) is easy.

Theorem 22.4. If a > 0 and b > 0 and gcd(a, b) = 1, then

φ(ab) = φ(a)φ(b).

Theorem 22.5. If p is prime and n > 0 then

φ (p

n

) = p

n

−p

n−1

.

Theorem 22.6. Let p

1

, p

2

, . . . , p

k

be distinct primes and let n

1

, n

2

, . . . , n

k

be

positive integers, then

φ (p

n

1

1

p

n

2

2

p

n

k

k

) =

p

n

1

1

−p

n

1

−1

1

p

n

k

k

−p

n

k

−1

k

.

90 CHAPTER 22. THE GROUPS U

M

Before discussing the proofs of these three theorems, let’s illustrate their

use:

φ(12) = φ

2

2

3

=

2

2

−2

1

3

1

−3

0

= 2 2 = 4

φ(9000) = φ

2

3

5

3

3

2

=

2

3

−2

2

5

3

−5

2

3

2

−3

1

= 4 100 6 = 2400.

Note that if p is any prime then

φ(p) = p −1.

I will sketch a proof of Theorem 22.4 in Exercise 22.6 below. Now I give

the proof of Theorem 22.5.

Proof of Theorem 22.5. We want to count the number of elements in the

set A = ¦1, 2, . . . , p

n

¦ that are relatively prime to p

n

. Let B be the set of

elements of A that have a factor > 1 in common with A. Note that if b ∈ B

and gcd (b, p

n

) = d > 1, then d is a factor of p

n

and d > 1 so d has p as a

factor. Hence b = pk, for some k, and p ≤ b ≤ p

n

, so p ≤ kp ≤ p

n

. It follows

that 1 ≤ k ≤ p

n−1

. That is,

B =

¸

p, 2p, 3p, . . . , kp, . . . , p

n−1

p

¸

.

We are interested in the number of elements of A not in B. Since [A[ = p

n

and [B[ = p

n−1

, this number is p

n

−p

n−1

. That is, φ (p

n

) = p

n

−p

n−1

.

The proof of Theorem 22.6 follows from Theorems 22.4 and 22.5. The

proof is by induction on n and is quite similar to the proof of Theorem 13.1

(2) on page 50, so I omit the details.

Exercise 22.4. Find the sets U

m

, for 8 ≤ m ≤ 20. Note that [U

m

[ =

φ(m). Use Theorem 22.6 to calculate φ(m) and check that you have the

right number of elements for each set U

m

, 8 ≤ m ≤ 20.

Exercise 22.5. Show that if

m = p

n

1

1

p

n

2

2

p

n

k

k

where p

1

, . . . , p

k

are distinct primes and each n

i

≥ 1, then

φ(m) = m

1 −

1

p

1

1 −

1

p

2

1 −

1

p

k

.

91

Exercise 22.6. Let a and b be relatively prime positive integers. Write

n = ab. Deﬁne the mapping f by the rule

f([x]

n

) = ([x]

a

, [x]

b

).

Here we denote the residue class of x modulo m by [x]

m

. First illustrate each

of the following for the special case a = 3 and b = 5. Then prove each in

general. (The proof is diﬃcult and is optional.)

1. f : Z

n

→ Z

a

Z

b

is one-to-one and onto. (This is called the Chinese

Remainder Theorem.)

2. f : U

n

→U

a

U

b

is also a one-to-one, onto mapping.

3. Conclude from (2) that φ(ab) = φ(a)φ(b).

92 CHAPTER 22. THE GROUPS U

M

Chapter 23

Two Theorems of Euler and

Fermat

Fermat’s Big Theorem or, as it is also called, Fermat’s Last Theorem states

that x

n

+ y

n

= z

n

has no solutions in positive integers x, y, z when n > 2.

This was proved by Andrew Wiles in 1995 over 350 years after it was ﬁrst

mentioned by Fermat. The theorem that concerns us in this chapter is Fer-

mat’s Little Theorem. This theorem is much easier to prove, but has more

far reaching consequences for applications to cryptography and secure trans-

mission of data on the Internet. The ﬁrst theorem below is a generalization

of Fermat’s Little Theorem due to Euler.

Theorem 23.1 (Euler’s Theorem). If m > 0 and a is relatively prime to

m then

a

φ(m)

≡ 1 (mod m).

Theorem 23.2 (Fermat’s Little Theorem). If p is prime and a is rela-

tively prime to p then

a

p−1

≡ 1 (mod p).

Let’s look at some examples. Take m = 12 then

φ(m) = φ

2

2

3

=

2

2

−2

(3 −1) = 4.

93

94 CHAPTER 23. TWO THEOREMS OF EULER AND FERMAT

The positive integers a < m with gcd(a, m) = 1 are 1, 5, 7 and 11.

1

4

≡ 1 (mod 12) is clear

5

2

≡ 1 (mod 12) since 12 [ 25 −1

∴

5

2

2

≡ 1

2

(mod 12)

∴ 5

4

≡ 1 (mod 12).

Now 7 ≡ −5 (mod 12) and since 4 is even

7

4

≡ 5

4

(mod 12)

∴ 7

4

≡ 1 (mod 12).

11 ≡ −1 (mod 12) and again since 4 is even we have

11

4

≡ (−1)

4

(mod 12)

and

11

4

≡ 1 (mod 12).

So we have veriﬁed Theorem 23.1 for the single case m = 12.

Exercise 23.1. Verify that Theorem 23.2 holds if p = 5 by direct calculation

as in the above example.

Deﬁnition 23.1. (Powers of residue classes.) If [a] ∈ U

m

deﬁne [a]

1

= [a]

and for n > 1, [a]

n

= [a][a] [a] where there are n copies of [a] on the right.

Theorem 23.3. If [a] ∈ U

m

, then [a]

n

∈ U

m

for n ≥ 1 and [a]

n

= [a

n

].

Proof. We prove that [a]

n

= [a

n

] ∈ U

m

for n ≥ 1 by induction on n.

If n = 1, [a]

1

= [a] = [a

1

] and by assumption [a] ∈ U

m

. Suppose

[a]

k

=

a

k

∈ U

m

for some k ≥ 1. Then

[a]

k+1

= [a]

k

[a]

=

a

k

**[a] by the induction hypothesis
**

=

a

k

a

by Deﬁnition 21.1, p. 83

=

a

k+1

since a

k

a = a

k+1

.

So by the PMI, the theorem holds for n ≥ 1.

95

Note that for ﬁxed m > 0 if gcd(a, m) = 1 then [a] ∈ U

m

. And using

Theorem 23.3 we have

a

n

≡ 1 (mod m) ⇐⇒[a

n

] = [1] ⇐⇒[a]

n

= [1].

It follows that Euler’s Theorem (Theorem 23.1) is equivalent to the fol-

lowing theorem.

Theorem 23.4. If m > 0 and [a] ∈ U

m

then

[a]

φ(m)

= [1].

A proof of Theorem 23.4 is outlined in the following exercise.

Exercise 23.2 (Optional). Let U

m

= ¦X

1

, X

2

, . . . , X

φ(m)

¦. Here we write

X

i

for a residue class in U

m

to simplify notation.

1. Show that if X ∈ U

m

then

¦XX

1

, XX

2

, , XX

φ(m)

¦ = U

m

.

2. Show that if X ∈ U

m

then

XX

1

XX

2

XX

φ(m)

= X

1

X

2

X

φ(m)

.

3. Let A = X

1

X

2

X

φ(m)

. Show that if X ∈ U

m

then X

φ(m)

A = A.

4. Conclude from (3) that X

φ(m)

= [1] and hence Theorem 23.4 is true.

Also Theorem 23.4 is an easy consequence of Lagrange’s Theorem, which

students who take (or have taken) a course in abstract algebra will learn

about (or will already know).

Exercise 23.3. Show that Fermat’s Little Theorem follows from Euler’s

Theorem.

Exercise 23.4. Show that if p is prime then a

p

≡ a (mod p) for all integers

a. Hint: Consider two cases: I. gcd(a, p) = 1 and II. gcd(a, p) > 1. Note

that in the second case p [ a.

Exercise 23.5. Let m > 0. Let gcd(a, m) = 1. Show that a

φ(m)−1

is an

inverse for a modulo m. (See Theorem 18.1, p. 71.)

96 CHAPTER 23. TWO THEOREMS OF EULER AND FERMAT

Exercise 23.6. For all a ∈ ¦1, 2, 3, 4, 5, 6¦ ﬁnd the inverse a

∗

of a modulo 7

by use of Exercise 23.5. Choose a

∗

in each case so that 1 ≤ a

∗

≤ 6.

Example 23.1. Note that Fermat’s Little Theorem can be used to simplify

the computation of a

n

mod p where p is prime. Recall that if a

n

≡ r (mod p)

where 0 ≤ r < p, then a

n

mod p = r. We can do two things to simplify the

computation:

(1) Replace a by a mod p.

(2) Replace n by n mod (p −1).

Suppose we want to calculate

1234

7865435

mod 11.

Note that 1234 ≡ −1+2−3+4 (mod 11), that is, 1234 ≡ 2 (mod 11). Since

gcd(2, 11) = 1 we have 2

10

≡ 1 (mod 11). Now 7865435 = (786543) 10 + 5

so

2

7865435

≡ 2

(786543)·10+5

(mod 11)

≡

2

10

786543

2

5

(mod 11)

≡ 1

786543

2

5

(mod 11)

≡ 2

5

(mod 11),

and 2

5

= 32 ≡ 10 (mod 11). Hence,

1234

7865435

≡ 10 (mod 11).

It follows that

1234

7865435

mod 11 = 10.

Exercise 23.7. Use the technique in the above example to calculate

28

1202

mod 13.

[Here you cannot use the mod 11 trick, of course.]

Chapter 24

Probabilistic Primality Tests

According to Fermat’s Little Theorem, if p is prime and 1 ≤ a ≤ p −1, then

a

p−1

≡ 1 (mod p).

The converse is also true in the following sense:

Theorem 24.1. If m ≥ 2 and for all a such that 1 ≤ a ≤ m−1 we have

a

m−1

≡ 1 (mod m)

then m must be prime.

Proof. If the hypothesis holds, then for all a with 1 ≤ a ≤ m− 1, we know

that a has an inverse modulo m, namely, a

m−2

is an inverse for a modulo m.

By Theorem 18.2, this says that for 1 ≤ a ≤ m−1, gcd(a, m) = 1. But if m

were not prime, then we would have m = ab with 1 < a < m, 1 < b < m.

Then gcd(a, m) = a > 1, a contradiction. So m must be prime.

Using the above theorem to check that p is prime we would have to check

that a

p−1

≡ 1 (mod p) for a = 1, 2, 3, . . . , p − 1. This is a lot of work.

Suppose we just know that 2

m−1

≡ 1 (mod m) for some m > 2. Must m be

prime? Unfortunately, the answer is no.The smallest composite m satisfying

2

m−1

≡ 1 (mod m) is m = 341.

Exercise 24.1. Use Maple (or do it via hand and or calculator) to verify

that 2

340

≡ 1 (mod 341) and that 341 is not prime.

97

98 CHAPTER 24. PROBABILISTIC PRIMALITY TESTS

The moral is that even if 2

m−1

≡ 1 (mod m), the number m need not be

prime.

On the other hand, consider the case of m = 63. Note that

2

6

= 64 ≡ 1 (mod 63).

Hence, 2

6

≡ 1 (mod 63). Raising both sides to the 10th power we have

2

60

≡ 1 (mod 63).

Then multiplying both sides by 2

2

we get

2

62

≡ 4 (mod 63)

since

4 ≡ 1 (mod 63)

we have

2

62

≡ 1 (mod 63).

This tells us that 63 is not prime, without factoring 63. We emphasize that

in general if 2

m−1

≡ 1 (mod m) then we can be sure that m is not prime.

FACT. There are 455,052,511 odd primes p ≤ 10

10

, all of which satisfy

2

p−1

≡ 1 (mod p). There are only 14,884 composite numbers 2 < m ≤ 10

10

that satisfy 2

m−1

≡ 1 (mod m). Thus, if 2 < m ≤ 10

10

and m satisﬁes

2

m−1

≡ 1 (mod m), the probability m is prime is

455, 052, 511

455, 052, 511 + 14, 884

≈ .999967292.

In other words, if you ﬁnd that 2

m−1

≡ 1 (mod m), then it is highly likely

(but not a certainty) that m is prime, at least when m ≤ 10

10

. Thus the

following Maple procedure will almost always give the correct answer:

> is_prob_prime:=proc(n)

if n <=1 or Power(2,n-1) mod n <> 1 then

return "not prime";

else

return "probably prime";

end if;

end proc:

99

Note that the Maple command Power(a,n-1) mod n is an eﬃcient way

to compute a

n−1

mod n. We discuss this in more detail later. The procedure

is_prob_prime(n) just deﬁned returns “probably prime” if 2

n−1

mod n = 1

and “not prime” if n ≤ 1 or if 2

n−1

mod n = 1. If the answer is “not prime”,

then we know deﬁnitely that n is not prime. If the answer is “probably

prime”, we know that there is a very small probability that n is not prime.

In practice, there are better probabilistic primality tests than that men-

tioned above. For more details see, for example, “Elementary Number The-

ory,” Fourth Edition, by Kenneth Rosen.

The built-in Maple procedure isprime is a very sophisticated probabilis-

tic primality test. The command isprime(n) returns false if n is not prime

and returns true if n is probably prime. So far no one has found an integer

n for which isprime(n) gives the wrong answer.

One might ask what happens if we use 3 instead of 2 in the above prob-

abilistic primality test. Or, better yet, what if we evaluate a

m−1

mod m for

several diﬀerent values of a.

Consider the following data:

The number of primes ≤ 10

6

is 78,498.

The number of composite numbers m ≤ 10

6

such that 2

m−1

≡ 1 (mod m)

is 245.

The number of composite numbers m ≤ 10

6

such that 2

m−1

≡ 1 (mod m)

and 3

m−1

≡ 1 (mod m) is 66.

The number of composite numbers m ≤ 10

6

such that a

m−1

≡ 1 (mod m)

for a ∈ ¦2, 3, 5, 7, 11, 13, 17, 19, 31, 37, 41¦ is 0.

Thus, we have the following result:

If m ≤ 10

6

and a

m−1

≡ 1 (mod m) for a ∈ ¦2, 3, 5, 7, 11, 17, 19, 31, 37, 41¦,

then m is prime.

The above results for m ≤ 10

6

were found using Maple.

If m > 10

6

and a

m−1

≡ 1 (mod m) for a ∈ ¦2, 3, 5, 7, 11, 17, 19, 31, 37, 41¦,

it is highly likely, but not certain, that m is prime. Actually the primality

test isprime that is built into Maple uses a somewhat diﬀerent idea.

Exercise 24.2. Use Maple to show that

100 CHAPTER 24. PROBABILISTIC PRIMALITY TESTS

(1) 3

90

≡ 1 (mod 91), but 91 is not prime.

(2) 2

m−1

≡ 1 (mod m) and 3

m−1

≡ 1 (mod m) for m = 1105, but 1105 is

not prime.

[Hints. Note that a

n

≡ 1 (mod m) ⇔ a

n

mod m = 1. In Maple, 3

90

is written 3^90 and 3

90

mod 91 is written 3^90 mod 91. A faster way to

compute a

n

mod m in Maple is to use the command Power(a,n) mod m .

Recall that ifactor(m) is the command to factor m.]

Chapter 25

The Base b Representation of n

Deﬁnition 25.1. Let b ≥ 2 and n > 0. We write

(1) n = [a

k

, a

k−1

, . . . , a

1

, a

0

]

b

if and only if for some k ≥ 0

n = a

k

b

k

+ a

k−1

b

k−1

+ + a

1

b + a

0

where a

i

∈ ¦0, 1, . . . , b −1¦ for i = 0, 1, . . . , k. [a

k

, a

k−1

, . . . , a

1

, a

0

] is called a

base b representation of n.

Remark 25.1. Base b is called

binary if b = 2,

ternary if b = 3,

octal if b = 8,

decimal if b = 10,

hexadecimal if b = 16.

If b is understood, especially if b = 10, we write a

k

a

k−1

a

1

a

0

in place of

[a

k

, a

k−1

, . . . , a

1

, a

0

]

10

. In the case of b = 16, which is used frequently in

computer science, the “digits” 10, 11, 12, 13, 14 and 15 are replaced by A,

B, C, D, E and F, respectively.

For a ﬁxed base b ≥ 2, the numbers a

i

∈ ¦0, 1, 2, . . . , b − 1¦ in equation

(1) are called the digits of the base b representation of n. In the binary case

a

i

∈ ¦0, 1¦ and the a

i

’s are called bits (bi nary digits).

101

102 CHAPTER 25. THE BASE B REPRESENTATION OF N

Here are a few examples:

(1) 267 = [5, 3, 1]

7

since 267 = 5 7

2

+ 3 7 + 1.

(2) 147 = [1, 0, 0, 1, 0, 0, 1, 1]

2

since 147 = 1 2

7

+ 0 2

6

+ 0 2

5

+ 1 2

4

+ 0 2

3

+ 0 2

2

+ 1 2 + 1.

(3) 4879 = [4, 8, 7, 9]

10

since 4879 = 4 10

3

+ 8 10

2

+ 7 10 + 9.

(4) 10705679 = [A, 3, 5, B, 0, F]

16

since 10705679 = 10 16

5

+ 3 16

4

+ 5 16

3

+ 11 16

2

+ 0 16 + 15.

(5) 107056791 = [107, 56, 791]

1000

since 107056791 = 107 1000

2

+ 56 1000 + 791.

Theorem 25.1. If b ≥ 2, then every n > 0 has a unique base b representation

of the form n = [a

k

, . . . , a

1

, a

0

]

b

with a

k

> 0.

Proof. Apply repeatedly the Division Algorithm as follows:

n = bq

0

+ r

0

, 0 ≤ r

0

< b

q

0

= bq

1

+ r

1

, 0 ≤ r

1

< b

q

1

= bq

2

+ r

2

, 0 ≤ r

2

< b

.

.

.

q

k−1

= bq

k

+ r

k

, 0 ≤ r

k

< b

q

k

= bq

k+1

+ r

k+1

, 0 ≤ r

k+1

< b.

It is easy to see that if q

k

> 0:

n > q

0

> q

1

> > q

k

.

Since this cannot go on forever we eventually obtain q

**= 0 for some . Then
**

we have

q

−1

= b 0 + r

.

I claim that n = [r

, r

−1

, . . . , r

0

] if is the smallest integer such that q

= 0.

To see this, note that

n = bq

0

+ r

0

103

and

q

0

= bq

1

+ r

1

.

Hence

n = b (bq

1

+ r

1

) + r

0

n = b

2

q

1

+ br

1

+ r

0

.

Continuing in this way we ﬁnd that

n = b

+1

q

+ b

r

+ + br

1

+ r

0

.

And, since q

= 0 we have

(∗) n = b

r

+ + br

1

+ r

0

,

which shows that

n = [r

, . . . , r

1

, r

0

]

b

.

To see that this representation is unique, note that from (∗) we have

n = b

b

−1

r

+ + r

1

+ r

0

, 0 ≤ r

0

< b.

By the Division Algorithm it follows that r

0

is uniquely determined by n,

as is the quotient q = b

−1

r

+ + r

1

. A similar argument shows that r

1

is uniquely determined. Continuing in this way we see that all the digits

r

, r

−1

, . . . , r

0

are uniquely determined.

Example 25.1.

(1) We ﬁnd the base 7 representation of 1,749.

1749 = 249 7 + 6

249 = 35 7 + 4

35 = 5 7 + 0

5 = 0 7 + 5

Hence 1749 = [5, 0, 4, 6]

7

.

104 CHAPTER 25. THE BASE B REPRESENTATION OF N

(2) We ﬁnd the base 12 representation of 19,151.

19, 151 = 1595 12 + 11

1, 595 = 132 12 + 11

132 = 11 12 + 0

11 = 0 12 + 11

∴ 19, 151 = [11, 0, 11, 11]

12

.

(3) Find the base 10 representation of 1,203.

1203 = 120 10 + 3

120 = 12 10 + 0

12 = 1 10 + 2

1 = 0 10 + 1

∴ 1203 = [1, 2, 0, 3]

10

.

(4) Find the base 2 (binary) representation of 137.

137 = 2 68 + 1

68 = 2 34 + 0

34 = 2 17 + 0

17 = 2 8 + 1

8 = 2 4 + 0

4 = 2 2 + 0

2 = 2 1 + 0

1 = 2 0 + 1

∴ 137 = [1, 0, 0, 0, 1, 0, 0, 1]

2

.

Exercise 25.1. Generalize the following observations

3 = [1, 1]

2

7 = [1, 1, 1]

2

15 = [1, 1, 1, 1]

2

31 = [1, 1, 1, 1, 1]

2

63 = [1, 1, 1, 1, 1, 1]

2

Prove your generalization. [HINT: See Exercise 2.5 on page 6.]

105

Exercise 25.2. Generalize the following observation:

8 = [2, 2]

3

26 = [2, 2, 2]

3

80 = [2, 2, 2, 2]

3

242 = [2, 2, 2, 2, 2]

3

Prove your generalization. [HINT: See Exercise 2.5 on page 6.]

Exercise 25.3. Generalize Exercises 25.1 and 25.2 to an arbitrary base b ≥ 2.

Remark 25.2. To ﬁnd the binary representation of a small number, the fol-

lowing method is often easier than the above method:

Given n > 0 let 2

n

1

be the largest power of 2 satisfying 2

n

1

≤ n. Let 2

n

2

be the largest power of 2 satisfying

2

n

2

≤ n −2

n

1

.

Let 2

n

3

be the largest power of 2 satisfying

2

n

3

≤ n −2

n

1

−2

n

2

.

Note that at this point we have

0 ≤ n −(2

n

1

+ 2

n

2

+ 2

n

3

) < n −(2

n

1

+ 2

n

2

) < n −2

n

1

< n.

Continuing in this way, eventually we get

0 = n −(2

n

1

+ 2

n

2

+ + 2

n

k

) .

Then n = 2

n

1

+2

n

2

+ +2

n

k

, and this gives the binary representation of n.

Example 25.2. Take n = 137. Note that 2

1

= 2, 2

2

= 4, 2

3

= 8, 2

4

= 16,

2

5

= 32, 2

6

= 64, 2

7

= 128, and 2

8

= 256. Using the above method we

compute:

137 −2

7

= 137 −128 = 9,

9 −2

3

= 1,

1 −2

0

= 0.

So we have

137 = 2

7

+ 9 = 2

7

+ 2

3

+ 1,

∴ 137 = 2

7

+ 02

6

+ 02

5

+ 02

4

+ 2

3

+ 02

2

+ 0 2 + 1.

So 137 = [1, 0, 0, 0, 1, 0, 0, 1]

2

.

106 CHAPTER 25. THE BASE B REPRESENTATION OF N

Exercise 25.4. Show how to use both methods to ﬁnd the binary represen-

tation of 455.

Exercise 25.5. Make a vertical list of the binary representation of the inte-

gers 1 to 16.

Chapter 26

Computation of a

N

mod m

Let’s ﬁrst consider the question: What is the smallest number of multiplica-

tions required to compute a

N

where N is any positive integer?

