# Elementary Number Theory andlts

Applications
KennethH. Rosen
AT&T Informotion Laboratories Systems (formerly part of Bell Laborotories)

A YY

Read ing, Massachusetts Menlo Park, California London Amsterdam Don Mills, Ontario Sydney

Cover: The iteration of the transformation

T(n) :

if n is even \ n/2 if n is odd l Qn + l)/2

is depicted. The Collatz conjecture asserts that with any starting point, the iteration of ?"eventuallyreachesthe integer o n e . ( S e eP r o b l e m 3 3 o f S e c t i o n l . 2 o f t h e t e x t . )

Library of Congress Cataloging in Publication Data Rosen, Kenneth H. Elementary number theory and its applications. Bibliography: p. Includes index. l. Numbers, Theory of.

I. Title.

QA24l.R67 1984 rsBN 0-201-06561-4

512',.72

8 3 - l1 8 0 4

Reprinted with corrections, June | 986 Copyright O 1984 by Bell Telephone Laboratories and Kenneth H. Rosen. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,photocopying, recording, or otherwise, without prior written permission of the publisher. printed in the United States of America. Published simultaneously in Canada. DEFGHIJ_MA_8987

Preface

Number theory has long been a favorite subject for students and teachersof mathematics. It is a classical subject and has a reputation for being the "purest" part of mathematics, yet recent developments in cryptology and computer science are based on elementary number theory. This book is the first text to integrate these important applications of elementary number theory with the traditional topics covered in an introductory number theory course. This book is suitable as a text in an undergraduatenumber theory course at any level. There are no formal prerequisitesneeded for most of the material covered, so that even a bright high-school student could use this book. Also, this book is designed to be a useful supplementarybook for computer science courses,and as a number theory primer for computer scientistsinterested in learning about the new developmentsin cryptography. Some of the important topics that will interest both mathematics and computer sciencestudents are recursion,algorithms and their computationai complexity, computer arithmetic with large integers, binary and hexadecimal representations of integers, primality testing, pseudoprimality,pseudo-randomnumbers, hashing functions, and cryptology, including the recently-invented area of public-key cryptography. Throughout the book various algorithms and their computational complexitiesare discussed. wide variety of primality tests are A developedin the text. Use of the Book The core material for a course in number theory is presentedin Chapters 1, 2, and 5, and in Sections 3.1-3.3 and 6.1. Section 3.4 contains some linear algebra; this section is necessary background for Section 7.2; these two sections can be omitted if desired. Sections 4.1, 4.2, and 4.3 present traditional applications of number theory and Section 4.4 presents an application to computer science; the instructor can decide which of these sectionsto cover. Sections 6.2 and 6.3 discussarithmetic functions. Mersenne primes, and perfect numbers; some of this material is used in Chapter 8. Chapter 7 covers the applications of number theory to cryptology. Sections 7.1, 7.3, and 7.4, which contain discussionsof classical and public-key

vt

Preface

cryptography,should be included in all courses. Chapter 8 deals with primitive roots; Sections 8.1-8.4 should be covered if possible. Most instructors will want to include Section 8.7 which deals with pseudo-randomnumbers. Sections 9.1 and 9.2 are about quadratic residues and reciprocity, a fundamental topic which should be covered if possible;Sections 9.3 and 9.4 deal with Jacobi symbols and Euler pseudoprimesand should interest most readers. Section 10.1, which covers rational numbers and decimal fractions. and Sections I 1.1 and I 1.2 which discussPythagoreantriples and Fermat's last theorem are coveredin most number theory courses. Sections 10.2-10.4 and I 1.3 involve continued fractions; these sectionsare optional. The Contents The reader can determine which chapters to study based on the following descriptionof their contents. Chapter I introduces two importants tools in establishing results about the integers, the well-ordering property and the principle of mathematical induction. Recursive definitions and the binomial theorem are also developed. The concept of divisibility of integers is introduced. Representations of integers to different bases are described, as are algorithms for arithmetic operations with integers and their computational complexity (using big-O notation). Finally, prime numbers, their distribution, and conjectures about primes are discussed. Chapter 2 introduces the greatest common divisor of a set of integers. The Euclidean algorithm, used to find greatest common divisors, and its computational complexity, are discussed, as are algorithms to express the greatest common divisor as a linear combination of the integers involved. The Fibonacci numbers are introduced. Prime-factorizations, the fundamental theorem of arithmetic, and factorization techniques are covered. Finally, linear diophantine equationsare discussed. Chapter 3 introduces congruences and develops their fundamental properties. Linear congruencesin one unknown are discussed, are systems as of linear congruences in one or more unknown. The Chinese remainder theorem is developed,and its application to computer arithmetic with large integers is described. Chapter 4 developsapplicationsof.congruences. In particular, divisibility tests, the perpetual calendar which provides the day of the week of any date, round-robin tournaments,and computer hashing functions for data storage are discussed.

Preface

vtl

Chapter 5 developsFermat's little theorem and Euler's theorem which give some important congruencesinvolving powers of integers. Also, Wilson's theorem which gives a congruencefor factorials is discussed. Primality and probabilistic primality tests based on these results are developed. Pseudoprimes, strong pseudoprimes, and Carmichael numbers which masquarade primes are introduced. as Chapter 6 is concernedwith multiplicative functions and their properties. Special emphasisis devotedto the Euler phi-function, the sum of the divisors function, and the number of divisors function and explicit formulae are developed for these functions. Mersenne primes and perfect numbers are discussed. Chapter 7 gives a thorough discussion applicationsof number theory to of cryptology, starting with classical cryptology. Character ciphers based on modular arithmetic are described,as is cryptanalysisof these ciphers. Block ciphers based on modular arithmetic are also discussed. Exponentiation ciphers and their applications are described, including an application to electronic poker. The concept of a public-key cipher system is introduced and the RSA cipher is describedin detail. Knapsackciphers are discussed, are as applications cryptographyto computer science. of Chapter 8 includes discussions the order of an integer and of primitive of roots. Indices, which are similar to logarithms, are introduced. Primality testing basedon primitive roots is described. The minimal universalexponent is studied. Pseudo-random numbers and means for generating them are discussed.An applicationto the splicingof telephone cablesis also given. Chapter 9 covers quadratic residues and the famous law of quadratic reciprocity. The Legendreand Jacobi symbolsare introduced and algorithms for evaluating them are developed. Euler pseudoprimes and a probabilistic primality test are covered. An algorithm for electronically flipping coins is developed. Chapter l0 coversrational and irrational numbers,decimal representations of real numbers,and finite simple continuedfractionsof rational and irrational numbers. Special attention is paid to the continued fractions of the square roots of po"itive integers. Chapter 1l treats some nonlinear diophantine equations. Pythagorean triples are described. Fermat's last theorem is discussed. Finallv. Pell's equation is covered.

vill

P reface

Problem Sets After each sectionof the text there is a problem set containing exercises of various levelsof difficulty. Each set containsproblemsof a numerical nature; these should be done to develop computational skills. The more theoretical and challenging problems should be done by studentsafter they have mastered the computationalskills. There are many more problemsin the text than can be realistically done in a course. Answers are provided at the end of the book for selectedexercises, mostly those having numerical answers. Computer Projects After each section of the text there is a selectionof computer projects that involve concepts or algorithms discussedin that section. Students can write their programs in any computer language they choose, using a home or personal computer, or a minicomputer or mainframe. I encouragestudents to use a structured programming languagesuch as C, PASCAL, or PL/ 1, to do these projects. The projects can serve as good ways to motivate a student to learn a new computer language, and can give those students with strong computer science backgrounds interesting projects to tie together computer and mathematics. science Unsolved Problems In the text and in the problem setsunsolvedquestionsin number theory are mentioned. Most of these problems have eluded solution for centuries. The reader is welcome to work on these questions,but should be forewarned that attempts to settle such problems are often time-consuming and futile. Often people think they have solved such problems,only to discover some subtle flaw in their reasoning. Bibliography bibliography,split into a section At the end of the text there is an extensive for books and one for articles. Further, each section of the bibliography is subdivided by subject area. In the book section there are lists of number theory texts and references, books which attempt to tie together computer scienceand number theory, books on some of the aspectsof computer science dealt with in the text, such as computer arithmetic and computer algorithms, books on cryptography, and general references.In the articles section of the bibliography, there are lists of pertinent expository and research papers in number theory and in cryptography. These articles should be of interest to the reader who would like to read the original sources of the material and who wants more details about some of the topics coveredin the book.

Preface

tx

Appendix A set of five tables is included in the appendix to help studentswith their computations and experimentation. Students may want to compile tables different than those found in the text and in the appendix; compiling such tables would provide additional computer projects. List of Symbols A list of the svmbols used in the text and where they are defined is included. Acknowledgments I would like to thank Bell Laboratoriesand AT&T Information Systems Laboratories for their support for this project, and for the opportunity to use the UNIX system for text preparation. I would like to thank George Piranian for helping me develop a lasting interest in mathematics and number theory. Also I would like to thank Harold Stark for his encouragementand help, starting with his role as my thesisadvisor. The studentsin my number theory courses at the University of Maine have helped with this project, especially Jason Goodfriend, John Blanchard, and John Chester. I am grateful to the various mathematicians who have read and reviewed the book, including Ron Evans, Bob Gold, Jeff Lagarias and Tom Shemanske. I thank Andrew Odlyzko for his suggestions,Adrian Kester for his assistancein using the UNIX system for computations, Jim Ackermann for his valuable comments, and Marlene Rosen for her editing help. I am particularly grateful to the staff of the Bell Laboratories/American Bell/AT&T Information Services Word ProcessingCenter for their excellent work and patience with this project. Special thanks go to Marge Paradis for her help in coordinating the project, and to Diane Stevens, Margaret Reynolds, Dot Swartz, and Bridgette Smith. Also, I wish to express my thanks to Caroline Kennedy and Robin Parson who typed preliminary versions of this book at the University of Maine. Finally, I would like to thank the staff of Addison-Wesley for their help. I offer special thanks to my editor, Wayne Yuhasz, for his encouragement, aid, and enthusiasm.

Lincroft, New Jersey December.1983

Kenneth H. Rosen

Contents

Chapterl. l.l 1.2 1.3 t.4 1.5 Chapter 2. 2.1 2.2 2.3 2, 4 2.5 Chapter3. 3.1 3.2 3.3 3.4 Chapter4. 4.1 4.2 4.3 4. 4

The Integers The well-ordering Divisibility Representations int;;;;;....-'.....-'-.'......... of Computer operations with integers............ Prime numbers... Greatest Common Divisors and Prime Factorization Greatest common divisors The Euclideanalgorithm ........... The fundamentaltheorem of arithmetic ............ Factorization of integers and the Fermat numbers Linear diophantineequations ............... Congruences Introduction to congruences Linearcongruences.............. The Chinese remainder theorem Systemsof linear congruences.............. Applications of Congruences D i v i s i b i l i t yt e s t s . . . . . . . . . l The perpetuacalendar............. Round-robin ournaments.......... t Computer file storageand hashingfunctions............... .. .. 129 134 139 l4l 9l 102 107 I 16

4 l8 24 33 45

53 58 69 79 87

Contents

xl

Chapter 5. 5.1 5.2 5.3 Chapter6. 6.1 6.2 6.3 Chapter 7. 7 .l 7 .2 7.3 7.4 7.5 7.6 Chapter 8. 8.1 8.2 8.3 8.4 8.5 8.6 8.7 8.8 Chapter 9. 9.I 9.2 9.3 9.4

Some Special Congruences Wilson's theorem and Fermat's little theorem Pseudoprimes.............. Euler's theorem MultiplicativeFunctions E u l e r ' sp h i - f u n c t i o n. . . . . . . . . . . . . . . T h e s u m a n d n u m b e ro f d i v i s o r s . . . . . . . . . . . . . . Perfect numbersand Mersenneprimes Cryptology Character ciphers Block ciphers E x p o n e n t i a t i o ni p h e r s . . . . . . . . . . . . . . . c Public-keycryptography............. Knapsack ciphers Some applicationsto computer science Primitive Roots The order of an integer and primitive roots Primitive roots for primes Existenceof primitive roots Index arithmetic Primality testing using primitive roots......... Universal exponents. P s e u d o - r a n d o mu m b e r s . . . . . . . . . . . . n The splicingof telephone cables Quadratic Residuesand Reciprocity Quadratic residues Quadratic reciprocity The Jacobi symbol Euler pseudoprimes............. 288 304 314 325 232 238 243 252 263 268 275 280 188 198 205 212 219 227 166 174 180 147 152 16l

..

..

.. ..

..

2 10. . . . Finite continuedfractions Infinite continued fractions Periodic continued fractions Some Nonlinear Diophantine Equations Pythagorean triples.l t. Decimal Fractions and Continued Fractions Decimal fractions. .. ..2 1.. .... F e r m a t ' sl a s t t h e o r e m. List of symbols.3 10..xtl Contents Chapter 10. 10. ... Index 410 426 438 445 447 .. . .3 Appendix.. ... .. .1 10. Answers to selected problems Bibliography........4 Chapter I l. Pell'sequations 391 397 401 336 350 361 315 l.

who demonstratedthat 641 is a factor of 22' + | . different methods have been used to denote integers.l Instead. . in a general sense.+ 1 . the binary system came into widespreaduse. particularly thosedirected towardscomputer science. In addition. the great French number theorist of the seventeenthcentury. As far back as 5000 years ago. In his writings.I n t h i s b o o k . an ancient Greek mathematician. We will not axiomatically define the integers. o S u c h a n a x i o m a t i c d e v e l o p m e n t f t h e i n t e g e r sa n d t h e i r a r i t h m e t i c c a n b e f o u n d i n L a n d a u t6ll. The ancient Greek scholarEratosthenes l. The ancient Greeks in the school of Pythagoras.w e p r i m a r i l y d e a l w i t h t h e i n t e g e r s .lntroduction Number theory. . For instance. thought that all integers of the form 22' + 1 are prime. Euclid.was first developed in India approximately six centuries ago. made the distinction betweenprimes and composites. Our method of expressing integers. the decimal system. is the study of numbers and their p r o p e r t i e s . 2500 years ago. The problem of distinguishing primes from compositeshas been extensively deviseda method. we study the applicationsof number theory. 0 . + 2 . A prime is a positive integer with no positive factors other than one and the integer itself. With the advent of modern computers. a century after Fermat made this claim. included a proof that there are infinitely many primes. now called studied. the ancient Babyloniansused 60 as the base for their number system and the Mayans used 20. we discussthe interestingpropertiesof and relationships between integers. For instance. that this is false was shown. Throughout history. . Mathematicians have long sought formulae that generate primes. Number theory has been used in many ways to devise algorithms for efficient computer arithmetic and for computer operationswith large integers. Pierre de Fermat. ancient civilizations had developedways of expressingand doing arithmetic with integers. or rigorously develop integer arithmetic. by the renowned Swiss mathematician Leonard Euler. . .

Recently. each individual has a public enciphering key and a private deciphering key. using the most efficient technique yet devised. arithmetic with large integers. when a public-key cipher is used. Fermat. then n does divide 2n . is possibleto develop it primality tests based on the original Chinese idea. primes with as many as 200 decimal digits can be found in minutes of computer time. Ancient Chinese mathematiciansthought that the primes were precisely those positive integers n such that n divides 2' .2. that finds all primes less than a specified limit. called a public-key cipher system. The most widely used public-key cipher system relies on the disparity in computer time required to find large primes and to factor large integers. together with extra observations. known to the ancient Greeks. It is now possibleto efficiently find primes. Many questions can be phrased using the notion of a congruencethat can only be awkwardly stated without this terminology. by the early nineteenth century. Congruencescan be used to develop various types of ciphers.and the generationof pseudo-random numbers. this method is very timeconsuming. Messagesare encipheredusing the public key of the receiver. However. billions of years of computer time may be required to factor an integer with 200 decimal digits.including applications to computer file storage. developed the language of congruences in the early nineteenth century. Fermat showed that if n is prime. The problem of efficiently determining whether an integer is prirne has long challengedmathematicians. consideredto be one of the greatest mathematicians of all time. it was known that there are compositeintegersn such that n divides 2n . Euler. However. Congruenceshave diverse applications to computer science. a new type of cipher system. One of the most important applications of number theory to computer science is in the area of cryptography. The fundamental theorem of arithmetic. in fact. This factorization can be found by trial division of the integer by primes less than its square-root. Moreover.2. In . has been devised. It is inefficient to use this sieve to determine whether a particular integer is prime. such as n : 341 . The German mathematician Carl Friedrich Gauss.Introduction the sieve of Eratosthenes.since an overwhelming amount of computer time is required to decipher when just the enciphering key is known. only the receiver can decipher the message. unfortunately. These compositeintegers are called pseudoprimes Becausemost compositeintegers are not pseudoprimes. says that every positive integer can be written uniquely as the product of primes. and many other mathematicians have produced imaginative factorization techniques.2.integers may be replaced by their remainders when divided by a specific integer. using the language of congruences. When doing certain computations.

lntrocluction particular. namely the product of the large primes. to produce an enciphering key requires that two large primes be found and then multiplied. This may take billions of years. To find the deciphering key from the enciphering key requires that a large integer. this can be done in minutes on a computer. When these large primes are known. the decipheringkey can be quickly found. In the following chapters. . be factored.we discussthese and other topics of elementary number theory and its applications.

1 i s . and show how to prove it using the well-ordering property. since the set of positive integers not contained in S is nonempty. we will use both the well-ordering property and the principle of mathematical induction many times. Every nonempty set of positive integers has a least element. N o w s i n c en ) l . The Well-Ordering Property.1 The Well-Ordering Property In this section. the well-ordering property. there is a least positive integer n which is not in .we discussseveral important tools that are useful for proving theorems. A set of positive integers that contains the integer I and the integer n I I whenever it contains n must be the set of all positive integers. We begin by stating an important axiom. Afterwards.1 The Integers 1. we give an example to demonstrate the use of the principle of mathematical induction. By the well-ordering property. N o t e t h a t n 1 1 . t h e i n t e g e r n . Assume that S is not the set of all positive integers. In our study of number theory.S. there are some positive integers not contained in . s i n c el i s i n S . The principle of mathematical induction is a valuable tool for proving results about the integers. Let S be a set of positive integers containing the integer I and the integer n * | whenever it contains n. We now state this principle. Proof. Therefore. The Principle of Mathematical Induction. S .

We see that . In our discussion of sums. since n is supposedlythe smallest positive integer not in S. so that k-l 5. But since S contains n . a is called the initial term and r is called the common ratio. we will find summation notation useful. Exa m ple.l.. In addition. The following notation represents sum of the real numberse1. -1 5 . we must show that it is true for the positive integer n * I if it is true for the positive integer n. the real numbers a .. we will use the principle of mathematical induction to establish a formula for the sum of the terms of a geometric progression. Also. fo rm a geometri c progressi on with initial term 5 and common ratio -3. -1 3 5 .on.. By the principle of mathematical induction. tr To prove theorems using the principle of mathematical induction. e r 2 . Given real numbers 4 and r. and hence must be in S. T he num b e rs 5 . one concludes that the set S of all positive integers for which the statement is true must be the set of all positive integers.. which is a contradiction. . We must show that the statement we are trying to prove is true for l. . are said to form a geometric progression. is a "dummy variable" and can be replaced by any letter.l The Well-Ordering ProPertY a positive integer smaller than n. the index of summation. a r . we must show two things. the smallest positive integer.o t 3 r . it must also contain (n-t) + | : n. the 2oo:er*az* lan k-l We note that the letter k. To illustrate this procedure.l..4 5 ... o2. Definition. nn j-t ak: 2 oi i-l Example. This shows that S must be the set of all positive integers.

We have the following theorem.. fr:0 and I k--2 We now turn our attention to sums of terms of geometricprogressions. and ) 2 2i : 2 * 22+ 23+ 24+ 2s : 62 . The su m of t he t er m s e ) e r.The Integers j-r ) 2j:I+2+3+4+5:15. rn i s a n j-0 2ori:e*ar*ar2+ *arn. o r2 .. Theorem l. If m and h are integers such that z ( n.as long as the lower limit does not exceedthe upper limit. j-1 We also note that in summation notation. then b oo:am*a^a1* *an.t > k 2 : 3 3+ 4 2+ 5 2 : 5 0 . > 3k:30 + 3t + 32: 13..we have 5 k. where the summation beginswith 7 : g.l. then .. k-m For instance. j-r ) 2t2:2+2+2+2+2:10. If a and r ^re real numbersand r * l. the index of summation may range betweenany two integers.

t + i ar2 E ori j:o r r'': : * a arn T T . T h e n .I ) r-1 arn*l orn*l-a*ar'+Z : r-l Since we have shownthat 0. w hi l e o n t he r ight s ideof (1 .+) (a*ar*ar2+.1 ) w e h a v e arL-a _ a?z-t) r-l r-l _ ab*l)(r-1) T: a(r*l) : a * ar So the formula is valid when n : l.Property 1..+) is identical to that of (1.3) is valid.2) alar+arz+ 'tar'-arn*l-Q I We must show that the formula also holds for the positive integer n * l. What we must show is that (t. to obtain (t. Proof. r-l The left side of (t. we 0.+arn) * a r ' + rarn+t:o + arr+t. th e l e ft si de of (t. we note that arn*l-a rI 1 A^ .n r r _ T r arn+l-e r-l T- . assumethat That is. or'*l (r.1 The Well-Ordering n).2) i m p l i e s (t.t) i s a * ar.narn*l-Q (1. N ow we as s um eth a t (1 . w e can concl udethat (t. we add orn*r to both sidesof (1... we must first show that it holds for n : l. Then.1) : a * ar *a r . it must also be true for the positive integer n * l.2). l e t n : l .t) . To show that the right sides are equal. we must show that if the formula is valid for the positive integer n. To s t ar t t hings o ff. To prove that the formula for the sum of terms of a geometric progressionis valid.:).3).1 ) h o l d s for the positive integer n.:) a*ar+ar2+ * arn * arn*l : or@+t)+t_o ar'+2-e r-l r-l To show that (1.

Definition. th e n i t a l s o c ontai nsthe i nteger k + l . S must be the set of all positive integers. by the principle of mathematical induction.. To find the sum k:0 bro:r*2+22+ *2'. and by we the hypotheses.. Then I is in S. k . The Second Principle of Mathematical Induction. . . and which has the property that if it contains all th e pos it iv eint eg e rs1 .The Integers holds for all positive integers n. . J. 2. Hence. k .1n 1n*l _ I : rn*l_r 2-l Hence. (See problem 12 at the end of this section. A set of positive integers which contains the integer 1. Let T be a set of integers containing I and containing k + I if it co nt ains 1.. we use Theorem l. . Proof. and if a rule is providedfor determiningf h*l) is specified If a function is defined recursively. tr The principle of mathematical induction provides a method for defining the values of functions at positive integers.) We now give an example of a function defined recursively. one can use the principle of mathematical induction to show it is defined uniquely at each positive integer. We say the function f is defined recursively if the value of f at I from f h) . so clearly T is also the set of all positive integers.. A slight variant of the principle of mathematical induction is also sometimes useful in proofs. Let n be a positive integer. tr Example. we specify that . L e t S b e th e s e t o f a l l p osi ti vei ntegersn such that al l the positive integers less than or equal to n are in Z. to obtain l+2+22+ . then k + | is in S.l with e : I and r : 2. We define the factorial function f fu) : nt . see that if k is in S. the sum of consecutivenonnegative powers of 2 is one less than the next largest power of 2. must be the set of all positive integers. First.2 .

. g and then we givethe rule for findin f h*1) from f fu). These two statementsuniquely define r!. To illustrate the notation for products we have ) fI j:l'2'3'4'5:120.f (5) : 6. Example. and can be replaced arbitrarily..4'f : 6's'4'3'f :6's'4'3'2f0). j-r j-r 5 fI Zi : j-r I I 2 : 2 . to concludethat 6 l : 6 ' 5 ' 4 ' 3 ' 2 ' :l 7 2 0 . 2 .s.i.24. follows (2) (3) (4) f 6) :6. using the recursive definition.22... we see that n! is the In general.2s: 2r5 5 . 2 . The product of the real numbers a1. : 2. analogous to summation notation. is denoted by j -r ft o.23. We now use the first statement of the definition to replacef 0) by its stated value l. : ere2 an The letter 7 above is a "dummy variable". by successively product of the first n positive integers. 2 . we specify that 0! : l.5.1.a. namely fu) f h+r) : (n+r)'f . To find the value of f G) : 6! from the recursive definition of f h) : nl.1 The Well-Ordering ProPertY f(r): I . n! : l'2'3 n For convenience. and future use. We take this opportunity to define a notation for products. 22 5: 3 2 .f : 6. a2.e. as use the secondproperty successively.

s . . @ .r )m kt Example.J. .3 fu-k) (m-k+r) ( m .)' Proof. Then (i) [. r\ 1 7| : 7 t : 1 . Let n and k be nonnegativeintegerswith k ( n . note that .because lO . the we notethat L. r) r ) ( i i ) l l l : -' . . 4 . . n ! : fI . 6 . Proposition 1.J. 2 .k + t ) .2.r234:E:i)' We now prove some simple propertiesof binomial coefficients. 3. 3 .]:[.r Factorials are used to define binomial cofficients.2. Definition. 7s . I isoenneo uy lT / (^ r) l*| lk J t r t : - mt kt(m_k)t In computing we see that there is a good deal of cancellation. kt@_k)l t . The r) binomial cofficien. l^) l^) : .l0 The Integers We note that with this notation.k ) @ .t ) m k! t. 1 l fkj l. To see that (i) is true. . 6 . 7 fzl f3J 3t4t r23. j -r . 2 .To evaluate binomialcoefficien.-t. t u .]:. Let m and k be nonnegativeintegers with k 4 m.lk ) m.

l l- tr An important property of binomial coefficientsis the following identity. +lr\.Property 1.] and :n'':l nt t. [.l: _n. ftl Thi s gi ves t. Let n and k be positive integers with n > k.k ) r ( n -h .*'l .k + t ) t ntfu*l) klfu-k+r)t (n+l)! kth-k +r)t [l n + r I l n f k ) u .] lr:.k t l ) n tk ktfn-k+l\ ktJtt-t(+il nl((n-k +r) +k) k th ..] I n I _ |.k ) ) t lr |. by using the c om m o nd e n o mi n a to r (n -k + t)!. Then |'.J:I Proof. we seethat l. We perform the addition ) ..2. Theorem 1. Uc n th . * r loj [o-._ n !0! \:t frl n.] To verify (ii). kth-k)t :-:l nt t u .1 The Well-Ordering 11 :# [.k J ln-* )' .

we can easily construct Pascal's triangle.:r)*r. From Theorem either side. Figure triangle.+l:). We see that the exteriornumbersin the triangleare all l. of occur in the expansions powersof sums. [. The BinomialTheorem. which displavs the binomial coefficients.l .we simplyadd the two numbers the positions 1.]". Exactly Binomial coefficients by how they occuris described the binomial theorem. this yieldsthe positionbeing filled.l ( k + t)ttr n u m b e r i n th e (n + l )th row . the binomial coefficient |.t2 The Integers Using Theorem 1. [. [T]".. The fi rst ni ne row s of Pascal'st r ianglea re d i s p l a y e d n F i g u re l . y + + l. ..:. Let x and y be variables Then : y'+ (x*y)n l:). i I ll r2l l33l r4641 15101051 1615201561 172135352171 18285670562881 'Plr"urt 1.1. In this triangle.2.-'. and to in interiornumber.of the correctinteger..2.-.. To find an above.]' n .] rs t he |. and n a positiveinteger.' -2 2 or using summation notation.r.

t ' l l ( x + r ) \r |.i r i . Proof.i:o J . we have (x+y)n+r .1. Hence.yo I. \r ) j-0 We must now verify that the correspondingformula holds with n replaced by n * l. |.. We now assume the theorem is valid for the positive integer n.1 The Well-Ordering ProPertY l3 G + y ) n: 2 ^ (n] j-0 lJ. assumingthe result holds for n.. lnl j-0 \r ) . ll * " . according to the binomial theorem. w h i c hi s ^ fn) : G+ y ) n 2 l .this \^/ s t a t e sh a t ( x + y ) r : x t *y. When n : l./ We see that by removing terms from the sums and consequently shifting indices. fr) j:0 \J . In the proof we make use of summation notation. that is.t y t \ We prove the binomial theorem by mathematical induction. we assumethat lrlfrl lil:t.(xty)"(x+y) 'l I : l.l l a l i l)" .J"or' B u t b e c a u s en l : l t"J obviously true.that . We use mathematical induction.. l r ' . the formula becomes frlfrl (x*y)r+ loj"'.

l[. : ) ^ lrl j-0 lnl : lr r )l t .2.' 3l:)."' 2l.'-'.). k+y).'.for the fifth row.'-'''. . j ) l*n+t-iri This establishes the theorem.r l i j -)o LJ.). we find that . + bl':'fx.ri I r ) i-t - * yn+r n * t [ n + rI S I t 1 ^l . we have + t.'-'''*' : In+l + * yn+t :21'!'1"-'*' yj + yn*t 't Hence.'-'.1']: so we conclude that ['. we see from the binomial theorem that 2 n: ( t + t ) .t4 The Integers and 21. If we let x : y : l.. u We now illustrate one use of the binomial theorem.'] .*. we find that ( x *Y )' + r xn+r +> j-r n I lxn-i+tri I yn+t I By Theorem 1. we get 2n.' :'Al.-i*.'+r.)..l \ . For instance. rl This formula showsthat if we add all elementsof the fu+l)th row of Pascal's triangle.

.:. a n (n+l) (2n+l) 6 . . f.:n(nlD.J' froI a) >.ProPertY 1.l'I tJ'^na lroJ' |'qI fgI 5 .l' loJ' I . j-r 2. Show that a nonempty set of negative integers has a largest element. 7 .ol and o andverirv that l'. lo.|' .i:t+2+3+ j-l + . j' 0) il2i j-l 3 . [.t .6:24 . L U) 2i': j-l 12+22+32+ + . Find n ! for n equal to each of the first ten positive integers. Find the binomial coefficients fnl .l l. Problems Find the values of the following sums l0 l0 a) >2 j-r c) 2j' j-r t0 u) 2i j-l l0 o) 22i. 4. Use mathematical induction to prove the following formulae.1 The Well-Ordering 15 :. fro) Find frolfrolfrol frol |. Find the values of the following products i l j -rl r 2 ) b) trj j-t 55 c) r. .l'I r. .] [l] [l] [l] [l] l. +4+6+ 4+. fnl lrj*loj: loJ 6 .

f h+t):f Show that f (n) : h) + 2f (n-t). to find \'' J t-o .. "f and for n 2 2. 2^ + el)n.l :2' . * n3: | 't'ftl | 12 I Find formula ft Zi. lrJ b) usepart(a). r0. what function f (n) is defined recursively by f 0) : 2 and for n)l? I f g i s d e f i n e d r e c u r s i v e l yb y g ( l ) : 2 what is S(02 and g(n) :2sb-D f (n+D : 2f (n) for n 7 2.l* l. t2. 14. 9.l * loj IrJ loj and [. then 15. Show by mathematical induction that (2n)t < 22'(nl)z. Show that the f h+l) values of a function so defined are uniquely determined.lf.l * ['J* * I'J l. show that the binomial t3. ll. The second principle of mathematical induction can be used to define functions recursively. using the secondprinciple of mathematical induction. Let n be a positive integer. We define a function recursively for all positive integers n bV (l) : l. .l|. f (2):5.l* f. if n is a positive integer. We specify the value of the function at I and give a rule for finding from the values of f at the first n positive integers. f.J c) Findthesuml -2+22-23 + +2too.r': t'+ 23 33 + + i-tt2l 8.andthefactthat > f. a rcrj .t6 The Integers c) i. By expanding (l+(-l))'with theorem.l Use the principle of mathematical induction to show that the value at each positive integer of a function defined recursivelyis uniquely determined. a) fr) ) (-r)o : o.

. b) |. one at a time without ever placing a larger ring on top of a smaller ring.P. P z .. be t different properties that S is a set with n elements and let that an element of S may have.. [. we develop the principle of inclusion .. P. If an element has k of the properties.1.P.P... P q ) + + + (-l)'n (P1.).) lrl + lpllrJ Itl + (-l)ft ltl .. P z + n ( P t . P..using the third peg as an auxiliary peg.. the secondexpressionin brackets contains terms for all combinations of two properties. from the first pbg to the second. on one of the pegs.whenevernisapositiveinteger..P. lrJ This 1 8 .-r.P.)| where n(Pi.l + l. Suppose Pr..I .*nr.{ n ( P r . The first expressionin brackets contains a term for each property. The binomial coefficients x is a variable.. 1." : x and [l ] can be defined recursivelyby the equations | .'t l..exclusion.)l + l n ( P t ..wherekisan integerwithl(k(x.t.) is the number of elements of S possessingall of the properties Pi.. P t )* n ( P r P z . the third expressioncontains terms for all combinations of three properties.-2. (Hint: For each element of S determine the number of times it is counted in the above expression.4. it is countedshow t equals zeroby problem la(a).". The tower of Hanoi was a popular puzzle of the late nineteenth century._n [.. Show that the number of elements of S possessing none of the / properties is + n@)l n -ln(rr) + n(p) + + n(P. ln. | : lt?+rj f'+rl l--*. * n(P. The puzzle includes three pegs and eight rings of different sizes placed in order of size.?J ["] [*l.Pi... P r+ ) ) ....1 The Well-Ordering ProPertY t7 16.l a)Showthatifxisapositiveinteger.l x! .i-.P.1 In+tJ:R l.. The goal of the puzzle is to move all the rings.then[oJ:ffi. In this problem..]..P2. t 7 . . with the largest on the bottom. . and n is a positive integer.. P2. S h o w t h a tl .and so forth.

4. 5. Show that an*1!: al. 2. Print out Pascal'striangle. 6.7 13 ! 3 ! 2 ! .2 4 /8 : 3 i s an i nteger. This observationleads to the following definition. Without multiplying all the terms.4 is not.l Computer Projects Write programs to do the following: l. onl.a2. Expand (x*y)". lf a divides b. List the movesirr the Tower of Hanoi puzzle (see problem l8). F o r i n s ta n c e . we also say that a is a divisor or factor of b.from one peg to another is 2n . 1. the quotient may or m ay not be an i n te g e r.l8 The Integers a) Use mathematicalinduction to show that the minimum number of movesto transfer n rings. When they finish transferring the rings to the second peg. where 20. ar-1!) . show that il 6! 7!: l0! b) l0!:7! 5! 3! c) 16!: l4t 5t 2l d ) 9 t .w hi l e l 7/5:3. How long will the world last? b) 19. z!. . a2t o1. a n d z s u c ht h a t x t * y l : i x l. They started moving the rings. Find the sum of the terms of a geometric series.. 3. An ancient legend tells of the monks in a tower with 64 gold rings and 3 diamond pegs. a2t or€ 2 1 . using the binomial theorem. F i n d a l l p o s i t i v e n t e g e r s . Definition. Let an : (af a2l. If a and b are integers. with the rules we have described.2 Divisibility When an integer is divided by a secondnonzerointeger. Evaluate n ! Evaluate binomial coefficients. the world ends.etr-1 positiveintegers. we say that a divides b if there is an integer c such that b : ac.l. where n is a positive integer.. and on+t: af. an_tl..1. one move per second. y .. when the world was created.

b . In subsequentsections. and +6. I f a . a Exa mple. S inc e 3l2 l a n d : I l l . +3. P ro p o s i ti on tel l s us that 11 | 198. l f a .1. Proof. . The divisors of 100 are +1. We now state and prove these properties.3 . Since c I a and c | 6. Pro p o s i ti o n . 4 .z l . b . +10. there are integers e and / such that a : ce and b : c f . In the equation given in the division algorithm. C onsequentl y.3 P r o p o s i t i o n1 . t h e n a l c . The following theorem states an important fact about division.. there are integers e and f with ae : b and bf : . The divisorsof 6 are +1. E Exa mple. m . and we concludethat a I c.we will need some simple properties of divisibility. consider the following examples. *2. Since a I b and b I c. tl and tI7. 3 3:) l o 5 .l | : 1 . Example. c | (ma+nb). e t r q q . *2. l Proof. Henc e. The Divisionl$f$* If a and b are integers such that b > 0.t 7 l 2 8 g . +50. The divisorsof 17 are +5. S inc e 1l | 6 6 a n d 6 6 | tl a . +20. 1 P r o p o s i t i o n . l t r s o-. and + 100. We note that a is divisible by b if and only if the remainder in the division algorithm is zero.5 | 9 0 . 1. t h e n .2 Divisibility t9 b I f a d i v i d e s w e w r i t ea l b .4 tel l s us that 1 3 | 6 . m a * n b : m c e * n c f : c (me + nf). 3 . we call q the quotient and r the remainder.+4.9 9 : 6 . +25. The following examples illustrate the concept of divisibility of 1 i n t e g e r s :3| 1 8 2-. w e w r i t e a t r U . a n d c a r e i n t e g e r s w i t h ab a n d b l r . w h i l e i f a d o e s n o t d i v i d e b . Hence. then there are unique integers q and r such that a : bq * r with 0 ( r < b. bf : be)f : aGf) : c. Example. a n d1 71 0 . e see w th a t c | f ua+ nb) . a n d n a r e i n t e g e r sa n d i f c l a a n d c l D . Before we prove the division algorithm.

If x is a real number.sl : -2.5 0 : 8 ( . The proposition below follows directly from the definition of the greatest integer function.21 2. Definition.. L i k e w i s ei. 12.a . denoted by [x ].5. We multiply this inequality by b. t h e n q . then Q:6 and r:7.b < btalbl 4 a. Let q:la/bl a n d r : a . since 133:21'6+7.133 and b:21. C l e a r l ya : b q * r . s i n c e. If a-. By subtracting the secondof these from the first.5 0 a n d b : 8 .20 The Integers Example.5. Proof. Let x be a real number. The greatest integer in x. Multiplying by -1.7 ) + 6. We can now prove the division algorithm. andI-t. Example. to obtain a .131: 3. T o s h o w r satisfies the appropriate inequality. we seethat 0 ( r . is the largest integer lessthan or equal to x. it follows that G/b)-l < ta/bl 4a/b. we find that . assume that w e h a v et w o e q u a t i o n s : b q r * r r a n d a : b q z * r r . By adding e.we find that -a(-b[a/bl<b-a.bla/bl < n.f a : . Note that in the proof we give explicit formulae for the quotient and remainder in terms of the greatest integer function. To show that the quotient q and the remainder r are unique. w i t h 0 ( r r ( b a n d a 0 ( rz < b.b l a / b l . then x-l < [x] ( x. Proposition 1.we need to define a new function. We have the following values for the greatest integer in : x'. and reversingthe inequality.7 and r:6. For the proof of the division algorithm and for subsequent numerical computations. note that from that the remainder Proposition1.

For example.t-3 8 0 /7 5 1 : -380 . o r . with 0(r Then a:bq*r E x a m p l e . o r 4 k + 3. w e h a v ea : b q * r w i t h 0 ( r < b .3 8 0 a n d b : 7 5 . s I t + S .L e t a : 1 0 2 8 a n d b : 3 4 .1 1 : 0 .1. the remainder is either 0. or 3.2 Problems l. S i n c e b q t + r t : b Q z * 1 2 a n d rt: 1 2 we als o s ee th a t Qr: Qz . tr <b. Th i s tells us t hat D d i v i d e s rz . we can classify integers according to their remainders when divided by d.6a n d r : -3 8 0 . We will pursue these matters further in Chapter 3. w e This shows that b can divide rz. we see from the division algorithm that when an integer n is divided by 4. W i t h a : . we see from the division algorithm that every integer when divided by 2leaves a remainder of either 0 or l.rr 1b. w h e r e : [-380/ 751 : .rr: b(qt-qr). with d : 2. we seethat rz . q Given a positive integer d.rr.1 1 0 2 8 / 3 4 1 . Decidewhich of the followingintegersare divisibleby 22 il0 b) 444 c) 1716 d) r92s44 e) -325r6 f) -195518. i s d i vi dedby 2 is l. 7 l 3 4 3 . while if the remainder when n * I fo r s o mei n tegerk.2. th e n n :2 k Similarly. i n o t h e r w o r d s .3 0 .11 only if have -b < rz.and w e say n i sodd.1.(-6)75 : 70. w h e r e q : t t 0 2 8 / 3 4 1 : 3 0 a n d r : 1 0 2 8 . every i n te g e r is of t he f orm 4 k . r z . Hence. 3 4 : 8 .4 k + l . w here k i s a posi ti ve integer. Si n c e 0 ( rr I b and 0 ( rz ( b. .i f 1 1 : 1 2 . then r : 2k for some positive integer k. and we say n is even.r2) Hence.a n d8 8 8| 0 . 3 4 : 1 0 2 8. S h o w h a t3 l g g . T h i s s h o w s th at the quoti ent q and the remainder r are unique. If the remainder when n is divided by 2 is 0. when d : 4. 1.4 k * 2 . t 2.2 Divisibility 2l 0:bQt-qr)+(r.

b. c. 8 . Show that if a. Find the remainderwhen 17 is divided by -7. such that when a is divided by b the quotient is q and the remainder is r. s u c ht h a t a : b s * / . . + [r]. il Extend the division algorithm by allowing negative divisors. 1 2 . then labl 2 Laltbl .f a. and c are integers with b ) 0 and c ) 0. the division Show that if 6 . and when q is divided by c the quotient is / and the remainder is s. when quotient of -(q*l) and a and the remainder is zero. -a is divided by b.t h e n l a + b l 2 l a ] 1 6 . b. while if 6 | a. In particular. where 0 ( r < lAl . Show that if a and b are positive real numbers.and c l0 a r e i n t e g e r st h e n a I t i f a n d o n l y i f a c I b c . b) e : 1 4 .) 1 0 . take as the remainder the least positive integer in the set of integersa-qb. 1 s u c ht h a t a : bq * er where-b/2 <er4 b/2. the division algorithm gives a remainder of b . there are integers q and r such that a : bq * r. 9 . 1 3 . c) -44 d) -100. then there are integers q. then when a is divided by bc. I b anda I c). then a ( D. When the integer a is divided by the interger b algorithm gives a quotient of q and a remainder of r. 6 . b u t a a 7 . Find the quotient and remainder in the division algorithm with divisor 17 and dividend a) loo b) 28e 4. Show that if a and b are odd positive integers. Show that if a and D are positive integers. show that whenever a and b # 0 are integers. the quotient is -q where b > 0. 5.22 The Integers 3. What can you conclude if a and b are nonzero integers such that a I b and bla? Show that if a. S h o w t h a t i f a a n d b a r e r e a l n u m b e r s . the quotient is I and the remainder is bs * r. a n d c s u c h t h a t a l b c . and d are integers with a and c nonzero such that a I b and c I d. then there are integers s and . b .r. b. Show that if a and b are positive integers and a I D. w h e r eI i s o d d a n d l r l < n .r and 1 5 . A r e t h e r e i n t e g e r s. Show that if a. ! . (Hint: When dividing a by b. then ac I bd. Give another proof of the division algorithm by using the well-ordering property. What is the corresponding inequality when both a and b are negative? When one is negative and the other positive? .

S. while the sum of an odd and an even integer is odd. then [x*n] 20. Show that if n is an integer and x is a real number.08 or . . 27. then [a ] + Ia + %l : l2al . Show that if a is a real number then a) b) -I-a I is the least integer greater than or equal to a. 21. Show that the sum of two even or of two odd integers is even. it costs 20 cents for the first ounce and l8 cents for each additional ounce or fraction thereof. Show that if m and n \ 0 are integers. then 3 divides a3-a 26. 28. la + %l is the integer nearest to a (when there are two integers equidistant from a. Could it possibly cost S 1. then (r r |*+r1 . 23. Show that the product of two odd integers is odd.A. Show that if a is an integer. Find a formula involving the greatest integer function for the cost of mailing a letter. b y 1 2 5 . while the product of two integers is even if either of the integers is even. Show that the integer n is even if and only if n . while the product of two integers of the form 4k * 3 is of the form 4ft * L 29. What is the value of [a ] + l-a I when a is a real number? 18. To mail a letter in the U.2ln /21 : 0.2 Divisibilitv 23 17. I n i:ll _ I I I llyl*tif m:kn-lforsomeintegerk.I for someintegerk. : [xl + n . Show that the square of every odd integer is of the form 8k + l. 19. Show that the product of two integers of the form 4ft * I is again of this form. 22.28 to mail a letter? 25.$I .JLJ ' ILnl I 1I1 | if m : kn . it is the larger of the two). How many integers between 100 and 1000 are divisible by 7? by 49'l 24.1. Find the number of positive integers not exceeding 1000 that are divisible by 5 . b y 2 5 . a) b) c) Show that the number of positive integers less than or equal to x that are divisible by the positive integer d is given by [x/dl.a n d b y 6 2 5 . Show that if a is a real number. Find the quotient and remainder in the division algorithm. 2 . assertsthat the sequenceobtained by iterating Z always reachesthe integerI no matter which positive integer n begins the sequence. 4 .r + + + 3.102 6. d e f i n e di n p r o b l e m 1. w e l l . s o m e t i m e s . remainder.when we write the integer 34765. 1 0 . . a) b) Find the sequence obtainedby iterating Z starting with n :29. Show that the product of two integers of the form 6k * 5 is of the form 6k * L 32.3 Representations Integers of The conventional manner of expressing numbersis by decimal notation. Find the quotient. 1. . 33. F o r i n s t a n c e . Decide whether an integer is divisible by a given integer. 1 1 . . and sign in the modified division algorithm given in problem 14. 1 . t a r t i n gw i t h n : 7 w e h a v e s 7 . f (rQ ( n ) ) ) . called the Collatz coniecture. where k is an even positive integer. + There is no particular reasonfor the use of ten as the base of notation. 2 .24 The Integers 30. Show that the product of any three consecutiveintegers is divisible by 6. Investigatehe sequence . T(Th)). .101 5. 1 7 . Show that the fourth power of every odd integer is of the form l6k + l. .103 7. 5 .100. For instance. Show that the sequence obtained by iterating Z starting with n: (2k-l)/3.104 4. We then form the sequence obtained by iterating T: n . 2 6 . T(n). T ( T Q ) ) . We write out numbers using digits to representmultiples of powers of ten. Other civilizations have used different . . 1A. 2 . 8 . . .other than the fact that we have ten fingers. 2 0 .2 Computer Projects Write programs to do the following: l 2. f ( f ( f ( n ) ) ) . 31.k n o w n c o n j e c t u r e . k > l. 3. 1 . We define f T(n) : ln/2 1Qn*D/z if n is even if n is odd. always reachesthe integer l. Let n be a positive integer. T ( n ) . 1 3 .we mea. . 4. t n 33. 0 ( ar ( b-1.0 * ap. We now show that every positive integer greater than one may be used as a base. The last step of the processoccurs when a quotient of 0 is obtained. who Electronic computers use two as a base for internal used base twenty representationof integers. We obtain an expressionof the desired type by successively the division algorithm in the following way.3 Representations Integers 25 bases... becausethe sequence quotients satisfies of n ) qo) qr) qz> "'> 0. Then we divide qoby b to find that eo:bq1ta6 We continue this processto obtain Qt: bq2t a2. Then every positive * a1b I oo. Theorem 1. is an int eg e rw i th 0 ( o . We first divide n by b to obtain n:beo*oo.rt w h e r e a.r * a k . fo r. < b -l coefficientak I O.r . integer n can be written uniquely in the form n : a k b k * a p . 0 ( a 1 .1 b k .. qr= bq3l a3. 0(ao<b-1. 1.including the Babylonians. .z: b q * .. and any decreasing sequence of nonnegative integers must eventually terminate with a term equaling 0.of 1. This is guaranteedto occur. 0(ar(6-t.1 .and either eight or sixteen for display purposes.3. Q k . 0 ( a2 ( b-1. Qk-t: b./ :0.who used base sixty . and the Mayans.1 ( b . Let b be a positive integer with b > l. k and the i ni ti al applying Proof . 0 ( a1 ( b-t. -'**"::.. there is a smallest integer j.. Gr. We next replace {6 using the secondequation.. Subtracting one expansionfrom the other. i.-)bk-t * *(a. Qk_r.1 . to obtain n : b(bqfta1) + as : bzqrI a1b I as.-c)bk +(o. n : e k b k + a 1 r .-r-c1. If the two expansions are different.. assume that we have two such expansions equal to n. Successively substituting for qr..e..-c)bk-i + + (a1+rci+)b r (ai-c1) : O. To see that the expansion is unique.f + l(a*-c*)b(-r * (ai+rci+r)b * G1-c1)] : o. . where 0 ( ar (b and 0 ( c1(b (and if necessary add initial terms with we zero coefficients to have the number of terms agree)..we have found an expansion of the desired type. Consequently.t{. si nceek : 4r-r i s the l ast nonzero quotient.. br so that .26 The Integers From the first equation above we find that n: beo* ao.. w her e 0 ( a. Q2.y b k -* t : c * b k * c 1 r-1 b k -r * t a1b * ao * cft * ro.1 b k -* r t aft * ao.ka n d a * I 0.-'. "l such that ai # ci. Hence. : a t b k + a 1 r . O ( < k. we have (ar.cr)b + (as-ca):0.. * : =i: ri **olr'u**ol' ::. < b -l fo r 7 : 0 .we have n: b3qz+ a2b2 a1b* or. and base 16 expansionsare called hexadecimal. Hence.3 with b : 2. Corollary 1.-a1)bk-j-t + Hence. ! of For b .1 2 k . b is called the base or radix of the expansion. < b and 0 ( c. and . we know that -b < ai-c1 I b. replacing the dividend each time with the quotient. 2 4 1 ..3. bl G 1 -c 1 ). Example. implies that ej : cj. From Theorem 1.72+ ) a n d ( 1 0 0 1 0 0 1 1 : 2 1 . We write (apapa. note that Q3Ot : 2. we use a special notation. we see that * (c 7+ r-ai + )b * (c7+r-or*. We simply perform the division algorithm successively.t* + a Q * a s w h e r e e a c h a ii s e i t h e r 0 o r 1 . Every positive integer may be represented as the sum of distinct powersof two. We concludethat our base 6 expansion n is unique. every positive integer is the sum of distinct powersof 2. expansions. b I h1-c) assumptionthat the two expansions are different. 2 r+ 1 . + + 3. The coefficients ai are called the digits of the expansion. We call base l0 notation. < b.. Let n be a positive integer.3 that the following corollary holds.of 1. This contradicts the Consequently. or hex for short. we obtain aj. Proof.2 .aps) 6 to represent the expansion a*bklapabk-rl taft*ao. Binary digits are called bits (binary digils) in computer terminology. base 8 expansionsare called octal expansions. To illustrate base b notation.3 Representations Integers 27 Solving for ai-c.c j: (c rr-a r)b k -j + : bl(c1. 2 7 1 . Base 2 expansionsare called binary expansions. To distinguish representationsof integers with different bases. we see from Theorem 1.1. we know t h a t n : a t r T k * a 1 r . But since 0 ( a. decimal notation. tr In the expansions describedin Theorem 1.3 gives us a method of finding the base b expansion of a given positive integer.) ]. our conventionalway of writing integers.7 + 6 Note that the proof of Theorem 1. B . 6. Computers use base 8 or base 16 for display purposes.D . 29:2'14 +1. Example. electrical switches.8 .13. | : 2'O + 1. We can use "on" to represent the digit I and "off" to representthe digit 0.28 The Integers stop when we come to a quotient which is zero. we have two possiblestates for each switch. Example. 9 . 14:2'7 +0. T h e l e tters A .T h i s s h o w s h a t ( 1 8 6 4 ) r o : ( 1 1 1 0 1 0 0 1 0 0 0 ) 2 . 3 : 2'l + l.D . 2. we simply take the remaindersof t h e s e i v i s i o n s . We then read up the list of remaindersto find the base b expansion. (This may be done mechanically using magnetic tape. d t Computers represent numbers internally by using a series of "switches" which may be either "on" or "off". 5. We give the following example to show how to convert from hexadecimalnotation to decimal notation. In base 16.) Hence. To convert (A35B0F) 16we write ( e l s n o r ) r e : 1 0 . usually denoted by 0 . or by other means. 466:2'233 +0 233-2'116+1. 1 1 6: 2 ' 5 8 + 0 .Ea n d F . 3.8.7 to and l5 (written used to representthe digits that correspond 10.. .C . 7 : 2'3 + 1.11. notation there are l6 digits.14 in decimal notation). To find the base 2 expansionof 1864.. or hexadecimal. 58:2'29 +0.E . and F are . This is why computers use binary expansionsto representintegers internally.A. 4. we use the division algorithm successively: 1 8 6 4: 2 .C . 1 6 s + 3 ' 1 6 4 5 ' 1 6 3 l l ' r c z + 0 ' 1 6+ 1 5 + + : ( t o7o5 679)rc.12. 932:2'466 +0. 9 3 2 + 0 . To obtain the base 2 expansionof 1984.1. 1110. To convert from binary to hex.0 from decimal to binary notation. We break this into blocks of four starting from the right. The blocks are. Convert (6tOS)t from base 7 to decimal notation. we obtain GOng)ru.from binary to decimal notation and (tgg+). a c h h e x d i g i t i s c o n v e rt edto a bl ock of four bi nary E digits (the initial zeros in the initial block (OOIO)2 corresponding the digit to (2) rc are omitted).an d 0 0 1 1 (w e a d d th e i n i ti a l z eros). Example.3 Problems l. 2. We can write each hex digit as a block of four binary digits according to the given in T a b l e l . . correspondence Hex Digit Binary Digits 0000 0001 0010 l 001 0100 0101 0110 0l l1 Hex Digit 8 9 A B C D E F Binary Digits r000 1001 1010 1011 l 100 I l0l 1110 llll 0 I 2 3 4 5 6 7 Table1. 1101. Transl ati ngeach bl ock to hex. An example of conversionfrom hex to binary is (zFBrrc: (tOt t 1110110011)2 .1. Conversion from hex digits to blocksof binarydigits. l . Convert (1999)1sfrom decimal to base 7 notation. 1 0 0 1. from right to left. We note that a conversionbetween two different basesis as easy as binary hex conversion.wheneverone of the basesis a power of the other. Convert (tOtOOtOOO).3 Representationsof Integers 29 A simple conversionis possible between binary and hexadecimal notation.1. 1. consider(t t t tOl I I101001)2. b) c) Find the decimal representation (tOtOOt)-2 and OZOTD-r. 1 2 .. . w h e n t h e w e i g h t sm a y b e p l a c e di n either pan.3k-t* *efiles where €i : -1. binary. 3 . expansion b^ n"l of r0.. when all the weights are placed in one pan../:0. and from base 9 to base 3 notation.at a6)6. : (aj-r. Explain how to convert from base r to base rn notation. ( a * a * . . 14. a) Show that if D is a negative integer less than -1... < lb I for . 6 ./ : 0. a p s ) 6 .apo)t.])::'::.aps)6. * * a1b oo..-1..2ft-1. Explain how to convert from base 3 to base 9 notation. n : (apa1. c o n v e r t ( 1 0 0 0 1 II l 0 l 0 l ) 2 a n d ( l I 1 0 1 0 0 1 1 1 0 ) 2r o m b i n a r y t o h e x a d e c i m a l .2.-1.1.a)6 and. I 0 and O <a... . Show that any weight not exceeding 2k-l may be measured using weights of 1. of 7 .-17. or I for . and 61.2. @nrecnD)to. .just as we do for positivebases. when r ) I and n are positive integers. This expansion is called a Use problem 8 to show that any weight not exceeding$k -t) /Z may be m e a s u r e du s i n g w e i g h t so f 1 . Show that if r: what is the base b 1 3 .. and (9A08)rc from hexadecimal to 5 .-r. then every integer n can be uniquer'. If the base b expansion of n is n : (apa1. of Find the base-2 representations the decimal numbers-7.. 8 . respectively. and from base rn notation to base r notation. 3 ' . k.22. convert (ABCDEF)rc. We write where a1. separatedby commas. A Cantor expansion of a positive integer n is a sum fl:ommt * a^a(m-l)! + * a 2 2 l* a 1 l ! . 9.' . . Explain why we really are using base 1000 notation when we break large decimal integers into blocks of three digits. f 4 ..0. .. t h e n t h e q u o t i e n t a n d r e m a i n d e rw h e n n i s divided by bi are q : (apa1..30 The Integers 3 . balanced ternary expansion..:.k.1 .1 .1 . ll. .. Show that every integer can be uniquely representedin the form ep3k*ep-. 3 f t ....2.

Show that if a is a positive integer with a four-digit decimal expansionwith not all digits the same. 8731 a) b) Show that the only integer with a four-digit decimal expansion with not all d i g i t s t h e s a m es u c h t h a t T ( a ) : a i s a : 6 1 7 4 . An example is the position where there are two piles each containing one match. .( 2 3 1 8 ) 1378 : 7358. 4.. F o r i n s t a n c ef. then the sequence a. a) Show that the position where there are two piles.a " .3 Representationsof Integers 3t where each ai is an integer with 0 ( a. and 7 give 0ll llt 100 where each column has exactly two ones). T (d. write the number of matches in each pile in binary notation. Let a' be the integer with a decimal expansion obtained by writing the digits of a in descending order. T'QQ(a))). the first player can continue to play in a way that will win the gom€. becausethe second player must remove a match leaving the first player the opportunity to win by removing the last match. 15. The players take turns. 6174 is called Kaprekar's constant. with the player removing the last match winning the game. < i .. obtained by iterating T. Show that every positive integer has a unique Cantor expansion. For each arrangement of matches into piles. A move consistsof a player removing one or more matches from one of the piles. is a winning position. Show that a position is a winning one if and only if the number of ones in each column is even (Example: Three piles of 3. b) 16. no matter what the second player does. and then line up the digits of these numbers into columns (adding initial zeroes if necessaryto some of the numbers). The Chinese game of nim is played as follows. this is a winning position. 56. Define T ( a ) : a ' . each with two matches. and 384. Let a be an integer with a four-digit decimal expansion.1.. Becauseof this property.with not all digits the same.. eventually reaches the integer 6174. each containing an arbitrary number of matches at the start of the game. There are a number of piles of matches. A winning position is an arrangement of matches in piles so that if a player can move to this position. then. a) b) of Find Cantor expansions 14. and let a" be the integer with a decimal expansion obtained by writing the digits of a in ascending order. f (f G)) .

Find the binary expansion of an integer from the decimal expansion of this integer and vice versa. a where a is a positive integer. Let b be a positive integer and let a be an integer with a four-digit base b expansion. .32 The Integers 17. Play a winning strategy in the game of nim (see problem l5). Find the base (-2) notation of an integer from its decimal notation (see problem 6)..3 Computer Projects Write programs to do the following: l. to discoverhow many iterations are neededto reach 6174.. T ( a ) . Convert from base 61 notation to base b2 notation. 7. and let d " is the integer with base 6 expansion obtained by writing the base b digits of a in ascendingorder. whenever a is an integer which a four-digit base 5 expansionwith not all digits the same. r(rOQ))). with not all digits the same. Show that no Kaprekar constant exists for the base 6. T(Tfu)). e v e n t u a l l y e a c h e s r 40. 8. r ( f b ) ) . Find the unique integer a6 with a four-digit base 5 expansion such that TsGl : ao.a". where a'is the integer with base D expansion obtained by writing the base 6 digits of a in descending order. Find the sequence .. 2. Convert from binary notation to hexadecimal notation and vice versa. 9. 5. a . 4. . definedin problem 16. . Find the Kaprekar constant to the base b. where D1 and b2are arbitrary positive integers greater than one. Define TtG) : a'. 6. . Find the Cantor expansionof an integer from its decimal expansion (see problem 14). Let b be a positive integer. T(a). il Let b : 5. b) 1. Show that this integer aq is a Kaprekar constant for t h e b a s e5 . . e . 3. when it exists (see problem 17). i . Find the balanced ternary expansion of an integer from its decimal expansion (see problem 8). f ( f Q ( a ) ) ) .

although sometimesthe word size is a power of 10. br b o )r. and for multiple precision arithmetic with integers larger than the word size w. such as 235. if the word size words we can store integers as large u. subtraction. We will describe algorithms for performing addition.. When we add a and b. For instance. r t : 5 G i + b 1 ) r i . The algorithms described are used both for binary arithmetic with integers less than the word size of a computer. or binary digits. These methodsare examplesof algorithms. An algorithm is a specified set of rules for obtaining a desired Definition. We first discuss the algorithm for addition. To do arithmetic with integers larger than the word size.4 Computer Operationswith Integers We have mentioned that computers internally representnumbers using bits. result from a set of input. using lr as the base. since integers less than 2350 have no more than ten digits in their base 235expansions. there are integers Cs and ss such that .of 1. Computers have a built-in limit on the size of integers that can be used in machine arithmetic. We will describe the classical methods for performing the basic arithmetic operations with integers in base r notation where r ) | is an integer.3 Representations Integers 33 1.w h e re i n i ti a l d i g i ts o f z e ro are added i f necessary make both expansionsthe same length. j-o j-0 j:o To find the base r expansion of the a * b. and for each digit of this_ is 23s. first note that by the division algorithm. which we denote by w. we obtain the sum a I b : 5 a i r t+ ' i u . To store an integer n ) l4/. multiplication of to b : (bn. and and two n-digit integers a : (an4on-z. Also note that to find the base 235expansionof an integer. 23s0-1. The word size is usually a power of 2. we expansionwe use one expressn in base w notation. . ..egi. This upper limit is called the word size. The first step in discussing computer arithmetic with large integers is to describehow the basic arithmetic operationsare methodically performed.z . we need only group together blocks of 35 bits. using ten computer computer word.1br . it is necessaryto devote more than one word to each integer.

b)ri .T o a d d ( 1 1 0 1 ) 2 n d ( l 0 l l ) 2 w e w r i t e a II 1l0l +1001 10110 where we have indicated carries by I's in italics written above the appropriate column.I b y .bo: 86r * dg.1. Next. j-o airi -'i j-0 u.rt: 5 Gi . ai * b. and since as and bs are positive integers less than r.. f o r 1 ( i ( n . we find that there are integersc1 and s1 such that ar * br t Co: C{ t rr. 0 ( do ( r. Note that by the division algorithm. E x a m p l e . F i n a l l y . 0 ( s. we know that 0 ( ao * bo( 2 r . w e l e t s r: C n ...and 1+ l:1.h ere c6 i s the cany to the next place. we can use the same familiar technique as is used in decimal addition. ( r. We now turn our attention to subtraction.0 ( so 1 r. When performing base r addition by hand.2 *0.2 . : 0 or 1 . si nce the sum of tw o i ntegers with n digits has n * I digits when there is a carry in the n th place.34 The Integers ao* bs: Csr * r0. I +0f 0: O'2+ l. * Ci-r: Crr trr. We consider a .0 ( s1 ( r. .ss)7 t fo . l. we know that Cr:0or i n d u c t i v e l y . Since0 ( art br * Co ( 2r . there are integers ^Bsand ds such that os. j-0 where we assumethat a ) b. w e f i n d i n t e g e r s Ca n d s . We found the binary digits of the sum by noting that I * I : l'2+ 0. Because as and bo are positive integers not exceeding r.0+0+ 1:0'2 * 1.b :'.J1. proceeding wit h C. s o th a t c o :0 o r l . We co nc lude hat t he b a s er e x p a n s i o n r th e s u m i s a * b: (srsn_. we have .

4 Computer Operationswith Integers 35 -(r-l)<as-bo(r-1. 8 6 : 0 .btf Bi-r : Bir t di. w e h a v e . W h e n a o .1. ..1 . To multiply (on-r.b : (dnadn-2. we need only shift the expansion left m places. O t h e r w i s ew h e n a s . w e h a v e .obtaining (10110100000)2.r ( a r proceedinductively to find integers B. We seethat Bn4: 0.. and 1-l: 0-l:-1'2+1. . : 0 o r . From this equation. 0'2+0. we use the same familiar technique as is used in decimal subtraction. When performing base r subtraction by hand. a n d B t : .br * B o (r-l.2.. appending the expansionwith m zero digits.l o t h e r w i s e . w e h a v e -t llotl -10110 101 where the -l in italics above a column indicates a borrow. such that ai . since ) b. To multiply (tOtt01)2 by 2s. Bo: We use the division algorithm again to find integersB1 and d1 such that a1-bt+ Bo: B{ * dr. 0'2+ 0.s i n c e .We > 0 .d1ds). We found the binary digits of the difference by noting that 1 . f o r I < t < n . that We can conclude a . l-0-l: 1-l:0'2*0.1.aps)7 by r^ .b o ) 0 . we see that the borrow B r : 0 as l o n g a s a 1 . 0 ( di 1 r a w i t h B . Example.. To subtract ( t o t t o ) 2f r o m ( t t o t l ) 2 .. 0 < d1 1 r. we describe shifting.b t + B o .Bo is the borrow from the next place of the baser expansionof a. Example.b o 1 0 . Before discussing multiplication. and d.0 : 0'2 * l.. we shift the digits to the left five placesand appendthe expansion with five zeros.

( n-t To perform a multiplication of two n-place integers we write ab:al>biril:)Gb)ri. Ex am ple. w e fi rst note that oob:Qor*po. -< r have pn: Qn_r.ori . . T o m u l ti p l y (an_1. s i n c e0 ( a o b ( aft+Qo:Qf and 0 ( qt ( r-1 . a nd 0 ( qo ( r . : (p n p n -r.o ) r g . then shift to the left 7 places. l i -r ) i -o For each -/. by (i l . and then we added the appropriate integers to find our product.. .36 The Integers To deal with multiplication. w e have *pr.0(ps(r. we (o r .l . In g e n e ra l . o)... 0 ( p.0(pt1t. shifting each time by the appropriate number of places.p .1. T o m u l ti p l y (l l 0 l )2 a n d (t t tO )2 w e w ri te ll0l x1110 ) n-t 0000 I l0l 1l0l l10l l0ll01l 0 Note that we first multiplied (1101)2 by each digit of (t t 10)t. e h a v e w a. we first discussthe multiplication of an n-place i n t eger by a on e -d i g i t i n te g e r... and finally add all of the n integers we have obtained to find the product. Furthermore... N ext.we use the familiar method of multiplying decimal integers by hand. ( b ) .. This yields and 0 ( gr ( r . When multiplying two integers with base r expansions. (r-1 )2 .1. a .b * 7i-r: Qir I pi. . we first multiply a by the digit b.

t " ' .but also it is less than brn-t. [r-o To determine the first digit Qrq of q.n .) . and then qn-1is one less than the number of subtractions. . a .'l Qn-r: la/brn-rl' We can obtain Qn-r by successively subtracting br"-l from a until a negative result is obtained. then we have 1 If the base r expansionof q is q : a-b l> ( n-r eiril +R. .1. B y mathematical induction. To find the other digits of q. we show that (r. this is clearly correct. Q4 o. ..4 Computer Operations with Integers 31 We now discuss integer division. | > lj-0 ) For i : 0. . 0 ( This tells us that t-"r f 4v n n { . . We wish to find the quotient q in the division algorithm a:bq + R.2 .we know that a . 0 < R < b.r Q n .bqn-trn-i f o r i : 1 . since R0 : a : qb + R. . -tn.s) Ri: (n -i -t I qirtlb+R. Now assumethat .0<R <b. we define the sequenceof partial remainders Ri by Ro: a and Ri:Ri-r . ( Q n .bqn-(n-l < brn-t. (L O: Tt.bqn-1vn-t U-o ) The right-hand side of this equation is not only positive. j-0 Therefore. 2 . notice that : uf'i qjri)+ R. since 2 qiri g rn-l-l.

We will be interested in discussinghow long it takes a computer to perform calculations. : I U l.l F r o m ( t . subtraction. n-i -l i-0 fn-(k+r)-r > Ij-0) qi"lb+R' .i b . This is how we find the digits of q. or multiplication of two binary digits. When we describethe number of bit operations needed to perform an algorithm. S ) . .38 The Integers Rft: Then Rt+r : Rft . we are describing the computational complexity of this algorithm. 5 ) . . or the shifting of a binary integer one place. . We find that ql:0.T o d i v i d e( t t t O l ) 2 b y ( t t t ) 2 .f l . o n c e fro m (t t tO t)z to obtai n (l )2.bqn-*-rrn-k-l 'l (n-k-t . We will measure the amount of time needed in terms of bit operations. is one lessthan the number of subtractions. we see that the digit qn-i is given by lRi-r/brn-il and can be obtained by successively subtracting brn-t from Ri-1 until a negative result is obtained. w e s e e t h a t 0 ( R i < r n . and once more to o b t a i na n e g a t i v ee s u l t s o t h a t Q 2 : l . 2 . (1)2. .r-o qirilb+R-bqn-*-rvn-k-l ) :| (g e s t a b l i s h i n1 .2 ( 1 l l ) 2 i s l e s st h a n z e r o . s i n c eR 1 . By a bit operation we mean the addition. N o w R l : ( t t t O l ) t . s i n c e O ( Ri < rn-tb.a n d l i k e w i s e Henc e t h e q u o ti e n to f th e d i v i s i o ni s (1 00)2and the remai nderi s (l )2 Qz : 0. In describing the number of bit operations needed to perforrn calculations we will use big-O notation. the division of a two-bit integer by one-bit.and then qn-. E x a m p l e . w e l e t q : ( q r q r q i r . . f o r i : 1 . .( t t t 0 0 ) t : r . W e s u b t r a c t Z2( t t l) z : ( t t t O O).

say a : (a2n4a2n_2. b f t iW e w r i t e a : 2 n A t f 4 6 a n d b : 2 n B r t B s . 6 b .while to multiply two n-bit integers in the conventionalway takes OGz) bit operations(see problems 16 and 17 at the end of this section). P r o p o s i t i o n7 . then there are constantsK1 and K2 su ch t hat .x) ( Krsr G) K2s2G) : (KrK2)kt?)g2(x)). Proposition 1.eflo)z and 2. If / is OQ) and c is a positiveconstant. y' is all x under consideration. Hence cf G) < GK)gG).l f f t i s O ( g r ) a n d f 2 i s O k z ) . then there is a constantK such that f G) < Kg(x) for Therefore. Hencef r + -f zis Ok. 2 n .. Proof . defined for all x in a set S. If / is Ok). ( K Q s ) . s o th at -f r + . Proof . so th at " f f z is 0( 96 ). Also -f tk)f z(. If / is OQr) and f2 is Okz).f z i s O Q f t g 2 ) " andfJzisoQe).f zi s Ok).7 tells us that But if "f t + f z is O QS).with Integers Operations 1. there are faster algorithms for multiplying large integers. where K is the maximum of K1 and K2. I f / 1 a n d f 2 a re O G). b : ( b 2 . Surprisingly. we first consider the multiplication of two 2n-bit integers. . n 1. t h e n f t + . Proof . If f and g are functions taking positive values. t h e nf t + ( (z x )g .< 1 g 1 (x ) a n d " f z (x ) 1 K2g2(x) for al l x under consideration. 2.4 Computer 39 Definition.f . tr C o rollar y 1.then cf is Ok). oQ).2 . a + f t "fz " fz Using the big-O notation we can see that to add or subtract two r-bit integers takes Ofu) bit operations.. Proposition 1. ( *) < . . then we say f is OQ) if there is a positive constant K such that f G) < K g( x ) f or a l l x i n th e s e t S . w h e r e -l . To develop one such algorithm.6. th e n -f r + -f zi s Ok). Hence f 1G) +f2G) ( Krsr(x) + x2g2k) ( Kkr(x) + sz?)) + gz).

using mathematical induction. us ing ( 1. that (1. where C is a constant. We will use the identity (t. Theorem 1.. A t : ( a 2 r . If we let M(n) denote the number of bit operations needed to multiply two n -bit integers. . .1 a 2 n * 2 . Multiplication of two n-bit integers can be performed using O(nto9'3) bit operations.2 k).Z)). and AsBs).Z). we can prove the following theorem.n r ) + (2.0). we have MQ) ( c(3t -2t) : c. w e h a v e M (z k + t) ( ( ( ( 3 u (z k ) 3c (lt c a k + t_ c ( 3 f t + l+ czk 2k) + c2k c . (Note: log23 is approximately 1. b n + t Ao: . requires that we perform three mu lt iplic at ions o f n -b i t i n te g e rs (n a me l y A r B r (A . To find the product of a and 6 using (t. since each of the three multiplications of n -bit integers takes M (n) bit operations.40 The Integers .. + 2 . 3 .8) is valid for all positive integers ft.8) a(zk) ( c(3k -2k). This establishes Using inequality (t.0) t t r at (r. To carry out the induction argument.we assumethat MQk) Then. ) A r B r r 2 n( A r A i ( a o .A d(B oB r). sincec is the maximum of M(2) and C.1 a n .+l)AoB0. where c is the maximum of the quantities M Q) and C (the constant in (t. .z . . As the induction hypothesis. a p g ) 2B t : ( b 2 n .while the number of additions and shifts neededto compute a'b via (t.brbiz. and B0 : (br-t bn-z. and each of these operations takes O (n) bit operations. From (t.e) a b : ( 2 2 . 7). a 1 7 1 1 e 1 7 ) 2 ( a n . . ( c (3 ft . .f t 2 r .585. br)2.4. we find from (t. 2 k* c 2 k zk+t). . as well as a number of additions and shifts. we can show that (1. which is .2 .8).z) M (2n) < ru h) + Cn.0) does not depend on n. we first note that with k: l.

using O(M Q)) bit operations.5.'ot"). Although we know that M h) : O (n log2n log2log2n).) Proof . Since log2n and log2log2nare much smaller than n' for large numbers n. < . which is approximately0. in Theorem 1.3 l o sr. where M fu) is the number of bit operationsneededto multiply two n-bit integers.8) we have M h) : M (ztos'n)( lzlttloerl+t.l. rn (since 3lo8'n: . when the 2n-bit integer a is divided by the integer b having no more than n bits. Given a positive number e ) 0. two pertinent theorems. Theorem 1. Note that Theorem 1.rl l o g I ( 3 c . There is an algorithm to find the quotient q:Ia/bl. We state the following theorem. However. There is an algorithm to multiply two n-bit integers using O(n log2n log2log2n)bit operations. Theorem 1. The conventionalalgorithm described above performs a division of a 2n-bit integer by an n-bit integer with O(n2) bit operations. Hence.4 Computer 4l considerably less than the exponent 2 that occurs in the estimate of the number of bit operations needed for the conventional multiplication algorithm. (3ttot'nl+t_rltoe'nl+t. Theorem 1. without proof.5 with e : log23. which is basedon an algorithm which is discussed Knuth 1561. Mh) : glnroe'3l. for simplicity we will use the obvious fact that M fu) : O (n2) in our subsequent discussions. tr We now state.585. there is an algorithm for multiplication of two n-bit integersusing O(nr+') bit operations. Proofs may be found in Knuth [50] or Kronsjii tSgl.with Integers Operations 1.6.5.4 is a specialcaseof Theorem 1.6 is an improvement over Theorem 1. the number of bit operations needed for integer division can be related to the number of bit operations needed for integer multiplication. From (t. :3rnto93 ( 3 c .7. .

Estimate the number of bit operationsneededto find l+2+ il b) by performing all the additions. Give an algorithm for adding and an algorithm for subtracting Cantor expansions (see problem l4 of Section 1. F i n d t h e q u o t i e n ta n d r e m a i n d e rw h e n ( t t o t o o n l ) 2 i s d i v i d e db y ( 1 1 0 1 ) 2 . show that with n-bit integers these operationsrequire O h) bit operations. 5.4 Problems l. subtract. 4. 3. then c. I n: nh+l)/2. A d d ( A B A B ) 1 6a n d ( B A B A ) r c . 18. Show that if f is O(g). Find the quotient and remainder when Gneono). is divided by (enn.u Explain how to add. 7.n)ru. 2 . 17. Multiply (t t rOr).zf z is O(g1 * g).and c1 and c2 are constants. Subtract (CAFE)16 from (rnno)ru.3). Multiply (FACE) 16and (BAD)rc. notation 10. and (l10001)2. Analyzing the algorithms for subtraction and addition.) 15. Add (l0llll0ll)2 and(ttootll0ll)2. and multiply the integers 18235187and 22135674 on a computer with word size 1000. 12. Show that if f 1 and f 2 are O(St) and O(g2). Show that a function f is O(log2n) if and only if f is O(log. 13. 11. 9. 6. and multiplying and * n . by using the identity l+2* shifting. Write algorithms for the basic operations with integers in base (-2) (see problem 6 of Section 1. 16.42 The Integers 1. S u b t r a c t( t o t t l 0 l 0 l ) 2 f r o m ( 1 1 0 1 1 0 1 1 0 0 ) 2 .f1 * . 14. Show that the base b expansionof a positive integer n has llog6nl+t digits.n) wheneverr ) (Hint: Recall that logon/log6n: logo6. then fr it OQk) for all positiveintegersk. l. respectively. 8.3). Show that to multiply an n-bit and an m-bit integer in the conventional manner requires OQm) bit operations.

plus shifts and additions. Complete the multiplication using only nine multiplications of one-digit integers.o. and shifts and additions.o.ly from Show it is possible to multiply two 2x2 matrices using only seven multiplications of integers by using the identity lo. il Show that n3 multiplications of integers are used to find AB its definition.. and then using part (a) again. 22...a 2 ) ( b n - bp* b2).a z t ) ( b r r .4 Computer Operations with Integers 43 19.c t 2 r .1. il b) c) Show there is an identity analogousto (1.b .( a t t . Using part (a). multiply 73 and 87 performing only three multiplications of one-digit integers. with entries aii and bii for I ( i ( n. b) ["1 |. lf A and B are nxn I ( f ( n.| 20. Using an inductive argument.. and splitting 2nx2n matrices into four nxn matrices. plus shifts and additions.b ' . Give an estimate for the number of bit operationsneededto find a) n'.) l"r r b r r* I I lx anbzt * . . .) | a22(b-bzr-b e*b22) r where : x c) a r r b r . D'tl lr. t. plus shifts and additions.) lazr o. reduce each of the multiplications of two-digit integers into three multiplications of one-digit integers.b r+ ) I ( a 2 1* a 2 ) ( b r z . is the nxn matrix with entries cii : 2 ai*b*j. Using part (a). then AB matrices.. b) dir:. reduce the multiplication of 4216 and 2733 to three multiplications of two-digit integers.a 2 1 ..6) for decimal expansions. x I ( a 2 1 a 2 2 ) ( b n . +)l ( a r r l a 1 2 . show that it is possibleto multiply two 2k x2k matrices using only 7ft multiplications.. and less than 7ft+r additions.a 2 2 )b 2 2 | * (as-a2)(bzz-bn) - r x * ( a n . Give an estimate of the number of bit operations needed to find the binary expansionof an integer from its decimal expansion' 21.rf lb.

ap0)zn ll and * ends with the digits Bl2 and 0 when B is even..apJro with final digit ao:5 is to find the decimal expansionof the product (anan-1. and 4 eggs are removed from a total of l l gross and 3 dozen eggs. Multiply two arbitrarily laige integers using the identity (1. A dozen equals 12 and a gross equals 122.6). or duodecimal. Perform subtraction with arbitrarily large integers.a)rcl(anan-r.. how many eggs were delivered? If I I gross.. where c is a constant. and the digits G-l)12 and.. where I is a positive integer. 7 dozen. A well-known rule used to find the square of an integer with decimal expansion (an-1. how many eggs are in each group? b) c) 24.. we see that the decimal expansion of (tOS)2 begins with 16'17 :272. 3. so that (165)2 :27225. in . finding the quotient and remainder. 2. il If 3 gross. 23.. Perform addition with arbitrarily large integers.. 5.afl0)z.ar)ro ll and append this with the digits * (25)ro. how many eggs are left? If 5 truckloads of 2 gross.. In this problem. Using base 12. Show that the base 28 expansion of the integer (ana. Multiply two n xn matrices using the algorithm discussed problem 22. and 7 eggs each are delivered to the supermarket..44 The Integers d) Conclude from part (c) that two nxn matrices can be multiplied using O(nt"c7) bit operations when all entries of the matrices have less than c bits.. For instance. 1. I 0 dozen and 6 eggs are divided in 3 groups of equal size. 3 dozen. 6.-1. we generalizethe rule given in problem 24 to find the squaresof integers with final base 28 digit 8..aflo)zn l(anan-1. arithmetic answer the following questions.B when I is odd.astarts with the digits of the base 28 expansionof the integer (anana.4 Computer Projects Write programs to do the following: l.. 4. 25. Show that the rule just describedis valid. Divide arbitrarily large integers. Multiply two arbitrarily large integers using the conventionalalgorithm.

We start by showing that there are infinitely many primes. Definition.1 l l : 3 ' 3 7 . Later. 3 3 : 3 ' 1 1 . By Proposition 1. Hence. The following lemma is needed. and which is not equal to l.1. Since n has no prime divisors and n divides n. Lemma 1. There are infinitely many primes.8:4'2. becauseit is divisible by I and by itself. and 163 are primes. so that n must have a prime divisor. Every positive integer greater than one has a prime divisor.101 Definition. we will show that every positive integer can be written uniquely as the product of primes. A prime is a positive integer greater than I that is divisible by no positive integers other than I and itself. The integers2.13. a must have a prime divisor. . Theorem 1. we briefly discuss the distribution of primes and mention some conjecturesabout primes. they are called primes.5 Prime Numbers 45 1. We can conclude that every positive integer has at least one prime divisor. any divisor of a is also a divisor of n. l 0 0 l : 7' ll' 13 ar e co m p o s i te . Example.5 Prime Numbers The positive integer I has just one positive divisor. Becausea 1 n.3. is called composite. we see that n is not prime.3. since the set of positive integers with no prime divisors is non-empty. The integers 4:2'2.1. Integers with exactly two positive divisors are of great importance in number theory. Here.5.8. Then. Every other positive integer has at least two positive divisors. contradicting the fact that n has no prime divisors. We prove the lemma by contradiction. tr We now show that the number of primes is infinite. Proof . we can write n:ab with I 1 a 1 n and | < b 1 n. we assume that there is a positive integer having no prime divisors. the well-ordering property tells us that there is a least positive integer n with no prime divisors. a n d The primes are the building blocks of the integers. A positive integer which is not prime. Example.

Since we have found u priJ. which is impossible.3. and 7. we must have a 4 r/i./i .2 by finding all primes less than 100. then n has a prime factor not exceeding. Q. where a and b are ( D < n. it would follow that Qn I n!. and then. ntt remaining integers (other than l) must be prime. We first cross out. all multiples of 2.l. by Lemma I. Thedrem 1. and using.1.46 The Integers Proof . we can find out whether n is prime.9. If n is a composite integer. we can write n : ab. Proof . D We can use Theorem 1. must be larger than n. Lemma 1. Next we cross out with a slash / those integers remaining that are multiples of 3./i prime divisor. all multiples of 7 that are left are crossedout. We will be concerned throughout this book with the problem of determining whether a given integer is prime.!.3 is also a divisor of a and which is clearly less than or equal to . Now. q. | (er-rr) : l. tells us that Q. extremely large primes. since otherwise integers with | 1a : n. below by a backslash\. has at least one prime divisor. for every positive integer n. Finally. a must have a b 7 a > . we only need to check each integer less than 100 for divisibility by these primes. . by Propositionl. Thus.''lur*r. which we denote by gr.4.. We first deal with this question by showing that by trial divisions of n by primes not exceeding the square root of n. Since n is composite. and ab > '/i. We illustrate its use in Figure 1./. Consider the integer Qn: nt t l. Later on we will be interested in finding. n 2 l. ( n. below with a vertical slash l. tr r. below by a horizontal slash -. This procedure is called the steve of Eratosthenes.. We first note that every composite integer less than 100 must have a prime factor less than J00-: 10.1n. which by Proposition 1. Since the only primes lessthan l0 are 2. tt* there must be infinitely many primes. Then all multiples of 5 that remain are crossedout. for if 4.9 to find all the primes less than or equal to a given positive integer n.

it is necessary check n for divisibility by all primes not exceeding to G. In th e language lim i ts . We now state the prime number theorem.w e h a v e l i m z r(x )/+ : of .5 Prime Numbers 41 t23+ ++ ll 2{-*23+g-. The ratio of zr'(x) to x/log x approaches one as x grows without bound. the produces primes lessthan or equal to Although the sieveof Eratosthenes all a fixed integer. The Prime Number Theorem. we introducesomenotation.y -8€++ +OF of Figure1. to determine whether a particular integer n is prime in this manner. denotesthe number of primes not exceeding x. (Here log x denotesthe natural logarithm of x. is the prime number theorem which answersthis question. IOBX l ).+ y{ 83 t. This is quite inefficient. Example. The function r(x). Finding Primes Less Than 100Usingthe Sieve Eratosthenes. To state this theorem.2./-1€+#17+h19+ +/*2e-3o+S37 3? 2{ 59 t{ {'F 1? +G <G 47 .yr 67 I +F -5S+h + {o-6F 1+ >{+*s3*r4*tr# 61 7t+73. and of all mathematics. where x is a positivereal number. . seethat we 2 o ( t O ) : 4 a n d z r ( t O O:) 5 . We know that there are infinitely many primes. but can we estimate how many primes there are less than a positivereal number x't One of the most famous theorems of number theory. Definition. 3l+2Ii+ 4r+43 5 13 l+- yr X 1+ \ . From our exampleillustrating the sieveof Eratosthenes.later on we will have better methodsfor deciding whetheror not an integeris prime.1.{ \ \ +7+.> 't{= r \ \ tlt I +> 2< + -7G -8fi 9t T "Yr 9j -?& +h -9t- 7e 89 .

48

The Integers

The prime number theorem was conjectured by Gauss in 1793, but it was not proved until 1896, when a French mathematician J. Hadamard and a Belgian mathematician C. J. de la Vall6e-Poussin produced independent proofs. We will not prove the prime number theorem here; the varioui proofs known are either quite complicated or rely on advanced mathematics. In Table I .l we give some numerical evidence to indicate the validitv of the theorem.

x

rG)

x /log x

oG)/*

log x

ti G)

r(x) /ti G)

103 104 105 106 107 108 l0e l0l0 l 0 rI

168 1 4 4 .8 t229 1085.7 9592 8 6 8 5 .9 78498 72382.4 664579 620420.7 5761455 5428681.0 50847534 48254942.4 455052512 43429448r.9 4 r 1 8 0 5 4 8 1 3 39481 31663.7 l 0 l 2 3760791201836191206825.3 t 0 l 3 3460655 3 5 8 9t34072678387.r 8

1.160 1 7 8 0.9438202 -r 1.132 1246 0.9863563 l.104 9630 0.9960540 1.085 78628 0.9983466 1.071 664918 0.9998944 1.061 5762209 0.9998691 1.054 5084923s 0.9999665 1 .048 4 5 5 0 5 5 6 1 0.9999932 4 1 .043 4 1 1 8 1 6 5 4 0 1 0.999973r r.039 3760795028r 0.9999990 1 . 0 3 6 34606564s8 10 0.9999997

Tablel.l. Approximations rG). to The prime number theorem tells us that x /log x is a good approximation to rG) when x is large. It has been shown that an even better approximation is given by

x'A"x

ld'i,{-/d X/V614 =1 )':*4{ - L I'

ti G)

:T O,
", log I

(whe-- T d, -^^-, ," J, represents areaunderthe curve : lfiog t, and above the y "* the r-axis from t :2 to / : x). In Table l.l, one seesevidencethat /i(x) is
an excellent approximation of zr(x).

I'^ frtaft.1', v r ylr

nd
3

-

r l'^- -L- =O \J
x4G ltlx

49

We can now estimate the number of bit operations neededto show that an ',,6-. The integer n is prime by trial divisionsof n by ail primes not exceeding there are approximately prime number theorem tells us that ',/n fioeJ; : 2-/i /log n primes not exceeding-6. To divide n by an integer m takes O(log2n.log2m) Uit operations. Therefore, the number of bit operations needed to show that n is prime by this method is at least log2n) - r,/i (where we have ignored thelog2m term since it Q,/i/togilG is at least l, even though it sometimesis as large as (log2n)/D . This method of showing that an integer n is prime is very inefficient, for not only is it to to necessary know all the primes not larger than ..li, but it is also necessary ,/i bit operations. Later on we will have do at least a constant multiple of more efficient methods of showing that an integer is prime. We remark here that it is not necessaryto find all primes not exceedingx in order to compute zr(x). One way that zr(x) can be evaluated without finding all the primes less then x is to use a counting argument based on the sieve of Eratosthenes (see problem l3). (Recently, very efficient ways of finding r(x) using O (x3/s+c)bit operationshave been devisedby Lagarias and Odlyzko t6ql.) We have shown that there are infinitely many primes and we have discussed the abundance of primes below a given bound x, but we have yet to discuss how regularly primes are distributed throughout the positive integers. We first give a result that shows that there are arbitrarily long runs of integers containingno primes. Proposition 1.8. For any positive integer n, there are at least n consecutive compositepositive integers. Proof. Consider the n consecutivepositive integers h + l ) ! + 2 , ( n + 1 ) ! + 3 , . . . , h+ l ) ! + n t l . *l,weknowthatTl(n + l ) ! . B y P r o p o s i t i o1 . 4 , i t When 2< j(n n follows that 7 | (, + t)! +;. Hence, these n consecutiveintegers are all composite. tr Example. The seven consecutiveintegers beginning with 8! + 2 : 40322 are all composite. (However, these are much larger than the smallest seven consecutive composites, 91, 92, 93, 94, 95, and 96.) 90,

50

The Integers

Proposition1.8 showsthat the gap betweenconsecutive primes is arbitrarily long. On the other hand, primes may often be close iogether. The only consecutive primes are 2 and 3, because2 is the only even prime. Howevei, many pairs of primes differ by two; these pairs of pri-., are called twin pr im es . E x a m p l e sa re th e p ri m e s 5 a n d 7,l l and 13, l 0l and 103, and 4967 and 4969. A famous unsettled conjecture assertsthat there are infinitelv many twin primes. There are a multitude of conjecturesconcerningthe number of primes of various forms. For instance,it is unknown whether there are infinitlly many primes of the form n2 + | where n is a positiveinteger. Questionssuch as this may be easy to state, but are sometimesextremely difficult to resolve. We conclude this section by discussing perhaps the most notorious conjecture about primes. Goldbach's Conjecture. Every even positive integer greater than two can be written as the sum of two primes. This conjecture was stated by Christian Goldbach in a letter to Euler in 1742. It has been verified for all even integersless than a million. One sees by experimentation, the following exampleillustrates,that usually there are as many sums of two primes equal to a particular integer, but a proof that there always is at least one such sum has not yet been found. Example. The integers 10,24, and 100 can be written as the sum of two primes in the following ways:

l0:3+7:5t5, 24:5+lg:7+17:llf13, 100:3+97:ll*gg:17+93 :29*71:41+59:47+53.