Suppose we want to calculate 2

8

. One way is to perform the following 7

multiplications:

2

2

= 2 2 = 4

2

3

= 2 4 = 8

2

4

= 2 8 = 16

2

5

= 2 16 = 32

2

6

= 2 32 = 64

2

7

= 2 64 = 128

2

8

= 2 128 = 256

But we can do it in only 3 multiplications:

2

2

= 2 2 = 4

2

4

=

2

2

2

= 4 4 = 16

2

8

=

2

4

2

= 16 16 = 256

In general, using the method:

a

2

= a a, a

3

= a

2

a, a

4

= a

3

a, . . . , a

n

= a

n−1

a

requires n −1 multiplications to compute a

n

.

107

108 CHAPTER 26. COMPUTATION OF A

N

MOD M

On the other hand if n = 2

k

then we can compute a

n

by successive

squaring with only k multiplications:

a

2

= a a

a

2

2

=

a

2

2

= a

2

a

2

a

2

3

=

a

2

2

2

= a

2

2

a

2

2

.

.

.

.

.

.

a

2

k

=

a

2

k−1

2

= a

2

k−1

a

2

k−1

Note that the fact that

2

k

=

2

k−1

2 = 2

k−1

+ 2

k−1

together with the Laws of Exponents:

(a

n

)

m

= a

nm

and

a

n

a

m

= a

n+m

is what makes this method work. Note that if n = 2

k

then k is generally a

lot smaller than n −1. For example,

1024 = 2

10

and 10 is quite a bit smaller than 1023.

If n is not a power of 2 we can use the following method to compute a

n

.

The Binary Method for Exponentiation. Let n be a positive integer.

Let x be any real number. This is a method for computing x

n

.

Step 1. Find the binary representation

n = [a

r

, a

r−1

, . . . , a

0

]

2

for n.

109

Step 2. Compute the powers

x

2

, x

2

2

, x

2

3

, . . . , x

2

r

by successive squaring as shown above.

Step 3. Compute the product

x

n

= x

ar2

r

x

a

r−1

2

r−1

x

a

1

2

x

a

0

.

[Note each a

i

is 0 or 1, so all needed factors were obtained in Step 2.]

Example 26.1. Let’s compute 3

15

. Note that 15 = 2

3

+ 2

2

+ 2 + 1 =

[1, 1, 1, 1]

2

. So this takes care of Step 1. For Step 2, we note that

3

2

= 3 3 = 9

3

2

2

= 9 9 = 81

3

2

3

= 81 81 = 6561

So 3

15

= 3

2

3

3

2

2

3

2

3

1

. For this we need 3 multiplications:

3 3

2

= 3 9 = 27

3 3

2

3

2

2

= 27 81 = 2187

3 3

2

3

2

2

3

2

3

= 2187 6561 = 14348907

So we have

3

15

= 14348907.

Note that we have used just 6 multiplications, which is less than the 14 it

would take if we used the naive method. Let’s not forget that some additional

eﬀort was needed to compute the binary representation of 15, but not much.

Theorem 26.1. Computing x

n

using the binary method requires log

2

(n)|

applications of the Division Algorithm and at most 2log

2

(n)| multiplications.

Proof. If n = [a

r

, . . . , a

0

]

2

, a

r

= 1, then n = 2

r

+ + a

1

2 + a

0

. Hence

(∗) 2

r

≤ n ≤ 2

r

+ 2

r−1

+ + 2 + 1 = 2

r−1

−1 < 2

r+1

.

Since log

2

(2

x

) = x and when 0 < a < b we have log

2

(a) < log

2

(b), we have

from (∗) that

log

2

(2

r

) ≤ log

2

(n) < log

2

2

r+1

**110 CHAPTER 26. COMPUTATION OF A
**

N

MOD M

or

r ≤ log

2

(n) < r + 1.

Hence r = log

2

(n)|. Note that r is the number of times we need to apply

the Division Algorithm to obtain the binary representation n = [a

r

, . . . , a

0

]

2

,

a

r

= 1. To compute the powers x, x

2

, x

2

2

, . . . , x

2

r

by successive squaring

requires r = log

2

(n)| multiplications and similarly to compute the product

x

2

r

x

a

r−1

2

r−1

x

a

1

2

x

a

0

requires r multiplicatons. So after obtaining the binary representation we

need at most 2r = 2log

2

(n)| multiplications.

Use of a calculator to compute log

2

(x): To ﬁnd log

2

(x) one may use

the formula

log

2

(x) =

1

ln(2)

ln(x)

or

log

2

(x) ≈

¸

1

(0.69314718)

ln(x)

where ln(x) is the natural logarithm of x. For small values of x it is sometimes

faster to use the fact that r = log

2

(x)| is equivalent to

2

r

≤ x < 2

r+1

,

that is, r is the largest positive integer such that 2

r

≤ x. The Maple command

for log

2

(x) is log[2](x).

Note that if we count an application of the Division Algorithm and a

multiplication as the same, the above tells us that we need at most 3log

2

(n)|

operations to compute x

n

. So, for example, if n = 10

6

, then it is easy to see

that 3log

2

(n)| = 57. So we may compute x

1,000,000

with only 57 operations.

Exercise 26.1. Calculate 3log

2

(n)| for n = 2, 000, 000.

Exercise 26.2. Use the binary method to compute 2

25

.

Exercise 26.3. Approximately how many operations would be required to

compute 2

n

when n = 10

100

? Explain.

Exercise 26.4. Note that 6 multiplications are used to compute 3

15

using

the binary method. Show that one can compute 3

15

with fewer than 6 mul-

tiplications. [You will have to experiment.]

111

Computing a

n

mod m. We use the binary method for exponentiation

with the added trick that after every multiplication we reduce modulo m,

that is, we divide by m and take the remainder. This keeps the products

from getting too big.

Example 26.2. We compute 3

15

mod 10:

3

2

= 3 3 = 9 ≡ 9 (mod 10)

3

4

= 9 9 = 81 ≡ 1 (mod 10)

3

8

≡ 1 1 ≡ 1 ≡ 1 (mod 10)

∴ 3

15

= 3

8

3

4

3

2

3

1

≡ 1 1 9 3 = 27 ≡ 7 (mod 10).

Note that 3

15

≡ 7 (mod 10) implies that 3

15

mod 10 = 7. [Recall that on

page 109 we calculated that 3

15

= 14348907 which is clearly congruent to

7 mod 10, but the multiplications were not so easy.]

Example 26.3. Let’s ﬁnd 2

644

mod 645. It is easy to see that

644 = [1, 0, 1, 0, 0, 0, 0, 1, 0, 0]

2

That is, 644 = 2

9

+2

7

+2

2

= 512 +128 +4. Now by successive squaring and

reducing modulo 645 we get

2

2

= 2 2 = 4 ≡ 4 (mod 645)

2

4

≡ 4 4 = 16 ≡ 16 (mod 645)

2

8

≡ 16 16 = 256 ≡ 256 (mod 645)

2

16

≡ 256 256 = 65, 536 ≡ 391 (mod 645)

2

32

≡ 391 391 = 152, 881 ≡ 16 (mod 645)

2

64

≡ 16 16 = 256 ≡ 256 (mod 645)

2

128

≡ 256 256 = 65, 536 ≡ 391 (mod 645)

2

256

≡ 391 391 = 152, 881 ≡ 16 (mod 645)

2

512

≡ 16 16 = 256 ≡ 256 (mod 645).

Now

2

644

= 2

512

2

128

2

4

,

hence

2

644

≡ 256 391 16 (mod 645).

112 CHAPTER 26. COMPUTATION OF A

N

MOD M

So

256 391 = 100099 ≡ 121 (mod 645)

and

121 16 = 1936 ≡ 1 (mod 645)

so we have 2

644

≡ 1 (mod 645). Hence 2

644

mod 645 = 1.

Exercise 26.5. Calculate 2

513

mod 10.

Exercise 26.6. Calculate 2

517

mod 100.

Exercise 26.7. If you multiplied out 2

517

, how many decimal digits would

you obtain? [See Exercise 4.3 on page 14.]

Exercise 26.8. Note that on page 96 we calculated 1234

7865435

mod 11 with

very few multiplications. Why can we not use that method to compute

1234

7865435

mod 12?

Chapter 27

The RSA Scheme

In this chapter we discuss the basis of the so-called RSA scheme. This is

the most important example of a public key cryptographic scheme. The RSA

scheme is due to R. Rivest, A. Shamir and L. Adelman

1

and was discovered

by them in 1977. We show how to implement it in more detail later using

Maple. Here we give the number-theoretic underpinning of the scheme.

We assume that the message we wish to send has been converted to an

integer in the set J

m

= ¦0, 1, 2, . . . , m−1¦ where m is some positive integer

to be determined. Generally this is a large integer. We will require two

functions:

E : J

m

→J

m

(E for encipher)

and

D : J

m

→J

m

(D for decipher).

To be able to use D to decipher what E has enciphered we need to have

D(E(x)) = x for all x ∈ J

m

. To show how m, E, and D are chosen we ﬁrst

prove a lemma:

Lemma 27.1. Let p and q be any two distinct primes and let m = pq. Let

e and d be any two positive integers which are inverses of each other modulo

φ(m). Then

x

ed

≡ x (mod m)

for all x.

1

A copy of the paper “A Method for Obtaining Digital Signatures and Public-Key

Cryptosystems” may be downloaded from http://citeseer.nj.nec.com/rivest78method.html

113

114 CHAPTER 27. THE RSA SCHEME

Proof. By Theorem 22.6, φ(m) = (p − 1)(q − 1). Since ed ≡ 1 (mod φ(m))

we have ed − 1 = kφ(m) = k(p − 1)(q − 1) for some k. Note k > 0 unless

ed = 1 in which case the theorem is obvious. So we have

(∗) ed = kφ(m) + 1 = k(p −1)(q −1) + 1

for some k > 0.

Now by Fermat’s Little Theorem, if gcd(x, p) = 1 we have x

p−1

≡ 1

(mod p) and raising both sides of the congruence to the power (q − 1)k we

obtain:

x

(p−1)(q−1)k

≡ 1 (mod p)

and multiplying both sides by x we have

x

(p−1)(q−1)k+1

≡ x (mod p)

That is, by (∗)

(∗∗) x

ed

≡ x (mod p).

Now we proved (∗∗) when gcd(x, p) = 1, but if gcd(x, p) = p it is obvious

since then x ≡ 0 (mod p). So in all cases (∗∗) holds. A similar argument

proves that for all x

x

ed

≡ x (mod q).

So by Exercise 15.11, page 63, we have since gcd(p, q) = 1

x

ed

≡ x (mod m)

for all x.

Theorem 27.1. Let J

m

= ¦0, 1, 2, . . . , m−1¦ and deﬁne E : J

m

→J

m

by

E(x) = x

e

mod m

and D : J

m

→J

m

by

D(x) = x

d

mod m.

Then E and D are inverses of each other if m, e and d are as in Lemma

27.1.

115

Proof. It suﬃces to show that D(E(x)) = x for all x ∈ J

m

. Let x ∈ J

m

and

let E(x) = x

e

mod m = r

1

. Also let D(r

1

) = r

d

1

mod m = r

2

. We must show

that r

2

= x. Since x

e

mod m = r

1

we know that

x

e

≡ r

1

(mod m).

Hence x

ed

≡ r

d

1

(mod m). We also know that

r

d

1

≡ r

2

(mod m).

Hence x

ed

≡ r

2

(mod m). By Lemma 27.1 x

ed

≡ x (mod m) so we have

x ≡ r

2

(mod m).

Since both x and r

2

are in J

m

we have by Exercise 15.5 that x = r

2

. This

completes the proof.

More details on the use of the RSA scheme will be given in the Maple

worksheets which are available from the course website which may be reached

from my home page: http://www.math.usf.edu/~eclark.

116 CHAPTER 27. THE RSA SCHEME

Appendix A

Rings and Groups

The material in this appendix is optional reading. However, for the sake

of completeness we state here the deﬁnition of a ring and the deﬁnition of

a group. If you are interested in learning more you might take the course

Elementary Abstract Algebra. Having had this course should make it a little

easier to understand the ideas in abstract algebra and vice versa.

For more details you may download the free book Elementary Ab-

stract Algebra from my homepage:

http://www.math.usf.edu/~eclark

Alternatively, look in almost any book whose title contains the words Abstract

Algebra or Modern Algebra. Look for one with Introductory or Elementary

in the title.

Deﬁnition A.1. A ring is an ordered triple (R, +, ) where R is a set and

+ and are binary operations on R satisfying the following properties:

A1 a + (b + c) = (a + b) + c for all a, b, c in R.

A2 a + b = b + a for all a, b in R.

A3 There is an element 0 ∈ R satisfying a + 0 = a for all a in R.

A4 For every a ∈ R there is an element b ∈ R such that a + b = 0.

M1 a (b c) = (a b) c for all a, b, c in R.

D1 a (b + c) = a b + a c for all a, b, c in R.

117

118 APPENDIX A. RINGS AND GROUPS

D2 (b + c) a = b a + c a for all a, b, c in R.

Thus, to describe a ring one must specify three things:

1. a set,

2. a binary operation on the set called multiplication,

3. a binary operation on the set called addition.

Then, one must verify that the properties above are satisﬁed.

Example A.1. Here are some examples of rings. The two binary operations

+ and are in each case the ones that you are familiar with.

1. (R, +, )–the ring of real numbers.

2. (Q, +, )–the ring of rational numbers.

3. (Z, +, )–the ring of integers.

4. (Z

n

, +, )–the ring of integers modulo n.

5. (M

n

(R), +, )–the ring of all n n matrices over R.

Deﬁnition A.2. A group is an ordered pair (G, ∗) where G is a set and ∗

is a binary operation on G satisfying the following properties

1. x ∗ (y ∗ z) = (x ∗ y) ∗ z for all x, y, z in G.

2. There is an element e ∈ G satisfying e ∗ x = x and x ∗ e = x for all x

in G.

3. For each element x in G there is an element y in G satisfying x ∗ y = e

and y ∗ x = e.

Deﬁnition A.3. A group (G, ∗) is said to be Abelian if x∗ y = y ∗ x for all

x, y ∈ G.

Thus, to describe a group one must specify two things:

1. a set, and

2. a binary operation on the set.

119

Then, one must verify that the binary operation is associative, that there is

an identity in the set, and that every element in the set has an inverse.

Example A.2. Here are some examples of groups. The binary operations

are in each case the ones that you are familiar with.

1. (Z, +) is a group with identity 0. The inverse of x ∈ Z is −x.

2. (Q, +) is a group with identity 0. The inverse of x ∈ Q is −x.

3. (R, +) is a group with identity 0. The inverse of x ∈ R is −x.

4. (Q − ¦0¦, ) is a group with identity 1. The inverse of x ∈ Q − ¦0¦ is

x

−1

.

5. (R − ¦0¦, ) is a group with identity 1. The inverse of x ∈ R − ¦0¦ is

x

−1

.

6. (Z

n

, +) is a group with identity 0. The inverse of x ∈ Z

n

is n − x if

x = 0, the inverse of 0 is 0.

7. (U

n

, ) is a group with identity [1]. The inverse of [a] ∈ U

n

was shown

to exist in Chapter 22.

8. (R

n

, +) where + is vector addition. The identity is the zero vector

(0, 0, . . . , 0) and the inverse of the vector x = (x

1

, x

2

, . . . , x

n

) is the

vector −x = (−x

1

, −x

2

, . . . , −x

n

).

9. (M

n

(R), +). This is the group of all n n matrices over R and + is

matrix addition.

120 APPENDIX A. RINGS AND GROUPS

Bibliography

[1] Tom Apostol, Introduction to Analytic Number Theory, Springer-Verlag,

New York-Heidelberg, 1976.

[2] Chris Caldwell, The Primes Pages,

http://www.utm.edu/research/primes/

[3] W. Edwin Clark, Number Theory Links,

http://www.math.usf.edu/~eclark/numtheory_links.html

[4] Earl Fife and Larry Husch, Number Theory (Mathematics Archives,

http://archives.math.utk.edu/topics/numberTheory.html

[5] Ronald Graham, Donald Knuth, and Oren Patashnik, Concrete Mathe-

matics, Addison-Wesley, 1994.

[6] Donald Knuth The Art of Computer Programming, Vols I and II,

Addison-Wesley, 1997.

[7] The Math Forum, Number Theory Sites

http://mathforum.org/library/topics/number_theory/

[8] Oystein Ore, Number Theory and its History, Dover Publications, 1988.

[9] Carl Pomerance and Richard Crandall, Prime Numbers – A Computa-

tional Perspective, Springer -Verlag, 2001.

[10] Kenneth A. Rosen, Elementary Number Theory, (Fourth Edition),

Addison-Wesley, 2000.

[11] Eric Weisstein, World of Mathematics –Number Theory Section,

http://mathworld.wolfram.com/topics/NumberTheory.html

121

ii

Preface

Number theory is concerned with properties of the integers: . . . , −4, −3, −2, −1, 0, 1, 2, 3, 4, . . . . The great mathematician Carl Friedrich Gauss called this subject arithmetic and of it he said: Mathematics is the queen of sciences and arithmetic the queen of mathematics.” At ﬁrst blush one might think that of all areas of mathematics certainly arithmetic should be the simplest, but it is a surprisingly deep subject. We assume that students have some familiarity with basic set theory, and calculus. But very little of this nature will be needed. To a great extent the book is self-contained. It requires only a certain amount of mathematical maturity. And, hopefully, the student’s level of mathematical maturity will increase as the course progresses. Before the course is over students will be introduced to the symbolic programming language Maple which is an excellent tool for exploring number theoretic questions. If you wish to see other books on number theory, take a look in the QA 241 area of the stacks in our library. One may also obtain much interesting and current information about number theory from the internet. See particularly the websites listed in the Bibliography. The websites by Chris Caldwell [2] and by Eric Weisstein [11] are especially recommended. To see what is going on at the frontier of the subject, you may take a look at some recent issues of the Journal of Number Theory which you will ﬁnd in our library.

iii

A prime number is an integer greater than 1 whose only positive factors are 1 and the integer itself.] 3. (Twin Prime Conjecture) There are inﬁnitely many twin primes. 1. Are there inﬁnitely many primes of the form 22 + 1? Primes of this form are called Fermat primes. Many of these problems concern prime numbers. (Goldbach’s Conjecture) Every even integer n > 2 is the sum of two primes. (3n+1 Conjecture) Consider the function f deﬁned for positive integers n as follows: f (n) = 3n + 1 if n is odd and f (n) = n/2 if n is even. f (f (n)). f (f (f (n))). A solution to any one of these problems would make you quite famous (at least among mathematicians). [If p and p + 2 are primes we say that p and p + 2 are twin primes. Some of these will be discussed in this course. Are there inﬁnitely many perfect numbers? [An integer is perfect if it is the sum of its proper divisors. Are there inﬁnitely many primes whose digits in base 10 are all ones? Numbers whose digits are all ones are called repunits. 5. The conjecture is that the sequence f (n).] 9. Is there a fast algorithm for factoring large integers? [A truly fast algoritm for factoring would have important implications for cryptography and data security.iv PREFACE Here are some examples of outstanding unsolved problems in number theory. Are there inﬁnitely many primes of the form 2n − 1? Primes of this form are called Mersenne primes. Are there inﬁnitely many primes of the form n2 + 1? 4.] n . 7. 8. 6. · · · always contains 1 no matter what the starting value of n is. 2.

” he replied. I remember once going to see him when he was lying ill at Putney. like a telescope is to an astronomer. likewise. all the rest is the work of man. “it is a very interesting number. This is the reason that today we use Z for the set of integers. the translation is “ The whole number. This is the source of the often made statement that Ramanujan knew each integer personally. ¨ alles Ubrige ist Menschenwerk. and that I hoped it was not an unfavorable omen. It would be a shame to teach an astronomy class without touching a telescope. and mathematical technique is taught mainly through pure mathematics. I had ridden in taxi cab number 1729 and remarked that the number seemed to me rather a dull one. created the dear God. Number theorists are like lotus-eaters – having once tasted of this food they can never give it up. Two quotations by Leopold Kronecker God has made the integers. H. A quotation by contemporary number theorist William Stein: A computer is to a number theorist. it would be a shame to teach this class without telling you how to look at the integers through the lens of a computer.” Note in particular that Zahl is German for number. For what is useful above all is technique. Hardy: In the ﬁrst quotation Hardy is speaking of the famous Indian mathematician Ramanujan. . “No. it is the smallest number expressible as the sum of two cubes in two diﬀerent ways.v Famous Quotations Related to Number Theory Two quotations from G. The original quotation in German was Die ganze Zahl schuf der liebe Gott. More literally. ” Pure mathematics is on the whole distinctly more useful than applied. everything else is man’s work.

vi PREFACE .

Contents Preface 1 Basic Axioms for Z 2 Proof by Induction 3 Elementary Divisibility Properties 4 The Floor and Ceiling of a Real Number 5 The Division Algorithm 6 Greatest Common Divisor 7 The Euclidean Algorithm 8 Bezout’s Lemma 9 Blankinship’s Method 10 Prime Numbers 11 Unique Factorization 12 Fermat Primes and Mersenne Primes 13 The Functions σ and τ 14 Perfect Numbers and Mersenne Primes vii iii 1 3 9 13 15 19 23 25 27 31 37 43 47 53 .

5. 9. 3. 11 17 Divisibility Tests for 7 and 13 18 More Properties of Congruences 19 Residue Classes 20 Zm and Complete Residue Systems 21 Addition and Multiplication in Zm 22 The Groups Um 23 Two Theorems of Euler and Fermat 24 Probabilistic Primality Tests 25 The Base b Representation of n 26 Computation of aN mod m 27 The RSA Scheme A Rings and Groups CONTENTS 57 65 69 71 75 79 83 87 93 97 101 107 113 117 .viii 15 Congruences 16 Divisibility Tests for 2.

) 2. By this I mean things like ab = ba and ab + ac = a(b + c). I assume a knowledge of the basic rules of high school algebra which apply to R and therefore to N. −2. b in R we have 1 . If a. then either a = b = 1 or a = b = −1. subtraction and multiplication. 3. If a. Z and Q. If a ∈ Z then there is no x ∈ Z such that a < x < a + 1. −3. b ∈ Z. I will not list all of these properties here. below I list some particularly important properties of Z that will be needed. m in N and a.Chapter 1 Basic Axioms for Z Since number theory is concerned with properties of the integers. Laws of Exponents: For n. 2. 1. we begin by setting up some notation and reviewing some basic properties of the integers that will be needed later: N = {1. · · · } (the integers) n | n. then a + b. 3. 3. (Z is closed under addition. a − b and ab ∈ Z. b ∈ Z and ab = 1. However. m ∈ Z and m = 0 (the rational numbers) Q= m R = the real numbers Note that N ⊂ Z ⊂ Q ⊂ R. Some Basic Axioms for Z 1. 4. I call them axioms since we will not prove them in this course. 0. · · · } (the natural numbers or positive integers) Z = {· · · . 2. −1.

(b) Whenever P (n) is true for n0 ≤ n ≤ k then P (n) is true for n = k + 1. . Important Convention. a ≤ b means a < b or a = b. 7. b. . a < b. We use the usual conventions: 1. . z are integers. then a < c. 2.2 (a) (an )m = anm (b) (ab)n = an bn (c) an am = an+m . m ∈ Z if a and b are not zero. and 3. c in R the following hold: (a) (Transitivity) If a < b and b < c. Since in this course we will be almost exclusively concerned with integers we shall assume from now on (unless otherwise stated) that all lower case roman letters a. BASIC AXIOMS FOR Z These rules hold for all n. one and only one of the following holds: a = b. (b) If a < b then a + c < b + c. The Well-Ordering Property for N: Every non-empty subset of N contains a least element. a > b means b < a. Let n0 be any ﬁxed integer. (c) If a < b and 0 < c then ac < bc. . CHAPTER 1. Properties of Inequalities: For a. a ≥ b means b ≤ a. (e) (Trichotomy) Given a and b. 6. b. . 5. The Principle of Mathematical Induction: Let P (n) be a statement concerning the integer variable n. (d) If a < b and c < 0 then bc < ac. b < a. P (n) is true for all integers n ≥ n0 if one can establish both of the following statements: (a) P (n) is true if n = n0 .

A sample proof using induction: I will give two versions of this proof. The rest will be given in class hopefully by students. The second proof is less pedagogical and is the type of proof I expect students to construct. Now if n = 4 then P (n) becomes the statement 24 > 5 · 4 which is false! But if n = 5. Proposition 2. induction. It might also be called a theorem.Chapter 2 Proof by Induction In this section. usually an inequality or an equation but sometimes a more complicated assertion. I list a number of statements that can be proved by use of The Principle of Mathematical Induction. A sample proof is given below. Note that PMI has two parts which we denote by PMI (a) and PMI (b). For n0 we take 5. I will refer to this principle as PMI or. Here we use The Principle of Mathematical Induction. We let P (n) be the statement 2n > 5n.1. In the ﬁrst proof I explain in detail how one uses the PMI. P (n) is the statement 25 > 5 · 5 or 32 > 25 which is true and we have established PMI (a). lemma or corollary depending on the situation. Proof #1. We could write simply: P (n) = 2n > 5n and n0 = 5. 3 . If n ≥ 5 then 2n > 5n. Note that P (n) represents a statement. I call the statement I want to prove a proposition. simply.

3).1) so k ≥ 1 and hence 5k ≥ 5. Thus we have established PMI (b).3) 2k+1 > 5(k + 1). we assume (2. Proposition 2. So assuming the induction hypothesis (2. Multiply both sides by two and we get (2. . If n ≥ 5 then 2n > 5n. Thus 2k+1 > 10k ≥ 5(k + 1) so (2. We want to use it to prove that P (n) holds when n = k + 1. The assumption (2. That is. PROOF BY INDUCTION Now to prove PMI (b) we begin by assuming that P (n) is true for 5 ≤ n ≤ k. that is. So here’s what we do. Now 10k = 5k + 5k and k ≥ 5 by (2. By (2. P (n) holds when n = k + 1. I now give a more streamlined proof.4 CHAPTER 2. We have established that parts (a) and (b) of PMI hold for this particular P (n) and n0 .2) to complete the proof. Therefore 10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).1) letting n = k we have 2k > 5k. That is. So the PMI tells us that P (n) holds for n ≥ 5.1) 2n > 5n for 5 ≤ n ≤ k.1) we have proved (2. Note that we are trying to prove 2k+1 > 5(k + 1). 2n > 5n holds for n ≥ 5.2) 2k+1 > 10k. Now 5(k + 1) = 5k + 5 so if we can show 10k ≥ 5k + 5 we can use (2.1) is called the induction hypothesis.2.

Now 10k = 5k + 5k and k ≥ 5 so k ≥ 1 and therefore 5k ≥ 5. First state what proposition you are going to prove. the variable n and the starting value n0 . . of course. This assumption will be referred to as the induction hypothesis. Multiplying both sides by 2 gives 2k+1 > 10k. It could be represented in many diﬀerent ways. Hence by PMI we conclude that 2n > 5n for n ≥ 5. Lemma. Hence 10k = 5k + 5k ≥ 5k + 5 = 5(k + 1). at the very beginning of your proof. We prove the proposition by induction on the variable n. sometimes these things may not be obvious. the statement to be proved. Assume that P (n) holds for n0 ≤ n ≤ k. Corollary. Assume 2n > 5n for 5 ≤ n ≤ k (the induction hypothesis). Theorem. Fact. Say that you are going to use induction (some proofs do not use induction!) and if it is not obvious from the statement of the proposition identify clearly P (n). 4. It follows that 2k+1 > 10k ≥ 5(k + 1) and therefore 2k+1 > 5(k + 1). 5. And. the variable need not be n. If n = 5 we have 25 > 5 · 5 or 32 > 25 which is true.5 Proof #2. 3. Write the Proof or Pf. 2. Even though this is usually clear. Taking n = k we have 2k > 5k. The 8 major parts of a proof by induction: 1. Prove that P (n) holds when n = n0 . Precede the statement by Proposition. or To Prove:.

r−1 This can be written as follows a(r n+1 − 1) = (r − 1)(a + ar + ar 2 + · · · + ar n ).] . Prove that 2n > 6n for n ≥ 5. Exercise 2.1. Prove that 1 + 2 + · · · + n = n(n + 1) for n ≥ 1.9. 9 n(n + 1)(2n + 1) if n ≥ 1. PROOF BY INDUCTION 6. Use the induction hypothesis and anything else that is known to be true to prove that P (n) holds when n = k + 1. Exercise 2.3. Prove that if 0 < a < b then 0 < an < bn for all n ∈ N. [Hint.6 CHAPTER 2. 6 Exercise 2. 7. Write QED or or // or something to indicate that you have completed your proof.7. and 15 separately. In this case it will help to do the cases n = 12. 13. 14. Prove that 1 + 2 + 22 + · · · + 2n = 2n+1 − 1 for n ≥ 1. Exercise 2. Exercise 2.5. 23 = 5 + 5 + 5 + 4 + 4 = 3 · 5 + 2 · 4.6. Conclude that since the conditions of the PMI have been met then P (n) holds for n ≥ n0 . then for n≥1 a (r n+1 − 1) a + ar + ar 2 + · · · + ar n = . Prove that if a and r are real numbers and r = 1. Then use induction to handle n ≥ 16. 8.4.8. Prove that 111 · · · 1 = n 1’s 10n − 1 for n ≥ 1. Prove that 12 + 22 + 32 + · · · + n2 = Exercise 2. And important special case of which is (r n+1 − 1) = (r − 1)(1 + r + r 2 + · · · + r n ). Prove that n! < nn for n ≥ 2.2. 2 Exercise 2. Exercise 2. For example. Prove that if n ≥ 12 then n can be written as a sum of 4’s and 5’s. Exercise 2.

The numbers sn are usually called squares. Which of the triangular numbers in your list are also squares? Can you ﬁnd the next triangular number which is a square? Exercise 2. Find a formula for sn . the triangular number tn is the number of dots in a triangular array that has n rows with i dots in the i-th row.2 and 2. Let sn be the number of dots in a square array that has n rows with n dots in each row. (b) Suppose that for each n ≥ 1. Then multiply both sides of this equation by r to get a new equation with rp as the left hand side. Exercise 2. Now solve for p.5 write p = a+ar +ar 2 +· · ·+ar n . Some propositions that can be proved by induction can also be proved without induction.] . Find a formula for tn .2 write s = 1+2+· · ·+(n−1)+n.10. Find the ﬁrst 10 triangular numbers and the ﬁrst 10 squares. Solve for s. n ≥ 1. Add these equations to obtain 2s = n(n+1). (a) For n ≥ 1. Prove Exercises 2.5 without induction.12. [Hints: For 2. Directly under this equation write s = n+(n−1)+· · ·+2+1.11. For Exercise 2.7 Exercise 2. Subtract these two equation to obtain pr − p = ar n+1 − a.

PROOF BY INDUCTION .8 CHAPTER 2.

2 | 6. Thus. Recall that a/b represents the fraction a . 5. 2 is a factor of 6. 3.1. they are all diﬀerent ways of saying the same thing. 2. 1. 2. 6 is a multiple of 2. that is. d | n means there is an integer k such that n = dk. 4. 4. 9 . Note that a | b = a/b. d is a factor of n. 3. d divides n. 2 divides 6. the following ﬁve statements are equivalent. n is a multiple of d. 2 is a divisor of 6. d is a divisor of n.Chapter 3 Elementary Divisibility Properties Deﬁnition 3. d n means that d | n is false. b The expression d | n may be read in any of the following ways: 1.

d | n iﬀ n = dk for some k. One might also see the following deﬁnition sometimes. But be careful about making up your own deﬁnitions. .3. Take your pick. Students should learn all deﬁnitions and be able to state them precisely.10 CHAPTER 3. all mean the same thing. Otherwise we would have to add this fact to our deﬁnitions. Keep in mind that we are assuming that all letters a. It should be emphasized that all the above deﬁnitions are acceptable. z represent integers. and if and only if. In deﬁnitions such as Deﬁnition 3. b. d | n if n = dk for some k. or maybe Deﬁnition 3. Note that ⇐⇒ . . . ELEMENTARY DIVISIBILITY PROPERTIES Deﬁnitions will play an important role in this course. . Deﬁnition 3. Deﬁnition 3. . iﬀ.2. An alternative way to state the deﬁnition of d | n is as follows.4. d | n ⇐⇒ n = dk for some k.4 if is interpreted to mean if and only if.

d | n =⇒ ad | an (multiplication property) 5. Prove that if a ∈ Z then the only positive divisor of both a and a + 1 is 1. d | n and n | m =⇒ d | m (transitivity) 3.1 says that if d divides a and b. Exercise 3.3. ad | an and a = 0 =⇒ d | n (cancellation property) 6.) 8. and d are integers then the following statements hold: 1. This will turn out to be a useful fact. Deﬁnition 3. d | 0 (everything divides zero) 9. If c = as + bt for some integers s and t we say that c is a linear combination of a and b.1 (Divisibility Properties). statement 3 in Theorem 3. Prove each of the properties 1 through 10 in Theorem 3. Exercise 3. m.2. d divides a + b and a − b. n | n (everything divides itself ) 2.1. . d | n and d | m =⇒ d | an + bm for all a and b (linearity property) 4. If n.11 Theorem 3. then d divides all linear combinations of a and b. 1 | n (one divides everything) 7. Thus. Prove that if d | a and d | b then d | a − b. In particular. 0 | n =⇒ n = 0 (zero divides only zero) 10.1.5. n | 1 =⇒ n = ±1 (1 and −1 are the only divisors of 1. If d and n are positive and d | n then d ≤ n (comparison property) Exercise 3.

ELEMENTARY DIVISIBILITY PROPERTIES .12 CHAPTER 3.

Here are a few simple examples: 1.1.k. and the ceiling. −3. Now this notation is standard in most areas of mathematics.1 = 4 3 =3 −3. For a more detailed treatment of both the ﬂoor and ceiling see the book Concrete Mathematics [5]. Deﬁnition 4.a. 3 = 3 and 3. functions. But I prefer the notation x .1) x = max{n ∈ Z | n ≤ x} 13 ..Chapter 4 The Floor and Ceiling of a Real Number Here we deﬁne the ﬂoor. a. According to the deﬁnition of x we have (4.k.1 = 3 and 2.. a. the greatest integer. If x is any real number we deﬁne x = the greatest integer less than or equal to x x = the least integer greater than or equal to x x is called the ﬂoor of x and x is called the ceiling of x The ﬂoor x is sometimes denoted [x] and called the greatest integer function. the least integer.a.1 = -4 and From now on we mostly concentrate on the ﬂoor x .1 = -3 3. 3. Kenneth Iverson introduced this notation and the terms ﬂoor and ceiling in the early 1960s — according to Donald Knuth [6] who has done a lot to popularize the notation.

We need the following lemma to prove our next theorem. an−2 . In this case we say that the integer a is an n digit number or that a is n digits long. .1. −π .3) a = an−1 10n−1 + an−2 10n−2 + · · · + a1 10 + a0 and the digits an−1 . 9} with an−1 = 0. 7. −π . Sketch the graph of the function f (x) = x for −3 ≤ x ≤ 3.2. 6. It also gives x < n + 1 which implies that x − 1 < n. − 2 . and − 2 . Recall that log(xy ) = y log(x) when x and y are positive. Prove that a ∈ N is an n digit number where n = log(a) +1.3. √ √ √ √ Exercise 4.3) holds with an−1 = 0 then 10n−1 ≤ a < 10n . 2 .2. From this it is clear that x ≤ x holds for all x. Find π . as already noted above. . Then apply the log to all terms of this inequality. 8. Exercise 4. Exercise 4. 1. For all x ∈ R x − 1 < x ≤ x. 4. Deﬁnition 4. This gives immediately that x ≤ x. 3. π . . 5.2) n = x ⇐⇒ n ≤ x < n + 1. . Recall that the decimal representation of a positive integer a is given by a = an−1 an−2 · · · a1 a0 where (4. Use the previous exercise to determine the number of digits in the decimal representation of the number 23321928 . . Let n = x . Exercise 4. Proof. Lemma 4.4. and x = x ⇐⇒ x ∈ Z. Hint: Show that if ( 4. Then by (4.14 CHAPTER 4. Here log means logarithm to base 10. THE FLOOR AND CEILING OF A REAL NUMBER Note also that if n is an integer we have: (4.1. 2 . 2. that is. x − 1 < x . a1 .2) we have n ≤ x < n + 1. a0 are in the set {0.

1) a = bq + r and 0 ≤ r < b. In this situation q is called the quotient and r is called the remainder when a is divided by b.1) and the second part is the UNIQUENESS of the integers q and r satisfying (5. But we need to prove that 0 ≤ r < b. giving us: b − a > −b 15 a ≥ −a. If a and b are integers and b > 0 then there exist unique integers q and r satisfying the two conditions: (5. b . Proof.1). Note that there are two parts to this result.Chapter 5 The Division Algorithm The goal of this section is to prove the following important result. By Lemma 4. One part is the EXISTENCE of integers q and r satisfying (5. b b b Now multiply all terms of this inequality by −b. −b is negative so the direction of the inequality is reversed. Theorem 5. Given b > 0 and any a deﬁne a b r = a − bq q = Cleary we have a = bq + r.1 we have a a a −1< ≤ . Since b is positive.1 (The Division Algorithm).

16 CHAPTER 5. An integer n is even if n = 2k for some k. Since b > 0 this tells us that q1 − q2 = 0. This implies that (5. n is even if and only if n2 is even. and is odd if n = 2k + 1 for some k. Now from (5.2. Prove using the Division Algorithm that every integer is either even or odd. To do this we assume that a = bq1 + r1 and 0 ≤ r1 < b. Subtracting these two equations we obtain 0 = a − a = (bq1 + r1 ) − (bq2 + r2 ) = b(q1 − q2 ) + (r1 − r2 ). By the parity of an integer we mean whether it is even or odd. We must show that r1 = r2 and q1 = q2 . By Theorem 3. THE DIVISION ALGORITHM If we add a to all sides of the inequality and replace a/b by q we obtain b > a − bq ≥ 0.2) r2 − r1 = b(q1 − q2 ). Deﬁnition 5. This implies that b | r2 −r1 . but never both. that is.1. Deﬁnition 5. . We still have to prove that q and r are uniquely determined. q1 = q2 .2.1).2) we have 0 = b(q1 − q2 ). This completes the proof of the uniqueness of r and q in (5.1(10) this implies that b ≤ r2 −r1 . So we must conclude that r1 = r2 . Since r = a − bq this gives us the desired result 0 ≤ r < b. But since 0 ≤ r 1 < r2 < b we have r2 − r1 < b. Exercise 5. Prove n and n2 always have the same parity. and a = bq2 + r2 and 0 ≤ r2 < b.1. If r1 = r2 without loss of generality we can assume that r2 > r1 . That is. Exercise 5. This contradicts b ≤ r2 − r1 .

5. 1. 7863. Exercise 5. −10. −7863.17 Exercise 5. Let b = 345 and a = 0. (Consider the three cases: n = 3k. Devise a method for solving problems like those in the previous exercise for large positive values of a and b using a calculator. 344.6. 10. Hint: If a = bq + r and 0 ≤ r < b then a = q + r and so r is the fractional part of the decimal number a .) Exercise 5. Once you have q you can solve a = bq + r for r. this is helpful in solving the following two problems. Note that some calculators and most programming languages have a function often denoted by MOD(a. that is. b) or mod(a. 2. b) whose value is what we have just deﬁned as a mod b. For b > 0 deﬁne a mod b = r where r is the remainder given by the Division Algorithm when a is divided by b. Exercise 5. Show that the product of any three consecutive integers has 6 as a factor. −1. Illustrate by using a = 123456 and b = 123. Let b = 3 and a = 0.3. 1. Find the q and r of the Division Algorithm for the following values of a and b: 1.3. Show that for all integers n the number n3 − n always has 3 as a factor. n = 3k + 1. Sometimes a problem in number theory can be solved by dividing the integers into various classes depending on their remainders when divided by some number b. n = 3k + 2. a = bq + r and 0 ≤ r < b. So q is b b b b what you get when you drop the fractional part. (How many cases should you use here?) Deﬁnition 5. For example.4. When this is the case the values r and q in the Division Algorithm for given a and b > 0 are given by r = a mod b a − (a mod b) q= b If also the ﬂoor function is available we have r = a mod b q = a/b . −1. For example 23 mod 7 = 2 since 23 = 7 · 3 + 2 and −4 mod 5 = 1 since −4 = 5 · (−1) + 1.

Exercise 5.8. 0 mod 10 2. If b is negative then −b is positive. so we can apply the Division Algorithm to a and −b. 123 mod 10 3. Prove that if b = 0 then b | a ⇐⇒ a/b ∈ Z. (−5) mod 5 Exercise 5.7. Note that a as well as q can be any integers. 10 mod 123 4. Exercise 5. 457 mod 33 5.9. . Hint: Recall that | b | is b if b ≥ 0 and is −b if b < 0. Use the Division Algorithm to prove the following more general version: If b = 0 then for any a there exists unique q and r such that (5. (−7) mod 3 6.10.18 CHAPTER 5. Prove that if b > 0 then b | a ⇐⇒ a mod b = 0. This exercise may come in handy later. THE DIVISION ALGORITHM Exercise 5. We know the statement holds if b > 0 so we only need to consider the case when b < 0. Calculate the following: 1. (−3) mod 7 7.3) a = bq + r and 0 ≤ r < | b |.

b ∈ Z. If e | a then −e | a. 0) = 0. 0) = 0. If a = 0.1. that is. 30) = {−1. Let C(a. we deﬁne gcd(a. C(a. Then a = (−e)(−k). If e | a and e | b we call e a common divisor of a and b. Lemma 6.1. Proof. Lemma 6. This is why we must deﬁne gcd(0. b) = {e : e | a and e | b}. 19 . −3. Let a. So gcd(18. We deﬁne gcd(0. Discussion. 1. Note that since everything divides 0 C(0. the largest positive integer that divides a is |a|. 2. Example 6.1. 6}. 30) = 6.2. If a = 0 or b = 0. −2. If e | a then a = ek for some k. 3.Chapter 6 Greatest Common Divisor Deﬁnition 6. Since −e and −k are also integers −e | a. C(18. b) is the set of all common divisors of a and b. 0) = Z so there is no largest common divisor of 0 with 0. −6. b) to be the largest integer d such that d | a and d | b.

1. gcd(a. |b|). b) = C(b. b) = C(|a|. So gcd(a. .20 Proof. In this case a = (−a)(−1) = |a|(−1) so |a| is a factor of a. If a = 0 or b = 0. since we know a | a we have |a| | a. |b|}. If a = 0 and b = 0. gcd(a. a). First note that |a| actually divides a: If a > 0. and in either case |a| > 0. Then a = dk some k so −a = d(−k) for some k. a). we have |a| = a and |b| = b. Exercise 6. a). So d | |a|. See Exercise 6. since a = 0. Note that d | a ⇔ d | |a|. then gcd(a. Now suppose d | a and d is positive. |b|). If a < 0. b) = gcd(|a|. So the largest common divisor of a and b is also the largest common divisor of |a| and |b|. in either case |a| divides a. It follows that C(a. So by Theorem 3. b) ≤ min{|a|. Recall that CHAPTER 6. b) = gcd(b. Prove that d | a ⇔ d | |a| [Hint: recall that |a| = a if a ≥ 0 and |a| = −a if a < 0. Suppose one of a or b is not 0.1 (10) we have d ≤ |a|. b) is the largest integer in C(b. gcd(a. Lemma 6.3.1. a). |b|). Proof. |a| = −a. Lemma 6.4. So you need to consider two cases. It follows that the largest integer in C(a. The following lemma shows that in computing gcd’s we may restrict ourselves to the case where both integers are positive. that is. GREATEST COMMON DIVISOR |a| = a if a ≥ 0 −a if a < 0. b) exists and satisﬁes 0 < gcd(a. Proof.] Lemma 6. Clearly C(a. b) = gcd(|a|.5. So. b) = gcd(b.

So d is at most the smaller of |a| and |b|. 732) using Example 6. b) of common division of a and b.2. Since 1 | a and 1 | b we know that 1 ∈ C(a. b = −78 (4) a = 2. 732). −732). b) is the largest integer in the set C(a. b = 14 (2) a = −1. Exercise 6. |b|}. On the other hand d ∈ C(a. b = −786541 . b) ≤ min{|a|. then d | 48. Example 6. to ﬁnd d we may check only which positive divisors of 48 also divide 732. Find gcd(a. 732) = gcd(−48. b) ⇒ d | |a| and d | |b| so d is no larger than |a| and no larger than |b|.2. From the above lemmas we have gcd(48. Since if d = gcd(48. b).3.2. b = 78654 (3) a = 0. Note that gcd(a. −732) = gcd(48. 732) = gcd(−48. So the largest common divisor must be at least 1 and is therefore positive. We also know that 0 < gcd(48. Exercise 6. 732) ≤ 48.21 Proof. b) for each of the following values of a and b: (1) a = −b. Hence gcd(a. Find gcd(48.

GREATEST COMMON DIVISOR .22 CHAPTER 6.

1(3) d | r. So gcd(a. 0) is just the set of divisors of a. r). b) when a ≥ b ≥ 0. Next assume d | b and d | r. We have thus shown that C(a. r). So we are now reduced to the problem of ﬁnding gcd(a. the Euclidean Algorithm really is an algorithm. Proof.1. |a| = a. b) = gcd(b. If a > 0. then gcd(a. So d | a and d | b. Now having done Exercise 7. Lemma 7. To show this ﬁrst let d | a and d | b. Since every integer divides 0. It provides a method to compute gcd(a. Proof.2 the largest divisor of a is |a|. 0) = a. the common divisors of a and b are the same as the common divisors of b and r. that is. C(a. r). b) = gcd(b. If a = bq + r. b) = gcd(|a|. Since as already noted gcd(0.2.1. So by Theorem 3. r). b). This shows that gcd(a. It suﬃces to show that C(a. b) = gcd(b.Chapter 7 The Euclidean Algorithm Unlike the Division Algorithm. By Lemma 6. Exercise 7.1 we only need to consider the case a > b > 0. 0) = 0. a). then gcd(a. we have d | a. a) = a. b) = C(b. Lemma 7. Note that r = a − bq. Remark 7. 0) = a. b) when a ≥ b > 0. Let a > b > 0. which is a linear combination of a and b.1(3) again and the fact that a = bq + r is a linear combination of b and r. Thus d | b and d | r. and gcd(a. |b|). Prove that if a > 0 then gcd(a.1. Using Theorem 3. b) = C(b. it suﬃces to give a method to compute gcd(a. Since a > 0. gcd(a. 23 .