1.5 Problems l. Determine whichof the followingintegers primes are
a) b)

l0l 103

c) d)

l07 lll

e)

I 13

f)

tzt.

51

2 . Use the sieveof Eratosthenesto find all primes lessthan 200' 3 . Find atl primes that are the difference of the fourth powers of two integers. 4 . Show that no integer of the form n3 * I is a prime, other than 2: 5 . Show that if a and n are positive integers such that an -l
and n is prime. (Hint: Use the identity ake-l + a k+ l ) . a k Q - D+ are : 13 + l. is prime, then a : 2 (aka-t\ + Qk-D

6 . In this problem, another proof of the infinitude of primes is given. Assume there
integer Form the primes p r,Pz,...,Pn finitely many only ... pn * l. Show that Q h a s a p r i m e f a c t o r n o t i n t h e a b o v el i s t . Q: prpz Conclude that there are infinitely many primes. Let Qn : ptpz " ' pn t l where Pt,Pz, ..., Pn are the n smallest primes. Determine the smallest prime factor of Q^ for n:1,2,3,4,5, and 6. Do you think Q, is prime infinitely often? (tnis is an unresolvedquestion.) 1n. Let Q be the product of a set of z primes in the list and let R be the product of is not divisible by any primes in the the remaining primes. Show that Q + R list, and hence must have a prime factor not in the list. Conclude that there are infinitely many primes. Show that if the smallest prime factor p of the positive integer n exceedsd6 then n/p must be prime or 1. Find the smallest five consecutivecomposite integers. b) Find one million consecutivecompositeintegers. Show that there are no "prime triplets", i.e. primes p, p + 2, and p + 4, other than 3,5, and 7.

7.

8 . L e t p t , p 2 , . . . , p n b e t h e f i r s t n p r i m e sa n d l e t m b e a n i n t e g e rw i t h I 1 m

9.

1 0 . il
I l.

12. Show that every integer greater than 11 is the sum of two compositeintegers. ( 13. Use the principle of inclusion-exclusionproblem 17 of Section 1.1) to show that

-n o(n):(o(.6-)-r) tl*

l-lI . lp,

+l-ll l p ,l )

l*l .l*l . +lrnl
wherept,pz,...,p, are the primeslessthan or equal to ^6 (with r:zr<Jill. (Hint: Let propertyPi,,...,i, the propertythat an integeris divisibleby all of be

52

The Integers

and use problem 23 of Section 1.2.) Pi,,...,pi,, 14. Use problem l3 to find zr(250). 15' il show that the polynomial x2 x * 4l is prime for all integers x with 0 ( I < 40. Show, however,that it is composite for x : 4i. b) Show that if f (x) : onxn + an-,x;-t + * a1x r as where the coefficientsare integers, then there is an integer y such that f(y) is composite. (Hint: Assume that is prim., unJsho* p divides (x+kfl f(x) :p for ail f integers ft ' conclude from the faci that a polynomial of degree z takes on each value at most n times, that there is an integer y suctr that f(y) is composite.) 16' The lucky numbers are generated by the following sieving process. Start with the positive integers. Begin the process by crossing out every second integer in the list' starting your count with the integer t. other than I the smallestinteger left is 3, so we continue by crossing out every third integer left, starting the count with the integer l. The next integer left is 7, so we cross out every seventh integer left. Continue this process,where at each stage we cross out every kth integer left where & is the smallest integer left other than one. The integers that remain are the lucky numbers. a) b) Find all lucky numbers less than 100. show that there are infinitery many rucky numbers. ( p, then the binomial coefficient [;] ,,

17. Show that if p is prime and I ( t divisibleby p. 1.5 Computer Projects Write programs to do the following: l'

Decide whether an integer is prime using trial division of the integer by all primes not exceedingits square root. Use the sieve of Eratosthenesto find all primes less than 10000. Find zr(n), the number of primes lessthan or equal to rz, using problem 13. verify Goldbach's conjecture for all even integers less than 10000. Find all twin primes less than 10000. Find the first 100 primes of the form n 2 + l. Find the lucky numbers less than 10000 (see problem 16).

2. 3' 4. 5. 6. 7.

Divisors Common Greatest and Prime Factorization

2.1 Greatest Divisors Common
If a and b are integers, that are not both zero, then the set of common divisorsof a and 6 is a finite set of integers,alwayscontainingthe integers*l and -1. We are interestedin the largest integer among the common divisors of the two integers. Definition. The greotest common divisor of two integers a and b, that are not both zero, is the largest integer which divides both a and b. The greatestcommondivisor of a and b is written as (a, b). Example. The commondivisorsof 24 and 84 are t l, J.2, +3, 1.4, t6, and + 12. Hence Q+, g+) : 72. Similarly, looking at setsof commondivisors,we f i n dt h a t ( 1 5 , 8 1 ): 3 , ( 1 0 0 , 5 ) : 5 , ( I 7 , 2 5 ) : l , ( 0 , 4 4 ): 4 4 , ( - 6 , - 1 5 ) : 3 , and (-17, 289) : 17. We are particularly interested in pairs of integers sharing no common divisorsgreaterthan l. Such pairs of integersare called relatively prime. Definition. The integers a and b are called relatively prime if a and b have greatestcommondivisor (a, b) : l. Example. Since Q5,42) : 1,25 and 42 are relativelyprime. 53

54

GreatestCommonDivisorsand prime Factorization

Note that since the divisors of -c are the same as the divisors of a, it follows that (a, b) : (lal, la ll (where lc I denotesthe absolute value of a which equalsa if a )0 and equals -a if a <0). Hence, we can restrict our attentionto greatestcommondivisorsof pairs of positiveintegers. We now provesomeproperties greatestcommondivisors. of Proposition 2.1. Let a, b, and c be integerswith G, b) : d. Then (;) (ii) b /d , b l d ) : I (atcb, b) : (a, b).

Proof. (D Let a and b be integers with (a,b) : d. we will show that a /d and b/d have no common positivedivisorsother than 1. Assume that e is a positiveinteger such that e I Q/d) and e I Qtal. Then, there are integersk and I with ald : ke and b/d :Qe, such that a : dek and b : de[. Hence. de is a common divisor of a and b. Since d is the greatestcommon divisor of o and b,e must be l . Consequently, /d , b /d) : l. G (ii) Let a, b, and c be integers. We will show that the commondivisorsof a and b are exactly the same as the common divisors of a t cb and b. This will show that (a *cb , b) : G, b). Let e be a common divisor of a and b . By Proposition1.4, we see that e I b*cb), so that e is a common divisor of a * cb and 6. It,f is a commondivisor of a * cb and b, then by Proposition 1.4,we seethat/ dividesb+cb) - cb : a, so thatf is a commondivisorof a and b. Hence G*cb, b) : (a, b'). a We will show that the greatestcommon divisor of the integersa and b, that are not both zero,can be written as a sum of multiplesof a and b. To phrase this more succinctly,we use the following definition. Definition. If a and b are integers,then a linear combination of a and b is a sum of the form ma * nD, where both rn and,n are integers. We can now state and prove the following theorem about greatest common divisors. Theorem 2.1. The greatest common divisor of the integers a and b, that are not both zero, is the least positive integer that is a linear combination of a and b. Proof. Let d be the least positive integer which is a linear combination of a and b. (There is a least such positive integer, using the well-ordering property, since at least one of two linear combinations l'a t 0'b and

2,1 GreatestCommonDivisors

55

We a GDa + 0'b, where 10, is positive.) write

rz.rlR==r*

?

d:ma*nb,

w h e r em a n d n a r e p b f t @ i n t e g e r s .W e w i l l s h o w t h a t d l a a n d d l b . By the divisionalgorithm,we have a:dq*r, 0(r<d.

From'n"'o:'1'::^r: :' ;: ;';::,b) : e-qm)a - qnb

This shows that the integer r is a linear combination of a and D. Since 0 ( r 1d, and d is the least positive linear combination of a and b, we concludethat r : 0, and henced I o. In a similar manner,we can show that

d I b.
We now demonstrate that d is the greatest commondivisor of a and b. To show this, all we need to show is that any common divisor c of a and D must d divided.Since :ma*nb, i f c l a a n d c l b , P r o p o s i t i o nl . 4 t e l l s u s t h a t

c I d. tr

We have shown that the greatestcommon divisor of the integersa and b, that are not both zero. is a linear combinationof a and b. How to find a particular linear combinationof a and D equal to G, D) will be discussed in the next section. We can also definethe greatestcommondivisor of more than two integers. Definition. Let e1, e2,...,en be integers, that are not all zero. The greatest common divisor of these integers is the largest integer which is a divisor of all of the integers in the set. The greatest common divisor of , a t, a 2 , . . .c , is denot e d y (a 1 ,a 2 ,,..., n ). b a Example. We easilyseethat 02, 18, 30) :6 and (10, 15, 25) : 5.

To find the greatestcommon divisor of a set of more than two integers,we can use the following lemma. L,emma2.1. If a1, a2,..., an are integers, that are not all zero, then
(a1, a2r..., (on-r, a)).

(a1, a2,..., an-1, an) :

Proof. Any common divisor of the n integers ar, e2,...,en_t, en is, in particular, a divisor of ar-1 and an, and therefore, a divisor of (an_1,an).

56

GreatestCommonDivisorsand PrimeFactorization

Also, any commondivisor of the n-2 integers4 t, a2,...,on_2,and (an_1,an), must be a commondivisor of all n integers,for if it divides (on-r, an), it must divide both cr-1 and an Since the set of n integersand the set of the first n-2 integers together with the greatest common divisor of the last two integers have exactly the same divisors, their greatest common divisors are equal. tr Example. To find the greatest common divisor of the three integers 105,140,and 3 5 0 , w e u s e L e mma 2 .1 to see that (105, 140.350) : ( 1 0 5 ,( 1 4 0 , 3 5 0 ):) ( l 0 5 , 7 0 ) : 3 5 . Definition. We say that the integers a1.e2,..., are mutually relatively e1 prime if (a1, e2,...,an) : l. These integers 4re called pairwise relatively prime if for each pair of integers and a; from the set, (ai, a1): l, that is, 4; if each pair of integersfrom the set is relatively prime. It is easy to see that if integersare pairwise relatively prime, they must be mutually relatively prime. However, the converseis false as the following example shows. Example. Consider the integers15, 21, and 35. Since

( 1 5 , 2 r , 3 5 ) ( t s ,( 2 t , 3 5 ) ) :( r 5 , 7 ) : r , :
we see that the three integersare mutually relatively prime. However, they t are not pairwise relatively prime, b e c a u s(e S . z l ) : 3 , ( 1 5 , 3 5 ): 5 , a n d (21,35):7.

2.1 Problems Find the greatestcommon divisor of each of the following pairs of integers

l.

il 15,35 b) 0,lll c) -12.t8

d) 99, 100 e ) 1l , l 2 l f) 100,102

with (a, b) : l, then (a*b, a-b) : I or 2. Show that if a and b are integers Show that if a and b are integers, that are not both zero, and c is a nonzero i n t e g e r t h e n ( c a, c b ) : l c l b , b \ . , 4 . What is (a2+b2,a*b), where a and b are relatively prime integers,that are not both zero?

b) Use mathematical : (on. b .15.. b) Use part (a) to prove that if a and b are integerssuch that a' I bn where n is a positiveinteger..an are integers that are not all zero and c is a positive integer.b ) : l .an).1 GreatestCommonDivisors 57 5 .75 c ) 99. T2.9999.. a2. then (a.l. can). b \ : G1 2b ) . Show that if a. t h e n c | ( a .c). w 9 . then G. Find three mutually relatively prime integers from among the integers 6 6 . a n d c a r e i n t e g e r s u c ht h a t G . b) : 2fu b/2). then another integer such that (ar b) : (az. then 8 . b and c are mutually relatively prime nonzero integers..28.. b . caz.. /2. then (an.0. a) Show that if a and b are positiveintegerswith (a . b) : ( a p 2 ' ' o n . 1 5 . a n d 1 6 5 .25.D)-L I and c I G*b). b ) : and b is inductionto showthat if at. a n d c a r e i n t e g e r s i t h c I a b .b)(a.. If both the l7-year and l3-year similar species speciesemerged in a particular location in 1900. when will they next both emerge in that location? 6 . then (a.b. 7 0 . a2. 1 0 5 . 1 4 . there is a with a larval period of 13 years. then s 7 .. Find four integersthat are mutually relatively prime. G .. S h o wt h a t i f a . bc) : L and c a r e i n t e g e r sw i t h b . Find the greatestcommondivisor of each of the following setsof integers a) 8.anare integers. lo. but not relatively 1 3 .then (cat.. 1 6 . -35 f) 0. l00l . b) Show that if a is an even integer and b is an odd integer. Show that ar. prime pairwise..c(a6 a2. that are not both zero. il Show that if a. c ) ( b .. . b) .. bn) : I for all positiveintegersn.2.a):(c. ll. Periodicalcicadasare insectswith very long larval periodsand brief adult lives. such that any two of these integersare not relativelyprime.then c I b. c ) . (a. 1 0 . Find a set of three integersthat are mutually relatively prime.4 2 . For each speciesof periodical cicada with larval period of 17 years. bd : (a. a) Show that if a and b are both even integers.. 12 b) 5. b) : l.21 e) -7. 0 d) 6. . S h o w t h a t i f a . Do not use examples from the text. c) : l. b ) : k..

2 a n d r . Show that every positive integer greater than six is the sum of two relativelv greater than I .. Consequently. This method is called the Euclidean algorithm. Write a program find the greatest to divisor two integers. n . that if k is an integer. we can conclude that (72. Before we discuss the algorithm in general..then 3k *2 and 5k +3 are relatively prime.2The Euclidean Algorithm We are going to develop a systematicmethod.30) : 6.b ) r . 3 0 ) : ( 1 0 . 6k+5. at. Show that if 20. then the six 6k+2. .7 2 . a-b) : ( n ( a . of common 2. Show that the greatestcommon divisor of the integersat..is the least positiveinteger that is a linear combinationof a t.. We now set up the generalformat of the Euclideanalgorithm for computing the greatestcommondivisor of two positiveinteger..30'2. an. 7 D : n Another way to see that (J. Next. 12) : ( 12 .0. 1 . o2. to find the greatestcommon divisor of two positive integers. : 0 . then ((an-b'\/G-b). that are not all zero. w e u s e P r o p o s i t i o2 . 12) is to notice that any common divisor of 30 and 72 must also divide 12 because12 : 72 . we now see that Be c a u s e 1 2 : 6 ' 2 * 0.30): computations again to write 30 : 2'12 + 6.an. 6k +3. integers 6k-l.. Show r 9 . N o te w e h a v e re p l a c e d 2 b y the smal l ernumber 12 i n our 7 (30..1 Computer Projects l. 02.we seethat as ( 30.6 ).a-b) and b are relatively prime positive integers. Using the samereasoning before. any common divisor of 12 and 30 must also divide 72. we demonstrate use with an example. then : I or n. without finding all the commondivisorsof 30 and 72. Let rs : a and r r : b be nonnegative b I 0.t . or algorithm. O : (6. 2t.58 Greatest Common Divisors and Prime Factorization t7. and ( 3 0 . 1 t o n o t e t h a t $0 . integerswith The EuclideanAlgorithm..7D: (30. we use the divisionalgorithm since 02. 2 . are pairwise relatively prime. 6k +l . w e u s eth e d i v i s i o na l g o ri t hmto w ri teT2:30' 2 + 12.b ) . . l2). a . t 2 ) .I r i + 2 w i t h 0 1 r i + 2 1 r i + t f o r 7 : 0 . 0) : 6. b) Showthat if o and b arepositive integers. . If the division algorithm is successively applied to obtain r i : r i + t Q i * . We find the greatestcommon divisor of its 30 and 72. ot=bt *f^ O<rr<b . 2. k is a positiveinteger. F i rs t. r 8 . . prime integers a) Show that if a (a'-b^)l(a-b).2 . and conversely. since 72: 30' 2+ 12 . we see that ( a . Lemma 2. of a ) 0 cannot contain more than c terms. we seethat e I c. successively applying the divisionalgorithm. Proof.2 Th e E uc lideanA l g o ri th m 59 then (a . we seethat k. H ence (rr.4. r 1 ) : ( r l . r z ) : (rn-r.2. t h e n s i n c ec : d q l r . 198). Since the common divisorsof c and d are of the sameas the commondivisors d and r. To find (252.we see that the greatestcommon divisor of c and b is the last nonzero remainder in the sequenceof equations generated by using the division algorithm. Bv Lemma 2.hen ( c . rr) : (rr. Proposition from I f e l d a n d e l r . From this theorem. Example.namely the divisor and remainder. fn-t) : (rr-r. b ) : ( r s .2 . r). d) : (d . To prove that the Euclidean algorithm producesgreatestcommon divisors. b ) : r-. Proposition1.. 1 2 > . the last nonzeroremainder. the dividend and successively divisor are replacedby smaller numbers.2. b) -. then sincer : c-dq. where at each step.r. we use the division algorithm successively to obtain . 1 . 4 s h o w st h a t e l r . d) : (d. We can assumethat we eventuallyobtain a remainder of zero since the se q u enc e r em aind e rs : ro l r1 > .-1. tr We illustrate the useof the Euclideanalgorithm with the following example. Let r0: e and rr : b be positive integers with a 7 b. If an integer e dividesboth c and d. r). Proof. the following lemma will be helpful.0) : rn. the last nonzeroremainder. we find that fg f y : : rtQt*rZ r2Q2* rt By 0< 0< r2 r3 tn-3 : fn-2Qn-Z * fn-t fn-lQn-t lnQn * fn 0 0 f n-2 : I n-l : ( rr-r (r. tr We now prove that the Euclideanalgorithm works. r) ( a . If c and d are integers and c : dq * r where c and d ate i n te g er st. In our subsequentanalysis of the Euclidean algorithm. b) using the Euclidean algorithm. H e n c eQ S Z . 3 . there are integersa and b such that exactly n divisionsare required to find G.8) /2. 1 9 8 ) : 1 8 . E a c h s u c c e e d i n g r m i s o b t a i n e d te by adding the two previousterms. Definition. we give estimates for the maximum number of divisions used by the Euclidean algorithm to find the greatest common divisor of two positive integers.2 f o rn 2 3 . we wil! need the following lower bound for the nth Fibonacci number. Theorem 2.60 Greatest Common Divisors and Prime Factorization 2 5 2 : l . . u3. Later in this section. u3l u2 : 2 * I : 3. This sequenceis named after the thirteenth century ltalian mathematicianLeonardodi Pisa. The Fibonacci sequence begins with the integers 1 . We have a 1 2: u3. 1 g g+ 5 4 198:3'54 +36 54:1'36 +18 36 : 2. The Fibonacci numbers ur.2. and so forth.who used this sequenceto model the population growth of rabbits (see problem 16 at the end of this section). 5 5 . w e s e e th a t u 3 : tt2 * yt: I t | : 2. unlan-2forn73. 2 1 . otn-l : i s a s o l u t i o no f x 2 . we first show that given any positive integer n. o2. s Us ing t he de fi n i ti o n . Now assumethat for all integersk with k 4 n..on-3: s1n-2 * an-3 .t * u n . also known as Fibonacci.. . u2. We use the second principle of mathematical induction to prove the desired inequality..x (a*l). 8 1 3 . w e h a v ea 2 : a * l . 1 . 3 4 . 2 . the inequality ok-2 1 ut holds.ar-3 : . Then Proof. 5 . we define a special sequence of integers. I 4 4 . so that the theorem is true for n :3. .I : 0 . First. Let n be a positive integer and let cu: ( l+-. . S i n c ea : ( l + r f r / 2 Hence. are defined recursively by t h e e q u a t i o na t : u 2 : I a n d u n : u n .8 9 . However.18. otn-31 un-t . Hence.we have the inequalities an-2 < un. The following theorem tells us how many divisions are needed to find the greatest common divisor of successive Fibonacci numbers. Theorem 2. the Euclidean algorithm ( u n q 2 . Then the Euclidean algorithm takes exactly n divisions to show that (u n * r . we seethat lln*2: Un*t'l t Un.2 . t l n q r ): u z . Therefore. 34 and 55. We observe that when the Euclidean algorithm is used to find the greatest common divisor of the ninth and tenth Fibonacci numbers. to show that . we conclude that or'-l lun*un-l-un*l This finishesthe proof of the theorem. We have 55:34'l+21 34:21'l+13 2l: l3'l + 8 13:8'1 + 5 8 : 5'1 * 3 * 2 5:3'l * I 3:2'l 2: l'2. Applying the Euclidean algorithm. and using the defining relation for the Fibonacci numbers ui : uj-r I ui-z in each step. Proof. Lt4: u3'1* u2' It3 : tt2'2. 55) : 1.2 T he E uc lidean Al g o ri th m 61 By the induction hypothesis. Furthermore. E takes exactly n divisions.l .3. 55). Let unrr and unt2 be successive terms of the Fibonacci sequence. a total of eight divisions are required. tr We now apply the Euclidean algorithm to the successive Fibonacci numbers 34 and 55 to find (34. (34. Un*l: Un'l + Un-1. ur a2): l. * rr. n-l(S'logleb.2. Hence.62 Greatest Common Divisorsand Prime Factorization We can now prove a theorem first proved by Gabriel Lame'. Proof. .. rn-z 2 rn-t * rn 2 ut * u2: u4. The number of divisions neededto find the greatest common divisor of two positive integers using the Euclidean algorithm does not exceed five times the number of digits in the smaller of the two integers.. :rZ4Z*rt. 0 ( rn 1 rn-t. we obtain the following sequence of equations: fg f1 : rtQt*rZ. Therefore.. for there to be n divisions used in the Euclidean algorithm. a French mathematician of the nineteenth century. Qn-l is greater than or equal to l. we must have b 7 un+r. rn-t 2 2rn 2 2u2: u3. which gives an estimate for the number of divisions needed to find the greatest common divisor using the Euclidean algorithm. 0(131rz. and Qn 7 2. By Theorem 2. We have used n divisions. we seethat l o g rq b > h -l )l o g l s a Consequently. Lam6's Theorem. b ) an-r. since loglsa > 1/5. rr2l:ur. Now. rn-l 2 rn-z * rn-t 2 uq * u3: tt5. We note that each of the quotientsQt.. rz)13*14 b:'r2rz 7 unq * un-z: u* * rt 7 u n * u n-t : un+ l Thus. When we apply the Euclidean algorithm to find the greatest common divisor of a : re and b :r 1 with a ) b.. 0(rz1rr.8)/2. fn-2 fn-l : : fn-tQn-t tnQn. Q2. sincern 1rn-1. we know that unay ) qn-r for n ) 2 where a: (l+. > (C I-l ) /5. ( 1 9 8 .:ri?'. D the greatestcommon divisor The Euclideanalgorithm can be used to express of two integers as a linear combination of these integers. from the next to the last step. From the penultimateequation.I < 5k and since /c is an integer.r Q n . This last equationexhibits l8 : (252. we can conclude that n < 5k.t . so that : l8 .2 T he E uc lidean Al g o ri th m 63 Let b have k decimal {igits.. by Proposition O(log2a)2) bit operations. 198) as a linear combinationof 252 and l 98. 1 9 8 . from the first stepwe have 54:252 ..1. yy of a divisor twopositive common ir.198) 1. From the secondto the last step. (a.3 . b) may be found using a total of O((log2a)3) bit operations.2 . each taking are neededto find fu. we seethat 18:54-l'36. In general.7. We illustrate this by (252. 1. 5 4 .198. which implies that : 1 8: 5 4 .i.252. 198) : l8 as a linear combinationof 252and 198.we have rn: (a.r a l i n e a r c o mb i n a ti o n f rr-2e. Likewise. r n .r n . Hence. b) : Th i s e x pr es s es b) ' a s b.1 .to see how d : (a. Proof. we see that n . The number of bit operations needed to find the greatest integers and.198 4. so that b < 10ftand loglsb < k. Hence. 198).4(252-1. Referring expressing to the stepsof the Euclideanalgorithm used to find (252. We know from Lam6's theorem that O Qogra) divisions.2 . of Corollary 2.l'198. Lam6's theorem. refer to the series of equations that is generated by use of the Euclideanalgorithm. it follows that 36:198-3'54. b).5. The second o to . b) may be expressed a linear combination as of a and 6.fi drr-1.:f$. tr This establishes The following result is a consequence Lam6's theorem. 5 4 ) 4 .

64 GreatestCommonDivisorsand PrimeFactorization the last equation can be used to expressr2-1 &S rn-3 -rn-zen-z . where. There is another method for finding b. Then fu. Using this for (4. becauseit is necessary work out the steps of the Euclidean algorithm..zQn-rrn-3.sn andtn are the nth terms of the sequences recursivelyby ti_2.b) successive which requires working through the steps of the Euclidean algorithm only once.b):sriltrit. b) as a linear combination to: a and 11. This showshow to move up through the equationsthat are generatedby the Euclidean algorithm so that.6). We continue b. which expresses b) as a linear combinationof rn-2 zfid r. save all these steps.4.. of if we have found at a particular stagethat G. since ti: we have b. as This method for expressingG.. b) as a linear combinationof a and b is to somewhatinconvenientfor calculation.(rn4-rn-zQn-z)en-r -. b) : rn-2.b):sna+tnb.b) as a linear combinationof each pair of remainders. we find last equation to eliminate rn-1 in the previousexpression that ln: ln-3fn-24n-2.b) : s (ri-z*ri-g1-r) * tr1-r : Q-sqt-)ri-r * sri-2. then. at each step. .ri_tQi_r. Specifically.4. defined for n:0. Theorem 2.1.(l + q rn Q n -z )rn . The following theoremgivesthis method. working backwards through the steps of the Euclidean algorithm to express G.2. the greatestcommon divisor of a and b may be expressed a linear combination of a and b. b) as a linear combinationof each precedingpair of remaindersuntil we havefound (a.. and then proceed backwardsthrough the steps to write G. Let a and b be positive integers. so that b.b.

we hav e a : r0 : l ' a * 0 ' b : s s a* ts b .. We will prove that Q. sl :0. /l : l.2 The Euclidean Algorithm 65 SO: l. ...we have tk : rk-2 .?i-tsi-t.r*_lQt-l .b) : r. and si : Si*z.'s are the quotientsin the divisionsof the Euclideanalgorithm when it is usedto find G. Q. Then .D ri : sia + tjb (2. Let a :252 and D : 198. I ..2) using the secondprinciple of mathematicalinduction.b).2. we will for 7 : 0. Then.. s o t h a t Q . once we have established know that G. Example.Q1-zt1-t for 7 :2. /0:0. tr The following example illustrates the use of this algorithm for expressing (a. Proof.b) as a linear combinationof a and b.. assume that ri:Sia+tjb for 7 : 1. H ence. from the kth step of the Euclidean algorithm.... L i k e w i s eb : r r : 0 ' a + l ' b : s l c + t f t .b):sna+tnb. Since G. find that r1 : (s1-2a*tp-2b) . we Using the inductionhypothesis.D i s val i d for l j : 0 . D i s v a l i d f o r . j : l. fl..(s1raa*t1r-1b) Q*-r : (s 1 -2 -s * -tq * -)a * Q p 2 -t* -rq* -)b :Ska+tkb. We prove (2. where the q..fl.2. For :0 . Now. This finishesthe proof. k-1.3. tj : tj-z .2).

l5 7 0 .k(b/d))a + Q . 4 0 5 .Then d : (s . 10.1 9 8 ): 4 . let d : (a. 44350).5 . s 4 : s 2. J2:S0-sql:l0'l:1. t q : t z . Use the Euclidean algorithm to find the following greatest common divisors il (45. Ir : 1. S i n c e1 4 : 1 8 : ( 2 5 2 .22D 2. w e h a v e 1 8 . expressthe greatest common divisor of the integers as a linear combination of these integers. For each of the following sets of integers. expresstheir greatest common divisor as a linear combination of these integers il b) c) 6. r+r+) d) (2078S. With a :252 and b : 198. 2 5 2.1 .1 0 5 2 8 0 .2 Problems l. c) (ooo.l ) ' t : 4 .75) b) 002.b) and let d : so I tb be one way to write d as a linear combination of a and b. sl :0. (252. lB: (-S . tZ:tO-ttQt:01 . To seethis.without using any divisions.( . 4.5 .s t Q t : I . 1 9 8 )a n d 1 4 : s 4 o+ t 4 b .( . 1 9 8.kb/d))b for all integersk. 3. 198) : (+ .3 3 0 .3 .l4k)198 whcneverk is an integer. Example. lo:0.t t Q z : . The algorithm proceedsrecursively using the following reduction . guaranteed to exist by the previousdiscussion. t 3 : t t .l ) 3 : 4 .l ' 3 : . parity checks. The greatest common divisor of two integers can be found using only subtractions.S Z Q z : 0.( 2 5 2 .l . J 3 : S t . 4 9 0 . It should be noted that the greatestcommon divisor of two integersmay be expressedin an infinite number of different ways as a linear combination of theseintegers. For each pair of integers in problem l. and shifts of binary expansions. 9 8 . 1: .66 GreatestCommonDivisorsand prime Factorization so: l.t Ik)252 + 2. 1: .1 Z Q Z :1 .4 .

y} with x 2 y. Show that the number of divisions needed to find the greatest common algorithm is less divisor of two positive integers using the least-remainder than 8/3 times the number of digits in the smaller of the two numbers..b) a) b) Find (2106.b): /2 )2 k l L .then there exist unique integersq. where a ) b 7 0. 6 . as the Show that the least-remainder Euclidean algorithm.8318) usingthis algorithm.obtain the greatest common divisor of a and b as the last of nonzeroremainder rn in the sequence divisions ro : rtQr * e2r2. 7n4n' -rn-tl2 I enrn 4. and -blz < er { bl2. Show that (a^-1. algorithm is always faster.yl. Use the least-remainder Show that the least-remainder algorithm always produces the greatest common divisorof two integers. based on this modified division algorithm.b ) if a and 6 are even I. an-l) . Two players begin with a pair of positive integers and take turns making movesof the following type.2. 7 .2. rn-tl2 algorithm to find (384. Find a sequenceof integers v6. 226). l{o/z. such that the least-remainder algorithm takes exactly n divisionsto find (vn*.. Show that this algorithm always produces the greatest common divisor of a pair of positiveintegers. In problem 14 of Section 1.. vn+z). where e . 5.tlz rn-Z : fn-l : a) b) c) d) e) ln-tQn-t I enrn. A winning move [x-ty. It works as follows. to any of the pairs where / is a positive integer and x-ty 2 0. or as fast. -rtlz 1 e2r2 4 . .. We can set up an algorithm.v2. Let rs: a and rr: b. V1.2 The Euclidean Algorithm 67 G.plus 413.r ) 0.t) -D. Using the modified division algorithm repeatedly. Let m and n be positive integers and let a be an integer greater than one. analogous to the Euclidean algorithm. a modified division algorithm is given which says that if a and 6 > 0 are integers. [(a if a:b if a is even and b is odd if a and b are odd. called the least-remainder algorithm. and e such that a : bq * er.r. A player can move from the pair of positiveintegers{x.a(^' n).tl. we discuss the game of Euclid. In this problem.l.

) b) In problems8 to 16. E2: b. un) : u(m. (a. (Hint: First show that if y < x ( y(t+VS)/Z then thge is a unique move from l*. Each newborn pair takes two months to mature. otherwisethe second player mgr play a winning strategy.l.. u^_r) . These rabbits take two months to mature. show that in a game beginning with the pair {a.. a) b) Show that Un : Irn*.3.68 GreatestCommonDivisorsand PrimeFactorization consistsof moving to a pair with one element equal to 0. 17. Letu: li i. t 15. Supposethat on January I a pair of baby rabbits was left on an island./-il/2. Itn I lu.1he first player may play a winning strategy if a .. bl must eventually end with the pair {0. t4. Show that the number of pairs of rabbits alive after n months is precisely the Fibonacci number un. b)}. . I ttr: GD'.then (u^. then unapn-r . Show that if m and n are positiveintegers. (t 'l Prove the result of problem 9 by consideringthe determinan of Un. r| with y > ze+Jil/z. 12.gn-t* gr-zfor n 2 3. then u^ | un. 8.u] : 10. and gn . a) Show that every sequence of moves starting with the pair {a. They continually produce a new pair of rabbits the first of every succeeding month. The Fibonacci numbers originated in the solution of the following problem. assuming that no rabbits ever die. Showthat gn: oun-2* bun-1 for n ). and on March I they produce another pair of rabbits.6) /2 andp : Q-'.Ol that goes to a pair lt. and producesa new pair on the first day of the third month of its life. and on the first day of every succeedingmonth. 16.6 or if a 7 b0+ Jil/z. un refers to the nth Fibonaccinumber. Show that un is even if and only if 3 | n. Show that if n is a positive integer. Show that every positive integer can be written as the sum of distinct Fibonacci numbers.a.then rz 1l u2 I 9. 13.il. Show that if n is a positiveinteger. (c'n-0\/'. We define the generalized Fibonacci numbers recursively by the equations gr. Show that if n is a pqsitive integer. then un: o : (t+.fs. b}. where un+z. Show that if m and n arepositiveintegerssuch that m I n. ll.

2 .3 The Fundamental Theoremof Arithmetic The fundamental theorem of arithmetic is an important result that shows that the primes are the building blocks of the integers. Note that it is convenient to combine all the factors of a particular prime into a power of this prime. Every positive integer can be written uniquely as a product of primes. we need the following lemma concerning divisibility. Lemma 2. Express the greatest common divisor of two integers as a linear combination of theseintegers. Play the game of Euclid describedin problem 7. 3. 1 1 . 7. 1 3 . 5 2 4 . Express the greatest common divisor of a set of more than two integers as a linear combination of these integers.3 The Fundamental Theorem of Arithmetic 69 2. 2 . 2 8: 9 1 7 . 1 0 0 1 7 . 6. The Fundamental Theorem of Arithmetic. 3 . Find the greatestcommondivisor of two integersusing the Euclideanalgorithm. 5. To prove the fundamental theorem of arithmetic. 2. List the beginning terms of the Fibonacci sequence. 2 . Example.2. Find the greatest common divisor of two integers using no divisions (see problem 0. Factorizationsof integers in which the factors of primes are combined to form powersare called prime-power factorizations. and c are positive integers such that (a. 1 7 1 i 2 . 8. such as in the previous example. all the fdctors of 2 were combined to form 24. The factorizationsof somepositive integersare given by : : 2 4 0: 2 .2 Computer Projects Write programs to do the following: l. There. for the factorization of 240. lf a.with the prime factors in the product written in order of nondecreasing size. Find the greatest common divisor of two integers using the modified Euclidean algorithm given in problem 5. 5 . Find the greatest common divisor of a set of more than two integers. b.3. 4. 2. Here is what the theoremsays. 3:. b) : I and .

| 1 b I n. .S o n m u s t b e c o m p o s i t L e t n : a b . both of which are divisibleby a. we conclude that n is also a product of primes.w i t h p r ( p z ( a (q'. Let n be the smallest such integer (such an integer must exist from the well-ordering property). from the well-ordering property. p s . {r(42( . we show that every positive integer can be written as the product of primes in at least one way. Consequently I a. and w h e r ep t . Now. We begin the proof of the fundamental theorem of arithmetic. Corollary 2. . The case where n : I is trivial. namely t h e o n e p r i m e n .. By Proposition1. T h i s e s t a b l i s h e s t h e r e s url t . since this is a linear combinationof a and bc. Then. a divides acx * 6cy. . Supposethat there is a positive interger that has more than one prime factorization.2.3 that p I ar az we en or p I ar+r.4.. We use proof by contradiction. know from Lemma 2.b): 1. We now finish the proof of the fundmental theorem of arithmetic by showing that the factorization is unique. Proof. Proof. we know there is a least integer n that has at least two different factorizationsinto primes: fl:PtPz Ps:QtQz Qt. . . ( p. Since G. p 2 . lf n is prime.70 GreatestCommonDivisorsand PrimeFactorization a I bc . Multiplying both sides of this equation by c. This contradictionshowsthat every positiveinteger can be written as the product of primes. ar az aral that is divisibleby the prime p. Q t . for some i p t w i t h l < t < n * 1 . it is obviously the product of a set of primes. .. We prove this result by induction. we have acx * bcy: c. integers. Sincep I ar az on*t: (a1a2 an)ana1. First. Then. 4 tr e a l l p r i m e s . If p dividasap2 an wherep is a prime and c r. w i t h | 1 a ( n a n d e. But since a and b are smaller than n they must be the product of primes. a The following corollary of this lemma is useful. .. Assume that the result is true for n. Let us assume that some positive integer cannot be written as the product of primes. it p I ar az a' from the induction hypothesis there is an integer i with 1 < t ( n such Ihat p I ai. then there is an integer i with I < t ( n such that p dividesa. t hen a I c . .. Hencea I c. Consider a product of n * t. since n : ab. a2.on are positive integers. there are integersx and y such that ax * by : y.

Another way in which we can use prime factorizations is to find greatest common divisors.3.p 2 : Q 2 . can assumethat pr ( qr..3. let us find all the divisorsof an integer from its prime factorization. for if pr t i : 1. and 5. ts inc e41 i s th e s m a l l e so f th e q ' s .Thesedivisorsare I 2 22: 4 23:8 3 2 ' 3: 6 : 22. tr of The prime factorization of an integer is often useful.nfpl con be written as a product of primes in exactly one way. each pi is equal to the correspondingq. B ut. To be a commondivisor of both 720 and 2100. To show that pr: Qr.3 The Fundamental Theorem of Arithmetic 71 We will s how t ha t p t: Qr... and that the number of prime factors in the two factorizations must agree. be a common divisor of 720 and 2100.the greatestcommon divisor of 720 : a n d 2100is 22. l. This proves the uniqueness the prime factorization of positive integers. where each exponent is a nonnegativeinteger and where all primes occurring .Therefore. To describe. Hence. .. This is a pr : Qr contradiction. .let min(a. respectively. 5 6 0 . Consequently. n d c o nti nueto show that each of a p's the successive and q's are equal. of the two numbers d and 6.. 2. a positiveinteger can contain only the primes 2.. Example.pr 1q. we see that pr I qflz et : tt. H e nce.3. a to positive integer can contain only the primes 2. tr qi for al l i . p:. and the power to which one of these primes appears cannot be larger than either of the powersof that prime in the factorizations of 720 and 2100. . 3.5: 6o : 23. that is s : /. p:. and s : /. to powers lessthan or equal to 3..3 12 : z3-3 24 5 2 ' 5: 1 0 : 22. Now let the prime factorizationsof a and b be .pi2 . either pr ) 4r or pr 1 Qr By interchanging we the variables. Hence.2. Hence. and since n is the smallest positive integer with more than one prime factorization. b : p'r. 1. and 5 to powers no larger than2. n. The positivedivisorsof 120 : 233'5 are thosepositiveintegerswith prime power factorizationscontaining only the primes 2. and 5 in its prime-power factorization. o : pi. in general. how prime factorizations can be used to find greatestcommondivsors.. As an example. For instance.2.plz .supposewe wish to find the greatest common divisor of 720 : 2432'5and 2100 : 223'52'7..5 20 : 23. assumethat pr * qy Then. from Corollary 2.s l2o . D) denotethe smaller or minimum. we can conclude that and p s : QzQ t n /p r: pz pt S i n c en l p l i s an i ntegersmal l erthan Qt. . necessary.5 40 3'5:15 2 ' 3 ' 5: 3 0 223. and l. respectively. . 3. and l.

a n d [7 ..pn b I a.) pf *Gru') where max(x. sincefor eachprimepi.b): pl'"k"0. of x andy.. [a.)plinb. The leastcommonmultiple of a and b is denotedby Io. : p i .2l l: lZ q.y):y and max(x.6. Therefore. We have the following least common multiples: ll5.bl: pl *Grb.p i .pur2 . we prove the following lemma. y ) : x * y . Hence.y) :x+y. We note that fu. we would prefer a method for finding the least common multiple of two integers without using the prime factorizations of these integers. or maximum. /) denotes the larger.) Omaxb.) . eachp. perhapswith zero exponents. a n d . occurs with a power at least as large as ai and bi. the smallestpositiveinteger divisible by both a and b is la.. pun. y ) +m i n ( x . The problem of finding this integer arises when fractions are added. bl.'b. l l l : 7 7. Once the prime factorizations of a and b are known. If x <y. then min(xy):x we max(x.y) + min(x.y)+ min(x. Definition. a and b shareexactlymin(a. Prime factorizationscan also be used to find the smallestinteger that is a multiple of two positive integers.4.. tr .y) . Z 0 l : 2 A . I then min(x. Finding the prime factorization of large integers is time-consuming..y): y.72 GreatestCommonDivisorsand PrimeFactorization in the prime factorizationsof c and of b are included in both products. are the primes occurring in the prime-powerfactorizationsof a and b. . Iemma 2.w herept.x + y. We will show that we can find the least common multiple of two positiveintegersonce we know the greatest common divisor of these integers.!):x.pz. f x)y.b]. I f a : p i . 105. l Z . X l : 72. The least common multiple of two positive integersa and D is the smallestpositiveinteger that is divisibleby a and b. so that Proof. bl.) factorsof p. and m a x ( x .'b. it is necessarythat in the factorization of the integer. then max(x. then for an integer to be divisible by both c and D. First. Example... The latter can be found via the Euclideanalgorithm. p:'n(oro. andagain findthat max(x. it is easy to find p l r. If x and y are real numbers.

if d is a positivedivisor of mn. Si n c e (m.then la. . b l b . once b. i l : p Y ' p Y ' p { ' p T ' p T' 2 p f ' : O{.the prime-powerfactorizationof mn is mn: pT'pT' p!'qi'qi' q:' .b). for 7:1.. we have exponents. pl' and Proof.. if d is a positivedivisor of mn.. Conversely. ): a 1 * b 1 by Lemma2.2. needed Lemma 2.r{'*^' bY'*^' : pl'+b'Oo'+b' p:'*o' : p\'p. ... b) is known. P s and t he s e t o f p ri me s Q t.4 2 .' : ab.b1).3 The Fundamental Theorem of Arithmetic 73 To find Ia... Then.. b. respectively.4. Theorem 2. ab/G. . the set of pri mes h p tPz. there is a unique pair of positivedivisorsd 1 of m and if d2of n such that d : diz.s and 0(f q{' (n.bl: where Ia. perhaps with zero Now let M1: max(c.. b l.4 t a ve no common el ements.2. we use the following theorem.) and ffii -min(a1. Then.l . then d:pi'piz "' pi'q{'qI' w h e r e0 ( e i Now let (mi for i:1. si n ceM i + f f ij: pi'p"' po^' b m ax (a y .. b) are the least common multiple and greatestcommon divisor of c and b. dl and d2 are positivedivisor of z divisors of mn. Proof.. Let the prime-power factorizations of m and n be m : pT'pT' p : ' and n: q i ' q i 2 " ' q i ' . Hence.n ) . then d : dfl2is a positive andn. Therefore. where the expnents are nonnegativeintegers and all primes occurring in either factorization occur in both. Let a and b have prime-power factorizations a : p\'pi' t : pl'p!2 " ' p:'.. b I and G. . tr of The following consequence the fundamentaltheoremof arithmetic will be later.2. Let m and n be relatively prime positive integers. ' ' l a .5.5.. respectively. lf a and b ate positive integers.t..b j ) + m i n (a r' ..+^.

for j : 1.. c o n ta i n sn fi n i te l ym a n y pri mes. ..2. i G.2.. respectively.. dy and d2be positivedivisorsof m and n. a German mathematician. There are infinitely many primes of the form 4n * 3. ql.q[. Let a and b be relatively prime positive integers. . a n d dr: where0 < /j q{'q[' q{' ( n. pi.. we do not present a proof here.. The integer d : dfi2: p'r'pi.3 . sincethe power of such prime occurring in the prime-powerfactorizationof d is less than or equal to the power of that prime in the prime-power factorization of mn.s . it is not difficult to prove special cases of Dirichlet's theorem.. Thisis thedecomposition wedesire. f l : 1. Dirichlet's Theorem on Primes in Arithmetic Progressions.. Proposition 2. -. where n rs a positiveinteger.t. proved this theorem in 1837.q{.. is clearly a divisor of q{' mn: p?'pT' p!'qi'qi. Lejeune Dirichlet.. Clearly : dfi2and(dr..2 . Since proofs of Dirichlet's Theorem are complicated and rely on advanced techniques. tr A famous result of number theory deals with primes in arithmetic progressions. as the following proposition illustrates. Then the arithmetic progression an * b.74 GreatestCommonDivisorsand prime Factorization dt : p't'ptz' and dr: q{'qI' q{' .2 ..d) : l. However..Then let dr: p'r'ptr' p:' wher e0 ( ei ( m i fo r i : 1 . d of d Conversely.

*3. Show that all the powers in the prime-power factorization of an integer n are even if and only if n is a perfect square. ab: ( + r + t ) ( 4 s + 1 ): 1 6 r s* 4 r * 4 s * l : 4 ( 4 r s + r * s ) * l. Lemma 2. Which positive integers have exactly three positive divisors? Which have exactly four positivedivisors? Show that every positive integer can be written as the product of a square and a square-freeinteger. for if 3 I Q. tr We now provethe desiredresult. 3. .. Hence. However. Proof. Hence.all of these primes would be of the form 4n * 1. P 2 . this would imply that O would also be of this form. which is a contradiction. tr there are 2.. . . Likewise. D 5o4o 2. Proof.Pndivides 0. s a yP o : 3 . L e t Q:4prpz P. Otherwise. Then.3 Problems L of Find the primefactorizations a) 36 e) 222 b) 3e c) 100 d) 289 D 2s6 d sr5 h) 989 j) sooo k) 9s5s D 9999. p) :3 which is absurd. pj because I Q impliespi | (Q-4pr pz infinitely many primesof the form 4n * 3. there is at least one prime in the factorizationof Q of the form 4n * 3. lf a and b are integers both of the form 4n * l. . prime 3 does not divide Q. we first prove a useful lemma. and by Lemma 2.. Since a and b are both of the form 4n * l.6.3 The Fundamental Theorem of Arithmetic 75 Beforewe provethis result.. The p. none of the primes po.. then I I (0-ll : 4pt pz which is a contradiction. Pr.. there exist integers r and s such that a : 4r * 1 and D : 4s * 1.2. can divide Q. A square-free integer is an integer that is not divisible by 4.. none of the primes p. P t . which is again of the form 4n * 1. then the product ab is also of this form.P r . Let us assume that there are only a finite number of primes of the f o r m 4 n f 3 .6.

Show every element of H can be factored into Hilbert primes. An integer n is called powerful if whenevera prime p divides n. Let p be a prime and n a positiveinteger. then po*b ll mn. Find all positive integersn such that n! ends with exactly 74 zeros in decimal notation. but po*' It n. Show that factorization of elements of FI into Hilbert primes is not necessarily unique by finding two different factorizations 693 into Hilbert of primes. a) Let n be a positiveinteger. If p' I n. of An element h*l in 11 is called a"Hilbert prime" if the only way it can be written as the product of two integersin ^FIis h: h'l : l'ft. for 154. ll. c) d) 13. Show that if n is a positive integerit is impossible n! to end with exactly 153. then a I b. 7. we say that po exactly divides n. 6. p2 divrdesn. Show that every powerful number can be written as the product of a perfect squareand a perfect cube. How many zerosare there at the end of 1000! in decimal notation? How many in baseeight notation? 10. a) b) Show that the product of two elements 11 is also in fI. 12. Let H be the set of all positiveintegersof the form 4ft*1. Show that the power of the prime p occurring in the prime power factorization of n ! is ln/pl + Inlpzl + ln/p3l + b) Use part (a) to find the prime-power factorization of 20!. Which positiveintegersn are divisibleby all integersnot exceeding. Show that if po ll m andpb ll n.t 14. then ominb'b) m+ n.. Find the least common multiple of each of the following pairs of integers . where k is a positive integer. Find the 20 smallestHilbert primes. This problem presentsan example of a system where unique factorization into primes fails.76 Greatest Common Divisors and Prime Factorization any perfect squares. S h o wt h a t i f p o l l m . or 155 zeroswhen it is written in decimal notation. Show that if a and b are positiveintegersand a3 | b2./. t h e np k o l l m k . il 8. a) b) c) Show that if po ll m andpb ll n. 9. and we write po ll n. 5.

9 9 9 . The least common multiple of the integers a1.. 3 .a n [a. 2 .b) : 21.cl : 25.a.3o3 2 5 6 .then (la.b. Show that if a and b are positive integers. 5 . 1 6 .. integers then (a. 2 2 . then (a . c)l and lfu...ct2. cJ : ([4. cl) .brcla 'br'c.. c ) * min(a... 23. t 9 . is .1 l 4 7 t t 7 g t n l 0 lr m r .m i n ( D . il | la. bl. cl. I a n dc d : l a . Show that if a. 7 I '1 3 .a2. 3 .b. c ) where 24.. 20.. Which pairs of integers a and D have greatest common divisor 18 and least commonmultiple 540? 1 8 . lb .. c ) ( b.an. 1 7 . c ) . b. 5 .. are not all zero. a 1. a) Show that if a... 1 t .27355372 b) c) d) 2 . t 3 t .12 14.. bl? 1 9 . b) Use part (a) to show that a. Show that if a and b are positive integers. d ) : b I c... Ull c if and only if a I c and b) Find the two positive integers with sum 798 and least common multiple l 0780.5 0 4 0 3 4 3 . t 7 . (b.. G . Show that if a. is that it the smallestpositiveinteger that is divisible by all the integerso1. c ): a * b * c . Generalizeproblem 23 to find a formula for (ay.a2. 2 9 . then there are divisors c of a and d o f b w i t hG .a 2. b) : la.la. 4 r r 8 3 r r r l 0 l1 0 0 0 . 2 3 .a2. and c are positiveintegers.clla. 35 d) e) f) lll.15 28..c).. 1 2 3 5t7 ' 3 .m i n ( a . b) .m i n ( a .an1 are positiveintegers.2. and c are integers.. When does fu.b.b. t) : lG.) . b ) .3 The Fundamental Theorem of Arithmetic 77 a) b) c) 8. . multipleof the following divisorand leastcommon common 15. Find the greatest pairsof integers a) 22335s11. a) Show that if a and b are positive (a*b. b ) G .then [a. c). Show that every common multiple of the positiveintegersa and b is divisibleby the leastcommon multiple of a and b. bl.then m a x ( a .on)'1d1. and c are positiveintegers..b.bD. b l . b .

Find the least common multiple of two positive integers from their prime factorizations.an1..an-1. . Find all positivedivisors of a positive integer from its prime factorization. Prove that there are infinitely many primes of the form 6ft * 5.ct2.a1.then la.an-1l. 1 1 ..e such that a : dn and b : en.a is a positive integerwithp I a2. 1 5 ] d[ 7 . 4.3 Computer Projects Write programs to do the following: 1.. then 2...... a*b.aap2''' sn. a*Zb. then p I a. containsan arbitrary number of consecutive composite terms. 28.anl l[. and n is a positive integer such thatp lan. Let n be a positive integer. 26. 30.anl. Find the greatest common divisor of two positive integers from their prime factorizations. then there are positive integers d and.. if aya2. 29.. 2. where k is a positive integer. Find the number of zeros at the end of the decimal expansionof n ! where n is a positiveinteger.78 GreatestCommonDivisorsand PrimeFactorization denoted Ia 5a2.l d) e) f) 224-l 230-l 236-t. an : Show that laya2. 1 3 j ... how many camerasdid they sell? 31. Find the prime factorizationsof a) l06. 3.. 34..... 3 3 .bl: n? 27. Show that if a and b are integers. Show that if a.b...an are pairwise relatively prime : nl la1. If they sell 88137 worth of this camera and the discounteddollar price is an integer. and c are positive integers with (a .l b) lo8-l c ) 2r 5. then the arithmetic progression a. p 32. then a2 | b2 implies that a I b. c is an integer. Show that integers. A discount store sells a camera at a price less than its usual retail price of . 1 0 ... by il b) F i n d[ 6 .b) : I and ab : cn. b) Show that if p is a prime.S99.a2. How many pairs of positive integerssatisfy Ia. Show that if a and b are positive integers... il show that if p isa prime and.

4 Factorization of Integers and the Fermat Numbers 79 5.N : 2. seethat 7.N /tog. factorizationof 42833is 42833 . beginningour searchwith the prime p1...we the problem of determiningthis factorization.3.determining whether any of the primes not exceeding rlr r divide n1.if necessary.m. and from Theorem 1. However. To factor an integer N.9 that n either is prime.For information about thesealgorithms we refer the reader to Guy [66] and Knuth [561.7 ' 29 ' 2ll. Find the prime factorizationof n! where n is a positiveinteger. In this section.6119. 2. Recall from Theorem 1. Let n : 42833.this method for finding the prime factorizationof an integer to is quite inefficient.4 Factorization of Integersand the Fermat Numbers From the fundamental theorem of arithmetic. 6l19:29'2ll. We note that n is not divisible by 2.*" either find a prime factorpr of n or elsewe concludethat r is prime.. but that 7 | n. thesedivisionstake at least log N bit operations each.3 and 5. proceedingrecursively. nnd any factor of n1 is also a factor of n. We conclude that the prime Since 29 > . We continue in this manner. these algorithms are complicatedand rely on ideasthat we have not yet discussed. The most direct way to discuss find the factorization of the positive integer n is as follows. altogether requiring on the order of JF bit many as r(JF) operations. we next look for a prime factor of nt: nlp1. If we have located a prime factor p r of n. it may be necessary perform as divisions.7. .5. we know that every positive integer can be written uniquely as the product of primes. Consequently..since from the prime number theorem zr(JF) is approximately .17. we know that 211 is prime.2. We note that the quickest method yet devised can factor an integer N in . requiring fewer bit operations than the direct method of factorization previously described.to find the prime factorizationof n. We continue. or else has a prime factor not exceeding when we divide n by the primes 2.11. Unfortunately. More efficient algorithms for factorization have been developed. since n I has no prime factor lessthan p1. Example.not exceeding 6 .13./i.I9. Trial divisions show that 6119 is not divisible by any of the primes we and 23.N AogN. In general. We have 42833 7 .

Let n be an odd positive integer and let n : ab be a factorization of n into two positive integers. in We now describea factorizationtechniquewhich is interesting. Proof. Then n can be written as the differenceof two since squares. Number of decimal digits Number of bit operations l. For of Later on we will show that it is far easier to decide whether an integer is prime. l o + u l ' .3xl03e Time 50 75 100 200 300 500 3. 0 xl 0 r 2 2 .1. than it is to factor the integer.ll-o . lf n is an odd positive integer. n:aD: . 3 xl 0 r 5 1. Time Required Factorization LargeIntegers.2x102s Table2.9x1015 years 4.although it is not always efficient.2x1023 l.9hours 104days 74 years 3.7.5xl02e l.l t 2 )' .1. then there is a one-to-one correspondence between factorizations of n into two positive integers and differences two squares of that equal n.80 GreatestCommonDivisors and PrimeFactorization approximately e*p(@) bit operations. Lemma 2.4x10r0 9 . This technique is known as Fermat factorization and is basedon the following lemma.8xl0e years years 4.u l ' l l:l | 2 . we give the time required to factor integersof various sizes using the most efficient algorithm known. where the time for each bit operation has been estimated as one microsecond(one microsecondis 10-6 seconds). In Table 2. where exp standsfor the exponential function. This difference is the basis of a cyptographic systemdiscussed Chapter 7.

This procedureis guaranteed to terminate..say n: tr can factor n by noting that n : (s-l)(s+t). We will prove that 641 | fr without actually performing the division.222. a n d F + : 6 5 5 3 7 .we look for solutionsof of the equation.of 2. it may be necessary to check as many as Q + D 12 . : *2 ..F 3 : 2 5 7 . To factor n using this technique.. To carry out the method of Fermat factorization. (t+2)2-n.3. 6077: $l-2D(8t+zz) : Since 6077:812 .n.4 Factorization Integersand the FermatNumbers 81 where G+b)12 and b-b)/2 are both integerssincea and b are both odd. . the first few are p r i m e s ./i . F 1 : 5 . Since < 78. then we if Conversely. we search for a square among the sequence of integers t2-n. to find factorizationsof n. Indeed.103.. where I is the smallest integer greater than . Fermat conjectured that these integers are all primes./n integers to determine whether they are perfect squares. . we look for a perfect square in the sequence 77 < ffi1 6 0 7 7: 7 6 0 7 7: 1 6 4 6 0 7 7:3 2 3 6077:484:222.F5 :22'* Proposition 2. Unfortunately. as Unfortunately.yz by searchingfor perfect squares the form xz . Proof. Fermat factorization can be very inefficient. Hence. Note that . F 2 : 1 7 .sincethe trivial factorizationn : n'l leadsto the equation n: fn+rl' I r l7 8 27 9 28 0 2812- |..l lr-rl' Example. We factor 6077 using the method of Fermat factorization. The integers Fn :22' + I are called the Fermat numbers. Q+Dz-n./2. n is the differenceof two squares. Fermat factorization works best when it is used to factor integers having two factorsof similar size. n a m e l y F o : 3 . The Fermat number F5: 22'+ 1 is divisibleby 641. we conclude that 59. 1 is composite we will now demonstrate. s2 . In attempting to factor F 6 : 22'+ l.. 22'+' ' -?. :22' + | is of the form2n+2k+ I. Z74l i ' l : (256. Proposition 2. Example. we indicate how Proposition2. w A great deal of effort has been devoted to the factorization of Fermat numbers. Proof. The following lemma will be used.4 is left until later.2. Let F1.4.:. the identity reads . and many people believe that no additional Fermat primes exist. :22' * I denote the kth Fermat number. we have FoFf z Fn-t: Fn . we use Proposition2.k * l. Lemma 2. one finds that a pr im e div is o ri s o b ta i n e d i th k : l 0 ? l .o. no new Fermat primes have been found. + 54. Example.4 is useful in determining the factorizationof Fermat numbers.8. =Z'ile fil 'r'* Therefore.2ii. It is possibleto prove that there are infinitely many primes using Fermat numbers. seethat 64t I F's. we need only perform trial divisionsof Foby those primes of the form 256'k + | that do not exceed -. We begin by showing that any two distinct Fermat numbers are relativelyprime.i . tr we The followingresult is a valuableaid in the factorization Fermat of numbers.e .82 GreatestCommonDivisorsand PrimeFactorization 6 4 1: 5 . where k is a nonnegative integer. primality test for Fermat numbers is given in Chapter 9. An interesting. S i nce there are no primes of this form less than or equal to .k + l . we know that every prime divisor of F 3: 22' + | :2 5 7 m u s t b e o f th e fo rm 2sk * l : 32. Here. Every prime divisor of the Fermat number F. we can concludethat Ft : 257 is prime. We will prove the lemma using mathematical induction.10?l+ l ) I F6.^i?ii:.4 to see that all its prime factors are of the form 28k + l:256. Hence. but impractical. After considerablectmputation. 2 7 + l : 2 a Hence. For n : 1. From Proposition 2. Then for all positiveintegersn . The proof of Proposition2. As yet.Ii:.4./81./Fu. It is presented a problem as in Chapter 9. Let us assumethat m 1 n.6.t are distinct Fermat primes and a is a nonnegative integer. The Fermat primes are also important in geometry. tr . Then. Hence. Since (F*.2 : F r a 1 This leadsto the following theorem.( F n . and Fn are odd.8.2 ' This is obviouslytrue since F0 : 3 and Fr : 5. Now let us assumethat the identity holds for the positiveinteger n. since Fn-rFr: (FsFf2 "' Fr-)Fn FoFfz .2 2 ' * ' . A regular polygon of n sidescan be constructedusing a ruler " ' pt w here p. F s F .4 Factorization of Integers and the Fermat Numbers 83 Fo : Fr .2.7. we With this assumption can easilyshow that the identity holds for the integer n * I.r: F n . Assumethat d is a commondivisor of F* and Fo. -1) :2.2.2. Proof. we note that from Lemma 1.we can concludethat there are infinitely many primes. tr Using Fermat numbers we can give another proof that there are infinitely many primes.. so that FoFf z' ' ' Fn-r: F. we know that Fffz''' F^' " F r .. Hence. a n d c om pas s and o n l y i f n i s o f th e fo rm n :2 opl if i:1. Then the Fermat numbersF^ and F. However. First. Theorem 2.. Consequently. every Fermat number Fn has a prime divisor pr.l . d cannot be 2.4 tells u s th a t d I G.z ) F n : ( 2 2 '. we know that p^ # p. The proof of the following famoustheoremmay be found in Ore [28].F): l. whenever m # n. Theorem 2. .o 2 Fm F ..D ( 2 2 ' + t ) -2. either d:l or d:2.F) : I. .2 . Let m and n be distinct nonnegative integers.1. Proposition1.( 2 2 ' 1 2.. d:l and (F^. are relatively prime. From Lemma 2.since F. to obtain i l 1: 3 q y * r y .) b) Explain how the result of part (a) can be used to speed up Fermat's factorization method. and then consider those integers n with 0(n<2s. 5 . e4. fl2: ttt2* 11. we developthe method of Draim factorization. To search for a factor of the positiveinteger n . In this problem. o6. We proceedrecursively. Show that if the smallestprime factor of n is p.84 GreatestCommonDivisorsand PrimeFactorization 2. a) Show that the last two decimal digits of a perfect squaremust be one of the followingpairs: 00.nr. Settingntr . and (50-n)2 all have the same final decimal digits. to obtain f l 2 : 5 q 2 * 1 2 . e9. then xz-n will not be a perfect squarefor x ) h+pz) lLp . egzgzt b) 1468789 c) SSOO8OZ9. we start by using the division algorithm. Using Fermat's factorization method.using the division algorithm. factor the following positive integers a) 7709 d) I l02l b) c) 73 10897 e) f) 3200399 24681023.nr. to write nx : (2k+l)qy * ry. 3. and we let 3: rtl2 2qZ. 4. fl1 : t 1 4 3* t2. (Hint: Show that n2.4 Problems l.25. (50+n)2. and we define . 0 ( 11 < 2k+1. el. Find the prime factorizationof the following positiveintegers il 2. We use the divisionalgorithm again. 0 ( 1 2( 5 . where e standsfor any even digit and o stands for any odd digit. we let t/12: t/lt Zqt. 0(11 (3. 8 . Conclude : U s e E u l e r ' sm e t h o dt o f a c t o r 2 2 1 : 1 0 2 + l l 2 : 5 2 + 1 4 2 . Use the fact that every prime divisor of Fz: 22'+ | is of the form 21k + | : l28k * 1 to demonstrate that the prime factorization of F5 is F. S h o wt h a t r v : d + b .) I l. In this problem. 1 1 . Let n be odd and let w h e r ea a n d c a r e o d d p o s i t i v ie t e g e r s . Estimate the number of decimal digits in the Fermat number Fn. L e t s v : a * c . r ( a * c ) : s ( d + b ) .2.4 Factorization of Integers and the Fermat Numbers 85 fllk : m*-t-2Qt-t.n d b a n d d n a n:a2*b2:c2+d2. S h o w t h a t u i s e v e na n d t h a t i f r : ( a .2r + | is 7 if n 7 2. that n may be factoredas n:1fu12)2 + (v/2)zl(r2 + s2). we devel<lp factorization technique known as Euler's method. show that the last decimal digit of 22' is 6. where n is a nonnegative integer.-) and rltk: n1- S h o wt h a t i f ( z * + t ) I . (You should need only one trial division. Show that any number of the form 2an+2 I can be easily factored by the use of * (2x2+2x+l)(Zx2-Zx+t\. the identity 4xa + 1 : Factor 218+1 using this identity. andv is even. t h e n ( 2 k + l ) I n r a n dn : ( 2 k * l ) m 1 . We stop when we obtain a remaindet/1 : 0. (Hint: Using mathematicalinduction. ttk : ttl* * rt-t. Show that the last digit in the decimal expansionof F.b-d). a It'is applicablewhen the integer being factored is odd and can be written as the sum of two squares in two different ways. 6 . a n ds I a + c . .64k * I to verify that F4 is prime.) 10. t h e n ( r . a) b) c) d) Let u: (a-c. s ) : l . : 641'6700417. a) b) c) Show that n1 : knr *qo-r). . 2'(qftq2* Qk+l) (qft q2*' ' ' + q. a^*l: (aft + l) 9 . (Hint: Recall the identity -ae+l) wherem:kQ and { is odd). 2 5 0 15 0 2 + 1 2 : 492+ 102and 1000009 10002 32 :9722 + 2352.i l f u . Factor 5899 using the methodof Draim factorization. e : and (a+cd+b). are evenpositiveintegers.c ) l u s : ( d . . 1 3 . Show that if a is a positiveinteger and a^ *l is a prime. Use the fact that every prime divisor of Fa:2t + I :65537 is of the form 26k + | . : + 7 . r2. Find all primesof the form 2T * 5. then m:2n for some positive integer (ak9-t)-akQ-D + n. To solvethis problem. We now develop the theory for solving such equations.b). The type of diophantine equation ax * by : c. who wrote extensivelyon such equations. 2. using Proposition 2. When we require that solutionsof a particular equationcome from the set of integers. lf dlc. where both x and y are nonnegative integers. b.5 LinearDiophantine Equations Consider the following problem. How many of each denomination number of$20 checks and y the number of $50 checks that he should buy. where a. The following theorem tells us when such an equation has solutions. The postal clerk determinesthe cost of postageto be 83 cents but only 6-cent and 15-centstampsare available. Then we must have 6x + I5y : 83. then thereare infinitely many integral solutions. Find the prime factorization of a positive integer.and when there are solutions. The equation i ax*by:c h a s n o i n t e g r a ls o l u t i o n sf d l c .we have a diophantine equation. A man wishes to purchase$510 of travelers checks. if x : x0. and c are integersis called a linear diophanttne equations in two variables.4 Computer Projects Write programs to do the following: l. where both x and y are nonnegative integers. Theorem 2. 3. we need to find all solutions of this equation. .8. Moveover. 2. Check a Fermat number for prime factors. A related problem arises when a woman wishes to mail a package.fuld)n. The checks are available only in denominationsof $20 and should he buy? If we let x denotethe$50. we first let x denote the number of 6cent stampsand y the number of l5-cent stamps to be used.explicitly describesthem. Perform Fermat factorization. | . Perform Draim factorization (see problem 5). Let a and D be positiveintegerswith d : (a. Diophantineequationsget their name from the ancient Greek mathematician Diophantus.4.86 GreatestCommonDivisorsand PrimeFactorization 2. then the equation 20x * 50y : 510 must be satisfied. ! : yo. 4. Can some combinationof thesestampsbe used to mail the package? To answer this.then all solutionsare given by x : xo+ (b/d)n.lo is a particular solutionof the equation.

one solution of the equation is given by @Io. Suppose that x and y are integers with ax I bY : c.bGld)il: oxst bys: c. Hence. Dividingboth sides this last equalityby d. Sinced l r.Equations 2. by subtractionwe find that G x * b y ) . Using Lemma 2. W e s e e that thi s pai r (x. we have c:de:(as+bt)e:a(se) + bQe).y).yd :0. Proof.3) d:as+bt.thereare n d of no integral solutions the equation. Hence. a(x .1. lt aswell. Since a x s* b y o : . since V rfi"v g rof14 ax t by : oxs* a(bld)n * byo. there is an integere with de : c..'rf trc.3) bv e. which impliesthat a& . -x0-'Ftf11*}f I --te and let To show that there are infinitely many solutions. Hence. since d dlo andd lb. From Theorem2. Multiplying both sidesof (2. wh e re n i s a n i n te g e r.x/ + bU -. we seethat of G l d ) (x .3.( a x s + b y s ): 0 .byPropositio1. there are integers and t with Now assume (2. Assumethat x and y are integerssuch that ax I by : g.1. it . 2 By Proposition.wlere X * S€ rtacl =7€. .x s ) : (b l d ) U t .bld): l.5 LinearDiophantine 87 where n is an integer. we know that bld.xo): bjoy).4.. x:nfo+ $liln y:Y0 G / d) n.y) i s a solution. Then. We now show that every solutionof the equationax * by : c must be of the form described in the theorern. s that d | . N o w p u t t i n gt h i s v a l u e : bOo. D We now demonstratehow Theorem 2.no combinationof 6. and since l0 | 510.8 is used to find the solutions of particular linear diophantineequations two variables. Hence. H e n c e . 2 3 .( 1 3 . w h i c h i mp l i e sth a t x there is an integer n with G / i l n . The greatest common divisor of 20 and 50 is (20. consider the equation 20x t 50y :519. it follows that n : 2 1 .5 Problems l.50): 10. Hence. we must have . We first considerthe equation6x + I5y : 83. 2.8 te l l s u s that al l i ntegralsol uti ons are of the form x : -102 * 5n and y : 5l .2n ) 0. e h a v et h e f o l l o w i n g s o l u t i o n s : y ) : w 5 G ( 3 . 2 4 . Hence.x d aG . a 2. o r 2 5 . a particular solution is given by x 0: . or showthat thereare no integralsolutions a) 2x I 5y:11 b) l7x * l 3 y : 1 g g c ) Z I x * l 4 y :1 4 7 d) 60x * l 8 y :9 7 e) t4o2x + t969y : r. 9 ) .( 1 9 . 5 ) .9l and has received for eachFrench franc and 480 for eachSwissfranc. in Consider the problems of finding all the integral solutions of the two diophantine equationsdescribedat the beginning of this section. Multiplying both sides by 51. The greatestcommon divisor of 6 and 15 is (6./o :5 1 . If he receives I7a$ll. we know that there are no integral solutions. wo find that 20eD * 50 : 10.102 an d .I02 + 5n ) 0 and 5l .l o of y int o th e e q u a ti o n a (x . 7 ) . eitherfind all solutions. Next. 3 ) .2n. t h i s m e a n st h a t y .88 GreatestCommonDivisorsand prime Factorization follows that Q/d) | 9o. A studentreturningfrom Europechanges Frenchfrancs and Swissfrancs his into U. how much of eachtype of currencydid he exchange? . T h e o re m2 . For eachof the following lineardiophantine equations. G/d)n:lo-l.and l5-cent stampsgivesthe correct postage. we obtain 20(-102) + 50(51) : 510. Using the Euclidean algorithm. Since I / gl.( 8 . there are infinitely many integral solutions. n d ( 2 3 .y). Since n is an integer. w e fi nd that : x0 + (bl d)n. t ) . n ) 20 2/5 and n 4 25 l/2.x d : b b /d )n .S. 2 2 . thus.y). Since we want both x and y to be nonnegative.15) : 3. money.

a2. If the total 24 valueof the f.39. If apples cost him 25c each and oranges cost him 18c each and he ordered rnore apples than l€ I oranges. What combinations of these may be used to mail a packagerequiring postageof exactly a) 6. 12.and quarters. the total cost of a lobster dinner is $I I and of a chicken dinner is .7 7 2 At a clambake. of dimes.oins two dollars. and quarters 10.dimes.85. . Find all integersolutions the following a) 2x*3yl4z:5 b) 7x*2ly*352:8 d :1 .$8.. and quarters nickels.all nickels. which cost l8o each.a11).. What can you conclude if the total bill is a) $777 b)$96 c) $692 I anxn: b has equationafi1* a2x2* 7. dimes. b) nickels. and grapefruits. c) pennies.49 for oranges. is what combinations coinsare possible? of .50 b)$4. where d : (a1. has infinitely many solutionsif d I b.how many of each type of fruit did he order? 4.5 Linear Diophantine Equations 89 3. Find all integersolutions the following of systems lineardiophantine of equations a) x* y* z:100 x*8y*502:156 b) x+ y + z:100 x * 6y * 2lz :121 c) x* y* z + w-100 xt2y13z*4w-300 x*4y*9z1'16w-1000..t3. How manywayscanchange madefor onedollarusing be a) dimesand quarters dimes. lineardiophantine equations of 8. l0lx * 10 2 y+ 1 0 3 2 havea total value99c? 9.2. A piggy bank contains coins.00 c) $7 . Which combinations pennies. and quarters? I l. A shopper spends a total of . A grocer orders apples and orangesat a total cost of$8.. Show that the linear diophantine and no solutionsif d / D. A postal clerk has only l4-cent and 2l-cent stamps to sell. What is the minimum number of pieces of fruit the shoppercould have bought? 5. which cost 33c each.

and quartersworth.5 Computer Projects Write programs to do the following: 1.including 46c. Find the solutionsof a linear diophantine equation in two variables. What are the values of the remainingstamps? 2. il b) c) d) Show that whenevern 2 G-l)(6-l) this equation. They discover that there are exactly 33 postage amounts that cannot be made up using thesestamps.90 GreatestCommonDivisorsand PrimeFactorization 13. . 3. Find the positivesolutionsof a linear diophantine equation in two variables. then there are no nonnegative solutions. Nadir Airways offers three types of tickets on their Boston to New York flights. and stand-by tickets are p^y a total of $3274 for their tickets on a particular$39. Let a and b be relatively prime positive integers and let n be a positive integer. 4.a . We call a solution x )) of the linear diophantine equation ax * by : n nonnegativewhen both x and y are nonnegative. to dimes.6.all pennies. If 69 passengers flight. First-classtickets are $70. Find all positive integers n for which the linear diophantine equation ax * by : n has no positive solutions (see problem I 5).$3? 15. 2. Is it possible have 50 coins. Find the solutionsof a linear diophantine equation in an arbitrary number of variables. The post office in a small Maine town is left with stamps of only two values. second-class tickets are $55. positive integers n such that Show that there are exactly (a-1)$-D/2 the equation has a nonnegativesolution. Show that if n: there is a nonnegativesolution of ab . how many of each type of tickets were sold? 14.

For instance.Congruences 3. Example. lf m IG-b). We have 22 = 4 (mod 9).1 Introduction to Congruences The special language of congruencesthat we introduce in this chapter is extremely useful in number theory. clocks work either calendars modulo 12 or 24 for hours. and say that a and b are incongruent modulo m. If a and b are integers. lf a and b are integers. the following proposition is needed. To do this. it is often useful to translate them into equalities. we say that a is congruent to b modulo mif m l(a-b). m m we write a # b (mod m). and modulo 60 for minutes and seconds. Utility meters often operate modulo 1000. and odometers usually work modulo 100000. This language of congruences was developedat the beginning of the nineteenthcentury by Gauss.wewrite a =b (modz). : 18. Likewise Congruencesoften arise in everyday life. . Proposition 3. work modulo 7 for days of the week and modulo 12 for months.1. In working with congruences. Definition.then a = b (mod m) if and only if there is an integer k such that a : b * km. since 9 | QZ-D 3 = -6 (mod 9) and 200 = 2 (mod 9). If a iscongruenttoD odulo .

= b (mod rn ). H e n c e . so that (b -d .a. Proof.c : (a-D ) + (b-c) : Qm : b . then m I b-b). e .th e n b = a (mo d rn ). m I G-d a ? c (m o d z ).b and T h e re fo re . and consequently. m | C o n s e q u e n tl y . ( i) (iil W e s e e th a t a = a (mo d m ). If a: b ( m o d m ) .if there is an integer /< with a : b * km.c . = a D If a = b (mod rz) and b =c (mod la). Hence m I G-b). each containing integers which are mutually congruent modulo m. We have 19 : The following congruences.b.b. then m I G-b) and m | (b -d . (mod m). then a = a (mod m). t h e n m I Q .b .92 Congruences Proof. -2 (mod 7) and 19 : -2 + 3'7. If a and b are integers such that a = b (m o d m).2. Congruencesmodulo rn satisfy the following properties: (i) (ii) (iii) Reflexive property. Let m be a positive integer. Conversely. Transitive property.b (mod m). b. This means that there is an integer k with km : a .k ) m : b .c (m o d m). T h i s s h o w st h a t ( . so that A : b * km. and C o n s e quentl y. Symmetric property. If a is an integer.then a 4 c (mod m ). tr a Example. If e. we see that the set of integers is divided into m different sets called congruenceclasses modulo m. Example.b ) . If a:. k m * Qm : (k + D m. th e re a re i n te gersk and 0 w i th km: a . s i n c em I G-a) :0.2. tr (iii) From Proposition 3. The four congruenceclassesmodulo 4 are given by .t h e r ei s a n i n t e g e rf t w i t h k m : a . properties of proposition establishes some important Proposition 3. and c are integers with a = b (m o d m ) a n d b :. H e n c e . then km : a .