11) gcd(11.3. Find gcd(a. b = 3172 (3) a = 25174.1 to compute gcd(a. a mod b).2. Example 7. 33) since 803 = 154 · 5 + 33 gcd(33. 0) = = = = = Hence gcd(803. Show that gcd(a. THE EUCLIDEAN ALGORITHM Remark 7. The Euclidean Algorithm is the process of using Lemmas 7.3. 154). 154) gcd(154. Rather than give a precise statement of the algorithm I will give an example to show how it goes. b) using the Euclidean Algorithm for each of the values below: (1) a = 37. Remark 7.4.2. 22) gcd(22.24 CHAPTER 7. Let’s compute gcd(803.2 and 7. 154) = 11. b = 60 (2) a = 793. b) when a > b > 0. 11) since 33 = 22 · 1 + 11 gcd(11. b = 42722 (4) a = 377. So if your calculator can compute a mod b you may use it when executing the Euclidean Algorithm. Exercise 7. b) = gcd(b. gcd(803. Remark 7. Let a > b > 0. 22) since 154 = 33 · 4 + 22 gcd(22. Note that we have formed the gcd of 803 and 154 without factoring 803 and 154. This method is generally much faster than factoring and can ﬁnd gcd’s when factoring is not feasible. 33) gcd(33.1. Exercise 7. b = 233 . 0) since 22 = 11 · 1 + 0 11. gcd(154.

That is. call it d. For all integers a and b there exist integers s and t such that gcd(a.Chapter 8 Bezout’s Lemma Lemma 8. −a.1 (Bezout’s Lemma). Since a = 0 or b = 0 one of the elements a. Note that J contains a. Proof. m ∈ Z}. Note that since d ∈ S we have 25 . Let S denote the set of positive integers in J. So we can say that J contains some positive integers. If a = b = 0 then s and t may be anything since gcd(0. −a. 0) = 0 = s · 0 + t · 0. n. b). S = {na + mb : na + mb > 0. Let J = {na + mb : n. By the Well-Ordering Property for N. −b is positive. b. m ∈ Z}. b and −b since a = 1·a+0·b −a = (−1) · a + 0 · b b= 0·a+1·b −b = 0 · a + (−1) · b. So we may assume that a = 0 or b = 0. Let’s show that d = gcd(a. S contains a smallest positive integer. b) = sa + tb.

So we must have r = 0. Since e and d are positive. We will give an algorithm in the next chapter for ﬁnding s and t. Also we have 1 = 2·2+(−1)3. so by Theorem 3. Note also that d > 0. Also the proof does not give any clue about how to go about calculating s and t. that is e | d.1 (10) we have e ≤ d. If r > 0 then r ∈ S. 3) and we have 1 = (−1)2 + 1 · 3. 1 = gcd(2. but does not provide a way to actually ﬁnd s and t. b). Let e = gcd(a.1. Remark 8. That is. a = dq.26 CHAPTER 8. as we will see later there are inﬁnitely many choices for s and t for each pair a. Example 8.1. b). In fact.1 (3) e | sa + tb. Thus. Hence d | a. BEZOUT’S LEMMA d = sa+tb for some integers. . s and t. b. we must have d = gcd(a. So if we can show that d is a common divisor of a and b we will know that e = d. d is indeed a common divisor of a and b since d ≥ e = gcd(a. It asserts the existence of s and t. The above proof is an existence theorem. Now r = a − dq = a − (sa + tb)q = (1 − sq)a + (−tq)b. by Theorem 3. As noted already d = sa + tb. Then e | a and e | b. so the theorem is proved. So the numbers s and t in Bezout’s Lemma are not uniquely determined. b). By a similar argument we can show that d | b. Hence r ∈ J. To show d | a using the Division Algorithm we write a = dq + r where 0 ≤ r < d. But this cannot be since r < d and d is the smallest integer in S.

1. [The goal is to get a 0 in the ﬁrst column. b = 15. 35 1 0 15 0 1 Note 35 = 15 · 2 + 5. alternating choice of rows until we reach an array of the form 0 x1 x2 d y1 y2 or d y1 y2 0 x1 x2 Then d = gcd(a. W. 27 . Blankinship1 gave a simple method to produce the integers s and t in Bezout’s Lemma and at the same time produce gcd(a. b): Given a > b > 0 we start with the array a 1 0 b 0 1 Then we continue to add multiples of one row to another row. 1 Thanks to Chris Miller for bringing this method to my attention. b) = y1 a + y2 b.Chapter 9 Blankinship’s Method In an article in the August-September 1963 issue of the American Mathematical Monthly.] Examples 9.A. hence 35 + 15(−2) = 5. First take a = 35.

15) = 5 and 5 = 1 · 35 + (−2) · 15.28 CHAPTER 9. getting: 3 43 −221 2 −93 478 Then 3 = 2 · 1 + 1. getting 5 1 −2 . getting: 1 136 −699 2 −93 478 . getting: 3 43 −221 8 −7 36 Now 8 = 3 · 2 + 2. 0 −3 7 Now we can say that gcd(35. 1876 1 0 365 0 1 Now 1876 = 365 · 5 + 51 so we add −5 times the second row to the ﬁrst row. getting: 51 1 −5 365 0 1 Now 365 = 51 · 7 + 8. b = 365. so we add −6 times row 2 to row 1. so we multiply row 1 by −3 and add it to row 2. Let’s now consider a more complicated example: Take a = 1876. getting: 51 1 −5 8 −7 36 Now 51 = 8 · 6 + 3. getting 5 1 −2 15 0 1 Now 3 · 5 = 15 or 15 + (−3)5 = 0. so we add −2 times row 1 to row 2. so we add −7 times row 1 to row 2. BLANKINSHIP’S METHOD So we multiply row 2 by −2 and add it to row 1. so we add −1 times row 2 to row 1.

Note that at the start we have a 1 0 b 0 1 and a = 1·a+0·b b = 0 · a + 1 · b.29 Finally. One can show that at every intermediate step a1 x1 x2 b1 y1 y2 we always have a1 = x1 a + x2 b b1 = y1 a + y2 b. the other is. 2 = 1 · 2 so if we add −2 times row 1 to row 2 we get: (∗) This tells us that gcd(1876. It is a good idea however to check that equation (∗∗) holds. Note that it was not necessary to compute the last two entries −365 and 1876 in (∗). and the result follows. in fact. so when one element in column 1 is 0. 1 136 −699 . I will omit the details. Why Blankinship’s Method works: Note that just looking at what happens in the ﬁrst column you see that we are just doing the Euclidean Algorithm. 365) = 1 and (∗∗) 1 = 136 · 1876 + (−699)365. the gcd. In this case we have: 136 · 1876 = 255136 (−699) · 365 = −255135 1 So it is correct. 0 −365 1876 .

Note that d in Exercise 9. b = 11321 Exercise 9. b) = 1. BLANKINSHIP’S METHOD Exercise 9.2. b). Find integers a.1. Show that if 1 = as + bt then gcd(a. b. Use Blankinship’s method to compute the s and t in Bezout’s Lemma for each of the following values of a and b. (2) d = sa + tb. t such that all of the following hold (1) a > 0. (1) a = 267. . s. d. and (3) d = gcd(a. b > 0. b = 135 (3) a = 11312.3 cannot be 1 by Exercise 9. b = 112 (2) a = 216. Exercise 9.3.2.30 CHAPTER 9.

a = n and a | n. so b = 1. call it m. 31 . Hence 1 ≤ a and 1 ≤ b. So the set S must be empty and this proves the lemma. If b = n then a = 1. Lemma 10. Now m > 1 and has no prime divisor.1 m = ab. which is also not possible. By Theorem 3. Lemma 10. If n is composite there is a positive integer a such that a = 1. Since a = 1 and a = n we have 1 < a < n. Remark 10.Chapter 10 Prime Numbers Deﬁnition 10. Let n ≥ 2. 1 < a < m. Proof. Assume there is some integer n > 1 which has no prime divisor.1(10) a ≤ n and b ≤ n. there is a prime p such that p | n. An integer n is composite if n ≥ 2 and n is not prime. So a must have a prime divisor. Let S denote the set of all such integers.1.2. 1 < a < n. 1 < b < m.1. Since 1 < a < m then a is not in the set S. Proof. Hence m is composite. So m cannot be prime. If b = 1 then a = n. Then p | a and a | m so by Theorem 3. This contradicts the fact that m has no prime divisor.1. By the Well-Ordering Property there is a smallest such integer. The converse is obvious. call it p. This means that n = ab for some b. and 1 < b < n. Therefore by Lemma 10. If n > 1. The number 1 is neither prime nor composite. Since n and a are positive so is b. which is not possible.1. So 1 < b < n. p | m. An integer p is prime if p ≥ 2 and the only positive divisors of p are 1 and p. An integer n ≥ 2 is composite if and only if there are integers a and b such that n = ab.

Let n > 1 be composite. p2 .2 N has a prime divisor p. So a ≤ n or n = √ > n n = n. < 1 I claim that one of a or b is ≤ n. If n = 2 we have 2 · 3 + 1 = 7 is prime. By Basic Axiom 3 in Chapter 1 this implies that pi = 1. pi = the i-th prime.2. √ ab b ≤ n. . Use the idea of the above proof to show that if q1 . So by Exercise 3. . You may want to use the next theorem to check primality. pn . . / Exercise 10.32 CHAPTER 10. . . √ Hence √ √ This implies n > n. that is pi | 1.1. . By assumption p = pi for some i = 1. say: p1 . qn are primes there is a prime q ∈ {q1 . . Suppose a ≤ n. . PRIME NUMBERS Theorem 10. [Hint: If n = 1 we have 2 + 1 = 3 is prime. Proof.1 √ since a | n we have p | n. . by Theorem 3. If n = 3 we have 2 · 3 · 5 + 1 = 31 is prime. . Also by Theorem 3. n. Since 1 < a. Deﬁne N = p1 p2 · · · pn + 1. If n > 1 is composite then n has a prime divisor p ≤ n. by way of contradiction.1 (Euclid’s Theorem). . by Lemma 10. Hence.2 there is a prime q such that q | N.2 there is a prime p such that p | a. By / Lemma 10. . This contradicts the fact that primes are > 1. .2. . It follows that the assumption that there are only ﬁnitely many primes is not true. qn }. . qn }. So by Lemma 10. . Note that a = pi (p1 p2 · · · pi−1 pi+1 · · · pn ) .] √ Theorem 10. Prove or disprove that p1 p2 · · · pn + 1 is prime for all n ≥ 1. p3 = 5. . Exercise 10. . a contradiction. Assume. clearly N ≥ 3. There are inﬁnitely many prime numbers. Proof. Try the next few values of n. p2 = 3.2 pi | (a + 1) − a. . Let a = p1 · · · pn . Now N = a + 1 and by assumption pi | a + 1. . . and. so pi | a. q2 . Since p1 ≥ 2. in general. √ Then n = ab where 1√ a < n and√ < b < n. . that there are only a ﬁnite number of prime numbers. Prove that q ∈ {q1 .1 since p | a we have p ≤ a ≤ n. Hint: Take N = q1 · · · qn + 1. . Let p1 = 2. If not then a > n and b > n. .

x π(x) x ln(x) x ln(x)−1 x 1 dt 2 ln(t) 25 22 28 29 102 3 10 168 145 169 177 4 1229 1086 1218 1245 10 105 9592 8686 9512 9629 6 78498 72382 78030 78627 10 664579 620421 661459 664917 107 108 5761455 5428681 5740304 5762208 9 50847534 48254942 50701542 50849234 10 1010 455052511 434294482 454011971 455055614 You may judge for yourself which approximations appear to be the best. 221. Deﬁnition 10. determine the primality1 of the following integers: 143. Consider the number 97. One easily checks that 97 mod 2 = 1. π(x) denotes the number of primes p such that p ≤ x. 97 mod 5 = 2. 199. 97 mod 3 = 1. 3. Exercise 10. 5. I also include known approximations to π(x). √ √ Example 10. We can use Theorem 10.2. . 3. .2 to help decide whether or not an integer is prime: To check whether or not n > 1 is prime we need only try √ to divide it by all primes p ≤ n. 10.1. Note that 97 < 100 = 10. 3521.2. . So none of the primes 2.2. as in the above example. 5. x > 0. 97 mod 7 = 6. and 7 we have π(10) = 4. but for the table I have rounded each to the nearest integer. since the only primes p ≤ 10 are 2.3. . The values in the table were computed using Maple. Let x ∈ R. Note that the formulas for the approximations do not give integer values.2. This table has been continued up to 1021 . 223. and 7. By using Theorem 10. .33 Remark 10. The primes ≤ 10 are 2. 3. If none of these primes divides n then n must be prime. but people are still working on ﬁnding 1 This means determine whether or not each number is prime. Here is a table of values of π(10i) for i = 2. 7 divide 97 and 97 is prime by Theorem 10. For example. 5.

0≤i≤n−1 are composite. so a + i is composite. . a + 2. Find 10 consecutive composite numbers. a + 1. Use the Prime Number Theorem and a calculator to approximate the number of primes ≤ 108 . For any positive integer n there is an integer a such that the n consecutive integers a. Since (n + 1) ≥ 2 clearly 2 | (n + 1)! and 2 | 2. Of course.34 CHAPTER 10.4. Since (n + 1)! + 2 > 2.4. The above approximations are based on the so-called Prime Number Theorem ﬁrst conjectured by Gauss in 1793 but not proved till over 100 years later by Hadamard and Vall´e Poussin. Although there are inﬁnitely many primes there are long stretches of consecutive integers containing no primes.3 (The Prime Number Theorem). (n + 1)! + 2 is composite. Proof. Now a + i > i + 2 > 1. e Theorem 10. (∗) means that lim π(x) x ln(x) x→∞ = 1. . We claim that all the numbers a + i. a + (n − 1) are all composite. . Thus i + 2 | (n + 1)! and i + 2 | i + 2. . PRIME NUMBERS the value of π(1022 ). Remark 10. Theorem 10. Therefore i + 2 | a + i.5. Exercise 10. (∗) π(x) ∼ x ln(x) for all x > 0. the approximations are easy to compute with Maple but the exact value of π(1022 ) is diﬃcult to ﬁnd.3. Exercise 10. Consider a + i = (n + 1)! + i + 2 where 0 ≤ i ≤ n − 1 so 2 ≤ i + 2 ≤ n + 1. Given n ≥ 1 let a = (n + 1)! + 2. . Hence 2 | (n + 1)! + 2. Note ln(108 ) = 8 ln(10).

(xn − 1) x−1 xn − 1 = (x − 1) 1 + x + x2 + · · · + xn−1 if x = 1 and n ≥ 1.9.35 Exercise 10. (b) Is 2n − 1 always prime if n is prime? Explain. .6.4 1 + x + x2 + · · · + xn−1 = that is. Show that if p and q are primes and p | q.8. Exercise 10. (a) Is 2n − 1 always prime if n ≥ 2? Explain. then p = q. Prove that 2 is the only even prime number.] Exercise 10.7. (Joke: Hence it is said that 2 is the ”oddest” prime. [Hint: By Exercise 2.) Exercise 10. Prove that if a and n are positive integers such that n ≥ 2 and an − 1 is prime then a must be 2.

36

CHAPTER 10. PRIME NUMBERS

**Chapter 11 Unique Factorization
**

Our goal in this chapter is to prove the following fundamental theorem. Theorem 11.1 (The Fundamental Theorem of Arithmetic). Every integer n > 1 can be written uniquely in the form n = p1 p2 · · · ps , where s is a positive integer and p1 , p2 , . . . , ps are primes satisfying p1 ≤ p2 ≤ · · · ≤ ps . Remark 11.1. If n = p1 p2 · · · ps where each pi is prime, we call this the prime factorization of n. Theorem 11.1 is sometimes stated as follows: Every integer n > 1 can be expressed as a product n = p1 p2 · · · ps , for some positive integer s, where each pi is prime and this factorization is unique except for the order of the primes pi . Note for example that 600 = 2 · 2 · 2 · 3 · 5 · 5 = 2·3·2·5·2·5 = 3·5·2·2·2·5 etc. Perhaps the nicest way to write the prime factorization of 600 is 600 = 23 · 3 · 52 . 37

38

CHAPTER 11. UNIQUE FACTORIZATION In general it is clear that n > 1 can be written uniquely in the form n = pa1 pa2 · · · pas , some s ≥ 1, 1 2 s

(∗)

**where p1 < p2 < · · · < ps and ai ≥ 1 for all i. Sometimes (∗) is written
**

s

n=

i=1

pai . i stands for sum.

Here

stands for product, just as

To prove Theorem 11.1 we need to ﬁrst establish a few lemmas. Lemma 11.1. If a | bc and gcd(a, b) = 1 then a | c. Proof. Since gcd(a, b) = 1 by Bezout’s Lemma there are s, t such that 1 = as + bt. If we multiply both sides by c we get c = cas + cbt = a(cs) + (bc)t. By assumption a | bc. Clearly a | a(cs) so, by Theorem 3.1, a divides the linear combination a(cs) + (bc)t = c. Deﬁnition 11.1. We say that a and b are relatively prime if gcd(a, b) = 1. So we may restate Lemma 11.1 as follows: If a | bc and a is relatively prime to b then a | c. Example 11.1. It is not true generally that when a | bc then a | b or a | c. For example, 6 | 4 · 9, but 6 4 and 6 9. Note that Lemma 11.1 doesn’t apply here since gcd(6, 4) = 1 and gcd(6, 9) = 1. Lemma 11.2 (Euclid’s Lemma). If p is a prime and p | ab, then p | a or p | b. Proof. Assume that p | ab. If p | a we are done. Suppose p a. Let d = gcd(p, a). Note that d > 0 and d | p and d | a. Since d | p we have d = 1 or d = p. If d = 1 then d = p. But this says that p | a, which we assumed was not true. So we must have d = 1. Hence gcd(p, a) = 1 and p | ab. So by Lemma 11.1, p | b.

pu and q1 . . Proof by induction on n. . If k + 1 is composite we can write k + 1 = ab where 1 < a < k + 1 and 1 < b < k + 1. . . . p | ai for some i ∈ {1. . So we can say p | ai for some i ∈ {1. . k +1}. .3. . Let n = p1 p2 · · · ps for some s ≥ 1.4 (Existence Part of Theorem 11. If n > 1 then there exist primes p1 . qv such that a = p1 · · · pu and b = q1 · · · qv . ps for some s ≥ 1 such that n = p1 p2 · · · ps and p1 ≤ p2 ≤ · · · ≤ ps . . . . k}. Hence by PMI. . . If k + 1 is prime we can take s = 1 and p1 = k + 1 and we are done. Let’s show it holds for n = k + 1. By the induction hypothesis there are primes p1 . If p | a = a1 · · · ak . Assume the lemma holds for n such that 2 ≤ n ≤ k. n}. . If p | a1 a2 · · · an .2. The result is clear if n = 1.1). . . So assume p is a prime and p | a1 a2 · · · ak ak+1 . Let s = u + v. Hence by PMI it holds for all n ≥ 1. . Proof. This gives us k + 1 = ab = p1 p2 · · · pu q1 q2 · · · qv . Let p be prime. . . . it holds for all n > 1. Lemma 11. . So the lemma holds for n = k + 1. .5 (Uniqueness Part of Theorem 11. Assume that the lemma holds for n such that 1 ≤ n ≤ k. Proof. .39 Lemma 11. an .1). If p | b = ak+1 then p | ak+1 . be integers. 2. with starting value n = 2: If n = 2 then since 2 is prime we can take p1 = 2. that is k + 1 is a product of primes. Then p | a or p | b by Lemma 11. By reordering and relabeling where necessary we have k + 1 = p1 p2 · · · ps where p1 ≤ p2 ≤ · · · ≤ ps . a2 . . n ≥ 1. 2. . by the induction hypothesis. . Let a = a1 a2 · · · ak and b = ak+1 . We use induction on n. Lemma 11. Let a1 . then p | ai for at least one i ∈ {1. . . s = 1. So the lemma holds for n = k +1. Let’s show it holds for n = k + 1.

9 that pk+1 = qi . Thus we have k + 1 = t and pi = qi for i = 1. . . . . . . . . this contradicts the fact that p1 is prime. So by Lemma 11. We want to show that it holds for s = k + 1.40 and CHAPTER 11. UNIQUE FACTORIZATION n = q1 q2 · · · qt for some t ≥ 1. So the lemma holds for s = k + 1 and by the PMI.3 pk+1 | qi for some i ∈ {1. Note that p1 p2 · · · pk pk+1 = q1 q2 · · · qt−1 qt Since pk+1 = qt we can cancel this prime from both sides and we have p1 p2 · · · pk = q1 q2 · · · qt−1 . So assume n = p1 p2 · · · pk pk+1 and n = q1 q2 · · · qt where p1 ≤ p2 ≤ · · · ≤ pk+1 and q1 ≤ q2 ≤ · · · ≤ qt . t}. . Our proof is by induction on s. t. . . Then n = p1 is prime and we have p1 = n = q1 q2 · · · qt . . . Hence qt = pj ≤ pk+1 . it holds for all s ≥ 1. . Now assume the result holds for all s such that 1 ≤ s ≤ k. t = s and pi = qi for i = 1. qt are primes satisfying p1 ≤ p2 ≤ · · · ≤ ps and q1 ≤ q2 ≤ · · · ≤ qt . where p1 . It follows from Exercise 10. t. . . By a similar argument qt | n so qt | p1 · · · pk+1 and qt = pj for some j. . . . Suppose s = 1. Hence pk+1 = qi ≤ qt . . Proof. . . . 2. t − 1. as desired. 2. Now by the induction hypothesis k = t − 1 and pi = qi for i = 1. If t > 1. ps . Then. 2. . q1 . . This shows that pk+1 ≤ qt ≤ pk+1 so pk+1 = qt . So t = 1 and we have p1 = q1 . Clearly pk+1 | n so pk+1 | q1 · · · qt .

pk and integers a1 .b2 ) p2 · · · pk min(ak . the Euclidean algorithm is relatively fast. . Find the prime factorizations of 1147 and 1716 by trying all √ √ primes p ≤ 1147 (p ≤ 1716) in succession. If a and b are positive integers we can ﬁnd primes p1 . . . . ak . . . .2. b1 . if a and b are given by (∗∗) we have gcd(a. . b) = p1 min(a1 . But generally speaking factorization is very diﬃcult! On the other hand. Remark 11.bk ) . 252) = 22 · 31 · 50 · 70 . . . In general. This gives one way to calculate the gcd provided you can factor both numbers. if a = 600 and b = 252 we have 600 = 23 · 31 · 52 · 70 252 = 22 · 32 · 50 · 7.4 and 11.1.b1 ) min(a2 .41 Now the proof of Theorem 11. bk each ≥ 0 such that (∗∗) a = pa1 pa2 · · · pak 1 2 k bk b1 b2 b = p1 p2 · · · pk For example.1 follows immediately from Lemmas 11. It follows that gcd(600. Exercise 11. . . .5.

UNIQUE FACTORIZATION .42 CHAPTER 11.