1 Introductionto Congruences 93 Let a be an integer. b. This is called the of system residues 0.$+ c ) 1 . and m are integers with m ) 0 such that a = b (mod m ). From the identity G + d . The division algorithm shows that the set of integers modulorn.c -.| is a complete residuesmodulo m. Sincem I Q-b).1. Let m be an odd positive integer. w e s e em l l f u + d . namely the remainderwhen it is dividedby m.( b + d . we see that a 3 r (mod z).c (modz). TrT m-l is a complete system of residues called the set of absolute least residues modula m.m. First. tm . Hence. If a. we know that m I G-b).m . . From the equation a: bm f r. Congruenceshave many of the same properties that equalities do. 1.. Then the set of integers _ m-l 2 .. Definition.. by the division algorithm. = bc (modm).l. Sincea = b (mod m).(b-c): a .2. every integer is congruent modulo m to one of the integers of the set 0. Proof. we have m integers such that every integer is congruent to exactly one of these ln integers. c.a . To show that (iiD holds. tr ac Example. . 1. A complete system of residues modulo m is a set of integers such that every integer is congruent modulo m to exactly one integer of the set. it follows that m I cb-b). Example..b. r .3 . Since no two of the integers0.note that ac .1.. s o t h a t ( i ) f o l l o w s .b ..S .| are congruent modulo m.... subtraction. or multiplication to both sides of a congruence preserves the congruence. we show that an addition. and hence. it follows from Theorem 3. m ) l.. 1.3. (iiD ac bc (mo d m )..1 that . Given the positive integer m. We will often do arithmetic with congruences. Likewise. nonnegative set of least Example. Theorem 3.m . then (il a*c=b+c(modm). Since l9 3 (mod 8). (iD e .(ii) followsfrom the fact that fu-c) .. we have a : bm * r where 0 ( r ( ru .bc : cG-D. b. (c. m ) 0. we see that The following corollary.3. By dividing both sides by d. a n d m a re i n te g e rssuch that m 7 0. we have G /il G-b) : k fu /d).1 it follows that m/d I Q-b).W e h a v e 1 4 : 7 . lf ac = bc (mo d m). H ence.94 C ongruences 26: 19+7 = 3 +7 : l0 (mod8). ac ? b d (mo d m).5) : 5. Since a = b (mod m) and c = d (mod m). d.c fi . then a = b (mod llz). I f a . c. (10. is also useful.w e k n o w th a t m I Gc-bc): c(a-b).b (mod m/d). If e. Since 42 = 7 (mod 5) and (5.c .1.c/d) : 1. The following theorem. C o rollar y 3. Pro of .m) : 1. the following theorem gives a valid congruencewhen both sides of a congruenceare divided by the same integer. Example.d (mo d m). c and m are integers such that m > 0.2. Since 50 = 20 (mod 15) and 5 0 /10 : 20/ 10 ( mo d l 5 /i l . which is a special case of Theorem 3. o r th a t 6 : I (m o d 5 ). 1. weknow that m I G-U) . B u t 7 * 4 ( m o d6 ) . and c = d (mod rn ).7) = 1. However. 2 : 8 ( m o d6 ) . E x a m p l e . o r 5 = 2 (m o d 3 ). is used often. and ac = bc (mod z). there is an integer k with cb-b): km.2. and m are integers such that a = b (mod nc). Theorem 3. and ac = bc (mod la). then a :. If a. 15: 19 -4: and 38 : l9'2 = 3'2: 6 (mod8). then (i) ( ii) ( iii) a * c = b + d (modm). 3- 4: -l (mod8). d : (c.b .b (mod m/il. a Hence. which is more general than Theorem 3.m). Example. What happens when both sides of a congruenceare divided by an integer? Consider the following example. Theorem 3. Since (m /d . a . 2 : 4 . This example shows that it is not necessarily true that we preserve a congruencewhen we divide both sides by an integer. we can conclude that 4 2 /7 : 7/ 7 ( m od 5 ). from Proposition2. a :. b. Proof. 4.1 Introduction Congruences 95 andmlk-d). tr .1 showsthat rj : rp (mod m) . we know that ari = ar1. ar2 * b.(a+c) d (modm).fti) : 1. ltG-c)-$-il1.d. Corollary 3.$..d ( m o dm ) ' s ot h a t a m Hence.3 w e -8-7=I :8+2:-0 (mod5).. Since . is a completesystemof residues Proof.k-d) : km . (iii). ckm t bQm: mkk+bD.m) : 1. If r612. S inc e 13 = 8 (mo d 5 ) a n d 7 = 2 (mo d 5). . .c . Since the set of integers in question consists of m incongruent integers modulo m. . Hence.ac = bd (mod m).t h e r e a r e i n t e g e r s a n d .b and km * Qm: T o p r o v e( i ) . and if a is a fositive integer with (a . ar^ * b modulo z.. ac . Therefore. m I Qc . theseintegers must be a complete system of residuesmodulo ru. k H e n c e . usi ng Theorem 3.(U+a)|. tr Exa mp le. cG-b) + OG-d): Therefore.Qm : To pr ov e ( ii) .. To see this. First. m ll. (mod m) ' Because(a. note that if ari*b=arr *b (modz)..r^is a completesystemof residuesmodulo m. Q * c = b * (k+Dm. from (ii) of Theorem 3.bc* bc . a r 2 * b . we concludethat i : k. &-Dm. . n o t et h a t ( c + c ) . 0 w i t h k m : a .. Qm: c . 6:13-7 see that 2O-13+7 ( m o d 5 ) . a n d 9 l : l 3 ' 7 : 8 ' 2 : 1 6 ( m o d5 ) . then ar1 t b.to 3. . then.( b + d ) : f u . we show that no two of the integers a r 1 * b .bil.b ) + k .bd :ac .a r ^ * b are congruent mod ulo m.O -d ) : b -b ) .i # rp (mod m) if i # k. not e th a t (a -c ) .. Theorem 3..d ) : ..bd : that note prove To Hence.1. Q Consequently. ( o .a = b ( m o d m 1 . T h e o r e m3 . . a = b where a. ) . Theorem 3..m*]l . .r. where Lm1. .b).rup1 the leastcommon multiple of mr. . is ( m o d z l ) .b. Proof.t/r1 a." m).t/tk.. integerswith mt.b ) . m z l G .m2.5 tells us that = 23 = 8 ( m od 5 )... a : . .Uk). . . tr Example..ml.2 it follows that mlGk .a = b (modz1) C o r o l l a r y3 .then a = b (modn4rtltz... .mpl).then a = b (mod lmpm2.bk)...m2. | From problem20 of Section2. we have ml? a . a = b ( m o d L m 1 . ..t/t1.b ( m o df f i z ) .. . Since ak . 6 .DlGk . Because = b (mod m).b). .. An immediate and useful consequenceof this theorem is the following result.. . l f a : D (modz1).96 Congruences The following theorem shows that a congruenceis preservedwhen both sides are raised to the same positive integral power. rf a.D . 2 . Theorem 3.. m 2 . . *abk-216k-11.. S i n c ea = b .. l f a : b ( m o d m y ) . then ak = bk (mod m) . we see that G . a=b where a and b are integers and ftt1. 343 : 73 The following result shows how to combine congruencesof two numbers to different moduli.fo positive. .r/t2. .. Hence. we seethat [.. ( m o df f i z ) . ...rrr2.5.3. frt2.bk : (a-b) (ak-t+ak-zb+ . and m are integers such that k 7 0.D . Since 7 = 2 (mod 5). m * l )E .rt1..frl2 . Therefore.. b.a = b ( m o dm t ) . know that m. m ) 0. ( m o d f f i z ) . . . and a = b (mod m)...m1.. . . k. relatively prinie positive are integers. . ek : bk (mod m)..m * I G . w e P r o o f .... from Proposition1. m k: l f t l i l l 2 ' ' ' mk Hence.3 .b2.2tt' by Next. . to find 26aamodulo 645 we first express the exponent644 in binary notation: G4qro: (lolooooloo)2. :1601536=I(mod645). This gives us the congruences successively 2 22 2+ 28 216 232 264 2128 22s6 2srz 2 4 16 256 391 16 256 391 l6 256 (mod 645).22.b4. We have just illustrated a general procedure for modular exponentiation. and N are positive integers. We can now compute 2644modulo 645 by multiplying the least positive of residues the appropriatepowersof 2. (mod649.391.6 we know that a :. Finally... as l{ : (arar-t. problem 34 of Section 2. we will be working with congruencesinvolving large powers of integers. . a most first computing 2644.ftt2.b2' reducing modulo rn. . .. We first expressthe exponentN in binary notation.. we compute the least positive residues of 2..apo)2.t?11. For example. by We then find the least positive residues of b . If we attempt to find this least positive residueby residue o1 26+a would have an integer with 194 decimal digits. m 2 . ffi.b (m o d w tfl tz ' ' ' m). (mod645)..28 squaring and reducing modulo 645. (mod 645). we multiply the least squaring and successively positive residuesmodulo m of bv for those j with ai : l.. . (mod649. a In our subsequentstudies. (mod 645). (mod 64il.. This gives : = 16 26aa 2512+128+42512212824 256..3 tells us that l m 1 . (mod645). Since ffi1. (mod 645). (mod 645). modulo rn. . for computing 6N modulo m where b..we undesirable thought. that is. pairwise relatively prime. Instead..1 In t r oduc t ion t o C o n g ru e n c e s zfa Proof..24.from Theorem 3... reducing modulo rn after each multiplication.we will want to find the least positive modulo 645. by successively m.then az = I (mod 8). Next. This is provided by the following proposition. and a = b (mod rn ).m. then a2 = I (mod 4). and we reduce modulo m after each multiplication.. tr 3. Show that if a is an odd integer. and n are integers such that m ) 0. m l O ..98 Congruences In our subsequentdiscussions. then a = b (mod n). and if a is an odd integer. we find the least positive residues of b. Problems For which positive integers m are the following statementstrue il b) c) 27 :5 ( m o dz ) 1000 -. Therefore. Show that if a. 4.f l. a total of O((log2m)2log2lf) bit operationsare needed. Proposition 3. This also requires O(Qog2m)2log2. a n d m a r e i n t e g e r ss u c h t h a t c ) 0 ... 5 .b.n/) bit operations. To find the least positive residue of bN (mod rn). then ac J bc (mod mc).3. This requiresa total of O(0og2m)2log2N) bit operations. and . n I m. because there are at most log2N multiplications. we multiply together the least positive residues of the integers bl correspondingto the binary digits of N which are equal to one. becausewe perform [log2lf I squarings modulo m. then a2 = 0 (mod 4). b. a = b (mod rn ). each requiring o(Iogzm)2) bit operations. Let b. First. a) 22 b) 100 c ) i00l d) -l e) -loo f) -1000. we can use the algorithm just described. Proof. each requiring O((log2m)2) Uit operations. Show that if a is an even integer.b4. we will need an estimate for the number of bit operations needed for modular exponentiation.62'modulo where 2k < N < 2k*t.b2. n ) 0.c. and . Show that if a. 6.1 (mod rn ) l33l : 0 (mod ln)? 2. squaring and reducing modulo ru.A/ be positive integerswithD < m. m. Find the least nonnegativeresidue modulo l3 of 3. Then the least positive residue of bN modulo m can be computed using O (0og2m)2log2N)bit operations. Showthatif a. (n-l)3=o(modn). What time does a clock read a) b) c) 29 hours after it reads I I o'clock 100 hours after it reads 2 o'clock 50 hours before it reads 6 o'clock? 13. : 1 ..m):1.b.b. ) areintegerswithc 0such thata = b (modc). In problems 9-11 construct tables for arithmetic modulo 6 using the least nonnegativeresiduesmodulo 6 to representthe congruenceclasses. 2 . If the condition (a. 9.bi. Show that if n is a positive integer. For which positive integers n is it true that 1 2+ 2 2 + 3 2 + * ( n .n. . I l.c): (bd . Give a complete system of residuesmodulo l3 consistingentirely of odd integers.1 Introductionto Congruences 99 7. . . then n cannot be the sum of the squares of two integers. Construct a table for multiplication modulo 6.k.m): a = b (mod z) still valid? 16. n 'a r ei n t e g e r st h e n . Construct a table for subtraction modulo 6. where a and b are integers and p is prime? 15. and m)0 m a r e i n t e g e r sw i t h k > 0 I is dropped. Show that if ak = bt (mod nr) and ak+t : bk+l (mod nr).. is the conclusionthat a = b (mod rn ).2. Qi. ( m o d r n) . . Which decimal digits occur as the final digit of a fourth power of an integer? 14.3. then il b) t+2+3+ 13+23+33+ +(n-l) + =0(modn). 19. i nn il b) )a1 j-t nn =)b1 j-l (modz) j-l f l a'i : - t-t f l br. What can you conclude if a2 = 62 (mod p). then the only solutions of the congruence x x 2 = x ( m o d p ) a r e t h o s ei n t e g e r s w i t h x = 0 o r I ( m o d p ) . wherea.. and then such that (a..andc (a. 17.l ) 2 = o ( m o dn ) ? 18. 20. 12.then where m is a positiveinteger and Show that if ai =bi (mod z) for j : 1. il Show that if p is prime. Show that if n = 3 (mod 4). 8. Construct a table for addition modulo 6. . 10. b.a2. .. respectively.2. Show that M(tr* M2a2* * Mpap runs through a complete system of residues modulo M when a1. then the only solutionsof x2 =x (mod pk) arethoseintegersx such that x E 0 or I (modpe).nt2. Explain how to find the sum z * v from the least positive residue of u * v modulo m. and t : T2 . with 0 ( z ( z. (n. run through complete systemsof residuesmodulo rn1.n\r be pairwise relatively prime positive integers.. where u and.c. Show that d) Let ac:eT*f where e 0</(r. For each computation. multiplicertion modulo n.0 < h < T. show that all the required computer arithmetic can be done without exceedingthe word size. c) Letz = ad * bc (mod n). Let t/t1. and such that + bd (mod n). where a. v are positive integers less than z .t/t2..n. Show that if x and y are nonnegativeintegers less than n. a) b) Show that lr | < r... Show that if p is prime and ft is a positive integer.100 Congruences b) 21. and where it is greater than v.. Let T:IJn + %1.) 24.1..r/t1.. Showthat xy : (z*et)T and f areintegerswith0(e<Tand + ft * bd (mod n).. (Hint: Assume that u ( v and consider separately the cases where the least positive residue of u I v is less than a. (This method was describedby Head t67]).. and d are integers such that 0 ( a ( 0 ( c < T.. on a computer with word size w. and 0 < d < T. M : mifiz' ' ' mp and Mj : M/mi for.a1. where g and h are integers with 0 ( g ( xy : hT + V+S)t f.... y:cT*d Z. 0 < . ..with0(v v : gT * h. can be performed as outlined. < T. then x:aT*b. 2 3 ..k. where n I w f2. Showthatwecanwrite e) Letv:z* er (modn). Find the least positive residuesmodulo 47 of a) 232 b) 247 c) 22w Let 2 2 . In the morning. During the night. Can you propose a theorem from the above congruences? 28. He then hides his portion of the pile. Not trusting the other men. This gives the desired result.1 Introduction Congruences 101 f) Show that the right-hand side of the congruence of part (e) can be computed without exceeding the word size by first finding j with j = (f +s)l (mod n) and 0 < j < n. The men have collected a pile of coconuts which they plan to divide equally among themselves the next morning.sothat xy:hT+ft(modn). 25. each of the other four men does exactly the same thing by dividing the pile they find into five equal parts leaving one coconut for the monkey and hiding his portion. 29. 3ro modulo I I 2r2 modulo 13 516modulo 17 322modulo 23. the men 30. 26. Can you propose a theorem from the above congruences? Find the least positive residuesof a) b) c) d) e) 5! modulo 7 10! modulo 11 12! modulo 13 16! modulo 17. a) Five men and a monkey are shipwrecked on an island. one of the group wakes up during the night and divides the coconuts into five equal parts with one left over. which he gives to the monkey. Find the least positive residue of a) b) c) d) e) 27. Prove Theorem 3. . Develop an algorithm for modular exponentiation from the base three expansion of the exponent. Show that the least nonnegative residue modulo m of the product of two positive integers less than m can be computed using O(logzm) bit operations.to 3. and then finding /c with k=j+Dd(modn) and0<k<n.5 using mathematical induction. and if it does. so that x 1 is also a solution. there are n men and k monkeys.7. If d I b. . Theorem 3. Perform modular exponentiationusing the algorithm describedin the text. Therefore. tells exactly how many incongruent solutionsthere are modulo m. then all members of this class are solutions. We first note that if x : xo is a solution of the congruence ax 7 b (modm).102 Congruences gather and split the remaining pile of coconuts into five parts and one is left over for the monkey. 3. and if x1 : r0 (mod m). Let a.2 Linear Congruences A congruenceof the form ax = b (mod m)' where x is an unknown integer. The following theorem tells us when a linear congruence in one variable has solutions.m) : d.b (modz). lf d I b. Find the least nonnegativeresidue of an integer with respectto a fixed modulus. and m be integers with ru ) 0 and (a. then ax j D (mod rn ) ax 7 b (mod rn ) has exactly d incongruent solutionsmodulo z . is called a linear congruencein one variable. then has no solutions. 3. In this section we will see that the study of such congruences similar to the is study of linear diophantine equationsin two variables. and at each stage the monkeys receive one coconut each. b. this is exactly the same as asking how many incongruent solutions there are modulo m. Perform modular addition and subtraction when the modulus is less than half of the word size of the computer. if one member of a congruence class modulo m is a solution.1 Computer Projects Write computer programs to do the following: l. 2. we'may ask how many of the m congruenceclassesmodulo m give solutions. What is the minimum number of coconuts the men could have collected for their original pile? b) Answer the same question as in part (a) if instead of five men and one monkey. 4. Hence. Perform modular multiplication when the modulus is less than half of the word size of the computer using problem 24. then ax13 axs. 3. 3. From Theorem 2.we find that fu/d)tr j @/d)t2 (modm). To find a particular solution.ry*"see "ore# This shows that a complete set of incongruent solutions is obtained by taking xo+ (m/d)t. The Euclidean algorithm showsthat r "v A C.2. so that by Now (m. we consider the linear diophantine equation 9x . We now illustrate the use of Theorem Example. we know that if d tr b. To determine how many incongruent solutions there are.. To find allsolutions of 9x = 12 (mod l5). If these two solutions are cbngruent. where x : xo and y : !0 is a particular solution of the equation. We can find these solutions by first finding a particular solution and then adding the appropriatemultiples of l5/3 : 5. Subtracting xo from both sidesof this congruence.q.. we first note that since (9.. the linear congruence ax 7 b (mod m) is equivalent to the linear diophantine equation in two variables ax . ax .my : b has infinitely many solutions. From Proposition 3. we find the condition that describeswhen two of the solutions xl : x0 + (m/d)tt and x2: xo * (mld)tz are congruent modulo m. then r o * fu /d )tr z x o * fu /d )t2 ( mod m).2 LinearGongruences 103 Proof. where / ranges through a complete system of residues x: where One such set is given by x : xo + @/d)t modulo d..m/d) : m/d since@/d) tt t r z 1 2( m o d d ) . are the solutionsof the linear congruence.l5y : 12. n / : 0.l : lo+ b/d)t. The integer x is a solution of ax 7 b (mod m) if and only if there is an integer y with ax . -d l . The values of x given above.there are infinitely many of these.1.tS) :3 and I l{hnere are exactly three incongruent solutions. while if d I b.1. | z. there are no solutions.m! : b.given by x : ro * (m/d)t. x:xo*'(mld)t. A=h that .my : b. .8. w e mul ti pl y both si des of this congruence by 9. Since the solutionsof 7x = I (mod 31) satisfy x = 9 (mod 3l).5 .2 . to obtain 9 -7 x = 9. l : 9 . if ax = D (mod m). Hence ) [ : 5 . we can multiply both sides of this congruence by a to find that a Gx) : ab (mod rn ).)) 1 5: 9 ' l + 6 9 :6'1 + 3 6:3'2.l2y :4. Analogously.t2): obtain a solution of the linear diophantine equation 7x .?{ ti'L Example.2 . and x : x o + 5 ' 2 : 1 8 = 3 ( m o dl 5 ) . Given an integer a with (a. x : x0 + 5 = 13 (mod l5). 2. let a be an inverse of a modulo m .2. From of Theorem 3. we need only 0. To find this. we can use it to solve any congruenceof the form ax 2 b (mod m).1 5 .7.7 . 4 : 1 2 . and all integers congruent to 9 modulo 31. we see that a complete set of 3 incongruent solutionsis given by t : x0 = 8 (mod l5). 2 : 5 . 7- . 7 is an inverseof 9 modulo 31.1 5 .( t S ..x = 1 9 8 : 1 2 (mod 31). H e n c e9 . a solution of ax 7 I (mod lz) is called an inverse of a m odulo m . (a .q . D : 9 .0 . a particular solutionof 9x .-'}'f.l5y : 12 is given by "o From the proof of Theorem 3. / \ /' \ n 0.2 . since 9'7 = I (mod 3l) .5.2 .22 ( m od 3 1 ).9. there is a solution to this congruence and only if (a. To find all solutions of 7x = 4 (mod l2). so that x [[ (mod ln ) . 8 . 7 : ( 1 2 . 1 ) . 2: 5 . To see this. 73 )ly =\ lF ai= F7 r3 ?. T o f ind th e s o l u ti o n s f 7 x :2 2 (m o d o 31). if and then all solutions are congruent modulo rn. Then.t5). there is a unique solution modulo 12.m) : l. Exa m ple.m): l. a n d : 8 and lo : 4.L{a. an inverse of 7 modulo 31.m) : l.104 Congruences s o t h a # s 9 : ' e . 1 : 3 .I i =7. 3. H e n c e . then We note here that if j b (mod m) has a unique solution modulo rn.. are inverses of 7 modulo 31. The Euclidean algorithm gives 12:7' l + 5 7:5'l+2 5:2'2*l 2 : 1 . We now consider congruences the special form ax ? I (mod la). ax the linear congruence Example. When we have an inverse of a modulo z. so that aa: I (mod rn ). we note that since l.7. b) When the procedure of part (a) is iterated.3 . all solutionsof the linear congruences given by x = -20 = 4 (mod 12). T h e r e f o r ee i t h e ra = I ( m o dp ) o r q : . one obtains a linear congruence x=B(modn). 3x = 2 (mod 7) 6x = 3 (mod 9) l7x = 14 (mod2l) d) e) f) l5x = 9 (mod 25) l28x = 833 (mod 1001) 987x = 610 (mod 1597). where c1 is the least positive residue of m modulo a.l: (a-l)(a+l). The following propositiontells us which integers have this property. Let p be prime. we will want to know which integers are their own inverses modulo p where p is prime. Therefore. a) b) c) 2.m):L following method can be used to solve the linear congruenceax 2 b (mod m). a) Show that if the integer x is a solution of ax = b (mod m).2 Linear Congr u e n c e s 105 12. Find all solutionsof eachof the following linear congruences. p I G + t ) . then x is also a solution of the linear congruence ag -b[m/al (modzr). : l. E . The 70 Leta.and (a. The positive integer a is its own inverse mo d ulop if and on l y i f a = | (m o d p ) o r e : -l (mod p). Note that this congruence is of the same type as the original congruence. p I Gz-t). m f C o n v e r s e l yi . one obtains a sequence of with of equal to linear congruences x coefficients oo: cr ) a1) a2) S h o w t h a t t h e r e i s a p o s i t i v ei n t e g e r n w i t h d.1 ( m o d p ) . t h e n a 2 : a ' o : . p I G-l) or either Since a2 Hence.with a positive integer smaller than a as the coefficientof x. or a : Proof.7. -l(modp). so that at the nth stage.4.and mbe positiveintegerswitha .3 .5.. 3. so that a I (modp). lf a :l(modp) is its own inversemodulo p. .a particular solution to the linear diophantineequation are is xs : -20 and ys : 12. Proposition 3. Hence. then a2 = l(modp).2 Problems l. a i s i t s o w n i n v e r s e o d u l op . Later otr.m ) 0.b. f d I c. m ) . Show that the congruence x2 = I (mod pt) has exactly incongruent solutions. 8. h a s e x a c t l yd m .namely x E tl or +(t+Zk-t) (mod 2ft). b . Show that when k : I there is one solution and when k :2 there are two incongruent solutions. Find all solutionsof the following linear congruencesin two variables a) b) 2x * 3 y : I ( m o d 7 ) 2x + 4 v = 6 ( m o d 8 ) c) d) 6x * 3y =0 (mod9) lOx * 5v = 9 (mod l5).i ir un inverse of ab modulo z. Show that the linear congruence in two variables ax * by = c (mod z). then the congruence x2 = a (mod p) has either no solution or exactly two incongruent solutions. 3. 7. 5. Use the method described in part (b) to solve the linear congruence 6x = 7 (mod 23). m a r e i n t e g e r s m ) 0 . b . Let p be an odd prime and k a positive integer. when k > 2. how long is the orbital period of the satellite? = F o r w h i c h i n t e g e r s cw i t h 0 ( c < 30doesthecongruencel2x c (mod30) have solutions? When there are solutions. Show that if p is an odd prime and a is a positive integer not divisible by p. incongruent solutions . namely two xE-fl(modpt). If the astronomer notes that the satellite completes 11 orbits in an interval starting when a 24-hour clock reads 0 hours and ending when the clock reads l7 hours. Show that if d'is an inverse of a modulo m and D is an inverse of D modulo m. Show that the congruence x2 = I (mod 2ft) has exactly four incongruent solutions. 10. and no solutionsotherwise. w h e r e a . then an inverse of a modulo m can be found using O (log m) bit operations. An astronomer knows that a satellite orbits the earth in a period that is an exact multiple of I hour that is less than I day. I l. Show that if a and m ^re relatively prime positive integers with a ( rn. 9. then a. a n d . how many incongruent solutions are there? Find an inversemodulo 17 of a) 4. 4c)7 b) 6.106 Congruences c) 3. w i t h d : G . 12.2 Computer Projects Write programs to do the following: . s d) re. c . a2(mod. with different moduli (moduli is the plural of modulus). Solve linear congruencesin two variables.. In the first type. The Chinese Remainder Theorem.. which derives its name from the type ancient Chineseheritageof the problem. The theory behind the solution of systemsof this congruences is provided by the following theorem.. has a unique solution modulo M . 5 . This puzzle leadsto the following systemof congruences: I (m o d 3 ). we discusssystemsof simultaneous congruences.3 The ChineseRemainderTheorem In this sectionand in the one following. but First. using the method given in the text. a remainder of 2 when divided by 5.m2).r/t2. Solve linear congruence using the method given in problem 2.tltfitz . 2.3 Th e Chines e Rem a i n d e r T h e o re m 107 l. Let rlt1. x 3 (mod 7) We now give a method for finding all solutions of systems of simultaneous such as this..). Such systemsarose in ancient Chinese puzzlessuch as the following: Find a number that leavesa remainder of I when divided by 3. and a remainder of 3 when divided by 7. ar(modm. where all congruences have the same modulus.trtrbe pairwise relatively prime positiveintegers. Find inversesmodulo m of integers relatively prime to ln where m is a positive integer. We will study two types of such systems. The secondtype consistsof more than one simultaneouscongruencein more than one variable.3. Solve linear congruences 3 . there are two or more linear congruencesin one variable. 4 . that involveonly one variable. x 2 (mod5). Solve linear congruencesusing inverses. we considersystemsof congruences different moduli. 3. Then the systemof congruence x x a 1 ( m o dz 1 ) . + 3 . The integer x is a simultaneous solution of the r congruences. First. 2 1 . Let xs and x 1 both be simultaneoussolutions to the system of r congruences.7. T o d e te rm i n e !r. Finally. in the sum for x./r of M1 modulo mp. we construct a simultaneous solution to the system of congruences.. a n d Mt: 105/ 7 : 1 5 . This shows that the simultaneoussolution of the system of r congruences unique modulo M. 1 5 .2. Therefore. To demonstrate this. We illustrate this method with an example. from Theorem 3. we know that (Mr. we must show that x ? ar. . Therefore. w e h a v e M . (mod m1) for k : 1.3 .1. We now form the sum x : atM01* a2M21. sinceM*t We now show that any two solutions are congruent modulo M. x E l ' 3 5 ' 2+ 2 . Hence. so that mr | (xo-x). all terms except the kth term are congruent to 0 (mod m). 2y r = I (m o d 3 ). T h i sgi ves/r E I (mod 7). 7: 1 0 5 . tytk_rntk+l . since mt I Mi wheneverj * k.108 Congruences Proof. Then. since (mi. To do this. x0 E xr E ar (mod m*). Supposewe wish to solve the system . Using Theorem 3.. tr is We illustrate the use of the Chinese remainder theorem by solving the system that arises from the ancient Chinese puzzle. Example. = I (mod mt). To solve the system x = I (mod3) x=2(mod5) x = 3 (mod 7). ak (mod m*). T h i s y i e l d sj zr E 2 (mod 3).t2* * arMry. . this immediately gives lz = I (mod 5). so that Mt lr.x0 E x1 (mod M). W e fi nd yzby solving 2lyz: I (mod 5). we have Mj :0 (mod nzp). Hence. There is also an iterative method for solving simultaneous systems of congruences.r. M r : 1 0 5 / 3 : 3 5 . wef ind y t by s o l v i n g r5 y t= 1 (m o d 7 ). 1 1 -157= 52 (mod105).'7. 5 . mr.. M z : I A 5 / 5: 2 1 . or equiv alent ly . w e sol ve 35yr= I (mod 3). for each k. we see that M l(xe-x1). let Mk : M/mt : fttlll2.. we can find an inverse . H ence. mp) : I wheneveri I k. mt) : I from problem 8 of Section2. x ? etM*lr: = I (mod m). Note that the method we have just illustrated shows that a system of simultaneous questions can be solved by successively solving linear are congruences. where / is an integer.r/12.fidfti4.r.1 tells us thatu -7v * 6. n43. The Chinese remainder theorem tells a us that given pairwise relatively prime moduli r/t1. This can be done even when the moduli of the congruences are consistent.1 again. We use Proposition 3. a.we find that x : 2O6 (mod 210).3 T he Chines e R e ma i n d e r T h e o re m x=l(mod s) x = 2 ( m o d6) x = 3 ( m o d7 ) . Using Proposition which can easily be solved to show that / : 5 (mod 6) : 6u * 5 where u is an integer. namely x : 5t * l.. and this is the simultaneoussolution... x : 3 0 (7 v + 6 ) + 2 6 :2 1 0 v + 206. Translating this equality into a congruence.1 to rewrite the first congruenceas an equality. First. We convert integers less than 106 into 4-tuples consistingof their mq: least positive residues modulo mt. but that we wish to do arithmetic with integers as large as 106.we obtain 30u t 26 = 3 (mod 7).2. and . Inserting this expressionfor x into the second congruence..) The Chinese remainder theorem provides a way to perform computer arithmetic with large integers. we write t for x :5(6rz+5) * I : 30u 126. 3. When this congruenceis solved. positive integer n with n < M : rltiltz' ' ' mr is uniquely determined by its least positive residuesmoduli mi for j : 1. Hence.3 . Supposethat the word size of a computer is only 100.. When we insert this expression x into the third congruence.. ffi2. where v is an integer.. Proposition3. Consequently. we find pairwise relatively prime integers less than 100 with a product r/t2:98. (See problems 7-10 not relatively prime as long as congruences at the end of this section. 1 e x c e e d i n g 0 6 .f o r i n s t a n c e w e c a n t a k e m t : 9 9 . we find that 5r+l:2(mod6)...ffi. Hence. m3:97. we find that u : 6 (mod 7). 95. To store very large integers and do arithmetic with them requires special techniques. (To convert integers as . (mod 95). We wish to add x : 123684 and y : 413456 on a computer of word size 100.W e h a v e M : 9 9 ' 9 8 . !+= 4 x * y = 65'903070'37+ 2'912285'33+51'921690'24+ l0'941094'4 : 3397886480 = 53 7 1 4 0(m o d 3 9 4 0 3 9 3 0 ). Mt: Ml97:921690. so that y y y y = = : = 32 (mod99). x?8(mod98). However. 9 7 . 9 5 : 8 9 4 0 3 9 3 0 M r : M / 9 9 : 9 0 3 0 7 0 . 92 (mod98). (mod m).24 (mod 97). (mod98).3. and We find that yr:37 (mod95). The following example illustrates this technique. /r -.we need to work with large integers using multiprecision techniques. for instance. To do this.we concludethat x + y : 537140. We need to find the inverse of Mi (mod /i) for i : 1. yz = 38 (mod 98). t/t2. . Hence. We now use the Chinese remainder theorem to find x * y modulo 9 9 ' 9 8 ' 9 7 ' 9 5 . x = 89 (mod95). Example. . (mod 97). x:9(mod97). x+Y=65(mod99) x+y:2(mod98) x + Y = 51 (mod 97) x+y:10(mod95). We then use the Chinese ! = li (mod m). Since 0 ( x * y < 89403930. rrrzking use of the fact that if x = xi (mod m) and : xi * y. and Mq: Ml95:941094. We have x = 33 (mod99). ?. then x * y remainder theorem to convert the set of four least positive residuesfor the sum back to an integer. rn3. we simply add their respective least positive residues modulo tntt.2. 42 (mod97). Mz: Ml98:912288. (mod 99).) Then.110 Congruences large as 106 into their list of least positive residues. we solve the following congruences(using the Euclidean algorithm): 9O307Oy = 9ly r t 912285y2: 3yz: 921690y3 : 93y3 = 941094ya = 24yq = 1 I I I (mod 99). 1 6 ( m o d9 5 ) .to add integers.fid ftr4.4. this is done only once for each integer in the input and once for the output. is the greatestcommon divisor of a and b. Using Lenrma 3. with 235a common value. If a and b are positive integers.)+ .1. and the steps of the Euclidean algorithm with a : rs and b : . then the greatest common divisor of 2o .3 . we need integers less than 235 that are pairwise relatively prime which multiply together to give a large integer. modulo a residue of (2.1 is 2 k .l. where r is the least positive residue of a mo d u l o b. lf a and b are positive integers.2. Proof. Computer arithmetic with these numbersturns out to be relatively simple (see Knuth t57l).3 Th e Chines e Rem a i n d e r T h e o re m 111 On most computersthe word size is a large power of 2.I is 2' residue of 2o . r.I is 2' .-l). that the which shows (Zb_DebQ-t)+r a + 2b+.I modulo 2b . Lemma 3.1. b ). When we perform the Euclidean algorithm with a : ro and b obtain f g f 1 : : rtQt * rZ 0(12(11 we r2Q2-t r3 0(r:(-rz : ln-2Qn-2* 0< where the last remainder. To produce a set of pairwise relatively prime numbers of this form.1. Hence. 1 t o Pro v ethe following result. w € o b ta i n .1 modulo 26 .1 and 2' .I : Ro and2b . we first prove somelemmata. Lemma 3.1. when we perform the Euclidean algorithm on the pair 2 a .then the least positive residueof Za . From the division algorithm.we use numbers of the form 2m .1 . where m is a positive integer. Proof.+2. to use modular arithmetic and the Chineseremainder theorem to do computer arithmetic.l. D We u s e Lem m a 3. this is the least positive remainderwhen 2a . c : bq * r where r is the least pos'itive -1) : (2o-l) : 12b++r We have b. To find such integers.I : R 1 .I is divided by 2b . t7t4. Also. leads to simultaneous computations which may be performed more rapidly than one operation with large integers.Rn-l : )r'-r . We p:gk lfir:2t5 . tns: 22e l. tr From Lemma 3. namely the least positive residuesof the large integers with respectto the various moduli. We can now use Proposition 3.l. ^ Rn-t : 2r'-t-1 Here the last non-zeroremainder. we have M : H!fl2nt3n4qrflsftio2 2t86. there are some definite advantages to this approach. Supposethat we wish to do arithmetic with integers as large as 2186.5 the M i's are pairwise relatively prime. reducing an operation involving two large integers to a set of operations involving smaller integers. is the greatest common divisor of Ro and R1. First.ztt . by Proposition 3.112 Congruences Rs :RrQr*Rz R1 :RzQz*R: R2 :2"-| R3 :2"-\ Rn-r : Rn-z: Rn-zQn-z* --. tltz:zto .2. t/t3:233 . multiplication of large integers may be done faster using these ideas than with many other multiprecision methods.I : 2G'b).l. we have the following proposition.I are relatively prime if and only if a and b are relatively prime.1 and 2b .with product greater than a specified integer. Although it is somewhat awkward to do computer operations with large integers using modular arithmetic and the Chinese remainder theorem. and r/t6:22s . even without taking into account the advantages of simultaneous computations.l. The positive integers 2a . The interested reader should consult K nut h t 561. . Since the exponents 2 in the expressions of for the mi are relatively prime.5 to produce a set of pairwise relatively prime integers.I. on many high-speed computers. Second. we can now use modular arithmetic and the Chinese remainder theorem to perform arithmetic with integersas large as 2186.l.5.l. Proposition 3. operations can be performed simultaneously.'-r Rn-l Rn-tQn-t. each of which is less than 235. So. 2 . 5. 149335. or 249335 miles when the odometer reads 49335 and works modulo 100000. and then insert this expressionfor x into the secondcongruence.a2 (mod m2) Show that when there is a has a solution if and only if (m6m2) | Gra). is the x = -l (mod 9). a) x:4(modll) x = 3(mod 17) x = l(mod2) x = 2(mod 3) x = 3(mod 5) c) x x x x x x x x x = = E = 0(mod 2) O ( m o d3 ) l(mod 5) 6(mod 7) b) d) :2(mod ll) = 3(mod 12) = 4(mod 13) E 5(mod 17) = 6(mod l9). Show that the system of congruences x 4 a1 (mod rn 1) x :.b. What is the smallest number of bananasthey can have? 3 . solvethe following simultaneoussystem of congruences . As an odometer check. * km. it is unique modulo (lmvmzl). x: kth prime. Find a multiple of I I that leavesa remainder of I when divided by each of the integers2. a special counter measuresthe miles a car travels modulo 7. x . c ) : l . of Find all the solutionsof each of the following systems congruences. -2 (mod 25).... A troop of 17 monkeys store their bananas in eleven piles of equal size with a twelfth pile of six left over. s u c ht h a t G n * b ..3. (Hint: Write the first congruenceas x : a.-ls*l (mod p|). Explain how this counter can be used to determine whether the car has been driven 49335. solution. Using problem 7. the congruences 7 . where p1.) then there is an integer n 6" Show that if a. where ft is an integer.3 Problems l.5.b) :1.) 8 . Show that there are arbitrarily long strings of integers each divisible by a perfect square.3 .and 7. In problems 7-10 we will consider systemsof congruenceswhere the moduli of are not necessarilyrelatively prime. When they divide the bananas into 17 equal groups none remain. 4. and c are integerswith (a. (Hint: Use the Chinese remainder theorem to show that there is a simultaneous solution to the system of congruences x 5 0 (mod 4).3 The Chines e Re ma i n d e r T h e o re m 113 3. 7) with I (i <l (r.t h e n i t i s u n i q u e m o d u l o lm1.) 10. if b has prime-power factorization 6 : pl' pl' ' ' ' pl.5. respectively..m1) | G. but no eggs are left over when they are removed7 ata time? 784 and 813 on a computer of word size 100.' Z 14. (Hint: Use problem 7 and mathematicalinduction. m2. According to the theory of biorhythms.. emotional. or 6 at a time. A positive integer x * | with n base b digits is called an automorph to the base b if the last n base b digits of xz are the same as those of x. 9. Each cycle follows a sine .a) for all pairs of integers (i. explain how to add and how to multiply 13.3.l. and intellectual cycles. Using the Chinese remainder theorem. S h o w t h a t i f a s o l u t i o ne x i s t s . 3 4.. Show that the systemof congruences x t a1 (modz1) x z az (mod m2) v.. a) b) Find the base l0 automorphs with four or fewer digits. Using problem 9. How many base b automorphs are there with n or fewer base b digits..28. x=6 b) x = 2 (mod 14) x = 16 (mod 2l) x : l0 (mod 30) (mod9) c) x = 2 (mod15) x=8 x = l0 (mod 25) ll.r = 2 (mod 6) (mod8) x=4 (mod14) x=2 x = 14 (mod 15) (mod9) e) x = 7 x = 2 (mod l0) (mod12) x=3 (modl5). t 2 .ffi. of lengths 23.114 Congruences at \- x: y - 4 (mod 6) 13 (mod15) b) x =7 (modl0) x=4(mod15). there are three cycles in your life that start the day you are born. solve the following systemsof congruences a) x= 5 (mod6) (modl0) x=3 (mod15) x=8 d) . . These are the physical. and 33 days.4. (mod ln") has a solution if and only if (m. What is the smallest number of eggs in a basket if one egg is left over when the eggs are removed 2. where all three of your cycles have lowest amPlitude? When in your life will all three cyclesbe a neutral position (amplitude 0) ? b) c) to 15. starting with amplitude zero. (Hint: Use problems 9 and l0 of Section 2. 3. dropping further to amplitude minus one three quarters of the way through the cycle. where all of your three cyclesare at maximum amplitudes? For which days of your life will you be at a triple nadir. and e : 2 if as} 2. climbing to amplitude I one quarter of the way through the cycle. the Chinese remainder of of Solve systems linear congruences the type given in problems7-10. Answer the following questionsabout biorhythms. a) x = 0 (mod 3). set of the Show (mod 4). a) For which days of your life will you be at a triple peak. Add large integers exceedingthe word size of the computer using the Chinese remainder theorem.7 inches. of Solve systemsof linear congruences the type found theorem.3 Computer Projects Write programs to do the following: l. x = I (mod6). 2. x (mod30). Show that the congruencex2 = 1 ^ : zo'p'r'pi' w 2'+' solutions heree : }if a6 : 0 or l. and x 104(mod 105)is a (mod 35). rl (modl0). b) ) Show that the set of congruences x = 0 (mod 2) .) Let m be a positive integer with The three children in a family have feet that are 5 inches. x = 0 ( m o d 3 ) . x 7 (mod 42).3. . A set of congruences distinct moduli greater than one that has the property that every integer satisfiesat least one of the congruencesis called a covering set of congruences. congruences x = 0 (mod 2). x = 5 covering set of congruences.x-4 ( m o d l 4 ) . x = I (mod 6).Theorem 3. € : I if a6 : 2. measuringtime in quarter days (so that the units will be integers). and x = ll (mod 12) is a covering set of x = | congruences. they each find that there are 3 inches left over. it factorization prime-power (mod m) has exactly p:' . x = 0 (mod7).and 9 inches long. When they measure the length of the dining room of their house using their feet. x = 2 ( m o d2 l ) . x = 2 ( m o d l 5 ) .3 The ChineseRemainder 115 curve with period equal to the length of that cycle. dropping back to amplitude zero one half of the way through the cycle. x=l x = 0 (mod5). How long is the dining room? 3. and climbing back to amplitude zero at the end of the cycle. x = 59 (mod 70). to obtain I 5x * 20y = 25 (mod 13) 8x * 20y :. This gives by 2'7 x : which tells us that x = 7 (modl3). we can multiply the first congruenceby 2 and the secondby 3.4 Systemsof Linear Congruences We will considersystemsof more than one congruenceinvolving the same number of unknowns as congruences. where b is a positive integer greater than one (seeproblem 13).116 Congruences 4. 6. Find automorphsto the base D. we multiply the first congruenceby 5 and the secondby 4. to seethat -2'3 (mod 13). Suppose we wish to find all integers x and y congruences 3x * 4y :5 (mod13) 2x t 5y = 7 (mod 13) such that both of the are satisfied. We subtractthe first congruence from the second. we multiply both sides of the above congruences 2. Multiply large integers exceeding the word size of the computer using the Chinese remainder theorem. . 5. To attempt to find the unknownsx and |. 3. Plot biorhythm charts and find triple peaks and triple nadirs (see problem l4). Since 2 is an inverse of 7 (mod 13). We begin our study with an example. Likewise. find that to 7x = -3 (mod l3). where all congruences have the same modulus.28 (mod 13). w Theorem3.f . y = 9 (mod l3). we multiply both sidesof this congruence 2. We multiply the first congruenceof the system by d and the secondby b .b. an inverseof 7 modulo 13 . of We now give a general result concerningcertain systerns two congruences in two unknowns. the solutions of this system of congruencesare all pairs G. where A ir un inverseof A modulo m.8. to o bt ain .we see since that thesepairs actually are solutions. a n d m b e i n t e g e r s i t h m ) 0 . 3x * 4y : 3'7 + 4'9 : 57 =5 (mod l 3 ) 2 x * 5 v = 2 ' 7 + 5 ' 9 : 5 9 : 7 ( m o dI 3 ) . Proof. We get ( m o dl 3 ) . 6x * l5y we from the second. T h e n .4 Sy s t em s of Line a r C o n g ru e n c e s 117 6x * 8y = l0 (mod 13) -2l (modl3).y) with x = 7 ( m od 13) and v = 9 (m o d l 3 ). Hence. for When we insert these congruences x and y into the original system.3 .c.€. obtain the Whenwe subtract first congruence 7y = 11 (mod13). th e s y s te mo f congruences ax*by:e(modm) cx*dy:f(modm) has a unique solution modulo m given by = @e-bfl (mod ln) " = 4 y L Gf -ce) (mod m). wher eA : a d -b c . s u c ht h a t (L . by To solve for y. Let a. What we have shown is that any solution (xy) must satisfy x = 7 (mod l3).m) : l. Z"ly :2'll so that v = 9 (mod l3).d. y) is a solution of the system of congruences. we subtract the secondcongruencefrom the first. we multiply the first congruence c and the secondby a. by to obtain acx * bcy = ce (mod m) acx * ady = af (mod m). to concludethat x = A @e-bfl (mod la). an inverseof A modulo by m.118 C ongruences adx * bdy = de (mod m) bcx * bdy = bf (mod m) . s i n c eA : ad-bc. We subtract the first congruencefrom the second. we multiply both sidesof this congruence A. to find that G d -b c ) x = d e -b f o r . Then. Ax = de-bf (mod rn ). we multiply both sidesof the abovecongruence r to seethat by y = I bf -cd (mod z). then x = A @ e -b f) (m o d z ) .y) is a solution. Next. When x=A @e-bfl (mod m) andy: ibf -tri (mod m). y = L bf -ce) (mod z).to find that Gd-bc)y or Ly : af -ce (mod na). we have . We have shown that if (x. In a similar way. (mod m). We can easily check that anX such pair G. : of -ce (mod z) Finally. tr involving n By similar methods. with (i.f : / ( m o dm ) . fud-bc) e e (modm). However. The matrix congruence A = B (mod m) provides a succinct way of expressing the nk congruences o. by methods taken from linear algebra.3 . we may solve systemsof r congruences of solving such systems. We say that A is congruent to B modulo m i f a i i .j = bi1 (mod m) for I ( i ( rz and I ( 7 < /c. of We need to define congruences matrices before we proceed.4 S y s t em s of Lin e a r C o n g ru e n c e s 119 ax*by gE @r-bn + bA Gf -ce) -abf -bce) L bde-abf L.L Gde-brf + adf-cde) = a bd-bdf = A'L. We will use some of the basic in notions of matrix arithmetic which are discussed most linear algebra texts. it subsequent is helpful to use the language of matrices. 7 ) w i t h I < t ( n a n d t ( . Example. Let A and B be nxk matrices with integer entries. ( m ord ) ' r l: rJ . Definition. we will develop the theory well as larger systems. and cx * dy : 4 tat-bn + dE Gf -ce) :. involving n unknowns will arise in our Systems of r linear congruences cryptographicstudies. To study these systemswhen r is large. Readers unfamiliar with linear algebra may wish to skip the remainder of this section. W e write A B (mod m) if I is congruentto B modulo m. respectively./)th entries aii and br7 . su ch as A nt on t 0O l . the This establishes theorem. r < k . We easily seethat f" 13l 2) L8 The following proposition (q 3l be needed.as unknowns.b i j ( m o dm ) f o r a l l p a i r s ( i . then AC = ^BC (mod m) and DA = DB (mod m).i (mod ne). Using matrix notation. we see that this system of /.)j ' rc. The system 3x*.X: Anl An2 Onn xn bn Example.andB: .i and b. --B (mo d re s pec t iv ely . and <k The (i. 2 b2 (modm) QnrXt * anZXZ * lann xn : bn (mod rn ).r. 2 bnc.3 we see that b o. from Theorem 3..w e k n o w thuto. tr Now let us consider the system of congruences QttXtl anxz* A Z t X t * a Z ZX Z t --. Hence. C is a n k x p m at r ix a n d D i s a p x n ma tri x .6. i n and k.120 Gongruences Proposition 3.j. Qtt an Qln Q2n X1 X2 by azt azz where A : bz . utt 1 ( 7 ( p. Proof. respectively.' --Lb. xn b1 m) *?r.(mod *er./)th entries of AC and BC are ) ai1c1iand 2 bi.7.c. inc e A S m ).j z ':l --AC BC (mod la). Consequently. x.4y :{ 2xt5y ca n be wr it t en as (mo d 13) (mo d l 3) . (mod .. congruencesis equivalent to the matrix conqruence AX = B (mod lz ). lf A and B are nxk matriceswith A : B (mod m).for I ( i ( n a n d l e t t h e e n t r i e so f C b e c i i n f o r l < i and l(7<k. al l w i th i nteger entri es.. t:l The proof that DA : DB (mod m) is similar and is omitted. Let the entries of A and B be a. To B1A = BzA = I (modm). w e c o n c l u d e B 2 A B r ( m o d l c l ) . Ll L7J We now develop a method for solving congruences of. Definition. ?] 5.6.6 and the congruence ( m o dm ) . sinceBA = AA = I (mod m).J l. lf A and .l f" xl : |. Since (m.d = :.24) w e s e et h a t t h e 1natrix[ ' -^+riv ol 15il. Then. Converselyf 81 and 82are both inverseof A. seethis.3.rol (mod5).7.q are nxn matrices of integers and if tra -. such that 3.r Ir 3. be a matrix of integers. s i.l [t:): [t. the . w h e rIe: l o . an inverse 5. then 7 is said to be an inverse of A modulo m . .l l0rJ .1 (mod m). where 1 is the identity matrix.12) l. then ^B is also an inverse of A. d ty i s t h ei d e n t i m a t r io f ll t. .then Br= 82(modm). Let A Proposition t:') A : det A : ad-bc ts relativelyprime to the positiveintegerm .the form AX = B (mod m).[] [. using Proposition3. S i n c eA B t : 1 w e h a v eB A B I : that Bt Z Bz (mod ln).qI:/ ol t x ( m o z ) . and 4l : 1.l 100 f'o l l ol order n. If A is an inverse of A and B : 7 (moO rn ). . |. Example. This follows from Proposition3. is ^ of o)modulo l. r. This method is based on finding a matrix I such that 7Z . [r l] for givesan easymethodfor finding inverses 2x2 The followingproposition matrices.4 Systemsof LinearCongruences 121 b 4l f'l | | | [ 12 sJ lyj - fsl ( m o d l 3 ) . Definition.b c + a. we need e only verify that AA = AA =I (mod z).. page 791. To see this.d : l.i s a n i n verse I o of Proof. tr Example. o)' modul o m.fad-bc o I I -bc+ad) ol : A [aol: faaol = l.l a . which existsbecause(a. LI -f a -n) (" ol a)lrd) | | -t: A I al0 . we need a result from linear algebra.)th entry Cyi. ir +l modulo13. This result may be found in Anton [60. we s _+l: |. note that AA: f" u ) .r : I (mod m)' oJ I o lo. It involvesthe notion of the adjoint of a matrix.122 C ongruences mat r ix =f r : o l -o-ul .b c o l l l | .d ) Va)-l-c oJ--l 0 -faol faao I frol = ^|-ooj=l z) o ooj=lo'. Thg adjoint of I is denoted .l fo where f ir un inverseof A (mod m).. l-23) l-46) l. To verify that tbg matrix 7 ir an invers of A modulo ra.Let A : have Since2 is an inversedetA:7 lr r.l4l .oll: n . which is defined as follows.l [o'.J. wher ea is t he in v e rs e f A m o d u l o m. where Cii is (-l)t+i times the determinant of the matrix obtained by deleting the ith row and 7th column from A.l: 1 (mod and AA=--f-.e6J To provide a formula for an inverse of an nxn matrix where n is a positive integer.ro_sl |'rosl (moar). The adjoint of an nxn malrix A is the n\n matrix with (i. = tr_2 1.f a d . matrix with is an nxn A Theorem 3. 7 ) : 1 . Hence. where (det A. th e n th e matri x A : A (adj A ) i s an inverseof I modulo m. then Using this theorem. If (det A.6. Proof. Since (det Z. and an inverseof det A : -5 is 4 (mod 7).ltosl(modi).8. rn ' (adj l) is an inverseof I modulo ru.5 .aar : 1 (mod ). when we multiply both sidesof this congruence an inverseA of A.djA):4 -2-3 sl -s o tol: 4 r-r0J l-a-tz2ol fezel o ool.m) : l.U ) :1 . T h e n d e t A : 2|. det A* 0. where A is an inverseof A : det A modulo m.m) : Theorem 3. = I (mod m). where adj A is the adjoint of A. If A GdjA) : (det A) I .9. Let A : fzsol. e tuolilA This showsthat 7 :^ . we find that u 23J I:4(. Proposition 3. from AadjA:(detnl:A1.9. Hence. 120 . then we know that det A * 0.the following propositionfollows readily.[ (uojA ' A) .zLdj nE and afl modulo z.:. we obtain by . l-ro t 0 4-40) 1242) We can use an inverseof I modulo m to solvethe system AX : B (m o d m). By Proposition3. there is an inverseA of A : det I A (A adj A) = A ' {.3 . we have l.nl) : l. tr Example. S i n c e( d e t A .4 S y s t em s of Lin e a r C o n g ru e n c e s 123 by adj(l). If A is an n\n matrix with integer entries and rn is a p o si tiv eint eger s uc h th a t (d e t ' q . ] and B - [. .-. _ ) . Example.4x . 1 ( m o d m ) .. whereA : A : det A : ad . . we find the solutionX by forming A B (mod m ). ret AX: B. we give an example of the solution of a system of three congruences in three unknownsusing matrices.j I'J we have previously shownthat the matrix ll 3 : is an inverse of s . x : t.8. then l:').'^'^"rl.1 ' .l : X = A lyj ")lf)-ulo. y = I bf -ce) (mod lz).q. We consider the system of three congruences 2 x 1 * 5 x 2t 6 x t : 2x1 * xt j xr * 2x2* 3x:: 3 ( m o d7 ) 4 (mod 7) I ( m o d7 ) . Next.. This is equivalentto the matrix congruence . 12 I l"'l = lalr.] If -f f"l .4B (modm) X : A B (modn). fa.l .] f |.bc is relativelyprime to ln.nrl | | .1 ' " -B l--A i _a -t)|f.y) is a solutionif and only if x = A.124 Congruences A Ux): LB (modm) (. Note that this method providesanother proof of Theorem 3.(de-bfl (mod z).noo zr. l . Hence. .l lz ol o I [".r This demonstrates that (x.242 lzsel z) we tmoo Hence'have : lJ l? .l lr l". To seethis..^ . What are the possibilitiesfor the number of incongruent solutions of the system of linear congruences ax*by:c(modp) dx * ey : f (mod fl.1 fozellrl [r'l l".e. Gaussian elimination may be adapted to solve where division is always replacedby multiplication by systemsof congruences of modulo ru.3. and f are positiveintegers? 4. 3. (mod7) 4x* y=5 x*2y=4(mod7). d4x +y 2x + 3 v Z. For instance.we should mention that many methodsused for solving systems of linear equations may be adapted to solve systems of congruences.b.J lz+zjL'J lro) lol I'l(mod7) lrj Before leaving this subject. there is a method for solvingsystems congruences inverses analagousto Cramer's rule.1: l'. a) b) x*2y 2x* y x*3y 3xt4y I (mod 5) I (mod 5) I (mod 5) 2 (mod 5) (mod 5) (mod 5). where p is a prime and a.l : ltl: l-l:l^ :l-.4 Systems of Linear Congruences 125 [*. Also. Find the solutionsof the following systemsof linear congruences. Find the matrix C such that .4 Problems l. We leave the developmentof these methods as problemsfor thosereadersfamiliar with linear algebra.c d. ^ l l llrosll. of of Find the solutions the followingsystems linearcongruences.l . a) 2x*3y x*5y (mod 7) (mod 7) b) 3. 126 C ongruences Q- fz'l f+ol( m o d 5 ) lor. then Show that if A detA:tl(modrn). J 9. A matrix A * I is called involutory modulo m if 42 = 1 (mod z). Find an inverse modulo 5 of each of the. then Ak : positiveintegersk. 5 . Use the results of problem 8 to find all solutionsof each of the following systems a) x+y : I (mod 7) x*zz2(mod7) Y*z=3(mod7) .. J lt 8 .following matrices il f or l lr ol b) |. Bk(modm) for all 6 . a) b) Show that n 14 l | | 22) is involutory modulo 26. Use mathematical induction to prove that if A and B are nxn matrices with integer entries such that A = B(mod m ).i a) frrol 0t lt [0 1 lJ I b) lr2sl u 46J r) lr r r 0l ^) v' ll l0ll | | ll0rll' fr z:l l 0r r r .l llJ and all entries of C are nonnegativeintegers less than 5.oJ z) c ) l z. Find an inverse modulo 7 of each of the following matrices i'. is a 2x2 involutory matrix modulo m. 7 . the integers in a row or in a column is always the same. 1 ( / ( n.. where i=a*ck*e{klnl j=b+dk+flk/nl (modn). n ) : ( e. if the integer k is placed in the i th row and 7th column. without putting two integers in the same position. b) and a.c d. n ) : ( 7 .b. (modn). n) : l . How many incongruent solutions does each of the following systems of congruenceshave a) x* y* z i 2x*4y*32: I (mod 5) I (mod 5) 3 (mod 5) I (mod 5) I (mod 5) b) 2x*3y* z x*2y*32 2x* z c) 3x* y*32 = I (mod5) :2(mod5) x*2yt4z (mod5) 4x *3y *22:3 il2x*y*z x *2y * z x * y *22 (mod 5) (mod 5) (mod 5). n ) : l . k f . a) Show that the n2 integers 0..e.3. n ) : ( d .de. In this problem. Develop an analogue of Gaussian elimination to solve systems of n linear congruencesin z unknowns (where m and n may be different). and f produced Show that a magic square ( c . Develop an analogueof Cramer's rule for solving systemsof n linear congruences in n unknowns. we present a method for producing magic squares.1. A magic square is a square array of integers with the property that the sum of I < t ( n.n2-l are put into the n2 positionsof an n x/. are integers part (a) with 1 3 .4 Systemsof LinearCongruences 127 b) x*2y*32 : I (mod 7) x*3y*52=l(mod7) x*4yl6z=l(mod7) x*y *z x*y *w xtz iw Y*z *w = : : = (mod 7) (mod 7) (mod 7) (mod 7). square. t2. c) 1 0 .. .. Find inversesof 2x2 matrices using Proposition 3.n) : l. Find the solutions of a system of two linear congruencesin two unknowns using Theorem 3.9. in Solve systems of n linear congruences in n unknowns using an analogue of Cramer's rule (seeproblem ll).7. 3. 3. Produce magic squaresby the method given in problem 13. r e s p e c t i v e l yw h e r e k i s a g i v e n i n t e g e r . 7.n) : G-f . 2.4 Computer Projects Write programs to do the following: l. 5.128 Congruences c) The positive and negative diagonals of an nxn square consist of the integers positions (t1). 4. 6.n) : G*f . Solve systemsof n linear congruences n unknowns using inversesof matrices.8. t . . in where i + j = k (mod n) and . A s q u a r e i s called diabolic if the sum of the integers in a positive or negative diagonal is always the same.n) : (c-d.j = f t ( m o d n ) . Show that a diabolic square is produced using the procedure given in part (a) if Gtd. Solve system of n linear congruences in m unknowns using an analogue of Gaussianelimination (seeproblem l2). Find inversesof nxn matncesusing Theorem 3. we can develop divisibility tests for integers based on their expansionswith respectto different bases' We begin with tests which use decimal notation. r29 .. Theorem 3....2 . 2. we only need to examine its last digit for divisibility by 2. Similarly.1.5 tells us that 10/ :0 (mod 2r) for all positive integers7.f i i . we develop tests for divisibility. . In the following discussion * 4 1 1 0* o o .. (mo d 2 3 ). n = ( a r a o ) r o( m o d 2 2 ) . . In general. a z a r a ot)o ( m o d 2 / ) tell us that to determine whether an integer n is divisible These congruences by 2. Since l0 = 0 (mod 2). n = (a) 1s (mod 2).r ( 9 for. to test n for divisibility by 2i. to determine whether n is divisible by 4.t:0. we only need to check the integer made up of the last 7 digits of n for divisibility by 2i .. letn: (oooo-r. we only need to check the integer made up of the last two digits of n for divisibility by 4.apo)rc. Thenfl:QklOft + arr-J0t-l+ with 0 ( o.Applicationsof Gongruences 4. n 3 (a z a ra o )ro n: ( a i .k. Hence.1 Divisibility Tests Using congruences. of 2. by powers. First.. l + 3 .. 10e : I (mod 3) and (mod 9). first note that since l 0 = 0 ( m od 5). or by 9. the sum of the digits of by IL n is 4 + | + 2 + 7 + 8 + 3 + 5 : 3 0 . + ar *as (mod 3 ) a n d ( m o d9 ) . .. Example.130 A ppl i cati ons of C ongruences E x a m p l e . we develop tests for divisibility by 3 and by 9. th e i n te g e r formed by al ternatel y addi ng and subtracting the digits. a p s ) t 0 :k l O k + a 1 r . is divisible by I l.z * 7 : 2 2 i which is divisible ll. We see that 723160823is divisible by 11. since 4 | 4 9 . di vi si bi l i ty tests for powers of 5 are analogousto those for powers of 2. e rather simple test can be found for divisibility -l (mod I l). b Next. This shows that (apap-1. since Next.25 1 2 5 | 3 7 5 .L e t n : 3 2 6 8 8 0 4 8 . we have + Since ( a 1 r a 1 r .3 : 4 i s n o t d i v i s i b l e y l l . w e h a v e l Y :0 (mo d 5 /). Hence.aps) is divisible by I l.1 1 0 k * r a : ak(-l)ft * a*-r(-t)t-t * alO * as -at * as (modI l). since alternately adding a n d s u b t r a c t i n gt s d i g i t s y i e l d s i . .. 1 6 | n s i n c e t 6 | g 0 4 g . 33678924is not divisible bv 11.. l l . 5 | n . Note that both the congruences l0 : I (mod 3) and l0 = I (mod 9) hold. we develop a test to simultaneouslytest for divisibility by the primes 7 . Hence. S i n c I l r o b u t 9 l t } . 6 2 5 I n . To develop tests for divisibility by powers of 5. On the other hand. to seewhether n is divisibleby 3. N o t e t h a t 7 ' l l ' 1 3 : l 0 0 l a n d 1 0 3 : 1 0 0 0: . 1 2 5 | n .at * o2+ (-I)k a p . This givesus the useful congruences (apa1r-1. s i n c e4 .b u t 3 2 s / r s i n c e ' l zi g s o + g .l ( m o d l 0 0 l ) . We only need to check the integer made up of the last 7 digits of n to determinewhether n is divisiblebv 5i. Then. L e t n : 1 5 5 3 5 3 7 5 . a n d 1 3 . or by 9. . Example. a l . 3 l n b u t gl n . Let A l0 : n : 412783s. 8 l . . s i n c e z s lls. if and only if rc o s . E x a m p l e .2 + 9 . w e s e e t h a t 2 l n s i n c e z l g . Hence.8 + 7 .S i n c e s I s .. H ence. s i n c e | + a .aps) ekl0& + a*_tl0k-l + : * alO * a6 : ek * ap4 *' .6 + 3 . b u t s i n c e 6 2 5| s l l s . we only need to check whether the sum of the digits of n is divisible by 3.z + g .0 + 6 . | n.1 . 4 . we have b = I (mod d). 208 358 + 59 : divisible by 7 and 13. Proof.(l00ar * l}aa* a) * (t00ar * l0a7+ a) (mod 1001). or 13.l : =aj-ftj-r+"'+a1b*as : (a i -t. . . H ence.59358208. representations.11.afl o)r: kn o w t hat bj .r .we only needto checkwhetherthis o a l te rn at ings um and d i ffe re n c e f b l o c k so f th re e d i gi ts i s di vi si bl eby 7.f t i . Since the alternating sum and difference of the -91.5 we Proof. . but notbyIL -----*?. I Q 1 .aps)6.1 . a d r o :k l O k + a * ..s (a s a 7a6)rcThis congruencetells us that an integer is congruent modulo l00l to the adding and subtracting the three-digit integers integer formed by successively blocks of three decimal digits formed from successive with decimal expansions where digits are grouped starting with the rightmost of the original number.a s ). (ap.. Di vi sibilit yT es t 2. As a consequence. so that by Theorem 3.ll of theTvisibility tests we have developedthus far are based on decimal representations.a p s )6 a n d o n l y i f d I G1-t. . and l3 are divisorsof 1001. Let n . since 7.. We now develop divisibility tests using base b where b is a positive integer.5 tells us t h a t b j : 0 Hence.. is integers formed from blocks of three digits. a p s ) 6a r r b k* " ' + a l b l + a i . a 1 r .J O f t .l + a : ( a o * l 0 a r * 1 0 0 a ) + 1 0 0 0 ( a r* 1 } a a * 1 0 0 4 5 ) * ( t O O O ) ' ( o u l 0 a 7 t 1 0 0 a 6 )r + = (100a2* 10cr+ a0). . ..a P s )6 (m o d d /). th e n n : (a p . Since d |$-l)..a 1 r-1 . + "'+aft*as if d Co n se quent ly .11. by whetheran integeris divisible 7.11. Theorem 3. lf d | (b -t)..a ps)6 i s di vi si bl eby d i f and b only if ap t ' '' + ar t as is divisible y d. Example. ( a p a 1 r ... Since b = 0 (mod d). but not by 11.. .. .(o 5 a a a 3 ).to determine digit. Divisibility Test 1. th e n ( a1.1 D iv is ibilit y T es ts 131 * alO * c6 ( a 1 . aps ) 6 is d i v i s i b l e b y d i i f a n d o n l y i f (a1-r. * = ( a2 a . we seethat r is divisibleby 7 and 13.apo)ui s di vi si bl eby 4i.I ( m o d d ) fo r a l l p o s i ti v ei n te g e rsb... If d I b and 7 and k are positive integers with i < k. or 13. ( m o dd / ) .

lf d | (b + l). a n d 1 5l ( 1 6 . sinceI | (:O)16. Likewise.0 + 1 n 0+0-l:0(mod3) a n d3 l ( z + t ) . H ence..I ) k a p * -l (mod d). while 5 tr. since / (30)ro 5 and ts / (30)ro.132 .. Determine highest the powerof 2 dividingeachof the followingpositive integers a) b) 2. s i n c e3 l ( f 6 . which are divisible by 9? a) b) 18381 65412351 c) d) 987654321 78918239735 .a p s ) b : (-t)k a1. w e h a v e g : (mod d) . + . 112250 4860625 c) d) 235555790 48126953125. n =6. using Divisibility Test 3. -a1 * ao ( m od d) . w e c o n c l u d h a t l 7 t r r .I + 0 .Let n : (1001001 I ll)2. n (in Example. s i n c e4 t r 6 . q ) r u( m o dl 7 ) . and I 5 I n.u.Then. we knowthat 3 | n. tr Divisibility Test. y 5 l ( t 6 .1 + 1 . S inc e d I ft + 1 ). we see t h a t3 l r . since 17 | (16 + l) and by ( . Divisibility Test 3.. Example. 201984 1423408 c) d) 89375744 4t578912246. H e n c e . then n : (ap.t ) .A +8 -2* F -7: te since17 I (D rc.o1 . Furthermore. a n d 7 + F + 2 + 8 +A *6:(30). B y D i v i s i b i l i t T e s t Z . we know that 2 | n. s i n c e = | .1 Problems l.l ) .we s e e t h a t a l n . Then. Oppl i cati ons of C ongruences a l r b kI t aft I aoz at * * a 1 t a 6 ( m o d d ) . from Divisibility Test l. d I n i f a n d o n l y i f d | ((-l )o oo + * as). a nd only if ( . since4 | 16. Which of the following integers are divisible by 3? Of those that are. . sincezl e. Let n: (7F28A6)16 hex notation). bi = (-l )/ Pr oof . sincezl te.3. Determine the highest power of 5 dividing each of the following positive integers a) b) 3.. 4.1 ) . T h i s s h o w st h a t dlnifandonlyifdl(a*+ * a1t as).aps)6 is divisible by d if -a r * a 6 i s d i v i s i bl eby d. and c o n s e q u e n tl yn : (a 1 .

A base b repunit is an integer with base b expansioncontaining all 1's. and which are divisible by 9. where m is anv modulus. ( t o t t 1 0 1 l o ) 2 i s d i v i s i b l eb y 5 .l. and whether it is divisible by 13.4 . We can check a multiplication c : ab by determining whether the congruence c 2 ab (mod rn ) is valid. Use this to check 443692 and I 1092785for divisibility by 37. rs (36470124$8 is divisible by 5.1 D iv is ibilit y T ests 133 4. il b) Determine which base D repunits are divisible by factors of 6 . A base b palindromic integer is an integer whose base 6 representation reads the same forward and backward. il b) Show that every decimal palindromic integer with an even number of digits is divisibleby I l. is An old receipt has faded. Which of the following integers are divisible by I I a) b) 10763732 108632001s c) d) 674310976375 89243t00645372 5. starting on the right). 10. Determine which repunits are divisible by 1001. containingall l's. Which are divisible by 7? by 13? Determine which repunits with fewer than l0 digits are prime. If we find that . 8. indicated by a question mark: 89878'58965: 5299?56270. (SS:ZO+t 320219)ro divisibleby 101. 9. It reads 88 chickens at a total of$x4. Develop a test for divisibility by 37. 6. (Hint: Split the digits of the base b representationof the integer into blocks of two. 13. 7. and whether it is divisibleby 5. Determine which repunits are divisible by I l. Devise a divisibility test for integers representedin base b notation for divisibility by n where n in a divisor of b2 + l. Determine which base b repunits are divisible by factors of b * l. (12100122)3 divisibleby 2. based on the fact that 103 = I (mod 37). How much did each chicken cost? 12. Show that every base 7 palindromic integer with an even number of digits is divisibleby 8.2y where x and y ^re unreadable digits. A repunit is an integer with decimal expansion a) b) c) d) Determine which repunits are divisible by 3. Use a congruence modulo 9 to find the missing digit. Use the test you developedin problem 9 to decide whether il b) c) d) ll.

Fridey :5. 4. M o n d a y : l .we use a congruencemodulo 7. Check each of the following multiplications by casting out nines il b) c) d) : 875961-2753 2410520633 t4789. 4. 3 . When we take m :9 and use the fact that an integer in decimal notation is congruent modulo 9 to the sum of its digits. s e t t i n gS u n d a y : 0 . and 13.I and of b + L 3. Julius Caesarchangedthe Egyptian calendar. ll. To remedy this.1 Computer Projects Write programs to do the following: 1. then we know an error has been made. Wednesda! : 3. Test an integer for divisibility by 3. Thursday : 4. to a new calendar with a year of averagelength 365 V4days. (Use congruences modulo l00l for divisibility by 7 and 13. 2 .9. 2. Are your checks foolproof? 14.) Determine the highest power of each factor of b that divides an integer from the base b expansionof the integer. Since the days of the week form a cycle of length seven. more recent calculations have shown that the true length of the year is approximately 365. I . What combinations of digits of a decimal expansionof an integer are congruent to this integer modulo 99? Use your answer to devise a check for multiplication based on casting out ninety nines. in . and Saturday : $.which was basedon a year of exactly 365 days.the discrepancies of 0. 5 . 4 . to better reflect the true length of the year.for divisibility by factors of b .23567 : 348532367 : 24789'43717 1092700713.2 The Perpetual Calendar In this section. However.we derive a formula that gives us the day of the week of any day of any year. 6 . with leap years every fourth year. Test an integer from its base b expansion. As the centuries passed. Then use the test to check the multiplicationsin problem 13.0078 days per year added up.7.134 A ppl i cati ons of C ongruences c # ab (mod z). T u e s d a y: 2 .2422days. . this check is called casting out nines. 4. so that by the year 1582 approximately l0 extra days had been added unnecessarilyas leap years. We denote each day of the week by a number in t h e s e t 0 . Determine the highest powers of 2 and of 5 that divide an integer. falls on in any given year. An error of 0. which is 3 days per 10000 years.2 T he P er pet ua l C a l e n d a r 13s 1582 Pope Gregory set up a new calendar.2425days. there are [Or-t600)/1001 years divisible by 100 between 1600 and N. First. As an example. the number of leap years . s o t hat O c t ob e r 5 . and Y :54. to In dealing with calendar dates for various parts of the world. while Greece held out until 1923.h a s k : 1 2 . We start with the year 1600 and compute the day of the week March l.and since 365 : I (mod 7). Hence. i. to find dys from drooo.b e c a meOc to b e r 1 5. we must also take into account the fact that the Gregorian calendar was not adopted everywherein 1582. 365 days have passed. in year I{. it was necessary add I I days. we seethat du : dN_. * I (mod 7). C : 1 9 .2422 days.. We take care of this by renumbering the months. f r 7 : 4 . the average length of a calendar year is 365. In the future.the years 1700. and consideringthe months of January and February part of the precedingyear.would be leap years only when divisible by 400. Letdy represent the day of the week of March 1. where C : century and Y : particular year of the century. and various possibilitieshave been suggested correct for this error. It was decided that leap years would be preciselythe years divisible by 4. and 2100 are not leap years but 1600 and 2000 are.0003 days per year remains.we must find out how many leap years have occurred between the year 1600 and the year N (not including 1600. except those exactly divisible by 100. To compute this. and there are ICnr . Japan changedover 1873. to the Soviet Union and nearby countries in 1917. we first note that there are [(nrr . .e. becausethe extra day in a leap year colmesat the end of February. l0 days were added to the d a te. rather close to the true year of 365. but including N). 1 5 8 2 . We now set up our procedure for finding the duy of the week in the Gregorian calendar for a given date.February 1984.4 . Hence. since there is an extra day between the consecutivefirsts of March. and May 1984. while if year l/ is a leap year. 1582 (and the 6th through the l4th of October were skipped). For instance. this discrepancy will have to be accounted for. of each year as our basis. the Gregorian calendar was adopted only in 1752. Note that between March I of year l/ . the years that mark centuries. if year N is not a leap year.1600)/4001years divisible by 400 between 1600 and N. We use March 1. is considered the 12th month of 1983.and by then. With this arrangement. N : 1 9 5 4 . is considered the 3rd month of 1984.I and March I of year ly'. In Britain. let k : day of the month. With this convention. with N : 100C + IZ.160c)/41 years divisible by 4 between 1600 and N. We first nrust make some adjustments. and N : year. 1 9 5 4 . z : month. we see that dy = dx_r + 2 (mod 7). starting each year in March. 1900. F o r e x a m p l e J u n e 1 2 . 1800.for the day of interest. i n c e .2 (mod 7).becomes the value of d16ss.5. because30 : 2 (mod 7).. and the : lc /+l (which follows from problem 20 of equation |.2. To do this.38 + 82 + [19/41 + ts2/41 :. 1982. s o th a t M a rc h 1 .400. We now use this formula to compute the day of the week of the first day of each month of year l{. Now putting this in terms of C and Y . 1600. 1 6 0 0 . The months with 30 days shift the first of the following month up 2 days. Here we haveagainusedProposition the inequality 1.plus an extra day for each leap year between 1600 and N.1600)/4001 t0.drcoo.rc /4 + V /4001 Section sinceY/400 < llq.r .lX /t001+ t6 + Ir{/4001 4 : lN /41.rc00D/41. of any year. dx : drcoo 2c + y + tc/41 + ly/41 (mod7).388. we can use the fact that March |. a n d s i n c ed p t z : l .w a s a W ednesday. Now that we have a formula relating the day of the week for March l. dr c oo: 3. and thosewith 31 . H enc e. we have to use the number of days of the week that the first of the month of a particular month is shifted from the first of the month of the preceding month. W hen w e i nsert the formula for d1.C + t C/ 4 1 . s it follows that | = drcoo. we see that the number of leap years between 1600 and l/ is + lzsc+ v/Dl .3 8 8 = 3 C + l C / 4 1+ l Y / 4 1 . This gives the following formula: dx=drcoo+100c+Y-1600+ Simplifying. du : 3 . (We have used Proposition1.2 C + Y + l C /4 1 + IY l 4l (mod 7).136 Applications Congruences of between1600 and N is + tcnr. l y ' : 1 9 8 2 .1600)/1001 tor : lN /41. We can now compute d1y from drcooby shifting drcooby one day for every year that has passed.ras : 2 5 C + I Y / 4 1.tc + v/r0o)l+ 1. with the day of the week of March 1. Y/100 ( 1. F o r 1 9 8 2 . w eh a v eC : 1 9 . a n d Y : 8 2 ..5 to simplify this expression).3 ( m o d7 ) . 1. 1600. is a Monday to find the day of the week of March I .rc/0 v/400)l.lw /tool + It//4ool . we have 3 C + I C / 4 1+ l Y l 4 l - 3 ( m o d7 ) . ly'. to APril l: from April l. 4.2 modulo 7. We need a formula that gives us the same increments.0.6m . To find W. increments as rn goes from I to I l. To find the duy of the week of January 1. Example. we simply add k-l to the formula we have devised for the day of the week of the first day of the same month.2 has exactly the same inspection. I r : 9 9 .21.6m . We obtain the formula: 7).2C + Y + IYl4l + lcl4l (mod We can use this formula to find the day of the week of any date of any year in the Gregorian calendar.0. we must add the following amounts: 3 (mod 7) ' from March l. to Septemberl: from September 1. we have c : 1 8 . Hence.36 + 99 + 4 + 24 :. to August 1: from August 1. . Find the day of the week of the day you were born. to July I : from July 1. w . the day of the week of day k of month m of year. to December 1: from December l.4 . a n d k : | ( s i n c e w e c o n s i d e rJ a n u a r y a s t h e have Hence. 1900. the day of the week of the first day of month m of year N is given by by the least positiveresidueof dy + [2.2 Th e P er pet ual C a l e n d a r 137 : days shift the first of the following month up 3 days. so that the first day of the w twentieth century was a Monday. to October I : from October l. because31 Therefore. and of your birthday this Year. to November l: from November 1.6m o. to February 1: 3 daYs 2 daYs 3 daYs 2 daYs 3 daYs 3 daYs 2 daYs 3 days 2 days 3 daYs 3 daYs.2 Problems l. By 1l incrementstotaling 29 days. to January l: from January 1. Notice that we have 2.6 days. the of eleventh month I + 28 . to May I : from May l.I (mod 7). m : l l . and is zero when m : l.k + 12.21 .2l. to June l: from June l. we preceding year). so that each increment averages we find that the function lZ. in the Eastern u. 28. 3. Declaration of Independence) (U. 1752 July 4. and the Gregorian calendar from I 7 52 to the present) October 12. 3' To correct the small discrepancy between the number of days in a year of the Gregorian calendar and an actual year. BattleshipMaine blown up in Havana Harbor) (Scopesconvicted of teaching evolution) (First atomic bomb exploded) (First man on the moon) (Nixon resigns) (Three Mile Island nuclear mishap). Find the day of the week of the following important dates in U. 1925 i) July 16. fall on the identical day of the week. Devise a perpetual calendar for the International Fixed Calendar to give day of the week for any calendar date. . S. 1979 il b) c) d e) f) (Columbus sights land in the Caribbean) (peter Minuit buys Manhattan from the natives) (Benjamin Franklin inventsthe lightening rod) (U. 1776 March 30.1974 l) March 28. 1945 j) July 20. which is not in any month. In this calendar. 4. 1492 May 6. To print out a calendar of any year.) (U. 1969 k) August 9. Adjust the formula for the day of the week of a given date to take this correction into account. 1888 d February 15. or 84 years apart. called So/. which we may consider as December 29.138 Applications Congruences of 2. To print out a calendar for the International Fixed Calendar (See problem 6). S. 1692 June 15. To give the day of the week of any date. 6. 1898 h) July 2.2 Computer Projects Write programs to do the following: l. it has been suggestedthat the years exactly divisible by 4000 should not be leap years. including all our present months. plus a new month. buys Alaska from Russia) (Great blizzard. except for the June of leap years which has an extra day (leap years are determined the same way as in the Gregorian calendar). 56. fall on the same dav of the week as the day you were born? Show that days with the same calendar date in two different years of the same century. S. 2. There is an extra day. 5. history (use the Julian calendar before 1752. 4. until your one hundredth. S. which is placed between June and July. Which of your birthdays. there are 13 months. Each month has 28 days. A new calendar called the International Fixed Calendar has been proposed. Year End Day. 1867 March 17. s. If-1. plays team l/ in round k where 2i : k (mod lf-l).Af-l. we can assume that we always have an even number of teams.k (mod /V-l) has exactly one solution with I ( x < . Example.3 Round-RobinTournaments Congruences can be used to schedule round-robin tournaments.A/-1. and 5. Hence. play team j. team 3 is paired with the dummy team 6. We match this team i with team ^A{ the kth round. since (2.4. if N is odd.4 . team N plays every other team exactly once. and if a team is paired with the dummy team during a particular round. labeled I. We have team i. we show how to schedulea tournament for I/ different teams. it draws a bye in that round and does not play. In round one. with j I N and j # i. There except for team N and the one team i for which 2i : k (mod li-l). team i does not play the same team twice. we i n c l u d e a d u m m y te a m l a b e l ed6. with the addition of a dummy team if necessary. with i * N. Team 2 is scheduled in round one with team 4. team I{ plays N-l plays team N exactly once. and i + j = k' (mod N-l) which is an obvious contradiction because k # k'(mod N-l). the total number of teams playing is even.Af-l games. N . by First note that if N is odd. Hence. and hence. So.1. and does not play any team more than once. The method we describe was developed Freund t65].7 tells us that the congruence 2x :.. so that each team plays every other team exactly once. To schedule a round-robin tournament with 5 teams. team I p l a y st e a m T w h e r e| + j = l ( m o d 5 ) . since the solution f 2+ j =l (mod5) is 7:4. If we continue this procedureand finish schedulingthe other rounds. where I < t <. T h i s i s t h e t e a m j : 5 sothat teamI plays team 5.3 . we add a dummy team. i + j: k (mod /V-l). is one such team because Theorem 3. N-l) : 1.3 Round-Robin Tournaments 139 4. W e construct a schedule. it plays every team games. not all teams can be scheduled in each round.. In this section.2 . in We must now show that each team plays every other team exactly once. in the kth round if This schedulesgames for all teams in round k. We consider the first tr/-l teams.3 . then i + j = k (mod l/-l). and this happensexactly once. No w label t he N t e a ms w i th th e i n te g e rs1 .we end up with the pairings shown in Figure 4. . where the opponent of team i in round k is given in the kth row and i th column. and since every other team exactly once...draws a bye in the first round.2 . for if team i played team 7 in both rounds k and k'. Also. since each of the first lf-l teams plays . Note that team i. o S i n c ei : 3 is the solution f the o congruence2i = 1 (mod 5). since when teams are paired. In the other rounds.pairing teams in the following way. Set up a round-robin tournament schedulefor a) b) 2. 4. 4. we assign the larger of f and 7 as the home team. In a round-robin tournament scheduling. 3. 7 teams 8 teams c) d) 9 reams 10 teams.140 Applications Congruences of Team Round I I 2 3 4 5 5 bye 2 3 4 4 5 I bye bye 4 2 3 bye 5 I I 2 3 4 2 3 4 bye 5 I 5 3 2 Figure 4. plays an equal number of home games and away games. In round-robin tournament scheduling.3 Computer Projects Write programs to do the following: l. we wish to assign a home team and an away team for each game so that each of n teams. . Show that if when i + j is odd. then each team plays an equal number of home and away games. while if i + 7 is even. use problem 2 to determine the home team for each game when there are a) 5 teams b) 7 teams c) 9 teams.3 Problems 1. Round-Robin Schedule for Five Teams. where n is odd. Schedule round-robin tournaments.1. we assign the smaller of i and 7 as the home team. since . so that the files are distributed in a way throughout the z different memory locations0. specifying the home team for each game. 1. 4. so it is extremely unfeasible to reserve a memory location for each possible social security number. t h e n . Using problem 2. The social security number is a nine-digit integer. where 0 < ft(k) < m.4. a systematic way to arrange the files in memory. In such a case. k is the social security number of a student. the last three digits of early issued social security numbers may often be between 000 and 099. We define the hashingfunction h (k) by h(k) =k (mod.. h (k) would depend too strongly on the particular digits of the key. scheduleround-robin tournaments for an odd number of teams. should be used so that each file can be easily accessed.when using social security numbers as keys. A hashing function assignsto the key of each file a particular memory location. m-|. becausethe value of the hashing function would simply be the last several digits of the k"y.m). Systematic methods of arranging files have been developedbased on hashtng functions . We discuss this type of hashing function here. using a reasonableamount of memory locations.. s o that the social security numbers 064212 848 and 064 848 212 are sent to the same memory location. For instance. in our example. but seldom between 900 and ggg.2. it is unwise to use a number dividing 6t * a where k and a are small integers for the modulus rn. but the type most commonly used involves modular arithmetic. but rearranged.so that h(k) is the least positiveresidueof k modulo m. s i n c el l l | ( t O 3.. w e h a v e 1 0 3= 1 ( m o d 1 1 1 ) . Instead. The identifying number or key for each file is the social security number of the student enrolled. For instance.l ) : 9 9 9 . Various types of hashing functions have been suggested. Let m be a positive integer. Likewise. this may not distribute the keys uniformly throughout the memory locations. For a general of discussion hashingfunctionsseeKnuth [52] or Kronsjii t581. digits may be sent to the same memory location.. ra should not be a power of 10. if m : l l l . Let k be the key of the file to be stored. For instance.4 ComputerFile Storage And Hashing Functions A university wishes to store a file for each of its students in its computer. such as 103. and different keys with similar. We wish to pick n intelligently. reasonable The first thing to keep in mind is that z should not be a power of the base b which is used to representthe keys.4 Computer File Storage and Hashing Functions t4l 2. Unfortunately. q .so that exactly the same sequence locationsare traced out of once there is a collision. We first attempt to place the of file with key ft at location hs(k). We see that if kt * k2 and hi(k): h 1 ( k ) f o r n o n n e g a t i v en t e g e r si a n d 7 . If th i s i s o c c u p i e d w e m o v e to l ocati onh2& ). we define a sequence memory locationsft1(ft). this simple choice of h1(k) leads to difficulties. Starting with our original hashing function ho(k): h(k). Note that with this choice of h1(k). The secondkind of collision resolution policy is to look for an open memory location when an occupied location is assignedto a file.h2(k). 2 + l To avoid such difficulties. if there are 5000 memory locations available for storage of 2000 student files we could pick m to be equal to the prime 49G9. t h e n h .(k2) for k : 1.. all memory locationsare checked. Then the list linked to this memory location is searched. When this occurs. We would like to avoid this problem of clustering.. it will be found. such as the following technique have been made for accomplishingthis. so that files are assignedto different memory locations. . We can choose the sequence of functions hj(k) simplestway is to let in various ways..so if there is an open location. There are two kinds of collision resolution policies. This lowers the efficiencyof the search for files in the table. = h ( 0 6 4 8 4 8 2 r D 0 6 48 4 8 r 2 : 0 6 4 + 8 4 8 2 r 2 = r r 2 4 : 1 4( m o dl l ) . In the first kind. We have avoided mentioning the problem that arises when the hashing function assignsthe same memory location to two different files. . 0 ( f t . files tend to cluster..142 Applications Congruences of h@64 2r2 S4$ = 064 2r2 848= 064 + 2r2+ 848 = ll24 : and 14 (mod111).( k ) < m . This placesthe file with key ft as near as possiblepast location h &). z should be a prime approximating the number of available memory locations devoted to file storage. When one wishes to accessa file where this collision resolution policy has been used.. If this location is occupied. we say the there is a collision. so we choose the function h1(k) in a different way. We need a method to resolvecollisions. it is necessaryto first evaluate the hashing function for the particular key involved. extra memory locations are linked together to the first memory location. when a collision occurs. The h j ( k ) = h ( k ) * 7 ( m o d m ) .3. we move to l o c at ionht ( k ) . .. etc.. For instance. ( k ) : i hi+1. Various suggestions.2.

so that G(k).1.a n d s ( k ) = k + l where0< hj (k)<4969. k. We find that ks = 578 (mod 496il: . probing sequence hj(k) - m k + I (mod -2). eighthfilesgo into the available and locations 3960. Sincelocation1742is free. and is m-2 : 4967 are prime. with 0 < ft (/c) < m. Since kq = 1526(mod 4969).4 ComputerFile Storageand HashingFunctions 143 To avoid clustering. h(k) =k (modm).ko = 4075. al l me mo ry l o c a ti o n sa re tra c ed out. where m is prime. and 578.t = 2376. h(k)=k ( m o d 4 9 6 9 ) . Our probing sequence h j (k ) h (k ) + i s (k ) (mo d 4e6e). Si n c e Q (k ). as the hashing function.2376.4075. seventh. We take a secondhashing function g(k): where 0 < g(k) < m . Supposewe wish to assign memory locations to files for students with social securitv numbers: k t : 3 4 44 0 16 5 9 k z : 3 2 5 5 1 07 7 8 kt:2t2 228844 kq: 329938 t57 k s : 0 4 7 9 0 0l 5 l k6 : k7 : ks : ks : krc: 3 J 25 0 0 1 9 1 0 3 43 6 79 8 0 546332 t90 509 496993 1 3 24 8 99 7 3 .4. since S(k) S(k) 216 (mod496D. . m . . The i deal si tuati on would be for m-2 to also be prime. compute (k) = h(k) + but we h1 : I + kq = : 1526+ 216: 1742(mod 4969. 1526.578 (mod 4969). ( k ) < m. respectively. becauseks = 3960. both m : 4969. We take as a w h e re 0 ( f t . a s 7 runs through the i ntegers 0 . 1 . Sincekt = 269. we assign the first three files to locations 269. as before.and frs .we assign fourth file to this the location. Hence. respectively. we use a technique called double hashtng. so that the valuesg(ft) are distributed in a reasonableway.l.2. Example. . six. h ( k ) + i s ( k ) ( m o dz ) . . In our example using social security numbers. The fifth.kz = 1526. m) : l. We choose. we would like m-2 and m to be twin primes. tn ) : l . location 1526is taken.and k3 : 2854(mod 496r. (mod 4967). and 2854.

+ 2002 s&):57g : 2580 (mod 4969). but location 1742 is taken.1 lists the assignmentsfor the files of students by their social security numbers. o ) : 1 5 2 6+ 2 1 6 : 1 7 4 2 ( m o d 4 9 6 r . Hence. We wish to find conditions where double hashing leads to clustering. Hence. w e computehr (krd = h(Lrc) + g ( k . If both (+.we place the tenth file. we find conditionswhen (4. we find that kro E 1 5 26 ( m od 4967 ).144 Applicationsof Congruences b e c a u s eo c a t i o n5 7 8 i s o c c u p i e dw e c o m p u t eh 1 ( k q ) + l . the file locationsare shown in boldface. Hashing Function for Student Files. then h(k) + ig(k1) = h(k) + j g ( k 2 ) ( m o dz ) . Social Security Number h1(k) h2(k) 344 40r 659 325 510778 2r2 228 844 329 938 ts7 0 4 79 0 0 l 5 l 3 7 25 0 0l 9 l 0 3 4 3 6 79 8 0 546 332 r90 509 496 993 t32 489973 269 r526 2854 1526 3960 4075 2376 s78 578 r526 1742 2580 t 74 2 1958 Table 4. Finally.D occur.1) a nd (4. Hence. we continue by finding h2(krc)_ h(krc) + 2g(kd: l95g (mod 496qi) nd in this available a location.t) and @.1. [n the table. b e c a u s e 216 S : ( / c r o: ' k r c : ) (mod 4967). where S(k) : I * ks = 2002 (mod 4g6D.b u t l o c a ti o n1 5 2 6 i s ta k e n . 2) hi+t(k1): hi+r(k). Table 4. we assign the ninth file to the free location 2580. hi(k) : h1(k2) so that the two consecutive terms of two probe sequences agree.

m) : 1.D ) . rf m(m-z) > k for m(m-Z).lre congruentmodulo consecutive Hence. the only way that two probing sequencescan agree for two terms is if the two keys involved. . to we can substitutethis into the first congruence obtain h(k) which showsthat k r = k 2 ( m o dm ) . m .4 C om put er F ile Sto ra g e a n d H a s h i n g F u n c ti o ns 145 and h(k)+(t+l)g(kr) = h&) + (j + r)g(k) ( m o dz ) . Let the hashing function be ft(rK) = K(mod rn ). all keys k. 2 . .we obtain Subtracting the first of thesetwo congruences g ( k ) : g (k 2 ) (m o d rn). h1(K) with probing sequence with probing sequence hjK) g(r): I +K(mod l7). h(K) + 7 (mod l9). Theorem 3. k t = k 2 ( m o dm ( m . Set up a hashing function and collision resolution policy for assigning parking places based on licenseplates displaying six-digit numbers. since (m-2.1 .4. with 0 < ft(f) < m.4 Problems l. : h ( k z ) ( m o d r n) . ( f ) < m . = h(K) + i's(r<). using as keys the day of the month of birthdays of students with hashing function hG) = K (mod l9). S h o w t h a t a l l m e m o r y l o c a t i o n sa r e .6 tells us that Consequently. . from the second. A total of 500 parking stickers are sold and only 50-75 vehicles are expected to be parked at a time. where 2. clustering is extremely rare. (f ) = h K) + jq (mod m) . A parking lot has l0l parking places. 0 ( f t . Assign memory locations for students in your class. 4. Indeed. clusteringwill never occur. so that kr = kz (modm-2)' Since S(k) : g(k).0 ( . f o r j : 1 . andlet the probing sequencefor collision resolution be lr. . Therefore.k1 and k2. a) b) 3.l ( 16.

a s t h e p r o b i n gs e q u e n c e . U s i n gh j ( k ) = h ( k \ + j ' S & ) . security numbers of students. .146 A ppl i cati ons of C ongruences probed a) b) 4.e. . 2 .(k) < l}2l. 2. then all memory sequences are probed. n : k 1 5 7 1 7 0 9 9 6k r o : 1 3 1 2 2 0 4 1 8 .. when hj(K) hi*. 2 . .2. 0 < l./ : 0 . . k 1 25 0 5 5 7 6 4 5 2 . . . (K) < m.(K) for r : I. 1 . i.. probing sequence for resolving collisions where the hashing function is 0 < l. given by nifn = hG) Show that if z is prime. . 1 . j : 0 . . if m :2' and q is odd. these to the ten files already stored. is + 1) (mod m).(K) : hi+.. Linking files together when collisionsoccur. Using hj(D = h ( k ) * 7 ( m o d l 0 2 l ) . O < lij(K) < m. + jQh (f) il b) 5. as the probing sequence. h&) = K(mod z). using the hashing function h(k) = ft(modl02l).) 4. find open memory locations for the files of students with social security numbers: : k r r : 1 3 7 6 1 2 0 4 4 .4 Computer Projects Write programs to assign memory locations to student files. : h1(K) and Using the hashing function and probing sequenceof the example in the text. Determine conditions for clustering to occur. w h e r eg ( k ) : | + k (modl0l9) 3 .. where the keys the social "r. ( e a a . A if ln is prime and I ( q ( m -1. l.

f o r e a c h i n t e g e ra w i t h I ( a { p . ( g . S ) . We have (7-l)! :6! : l'2'3'4'5'6. We (mod 7). t t h e r ei s a n i n v e r s e . Before proving Wilson's theorem. 2'4 I and 3'5 = I note that : 1 . wi th aa: 1 ( m odp) . th e onl y posi ti vei ntegersl ess than p that are their own inversesare I and p-1. w e h a v e Q-l )t = t : -l (mod 2). Example. but did not prove it.1 Wilson's Theoremand Fermat's Little Theorem that are often useful In this section. Therefore. F ro m Pro p o s i ti o n3 . Using Theorem 3.I . 4 . We now use the technique illustrated in the example to prove Wilson's theorem. If p is prime. We first theorem. I < a 4 p . T h u s .1 . John Wilson. We will rearrange the factors in the product.Some Special Congruences 5. H ence. Now.7. let p be a prime greater than 2.we can group l4'I . grouping together pairs of inversesmodulo 7. O . then (p-t)t = -t (mod p).l ( m o d 7 ) . The mathematician after whom the theorem is named. The first proof of Wilson's Theorem was given by the French mathematician Joseph Lagrange in 1770. conjectured. w e h a v e v e r i f i e da s p e c i a l 6! caseof Wilson's theorem.we discusstwo important congruences for discussa congruence factorialscalled Wilson's in number theory. Pro o f. Wilson's Theorem. (mod 7) Hence. 6 = .the theorem is true for p:2.we use an exampleto illustrate the idea behind the proof.4 . 6 = 1 . W hen p: 2. Let p:7.

b e c a use i s one of the n-l numbers a m ult iplied t ogeth e r to fo rm (n -l )!. si nce a | (n-D l and al[h-l)! +ll. F ro m P ro p o s i ti o n 1.1 multiplications modulo n are needed to find (rr'-l)|.| i n te g e rs Proof. C .3. Assume that n is a compositeinteger and that (n-l)! = -l (mod n). If p is prime and a is a positive integer with p I a.r ( m o d p ) .1 verifies the obviousfact that 6 is not prime. I f n i s a p o s i ti v ei n te g e rs u c h th at h-l )t n is prime. th i s i s an impractical test because n . weconcludehatalt(:n-l)! + I ].3 Q-). Theor em 5..1 ( mo d n ). since n is composite. the converseof Wilson's theorem gives us a primality test. ( p-l )a.3. ( p . Sinc e a 1n.. si ncep tr a. Example. " 1) . the following theorem is of great importance. where | 1 a I n and | < b 1 n.l) ! + l l . 'the p .we have n:ob.4.r ) = .(n-l)! : l.r). we have 2.2 a .l) t + t. i t fol l ow s th at n I t ( r .Q-3)b-Db-l) = t .sincea ) l. U n fo rtu n a te l y . Hence. S i n c e h -l )t = -l (mod n).3' .with the product of each pair congruentto I modulop.2. We concludethe proof by multiplying both sidesof the abovecongruence I by and p-l to obtain b-1)! :1. requiring O h (log2n)z) bit operations. we k n o w th a t a I h -l )!. T h i s m e a n s . as the following theorem shows. for if p I i a . = -l (mod n). we determine whether h .l) ! : .b y th e u se of P roposi ti on 1. To decide whether an integer n is prime. th e n b y L e m m a 2.. When working with congruences involving exponents. then aP-t = I (mod p). Thi s . Con'sider a . 1. Theorem 5. ( P S 6 ' " .148 S ome S peci al C ongruences the integersfrom 2 to p-2 into Q4)/2 pairs of integers. . This is t an obviouscontradiction.=L Fermat's Little Theorem. N one of these i ntegers are divisible by p. '(-o.t r An interestingobservationis that the converseof Wilson's theorem is also true. that a al so d i v ides h. p I j . then Proof. As we can see.Q-D = r ( m o dp ) . tr We illustrate the use of this result with an example. Since (6-l)! : 5! : 120 = 0 (mod 6) .