But we just showed that if an − 1 is prime we must have a = 2.1.5. If not n = st where 1 < s < n. for example. Hence s = 1. numbers of the form an + 1 or an − 1.Chapter 12 Fermat Primes and Mersenne Primes Finding large primes and proving that they are indeed prime is not easy. So we must have 2s = 2. Then 2n − 1 = 2st − 1 = (2s )t − 1 is prime. 43 . We claim that n is prime. t = n. This proves (1). For example we have: Theorem 12. Proof of (1). One way to ﬁnd large primes is to look at numbers that have some special form. So n is not composite. page 6. Let a > 1 and n > 1. We know from Exercise 2. 1 < t < n. It is easy to rule out some values of a and n. Hence n must be prime. Now suppose 2n − 1 is prime. Hence if an − 1 is prime we must have a = 2. that an − 1 = (a − 1)(an−1 + · · · + a + 1) (∗) Note that if a > 2 and n > 1 then a − 1 > 1 and an−1 + · · ·+ a + 1 > a + 1 > 3 so both factors in (∗) are > 1 and an − 1 is not prime. Then (1) an − 1 is prime ⇒ a = 2 and n is prime (2) an + 1 is prime ⇒ a is even and n = 2k for some k ≥ 1.

Then an + 1 would be even. F3 = 257 and F4 = 65537 n are primes. n ≥ 0. It is known that Fn is composite for many values of n ≥ 5. [Go to any campus computer lab. an + 1 is not prime. . n ≥ 2. Deﬁnition 12. . . Also an + 1 prime implies that a is even since if a is odd so is an . When the window comes up.44 CHAPTER 12. . If n ≥ 2 we have 1 < a + 1 < an + 1. This includes all n such that 5 ≤ n ≤ 30 and a large number of other values of n including 382447 (the largest one I know of). is said to be a Mersenne number.1. etc. etc. it is called a Mersenne prime. If Mn is prime. type at the prompt > the following: . This shows that if n is odd and a > 1. Use Maple to factor F5 . The only even prime is 2.. is called a Fermat number. A number of the form Mn = 2n − 1. (−a)n−2 = −an−2 . As n increases the numbers Fn = 2(2 ) + 1 increase in size very rapidly. 43 we have (∗) an − 1 = (a − 1)(an−1 + an−2 + · · · + a + 1). . A n number of the form Fn = 2(2 ) + 1. FERMAT PRIMES AND MERSENNE PRIMES Proof of (2). . Then if s an + 1 is prime we have (a2 )t + 1 is prime. n − 2 is odd. But since we assume a > 1 we have a ≥ 2 so an + 1 ≥ 3. Click or double-click on the Maple icon—or ask the lab assistant where it is located. Suppose n = 2s t where t is odd. . From (∗) on p. and are not easy to check for primality. One may prove that F0 = 3. n − 1 is even. If Fn is prime. it is called a Fermat prime. . F1 = 5. (−a)n−1 = an−1 . It is now conjectured that Fn is composite for n ≥ 5. Replace a by −a in (∗) and we get (∗∗) (−a)n − 1 = (−a − 1) (−a)n−1 + (−a)n−2 + · · · + (−a) + 1 Since n is odd. So (∗∗) yields −(an + 1) = −(a + 1) an−1 − an−2 + · · · + −a + 1 . F2 = 17. Exercise 12. But by what we just showed this cannot be prime if t is odd and t ≥ 2. So we must have t = 1 and n = 2s .1. So Fermat’s original thought that Fn is prime for n ≥ 0 seems to be pretty far from reality. we have (−a)n = −an . Multiplying both sides by −1 we get (an + 1) = (a + 1)(an−1 − an−2 + · · · − a + 1) when n is odd.

Over the years people have continued to work on the problem of determining for which primes p. George Woltman. The most basic question about Mersenne primes is: Are there inﬁnitely many Mersenne primes? Exercise 12. 216091. 21701. The Maple command for determining whether or not an integer n is prime is isprime(n). as a part of the Great Internet Mersenne Prime Search (GIMPS). 11213. 127. 2001. 3021377. 7. 1398269. 107. 3217. Later we show the connection between Mersenne primes and perfect numbers. Hit the return key and you will get the answer. 946 digits. 2976221. 3. It is known that 2p − 1 is prime if p is one of the following 39 primes 2. To date 39 Mersenne primes have been found. If Mn is prime. But M11 = 211 − 1 = 2047 = 23 · 89 is not prime.1.1 (1). This is immediate from Theorem 12. The following primality test for Mersenne numbers makes it easier to check whether or not Mp is prime when p is a large prime. At ﬁrst it was thought that Mp = 2p − 1 is prime whenever p is prime. 9941.45 > ifactor(2^32 + 1). 1279. was found on November 14. 4253. 89. 19. 1257787. 132049. Proof. 110503. 86243. 13. You may use Maple for this exercise. 44497. 61. Lemma 12. 859433. The largest one.] M3 = 23 − 1 = 7 is a Mersenne prime and M4 = 24 − 1 = 15 is a Mersenne number which is not a prime. 2281. 19937. 053. 13466917. 2203. 521. M13466917 = 213466917 − 1. 6972593. 31. then n is prime. . but we will only know this for sure when GIMPS completes testing all exponents below this one.You can ﬁnd the link to Chris Caldwell’s page on the class syllabus on my homepage. Mp = 2p − 1 is prime. This prime could be the 39th Mersenne prime (in order of size). Scott Kurowski et al. 607.2. 9689. 4423. The decimal representation of this number has 4. It was found by the team of Michael Cameron. 5. 756839. 17. Determine which Mersenne numbers Mn are prime when 2 ≤ n ≤ 12. see Chris Caldwell’s page for more about this. 23209.

Then Mp = M5 = 31. Let p = 5. r1 r2 r3 r4 =4 = (42 − 2) mod 31 = 14 mod 31 = 14 = (142 − 2) mod 31 = 194 mod 31 = 8 = (82 − 2) mod 31 = 62 mod 31 = 0.1. r2 . On the other hand. One place to ﬁnd a proof is the book “A Selection of Problems in the Theory of Numbers” by W. .3. . [The proof of this is not easy. Exercise 12. Remark 12. Deﬁne the sequence r1 . . FERMAT PRIMES AND MERSENNE PRIMES Theorem 12.1. 1964. if one attempts to prove Mp prime by testing p all primes ≤ Mp one must consider about 2 2 steps. Pergamon Press. rp−1 by the rules r1 = 4 and for k ≥ 2. This is MUCH larger than p in general. Hence by the Lucas-Lehmer test.2 (The Lucas-Lehmer Mersenne Prime Test). r3 . Then Mp is prime if and only if rp−1 = 0. Sierpinski. Note that the Lucas-Lehmer test for Mp = 2p − 1 takes only p − 1 steps. Show using the Lucas-Lehmer test that M7 = 127 is prime. 2 rk = (rk−1 − 2) mod Mp . Let p be an odd prime. . .46 CHAPTER 12. M5 = 31 is prime.] Example 12.

Deﬁnition 13. 12 = 3 · 22 has positive divisors 1. A positive divisor d of n is said to be a proper divisor of n if d < n. σ(n) = the sum of the positive divisors of n. 3.3. 2. Note that if n ≥ 2 then σ ∗ (n) = σ(n) − n. Example 13. Deﬁnition 13. For n > 0 deﬁne: τ (n) = the number of positive divisors of n.1.2. The proper divisors of 6 are 1. 47 .1. Example 13. 2 and 3.Chapter 13 The Functions σ and τ Deﬁnition 13.3. 12. n > 1 is perfect if σ ∗ (n) = n. So σ ∗ (6) = 6. Example 13. We denote the sum of all proper divisors of n by σ ∗ (n). 6. σ ∗ (12) = 16. 4. Therefore 6 is perfect. Hence τ (12) = 6 and σ(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28.2.

where p1 < p2 < · · · < pr are primes and ei ≥ 0 for each i ∈ {1. So. 2−1 3−1 [Proof of Theorem 13. . [Proof of (2)] We ﬁrst establish two lemmas. Then σ(n) = σ(a)σ(b). 1. That is.48 CHAPTER 13. b > 0 and gcd(a. The theorem says τ (72) = (3 + 1)(2 + 1) = 12 24 − 1 33 − 1 σ(72) = = 15 · 13 = 195.1.1 (1)] From the Fundamental Theorem of Arithmetic every positive factor d of n will have its prime factors coming from those of n. for each fi we can choose a value in the set of ei + 1 numbers {0. Let n = pe 1 pe 2 · · · pe r . So (1) holds. f2 . . in all. b) = 1. pr − 1 Before proving this let’s look at an example. . Hence d | n iﬀ d = pf1 pf2 · · · pfr where for each i: 1 2 r 0 ≤ fi ≤ ei . . ei }. The next theorem shows a simple way to compute σ(n) and τ (n) from the prime factorization of n. Since a and b have only 1 as a common factor.1. 2. Let n = ab where a > 0. . Then (1) τ (n) = (e1 + 1)(e2 + 1) · · · (er + 1) (2) σ(n) = pe1 +1 − 1 1 p1 − 1 e p22 +1 − 1 p2 − 1 ··· e prr +1 − 1 . . . Lemma 13.1. fr . 1 2 r r ≥ 1. Proof. 2. r}. Prove that 28 is perfect. . . Theorem 13. using the Fundamental Theorem of Arithmetic it is easy to see that d | ab ⇔ d = d1 d2 where d1 | a . THE FUNCTIONS σ AND τ Exercise 13. . . Take n = 72 = 8 · 9 = 23 · 32 . . there are (e1 + 1)(e2 + 1) · · · (er + 1) choices for the exponents f1 .

. a1 · bt . . a1 . . . a1 · 1. as · 1. Let 1. a1 · b1 . . . . . . as · b1 . By adding these partial sums together we get σ(n) = σ(b) + a1 σ(b) + a2 σ(b) + · · · + a3 σ(b) = (1 + a1 + a2 + · · · + as )σ(b) = σ(a)σ(b). It is important to note that since gcd(a. . as · b2 . . . as · bt . as · 1 + as b1 + · · · + as bt = as σ(b). . . . The divisors of n = ab can be listed as follows 1. a2 · b2 . . a2 · bt . . a2 · b1 . as denote the divisors of a and let 1. . Then σ(a) = 1 + a1 + a2 + · · · + as . b1 . . a2 · 1. b) = 1. . b1 . . This proves the lemma. . . ai bj = ak b implies that ai = ak and bj = b . σ(b) = 1 + b1 + b2 + · · · + bt . . That is. . bt denote the divisors of b. the divisors of ab are products of the divisors of a and the divisors of b. That is there are no repetitions in the above array. . If we sum each row we get 1 + b1 + · · · + bt = σ(b) a1 1 + a1 b1 + · · · + a1 bt = a1 σ(b) . b2 . bt . . . .49 and d2 | b. . a1 · b2 .

σ(p ) = 1 + p + p + · · · + p = p−1 k 2 k as desired. Our proof is 1 2 r by induction on r. p2. . Let a = pe1 · · · pek . So by Lemma 13. (1) n = 900 (2) n = 496 (3) n = 32 . 1 k ek+1 b = pk+1 .2 e pe1 +1 − 1 pek +1 − 1 1 ··· k p1 − 1 pk − 1 k+1 pk+1 − 1 σ(b) = pk+1 − 1 +1 and it follows that σ(n) = e p11 +1 − 1 p1 − 1 ··· k+1 pk+1 − 1 pk+1 − 1 e +1 . Exercise 13. . By PMI it holds for r ≥ 1.50 CHAPTER 13. Find σ(n) and τ (n) for the following values of n. . n = pe1 and the result follows from Lemma 13. 1 Suppose the result is true when 1 ≤ r ≤ k. If r = 1.1 we have σ(n) = σ(a)σ(b). b) = 1.2. If p is a prime and k ≥ 0 we have σ(pk ) = pk+1 − 1 . THE FUNCTIONS σ AND τ Lemma 13. p. . . Since p is prime. Proof of Theorem 13. the divisors of pk are 1. pk . pk . p−1 Proof.2.2. So the result holds for r = k + 1. Hence pk+1 − 1 . . . Clearly gcd(a.1 (2) (continued). Let n = pe1 pe2 · · · per . let ek+1 n = pe1 · · · pek pk+1 1 k where the primes p1 . . Consider now the case r = k + 1. pk+1 are distinct and ei ≥ 0. That is. By the induction hypothesis σ(a) = and by Lemma 13.

2 are perfect.51 (4) n = 128 (5) n = 1024 Exercise 13. b) = 1.4.] .1 hold if we replace σ by σ ∗ ? [Hint: The answer is no. Does Lemma 13. Exercise 13.3. but ﬁnd explicit numbers a and b such that the result fails yet gcd(a. Determine which (if any) of the numbers in Exercise 13.

52 CHAPTER 13. THE FUNCTIONS σ AND τ .

Note that 22 = 4. 28 = 22 · 7. by p −1 q 2 −1 = (2p − 1)(q + Theorem 13. then 2p−1 · (2p − 1) is perfect. 23 − 1.1 (2) we have σ(n) = σ (2p−1 q) = 22−1 q−1 1) = (2p − 1)2p = 2n. If 2p − 1 is a Mersenne prime. 496 = 24 · (25 − 1). 28 = 22 · (23 − 1). 23 = 8. 27 − 1 are Mersenne primes. One might conjecture that all perfect numbers follow this pattern. 53 . 000 you will ﬁnd only the following perfect numbers: 6 = 2 · 3. Proof. Write q = 2p − 1 and let n = 2p−1 q.Chapter 14 Perfect Numbers and Mersenne Primes If you do a search for perfect numbers up to 10. We start with the following result. 8128 = 26 · 127. Theorem 14. 25 = 32. 496 = 24 · 31. 8128 = 26 · (27 − 1). σ(n) = 2n and n is perfect. That is. 25 − 1. We discuss to what extent this is known to be true. 27 = 128 so we have: 6 = 2 · (22 − 1). Note also that 22 − 1. Since q is odd and prime.1.

So q must be a Mersenne prime and k + 1 = p is prime. This can only happen if q has only one proper divisor. σ(n) = 2n. So we have 2k+1 q = 2n = σ(n) = (2k+1 − 1)σ(q). Let n be even and perfect. Proof. So n = 2p−1 · (2p − 1). We take out as many powers of 2 as possible obtaining (∗) n = 2k · q. PERFECT NUMBERS AND MERSENNE PRIMES Now we show that all even perfect numbers have the conjectured form. Since n is perfect σ ∗ (n) = n. Putting this in (∗∗) we get 2k+1q = (2k+1 − 1)(σ ∗ (q) + q) or which implies (∗ ∗ ∗) σ ∗ (q)(2k+1 − 1) = q. If n is even and perfect then there is a Mersenne prime 2p − 1 such that n = 2p−1 (2p − 1).2. σ ∗ (q) is a divisor of q. Since n is even. 2k+1q = (2k+1 − 1)σ ∗ (q) + 2k+1q − q 2k+1 q = (2k+1 − 1)σ(q). But σ ∗ (q) is the sum of all proper divisors of q. k ≥ 1. q odd.2: σ(n) = σ(2k )σ(q) = (2k+1 − 1)σ(q). Since q is odd. Then (∗ ∗ ∗) shows that q = 2k+1 − 1. so by Lemmas 13. Theorem 14. that is. n = 2m for some m. hence (∗∗) Now σ ∗ (q) = σ(q) − q. so σ(q) = σ ∗ (q) + q. In other words. . q) = 1. So σ ∗ (q) is a proper divisor of q. Since k ≥ 1 we have 2k+1 − 1 ≥ 4 − 1 = 3. as desired.1 and 13. This means that q must be prime and σ ∗ (q) = 1.54 CHAPTER 14. gcd(2k .

Remark 14. Some think that Euclid’s knowledge that 2p−1 (2p −1) is perfect when 2p −1 is prime may have been his motivation for deﬁning prime numbers. There is a 1–1 correspondence between even perfect numbers and Mersenne primes. Are there any odd perfect numbers? So far no one has found a single odd perfect number. Three Open Questions: 1. Are there inﬁnitely many Mersenne primes? 3.1. Are there inﬁnitely many even perfect numbers? 2.55 Corollary 14. .1. it must be > 1050 . It is known that if an odd perfect number exists.

56 CHAPTER 14. PERFECT NUMBERS AND MERSENNE PRIMES .

” Remark 15. Let m ≥ 0. (1) 25 ≡ 1 (mod 4) since 4 | 24 (2) 25 ≡ 2 (mod 4) since 4 23 (3) 1 ≡ −3 (mod 4) since 4 | 4 (4) a ≡ b (mod 1) for all a.1.Chapter 15 Congruences Deﬁnition 15. b since “0 divides only 0.1. Here m is said to be the modulus of the congruence. The notation a ≡ b (mod m) means that it is false that a ≡ b (mod m). We write a ≡ b (mod m) if m | a − b.” (5) a ≡ b (mod 0) ⇐⇒ a = b for all a. As you see.1 with that of Deﬁnition 5. WARNING.3. but have diﬀerent meanings: Recall a mod b = r where r is the remainder given by the Division Algorithm when a is divided by b 57 . Do not confuse the use of mod in Deﬁnition 15. the cases m = 1 and m = 0 are not very interesting so mostly we will only be interested in the case m ≥ 2. Examples 15. b since “1 divides everything. We shall see that the two uses of mod are related.1. and we say that a is congruent to b modulo m.

1 CHAPTER 15. and (mod 4) is true . CONGRUENCES a ≡ b (mod m) means m | a − b. “⇒” Assume that a ≡ b (mod m). . whereas the mod in a mod b is a binary operation.2. since the latter means 25 = 1. expressions such as x ≡ 2 (mod 16) 25 ≡ 5 (mod 5) 3 x + 2x ≡ 6x2 + 3 (mod 27) are called congruences.58 and by Deﬁnition 15. Let r1 = a mod m and r2 = b mod m. (2) a = mq1 + r1 .2. By analogy. We want to show that r1 = r2 . For m > 0 and for all a. 0 ≤ r1 < m.1. By deﬁnition we have (1) m | a − b. Before discussing further the analogy between equations and congruences. b: a ≡ b (mod m) ⇐⇒ a mod m = b mod m. Theorem 15. Remark 15. we show the relationship between the two diﬀerent deﬁnitions of mod. More terminology: Expressions such as x=2 42 = 16 x2 + 2x = sin(x) + 3 are called equations. Example 15. Proof. The mod in a ≡ b (mod m) deﬁnes a binary relation. 25 ≡ 5 since 4 | 20 but 25 = 5 mod 4 is false .

Hence a = mt + b.1. 0 ≤ r2 < m From (1) we obtain a − b = mt for some t. Exercise 15.1 show that the following congruences are true 385 ≡ 322 (mod 3) −385 ≡ −322 (mod 3) 1 ≡ −17 (mod 3) 33 ≡ 0 (mod 3). Since 0 ≤ r1 < m and 0 ≤ r2 < m by the uniqueness part of the Division Algorithm we obtain r1 = r2 . . Hence a − b = m (q1 − q2 ) . We must show that a ≡ b (mod m). Let r = a mod m = b mod m. as desired. Using (2) and (3) we see that a = mq1 + r1 = m (q2 + t) + r2 .2 are valid.59 (3) b = mq2 + r2 . Using Deﬁnition 15. Exercise 15. “ ⇐” Assume that a mod m = b mod m.2. Exercise 15. as desired. and b = mq2 + r. 0 ≤ r < m. This shows that m | a − b and hence a ≡ b (mod m). Prove that for all m > 0 and for all a: a ≡ a mod m (mod m).3.1 to show that the congruences in Exercise 15. then by deﬁnition we have a = mq1 + r. Use Theorem 15. 0 ≤ r < m.

. Find integers a and b such that 1 < a < 15. . 1 < b < 15. of course. Here. . Exercise 15. By the linearity property m | (a − b) + (b − c). . a0 are integers and x also represents an integer variable. . n ≥ 0 and n is an integer. then a≡b (mod m) ⇒ a ≡ b (mod d). Recall that a polynomial is an expression of the form f (x) = an xn + an−1 xn−1 + · · · + a1 x + a0 . 1.5. m − 1} such that a ≡ r (mod m). so m | b − a. Show that if m > 0 and a is any integer. CONGRUENCES Exercise 15. 2. and ab ≡ 1 (mod 15).7. c and m > 0 we have (1) a ≡ a (mod m) [reﬂexivity] [symmetry] [transitivity] (2) a ≡ b (mod m) ⇒ b ≡ a (mod m) (3) a ≡ b (mod m) and b ≡ c (mod m) ⇒ a ≡ c (mod m) Proof of (1). m | a − c. then m | a − b. there is a unique integer r ∈ {0. . Exercise 15.6. For all a. Proof of (2). Hence a ≡ a (mod m). Hence a ≡ c (mod m).2 (Congruence is an equivalence relation). Hence a − b = mq. The next two theorems show that congruences and equations share many similar properties. If a ≡ b (mod m). Here we will assume that the coeﬃcients an . a − a = 0 = 0 · m. Find integers a and b such that 0 < a < 15. Exercise 15. Proof of (3). b. . If a ≡ b (mod m) and b ≡ c (mod m) then m | a − b and m | b − c. Hence b ≡ a (mod m). so m | a − a. That is. (a) Show that a is even ⇔ a ≡ 0 (mod 2) and a is odd ⇔ a ≡ 1 (mod 2). Show that if d | m and d > 0. Theorem 15.60 CHAPTER 15. Exercise 15.8. .4. . (b) Show that a is even ⇔ a mod 2 = 0 and a is odd ⇔ a mod 2 = 1. Hence b − a = m(−q). 0 < b < 15 and ab ≡ 0 (mod 15).

This. If a ≡ b (mod m) and c ≡ d (mod m). . Since m | a − b and m | c − d by linearity m | c(a − b) + b(c − d). hence m | ca − bd. Proof of (2). Proof of (1). it suﬃces to prove only the “+ case. Assume the result holds for n = k. To prove (1) since a − c = a + (−c). Then we have (∗) ck ak + · · · + c1 a + c0 ≡ ck bk + · · · + c1 b + c0 (mod m). together with a ≡ b (mod m) using (2) above. then (1) a ± c ≡ b ± d (mod m) (2) ac ≡ bd (mod m) (3) an ≡ bn (mod m) for all n ≥ 1 (4) f (a) ≡ f (b) (mod m) for all polynomials f (x) with integer coeﬃcients. Hence ak+1 ≡ bk+1 (mod m). gives aak ≡ bbk (mod m). Proof of (4). Proof of (3). We prove by induction on n that if a ≡ b (mod m) then cn an + · · · + c0 ≡ cn bn + · · · + c0 (mod m). the result is true by our assumption that a ≡ b (mod m). If n = 1. By linearity. If n = 0 we have c0 ≡ c0 (mod m) by Theorem 15. m | (a − b) + (c − d). Let f (x) = cn xn + · · · + c1 x + c0 .61 Theorem 15. as desired.” By assumption m | a − b and m | c − d. Then we have ak ≡ bk (mod m). So it holds for all n ≥ 1. Assume it holds for n = k. and so ca ≡ bd (mod m). by the PMI. Now c(a − b) + b(c − d) = ca − bd. Hence a + c ≡ b + d (mod m). that is m | (a + c) − (b + d).3. We prove an ≡ bn (mod m) by induction on n.2 (1).