( . p l . 2 . Then.p.2. This is impossible. (modp). p) : (p-l)! (modp) .1 . . 2 . . tr .. 4 ..1 . Exa m ple.3 . ja = ka (mod fl.. Thisfinishesthe l f p l a . and no two congruent modulo p. r ) . s o t h a t 3 6 . r . ( r . (p-l)a.. 2. s o t h a ta P = a = O proof.. u s i n g C o ro l l a ry3 . . from Corollary 3. by F e rm a t' sl i ttl e th e o re mw e k now that ap-t: by Multiplying both sidesof this congruence a. T h e n . and 6' 3 = 4 (mod 7). 6 3 . l ' 3 = 3 (mod 7). 2a. 6 . (p -l )a incongruent to zero. 1 ) . Consequently. 1 m o d ) . to obtai n Q-I)a : l'2 (p-r) (mod ). 4' 3 = 5 (m o d 7 ). aP-t(p-l)! : S i n c e( p . a . we find that ap = a (mod p). tr We illustrate the ideasof the proof with an example. This is suppliedby the following result.. ( p. On occasion. sinceaP = a (mod p) it p I a and if pla. since (a. 1 .)6 .. If p eP: a (modp). . assume that a re a. then I (modp). i ntegers al l a re a set of p-l Si n ce t he int ege rs a .2 a .Da c o n g ru e n t mo d u l o p . no two of the integers is impossible because I ( 7 ( p-1. l ) . .3 = 2 ( m od 7) . 2' 3 = 6 (mod 7). we would like to have a congruence like Fermat's little theorem that holds for all integersa.p) : l. and therefore.1. Hence. given the prime p.Q . we know that the least taken in some order.3 6 ' 6 != 6! (mod 7). ..since 7 and k are positive integers less thanp .l) a is c o n g ru e n t mo d u l o p to th e product of the fi rst p-l positiveintegers.4 7 ( t .. lf p I a. 2e. 2 ' 5 ' l ' 4( m o d 7 ) . t h e n p l a p a s w e l l . . 2 a .I . To S ee thi s. a'2a Therefore. . 3 . ( p. A s a c o n s e q u e n c eth e product of the i ntegers i n te g er s 1. ( + . Pro o f.. Theorem 5.l ) ! . 3 ) .5 . 5 ' 3 = I (mod 7).1 W ils on' s T heor e m a n d F e rma t' s L i ttl e T h e orem 149 Furthermore. must be the positive residues of c. (= . w e c a ncelQ-l )! a P-t = I (mo d p )..36 = I (mod 7). Let p: 7 a n d a :3 . H e n c e . 3 . s . is prime and a is a positive integer. .. ( 5 . we have j = k (modp). 5= 6 3 .

I 3 modulo 7. 2. find the least positive r e s i d u e o f 8 ' 9 ' 1 0I. lf a and b are positive integers and p is prime with p I a.3. If p is prime and a is an integer with p I a. H ence.150 Some SpecialCongruences Fermat's little theorem is useful in finding the least positive residuesof powers. . Mul ti pl yi ng both si des of the original congruence sP-z. Corollary 5. Proof. W e k n o w th at 310: I (mod l l ). find the least positive residue oP 2toooooo modulo t1. If p tr a. then the solutionsof the linear congruenceax = 6 (mod p) are the integers x s uc h t hat x = a P-2 b (mo d p ). Example.2 : s P . 3 2 o r ( 3 r o ) 2 03 = 3 ( m o d l l ) . that a 'aP . then Fermat's little theorem tells us H e n c e . Hence. Using Fermat's little theorem. then aP-2 is an inverse c modulop. we have by aP-2ax = aP-2b(mod p). A useful application of Fermat's little theorem is provided by the following result. is an Theorem 5. Example.3. 1 2 . we know t h a t 2 e : 5 1 2 = 6 ( m o d l l ) inverseof 2 modulo I 1.a P-2 is an inverseof a modulo p. Suppose that ax = b (mod p). of Proof. Since p I a. From Theorem 5.3 gives us another way to solve linear congruences with respect to pr im e m oduli.1 Problems l. : . tr 5.1. Theorem 5. we know from Theorem 5 . l . x 7 aP-2b (mod p).t = I (m o d p ).2 is a n i n v e rs e o f c (mo d i l .2 t hat aP . We can find the least positive residue of 3201 modulo I I with the h e lp of F er m at ' s l i ttl e th e o re m . U s i n g W i l s o n ' s theorem.

S h o w t h a t i f p i s p r i m e .l. 7 .1 W ils on' s T heore m a n d F e rma t' s L i ttl e T h e o rem 151 ?.find the last digit of the base7 expansion 3r00.show that if p is a prime and p = I (mod 4).l ( m o dp ) . where I < k ( p . then n2 = | (mod 24). is an odd prime. Show that 42 | h' .l ( m o dp ) . . S h o w t h a t 3 1 s: I (mod I l2). I (modpq). 15. is divisibleby p when p is prime. s h o wt h a t 6 l ! = 6 3 ! = . then the . S h o w t h a t i f p a n d q a r e d i s t i n c tp r i m e s . ( .t h e n p e . t h e n h . S h o w t h a t i f p i s p r i m e a n da i s a n i n t e g e r t h e n p l l a p 18. 9. t h e n{ ( p .n) for all positive integers n. 2 1 . then lzo) .\ ) t = O ( m o d n ) . then Q-k)!(k-l)! + Q-l)! al. Show that if p 1-11b+t)/z(mod p). is a prime and O1k<-p. Show that if p = ( . S h o w t h a t i f p i s a n o d d p r i m e .l ) ! = 0 ( m o dn ( n + k ) ) . are both prime if and only if + n ( k ! . 1 7 . 13.r : I l. S h o w t h a t i f n i s a c o m p o s i t ei n t e g e r w i t h n * 4 . -l (modp). Using Wilson's theorem.t * q P .5. Show that the pair of positiveintegersn and n * 2 are twin primes if and only if 4 l ( n . 2 0 . w h e r en I l . S h o w t h a t t h e p o s i t i v e i n t e g e r sa n d n * k . of 4 .l ) ' r ! _ . Using Fermat's little theorem.l ) ( k .l ) l + t l + n = 0 ( m o d n ( n * 2 ) ) . then aP = bP (modp2). Show that if n is odd and 3 /n.l ) e ( m o dp ) .t h e n 2 Q . a) In problem 17 of Section 1.-l (mod p) has two incongruent solutions given by congruence x2 x E t l(p-)/zll (modp). Using Fermat's little theorem. 1 0 . 6. 14. 16.5 . then 1232 (p-42(p-2)2 = 12. Show that p is prime and a and b are integerssuch that ap = bP (mod p). lp ) 22.3 ) ! : 8. S h o wt h a t Q . a) Let p be prime and supposethat r is a positive integer less then p such that : . Use this fact and the binomial theorem to show that if a and b are integers.t \ l Z l l = * I (modp). w h e r e n ) k a n d k i s a n e v e n n (k!)'z[(n-t)t + t] positive integer.t h e n l l | = 2 ( m o d p ) .r * l ) ! b ) U s i n g p a r t ( a ) . For which positiveintegersn is na * 4n prime? 19.l (mod 71). we showed that the binomial coefficient ['). 5 . Showthatifp isprimeandp =3 ( m o d 4 ) .find the solutionsof the linear congruences a) 7x = 12 (mod 17) b) 4x=ll(modl9).

2 Pseudoprimes Fermat's little theorem tells us that if n is prime and b is any integer..ap b . 24. Find the primesp lessthan 10000 for which Zp-t = I (mod p2). Find all Wilson primes less than 10000.. namely that the product of all the positive integers less than m that are relatively prime to rn is congruent to I (mod z). Example. A Wilson prime is a prime p for which ( p . completesystems residues and be of modulo p Show that a1bya2b2. it will be in the Dth positionin the new deck where b = 2c (mod 53) and I < 6 <52.. 5.152 S ome S peci al C ongruences ( a + b ) p = a p * 6 z ( m o dp ) . We can show 63 is not prime by observingthat .. Determine the number of shuffies of the type described above that are needed to return the deck of cards to its original order. Show that if a and. Then. starting with the bottom pile. 2...) 23. 5... 26. b) Use part (a) to prove Fermat's little theorem by mathematical induction. the new deck is formed by alternating cards from the two piles.l ( m o dp 2 ) .b2. a) Show that if a card begins in the cth position in the deck.aobo not a complete system of residues is modulo p.. Consequently. use part (a) to obtain a congruencefor fu + l)p. We define the Fermat quotient qob) by qp(a): (ap-t-l)/p. b are positive integers not divisible by the prime p.3.. b) 25.. (Hint: In the induction step.l ) ! : . it is congruent to -l (mod rn ).b. then bn = b (mod n).. if we can find an integer b such that b' + b (mod n ). in which case. Let p be prime and let a1. Solve linear congruences with prime moduli via Fermat's little theorem. or 2p. A deck of cards is shuffied by cutting the deck into two piles of 26 cards. prove Gauss' generaltzation of Wilson's theorem. then q G b ) : e r ( a ) + q o $) ( m o dp ) . Using problem 16 of Section 3.1 Computer Projects Write programs to do the following: l. unless ffi : 4.p. then we know that n is composite.. 3.a2. where p is an odd prime and I is a positive integer. Let p be prime and let a be a positive integer not divisibleby p.. The following lemma is useful in the proof. then n is called a pseudoprime to the base b. infinitely many pseudoprimesto any given base. Unfortunately. In fact. Examples such as this lead to the following definition. the converseof Fermat's little theorem is not true. th e n th e c o n g ru e n c e n = b (mod n) i s equi val ent I (mo d n ). Exa m ple.1 divides 2n . less than 1010. since it is easily verified that 2340 I (mod 341). By multiplying both sides of this congruence by 2. lf d and n are positive integers such that d divides rz. Proof. only a small fraction of composite numbers pass this test. The ancient Chinesebelievedthat if 2'= 2 (mod n ). 5 6 1 : 3 ' l 1' 17 and 645 : 3' 5' 43 are : pseudoprimes the base 2.1 . T o s e eth is. H e n c e . we have 2340: I (mod 341). Although pseudoprimes any given base are rare. Exa m ple.I . = 256o I (mod 561). We there are. to -(mod 645). as the following example shows. will prove this for the base 2. It would be even more useful if it also provided a way to show that an integer is prime.23 23 263 Using Fermat's little theorem. n ): 1 .1 b to the c ongr uenc e n -t: we can divide both sides of the first congruenceby b.n) : l.3 + t (mo d l 1). then checking to see whether the congruence b' = D (mod n) holds is an effective test.( x . Lemma 5.we can show that an integer is composite. :2eo. s o th a t 2 3 a o : (2 t0 . We will often use this equivalentcondition. In particular. the pseudoprimes to the base b have been shown to be much rarer than prime numbers. note that by C orol l ary 3. Since d I n. then n must be prime. A l so 23a0: (25)68= (3 2 )6 s= t ( m od 3l ). we can multiply both sidesof the second congruencs by b to obtain the first. If n is a composite positive integer and b' = b (mod n).1.3 4 1 : 1 1 .1 ) ( x t . By F e rma t' s l i t tl e theorem. we find i n t h e i d e n t i t vx t .w e see that 210 = I ( m od l1) .5 .l.2 P s eudopr im es 153 :64to23 -__ = g + 2 (mod 63). and 26aa I to If there are relatively few pseudoprimes the base b. b Not e t hat if ( b. even though 341 is not prime.z + x:2d . to obtain the secondcongruence. then 2d . we have 2341 2 (mod 341). Definition. nevertheless. there are 455052512 primes. since (b. there is a positive integer / with dt : n.1. By Theorem 3. Let b be a positive integer. By setting + l). T he inte g e rs 3 4 1 : I l ' 3 1 .2t : (26)ro.b y T h e o re m 3 .l + x t . Let n .3 1 . but only 14884 pseudoprimesto the to base 2. w e w i l l be abl e to to construct infinitely many odd pseudoprimes the base 2 by taking ns: 341 to a n d n 1 r a: 2 n ' 1 I f o r k : 0 . Since to 7 3 : 3 4 3 = 2 ( m o d3 4 1 ) and zto: 1024: I (mod341) . t h e r e i s a n i n t e g e rk w i t h 2 n . H e n c e . w€ have n : dt with will show that m:2n-r is also is composite. 1 n * ( n 1 1 1( n To continue the proof.l . Example. . we first note t h a t s i n c e2 n : 2 ( m o d n ) . Since n 11d1n and l</1n. then w e know that n is composite. If we fi n d any v alues o f b w i th (b .1 to note that Qd . We can now prove that there are infinitely many pseudoprimes the base to Theorem 5. n a m e l y fl s:341. rl If we want to know whether an integer n is prime. .1. we pseudoprimeby first showing that it 2^-t = I (modz). . a s i n c e o I n t 1 n z 1 . We conclude that z is also a pseudoprimeto the base 2. and we find that 2n-t : I (mod n). By Lemma 5. One follow-up approachis to test n with other bases. 2 ^ .t : 22' . There are infinitely many pseudoprimes the base 2.l ) | ( 2 k n.so that n is composite is composite. to Proof.n ): I a n d b n -r # | (mod n). That is. 3 . we check to see whether bn-r : I (mod n) for various positiveintegers6. 2 m . T h e s eo d d i n t e g e r s r e a l l d i f f e r e n t . 1 .4. H e n c e . we know that n is either prime or n is a pseudoprimeto the base 2.2 : k n .and then by showing that To see that m is composite. tr 2.2: 2k n . +2d +l).D.l ) : 2 ^ . Since we have at least o n e odd ps eudo p ri me th e b a s e 2 . we know that m : ( 2 n .154 S ome S peci al C ongruences that 2n-t:(2d-l) 12dQ-r+ 2do-Da ) Od . Consequently. . s o that 2^-t = I (mod re).t) | Q' .I is also an odd pseudoprimeto the base 2. 2 . w€ use Lemma 5.I : 0 ( m o d z ) .l): m. . let n be an and 2n-t = I (mod n). To show that 2^-t: I (modre). ' . We will show that if r is an odd pseudoprimeto the base 2. odd pseudoprime. We have seenthat 341 is a pseudoprime the base 2.t .t) | (Z' . then m : 2' .l . He n c e. th e re ar e int eger s/. .we s eet hat 3 4 1 i s c o m p o s i tes i n c eT z to1 l (mod 341). H e n c e . Unfortunately. 7 8. w e know th a t b ' . 2 .n): l. E x a m p l e . and -b 6 1 6 I ( m o d 1 7 ) . n ) : L It has been conjecturedthat there are infinitely many Carmichael numbers.which providesconditionswhich produceCarmichael numbers.il : I is called a Carmichael number. that is.r I ( m o d Q ) f o r b j : 1 .2.l ) f o r e a c h i n t e g e rj : 1 .l) for all j. C o n s e q u e n t l y . w i th r..f r o m Fermat's little theorem.5 6 0 : ( b 2 ) 2 8 0 : I ( m o d 3 ) . . .5 s h o w sth a t 6 6 0 1 :7 ' 2 3 ' 4 1 i s a Carmichael number.n ) : l . q 1 . 2 . T o s e e t h i s . k . Then (b. y F e r m a t ' sl i t t l e t h e o r e m . 610: I (mod I l). t h e n ( b . for all b with (b. . Let b be a p o s i ti v e i n te g e r w i th (b . S i n c e Q i .L H ence.k. Definition. there are compositeintegers r? that cannot be shown to be composite using the above approach.b 5 6 0 I ( m o d 5 6 1 ) f o r a l l b w i t h ( b . .t) | oooo. but so far this has not been demonstrated. We p ro v eth i s fa c t i n Chapter 8 . T h e i n t e g e r 5 6 1 : 3 ' 1 1 ' 1 7 i s a C a r m i c h a e ln u m b e r .l) f or a l l j . w e see that bn-t : I (mod n). 5 6 1 ) : l . there are compositeintegersn such that to b'-t = I (modn). b s 6 0 : ( b 1 0 ) 5 6 = I ( m o d l l ) . T h e r e f o r e . 2 : b e ca us e J . This leadsto the following definition. l l ) : ( b .. k . that is.2 Pseudoprimes 155 we have 73a0 : 0 3 ) t t 3 l = 2 t 1 3 7: ( 2 1 0 ) 1 t . for each /.7 = 56 # I (mod 341).2. I f n: Qt Qz .t : 6\ Q ' .. becausethere are integers which are pseudoprimes every base.b y T h e o r e m = 3 . 2 a re a l l p ri m e . 3 ) : ( b . .t ) | o o o o . We can prove the following thecrem.. A composite integer which satisfies bn-t : I (mod n) for all positiveintegersb with (b.(q . . . a n d 6 5 6 0 : ( b l 6 ) 3 5= I ( m o d l 7 ) . The converseof Theorem 5. 23.l ) | ( n .l ) : n .r ) tt' -t t-o O q rl . w h e re th e q i ' s are di sti nct pri mes that Th e o r em 5. . satisfy Qi Pro o f . all C armi chaelnumbers are of the form Qflz Q* where the Qj's are distinct primes and Qi -l ) | t r . D Exa mple. b a n d h e n c e .b y C orol l ary 3.5 is also true.4 . 1 . . then n is a Carmichael number. Q t . 2 3 . n o t e t h a t i f ( b . T heor em 5 .. 6 : Q . and we concludethat n is a Carmichael number. 5.t) | oooo.5. 1 7 ) : l . T h e re fo re . we have b2 = I (mod 3). 4o: (+t .q1): I for j :1. .1) | (. a n d 4 I and Ql . we have bn-t = I (mod n ). .s. s . where s is a nonnegativeinteger and I is an odd p o s i t i v en t e g e r . since x?+t : x* 3 I (mod n).. In either case. . n If the positive integer n passes Miller's test for the base 6.l ( m o dn ) o r x z 7 1 ( m o d r u ) . Let b:5 and let n:561.Since n is p rim e. o r x t 7 . Example.162tt12'-t for 1 . Theorem 5. Hence. Proof. since x? : 16{n-r)/z1z: xo E I (mod n ). With this observation. .6.. 2 . Let n be a positive integer with n-l : 2't. Let n-l :2"/. 2. then n passes Miller's test for the baseD. passesMiller's test for all basesD with n I b. then either b t = I ( m od n) o r b v t : -l (m o d n ) fo r s o m e7 w i th 0 < j ( s -1.s. Definition. . are to we .| :2't and r is odd.l ( m od n ) o r x r+ r t 1 (mo d n ).4. once we have found that b"-t: I (mod n). we know that either x = I or x = -l (mod n). s .. : x r E I ( m o d n ) . we find that either x * ? I ( m o d n ) . If rr E I (modn). We say that n passes Miller's test for the base b if either bt = I (mod n) or b/' : -l (mod n) forsomeTwith0<l(s-1.' t .. lf n is prime and b is a positive integer with n I b.-t)/2 . B y Proposition 3. the smallesCarmichael umber. then we know that n is composite. another possible approach is to consider the least positive residue oS 6h-D/2 modulo r. th e n x 2 : b n -t: I (mod r). then. where s is a nonnegative integer and / is an odd positive integer. . we t n fi nd t hat 5( 561. i l. If this congruencedoes not hold. . g e n er al. . Continuing this procedure for k : l.l ( m o d n ) f o r s o m ei n t e g e r/ c . we can check to see wheth". I n : xk = I (mod n). f o rk : 0 . if we ha v e fo u n d th a t x s : x l : x 27 ( s. 0 We continuedeveloping primality testswith the following definitions. f o r k : 0 . by Proposition 3.t ) / z ' . We now show that if n is prime. s o t h a t a n i n t e g e rn t h a t p a s s e s i l l e r ' s t e s t f o r t h e b a s eb M J:0..4. then /. rf n i s pri me. we know that either with k x* + r 7 .. H e nce. e i t h e r x z ? . 1 . n passes Miller's test for the baseb. . either -l (modn) xt i or rr E I (modn). We n o t e t hat if x : 6 (. 6tu-t)/2 = + I (mod n).. w here n . since x ? .156 S ome S peci al C ongruences Once the congruence bn-r : I (mod n ) has been verified.t )/2 :5 2 8 = 6 7 (mo d 5 6 1 ).L e t x 1 r : 6 { J . F er m at ' s l i ttl e th e o re m te l l s u s th a t x0: bn-t :1 (mod n).6 ? : .. is automatically a pseudoprime the base b. Consequently. ..2. since bn-\ .56l i s composi te. and n passes Miller's test to the base 2. n is composite. Likewise. 2047 passesMiller's test for 2to23 the base 2. Hence. Proof. then we Definition. so that N is a strong pseudoprime to the base 2. then n is prime. this is the factorizationof /V-l We now note that 2?v-r)/2:2nk b e c a u s2 n : ( z n . we conclude that there are infinitely many strong pseudoprimes the base 2. then N : 2'-l also is composite. 1373653is the smallest . say n is a strong : : E x a m p l e . to Theorem 5. We shall show that if n is a pseudoprime to the base 2. L e t n : 2 0 4 7 : 2 3 ' 8 9 . + t:I{* : (Zn)k = I (mod /V) I = I ( m o d . The smallest odd strong pseudoprimeto the base 2 is 2047. n { ) .k must be odd. so that 2047 is a pseudoprime to the base 2. We have . we see that 2'-r -l : nk for some integer k.7.A f. r is odd. we showed that if n is composite.I : 2 n -2 : 2 (2 n -r-l ) : Ztnk. From this congruence. and Zn-r : I (mod n). In the proof of Theorem 5. Since every pseudoprimen to the base 2 yields a strong pseudoprime2n-1 to the base 2 and since there are infinitely many pseudoprimesto the base 2. then is a s t r on g p s e u d o p ri me th e b a s e2 . Although strong pseudoprimesare exceedinglyrare. We demonstrate this for the base 2 with the following theorem. 2047 is a strong pseudoprimeto the base 2.l Let n be an odd integer which is a pseudoprimeto the base 2.t ) e passes Miller's test.T h i s d e m o n s t r a t e s t h a t N into an odd integer and a power of 2. furthermore.2 Pseudoprimes 157 led to the following definition. Miller's test for the base 6. tr to The following observationsare useful in combination with Miller's test for checking the primality of relatively small integers. There are infinitely many strong pseudoprimes the base 2. Hence. Since 22046/2 : (2t l)e3 : (zo+g)e3 : I (mod 2047). Hence. N passes Miller's Test and is composite. there are still infinitely many of them. to N :2 ' . so that if n 1 2047. T h e n 2 2 0 a 6' ( 2 1 r ) 1 8 6 : ( Z O + A ) 1 8 6 1 : (mod 204D.5. lf n is compositeand passes pseudoprime to the base b.4. From Theorem 5. In fact.I (we will see how to make this "random"choice in Chapter 8). e 2 This leads us to a primality test for integersless than 25. If n is composite the probability that n passesall k tests is l e s st h a n 0 / 4 k . Miller's test does give an interestingand quick way of showingan integer n is "probablyprime". b We prove Theorem 5. A consequenceof this hypothesis is the following conjecture. a n d 7 i s 3 2 5 1 0 3 1 7 5 1 .to show that a positiveinteger n is prime.and the smallestodd strong pseudoprime all to t h e b a s e s2 .8. giving us a primality test for integers less than 1373653. 5 . then n must be prime. a n d 7 i s 3 2 1 5 0 3 1 7 5 1 . of Theorem 5.8. Let n be a compositepositiveinteger. it may be more likely that a computer error was made than that a compositeinteger passes the 100 tests. There is no analogy of a Carmichael number for strong pseudoprimes. i n t e g e rw h i c h i s a p s e u d o p r i m t o a l l t h e b a s e s . Let n be a positive integer.3. To see this. and 7.indeedalmost overwhelming. 1 0 e t h e o n l y o d d . 3 .l . Pick k different positive integers less than n and perform Miller's test on n for each of these bases. Using Rabin's primality test does not definitely prove all that an integer n that passes all 100 tests is prime.A l s o . take at random an integer b with I < D ( n . Mi a n dn I 3 2 1 5 0 3 1 7 5 1 .perform Miller's test for each of these 100 bases. then r passesMiller's te s t f or at m os t Q -l )/4 b a s e s w i th I < b ( n .an extremely small number. Using Rabin's probabilisticprimality test. if we pick 100 different integers at random between I and n and.3. evidence that the integer is prime.8 tells us that if t? passes Miller's tests for more than (n-l)/4 basesless than n. we seethat if n is composite the probability that r? passesMiller's test for the base b is less than I/4. l e s st h a n 2 5 .158 S ome S peci al C ongruences odd strong pseudoprimeto both the bases2 and 3. but does give extremely strong. 3 .5.This is a consequence the following theorem. An odd integer n is pr im e if n < 2 5 ' 1 0 e . then the probability than n passes all the tests is less than 10-60. If n is an odd compositepositive integer. this is a rather lengthy way.n p a s s e s l l e r' s te st for the bases2. 5 . There is a famous conjecture in analytic number theory called the generalized Riemann hypothesis.10e. and 5 is 25326001. worse than performing trial divisions.8 in Chapter 8. Note that Theorem 5. However. Rabin's Probabilistic Primality Test. The smallest odd strong pseudoprimeto the bases2. If we pick k different basesless than n and perform Miller's tests for each of thesebaseswe are led to the following result. . 1. If the generalizedRiemann hypothesis valid. 2 . Hence. Proof. Show that the even integer n : 161038:2'73' l 103 satisfiesthe congruence 2n = 2 (mod n).2 Problems l . I The important point about Rabin's probabilistic primality test and Proposition 5. 5. To perform Miller's test for the base b on n takes O (logzn)3) bit operations. Assume that the generalizedRiemann hypothesis is true.1 . after performing O((log2n)s) bit operations. We have seen that the best algorithm known for factoring an integer requires a exponentialin the squareroot of the logarithm of the number of bit operations number of bits in the integer being factored. then there is whether a positive integer n is prime using an algorithm to determine O ((log2n)5)Uit operations.then by Conjective 5.each using O(logzb)2) Ult operations. while primality testing seemsto require only a number of bit operationsless than a polynomial in the number bits of the integer tested.1. is Proposition 5. Show that every odd composite integer is a pseudoprimeto both the base I and 5 .1.2 Pseudoprimes 1s9 Conjecture 5. This contrasts strongly with the problem of factoring. For every compositepositiveinteger n.by Proposition 1. t h e b a s e.1 is that both results indicate that it is possibleto check an w i n te g er n f or pr im a l i ty u s i n g o n l y O((l o g 2 n )ft) bi t operati ons.we can determinewhether n is compositeor prime.5. there is a base 6 with | < b < 70 (log2n)2such that n fails Miller's test for b.such that n fails Miller's test for the base b.becausethis test requires that we perform no more than log2n modular exponentiations. then n is a pseudoprimeto the base n . lf n is composite. to 3 . The integer 161038 is the smallest even pseudoprimeto the 4 . Let b be a positive integer less than n. as many number theorists believe. base 2. To discoverthis b requires less than O(log2n)3)'O((togzn)z) : O((log2n)5) Uit operations. here k i s a positive integer. Show that if n is an odd compositeinteger and n is a pseudoprimeto the base a.the following result providesa rapid primality test. Show that 45 is a pseudoprime the bases17 and 19. We capitalize on this difference by presentinga recently inventedcipher systemin Chapter 7.a. Show that 9l is a pseudoprimeto the base 3.7. . there is a base b with b < 70 (log2n)2. If this conjecture is true. a n d p i s a n .113 f) g) 7 1 7 2 0 8:1 . then n is also a 1 0 . 6 1 : 564651361 43. Show that if z is a pseudoprime to the bases a and b..l). then n is a pseudoprime lessthan or equal 6 Ah) to to different basesa with I ( a ( n. 14. b) Show that if there is an integer b with (b. then n is a pseudoprimeto the base a-. then n is a pseudoprimeto the base a.29'73 : 29341 l 3 ' 3 7 ' 6 1 : d) 314821 13. where d' is an inverseof a modulo n.n) : I such that n is not a pseudoprime the base D. 1 8 .3. 15. Show that if p is prime and the Mersenne number Mo : 2P . 9 .l ) / G 2 . but not a pseudoprimeto the base 6. . Show that if n is a pseudoprimeto the base a.where ot. and 5.I is composite.. Show that 1373653 is a strong pseudoprimeto both bases2 and. a. Conclude that there are infinitely many pseudoprimes any base a.l 2 ml l . . int and l 8m* l are al l pri mes. Show that 1387 is a pseudoprime.but not a strong pseudoprimeto the base 2..3907.3. then n is not a pseudoprimeto the base aD. ) 7.. .n + t).l ) ..1 3 . Show that 25 is a strong pseudoprimeto the base 7. show that 2p | (. l l .. (Hint: Show that the sets c t.ba2. and demonstrate that a 2 P: 2 ( m o d n ) . a) Show that if n is a pseudoprimeto the base c. ar are the basesless ba. and ba1. Showthat the following integers Carmichael are numbers il b) c) : 2821 7'13'31 : 10585 5. w h e r e a i s a n i n t e g e ra ) l . 8.) 12. Show that25326001 is a strong pseudoprime bases2.6r. o2.. have no common elements. to 1 6 .3361. 1 7 . S h o w t h a t i f n : ( a z p .. o2. (Hint: To to establish that ao-t = I (mod n).i s a Carmichael number.160 Some SpecialCongruences 6 . w here i sa i r m pos it iv e e g e rs u c h th a t 6 m* l .397 : e) 27845 5'17'29. than n to which n is a pseudoprime.23.. Find a Carmichael numberof the form7.qwhereg is an odd prime. pseudoprimeto the base aD.1). 3 1 . 13. a) S howt ha t e v e ry n te g e o f th e fo rm (6 m +l )(l 2m+ l )(tg. odd prime not dividing a(a2 . then Mo is a pseudoprime to the base 2... Show that every composite Fermat number F^ : 22' + I is a pseudoprimeto the base 2.. 6 3 1 1 8 9 0 1 5 2 1 2 7 1 ' 5 4 1 ' 8 1a. The Euler phi-function Qh) is defined to be the number of positive integers not exceeding n which are relatively prime to n.we first define a specialcounting function.2 Pseudoprimes 161 : 109. 4. 5.5. Find Carmichael numbers. and 7. The val uesof d(. Definition.7 ' 1 3 ' 9 . then n is either a prime or a pseudoprimeto the base D. 5. How do we work with the correspondingcongruencesmodulo a compositeinteger? For this purpose. Perform a primality test for integers less than 25'l0e based on Miller's tests for the bases2. if it does. determine whether n satisfies the congruence bn-t = I (mod n) where b is a positive integer less than n. (Use the remarks that follow Theorem 5. 3.2 Computer Projects Write programs to do the following: I. then Miller's test takes 2. In T abt e 5. Miller's test to the Given a positive integer integer n.n d 7 2 9 4 7 5 2 .) Perform Rabin's probabilistic primality test. 4 2 1 . 5. Given a positive integer n. The Valuesof Euler's Phi-functionfor I ( .n) for I ( n < 100 are given in Table 2 of the Appendix. 2 9 4409 37' 73' : : 2 t 1 . with n = 3 (mod 4). numbers.5. 1 we dis p l a yth e v a l u e so f @ (n ) fo r I ( r ( 12.55164051 l b) Conclude from part (a) th a t 1 7 2 9.3. Show that if n is a positive O ((logzn)2) bit operations.7. if it does then n is either prime or a strong pseudoprimeto the base b. Table 5. Carmichael 19.3 0 7 ' 6 1 3 ' 9 1 9 e ar 9 l I. determine whether n passes base b.3 Euler's Theorem Fermat's little theorem tells us how to work with certain congruences involving exponentswhen the modulus is a prime. n 2 3 4 5 6 7 8 9 l0 il I2 6h) I 2 2 4 2 6 4 6 4 l0 n < 4 12. Let n be a positive integer.1. Hence. w e e i th e r h a v e p I a a nd p I n. 9 . t hen so tu ) = I (mo d rn ).uler's theorem.' o. This is a contradiction. In thi s secti on. 2 . and p I n. since r. S i n c e( a . . p I ri and p I n.fl ) : l . Proof. we will need the following theorem about reducedresiduesystems.Q h ) .. 3 ' 3 : 9 . et2. A reduced residue system modulo n is a set of Ofu) integers such that each elementof the set is relatively prime to n.m ) : l.. since r7 and r. lf r1 . we assumethat arj = ar1.162 S ome S peci al C ongruences In Chapt er 6. t h e s e t 3 ' l : 3 . . f r o m T h e o r e m . T h e s e t 1 . 8 ): l .7 i s a re d u c e d re si duesystem modul o 8.. and i f a i s a pos it iv eint e g e rw i th (a .w e use the phi-function to give an analogue of Fermat's little theorem for compositemoduli. To demonstratethat no two ari's are congruent modulo n. we illustrate the idea behind the proof w i th an ex am ple.n): l. b y C o r o l l a r y 3 . we need to lay somegroundwork. 5 . we assumethat (a r1. 7 i s a r e d u c e dr e s i d u es y s t e mm o d u l o 8 .. ei ther p I a or p I 11. ' . S i nce ( 3 .1 coffie from the original set of reducedresidues modulo r?. th e re i s a p ri m e d i v i s o r p of (ari . Definition. : rk (mod n). n ) : l . . Exam ple. 9. E x a m p l e .3 . and both p I a and p I n cannot hold since (a.n). . 3 ' 7 : 2 1 i s 5 also a reducedresiduesystemmodulo 8. 5 : 1 5 .. is a member of a reduced residue modulo n. we can conclude that ar1 and n are relatively prime for j : l . H ence. ot6h) i s al so a reducedresiduesystemmodulo r. 3 . we cannot have both p I r..5 . T h e s e t . T h u s . T he n . If m is a positive integer and a is an integer with (a . To do this. Before we prove Euler's theorem.9 by the following example. l . w e s tu d y th e E u l e r p h i -fu n c t i onfurther. 3 . However. T he se t 1 . th e n th e set et1.t6 G) i s a re d u c e dresi duesystemmodul o n. (mod n). tr We illustrate the use of Theorem 5.r2 . ..1 . We now state E. where j and k are distinct positive integers with 1 < j ( d ( n ) a n d I < k ( d ( n ) . and no two different elementsof the set are congruentmodulo n. n) ) l. 3 i s a l s os u c ha s e t . Theor em 5.so that ri # rr (mod n). l w e s e e that r. Euler's Theorem. To show that each integer ari is relatively prime to n.3 . 3 ' 3 .tis an i n v e rs e f a m o d u l om. a6(^) {z r ' r 6 ( m )j r(z r o(m) (mod z ) . s )(.. We now use the ideas illustrated by this exampleto prove Euler's theorem.m) : I . Proof. = 3 4 ' l ' 3 ' 5 ' 7 l'3'5'7 (mod8). 3 ' 5 . . they have the same least positive modulo 8. 9 .. Therefore. . Qr2.a t y . ( 3 . Thus. 32:5 (mod 9) is an inverse We can solve linear congruences using this observation. To solve a x j D ( m od z ) .. We know that both t h e s e t s l . w e mu l ti pl y both si des of thi s . . fro m C o ro l l a ry 3. Hence. relatively prime. Example.26-t : 25 : of 2 modulo 9. m ) : l . lf a and m are o H e n c e. th 8) : l . We know that 20@-t .. r a( ^ ). residues ( 3 . 7 ): l l ' 3 ' 5 ' 7( m o d8 ) .. D o o ( m )= I We can use Euler's Theorem to find inversesmodulo m. 7 a n d 3 ' 1 . obtain ar pr 2 aryfu't -. w h e re (a . . 3 ' 7 a r e reduced residuesystemsmodulo 8.. w e can concl ude that Si n ce ( r g2 (modm). r6 (m ) i n s o me o rder.5 .rZ. .. By Theorem 5 ...3 .o6( m ) . f w e we multiply togetherall terms in each of thesereducedresiduesystems. H e n c e . ro(^) denote the reduced residuesystem made up of the positiveintegersnot exceedingm that are relatively prime to m. Let rr. w e c o n c l u d e a t : 3 + _ 3 d (a ) I (m o d g ) . 3 .3 Euler ' s T heor em 163 Example.r| rz 16(^) (mod la) ..1. ) . we know that s ' t6 (m)-t : 4 4 (m) 1 (mo d rn). 3 )(.or6(m) i mu st be t he int ege rs 1 1 . th e l e a s t p o s i ti v e re si duesof ar1. a r 6 ( m ) i s a l s o a r e d u c e dr e s i d u e syste m m odulo lz .3 . t h e s e t Q t 1 . C onsequentl y.. m ) : l . s i n c e ( a . 5 .1 2 . an integer relatively prime to 32760. c6(m) is a reduced residue system modulo m . The solutions o f 3 x = 7 (mod l 0) x = 3d( 10) .. if a and b are relatively prime positive 1 0 . 6 . are those integers such that Example. Show if c t. then I I a * a2 * I ofh)-t = 0 (mod m).. 4 . 3 . o Therefore. 7 3 3 . then 8 . Find a reduced residue system modulo a)6 b)e c) lo d) e) f) t4 16 17. Show that the solutions to the simultaneoussystem of congruences . Show that if a is at2=l(mod3276CD. .oh): 0 ( m o dl n ) . Find a reduced residue system modulo 2^ . where m is a positive integer. 2. Show that cd(b) I 6ab) : I (mod ab). the Solutions y : of(m)-tb (modm). integers.J:9 (mo d l 0 ) . s i n c e ( I 0 ) : 4 .3 Problems l. then c1* c2* * ..164 S ome S peci al C ongruences co ngr uenc e aa h )-l to o b ta i n by ( o o (m)-t * .t b m o d m ) . 7 .1. Show that if a is an integer. c2. 5 . Solve the following linear congruences using Euler's theorem il b) c) 5x = 3 (mod 14) 4x = 7 (mod 15) 3x = 5 (mod 16). 9 .: q Q ( m ) . then a7 = a (mod 63). Show that if m is a positive integer and a is an integer relatively prime to m. Use Euler's theorem to find the least positive residueo1 3100000 modulo 35. d are given by 5. 3 Computer Projects Write programsto do the following: l. (mod m). 1.M!t^') (mod u)' M/mi forT: 1.5 .. are given by x j a. w h e r eM : m 1 m 2 I l.. the last digit in the hexadecimal n 12. Find the solutionsof a system of linear congruences using Euler's theorem and the Chineseremaindertheorem (seeproblem l0). 2. where the mi are pairwise relatively prime. (mod mz) x ? a. a) Show every positive integer relatively prime to l0 divides infinitely many repunits (see problem 5 of Section 4.2..) b) Show every positiveinteger relatively prime to b divides infinitely many base b repunits (seeproblem 6 of Section4.. Find @(n) for the integers with 13 ( n < 20. 5.find a) b) o1 the last digit in the decimal expansion 7t000 oP expansion 51100$000.r. a n dM j : + a. 13. Solve linear congruences using Euler's theorem. 14.ul'^) + a2M!@) a m . Using Euler's theorem. ll : (to'-t)/q..1). (Hint: Note that the n -digit repunit lil .m ) positiveintegersa.3 E uler ' s T heor e m 165 x i * = ar (mod rn r) o. Show that if m isa positiveinteger.1).. then o^ = am-6(m)(mod rn ) for all .

An arithmetic function f is called multiplicative if f fun) : f (m)f fu) wheneverm and n are relatively prime positiveintegers. The function f h) : I for all n is multiplicative because and f(n):1. pi ' i t .1 The Euler Phi-function In this chapter we study the Euler phi-function and other functions with similar properties. since g(mn) :mn : g(m)efu). Multiplicative functions with this property are called completely mult ip licative functions. Similarly. First. f(m):1.. then we can find a simple formula for f fu) given the prime-powerfactorizationof n. Definition. If / is a multiplicativefunction. Example. I f / 166 i s a m u l ti p l i c a ti v e n c ti onand i f n: fu pi ' pi . we presentsomedefinitions. f(mn):1. function g(n) : n the is multiplicative.. so that fhn):f(m)fh). T heor em6. Throughoutthis chapter. w hether or not (m.we are interestedin arithmetic functionsthat have a specialproperty. 1. Notice that ffun) :1(m)fh) and g( m n) : g( m ) S h ) fo r a l l p a i rs o f i n te g ersm and n. An arithmetic function is a function that is defined for all positive integers. Definition.Multiplicative Functions 6.n) : l. .

The positive integers'less-than that are not relatively prime to p are po thoseintegersnot exceeding that are divisibleby p. s o t h a t m n : 3 6 . Let p 6e\:po-po-t. pl'). p th Co n v er s ely .l.l. we must show that d is multiplicative. positive integerwith d(p) .. we find that d(53) : 53 .2. namely d. then 0b) : p . Theorem 6. f Q i ) . if is c o mp o s i te . Sincethere arep . then f tu): f Qi)f Qi) " Proof. p \ ' " ' p ! ' ) : 1 . i0 Q ) : p f d0) ( p-2. a n dd ( t t 2 ) : 1 1 2 1 1 : 1 1 0 . H e n c e . W e l i s t t h e i n t e g e r sr o m I to 36 in a rectangularchart. First. = f o-'fp_D ' zZ\ be a prime and a a positive integer.l. we see that t S i n c e i ' .2 e: 5 1 2 . is not relativelyprime to p. Then po Proof. If p is prime. O ( z t } ): 2 t 0 .| integers| .so there are po . .P o -r. n 6 Example.p .po-r integersless than po that are relatively p ri me t o po.p . we considerits values at primes andthenat primepowers.. thenp is prime.I suchintegers. continuing f(n): -f Qi') f Qi) f Qi' -f Qi'.thenp mustbeprimetr . given the prime factorization of n.f (p\') f Q?) a We now return to the Euler phi'function.we findthatf h) : f Qi) f bi) .Q i ' p \"' ' p : ' ) .and. Conversely. There are exactlypo-l such integers..6. If p is prime then every positiveinteger lessthan p is relatively prime we to p.3..l.3.l.p and d are not relatively prime. Theorem 6. haveQQ) : p . Since we know that at least one of the p . e n p h a s a d i v i s ord w i th | < d 1p.1 The EulerPhi'function 167 the prime-power factorization of the positive integer n. as shownin Figure 6. Using Theorem6. f E x a m p l e ..L e t m : 4 a n d n : 9 . .52 : 100. Since f "fQi). w e k n o wt h a f b i ' p \ ' " ' p ! ' ) : f b i ' ) b p:).2. ro that in thisway. To find a formula for @(n). b " ) : p o . f f t u ): f b i ' p i '" ' p : ) : f Q i ' ' Q ? " ' p i ) ) : is multiplicativeand Qi'. We illustrate the idea behind the proof with the following example.1. of course.pi' ' ' ' p!) : l. . if p is a Proof. We now find the value of the phi-functionat prime powers. Henc e .

HenceOGO : 2. Then no number in the rth row is relatively prime to mn. 6-l)m*l h-l)m*2 h-I)m*3 2m 3m Now suppose r l s a posltlve lnteger not exceeding m. We circle these. Neither the second nor fourth row contains integers relatively prime to 36. Let m and n be relatively prime positive integers. Proof..@@33 l0 t4 18 22 34 . Suppose (m.4.O@. I 2 3 m*l m*2 m*3 2m*l 2m*2 2m*3 . each element of these rows is relatively prime to 4. they are the 12 integers in the list relativelyprime to 36. where k is an integer . and hence not relatively prime to 36. Within each of theserows. We now state and prove the theorem that showsthat @is multiplicative.5@@27@@ t2 l6 20 24 28 32 36 Figure6.6 .r):d)1.168 Multiplicative Functions OOe@@2. Then Q f u n ): Q ( m ) t h ) . We enclosethe other two rows. Theorem 6.1. since anv element of this row is of the form km * r.. We display the positive integers not exceeding mn in the following way.OU)O(il. there arc 6 integers relatively prime to 9. since each element in these rows is not relatively prime to 4.

Theorem 6... Pr..I) Pr Pz pi.6.. th"n 0h) : o?i)obi. oht') Obi').4. each containing d(n) integersrelatively prime to mn. Pt Proof.. . tr CombiningTheorems6. If fuI) :1 and I ( r ( m. Then 6h):n0-lttr- l) Pz Pr tr-.(l . Hence. they are relativelyprime to mn.L)ri. Theorem 6.3 and 6. Since there are S(m) rows.5..!) Pz This is the desiredformula for d(n).2.(l.m) : l.. Since @is multiplicative. sinced | * and d I r. pf. pir' be the prime-power factorization of the positive integer n. we need to look at the rth row only if (m.1 The EulerPhFfunction 169 with I < t < n .r) : l.I l ( l Pr .) In addition. Since (r.t ) P* pi:oftt: n ( L.3 we know that . Consequently.l. the n integersin the rth row form a completesystemof residues modulo r.p?-t: p. we must determinehow many integersin this row are relatively prime to mn.+) Pi forT : 1. D Lt (l-I). m * r . we derive the following formula for 0Q). from Theorem 6. Since these d(n) integersare also relatively prime to m..4. Let n : por'pi' . exactly Qh) of these integers are relatively prime to n. and d | &m*r). (r-!) P* . . Hence.'o..k. we can conclude thal Q(mn) : O(m)efu).to find those integers in the display that are relatively prime to mn. The elements in this row are r .!l .1 tells us that if the prime-power factorization of n is n : pl.. h-l)m * r. each of these integers is relatively prime to m. By Theorem 3.. 2m * r.pl. Qh): pi'T .pf'.

For instance. Then dln 2A@l:n' Proof.5 with the following example. The following result. Put the integer m into the classCa if the greatestcommondivisor of m and n is d.the number of integersin Ca is the number of positiveintegersnot exceedingn/d that are relatively prime to the integer n/d. Then dln 2.n/d) : l . Example. (m . Using Theorem6. Let f be an arithmetic function.f (d) represents sum of the valuesof f at all the positivedivisorsof n. which states that n is the sum of the values of the phi-functionat all the positivedivisorsof n. i.n ) : d . e . Let n be a positive integer. then dlt2 > f U) : f (r)+ f Q)+ f 0) + f U) + f (O+ f 0D .5. will also be useful in the sequel.170 Multiplicative Functions we illustrate the use of rheorem 6. the Example. H ence. =)-192.ilrr |l tr l. > d 2 : 1 2+ 2 2 + 3 2 + 4 2 + 6 2 + 1 2 2 dlt2 :l* 4+g+16+36+ 144:ZlO. ) We now introduce a type of summation notation which is usefulin working with multiplicativefunctions. We seethat m is in C4.il(l +) 4o and : t2oe 0020: o(2432s) .we see that there .6. we note that : : . loo(l d(roo)o(22s2): .i f a n d o n l y i f fu /d . From this observation. If / is an arithmetic function. We split the set of integersfrom I to n into classes. Theorem 6.

a n d d ( 1 ) : I d + We respectively.n is the sum of the numbersof classes we in elements the different classes.1 7 } C 6 : { 6 . 1 3 .O(0) .13 e) lo! f) 20t . the This proves theorem. 4 .1 The Euler Phi'function 171 are gh/d) integersin C1. O ( 3 ): 2 .1 5 } as We see that the classCa contains0081d) integers.tr 6. 0 ( 2 ) : l .7'rr. nfd also runs through thesedivisors.We illustrate proofof Theorem whenn : 18. O ( 9 ): 6 .so that n:>0fu1d)-DfU) dln dl. Find the value of the Euler phi-function for each of the following integers a) 100 b) 2s6 c) l00l d) 2. Find all positiveintegersn such that d(n) has the value ill b)2 c)3 d)6 e) 14 f) 24. . seethat n : > Qhld) dln As d runs through the positiveintegersthat divide n.1 Problems l.1 4 . the six classes c o n t a i n ( 1 8 ): 6 .5.3. l l .0(3)+ integers.1 6 } C g : { g } C r r : { t g }. We have those contains c 1 : { 1 .6 the Example.1 2 } c 2 : { 2 . dll8 6.6.Consequently. C 3 : { 3 . 0 ( 6 ) : 2 . 1 0 . 2.5 .8 . Since we divided the integers I to n into disjoint and each integer is in exactly one class. The integers C4 from I to 18 can be split into classes whered I 18 suchthat the classC7 m integers with (m. QQ)+d(1):2atal. notethat 18: d(18) + O(g)+ .18): d . 7 .

13. 8.1 6(n*') for ft : r. then d(n) is divisibleby 2k. . a) Showthat f*g : g*. fa@ lrrh) if n is odd if n is even . For which positive integers lz doesQfu) divide m ? 9. using the principle of inclusion-exclusion (seeproblem lZ of Section 1 l). Let n be a positive integer. Prove Theorem6.13.1.f*t : f |.3..{n): then rf . are positiveintegerswith nr I n..r if n: l lo i fn ) l .2.then Qbb) : (a. For which positiveintegersn is 6fu) a) odd b) divisible by 4 c) equal to n/2 ? 4. 12. show that a positive integer n is compositeif and only if oh) ( n . Show that if z is a .il) .. c) Showthat if r is the multiplicative functiondefined by .. b) Showthat (/*g) *h : f* Q*h) . show that there is by a positive integer r such that n. . Two arithmetic functions/ and I may be multiplied using the Dirichlet product which is defined bv : V*s)(n) 2f @)shlil . : recursively nr: Qh) and n1. Show that if n is a positive integer. 11. for all arithmetic functions/.b)6G)O$)lOKa. 10.n2.6-.then Q(mk) : mk-16(m) .positive integer having k distinct odd prime divisors. For which positive integers n is Qh) a power of 2? 7...5. Show that if a and b are positive integers. Define the sequenceof positive integers fl1. then n Qfu) | oh). 14. Show that if n and k are positiveintegers. then QQn): 5' 6.f ... ...172 Multiplicative Functions 3. Show that if m and. Use the Mobius inversion formula to show that if f is an arithmetic function and F is the arithmetic function defined by F ( n ): > f @ ).1 The Euler Phi-function 173 d) The arithmetic function g is said to be the inverse of the arithmetic functton : .f it f*S : g*-f and only if f 0) I 0. *rr.. 1 9 . is /. Showthat if n is a positive dln 1 8 . (Hint: When f 0) # 0. Let f be an arithmetic function.f-t of/ by calculating/(n) recursively. Show that if F is the arithmetic function defined by F ( n ): > f @ ). Show that if f and g arc multiplicative functions.\n):1 I if n . t6.> 0h /il . dln so then if F is multiplicative. Show that the arithmetic function / has an inverse if . dln This result is called the Miibius inversion formula. formulaand the fact that n .where is a primeandt is .> f U)f-tfuld). Show that the Miibius function defined by t It l(-t)' p.6. integer 1 7 . using the fact that '(n) . Usingthe Mobius inversion a) Q(p') : p' p'-'.:. Show that if / has an inverse it is unique.. greater thanone. then the Dirichlet product /*g is also multiplicative.) dln 1 5 . p integer.ps if n has squarefactor larger than I lO t is multiplicative..I with primefactorization if z is square-free n:prpz. find the inverse .then ) p@) :0. ' dln then f h):2p@)Fhld). . provethat 20. p:". is an additive function and if g(n):zfb).. is Show that if / multiplicative. but not completely additive. if the prime-power factorization of n n: pi'pi' . a) Show that it f multiplicative.'. then g is 6. then f (il : f @r)". 23. Show that if <^r(n)is the function that denotesthe number of distinct prime factors of n.f(pr)o. is completely multiplicative for every real 21.174 Multiplicative Functions b) d(n ) is multiplicative. . Show that the function f (n):ne number k. Show that tr(n) is completely multiplicative. f 25. A function f that satisfies the equationf (mn) :7(m) + "f (n ) for all relatively prime positive integers m and n is called additive. then <^r additive. is defined by settingo(n ) equal to the sum of all the positivedivisorsof n. and if the above equation holds for all positive integers m and n. a) we define Liouville's function r(n) by I(r) : l and for n ) | $$n) : (-l)4'|+4r+"'+a'. 22. Show that if n is a positive integer then ) by is b) tr(n) equals 0 if z is not a perfect square. Find the integerr in problem 13. 6.and equals I if n is a perfect square. One of theseis the sum of the divisorsfunction. Show that tf f is completely multiplicative.1 Computer Projects Write programsto do the following: l. ' (p^)"' when the prime-power factorization of n is n : pi'pi' . 24. f is called completely additive. and g are multiplicative functions then fg is also b) Show that if f and g arc completely multiplicative functions then /g is also completely multiplicative. 2. The sum of the divisors function. Definition.. denoted by o.2 The Sum and Number of Divisors We will also study two other arithmetic functions in some detail. . p:'. . a) b) c) Show that the function -f (n) : log n is completely additive. Find valuesof the Euler phi-function. we use the following theorem. The number of divisorsfunction.7. The values of .2 we give . Theorem 6.1. 1 we giv e o h ) fo r 1 ( n < 1 2 ( n < 100 are given in Table 2 of the Appendix' I n I 2 3 4 5 6 a 7 8 9 r0 ll t2 oQ) I J 4 7 6 t2 8 l 5 l 3 1 8 t2 2 8 12 .(n):>1.we illustrate the idea behind its proof with the following example. If / F (n) dln is a multiplicative function.6 . The Number of Divisors I ( n ( notation. In Table6. It o(n) and z(n) in termsof summation Note that we can express is simple to seethat oh):Dd dln and . is definedby setting r(n) equal to the number of positivedivisorsof n. n I I for 2 2 3 4 2 5 6 7 8 9 3 10 ll 4 t2 6 rh) 3 2 4 2 4 2 12 ' for Table6. The Sumof the Divisors I ( n ( The other function which we will study is the number of divisors.Q) 1 ( n < 100 are givenin Table 2 of the Appendix. then the arithmetic function Beforewe prove the theorem. Definition. dln To provethat o and r are multiplicative.2. for Table6.2 Th e S um and Nu mb e r o f D i v i s o rs 175 The val ues of o(n) for In Table6. and let Ffu) dln .h) for I ( n ( tZ. Let "f be a multiplicative function. denotedby r. and the secondis the divisor of I 5). 5 . f ( r ' 1 ) f Q .7 by Proof. we nowprove Theorem usingthe ideaillustrated the example.1 .4 . 3 ) + f + f Q . 1 5 . 3 : 1 .176 Multiplicative Functions r(60) : r(4)F(15). the first factor is the divisor of 4 .dfi2 of mn. 3 )+ f u . thenF (md : F (m)r 0). 1 5 : 1 . 20 :4'5. 30 : 2'15. 6.n): l .n) : l.^n"f By Lemma2. D+ f 0 . I 0 : 2 . i l + f Q . since(m. 4 : 4 . we seethat . D + f 0 . . 3 . l s ) + f ( 4 . 5 .6 : 2 . 2 : 2 ' 1 . i l + f ( 4 . r s ) :f (t)f(l) + f Q)f(r) + f (l)7(:)+ f @)f(r)+ (fDj6) f +f Q)f(r)+ f Ql|(s) + f (Df(g)+ f ol7(rs)+ f @f 6) + f Q)f (rs)+ f Q)f 0s) : ( / ( t ) + f Q ) + 7 Q ) ) ( / ( r l+ f G ) + f ) + / ( l s ) ) : F(4)F(rS). 5 )+ o . canwrite we F(mn) : drl^ drln > f Utd2) Since/ is multiplicative and since(dbd): l. eachdivisor mn canbe writtenuniquely of product relatively as the primedivisors of dlof m andd2of n. To showthat F is a multiplicative function. + f ( r .1.we must show that if m andn are relatively primepositive integers. d1 to Hence. 3 . 5 .5. l 5 )+ f Q . andeachpair of divisors of m and d2 of n corresponds a divisord . 1 2 . 60 : 4-15 (in each product. Hence. We have that F (mn) : u) ' 02. F ( 6 0:) f ( r ) + / o + f ) + f ( q ) + f ) + f 6 ) + / ( 1 0 )+ f 0 2 ) + f (rs)+/(zo) + f Q0 +/(60) : . Each of the divisors of 60 may be written as the pr oduc tof a d i v i s o ro f 4 a n d a d i v i s o ro f 15 i n the fol l ow i ngw ay: l :1. 1 . So let us assume (m. 3 . po Proof.1 w i th p :5 s4.po-t.1. Then o ( p o ): ( t + p + p 2 + and r(po):a*1. we can derive formulae for their values based on prime factorizations. Now that we know o and r are multiplicative. tr * pa-t * po : #. Let p be prime and a a positive integer. tr Ffu)Ffu). Also.6. so that r(po) : a * l. First.l Pt-r pl'*'-l p!'*'-l : i j -r P.I o(53):1*5+52+53: a nd a: 3.. When we apply L e mma 6 . The above lemma and the fact that o and r ate multiplicative lead to the following formulae. p. Let n:pi'pi2.1.. po. The divisors of po are l.8.. Theorem 6.-l P i -l . has div is o rs . Then l'*' o(n):ry p Pz-l. Consequently. where we have used *po) : Po*'-l p-l Example.. p' .. w e fi nd that fi:156andz(53)-l*3:4. we note that a*l e xa ctl y o(po):1*p+pz+ Theorem1. we find formulae for o(r) and rh) when n is the power of a prime. Lemma 6.2 The Sum and Numberof Divisors 177 F (m n ) : drln drln 2 f Q)f @z) drl^ 2fQ)ZfVz) drl.. the positive integer n have prime factorization p:'. e) f) g) h) 2'3'5'7'll 2s345372t1 lo! 201. we obtain the desiredformulae.*t) : rI. Which positive integers have an odd number of positive divisors? . o(pi'p3' ' ' ' p:') : .134. G1+D.6:241g 2-l 3-l 5-l and r ( 2 4 .11.s. Example.74.17.13. and . 3.ei. 32-l .) found in Lemma 6.. 3 2 . we find that : : o(200) o(2352) r!-.s3. Inserting the values for oe!.1. Since both o and r (c.pi.19s f) 20t. we see that o(n) : obi)obi) o(pi) and r(n) : .8 with the following example. Find the number of positive integer divisors of il 36 b) 99 c) r44 d) 2.Qi') are multiplicative. 13. Find the sumof the positive integer divisors of a) 35 b) te6 c) looo d) 2r0o 2.8. i l(:4 + l ) ( z + t ) ( t + t:) 3 o.Qi) pi) : .19 e) 2i2. : o(lz0 : o(2a.178 Multiplicative Functions (az+D r(n) : (c1+l) Proof. 2-t and r(2 o o ) : Also " (2 3 5 2 ): g : 15.3.32. 6. Using Theorem 6.(p1') .115.31 465 : 5-l (3 + t ) Q+ D : 12.s) T-.Qi').2 Problems l.7.17s. D we illustrate how to use Theorem6. 52-l :31.1 . 8. Show that the number of pairs of positiveintegerswith least common multiple equal to the positive integer n is r(nz). For which positive integers n is the sum of divisors of n odd? 5. . so that o1. Find all positiveintegersn with a(n) equal to a) 12 b) l8 c) 24 6. : n1: r(n) and n1. dln a) b) c) d) e) Find or(4).. where n has prime-power factorizationn : pi'pi' . find a formula for o.. d) 48 e) 52 f) 84 Find the smallestpositiveinteger n with r(n) equal to a)l b)2 c) 3 d)6 dt4 f) 100../i.3.h) denote the sum of the kth powers of the divisors of n..(n). b! 14.h) : 2 dk.1 r(n*) for ft :1. wherep is prime. and a is a positiveinteger.tr2. . : ft has infinitely many 7.2 The Sum and Numberof Divisors 179 4. .. Let n be a positive integer.. wherep is prime' Give a formula for o1(po).6. Show that if k > | is an integer.r : flr1t : rlr+2: if 15.then the equationrh) solutions. p:. Which positive integers have exactly a) b) c) g. 13.. Show that a positiveinteger n is composite and only if o(n) > n + . Show that no two positive integers have the same product of divisors. Find all positive 12. Define the sequence of integers fl1. or(6) and o{12).rt3. Let o1. Note that o1h) : sfu).. integers such that d(n) + oQ):2n. Give a formula for o1(p). Show that there is a positive integer r such that 2 : f.2. n 11. Show that the function op is multiplicative' Using parts (c) and (d).. two positive divisors three positive divisors four positive divisors? What is the product of the positive divisors of a positive integer n ? 10. 3 Perfect Numbersand MersennePrimes Becauseof certain mystical beliefs. w e s e et h a t 6 i s p e r f e c t . we show that if n:2m-r(2^-l) where 2^-l is prime. 6. E x a m p l e . Definition. Show that if n is a positiveinteger then r(n)z : )r(d)3 dln 6. We note that sincezn-l is odd. we have (2m-r. Theorem 6. Find the number of divisorsof a positive integer. The positiveinteger n is an even perfect number if and only if n :2m-r(2^-l) where m is a positiveinteger such that 2^-l is prime. The following theorem tells us which even positive integersare perfect. 2. then n is called a perfect number. Find the sum of the divisors of a positive integer. The ancient Greeks knew how to find all even perfect numbers. we seethat o (n ) . If n is a positive integer and o(n) : 2n. .o (2 ^ -t)o (2 ^-l ) . then n is perfect. w e a l s on o t et h a t o ( 2 8 ) : 1 + 2 + 4 + 7 +14*28:56. 1 t e l l su s t h a t o ( 2 ^ . Since o is a multiplicative function.180 Multiplicative Functions 16.r ) : 2 ^ .2 Computer Projects Write programs to do the following: l. Theseintegersare called perfect numbers. Proof. assumingthat 2m-l is prime. S i n c eo ( 6 ) : l + 2 + 3 + 6 : 1 2 . First.l and o(2^-l):2^.2m-l) : 1. Consequently.9. Find the integer r defined in problem 14. s i n c ew e a r e L e m m a 6 . sothat28 is another perfect number. the ancient Greeks were interested in those integers that are equal to the sum of all their proper positive divisors. 3. where2 s + l -1 i s p ri me . (2'+t-l)q : 1.l) : l .4). namely 1. demonstrating :2n .3 w e s e eth a t 2' + 1 l o(r). we seethat oQ): t + l.3) tells us that into (2 s + r_ l )2 s * rq.4).q I t and q # t. Theorem 6.4) Hence. Since (2t. therefore. Hence. This implies that (6. since its only positive divisors are I and t.3 ) (2 ' + r-1 )o(i : 2 s + t1 Si n ce( 2s + r . we must find primes of the form 2t-1. we find that (6. we oQ) 2 t + q -| 1.1) o(n) : o(2':) : o(2')o(t) : (2'+t-t)o(l) Since n is perfect.2) showsthat (6 .5) t +q: ( 2 s + t . so that conclude t must be prime. and t . We will show that q : 1.10. from (6. tr From Theorem 6. In our searchfor primes of this form. q.2'+rQ. Inserting this expression o(t) (6.3 PerfectNumbers 181 o(n) : Q^-l)2^ that n is a perfect number.t ) q+ q : 2 ' + r q : o Q ) . Therefore. and.1) . which contradicts that / :2s+l-1.Primes and Mersenne 6. we first show that the exponentru must be Prime. 2s + t .4: I and. (6. fro m L e mma 2 .2 ' * rt . we have G'D o (n ) : 2 n : 2 s + r1 Combining (6. then m must be . If la is a positiveinteger and2^-l is prime.5).1) and (6. then there are at least three distinct positive divisors of t . n :2 t ( 2r + l.5). from (6. Note that if q * l. Write and f is odd. for there is an integerq such that o(t) . To show that the converseis truen let n be an even perfect number. Therefore. we integers n :2'l wheres and t arepositive seefrom Lemma 6. on When we replace / by the expression the left-hand side of (6.1 that (6. Also.9 we see that to find even perfect numbers.t) : 1. We can use Theorem6. The Mersenne number M7:27-I is prime.l) p .q -l ): Q p. whereas the Mersenne :2 0 4 7 : 2 3 . . Since q is a common divisor of zp-l and zc-t-L we know that > l .11. From Fermat's little Proof. Integers of the form 2m-l have been studied in great depth. | < b 1m. We illustrate this with the following examples. is called a Mersenneprime.10 we seethat to searchfor primes of the form 2^-1.6) that (Zp-t. 2c-t-t) : 2t-D .2p . . Theorem 6.I. namely (p. so that m : Zk. Therefore.if 2^-l is prime. we see that 2m-l is compositeif m is not prime. Related results are found in the problemsof Chapter 9. rf p is an odd prime. si ncethe onl y other possi bi l i ty. Definition. if p is prime and Mp:2p-l is also prime. w h e r e k i s a p o s i t i v e i n t e g e rH e n c e q : m p * I .| : mp.1I to help decide whether Mersenne numbers are prime. Assume that m is not prime. then nr must also be prime. so that m : ab where | 1 a 1 m and. know thatql(ze-t-t).f. One such theorem will now be given..6) (T -t. these integers are named after a French monk of the seventeenth century.(Zo-l) 12a(b-D q.t . t r . tr From Theorem6.who studiedtheseintegers.t . Then 2m-l -. 24.q1o+l) .2 k p + 1 . from Lemma 1. and. a2a(b-D Since both factors on the right side of the equationare greater than I. Also. then any divisor of the Mersenne number Mp :2p-l is of the form 2kp + I where k is a positiveinteger. Since q is odd we see that m must be even. : 2ab . then M. would imply from (6. H e n c e . we need to consideronly integersm that are prime. .8 9i s c o m posi te.q-l) : I..2Q-t-l) : l. therefore. Proof.2 we know that we ll\ (6. If m is a positiveinteger. and. Example. then M^:2^-I is called the mth Mersennenumber. there is a positive integer m with q . num berM n: 2rr-I It is possibleto prove various theoremsthat help decide whether Mersenne numbers are prime. Hence p | (q-t). (p . Mersenne. Let q be a prime -dividing Mp theorem.182 Multiplicative Functions pnme. 4.it has been Because possibleto determine whether extremely large Mersennenumbers are prime.11. from for a prime factor not exceeding lml Theorem6.3 PerfectNumbers 183 8191 is prime.| denotethe pth Mersenne number. The first prime of this form is 47. 0 ( rr I Mo .504. so Trial divisioneasilyrules out thesecases. we only needlook Example. Define a sequence integersrecursivelyby setting tr:4. M. The proof of this test may be found in Lenstra [7t] and Sierpifiski[351. andfork>2.Primes and Mersenne 6.. This test has been used to find the largest known Mersenne primes.. Let p be prime and let Mp : 2p .. ffi: A trial divisionshowsthat 8388607:47'178481. any such prime divisor must be of the form 26k + L The only for candidates primesdividinB Mnless than or equal to1fTp are 53 and79. there are specialprimality tests for Mersennenumbers. i s pri me. r * ? rtq -2 (m o d M).2 : 0 prime. It is possibleto determine whether Mo is prime using OQ3) bit operations.. Hence. Furthermore. the form 46k + l. the Lucas-Lehmer test requires O Q3) bit operations. S i n c e r t t 0 ( m o d 3 1 ) . To decidewhetherMB:2r3-l: : 90. Let p be a prime and let Mo : 2! -l denote the pth of Mersennenumber.3l ' Then r. Corollary 6. The Lucas-Lehmer test can be performed quite rapidly as the following corollary states.309. Proof. . Following is one such primality test.: -2(mod31).tr .1.I . rt4 8 A2 rzz42-2:14 ( m o d3 1 ) . c ons idert h e Me rs e n n e u m b e rM5 :2 5 . n Exa mple. Then.| squaringsmodulo iV* each requiring O((log M)2): bit operations. w e c o n c l u d e h a t M 5 : 3 1 i s t 8 2. To determine whether Mp is prime using the Lucas-Lehmer test O(p2) requiresp .and r+2 (mod3l). so that M4is composite.0 (mod M) We use an exampleto illustrate an applicationof the Lucas-Lehmertest. The Lucas-LehmerTest.. is prime if and only if rp-1 .w e onl y need w Exa m ple. T o dec ide h e th e rM z t:2 2 3 -r:8 3 8 8 6 0 7 whether M zt is divisible by a prime less than or equal to to determine of 2896. that M s is prime. which are the largest known primes. there is a new perfect number. p Number of decimal digits in M o Date of Discovery 2 3 5 2 7 2 l3 6 + I1 2 t9 1'2 3 l 9a l 'zz 6 9 8 ig 107 zf) q + t27 )q 52r 8 t ) 607 I (. . 72 r279 ? 2 lh ^ 2203 -7s 2281 3 b 32r7 4253 4423 Lbb 9689 5z 994r I 1213 r9937 2r701 23209 44497 86243 r32049 I I L 9l Table 6. and for each ngw Mersenne prime. I I 2 3 4 6 6 10 19 27 33 39 157 183 386 664 687 969 1281 t332 29r7 2993 3376 6002 6533 6987 I 3395 25962 397 5I 5050 anclent trmes ancient times ancient times ancient times Mid 15thcentury 1603 1603 1772 18 8 3 l91l l9l4 t876 t952 t952 1952 1956 1952 t957 1961 1961 I 963 I 963 1963 t97| I 978 r979 1979 1983 I983 f9t re Known Mersenne Primes. At the presenttime. a total of 29 Mersenneprimes are known and these include all Mersenne primes Me with p ( 62981 and with 75000 < p < 100000. especiallysince each new Mersenne prime discoveredhas become the largest prime known.184 Multiplicative Functions Much activity has been directed toward the discoveryof Mersenneprimes.3. The known Mersenneprimes are listed in Table 6. then n is abundant. Show that every prime power is deficient. where ra is a positive integer such that 2 -l is composite. and we say that n is abundant if oh) or abundant. and information concerningrecent results about odd perfect numbersis given by Hagis [681.3 PerfectNumbers 185 Computers were used to find the 17 largest Mersenne primes known. Show that any divisor of a deficient or perfect number is deficient. An interesting account of the search for the 27th Mersenne prime and related historical and computational information may be found in [77]. Show that if n -2m-t(2^-l) . odd perfect numbers must have certain properties (see problems 1l-14. A discussionof odd perfect numbers may be found in Guy [17]. including coverageon the nightly news of a major television network. Furthermore. It has been conjectured but has not been proved. a) b) c) d) e) f) 4.3 Problems l. that there are infinitely many Mersenneprimes. We have reduced the study of even perfect numbers to the study of Mersenne primes. then we say that n is deficient if ofu) 1 2n . The answer is still unknown. Find the six smallestabundant positive integers. Every integer is either deficient. 3 . for example). Show that each of the following pairs of integers are amicable pairs . at least eight different prime factors. A report of the discoveryof the 28th Mersenne prime is given in [64]. Show that any multiple of an abundant or perfect number is abundant. 2 . Find the smallestodd abundant positive integer. The discovery by high school students of the 25th and 26th Mersenne prime received much publicity. Find the six smallesteven perfect numbers. It is possibleto demonstratethat if they exist. 6.Primes and Mersenne 6. then the Mersenne number Mn cannot be the power of a positive integer. We may ask whether there are odd perfect numbers. ) 2n. perfect. If n is a positive integer. if Two positive integers m and n are called an amicable pair o(m\ : o(n) : m * n. it is known that there are no odd perfect numbers and it has been shown that any odd perfect number must have less than 10200. Show that if n is a positive integer greater than l. 22n't-l) are form an amicablepair.3. Show that 14182439040 27.3. 7 . An integer n is called k-perfect if o(il: 2-perfect. 1 0 2 c) 797 98730.2'-l) and2n(32. Use the Lucas-Lehmer test to determine whether the following Mersenne numbersare prime a) M3 b) M7. b) Find three amicablepairs using part (a). Show that if n : p2 wherep is an odd prime.3. a) Showthat if n is a positive integer with n ) 2.34. then either (Hint: Use Fermat's little theorem to Qn+l) | M^ or Qn+D | (a. kn. d) 8 . prime. c) Mn d Mn.2n-1. b) . where p is an odd Show that if n is 3-perfectand 3 I n. Show that every even superperfect number is of the form n : 2q where zq+t-l is prime. then n is superperfect.then2n(3'2'-t-DQ.5.17.p. then 3n is 4-perfect. 5. is Find all 3-perfectnumbersof the form n -2k.ll to determine whether the following Mersenne numbers are pnme a) M7 b) Mn 9' c) Mn d) Mzs.5is 3-perfect. A positiveinteger n is called superperfectif oGh)) a) b) c) Show that 16 is superperfect. 10. a) b) c) d) e) Show that 120 : 23.294 b) 1 1 8 4l . and32'22n-r-1 all prime. is 4-perfect.+D. showthat Mn(Mn+z) = O (mod 2z+l).5.2n-t-1.7. 5A.) Use part (a) to show that Ms and My are composite.195-perfect.n2.186 Multiplicative Functions a) 220. Show that if n : 2e where 2q+t-l is prime. Use Theorem6.'then n is not superperfect. Show that 30240 : 2s32. : Zn.. a) Show that if n is a positive integer and 2n i L is prime. Note that a perfect number is 6 . suchthat3. n 1 : o ( n ) . Given a positive integer n. Find amicablepairs. Find all positive integers n such that the product of all divisors of n other than n is exactly n 2. tt3: t/t. p r i m e a n d p7 a z Use part (a) to show that if n=l(mod4). Define the sequenca fl1. then n=p(mod8). 1 5 .. the sequence of integers c) It has been conjecturedthat for all is n 1. 5. integers according whether they are deficient.. 3.n2..ic. 13.. n is an odd perfect number.tt2. 5. determine if the sequence peric.. Let n be a positive integer. Use Theorem6.. is fl1. or to Classifypositive (see problem3). then n : po m2 wherep is an odd I (mod4). and 7 are not all divisors of :** 1 4 .rt3.then n : nt : fi2: Show that if n and m are an amicablepair. Determine whether Mersenne numbers are prime using the Lucas-Lehmer test.. at least four different prime divisors.ll to look for factorsof Mersennenumbers.n a n df l k + r : o Q ) a) b) . if of Find the sequence integers n.3 Computer Write programs do the following: to l. that if n is an odd perfect number..pefiodic.6. Show that if n is an odd perfect number then n has a) b) at least three different prime divisors.t13.the sequence generated n :12496:24'll'71.po m2 is an odd perfect number where p is prime. Projects 6... (These integers are multiplicative analoguesof perfect numbers.1. n4: n. defined in problem 16 4..periodicwith period 2.) recursively by 1 6 . Show that if n . then t2..e. ttz..np fot k .n3. f.tt2. perfect.tt.3 Perfect Numbers and Mersenne Primes 187 11.. a) b) Show that if n is an odd perfect number. . then n1 : ftt. and so on..3. abundant 2. tt3 : Show that if n is perfect... then 3.2. possessingknowledge of the method for doing this. while the reverse process of changing the ciphertext back to the plaintext by the intended receiver. Hence. The key determines the particular transformation from a set of possibletransformations that is to be used. secret messages have been sent. while cryptanalysis is aimed at breaking these systems. is called decryption or deciphering. A cipher is a method for altering a plaintext message into ciphertext by changing the letters of the plaintext using a transformation. of course. The discipline devoted to secrecy systems is called cryptology. there is a great deal of interest in the techniquesof making messages unintelligible to everyoneexcept the intended receiver. secrecy has become an important issue. Classically. we present some terminology.Cryptology 7. with electronic communication coming into widespread use. This. the need for secret communication has occurred in diplomacy and in military affairs. secrecy has become necessary even for financial transactions. The processof changing plaintext into ciphertext is called encryption or enciphering. Just recently.1 Character Ciphers From ancient times to the present. Before discussing specific secrecy systems. Now. with the advent of electronic banking. A messagethat is to be altered into a secret form is called plaintext. Cryptography is the part of cryptology that deals with the design and implementation of secrecy systems. 188 . is different from the process someone other than the intended receiver uses to make the messageintelligible through cryptanalysis. we discuss secrecy systems based on transforming each letter of the plaintext message into a different letter to produce the ciphertext. of Of course. a symbol to indicate blanks. there are 26! possibleways to produce a monographic transformation.7. is based on the substitution in which each letter is replaced by the letter three further down the alphabet. Then C:P+3(mod26). 1. Such ciphers are called character or monographic ciphers. we may want to include punctuation marks. . that was used by Julius Caesar.1. since each letter is changed individually to another letter by a substitution. The NumericalEquivalents Letters. A cipher. In all thesesystems start by translating letters into numbers. Altogether. for the sake of simplicity. Greek.2. First. To describe this cipher using modular arithmetic. We take as our standard alphabet the letters of English and translate them into the integers from 0 to 25. 0<C<25. if we were sending messages Russian. Also. we restrict ourselvesto the letters of the English alphabet. The first of these had its origin with Julius Caesar. let P be the numerical equivalent of a letter in the plaintext and C the numerical equivalent of the corresponding ciphertext letter. letter A B C D E F G H I J K L M N o P a R S T I I V w X Y Z numerical 0 I equivalent 2 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 Table7. The correspondence betweenplaintext and ciphertext is given in Table 7. with the last three letters shifted to the first three letters of the alphabet. and perhaps the digits for representingnumbers as part of the message. we present secrecy systems based on modular arithmetic. However. We will discuss a set that is basedon modular arithmetic.1 Character Ciphers 189 In this chapter. Hebrew or any in other languagewe would use the appropriate alphabet range of integers. The newest secrecy we system we will discusswas invented in the late 1970's. as sh o w nin T able 7. we obtain 19 7 15 l8 81812 4 3 17 4 4 l8 19. Converting the letters into their numerical equivalents. Then. 0 < P ( 25.190 Cryptology plaintext A B 0 I c 2 D E F G H 3 4 5 6 I J K L M N o P R S T U V w X Y Z 8 9 l 0 l l t 2 l 3 l 4 l 5 l 6 t 7 l 8 t 9 20 21 22 23 24 25 a 3 4 5 6 7 8 9 l 0 l l t 2 l 3 t 4 l 5 l 6 t 7 1 8 l 9 20 2 l 22 23 24 25 0 I 2 ciphertextD E F G H I J K L M N o P R S T U V w X Y z A B c a Table 7. the letters are converted to numbers. this becomes 2t 3 9 7 11 21 22 17 22 l0 18 2t 11 2t 15 721 7 620722 Translating back to letters. we first change it to its numerical equivalent. we This is the message send. The receiver deciphers it in the following manner. We illustrate the deciphering procedure with encipheredby the Ceasar cipher: the following message . Then we transform each number. Broken into groups of five letters. of To encipher a messageusing this transformation. The grouping of letters into blocks helps to prevent successful cryptanalysis based on recognizing particular words.2. 1806 4 8181914 Using the Caesar transformation Q P*3 (mod 26). grouping letters in blocks of five. the relationship P = C-3 (mod 26). the messageis THISM ESSAG EISTO PSECR ET. we have WKLVP HVVDJ HLVWR SVHGU HW. is used to change the ciphertext back to the numerical version of the plaintext. First. We illustrate this procedure by enciphering the message THIS MESSAGE IS TOP SECRET. The Correspondence Letters for the CaesarCipher. and finally the messageis convertedto letters. and 26 choices for b. The Caesar cipher is one of a family of similar ciphers described by u shft transformation C:P+k (mod26). where k is the key representingthe size of the shift of letters in the alphabet. since in this case P (mod 26). There are 26 different transformations of this type. We require that G. we perform the transformation P plaintext. we will considertransformationsof the type (z. including the case of k = 0 (mod 26). we find that the message reads THIS IS HOW WE DECIPHER. By combining the appropriate letters into words.1 CharacterCiPhers 191 WKLVL VKP.7. 0<C<25. If the rliationship between plaintext and ciphertext is described by (7.ZZ HGHFL SKHU. so that as P runs system of residuesmodulo 26.0<C<25. C More generally.26) : l. giving a total of 12'26:312 transformations of this type (one of these is C = P (mod 26) obtained when a:l and D-0). with ffine transformations. Shift transformations are affine transformations through a complete a:1. : Next.to obtain 22|0ll2ll121l0|725257675||1810720.t) where C-aP*b (mod26). where letters are not altered. C also does. First. and we obtain 1978188 187142222 C-3 (mod 20 to change this to 43428 157417. These are called a and b are integers with (a. then the inverse relationship is given bY . There are O(2O : 12 choices for a. we change these letters into their numerical equivalents.1). We translate this back to letters and recoverthe plaintext message THISI SHOWW EDECI PHER.26): 1. 192 Cryptology P = arc-b) (mod 26), 0 < P < 25. where a is an inverseof a (modZO. As an example of such a cipher, let a:7 and b:r}, so that c = 7P + l0 ( mo d 2 6 ). H e n c e , p = l 5 (c -1 0) = l 5c+ 6 (mod 26). si nce 15 is an inverse of 7 modulo 26. The correspondence between letters is given in Table 7.3. A B C D E F G H I plaintext J K L M N o P a R S T U V w X Y Z 0 2 3 4 5 6 I 8 9 l 0 l l t 2 l 3 1 4 1 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 8 l 5 22 3 r0 ciphertext t 7 24 5 t2 l 9 0 7 T4 2 l 2 9 l 6 23 4 l l l 8 25 6 l 3 20 K R Y F M T A H o V c J a X E L S z G N v B I P w D Tabfe 7.3. TheCorrespondence of Letters theCipher for with C = 7p+10 (mod 26). To illustratehow we obtainedthis correspondence, that the plaintext note letter L with numericalequivalent1l corresponds the ciphertextletter J, to since 7'll + l0:87 = 9 (mod 26) and9 is the numerical equivalent J. of To illustrate how to encipher, note that PLEASE SEND MONEY is transformed to LJMKG MGXFQ EXMW. Also notethat the ciphertext FEXEN XMBMK JNHMG MYZMN corresponds the plaintext to DONOT REVEA LTHES ECRET. or combining appropriate the letters 7.1 GharacterCiPhers 193 DO NOT REVEAL THE SECRET. directed at the cryptanalysisof We now discusssome of the techniques to break a ciphers based on affine transformations. In attempting is compared monographiccipher, the frequencyof letters in the ciphertext letters i; ordinary text. This gives information with the frequency of countsof letters. In variousfrequency between the concerning .orr"rpondence of listed in Table 7.4 fot the occurrence Englishtext, one findi the percentages languages in tne Ze lettersof the alphabet. Countsof letter frequencies other and [52]. may be foundin [48] c D E F G H I J K L M N letter A B o 'l P a R S T U V w I X Y z <l frequency 7 I (in Vo) 3 4 l3 3 2 3 8 <l <l 4 3 8 3 <l 8 6 9 3 <1 z Table 7.4. The Frequencies of Occurrence of the Letters of the Alphabet. are From this information, we see that the most frequentlyoccurring letters informationto determine E,T,N,O, and A, in that order. We can use this which cipher basedon an affine transformationhas been used to enciphera message. First, supposethat we know in advance that a shift cipher has been employed io encipher a message;each letter- of the messagehas been - P+k (mod 26),0 < C < 25. To C transformedby ; correspondence yze cryptanal the ciPhertext YFXMP NTAS P CESPZ CTYRX C J TDF PDDLR DPQFW PD , QZCPY of we first count the numberof occurrences eachletter in the ciphertext. This ?.5. in is displayed Table 194 Cryptology letter A B C D E F G H I J K L M N o 0 P aR 2 2 S T U V w X Y Z 0 0 I I number of I 0 4 5 I 3 0 0 0 occurrences 0 I a J 3 2 Table7.5. The Numberof Occurrences Lettersin a Ciphertext. of We notice that the most frequently occurring letter in the ciphertext p is with the letters c,D,F,T, and y occurring with relatively high frequency. our initial guess would be that P represents E, since E is the -ort frequently o cc ur r ing let t er i n E n g l i s h te x t. If th i s i s s o , then 15:4fk (mod i 6), s; that ft = I I (mod 26) Consequently, would have C = p+11 (mod 26) we and P : c-l1 (mod 26). This correspondence given in Table is 7.6. B C D E F G H A ciphertext I J K L M N o P a R S T U V w X Y Z 0 I 2 3 4 ) 6 7 8 9 l 0 l l l 2 l 3 t 4 l 5 l 6 1 1 l 8 t 9 20 21 22 23 24 25 I l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 0 plaintext P 2 3 4 5 6 I 8 9 l 0 il t2 l 3 t 4 a R S T U V w Z Y z A B C D E F G H J K L M N o Table 7.6. correspondenceof Letters for the Sample ciphertext. Using this correspondence, we attempt to decipher the message. we obtain NUMBE RTHEO RYI SU SEFUL CIPHE RINGM ESSAG ES. FOREN This can easily be read as NUMBER THEORY IS USEFUL FOR ENCIPHERING MESSAGES. Consequently,we made the correct guess. If we had tried this transformation, and instead of the plaintext, it had produced garbled text, we would have tried another likely transformation based on the frequency count of letters in the ciphertext. CiPhers 7.1 Charaeter 195 the form Now, supposewe know that an affine transformationof for enciphering' For C : a p+i (mod 26), 0 < C < 25, has been used message alyzethe enciphered we suppose wish to cryptan instance, USLEL ELYUS QL LQL RYZDG FALGU SLJFE JUTCC LRYXD YXS RV HRGUS PT G V T OLPU. YRTPS JURTU L BRYZ L J LLM JULYU URKLT ULVCU CYREK LYPD J SLDAL YGGFV URJRK LVEXB LJTJU TJRWU The first thing to do is to count the occurrencesof each letter; this count is in displayed Table7.7 c D E F G H I J K L M N 0 l 0 3 22 I letter A B o P a R S T U vw J X Y z number of 2 2 4 4 5 3 6 occurrences 0 I 4 2 t2 5 8 l6 I 3 l0 2 of Table 7.7. The Number of Occurrences Letters in a Ciphertext. With this information, we guessthat the letter L, which is the most frequently occurring letter in the ciphertext, corresponds to E, while the letter U, which occurs with the second highest frequency, correspondsto T. This implies, if -aP*b (mod 26), the pair of the transformation is of the form C congruences -11 (mod 26) 4a*b l9a+b : 20 (mod 26). By Theorem 3.8, we see that the solution of this system is a E 11 (mod 26) and b : 19 (mod 26). If this is the correct enciphering transformation, then using the fact that 19 is an inverse of I I modulo 26, the deciphering transformation is p - - _19 ( C- 19 ) : t9 C -3 6 1 = 1 9 C + 3 (mod 26), 0 < P < 25. found in Table 7.8. This gives the correspondence 196 Cryptology A B C D E F G H I ciphertext J K L M N o P a R S T U V w X Y z 0 I 2 3 4 5 6 ,7 8 9 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 r8 l9 20 21 22 23 24 25 3 22 l 5 8 I 20 l 3 6 25 l 9 l l plaintext D 4 23 t6 9 2 2 l r4 C V 0 t 9 t2 5 24 t 1 t 0 w P I B U N G z S L E X a J o H A T M P Y R K Table 7.8. The correspondence of Letters for the Sample ciphertext. With this correspondence, try to read the ciphertext. The we ciphertext becomes THEBE BERTH VE EVE ORKIN UDENT HESUB STAPP EORYI RYHOM GONTH CANMA JECT. ROACH STOAT EWORK ESEEX STERT TOL EA TEMPT P R O BL ERCIS HEIDE RNNUM TOSOL EMBYW ESAST ASOFT We leave it to the reader to combine the appropriate letters into words to see that the message intelligible. is 7.1 Problems 1 . using the caesar cipher, encipher the messageATTACK AT DAWN. 2 . Decipher the ciphertext message LFDpH LVDZL FRerx HUHG been enciphered using the Caesar cipher. that has 3 . Encipher the message SURRENDER transformationC = llp+18 (mod 26). IMMEDIATELY using the affine 4 . Decipher the message RToLK TOIK, transformation C = 3p+24 (mod 26). which was enciphered using the affine 5 . If the most common letter in a long ciphertext, enciphered by a shift transformation C = P+k k1 (mod 26) is Q, then what is the most likely value of 7.1 CharacterCiPhers 197 6 . If the two most common letters in a long ciphertext, enciphered by an affine transformation C = aP*b (mod 26) are W and B, respectively, then what are the most likely values for a and b? by then using the other cipher. This procedure produces a product cipher ' : 5P +13 a) Find the product cipher obtained by using the transformation C = l7P+3 (mod 26). (mod 26) followed by the transformation c b) 7 . Given two ciphers, plaintext may be enciphered by using one of the ciphers, and : aP+b Find the product cipher obtained by using the transformation C (mod 26), where (mod 26) followed by the transformation C = cP*d Q,26):(c,26)*1. 8. A Vignbre cipher operates in the following way. A sequence of letters kn, servesas the key. Plaintext Qr!r,...,0r, with numerical equivalents k1,k2,..., messages are split into blocks of length n. To encipher a plaintext block of letters with numerical equivalents PbPz,..., P, to obtain a ciphertext block of letters with numerical equivalentscr,cz,...,cn, we use a sequenceof shift ciphers with ci 7 pi * k; (mod 26), 0 ( ci ( 25, as the key for for i : 1,2,...,n. In this problem, we use the word SECRET a Vigndre cipher. a) Using this Vigndre cipher, encipher the message DO NOT OPEN THIS ENVELOPE. b) Decipher the following message which was enciphered using this Vigndre cipher: WBRCSL AZGJMG c) KMFV. Describe how cryptanalysis of ciphertext, which was enciphered using a Vigndre cipher, can be carried out. 7.1 Computer Projects Write programs to do the following: l. 2. 3. using the Caesar cipher. Encipher messages using the transformation C : P+k (mod 26), where k Encipher messages is a given integer. using the transformation C = aP+6 (mod 26), where Encipher messages a and b are integers with (a ,26) : I. 198 Cryptotogy Decipher messages that have been encipheredusing the caesar cipher. Decipher messagesthat have been enciphered using the transformation C = P+k (mod 26), where ft is a given integer. Decipher messagesthat have been enciphered using the transformation c = aP+6 (mod 26), where a and b are integers with (a,26) : r. Cryptanalyze, using frequency counts, ciphertext that was enciphered using a transformation of the form c = p+k (mod26) where k is an unknown integer. cryptanalyze, using frequency counts, ciphertext that was enciphered using a transformation of the form c = ap*D (mod26) where a and b are unknown integers with (a,26) - l. Encipher messages using vigndre ciphers (see problem g). Decipher messages that have been encipheredusing vigndre ciphers. 7.2 Block Ciphers We have seen that monographic ciphers basedon substitution are vulnerable to cryptanalysis based on the frequency of occurrence of letters in the ciphertext. To avoid this weakness, cipher systems were developed that substitute for each block of plaintext letters of a specified length, a block of ciphertext letters of the same length. Ciphers of this sort are called block or polygraphic ciphers. In this section, we will discuss some polygraphic ciphers basedon modular arithmetic; these werOdevelopedby Hill [87] around 1930. First, we consider digraphic ciphers; in these ciphers each block of two letters of plaintext is replaced by a block of two letters of ciphertext. We illustrate this processwith an example. The first step is to split the message into blocks of two letters (adding a dummy letter, say X, at the end of the message, necessary, that the final if so block has two letters). For instance,the message THE GOLD IS BURIED IN ORONO is split up as 7.2 Block Giphers 199 (as Next, these letters are translated into their numerical equivalents previouslydone) to obtain 19 7 13 14 4 6 17 14 14 11 13 14. 38 l8r 20t7 84 38 Each block of two plaintext numbers P,Pz is converted into a block of two ciphertextnumbers C 1C2: C r = 5 Pr + l T P z (mo d 2 6 ) C z = 4 P t + l S P z ( m o d2 6 ) . For instance,the first block l9 7 is convertedto.6 25, because Cr = 5'19+ l7'7 : 6 (mod26) C z = 4 ' 1 9 + 1 5 ' 7 : 2 5 ( m o d2 6 ) . the following ciphertext After performing this operation on the entire message, is obtained: 625 t82 23 13 21 2 3 9 2523 4 r42r 217 2 1l l8 l7 2. When these blocks are translated into letters, we have the ciphertext message GZ SC XN VC DJ ZX EO VC RC LS RC. The deciphering procedure for this cipher system is obtained by using Theorem 3.8. To find the plaintext block Pfz correspondingto the ciphertext block CrCz, we use the relationship P r = l T C t t 5 C z (m o d 26) P z = l 8 C r * 2 3 C z (m o d 26). The digraphic cipher system we have presented here is conveniently describedusing matrices. For this cipher system,we have 'r / / )r ) From Proposition 3.7, we see that the matrix | l c , l l s 1 7 l l Pl, I l=t tl l(mod26). lc,) L4 tsj lP,j In 5'l lts n) | is an inverse of done using the relationship 6 r7'| | | modulo 26. l+ lsJ Hence, Proposition 3.6 tells us that deciphering can be 200 Cryptology = [;;] [: ;] [:;] (mod 26). ln general, a Hill cipher system may be obtained by splitting plaintext into blocks of n letters, translating the letters into their numerical equivalents,and forming ciphertext using the relationship Q - AP (mod20. C1 C2 P1 P2 where A is an nxn matrix with (det A,26) : I, C : and P: cn Pn and where C1C2...C, is the ciphertext block that correspondsto the plaintext block P1P2...Pn Finally, the ciphertext numbers are translated back to letters. For deciphering, we use the matrix A, an inverse of A modulo 26, which may be obtained using Proposition 3.8. Since AA : / (mod 26), we have Zc = Z<,qn = (2,4p -p P : (mod 26). Hence, to obtain plaintext from ciphertext, we use the relationship ZC (JrrlOd 2f.). We illustratethis procedure n g n : 3 usi and the enciphering matrix l9 A: ["2 ls 2 3 25 I lro 7 Since det A = 5 (mod 26), we have (det A,26) : l. To encipher a plaintext block of length three, we use the relationship ll. We have plaintext blocks STO PPA YME NTX. [. [ro 7 t J |. we first split the message into blocks of tht"" letters. adding a final dummy letter X to fill out the last block.. message we into this message letters. lcrl = e lP'l (mod ['.. We obtain the first block of ciphertextin the followingway: [.2 Block CiPhers 201 [c') Ittt ["'l 26).l 1.we obtain the ciphertextmessage 81913 13415 0222 20110. The deciphering process for this polygraphic cipher system takes a ciphertext block and obtains a plaintext block using the transformation f"'ll [.7.J lt'j where 26) lprl = 7 lrrl (mod rrll . We translatetheselettersinto their numericalequivalents 181914 15150 24124 131923.toj U3 in Encipheringthe entire plaintext message the same manner.1 [".'l tt_t L". haveour ciphertext Translating TTN NEP ACW ULA.j .. l:ls Itlllll^l n rtl |tnl-ltnl (mod26).J To encipher the message STOP PAYMENT.'l [" z 'nl ["] [ '] tllll. However. . rather than with individual letters. 23 25 is an inverse "t [? l) (mod 26) wefind that . . For instance. followed by YZ. blocks of length two. . : 1 ..n. . which may be obtained using proposition 3. they are not vulnerable to cryptanalysis based on letter frequency. This would mean that the blocks 19 7 andT 4 are sent to 1023 and21 25. P n ji . .. If A is the enciphering matrix. then we have . . After attemptingto decipher ciphertextusing the A- correct. we would know if our guesswas [s 23 In general.. . we may guess that the ciphertext digraphs KX and vZ correspond to TH and HE.lrn 4 ) : a Iz ?l_ l0 2l (mod 26). respectively.g. the most common digraph in English is TH. r7') : lzt (mod 26)' ltt 2) whichrgives possible key. respectively. correspond to the plaintext blocks P r y P 2 i .Cni..j : 1. For example. this implies that t . nrespectively.2. 12e to transform the ciphertext. followed closely by HE.. Becausepolygraphic ciphers operate with blocks. By comparing the frequenciis of digraphs in the ciphertext with the average frequencies of digraphs. if we know n correspondences between plaintext blocks of size n and ciphertext blocks of size n. Studies have been done to compile the relative fiequencies of digraphs in typical English text. If a Hill digraphic cipher system has been employed and the most common digraph is KX. 2 . with a digraphic cipher system. there are 262: 676 digraphs. according to some counts. polygraphic ciphers operating with blocks of sizen are vulnerable to cryptanalysis based on frequencies of blocks of size n..202 Cryptology 6 -5 ll -10 Z: -l is an inverse of I modulo 26. it is ofGn possible to successfullyattack digraphic ciphers. for instance if we know that the ciphertext blocks C1iC2i. Using the digraphic cipher that sends the plaintext block Pf2to block CrCz with Cr = 3Pt + I0P2 (mod 26) Cz = 9Pt + 7P2 (mod 26). l. then we can find the enciphering matrix A via If (det p. A cryptanalyst has determined that the two most common digraphs in a ciphertext messageare RH and NI and guessesthat these ciphertext digraphs correspond to the two most common diagraphs in English text.7. polygraphs of this length.2 Bl oc k Cipher s fo r 7 .26): (mod 26).[:] il AP=C A = CF (mod26). Any analysis of the relative frequencies of these polygraphs is extremely infeasible. TH and HE. where P is an inverseof P modulo 26. 7. where n is the size of the polygraphs.2 Problems l. which was enciphered into the using the digraphic cipher which sends the plaintext block Pfz ciphertext block CrCz with Cr = 23Pt + 3Pz (mod 26) Cz = IOP | + 25P2 (mod 26).f l. . 3. . for example. there are 26t0. respectively.1. . If the ciphertext . . When n:10. . which is approximately l. 2 . 2. where P and C arc nxn matrices with ryth entries Pl. Cryptanalysis using frequenciesof polygraphs is only worthwhile for small valuesof n. encipher the messageBEWARE OF THE MESSENGER.4x10la. using the matrix congruence can be succinctly expressed These n congruences (mod26). and Cii. Decipher the ciphertext message UW DM NK QB EK. Show that every such transposition cipher is a . what are the entries of the 3x3 enciphering matrixA? 7 . Find the 6x6 enciphering matrix corresponding the productcipher obtainedby to first usingthe Hill cipherwith enciphering matrix rotto*"d by usingthe t} | J. LME. i. Show that the productcipher obtainedfrom two digraphicHill ciphersis again a digraphicHill cipher. For instance. then A alsoserves a deciphering as matrix for this cipher system. 6.* A ?l with fl [0 I lJ 1 1 . A transposition cipher is a cipher where blocks of a specified size are enciphered by permuting their characters in a specified manner. Show that the product cipher obtainedby encipheringfirst using a Hill cipher with blocksof size m and then using a Hill cipher with blocksof sizen is again a Hill cipherusingblocksof sizelm. may be sent to ciphertext blocks c1c2c3cac5: P4PIPIPP3.$$ 8 . Show that if the^enciphering matrix A in the Hill cipher systemis involutory modulo 26. A cryptanalysthas determinedthat the three most commontrigraphs (blocksof length three) in a ciphertextare. that these ciphertext trigraphs correspond the three most commontrigraphs in English to text. If the plaintext was enciphered using a Hill trigraphic cipher describedby C = AP (mod 26). and THA. plaintext blocks of length five. what are a. Find the product cip^her.nl.204 Cryptotogy the plaintext was encipheredusing a Hill digraphic cipher describedby Cr = aP1* bP2 (mod 26) Cz = cP1 * dP2 (mod 26).r. 1 0 .[f lij encipherins . Hillcipher enciphering. 9 . wRI and zyC and gu"rr"."tri* [r5. obtained by using the digraphic Hill cipher with encipherins matrix followedby using the digraphicHill cipher with . P1P2P3PaP5. THE.e. d2 4. and.c.".b. How many pairs of letters remain unchanged when encryption performed is using the following digraphic ciphers il Cr E 4pt + 5p2 (mod 26) Cz = 3Pt + P2 (mod 26) b) c) Cr = lpt + I7p2 (mod26) Cz = Pt + 6Pz (mod 26) Cr = 3Pt + 5Pz (mod26) Cz = 6Pt + 3P2 (mod26)? 5. AND. 42 = 1 (mod 26). Ciphers 7. We will see that ciphers produced by this system are resistant to cryptanalysis. 2. as shown in Table 7. ) For each plaintext block P. where 2m is the largest positive even integer such that all blocks of numerical equivalents corresponding to m letters (viewed as a single integer with 2m d e c i m a l d i g i t sa r e l e s s t h a n p . the enciphering key. based on modular exponentiation. We use the same relationship we have used before. which is an integer with 2m decimal digits. g . we form a ciphertext block C using the relationship C=Pe (modp). 3. we group the resulting numbers into blocks of 2m decimal digits.2 Computer Proiects Write programs to do the following: l.9. e . t h e n m : 2 .0(C<p. first translate the letters of the message into numerical equivalents (retaining initial zeros in the two-digit numerical equivalentsof letters). using a Hill cipher. Let p be an odd prime and let e. Next.that was invented in 1978 by Pohlig and Hellman [9t1.3 ExPonentiation 205 Hill cipher with an enciphering matrix that contains only 0's and I's as entries with the property that each row and each column contains exactly one 1.3 Exponentiation In this section. letter A B c D E F G H I J K L M N o P a R S T U V w X Y z numerical 00 equivalent 0r 02 03 04 05 06 0'l 08 09 l 0 l l t2 l 3 t 4 l 5 l 6 t 7 l 8 l 9 20 2 l 22 23 24 25 of Table 7. we discuss a cipher. The ciphertext messageconsistsof these ciphertext blocks which are integers . be a positive integer we with (e. Two-digit Numerical Equivalents Letters. by analyzing the frequency of digraphs in the ciphertext. Decipher messages Cryptanalyze messagesthat were enciphered using a digraphic Hill cipher. Encipher messages that were encipheredusing a Hill cipher.i f 2 5 2 5 < p < 2 5 2 5 2 5 .p-l) : l. 7. To encipher a message. Ciphers 7.9. 2$. to obtain 1907 0818 0818 0013 0012 l5l I 0414 0500 2315 l4l3 0413 1908 0814 1302 081 s 07a4 0423 1304 0019 nn . obtain the first ciphertextblock from the first plaintextblock to we compute C : = 19072e 2199 (mod 263i.*ponrni in the modularexponentiation e :29.1. we find that the ciphertext message is 2199 2425 to72 2064 t745 t729 l54l l35l 1745 1619 1701 t704 r206 0935 I 553 1841 2437 0960 0735 r459 To decipher a ciphertext block c. To encipher plaintextmessage.wa recover our plaintext block p. To efficientlycarry out the modular exponentiation. we first convertthe lettersof the message their numerical into equivalents. Note that we haveaddedthe two digits 23. If we raise the ciphertext block C to the dth power modulo p. the THIS IS AN EXAMPLE OF AN EXPONENTIATION CIPHER. namely an integer d such that de = | (mod p-l). For instance. to We next translateeach plaintext block P into a ciphertextblock C using the relationship C=pzs (mod263r.p-l) . corresponding the letter X. since . When we encipherthe blocksin this way. so thai (r. so that d is an inverse of e (mod p-l).p-l): l. example. and then form blocksof length four from thesedigits. at to the end of the message fill out the final blockof fbur digits.0< C <2633. which exists since (e. we need to know a deciphering key.): be l. we illustrate the encipheringtechniquewith the following Example' Let the prime to be used as the modulus in the enciphering procedure p : 2633and let the enciphering be key to be usedas the .206 Cryptology less than p. use the algorithm we givenin Section3.(2g.

2).. Then. as we decipher we need to find an inverse d of e modulo p-1.to decipher the ciphertext block 2199.I (modp). cryptanalysis of messagesenciphered using modular exponentiation generally cannot be done rapidly. for some integer k. Before use only O(tog2il3) bit operations. There are various algorithms for finding logarithms to a given base modulo a prime.D holds.. When the relationship Q. and. as done in Sectionmodulo j-t : 2269 is such an inverse.2. suppose we know the plaintext block P correspondingto a ciphertext block C. showsthat : 2632. To decipher the ciphertext blocks generated using : 2633 and the enciphering key e : 29. Again.3 ExponentiationGiphers 207 Cd = ( p" ) d : p e d = p k Q-t)+ t = (p p -t)k p = P (mod p). we need an inverse of e moduius p 3. To decipher the ciphertext block C in order to d find the correspondingplaintext block P. For successfulcryptanalysis. Consequently. the processos of enciphering and deciphering using modular exponentiation can be done rapidly. (mod p). The fastest such algorithm requires approximately . we For each plaintext block P that we encipher by computing P' Proposition 3.) the prime Example.2. we have P = 2lgg226e: 1907 (mod 263r. For instance. we simply need to compute the leait positive residueof Cd modulop. we can do this using OKlog2p)3) bit operations. so that 0. To see this. we say that e is the logarithm of C to the base p modulo p. (mod p-l)' + l. we need to find the enciphering key e.this needs to be done only once.7. suppose we know the prime p used as the modulus. On the other hand.2) C = P' ( m o dp ) .3 demonstrates. we use the relationship P : 9226e (mod 263i. the modular exponentiationis carried out using the algorithm given in Section3. and moreover. To find logarithms modulo a prime with n decimal digits using the fastest known algorithm requires approximately the same number of bit operations as factoring integers with .6Ep log-mgp) bit operations(see [81]). An easy computation. This can be done using O(log il bit operations (see problem ll of Section 3. to recover the plaintext block P from a ciphertext block C. since de = I where de : ki-l) (Note that we have used Fermat's little theorem to see that pn-t .*p(.

These common keys may.gxl0! years are required. and the first individualfinds the commonkey K by computing K : yl' =o&'&'(*od p). Taking a prime p : 2q * l. for instance. the first individual sends the second the inieger-71.k2. when the fastest known factoring algorithm is used. Let p be a large prime and let a be an integer relatively prime to p. and should be constructed so that unauthorized individuals cannot discover them in a feasible amount of computer time. similarly. we should mention that for primes p where p-l has only smalr prime factors. . sincethey must computelogarithmi modulop to find K. We note that other individuals the networkcannotfind this commonkey in K in a feasibleamountof computertime. o <K <p. this sort of prime should not be used as a modulus in this cipher system. obviates this difficulty.. approxim"i"ry 3. Each individual in the network picks a key k that is an integei relatively prime to p-l ' When two individuals with keys &1 and k2 wisi to exchange a key. the second individualsends first the integer where the y2 p lz = ak' (mod ). whereas when p has 200 decimal digiis. we see that finding logarithms modulo a prime p requires an extremely long time. If theseindividualshave keys k t. ihey can sharethe commonkey . and the second individual finds the common key K by computing K: yf'=a&'&'(-odp). kn.208 Cryptology the same number of decimal digits.. when p has 100 decimal digits./r E at'(modp). where .. it is possible to use special techniques to find logarithms modulo p using o (logzp) bit operations. Modular exponentiation is useful for establishing common keys to be used by two or more individuals. In a similar manner. Consulting Table 2. be used as keys in a cipher system for sessionsof data communication. For instance.1. where q is also prime. 0 < yr ( p. finding logarithmr rnodulo p requires approximately 74yearc. Clearly.a commonkey can be sharedby any group of z individuals. o 1 yz 1 p. o < K < p.

and let Dr.(M) = M" Er.(C) = cd. the deck of cards is represented messages M r : . they use the following sequenceof steps. where C is a ciphertext message. They show that by via ciphers.' (mod p) D . by the 52 To play electronic poker. chooie a large pii-" p.(E " . by An amusing application of exponentiation ciphers has been described using exponentiation Shamir. Rivest."THREE oF CLUBS" M sz: "ACE OF SPADES.7.(Er. and Er.:. that is : E r. E r.TWO OF CLUBS' . First.ak'k""4 (mod P)' common key We leave an explicit description of a method used to produce this K as a problem for the reader. so that D". una eat. be the corresponding deciphering transformations. We supposeBetty is the dealer.3 ExponentiationCiPhers 209 K ." When Alex and Betty wish to play poker electronically. Note that enciphering transformations commute. and D". Next. .r:. Let dl and d2be the inversesof el and e2 modulo p respectively. Suppose Alex and Betty wish to play poker. so that 8".)'. they individually choosesecret keys e1aJrd €2' to be used as exponents in modular exponentiation. (modp).man [961.(c ) = c d ' (m o d p ). :_ (M'.(M)). Let Er. a fair game of poker may be played by two players communicating they jointly computers. where M is a plaintext message. represent the corresponding enciphering transformations.(M)) slnce (M")'.(M) = M" (mod p) (mod p).

(M). He obtains the fivi messages Cjr : E r. To guarantee that no cheating has occurred. Let these lll.(Er.(E".(M 1). She obtains Er. since he cannot decipher the enciphered messages Er. where be Cj : Err(Mi..210 Cryptotogy Betty uses her enciphering transformation to encipher the 52 messages for the cards.(E ". all to obtain his hand.))) : Drr(Er. messages C1. such as draw poker. Er. He returns these five messagesto Betty and she deciphers them to find her hand.))) Eer(Mi. by randomly riordering the enciphered messages..(E"..(Er. Alex selects..5. to find : D". Alex selects five other enciphered messages at random..M for messages M.(M)) and Dr.2.(n".5..k.(1.3. since Er.3. so that each player can verify that the other player was .(Er. five of the enciphered messages that Betty has sent him. ll. Cz.)) : M.(Mi) back to Alex.). since D. and all hands are equally likely for each player..*) D".er. neither player knows the cards in the hand of the other player. and C5. Alex useshis deciphering transformation Dr... Alex cannot determine which cards Betty has.4.)) i : 1. the same steps are followed to deal additional cards from the remaining deck. (arl. v. at the end of the game both players reveal their keys. Alex enciphers these five previously enciphered messages using his enciphering transformation.(Er.at random.2.(*t...(C.(C) : E r. Note that using the procedure we have described..(Er. Betty sendsthe fives message E". Ca.4. j : 1.(M.(M)) .. lv.). D".t.52. Betty uses her deciphering transformation D". Then she sends the 52 shuffied encipheredmessages to Alex. Cl.. since When a game is played where it is necessaryto deal additional cards.(M)) : M for all messagesM. Alex sends these five messages that have been enciphered twice (first by Betty and afterwards by Alex) to Betty.-Betty shuffies the d"..(M.(M)) :8".(Mr).2. using her deciphering transformation Drr. i : r.

What 3. Cryptanalyze the ubou" cipher. kc:19 using the modulusP a:31.29 and unknown enciphering key e. be overcome.l0l and enciphering key e GOOD MORNING using modular exponentiation' is the plaintext message that corresponds to the ciphertext l2t3Og02053g 120g 1234 1103 1374 produced using modular exponentiation : 13 2 with modulus p : 2591 and enciphering key e when Show that the enciphering and deciphering procedures are identical .3 ExponentiationCiPhers 211 actually dealt the cards claimed. 4.7.3l and modular exponentiation with modulus P enciphering is done using enciphering key e : ll With modulus p . . k2:12. Describe a procedure to allow n individuals to share the comrnon key described in the text. and how it be found in problem 38 of Section 9. using modular exponentiation. encipher the message Using the prime p . (Hint: First find the iogarithm of 24 to the base 20 modulo 29 using some guesswork. what is the What is the group key K that can be shared by four individuals with keys * 1 0 0 9 a n d base k1 : ll. 3. modular exponentiation produces the ciphertext 04 19 19 ll 04 24 09 15 15. 2.. may A description of a possible weaknessin this scheme. Encipher messages Decipher messagesthat have been enciphered using modular exponentiation. if it is also known that the ciphertext block 24 corresponds to the plaintexi letter U (with numerical equivalent 20). Cryptanalyze ciphertext that has been enciphered using modular exponentiation when a correspondencebetween a plaintext block P and a ciphertext block C is known. : 3. 4. 5 . 7. and kr:31 2 .onthe modulus is p : l0l and the base is a : 51' when 6. 7. k3:17.) key that can be used by individuals with keys kt:27 "o.may 7. Produce common keys for individuals in a network.3 Computer Proiects Write programs to do the following: l.1.3 Problems l. Using the method described in the text for exchanging common keys.

sincl once the enciphering key in one of those cipher systems is known. retaining certain private information that went into the construction of the enciphering transformation E (D. i. is extremely infeasible due to the large amount of computer time needed. recently invented by Rivest. Then. even with knowiedge of ki. tgl? The Rfl cipher system.k. wtrn individual i wishes to send a message to individual ]. To use a public-key cipher system to establish secret communications in a network of n individuals. a new type of cipher system.. To decipher the message. Consequently. i.. the letters of the message are translated into their numerical equivalents and combined into blocks of specified size. called a public-key cipher system. the deciphering key can be fiund using a small amount of computer time. cryptanalysis of the ciphertext message. In ttris type of cipher system.q are large . since an unrealistically large amount of computer time is required to find a deciphering transformation from an enciphering transformation.E1.even though they know the key k. is a puitic-key cipher system based on modular exponentiation where the keys are pairs (e. individual 7 applies the deciphering transformation D1r..(r)) : f. where p and.(C) . Dk. and Adleman lgl].. each individual produces a key of the type specified by the cipher system.to maintain secrecy the enciphering keys must themselvesbe transmitted ovei a channel of securecommunications. (p) is computed using the enciphering transformation Ekt.. consisting of an exponent e and a modulus n that is the product of two large primes.4 Public-KeyCryptography If one of the cipher systems previously described in this chapter is used to establish secure communications within a network. To avoid assigninga key to each pair of individuals that must be kept secret from the rest of the network. for each plaintlxt block p a corresponding ciphertext block c . Shamir. Play electronic poker using encryption via modular exponentiation. no unauthorized individuals can decipher the message.to each ciphertext block C to find p. Furthermore.e.Pkt(Eo..e. n: pq. Then a directory of the n keys k1. k2.212 Gryptology 5. is published. then each pair of communicants must employ an enciphering key that is kept secret from the other individuals in the network. obtained from the key ft according to a specifiedrule. has been recentiy introduced. cannot be found in a realistic amount of time by anyone other than individual -/. enciphering keys can be made-public. 7. Since the deciphering transformation Do.n).

We encipher each plaintext block into a ciphertext block. Qh)) : (13.ri 4{") find +t D ( O = C d : (P ' )d : P e d : P k dh) _ (p o ft). using the relationship C = Prt (mod 2537) For instance.. since ed = I (mod Ob))."lulus. we form a ciphertext block C bY E@) :C zP' (modn).7. 0 1 C 1 n.| . To illustrate how the RSA cipher system works. where ed: kth) * I for some integer k. which existssince G. when we encipher the first plaintext block 1520. To encipher a message. P '^ 1 q'. To encipher a plaintext block P. and by -Euler's theorem. To decipherthe ciphertext block C. 1 004 1406 where we have added the dummy letter X : 23 at the end-of the passageto fill out the final block. when (P. Note that we have (e. The deciphering procedure requires knowledge of an inverse d of e modulo Qh). n) is a deciphering key.n+t . To encipher the message PUBLIC KEY CRYPTOGRAPHY. p ubi. n) : | (the probability that P and n are not relatively prime is extremely small. We obtain 1520 2402 1700 0 1I l 1724 1507 0802 l5l9 2423. we e"l.13 as the exponent for the RSA cipher.c L L e^qvh7 21s CrYPtograPhY Public-KeY Secm{: C P'1 do cryrily we first translate the l. so that G.4 -. we obtain the ciphertext block . primes.and then group these numbers together into blocks of four. we have pa(fi) 1 (mod n).Q(il): numerical equivalents and then form blocks of the largest ietters into their possible size (with an even number of digits).k p = p (m o d n ).te f\rirte { . 42' 58) : l. wq first translate the letters into their numerical equivalents.Qh)) : l. see problem 2 at the end of this section ) . The pair (d. We have n : 43 ' 59 : 2537 as the modulus and e . we present an example where the enciphering modulus is the product of the two primes 43 and 59 (which are smaller than the large primes that would actually be used).

and each individual need do it only twice. Once the primes p and q have been found.0 < p < 2532.g e 3 7 (m o d P 2 5 3 D . One suggestion for choosing e is to take any prime greater than both p and q. 5i) : oeslil 42' 58 : 2436.2. we use Rabin's probabilistic primality test discussedin Section 5. the probability that a compositeinteger passes these tests is less than 10-60. shows that d :937 is an inverse of 13 modulo 2436. such integers. it should be true that 2' > fl : pQ. we expect to find a prime after examining an average of l/OAog 10100). or To test these randomly chosen odd integers for primality. all The procedure we have just outlined requires only a few minutes of computer time to find a 1OO-digit prime. Hence.2. t299 0370 In order to decipher messages that were enciphered using the RSA cipher. Enciphering all the plaintext blocks. For each of these 100digit odd integers we perform Miller's test for 100 basesless than the integer. we must find an inverse of e : 13 modulo : o(43. we obtain the ciphertext message 0095 081I I 185 1648 2333 1457 l4l0 2132 1084. by the prime number theorem. when (P. To understand how the RSA cipher system fulfills the requirements of a public-key cipher system. first note that each individual can find two large primes p and q. so that it is impossible to recover the . with 100 decimal digits. These primes can be found by picking odd integers with 100 digits at random. an enciphering exponent e should be chosen with (e. approximately ll5.to decipher the cipher text block C.214 Cryptology C = (1 5 2 0 )1 3 9 5 = (m od 253D . which is valid because ge37 : (pr3)e37(p2az6)sp= p (mod 2537): note that we have used Euler's theorem to see that pQQs37) p2436 t (mod 2537). the probability that such an integer is prime is approximately 2tog 10100. in just a few minutes of computer time. we use the relationship .e(pq)) : l. 2537) : | (which is true for all of the plaintext blocks in our example). No matter how e is found. as done in section 3.A short computation using the Euclidean algorithm. Consequently.

It may be possible to somehow find the deciphering transformation from the enciphering transformation without factoring n. and as intractable problem. (p . using exponent e algorithm.(modn). an inverse of e modulo 6h).l. note that to find d. From Table 2.1.!1 that Q0) is not easier than factoring the JIlSgg-t? :!Q+d'-4n' so V z l | + q ) + (p-q)| . and p and q should have decimal expansionsdiffering in length by a few digits' For the RSA cipher system. once the modulus n has been factored.everymessageother followed by u reduction than p : 0 and l. factoring large integers Seems to be an n.:'/mq i i n : n . both p large pri-. Rabin [92] has discovered variant of the RSA . p : t / 2lQ + Q + Q -i l \ are fo u n d w h e n n : p q a n d 6h) : b-l )Q-l ) p a n d q c an eas ily U " p and q both have around 100 decimal digits. To se7-y!5 no. just by taking the withC=P.r t72D. known. but so far no such method has been discovered' As yet. It has not been proven that it is impossible multiple of 6h) to decipher messages enciphered using the RSA cipher system without factoring n. we can rapidly find an inverse d of the enciphering and q are known' so that when the primes p rnldulo 6(r) : (P-l)(q-l) is known' 0h) :6(Pq) (e.}||.I should have techniquesto factor n : pq. enciphering messages We note that the modular exponentiation needed for a few seconds of using the RSA cipher system can be done using only base in the modular computer time when th. Also.01C1n. the deciphering key (p-l)(q-l)' Note that finding r e q u i r e st h a t w e f i r s t f i n d Q h ) : O Q q ) : .u . but .| and q . since ed an integer n using any eh) and there are special algorithms for factoring (see Mill. n) does not easily lead to To see why knowledge of the enciphering key (d] n). and consequentl y and q i f. a although this seemsunlikely. if the integer d is known. q . Note that when n .K eYCr Y P to g ra Ph Y 215 eth root of the integer C plaintext block P.8xlOe years of computer time are required to factor an inleger of this size. P # O or 1. and the Euclidean exponentiationhave as many as 200 decimal digits' Also. we seethat using the fastest factorization algorithm known.4 Pu blic . it is easy to find the deciphering transformation from the enciphering transformation. 3. factors. is enciphered by exponentiation modulo n. exponent.all that work in general are equivalent to factoring decipherlng methods suggested we have remarked.Aslongas2.pq has around 200 decimal digits.o 0 ) + l a n dp q : .7. then n may also be factored easily. For example. modulus.l) should be small. A few extra precautionsshould be taken in choosingthe primes p and q to be used in the RSA cipher system to prevent the use of special rapid . requiring tremendousamounts of computer time.I is a multiple of o(n) is not.

However. n) is the enciphering key ior individual 7. individual i sprits . when p and q are known. i knows.p(p+b) (mod n). itr. we form e : p@+b) (modn). f hf ait operations.:Ekt(S)=S'. where (di. where (ei. ret n : pq. supposethat individual i wishes to send a signed messageto individ ual j. if ni t n1. Then. to recover S.Do.". We will not discussthe deciphering procedure for Rabin ciphers here. the deciphering procedure for a Rabin cipher can be carriei out rapidly since O(log n ) bit operationsare needed. To see how the RSA cipher system can be used to send signed messages.s cipher system. Hence the process of deciphering messages encipheredwith a Rabin cipher without knowledgeof p and-q is a problern of computational complexity similar to that of factori zation.216 Cryptotogy cipher system for which factorization of the modulus n has almost the same computational complexity as obtaining the deciphering transformation from the enciphering transformation.."qui. first thing that individual i does to a plaintext block p is to compute S . the recipient of a messageis sure that the message came from the sender.). n) is the deciphering key for individual f which only individual . For deciphering. and can convince an impartial judge that only the sender could be the source of the message. When signaturesare used. we remark that there are foui possible ualue. of p for each ciphertext c such that e . electronic banking. that .s into blocks of size less than nj and enciphers each block using the enciphering transformation 81r. This authentication is needed for electronic mail. since uses the private deciphering . 0<C 1nj.).l ni I n. and electronic stock market transactions. (modn. individual 7 first transformation Dp. To describe Rabin. Public-key cipher systemscan also be used to send signed messages.. Rabin has shown that if there is an algorithm for deciphering in this cipher system. wh.(P) = pd' (mod n. individual i enciphersS by forming . because it relies on some concepts we havi not yet developed (see problem 36 in Section 9'l). and let b be an integer with 0 < 6 1 n. To encipher the plaintexi message p. where p and q are odd primes. an ambiguity which complicates the deciphering process. without knowledge of the primes p and q. then there is an algorithm for the factorization of n requiiing only 2$(n) * log n ) bit operations. n) : (s.kt(Dr. we have used the identity Ep. individual i cannot deny sending the message.(P)) : P.4 Problems l.(P)) (P d ' )" since diei :. to n i. what is the .(P)) : P.266il is usedto encipherthe message BEST WISHES? 4 . ge To find the plaintext messa P . t h i s pqpq probability leis thin 10-s. Also. In Chapter 9.4 Public-Key CrYPtograPhY 217 D1.(s) . supposedly sent by individual i." ) . !+ a n d i f p a n d q a r e b o t h l a r g e rt h a n l 0 r m . 7.zggt) is 0504 1874034705152088235607360468. individual 7 next uses the pubtic enciphering transformation Eq.(Dp.4386607 modulusn : pq usedin a RSA cipher. Here. and d(n) : 4382136. Suppose cryptanalystdiscovers message that is not relativelyprime to the a a 3 .PktGp. we will use this same difference to develop a technique to "flip coins" electronically. The combination of the plaintext block P and the signed version S convinces individual 7 that the message actually came from individual i. since 81.7. Find the primesp andq if n : PQ . p or 1 can by b) Show that it is extremelyunlikely that sucha message be discovered P demonstrating that the probability that a message is not relativelyprime 1-!. since no one other than individual f could have produced the signed message S from the original P. enciphering can a) Showthat the cryptanalyst factorn. (S)) : s.fi. What is the ciphertext that is produced when the RSA cipher with key (e. is P 2.I (mod Oh)).(C) .n) : G. which follows from the fact th a t = Pd ' e ': P (mod n. message The RSA cipher system relies on the difference in the computer time needed to find primes and the computer time needed to factor. If the ciphertext message produced by the RSA cipher with key (e. fP. (D p ..)' E p. .59). 3 7 . il Show that if individuals f and y have enciphering keys k. individual f can send a signed message to individual T by sending E*. Let individual f have enciphering keys (3. when the plaintext messageis cHEERs tranorot Using the method in the text. is applied after Dp. < n. Let each individual have two pairs of enciphering keys: k . what is the signed ciphertext sent by Audrey to Harold when the plaintext messageis SINCERELY AUDREY? In problems 6 and '7.43.( 7 .218 Cryptology plaintext message? 5.59). Harold and Audrey respectively.n). a) have as their RSA keys (3.@)) if ni ) ni .n) and ki : (ei.(p)).s o t h a t g 9 3 : l g . avoiding possible changes in block sizes.n*) with n < H <n*.4D so that 781 : 1l'71 < 1000 < ll89 . What ciphertext message does individual f send to individual 7 using the method given in this problem when the signed plaintext messageis HELLO ADAM? What ciphertext message does individual j send to individual f when the signed plaintext messageis GOODBYE ALICE? b) b) c) 7 . 3 1 .29'41. Using the method in the text.(ei.47.(11. where both n.23.71) and Q2}. 4 7 )a n d . and what does individual 7 send to individual i if the message is REGARDS ZELDA? . P il Show that is is not necessaryto change block sizes when the transformation Eor. respectively. what is the signed ciphertext sent by Harold to Audrey. and let individual j have enciphering k e y s ( 7 .11. 4 j < 1 0 0 0 < I I 4 7 : 3 1 .(Dr. 1 9 . 6.(e. we present two methods for sending signed messagesusing the RSA cipher system. where n and n* are both the product of two primes. has been applied.n) and k* . 3 D .4D and (7.31.(Ep.(D1. and why no ge one other than individual l' could have sent the message.(P)) if n. then individual i can send a signed message P to individual 7 without needing to change the size of blocks by sending Er. Let H be a fixed integer. Using the method described in part (a)..61) and ki .(13. what does individual f send to individual 7 if the message is REGARDS FRED. b) c) d) How can individual T recover p? How can individual j/ guarantee that a messagecame from individual i ? Let ki .(e. and ni are products of two distinct primes. Dp. Using the RSA cipher system. Explain how individual 7 can recover the plaintext messa P. .a2.5 Knapsack In this section.3). 3...a5) (2..3. each either 0 or 1.'7.3) holds. may require that we check all 2n possibilities for (x1..namely xr : x3: x4: l. The best method known for finding a solution of the knapsack problem requires O(2n/2) bit operations.. which makes a computer solution of a general knapsack problem extremely infeasible even when n : 100. By inspection. with Ii :0 t s o l u t i o n s o t h e e q u a t i o n2 x 1 * : or I for i : 1.x. 7x2* 8x3 * llxa * l2x5:21.2+8+l | : 2*7*12. C = P(r+s) (mod ?.. 5.5.12). Encipher the message SELL NOW using the Rabin ciPher 2573). is either 0 or 1.. Let (a1.o3. X3: I+ To verify that equation (7.4 Computer Projects Write programs to do the following: 1.aa. an and a Sum S of a subset of these integers..8. Xl: XZ: X5: l. Another way to phrase the knapsack problem is to ask for the values of xyx2. x2. the knapsack problem asks which of these integers add together to give S. x2: 15 0. and : 0. we discuss cipher systems based on the knapsack problem. where each. 2. Encipher messageswith an RSA cipher' Decipher messagesthat were enciphered using an RSA cipher. w€ see that there are two subsets of these five integers that add together to give 21. Equivalently. 6. to search by trial and error for solutions of (2.. in the text' Send signed messagesusing an RSA cipher and the method described problem 6' Send signed messagesusing an RSA cipher and the method in problem 7' Send signal messagesusing an RSA cipher and the method in Encipher messagesusing a Rabin cipher' Ciphers 7. Given a set of positive integers Qr.3) S:arxr*a2x2* larxn' We use an example to illustrate the knapsack problem.o2..5 Knapsack CiPhers 2r9 8. 4. such that (7.. xn.4. On the other hand.1. requires that we perform at most n additions. there are exactly two namely 2l -. rn).11.2.. : Example. xn w i th .. 3 . The solutionis 37 .solutlon in the general case.3..w e hava x2: I and rr .. O bvi ousl y.27 that have 37 as their sum. n w h e n . S i nce 2 + 3 ( 7. For instance. a sum of integers from this set can only be greater than 27 if the sum contains the integer 27. Then. . .. using the equations .....7. .3 + 7 + 27. x4 m us t be 0 and w e h a v e 2 x 1 * 3 x 2 * 7 x 3 : 10.w e u s e t h e following algorithm.we first consideran example. : 0 o r l . x .S : atxl * a2x2* * enxnand x..e. ..3 7 w i t h e a c h . .r.7 > 3+2. : 1 and th e re fo re 2 x 1 l 3 x 2 :3 . Example. S i s g i v e n ... in succession. i-l j : 2 .. 3. to solve knapsack problems for a super-increasingseeuolco 41. to find the solution of S . i. x 2 . . than the Tiir int"ger.an satisfies this inequality. oz..14 > 7+3+2.2. First. if ai : )i-1. i.{oi.Ar xr * a2x2-l ": I an xr. If a sequenceof integers d1. . Example.en make the solution of the knapsack problem much easier than the.x1.0. Let us find the integersfrom the set 2. 2 . .. t o fi n d th e v a l u e s o f x t. simply requires that we find the binary expansionof S. we find x.cn so that the sum of the first 7-l of these integers is alwayrl.:toif [r ir S Z an S(an. In general. we note that since 2+ 3 + 7 + 14 < 27. Since 14 > 10. . H e n c e . w e must h a v e x . w e must have 15 : I and 2x1* 3x2* 7x3| l4xa: 19.we call the sequencesuper -increasing. and To see that knapsack problems involving super-increasingsequencesare easy to solve. an.7.i f 2 x 1 * 3 x 2 * 7 x 3 * l 4 x a * 2 7 x 5. 14. e2. The sequence 2..ft. so that j-r 2o. We can also produce easy knapsackproblemsby choosingthe integersd1. . ... n .14. a2. 27 > l4+i+3+2.. . First.. e.. 27 is super-increasing because 3 > 2.220 Gryptology certain values of the integers e1. a 2....:0 o r I f o r i : 1 . by noting that r. we find xn-r. where ri:0 or I for i: 1. xn-2. .-. since the sequence when fr is known. + t-l Using this algorithm. We now discuss a cipher system based on this observation...+l for7 : n-l.. the equation We can easilv solve .7. knapsack problems based on super-increasing sequencescan be solved extremely quickly. l e n < S .sn n t-i+l .0 we see that So: Zo.". To seethat this. where bj : wai (mod m) and 0 < bi 1 m.x. g 2 o . where . b2.r. we cannot use a special technique to solve a knapsack problem of the type ^g : integer..r.1.5 KnapsackCiphers 221 if xj- s. We form the sequence b1. we can find b b..S is a positive i-l is not super-increasing.To be specific. t-l where Ss is the least positiveresidueof frS modulo z..algorirhmworks..n-2.4) since fibi =ai wT : i fr|.b. c o n t r a d i c t i n the condition ! .an be super-increasing and let m be a positive integer with lz ) 2ao.. ..let or. However. then ) a. This cipher system was invented by Merkle and Hellman [90]. ( 2 *. first note that if xn :0 then)orrr( i-l i-l when S 7 an. and was considered a good choice for a public-key cipher system until recently. a2. Let w be an integer relatively prime to m with inverse w modulo m.. if xy : 0 when S n aj* i-j+1 r-i+l 7 oj. (modlz) j-l i-l (mod m). The ciphers that we describe here are based on transformed super-increasing sequences. From (7.-j+l i-l o1*i : S j-r j-' Similarly. (7.r.. we will comment more about this later. : h o. .. e2. I an example. (mod m) and 0 ( D. ar. without knowledge of m and w.. since 89>3+5+9+20+44. made public.s) S : brxr f b2x2* * byxy be solved. w e c a n m u l t i p l y b o t h s i d e so f t h i s equation by 4 .g. when m and w are known...This solvesthe knapsack problem s : !. i-l since er. to obtain the congruence 3x1 * 5x2 * 9x3 * 20xa * 44x5 = 336 = 69 (mod g9).3..20..... requires that a group of hard knapsack problems of the form (7.. since . . Each individual chooses a super-increasing sequence of positive integers of a specified length. a2. by .. b.. The super-increasingsequence (oya2. To solve the knapsack problem 2 3 x 1 + 6 8 x z * 6 9 x 3 * S x a* l l x 5 : 8 4 .a3. i-l since bi = wa. For each block. The solution of this easy knapsack problem is xs : x4: x2: I and x3 : rr : 0.6g. i s .N .. t he b l o c k x 1 x 2 . .44) can be transformed into the sequence(b3 b2. b5): (23. b2. the messageis first translated into a string of 0's and I's using the binary equivalentsof letters.2. a sum is computed using the sequence bvbz. as well as a modulus m with m ) 2ay and a multiplier w with (m. When someonewishes to send a messageP to this individual.222 Cryptology So : D o. The cipher system based on the knapsack problem works as follows. the sums generatedby each block form the ciphertext message. the original knapsack problem has as its solution 68 * 5 + 1l : 84.4. . Hence. if not..69.5.9. The transformed sequence b 1.a5):(3. an inverse of 67 modulo 89 .. the knapsack problem (z. m.1. on the other hand. say N..5. We note that to decipher ciphertext generated by the knapsack cipher. whe re b i = w a i (m o d m ). Finally.10.r.2. for 7 : 1. w e c a n c o n c l u d et h a t 3 x 1 * 5 x 2 * 9x3 * 20xa * 44x5: 69.. e.w) :1. for j .5. We illustrate this procedure with Example.r. 0 < bi 1 m. This string of zeros and ones is next split into segmentsof length N (for simplicity we supposethat the length of the string is divisible by N. as shown in Table 7.a4.x 1 1 i v e s S: D rxr * b2x2* g * byxy. aN.. we can simply fill out the last block with all l's).11)by taking bi = 67a1 (mod 89).bxi fo r ins t anc e.s) can be transformed into an easy knapsack problem. by bq. and reduce modulo 89.an is super-increasing.. into the sequence(2002.is an inverseof w modulo m. We start with the super-increasing sequence : (2.2503.172.a3.6) a. so that 503.3347.A7. where w.?fld w (m.417).Q4. since both sides of the equation are positive integers less than m which are congruent modulo ltt.w):1.Qg.6).a2. wIS: frbp1 * frb2x2I z atxl * a2x2* ' * wbyx7.Q5tA6. so that So . .Qg. the super-increasing to transform as the multiplier. * ayxy where frbj: (7. The Binary Equivalents of Letters.Ato) '14'29'58'lI9'24I'480'959'1917)' We : l00l take m: 383? as the encipheringmodulus. where Ss is the least positive residue of wlS modulo rn.10. (mod 22).709. We illustrate the enciphering and deciphering proceduresof the knapsack cipher with an example.3337.855.afi1 * a2x2l * a1vx1v. sequence To encipher the message REPLY IMMEDIATELY.2170.7.1 (mod m ).1I (a1..5 KnapsackCiphers 223 letter A B C D E F G H I J K L M binary equivalent letter N binary equivalent 01101 0lll0 0llll 10000 10001 10010 l00l I 10100 l0l0l 10110 l0l l1 l 1000 11001 00000 00001 00010 I 0001 00100 00101 001r0 00111 01000 0100r 01010 01011 0l100 o a R S T U V P w X Y Z Table 7. We have equality in (7.so that m ) 2a1s. 241. sd:. To decipher.119.as shown in Table 7.. involving sequencesof a general "r nature.959. For each block of ten binary digits.29.. where w and m are relatively prime poritiue integers and ar.Cryptology we first translate the letters of the message into their five digit binary equivalents.. and then form the series of sequences .b. 3347... This gives us 3360 12986 8686 10042 3629 3337 5530 s72s.lglT). we form a sum by adding together the appropriate terms of the sequence(2002. 855.4g0.mr). we find that 3360. by adding 2002.23:540(mod 3837). (w. The reason is that there is an efficient algorithm for solving knapsack problems involving sequences b1. There are several possibilities for altering this cipher system to avoid the weakness found by Shamir. o2. to decipher the first block. and then note that 540 : 480 + 58 + 2...10. Recently. Shamir [g+] tras shown that knapsack ciphers are not satisfactory for public-key cryptography. One such possibility is to choose a sequence of pairs of relatively prime integers (w1.and thenlroup these digits into blocks of ten.an is a super-increasingsequence.503. This tells us that the first block of plaintext binary digit s is 10001 0 0 1 0 0 .m2)..59. (w2. and then we solve the corresponding easy knapsack problem with respect to the original superincreasing sequence (2. For example. 3360.. b2.we compute the first sum. For instance.m1). 3337..11. 2170. and g55.. The algorithm found by Shamir can solve these knapsack problems using only O @ hD bit operations. t 72. where P is a polynomial... to obtain 1000100100 0llltOl0ll 1100001000 0110001100 0010000011 0100000000 1001100100 0101I11000.709. 417) in the slots correspondingto positionsof the block containing a digit equal to l. with bi: wai (modm).14. 2503. instead of requiring exponential time.. ir required for general knapsack problems. we find the least positive residue modulo 3837 of 23 times each sum' since 23 is an inverse of 1001 modulo 3837. 2.33. Decipherthe ciphertext402 105 150 325 that was enciphered the knapsack (306.and (6. bl') as the for j : l.. We then use the final sequ no As sequence. the (3. if 3 . 16 that have18 as their sum.3.. f.I7.. efficientalgorithmhad beenfound enciphering obtained by iterating for solving knapsack problems involving sequences (although there are several modular multiplications with different moduli promisingmethodsfor the productionof suchalgorithms). by sequence obtained from the super-increasing sequence and modulus performing modular multiplication with multiplier w :29 m :331.41.3 6 ) d (3 . dn 2 . . .233.80) when modular multiplication is applied with multiplier : 17 and modulvs : 162.40) c) ( 2. 7. . 2.2l.. Show that the sequencea1. of 4 .. Show that if 41.respectively. sequence super-increasing .9... 11. Find the sequence obtained from the super-increasing sequence (1.37. is This sequence obtained cipher basedon the sequence by using-modularmultiplicationwith multiplier w : 17 and modulusm : 464.179).7 ..374.92). 10.5 Problems l.4.a21is super-increasing ai+r ) 2ai for j . 2 A-r for sequence.22. (I8. sequence to transformthe super-increasing the obtainedby applyingsuccessively modularmultiplications 8 .10. Encipher the messageBUY NOW using the knapsackcipher based on the (17.101)..l' . 2. enceb[') .81.1.8l.3. .. 6.259). a2..19. is Decidewhethereachof the followingsequences super-increasing a) b) (3.. (11..7.b j'-rt (mod z").7. 15 .3 0 . then c.4I.l5l). 13.. a2.f l.5.160)..20.L9. is a super-increasing j . b$').1.67) . of mid-1983.19.4.8.83.. 2.4l. Find all subsets the integers 5 ..5 Knapsack GiPhers 22s b9) 7 w 1 a i ( m o d z r ) (mod m z) . :rrijt' bj') =w..5 9 ) (l l.1 7 .95). Find the sequence on with multipliersand moduli (7.' . m w 6 .5. n.. by 7 . ".

.where (b. the multiplicative knapsack problem I P-ai'ai'"'ol' is converted into an additive knapsack problem S . of these integers with product P.3..13. then it is unique.17. Show that if the integets a1.an are mutually relatively prime. then the multiplicative knapsack problem P:ai'ai'"'oI'. find all solutions of P . Encipher and decipher messages using knapsack ciphers involving sequences arising from iterating modular multiplications with different moduli. Solve knapsack problems involving super-increasing sequences....m): and 0 < b < m. respectively..226 Cryptology 9 .n. Find all products of subsetsof the integers 8..ai'ai'.5 ComputerProjects Write programs do the following: to problems trial and error. d) Show that by taking logarithms to the base b modulo m. is easily solved from the prime factorizations of the integers P.0 or I for j : il b) c) 1..." oi' where xj ... or subsets.6....an Are knOwn.21.. dzr. but cannot be deciphered quickly when the integers d\.2. rj-0 or I for j : I. an are known.. e) to the base 6 Explain how parts (c) and (d) can be used to produce ciphers where messagesare easily deciphered when the mutually relatively prime integers a1.and l0 equal to 60.95... find the subset. e20. or equivalently.ayo2.. @1.an and a positive integer P.an.....2.n.. A multiplicative knapsack problem is a problem of the following type: Given positive integers aya2..121 equal to 15960..a2.. Solveknapsack by 2 .dn ate the logarithms of modulo m.. a2t. and show that if there is a solution.5. 3 . What process can be employed to decipher messagesthat have been enciphered using knapsack ciphers that involve sequences arising from iterating modular multiplications with different moduli? 1 0 . 1.. Find all products of subsetsof the integers 2. Decipher messagesthat were enciphered using knapsack ciphers.. 7.a1x1 * a2x2 * * anxn where S. Encipher messagesusing knapsack ciphers.

file is a string of 0's and I's. f r .. each file to be a binary integer. t7r2. Suppose our database contains four files Fr. 7.. Ft: 12 and Fq: 15' We pick four in decimal notationFr:7.n .'-lf inverse of Ml modulo rz.. for accessto the other files.. from the ciphertext C. fui: M/ry forT !i. . p r i m e s .y i n te g e rs(0 1 I l )2 .-.1r/tn with m1 ) F1 for j :1 ..0(F. i ID d (t t t t)2. We illustrate the enciphering and deciphering proceduresfor databaseswith the following examPle.6 Some Applications to Computer Science In this section we describe two applications of cryptography to computer science. f i l r : 1 1 . g r e a t e r t h a n t h e corresponding integers representing the files.lfid Fa. 2 .t" wherey. (1 0 0 1 )r. The integers e r.. For the ciphertext.(modM). Here we will show how to encipher an entire databasi so that individual files may be deciphered without jeopardizing the security of other files in the database' Fn' Since each Supposethat a databaseB contains the n files Fv Fz.1mi. The first application involves the enciphering of a database.n. F3. let . we simply note that Fi=C(modm).. To encipher this database._ o th e e x i s te n c e f s u c h an i nteger i s guaranteed mo d u l o m i f or j : 1. We let M by the ihin. . A database is a collection of computer files or records. Note that knowledgeof mi permits accessonly to file7.r.m 2 : 1 3 .. we take the integer C with C:br.. To retrieve the 7th file F.7.... it is necessaryto know the moduli other than mi.. a n d t r l 4 : 1 9 . j-r 0<C <M.. A s t h e c i p h e rte x tw e u s e a n i n te g erC that i s congruentto F. by re p res ent ed ih" b i n u . Fz.. . .2 .2. The Chinese remainder theorem is used in both applications.r We call the moduli my r/121 mn the read subkeys of the cipher. €n serve as the write subkeys of the cipher. (t t00)2.6 Some Applicationsto ComputerScience 227 6. mutually relatively Solve multiplicative knapsack problems involving sequencesof prime integers (see Problem 10). we can consider We first choose n distinct primes rltr.iFurthermore. we ... t r l 3 : 1 7 . Example. . is an :1. €2..fttr trtz mn and remainder theorem. . or Fz:9. .-.

3 5 5 3 ' 1 0 : 3 5 5 3 0 e 3. where s is a positive integer less than r. since any . which are given to r different individuals. o T constructthe ciphertext. l 3 ... j .we find F1 by noting that Fr=16298=7(modtl). For instance.. . whereas the knowledge of less than s of these shadows does not permit the key K to be found.2 7 l 7 . H e n c e t h e w r i t e s u b k e y s r t ae 1 : 4 1 9 9 . it becomesmuch more vulnerable to exposure.4. .7+ 3 5 5 3 0 .2. the key K is not vulnerable to loss. p r : l l a n d / + : l g a r e i n v e r s eo f M i m o d u l o lr-7. we choose a prime p greater than the key K and a sequence of pairwise relatively prime integeis rTtb ftiz.y2: s mj for j:1. l g : 3 5 5 3 . on the other hand. we simply find the least positive residue of C modulo rn7. n r C= 12(modl7). . l 9 : 4 6 1 g 9 .t individuals from the r individuals with shadows can produce K. In addition. W . If this information is distributed to several individuals. l 3 . a n d c = 1 5 ( m o dl 9 ) .12 43758..4.228 Cryptology use the chinese remaindertheorem to find the ciphertext c which is the p o s i t i vie t e g ew i t h C = 7 ( m o d l t ) . M t : l 1 ' 1 3 ' 1 9 : 2 7 1 7 .1. Schemeswith the propertieswe have just describedare called (s. . if this information is lost. i : 2 9 3 9 3e 2 : . 1 3 .. To compute c we first find : M r . l g : . M z : 1 l. We will show that the key K can be produced easily from any s of these shadows. l 7 . the key is not vulnerable to exposure. . 1 7 : 2 4 3 1 .r) threshold schemes.2. In order to protect this master key K from both loss and exposure.3. e a s i l yf i n d t h a t l 0 . l l : 2 g g g 7 a n de o : 2 4 3 l . We now discuss another application of cryptography. l 7 . Suppose that in a communications network.we note that Q : e1F1l e 2 F 2 * e 3 F 3* e q F c = 2 9 3 9 3 . such that . we use the chinese remainder theorem.15 + = 1540535 = 1 6 2 9 8 (m o d 4 6 1 8 9 ). but extremely sensitiveinformation.3... 1 9 4 1 9 9 . k. a . 4375g. ffir that are not divisible by p.. 1 7 .a n d M t . The read subkeys are the integers mi.An example of such information is the master key K used for accessto the password file in a computer system. l e s st h a nM : l l .there is some vital. namely a method for sharing secrets. C = 9 ( m o i t 3 ) .9+ 2 9 887. To recover the file F7 from C. Because at least s different individuals are needed to find K. To develop a system that can be used to generate shadows with these properties. we construct shadows kv kz.l l . so that c:16298. there are serious consequences.

) Pffirffir-t frlFs*z of the Note that the inequality (7.p) of residues modulo p as x does.-r.. and then find K : Ko On the other hand. we see ttrat if M intelgers of s-l of the intege$mi. Mi where Mi: . individuals possessing the s shadows ki. mo va l u e i n a f ull s et of r e s i d u e s d u l op .. To see that the master key K can be found by any s shadows.. . we can conclude that M /Mi ) p.1). as Ks could be in any of the p ."utr..-... kr. From 0.7) tTlt lllz ffi. suppose that we know only the s 1 shadows kr.tp. greater than the product of any set Now let I be a nonnegativeinteger less than M /p that is chosenat random. M-l (since0( Ko:K*tp< p+tp:(l+l)p( To producethe shadowskr kz. I mi. and consequently.. .. the only information we have about positive residue of Kq modulo Mi and 0 ( Ko < M ... the integers n..than the . we can easily find the least positive residue of Ks modulo ftri.. .s . 0 ( k.tttttTtz n' then A/p is m'1.). Si n c e (m 1 .from the total of r individuals with shadows.. nt-om Q. Using the Chinese supposethat remainder theorem. Let Ko: K * tP' Ko( sothat0( (M/p)p: M).' With least positive residue a of Ks modulo M..ki. for 7 : 1.Consequently..r ranges through the positive integers less than M lM. Hi.. By the Chinese remainder theorem' we can determine the : ffii.ffii. k.. we see that the knowledge of s-l shadows is insufficient to determine Ko.ffij. Hj. are available.2. we let k1 be the integer with ki = Ks (mod rn..r. is g.2..P ): I for i : l.6 Some Applications to Computer Science 229 mt1mz1 1lttr. we can determine Ks.a * xMi runs through a full set we know that (Mi..we only know that Ko:a*xM. and 0..7) states that the product of the s smallest product of p and the s-l largest of. ki.7. o x takes every : 1.l). where Mi Ks is that a is the least these shadows..r. so where 0 ( x < M/Mt that as . Since we know that 0 ( Ko < M 4 Mi.. k. Hence.. Example.e. fti3 . F1 :4. The interested reader should also consult Denning [47] for related topics in cryptography. kr = 102= 3 ( m o dl l ) kz = 102 = 6 (mod 12) kt = 102 = 0 (modl7). with read subkeys ft:1 : 14. kz:6. and F+: 13. What are the write subkeysof the cipher? what is the ciphertext c corresponding to the database? When the database I with three files Fr Fz. we use an example to illustrate this threshold scheme. and ft3 are the least positive residues of Ks modulo l7lt.tp : lO2 . Let K :4 be the master key.7 : 4. what is the updated value of the ciphertext c? . Supposethat the databaseI contains four files. If file F3 is changed from Fr . (2. Using the Chinese remainder theorem.ll.7 . i. S inc e 0 ( K o < M :1 3 2 < 1 8 7 .e. We pickt from among the positive integers less than M /p : 132/7. Fz. Suppose we know that kr: 3 and kr : 0.6 Problems l. and ^F3is enciphered using the method described in the text.ll to F3 : 12. fir2: 15.2. trt3:17. so that the three shadowsare kl : 3. and :iqrandomly gives us The three shadows kvkz. we can determine Ks modulo n7t/tt: ll. il b) 2.230 Cryptology congruenceclassesmodulo p. We can recover the master key K from any two of the three shadows.7 102. the corresponding ciphertext is c:619. since Ko = 3 (mod ll) and Ko = 0 (mod 17) we have ko = 102 (mod 1g7). i. r 1 1 : ll.3) threshold ftr2:12. This Ko: K i tp :4 : * 14.lg7.16 be the read subkevs f the o cipher used to encipher the database. so thatM : Dtirt2:132 ) pmt: ll9. We will develop another threshold scheme in problem 12 of Section g. we will use a s c h e m e o f t h e k i n d j u s t d e s c r i b e dw i t i r p . 7.lj .14. andma . Ft: 10.6. Let ml : 5. w e k n o w t hat K 6 :102. ntz:7.and m3. and consequentl y the master key is K : Ks . f/12. and kr : 0. and nt3:19. encipher databasesand recover version of databases' the ciphertext (see problem 2)' Update files in the ciphertext version of databases Find the shadowsin a threshold schemeof the type describedin the text. files from Using the system describedin the text. three pairs of shadows Show how to recover the master key K from each of the found in Problem 3.6 Computer Projects Write programs to do the following: l. Recover the master key from a set of shadows' . a (2'3) threshold Decompose the master key K : 3 into three shadows using . 4.5' mr : 8' t/tz: 9' m3 : ll schemeof the type describedin the text with p and with t -. 2. 7. 3.7. 4.13.6 So m e A pplic at ion s to C o m p u te r Sc i e n c e 231 3. To find the order of 2 modulo 7. We denote the order of a modulo m by ord_a. 32 : 2 (mod 7).by the well-ordering property. 33 = 6 (mod 7) 4 (mod 7) .72: 3 . Let a and m be relatively prime positive integers. 22 Therefore. to find the order of 3 modulo 7 we compute 3t 3e 3 (mod 7). We find that 2t = 2 (mod7). we compute the least positive residuesmodulo 7 of powers of 2. then s6(m) = | (mod m). Definition. at least one positive integer x satisfiesthe congrueneea* = 1 (mod rz). 4 (mod 7). Example. 3s = 5 (mod 7) . there is a least positive integer x satiifying this congruence. ord. Then. Similarly. Therefore.1 The Order of an Integer and primitive Roots From Euler's theorem. 36 = I (mod 7). the least positive integer x such that e* = I (mod z) is called the order of a modulo m. We see that ord73 : 6. . if m is a positive integer and if a is an integer relatively prime to m.Primitive Roots 8. Consequently. 23 I (mod 7). 58 = 16 ( mo d 1 7 ). we have least positive integer such that.if a* = I (mod n ). D This theorem leads to the following corollary' Corollary 8. . lf a and n are relatively prime integers with n ) 0. we see that a.a I x. From this equation. Therefore. from corollary 8. we need a* of In order to find all solutions the congruence = I the followingtheorem.1 these are the only possiblevalues of ord175. From the inequality Since a' = I (mod n). and 16.8. The following example illustrates the procedure.8. To find the order of 5 modulo 17. a* -ok'ord'a:(ao'd'o)k =l (modn). : 16.o)e gr a. we conclude that ord175. wo first use the division algorithm to 0 ( r ( ordra. we first note that 0(ll7) sinceihe onty positivedivisorsof 16 are 1. by definition.ordna I x. write Conversely. then x : k'ordnc wherek is a positiveinteger' Hence. (mod n). Euler's theorem tells us that qb('\: l (modn).1 The Order of an Integer and PrimitiveRoots 233 (mod m). then the Theorem 8. y (mod n).4. 5 1 6= I (mo d l 7 ). I Proof. we know that a' = I : ordna is the 0 ( r ( ord. Using Theorem 8. Because f :0. we concludethat ordra I O(n)' n We can use Corollary 8.52 = 8 (mod l7).1.n) : 1. Since 5r = 5 (mod l7).16.54:13 (modl7). we conclude that r:0. > 0. If ordra I x.2.1. since.1 as a shortcut when we compute orders. Q. Proof. x : q'ordna * r. then o r d n aO f u ) .1.av = I x : a'ordna. (mod n). Since (a. Example. lf a and n ate relatively prime integerswith n a' = I (mod n) if and only integerx is a solutionof the congruence positive if ord.a*r (aord. : oa'ord. that ai-j: I (modn). Proof.3 is a primitive root modulo 7. note that only integers less than 8 and relatively p r i m e t o 8 a r e 1 . 5 is also a primitive root modulo 7. then ai = aj . w h i l eo r d s 3 : o r d s 5 : o r d s 7 : 2 . as can easily be verified. we are interested in integers a with order modulo n equal to Qfu). (mod n) where r and 7 are nonnegative integers. Consequently. rf a and n are relatively prime integers with n ) 0. For instance. Definition.j. l. th know that (ai. Example. Hence. there are no primitive roots modulo 8. Conv er s elyas s u me a t a i = a r (mo d n ) w i th i > j .we will find all integers possessing primitive roots. Theorem 8.234 Primitive Roots The following theorem will be useful in our subsequent discussions. In our subsequent discussions. lf r and n are relatively prime positive integers with n ) 0 and if r is a primitive root modulo n.2. tr i Given an integer n. 5 . = j (mod ord.1. To indicate one way in which primitive roots are useful. Likewise.n) : 1. or equivalently. This is the largest possible order modulo r. the Theorem 8. 3 . a n d o r d 3 l : l . sinceoord'a=l(modn). we From Theorem 8. if and only if i = j (mod ordna). then r is called a primitive root modulo n. Hence. since ord75 : 6. ai : ojrk'ord'a : aj(ao'd.n): .a). Suppose that i = j (mod ordna). S i nce (a. the congruence ai = ai ai-i = ai (mod n) implies. Then. To see this. We have previously shown that ord73 : 6 : 00). by cancellationof a/.3. Not all integers have primitive roots. there are no primitive roots modulo 8. we have : j * k'ordra. it follows that ordra divides i .o)o = a/ (mod n ).1. then the integers . using Corollary 3. wherek is a positive i integer. wo following theorem. If r and n are relatively prime integers with n ) 0 and if ordrr :6h). Since d(8) : 4. and 0 < j < t. a n d 7 . then o rd .4. Let J:ord-(a"). tt I u1vs. Hence. Hence. we only need to show that that no two are congruent modulo n.1.2. Since we know that I I zs. Theorem 8. Hence.D .8 . relatively prime to n. 22 = 4 (mod 9). (mod Qfu))' However' for From Theorem 8. 23 = 8 (mod 9). and 26 = I (mod 9).^a : t.n):1. since Example. This that i : j . slld consequently. and 26 = 1 (mod 9). Proof. If ord-a : / and if r.u).1 tells us that s I tr' On the other hand. we Note that (a")t': ( a r ' . first 22 = 4. we see that i = i i = / (mod d(n)) implies I < t ( O(n) and 1 < j < 0h). assume ri = r/ (mod n ) .tt. Hence. f2' "'' '6b) form a reduced residue set modulo n. root r form Proof. it usually has many primitive To demonstratethis. ) Q l v ): ( a t ) u ' : I ( m o d r n) . all relatively prime to n ' for any positive integer k. the congruence n. 2s = 5 a When an integer possesses primitive root. and u:tltv' From since ord. t:tvv. we first prove the following theorem' roots. Theorem 8. no i*o of these powers are congruent modulo modulo r.l is a positive integer.3. D showsthat we do have a reduced residue system Note that 2 is a primitive root modulo 9. tp . these powers are that To show that no two of these powers are congruent modulo n. and (rk.1 Th e O r der of an I n te g e r a n d P ri mi ti v e R o o ts 235 tl . Proposition2. since (a \t : e u s = I (mo d rn ). | . know that (r yu1) : l. we see that the :6 powers of 2 form a reduced residue system modulo 9. To demonstratethat the first @(r) powers of the primitive they are all a reduced residue set modulo n.n):1 i t f o l l o w sf r o m p r o b l e m8 o f S e c t i o n2 ' 1 t h a t Since G. From Theorem 8. v:(t. These are OO) 24 = 7 (mod 9).(a " ) : t l Q . Zt = 2 (mod 9). (mod 9).2t = g. . if and This leads immediately to the following theorem.4. This Corollary 8. From Corollary 8.vbh) form a reduced residue system modulo .1 Problems 1.. we know that ord. w e s e et h a t / . 6. tr Example. s : I t t: proves the result. 3 . I r . 8. | ". w e c o n c l u d e h a t . 12.^r' : ord^rf (u. A little computationtells us that 2is a primitive root m odulo 11.ord*r) : Q(m)/fu. s inc e l l h a s a p ri mi ti v e ro o t. D and ru is a primitive root modulo m.o(d ) : l: Proof.2. N o w . there are exactly 0@@)) primitive roots modulo ru. Theorem 8.. ord. tr We have the following corollary of Theorem g. and g are four incongruent primitive roots modulo I l.Q(m)) : t. Proof.7. Then Theorem 8.u).. Determine the a) order of 2 modulo 5 b) order of 3 modulo l0 c) order of l0 modulo 13 d) order of 7 modulo 19. a( *) ) : l.ru : efu)..236 Primitive Roots l . u s i n gL e m m a 2 . onlyif (u. then it has a total of Q@fu)) incongruent primitive roots. consequently. s i n c es I t r a n d t . . m 2 r. Let m: 11.2. I et r be a primitive root modulo z where m is an integer. we know that r" is a primitive root modulo rn if and only if (u .5' If the positive integer m has a primitive root. From Theorem 8.0@D . It is easiry seen that 2.. s i n c e th e re u t" r* " " i l y o @ @)) such i ntegersa. w e know that 11 has a@ ol )) :4 incongruent primitive roots.4. Then r' is a primitive root modulo m if and. Q6u): t/v : t/(t.only if (u.3 tells us that the integers r. Let r be a primitive root modulo rn. Show that if n is a positive integer and a and 6 are integers relatively prime to n : ordna'ordnb' such that (ordna. Show that ordo2 :Zn*r. I 1. then ord^at : s . 16. 5. 19'73. then ordna: ordnd. then i is also a primitive root modulo m. then there is an integer a with ordna : d. then pq is a pseudoprime to and ordo2 | Q-D. z"+rk + l.1. then ord'(ab) when Find a formula for ordn Gil if a and b are integers relatively prime to n ordna and ordrb are not necessarily relatively prime' Decide whether it is true that if n is a positive integer and d is a divisor of Qh). Let p be a prime divisor of the Fermat number Fn:2v a) b) 15.29'97. . 10. if i is an inverse of r modulo m ' 1 3 . so that p must be of the form * l' : n and Let m: an . Show that if m is a positive integer and a is an integer relatively prime to z such that ord^a . where Fn : 2T * I is the nth Fermat number. Show that if dis an inverseof c modulo n. 1 4 . Show that ordra conclude that n I O@). a) b) Show that if p and q are distinct odd primes. d) 13 e) 14 f) 1 8 . 4.8. ordnD) : l. then rr is prime. Find a primitive root modulo il4 b)5 c) l0 3. conclude that 2n+r | (p-1). I (modp) 12. the base 2 if and only if ordo2 | 0-t) Use part (a) to decide which of the following integers are pseudoprimes to the base 2: 13'67.e_D/e * for all prime divisors q of P-1.tlt . Show that if r is a primitive root modulo the positive integer m. Show that r is a primitive root modulo the odd prime p if and only if .1 The Order of an Integer and Primitive Roots 237 2. 6. 7.1. Show that ordp 2 ( 2'*1. Show that if a is an integer relatively prime to the positive integer m and ord^a : s/. From part (a). where a andn are positiveintegers. g.23'89. Show that the integer 12 has no primitive roots' How many incongruent primitive roots does 13 have? Find a set of this many incongruent primitive roots modulo 13. g. 0 e < C1 1n andC. we form a s e q u e n cC t . To do this.+1 E (mod n). There is a method for deciphering messagesthat were enciphered by an RSA cipher.. Using iteration. C 3 .tion.. the primes p and q may be chosen so that this attack is almost always futile. . enciphering is known. when a and m are relatively lntegers.61n. The polynomial f (i : x2 * x * t has exactly two incongruent roots modulo T. Find the order of c modulo rn. . then pq is a pseudoprime to the base 2 if and only if MoMo: (2p-r)ei-D ir" prrriJoprime to the base 2.2. r 8. that if root of f (x) modulo m. we show that every prime has a primitive root. without knowledge of the deciphering key.il ir"o ro. Find primitive roots when they exist.il is not. Attempt to decipher RSA ciphers by iteration (see problem g).. our objective is to determine which integers have primitive roots. *ryio rr. then every integer congruent to c modulo m is root. We say that an integer root of f (x) modulo m it f(c) = 0 (mod z).238 PrimitiveRoots 1 7 . C z .3. 2 . but the deciphering key (d.namely x = 2 (mod 7) andx = 4 (mod 7). a) Show that C1 = Cd (mod n). See pioblem l3 of Section g. we first need to study porynomial congru"nces. To decipher a ciphertext block C. . . Let c is a c is a also a f (x) be a polynomial with integer coefficients. Suppose that the public key ie. .. where p is 7 the original plaintext message. It i.1e Let n:47'59 and e :17. 1 8 .1 Computer Projects Write projects to do the following: l. This method is based on iteration. Show that this indei 7' is a divisor of ord. Show that if p and q are distinct odd primes.2 PrimitiveRootsfor primes In this section and in the one following.2.) 8. 3 . Example. Moreover. s e t t i n g C r = C " ( m o d n ) . to the ciphertext 1504. find the plaintext corresponding b) c) (Note: This iterative method for attacking RSA ciphers is seldom successfulin a reasonable amount of time. In this . Show that there is an index such that C1: C and Cj_t : p. 0 1 C1 1 n.. 0 < Ci+t 1 n for j C7Y 1. so that there is (a1. . . Fermat's little theorem tells us that if p is prime. c s o t hat f k ) = 0 (mo d p ) fo r k rG) rGo) ]] i ..8. A root * e h a u ef ( .fl .'y. To prove the theorem. then the polynomial hQ) . Letk be an integer. + afi * cs be a Lagrange'sTheorem.rP-t .2.co# 0 (modp)... .cn all roots of : 0 (mod p)..| and has a leading that the polynomial g(x). Then f k) has at most n incongruent roots modulo rt : l' Proof.. "+ + xcfi-3 + c6-2') . . Assume :0 .. noi Oiuirible by p. since of the linear congruence a 1x 2 one solution. we where g(x) is a polynomial of degree n g(x) modulop.t has exactly p-l incongruent roots modulo p.:. . Hence.. Clearly... c1 is a root of g(x) modulo .".2 PrimitiveRoots for Primes 239 Example. we have : 1 < k ( r...l ( m o dP ) ..a_ii'.. c r . .q ar)y(x-cs) (xn-z * x'-3cg* * a1(x-cs) + : ( x -c s )g (x )..cz. we use mathematical induction' When o f / G ) m o d u l op r s a s o l u t i o n atx I aowithp f c1. since gk) know that Corollary 2.... Sincef G) f (c) : (ct -co)skt) = 0 (mod P) ' f Gr..l' and Now supposethat the theorem is true for polynomials of degree n by let fk) U" a polynomial of degree n with leading coefficient not divisible that ihe polynomial f G) has n f I incongruent roots modulo p ' p. which is of degree n coefficient not divisible by P. Example..iirr. : -as (mod p).1. f G) must have no more than n incongruent roots modulo p. 3 . Let f (x) : arxn + an4xn-r * with leading coefficient an potyno. P We will need the following important theorem concerning roots of polynomials modulo p where p is a prime. . 2 . The polynomial gG) : x7 * 2 has no roots modulo 5.."_.[.. .) f (rr) : 0 (mod p). has n incongruent roots modulo p' This contradicts the induction hypothesis.p): l. the theorem is true for n . . W e have n. . x n a m e l y = I . By Theorem 3'7. we From p' This shows c1.nial of degree n with integer coefficients and p. =i:l:'_-. Hence. s? r!cs .. are now show that c r. The induction argument is complete' tr We use Lagrange's theorem to prove the following result.| with leading coefficient a. this linear congruencehas exactly : l' exactly one root modulo p of f G). tr Theorem 8.d .2. we know that any root of xP-t .1"d(e-t) a rdG-D I : (xd-l)g(x) . From Fermat's little theorem. polynomial xd . * l) Then the xP-r.I modulo p.6 can be used to prove the following result which tells us how many incongruent integers have a given order modulo p.240 PrimitiveRoots Theorem 8. we see that xP-r . Let p be a prime ancl let d be a positive divisor of p-1.I has exactly d incongruent roots modulo p. together dlp-r dlp-r .I hasp-l incongruent roots modulo p. Theorem 8. Then * x. it follows that p-l : d lp-l From Theorem 6. Furthermore.| : (xd-1.p must be a root of xd poly nom ial x d . On the other hand. from Corollary 2.6. Since every root of xP-r . For each positive integer d dividing p-1.| roots modulo p. Proof. Let p be prime and let d be a divisor of p-1.I modulo p or u rooi of g(x) modulo p. Since the order modulop of an integer not divisiblebyp dividesp-1.7. Proof.I modulo p that is not a root of . with the equality This inequality.| h a s a t l e a s t Q -D d i ncongruent roots Q-d-r): modulo p.I has precisely d incongruent roots modulo p. let F@) denote the number of positive integers of order d modulo p that are less than p. Let p-l : de. Then the number of incongruent integers of order d modulo p is equat to o@). Lagr ange' st h e o re m te l l s u s th a t g (x ) h as at most dG-l ): p . Consequently.we knowthat p-l : dlp-r We will showthat F(d) < O@) when d I e-D. Lagrange's theorem tells us that it has at most d incongruent roots modulo p. xd .6. we know that the g(x) modulo .I modulo p is either a root of x7 . 3. from Theorem 8. p has 6Q-l) definition. a primitive root.7 to show that there is an integer x x2 = of order 4 modulo P. the integers there a. by incongruent integers of order p-l primitive roots.I has exactly d integers k. we know that the powers of l' There are exactly a with order d are those of the form a& with (kd): d. If F(d) :0. However. there is an integer x such that Show that if p is a prime and p -l (modp). Qd are incongruent modulo p. each of these powers of a is a root . Hence.(ad)k = | (modp) for all positive of *d -1 modulo p. L e t d l b-l).if there is one O@) such integers k with I < k < positive element of order d modulo p. (Hint: Use Theorem 8. 7 l3 t7 d) e) f) 19 29 47.8. Find the numberof primitive rootsof the followingprimes: a) b) c) 2. there must be exactly 0U) such 'd(d). we can conclude that F (d) : OU). we know that there ate |Q-l) modulo p. Since each of these is. So every root modulo p is congruent to one of these powers of a. p. since bk)d . it is clear that F(d) < O@). : I (mod 4). Furthermore.2 Problems 1.3.4.7. and consequently. is an integera of orderd modulo Sinceotdra : d. Otherwise. which tells us that there are precisely O@) incongruent integers of order d modulo p ' D The following corollary is derived immediately from Theorem 8'7' Corollary 8. From Theorem 8. Every prime has a primitive root' Proof.2 Primitive Roots for Primes 241 implies that F (d) : O@) for each positive divisor d of p-1. The smallest positive primitive root of each prime less than 1000 is given in Table 3 of the APPendix. By Theorem 8. a2t .) . FU) < Therefore. is -r Let r be a primitive root of the prime p with p = | (mod 4)' Show that also a primitive root. 8. Let p be a prime.". we know that xd incongruent roots modulo P. integerslessthan d.6. a2. Explain why the answer to part (a) does not contradict Lagrange's theorem. q'. Use Lagrange's theorem to show that if p is a prime and is a /(x) polynomial of degree n with integer coefficients and more than n roots modulo p. .D . Show that if p is prime and p :2q I l.x p . pi-D . a) b) Find the number of incongruent roots modulo 6 of the polynomialx2 . . .) Consider the incongruent 5 . Follow the procedure outlined in parts (a) and (b) to find a primitive root modulo 29. Using part (a).t + I i s d i v i s i b t e b yp .p?. then p -a2 is a primitive root modulo p. then p divides every coefficientof /(x).tt n is a pseudoprimeto that base is I (n -1.... give a proof of Wilson's theorem. Use problem 6 of section 8. il b) c) 6. ez. b) c) 8 . qt areprime.a. ( * . is a primitive root modulo p. .incongruent bases modulo n for *tti. This technique -. whereQr. a) 7 . il ! l.7 to show that there are integers d1.x2. Let the positive integer n have prime-power factorization n: pl. outlined in this problem. ..... o r d r a 2 : q | .. . . .242 PrimitiveRoots 4 . Show that for all integers x. Suppose that /(x) is a polynomial with integer coefficientsof degree n-1.. 1 0 .*h"1".f k) i-t i-_t. F for finding f (x) modulo p is called Lagrange interpolation. Let p be prime...1 to show that a : aflz-.. where q is prime and a is a positive integer with I 1 a I p-1.xn be n incongruent integers modulo p. Let the prime factorization of ee) : q\'q'.. (Hint: constant term of f (x). Find the least positive residue of the product of a set of d(p_t) primitive roots modulo a prime p. Let x1.: q : . a. o r d o a . Using part (b). Show that the number of.x. show that every coefficient of the p o l y n o m i afl ( x ) : ( x ..l ) ( x . A systematic method for constructing a primitive root modulo a prime p is : p-l be p-l Use Theorem 8. Use problem 8 to show that every odd composite integer that is not a power of 3 is a pseudoprimeto at least two basesother than i l. such that o r d r a t : q ' i . t^rold^s' is an inverse of xj-xi (mod n )..p + l ) . 9 . the congruence . .pi.. I and q:2q'* b y i t e r a t i o n ( s e e p r o b l e m 1 8 o f S e c t i o n8 . the master key.we showed that every prime has a primitive root. 2 .2.. 6 ..6. We squaresof primes. a) Use Lagrange interpolation. then either r or .. Show that the master key K shadows. begin by considering Theorem 8.n d 7 . to show that the master key K can be determined from any r shadows. If p is an odd prime with primitive root r. Implement the threshold schemegiven in problem 12.. 4 . ( p. i. s where xt.8 ... b) c) 4x3+xz+ Let fG): t:4..andf G) = 4 (mod l1). 8. f Q). In this problem. o ( k. p:47. ki = f(x. Let p be a prime. such that p > K and p ) s. f 13. Show that an RSA cipher with enciphering modulus n: pq is resistant to attack l. d) key from the four shadows 0). we will find all positive integers having primitive roots. The s shadows krkz.) for.2 Computer Projects Write programs to do the following: 1.. with the condition that K. are computed by finding the least positiveresidueof f G) modulo p for i :1.3 The Existenceof Primitive Roots In the previous section. In this section. f Q).e. Show how to find the and / (4) . we develop a threshold scheme for protection of master keys in a computer system. described in problem I l. different than the scheme discussed in Section 7.. Let K:33. 1 ) i f p : 2 p ' + where p' and q' are primes.xz. Find the seven shadows correspondingto the values of /(x) at a 1 . 8. . Find a primitive root of a prime using problem 7. d e g r e e3 w i t h f 0 ) 12. First. Let f (x) be a randomly chosen polynomial of degree r-1. and s:7.8..3 Th e E x is t enc e o f P ri mi ti v e R o o ts 243 b) Find the least positive residue of /(5) modulo 1l if /(x) is a polynomial of -S.f Q) = 2. 3lx + 33. 2. we a will show that every power of an odd prime possesses primitive root.xr are randomly chosenintegers incongruent modulo p. k.. 3 .. 5 . is the constant term of the polynomial.. cannot be determined from less than r (modp). prp-z (modp2). Let s : r+p.1) rP-t=1(modp2)..l tells us that nlOQ2):p(p-t). From this last congruence.I)rr_rp. Proof. either n : p-l o r n : p ( p . since a congruencemodulo p'obviously holds modulo p. This last congruence implies that rp-2 = 0 (mod p). then prp-z = 0 (modp2).t). sinces E r (mod p). r p.r * p-1. so that we (s. we know that ordrr:0Q):p-1. Otherwise. Then.70-2: l . it follows that p-l: ordrrl n. we seethat sP-r = I + (p-l)p.r : ( r t p) o -r : 7 p -t + Q _ D ro -rp z * 1p.so that r'= I (modp2). On the other hand. wa have rn = I (modp). haven : p-1. Hence. since ordrrr : Q(pz).1. The binomial theorem tells us that . Since n I p(p-t) and p-l I n. then r is a primitive root modulop2. which is impossible. ordo"r equals either p-l or p (p-l).rP-2 (mod p2). Since r is a primitive root modulo p. s is also a primitive root modulo p. Let n : ordozr. If n : p (p-l). To see this. using (S.244 PrimitiveRoots r * p is a primitive root modulo p2. From Theorem 8.we can conclude that sp-t# l (modp2). since .l ) . Hence. + v 4 -t + (p -D p . we will show that ordo. Corollary g. note that if 5P-l : l^(mod p2). so that (8. p (p -l) : Example. Let p be an odd prim e. ordrus : r*p is a primitive root of p' ' a s Consequently. l0 is not a primitive root modulo 4872. we hav e 10486: 1 (mod 4872).8.36 + I (mod 49) ' We note that it is extremelyrare for the congruence rP-t = I (modp2) it to hold when r is a primitive root modulo the prime p. Hence. The smallestprime p for which there is a primitive root that is not also a primitive root modulo p2 is p : 497. can for all positive integersk. From the proof of :49' si nce Th e o rem8.3 Th e E x is t enc e o f Pri m i ti v e R o o ts 245 : p tr .9. Let n : ord6r.8. Consequently. then pk has a primitive root for all positive integers ft . Hence. (remember r is a primitive root of p). (8. we know that p has a primitive root r that is also a primitive root modulo P2. From Theorem 8. Using mathematicalinduction.2) rp-t # 1 (modp2).3) yn'-'$-t) 1 I (m o d p ft) we this congruence. Proof.8 .8. We now turn our attention to arbitrary powersof primes. Theorem 8. if r is a primitive root modulo p2. Moreover. From Theorem 6. 8. O $\. then r is a primitive root modulo po. is prime p is not also a primitive very seldom that a primitive root r modulo the root modulo p'. s inc e O*-r(p-l). Once we have established show that r is also a primitive root modulo pk by the following reasoning.but by Theorem 8. for all positiveintegersk. For the primitive root l0 mo d u l o 487. The prime p :7 has r : 3 as a primitive root. we s eet h a t r : 3 i s a l s o a p ri mi ti v e ro ot modul op2 rP-t . On the other . we know that 497: 10 + 487 is a primitive root modulo 4872.we will prove that for this primitive root r. we know that n I OQ\: h a n d . whic h would c o n tra d i c t (8 .to obtain.Then 7 n t-t(t_ t) l (mo dpk).r is also a prirnitive root modulo pk. wherep trd. w e s e e th a t p -l : 6 e ) r. from Euler's theorem. # completesthe proof by induction. tr Example. * (|)o'Urk-t)2 + | * dpk (modpo*'). consequently. via the binomial theorem. Let us assumethe assertionis true for the positive integerk>2. and | n. we know that (r.246 PrimitiveRoots 7n we also know that I (modpk). sinceby hypothesisyP'-'(P-t)* t (moApk). we know that n:'p'(p-l).3) using mathematical induction. ordotr : pk-t b-D Consequently. w h ' e r e i s a n i n t e g e rs u c h t h a t l 0 ( r ( k-t. W e take the pth powerof both sides the aboveequation.. we can conclude that . All that remains is to prove (8. * (dpk-t1n Sincep I d.1 . From a previous example. # since G.2).P^-'(P-r) I (mod po*t). The case of k:2 follows from (8. then : : 7p'-2(p-t) (7p'@-t)1r'-rn l (mod pk). B ecausee-D l n I o*-rQ-I). we know that r : 3 is a primitive root . : oeo).we know that vPL-2(o-D : . rn = I (modp). of yP'-'(P-l) - 0 + dp*-t1o | + p@pt-r. H e n c e . Fr om T heor em 8 .pk-t) : 1.3 ).Q(Pk-tt Therefore. If n: p'(p-l) with/ < k-2.there an integer d such that y o ' -' Q -t): I * d p k-t.p) : l. other than 2 and 4. which completes the induction argument. For higher powers of 2. This yields e2'-'= 1 (modzk+r). Theorem 8. Then there is an integer d such that e2'-': l+d'zk. If a is an odd integer. We first note that both 2 and 22: 4 have primitive roots. and if k is an integer. has a primitive root. let us assumethat a2'-' = I (mod 2k) . It is now time to discusswhether there are primitive roots modulo powers of Z. respectively. then We prove this result using mathematical induction. . ord2ta # OQk) .8. Hence. 1 (mo d 2 k). k ) : a O QL )/2 e 2 ' -' : proof. narnely 1 and 3. If a is an odd integer. Now to complete the induction argument. where b is an integer.there are no primitive roots modulo these powers of 2. namely OQ\ I 2.10. Squaring both sides of the above equality. since when a is an odd integer. the situation is different.3 The Existenceof PrimitiveRoots 247 : 3 is also a primitive modulo 7 and 72. Theorem 8. there always is an element of largest possible order. of This is the congruence interestwhen k :3. since a6Q')lz : 1 (mod 2k) .9 tells us that r root modulo 7k for all positive integers k.10 tells us that no power of 2. Even though there are no primitive roots modulo 2k for k > 3. Hence. we see that 8 | 4b (b + l). then a : 2b t 1. we obtain e 2 ' -' : | + d 2 k + r q 4 2 2 zk. as the following theorem shows. so that a2 :.I (mod 8). 3. n Theorem 8. a 2 : ( 2 b + 1 ) 2: 4 b 2+ 4 b * I : 4 b$ + 1 ) + 1 . as the following theorem shows. Since either b or b * 1 is even.

e. we determine which integers not powers of primes.= 0 + 2k-r)2 : | + 2k + 22k-2 : I + 2t (mod Zk+\ . i. Proof. for k 2 3. Let k 7 3be an integer. both sides.10 tells us that 52'-' = I (mod 2k). From Theorem 8. To show that ordr.11. 5: O ( Z k ) D : 2 k . Now assumethat 52'-': l+zk-I (mod2ft).5 | 2l"-t . we see that ordr.5. we will prove by mathematical induction that fork)3. Theorem 8.S I Z*-2.2k-2.-. we can conclude that ord2. we have I (mod 2k). those integers divisible by two or more primes.-'= | + 2k_t * For k : 3.2 . while the only powers of 2 having primitive roots are 2 and 4. 5:l+4(mod8). Then o r d 2 . Therefore. We will demonstrate that the only positive integers not powers of primes possessingprimitive roots are twice . 52. This means that thereis a positive integerd suchthat + S2'-'_(1 2k-r)+dZk. find that we Squaring : 52'-' (l + 2k-t)2 + 20 + zk-t)dZk + (dzk)z so that 52. Next.1. if we show that ordr. have primitive roots.S tr 2k-3.248 PrimitiveRoots Theorem 8. This completesthe induction argument and showsthat ordr'5 : O(2k)/2' tr primitive We have now demonstratedthat all powers of odd primes possess roots.

oQ\') Since the product of a set of integers is less than or equal to their least common multiple only if the integers are pairwise relatively prime (and then the less than or equal to relation is really just an equality)..l' This formulafor d(n ) and the inequality $fu) < U imply that ob'il\.8. seethat ordrr:6Q)<U.. This means that (r. Proof.. Let us assume that the integer n has a primitive root r..) must be pairwise relatively prime' . we know that ro@') : I (mod P) ...oQ'. w e know that (r.p'. From this last congruence..m ..12.. Theorem 8.)..): 6(p't')o7'il ob'.)'. If r is a positive integer that is not a prime power or twice a prime power. OQ'il.)... aQ'il. o.. We first narrow down the set of positive integers we need consider with the following result..3 The Existenceof PrimitiveRoots 249 powers of odd primes. i-e.p'i.-p\.0(p'..4. By Euler's theorem.p' ) : l ..'il''' oa'il ( td(p'r'). the integers Q(p'r').n ) : l . Now let U be the least common multiple of Q(p'r). have From Theorem Qh) : oi\'p?''' p'. we 6. Let n be a positive integer with prime-power factorization . u : [oQ\').. SinceObh I U. 2 . then n does not have a primitive root. Si n c e (r.. wheneverpt is one of the prime powers occurring in the factorization of r.-.l') we for i : l.. we know that ru = t (modP. since@is multiplicative.. OQ'.n ) : I and or dn r :6 h ).0b'il1.0$'.