Since ck+1 ≡ ck+1 (mod m) using (2) above we have (∗∗) ck+1 ak+1 ≡ ck+1 bk+1 (mod m). (This example was taken from [1] Introduction to Analytic Number Theory. Before continuing to develop properties of congruences.3 (1) to (∗) and (∗∗) to obtain ck+1 ak+1 + ck ak + · · · + c0 ≡ ck+1 bk+1 + ck bk + · · · + c0 So by the PMI. 536 ≡ 154 (mod 641). Now we can apply Theorem 15.62 CHAPTER 15.3. F3 = 257. We show using congruences without explicitly calculating F5 that F5 = 232 + 1 is divisible by 641 and is therefore not prime : 22 = 4 24 = 22 28 = 24 216 = 28 2 2 2 = 42 = 16 = 162 = 256 = 2562 = 65. 537 (mod m). 716 ≡ 640 (mod 641) 2 216 ≡ 154 (mod 641). we give the following example to show one way that congruences can be useful.3 (3): 216 That is. CONGRUENCES By part (3) above we have ak+1 ≡ bk+1 (mod m).) The ﬁrst ﬁve Fermat numbers F0 = 3. by Tom Apostol. 716 (mod 641). F4 = 65. F1 = 5. ≡ (154)2 (mod 641). 232 ≡ 23. Example 15. F2 = 17. are primes. So we have By Theorem 15. the result holds for n ≥ 0. Since 23. . 536 65.

Note that 641 is the 116th prime. 417) and that 641 and 6. a ≡ b (mod m1 ) and a ≡ b (mod m2 ) (mod m) where 0 ≤ r < m [Hint.10.4 and the ideas used in the example on page 62.4.9. Use Lemma 11. 294.] . so 232 + 1 is composite. 297 = (641) · (6. 700.1.1 (p. [Hint: The Division Algorithm may be useful.] Exercise 15. Exercise 15. Of course. Prove that (15. Theorem 15. and that assumes that you have a list of the ﬁrst 116 primes.63 and 640 ≡ −1 (mod 641) we have and hence 232 ≡ −1 (mod 641) 232 + 1 ≡ 0 (mod 641). So 641 | 232 + 1. If m > 0 and a≡r then a mod m = r. m2 ) = 1. 417 are indeed primes. if you already did Exercise 12. Find the value of each of the following (without using Maple!). 967.11.] Exercise 15. 700. Let gcd (m1 .2) a ≡ b (mod m1 m2 ). (1) 232 mod 7 (2) 1035 mod 7 (3) 335 mod 7 [Hint: Use Theorem 15. so if you used trial division you would have had to divide by 115 primes before reaching one that divides 232 + 1. page 38.1) if and only if (15. 44) you will already know that 232 + 1 = 4.4. as claimed. Clearly 232 + 1 = 641. Prove Theorem 15.

CONGRUENCES .64 CHAPTER 15.

Chapter 16 Divisibility Tests for 2. then (a) a mod 2 = a0 mod 2. (c) a mod 3 = (an−1 + · · · + a0 ) mod 3. 5. n − 1. Let the decimal representation of a be given by (1). let’s give some examples. 3. (e) a mod 11 = (a0 − a1 + a2 − a3 + · · · ) mod 11.1. (b) a mod 5 = a0 mod 5. . 9. . 1. Theorem 16. . . (d) a mod 9 = (an−1 + · · · + a0 ) mod 9. Before proving this theorem.2 on page 14 that the decimal representation of the positive integer a is given by (1) when a = an−1 10n−1 + an−2 10n−2 + · · · + a1 10 + a0 and 0 ≤ ai ≤ 9 for i = 0. 11 Recall from Deﬁnition 4. 1457 mod 2 = 7 mod 2 = 1 1457 mod 5 = 7 mod 5 = 2 1457 mod 3 = (1 + 4 + 5 + 7) mod 3 = 17 mod 3 = 8 mod 3 = 2 65 a = an−1 an−2 · · · a1 a0 .

1. the proof of part (d) is similar. Since 10 ≡ 0 (mod 5). This. Note that 10 ≡ 0 (mod 2). we have an−1 10n−1 + · · · + a1 10 + a0 ≡ an−1 1n−1 + · · · + a1 1 + a0 That is. 11 1457 mod 9 = (1 + 4 + 5 + 7) mod 9 = 17 mod 9 = 8 mod 9 =8 1457 mod 11 = 7 − 5 + 4 − 1 mod 11 = 5 mod 11 = 5.66 CHAPTER 16.1 we are done. the proof of part (b) is similar. (mod 11) (mod 11). . 5. a ≡ a0 − a1 + a2 − · · · and by Theorem 15. So by Theorem 15.1 proves part (c). Consider the polynomial f (x) = an−1 xn−1 + · · · + a1 x + a0 . 9. a ≡ an−1 + · · · + a1 + a0 (mod 3). Note that 10 ≡ 1 (mod 3) so applying theorem 15. (mod 2). proves part (a). DIVISIBILITY TESTS FOR 2.1. This using Theorem 15. a ≡ a0 (mod 2). Proof of Theorem 16.3 (4) again.3 (4) an−1 10n−1 + · · · + a1 10 + a0 ≡ an−1 0n−1 + · · · + a1 0 + a0 That is. (mod 3). together with Theorem 15. Now 10 ≡ −1 (mod 11) so an−1 10n−1 + · · · + a1 10 + a0 ≡ an−1 (−1)n−1 + · · · + a1 (−1) + a0 That is. Since 10 ≡ 1 (mod 9). 3.

67 Remark 16. Note that in applying (c). Here’s an example of “casting out 9’s:” 1487 mod 9 = (1 + 4 + 8 + 7) mod 9 = (9 + 4 + 7) mod 9 = (4 + 7) mod 9 = (2 + 9) mod 9 = 2 mod 9 = 2. 65. so from Theorem 16.1. 5. So 1487 mod 9 = 2. 6 or 8 (b) 5 | a ⇔ a0 = 0 or 5 (c) 3 | a ⇔ 3 | a0 + a1 + · · · + an−1 (d) 9 | a ⇔ 9 | a0 + a1 + · · · + an−1 (e) 11 | a ⇔ 11 | a0 − a1 + a2 − a3 + · · · . Note that m | a ⇔ a mod m = 0. Then (a) 2 | a ⇔ a0 = 0.1. 2. Let a = 18726132117057. Find a mod m for m = 2. (d) and (e) we can use the fact that (a + m) mod m = a to “cast out” 3’s (for (c)) and 9’s (for (d)).1 we obtain immediately the following corollary. 4. 3. p. Exercise 16. Corollary 16. Let a be given by (1).1. 9 and 11. . Note that if 0 ≤ r < m then r mod m = r.

9.] Exercise 16. (b) a mod 100 = a1 a0 . 1. Let a = an · · · a1 a0 be the decimal representation of a. 9} ﬁnd a2 mod 10. 9.4. [Hint: b mod 10 is the least signiﬁcant digit of b. Exercise 16. Then prove (a) a mod 10 = a0 . Prove that if b is a positive square. a > 0. 5. 11 Exercise 16. DIVISIBILITY TESTS FOR 2.e. For each digit a0 ∈ {0. (c) a mod 1000 = a2 a1 a0 . 11007. 4. 1120378 . Write a = an−1 · · · a0 . Are any of the following numbers squares? Explain.68 CHAPTER 16. Then a ≡ a0 (mod 10) so a2 ≡ a2 (mod 10). 16.2.4. . 10. 6. 1.3. 19. among other results. i. 5. 2. 25. b = a2 . . 272. 11.. . 3. Use 0 0 Theorem 15. 2983. 24. then the least signiﬁcant digit of b is one of 0. .

Let a = ar ar−1 · · · a1 a0 be the decimal representation of a.1.] Before proving this theorem we illustrate it with two examples.Chapter 17 Divisibility Tests for 7 and 13 Theorem 17. Then (a) 7 | a ⇔ 7 | ar · · · a1 − 2a0 . by Theorem 17. 7 | 2481 ⇔ 7 | 248 − 2 ⇔ 7 | 246 ⇔ 7 | 24 − 12 ⇔ 7 | 12 since 7 12 we have 7 2481. So. we have 13 | 78. 13 | 12987 ⇔ 13 | 1298 − 63 ⇔ 13 | 1235 ⇔ 13 | 123 − 45 ⇔ 13 | 78 since 6 · 13 = 78.1 (b). [Here ar · · · a1 = a−a0 10 = ar 10r−1 + · · · + a2 10 + a1 . (b) 13 | a ⇔ 13 | ar · · · a1 − 9a0 . 69 . 13 | 12987.

1 that −2a mod 7 = c − 2a0 mod 7.1 (a) to determine which of the following are divisible by 7: (a) 6994 (b) 6993 (mod 7). −2) = 1 we have 7 | −2a ⇔ 7 | a.1. (This has a similar proof to that for 17.1. 7 | −2a ⇔ 7 | c − 2a0 . Since gcd(7.. . DIVISIBILITY TESTS FOR 7 AND 13 Proof of 17. show that a mod 7 need not be equal to (ar · · · a1 − 2a0 ) mod 7. In the notation of Theorem 17. Use Theorem 17. Exercise 17. Proof of 17. Hence. Hence 7 | a ⇔ 7 | c − 2a0 . Now 1 ≡ −20 (mod 7) so we have −2a ≡ c − 2a0 It follows from Theorem 15.1 (a). Hence −2a = −20c − 2a0 .2. which is what we wanted to prove.) Exercise 17.1 (b). Let c = ar · · · a1 .1 (a) and is left for the interested reader. So we have a = 10c + a0 .70 CHAPTER 17.

m | as − 1 and so as ≡ 1 (mod m). From the above proof we see that Blankinship’s Method may be used to compute the inverse of a when it exists. Of course. Let a∗ = s mod m. then by Bezout’s Lemma there exist s and t such that as + mt = 1. So if we multiply both sides of this congruence on the left by c and use the fact that ca ≡ 1 (mod m) we obtain c ≡ a∗ (mod m). Let m ≥ 2. that is.5 that c = a∗ . To show uniqueness assume that ac ≡ 1 (mod m) and 0 < c < m. if c ≡ a∗ (mod m) then ac ≡ 1 (mod m) so a∗ is not unique unless we specify that 0 < a∗ < m. Then ac ≡ aa∗ (mod m).1.Chapter 18 More Properties of Congruences Theorem 18. We call a∗ the inverse of a modulo m. It follows from Exercise 15. Note that we do not denote a∗ by a−1 since this might cause some confusion. there exists a unique integer a∗ such that aa∗ ≡ 1 (mod m) and 0 < a∗ < m. Then a∗ ≡ s (mod m) so aa∗ ≡ 1 (mod m) and clearly 0 < a∗ < m. If gcd(a. If a and m are relatively prime. but for small m we may 71 . Proof. Remark 18.1. m) = 1. Hence as − 1 = m(−t).

By Exercise 9. Let m > 0 and assume that gcd(c. Exercise 18.” For example.2. Corollary 18. m) = 1 and gcd(b. c∗ ca ≡ c∗ cb (mod m).2 on page 30. Then (∗) ca ≡ cb (mod m) ⇒ a ≡ b (mod m). Proof. as claimed. Now since c∗ ≡ c∗ (mod m) and ca ≡ cb (mod m) by Theorem 15. If gcd(c.72 CHAPTER 18. 14: 2·0≡1 2·1≡1 2·2≡1 2·3≡1 2·4≡1 2·5≡1 2·6≡1 2·7≡1 2·8≡1 So we can take 2∗ = 8. . ab + m(−t) = 1. there is an integer c∗ such that c∗ c ≡ 1 (mod m). Theorem 18. Let m > 0. So ab − 1 = mt for some t. . p. If ab ≡ 1 (mod m). m) = 1. m) = 1. If ab ≡ 1 (mod m) then both a and b are relatively prime to m. Show that the inverse of 2 modulo 7 is not the inverse of 2 modulo 15. 61. if m = 15 take a = 2. Proof. . 1. (mod (mod (mod (mod (mod (mod (mod (mod (mod 15) 15) 15) 15) 15) 15) 15) 15) 15) since 15 | 16 − 1. a has an inverse modulo m if and only if a and m are relatively prime.1. 2. Theorem 18.1. this implies that gcd(a. then m | ab − 1. m) = 1. Hence. Then we can check each element 0.3 (Cancellation). .3. . MORE PROPERTIES OF CONGRUENCES often ﬁnd a∗ by “trial and error.

m) > 1. Let m > 0 and let d = gcd(c. m) we can write c = d( d ) and m = d( m ). a ≡ b (mod m).4.2. c and m such that c ≡ 0 (mod m).3.5. d > 0. gcd(c. we do have the following more general kinds of “cancellation:” Theorem 18. Theorem 18. and ca ≡ cb (mod m). If c > 0. Now rewriting ca ≡ cb (mod m) we have d d c m c a ≡ d b (mod d ). Then d c gcd( d . By reﬂexivity and transitivity this yields Exercise 18. d . d d d c m c a ≡ b (mod ). by Theorem 18. m) > 0. Since d = gcd(c. d d d Since m > 0. m ) = 1. m > 0 then a ≡ b (mod m) ⇔ ca ≡ cb (mod cm). m). m ) = 1. d c Proof. b. Find speciﬁc positive integers a. Then ca ≡ cb (mod m) ⇒ a ≡ b (mod m ). Although (∗) above is not generally true when gcd(c. Exercise 18. Prove Theorem 18.4 we have c Now since gcd( d .3 d a ≡ b (mod m ). but a ≡ b (mod m). so by Theorem 18.4.73 But c∗ c ≡ 1 (mod m) so c∗ ca ≡ a and (mod m) c∗ cb ≡ b (mod m).

Determine whether or not each of the following is true. Give reasons in each case. Let m > 0.2. . m). a) and e = gcd(m. Immediate from Theorems 18. 7) = 1 (2) gcd(68019. Since a ≡ b (mod m) we have a − b = mt for some t. 12) = 6 (5) 3x ≡ 3y (mod 17) ⇒ x ≡ y (mod 17) (6) 5x ≡ y (mod 6) ⇒ 15x ≡ 3y (mod 18) (7) 12x ≡ 12y (mod 15) ⇒ x ≡ y (mod 5) (8) x ≡ 73 (mod 75) ⇒ x mod 75 = 73 (9) x ≡ 73 (mod 75) and 0 ≤ x < 75 ⇒ x = 73 (10) There is no integer x such that 12x ≡ 7 (mod 33). Proof.6.1. Since e | m and e | b. Exercise 18. a = mt + b Let d = gcd(m. Hence e ≤ d.74 CHAPTER 18. (1) x ≡ 3 (mod 7) ⇒ gcd(x. So d = e.2 and 18. If m > 0 and a ≡ b (mod m) we have gcd(a. 18. Then a has an inverse modulo m if and only if b does. Using (2) we see similarly that d ≤ e. Proof. MORE PROPERTIES OF CONGRUENCES Theorem 18. from (1) e | a so e is a common divisor of m and a. Let a ≡ b (mod m). m) = gcd(b.4.6. Corollary 18. 3) = 3 (3) 12x ≡ 15 (mod 35) ⇒ 4x ≡ 5 (mod 7) (4) x ≡ 6 (mod 12) ⇒ gcd(x. So we can write (1) and (2) b = m(−t) + a. b).

Remark 19. Note that [a] really depends on m and it would be more accurate to write [a]m instead of [a].Chapter 19 Residue Classes Deﬁnition 19. 2m + a. . but this would be too cumbersome. Some people call [a] the congruence class or equivalence class of a modulo m. So (2) follows from the deﬁnition (1). m + a. In other words. Two alternative ways to write (2) are (3) or (4) [a] = {.1. x ∈ [a] ⇔ x ≡ a (mod m) ⇔ m | x − a ⇔ x − a = mq for some q ∈ Z ⇔ x = mq + a for some q ∈ Z. . Proof. −2m + a. . }. 75 [a] = {mq + a | q = 0. . . [a] is the set of all integers that are congruent to a modulo m. } . For m > 0 we have (2) [a] = {mq + a | q ∈ Z}. −m + a. For each integer a we deﬁne (1) [a] = {x : x ≡ a (mod m)}. Nevertheless it should be kept clearly in mind that [a] depends on some understood value of m. Theorem 19. ±1. . Let m > 0 be given. We call [a] the residue class of a modulo m.1.1. a. . ±2. . .

4 that r = a mod m = r. . 59) we have a ≡ r (mod m). . if x ∈ [b]. To do this we prove that every element of [a] is in [b] and vice-versa. [0]. This proves that [a] = [b]. . namely if 0 ≤ r1 < m and 0 ≤ r2 < m and [r1 ] = [r2 ]. Note that since a ≡ a (mod m) we have a ∈ [a]. By Theorem 19. so again by transitivity x ≡ a (mod m) and x ∈ [a]. We must prove that the sets [a] and [b] are equal. Conversely. suppose also [a] = [r ] where 0 ≤ r < m. For every a there is a unique r such that [a] = [r] and 0 ≤ r < m. By symmetry since a ≡ b (mod m). Proof. “⇒” Assume [a] = [b]. Let x ∈ [a]. Show that if m = 2 then [1] is the set of all odd integers and [0] is the set of all even integers. Since a ≡ b (mod m). .3 we must have r1 = r2 . By Theorem 19. [a] = [r]. Since [a] = [b] we have a ∈ [b]. Exercise 19.2 this implies that a ≡ r (mod m). . [m − 1]. Proof. Show also that Z = [0] ∪ [1] ∪ [2] and [0] ∩ [1] = [0] ∩ [2] = [1] ∩ [2] = ∅. So there are no residue classes not in this list.2. Let r = a mod m. .3. namely. [2]. Given m > 0. Show that if m = 3. then by the uniqueness part of Theorem 19.4. These residue classes are distinct by the uniqueness part of Theorem 19.2. Since a ≡ r (mod m) by Theorem 19. Proof. Show also that Z = [0] ∪ [1] and [0] ∩ [1] = ∅. together with 0 ≤ r < m. [1]. then x ≡ b (mod m). Then x ≡ a (mod m). “⇐” Assume a ≡ b (mod m). For a given modulus m > 0 we have: [a] = [b] ⇔ a ≡ b (mod m). . by transitivity x ≡ b (mod m) so x ∈ [b]. To prove that r is unique. [1] is the set of integers whose remainder when divided by 3 is 1.2. and [2] is the set of integers whose remainder when divided by 3 is 2. Given m > 0. . Then by Exercise 15. there are exactly m distinct residue classes modulo m. as desired. [1]. [m − 1]. Theorem 19. implies by Theorem 15.3.76 CHAPTER 19. then [0] is the set of integers divisible by 3. By deﬁniton of a mod m we have 0 ≤ r < m. Theorem 19. This.1 (p. . By deﬁnition of [b] this gives a ≡ b (mod m). b ≡ a (mod m). RESIDUE CLASSES Exercise 19. Theorem 19.1.3 we know that every residue class [a] is equal to one of the residue classes: [0].

Exercise 19.7.3. Any element x ∈ [a] is said to be a representative of the residue class [a]. show that if [a] ∩ [b] = ∅ then [a] = [b]. For any m > 0. Exercise 19. For any m > 0.5. By Exercise 19. .4. For any m > 0.4 if x is a representative of [a] then [x] = [a]. show that if [a] = [b] then [a] ∩ [b] = ∅. Exercise 19. Deﬁnition 19. any element of a residue class may be used to represent it.77 Exercise 19. Exercise 19. show that if x ∈ [a] then [a] = [x].6. that is. Given the modulus m > 0 show that [a] = [a + m] and [a] = [a − m] for all a.2. Show that [0] = [2] = [4] = [32] = [−2] = [−32] and [1] = [3] = [−3] = [31] = [−31]. Let m = 2.

RESIDUE CLASSES .78 CHAPTER 19.

1.4 if we choose a0 ∈ [0]. [a1 ] = [1]. . [1]. . [1]. Deﬁnition 20. a1 ∈ [1]. 79 . . We call Zm the ring of integers modulo m.Chapter 20 Zm and Complete Residue Systems Throughout this section we assume a ﬁxed modulus m > 0. . . . . [am−1 ] = [m − 1]. Zm is the set of all residue classes modulo m. . So we also have Zm = {[a0 ]. . We deﬁne Zm = {[a] | a ∈ Z}. From Theorem 19. [a1 ]. . . Often we drop the ring and just call Zm the integers modulo m. By Exercise 19. . [m − 1]} and since no two of the residue classes [0]. . [m − 1] are equal we see that Zm has exactly m elements. In the next chapter we shall show how to add and multiply residue classes.4 Zm = {[0]. This makes Zm into a ring. [am−1 ]}. am−1 ∈ [m − 1] then [a0 ] = [0]. . . that is. . . . See Appendix A for the deﬁnition of ring. . .

Remark 20. {0. . . for m > 0 {0. .1. From the above discussion it is clear that for each m > 0 there are inﬁnitely many distinct complete residue systems modulo m. [11]}. 8. 2.3. here are some examples of complete residue systems modulo 5: 1. n3 . 76. . . And hence: Z4 = {[8]. 4 + 5n4 } where n1 . −1} 3.4. . Example 20. [am−1 ]}. −9. [5]. n2 . 2. The set {0. {10. . Deﬁnition 20. 1. Example 20. A set of m integers {a0 . 8 ∈ [0].2. [−6]. Let m > 0 be given. 11 ∈ [3]. Theorem 20. . . m − 1} is called the set of least nonnegative residues modulo m. [a1 ]. If m = 4 we have. 1.80 CHAPTER 20. . 1 + 5n2 . . 14} 4. 2 + 5n3 . By Theorem 19. for example.2. . am−1 } is called a complete residue system modulo m if Zm = {[a0 ]. {0. m − 1} is a complete residue system modulo m. 12. a1 . {0 + 5n1 .1. . . . n4 .1. For example. 2. . A complete residue system modulo m is sometimes called a complete set of representatives for Zm . 3 + 5n4 . 4} 2. p. 5 ∈ [1]. 3. −2. 1. 1. . n5 may be any integers. −6 ∈ [2].3. Deﬁnition 20. ZM AND COMPLETE RESIDUE SYSTEMS Example 20.

In this case [k + i] = [−(2k + 1) + k + i] = [−k + i + 1] = [−(k − i + 1)] so [k + 1] = [−k]. [k].3 we have [k + i] = [k + i − 2k] = [−k + i] = [−(k − i)]. . . 1. [k + k − 1]}. k. (2) If m = 2k + 1. in each case ﬁnd a third complete residue system diﬀerent from these two. . Since if m = 2k Zm = {[0]. . as desired. [1]. −(k − 1). . . .1. . . [k + 1]. . . . . If one chooses in each residue class [a] the smallest nonnegative integer one obtains the least nonnegative residue system. . Also. The complete residue system modulo m given in Theorem 20. Exercise 20. .1 is called the least absolute residue system modulo m. [k + 2] = [−(k − 1)]. Deﬁnition 20. . [k + 2] = [−(k − 2)]. . 1. −2. Find both the least nonnegative residue system and the least absolute residues for each of the moduli given below. . . . m = 7. . m = 6. m = 3. m = 5. . −1} is a complete residue system modulo m. If one chooses in each residue class [a] an element of smallest possible absolute value one obtains the least absolute residue system.2. m = 4. m = 8. .4. [k + i]. −1} is a complete residue system modulo m. [k + k − 1] = [−1]. . it suﬃces to note that by Exercise 19. [2k] = [−1]. . −k. then {0. . . . 2. . then {0. Proof of (2). 2.81 (1) If m = 2k. −2. So [k + 1] = [−(k − 1)]. . Proof of (1). k. Remark 20. k − 1. . as desired. . .

ZM AND COMPLETE RESIDUE SYSTEMS .82 CHAPTER 20.