). (r + ot1oQfl: I (mod 2p'). Proof. then rob') = I (modp.13.. Oe'il.2.the numbers e(p'r'). Thus. we see that G * pt )QQP') Hence.. while if r is even.. we see that rQQp'.o(zp')= I (mod 2). rt Example. then 2pt possesses primitive root.6(2n') 1 (mod p') . I (mod 2) I (mod p' ) Therefore. where p is an odd prime and / is a positive integer..Oe. then . In fact. we conclude that r is a primitive root modulo 2pt .\ are not p air wis er elat iv e l yp ri m e u n l e s sm: I a n d n i s a pri mspow er o.or if if p : 2 and t > Z. From Theorem -6. if r is a primitive root modulopt. then r * p ' (r + P'10{zP') Since r * p' = r (mod p'). and as no smaller power of r *pr is congruent to 1 modulo 2pt .250 Primitive Roots We notethat e(pt) : rt-r(p-l). we note that O(zp') : 0Q) 66t7 : e(p. we conclude that r * p' is a primitive root modulo 2p'. r * pt is a primitive root modulo 2pt. Theorem 8. where p is an odd prime and r is a positive integer. We now show that all such integers have primitive roots. * :2 and the factorization of n is n : 2p'. Hence..).) is even p is odd. rf p is an odd prime and r is a positive integer. by corollary 3. Earlier this section we showed that 3 a primitive root modulo .. if r is even.4. On the other hand.). so that ee.: I (mod 2p. If r is odd. since no smaller power of r is congruent to I modulo 2pt . so that . a then if r is odd it is also a primitive root modulo 2pt. tr We have now limited considerationto integers of the form n : 2p. and no positive exponent smaller than 6(pt) has this property. If r is a primitive root modulo pt .

Hence. then the only solutions of the congruence x2 = I (mod m) are x E t I (mod z).3 The Existenceof PrimitiveRoots 251 7t for all positive integers /.8.10. 4.13. 5. 6. Show that if rn has a primitive root.14.3 and Theorems8. Find all the primitive roots modulo 22. for all positive integers k. since 3 is odd. 2.5t for all positive integers f. Show that there are the same number of primitive roots modulo 2pt as there are of p' . lf B2 c) d) r72 D2. For instance. 3 is a primitive root modulo 14. Find a primitive root.9. Theorem 8. Hence. Which of the integers 4.13 tells us that 2 primitive root modulo 2. Find a primitive root modulo a)6c)26 18 b) e) 338. where p is an odd prime and r is a positive integer. a Theorem 8. Theorem 8.3 Problems l. since 2 + 5t is odd.2T is a primitive root modulo 50. positive Similarly.16. . where p is an odd prime and / is a positive integer. we can now describe which positive integers have a primitive root.12. 8. we know that 2 is a primitive root modulo 5' for all * 5t is a integers/.22and 28 have a primitive root? Find a primitive root modulo a) b) 3. The positive integer n possesses primitive root if and only if fr :2. or 2pt. 7.8.4. modulo a) b) 3k lle c) d) l3k nk. p'. 8. Combining Corollary 8. For instance.13 tells us that 3 is also a primitive root modulo 2'7t for all positive integers /.

If a is a positive i n t eger wit h ( a. 12.) Show that although there are no primitive roots modulo 2& where k is an integer. 9. m): l . every odd integer is congruent to exactly one of the integers (-1)"50. we have a . 2. then there is a unique integer x with 1(x46@)suchthat r' a (modm). k > 3. 8.3. (When n is prime.14). From the definition. From Theorem 8. then ind. Let n be a positive integer possessinga primitive root.252 PrimitiveRoots 8.. Let m be a positive integer with primitive root r. we know that if a and b are integers relatively prime lo m and a = b (mod m). From this fact. this result is Wilson's Theorem. Definition. Find primitive roots modulo powers of odd primes. Find primitive roots modulo twice powers of odd primes. 13 form a reduced system of residuesmodulo nr.a : indrb.4 Index Arithmetic In this section we demonstrate how primitive roots may be used to do modular arithmetic. Let r be a primitive root modulo the positive integer m (so that m is of the form describedin Theorem 8. we see that if a is an integer relatively prime to m. Let m : 7. we know that the integers r. We have seen that 3 is a primitive root modulo 7 and . 8. where we do not indicate the modulus m in the notation. If x is' the index of a to the base r modulo m. since it is assumed"to be fixed. Using this primitive root. With this definition. rhen we write x : indra.ind'a (mod m ). th e n th e u n i q u e i n t eger x w i th I (x(d(z) and r* = a (mod m) is called the index of a to the base r modulo m. prove that the product of all positive integers less than n and relatively prime to n is congruent to -l modulo n.3 Computer Projects Write computer programs to do the following: l. Example. where a:0 or I and B is an integer satisfying0 < B ( 2ft-2-1. This leads to the following definition.

a * ind. no smaller positive power of r is congruentto 1 modulo rn. . we obtain a different set of indices.b (mod O@)) -la.8 . inds6 : 3. i n d s 3: 5.ak Proof of G). 35= 5 Hence.ind'Qil : ab (mod .55 l. ind. ind. i n d l 3 : 1. indices. i n d t2 : 2 . To prove this congruence..ind.D (mod rn ). i n d 3 4: 4 . 3 4 = 4 that ( m od 5) . 3 2 = 2 ( m o d 7 ) . Proof of (ii). i n d r6 : 3. Using Theorem 8.a * ind. we have congruences mo d ulo6@) . For instance. i n d 5 l : 6 .(a b ) : i n d .l : 6(m) = O (mod Qfu)) .ind.4 l n dex A r it hm eti c 253 (mod7). We now develop some properties of indices. ind.Gb) = ind.ind. l = 0 (mo d Q fu )).. Hence.b = Ab (mOd . but instead of equalities. we know that .a*ind. With a different primitive root modulo 7. modulo 7 we have i n d 3 l : 6 . i n d r5 : 5 .. 3 3= 6 ( m o d 7 ) .6(m): I (mod z). From Euler's theorem. ). and 3 6 = I (mo d 7 ). .a * i n d .ind.b (m o d 6@ )). Then ( i) (ii) (iii) ind.b. Theorem 8.o .a (mod 6h)) if k is a positive integer. Since r is a primitive root modulo m. Let m be a positive integer with primitive root r. i n d s 2: 4 . we concludethat in d . ind. and let a and b be integersrelativelyprime to m. note that from the definition of . ) and .15. Hence. 3 r = 3 ( m o d 7 ) .Gb) = 7ind. ind. These properties are somewhat similar to those of logarithms.calculationsshow that with respectto the primitive root 5.2. : ind54 : 2.

1. Note that direct computation gives the same result. From part (iii) of Theorem 8. To prove the congruence of interest. ind52: 4 and i n d 5 3 : 5 . we obtain a congruence modulo d(t7) : 16. we have -: . by definition.we see that modulo 7.i n d s 2 . Indices are helpful in the solution of certain types of congruences. We will use indices to solve the congruence 6xr2 : I 1 (mod 17). first note that. a ind3a I 2 3 4 5 6 7 ll 8 9 16 14 I r2 5 l 5 l0 2 10 1l 3 7 t2 l3 13 l4 4 9 t5 6 16 8 Table8.a (mod 6fuD. .aL = rk' ind'o (mod rn ). this leads us immediately to the congruence we want. Consider the following examples. 1 5 t e l l su s t h a t i n d 5 6.ind'. Indices the Base3 Modulo 17. Using Theorem 8.i n d s4 : 2. p a r t ( i i ) o f T h e o r e m8 . Note that this agreeswith the value previously found for ind56. a Example.254 PrimitiveRoots Proof of Gii).ind.k'ind'a = (rind'o)P : ak (mod rn).ak ft. to Taking the index of each side of the congruenceto the base 3 modulo 17.1.5 : 20 = 2 (mod 6). since i n d 5 3 a i n d s Sl . Hence. namely ind. ind. We find that 3 is a primitive root of 17 (since 38 = -l (mod l7)). The indicesof integersto the base 3 modulo l7 are given in Table 8.ar ak (mod m ) and . we seethat ind53a= 4'inds3 = 4. S i n c eA Q ) : 6 . From the previous examples. 3 : i n d s 2t i n d 5 3: 4 t 5:9 = 3 ( m o d6 ) . namely . Example.2.15.

Using (ii) and (iii) of Theorem 8.i n d 3 6* i n d 3 (x 1 2 ) 1 5 + 1 2 ' i nd3x Hence.310 17)' modulo holds congruence t 2 ( m o d l 7 ) . 1 0 .36 : 15. w e c o n c l u d eh a t 8.9.15. .we find that 3 x 2 3 2 .1. t oo r 3 l a ( m o d 1 7 ) . (mod 16). Using Corollary 3. We wish to find all solutionsof the congruence7'= 6 both sides of this When we take indices to the base 3 modulo 17 of congruence. 15+12'ind3x=7(mod16) or 12'ind3x=8(mod16). there are four incongruent solutions of the original congruencemodulo l7' (mod 17). (mod 16). 1 5 . and 314: x 3 9 . consequently. we obtain :.8.15. Hence. ind3x : 2 . 3 6 .we find that i n d 3 (7 ' ) : i n d 3 6: 1 5 (m o d 16). 8 . o r 2 ( m o d1 7 ) . upon division by 4 we find that ind3x : 2 (mod 4).4 Index Arithmetic 255 in d 3 (6 x r2 )= i n d 3 l| :' l (m o d 16). ind3( 6x r 2). Since each step in the computations is reversible. we obtain i n d 3 ( 7 ' ) : x ' i n d 3 7: l l x Hence. (note this that 32:. Example. Since From part (iii) of Theorem 8. from the definition of indices.o r 1 4 ( m o d 1 6 ) . 6 .

m) has a solution. we multiply both sides of the linear congruence aboveby 3. Let r be a primitive root modulo the positive integer 17. If k is a positive integer a1d o is an integer relatively prime to m.1 ) Now let d: k ' i n d . we present a definition. in are Therefore. Furthermore. Definition' lf m and k are positive integers and a is an integer relatively prime to ffi.1545 : 1 3 ( mod 16). to find that : x = 3. Proof. First.m) : l. (mod z ). then . Since 3 is an inverseof I I modulo 16.x ( k . All steps this computation reversible. We note that the congruence xk (mod z) holds if and only ( 8 . s o that x . the solutionsof 7* = 6 (mod 1 7 ) are given by x = t3 (mod 16).we say that a is a kth power residue if * if the congruence = a (mod. From a n d y : i n d . if there are solutions of xk : a (mod m)' then there are exactly d incongruentsolutionsmodulo rn.256 PrimitiveRoots llx : 15 (mod16).6(m)).16.x .a (m o d 6@ )). then the congruence xk = a (mod m) has a solutioriif and only-ii oQh)ld=l(modln) where d : (k. Next. we discusscongruencesof the form xk = a (mod m). where m is a positive integer with a primitive root and (a. xk When z is an integer possessing primitive root. the following a theorem gives a useful criterion for an integer a relatively prime to m to be a kth power residue of m. Theorem 8.e (m)) i n d . Let m be a positive integer with a primitive root.

and hence.exactly d integersx incongruentmodulo z such rhat (8.2 ) k y : i n d " o (m o d Q fu )) (8 has no solutions. To determine whether 5 is a sixth power residue of 17. (m o d l 7). We illustrate this observation Example.2) holds. with an example.8. 5 is not a sixth power residueof 17.8. tr We note that Theorem 8.8 .8.a = o (mod Q(m)). 1 n -1 .l) / 4 b a s e s w i th I < .p-l). We need the following lemma in the proof of Theorem 5.1:6 ) 5 8 = -l Hence. we determine that 5 t6 /(6 .1) holds.16 tells us that if p is a prime. and a is an integer relatively prime to p. and this congruenceholds if and only if ooh)/d:1(modrz). If d lind'a.e. then there are exactly d integersy incongruentmodulo d(z) such that (8. If n is an odd compositepositive integer. We now present the proof of Theorem 5. the theorem is true. then the linear congruence (8 .4 In d ex A r it hm et ic 257 Theorem 3. we note that it d tr indra. k is a positive integer. Theorem 5. i. there are no integers x satisfying l).a if and only if @@)/ilind. and hence.?. then a is a kth power residue of p if and only if oQ-D/d: 1 (modp). We state this theorem again for convenience. A table of indices with respectto the least primitive root modulo each prime lessthan 100 is given in Table 4 of the Appendix. whether the congruence x 6 = 5 (mo d 1 7 ) has a solution. . where d : (k. Since d I ind. then r passesMiller's b te st for at m os t f u.

For n to be a strongpseudoprime the baseD. Let the prime-power factorizationof n be n : pi.r. we seethat . Chinese of the remainder theorem tells us that thereare exactlvfI h-\. with exponente* 2 2. Consequently. From Lemma 8. j-r incongruent To prove the theorem.2.1. . By taking indiceswith respectto r. is an odd positive t integer. p'/Qi-l)) : h-l. we first consider the case where the prime-power flactorizationof n contains a prime power p[.g. we see that there are exactli e. .. p Proof' Let r be a primitive root of p' . Then the number of incongruent solutions of the congruence xe-t = I (mod r) is (q..p1-l) solutionsof x'-l = I (mod n ). wheres is a positiveinteger and. bn-t= I (modn). we know that there are (n-r. j :1..j.pi.D where y : ind'x . Since bo-D /pt : t/p't-t .pr-re-D.l. using Theorem3.6Q")) : (q.. p'. either to bt : I (mod n ) b2tt : f o r s o m e i n t e g e r T w i t h 0( 7 -1 (mod n) Ineithercase.) if and only if qy = 0 (mod 6e. Let p be an odd prime and let e and q be positive integers. Let n-l : 2't.t/p't < z/g (the largest possible value occurswhen pj :3 and ei :2).1. . there are Q.wehave ( s ..6er)) incongruentsolutionsof gy :0 (mod|e"D.258 PrimitiveRoots Lemma 8. consequently.pi-l) incongruent solutions xn-r: I (modp7) . tr of We now proceed with a proof of Theorem5. Proof.p'-tb-l)) incongruent solutions xe = 1 {-oAp').. we see that x4: I (modp.

: (t. I < 6 ( n . is a strong pseudoprimeto the base b.t) j -r .. incongruent solutions of solutions of xt : I (mod n). lt* > 2t'l.-' I I Z"'-t I I integers b with 1< D ( n-1. we seethat j:r u (n-l . "+" Since ?"*f 0n-l) for n > 9 . i T h e o t h e r c a s et o c o n s i d e r s w h e n n : distinct odd primes.1 ( m od n) w h e n 0 ( 7 ( s 1 -1 .. th e re a r e TrTz" ' 7.pi-l) : 2*ink') (t.t.. ) w h e n O ( f ( s i -I.l ( m odp. for which n w h e r eP t . .. p t . for which n is a strong pseudoprimeto the Uasetr. is an odd positive integer..p. is a positive integer and /. l.p. .pj-r) fI Q. where s. T h e re fo re. .r. i : 1 . TrTz"' T. ' We note that (if so primespr. incongruent solutions of problem 15 at the end of this section. and 2i' TrTz"'7.2 ..p2.4 Index Arithmetic 259 < fIl tu-r..: li-l r ll** l+. there area total of x/. = . (We have used Theorem l... Pa r e r PPz"'P.t..).8.lt + . Let integersb. a n d n o sol uti ons i ncongruent u si n g t he Chines e r e ma i n d e r th e o re m . P z .r-oJtL) [ . necessary) thatsr ( sz ( h-l.l to evaluatethe sum in the last formula. From The number of incongruentsolutionsof x' = I (mod pi) is T there are 2il. We reorder the ( s..r) (r -r)14. otherw i se.TrTz"' T. H ence. .).. * y''= .) Now note that .-l) ( r there are at most Q-Dla Consequently.| : 2 t' tr.

: . ?)/2'. 2"r-l 2"r(2. p r l ) : 2 ' T r and(n-l. ^ f.* ( lf. | ( s.*'.260 PrimitiveRoots 6h) : (pr-l) (pz-l) We will showthat (pr-l) : tiz tr1t'*s'* "' *s. I -L."-" *+ W h e n s r : J 2 .-'.t ) . tr.. with and pz-l:2trtz. . since 3. ( r1r.we concludethat (s. +]/lz". we can which provesthe desired result. w e h a v e( n . Let us assume that pr ) pz. for if Tr: tr. .l . Note that T1 * t1.*ro] | 2 ' .-l I- :l++-l 2"t 2rtr(2... then .-t lrr'.'-tf.-.z'.-t ) *.ro. -l) | 2'-l -.3) Since sr ( sz ( *r.r) is valid when r ( When r:2.r. 7. .) [t [' I ( ''" :[+.*'.r. l | ' J'' -I 2". " rrrz' r.*'' < r/4.l < 2r-r 2'.-2 2"'(2'-l) From this inequality.[. * Uf. rt'. #).r'. 2' 2. achieveour goal by showing that (8. I r ^ ) . [.*'.f) is againvalid.pz-l):2tTz. w e h a v en : p p 2 w i t h p r | : 2 t r t 1 rr ( sz.*l'-t ) z'. we seethat ' as. then (S... If s1 ( s2.* ''. -l) 2. Because TrTz.

Write out a table of indices modulo 23 with respectto the primitive root 5. wher e Q r. S i n c e T1# t' 1 . a c o n tra d i c ti o n . 8. a n d pz: I t 2q3. : Show that if p is an odd prime and r is a primitive root of p. S i m i l a r l v .l ) . 7 ^ 22's". 2. then ind. is close to ll4 only for integers n with prime factorizations of t h e f o r m n : p r p 2 w i t hP r : | + 2 q 1a n d P z : I t 4 q 2 . 1 < b ( n-1.-r) /4. o r n : q f l z Q t w i t h P r : | + 2 q r .a n dq 3 a re d i s ti n c to d d pri mes (seeprobl em 16). Find all the solutions of the congruences a) 3xs = I (mod 23) 3. Find all the solutionsof x' : x (mod 23). for this final case' since theorem oh) /6 ( (n -r) /6 < (/.(p-|) (p-r) /2. w eh a v e s T r T z4 t 1 2 / 3 . . 5.2 r. . : t. we can see that the probability that n is a strong pseudoprimeto the randomly chosenbase D. 7. I . Hence. using indices to the base 2 modulo 13. so that 7"2( t2l3 . w h e r e{ 1 a n d Q 2 a r e o d d p r i m e s . a n d i n c el r * l/r"'* t 3) .P 2 : | * 2 q 2 . For which positive integers a is the congruence axa = For which positive integers 6 is the congruence 8x7 : Find the solutionsof 2x = x (mod 13).4 Index Arithmetic 261 ( p t . which impliesthat P2 ) Pr. Find all the solutionsof the congruences il 3' :. b) 3xta = 2 (mod 23). 8. tr By analyzing the inequalities in the proof of Theorem 5. l : | < r t222"16 6h)16. TtTzlr+ f lr) which proves the | -.8.2 (mod 23) b) 13" = 5 (mod 23)' 2 (mod 13) solvable? b (mod 29) solvable? 4. l f t 1 pz then T2 # tr.8.4 Problems l.l ) I ( n . we know that T r ( t r / 3 . 6. s ot h a t p n : prpzZ pz= 1 (mod r-l).e z .

(ppz.. Find the index systemsof 17 and 4l (mod lZ0) (in your computations.. If ls 2 3. a (mod 2t). Develop rules for the index systems modulo 2& of products and powers analogousto the rules for indices.r^ be primitive roots of pti. . p)a+l . . 1i ^ )t o f Z 3.. Develop rules for the index systems modulo n of products and powers analogousto those for indices. . (mod p'il. p ) 3. Define the index system of a modulo 2k to be equal to the pair (a. . then every integer has a unique index system modulo n. then every odd integer a is a kth power residue of 2" . or cubic . .p) be the index system 7e of c modulo 2k.. a (mod ptl).1m:ind. Use the index system modulo 32 to find all solutions of j xs = I I (mod 32) and 3' = 17 (mod 32). y ) i f t o ( 2 a n d ( a .. _l(modp) has a 1 0 . .let (a... 7 2 . a) b) c) Show that if n is a positive integer. . and let 71 : ind". a) b) Find the index systemsof 7 and 9 modulo 16.) ll.262 Primitive Roots 9. then there are unique integers a and B with a : 0 or I and 0 < B ( Z*-i-t such that a = (-l)" 5p (mod 2ft).. Let n : 2"p\'pj ' ' ' ph be the prime-power factorization of n.p'i. while if p : I (mod 3). c) 12. rc /o ( 2. Let e be a positive integer with e 7 2. p'. modulo 60 to find the solutions of d) Let p be a prime. necessarilyof the form 8k+l ... Show that if p =2 (mod 3) then every integer not divisible by 3 is a third-power.B). let rs be a primitive root of 2t..r2. Let a be an integer relatively prime to n. Let . Show that the congruence x4 = solution if and only if p is of the form gfr + l. Let p be an odd prime. From problem 9 of Section 8.3... Define the index system of a modulo n to be ( 1 o ..pn. 7 t .. e Show that Q must lave an odd prime factor different than j1p2.. Use an index system I lx7 : 43 (mod 60).2')). use 2 as a primitive root of the prime factor 5 of 120). . Let r1.a : ind.pn are the only primes of this form. 72 : ind".. so that a = (-l)'5P (mod 2t). and by problem 9. .. then an integer a isa /<th power residue of 2" if and only if a ? | (mod (4k . respectively. il b) Show that if ft is a positive integer. .. a (mod p'1).and let .... (Hint: Assume that p6p2. . ^ 1 2 . we know that if a is a positive integer. 1 r . residue of p. 8 .. Show that if /c is even. an integer a isa cubic residueof p if and only i1 o@-t)/3: I (modp). Prove that there are infinitely many primes of the form 8ft*1.

pt : | * 2q3with q r.Qt Find the probability that n : 49939'99877 is a strong pseudoprime to the .u) incongruent solutions of xN odd. m ) 0.andm root. and no solutionsotherwise' 1 6 .2ju be a positive integer with 7 a nonnegative integer and a an odd where s and t are positive integers with I positive integer and let p-l:2"/. where k is a positive integer. 3. (mod nr) where Using indices.c. 5.Tz. If n is a positive integer and if an integer x exists such that xn-t = I (mod n) and .2"-2) (Hint: Use problem I 1. 4. Theorem 8.b. solve congruences of the form axb = c are integers with c ) 0. distinct odd primes.5 PrimalityTests Using PrimitiveRoots 263 c) kth Show that if /< is a positive integer. Let N . a) b Show that the probability that n is a strong pseudoprime for a base near (n-l)/4 only when n has a randomly chosen with I < 6 < n-l is prime factorization of the form n : ptPz where Pr: | * Zqr and pz: | * 4qz with q1 and q. prime or n: PPtPt where Pt: | * Zqr. and where z has a primitive a. Z. then the number of incongruent power residues of 2" is 2"-r b.l' base b randomly chosen with 1 < b < n b) 8.5 Primality TestsUsing PrimitiveRoots From the conceptsof orders of integers and primitive roots. Construct a table of indices modulo a particular primitive root of an integer.) ' 1 5 . .2) h. Find kth power residues of a positive integer m having a primitive root.4 Computer Projects Write programs to do the following: l. we can produce useful primality tests.-l (modp) if Show that there aie 2j (t. The following theorem presentssuch a test.l ( s-1. Find index systemsmodulo powers of 2 (see problem l1)' Find index systemsmodulo arbitrary positive integers (see problem l2).8. pz: | * 2qz. 8.f 7. 0 ( .

Since ordrx | (n -t).r. The pri me di vi sors o f 1008 ar e 2 . Since xn-r: I (mod n).ordrx and since ordrx lnl.264 PrimitiveRoots *G-t)/a#l(modn) for all prime divisors q of n . since ordnx ( O(n) and 6h) ( n _ l.17 with an example. D of E x am ple. Theorem g. T h e o d d p ri m e d i vi sorsof n-l :2002 are 7.l l . : 1 1 1 0 0 8 / 3 1 1 3 3 = 3 : 4 ( m o d 1 0 0 9 ) . then n is prime. However. Let n :1 0 0 9 . we see that --l (modru) x r-r : 1 * b -D /2 1 2= (-l )2 = | (mod n). tr Note that Theorem 8. then n is prime. The following corollary of Theorem 8. by Theorem 8. a n d 7 .17 gives a slightly more efficient primality test. we will show that ordrx : n . there is an integer k with n . Let n :2 0 0 3 .x # n .weknowthatk > l. Corollary 8. Now.3 .l. Ex am ple. T h e n l l r0 0 8 : I (mod 1009).l. Letq beaprimedivisorof .17 are met.h_r)/c*l(modn) for all odd prime divisors q of n . then n must be prime.. If n is an odd positive integer and if x is a positive integer such that *h-D/2 and . 6 4 Hence.17 we know that 1009 is prime.-i (mod 1009).we know that n must be prime.2.r: (xord. Then k *h-r)h : *klqord. Since the hypotheses Theorem 8. Suppose that ord.| : k. .xS&/d= I (mod n).4.l tells us that ord.x | (n -l). we know that n is prime. a n d 1 1 l 0 0 t f: 1 1 1 4 _ 9 3 4 ( m o d l 0 0 g ) . w e s e e th a t rl t008/2:11504. Since *b-r)/2: . Recalling Theorem 6.I (mod n).17 is equivalent to the fact that if there is an integer with order modulo n equal to n-\ . Proof. so we must have ordnx : n . this contradicts the hypothesesof the theorem.l. it follows that Qh) : n .l. We illustrate the use of Theorem 8. Proof.1.

4 that 2003 is prime. Indeed.17 or . tr We can use Theorem 8. . where f h) is the total number of multiplications and modular exponentiationsneeded to verify that the integer n is prime. bit Proof. It is of interest to ask how quickly a computer can verify primality or compositeness.17 to estimatethe number of bit operationsneeded to prove primality when the appropriate information is known. | < b 1 n. with f ( q ) ( 3 ( l o eq l t o s D.tr. If n is composite.5 Primality Tests Using Primitive Roots 265 u:874 1 : S inc e 5 2 0 0 2 /25 1 0 0 = -1 (m o d 2 0 03). Theorem 8.19. with such information these tests can be useful.4. we note that / (2) : q < n . Theorem 8.b and verify that n : ab. Proof.| are the primality tests given by these results practical. we seefrom Corollary 8. = . this can be proven using O((logzn)a) bit operations. in Chapter 9 we give a primality test for these numbers based on the ideas of this section. given the two integers a and b. To determine whether an integer n is prime using either Theorem 8.8.5T : 5154 . lz ooz . and n . that We demonstrate f b) ( 3 (lognltosD 2. finding the prime factorization of an consuming process. This takes O (logzn)2) bit operations and proves that n is comPosite.ab.18. there are integers a and b with | 1 a 1 fi. First.8 8 6 (m o d 2 0 0 3 ). The induction hypothesis is an estimate for f h).5 1 8 3 : 633 (mod 2003). this can be proved with O(logzilz) operations.l' As we to Corollary 8. 52oo2/13 and (mo d 2 003) . 52002/t an d 13. We assume that for all primes Q.2 holds. If n is composite. If n is prime. Only when we have some a priori information about the factorization of n . we multiply a and. it is necessary know the prime factorizationof n integer is a timehave remarked before. Such a situation occurs with the Fermat numbers. Hence. We use the secondprinciple of mathematical induction.We answer these questionsas follows. t he inequalit y l.

.. fh):t*(r+t)+ifQ..q) . t * 1 modular exponentlatrons to check (iii) and (iv). we need to do I multiplications to check (i). t.. t-' ((l togq. t.266 PrimitiveRoots To prove that n is prime..2. Pomerance. Hence.. is prime for i : I . We will not describethe test here because relies on concepts it not developed this book.." It should of be noted that Theorem8.Since the total number of multiplications and modular exponentiationsneeded is f h) : o (log2n).-t)/L = I (mod n).. that q. and x that supposedly satisfy (i) (ii) n-l:2oqfl2.. We note. n Theorem8..2) :t*(fnogDtoeQflz. Once we have the numbers 2o. 2.fiogD . q.. for i : l. and -f (q) multiplications and modular exponentiationsto check (ii). Now each multiplication requires O ((logzil2) bit operationsand each modular exponentiation requiresO(logzd3) bit operations.2 : 3(log ntog D ..) ( 2l + I + ) .2 ( (3/og z)log(Z'qfl2. . t. (iii) *G-t)/2--l (modn). we use Corollary 8. Qt.. q) . 2.. He interpreted the result as showingthat everyprime has a "succinct certification primality. that to in .19 cannot be used to find this short proof of primality.19 was discoveredby Pratt.. Qt. and (iv) r(/. for the factorizationof n .Q) : Gflog2)log2qflz. .. and Rumely. the total number of bit operations needed is : oKlogzn)(log2n)3) o((logzn)a). More information this subjectmay be foundin Lenstra[Zt]. qr.4. on Recently. an extremely efficient primality test has been developed by Adleman....2 ..| and the primitive root x of n are required. is prime for i : L.

). I (modn). with x. * I is prime. one week. . a J . 8. x.8. (mod F") 4. For instance. . Show that 257 rs prime using Corollary 8. . . * and xi-t= then n is prime. . b2.Q r are relatively prime integers greater than one. 2 .c bit just 40 secondsand to determine whether a too-digit integer is prime requires just l0 minutes' Even determinewhether a 200-digit integer is prime requires amount of a 1000-digit integer may be checked for primality in a reasonable time.logrlog. 1 7 w i t h x : 3' 2 . .' that *|n-'t'. / ."'. Q 2 ."'. . Furthermore. let br.5 Problems :2' Show that l 0 l i s p r i m e u s i n gT h e o r e m8 . .5 Primality Tests Using Primitive Roots 267 less than determine whether an integer is prime using this test requires log. a r A r e p o S i t i v e i n t e g e r S . t h e r e e x i s t s n i n t e g e rx y s u c h is n . a n d q t .4 with x l. a 2 . . o t .l : m i r nj -ir' w h e r e m i s a p o s i t i v e i n t e g e r . Let n be a positive integer such that n . Show that if the prime-power factorization of n a p i ' a n d f o r 7 : 1 .n operations. Show that if an integer x exists such that x2r:1 and *'r-l* then the Fermat number Fn :2Y I (mod F. where c is a constant. more information about this test see [63] and [74]. b. be positive integers such that there exist integers xt. xz. Fo. 1(modn) 5. .l: pi'pi'. to (log2n.| Let n be a positive integer.!-r and -- I (mod n ) . .. . .

i s g r e a t e r than or equal to b.from Corollary 3. let u : l6Qi').il.. Problem5.. Problem 4. . .p.. 8.1 w e s e ethat a u = t(m o d p . If a is an integer relatively primeto n... : p\. . Since OQ! ).2. Show that n is prime.: 1 . . . : 1.. . T heor em . it follows that . thenEuler's theorem usthat tells a A Q ' )= I ( m o d p t ) whenever pt is one of the prime powers occurring in the factorizatron of n As in the proof of Theorem 8.2. r . i : 1... and r < ( r +jf1i u ? 1 ..4. n . 2 ...2..1' ) for i : 1. .1 7 . Hence. .2. 07. 3. ohhlu f or i : 1. 8 2.)l. u s i n g T h e o re m8 . 2.268 Primitive Roots 6'!'-t)/e'-l. ob.12. w h e r e e v e r y p r i m e f a c t o r o f q . the least common multiple the integers of m. 4. Corollary8.i p.. 8..6 Universal Exponents Let n be a positive integer with prime-power factori zation .. . . ..n) : I for. for ..5 Computer Projects write programs showthat a positive to integern is prime using l. m. .

Next.O ( : ) . of n.. we have tr(2): b(2): I and tr(4): O(4):2. Example.0|'il. d ( 5 2 ) l : 12. based on the prime-power factorization of n.2. primitive roots. smallest positive universal exponent Definition. so that we can conclude that X(2t) : zt-z 1f t > 3.. integer Definition. This leads to the following definition. if t 2 3. The least universal exponent of the positive integer n is called the minimal universal exponent of n. we turn our attention to arbitrary positive integers n ' Theorem 8. and is denoted by I(n)' We now find a formula for the minimal universal exponent l. As we is also a r the intege (J . Similarly.. it follows t h a t u : l O Q 3 ) . a : 2'-2.20. From Euler's theorem.10 that a2'-' : 1(mod 2t) and ord.. then we know from Theorem 8.. A universal exponent of the positive integern is a Positive U such that a u = I (mo d n ). for all integers a relatively prime to n. Let n be a positive integer with prime-power factorization . On the other hand.IAQ\). We are interested in finding the universal exponent of n: p'ip'. p'.6 UniversalExPonents 269 aU = I (modn).201 : 20 is a universal exponent of 600.(n). sinceboth 2 and 4 have primitive roots.6fu)..ybh)l have already demonstrated. we know that d(n) is a universal exponent.8. note that if n has a primitive root. Since the Prime Powerfactorization of 600 is 23'3'52. First. we know that of odd primes possess I(p') : 6(p'). Since powers We have found tr(r) when n is a power of a prime. then tr(n) . whenever p is an odd prime and / is a positive integer.

.2. .) r. Consequently. we can concludethat a M = I ( m o dn ) . be a primitive root of Pi We considerthe systemof simultaneous congruences x=3(mod2") x j11 (modpl') x : 12 (moa p'. For convenience. QQil : xb'il.). ) .).) for all prime-powersin the factorization of n. By the Chineseremainder theorem..)...: we will show that . let the largest M . To do this. the minimal universarexponentof n. (r). Proof.. let r. Moreover. and since oxb') : t (moo p...)l. S inc e M is d i v i s i b l e b y a l l o f th e i ntegers X (2/g .. : 2'"p\'p'i I rm. Qbill . we find an integer a such that no positivepower smaller than the Mth powerof a is congruent to I modulo n.na: ). is given by tr(n : h(2'.) eb'r. from Corollary 3.).. 6Q'.). With this in mind.. The last congruenceestablishes the fact that M is a universal exponent. there exists an integer a such that ord.. Then $$n ). Oe'. e(p' r..l : ^(p'. there is a simultaneous solution a of this system which is unique modulo n : 2'"p'ip'i p'. We must now show that M is the least universal exponent. o7'il. possible order of an integer modulo n. n) : l. Let a be an integer with (a .270 P ri mi ti ve R oots . wheneverp' is a prime-power occurring in the factorizationof n. we see that aM = l (modp.) : x(pl .tr(zt) o(p'i).(mod p'. from Theorem 8'1. we find a solution respectively.lf. from Corollary M: we 3.xb'.. d (5 ) | : 1 . 4l : 12.. we take 2 and 3 as primitive roots modulo 32 and Then.\(n) with ord. Therefore. assume that . so that ordo.) | r{ for all prime powers p' in the factorization of n.a: X(p t).l{ is a positive integer aN = I (modn). and 5. For instance. Hence.ExPonents 8. of the system of congruences 1=iiililil . a : )r(n). o (3 2 ). we can Since aM = I (modn) and MIN conclude that ordna : M. \b. we have for each prime power in the factorization.6 Universal 271 ordn a . we have of But. This shows that M .. if pt is a prime-powerdivisor of n. 2. first we find primitive roots modulo 32 5. o rd o . Since the prime-power factorization of 180 is 2232'5.20 it follows that 6. we have aN = 1(modp'). tr and simultaneously produces a positive integer a Example. using the Chinese remainder theorem. To find an integer a with ordlsga : 12. that such To prove this claim.c | .2. a whenever N = 1(modn).M.. x ( 18 0 ) : Io (2 2 ).)l | /{' [tr(2"). knowthat x(pti) .\(p1'). Then. since a satisfieseach of lhe m * I congruences the system. from Theorem 8. 2. contradictingthe fact that ).. ^the .n): l. n) : r-.(n) (r-l).1 3 . Here.37.and sincean-r = I (mod re). where Qv Q2.7 3 . If n is a Carmichael number..k. Theorem 8.17. then n-l would be odd.r4z 4k. .Consequently.r)'l'(n-rl j : 1 . o(7rl : [.32 : 144. for if n was even. then br-t : I (mod n ) Qk. o(37)..37.n i it u carmichaer number.l tells us that r(n)l(n_l). but even (sincen ) 2).rg. n I must be the product of distinct odd primes. Ex am ple. say . 2 .272 Primitive Roots obtaining a = 83 (mod 180). 22. Recall that a Carmichael number is a composite integer that satisfies bn-r : I (mod n) for all positive integers D with (b.32. then n : Qtez yh. for all positiveintegers6 with (b. Suppose has r a prime-powerfactor pt with t>2. Now n must be odd. Theorem 8. Hence.'s are distinct primes such that (qi .1) | tn-l) for i : r. i. e* are distinct primes satisfying @i ...7 3 k n o w th a t a t4 4 r ( moo 26.d(5). : we We now return to the Carmichael numbers that we discussed in Section 5. Proof. | tr(n ) is We now show that n must be the product of distinct primes. This implies that p | (n-l). . ih. which is impossiblesincep n.7 .2.. Then rQ') :0(p') : pt-t (p-l) | x(n) : n-t.21.h en. rf n ) 2 is a carmichael number. Let n :2 6 3 2 5 . From the proof of Theorem g.k .. where I(n) is the minimal universal exponent.1 7 . whenever a is a positive integer relatively prime to 2 6' 32' 5' 17' 17' rg ' 3 7 .3.24..r-. .5. . 24. w e have T \(n ) : [x(26). 2232. 23321 :24. we proved that if rt : Q.20.7r. oOD. a(32).32.2. we see that ord1ss83 12.1 9 -3 7 .20 tells us that there is an integer a with ordna : X(n).q.... we prove the converseof this result. d(I9). 2. Theorem g. Find the largest order modulo 4. different odd Theorem 8. A Carmichael number must have at least three prime factors. So assume factor. the minimal universal exponent of n. integern with tr(z) : 12. and is the product of distinct that n : pq. 2.6 Problems l.6 UniversalExPonents 273 tt : QtQz Qtc' We conclude the proof by noting that \(qi) : O(q) : (qi-D I r(n) : n-l' E Carmichael We can easily prove more about the prime factorizations of numbers. n Find tr(n). since it is composite. where p and q are odd primes with p>q' Then (p-Dq + Q-1) = q-l + 0 (modp-l)' pq-l: n-l: Hence. Then n cannot have primes. for the following values of il b) c) d) 100 r44 222 884 e) 2n3t'52'7 l f ) 2 s 3 2 ' 5 2 ' 7 3l'2 ' 1 3 '1 7 ' 1 9 e) 1o! h) 20!.8. n cannot be a Carmichael number which shows that (p-l) I (n -l) just two different prime factors. Find all positiveintegersn suchthat tr(n) is equalto a)l d)4 e)5 02 c)3 CI6. just one prime Let n be a carmichael number. . 3. proof. Find an integerwith the largestpossible a) 12 b) ls c) 20 d) 36 e) 40 f) 63. E if it has 8.22. 274 Primitive Roots 5 . Show that there are only a finite number of carmichael numbers of the form fl : pqr.. 1 3 . Show that if a and m are relatively prime positive integers. are the integers x such that 1 0 . (m-l)' form_a complete system of residuesmodulo m if and. has exactly 3. then the solutions of the congruence ax = b(mod m) x = at'(m)-tb (mod m ).-.. . then the integers l' . Show that if la is another solution of tr(z) : a. . 8 .-. Show that if c and m are positive integers then the congruence x" = r (mod m) has exactly fI (l + (c-t . (e. 1 6 . Show that if m is a positive integer. Find the minimal universal exponent of a positive integer. 6(m)) :2.2' . m : pi'pi. and q and r are also primes. b) where m has prime-power factorization Show that x' = x(mod z) (c-1. p:. Find all carmichael numbers of the form 5pq where p and q are primes. tr(n)]. Show that there are no carmichael numbers of the form 3pq where p and q are primes.(n) . Use problem l1 to show that there are always at least 9 plaintext messages that are not changed when encipheredusing an RSA cipher.(n ) : a. 6.6 Computer Projects Write programs to do the following: l. . solutions if and only if 12. t 4 . integers. incongruent 9 . where c is a fixed positive integer. show that if c is a positive integer greater than one. Show that if n is a positive integer.tr(m )) : l.n) can be taken to be an inverseof e modulo ). Let n be the largest positive integer satisfying the equation ). Show that the deciphering exponent d for an RSA cipher with enciphering key 8. where p is a fixed prime. then 7. then there are exactly d(I(n)) integers with maximal order modulo z. show that if m and n are rerativery prime positive |r(mn) : [tr(re). then tr(rr) divides 6fu) . Obi)) j-l incongruent solutions. a) ll. 1 5 .then m dividesn. only if z is square-freeand (c. 8 1 0 0 . The most undesirable feature of this method is that. always squaring and removing the middle four-digits to obtain the preceding one.41 0 0 . c. and xs is chosenso that m ) 0. . the sequenceof numbers produced useful for computer simulations. "" exponent of integer with order modulo n equal to the minimal universal find all positive integers n with minimal universal Given a positive integer M. number. e. 2100.j"O 3.. introduced by Von such method. the method produces the same small set of numbers over and over.7 Pseudo-Random of Numbers chosen randomly are often useful in computer simulation perform simulations. number is known.. 0 < c 4 m' The sequence of pseudo-random numbers is defined and 0 ( xo ( z. For instance. the entire randomly chosen.7 Pseudo'Random 275 2. We a new numbers. works as follows. 2 < a 4' m. 4. the middle four digits 6873 as iterate this procedure to obtain a sequenceof random random number. and the numbers produced are that have been chosen in some methodical manner. is determined. To means for random numbers is needed. To generate four-digit random numbers...Numbers 8. 2 1 0 0 . exponent equal to M. 6100.starting with the four-digit integer 4100 and using the middle-square method. preferable' One Instead. for many choices of the initial integer. say 6139. w h i ch onl y gi ves four di fferent numbers before rePeating. called the middte we start Neumann. Solve linear congruencesusing the method of problem 9' Numbers 8. a systematic method using computer arithmetic is ' square method. When the initial four-digit appears . There are various mechanical but these are ineffficient for computer use' generating random numbers. . However.n. 6 1 0 0 . The integers in sequences but appear to be random. The most commonly used method for generating pseudo-randomnumbers is called the linear congruential method which works as follows. tuk."qu. We square this number to with an arbitrary four-digit the second obtain 37687321'. (ttre square of a four-digit number random number from considered has eight or fewer digits. Those with fewer than eight digits are adding initial digits of 0') eigtrt-digit numbers by not Sequences produced by the middle-square method are' in reality. A set of integerst/t. are called pseudo-random numbers. we obtain the sequence 8 1 0 0. some method for generating complicated phenomena. It turns out that the nriddle-square method has some unfortunate weaknesses.and *. to be random. . the formula is obviously true. and the seed. we obtain the sequence 3. Example. a-3. 6. The terms of the sequence generated by congruential method previously describedare given by X1. 1+ 4 = 7 ( m o d l 2 ) . 5.t ) = a k + l x o* c ( a k + r . we have xr+r s a(akxs+ c(ak-l)/fu-l)) = a k + t x o* c ( a G k .24. The sequence of pseudo-iandom numbers obtained is 5. . c:4.0 ( xr 1m. s i n c ex z = 3 ..276 Primitive Roots recursively by xn+r 3 axn * c (mod m). s i n c e x : E 3 . 2.1. and xs the seed of the pseudo-random number generator. so that x* z akxo + c(ak-l)/b_l) (modt?t).. Similarly.7. and so on' Hence. 7 + 4 : I ( m o d I 2 ) .7. fo r f t : 0..3. Theorem 8. xk+t *c (modz). the generator producesjust three different integers before repeating. We c a l l m th e mo dul us. a the mul ti pl i er. e : '1. since rr E axs* c (mod m). we find that x2: 1.. Proof.. and x0 : 3. c the increment. the linear akxo+ c(ak-l) /(a-l) ( m o dl a ) . The following examplesillustrate the lineai congruential method. The following theorem tells us how to find the terms of a sequence of pseudo-randomnumbers generated by the linear congruential method directly from the multiplier. 0 ( x r 1 m . 3 . . which is the correct formula for the (k+t)ttr term. 2. With m:12. 0(xr+r 1t/t. we obtain xt E 3'5 + 4=7 (mod12).l ) / G . tr . 4. We prove this result using mathematical induction.. Assume that the formula is valid for the ftth term. and r0:5. This demonstrates that the formula is correct for all positive integers k. 7. 1. 0 ( xr I m. With frt : 9. c : 4.D / G . 0.. 0 ( xr+r 1 r/t. l. the increment.7.I.1. For k : l..D + c + t ( m o dz ) .so that xr: j. 8. x 3 : 7 . This sequence contains g different numbers before repeating.. a = 1 (mod p) for all primes p dividing m. where X(rz) is the minimal universal exponentmodulo z. For many applications. multiplier a. we frrst demonstratethat 7 is a primitive root of M t.7 Pseudo-Random 277 The period length of a linear-congruential pseudo-random number generator is the maximum length of the sequenceobtained without repetition. In general. The case of the linear congruential generator with c : 0 is of special interest becauseof its simplicity. In this case.25. .then f is the smallest positive integer such that x s :. m) : l. and seed xs. Theorem 8. The integer 7 is a primitive root of M31:23r-1. the method is called the pure multiplicative congruential method. Proposition 8.we know that the largest possibleperiod length is tr(lrr). the maximum period length is rn -1. For the proof. we have oI=1 (modz).25 is complicated and quite lengthy we omit it. We note that the longest possible period length for a linear congruential generator is the modulus m. To find a primitive root of M 31 that can be used with good results.1. We specify the modulus la. using Corollary 3. and a = | (mod 4) if a | ^. When the modulus m is a prime. m) : l. The sequenceof pseudo-randomnumbers is defined recursively by xnal axo (mod m). If { is the period length of the sequenceobtained using this pure multiplicative generator.l. The linear congruential generator produces a sequence of period length m if and only if (c.a [x s (m o d l a ).Numbers 8. If (xo. the reader is referred to Knuth t561. 0 1 xn+t 1 m. From this congruence. the pure multiplicative generator is used with the modulus m equal to the Mersenne prime M3r:23r . and this is obtained when a is a primitive root of rn. The following theorem tells us when this maximum length is obtained.1. Because the proof of Theorem 8. we can expressthe pseudo-randomnumbers generatedin terms of the multiplier and seed: --xn a'xo (mod m). 0 1 xn+t 1 m. 3 2 .r. We havely touched briefly on the important subject of pseudo-random numbers' For a thorough discussion of the generation and statistical propertiesof pseudo-randomnumbers see Knuth tse t. 2 t e l l s u s t h a t 7 5 : 1 6 8 0 7 i s a l s o a p r i m i t i v er o o t . . Mrr-1): l . 1. Since 7{Mil-t)/2 7(Mrrt)13 7(M\-Dn t)/rr 7(Mr 7(Mrfr)/3r 7(M.7 Problems l Find the sequence of two-digit pseudo-random numbers generated using the middle-squaremethod.)31 showthat .2. 8.7 : My-|. l 5 l . We take a power of 7 where the exponent i s r elat iv elypr im e _ M 3 . we note that My-l : z(zs-t)(2to+2s+t) ) (210-zs+t) (zs+t : 2 . to F o r i n s ta n c e .. To show that 7 is a primitive root of M31.t-r) /rsl 7(Mrft)/33r 2147483646 + rsr347773s + 12053628s + 1969212174 + s35044134 + 1 7 6 1 8 8 s 0+ 3 8 s t 2+ I (mod M y) 1(mod M t) 1(mod M t) I (mod M y) I (mod M y) 1(mod M z) I (mod M y) we see that 7 is a primitive root of M31. 31 . we find a larger primitive root using Corollary 8. since the first few integers generated are imall. To find the factorizationof M31_1. I 5 1 . M r r l) : l. Instead. a n d 3 3 1 . with this information. 1 3 l 3 If we show that .s ince (s. E In practice' we do not want to use the primitive root 7 as the generator.214748364j.wt'-Dh 1y ( m o dM t ) it is sufficientto for all prime divisors q of Mt-r. taking 69 as the seed.7 . corol l ary 8 . 3 1 .then we know that 7 is a primitive root of M31 .278 PrimitiveRoots Proof. we can conclude that ord2r. s i n c e ( l 3 . I l . another possibility is to use 7t3 : 2s22462g2 (mod Mt) as the multiplier. 7 . 3 .(Mrr_t)/q q- : 231 2: 2(230-l) : 2(215-t)(Zl5+t) I (mod M y) f o r q : 2 . Find the period length of the pure multiplicative pseudo-random number a)z b)3 c) 4 e) 13. by showing that the terms generated by the linear congruential = generator xn+r7 axn * c (mod lrt).(a-1) xo * c (mod m).30030 c) d) m : 106-l m :225-1.r2al :. Using Theorem 8. be Show that every linear congruential pseudo-random number generator can in terms of a linear congruential generator with increment simply expressed c : 1 and seed 0. Another 1 0 . the resulting numbers' . when a way to generate pseudo-random numbers is to use the generator. generator xn Z cxn-r (mod 231-l) when the multiplier c is equal to 7 . -:axn I c (mod m).Random N u mb e rs 279 by 2. m:1000 nr . is 2'-2. (Hint: Find a primitive root of 101 Find a good choice for the multiplier c in the pure multiplicative pseudo-random number generator xn i axn-r (mod 22s-1). 9 .m. yo:0' and ln+t ? 6 y. d)s 8 . find those integers a which give period length . Let m be a positive integer. + xo aln* I (modln). Two initial integers x6 and x1 Fibonacci less than m are specified and the rest of the sequenceis generated recursively by 0 ( xn+r 1 m' the congruolce.25. Find the first ten terms of the sequenceof pseudo-random numbers generated : 6 and xn+r z the linear congruential method with x0 What is the period length of this generator? :2 the linear congruential method with x6 5x. Find the period length of the sequenceof pseudo-random numbers and xn+t 7 4xn * 7 (mod 25)' of 4 . can be expressedas xn (mod m). (r. Show that this is obtained of the form xnal -: t3 (mod 8). Show that the maximal possibleperiod length for a pure multiplicative generator -3 QXn (mod 2").I is used for the multiplier in the generation pseudo-random numbers by the linear congruential method. Show that if either a : 0 or a . Find a good choice for the multiplier a in the pure multiplicative pseudo-random number generator xn+rZ axn (mod l0l).8 . i) : l. for the linear congruential generator xnal where a) b) 6.7 Ps eudo. where b :. * 2 (mod 19)' generated by 3 .xn * xn-1 (mod rn). (Hint: Find a primitive root of ."qu. Find the first eight pseudo-random numbers generated by the Fibonacci w g e n e r a t o r i t h m o d u l u sn : 3 l a n d i n i t i a l v a l u e sx 0 : I a n d x t : 2 4 . e 2 3.n"" would not be a good choice for a sequenceof pseudo-random where 5 .) ll. with seed xe. that is not too small. Theorem 8. 0 ( xn11 < 1000. 3. The pure multiplicative generator. We are interested in determining the largest possible + 1 . The linear congruential generator. if 313 and 145 are consecutive terms generated.s(rn).exponent of a modulo ru is the smallest positive integer x such that et + I (mod rn ). we denote this by }. The middle-sequence generator.280 PrimitiveRoots 225-l and then take an appropriate power of this root. Let m be a positive integer and let a be an integer relatively prime to m. lf m isa positiveinteger.8 An Application to the Splicing of TelephoneCables An interesting application of the preceding material involves the splicing of telephonecables. 0 ( xn+r < 1003. The + I . with aprimitive root.exponent of an integer modulo m.) 12. who relates the contents of an original article by Lawther [70]. 8. We base our discussionon the exposition of Ore [28]. we first make the following definition. To develop the application. First.m ) 2.7 Computer Projects Write programs to generate pseudo-randomnumbers using the following generators: l. 4. The Fibonacci generator (see problem 9). 13.QXn (mod 1'000). reporting on work done for the SouthwesternBell TelephoneCompany. ) . Find the multiplier a and increment c of the linear congruential pseudo-random number generator xn+rt axn * c (mod 1003). if xs: l.(m ). a n dx 3 : 3 6 1 . then the maximal *l . x 2 : 4 O 2 . The following two theorems relate the value of the maximal + I . we consider positive integers that possess primitive roots.26.exponent trs(z) to }. 2. 8. Definition. the minimal universal exponentmodulo rz. Find the multiplier a of the pure multiplicative pseudo-random number generator xnal.exponenttrs(rn equals0@) / 2: )r@) / 2. o o tu ) :1 o a tu ) l z l z for all integersa with (a. However.8 An Applicationto the Splicingof TelephoneCables 281 Proof.m) : 1. Q@) / Z. Theorem 8. From problem 7 of Section8.1. Proof. Since ord^r : 6(m). Hence.8. Consequently.27. or equivalently. we know that l(rn ) 4 6fu) /2.exponent e. then the maximal +1 . then e : X(z). the only solutions of x2 = I (mod m) are (modru). Hence.)(d(z)lz. l.3. x=-tl sfh) l2: This implies that t | ( m o dz ) . the maximum +l . Euler's Theorem tells us that I (mo d l z). Theorem 8.exponente such that ottu)/2# _t (mod z). We first show that if a is an integer of order )t(m) modulo z with + I . \s(r.exponent e . We first note that if m has a primitive root. we know that when m has a primitive root.s(rzr): fu) /2:\fu) 6 /2. if m ) 2. the minimal universal exponent of m. we will have shown that ). so that 0@) I Z is an integer. then \(z) : 6(m). tr We now will find the maximal + I . Assume that a is an integer of order xfu) such that modulo m with + I .1 tells us that 6fu) | 2e. Then re = t so that r2'= 1 (modz).exponent \6(rn) equals I(m).exponentL6(z) is at least Consequently. we know that g(m) is even.q(tn) : tr(lz). | (m o d l a ). lf m is a positive integer withciut a primitive root. that (6(m) /D I e.once we have found such an integer a.exponent of integers without primitive roots. From problem 5 of Section 6. Now let r be a primitive root of modulo m with f I . p'r'.. Oe!) ^ .!(P'j' l I Because Oeh / z I x@) / z. . 6 Q b 1 . Among the prime-powers p!' diriding ffi. = I (mod z). by hypothesis.exponentof a is I(z). we have . .. and a. and. . / 2 ..s.t (mod p!).. for i: 1. Let the prime-power factorization of m be m .(m). a : ) r ( m ) . s i n c em h a sn o p r i m i t i v er o o t s .a: [I(2tg Ob'. then e : h. note that a e : . We first consider those rn with at least two different odd prime factors. The next case we consider deals with integers of the form rn .(m)/2. To see that er\..2.+ 1 ( m od ln ).. si nce ord^o:\(m). w e k n o w t h a t > r f u ) l 2 e . the + I . a h a s + l . When to: 2 or 3. Let a be an integer satisfying the simultaneouscongruences Q:5 (mod 2') (mod pj') for all i with i # j alri o-ri ) (moa p!). so that otr(*)/' * -t (mod rn ). remainder theorem.2'op'r' p'. .. Let ri be a primitive root of p'. = _l (mod z). we know that this least common multiple equals ) (mod \.@ )/2 I (m o d rn). From T h e o r e m8 . . let pl be one with the smallest power of 2 dividi"g Obh.(m). by our choice or pl.weknow that It(d /2 . b u t o ). We now find an integer a with the desired properties.'). . Therefore.e x p o n e n t e . Consequently. l2e either e:t(m)/2 or e:x(m). it follows that az. . s i n c e x @ ) and e ( \(z). * and o>'(-)/z # -t (mod z) .. '. we can conclude that if o rd... we know that otb/) /' = (modp!). 1 .282 PrimitiveRoots o)'tu)/2 # -r (mod ru). we consider several cases. Such an integer a is guaranteed to exist by the Note that ord. Since o" = + I (mod rn ).2toott where p is an odd prime.. .tr2l a n d t o ) 2 . e:rjp!). We seethat ord.:.*ll. We see the Chinese remainder theorem tells us that such an integer exists. o x @ )/2 we know that /2 o x (n ) + _ l (m o d ru ). '.i :i:':'.8 An Application to the splicing of Telephone Gables 283 x ( .1 (mod8).exponent a is tr(rn F i n a l l y .'.. .:. a be a solution of the simultaneouscongruences (mod4) a=l a t r (mod p'i).let a be a solutionof the simultaneous a=3 -: r a (mod2t') (mod p'il. When ts 2 congruences .:'l Thus. 8 with ts2 3. ordthat " : ^::. of so that the 1l .e Q \ ' ):l d Q i ' ) .tl we know that /4 . /2 5r(nr) = 152)0(m) we Therefore. + _ 1 ( m o dr u ) . we concludethat the +1 .. /2 ox('. seethat ) 5 r ( m/ . n : 1 2 . the +1 .exponentof a is f (z)' Consequently. from Theorem .::'.8. ) Let. : lr(m) ' Because where r is a primitive root of p'1'. ""n"' (mod rc).w h e n m : 2 ' o but ord-5 : X(na).a 1 (mo d 4 ).exponentof 5 is l(lz)' This finishes the argument since we have dealt with all caseswhere m not have a primitive root.:':'.) + _t ). tr . 1. Consequently. we require that the spread s be relatively prime to the number of wires z.1. following identical splicing direction at each connection. For practical purpose. Telephone lines are constructed by splicing together sectionsof cable.where S(i) is the least positive residue of I + (j-l)s modulo m. where I < i ( rn to the wire in position S(j) in the next section. the adjacent wire in the first section is spliced to the wire in the next section in the position obtained by counting forward s modulo m from the position of the last wire spliced in this section.284 PrimitiveRoots We now develop a system for splicing telephone cables.two wires adjacent in the same layer in one section should not be adjacent in the same layer in any nearby sections. and are produced in sectionsof specifiedlength. Figure8. When two wires are adjacent in the same layer in multiple sections of the cable. Telephone cables are made up of concentric layers of insulated copper wire.S(j) : S (k) and . s is called the spread of the splicing system. Here. This shows that if wires in positions j and k are sent to the same wire in the next section. In a layer with m wires. then . there are often problems with interference and crosstalk. as illustrated in Figure 8. We use the following rules to describethe system. we connect the wire in position j in one section. To have a one-toone correspondencebetween wires of adjacent sections. Wires in concentric layers are spliced to wires in the corresponding layers of the next section.the splicing system should be simple. We see that when a wire in one section is spliced to a wire in the next section. A cross-section one layer of a telephone of cable. so that js = ks (mod m ).1 we seethat j = k (mod z ). Let us connect 9 wires with a spread of 2. we have s 2 (j ) : I + (r-l )s (mo d rn ).8 An Applicationto the Splicingof TelephoneCables 285 I + (j-l)s : I + (k-l)s ( m o dz ) . spliced to the the next section. Proof. 2-3 5*9 8*6 3*5 6-2 9-8. Let S'(7) denote the position of the wire in the nth section spliced to the 7th wire of the first section.8. so the proposition is true for n : 2. Proposition 8. Figure8. Then . we have the wire in position S'(7) .2. of The following proposition tells us the correspondence wires in the first section of cable to the wires in the n th section. For n : 2.2. by the rules for the splicing system. correspondence We have the I *l 4-7 7 -4 This is illustratedin figure8. from Corollary 3.2. which is imPossible.S'(j) = I + (7-l)s'-r (modz). Splicingof 9 wireswith spreadof 2. Now assumethat S'(j) Then. Since (m. : I + (7-1)sn-r (modla). Example. s) : l. i)'. (t + (j-l)s') which holds if and onlv if sn: tl (modm). .286 PrimitiveRoots wire in position gn+r(r) = I + (. =li f1. and only if.Sr(.S' (i ) . Example. r | (mod m). To keep adjacent wires in the first section separatedas long as possible. Proposition8. D In a splicing system. with 100 wires.(100) : 20.(l+7sn) = + I (modln).exponent modulo il 13 il2s ..exponent of a) b) c) 2.2 tells us that the adjacentwires in the 7th and j+l th positions are connected to wires in positions Sr(j) = I + (7_l)s.These wiies are adjacent in the n th section if. The appropriate computationsshothat s : 3 is such a spread. we should choose a spread s so that the f I exponentof s is ro(too) : ^. we should pick for the spreads an integer with maiimar + l .* dm) This shows that the proposition is true. respectively. We can now apply the material at the beginning of this section.^ponrnt \o(n).8 Problems l. we want to have wires adjacent in one section separated as long as possible in the following sections. Find the maximal t I .r)-t). (mod rn ) and .S ' i n (i + t) : or equivalently.s'(j+l): I t jsn (mod m). 8. . Find an integer with maximal * I . t7 22 24 d) 36 e) 99 f) 100. After n splices. Develop a scheme for splicing telephonecables as describedin this section. 8. . adjacent wires in one section can be kept separated in at sectionsof cable. Show that using any splicing system of telephone cables with ln wires arranged in a concentric layer. e) 3 6 f) 6 0 . Devise a splicing scheme for telephonecables containing a) 50 wires b) 76 wires c) 125 wires.8 Computer Projects Write programs to do the following: 1. 4.8. -exPonents. Show that when lz is prime this most [ @-l) / 2] successive upper limit is achievedusing the system developedin this section.8 An Application to the Splicing of Telephone Cables 287 b) 14 c) t5 3. Findmaximal tl 2. as defined in Section 8. 2 2= 9 2 : i t . l 42: '12:5 (mod ll). 3. and 10 are quadratic nonresidues I l.i i i . 3 . Hence.. To demonstrate this fact. n o O . In this chapter. we say that a is a quadratic nonresidue of m. 6./k) : I and the ctngruence . w e fi nd that ' ^ re s iduesof I I a re I.1. we co m put e t he s q u a re s o f th e i n te g e rs r . We will show that if p is an odd prime.r0.. then there are exactly as many quadratic residues as quadratic nonresidues p among the integlrs r. If the congruen x2 = a (moa ce d has no solution. th e i ntegers 2. Lemma 9..7.. To determine which integers are quadratic residues of I l. quadratic the Note that the quadratic residuesof the positive integer m arejust the ftth power residuesof m with /<:2. 3 2 : g 2t 9 ( m o dl ) .p of r.4.2.. the congruence 288 . Then.. If m is a positive integer. 5 . a n d 9 . Example. and 52: 62= t frnoJ rrl.1 Quadratic Residues Let p be an odd prime and a an integer relatively prime to p. we devote our attention to the question: Is a a perfect square modulo p? We begin with a definition. we use the following lemma. Let p be an odd prime and a an integer not divisible by p. of 1 2 : 1 0 2 : t ( m o d t ) . g. 4 .. = a (mod m) has a solution.Quadratic Residues 9. we say that the integer a is a quadratic residue of m if (a.2. Definition... Then.| squares to consider and since each congruencex2: c (mod p) has either zero or two solutions. To find all the quadratic residuesof p among the integers 1. Hence. Since w e s e e th a t -x s i s a sol uti on. Since there are p .. p. if p tr xo (since i m Po s s i b l esince p is odd and a p x& = a (modp) nd tra).. Let p b e a n odd prime and a an integer not divisible by p.p-1.J' .2. lf x2 : c (mod p) demonstrate that x : -r0 (-xo )': *& = c ( m o d p ). we have x & = x ? = a ( m a d p ) . there are exactly two incongruent solutions. ' . then we can easily is a second incongruent solution.assumethat x : xo and x : xt are both solutions of x2 = a (mod p)..there must be exactly Q-D/2 quadraticresiduesof p among the integers 1.2. The previousexampleshowsthat the Legendre Itt ..2.l. If p is an odd prime. Theorem 9.. -x s ( m od p) . The are positive integers less than p-l remaining p-l .. Therefore. so that x | :. tr This leads us to the following theorem. W e note that we have then x o E -xs (mod p). fo r xo # ( m od p) ..l ' Proof. pl(xs+x1) xr E xe (mod p).p-l we compute the least positive residuesmodulo p of the squaresof the integers 1.1.. Legendre symbol The L'J f. tr The special notation associatedwith quadratic residues is described in the following definition.(p-l)/zQ-l)lZ of quadratic nonresidues p. Proof.x ? : (xo*x r) (xo-x r) = 0 (mod p). To show that there are no more than two incongruent solutions. ' .l _ { IrJ l. ' I o I symt o r s Example.p . then there are exactly Q-l)12 quadratic residues of p and Q-l) /2 quadratic nonresiduesof p among the integers 1 . T h i s i s 2 xo :0 has a solution. s o t h a t x & .. Definition.if there is a solution of x2 = a (mod p).1 QuadraticResidues 289 x2= a (modp) has either no solutionsor exactly two incongruent solutionsmodulo p. 2 .. say x : xo.9.. -l frl is defined by I if a is a quadratic residue of p if a is a quadratic nonresidueof p..-xe (mod P) or or pl(xo-xr). This criterion is useful in demonstratingpropertiesof the Legendresymbol. [..l:-r we now present a criterion for deciding whether an integer is a quadratic residueof a prime.J: : [#] [+] :' lal :fgl :f'l-f'l-f'ol .for eachinteger such i that I S t < p-1.. Furthermore.. congruence: a (mod the x2 p) has a solution. assume that ob-D/27^odp).J:[" .nto(r -l) /2 pairs eachwith productc.. Using Fermat'slittle theorem. know that i * j.*.r t t ' :* B .290 QuadraticResidues Q: l.[u .orem 3. suchthat 7 ii .p-l i.c(mod p). we find that (p-l)t = ah-t)/21-odp). seethat we ob-r)/2 Hence.' .J:l" . know that : .have the following values: lrl :lrl :fol[". Multipiying thesepairs together.. T h e n r I lgl= lp ) Proof. sin-ce ioniruence *i L otiroo pl has no the solutions.7. o b -t)/2(modp).o-i?{. the congruence l* I x. Euler's criterion' Let p be an odd prime and let a be a positive integer not d iv is ibleby p. = _l (modp).l."i we groupthe integers r. rl l* | lp ) : t Then.t Then. 2... w e seethat Now consider the case where W ils on' st he o re mte l l s u s th a t (p -l )t -l = o b -t)/2 (mo dp).10. if G l 1 < n .say x : ro.l: l" . .. thereis a uniqueinteger with I < j ( p_1.Z. First.l:[. Thus..2= a (modp) hasno solutions.t = t ( m o d p ) ..l-[. 9 .1 Q uadr at ic Res i d u e s 291 In this case,we also have |,"] - l . pJ o-t)/2(modp). D Exa m ple. Lel p : 23 re l l s u s t hat a n d c :5 . Since5ll : -l (mod 23), E ul er' scri teri on rs'l l; l : -1 . of H e n c e ,5 i s a q u a d ra ti cnonresi due 23. We now prove some propertiesof the Legendre symbol. Theorem 9.2. ilet p be an odd prime and a and b integers not divisible by p . Then : d ( i ) i r a = D ( m op ) , t h e n t;] [;] (ii) ["] fbI-f4) lp)lp) Ip ) Lp ) (iii) f4l :, Pro o f of 0. lf a = D (m o d p ), th e n x 2 = a (m odp) l tut.,u sol uti on i f and Hence, I : l+ | p) onlyif x2 = b (mod hasa solution. l* lp ) lp ) Proof of (iil. By Euler's criterion, we know that (mod (mod \ ' ^ p), f al = o(o-r)/z! v s r l ' Iql = 6b-D/z p), l.pJ-V)-" and ( p [a) = GDe-t)/2 mod ). Ip ) Hence. - o-t)/z6b-r)/z(ab1e-t)/z : ltl (mod : p). lp ) valuesof a Legendresymbol are * I, we concludethat Since the only possible 292 QuadraticResidues [;] :l+) itl Proof Gii).sincef:l : *r , from of part(ii) it follows that lp ) r-lr ) lor) l,): tflt?):,tr Part (ii) of Theorem 9.2 has the following interesting consequence.The product of two quadratic residues,or of two quadratic nonresidues, a prime of is a quadratic residue of that prime, whereas the product of a quadratic residue and a quadratic nonresidueis a quadratic nonresidue. using Euler's criterion, we can classify those primes having _ l as a quadratic residue. Theorem 9.3. If p is an odd prime, then r)( l-rl f p J l - , : J r i f p :- - l l ( m o d 4 ) (mod4). t-r if p I Proof. By Euler'scriterion,we know that [r ) If p : I (mod 4), then p :4k [ -'' ] I | = (-1)(r-t)/21-odp). * I for some integer ft. Thus, (1){o-Dtz: (_l)2k : l, r) s ot h a t l + f : r . r f p = 3 ( m o d 4 )t,h e n : 4 k * 3 p lp ) Thus. 1-9{o-D/t: sothat | (-l)zk+t - -1. f o rs o m en t e g e r . i f ( - ,^ l Lp ) | =-t. tr The following elegant result of Gauss provides another criterion to determine whether an integer a relatively prime to the prime p is a quadratic residueof p. 9 ,1 Qu adr at ic Res id u e s 293 (a ,p) : l. Ii s Gauss' Lemma. LeI p be an odd prime and a an integer with integers the is the number of least positive residues modulo p of Q , 2 A , 3e,...,((p-D/Da that are greater than p/2, then the Legendresymbol Irl l-l= = (-l)'. lp ) represent the least positive residues of the integers Let u1, u2,...,1ts be a , 2 a , 3 o, . . . , ( ( p- D / D a th a t a re g re a te rth a n p /2 , and l et v 1, v2,...,v; the p 12. Since least positive residues of these integers that are less than (,r ( b-l)/2, allof theseleastpositiveresidues Qa,p): I forall 7 with t - l. arein theset 1,2,...,P proof. 1 W e w i l l s h o w t h a t p - u t , P - u 2 , . . . , P - u r , v 1 , v 2 , . ' . , vc o m p r i s et h e s e t o f in some order. To demonstratethis, it sufficesto integers 1,2,...,(p-D/2, show that no two of these integers are congruent modulo p, since there are exactly Q-l)/2 numbers in the set, and all are positiveintegersnot exceeding (p-D/2. It is clear that no two of the ai's are congruent modulo p and that no two of of the v;'s are congruentmodulo p;if a congruence either of thesetwo sorts z na (mod p) where m and n are both positive held, wb would have ma Since p tr a, this implies that integers not exceeding Q-D12. (mod p) which is impossible. 7n - n In addition, one of the integers P - 4 cannot be congruent to a, vit for if l) - na such a congruence held, we would have ma 3 p -- (modp), so that -n (modp) . This ma t -na (modil. Sincep tr a, this impliesthat m both m andn arein the set l, 2,...,(p-l)/2. because is impossible Now that we know that p - U l , P - 1 1 2 , . . . ' P- U r , V l , i n te g e r sl, 2, . . . , ( p- l) 1 2 , i n some order. we conclude that (P-')(P-uz) ' ' (p-u)v 1v2 vt :V 2 , ,. . . , V t afe the t+l ) (mod p ), which implies that (e.) l BUt, (-t)'ultz' urv1v2 vt [n:i, (mod p ). z f the least positive residues of a,2a,...,((p-t)/Da, s i n C e l l 1 , l l 2 , . . . r l l s ,v l , V Z , . . . r v t a r e we also know that 294 Quadratic Residues @.2) utuz' Lt,vtv2-..vt a.2a...1+1" z lz ) : oT l+lr (moo p). l.) Henc e,f r om ( 9.1 ) a n d (9 .2 ), w e s e eth a t p-r( ) ' (-r)'a lf lL (p,((p-D/DD: Because p-t( I j r l lr= ll+lr(moap). t ) (modp). l, this congruence implies that (-t),a+:l By multiplying both sidesby (-l)', p-l we obtain (-t)'(modp). a 2 : p-tr) Since Euler's criterion tells u s t h a t a 2 : d l * | = ( - l ) ' ( m op ) , tp ) establishing Gauss r) tr p lil (mod ),itfollowsthar lp ) To find by Gauss. lemma, we t+l compute leastpositive the residues r.5,2.5: llslo s,and5.5. These of are 5, 10, 4,9, and 3, respectively. Since.,exactlytwo of these are greater than Exampte. o:5 Let andp: ll. l l / 2 , G a u s s ' l e m m al s sr h a t tel u l+ | l rr J : (-l)2: l. Using Gauss' lemma, we can characterize all primes that have 2 as a quadratic residue. Theorem 9.4. If p is an odd prime, then r) lZl:(-1)g,-rvs. [p J 9 .1 Qu adr at ic Res id u e s 29s Hence, 2 is a quadratic residue of all primes p : + 3 (mo d 8 ) . quadratic nonresidueof all primes p + I (mod 8) and a Proaf. From Gauss'lemma,we know that if s is the numberof leastpositive of residues the integers r) 1.2, 3.2, l+1.' 2.2, ...,$$

integers less are all than thataregreater pl2,then l+ | : (-l)'. Since these lp )
than p, we only need to count those greater than p /2 to find how many have least positive residue greater than p /2. i s l e ss than pl 2w hen i 4 pl a. Th e int eger 2j, wh e re I ( 7 ( b -l )/z , in the set less than p /2. Consequently,there Hence, there are Ip /41 integers n-l are s
L

rl

that

: (-D+-tP/al
To prove the theorem, we must show that

(mod 2). '4 + 2 - el- = {p'-1)/8
To establish this, we need to consider the congruence class of p modulo 8, since, as we will see, both sides of the above congruencedepend only on the congruenceclass of p modulo 8. We firstconsider '-l)/5. b is an integer,so that I f p = + l ( m o d 8 ) , t h e np : 8 k + l w h e r ef t

(p'-l)/8 - ((sk+t)2-t)/8: G+k2+r6k)/8:8k2+ 2k:0
If p :

( m o d2 ) .

+ 3 (mod 8), then P : 8k + 3 where k is an integer,so that : ((st + iz-D/s: : I (mod 2). (64k2+ 48k + 8)/8 :8k2 + 6k + l

(p'-l)/8

Nowconsider +
integer k and

l'

- b /ql. rf p

I ( m o d8 ) , t h e np : 8 k

+ | for some

296

d - - t p / + l : 4 k - l z t c + t / 4 1: 2 k = ( m o d 0 2); 2
if p :3 ( m od 8 ), th e n p : g k * 3 fo r s o mei ntegerk, and

+
n-l

-b/ql : 4k+ I - t2*+ 3/4: 2k+l = (mod 1 I 2);

l f p = 5 (mod 8), then p : Bk f 5 for some integer k, and

T

-tp/ql : 4k + 2 - [ztc+ S/4]: 2k +l = I (mod 2);

i f p = 7 (mod 8), then p : Bk * 7 for some integer k, and
n-l

T

- lp/ql:4k + 3 - Izn + 7/41 :2k + 2 = 0 (mod 2).
- Ip /41 and (pz-D /A p modulo g, we see irime

Comparing the congruence classesmodulo Z of * for the four possiblecongruenceclassesof the odd that we alwavs nar" * b/ql

= {pr-1)/8 (mod 2).

(Z) : 1-1y(r,-r)/8 Hence, . p From the computations the congruence of class (pz_l) /g of 2), w e see ,(mod that if p:+l(mod8), l3l:l while p = r 3 (mod8). tr Example. From Theorem 9.4,we seethat

lp )

-, l?): if

while

[3J [sJ It'.l

: :, [+][+][*):[+] :f+l : f+l :fal :fzl : [+]
Ir,lI

( "L. l

l:_.1

[2eJ

We now present an example to show how to evaluateLegendre symbols.

Exampte. evaluate To f+1,

Iu )'

we usepart (i) of Theorem 9.2 to obtain

9 .1 Quadr at ic Res id u e s

297

lvt
|."
To

:

lg

L'

= | 3 | : t . s i n c e3 1 7 9 ( m o d1 l ) . =

rt2

lilJ

evaluate

Iesl
lii l,
I

13)' since 8e: -2 (mod

we

have

e.3 4), t3 t1l [U l. Because = I (mod Theorem . L 1 3, lI t 3 J

,n

|

: t. Since 13 = -3 (mod 8), we see from Theorem 9.4

Consequently, [ ,, t

., fql :_1.

In the next section, we state and prove a theorem of fundamental importance for the evaluation of Legendre symbols. This theorem is called the law of quadratic reciProcitY. The difference in the length of time needed to find primes and to factor is in the basis of the RSA cipher discussed Chapter 7. This differenceis also the basis of a method to "flip coins" electronically that was invented by Blum [821. Results about quadratic residuesare used to developthis method. Suppose Ihat n : pq, where p and q are distinct odd primes and suppose x t h a t t h e c o n g r u e n c e 2 = a ( m o d n ) , O 1 a 1 t t , h a s a s o l u t i o nx : x 0 . We show that there are exactly four incongruent solutions modulo n. To see 1p, and let xoEx2(modq), 0(xt this, let xoExl(modp), ( x2 < q. Then the congruence x2 = a (mod p) has exactly two 0 ' and x = P -x1 (modp). i n co n gr uent s olut ion s , n a m e l y x z x ' (mo d p ) Similarly the congruence x2 : c (mod g) has exactly two incongruent namely x 2 xz (mod q) and x = Q - x2 (mod g). solutions, From the Chinese remainder theorem, there are exactly four incongruent solutions of the congruencex2 = a (mod n) ; these four incongruent solutions are the unique solutions modulo pq of the four sets of simultaneous congruences x x (ii) (mod p) (mod q) x 1 (m o d p ) Q x z (mo d q )

(iii)

x = p - x 1 ( m o dp ) x z x z (mod q)
x x - x1 (mod p) - x2 (modq).

x x

(iv)

We denote solutions of (i) and (ii) by x and y, respectively.Solutionsof (iii) and (iv) are easily seento be n-y and n-x, respectively.

298

We also note that when p = q = 3 (mod 4), the solutions of x2: a ( m odp ) a n d o f x 2 : a (mo d q ) ur" , - ;' o< i * r\to (modp) and (mod g), respectively. ny x = t oQ+1)/4 eut.r,, criterion, we know that

oQ-D/2- l:l:
lp)

I (mod) andoe-D/zp r l+l:l
lq)

( rvu d ( ll ^ \ r rm oY / q ) r e c at h a t

we are assuming that x2 : a (mod pq) hur' solution, so that a is a quadratic residueof both p and q) . " Hence. 1 o V + r ) / t 7:2 e Q + D / 2 o b - D / z . a = a a nd 1 o Q + t ) / t 1:2 e Q + o / z: o e - D l z . a = a (modq). ( m o dp )

Using the chinese remainder theorem, together with the explicit solutions just constructed' we can easily find the four incongruent solutions of x2 = a (mod n) . The following example illustrates this procedure. Example' Supposewe know a priori that the congruence x2 = 860 (mod I l02t) h as a s olut ion's i n c e 1 1 0 2 1:1 0 3 ' 1 0 7 , to fi nd the four i ncongruentsol uti ons we solve the congruences x2 :860 and x2:g60:4(modl07). The solutionsof these congruences are ; : and r = + 4Qo7+D/a t = 427: * 2 (mod 107), + 3 6 ( r o : + D / q - + 3 6 2 6 = + 6 (mod 103) = 36 (mod103)

respectively. Using the chinese remainder theorem, we obtain x 4 *. 2r2, * 109 (mod ll02l) as the solutions of the four systems of congruences described by the four possible choices of signs in the system of congruences x = + 6 ( m od 1 0 3 ),x = + 2 (mo d 1 0 7 ). we can now describe a method for electronicaily flipping coins. suppose that Bob and Alice are communicating electronically. etice !i.t, two distinct

299

large primes p and q, with p = q = 3 (mod 4). Alice sendsBob the integer n : pq. Bob picks, at random, a positive integer x less than n and sends to Al i ce the int eger a w i th x 2 : a (m o d n ),0 ( a I n. A l i ce fi nds the four of so l u ti ons x 2 = a ( mo d n ), n a me l yx , !, fr-x , a nd n-y. A l i ce pi cksone of : 2* # t four solutions and sends it to Bob. Note that since x + y these q, and similarly (modp) and x + y = 0 (modq), we have G+y,n): 0 e n) : p. Th u s , i f B o b re c e i v e s i th e r y or n-y, he can rapi dl y G+h -y) , factor n by using the Euclidean algorithm to find one of the two prime factors of n. On the other hand, if Bob receiveseither x or n-x, he has no way to factor n in a reasonablelength of time. Consequently,Bob wins the coin flip if he can factor n, whereas Alice wins if Bob cannot factor n. From previous comments, we know that there is an equal chance for Bob to receive a solution of x2 = a (mod n) that helps him rapidly factor n, or a solution of x2 = a (mod r) that does not help him factor n. Hence, the coin flip is fair.

9.1 Problems l. Find all the quadratic residuesof a) 3 c)13

b)s

d) te.

: 1,2,3,4,5,and 6. s of 2 . Findt he v alue t h e L e g e n d rey m b o l s l + I,fo r7
3. Evaluate the Legendre symbol il b) 4. using Euler's criterion. u s i n gG a u s s ' l e m m a .

r.t

Let a and b be integers not divisible by the prime p. Show that there is either one or three quadratic residuesamong the integers a, b , and ab . Show that if p is an odd prime, then
-1

5.

( ll l-r

ifp itp

I or 3 (mod 8) -l or -3 (mod 8).

6.

Show that if the prime-power factorization of n is

pl"*t ' " pi"*tpili' n : p?"*t
and q is a prime not dividing n, then

)r

Pn

In each * 2. Conclude that the congruencex2 = c(modp") has no solutionsif a is a quadratic nonresidueof p.t* x ) 2 ( m o d 2 " ) . and a an integer relatively prime to p.. Find the number of incongruent solutions modulo x2 n of the congruence = a(mod n). Show that there is a solution to the congruence x2 = a (mod p'*') if and only if there is a solution to the congruencex2 = a(mod p"). ) z + 4. For part (a) look at @ppz"'P)2 ( c ) . in x2 of 15. (Hint: For each part. that N has a prime factor of the form 4k * I that is not one of p1.. j""'. has either no solutionsor exactly four incongruent solutions... of the particular form..... c) | !-l lgl )' t 7 .Showthatifpisaprimeandp:8n*l.) 20. (Hint: Assume * l. 1 8 . Show that there are infinitely many primes of the form a) 8k-l b) 8&+r c) 8fr+5.. and exactly two incongruent solutions modulo p if a is a quadratic residueof p. Show that the congruencex2 = a(mod 2").p2. Find all solutions the congruence = I (mod l5).. where the * sign in the first congruencecorrespondsto the + sign inside the parentheses the secondcongruence. Form N :4(ppz"'P)2 show.3.1 Ouadratic Residues 301 |4. ) Show that there are infinitely many primes of the form 4k * l. a) b) Show that the congruencex2: a (modp"). has either no solutions or exactly two incongruent solutionsmodulo p".. where e is an integer. Let n be an odd integer. e a positive integer. (Hint: Use the fact that ( * x ) 2 : ( 2 e .p2. using Theorem 9. 16. in terms of the Legendresymbols lJ [p.P2.. and for part l o o ka t ( p r p r " ' p ) 2 .9.Pn ..pn re the only such primes. lo. assumethat there are only finitely many primes Pr.pn. and a that pt.andrisaprimitiverootmodulop.2. then the solutionsof x2 = I 2 (mod p) are given by x E t (r1n t r ' ) ( m o dp ) . e 2 3. for part (b). Find the number of incongruent solutionsof il b) c) d) x2 x2 x2 x2 : : : 3l (mod 75) 16 (mod 105) 46 (mod 231) = l156 (mod 32537stt6). ' p'. l o o ka t ( p p z " ' p . Let p be an odd prime. where n has prime-powerfactorization 'a--n : p'ipti ' .

Then show that 2$-tttz = I (mod p) using Theorem 9. t h e n 2 n * | d i v i d e sth e M e rs enne numberMo:2n_1.3 and 9..and 503 Mrr.then the congruencex2 = a (modpn) has a solution for all positive integers n if and only if a" is a quadratic residue of p.and i f n s0 or 3( m od4) .4. show that i! p and' q .' p ) (Hint: First show thar f+l P I p). Show that the p-l primitive roots of q are the quadratic residuesof g.) | l z n + r ) "na Showthat if p is an odd prime.) 21. Show that if p is an odd prime. ano (Nu) denote the number of pairs of two quadratic . -' l t-". other than the nonresidue2p of q . (NR). 23' Show that every primitive root of an odd primep is a quadratic nonresidueof p.[ l / ( i + l ) l : _ . show that 2n+2k+ r. a) Show that if p isa primeof the form4ft * 3 and q :Zp * I is prime. S how t hat if n i s a p o s i ti v en te g e ra n d i 2n* r i s pri me. 32' : J *n". . then a is a quadratic residue of p if and onty irino"a is even. 22' show that if p is an odd prime with primitive root r . 24.'. .then n * I d i v i d eM n * 2 : 2 n t L ( H i n t :C o n s i d e r t h e s r2n Legendre symbol l+ useTheorem 9.302 Quadratic Residues part' show that there is a prime factor of this integer of the required form not among the primes pr.then b) -2 'p > (.p2. Show that there are (p-D/z _ 6e_D quadratic nonresidues p that are not primitive roots of of p..4p I are both primes and if a is a quadratic ..pn use Theorems 9. showthat nl Mr. Among pairs of consecutive positive integers less than p. Show that a prime divisor p of the Fermat number Fn : 22.thena is primitive of a root of q. conclude that 2n+tle-D/2) 29. and a is a positive integer not divisibleby p..* I must be of the form (Hint.2n+1. w hi te i f jl or2 (mod4). let (RR). then q dividesthe Mersenne number Mo : 2p-L (Hint: Consider thl Legendre s y m b o ll : 1 . irioz . 1 3 0 . Show that a prime p is a Fermat prime if and only if every quadratic nonresidue J -.4.4..47l M23. Let p be an odd prime.'-'J 1-*uras1 of p is also a primitive root of p. (RN).r7-isaninverse7 modulo -" of [+l t P ) Let p be an odd prime..* nonresidue q with ordoa * 4. 26' 27' 28. 25' Let p and' q :2p * I both be odd primes. ) lq) Frompart (a). 15 to prove Theorem 9. Use Theorem 8. Find the solutionsof x2 = 482 (mod 2773) (note that 2773:41'59). 3 4 . Explain why there are four possible plaintext messages. wherea =(lD2 an inverseof 2 modulo n. where n: pq. 2 i s a p r i m i t i v er o o t o f q . p and q are distinct odd primes.) Using problem 35. and b is a positive integer less than n. (This ambiguity is a disadvantage of Rabin ciphers. and 2 is Using the algorithm in the text for solving congruences of the type x2 = a (mod n).I a n d Q : 2 p -4 is a primitive root of q. together with part (a). nonresidues. c) . Show that a) b) c) d) 2 is a primitive root of q. show how to find a plaintext block P from the correspondingciphertext block C. show that : : : : lU-'-t-17{n-r\/21 -'*t-11{r-D/21 lb l<n-r>'r lr-u . is Rabin cipher in a P block corresponding plaintext the C = P Q+O) (mod n). (NR). if q : 2p * | ' * l. of a quadratic nonresidue followed by a quadratic residue. il Show that (RR) + (RN) (NR) + (NN) (RD + (NR) (RN) + (NN) b) Using problem 30. i f p i s o f t h e f o r m 4 k . if q : 4p * 1. In this problem. Let p and q be odd primes. of a quadratic residue followed by a quadratic nonresidue.9 . * l. we develop a method for deciphering messages Recall that the relationship between a ciphertext block C and a Rabin cipher. (RN). encipheredusing 36. find (RD. 't 3 3 . a) b) Show that C *a 3 (f+6)2(modn). and (NN). 35. i f p i s o f t h e f o r m 4 / < * I a n d Q : 2 p . decipher the ciphertext message 1819 0459 0803 that u w a s e n c i p h e r e d s i n gt h e R a b i n c i p h e r w i t h D .1 Q uadr at ic Res id u e s 303 residues. (modn). P ) t:' I c) From parts (a) and (b).2 i s a p r i m i t i v er o o t o f q . and of two quadratic respectively.1.il^ ( t(t+l) : l | : (no + (NN).3 a n d n : 4 7 ' 5 9 : 2 7 7 3 .(RN) (NR) -r. where the roles of p and q x2 are switched. once we know whether there are solutions of the congruence = p(mod q). called lq) lp) the law of quadratic reciprocity. Let p and q be odd prirnes. The Law of Quadratic Reciprocity. with exponent e and modulus p. .304 QuadraticResidues 37' Let p be an odd prime and let c be the ciphertext obtained by modular exponentiation. wherJ n<x> i r u 6 u r t i n g *f u n c t i o n .z i s a positive integer.. Flip coins electronically using the proceduredescribed in this section. Then ^. tells us whether the congruence x2 : p (mod q) has solutions. Evaluate Legendre symbols using Gauss' lemma. . (Hint: Use proble m 37. 38' b) 39' Show that if. from the plaintext p.l _ lzlle_l eD-.2 The Law of QuadraticReciprocity Ol elegrant. and a and 6 are integers with (b . where and. Le. 3' 4' Evaluate Legendre symbols using Euler's criterion. We now state this famous theorem.m) : l. c = p' (modp).. thJn only half the possible file locations are probed. 9. a) Show that the second player in a game of electronic poker (see Section 7.0 < c ( n.q-l tq ) lp ) . theorem of Gauss relates the two Legendre symbols f p q | 9 I "'o | * I.p-l) :1. 2. 9.1 Computer Projects Write programs to do the following: l. This is called the quadratic search. are both odd This theorem.) Show that the advantage of the second player noted in part (a) can be eliminated if the numerical equivalents of cards thai are quadratic nonresiduesare all multiplied by a fixed quadratic nonresidue. where(e. f )f p-t.the probing sequencefor resolving collisions in a hashing scheme is h1(K) = h(K) + ai * biz (modn). Decipher messages that were encipheredusing a Rabin cipher (see problem 35). show tnalc is a quadratic residue of p if and only if p is a quadratic residue p of .3) can obtain an advantage by noting which cards have numerical equivalents that are quadratic residuesmodulo p . Since =rq = | (mod4).| l-["I uo =q=3(mod4). j: Example. from the law of r) quadratic reciprocity.2 The Law of Quadratic Reciprocity 305 and its use. [n-l lq.'il. ' \ .weknowtl Itt'l followsthat l".Sincerp = q = 3(mod 4) .":'_. .ur. l P J . 1"""" r |.| that t l. Theorem wesee l.2.o'. From Dart (i) of L7 ) lil using Again'the iaw of quadratic I: ) l+l . to 3 q p and arecongruent modulo [t] Example. see that + 4).andinthat. wesee values l+'l uno [+ the Since onlypossible l p ) "r.9.2. then [+l : [*'l q that Thismeans if p and areodd l q .J: /\\ t h a tl * l : t I I/ J i:11 ..P part(i) of rheorem tells quadratic reciprocity usthat # : i+ From | 'I I 'l... " lq) folInl |. Consequently. I tp J both primes.I 12 l. .l F)-{r ) I l"l t t p = t ( m o d 4 ) o r q = t ( m o d 4 ) ( o rb o t h ) :.:il . ) . We Before we prove this result.""t. we know that t+ 9. Hence. we will discussits consequences =-l(mod 4) and odd is even when p first note that the quantity Q-D/2 we when p = i(mod 4). while 4) or q = | (mod p =t (mod + + p = q = 3 (mod 4).] 4. we have + is is even if odd if (orboth) Jr rf p:l(mod4)orq=t(mod4) l-t irP:q=3(mod4)' .. Let P : 7 and Q : 19./ that :.il1l. Let p: 13 and q:17. lq \ e.ss : -[.. the law of .:.lt'.. Example.::""::1."_ .2 and 9.. we know that r' rrv'.:"'""" 73 23 IrooeJtroor [t*n.t The law of quadratic reciprocity. we factor [+l :[+l :l-.4 . we have part . will calculate We l:rt I : 3""..'lvutrl [5J [5J l+l .J J- . Since tOoq i I (mod 4)."Jm..ITj : :t+] : -1 and Theorem 9. .2.|'lrootj l3r ) Using Theorem 9. part tell us that IzrJ. "pii. Irooql lzol :[+] [+] lpl :lzri :l [' l(rtl 123) [zr )..' lfg-l To evaluate the two l-sgsndre symbors on the right side of this equarity. Unfortunately.Ji.. paft (i).4.. (i) of Theorem f-T 2.2 and Theorem 9. since5 = l(mod 4) and 7 = j(mod 4)..306 Quadratic Residues reciprocity.2. we have lx . factorizations must be computed to evaluate Legendre symbols in this wav. we use the law of quadratic reciprocity. see that Izt ] frooeI Ir' l:[1ql = Irooej:tr .l By parts (ii) and (iii) of Theorem 9. [+l : [+] +J we can use the law of quadratic reciprocity and Theorems 9.l:t".:'j:.4 to evaluate Legendre symbols.l?l : -' Hence: .*r. 009 ) We now present one of the many possibleapproachesfor proving the law of quadratic reciprocity.p) j -r integers the least positive residues of Consider the Proof. we obtain . l e t u1. v2. using the law of quadratic reciprocity. and an article published a few years ago offered ialled the l52nd proof of the law of quadratic reciprocity.. Theorem 9. greater than p /2 and let It.r' .2. be those v. By adding the Q-l)/Z equationsof this sort. Before presenting the proof. Tb. I : t-r)(-l) : t l# [. 112. . Lemma then rfp an odd prime and a is an odd integer not divisible by p.l )l D a . a . [*] (- : \ Therefore. who first proved this result.| |. 2 a . and Theorem 9. Gauss... . r) lgl: lp) where (P-r) /2 1-11rb'il. found eight different what was facetiously iroofs. . where the remainder is one of the uj's or vj's. which we use in the proof of this important law.... . v t..2 T he Law of Q u a d ra ti c R e c i p ro c i ty 307 Likewise. The division algorithm tells us that ja : pljo lpl + remainder.tt lzl: : [+] : : [+][+] -[+][+][+] l3 J :-[+):-' consequently. ( ( p .|: |.4. we find that : lul : fll . be those less than p /2.9 .. we give a somewhat technical lemma. vt are precis.4) from (9.. we find that g_r)/z (p_D/2 (p_D/2 j:t j-t j_t r j _l or equivalently..Z ia: r-' b-D /2 * a p f . j:r j_r j:l t*l s 1 Subtracting (9.3) @-D lz .p) =s (mod2). Hence. obtain all we (e. Example. p p vt. usingLemma9.p) :t')'' i'l Ija/pl.To find the |'+ I . are odd.3). (-t)" |.. lemma tLl: tp ) Consequently.r1. yields p o = T(a.. weevaluate sum l'^ J .4) b-r)/2 Z i: j:r \ Q-u)+ ) vi:ps. As we showed the proof of Gauss' in lemma.2 is usedprimarily as a tool in the proof of the law of quadraticreciprocity.. (p-t) /2 j: I j:r Reducing this last equation modulo 2.2..the integers _ ur. To finish the proof. T(a..308 QuadraticResidues (e.. summing theseintegers.r). Hence.r(a. ii someo.p) ..j. can alsobe usedto evaruate it Legend^re symbols. (a-l) . i a / p ilju i + i v 1: l.. we note that from Gauss. :l J-t j r .) (-t)'.2. _ us.s (modD. it follows that r) lgl:1-1..ely integers the 1. : (-1)r6.b-l)/2. sinceT(a. g lp ) Although Lemma 9.i q+ !... since a and..e). . (2 . The pairs of integersG.isely thosepairs satisfyingI ( x ( 3 and 1 ( y ( 11xl7.2). fixed integerx with 1 ( x ( 3.l ) 7 : . fixed integer y with I ( y ( 5. I ( y ( 5.1). 11 ly.D . (2 . wenote l. whichis t ( y ( 5. 3 (3.of thesepairs satisfyllx : 7y. We consider pairs of integers k . r) L/ ) we Beforewe presenta proof of the law of quadraticreciprocitY. (3 . : 3 a n d l ( Y3 .y) with I ( x < 3.4)' th e s eeight pair s ar e (l . whichis absurd. (3. the total number of pairs satisfying I ( x < 3. use an to example illustratethe methodof proof.l ).2 ).a n d I ( v < ' 2 :7y note that no-n.y) with I ( x < 3.3) and The pairs of integers G. the total number of pairs satisfying I ( x < 3. For a valuesof y.3 ). find I + t./ ) j:l : lrrl7l + t22l7l+ l33l7l: 1 * 3 * 4 .The Law of OuadraticReciprocity 309 5 j-1 1 7/ r r l : I 7l u l + t r 4 / r t l + I 2 r l t l l + [ 2 8 / l l ] + t 3 s / l 1 l j :0+ I + I +2+3:7. Let p : 7 and Q : ll. (2 . I ( y { 5..8. pr.y) with llll 7-l : : 5 . 1 llx ) 1y is j:1 : + 2 tt tlTl : ttt/tl + 122/71 I33l7l: I * 3 + 4 8. + L" J r ) that to Likewise.pfi"r that 1t l1y. (tl H e n cle . and llx ( 7y is . T h e r e r e 1 5 s u c hp a i r s ' W e a l ( x < . ) tr rilll 3 t s o h a rt + | : ( . and Hence. llx and7y.l ) 8 : l . there are lttx/ll allowable ( / ( 5. allowable values of x. so tirat eitherit I Z. I ( y ( 5. there are lly/ttl Hence. and llx 1 7y For a *r. (3.isely those pairs satisfying I ( y ( 5 and 1 ( x 4 7y /tt.l : ( .1 . because impossible on depending the relativesizesof We dividethese15 pairs into two groups. and llx > 7y urc pr. sincethe equalityllx or i. rrrr. that q I y. 3 ) . I ( y 4 qx /n.D/ 2. ( ( ( ( Thesesevenpairs are (l. 5 ) . the total number of pairs of integers G. then s q l p y .r-t 2 Z.r "e s e e t h a t r.a n d ( 3 .2) . Proof.7-l (_t) 2 2:(_l). i. We divide t-hese I ( y ( ( q . 1 .I w t : ( -. we note that these pairs are precisely those 1 ( (p-l)/2and For each fixed value of the I (y where I (x 4qx/n. T into two groups.y) .'J l t ll fl r r l | : ( . We consider pairs of integers (x.^ +L^+ | rr I that : (-1. First. i n c eq a n d p a r e w e know d i s t inc t pr im es . j-r j-r rr-l .'rj/tl (t l#l 'l 5t/ 17 | and . and qx > py. w i th I ( x ( Q-I)/z.y) with I ( x ( Q -l) /2 and o -l pairs such pairs.1 ) it-ttr. with 1 ( x 4 b-1012.310 Quadratic Residues 5 j-r ltj /ttl : Ij lrrl + [ t L l t r ] + [ 2 r / r t l+ I 2 8 l n + [ 3 s l l ] 1 ] :0*l + 1+ 2*3:7. To enum er at e th e p a i rs o f i n te g e rs (x y) ( y ( (q -l) /2. using the idea illustrated in the example.I )r-' 3 Since Lemma g. dependingon the relative sizesof qx and py.I )i-' (. there are Iqx/pl integers satisfying integer x.*' * i. we note that qx I py for all of these pairs.w e k n o w th a t q l p .2 t e l l s rrs . 1 .we seethat 1l-1 7-l 35 T. rtinl i-l 35 2lni/tl )Iti/rrl (. 5 ) . 1 5: ) t r r j l l l + > l t j l t l l : 8 * 7 . w h i c h i m p l i e st h a t q l p o r q l y . 5 ) Consequently.r. 2 .:5'3: Hence.a n d s i n ce I ( y ( (q-i 12. Consequently. ( 1 .t ) " I [11J|. For if qx : py. 4 ) . 4 ) . We now prove the law of quadratic reciprocity. 2 . H o w e v e r . T h e re u r" 2 -l .7 ) t-'rr-r 2 This establishesthe special case of the law of quadratic reciprocity when p:7andq:ll. 1 (y andqx < py is j.9. This shows that the total lpy lql integers x satisfying ( (q-t)/z.il with 1 ( x ( b 1 ( y ( (q-D 12. Assume that .r Adding the numbers of pairs in these classes...q): (.| P-t. -l) 12.d:+'+ T(q. proof.2 tellsus that 1-1yr(a. The Fermat number F^ : 22' + I is prime if and only if 3 G ' -r)1 2 : -l (m o d F .y) with I ( x ( b-D/2.o) [" . We will first show that F* is prime if the congruencein the statement of the theorem holds.and recalling that the total ' = rt ' + . : 1-11r{n'c) (-t) . One use is to prove the validity of the following primality test for Fermat numbers.). there are exactly fixed value of the integer y.p) + TQ. Hence.q-l 22 . n The law of quadratic reciprocity has many applications.2 The Law of Quadratic Reciprocity 311 Q-t)t2 withl (x ( Q-D/2.g"rt (i. Pepin's Test. qJ l .q-l H ence lq) lzll4l:(-t) l .-t1rQ'il+r@..of pairselil/r. or using the notation of Lemma 9. These pairs are preciselythe pairs of integlrs . ')'' j-| *'ni'' hilpt i-r .11r(e'n) : Lemma 9.and qx < py .andqx> Pvis Iqilpl' ?.w e s e eth a t n u mb er of s uc h pair s . pJ 2 2 This concludesthe proof of the law of quadratic reciprocity.q) p-l .r.foreach G -1) 12.r) f lf \ p-l . nurnu. where I ( y ( (q I ( x 4 py lq.il with1(y ( (q-D/Zand 1(x 4pylq. Hence."0 1-gr{o.q-r 22 ["'l lp J : . We now considerthe pairs of integersG.2.t (v ( Q-D/2. ordo3 tr2''-': (F^-D/2.we conclude that [".5) From the two equations involving I and (s.I and p F*. and consequently. . seethat if p is a prime dividing F*. F^ must be prime. However. we know that (e. t h e n the law of quadratic (e. E x a m p l e . ordo3 | {f ^-I) : 22'. I I (9.we obtain (mod F*).L e t m : 2 . Conversely.312 QuadraticResidues 3G^-r)/2: -l Then.5) :[+J t*l :[+] since F^ = | (mod 4) and F^ = 2 (m o d 3 ).e). Consequently. From this congruence.then we 3F.-1 = I (mod F*)._r)/2 _1 (modF). using Euler's criterion.6) t*l tr 3 G' -t)/' (-o d F-).if r:22'* F reciprocity tells us that I is prime for m ) l . Si n c e o rd o 3 : F m-t ( p .l .ordr3 must be a power of 2. we see I that p : F^. since 3G^-t)/2 .-l = I (modp).-l (mod F*) . j' _ 3(J'. Hence. by squaring both sides. 3F. Now. the only possibility is that o 1do3: 22^ : F ^ . Then F2: 2 2 ' + l : 1 7 a n d aFr-t)lz _ 3 8 : -1 (mod l7). and hence. This finishesthe proof. we seethat F5 is composite' 9.9.] 3.2 The Law of QuadraticReciprocity 313 By Pepin'stest. use the law of quadratic reciprocity the form .-D/2: 12": 32t41483648 Hence.10324303 * -l (mod 4294967297). then [-r I : [7J {l ifp=t(mod6) if p = -l (mod 6). Evaluate the following Legendre symbols d) [*] a. show that if p is an odd p = tl (mod 12) p = t 5 ( m o d 12 ) . J u. : [.2 Problems l. by Pepin'stest. Then Fs:22' + l:232 t I . Show that there are infinitely many primes of the form 5Ic * 4' of + a positive integer and form Q : 5(tnr'\2 4' Show that Q has a prime divisor 5k + 4 greater than n. 4 . To do this. then Using the law of quadratic reciprocity. then | ? | t)l .t I to show that if a primep dividesQ. e) f:ul leer J Iros] l*'l prime. we seethat F2 : l7 is prime' : 4 2 9 4 9 6 7 2 9 7W e n o t et h a t Let m :5. 3G. {lii Show that if p is an odd Prime. Find a congruencedescribing all primes for which 5 is a quadratic residue' 5 .t*l 2. Find a congruencedescribing all primes for which 7 is a quadratic residue. (Hint: Let n be 6 . [-u] [ 6 4 r.[+l c. q / D . 2.z5i c) F4: 65537.a n d : b / 2 . 0 . 9. From Pepin'stest.2 Computer Projects Write programsto do the following: l. Show that the number of lattice points in the triangle with verticesO. B : Q / 2 .q-l 22 Show that there are no lattice points on the diagonalconnectingO and C. Determine whether Fermat numbersare prime using Pepin'stest. 0 . Thi s symboli s a general i zati on of the Legendresymbol studied in the previoustwo sections. Fr : 5 b) F3 . Use Pepin'stest to show that the following Ferntat numbersare primes a) 8. n : p' ipt i Let n be a positive integer with prime factorization ' p. Q_r)/2 and C is j-l e) Concludefrom parts (a).3 The Jacobi symbol w I n t his s ec t ion . Then. (b). a n d l e t a b e a p o s i ti v ei n te ger rel ati vel ypri me to n. B. . e d e fi n eth e J a c o b is y m b o l . and ( d ) t h a t Q-t)/2 j-t Q-D/2 j-l Derive the law of quadratic reciprocityusing this equationand Lemma 9. Evaluate Legendresymbols. In this problem. 9. (c).using the law of quadratic reciprocity. Let p and q be distinct odd primcs. Let R be the interior of the rectanglewith vertices o: a) ( o . C Q-D/2 b) c) is i-l d) Show that the number of lattice points in the triangle with verticesO. concludethat 3 is a primitive root of every Fermat prime. Definition. Jacobi symbols a r e us ef ul in t he e v a l u a ti o no f L e g e n d res y m bol sand i n the defi ni ti onof a type of ps eudop ri me . A. . o )A : b / 2 . P-l .314 Quadrati c R esi dues 7 . C Show that the number of lattice points (points with integer coordinates)in R i. we give another proof of the law of quadratic reciprocity. 3 The J ac obi s Y mb o l 315 the Jacobi symbol [.the Jacobisymbolis the sameas the Legendre the ' whenn is composite. tell us whether the congruencex2 = a (mod n) has solutions. we see that :(-r)2(-r):-r' :lil ['l: lzl : lz)'let 1. ln) r I Ii | : t lp). not e t hat if p i s a p ri me d i v i s o r o f n and i f x2 = a solutions.Nore [+l : t+. " ' p'.t symbol' When r is prime.then l* (modn) has th i s.| : I t . x2 that if the congruence = a (mod n) has solutions."ij l45.J l.l l:[*]' lh)' l.9 ..l S where the symbol on the right-hand side of the equality are Legendre symbols. *. rin* x2 = 2 (mod 5) have no solutions. valueof the Jacobisymbol lq I Oott nor However. let a : 2 and that I g ln ) : | : 1 when there are no solutions to xz there that ^n: t5. Example. I bY t' denned p\'p'.. .] l.1 and :[+l [+] [+l #l:[+*l [+l :[+l l*l -r : : '-D2 t2(-'l): [+]'[+l'[+] lr) | do know To see . tl m ( ^ )t f -l Consequently. x2 the congruences = 2 (mod 3) and We now show that the Jacobi symbol enjoys some propertiessimilar to those of the Legendresymbol.. I : II | * I : l. To seethat it is possible ' |+ ln) i-1lPi) a (mod n). Thus.|t?l : (-r)(-1): r. then the congruencex2 = a (mod p) also has solutions.) . t. are .l t t r no solutionsto x2 i 2 (mod i S). From the definition of the Jacobi symbol. However. . Let n be an odd positive integer and let a and b be integers relativelyprime to n. see IDJ lp) that :lr'l i*l : f*l"l+J" [-tL'-lo)"lol" I ol'': fal f..then ll: l*) (ii) I n ) lol: l["]lfql n ) n ) (iii) r) t | | : t_ 11h-D/z ' f tr ) (iv) . .Jlp. p'. we knowthat if p is a rrime.]"l*)" [*] l*)'" l*)'' {t)" : [.t lp^):l. FromTheorem ' L (ii).| lo. Then (i) if a: D (modn). I i a I ltl F)' [+):l*)"[#]" l*)': [.l : | .2 \ I r ' f w s K l l u w t 7 fq) Hence.j Proof of (i)... n Proof of (i).) lo^.J lo.In the proof of all four parts of this theorem we use the prime factorization : p\. I Ll :1-1) (n':-r)/a ln ) /) Proof. lo. Hence.] [*] .p'i .from Theoremg.5.z G\ we have : we l* | l+ | consequentry.dividinqn.' we knowthat r v " ' r r r v v r w t t9.316 QuadraticResidues Theorem 9. then a =b (modp). . tts+t.3 The J ac obi s Y m b o l 317 Proof of Gril.(pi-l))(r + r.If p is primethen l+l .gt-r)/8+ lp^) As in the proof of (iii).3 tells us that if p is prime' then .l ) ) " ' ( t + b T .) +t^Qi-r\tt t+'lt : (_l)...bi_t.r ) | : (-l) 2 r) (iil .l) (r + Qr-l))"(l + bz-l))"''' (t * (p^-l))'' is even. Qi-D): Therefore. t+l Theorem 9.(-11 Q-r)/2.r ) 0 + @ ? . we have nSi n ce Q i.)lPrJ (. Proofof : ( . + Q-D/2 = tJprD12 * tz(pz-D12 2) + t^(p*-D12 (mod . n = 1+ tlpr-t) Th i s i m pliest hat + t2(p2-i + '''+ t^(p^-l) ( m o d4 ) ' I + tiQl-t) + tibi-l) ( m o d4 ) .1 . for for this Combining congruence (n-1) lZ wittttheexpression /)n-l rlr- r' l+J 'no*t -' that | l.l ) ) " . we note that " " n 2: ( r + ( p ? .| : l'-rl"l-r ll_ 'l" l"'rll . ConsequentlY. ( r ' l .r ) /'8H e n c e ' lp) Izl : Il" [z] L.1tJn. f-r I l-l: ln.-t) (mod4) and (l + r.t\/2+ t'(p'-t)/Z + '" From the prime factorization of n.J lp'J lp. [-' ]" tP^) + t^(p^-r)/2 LP. . it follows that (t + (pi-l))" = | + tib.9 . l ) ( m o d6 4 ) . e ? _ D+ t .318 QuadraticResidues Since pl-I = 0 (mod wesee 8). Theorem 9. D ln ) We now demonstratethat the reciprocity law holds for the Jacobi symbol as well as the Legendre symbol.l j-t I'J I ( n l4/ ) s :rtrtr j-t i-t It)"'' Thus. . . 4 e l . = | + tie?-l) (mod 64) and ( l + r . Let n and m be relatively prime odd positive integers. .q.w e s e eth a t n be m : pl. ( n ' .D / s + . qo r. + t*(p3. . " p!' and lr):. Then m-t n-l f lf I l r l -| l L l : lm )l n ) ( _t ) . Let the prime factorizations of rn and n : ql' q! .t ) / 8 .4 tt)':.1 .l ) ) ( l+ Hence.6.s and w)'"' l*): t IIl.pl.D / B+ t z e ? . .l)/g with the expression this for for [el teils ln ) f " u s t h a t l L l' l : 1 . . ._l)/(mod ). . 8 s combining congruence (n2. b ? . that 0 + Q?-l))'.t ) / 8 : t J p ? .. n2:t+tJp?-D+tze?-D+ This implies that ( n 2 . Proof. 6 + t ^ ( p T . . A ? t ) ( m o d 4 ) .t ) ) = | * t . 8) r s i-t i-r ^fr. Therefore..a''t+] t..Z) and (9.): [7J We note that r f| ff(-l) t-l j-l ( ' r \ "): (-l)'-'l-' \ / ".[+] ". we can concludethat f )f ) m-l lLllal:(_r) n I )lm ) 2 n-l 2 tr We now develop an efficient algorithm for evaluating Jacobi symbols.3 The Jacobi symbol 319 [*] . . Let Ro Q and R r : D Using the division algorithm and factoring out the highest power of two dividing the remainder.5 (iii). n. we obtain . Let a : and b be relatively prime positive integers with a < b.p. '.-tl J ^[Qr-tl =. (e.s t l+l :.from (g. I l.gti*l q'l 10tu' h) l y. n-l 2 (m od 2). :(-rllrj [ o .[+] Thus.1+] Doif+] j-t(o)z =* (mod2) As we demonstratedin the proof of Theorem 9.1+l :z .9. f1 I lr t-) l |^) [ . From the law of quadratic reciProcit we know th at tr) t*l Hence.-l \ +(mod2). and = 5u.8).-. 5.-tR. and factor out the highest power of two dividing remainders. where s. we illustrate this sequence equationswith the following example. together with the properties of the Jacobi symbol. (ii) and (iv) of Theorem 9... Then 4 0 1: 1 1 1 ._r_r t 8-r z 2 2 2 l+l:(-l)'' lb ) where the integersR. Theorem 9..-t. Using the sequence of equations we have described.6+20.n-l ' .. is a nonnegativeinteger and R.1+23. +.r& ! a ! * * f ."qu-ir"d to reach &-r for i the final equation does not exceed the number of divisions requiied to find the greatestcommon divisor of a and b using the Euclidean algorithm...3.+R"_..n-l Note that the number of division.we obtain Rr: *r: Rzez+2"'R3 Rflt+2"Ra Rr-r : R n -z : Rn_2Qn_2 2t.2. is an odd positive integer less than : 2. 3 + 2 2 . of Example. . I ... n lll17.7. which gives an algorithm for evaluating Jacobi symbols. + 2 t . and s.9 17:9. From the first equation and (i). Then ni-r R. are as previouslydescribed.-r f ^'l + " ' + s ' .t :1.32A Quadratic Residues Ro: Rflr+2t'R2.. Let a and b be positive integers with a > b .1. we have fglla. Proof. we prove the following theorem..-rRn_1 * R n -tQ r-. where s1 is a nonnegativeinteger and R2 is an odd positive integer less than R I ' When we successivelyuse the division algorithm..|- :[+] i+l : : (-1) .. eta:401 L andb: lll. Each t. The following corollary describes the computational complexity of the algorithm for evaluating Jacobi symbols given in Theorem 9.-.7. This tells us that and Theorem previous example [+or l:. 3.b) using the Euclidean algorithm.J divisions.l 9. .-l R.3 The J ac obi s y m b o l 321 we law for Jacobisymbols. e obtai n the desi red for l+ expression I tr ' [b . using the subsequent '/ lgl . by Lam6's theorem we know that O (log2b) divisions are needed.1. To evaluate of we use the sequence divisionsin the [++].t \ w * n e n w e c o m b i n ea l l th e e q u al i ti es. I so that f ^ I l+l:(-r)T LDJ IR. 9.lt F*o'"lt*' l.D J of a sequence O1ogzb) I uting Theorem9. rt Proof.be Then the Jacobi symbol l+ | can be evaluated using O(loezb)3) bit " lb) operations.ttr!:r +*!+ +:r.|:. Thus. have using Theorem9.. Corollary 9. fo rT :2.we find that Similarly. note that the number of divisions does not exceed the number of divisions needed to find G.-. Let a and D relatively prime positive integers with a > b ' .+r [ ^. .7.the reciprocity + :'-')+ t#l t*l R.6.7. .we perform .-l ni-t[ n.9 . To see this.rTry*n#i+l J 1R. n.7. . the illustrates useof Theorem The followingexample Example. To find lf divisions.111 J n't'. lD ) corollarvholds.. For which positive integers n that are relatively 3 .bit si can be found using o(logzb) bit operations on"" ih" appropriate fl.322 QuadraticResidues divisioncan be doneusing o ((lo^gzD2) operations. Show that there is an integer a : -t such (a.. [*] 2 .3 Problems I. Each pair of integers .n): I and that l.7.. tr 9. [*] a. Let n be an odd square-free.. Evaluate followingJacobisymbols the c.J .. lx) to 15 does the Jacobi b. Finaily.."'. positive integer. t+] .n-r. we usethe last threebits in the lD ) binary expansion: of Ri.2. use 0(lo926) of we additional bit operations find to Sinceo((log2D)3) ooog2b): o(tog2..u.D2) the + I+l . consequently.r r..to evaluate exponent -l i the of lr...2..nd divisionhasbeencarriedout..2.s7. :1. Therefore.n-t a andb. Show that b-l : (-l)--'r + br-l l-'' ["1 lb ) 5.i : r. Let a and b be relatively prime integers such that b is odd and positive and a : (-l)'2'q where q is odd..n-r and the last bit in the binary : expansions sy. For which positive integers n that are relatively to 30 does the Jacobi 4 ..T in the expression for l+l in Theorem9.[*] 'tml symbor equar r? t*l symbor equar r? |.+l b. o((log2D)3)bit operations requiredto find the integers are R. (mod 4). given by f"l b) Irl :(-l)[ l++*++:.frj . and rn using the modified division algorithm given in problem l0 of Section successively t. modulon. . w h e r e T i s t h e n u m b e r o f i n t e g e r si . is a nonnegative even integol. I < .2.3 Th e J ac obi s Y m b o l 323 6.. DJ 2 I i. with ri-r 7 ciri = 3 l. (Hint: Use problem5') of residues b) in ..| t. t 2 2 *t-f'+l 2 2 ) Showthat the Jacobisymbol [+. Let n be an odd square-freepositive integer' r\ s w h e r et h e s u m i s t a k e n o v e r a l l k i n a r e d u c e d e t a ) S h o wt h a t ) l + l : 0 . for t : 1.n. .2...9 ..modulon suchttut I | : I . then the following Show that if a and b are odd integers and (a. Let a and b:ro be relatively prime odd positive integers such that A : tO: lOQt * rlQ2 I e1r1 e2r2 fn-l: fn-tQn-t* enfn with where q. " is . iS a positive integer : l.r ) ._2 [(-l) " lt b l -: . givenbv lD ) t'^l l+ | : (-r)r' lb.. 8.r . ( n.l-l\ll.l-J l.b): reciprocity law holds for the Jacobi symbol: I a-t b-t ( ') '--'J lr. : t l.( . show 11"\ O : -t. l a-'b-' 2 ira<oandb<o otherwise. r. numberof integers a reduc?O"ti'ofresidues From part (a). f^'l a) Show that the Jacobi symbol | * - l . These equations are obtained by ri 1 ri t.equalto the number*itn l* I ln ) lrj l'J 7 . €. ):the [. lLl.] if p is an odd prime such that p/a :. t h e n lsl: f't . then rl r ) I L I :: f . where svmbol the right is a Jacobi the on tftl : Show that if n1and. Show that if tt1 and ['l 2 (_r) 2 r-l. L e g e n d r es y m b o ' [. i r ( o " t ) : I a n d:nIIpi . Let as u positive integerthat is not a perfect. [*] For problems 10-15 let a be a positive integer that is not a perfect square such that a= 0 or I (mod 4).n2t.l .then . [*] c.] ("1: ( z l " it zla.integers relatively prime to a and flt 7 nz (mod I a l ) .] 9.J 1 3 . [. Evaluate the following Kronecker symbols a.quu./. lnz) -tn) then there exists a positive integer n with . l0' Showthat symbol." such that a E0 or I (mod 4)..J Show that if alo.z-l f ) tTrll .re positiveintegersand if (app2) [*): Show that if n is a positive integer relatively prime to a and if a is odd.324 QuadraticResidues In problems 15 we dealwith the Kronecker symbol which 9is defined follows.q[f]" [. [*] b.I is the prime factorizationof n.? uti positive. We 1 P" oenne l"): ttt \l i' ifa=l(mod8) -lifa=5(mod8).J I n I w h i l ei f a i s e v e na n da :2 ' t w heret i s odd. [ l] J ' l. we can define a type of pseudoprimebased on Euler's criterion. usingTheorem (t I l.positive integer n that satisfiesthe congruence . Evaluate Jacobi symbols using problems 4 and 7. We calculate 9.34r l . that 2r7o= 1 (mod 341). 9. w e s e et h a t | .5 (iv).4 Euler Pseudoprimes Let p be an odd prime number and let b be an integer not divisible by p. EvaluateJacobi symbolsusing the method of Theorem 9.'l : n 6h-D/2 lg I (mod ). Since341: -3 (mod8). Evaluate Kronecker symbols (defined in the problem set). with (b .9 . This demonstratesthat 341 is not Thus. Conseque 2t7o [+ prime. Let n :341 and b :2.3 Computer Projects Write programs to do the following: l. we know that ('t 6b-t)lz _ l4l(modp).4 Euler P s eudopr i me s 325 15. If we find that this congruence Example. we can take an integer b. symbol. a < [- 9. ln ) where the symbolon the right-handside of the congruence is the Jacobi fails.. 2. Show that if a 10. composite. An odd. il : l. then IFJ al : Jrr ii ff a > 00. By Euler's criterion. and determinewhether r. g ntly. (mod 341). 3.thenr is composite.7. Definition. lp ) Hence. I : -1. if we wish to test the positive integer n for primality. w e s e et h a t = I (mod n ). to Proof. as we have shown. then n is a pseudoprime the baseD. ) t l . The following proposition shows that everv Euler pseudoprime the to base D is a pseudoprimeto this base. lllos) r I -2552 I + I | (-oa l 105).we find that \2 1 6 b . we show that the converse is true. This means that n . Since '1105= I (mod 8). E x a m p l e . An Euler pseudoprime to the base b is a composite integer that masquerades a prime by satisfying the congruencegiven in as the definition.1. Hence.l q lr) (. by squaring both sidesof this congruence. Because r05 is composite. Proposition 9.D / 2 1 2l . we see that l+] : t. s 2 -I ( m o dl l 0 5 ) . w e c a l c u l a t e t h a t 2 s . we know that every Euler pseudoprime is a pseudoprime. pseudoprime the base tr to D. the integer 341 is not an Euler pseudoprime to the base 2. ) S i n c el g l : (modz).326 QuadraticResidues __ 6h_D/2f ql . l" ) where 6 is a positive integer is called an Euler pseudoprime to the base b. Not every pseudoprimeis an Euler pseudoprime.L e t n : 1 1 0 5 andb:2. ln ) ( Hence. is an Euler it l-1105 . For example. then to 6G-t)/2 f al (mod n). namely that every strong pseudoprime is an Euler pseudoprime. If n is an Euler pseudoprime the base6. If n is an Euler pseudoprime to the base b. l. but is a pseudoprimeto this base. Next._"d n).l pseudoprimethe base to 2. B ecauser an odd divisor that ordob is also odd. Since bt =1 (mod n). we know that b'-r we have ln ) We conclude that n is an Euler pseudoprimeto the base b. lil:' for all primes : lnl l+] -ft Illo':r. ordrb I b-l)12. Then : I (mod n) or b2" = -1 (mod n) where where / is odd. Let n be a strong pseudoprime to the base b.since ordob is -1. Let n: fI p i ' b e th e p ri m e -p o w e r actori zati on f:l prime divisor of First. Euler'scriterion we have fal : t |-.8. Consequently.r ) / 2= I ( m o d P ) ' by .p 6 Q . Therefore.-t:[a[=t(modn). If p is a prime divisor of n. =tI P ' J Inr lfrrl |r b. if n . consider the casewhere 6rt : -l (modn) for some r with 0 ( r ( s .1.4 EulerPseudoPrimes 327 b.| : 2't ' Proof. : (b')2' = I (mod n). consider the case where b' = I (mod n)' Let p be a i s odd. Si nc e b. w e k n o w th a t o rd o 6 l r. of the even integer 6Q) . then n is an Euler Theorem 9.j r\ the To compute Jacobisymbol I + I' we notethat ln ) p dividingn. w e see n . lf n is a strong pseudoprimeto the base to pseudoprime this base . Next. Therefore. then b2't= -l (modp). Squaring both sidesof this congruence'we obtain . Hence.1. = l( m od p ). eithe-r bt of n ' f 0 ( r ( s .9. Hence. we knowthat (-t)' : -1. we h a v e p :2 r+ rd and 2. Hence. fI (l + 2'+raid. but that ordob z. d i ( m o d 2 ' + t ) ..l) .) t-l m m = I + 2'+t > aidi (mod 22r+2). = l (modp). + l)o. t-l m : : fI (2'+td. This implies that ordob | 2'+rv. (mod p). Since ordobl(p-l) 2' + t l( p. I o rd rb : 2 ' * rc. . i-l . Hence.u : (-11Q-r)/2*'. divid ing n is of the form pr : 2'rrdi + l. Therefore.b)/2 -l (mod p)..+tlordrb.r!Q-l)/otd. l+ | : (-1)rr-r)rz'*' lp) r e c a l l i n g t h a t d : ( p -I) /2'+t.b/z)((p-D/ord. Therefore. w h e red i s an i nteger. (e. we have r\ I A | = 6Q-D/z : 66rd. Since each prime p. it follows that * l .328 Quadrati c R esi dues b2"'. t2'-t : h-D/2 m ) r s Z/ a .e) r) : (-l)d.b) lp ) (.t. where c is an odd integer. it follows that n : fI pj'. S i nce 6(ord. Becausec is odd. |. . If n : 3 (mod 4) and n is an Euler pseudoprime to the base to b. an Euler pseudoprimeto the base D is. Although an Euler pseudoprime to the base b is not always a strong pseudoprime to this base. However.10). a strong pseudoprimeto this base.ifrr((-r)d. then n is a strong pseudoprime the baseb.* : 2 o'd' (mod n).fo. note that not every Euler pseudoprimeto the base b is a strong pseudoprime to the base b. (-1)i-t Therefore..n is an Euler pseudoprimeto the base D' tr Although every strong pseutloprimeto the base D is an Euler pseudoprime to this base.r ) / 22 2 7 6 : 7gl + t 1 (mod ll05).9. 1105 is not a strong pseudoprimeto the base 2 since : 2 ( l l o s .o. we have m : fI el)"'"' :_ : . J InJ t-l . : | .ftr[+. (-1)t-t On the other hand. as the following example shows. p . I (mod 1105).w e seethat 6(n-t)/z [ql ln) (m o d n ). We have previously shown that the integer 1105 is an Euler pseudoprimeto the base 2.l ) / 22 5 5 2 : while :2 2 0 t 0 s . from (9.). when certain extra conditions are met. The following two theoremsgive results of this kind. Example.9). Theorem 9. Consequently.9.^ ) : lnl .4 EulerPseudoprimes 329 This congruenceimPlies that 12s-t-r = i i-l aidi (mod 2) and (9.10) 66-r\/2 : (6rt7z:-'. combining the previousequation w i th (9 . in fact.: (-t)'. . We write n-l : 2't .| +1. . If n is an Euler pseudoprime the base6 and to lal then n is a strong pseudoprimeto the base b.3. l n l '/ \ Proaf. w e s e e h a t t ln) b ' r-' = -l (m o d r). ln) r) B u t s i n c el 4 I : . consequently.n) : r . tr to Theorem9.it is a strong pseudoprimeto ihe base . ln ) .t 6.. Hence. ln ) r\ tbl : Drnce l. From the congruence n = 3 (mod 4).'-t)/2 f ql (mod n). tr Using the concept of Euler pseudoprimality.(b . Since n is composite. ft. Lemma 9. a n dl 4 | : . we will develop a probabilistic primality test. we have : br-. it follows that bt : 6. Since n is an Euler pseudoprimeto the base b. n is a strong pseudoprime the baseb. Before presentingthe test.330 Quadratic Residues Proof. This test was first suggested Solovay and Stiassen by [7g]. where / is odd and s is a positive integer..then there is at least one integer b with | < b I where is the Jacobi symbol. we know that n-l : 22. b' = oneof the congruences the definition a strong in of pseudoprimeto the base b must hold.t where t : (n-l)/z is odd' Since n is an Euler pseudoprime to the base b. we give some helpful lemmata. : -r.. If n is an odd positive integer that is not a perfect sguare.'-r)/2 fa l (mod n). we know that either bt = l (mod n) or ln ) -l (modn).t .10. This is one of the congruences the definition of a strong pseudoprime in to the base b. -_r.. If n is prime.ows and : . whereQt. ln ) if (b.since n is not a perfect square.we can write n : rs wher e ( r . Let n be an odd composite integer with | < b I n. Then there is at least one Lemma 9. w e k n o w t h a t n : Q t 4 z " ' e . and such that b satisfies b = t (mod r) b = | (mods). w i th p a n odd pri me and e an odd positive integer. (b .n) : I Hence.n) : 1.4. (b.1. Then.9 . n must be a Carmichael number.. and D r\ n 6 6 .n) : 1. the existence of such an integer b is guaranteed by Theorem 9. Assume that for primeto n..4 E uler P s eudop ri me s 331 Proof. 2 1 . We will now show that . Now let / be a quadratic nonresidue of the prime p. If n is composite.-t : lAl n l3 I = (+ l)z : I (mod ). ln) Squaring both sides of this congruence tells us that r t2 b. that : -' r ro. ln) Proof.bl"-(_r).J l7): tp) |.1. Therefore. such a / exists by Theorem 9. integer. fal : (ul f.Qz. Since : [*] [*] [*] ii] t1]. that ( e .D / z1 l 4 | ( m o d ) . We use the Chinese remainder theorem to find an integer b the two congruences with 1 < b 1 n.'. 1) l positiveintegers not exceeding n and relatively r) 6h-t)/2 : d l4 | (mon)... from ar T h e o r e m8 .Qre distinct odd primes. . s ) : I a n d r: p ' . q . ( n and (b. and 6G-D/z1 |r l4 | (modn). the original assumption is false.t ) / 2= 1 ( m o d n ) for all integers b with I ( b ( n and (b.).r. Then. + 1(modn). with Suppose that b is an we use the chinese remainder theorem to find an integer a | 1 a { fl. Consequentry.| ( m o d Q z Q s . we must have 6 (.n) : r. There must be at l e as tone int eger6 w i th | < b 1 fl . and a=b(modq1) a : .aj : I (mod ) n l. 1 3 ) . l D a n d ( 9 . we observethat o.we know that 6".w e s e et h a t oh_t)/2 * contradictingcongruence (q. from the definition of an Euler pseudoprime. for all D with I < .n) .13) = o(n-r)/Z I (mod ezQt. (e. (a. ) for all D with I < b ( n and (b.r2) while oG-1)/2 6b-D/z: _ l ( m o dq 1 ) .n) :1. Hence.D : l . (b . Hence.tt).Q.3 tells us that this is impossible. From congruences O . .n): l. tr ln ) We can now state and prove the theorem that probabilistic primality test. ) .332 QuadraticResidues 6 h ..-t)/2= I (m o d n). However.. integer such that 6 h -r)/2 : -l (mod n).-t)/2:|... the basis of the . Lemma 9. n) : l .e^denote the positive integers less than n satisfying 1 ( a .. and (s. if it were true that d .e-..9.. we know that there is an integer b with I < b 1 n.)/2 r-"0. that are basesto which n is an Euler pseudoprime...11.rm be the least positive residuesof the integers bayba2... ..n): l.is less than 6fu) /2.. (b.)/2 [+] (mod).m. ) t 2 1 ( m on ) .frt.4 Euler Pseudoprimes 333 Theorem 9. Furthermore. (e.Z..rq ql (mod n). We note that the integers rj are distinct and (ri.16) For.. ( n .we would have I r 1J [+] (mod n ). : 1.. ( ai. [+] .n): j : 1.. Then... ( n. r) n)..e2..14) holds.ba^ I for modulo n.2. From Lemma 9. Proof... let e1. Let n be an odd composite integer. n then we would have$a)(n-.4. the number of positive integers less then n. a n d (e. 6b-r)/2 f l lnJ Now... relatively prime to n . afn-rtrzlLl (mod In ) Let rr{2.ls) for.r l+l This would imply that. : t+l 6h-t)/2o(n-t)/2 and since (9.

m .n-1. Show that the integer 561 is an Euler pseudoprimeto the base 2. relativ-elyprime to n. we -filis can conclude that 2m < qfu).. theorem. n. 2..2. looking at the two sets together. then n is an Euler pseudoprimeto the base a6. Therefore. the probability that all k congruences hold is less than l/2k. 9. This leads to the following probabilistic primality test. ... j : 1.to ) s h o w s . . when an integer b is selectedat random from the integers 1.2..determinewhether 6Q-t)/2 t+] (modn) If any of these congruencesfails."-t\/2 fqI c ont r adic t ing( 9 ..boLorr the integers i.. l. 3.almost certainly prime... . e know w thesetw o setsof i ntegers share no common elements. Select.2.2 . For each of theseintegersbj. tr From Theorem 9. so that m < proves the eh)/2..334 QuadraticResidues _ 6...1 4 ).. if n passes this test n is . . more composite integers pass the Solovay-Strassenprobabilistic primality test than the Rabin probabilistic primality test. altirough both require O(kQag2n)3) bit operations...1l. s a ti s fi e s th e congruence (9. Show that if n is an Euler pseudoprimeto the basesa and 6. th. Show that the integer 15841 is an Euler pseudoprime to the base 2.4 Problems l. d o e sn o t. we see that if n is an odd composite integer.j : 1.15) w hi l e r j..k. we have a total of 2m distinct positive integers less than n and.. a strong pseudoprimeto the base 2 and a Carmichael number. a s (g .... at random. Hence." Since every strong pseudoprime to the base b is an Euler pseudoprime to this base. 2..r-r. If n is prime then all these congruences hold. then n is composite. probability that n is an Euler pseudoprimeto the base 6 is less than I/2. Since there are Qh) integers less than n that are relatively prime to /r. ft integers bpb2. If n is composite.. Let n be a positive integer. j :1 . )' S inc e aj. .. The Solovay-StrassenProbabilistic Primality Test.

to Show that if n is an Euler pseudoprime the base b. . | * 2kq.4 Computer Projects Write programs do the following: to Determine if an integer passesthe test for Euler pseudoprimes the base b. . is odd for some j otherwise.2. then r 6. Show that n is an Euler 6" II ((n-l)/2. to Show that if n = 5 (mod 12) and n is an Euler pseudoprime the base 3. Find a congruencecondition that guaranteesthat an Euler pseudoprimeto the base 5 satisfying this congruencecondition is a strong pseudoprimeto the base 5. to probabilistic primality test.ffi.. . where pi : | * kr ( kz ( < k-.4 EulerPseudoprimes 335 4. to is a strong pseudoprimeto the base 2. Perform the Solovay-Strassen . . and where n: pseudoprimeto exactly where for zfqi i:1.pi. then n is also an Euler pseudoprime the basen-b. ph. : pl. p1-t) j-l different basesb with l < b ( n .. w h e r e ( D r : 1 1/Z It t 12 if kr: 1. Show that if n= 5 (mod 8) and n is an Euler pseudoprimeto the base 2. then n is a strong pseudoprimeto the base 3.. 7. Let the composite positive integer n have prime-power factorization 8.9. 9. 5 . if kj < k and a..

Example. for if ot : a b.a /b. where a and b say that u is irrational. It is easy to see that a positive rational number may be written uniquely as the quotient of two relatively prime positive integers. We -tt/-21 . where o f uni b are integers with b . product. Definition. then a .tt/2r : 22/42: 33/63 : The following theorem tells us that the sum.t' 0. and quotient (when the divisor is not zero) of two rational number is again rational. The real number a is called rational are integers with b * 0. If a is not rational. then a : ka f kD whenever fr is a nonzero integer. difference.1 DecimalFractions In this chapter. we begin with definitions. we will discuss rational and irrational numbers and their representationsas decimal fractions and continued fractions. when this is done we say that the rational number is in lowest terms. If a is a rational number then we may write a as the quotient of two integers in infinitely many ways.10 Decimal Fractions and GontinuedFractions 10. . We note that the rational number ll/Zl also see that is in lowest terms.

Suppose that .. Let o( be a root of the polynomial x' integerswith cs * 0.cn-r. a/0 : b /b) lG ld) : ad lbc @*0 ' denominatcr different is rational.3 tells us that2la.2 al so di vi des cannot divide both a and b' This we^know that 2 since G. and a/0 (when P+0 are rational' : alb and B : cld' where Proof.. Since 2lor./T Proposition 10. Then. it follows that a * O' Then' each of the e. H ow ever. we have 2: so that 2b2 : a2. D We start by The next two results show that certain numbers are irrational' considering . The number '/T is irrational' prime integers Proof. He n c e.1. Then we can write ot: alb whete a . so that a2lb2.c/d : (ad-bc)lbd' a0-b/b)'k/d)-acfbd.3 . and b y p ro b l e m 3 l o f Se c ti o n2 ..problem 3l of Section2. 21b.6 : a lb.b)':1. and d are integers with b * 0 and d numbers a * B : a /b + c l d : (a d * b c)/bd' a .. * cnlxn-t * Theorem 10. .6 is irrational' B it We can also use the following more general result to show that .. Let q :2c. ca.2. Let a and B be rational numbers.. since it is the quotient of two integers with from zeto. Since a and p are rational. b2:2c2. 6. * cp * cs where the coefficients ct. where c and b are relatively with b I 0. Supposethat a is rational. contradiction shows that . a .0' a9' Theorem 10.1O.1 DecimalFractions 337 Then a + 0. c. b.are Then a is either an integer or an irrational number' and b Proof.1.6 irrational.0: a/b .

are integers with 0 ( c. irrationat by Theorem 10.r + c s b n: 0 . ThJn x/i i. ur'^.. L e t a b e a re a l n u mb e r. ci/bi j-r where the coefficientsc. Let 7 be a real number with 0 ( y ( l. We now show that the fractional part ^yalso has a unique base 6 expansion.'. b > | .. . a n d ret a:Ial be the i ntegerpart of a.l * * c p * .*n'.. tr we illustrate the use of Theorem 10..1. We will not prove that either of thesenumbersare irrational here. so that r:o--[a] i s t h e f r a c t i o n a lp a r t o f a a n d o t : a * 7 w i t h 0 < 7 < I' From Theorem 1.-r:g'fr:". w: s e e th a t p l a . so that a must be an integer. by problem 3l of I a.1x n. the integer a has a unique baseb expansion. the reader can find proofs in Itg]. Then can be uniquely written T as r: .2.3.338 DecimafFractionsand ContinuedFractions are relatively prime integers with b o.'i-. w e h a v e b/b). thi s i s a contradiction which shows that b : t 1. a root of +cJa/D Multiplying by bn. Theorem 10.a.with . rc. if a is rational then d : * o. lb-1. u *..ui.b > l. and let b be a positive integer.-t * Since ot is *ca:0.. since ' '!n'.o. The numbers zr and e are both irrational.. si nce (a. Consequently.0 . We now consider base 6 expansionsof real numbers. where b is a positive i n teger .^ are irrational. the restriction that for every positive integer l/ there is an integer n with n2Nandc.3. Hence. so that "\/i it not an integer. u'^o!. u"rli-" or p x. such ". x' + c r .n*' *that p Since p I b we know "</7 it a root of xm .. consequently.. H o w i v e r.-18.8. Sec t ion 2..'-::'il and b I an . ^:. we find that an + cn_pn-tb + Since * c p b o .2 with the following example. 3. Example' Let a be a positive integer that is not the mth power of an integer. .. b) : l ._tG/6y. < 6-l for j : 1.

.see [62]. s i n c e0 < b 7 < b . Then Theorem 10. )tgntO' Therefore. ^ fr : b l .3. l.1 O. 7l ' 1 b b ^yg for k : 2. we can conclude that :0. l et so th a t 0 ( c r ( b_ 1 .+' so that 0(cr follows that (b-t.4. consequentl y. Lets and r be real nurnberswith lr[ j-0 V o r i: a / 0 . w e s e eth a t a 4 l r/b n < l /b n . +^Y. bY We recursivelYdefine c1 and ck : [bfr-r] and nlk-t:+. In a d di ti on.4. C1 C"t Cn and 0(rt < I' Then' 7:T* Si n ce 0 ( ln ( Ur* * n.3. .1 D ec im al F r ac t i o n s 339 series' We will use the In the proof of Theorem 10.' ) . (Most calculusbookscontain a proof') For a proof of Theorem 10. b.c r : b ^ Y l b l l ' sothat0(?r(land ^Y: c1 . We can now ProveTheorem 10'3' Proof. we deal with infinite geometric series' following formula for the sum of the terms of an infinite < t..r 1 b .. s i n c e0 ( b z t .. We first let c1: IbTl .

/uo. j:l dj/bi. "J To show that this expansion unique.c . and assume that c1. "u | _ t/b : l / b k.and c i:0 fo r i 2 k + t. and.l. i: b. (to. assume is that r:. * D-l and d* r n b-1. * d1r.t j:l r.{. for everypositive integer. e1-c1) /bi Since c. 5 thereare integers and m with i. Assume that k is the smallestindex-for which cr.3) if and only if d j .7 dr. whereo r.-d1) /bk : j-k+t . ttris shows that the baseb \ expansionof a is unique. (the case cr 4 dp is handled switching rores the two expansions). b. by the of Then o: .4 to evaluatethe sum on the right-hand side of the inequality. < b-1. j -l c1/bi:.340 DecimalFractionsand ContinuedFractions 7: : lim n<6 6 ') . we have (10.v. Note that equality holds in (10.3) contradict (to.z) and (10. ) d*. tr . H o w e v e r. :(b-l) l lLK+l .2) while (10.1) k1-d1) lbi : (c*-d) /bk * _k j .:) of is strict. where we have used Theorem 10. + l ki-d) /bj . the inequality in (tO. < b-l and 0 ( d.l f o r a l ! i w i th 7 ) t 1 t.such an i nstance s excl uded i by the hypotheses the theorem. and therefore.3) j:k+t j-k+l b*-d) /bo > . G1. so that (10.i'. Hence. a nd thi s occurs i f and onl y i f d j : .t).

k : 1.)8. (.cp2ca. ^y2:s -2: 2 t' + ^y3:B -5 . .terminates. wo can use the recursive formula for the digits given in the proof of Theorem 10..we prove the following theorem. for ^ fk : b y * -t .. We will show that a number is rational if and only if its base D expansion is periodic or terminates.. The decimal expansion l/8. terminates.125)ro. _ l_ _ )_ ca:[8']l-5..1 O.)o (24)6.. J cs:[8'?t:t.cp2ct. where ^Yo: ^Y. namely ck : lbt*-J . positiveinteger n such that c. of of Also.. We will now discussbase b expansionsof rational numbers. A base D expansion (. We see that the expansionrepeatsand hence.cn*l ... Definition. J _ tca:[8'Tl:2. (. To find the base b expansion(. Let ( .T' I ^ys-s +-s: T. and so on. of Example..)6.24000.3. t/6 : (1 2 5 2 5 2 5 . To describethose real numbers with terminating base b expansion. . the base 6 expansion 419. J 1..)r is said to terminate if there is a : 0. c p2 c a . Then 6 tc 1: [ 8 ' .cn+z: : Example.. ^yt:8 -l : I + T..I T' + 2 74:8 + -2 .)6 of a real number 7.) b e th e b a s e8 e x p a n s ion l /6.3.)ro (. c1/bi is called the J-t base b expansionof this number and is denotedby kp2ca.125000..1 Dec im al F r ac ti o n s 341 The unique expansion of a real number in the form ).'l:2. l : o c2:[8'.2.l bl t -J .

a has a terminating base6 expansion. pir cm-lb-lbi.. * atb*ag a: ar/bN : Now let 6u : d*b--N + am_tbm-l-fl + *a1b|-tr+ aob-N : (.3 that for every integer N there is an integer n. such that n ) N and ...ttl l l .lu (.)ro .00. (a*a^-1.. Then bNot:b*r/t:er.. Hence.aps)6 be the baseb expansion of or..a m o m .. T h i s i s w h y w e requi re i n Theorem i n stanc e. has a terminating base D expansion and only if a is rational if and a : r/s. and can be written with a denominator divisible only by primes dividing b. c^)r. and a is a positive integer since slbr. and rfs ..( 12) t o: 10. d: (c 1c2. Conversely. ... a s )y . take N to be the largest exponent in the prime-power factorization of s). where sa : bN . a . ..cp2. Hence. say bN. First. since (. .5. D Note that every terminating base b expansion can be written as a nonterminatingbase6 expansion with a tail-end consistingentirely of the digit b-1. 6 Then Q: b' so that a is rational. 0 < q I 1..c) . ln"n a^b^*o^-tb^-r + .342 DecimalFractionsand ContinuedFractions prime factor of s also divides D.. supposethat a has a terminating base 6 expansion. where 0 ( r ( s and every Proof.t . The real number a. that is divisible by s (for instance.(cp2. there is power a of D.. suppose that 0 ( a ( a: l. Theorem 10. .. where each prime dividing s also divides 6.

The pre-period is The next theorem tells us that the rational numbers are those real numbers gives with periodic or terminating base b expansions. begin Note that the periodic parts of the decimal expansionsof 1/3 and l/7 proceedsthe immediately. The base 3 expansionof 2/45 is (0 0 1) 3and t he per io di s (O t2 l )3 .. t o ' and . and the thi period. Let b be a positive integer. then the period length of the base of a is ordy b.1 O. and s prime factor af T divides 6 and (U .cry+ t t. Furthero if 0 < a : T(J where every where r and J are relatively prime positive integers. )s' 1 ) | / 6 : ( . ' . the theorem and periods of base b expansionsof rational the lengths of the pre-period numbers.6...16) . number either terminates or is periodic..1 Dec im al F r ac ti o n s 343 cn# b-l. ro and ll7 : (.b) : 1.1expanslon r/3 : (. 16 6 6 .cp 2.l/. without this restrictionbaseb expansions instance b expansionthat does not terminate may be periodic. while in the decimal expansion of l/6 the digit I b periodic pirt of the expansion... where N is the b ""punrion smaliestpositiveinteger such that TlbN. Then a periodic base b expansion representsa rational number. for I 1 3 : ( . Conversely.) 142857 rc' | /7 : (..t+ztst 142857 if there are Definition. Moreover.taxsz)ro.the base b expansionof a rational ( 1.J)_. : 716 (. A base b expansion (.cv1-.. We call the part of a periodic base periodic part L*punsion preceding the periodic part the pre-period. and the pre-period length is .ootorzr)r.. A base would not be unique.. . Theorem 10. .. where we take the period to have minimal possiblelength' (. .0 .c "') N+t-rc.nv a' For instance'we have t -( 7. a: rfs. 3 3 3 .)6 is called periodic : cn for n 7 N ' positive integers N and k such that cn11 Wedenoteby(cp2. Example.c rclr.']]-"*1-')6theperiodicbaseb (.cp2ca.

tells us that a is Conversely..epo)u.4) Furthermore. and (c.. 0 < c < u.u): U which results from the inequality 0 ( a ( I when both sides are multiplied by bN) . . Otherwise.-. s : T(J .A h a s a b a s eb e x p a n s i o n : (anan_t.b): 1.3 .supposethat 0 ( a ( l. Then.r*ffi)o c1 I-J- ct b62 C1 I-J- C'.ub. (the inequality A follows for since ( bNa: + 0 lf U : l.crrr. can write we (r0. where A and C are integers with 0 < I < 6N. where every prime factor of T divides b. Fr om T heor em 1 ..s) : l. where c is a positiveinteger. that of so that a: (.344 DecimalFractionsand ContinuedFractions Proof. suppose the baseD expansion a is periodic. First. Hence bNa:bN LTUU or (10.4 to see that €l s^_ t"^ ojo 6tc . The fact that (C.5) ar c i:n*i. < bN.l rational. Ql. and I/ is the smallestinteger such-that Tlb* Since Tlb*. then the base b expansion of a terminates as shown above. where r and s are relatively prime positive integers. Iet v : ord.. we have aT: bN. A l. b62 where we have used Theorem 10._ r I bk bk-l Since a is the sum of rational numbers. Theorem l0. a : r /s.tl): I follows easily from the condition (r.

. since b' = | (mod U). Equatingthe fractionalparts of (10. . and inserting the base b expansions A and 9. ( l.S). . ..6) and (tO.1 DecimalFractions 34s (10. we also have (10. can concludeIhzt cpau: c1..)6 the base expansion t.r . o p o f f i ) u.b ' y t -r . notingthat 0 ( T. F r o m ( 1 0 .z * r"] t ru.. we find that C 4 t : - Iv u' we ConsequentlY. Dividing both sidesof (10. huu. (where we have shifted the decimal point in the base b expansion of brya N . U of Combining (tO. ) . U' (ro.1 . 3 .so that c k : l b l t -J .1O.+) and (10. . where To : (10. nuta periodic baseb expansion for k : 1.. Hence $c .7) j -C+ 62 LA o' b is where(cp2ca. a n a n . . c v6 .s) bNa : ( a n a n .5). . 2 . a t a o c p 2 . . *..6) b'#: b'+:b'l]+ U ((t Q u+ t )c U +t..2.3. . . However.9) by bN. b u .. 0 0.. 7 )w e s e et h a t (-( b' *: U\ + l r . b') b' where/ is an integer.8) ^ y k. f o r k C : 1 . we obtain a : ( ... + c' * al.l bl * -J T.(n-rcr-Q6.c2.t+ c 2 b ' .. seethat ^Yv: ": t' we so that from the recursivedefinition of c1. . in lowestterms. To finish the proof. a one followed by two zeros. : r f s .10) : l. +cM)(bk-t) + Gyar6k-t+ bM (bk -t) . w e s e et h a t s l b M$ k _ D . :2" . we observe that from Theorem r 0.. Then. . ir r.6 to determine the lengths of the pre-period and p e r iod of dec im a l e x p a n s i o n s .^/ and the period length cannot be less than v. To do this. TlbM uTd ul(tk-o.and the period f. beginning with. .ipo)a is of length N.* Ct *#*(*)la.6. s ) : l . M > N . and . The number with decimal expansion o r: .l0. or the period has length less than v. D We can use Theorem 10. Therefore.crrr.. Since rylt:d: (fiasll4z). a base b expansion that is not terminating and is not periodic representsan irrational number. Example.t + c2 b M . a n d v l k ( f r o m T h e o r e mg .'the pre-period length cannot be less than .6 the pre-period has length max (s1.a. In this base D expansionof a. the pre-period (.7. an-t. and is not periodic.6 tells us that the prehas length 2 and the period has length ord710 : 6. 0 < a ( l .A/ ..h*1) zeros. and so on. dependsonly on the denominators. . L e t a : r/s . Example. since 2g .m+ k k f t M .ub). and not on the numerator /. l . 1 0 1 0 0 1 0 0 0 1 0 0 0 0 .s2)and the period has length ord. . s i n c e bk = I (mod tD and v : ord. H e n c e . suppose that q: (. so that either the pre-period has length less than ry'. Let ot:5/28.trffi)u : C1 b *.. from Theorem 10.00.Theorem 10. is irrational because this decimal expansiondoes not terminate. w i t h ( r .. consisting of a one followed by a zero.. We have shown that there is a base b expansionof a with a pre-period of length r/ and a period of length v.. 5/28 we seethat theselengthsare correct. C o n s e q u e n t l y . Note that the pre-period and period lengths of a rational numb er r f s. we must .ngit. a one followed by three zeroes.t o* that we cannot regroup the base b expansion of a. .2 q f cTaap) S i n c eq . where (1.346 D e c i ma l F ra c ti ons and C onti nued Fracti ons spaces to the left to obtain the base b expansion of a).22. cM -. 5r.

1 DecimalFractions 347 so that its decimal The number d in the above example is concocted occurring numbers expansion is clearly not periodic. in lowest terms.6. which logob is irrational. Show that the product of two irrational numbers can be irrational.rz b) . where p is a prime and b is a positive integer is not a Power of P rational or 4 .i c) n.1 Problems l. we still cannot how many decimal digits of their expansions the period could conclude that they are irrational from ihis evidence. 3. Show that dE is irrational a) b) by an argument similar to that given in Propositionl0'l' using Theorem 10. becausewe do such as e and 7( are irrational.1O. 2. + . To show that naturally Theorem 10. d) r16 e) rlrz f) r122. representedby the following expansions a) .2.6 is irrational.because be longer than the number of digits we have computed' 10. we cannot use numbers' No matter not have explicit formulae for the decimal digits of these we compute. Find the fraction. Find the decimal expansionsof the following numbers a) 2/5 b) slt2 c) r2113 7. Show that :/i Show that a) b) log23 is irrational. d) 8lrs e) lllll f) 1/1001. 6. either rational or 5. show that the sum of two irrational numbers can be either irrational.. Find the base 8 expansionsof the following numbers a) rl3 b) rl4 c) rls 8. .

.u. representedby the following expansions a) (... Find the pre'period and period lengths of the base 12 expansions of the following rational numbers a) t/+ b) r/B c) 7/ro d) s/24 e) 17h32 f) 7860.9ffirJp1.Showthat the periodlengthof the base6 expansion l/m is m . primitive of root of m.6.I if andonlyif z is piimeand. Showthat the real numberwith base6 expansion (otzt. 16. in lowest terms. For which positive integers D does the base 6 expansion of l r/zro terminate? Find the pre'period and period lengths of the decimal expansions of the following rational numbers il 7/t2 b) tt/30 c) t/7s 12' d) rc/23 e) B/s6 f) t/6t.348 D e c i ma l F ra c t i ons and C onti nued Fracti ons 9' Find the fraction. i. d) (M). " 14. b) (.#.#. 13' Let b be a positive integer. constructed by successivelylisting the base b expansions of the integers. For which primes doesthe decimalexpansion l/p p of haveperiodlengthof a)l b)2 c)3 d)4 e)5 f) 6? 15.rzi. 1.#.o-tlol rr2. D of 17. Showthat the base expansion t/G-1)z. 18. Show that +..iT).oar6 l0' Il' c) (.. is irrational. Find the baseb expansions of a) r/(b-r) b) r/6+D .# .)t.

k): are integers.c2. and include 0 and I in the forms i seriesof order 4 is and I respectively' For instance. are successive 0l112 3l Show that if a/b. t 1.('ffi)6 k :2t.integers and 0 b) Zl..l. in ascendingorder' Here. and e/f then c a*e 7. 7 .c1.-.+. then.0 ( ft < k ( n. Show that if p is prime and l/p . is irrational.ac :1.. ..tr'-oJ" Supposethat p is a prime and the base b expansionof . 2 2.T a) b) c) Find the Farey series of order 7. a) Show that every real number has an expansion to+l! CrCtrt+ * zl* 3! l'2'3'"" ( ct ( k for k : are where cs. The Farey series Fn of order n is the set of fractions hlk (h... integers such that 0 20. T ' T ' 7 . if z is a positive integer with I ( ln ( 6' m /p : (..c1. show that base b expansion of llp is p so that the period length of the ( p..1 Dec im al F r ac t i o n s 349 r9.c1sacP) where k : indtm modulo P.cya1. the Farey I T ' T . " ' . one.:r 1 .c!.. !s an infinite sequence of positive can be represented as Show that every real number .fur. of the type show that every rational number has a terminating expansion (a).o*?. thenci * ci+t: b-l has an even period length' f o r . whenever D is a positive integer larger than integers greater than one' Let byb2. c/d.c!.1 O. Show that if a/b bd . describedin Part llp is ('t. we whete h and' k 2 3 . ( ct ( bp for k : I'2'3'"" are where cs.coac 2.cz.E7' .. .. 2 . and c/d are successiveterms of a Farey series' then terms of a Farey series.#+#.

Show that I not an integer. l0.n ) l. For instance. Find the numerator and denominator of a rational number in lowesr rerms from its base b expansion. we obtain I nlr6 I ?3-:t+L:t* 16 16 16/7 16 : I Z: r + I + 7 7 7/2 L 62:r*16:. where b is a positive integer.' 2 2 By combining theseequations. are successiveterms of the Farey series of 24. 4' 10. c/d ) n.7 + 7:3-2 + lG 7 2 l. where b is a positive integer. Let n be a positiveinteger. then b*d and.)r 23 23 +:3 + !. 1 6+ 1 6: 2 . Find the pre-period and period lengths of the base D expansion of a rational number. When we divideboth sides eachequation the divisorof that of by equation. List the terms of the Farey series of order n where n is a positive integer (see problem 23).l Computer Projects Write computer programs do the following: to I' 2' 3' Find the base 6 expansionof a rational number.2 Finite Continued Fractions Using the Euclidean algorithm we can express rational numbers as continued fractions. find that we .3so DecimalFractions and ContinuedFractions d) Show that if a/b ordern. the Euclidean algorithm produces the following sequence equations: of 62:2.23 + 2 3 : l .

.Q2.rt L an an positive' The real ale where Qg.a1...Q'nare called lhe partial an are all The continued fraction is called simple if the real numbers as.a1. fraction is an expression the form Definition A finite continued I aot atl ctz * +- 1 a n .a2.a2."'' quotients of the continued fraction' numbers ej... fraction in the above to notation Lso. functions' We now definecontinued of .c r....1 O...an real numbers with Q1. Later be expressedas a finite simple continued fraction' ..Ctn| represent the continued definition.L : I rc17 I :2* 1+h :2* I 1+ 2++3*.e2.Q3'. fraction is in The final expression the abovestring of equations a continued of expansion 62123...2 F init e Cont inu e d F ra c ti o n s 351 62 :2+ 23 :2+ 1 23116 t I r '.. we use the Because it is cumbersome to fully write out continued fractions. a We will now show that every finite simple continued fraction represents we will demonstrate that every rational number can rational number.. integers..

that every rational number can be written as a finite simple continued fraction... . Then the Euclidean algorithm prodr.. the following sequenceof equations: .ak positive... using the Euclidean algorithm.a and r't : b...ok integers are with a r. Let as.. a k + t la g + Ia.. there are ria2.. Now assume.a1ra1l By the induction hypothesis. Theorem 10.. a 1 .that for the positive integer k the simple continuedfraction [ag.."... Proof' we will prove the theorem using mathematical induction. hence.or. a1r.ek+t positive. with s*0.a2.. . . k. Letx:a/b w h e r ea a n d b a r e i n t e g e r s w i t h b > 0 .. .a1.8..ek+t integers be with er. Every rational number can be expressed by u finite simple continued fraction. such that this continued fraction equals r/s.at.... Then lao. integers r and s... L e t r s ..352 DecimalFractions and ContinuedFractions Theorem l0'7 ' Every finite simple continued fraction represents a rational number.... For n : 1 we have [ao.[a ek. tr We now show. Proof.ek+r] is rational..arl:oo+ I *aoar*l al og which is rational.ekl rational whlnevst is as.. Note that : [ a g ....at.ok+tl : ag + a I r/s agr*S which is again a rational number..e2.

0(131rr.10) Similarly. : ln-3 fn-Z: fn-l : : fn'ZQn-Z* fn-1Qn-1*fn tnQn fr-t 0(rn-11tn-z.r . 13 6 I r2 rZ: r3 nr*.QN first equation' the Substituting value of r1/r2from the secondequation into the we obtain (l 0.:qt+ q2+...Qn are positive integers. 4z r t . . 0(ra113. I -L -t rn-2/rn-t -n l : .2 Finite ContinuedFractions 353 rO : r| : 12: r1Q1* 12 r2Q2* 13 r3Qtl 14 Q 1r2 ( tt..Qt. 0(rnlrn-t Writing these In the above equations 4z.-+ 4.nq .Trt ta.:et* I rrt^ ln-3 rn-2 ln-2: rn-l' fn-l rn : tn-l tn-2 : Qn-2 . equations in fractional form we have L: b lo /1 tt: : tt I Qr*.n . substituting the value of r2fr3 from the third equation we obtain .1O. n . / r . L Qn-l t : .:Q2.10) al T:4tt .".rlry into (10.

l Qn q n l . ! We note that continued fractions for rational numbers are not unique.o2. l . at Definition. o n l: I a g . l.. a1l._ whenevera. We have 1 #I I : [ o . . a 1 . ) L Gn-l) + Hence Example. Next.n .3 54 DecimalFractionsand ContinuedFractions c b Qr* Qz* Q t *+ rilrt Continuing in this manner. it can be shown that every rational number can be written as a finite simple continued fraction in exactly two ways. ] . .. a .a1... written as a finite simple continuedfraction. where ft is a nonnegative integer less than n. t .e. the other with an even number (see problem 8 at the end of this se c t ion) . : I In fact. e 2 . . 3 1 [ o . l . 2 . The continued fractions [as. c t 2 .I . we will discussthe numbers obtained from a finite continued fraction by cutting off the expression variousstages.e.. e n 1 . . l .. we find that T: q ' t+ Qz* Qt* I * Qn-t . T h i s s h o w s t h a t e v e r yrational number can be t:rnriQz.. is called the kth convergenr of the continued fraction . one with an odd number of terms. l ..n _ t . From the identity an : we seethat [ a g .

we seethat Cr : l a o .. a r .Qk-1. a.. . we can replace the real number ap by e0. . and Q*-z depend only on the partial ak-r . starting with a a continued fraction..a1. 3..t t P*-z Qk: apQt-t t q*-z okl t : I' ao.er.with 1. to obtain .. Conr"quently.e2..9..Q k l : .p*-z..e2. we will prove this theorem using mathematical induction. we see that the quotients numbers p*-r.. For k : l."'. positive' a an Theorem 10.a/...a1. Then the k th c o n v e rg e n C k Cp -.. .P*lqr' : 0 proof.... be definedrecursivelyby Let the sequences Pn P0.qt...at. a* * lla*+t in (t0'l I). Qn Qo: I Po: aO : asol*l q1: ar Pt and P * : o k P k . Pk:a*Px-r*Pt-z a trQ-t * qtr-z' t Q* real Becauseof the way in which the p. we will need some properties of these properties. the theorem is valid for k : 0 a n d k : l where Now assume that the theorem is true for the positive integer k Thismeansthat 1n 2<k (10. and qs.11) C k : [ ' a o . i s gi ven by n fo r /c : 2.2 Finite ContinuedFractions 355 Qnl The kth convergentis denotedby Ct ' [ao.. For k we have Co: lael : asll : Polqo. .1O.a 1 l : a s + ! : aoat*l a1 :Pt Qt a1 Hence. Lel ag.' .'s and 4y's are defined.Pt... the convergentsof In our subsequentwork... be real numbers.. . . We now develop formula for the convergents..

3s6

D e c i ma l F ra c ti ons and C onti nued Fracti ons

Ct+r : [ag;at,...,ok,ok+rl :

I a o : a 1 , . .(. t, k _ t , o k ! l +

ap

+l ["^

ok+t

P*-r t p*-z

l"r

.

*)nr-,*q*-z

a*n(arp*-r * p*-z) * p1,-1
apal(alrQrr-t * Qt_) * qt_t

_ o * + Pt * P * -r a * + fi * * q* -r _ P*+t
Q*+t

This finishesthe proof by induction. D we illustrate how to use Theorem 10.9 with the following example. E x am ple. we h a v e 1 7 3 /5 5 : [3 ;6 ,r,7 1. w e computethe sequences p1 andq, f o rj : 0 , 1 , 2 , 3 , b y

Po: 3 19 Pt:3'6+l: Pz: l'19+3:22 P t : 7 ' 2 2 + 1 9: 1 7 3

4 3- 7 ' 7 + 6 : 5 5 .

Qo: I Ql:6 Qz: l'6*l

:

7

Hence, the convergents the abovecontinuedfraction are of Co : po/qo: 3/l : 3 Ct:Pt/qt:19/6 C z : p z /q z : 2 2 /7 Ct: pJqt: 173/55. We now state and prove another important property of the convergents of a continued fraction. Theorem 10.10. Let k be a positiveinteger, k 2 | Let the /cth convergent of the continuedfraction las;ar,...,onlbe c1 : p*/qt, where pt< and, q1,ai as

'1O.2Finite ContinuedFractions

357

definedin Theorem 10.9. Then PrrT*-r' P*-t4t' : (-l)k-l'

For k : I we Proof. We use mathematical induction to prove the theorem' have (asal+l)'l - asat: l' PtQo-PoT1: Assume the theorem is true for an integer k where I < ft I : (-l)t-l' PtQ*-r P*-rQt Then, we have Pt+rQt P * Q t+ t (a rr+ rp t* p r-)q r, - P* (arrttQ* * Qr-) - (-l)k-t: (-1)k' Pt-tQt Ptq*-t: This finishesthe proof by induction. tr tt , so that

so that the theorem is true for k + l.

we illustrate this theorem with the example we used to illustrate Theorem 10.9. we Example. For the continuedfraction [3;6,1,71 have : -l PoQt PrQo: 3'6 19'l - 2 2 ' 6: I : PrQz- PzQl 19'7 : -1' PzQt PtQz: 22'55 173'7 of As a consequence Theorem 10.10, we see that the convergentspt lqx for thi ar e in low e s tte rm s . C o ro l l a ry 1 0 .1d e monstrates s. k:1 ,2, . . . Corollary 10.1. Let C*: p*lqr, be the kth convergent of the simple where the integersPt and qp are as definedin continuedfraction las;ar,...,8211, Theorem 10.9. Then the integersPr, and qy are relatively prime. Proof. Let d : (p*,q*). From Theorem 10.10,we know that P*Q*-r Q*P*-r: (-l)k-l' Hence, from ProPosition1-2 we have

d I el)k-r.
Therefore,d : l. B

3s8

D e c i m a l F ra cti ons and C onti nued Fracti ons

we als o hav e th e fo i l o w i n gu s e fu rc o ro i l a ry of Theorem r0.10. corollary 10.2- L?t ck : pr/qp be the c ont inuedf r ac t i o nl a o :a 1 ,e 2 ,...,1 1 l T h e n e C1,- Cr-r : kth convergent of t h e s i m p l e

{- ) * - r QtrQ*_r

for all inregers with I < ft k Cp-

n

Also, alrG)k QtQt-z

^ -x-2:

for all int eger s w i th 2 < k ( n . k Pr oof . F r om T h e o re m 1 0 .1 0w e k n o w th a t p l r Q* _tQ* pr_r: (_l )k-l W e obt ain t he f i rs t i d e n ti tv .
Ck - Cft-r : nr ''n Qr pr_r Qt-r (_t)k-l QtQ*_r

b y div iding bot h s i d e sb y q rQ* _ r . To obtain the secondidentity, note that rt L . - r- L k - z : -Pt'
Q*

Pt'-z:- P*Qr-z-P*-zQ*
Q*-z Q*Q *-z

sinc e P k : at p*- r * p * -z a n d q 2 : o k e k -r * q * -2, w e seethat the numerator of the fraction on the right is P *Q *- z - p rr-z Q*: (a * p * _ t * p * _ z )q k _2 p* _z(arQr,_r Qr_z) * - a t(P tr-tQ tt-z p * -z Q * -) : a rr(-l )k - 2 , where Pr - t Q t , - zwe have used P t - z Q* -r : (- D k -z . Theorem

10.r0

that

Therefore,we find that
Cp Ck-z:

a1,GDk
Q*4 tr-z

is the second identity of the corollary. tr

1 O.2 Finit e Cont inue d F ra c ti o n s

359

theorem w hi ch i s useful Usi n g c or ollar y 10 .2 w e c a n p ro v e th e fo l l o w i ng fractions' infinite continued when developing o f t he fi ni te si mpl econti nued Th e o rem l0. ll. Let c1 b e th e k th c o n v e rg e n t ., fra cti o n lag: at , Q 2, . . Qn l . T h e n Cr)Cl)Cs) Co ( Cz 1 Cq 1 ' ' i s greater than every

:0 ' l ' 2 " " C c a n d e ver y odd- num be rc d o n v e rg e n t ri * r ' i : e ve n num ber edc onve rg e n tC z i ,-l 0 ,1 .2 ," '

: /'3' " ' ' rt' Pro o f. S inc eCor olla ry 1 0 .2 te l l s u s th a t, fo r k

C1r-C*-z:#'
we know that Cp 1 C*-z wh e n k is odd, and C* ) wh e n k is ev en. Hen c e Ct 7 Ct ) Cs and Co ( Cz 1 Cq 1 C*-z

To show that every odd-numbered convergent is greater than every even' note that from Corollary 10.2 we have numberedconvergent, (-l)2--r'o' C z ^ - C z r n - l' -Qz^Qz^'t

so th at Cz ^- t 7 Cz ^ . T o c o m p a reC 2 1 ,a n d C ri -r , w e seethat Czj-r) Crj*z*-l > Crj*ro ) Cz*'

-numbered so that every odd-numberedconvergentis greater than every even convergent. tr

360

D e c i ma l F ra c ti ons and C onti nued Fracti ons

Example. Consider the finite simple continued fraction 12:3,1,1,2,41. Then the convergentsare CoC1 CzC: : C+: Cs : We seethat Co : 2 1 Cz: 2.25I Ca : 2.2777... ( Cs :2.2784... ( Cr :2.2957... ( Cr :2.3333... 2/l-2 7/3:2.3333... 9/4:2.25 16/7:2.2857... 4l/lS:2.2777... ftA /7 9 : 2 . 2784... .

10.2 Problems l' Find the rational number, expressedin lowest terms, representedby each of the following simple continued fractions

a) b) c)
d) 2'

IZ;ll [t;z,z] [0;5,0]
5 ] [3;7,1,1

e) f) e)
h)

[ r ;r ] [ l ;l , l ] [ I ; t , l, l ]
[ l; I ,l ,l,l ].

Find the simple continued fraction expansion not terminating with the partial quotient one, of each of the following rational numbers

il
b) c)

6/s
22t7 t9/29

d)
e) f)

-4311001 873/4867.

slsss

Find the convergentsof each of the continued fractions found in problem 2 . Let up denote the kth Fibonaccci number. Find the simple continued fraction, terminating with the partial quotient of one, of u1,-,1fup, where ft is a positive lnteger. 5. Show that if the simple continued fraction expressionof the rational number a , a . ) 1 , i s [ a 6 ; a t , . . . , a kthen the simple continued fraction expressionof l/a is l, l};a o,ar,...,a k'l. 6. S h o w t h a t i f a e * 0, then

1O.3 InfiniteContinuedFractions

361

P*/p*-r and

: I o o i a * - t. - . , a 1 , a s l ,

q* / q tr-r: I'au:ar-r,"',a2,a11, of convergents the where Ck-r: p*-t/qrr-r and C* : pt lq*,k ) l,are successive (Hint: Use the relation P* : a*P*-1 * pp-2 to continued fraction la6;a1,...,an1 s h o wt h a t p t / p * - r : a r * I / ( p x - t / p * - ) . of the 7 . Show that q1,) u1, for k:1,2,... where c*: p*lqr is the kth convergent and all denotesthe kth Fibonacci number' simple continued fraction las;a1,...,an1

8 . Show that every rational number has exactly two finite simple continued fraction
expansions. be 9 . Let lao;ar,a2,...,a211 the simple continued fraction expansion of rls where Show that this continued fraction is symmetric, i'e. I and r)l : t a n - t d 2 : a n - 2 , . .i.f, a n d o n l y i f s l ( r 2 + t ) i f n i s o d d a n d s l ( r 2 - t ) i f os: a21ta n is even. (Hint: Use problem 6 and Theorem 10.10). (r,s):

10.

Explain how finite continued fractions for rational numbers, with both plus and minus signs allowed, can be generated from the division algorithm given in problem 14 of section1.2' and let x be a positive be Let as,ar,a2,...,ak real numbers with a r,o2,...positive 1 real number. Show that Ias;a1,.'.,ar,l lao;a6--.,a1,*xl if k is odd and i I a s ; a 1 , . . . , a t> [ a o ; a 1 , . ' . , o 1 r * xf] t i s e v e n . 1

ll.

10.2 Computer Projects Write programs to do the following: l. 2. Find the simple continued fraction expansionof a rational number Find the convergentsof a finite simple continued fraction.

Fractions 10.3 InfiniteContinued
. of Supposethat we have an infinite sequence positive integersQo,Qt,ay,... How can we define the infinite continued fraction Las,at,a2,...l? To make sense of infinite continued fractions, we need a result from mathematical analysis. We state the result below, and refer the reader to a mathematical analysisbook, such as Rudin lezl, for a proof. of Theorem ll.l2. Let xs,x r,x2,... be a Sequence real numbers Such that xo ( x r ( x z ( . . . a n d x 7 , < u fo r k : 0 ,1 ,2 ,... for somereal number u, or x o 2 x r 2 x z 7 . . . a n d x t 2 L f o r k : 0 , 1 , 2 , . . . f o r s o m er e a l n u m b e rl .

362

D e c i ma l F ra cti ons and C onti nued Fracti ons

Then the terms of the sequencexu,xr,x2,... tend to a limit x, i.e. there exists a real number x such that

14to:"'
Theorem 10'12 tells us that the terms of an infinite sequence tend to a limit in two specialsituations,when the terms of the sequence are increasingand all less than an upper bound, and when the terms of the sequenceare decreasing and all are greater than a lower bound. We can now define infinite continued fractions as limits of finite continued fractions, as the following theorem shows. Theorem 10.13. Let as,e 1,ct2,...be an infinite sequenceof integers with ar,Qz,... positive, and let ck : lag;a1,a2,...,e1a1Then the convergents cp tend to a limit ot.i.e

J4to:"'
Before proving Theorem l0.l 3 we note that the limit a described in the statement of the theorem is called the value of the infinite simple continued . fraction [as;at,o2,...1 To prove Theorem 10.13, we will show that the infinite sequence evenof numbered convergents is increasing and has an upper bound and that the infinite sequenceof odd-numbered convergentsis decreasingand has a lower bound. We then show that the limits of these two sequences, guaranteedto exist by Theorem 10.12,are in fact equal. W e now will p ro v eT h e o re m 1 0 .1 3 . Proof. Let m be an even positive integer. From Theorem 10.1l, we seethat

cr ) ct) cs ) ca1cz1cq1

)

C^-t

1C^,

and C2i 7 Czn+t whenever 2j 4 m and 2k + | <. m . By considering all possible valuesof m, we seethat

Cr ) Ct>. Cs) co(czlc+(

) C z n - t ) C zn+ , 1 Czn-z 1 C2n I

and czi ) Cz**t for all positive integers j and k. we see that the hypothesesof Theorem rc.12 are satisfied for each of the two sequences C 1, C3, C2, . . and C s ,C z ,C 4 ,... H e n c e , th e sequence 1,C 3,C 5,... . . C tends to a

1O.3 lnfinite Continued Fractions

363

Cs,C2,C4,"' tends to a limit a2 ' i'e' limit d1 and the sequence : dr )i*c"*r and )*c" : o(2'

Using Our goal is to show that these two limits a1 and oQ are equal' Corollary 10.2 we have Pzn - (-l)(z'+tl-t * tn C z n +-r C z n : l z n * t Qzn+t Qzn Qzn+lQz, Qzn+lQzn

Since e* 2 k for all positive integers /c (see problem 7 of Section 10.2), we know that I (zn+l)Qn) ezn+rQzn and hence Czn*t - Cz, Qzn+tQzn

tends to zero, i.e. nlim (C z ra 1- C 2 n ) : 0 .

have the S amel i mi t, si nce s H e n c e,t he s equenc eC 1,C 3 ,C s ,...a n d C g ,C 2 ,C 4 ,...

j*

(cr,*t - cz) :

,lg

Czn*t

,lg

cz, : o.

we Therefore ayr: aq, z11d conclude that all the convergentstend to the limit d : (rr : dz. This finishesthe proof of the theorem' D Previously, we showed that rational numbers have finite simple continued fractions. Next, we will show that the value of any infinite simple continued fraction is irrational. b Th e o r em 10. 14. Le t o s ,,o 1 ,e 2 ,... e i n te g e rs w i th a1,Q2,...posi ti ve. Then is ir r ati o n a l . Ia o ;ar , , a . . . 1 2, and let Proof. Let a : las;at,ctz,...l

364

DecimalFractionsand ContinuedFractions

Cr : pr/qp : [ a o ; a , . . . , a k l t denote the /cth c o n v e r g e n t o a . W h e n n is positive f a integer,Theorem 10.I I shows that C2, ( a ( C z r + t , s o t h a t 0 ( a - Czn I Czn*t - Czo .

However, from Corollary 10.2, we know th a t Czn*t - C2n : this meansthat 0(a-Czn:aand therefore, we have 0 1 a q 2 , - p z n 1 l / qzr+ t . Assume that a is rational, so that ot : e /b where a and b are integerswith b + A. Then oaoQr" b -pzn< I Qzr+t , Pzn 4zn a Qzn+ tQzn
I ' 4zn+tQzn

and by multiplying this inequality by b we seethat 01aq2n-bpzn
Qz n + t

Note that aq2, - bpzn is an integer for all positive integersn. However, since Qz r + r ) 2n*I , th e re i s a n i n te g e r n s u ch that Qzn+ t> b, so that b/Qzr+t < I . This is a contradiction,sincethe integer aQzn- bprn cannot be between0 and I . We concludethat a is irrational. n We have demonstrated that every infinite simple continued fraction representsan irrational number. We will now show that every irrational number can be uniquely expressed an infinite simple continuedfraction, by by first constructing such a continued fraction, and then by showing that it is unique.