[b] ∈ Zm we deﬁne [a] + [b] = [a + b] and [a][b] = [ab]. With respect to these binary operations Zm is a ring as deﬁned in Appendix A.Chapter 21 Addition and Multiplication in Zm In this chapter we show how to deﬁne addition and multiplication of residue classes modulo m. Deﬁnition 21. Note that since 5 ≡ 0 (mod 5) and 6 ≡ 1 (mod 5) we have [5] = [0] and [6] = [1] so we can also write [2] + [3] = [0] [2][3] = [1]. and [2][3] = [6].1. For [a]. Example 21. For m = 5 we have [2] + [3] = [5]. 83 .1.

1.1 do not depend on the representatives chosen.1. Theorem 21. as desired.3 (p. we may at any time replace [a] by [a ] if a ≡ a (mod m). When performing addition and multiplication in Zm using the rules in Deﬁnition 21. so [150][149] = [−1][−2] = [2] and [150] + [149] = [−1] + [−2] = [−3] = [148] since 148 ≡ −3 (mod 151).) Exercise 21. when m = 5 we know that [7] = [2] and [11] = [21] so we should have [7] + [11] = [2] + [21] and [7][11] = [2][21]. Example 21. ADDITION AND MULTIPLICATION IN ZM Since a residue class can have many representatives. Then 150 ≡ −1 (mod 151) and 149 ≡ −2 (mod 151). as desired. Take m = 151.1. 76). Also [7][11] = [77] and [2][21] = [42]. This will sometimes make calculations easier. 61) and Theorem 19.2 (p.2. it is important to check that the rules given in Deﬁnition 21. For any modulus m > 0 if [a] = [b] and [c] = [d] then [a] + [c] = [b] + [d] and [a][c] = [b][d].1.84 CHAPTER 21. Hence [18] = [23]. (This follows immediately from Theorem 15. Now 23 ≡ 18 (mod 5) since 5 | 23 − 18. For example. . Then 77 − 42 = 35 and 5 | 35 so 77 ≡ 42 (mod 5) and hence [77] = [42]. Proof. due to Theorem 21.1. Prove Theorem 21. In this case we can check that [7] + [11] = [18] and [2] + [21] = [23].

[a] + [b] = [(a + b) mod m] [a][b] = [(ab) mod m] So if a and b are in the set {0. 1.85 When working with Zm it is often useful to write all residue classes in the least nonnegative residue system. 59) we have for all a and m > 0 a ≡ a mod m (mod m). . . For clarity we will use diﬀerent notation. 1. . b ∈ Jm deﬁne a ⊕ b = (a + b) mod m a b = (ab) mod m. as we do in constructing the following addition and multiplication tables for Z4 .1 (p. these equations give us a way to obtain representations of the sum and product of [a] and [b] in the same set. So using residue classes modulo m this gives [a] = [a mod m].2. + [0] [1] [2] [3] · [0] [1] [2] [3] [0] [0] [1] [2] [3] [0] [0] [0] [0] [0] [1] [1] [2] [3] [0] [1] [0] [1] [2] [3] [2] [2] [3] [0] [1] [2] [0] [2] [0] [2] [3] [3] [0] [1] [2] [3] [0] [3] [2] [1] Recall that by Exercise 15. This leads to an alternative way to deﬁne Zm and addition and multiplication in Zm . . Hence. m − 1}. 2. . . Deﬁnition 21. . m − 1} and for a. . For m > 0 deﬁne Jm = {0. .

”] The addition and multiplication tables for J4 are: ⊕ 0 1 2 3 0 1 2 3 0 0 1 2 3 0 0 0 0 0 1 1 2 3 0 1 0 1 2 3 2 2 3 0 1 2 0 2 0 2 3 3 0 1 2 3 0 3 2 1 Exercise 21. Now we know [x] ∈ {[0]. Prove that for every modulus m > 0 we have for all a. Let’s solve the congruence (1) (2) which is equivalent to (3) which is equivalent to (4) [2][x] = [1]. . Construct addition and multiplication tables for J5 .4. Example 21. b ∈ Jm [a] + [b] = [a ⊕ b].2. [Students taking Elementary Abstract Algebra will learn a rigorous deﬁnition of the term isomorphic. [1]. ADDITION AND MULTIPLICATION IN ZM Remark 21.3. [272][x] = [901] 272x ≡ 901 (mod 9).1.3. [8]} so by trial and error we see that x = 5 is a solution. tell how to obtain addition and multiplication tables for Z5 from the work in Exercise 21.1. Exercise 21. . . [272x] = [901] Using residue classes modulo 9 we see that (1) is equivalent to . Jm with ⊕ and as deﬁned is isomorphic to Zm with addition and multiplication given by Deﬁnition 21. Exercise 21. and [a][b] = [a b]. we take “isomorphic” to mean “has the same form.3. For now. Without doing it. .86 CHAPTER 21.

To prove the converse. Theorem 22. A residue class [a] ∈ Zm is called a unit if there is another residue class [b] ∈ Zm such that [a][b] = [1]. m) = 1. Proof. Hence. then Um = {[i] | 1 ≤ i ≤ m and gcd(i. a ≡ b (mod m)) then gcd(a. m) = 1. Theorem 22. Let [a] be a unit. Then there is some [b] such that [a][b] = [1].e. 72.1. there is an integer a∗ such that aa∗ ≡ 1 (mod m).1. So by Theorem 18. m) = 1.2. page 71. Let m > 0. p. Let m > 0.2. In this case [a] and [b] are said to be inverses of each other in Zm . So [a][a∗ ] = [aa∗ ] = [1]. Let m > 0.1. gcd(a. The set of all units in Zm is denoted by Um and is called the group of units of Zm . So in checking whether or not a residue class is a unit we can use any representative of the class. m) = 1}. Then by Theorem 18. Note that from Theorem 18. Deﬁnition 22. A residue class [a] ∈ Zm is a unit if and only if gcd(a. 87 . Hence [ab] = [1] so ab ≡ 1 (mod m). Hint: [m − 1] = [−1]. m) = 1 ⇔ gcd(b.2. m) = 1. [aa∗ ] = [1]. let gcd(a. Exercise 22.1.6 we see that if [a] = [b] (i.Chapter 22 The Groups Um Deﬁnition 22. Show that [1] and [m − 1] are always units in Zm . See Appendix A for the deﬁnition of a group. and we can take b = a∗ ..

Prove Theorem 22. If m ≥ 2. [c] in Um we have ([a][b])[c] = [a]([b][c]). (5) For all [a]. [b] ∈ Um then [a][b] ∈ Um . Exercise 22. Using Theorem 22. [13]. THE GROUPS UM Proof. Exercise 22.2. U1 = {[1]} and the theorem holds. [7]. [−2]. (Um is a group 1 under multiplication. then gcd(i.1 and the above remarks. [4]. [1] is a unit.88 CHAPTER 22. [−4]. (2) For all [a]. We know that if [a] ∈ Zm then [a] = [i] where 0 ≤ i ≤ m − 1.3. [11]. So the theorem follows from Theorem 22. [7]. Theorem 22. Rather than write out the entire multiplication table. since gcd(0. [b] ∈ Um we have [a][b] = [b][a]. [2]. [−1]}. we just ﬁnd the inverse of each element of U15 : [1][1] = [1] [2][−7] = [2][8] = [1] [4][4] = [1] [7][−2] = [7][13] = [1] [−4][−4] = [11][11] = [1] [−1][−1] = [14][14] = [1]. Example 22. [b]. (4) For each [a] ∈ Um there is a [b] ∈ Um such that [a][b] = [1]. [14]} = {[1]. Property (5) says that Un is an Abelian group. 1 . m) = 1 can only happen if 1 ≤ i ≤ m − 1.3.) (1) If [a]. [2]. Actually (1)–(4) are all that is required for Un to be a group. [−7]. Note that using absolute least residue modulo 15 simpliﬁes multiplication somewhat. m) = m = 1.3. [4]. See Appendix A.2 we see that U15 = {[1]. [8]. If m = 1 then Zm = Z1 = {[0]} = {[1]} and since [1][1] = [1]. (3) [1][a] = [a][1] = [a] for all [a] ∈ Um . as in the example above.1. Find the elements of U7 in both least nonnegative and absolute least residue form and ﬁnd the inverse of each element. m) = gcd(m.

pk be distinct primes and let n1 . n2 . m) = 1}|. However. [3]. .5. 1 2 1 k k . If p is prime and n > 0 then φ (pn ) = pn − pn−1 .3.89 Deﬁnition 22. [3]} so φ(4) = 2 = {[1]. . b) = 1.4. [3]. . . |{0. . Let p1 .2. 3. If m > 0. [2]. [2].1. Example 22. 9}| = 4. [5]} so φ(6) = 2 = {[1]. The function φ is called the Euler phi function or the Euler totient function. Theorem 22. |{1}| = 1. Corollary 22. [2]} so φ(3) = 2 = {[1]. . |Um | = φ(m). Theorem 22. If a > 0 and b > 0 and gcd(a. [5]. the following theorems show that once the prime factorization of m is given.6. Generally φ(m) is not easy to calculate. then φ(ab) = φ(a)φ(b). . p2 . [4]. . [6]} so φ(7) = 6.4. then n n φ (pn1 pn2 · · · pnk ) = pn1 − p1 1 −1 · · · pnk − pk k −1 . φ(m) = |{i ∈ Z | 1 ≤ i ≤ m and gcd(i. 1. If X is a set. |Zm | = m if m > 0. If m ≥ 1. [4]} so φ(5) = 4 = {[1]. Deﬁnition 22. computing φ(m) is easy. nk be positive integers. Note that U1 U2 U3 U4 U5 U6 U7 = {[1]} so φ(1) = 1 = {[1]} so φ(2) = 1 = {[1]. Theorem 22. the number of elements in X is denoted by |X|.

5. Show that if m = pn 1 pn 2 · · · pn k 1 2 k where p1 . . . Note that if p is any prime then φ(p) = p − 1. let’s illustrate their use: φ(12) = φ 22 · 3 = 22 − 21 31 − 30 = 2 · 2 = 4 32 − 31 φ(9000) = φ 23 · 53 · 32 = 23 − 22 53 − 52 = 4 · 100 · 6 = 2400. We want to count the number of elements in the set A = {1. . Hence b = pk. Exercise 22. and p ≤ b ≤ pn .4 in Exercise 22. .1 (2) on page 50.6 to calculate φ(m) and check that you have the right number of elements for each set Um .4 and 22. φ (pn ) = pn − pn−1 . . Now I give the proof of Theorem 22.6 below. . this number is pn − pn−1 . I will sketch a proof of Theorem 22. That is. The proof of Theorem 22. pn ) = d > 1. so p ≤ kp ≤ pn . We are interested in the number of elements of A not in B.5. It follows that 1 ≤ k ≤ pn−1 .90 CHAPTER 22.5. Note that if b ∈ B and gcd (b. . . The proof is by induction on n and is quite similar to the proof of Theorem 13. for some k. . . Find the sets Um . Note that |Um | = φ(m). Since |A| = pn and |B| = pn−1 . pn−1 p . then φ(m) = m 1 − 1 p1 1− 1 p2 ··· 1− 1 pk . then d is a factor of pn and d > 1 so d has p as a factor. so I omit the details. . Exercise 22. . Use Theorem 22.6 follows from Theorems 22. 8 ≤ m ≤ 20. Proof of Theorem 22. . kp. 3p. That is. pk are distinct primes and each ni ≥ 1. . 2p. pn } that are relatively prime to pn . 2. .4. B = p. . Let B be the set of elements of A that have a factor > 1 in common with A.5. . for 8 ≤ m ≤ 20. THE GROUPS UM Before discussing the proofs of these three theorems.

91 Exercise 22.6. Let a and b be relatively prime positive integers. Write n = ab. Deﬁne the mapping f by the rule f ([x]n ) = ([x]a , [x]b ). Here we denote the residue class of x modulo m by [x]m . First illustrate each of the following for the special case a = 3 and b = 5. Then prove each in general. (The proof is diﬃcult and is optional.) 1. f : Zn → Za × Zb is one-to-one and onto. (This is called the Chinese Remainder Theorem.) 2. f : Un → Ua × Ub is also a one-to-one, onto mapping. 3. Conclude from (2) that φ(ab) = φ(a)φ(b).

92

CHAPTER 22. THE GROUPS UM

**Chapter 23 Two Theorems of Euler and Fermat
**

Fermat’s Big Theorem or, as it is also called, Fermat’s Last Theorem states that xn + y n = z n has no solutions in positive integers x, y, z when n > 2. This was proved by Andrew Wiles in 1995 over 350 years after it was ﬁrst mentioned by Fermat. The theorem that concerns us in this chapter is Fermat’s Little Theorem. This theorem is much easier to prove, but has more far reaching consequences for applications to cryptography and secure transmission of data on the Internet. The ﬁrst theorem below is a generalization of Fermat’s Little Theorem due to Euler. Theorem 23.1 (Euler’s Theorem). If m > 0 and a is relatively prime to m then aφ(m) ≡ 1 (mod m).

Theorem 23.2 (Fermat’s Little Theorem). If p is prime and a is relatively prime to p then ap−1 ≡ 1 (mod p). Let’s look at some examples. Take m = 12 then φ(m) = φ 22 · 3 = 22 − 2 (3 − 1) = 4. 93

Then [a]k+1 = [a]k [a] = ak [a] by the induction hypothesis = ak a = a k+1 by Deﬁnition 21. (Powers of residue classes. Verify that Theorem 23. Deﬁnition 23. We prove that [a]n = [an ] ∈ Um for n ≥ 1 by induction on n.3. So by the PMI. Exercise 23. Theorem 23. p. If [a] ∈ Um . TWO THEOREMS OF EULER AND FERMAT The positive integers a < m with gcd(a.1. [a]n = [a][a] · · · [a] where there are n copies of [a] on the right. So we have veriﬁed Theorem 23.1 for the single case m = 12. then [a]n ∈ Um for n ≥ 1 and [a]n = [an ]. the theorem holds for n ≥ 1.1. 11 ≡ −1 (mod 12) and again since 4 is even we have 114 ≡ (−1)4 and (mod 12) 2 114 ≡ 1 (mod 12). 7 and 11.94 CHAPTER 23.2 holds if p = 5 by direct calculation as in the above example. Proof. m) = 1 are 1. Now 7 ≡ −5 (mod 12) and since 4 is even 74 ≡ 54 (mod 12) ∴ 74 ≡ 1 (mod 12). [a]1 = [a] = [a1 ] and by assumption [a] ∈ Um . Suppose [a]k = ak ∈ Um for some k ≥ 1. 83 since ak a = ak+1 .) If [a] ∈ Um deﬁne [a]1 = [a] and for n > 1. 5.1. . 14 ≡ 1 (mod 12) is clear 52 ≡ 1 (mod 12) since 12 | 25 − 1 ∴ 52 ≡ 12 (mod 12) ∴ 54 ≡ 1 (mod 12). If n = 1.

Exercise 23. 71.95 Note that for ﬁxed m > 0 if gcd(a. Show that if X ∈ Um then XX1 XX2 · · · XXφ(m) = X1 X2 · · · Xφ(m) .4. gcd(a. It follows that Euler’s Theorem (Theorem 23. p.3. Exercise 23. Let m > 0. (See Theorem 18. Here we write Xi for a residue class in Um to simplify notation. m) = 1. Hint: Consider two cases: I.) .4 is an easy consequence of Lagrange’s Theorem.2 (Optional).4 is true.5. Let Um = {X1 . 2.3 we have an ≡ 1 (mod m) ⇐⇒ [an ] = [1] ⇐⇒ [a]n = [1]. 4. Show that aφ(m)−1 is an inverse for a modulo m.4 is outlined in the following exercise.1) is equivalent to the following theorem. If m > 0 and [a] ∈ Um then [a]φ(m) = [1]. which students who take (or have taken) a course in abstract algebra will learn about (or will already know). Show that if p is prime then ap ≡ a (mod p) for all integers a. Let A = X1 X2 · · · Xφ(m) . And using Theorem 23. Show that if X ∈ Um then {XX1 . XX2. 1. . Show that Fermat’s Little Theorem follows from Euler’s Theorem. Let gcd(a. Xφ(m) }. 3. . A proof of Theorem 23. p) > 1. . Conclude from (3) that X φ(m) = [1] and hence Theorem 23. Note that in the second case p | a. p) = 1 and II. Show that if X ∈ Um then X φ(m) A = A. Also Theorem 23. · · · . Exercise 23. XXφ(m) } = Um .1. Exercise 23. gcd(a.4. . m) = 1 then [a] ∈ Um . X2 . Theorem 23.

Note that 1234 ≡ −1+2−3+4 (mod 11). Suppose we want to calculate 12347865435 mod 11.96 CHAPTER 23.5. 12347865435 ≡ 10 (mod 11). of course.7. and 25 = 32 ≡ 10 (mod 11). 6} ﬁnd the inverse a∗ of a modulo 7 by use of Exercise 23.1. 4. Since gcd(2. 2. Recall that if an ≡ r (mod p) where 0 ≤ r < p. [Here you cannot use the mod 11 trick. Choose a∗ in each case so that 1 ≤ a∗ ≤ 6. It follows that 12347865435 mod 11 = 10.] . (2) Replace n by n mod (p − 1). Use the technique in the above example to calculate 281202 mod 13. 5. 11) = 1 we have 210 ≡ 1 (mod 11). that is. Note that Fermat’s Little Theorem can be used to simplify the computation of an mod p where p is prime. 1234 ≡ 2 (mod 11). 3. For all a ∈ {1. Hence. Now 7865435 = (786543) · 10 + 5 so 27865435 ≡ 2(786543)·10+5 10 786543 (mod 11) ≡ 2 · 25 (mod 11) ≡ 1786543 · 25 (mod 11) ≡ 25 (mod 11). Example 23. Exercise 23. TWO THEOREMS OF EULER AND FERMAT Exercise 23. then an mod p = r.6. We can do two things to simplify the computation: (1) Replace a by a mod p.

This is a lot of work. this says that for 1 ≤ a ≤ m − 1. then ap−1 ≡ 1 (mod p). 3. m) = 1. .1. Then gcd(a. By Theorem 18. 1 < b < m. the answer is no. . Must m be prime? Unfortunately. Use Maple (or do it via hand and or calculator) to verify that 2340 ≡ 1 (mod 341) and that 341 is not prime. gcd(a.1. The converse is also true in the following sense: Theorem 24. 97 . If m ≥ 2 and for all a such that 1 ≤ a ≤ m − 1 we have am−1 ≡ 1 (mod m) then m must be prime. Proof. Suppose we just know that 2m−1 ≡ 1 (mod m) for some m > 2. Exercise 24.Chapter 24 Probabilistic Primality Tests According to Fermat’s Little Theorem. m) = a > 1. a contradiction.2. am−2 is an inverse for a modulo m. So m must be prime. if p is prime and 1 ≤ a ≤ p − 1. p − 1. then we would have m = ab with 1 < a < m. 2. . . Using the above theorem to check that p is prime we would have to check that ap−1 ≡ 1 (mod p) for a = 1.The smallest composite m satisfying 2m−1 ≡ 1 (mod m) is m = 341. then for all a with 1 ≤ a ≤ m − 1. we know that a has an inverse modulo m. If the hypothesis holds. But if m were not prime. namely.

then it is highly likely (but not a certainty) that m is prime.999967292. end proc: . if you ﬁnd that 2m−1 ≡ 1 (mod m). (mod 63) This tells us that 63 is not prime. On the other hand. There are only 14. PROBABILISTIC PRIMALITY TESTS The moral is that even if 2m−1 ≡ 1 (mod m). 511 ≈ . 511 + 14. the number m need not be prime.052. all of which satisfy 2p−1 ≡ 1 (mod p).884 composite numbers 2 < m ≤ 1010 that satisfy 2m−1 ≡ 1 (mod m). end if.n-1) mod n <> 1 then return "not prime". Then multiplying both sides by 22 we get 262 ≡ 4 (mod 63) since 4≡1 we have 262 ≡ 1 (mod 63). Raising both sides to the 10th power we have 260 ≡ 1 (mod 63). else return "probably prime".511 odd primes p ≤ 1010 . Hence. Note that 26 = 64 ≡ 1 (mod 63). 26 ≡ 1 (mod 63). the probability m is prime is 455. without factoring 63. Thus the following Maple procedure will almost always give the correct answer: > is_prob_prime:=proc(n) if n <=1 or Power(2. 052. FACT.98 CHAPTER 24. 455. consider the case of m = 63. There are 455. We emphasize that in general if 2m−1 ≡ 1 (mod m) then we can be sure that m is not prime. at least when m ≤ 1010 . Thus. if 2 < m ≤ 1010 and m satisﬁes 2m−1 ≡ 1 (mod m). 052. 884 In other words.

99 Note that the Maple command Power(a,n-1) mod n is an eﬃcient way to compute an−1 mod n. We discuss this in more detail later. The procedure is_prob_prime(n) just deﬁned returns “probably prime” if 2n−1 mod n = 1 and “not prime” if n ≤ 1 or if 2n−1 mod n = 1. If the answer is “not prime”, then we know deﬁnitely that n is not prime. If the answer is “probably prime”, we know that there is a very small probability that n is not prime. In practice, there are better probabilistic primality tests than that mentioned above. For more details see, for example, “Elementary Number Theory,” Fourth Edition, by Kenneth Rosen. The built-in Maple procedure isprime is a very sophisticated probabilistic primality test. The command isprime(n) returns false if n is not prime and returns true if n is probably prime. So far no one has found an integer n for which isprime(n) gives the wrong answer. One might ask what happens if we use 3 instead of 2 in the above probabilistic primality test. Or, better yet, what if we evaluate am−1 mod m for several diﬀerent values of a. Consider the following data: The number of primes ≤ 106 is 78,498. The number of composite numbers m ≤ 106 such that 2m−1 ≡ 1 (mod m) is 245. The number of composite numbers m ≤ 106 such that 2m−1 ≡ 1 (mod m) and 3m−1 ≡ 1 (mod m) is 66. The number of composite numbers m ≤ 106 such that am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 13, 17, 19, 31, 37, 41} is 0. Thus, we have the following result: If m ≤ 106 and am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 17, 19, 31, 37, 41}, then m is prime. The above results for m ≤ 106 were found using Maple. If m > 106 and am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 17, 19, 31, 37, 41}, it is highly likely, but not certain, that m is prime. Actually the primality test isprime that is built into Maple uses a somewhat diﬀerent idea. Exercise 24.2. Use Maple to show that

100

CHAPTER 24. PROBABILISTIC PRIMALITY TESTS

(1) 390 ≡ 1 (mod 91), but 91 is not prime. (2) 2m−1 ≡ 1 (mod m) and 3m−1 ≡ 1 (mod m) for m = 1105, but 1105 is not prime. [Hints. Note that an ≡ 1 (mod m) ⇔ an mod m = 1. In Maple, 390 is written 3^90 and 390 mod 91 is written 3^90 mod 91. A faster way to compute an mod m in Maple is to use the command Power(a,n) mod m . Recall that ifactor(m) is the command to factor m.]

**Chapter 25 The Base b Representation of n
**

Deﬁnition 25.1. Let b ≥ 2 and n > 0. We write (1) n = [ak , ak−1 , . . . , a1 , a0 ]b

if and only if for some k ≥ 0 n = ak bk + ak−1 bk−1 + · · · + a1 b + a0 where ai ∈ {0, 1, . . . , b − 1} for i = 0, 1, . . . , k. [ak , ak−1 , . . . , a1 , a0 ] is called a base b representation of n. Remark 25.1. Base b is called binary ternary octal decimal hexadecimal if if if if if b = 2, b = 3, b = 8, b = 10, b = 16.

If b is understood, especially if b = 10, we write ak ak−1 · · · a1 a0 in place of [ak , ak−1 , . . . , a1 , a0 ]10 . In the case of b = 16, which is used frequently in computer science, the “digits” 10, 11, 12, 13, 14 and 15 are replaced by A, B, C, D, E and F , respectively. For a ﬁxed base b ≥ 2, the numbers ai ∈ {0, 1, 2, . . . , b − 1} in equation (1) are called the digits of the base b representation of n. In the binary case ai ∈ {0, 1} and the ai ’s are called bits (bi nary digits). 101

. 1]7 since 267 = 5 · 72 + 3 · 7 + 1. 7. 1. To see this.1. B. 0. 0 ≤ rk+1 < b. Theorem 25. . . 0 ≤ r1 < b q1 = bq2 + r2 . Proof. then every n > 0 has a unique base b representation of the form n = [ak . (5) 107056791 = [107. 0. 3. . 1. a0 ]b with ak > 0. . THE BASE B REPRESENTATION OF N Here are a few examples: (1) 267 = [5. . note that n = bq0 + r0 . . Since this cannot go on forever we eventually obtain q = 0 for some . (2) 147 = [1. 9]10 since 4879 = 4 · 103 + 8 · 102 + 7 · 10 + 9. Then we have q −1 = b · 0 + r . . 0. 8. r −1 . r0 ] if is the smallest integer such that q = 0. 0. 1]2 since 147 = 1 · 27 + 0 · 26 + 0 · 25 + 1 · 24 + 0 · 23 + 0 · 22 + 1 · 2 + 1. I claim that n = [r . a1 . (4) 10705679 = [A. 5. 0 ≤ rk < b qk = bqk+1 + rk+1 . It is easy to see that if qk > 0: n > q0 > q1 > · · · > qk . . 791]1000 since 107056791 = 107 · 10002 + 56 · 1000 + 791. 56. 3.102 CHAPTER 25. Apply repeatedly the Division Algorithm as follows: n = bq0 + r0 . qk−1 = bqk + rk . If b ≥ 2. F ]16 since 10705679 = 10 · 165 + 3 · 164 + 5 · 163 + 11 · 162 + 0 · 16 + 15. . 0. 0 ≤ r2 < b . 0 ≤ r0 < b q0 = bq1 + r1 . (3) 4879 = [4.

749.103 and q0 = bq1 + r1 . . r1 . . Continuing in this way we ﬁnd that n = b +1 q + b r + · · · + br1 + r0 . Example 25. By the Division Algorithm it follows that r0 is uniquely determined by n. 6]7. . since q = 0 we have (∗) which shows that n = [r . . . Continuing in this way we see that all the digits r . A similar argument shows that r1 is uniquely determined. Hence n = b (bq1 + r1 ) + r0 n = b2 q1 + br1 + r0 . 0 ≤ r0 < b. To see that this representation is unique. 4. . .1. n = b r + · · · + br1 + r0 . 1749 = 249 · 7 + 6 249 = 35 · 7 + 4 35 = 5 · 7 + 0 5=0·7+5 Hence 1749 = [5. r −1 . r0 are uniquely determined. 0. r0 ]b . as is the quotient q = b −1 r + · · · + r1 . . . (1) We ﬁnd the base 7 representation of 1. note that from (∗) we have n = b b −1 r + · · · + r1 + r0 . And.

0. 1. THE BASE B REPRESENTATION OF N (2) We ﬁnd the base 12 representation of 19. 151 = 1595 · 12 + 11 1.] . 1. Exercise 25. 1]2 7 = [1. 1. 11]12. 0. 0. 1]2 63 = [1. 0. 1. 0. 1. 1. 1203 = 120 · 10 + 3 120 = 12 · 10 + 0 12 = 1 · 10 + 2 1 = 0 · 10 + 1 ∴ 1203 = [1. 0. 0. (4) Find the base 2 (binary) representation of 137. 19. 1.1. 3]10.5 on page 6. Generalize the following observations 3 = [1. 1.104 CHAPTER 25. 595 = 132 · 12 + 11 132 = 11 · 12 + 0 11 = 0 · 12 + 11 ∴ 19. 1. 1]2 Prove your generalization. [HINT: See Exercise 2. 1]2 31 = [1. 1]2 15 = [1. 11.151. 2. (3) Find the base 10 representation of 1. 1. 1.203. 1]2. 151 = [11. 137 = 2 · 68 + 1 68 = 2 · 34 + 0 34 = 2 · 17 + 0 17 = 2 · 8 + 1 8= 2·4+0 4= 2·2+0 2= 2·1+0 1= 2·0+1 ∴ 137 = [1.

2. . and 28 = 256. 24 = 16.2 to an arbitrary base b ≥ 2. To ﬁnd the binary representation of a small number. 2. 26 = 64. the following method is often easier than the above method: Given n > 0 let 2n1 be the largest power of 2 satisfying 2n1 ≤ n. 1 − 20 = 0. 0. 22 = 4. eventually we get 0 = n − (2n1 + 2n2 + · · · + 2nk ) .2. Example 25. 2. Remark 25.5 on page 6.105 Exercise 25. Generalize the following observation: 8 = [2. Note that 21 = 2. 9 − 23 = 1. Generalize Exercises 25. 1]2. 0. and this gives the binary representation of n. 0. 2]3 80 = [2. 0. So 137 = [1. 2. 2. Note that at this point we have 0 ≤ n − (2n1 + 2n2 + 2n3 ) < n − (2n1 + 2n2 ) < n − 2n1 < n. So we have 137 = 27 + 9 = 27 + 23 + 1.] Exercise 25. Take n = 137. ∴ 137 = 27 + 026 + 025 + 024 + 23 + 022 + 0 · 2 + 1.1 and 25. 2]3 Prove your generalization. [HINT: See Exercise 2. 2]3 26 = [2. Using the above method we compute: 137 − 27 = 137 − 128 = 9. Then n = 2n1 + 2n2 + · · · + 2nk . 25 = 32. 2. 2]3 242 = [2.2. Let 2n2 be the largest power of 2 satisfying 2n2 ≤ n − 2n1 . Let 2n3 be the largest power of 2 satisfying 2n3 ≤ n − 2n1 − 2n2 . 27 = 128. 1. 2.3. Continuing in this way. 0. 23 = 8.

Make a vertical list of the binary representation of the integers 1 to 16. Exercise 25. Show how to use both methods to ﬁnd the binary representation of 455. .4.106 CHAPTER 25. THE BASE B REPRESENTATION OF N Exercise 25.5.

an = an−1 · a requires n − 1 multiplications to compute an . . . .Chapter 26 Computation of aN mod m Let’s ﬁrst consider the question: What is the smallest number of multiplications required to compute aN where N is any positive integer? Suppose we want to calculate 28 . 107 2 = 4 · 4 = 16 = 16 · 16 = 256 4 2 . One way is to perform the following 7 multiplications: 22 23 24 25 26 27 28 =2·2=4 =2·4=8 = 2 · 8 = 16 = 2 · 16 = 32 = 2 · 32 = 64 = 2 · 64 = 128 = 2 · 128 = 256 But we can do it in only 3 multiplications: 22 = 2 · 2 = 4 24 = 22 28 = 2 In general. a4 = a3 · a. a3 = a2 · a. . using the method: a2 = a · a.

. Step 1. Let n be a positive integer. Note that if n = 2k then k is generally a lot smaller than n − 1. Let x be any real number. . Find the binary representation n = [ar . . This is a method for computing xn . . 1024 = 210 and 10 is quite a bit smaller than 1023. COMPUTATION OF AN MOD M On the other hand if n = 2k then we can compute an by successive squaring with only k multiplications: a2 = a · a a2 = a2 a2 = a2 . . If n is not a power of 2 we can use the following method to compute an . For example. . a0 ]2 for n. ar−1 . k 3 2 2 2 = a2 · a2 2 = a2 · a2 2 2 2 . . The Binary Method for Exponentiation.108 CHAPTER 26. . k−1 a2 = a2 Note that the fact that = a2 k−1 · a2 k−1 2k = 2k−1 2 = 2k−1 + 2k−1 together with the Laws of Exponents: (an )m = anm and an · am = an+m is what makes this method work. .

Compute the product xn = xar 2 · xar−1 2 r r−1 2 3 r · · · xa1 2 · xa0 . Step 3. Computing xn using the binary method requires log2 (n) applications of the Division Algorithm and at most 2 log2 (n) multiplications. . 1]2. 1. Theorem 26. a0 ]2 . For Step 2. x2 by successive squaring as shown above. we note that 32 = 3 · 3 = 9 32 = 9 · 9 = 81 32 = 81 · 81 = 6561 So 315 = 32 · 32 · 32 · 31 . [Note each ai is 0 or 1. Compute the powers x2 .109 Step 2. we have from (∗) that log2 (2r ) ≤ log2 (n) < log2 2r+1 . . Since log2 (2x ) = x and when 0 < a < b we have log2 (a) < log2 (b).1. then n = 2r + · · · + a1 2 + a0 . x2 . For this we need 3 multiplications: 3 · 32 = 3 · 9 = 27 3 · 32 · 32 = 27 · 81 = 2187 3 · 32 · 32 So we have 2 2 3 2 3 2 32 = 2187 · 6561 = 14348907 315 = 14348907. . Let’s compute 315 . Proof. x2 . Let’s not forget that some additional eﬀort was needed to compute the binary representation of 15. which is less than the 14 it would take if we used the naive method. so all needed factors were obtained in Step 2. 1. ar = 1. Hence (∗) 2r ≤ n ≤ 2r + 2r−1 + · · · + 2 + 1 = 2r−1 − 1 < 2r+1 . . but not much. If n = [ar .] Example 26.1. So this takes care of Step 1. . . 3 Note that we have used just 6 multiplications. . Note that 15 = 23 + 22 + 2 + 1 = [1. .

So. So after obtaining the binary representation we need at most 2r = 2 log2 (n) multiplications.1. Note that 6 multiplications are used to compute 315 using the binary method.000. Show that one can compute 315 with fewer than 6 multiplications. . . then it is easy to see that 3 log2 (n) = 57. Hence r = log2 (n) . Approximately how many operations would be required to compute 2n when n = 10100 ? Explain. x2 . COMPUTATION OF AN MOD M r ≤ log2 (n) < r + 1. The Maple command for log2 (x) is log[2](x).69314718) where ln(x) is the natural logarithm of x. for example. . if n = 106 . x2 by successive squaring requires r = log2 (n) multiplications and similarly to compute the product x2 · xar−1 2 r r−1 · · · xa1 2 · xa0 requires r multiplicatons.2.000 with only 57 operations. Exercise 26. the above tells us that we need at most 3 log2 (n) operations to compute xn . [You will have to experiment.110 or CHAPTER 26. . x2 . a0 ]2 .4. . So we may compute x1. To compute the powers x. Use of a calculator to compute log2 (x): To ﬁnd log2 (x) one may use the formula 1 ln(x) log2 (x) = ln(2) or 1 log2 (x) ≈ ln(x) (0. that is. Calculate 3 log2 (n) for n = 2. .] . Exercise 26. Note that if we count an application of the Division Algorithm and a multiplication as the same.3. 000. Use the binary method to compute 225 . 000. Exercise 26. For small values of x it is sometimes faster to use the fact that r = log2 (x) is equivalent to 2r ≤ x < 2r+1 . r is the largest positive integer such that 2r ≤ x. 2 r ar = 1. Note that r is the number of times we need to apply the Division Algorithm to obtain the binary representation n = [ar . Exercise 26. . .

3. we divide by m and take the remainder. 0. 536 ≡ 391 (mod 645) ≡ 391 · 391 = 152. but the multiplications were not so easy. 881 ≡ 16 (mod 645) ≡ 16 · 16 = 256 ≡ 256 (mod 645). We use the binary method for exponentiation with the added trick that after every multiplication we reduce modulo m. that is. 0]2 That is. 2644 ≡ 256 · 391 · 16 (mod 645). 536 ≡ 391 (mod 645) ≡ 391 · 391 = 152. Let’s ﬁnd 2644 mod 645.2. We compute 315 mod 10: 32 = 3 · 3 = 9 ≡ 9 (mod 10) 34 = 9 · 9 = 81 ≡ 1 (mod 10) 38 ≡ 1 · 1 ≡ 1 ≡ 1 (mod 10) ∴ 315 = 38 · 34 · 32 · 31 ≡ 1 · 1 · 9 · 3 = 27 ≡ 7 (mod 10). Example 26. Now by successive squaring and reducing modulo 645 we get 22 24 28 216 232 264 2128 2256 2512 Now hence = 2 · 2 = 4 ≡ 4 (mod 645) ≡ 4 · 4 = 16 ≡ 16 (mod 645) ≡ 16 · 16 = 256 ≡ 256 (mod 645) ≡ 256 · 256 = 65. 0. It is easy to see that 644 = [1. 2644 = 2512 · 2128 · 24 . . 0. 0. 1. 881 ≡ 16 (mod 645) ≡ 16 · 16 = 256 ≡ 256 (mod 645) ≡ 256 · 256 = 65. 1. 644 = 29 + 27 + 22 = 512 + 128 + 4.] Example 26.111 Computing an mod m. 0. 0. This keeps the products from getting too big. Note that 315 ≡ 7 (mod 10) implies that 315 mod 10 = 7. [Recall that on page 109 we calculated that 315 = 14348907 which is clearly congruent to 7 mod 10.

Why can we not use that method to compute 12347865435 mod 12? .3 on page 14. Exercise 26. how many decimal digits would you obtain? [See Exercise 4.7. Calculate 2513 mod 10.5. Exercise 26. COMPUTATION OF AN MOD M 256 · 391 = 100099 ≡ 121 (mod 645) and 121 · 16 = 1936 ≡ 1 (mod 645) so we have 2644 ≡ 1 (mod 645). If you multiplied out 2517 . Note that on page 96 we calculated 12347865435 mod 11 with very few multiplications.112 So CHAPTER 26.] Exercise 26. Exercise 26. Hence 2644 mod 645 = 1.8. Calculate 2517 mod 100.6.

E. Generally this is a large integer.html 1 113 .nec. Let p and q be any two distinct primes and let m = pq. . We show how to implement it in more detail later using Maple. . 1. Then xed ≡ x (mod m) for all x. and D are chosen we ﬁrst prove a lemma: Lemma 27.1. 2. Adelman 1 and was discovered by them in 1977. This is the most important example of a public key cryptographic scheme. Here we give the number-theoretic underpinning of the scheme. The RSA scheme is due to R. We assume that the message we wish to send has been converted to an integer in the set Jm = {0. A. To show how m. Shamir and L.nj. m − 1} where m is some positive integer to be determined. Let e and d be any two positive integers which are inverses of each other modulo φ(m). Rivest. .com/rivest78method. To be able to use D to decipher what E has enciphered we need to have D(E(x)) = x for all x ∈ Jm . We will require two functions: E : Jm → Jm (E for encipher ) and D : Jm → Jm (D for decipher ). . A copy of the paper “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” may be downloaded from http://citeseer.Chapter 27 The RSA Scheme In this chapter we discuss the basis of the so-called RSA scheme.

A similar argument proves that for all x xed ≡ x (mod q). φ(m) = (p − 1)(q − 1). Theorem 27. q) = 1 xed ≡ x (mod m) for all x. we have since gcd(p. . page 63. 2. So in all cases (∗∗) holds. Now we proved (∗∗) when gcd(x. Note k > 0 unless ed = 1 in which case the theorem is obvious. Now by Fermat’s Little Theorem. So by Exercise 15. THE RSA SCHEME Proof. So we have (∗) ed = kφ(m) + 1 = k(p − 1)(q − 1) + 1 for some k > 0. p) = 1 we have xp−1 ≡ 1 (mod p) and raising both sides of the congruence to the power (q − 1)k we obtain: x(p−1)(q−1)k ≡ 1 (mod p) and multiplying both sides by x we have x(p−1)(q−1)k+1 ≡ x (mod p) That is. but if gcd(x. .1.6. Since ed ≡ 1 (mod φ(m)) we have ed − 1 = kφ(m) = k(p − 1)(q − 1) for some k. Let Jm = {0.114 CHAPTER 27. if gcd(x. m − 1} and deﬁne E : Jm → Jm by E(x) = xe mod m and D : Jm → Jm by D(x) = xd mod m. . p) = p it is obvious since then x ≡ 0 (mod p). e and d are as in Lemma 27. Then E and D are inverses of each other if m.1. by (∗) (∗∗) xed ≡ x (mod p). By Theorem 22. . .11. 1. p) = 1.

This completes the proof.usf.math. Also let D (r1 ) = r1 mod m = r2 . Let x ∈ Jm and d let E(x) = xe mod m = r1 . It suﬃces to show that D(E(x)) = x for all x ∈ Jm . Hence xed ≡ r2 (mod m). By Lemma 27.115 Proof. We also know that d r1 ≡ r2 (mod m).1 xed ≡ x (mod m) so we have x ≡ r2 (mod m). Since both x and r2 are in Jm we have by Exercise 15. .5 that x = r2 . More details on the use of the RSA scheme will be given in the Maple worksheets which are available from the course website which may be reached from my home page: http://www. We must show that r2 = x. d Hence xed ≡ r1 (mod m). Since xe mod m = r1 we know that xe ≡ r1 (mod m).edu/~eclark.

THE RSA SCHEME .116 CHAPTER 27.

For more details you may download the free book Elementary Abstract Algebra from my homepage: http://www. look in almost any book whose title contains the words Abstract Algebra or Modern Algebra. A2 a + b = b + a for all a.usf. b.math. c in R. Having had this course should make it a little easier to understand the ideas in abstract algebra and vice versa. ·) where R is a set and + and · are binary operations on R satisfying the following properties: A1 a + (b + c) = (a + b) + c for all a. Look for one with Introductory or Elementary in the title. D1 a · (b + c) = a · b + a · c for all a. for the sake of completeness we state here the deﬁnition of a ring and the deﬁnition of a group.1. If you are interested in learning more you might take the course Elementary Abstract Algebra. A3 There is an element 0 ∈ R satisfying a + 0 = a for all a in R. c in R. A ring is an ordered triple (R. b in R. c in R. Deﬁnition A. +.Appendix A Rings and Groups The material in this appendix is optional reading. 117 . A4 For every a ∈ R there is an element b ∈ R such that a + b = 0.edu/~eclark Alternatively. M1 a · (b · c) = (a · b) · c for all a. b. However. b.

3. Then. (Zn .2. z in G. a binary operation on the set called addition. c in R.1. a set. ·)–the ring of real numbers. ∗) where G is a set and ∗ is a binary operation on G satisfying the following properties 1. 1. 3. 2. ·)–the ring of rational numbers. Example A. +. +. (Z. b. The two binary operations + and · are in each case the ones that you are familiar with. 3. x ∗ (y ∗ z) = (x ∗ y) ∗ z for all x. a binary operation on the set. Thus. For each element x in G there is an element y in G satisfying x ∗ y = e and y ∗ x = e. a set. A group is an ordered pair (G. Deﬁnition A. one must verify that the properties above are satisﬁed. to describe a ring one must specify three things: 1.118 APPENDIX A. +. 4. +. +. y ∈ G. Thus. a binary operation on the set called multiplication. to describe a group one must specify two things: 1. ·)–the ring of all n × n matrices over R. 2. Here are some examples of rings.3. . (Mn (R). A group (G. ·)–the ring of integers. Deﬁnition A. (R. and 2. There is an element e ∈ G satisfying e ∗ x = x and x ∗ e = x for all x in G. 2. y. ·)–the ring of integers modulo n. RINGS AND GROUPS D2 (b + c) · a = b · a + c · a for all a. 5. ∗) is said to be Abelian if x ∗ y = y ∗ x for all x. (Q.

+) is a group with identity 0. This is the group of all n × n matrices over R and + is matrix addition. . . The inverse of x ∈ Q is −x. . . . 4. +) is a group with identity 0. (Q. 0) and the inverse of the vector x = (x1 .119 Then. 1. one must verify that the binary operation is associative. −xn ). The binary operations are in each case the ones that you are familiar with. The inverse of x ∈ R − {0} is x−1 . that there is an identity in the set. .2. (Q − {0}. (Z. 8. 6. (Mn (R). The identity is the zero vector (0. +) is a group with identity 0. and that every element in the set has an inverse. 2. . . . . −x2 . xn ) is the vector −x = (−x1 . (R − {0}. ·) is a group with identity 1. Example A. ·) is a group with identity 1. +) where + is vector addition. (R. ·) is a group with identity [1]. the inverse of 0 is 0. (Rn . 5. . +) is a group with identity 0. 0. 3. Here are some examples of groups. The inverse of x ∈ Zn is n − x if x = 0. (Zn . The inverse of x ∈ Q − {0} is x−1 . . 7. The inverse of [a] ∈ Un was shown to exist in Chapter 22. (Un . . The inverse of x ∈ Z is −x. 9. The inverse of x ∈ R is −x. x2 . +).

120 APPENDIX A. RINGS AND GROUPS .

Rosen. Springer-Verlag. Number Theory (Mathematics Archives.utk. http://archives.html [5] Ronald Graham. Edwin Clark. [11] Eric Weisstein. 2001.math. (Fourth Edition). New York-Heidelberg. Dover Publications.com/topics/NumberTheory.math. Vols I and II. Springer -Verlag. Number Theory and its History. Concrete Mathematics. 1976. Addison-Wesley. Number Theory Links.utm. Addison-Wesley. World of Mathematics –Number Theory Section.Bibliography [1] Tom Apostol.edu/topics/numberTheory. Donald Knuth.html [4] Earl Fife and Larry Husch. and Oren Patashnik.html 121 . http://www.edu/research/primes/ [3] W. Introduction to Analytic Number Theory. Addison-Wesley.edu/~eclark/numtheory_links. The Primes Pages. http://mathworld. [9] Carl Pomerance and Richard Crandall. 1988. 1997. http://www. Elementary Number Theory. [7] The Math Forum.wolfram. [6] Donald Knuth The Art of Computer Programming.usf. 2000.org/library/topics/number_theory/ [8] Oystein Ore. Prime Numbers – A Computational Perspective. Number Theory Sites http://mathforum. [10] Kenneth A. [2] Chris Caldwell. 1994.

- predicate logic
- Elementary Number Theory and Its Applications
- Predicate Logic
- Elementary Number Theory
- More on Gaussians
- 233 Fall14 Practice Final
- DSC Week03 Solutions
- Proving Method
- A Cops Solutions
- 10_Goodstein_case_against_1000
- 1509.05363v2
- Student Study Guide
- 1.Relations and Functions Assignment Solutions
- Intro and Summary Inequalities
- Pure Maths 2013 Specimen Paper Unit 1 Paper 2
- Math 53 LE 3 Reviewer problems
- 4400 Quad Rings
- Gödels Proof Summary
- Gabor Sagi and Saharon Shelah- On topological properties of ultraproducts of finite sets
- math121
- Analysis
- C Language
- Algebra Textbook
- Chapter 1 (John H. Mathews).pdf
- Ultimate SAT Math Study Guide
- Solving cubic equations
- NCERT Mathematics
- Daftar Simbol Matematika
- P. Komjath and S. Shelah- On uniformly antisymmetric functions
- 2PU Maths QP Model 2013

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

We've moved you to where you read on your other device.

Get the full title to continue

Get the full title to continue listening from where you left off, or restart the preview.

scribd