: Next. Q0 .a ) continued fo r k : 0. . 2. . sincethe dk+r:l/(at-a*) that implies (10..ap) ) and consequently. c r k + :l I / b t . Let a: cvO an irrational number Y Qt. . simple ar fra cti o n Lag. 10. fsr k : 0. then we can easily see that a. Further.. Th e n a i s the value of the infinite. l.611 we Now.3 Infinite Continued Fractions 365 and define the sequence be Theorem f0.1O.1 . 2. is irrational. From the recursivedefinition given above. This meansthat all the integers Note that by repeatedlyusing (tO. so that 0(a1-ap<1. We first note that d0 a is irrational' is also e we assum that a1.p1' relation irrational. and aplatlap*|..12) otk:A**Ls I qk+l a7. then by Theorem and if d. r eCuf s iv e l b Y Qk : lapl. . is irrational andap is an integer.1. . . I at. is an integer Proof. would also be rational' were rational. . ' .t2) we seethat . if a7.15. .. ak+r: [ar+rl ) 1 l. az . I . we see that ap we can easily show using mathematical induction that for every k. Hence. . know that 47. since a7. a(k+t: 1l@* . Q 2. is irrational for every k.

.e.ak+ll a*+tP* * pt+t at+rT* * q*-r where Cj : pi/qi is the 7th convergent las.10 to simplify the numerator on the righthand side of the secondequality. .1.. al . *a1r* I otk+l what we m ust n o w s h o w i s th a t th e v a l u e of l as.at.... Since a * + rQ * * q t-r ) a t+ fl t * q* -r : we seethat Qk+|. at-fL a2 I : Ia 6 . as k grows without bound.al ao* I ul ao* l..ar.o2..a 2 l : Qo* : at i az -f I a g . . ..c.we seethat a : : fag. . o z .. * q*-)q* (-t)t (a r+ g * * q * r)qt ' where we have used Theorem 10. .a 1 .afl2. From Theorem 10. Hence of a-Cp : a * + rP r * p * -t dtc+tQ* * -(Prqrr-t q*-t - pt Q* Prr-tQ*) (ar+gr.9.ok.366 DecimalFractionsand ContinuedFractions Q: d0: : [as..k+ 1] tends to a as ft tends to infinity.ek. c t k .. i.. a t r + l l .

2 ). Cp tends to a as fraction phrased differently.s t r representsan To show that the infinite simple continued fraction that theorem. . a 2 .l representsthe same irrational number.. I 2 Supposethat : l a s . .1. a . then ar: k :0. .1O.a ..apl I : aol --. 1 . If the two infinite simple continued fractions las. a 1 ..) /< -- lim Ia1. .at. b2 . .. we note that [ a g . 2 k ( f r om p ro b l e m7 o f Se c ti o n 1 0 . 1 l b o i b . a pI .w e k tends to infinity' or to zero as k tends to infinity..:" 1a o since : a : l a s . Q3 . since Co : 4o and lc-l.. .br. irrational number is unique.1 bx for and lbo. 1 i.ar... . .2.. Further... ..a2.. .a2. . /<: do* l q 1 i a 2 . a 2 . Then. . .. . the value of the infinite simple continued a l a s .. Hence. r 2 Our remarks show that aO: bO: lol ..3 Infinite Continued Fractions 367 l o .1..bz.. a1 . T h e o r e m1 0 . Suppose that a: lag. t C t : a o * l / a t . a 1 .apl o l g l [a o i a I :lim(ao+.1 2 1 ... O3 . .o2.. 1 1 e l l su s t h a t ao 1a so that ao: 1ag* Ifa1. Proof. we prove the following Theorem 10.at. .c * L' * QtrQx+t note that l l q* qn* t tends Si n ce Q r . l O 1 i O ...16.a2 . .

...z. We illustrate this procedurewith the following example.4. D To find the simple continued fraction expansion of a real number.:-: I {e+z _ 2 Qo+D-4 d1 ot. is the 7th convergenr of this continued fraction. for k :0. The convergents of the infinite simple continued fraction of an irrational number are good approximations to a.. . we use the algorithm given in Theorem 10.1 which implies that ['a p. if p*/qt. .. ...l lb**t. we see that apal : bpa1. then.368 DecimalFractionsand ContinuedFractions and that a o *+ : b o so that Io 1. .. b t + 2 .1 " ' Ib ..b n * r .)__ "E+Z Qt:r*r:2. . ...1d.. a n d s OOn Hence ^f6 : 12.4.2.. I : bk-t+ ' a*+rl +' Lapa2io1ra3.6' is periodic. t 1 U s i n gt h e same argument. In fact. we know that .*2)-z '2' e z : [ J o + z l: q Since d3 : w e S e et h a t a 3 : q{ - E . . a 2 . ..2. ao:lrfil:2.2.b ] : I ..b*+t.[.. We find that ant..l N o w a s s u m e h a t a 1 r : b k . 1 . .. by mathematicalinduction we see that a2 : b1.:.2.1.. from the proof of Theorem 10. Let a : G.o.... ... 1ra3. .bz. : J6+2 (J6... The simple continued fraction of -... !: [ b t i b z . . . a n d t h a t l a p t l .. We will discuss simple continued fractions in the next section.15.. a4: e 2 . lb 1ra2.. Example. a 1 r a 2 ..15.l I a . .a1ra3...a2.1.4. Hence. t :G5:T I s.

proof. then r : pkx and s : Qkx' Qt+t ) s . in the sense continued fraction of a are the best rational approximations with a denominator that prrlql is closer to a than any other rational number l e ssth an q1. so that Pt Qt+l From Theorem 10. but that 1 considerthe simultaneousequations Ptx*Pt+rl:r Qtx*Q*+t!:5.o-pnl.tQk ."'. We . Wenotethat x#O (px*t. si n ceQt I Q *+ r . which implies that :0 .10.sP* ' : (-l)fr.we know thar ppag* y : (-l)k (rq1. If x:0thensPt+t:r4k+t'Since and y#Q. Let a be an irrational fractionof a' If r and s are convergentsof the infinite simplecontinued the integers with s ) 0 such that lso-rl < lqo"-pol thens 7 qr*t. and subtracting the secondfrom the first' we find that (Pt +rqr-PxQt +)Y .we find x : (-l)k(sppa.2.-sP). numberand let n1le1. Lemma 2. c ont r ar y to o u r a s s u mp ti o n . then By multiplying the first equation by Q* and the second by px. ( s I Assume that lso-r | < lqr. :1.rQ*+).3 InfiniteContinuedFractions 369 l"-polqol < llq*qx+t so that lo . multiplying the first equation by Qlray and the second by that then subtracting the first from the second.3 tells us that q*+tls. be i Theorem 10.If y so that q*+r. of the simple The next theorem and corollary show that the convergents to a. ppal and Similarly.1O.17.qrr*) : l.polqxl< tlq? .

since Qtc+r! q1ra1 s. we seethat lso-r | : lQorIql.p*+r have oppositesigns. . Let q b e a n i r r a t i o n a ln u m b e r a n d l e t p i / q i .weknowthatx Q ) 0 .l ) lqro-p*l. .l. proof is the is complete. and Qr+p . contrary our assumption.t*r) havethe same sign.r are integerswith s ) 0. This contradicts assumption.so that lso-rl : l{ llqoo-pol lyllq**p-pr. sinceIrl > l.l. 2 . ) 2 see Qkx: s . Proof. Suppose that s ( qt and that lo-r/sl < l"-pr.and consequently.+rl + 2 lxllqoo-pnl ) lqto-pr. Since kx:s -Qt<+tl. j : 1 .(po*+p**t)l : lx(qp-pr) + yQ1.370 D e c i ma l F ra c ti ons and C onti nued Fracti ons lso-rl : l" llqp-pr.Q*+r! ( 0. such that lo-r/tl < l"-p*/qol . th e n s ) q*. From the simultaneous equations started we with.it combining the conclusions the previoustwo paragraphs.sothatx ( 0. suppose that y <0. be the convergentsof the infinite simple continued fraction-of *. b e c a u s e { 1)x 0 and When / ) 0.tr Corollary 10.lqr. . our We haveshownthat our assumption false. where r and .l l . sincel*l>t. we Q* ) 0. to we will now showthat x and y haveopposite signs. lf r/s is a rational number. w e k n o w th a t e i th e r P t/qt ( a ( p* + r/qx+ t or that Pt+t/q*+r ( a ( Pr/q1r. of we see that x(qpa-pr) and!(Q*+p-p. First. we easily see that Qtea. that F r om T heor em l 0 .-.ap-p. . In either case.pt.3.lp)a .

Then.18. convergentof Theorem 10. Assume that r/s is not a convergent of the simple continued fraction convergentspxlqx and ppallqp*t expansion of a.1 O.N o t e t h a t t h e r e continued fraction the sequenceof partial quotients. Fi n ally . The first 2217 i s and 1039 9 3 /3 3 1 0 2 . less than 106. . 1 . The convergentsof this five are 3. 22/7' 3331106' are the best rational approximationsto r. j . p i s n o d i s c e r n i b l e a t t e r ni n o : l i .3 that 3 3 5 1 113. Since we know that \tpo-rqol > t (we know that sP*-rQr is a nonzero integer sincer ls #pplqr). 1 . then r/s is a convergentof the simple continued fraction expansionof a. we conclude this section with a result that shows that any be a sufficiently close rational approximation to an irrational number must of the infinite simple continuedfraction expansion this number. . 2 9 2 . 1 . lf a is an irrational number and if r ls is a rational number in lowestterms. proof. 2 . 1 5 . it follows that . where r and s are integerswith s ) 0.w e seethat su ch t hat Q n 4 s I Qrr+ t F ro m T h e o re m < lqoo-pol It ". that the best rational approximation of t with denominator less than 31. 1 . find sla-r lsl < qol"-Polqol so that lsa-tl < lqod-Pxl . such that lo-r/sl < t/2s2.We c o n c l u d efro m C orol l ary 10.1 7.3 Inf init e Cont in u e d F ra c ti o n s 371 that we By multiplying thesetwo inequalities. there are successive 1 0 .-rl: slq-r/sl < t/zs' Dividing by qr we obtain l o -p o l q o l < 1l 2 s q * . of violating the conclusion Theorem l0'17' tr is 7( of fraction continued simple The Example. .5lll3 is the besi rational approximation of zr with denominator 3 3 1 0 2 . 1 .a n d s o o n . j . 1 .

6 . Find the first five partial quotients of the simple continued fractions of the following real numbers a) b) 1/. Zsqp ) 2s2. 1 .1 . . . 1 . g ./i r+. 61 .3 Problems L Find the simple continued fractions of the following real numbers a) b) 2' . a) the first eight convergents the continued of fractionof e . which implies that q1. Hence. sQ* sQ* ': lor tl sl lqo ll I . 1 . Find the best rational approximation to zr with a denominator less than 10000. The infinite simple continued fraction expansionof the number e is e : l 2 . 1 . 2 .l*l 2tq* qrl 2s2 F:l (where we have used the triangle inequality to obtain the second inequality above).372 DecimalFractionsand Continued Fractions -x | - lspt-rq*l . 2r c) d) (e-l)/(e+l) (e 2 -t)/(e 2 + D . tr t/2s2 10. 1 . .rf2 ^f3 c) d) -. ) s. l 4 . contradicting the assumption. we seeth a t t/2sqp I Consequently.

(l +lf9/2.a2. such that numbers lo-plql<t/(.. ./-sq2).1 O. such that l''. Let a be an irrational number . Show that if a .such that ad .2. then l o .a3.a2lldv"'lif [-as-l. then there are only a finite number of rational plq .plql<rlG6q\.) 10.b. where p and q are integers with q # O.lif simple 6 ..a/q1a1 2f€ consecutive convergents of the continued fraction of an irrational number a. expansion 5 .. and let pllei denote the jth convergent of the la.as..p o * r/q o * ..ot. 9 .bc : il and 0 : # a) b) Show that a real number a is equivalent to itself.l po* r/q& + r pr.1 l /2 q l a. + ( Hint : F ir s t s h o wth a t l o ./qtl : l/q*q**t using CorollarY 10.-l.q # 0.1. where p and q are integers. If a and B are two real numbers. Conclude that there are infinitely many rational numbers plq.f at: 1' a12 I and[-as-l. Show that if p*lqx and. andd . Show that if a and p are real numbers with p equivalent to a ..6. Let d be an irrational number with simple continued fraction -ot is Show that the simple continued fraction of o : loo.p r* r/q * * .p1. simple continued fraction expansion of a.pileil < t/G/-sqil. Let a be an igational number..c.3 I nf init e Cont in u e d F ra c ti o n s 373 b) less than Find the best rational approximation to e having a denominator 100. Show that at least one of any three consecutiveconvergentssatisfiesthe inequality 8 .) 7. Show that the kth convergent of the simple continued fraction of l/a is the reciprocal of the (k-t)th convergent of the simple continued fraction of a .1 l o .a. (Hint: Consider the convergents of the simple continued fraction expansion or.p r/q rl < tl z q o ' ( l o . then a is Hence. we can say that two numbers a and B are equivalent to B equivalent. we say that p is equivalent to a if there are integersa. a ) I .pol qol.

or w h e r e k i s a p o s i t i v ei n t e g e r a n d 0 < r rfs : p*_t/q*_r. 1 . c 2 . 10.z/q*.1.e. are equivalent.c3. .. the best rational approximations an irrational number.. b1. as usual..... the &th convergent of this continued fraction._.4 Periodic Continued Fractions We call the infinite simple continued fraction [as. b 1 r .2. are equivalent.ai../q*.. Show that any two rational numbers are equivalent..... then a and l.| 1ak.. is increasing if k is even.2. .. We use the notation .t:0. ...at. and t is an integer with 0 < r I a) b) Show that each pseudoconvergentis in lowest terms Show that the sequenceof rational numbers pt pk. c 1 .3 74 Decimal Fractions and Continued Fractions c) Show that if a. er ai. Find the simple continued fraction of a real number.-. 10. and l.k and c. j : 1. .. k > 2.a2.az./Qk. c aw..1. to 2.e . d) Find the pseudoconvergents the simple continued fraction of zr for of k -2. : Iag...3..a1.... and let the simple continued fraction expansion of a be a : Ias.1 g : a and [ b o : b 1 .c2.o.c1. p*/e* ..j.aba2... then slqt .h . i.2.a.lperiodic if there are positive integers N and k such that an : ara1. .3 Computer Projects Write programs to do the following: l.1. b 2 . d) e) II' Let a be an irrational number. at. We define the pseudoconvergnts of this continued fraction to be P*t/q*.. .i:0.S. and decreasingif ft is odd Show that if r and r are integers with s ) 0 such that c) lo-rlsl ( l" -p*. Let p*/q* denote. for all positive integers n with n > N. where k is a positive integer.2.-. are real numbers such that a and B are equivalent and B and l. : (tP*-r + pr-)/QQ*t * Q*-z)..are intejers.. Show that two irrational numbers a and p are equivalent if and only if the tails of their simple continued fractions agree.. all positive except perhaps as and bs .

4..oN-r.2. Definition. and there are From the quadrati c i n te g er s A .o2.1 ' 4 1 y ' 4 1 y 1 '" ' l ' N N For instance.1. a N + k .b.at.. we first developsome useful results about quadratic irrationals.contradi cti ng Theorem 10.Z./t * I : o.a -2 Next. a 2 .lAl I I .2." ' . Example.fi Hence a is a quadratic irrational. formula.f .6 w o u l d b e ra ti o n a l . then a is irrational. we need the following definition. Before we do this..4Q+. : : (a+Jt) lc. Aa2+Ba*C:0. To characterize numbers with periodic infinite simple continued fractions. denotes the infinite simple continued fraction In Section 10. 1.3. Let a :2 * . Q ...l . Proof.3.1. we know that ..B. where A. note that a2 .1O. If a is a quadratic irrational.3. i . then .e . We will show that the infinite simple continued fraction of an irrational number is periodic if and only if this number is a quadratic irrational. and C are integers.4a t | : (7+4. and c with . tt. . . > 0 and c 10. we showed that the base b expansion of a number is those irrational periodic if and only if the number is rational. a N r Q + 1 .4 PeriodicContinuedFractions 375 lag. b y Th eor em 10. B ..m fraction infinitesimplecontinued the to express periodic 1 I a o : a l .. The real number a is a quadratic irrational if and only if there are integers a. Then a is irrational..4. The real number a is said to be a quadratic irrational if a is irrational and if a is a root of a quadratic polynomial with integer coefficients. and C s u c h th a t A a z + Ba t C :0. ./7. such t"hatb is not a perfect square and . Lemma 10. .4. for if a were rational.

Lemma 10. tr The following lemma will be used when we show that periodic simple continued fractions representquadratic irrationals./T lGr *cs\ (at *cu)2-t2b .376 Decimaf Fractions and Continued Fractions -B*GQAC (I:- 2A Since a is a real number. c and b not a perfect square such that and6 nota perrect square.b. Further. 82 .4AC is By either taking -r^: -not a perfect square and A r^0.1 and 10. so that c is a quadratic irrational.2.4AC.2. with b > 0./blt(at +cu) . and since a is irrational. then (ra*s)/(to*u) is either rational or a quadratic irrational.r-.s . . c # 0.b: 82 . we note that co2-2aca+(a2-b2):0. and.1. b : g2 _ 4.6 | -t IGt *cu) +t ... Proof. a: (a+Jb)/c. andc areinte*. we can easily see that a is irrational. fur*cl)+rJb (at rcu) +t Jt I Gr + cil + r JF lI ht + cil -t.'.b. e: -B.t. _ZU. we have 82 . if 'r" where a. From Lemma 10. and u are integers./n I (at*cu) -rtblt[r (attcD -t Gr *cl)l.. there are integersa.ti"i:O. .4AC ) 0. Conversely. wO have our desired representationof a.t. c :24 o. o: b. then by Theorems 10. If a is a quadratic irrational and if r.

From the quadratic formula.al t (a. then the other root of this polynomial of a. "t fractions of quadratic of In our subsequentdiscussions simple continued quadratic irrational' irrationals we *iil use the notion of the conjugateof a -.2)' (ap)' a'2 : o| . I f a' : (a ftb ffd )/c 1 irrationals.f r om Lem m a l 0 . If the quadratic irrational d.i". then a' is the other root. tr tr4AC The following lemma tells us how to find the conjugates of arithmetic involvingquadratic irrationals' expressions L e mma 10.)': parts are easier. i s d e fi n e db y a ' the polynomial Lemma 10.(a+JD lc be a quadratic irrational' Then the coniugate Definition. is a root of is a'..2 : (a2* bzJd)f cz are quadrati c (a1+a2)' -. Proof.3. the conjugate Axz + Bx * C : 0.c. (c"rlc.d. because the sign is reversedto obtain a' from a.1 O.. we see that Axz+Bx*C:0are the two roots of _B*[EW ZA of If a is one of these roots.l (ra * s )/Qa + d rational' tr G is zero. denot edby o' .4 P er iodic Cont i n u e d F ra c ti o n s 377 i s a q u a drati ci rrati onal ' unl essthe H e n ce .then (i) (ii) (iii) (iv) a n d . The proof of (iv) will be given here. which would imply that this number is . 4.d'2 : d'td2 a't/o.z. Let a : (a -J b )l c ' o f a .. Note that .. the proofs of the other of this section as problems for the reader' These appear at the end Proof of (iv).

lb2)''/7 While .ffi| N Now let 0 : la1s.) Lagrange'sTheorem.a -r.'.+b r/7) G 2-. Let the simple continued fraction of a be periodic.b 2../V) c {a 2.s theorem on polynomial congruncesdiscussed Chapter 8./cl)/cz z.. " " G.. The converse.^lrsl---7 ..aN+r.41r+ft l Then ./Z) /r.b : . will be proved after a special algorithm for obtaining the continued fraction of a quadratic irrational is developed.t--../7 ) (a z+ b 2. (Note that this theorem is different than Lagrange. The infinite simple continued fraction of an irrational number is periodic if and only if this number is a quadratic irrational.. .(czazbrczaft)fi _ Hence (at/a)' : or'r/a'2. D The fundamental result about periodic simple continued fractions is Lagrange's Theorem.378 D e c i m a l F ra cti ons and C onti nued Fracti ons v l l q ) ".at.e 2. We first prove that a periodic continued fraction represents a quadratic irrational.. Gr+bz./7 ) k z a p z -c z b ftz d ) ./T) _ cr(a .' t G ftbr.that the simple continued fraition of a quadratic irrational is periodic.. In this chapter we in do not refer to that result.brE)/cz (or-brrE) /cz cz(arbtQ)Gr+br.. so that a : la g.. Proof.

have t qr. .r-ftPN-z Since B of convergents [ao. irrational.av"1'"''oru+kl' and from (tO't3) we simple continued f.9. * and from Theorem 10. 0 1 . If a is a quadratic irrational. . : (a+Jb)lc.tlon of p is infinite. and c # 0 .02 Qr. a N * I .5. Now note that a : l a g .P*-r : a' so that p is a quadratic irrational. . Since a is a quadratic irrational. w h e r eP .a t. d i s n o t a p e r f e c t q u a r ea n d Proof. a n d d a r e i n t e g e f s . N -r. Lemma 10. where a.1 tells us that ... Q .Q 01. so that from Theorem 10'9 we have 'a. s .1 O. d QIQ-P2) .t-zlqN-2ute Lemma 10.2 tells us that a is also a quadratic is a q*Oruii. We multiply both the numerator and denominator of this expressionfor q by Itl to obtain ..13) ^ t) 1 P * tP* -t oq*tq*-r' Since the of ata where p*lq* and p1r-r/Q1r-1 convergents Ia11. b > 0 .4 P er iodic G on ti n u e d F ra c ti o n s 379 g : l a l .a1 . B is irrational. 4 N* . > O .Q 2 .u. Q* O .b. then d. and c are integers.a2'"''o7'1-11' where pN-t/qN-1 and pr. . ' 0pr. we need the following lemma' Lemma 10./V)/Q..:fr. D To develop an algorithm for finding the simple continued fraction of a quadratic irrational.-r-P)0 .it follows that (10. can be written as : @+.. irrational (we know that at is irrational because it has an infinite simple continuedfraction exPansion).

d .Qs. we will show that pk and e* are i n t e g e r sw i t h Q 1 . Pk+r:atQt-Pk.1.at..380 DecimalFractionsand Continued Fractions a.* 0 a n d e * l @ . Since Q*+t : @-rf*. Q*+r: @-rf *r11qo : [d-(o*Q.tr\.1.r.P1. e .d > 0./7)/Qr. d is not a perfect square. r b j o i f : .. we see that d I Pi. e >O (since6 > 0)./Qo Q* : U-rf*1/Qo*t . Then Pk+r: a*Qt .. T ' ( i l o r l . Theorem 10. and define dk:(ro+. so that by Lemma 10. Now assume that P1 and Qp are integerswith e* * 0 and e*l@_p?i.-a?er). for k:0. Now let p : alcl.2.p \ s i n c e ..- (where haveusedthe fact we that lrl: -./7)/Qo . clcl. Proof.. l 0 s i n c e7 0 . Thena : fag.r p . and f i n a l l y l @ .p 2 : 6 r z 'lQuare : .5there are integers Ps.a2. Since Qrl@-pil... and since d is not a perfect square. by the induction hyporhesis. so that t o ..2. d oirz e n We now present algorithmfor findingthe sample an continued fractions of quadratic irrationals. a n dd a r e i n t e g e r s . C tk: [a 1 ]. Further. T h e np .. Q**r : (d-roL*t)/Q*.Pp Recursively is also an integer. for k : 0. and d such that @o+. d is not iperfect sinceb is not a perfectsquare. using mathematical induction. eel @-p&). e: a n dd : b c 2 . see that we Qpal is an integer..-pr)2]/e* : @-rfi/Qo + (2a1. whereQ0*0.. F i r s t .n o t e t h a t t h i s assertion is true for k : 0 from the hypothesesof the theorem.19. Let a be a quadratic irrational.

/N) /4 wh e r e we s et P o : 6 . canconclude a : las.e2. (28-22)/4:6. a1 O1 [a] : 2. : IQ+.. and Q + ..1.G/T P**r) + : @-rl*)/Q*QI + Pr*r) : Q*Qr. Example. Using Lemma 10.G/7+ Pt*.) : Q**r/('/i + Pr.n/Qr./Tg/2.pt +) lQ* : G/V.a 1 .*) : lla*+r . where we have used the definingrelation for Qp* to replaced-Ppzar with we that . t G+.P**')(JV+ P*+)/er. fork: N t he n w e k n o w th a t a : fa s ./7 Af -ap : l^/7 .a2.o : 4 .4 PeriodicContinuedFractions 381 we can concludethat Q1. Let a : Q+J1)/2 . H e n ceoo: Pr Qr P2 : : : 2'4-6:2..a1.are the partial quotientsof the simple continuedfraction of a'..ql@-pt*t) .P)llQ* : G/7 .... This finishesthe inductive argument. we use Theorem 10.15.a 2.. Hence. If we can show that : o(k+t llbr-ap). . To demonstratethat the integerses. l'6-2:4. Qz : ot2 A2 Og-+2)/o:2...1O./z$/61 r.we write : G+.f We illustratethe use of the algorithmgiven in Theorem10. D QtQ**r. a n d d : 2 8 .5..19with the followingexample.a1.G*Qr. ote that ap-ak: Pk + ..E)/e. Q.. (28-22)/6:4. and using Lemma 10. r .I .ez. tG+6>Jil:r. 1 andso. Q -rf *1 /Qo*r.382 Decimal Fractions and Continued Fractions P3 Qt : P4 Qq Ps Qs : - 4'2-!:4.. When we solve (tO.t4) for ol1.11. e+r/-Z$/6..-p'* * p*-) /(qt. G+.1. e+rFZ$/q.'-z$/il: t.so that by Lemma 10.. Taking conjugates of both sides of this equation.19 haveo: we dk ap Pwr Q*r fork: Since a lao. t7+.-p'n * q * ..) .a' )'lrl.n) /2 1 .. t ( z + . 4 . 1 . : I2..o.r+) o' : (pr. 1 . seethat : I 2 .4. : Ia "" s. d3 : o3 : d4 a4 a5 a5 : : : : e+..m)/6.l "_ ]:ffi Ijl that * q*-). ws find that .8) /eo . Q8-22)/4:6. l'4-2:2.4.5 we can write a as o : (po + . p5 and We now finish the proof of Lagrange's Theoremby showingthat the simple continued fractionexpansion a quadraticirrationalis periodic. Qg-+2)/2:6 l'6-4:2. Furthermore. + . pr: since we er: es. 1 . [apl. Let a be a quadraticirrational. atQ*-Pk*t.. . of Proof (continued).l where : : : : (r1.ar. _ll.1. / N ) / 6: l . Theorem by 10./7)/Q* . Hence. 4 . . see that (ro.with repetition.r .

:.4 Periodic Continued Fractions 383 dk: . ./7 I P*+r < -.ia. .l" tr. p*t t .+ 1 .P*-z I -ex-.wehave Pl*.t l . . from the defining relation for cu.:.... . sothat .-. al .". Qr sothatQ*> 0fork>N.P*-z la. . we seethat for k 2 ly'./7. o 2 . .. . we see that there are only a finite number of possiblevalues for the pair of integers Px. Alsofork>N.. . SinceQ*Qrr*. Q*-z I t fr' I P*-t Q*-t Since tends to 1. we have otk-Otk : Pp + Jd Q* Po-Jd Q* Zfi r0.P?*r.1O.0 for k > l.ol. Q i i.| qk^ t .-.. 0t ( Q*Q**r-.. there is an integer N such that a ' * 1 0 f o r k > N .*. : I a g ..d . Since there are infinitely many integers k with k > N.d P?*t < d .'lo. .':. a i . we see that o(i di Hence conseque "t'*:.[d < P*+r <-r/7.i: .therearetwointegersi andT suchthatPi:Pi andQi:Qi : with i < j .Qx for k > N . (d: Pl*t-Q*Qx*r.. that hold for From the inequalities 0 ( 0r ( d and k > N . ( .1 .:.i:"'.oi. Hence. o D This shows that a has a periodic simple continued fraction. . so that | .*t l to a as k tends to ts Note that the convergen p*-z/Q1r-2 and p*-rlqrr-t tend infinity.: i:i-. ...:"'.. Hence. o ' t > .

Further.'k a1r. for k :0.0: a is reduced.l/oi i.41: JA is not.1. l l ao < 0...15 that the partial fractions of the simple continuedfraction of a are given by ek : lapl. -l < a) 10 for /c : . Definition. we can prove. rs) l/a'*+t: c..enl then the continuedfraction of .2. we investigate those periodic simple continued fractions that are purely periodic.at..2.4.._ffi Proof.< 0 .o. (note that a o 2 I s i n c ea > 1 ) .. The simple continuedfraction of the quadratic irrational a is purely periodic iI-and only if a is reduced...I ( a1 ( 0 for k:0. we see that (ro. i.20. T h e n ..r 1 a ' 1 . if a is reduced and a: l...sohat t lag.2..1.az.jl: [2.f is called purely periodic if t h e r ei s a n i n t e g e rn s u c h t h a t a 1 r : e n t k .at..1:) /2 is purely periodic while The next definition and theorem describe those quadratic irrationals with purely periodic simple continued fractions. by mathematical induction.1 . o a ) I and Theorem 10.-.... to.e. Recall from Theorem 10. t 5 ) t h a t l / o t t+ r < . that .at.using Lemma 10... Example' The continued fraction tl.ez. and taking conjugates. assume that a is a reduced quadratic irrational. Definition. First. so that -l 1 a'k+t < 0 . Now a ssum et hat . fork: where ato: d We see that l/qt+t:ek-ak.2. Hence. w e s e ef r o m ( t O . (t+.note that sincec...e2. w h e rea ' i s th e c o n j u g a te f a . A quadratic irrational at if called reduced if -l ( a' ( 0.1 . those without a pre_period. otk+t : l/@tr-o*). s i n c ea * 2 1 for k :0. First.as.l:Iffi. The continued fraction [as..384 DecimalFractionsand ContinuedFractions Next.

.... it follows that -l 1a**lfa'1ra1 t <0. i . From (tO.041 i :loo. To prove the converse. we see that the simple continued fraction of a is purely periodic. fraction for a reversed.fe the (k-l)th of fraction expansion a . it follows . at.17) Pt-r : 0. since oti-t: ai-t I llai and .. oi-l di-z : ej-'.r .t / a .l / a j .a 2* (q * -rP )o l Now. we seethat continued (1 0 . e . .a1.1 / u ' . .a2. and hence .Q2..gative integers i and i' i.1 O.ot|.< 7. : .Sincea:|ag. . . the proof of Lagrange's Theorem shows that there u...l . | j t ..1 : o : o(j-z)ai-3: i-rContinuingthisargument'w€seethat aj-30.1 / o r * r ]. e r. a'rr+r so that ek: [ .a 1. Since a is a quadratic irrational.. nonn. such that ai 7-oi.9._tlq*_r and p1rlq1.ai-il la o.t6). o th a t b y T h e o re m 10. note that from ( t o . a o ..4 P er iodic Conti n u e d F ra c ti o n s 38s Next. that ag : aj-i ' Since d0 : a : : Iag.. a t ..assumethat a is a quadratic irrational with a purely periodiccontinuedfractiono:|ffio|. 1 ) 6 a:ffi.e -i -1.'.oi-i-t. Then with the period of the simple continued that s 0 : lo*iek . . . 3. t 5 ) w e h a v e d'k:a**lla'*+t and since -l 1 a'* < 0 . w e s e e t h a t Since ai-t:l-t/ai with .gr. Theorem 10.Al .Gl. aP* * P*-t and kth convergentsof the where pr. let p be the quadratic irrational such t h a t g : l a t i a t c .. Furthermore. and finally. ... .a o .a1. i l a n O oji--l t : I . Consequently. -l l / a ' * + t 1 ax 1 -lf .. dj-: : oj-t + llai we a l s o s e e t h a t a i .9 tells that ( 10 .

.. we have a : -t/8. s o t h a t .386 DecimalFractionsand ContinuedFractions (ro..et. pi .t hat : Pt /p1r-1: lanian-1.e : pL l! /qi_t.l / p < 0 .lg).Q t< -t: ek-t. ..p )x . and qp/q1-1 ilre in lowest terms. Since .eol pi/qi a nd Qt/q2-1 : farion-r. Hence... Inserting thesevaluesinto (l0. Hence.l < s 7 ' : . since Theorem 10.1 9 )._- D opi + pi-. so that by the quadratic equation. we know that 0p* * qr 1p*-r * qrt Pr$2*(q*t-pr)|-Q*:o This implies that (ro.pt) Gtlp) . ..p*-rQk : (-t)e-t .10 tells us that ppqp-r . a t .q) r er./q* are the (ft-l)th and kth convergents of the continued fraction expansionof . Furthermore.Gt/ilz * (q*-r. 0 : l a n i a n . it follows that . 2. Fqr * q*-r where pi-t/qL and pr. we see that p. however.tz)and (1 0 . B from probremi of section 1 0. . a o lw e s e e t h a t p > I .: Therefore. P*/pp-.rs) P--.a2.pk_t: (to. Qt : pk-r and Pk -t . know that they are in lowest we ?d terms' Also.p* -t : 0 are a and -1/0.w e s e eth a t th e tw o r ootsof the quadratic From equation 4 * x 2 * (q * -r . note that since fi : -l/ot.. pi/qi are convergents.. a is a reduced quadratic irrational. .t .4 t< .p*. Note. Since pi-t /qi-. 4 PeriodicContinuedFractions 387 -l/o':ffiol' tr fraction of '/D ../Dl:21. ./DI+-. so that for t.On: Ol. .t. we obtain fractionof llG/D Al: QnrQ2: Cln-ys. In conclusion.lill +.o*r"i6-t. . al . Q . .orprGol./D is not between -l and 0..o rGrl - for Therefore.20.. We now find the form of the periodic simple continued Although \6 is not where D is a positive integer that is not a perfect square' -.. we find that .a .lD is symmetricfrom the first to the penultimate term.6-ii lie l. r. since its conjug-ate r.duced.a3 a 2 . Ql ' r 2 a g from both sidesof this equality.a2 :log./D... / D l ' w e c a nw r i t e if faf + . so that the periodic part of the continued fraction for .from Theorem 10./D is purely periodic.lD .'[5 ' does its since conjugate. we note that from Theorem 10.2a 0.we find that D | / G/ .n .10./Dl:2a0.D]) .. . so that by taking reciprocals. we know the initialpartial fractionor [. To obtain even more information about the partial quotients of the continued fraction of ./ D : l a g ..tor. ... the simple be obtained from that continued fraction expansionof -l /$'IDl "/D) can + . .when we equatethese two expressions the simple continued .1 .ld:loo. by reversingthe period./D:tmlSubtracting ao : . But also note that 6 -t-6-l:lo. at ....D1):tffi.. ..2 a g 1 ..20. that the between-1 and 0. .t.. we see that the simple continued fraction of 16 has the form .6l r/G/D-t.orro'zmol. 2 Q .D-l) . Since continued is quotient of the simple continued fraction of tJD | + "/D w h e r ea o : I .*. the quadratic reduced. ./Dl .. .. I.ffi./6 : I 2 ao . Therefore.

-.I1 .4 Problems l.rol 1 6 ..l 2 ../N Letd beapositive isla:Tdl.Fqe - ts.ffii.5] b) tz. positive integers d such that d is not a perfect square and d < 100 can be found in Table 5 of the Appendix. 3 . 2 . The simple continued fraction expansionsof . 1 . Find the simplecontinued fractions of a) Jt b) c) d) . 6 . Find the simple continued fractions of il o+. 2.. 2 l. [ 8 . 5 . l. .1 ./Te : and . 1 . 10.388 Decimal Fractions and Continued Fractions We illustrate this with some examples.16l .t.E)t. . 2 . where each continued fraction has a pre-period of rength l and a period ending with twice the first partial quotient which is symmetric from the first to the next to the last term. 2 . 3 . Example./-gq./41 Jr r Jzt e) r) 6 . 18 ] .E fo. 4.ml. 1 .I .rSI c) t2JJI. 2 . 11 . Show that the simple continued fraction of . 1l 2 l . Find the quadratic irrational with simple continued fraction expansion il [z.81)lt c) (tt-./ri: tq. Note that 8. 4 .. il .fi /z b) Qq+.l l 5 6 [ 4 .

then a) b) c) (a1*42)' (a1-a2)' (c''c. 6. has period length one if and only if d ./-B c) 4+'.(a2*urJd)/c.l un int"g. prove that if irrationals.d 2 2' a) b) c) Show that the simple continued fraction of . and.. -l. Show that is a reduced quatratic irrational if and only if <JU andJb-a 1c 1'Jb *a 12Jb ola . a n db l \ a .4 P er iodic Cont i n u e d F ra c ti o n s 389 oi fractions tffit't'fZgg' and continued b) Uggrrt (a) to find the simple J22r0. then the simple continued fraction '/fu. ' t* d'r ot't'or2. 5./F show that the simple continued fraction of JFd Ugparts is [d-l . if and only if d : a2 + b where a and b are integers.m c) d) e) (tt . where d is a positive integer. (a) and (b) to find the simple continued fractions of rfg9' tffg' .t. rsld. a) of Shory lhat if d .ird>l' b) Show that thr __qgple continued la-lM.tm b) c) 7.ft-gt .\f d>3. of Show that if d is a positive integer. has period length two b > l .b ) 0.c$71.z)' and a2-. and c are integers. o''2 d2 1 1 .t.b. Show that the simple continued fraction of Jd 10. l 2 d .@l' is [d.6 2 + .. Let d be a integer..1 O.G60' 6.6f Let d be an odd positive integer' a) Show that the simple continued fraction fraction of of JF+ J d2-q is ld. d > 3 .ft-g)l:t 12. Show that the simple continued fraction of Ji ./-toltg e + . and b is noi u perfecl square.ffil. then the simple continued fraction .lnz. ^re quadratic c . anO Find the simple continued fraction expansionsof . i s[ d .1 ' l H . 8 ./6. : a2+l *here a is a nonnegativeinteger.zd-zi.1: (ar+brJrl)lct : : : 9 . where 4. where d is a positive integer.f?l)/z (tz + -'.2 1 . Supposethat a : G+JF)/c. Which of the following quadratic irrationals have purely periodic continued fractions a) b) l+.zla-zl. . e2:5. such that the simple continued fraction expansion of . is also a reduced 1 quadratic irrational.-1 r. then _ l/a. period of length k.(3k+t)2 + 3 lgsitiu: continued fraction of JOp has a period of length 6ft. 2' .:2ak_t I a*_z Show that if p : (tar + l)2 * 2a1. (Hint: Let at:2./6 h. Find the periodic simple continued fraction expansionof a quadratic irrational.390 DecimalFractionsand ContinuedFractions 13. where * / is a nonnegativeinteger. .4 Computer Projects Write computer programs to do the following: 1' Find the quadratic irrational that is the value of a periodic simple continued fraction. 10. Show that there are infinitely mgy positive integers D. and for k > 3 let a1. Show that if ir-u reduced quadratic jrrational. then rD has a period of length k + l. 14' Let k be a positive integer.) Show that the simple 15' Let k be a iF:r. Let Dk . 6 2 + 8 2 : 1 0 2 .12.l). Unlike most nonlinear diophantine equations.I3 are primitive' whereas 391 . Definition. Consequently. and 5. it is possible to explicitly Before developing the result describe all the integral solutions of (ll. we need to find all triples of positive integ ers x . we need a definition.!.1 Pythagorean The Pythagoreantheorem tells us that the sum of the squaresof the lengths of the legs of a right triangle equals the square of the length of the hypothenrur.5 and 5. 6.to find all right triangles with integral side lengths.2 is calledprimitive if (x. describing triple x. any triangle for which the sum of the squares of the lengths of the two shortest sides equals the square of the third side is a right triangle. The triples 3. The Pythagoreantriptes 3. x2+!2:22 integers satisfying this equation are called Example.a n d 5 2 + 1 22: 132.4.I2.y .z satisfying the diophantine equation (rr.5.y.13are Pythagorean triples 32 b e ca us e + 42 : 5 ' .10..8. Conversely.11 some NonlinearDiophantine Equations TriPles 11.z) : l. all Pythagoreantriples.t) positive Triples of Pythagorean triPles.4. A Pythagorean Example.. Then.21): int eger s x r . all Pythagorean triples can be found by forming integral multiples of primitive Pythagorean triples.dz is a Pythagoreantriple.z) : l. because ""A x2+y2:22. .. B e c a u s p e l. we can easilv show that ( x .2 be a pythagorean triple with (x. z ) : ( y ..! .un conclude that p I z (using problem 32 of Section 3.z r w i th x : d x i . In a similar manner .z) : (y. 1 Consequently.z) : d . so that dx 1.y. and the original triple x. then we have x?+ y?: r?. If x1 ])t.zt is a primitive Pythagoreantriple. Therefore (x g) : l. we have G/d)2+(y/il2:(z/d)2.y) : (x .dy1.z) : l. J i r. Furthermore.z is a primitive pythagorean triple and (x . Also. s o th at p I x andp y. then Proof.r1. This is a contradiction since (x .10 is not. and hence. Hence.z ) : l .* .1. s o t hat x?+y?:r?. Lemma 11.y) > l.!.. To find all primitive pythago*un triples. t.y .r. If x. we need some lemmata. l.21 is a primitive pythagoreantriple. a primitive Pythagorean triple. @x)2+(dyr)r:(dz)2.g. D . Let x. xt.z is G. The first lemma tells us that any two integers of a primitive Pythagoreantriple are relatively prime. suppose x ..y . k n o w t h a t p | ( r ' + y ' ) : 2 2 . Then. note that any integral multiple of a primitive (or for that matter any) Pythagoreantriple is again a pythagorean triple.t ^ l (x y ).!.'*.y : d yt. ther e is a pr im e p s u c h th a .392 S o m e N onl i near D i ophanti ne E quati ons the Pythagorean triple 6. S i ncep x p I I a n d p l .!t.2 is simply an integral multiple of this primitive pytgagoreantriple. there are " i -r' r.2).!. the prime-powers occurring on . Let the prime-power factorizationsof r. the primes occurring in the factorizations of r and s are distinct. that r ) lbe or s : l.. then there are integersz and n such that r Proof.s) : I and Lemma 11. If x.!.n pl.s ) : l.i\ p:. Let x .1). .upptr. then the lemma is obviously true. and t are positive integers such that : m2 and s : n2.z be a Primitive Pythagoreantriple. we establish a lemma about the parity of the PythagoreantriPle. so that 22:x2*y2 = 2(mod4). then we would have ) x . so that x and y cannot both be even.': q?"q'ru' qiur' From the fundamental theorem of arithmetic. Since rs : t2. p:".y\ : 1. Therefore. E of The final lemma that we need is a consequence the fundamental theorem that two relatively prime integers that multiply of arithmetic. or vice versa. By Lemma x and y cannot that (x . If x and Y were both odd.3.z is a primitive Pythagoreantriple. we have pi'pi' pi"pi.y. Since (r.+ipi.s.s. Also (from problem 2 of Section 2'1) both be odd. If r :1 .2. x 2.:p1.1 P y t hagor ean T ri Pl e s 393 integers of a primitive Next. If r. so we may I and s ) 1. then x is even and y Lemma 11..1 1 ..pi2. and . we know Proof. p:" s : p:. It tells us together to give a square must both be squares' (r.it and t : ql' ql' quo'.= v z = I (mo d 4 ). : t2. is even This is impossible (again from problem 2 of Section and y is odd. is odd or x is odd and Y is even' 1l '1. Hence. consequently. l e t ( r . we seethat r . : 2bi. Ir)' lz+x] f . we see that there are integers la and n such that r : m 2 and.s:m2-n2.dl(r-s):x. .z form a primitive pythagorean triple. : n 2 .so that there are p os it iv e eger s a n d s w i th r : (z + i /2 a n d s : (z-i l /2. S i n c ed l . odd. |/t ) n. sothat d :1. with m odd and n even or m even and. T o s e et h i s .y . s ) : 1 . : 12.-"1 y:rM:rffi:2mn. W ri ti n g x . with y even. so that a. is even.and therefore ai/2 is an integer.r('pi.if and only if there are relatively prime positiveintegers 172 and n.l. x and z are both odd. w e h a v ey 2 : z2-x2: (z*x)G-x). eachpi must be equal to Qi for some j with matching exponents.a n d z i n te r msof m andn w e have s x:r-.394 S o m e N onl i near D i ophanti ne E quati ons the two sides of the above equation are the same. int r S i n c ex 2 + y 2 : 2 2 . The positive integers x. Lemma I 1. T h i s m e a n st h a t d l ( * .lt ' J:" w e n o t et h a t ( r ./2 a-/z m : pt' P2' a/2 Pu" a nd n : pi. Hence.l. such that n 'r7-'#ir' Prot{.m2 and .z be a primitive Pythagorean triple. Hence.2 tells us that x is odd and y is even. primitive Theorem ll. . a n d d l s .C' a/2 Pr" ! We can now prove the desired result that describes all Pythagorean triples. or vice versa. Using Lemma I 1.y . x : m2-n2 lr): I .every exponenta. r ) : 1 . where m and n arethe integers a. dlG+s)z and. Let x .3. z*x and z-x are both even. Since we have assumed that y is even. s ) : d . forms a primitive Pythagoreantriple. Hence. t h e r e i s a p r i m e p .z ) : l . I . Theorem x:m2-n2:52-22:21 Y:2mn:2'5'2:20 z:m2+n2:52+22:29 is a primitive Pythagoreantriple. since any common divisor of : * ' + r' . a n d w e know that (x.n): and n:2. To seethat everYtriPle x : m2-n2 y:2mn :2m2*n2. m ) n.i ) : 1. x 2 + y 2 : ( m 2 . triple has the or vice versa.x and p l t. m and n must also -x we see also that (m .n2' .y .z) : l ' Since and z would all be even. T her efo re . T h e n .y. D The following example illustrates the use of Theorem I I .z i s a pri mi ti ve P ythagorean triple.y :2 m n . 1 PY t hagor ean Tri P l e s 395 z:r*s:m2+n2. z ) : d ) ! .s u c h t h a t p l ^ ( x . a n d .n) where m and n first note that m * n (mod 2).prime..W e note that p * 2. (* .y . c o n t r a d i c t i n gh e f a c t t h a t a n ' dp l i t . y . (m. assume t h a t ( x . : 1. Pythagorean so that (m. n o te th a t b e c a u s e I. Example. This shows that every primitive Pythagorean appropriate form. a n d z were' then x y ' We also note that rn and n cannot both be odd. and To see that these values of x. contradicting the condition (m.y. are positive integers. This concludesthe proof. for if they (x. and z are mutually relatively .z) : l ' Oi "i O" : m 2. A l s o . (r. z ) ^ . f f i * n ( m o d2 ) . Let m:5 1I .1 1 . we seem is even and n is odd.n) : 1.n 2 ) 2+ ( 2 m n ) 2 : (ma -2 m2 n 2 + n 4 )* 4m2n2 : ^4 * 2m2n2 na t : (m2+n2)2 : 22. since x is odd (becausex: m2-n2 where mz and n2 have p o fp o rit " par it y ) .n) : I and m and n cannot both be odd.1 tells us that m ) n.l to produce triPles. y . : 2 n 2 . p I G+ i :2m2 t H e n c e p I m a n d p I n . a n d x o y . 2 with z < 40. m n x : m2-n2 y:2mn t : m2+n2 2 3 4 4 5 5 6 6 I 2 I 3 2 4 I 5 3 5 15 7 2l 9 35 1l 4 t2 8 24 20 40 r2 60 5 l3 l7 25 29 4l 37 6t Table 11. Show that if x .. be defined . 4 . 3 . divisibleby 5.y.1. 5 .!.l. .zt: 5. and let for n :2.!.3.!.l t : recursivelv bv 4.y and.3 . then at least one of x.396 S o m e N o nl i near D i ophanti ne E quati ons We list the primitive pythagorean triples generated using Theorem I l. L e t x l . 6 . Show that if x.l l.. then either x or y is 2 . then exactly one of x.z with z < 40.2 divisibleby 3. Some Primitive pythagoreanTriples. and z is divisible by 4.l .l. Problems Find all il b) primitive Pythagoreantriples x.l with rn : < 6 in T abl e I l . I l.. Show that if x. Show that every positive integer greater than three is part of at least one Pythagoreantriple.z is . Pythagoreantriples x. is a primitive pythagorean triple.z is a Pythagorean triple.4.z is a Pythagorean triple. Find formulae for the integers of all Pythagoreantriples x. triples xJ. 11. Fermat wrote in the margin: "However. 2 i s a P y t h a g o r e at r i p l ew i t h y : x Pythagorean triples given in problem 6' the + l. Find formulae for the integers of all Pythagoreantriples x. it is impossibleto write a cube as the sum of two cubes.2 Fermat's Last Theorem In the previous section.Z isoneof : Find all solutions in positive integers of the diophantine equation x2 I 2y2 t2' Find all solutions in positive integers of the diophantine equation x2 * 3y2: positive integers of the t2- 10.3xn*Zzn*l !n+r-3xn*2zo*2 zn+t-4xn*3zn*2' Show that xnln.l. thenx. n S h o w t h a t i f x . than two? Next to the discussion the equation xz + y2 : z2 in his copy of the works of Diophantus.zn is a Pythagoreantriple' 7.l. diophantine equation Find all Pythagorean triples containing the integer 12.z Find all Pythagorean with xy. ! .2 Fermat'sLast Theorem 397 xntl." .l. 1 5 . I l. but the margin is too small to contain it.11. g. For this I have discovereda truly wonderful proof.and z lessthan a given bound. and (r!2l4-1)/2 if x is even. g.-y. Find all solutions in positive integers of the diophantine equation *' * py' : 22. 2. Find all solutions in w2+xzry':t'.1 Computer Projects Write programs to do the following: l. Show that the number of Pythagorean triples x. !. 1 2 . x is odd. we showed that the diophantine equation x2 + y2 : z2 has infinitely many solutionsin nonzerointegersx.z with z y * 2' 1 4 .z (with x2 + y2 : z2) with a fixed integer x is (rk2)-l)/2if wherep isaprime. z . Find all Pythagorean triples containing a given integer' ll. What happens when we replace the exponent two in this equation with an integer of grrut. a fourth power as the sum of two fourth powers and in general any power the sum of two similar powers..z with z y*l 1 3 . ro. solution. Proof. because a n y s o l u t i o n f x a + y 4 : t a : ( 2 2 ) 2 i v e sa s o l u t i o n f x a * v a : 2 2 . and shows that a diophantine equation has no solutions by showing that for every solution there is a "smaller'. !.4 uses the method of infnite descent devised by Fermat.2. The diophantine equation x'+ln:zn has no solutionsin nonzerointegersx.ho* that the diophantineequation xa+!4:24 has no solutionsin nonzerointegersx. In th i s s e c ti o n . z when n is an integer with n D 3.the foilowing conjecture is knowi as Fermat. and z.l.2 wheneverp is an odd prime. Even trrouitr no . e wi l l show w that the speci alcaseof Fermat's last theorem with n: 4 is true.or. The diophantine equation **'.. This method is an offshoot of the well-ordering property. Note that if we could also show that the diophantineequations xP + YP:7P has no solutionsin nonzero integersx. contradicting the well-ordering property. o g o Theorem 11. Fermat's Last Theorem. has no solutionsin nonzerointegersx. r.s rasttheorem. !..!. That is.*1. The proof we will give of the special case of n . Currently' we know that Fermat's last theorem is true for all positive integers n wit h 3 ( n < 1 2 5 0 0 0 . we will . This is strongerthan showingthat Fermat's last theorem is true for n: 4.".398 So me N onl i near D i ophanti ne E quati ons Since Fermat made this statement many people have searchedfor a proof of this assertion without success.r: t' hasnosolutions nonzer" in . then we would know that Fermat's last theorem is true (seeproblem 2 at the end of this section). z.. Since we may replaceany number of the variableswith their negatives . Assume that the above equation has a solution in nonzero integers x.t proof has yet been discovered.z. Using the method of infinite descent we will show that the diophantine equationxa + !4 : 22. let (x. Hence do | . l : 1 0 . ro. yfr the even to x62 where we have interchanged andyfr.Y.we know that there afe iythagoreantriple. su ch S i n c ex d + y t : z l .i.n). and : x r. da(xf + yf): (d2tr)': dor?.2 F er m at ' s Las t T h e o re m 399 that x.z are we may assume without changing the validity of the equation' positiveintegers' : 1' To see this. lo. andp I y&' thenp I xs l-fi. : l r' z : zr x ' 2 i n p o s i ti v ei n tegers : xt' ! : z.'l'ro. z : that there zsare positiveintegerswith (xe. y&. where z 1is a .y) integers' (x v Yt) : 1 ' w h e re x 1 and y 1 itro Positive x : dx 1 and y = dY . .o is a Pythagoreantriple.yE.lrq): l. .'.solution f xa + y4: z2'where o t S o .1 1 .'is a. Furthermore. m # rl (mod 2) ' and positive x& : m2-n2 !& : Zmn zo: m2+n2. and. z: zt w i th (xr' yl ) : 1' x i s a not hers olut ioni n p o s i ti v ei n te g e rs t hat 21 1 z s . Th i s giv esa s olut io no f x a + y a : with (xr.yr) : 1. . by problem 32 of Section positiveinteger' Thus' Therefore z : d'r r. and by Theoremprim-itive z integers andn with (z . if necessary' make of integer this Pair.. Hence. Then We may also supposethat (x. . w i th since xa + Y4 : '2 ' vte have (dx)4+(dYr)4:22. 11.. s u p p o s eh a t x : x .1.Y) : d.! : l t. w e h a v e z Gilz+ (y&)2: E. r&> . so that d a ( x f + Y f ): ' 2 ' 2'2' we know t h a t d ' I t .-/o) 1 ' We will show xo. zs is a the contradicting fact that (xq. if p is a prime suchthat p I x3 *3. we have so that x&. so that xf+yl:t?.'. and ro : . n > 3.3 te l l s u s y th at there are posi ti vei ntegers z1 andw with m:t? a n d 2 n : w 2 . Moreover.n. i t easi ryfol ow s th at ( x l. L e mma l l . x{+yf: zl -2 where x t. r # s (mod 2).so that v2: n/2: rs. the diophantineequation xn + yn : z' has at most a finite number of solutions where x g.s. W e note that b e c aus e & : ( 2 d m. Again using Theorem I I . we seethat there are fositive integersr and s with (r. assumethat xa * y4 : z2 has at least one integral solution' By the well-orderingproperty.2d : l . si nc e ( r .n) : l. it foilows that x. we know that among the solutionsin positiveintegers.r2+s2. This completesthe proof by the method of infinite descent. N o te th a t si nce (r.1. leading to a contradiction.s) : l . and.m is a primitive pythagorean tripre.2-s2 n:2rs m . Si nc e m is odd a n d (m. L e m m a 1 1 .s) : l. we seethat x&+n2:m2. zt I 26.y r ) : l.400 So me N onl i near D i ophanti ne E quati ons From the equationfor xfr. n Readers interested in the history of Fermat's last theorem and how investigationsrelating to this conjecture led to the genesisof the theory of algebraicnumbers are encouraged consult the books to of Edwards Il4l and Ribenboim Irt]. S i n c ew i s e v e n .z 1 ?re positive integers with (r r.w : 2 v w h e r ev i s a positiveinteger. w e k n o w that (m. we have shown that from this solution we can find another solution with a smaller value of the variable z.3 te l l s u s th a t th ere are posi ti vei ntegersx1 erd y1 s uc h t hat r : x l a n d s : y ? .-y) : l.n ) : l . s ) : I . H e n c e .y1) : l. we have To complete the proof.! t. A great deal of researchrelating to Fermat's last theoremis underway. . because zr(zf:m2<m2+n2-ro. are z integersand (x. Recently. the German mathematicianFaltings established result a that showsthat for a fixed positiveinteger n.there is a solution with the smallestvalue is of the variable z However. . Since (m. 1 1. in nonzero Show that the diophantine equation xa + 4ya z2 has no solutions integers.. Show that Fermat's last theorem is a consequence : zP has no solutions in nonzero integers when p is an assertion that xP * yp odd prime. 6.:r.showthattheareaofarighttriangle never a Perfect square. show that if p is a) b) 4. . 11. 3.we study diophantine equationsof the form ( 11 .! . z : k2 * I form a solution. z2 has no solutions in nonzero with integer sides is Show that the diophantine equation xo-yo: integers using the method of infinite descent' 5. 2 ) x2-dy'.Usingproblem4. | . : many solutions' 8 . there are no where d and n are fixed integers.2 l.2).z is a Pythagorean triple and x"*yn#zn. of Theorem I l '2' and the 2. then p | (x+Y-z). Show that the diophantine equation x' integers.8y4 : z2 has no solutions in nonzero i. Show that the diophantine equation xa + 3ya z4 has infinitely square' 9 . Show that in a Pythagorean triple there is at most one perfect many integer 1 0 . Computer Proiects such Write a computer program to search for solutions of diophantine equations asxn *Yn:zn. When d <0 and n most a finite solutionsof (11. prime and Using Fermat's little theorem. Problems n is an integer n ) 2' then show that if x. then p | *yt .k(k2-3).3 Pell's Equation 401 ll.3 Pell's Equation In this section. if xP + lP : zP. there can be at . if xp-l * yn-t : zP-r. When d < 0 and n ) 0. tt. (0. Show that the diophantine equation xz + y2: z3 has infinitely k the integers solutions by showing that for each positive integer x : 3k2-1.2 l. sayd : D2.3.dy': x2 . First considerthe casewhere n ) A. d is not a perfect square.any solution Qt../7 ) 0.lf x2 . v and since 0 1 n < .dy':n. where d and n are integers and d is a positiveinteger which is not a perfect square. since there is at most one solution in integers of these two equationsfor each factorization n : ab For the rest of this section.Dry : G+Dfl(x-Dy) . we seethat x .8.D.y./V) : n consequently. sincethe equation ../7) . Also. Since x2 _ dyr: n.we are interestedin the diophantine equation x2 .:). note that when d is a perfect. Let d and n be integers such that d > 0. : ) G +y. In this case. . where a and b are integers such that n : ab. there are only a finite number of solutions./7) G -y./v is very useful for the study of this equation. then xfy is a convergentof the simple continued fraction of ^/7.dyI: n. Theorem 11. Proof. and lrl < r/7.quur. corresponds a to simultaneous solution the equations of ::'d=./7v) v x 2 -d Y2 y G + y.. As the following theorem shows. we see that YW ta : G -. so that x > yrT. From (tt./7>0.402 Some Nonlinear Diophantine Equations numberof solutions. * _.dyr: n impliesthat x2 l"l < fi lrl < JM. il* x2 . when d is a perfect of square.n Hence.wesee that ( tr . the simpL continued fraction of -. " expansionof denote tie kth convergentof the simple continued fraction ./x) : l/(l/{cl ) ' u converyentof the simple continuedfraction of '. pt *' J l Q * . *"see that if s # u then r-t .L e t r * s r / V : t + r t / l is not a perfect square./7 : t * u.. Then r : t numbers and d is a positive integer that ands:u.4.j. t* L :0 .. convefgentsto find solutionsof this diophantine equation' ^ perfect square' Theorem 11.. we prove a useful lemma.17 < +. to obtain When n ( 0.'..3 P ell' s E quat io n 403 \fr YQYJA) t \ q I 1 fi Zy'rld :l ) L! rr2 1 Since 0 < x_ 1 convergentof the slmple contlnueo fractionof JL .J.1.n. Before we prove Theorem 1 1. proof.dy' : n by -d. 4 . a n d u ^ t e r a t i o n a l L e m m a 1 1 . Since r * s.r : ( . t .1 1 . we have shown that solutions of the diophantine equation ^1"1 ./7 u-s . w h ere ao: Jd ' Furthermore'Iet O.'o'' : (io + './d x2 . oo: [47. s .. Then pt-dqt:(-1)&-rgp*1./hlQr. are gifn by the convergents of the simple continued *h. Let d be a positive integer that is not and P*+r --!*Q! . w h e r er ..18 tells us that x ly must be a Theorem v2 .fr*': -3 we see that y /x is a By a similar argument to that given when n ) 0 o of ll. we know tB *l!.1 . we divide both sidesof x2 v .4.:1l..r/7' Therefore' convergent of the simple continuid fraction expansion must be a from problem 7 of Slction 10'3.2 ./7. dk il. -r 2v' 10.dy': n. The next theorem will help us use these fraction expansion of fi. .r Jd. i s a c o n v e r g e no f t h e simple continued fraction of . . j : 1 ./7 ._t (P**. equation : x. .s : u.otk+tL. 2 .dqi : (ptqt -t . the positive solutions of the diophantine y. we obtain pt .dy'r *: .444 So me N onti near D i ophanti ne E quati ons B y T heor em 10 .l)o-teo*r. where we have used rheorem 10. . .8)p* * e*+pr. equation x2 .. Since ^E : o. we will use Theorems ll. 2 . subtract the first from the second. JV: Therefore.ar.4. * and Q*+et -r Pt+ f l* f Q t + r Q n -t: p k W h e n w e mu l ti p l y t t.ro is a positive solution of x2 . . ! : Q i r . : -t. e2./V)qr * et +rQ*_t dqt t (Pt+flt.3 and rr. from Theorem I 1.. and consequently : r t.+tpr. Pyoof. Then.ek.. From Lemma 11. . I Qt +rQtr-r)fi : (pr. and by Theorem r0.t . when n is odd.-r) + p*fi. first of these two equations by qt and the second by pt. ! : Q z i n _ r j.pr-tQ*)eo*. Theorem 10. Theorem 1l'5' Let d be a positive integer that is not a perfect square. Hence. Theorem 1r. : .: (. (r-t)/(u -s ) i s ra ti o n a l . 2 . even.r.ll i n has no solutions./7)/er+r ott+tp* I p*_t . r t " r r q k+ q r r ' we have i. On the other hand. a n d t h e s o l u t i o n s f x z .4 to find all solutionsof Pell's equationand the related equationx2 dy. + . with n : I is called Pell's equation.r . l : o Q e i _ r ) n _ rj.2. Proof. : P*+tPt.3."' and let n be the period length of this continued fraction.a n d t h e d i o p h a n t i n e .4 we know that ..9 tells us that tj -vs Since dk+t : (pt *.0: Ias.8. : 1 . + . A We can now prove Theorem I 1.dy': tl. and then simplify.2 Jv irrational.1 .4. then x0: p*2!o: t Q * w h e r e p * / q 1 .!"n .3 tells us that if xo.d!':1 o a r e x : p 2 j n . we find that dqr.ay" : I are t . we see that (P**t + .10to completethe proof.1 . . .. .* e*+rpt.l a r ex : p e i _ D n _ r . . the positive solutions f x2 . . 3 . Let px/qt denote the kth convergent of the simple continued fraction of . 3 . k : 1. tr The special case of the diophantine equation x2 _ dy.d y ' : . 3 . 4.f . .3 P ell' s E quat io n 405 pt-dq?:(-l)ft-r21*1..P z i n .. these two inequalities for p1 are Since second.3.a s o l u t i o n x2-dyz:l .k+l: P1ra1 'ftr' purely of the Since ok+l : la1ra. expansion. 2 .we have completed the proof. 3 .1 1 .. . . continuedfraction expansiOn a1a1 is us that -1 1 a*+r: Pk+r. we know that Becausethe period cf the continued expansion oL"/j ('int" J'l : ' Hence' : : Qjn Qo:I for7 1.. we will show that Qpal: # -l for 7 : 1 .dy2: -1 To show that the diophantine equations x 2 d y ' I have no solutions other than those already found. 4 2 1 n . .t . where Since we have found all solutionsof x2-dy2: I and x2-dy2: x and y arc positive integers.f 'f . Since the simple continued fraction of .3./7>t. i s a s ol uti on of x2 . -r/7 and. 3 ."'. Th i s im pliest hat P k + t:l r/7 1 .i s .. "tf pk-.d y ' : I an d Pz (j -D r-r. is n. Theoiem !0.I )/n' a solution of This equation shows that when n is even Pin-t. th e n * c. Qin-t is t f o r 7 : 1 .5 with the following examples' Example.2.we seethat Qt # -1-1.. we see that Pi < contradictory. from the From the first of these inequalities. n We illustrate the use of Theorem 11.d q?^-t: (.''17 < O' periodic. . Hence.f .l)i'Qni : (.el the < ei:-Pi+^ftt <0 .a1r1z. " " n o t e t h a t Q i : . . 3 .dy' : -l for of x2 j : 1.l. a n d w h e n n i s o d d .l i m p l i e s t h a t #-lfo ct.8 is tl.20 tells . :1 and x2 .2..Q z (i -D n -. 2 . implies that n lk and that Q1 We f ir s t not e t ha t i f Q t* t: l . has a purely periodic simple continued fraction dj : -pi -G. we see that Pi > -l -fi.. s o th a t d k : c " o a nd nl k' T o s e e t h a t Q l-'Sin"" r 7 : l .we know that -l and dj:-Pj--. whereQx*tisasdefinedinthestatementofTheoremll. 2 . . ' j _t. assume that X.lt is a solution for fr : To show that every positive solution is equal to x*.. T h e p o s i ti v e s o l u ti o n s of the di ophanti ne equati on x 2.ytrfi: (x r.l4y2 : -1 has no rotuiionr.ayilo 1.Wl. tst note that by taking conjugates.lr.Qto i -o i : 1 .e 4 j -r. The least po-ritiu" sorution is pe: 649.dyt : (xp+ yr..dyL : l.et. { e : 1 8 0 . 3. because from Lemma 10.. Theorem 11.!! a solution. i : l'2'3"" *T]: p1_o1/e./7. Then all positive solutionsxk. the positive solut ionsof x 2 .fi)G. .lk are given by x2 I are pni _t.m.y1.lk for k : 1.. . Qt: 4. . Now.4../r -. 2.l 3yr: is ctnvergent . where d is a positive integer that is not a perfect square.2. and that To show that x1..lt< for some positive integer ft. The l eas t pos it iv e s o h l ti o n i s p t: 1 5 . Since the continued fraction of -. The di ophanti ne equati on xz . . (Note that xp andy1.. .y is a positive solution different from x*.406 So me N onl i near D i ophanti ne E quati ons continued fraction expansion of .. Example.3 . L9t xg1 be the least positive solution of the diophantine equation x2 .6. We conclude this section with the following theorem that shows how to find all the positive solutionsof pell's equation x2-./T)k. the conjugate of a power is the power of the conjugate. note that xt .are determined the use by of Lemma Proof. since the period length of the simple continued fraction expansionaf . the l east posi ti ve sol uti on i s : Pq: 18.r.13y 2 : . j w here p+ i -tbqi -r i s the 7th convergentof the simple continued fraction expansionof Vl4. T h e n th e re i s a n i n te g e rr s u c h t hat .yr.is a solution for k : every solution is of this form. : r.3. without finding subsequentconvergentsof the continued fraction expansionof ..t4 y 2 _ : I a re p a i -1 . .2 . . . it follows that x1./la is even..dyt : I from the least positive solution. We need to show that x1r.. .fr is t3.I a re Prc i -o .y r E ) k Hence xk.roi-r the (roi-l)th." simple or pos it iv es olut io n s f th e d i o p h a n ti n e o e q u a ti o n xtr*yrfi:(xt*yrr/v)o fork: I 1.qa 5.fi) : : (x?. : ( xr t y 1 6 ) o ( " .4). [i Now let s * /. and furthermore.we have .lV./ i s a p o s i ti v es o l u ti o n .y r f i ) n ( X + Y J A ) (*?.t'.3 P ell' s E quat io n 407 (xl + yJ7)" < x + Y. For instance.fr'.I' must be xpy1.Y. choice of /c.1 1 ./7 < xr * ytfi. Hence wesee 1> +(s .[d)-t. ./7) (s .17)] o. : 1[(s 2Jd > + t-. yp where x* * yr. t' 2 y1.l3y': I is xt:649.. .dYz) t.t J a ) ( s+ t . and note that s2-dtz:(s : (xt : -l - + yf/7)'8 ./7 ( (xt * v]/a)n*t' (x t * y rfi)-"' When we multiply this inequality by we obtain I < ( xr .ff)l o r : +t(s t r.we know that and .s o th a t s 2 x1.yrfi)'(x + YJI).l7)Gt ./n : (649+ tgo\[Lte .oner. tr To illustrate the use of Theorem I1. that0 < (s + tJa)-r < 1. -Pr: 180' Hence' all e t h e d i o p h a n t i n e q u a t i o nx 2 positive solutions are given by xt./ is a solution of x2 dy': 1.dy?)'8' ..'. we .and But this contradicts the choice of x1. for some inequality s * f . we have the following example' positive solution of Example.--Mor.'../7> i .6.y1 as the smallest-positivesolution' Therefore X.'"*. by the Th i s m eanst hat s./7> /- l.r. since knowthat s + t-.r".r r f i ) n ( x + Y J d ) ( x t + Y I I A ' : (x1* yt.dy? :1 implies x t !t. From a previous example we know that the least . that x? since .. / D We see that s./7 :(r. 6 4 9 .l t. The least positive solution of the diophantine equation xz . 13 e) f) tj 3l e) h) 4r s0. Find the least positive solution other than x t.4y2: 40 4xz .y ' : 1 8 0 ./l + t H e n c e x 2 : 8 4 2 3 6 1 .1 c)2 4.3 l' Problems Find all the solutionsof each of the foilowing diophantine equations a) b) c) x2+ 3y2:4 x 2 + 5 y 2: 7 2 x 2+ 7 y 2 : 3 0 .3ly' : n havea solution a)l b) . lt2261i398A. d ) -3 d4 f) -s ? Find the least positive solution of the diophantine equations a) b) x2 . o t h e rt h a n X 1 . Find the three smallest positive solutions of x2-37y2:1. the diophantine equation 5.9/2 : loo.6lyz : 1 is xt:1766319049. does the diophantine equation 3' For which of the following values of n x2 . . ll.29yz: 1.l 3 y 2 : l . y 2 : 233640 is the least positive solution of x 2 .408 Some Nonlinear Diophantine Equations x z * y 2.. 2' Find all the solutionsof each of the following diophantine equations a) b) c) x'-y':B x2 . 6.8 : 842361 233640.drz : -l has solutions il2 b)3 c)6 d) 7.29y2: -1 x2 . For each of the following values of d determine whether the diophantine equationx2 . S!g* that if pr/qt is a converggntof the simple continued fraction expansionof Jd thenlp?.dyz : I and X. 9. (Hint: use Theorem 11. Show that the diophantine equation x2 . Let d and n be positive integers.dyz: infinitelv many solutions.2t2: +1.dy' : .1 to write the lengths of the legs as x -. Find the solutionsof Pell's equation from the least positive solution (see Theorem I 1.6). . Then x-y:il implies that (s .dy': r.d y 2.1 .12 and y :2st. 2.dq?l < | + zJd. Xs t Yr is alsoa solutionof x2 . then the diophantineequationx2 .3 Computer Projects Write programs to do the following: 1. then Xr + dYs.) 12. where s and t are positiveintegerssuch that (s. Show that each of the following diophantine equationshas no solutions a) xa-2ya:1 b) x4-2y2--1.r2 .or b) I l. s ) / and s and t have opposite parity. such that the diophantine equation Find the least positive solutions of the diophantine equations x2 .t) : l.dyz: rz has no solutions. n either has no solutions. 11. Find those right triangles having legs with lengths that are consecutiveintegers.dy': x 2 .dy': -l has no solutions.r)2. I and 3. Find those integers n with lrl < Ji x2 . il Show that if r.1 1 .s is a solution of the diophantine equation x2 . Show that if d is a positive integer divisible by a prime of the form 4ft * 3..3 P ell' s E quat i o n 409 8.Y is a solution of the diophantine equation x2 . . Appendix . 7 t55 3 .ll 7 313 37 33 -23 .73 ll 3 t7 7 331 3 1 31 9 t20 t2l 1379 317 3 7 --23 3333 17fi29_ 3 7 313373 3 11 9 3333 7 3 13 3 33 rr 31 7 13 317 319 7 323 3 -29-37 33 7 319 3 13 7tt323 317 313 3 7--33ll 33 3 13 7 313 37 3 r22 123 t24 125 r26 t27 128 t29 130 131 n 3.13 3 8 37 3t 33 7 -tl 3323 33 7t71933313 3 t73 7 337 3 1t 329 313 23 33 7 33lt 33 19.of ..odd positive integerlessthan 10000 and not divisibleby five is givenin the table. The leastprimefac1o1.3 1 1 153 329 3 r54 2 3 .3 r 3 r0 8 3 1 7 3 109 -19 7ll0 323 3lll 7 33 lt2 t7 . ThJinitial digits of tile integeiare listedto the sideand the lastdigit is at the top of the column..412 Appendix Tabfe 1.l l 7 26 3327 33 28 717 29 33 13 30 7 33 .7 107 3 .ll 3l 32 3t7 3 7 33 33 34 l l 7 .3 7 t2 ll 33 13 7-14 3 ll 3 15 33 l6 7--13 t7 33l8 3 11 3 l9 20 3 7 3 ll 2l 373 22 1 3 23 3324 313 3 25 . 1379 0 I 2 3 4 ) 6 7 8 9 t0 3 333337 37^ 33 33 33 7 4A 4l 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 6l 62 63 64 65 66 67 68 69 70 7l 72 73 74 75 1379 -131180 3 7 38l 373 82 19_ 83 3384 lt 33 85 7 86 3 ll 3 87 13 33 88 -r7 7_ 89 3390 7 3lI 3 9r 1 72 3 92 313 3 7 93 33 94 19 7-13 95 3396 33 97 7ll-19 98 3399 33 100 13l0l 3 7 3t7 t02 373 103 _ ll rc4 33105 3 2 3 3 106 l l . primes are indicated with a dash. FactorTable.35 33- r32 r33 134 135 136 r37 r38 139 140 t4l r42 r43 144 145 t46 147 148 r49 33150 1 9 3 1 1 3 r5l -1737 7 rs2 3 .1l ll3 33 7 rt4 33 ll5 1379 3 ll 3 319 3 3 7 329373 23-3 .3 lr 13 33 7 3 19 329 t7 33 .::h.3 - . 4 1 242 33 7 243 l l 3 3 244 7 -31 245 3 ll 3 246 2 3 3 3 247 7 --37 248 313 319 249 4 7 3 l l 3 250 4 t .2 3 7 302 33 13 7 3303 3 304 .2 9 3 7 3l7 37 3 29s t 3 .3 ll 3 ll9 7 329 3 240 241 .Appendix Table 1.t 7 4 3 254 33?5S 33 256 t 3 l t 1 7 7 257 331 32s8 2 9 3 1 3 3 259 723 260 3r9 326r 7 33 262 ..4 3 185 3 1 7 3 l r 186 33 t87 188 3 7 3189 3 1 3 7 3 r90 .4 3 3 7 r 1 263 33 7 264 1 9 3 3 265 l l 7 .2 3 1 3 251 3 7 3 ll 252 37 3 253 .l l 296 33297 313 3 298 t t t 9 2 9 7 299 341 3300 331 3 301 .1 9 . 413 r379 19 33 7-t333t7 33 7-3333 723-ll 331 317 t3 33 ll 3 7 323 41 373 19313 329 3r7 3 .l t ..ll 7 3337 33 r77341 329 7 33 133ll 3 7 313 3 723t7 r82 3 . (Continued).2 3 l9l 33r9 36 37 38 39 160 r6l t62 r63 t64 r65 r66 r67 r6 8 r69 170 17l 172 173 174 175 176 177 178 179 180 l8l 76 77 78 79 1379 7t33r9 33 ll 3713-17 3 7 33 343 7 -3r9 313 323 3 7-tl29 33t9 33t 3 3 7 3u373 2 9 t3 3 ll 3 33 --19 7 33t7 3 ll 3 l34t 7 337 3rl 7 313 3 3r--47 33 7 317 3 23 7-33r3 337 3 731-3343 33 29--ll 3 7 337 3 ll6 1379 3 7 3 lt 3 7 -29 118 .t 7 1 1305 343 3 7 306 33 307 3 7 7 1 7 308 33309 1 1 3 1 9 3 3r0 729133ll 3 l1 3 156 t57 158 159 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 - rt7 2m 201 202 203 204 205 206 207 208 209 210 2tl 2t2 2r3 2t4 2t5 2r6 217 2t8 2r9 220 22r 222 223 224 225 226 227 228 229 230 231 .266 33t7 267 33 268 7--269 33270 3 7 3 3 27r ll 3- 1379 3 7 31 1t 9 3 7 33 37 3753 329 37 3rt 3 19--17 33 7 33 747t9 313 343 33 7rl-13 334t 33 2 3 3 7.3 3 1 r83 3 ll 3 184 7 1 9 . 7 4l 313 37 319 3 -13 329 3 7 33 7tt_ 347 361 33 7-37319 323 ll 313 3 -53 3 7 319373 t7--29 3331 37 3ll 3 --43 7 3311 23 33 717 3353 7 33 1379 272 3 7 3273 37 3 274 .719 3 ll 3 7 33 323 3 7 3- 37r 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 . 13-43 3r4 3 7 347 3 1 5 23 3 7 3 316 2 9 317 3 19 3 ll 318 33 440 44r 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 4s9 460 461 462 463 464 465 466 467 192 r93 r94 195 r96 r97 198 r99 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 t7 341 3 --13 7 329 3319 3 3713 7tl 337 33 1 1- 3- 3- :oo 361 362 363 364 365 366 367 368 369 370 3le. (Continued).ll 3l 3r7 3343 3 l94r7 3313 ll 323 3 47.l1 7 353 34r 7 317 3 313 3 7 329 3 r 7 7 1 9l l 337 333 7-3r3347 3 13-_-17 3 7 337 3 .413 33414 4 1 3 1 l 3 4t5 7--416 323 311 4t7 4 3 3 3 4 1 8 37 47 53 59 419 3 7 313 420 37 3 421 .* 3 r z 37 3 7 3lr 3 7 3 1943 3ll 323 33 -6t7 334r 17 3 11 3 767 33 ll 7 33 1333 7 23 313 3 19 7*329 347 33 71723t9 3 ..3 13 33 43-t7lI 3 7 331 373 tt4t-3333 59-13 7 33- 13 33 . Appendix l3 7 9 232 233 234 235 236 237 238 239 1379 n23t3t7 3333 -137 3r7 323 33 73313 33 23-7 3319 33 ll .1 34 t 275 33 3l 276 l l 3 3 277 1 7 4 7 .3 1 7 42s 33426 3t7 3 427 7tl 1379 3t2 353 3 3r3 .414 Table 1.l t 422 341 3423 319 3 424 .7 278 3 11 3 279 33 _19 400 40r 33402 33 403 2 9 3 7t t 7 404 313 3405 33 406 3 t t 7 7 1 3 40'7 3 3408 7 361 3 409 l74r0 3ll 3 7 4tr 323 3 412 t 3 7 .. l 319 431 7 -3 39r 3351 293 4'.5 9 s67 5 3 3 7 3 3.337 3617 3 1 3 537 4 1 3 1 9 3 5'._ -23-53 479_ 3 439 133 3 5 9 399 -Tt1 7 3 3359 qt*.7 329 7 611 35 3 1 4 7 3 1 3 3 571 .33r 393 333s3 474 1 1 3 4 7 3 343 3434 7 --rl 3 394 3354 7673 475 3 5 9 3 3 7 435 1 9 3 39s 355 5 31 1 311 319 476 7-lr17 436 3 3 5 6 3 7 3 4 3 396 t 7 3 3 2 9 477 1 3 3 1 7 3 33 7 3 397 t r 2 9 4 1 2 3 437 357 --4 3 8 1 3 3 4 1 3 478 7 3 7 31 73 7 398 358 3.37 527 487 .' t .3 6 1 3 3493 3 l1 3 614 3 5'.5zo 480 :tn7tl13 3 1 3 3 1 7 5 6 1 3 1 3 4 1 3 601 4 8 1 t 7 .1 1s28 319 3488 37 3 .1 3 7 3 7 7 37 429 3r7 3 389 713349 317 3470 3 430 1 11 35 9 3 l 390 4 7 3 't 353 3 3 31 3 ll 350 471 3'..1 9 2 3 r r 566 486 607 1 3 .l 3473 3 433 6 1 7 .2 9 317 3491 3 11 3 -r 3 5 9 3 t 7 612 7 7 3 572 t73 1 3 3 532 '7 492 1'1 .7 s69 3 4 1 609 3489 6 7 3 5 9 3 s29 1 1 6 7 3 610 -r73141 313 570 33530 490 1 3 .1 l 533 3 1 9 573 1 1 3 .560 :-Tl r 7t 600 1 7 3 .77 2 9 2 3 s 3 3497 '7 323 3 -17 3 7 618 3578 7 3 538 498 1 7 3 3 11 3 619 4111 579 33s39 7-19499 3 7 3620 JI | 3 580 540 1 1 3 33s00 3 33 1 1 621 581 3 7--3 2 9 3 54r ' 71 3 5 01 622 J 5582 311 361 l l 4 7 542 502 323 3r7 623 719133 583 3543 3 7 3503 I 4 ^ - ^ a .415 Appendix Table 1. (Continued).74 7 33 7 534 3494 347 3 -531123 3 11 3 13 615 )t) 3 535 3495 731 3 3 1 3 7 576 7 3 7 3 3 6r6 6 r s36 496 1 1 7 . 468 3 1 3 4 3 3 33-1113428 348 5 9 3 1 l 3 3 8 8 3 469 .1 l 3 7 3608 3 1 7 3 568 1 3.72 432 2 9 3 33392 713-352 3'.3 3.6 1 521 3r9 3602 7-1713 3 562 3 7 3 1 1 522 2 3 3 482 3 603 3 7 3 -13 343 3563 3 7 3 523 483 7 --23 3 604 3564 3 7 329 484 47 29 37 13 524 373 3605 565 3 2 3 3 4 3 525 5 9 3 7 3 485 3 606 1 1 3 3 7 33 3 1 3 526 . l l 6 l _ 692 3 7 3 1 3 732 3 t 7 3 772 7--59 6s3 3 4 7 3 1 3 693 2 9 3 7 3 733 ..1 3 7 779 3 .l l 626 33507 I r 3 3 547 .7 737 3 7 3 3 4 7 777 t 9 3 7 3 .1 3 587 3 7 3627 33 508 .3624 7 9 3 3 505 .l l 7 2 9 593 317 3_ 633 1 3 3 3 514 5 3 3 7 .l l 764 33645 3 l l 3 685 1 3 7 ..5 3 638 313 3_ 519 29 33 559 729tl 599 3 1 3 3 7 639 7 33 640 3 7 1 94 3 t 3 680 33 1 l 720 1 9 3 3 760 l l .1 9 509 3 lt 3 _ 549 1 7 3 2 3 3 589 4 3 7 1.1 7 629 3 7 3510 33 550 7 590 33 1 9 630 373 5ll 19.1 9 725 33 7 765 7 3t3 3 646 7 2 3 2 9 .7551 337 3591 2 3 3 6 1 3 6 3 1 .l t 4 l 773 311 371 654 3 1 3 3 694 l l 5 3 734 3 7 3774 361 3 655 .3 1l .416 Appendix Table 1.l t 73r 3 7 t 3 1 3 771 l l 3 3 652 ._ 686 33726 5 3 3 1 3 3 766 4 7 7 9 1 1 647 3 .3 ll 687 3 1 3 3 727 il 7 1929 767 33 7 648 3 1 3 3 688 7 -7t83 728 33 3 7 768 33 649 . 504 7 r 3 7 3 544 13_ 584 3.t l 512 3 4 7 3 2 3 552 33 592 3 t .1 3 7 548 33 ll 588 373 628 l l 6 l .1 9 .7 s 9 635 33516 1 3 3 3 556 6 7 .7 518 37r 3s58 3 3 7 3 598 .1 9 596 3 6 7 3 4 7 636 33 517 731_ s57 33 7 597 7 3 4 3 3 637 2 3 .3 1 1 3 _ 545 3 7 3 5 3 585 3 _ 3 625 7 1 3 .. (Continued).2 9 7 1 1 698 658 33 2 9 738 1 l 3 8 3 3 778 3 1 4 3 1 3 659 319 3699 33 739 1 9 .t t 7 515 33 7 555 7 33 595 1 1.1 9 s54 3 2 3 3 3 1 594 1 3 3 1 9 3 634 t 7 .4 3 7 3 6 7 689 361 3129 2 3 3 3 769 743_ 650 3 7 3 2 3 690 5 7 3 3 730 767-770 33 13 651 1 7 3 7 3 69r .t r 506 3 6 1 3 3 7 546 4 3 3 7 3 586 .3 1 ..3 1 .7 632 335 1 3 7 3 l l 3 553 .7 64r 3 1 l 3 7 6 8 1 7 3 t 7 3 721 7761 323 319 642 33 682 t 9 722 3 31 3 762 329 3 643 s 9 7 4 1 4 7 683 33 7 723 7 33 763 1 3 1 7 7 644 317 3684 3 4 r 3 724 1 3 .7 9 7 695 317 3735 3 7 3 775 2 3 656 33696 33 736 1 7 3 7 5 3 776 3 7 317 657 33 697 .5 9 . .7 758 371 3 3 2 3 759 37t9 840 3 1 3 7 3 880 1 3 .417 Ap p e ndix Table 1. (Continued)' 1379 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 3 7 3111713337 3 7 3 19 329 71761 33359 3 7-lr341 3337 3 193 7 3ll 3 7 3 53--23 3 ll 317 43 329 3 --67 7 313 33 1l 3 713 353 33 31371237 329 31l 3 13 3 83.1 9 755 3 7 3 715 .885 5 3 3 1 7 3 379 3ll 845 7 3 .7 3341 3t7 3 .3 13 3 11 3 751 7 rl -73 7tl 33752 7t2 3 3 7 3 1 1 753 t 7 3 713 7t4 3 7 3 7 3 754 .1 1 4 7 6 7 890 7 891 7 3 3 7 3 3 851 33 .2 9 705 1 l 3 3r7 3 7 746 23 737706 3 747 3 1 3 3 11 3 707 7-708 7 3 3 1 9 3 748 359 37 4 1 4 7 3 r 749 709 3 750 1 3 3 7r0 3 .3 892 1 1.73 ll 3 7 341 3 -59 3 7 33 ll 3 7 -23 3 1l 3 47 379 3 700 701 '702 1379 1379 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 920 92r 922 923 924 925 926 927 928 929 930 931 932 933 934 935 1379 29 331 3 7313..1 l 717 7 r 3 337 1 8 4 3 r r .7 9 852 3 7 3893 8s3 1 9 7 .7 l l 849 329 3s9 8 5 0 .4 7 3s9 313 3 73 3--37 7 3r7 371 34r 3 -67 7 319 33 7 313347 3 7 .323 3 3 .2 3 1 7 37 3 3 1 3 3 6 7 756 7t6 3 757 6 7 .l l 843 7 884 3 3 7 3 844 2 3 .3 886 846 319 313 847 4 3 3 7 7 6 r 887 3 r 7 3 1 3 888 8 3 3 .l1 3 7 337 3 i l 1 9.2 3 881 3 7 3 841 t 3 4 7 1 9 37 3 882 5842 3 l l 3 883 .3 848 7 3 2 9 3 889 t 7 .3 8 3 894 854 7 r7-29 71317 3 3 1 3 4 r 8 5 5 r 7 3 4 3 3 895 a a 3r3 3* 373 3 19-3113 3 7 379 23373 6l-1119 3361 3r3 3 -23 .4 7 7 4 3 '740 3 1 1 3 3 1 3 3741 333 742 4 1 1 3 1 1 7 7 3343 3743 703 7 9 1 3 3 1 7 3ll 3 3 7 744 3704 3 745 .11 7 47 329 33 7 33 7 313 353 3 7 -rl 341 3* 3 89 37 --r7 . u t 7 4t .6 1 7 -59 99s 337 323 3 7 3 7 r 996 7 33 373 997 1 3 . Freeman and company.418 Table 1.. Appendix 1379 816 33 817 -1113818 3 7 319 819 373 820 5 9 1 3 2 9 _ 821 343 3_ 822 319 3 823 7 824 3373 825 3 7 3 2 3 3 826 l 1 7827 33r7 828 7 33 _43 829 830 319 3 7 831 33 832 5 3 7 t t 833 3 13 3 31 834 t 9 3 1 7 3 835 7-6r13 836 33837 i l 3 3 838 1 78 3 839 3 7 3 3 7 960 3 13 3 961 7-59962 33963 323 3 964 3 l . Dudley. H. (Continued).7950 3 13 337 3 3 1 3 1 l 951 3 31 3 7 33 952 .8 9 7 t 3 2 3 .2 3 872 311 3 7 873 33 874 7-13 875 3319 876 3 ll 3 877 73167878 33 1l 879 5 9 3 1 9 3 970 8 9 3 11 8 7 971 3 ll 3 972 37t 3 973 t974 33975 7 3rt 3 976 4 3 t 3 977 329 3 7 978 33 979 19741 a n 4 1379 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 9 tl 912 913 9r4 915 916 917 9r8 919 980 981 982 983 984 985 986 987 988 989 3- 1379 3936 l l 3 1 7 3 3 4 7 3 937 7 _83 7 1 3 1 1 8 9 938 3ll 341 317 3939 33 33 940 7 -2397 7l 29 94r 333 7 3942 3 ll 3 l r 3 7 3 943 83944 3 7 3 ll 3 ll 3 945 t 3 3 7 3 13 3-17 3 946 4 7 4 3 2 9 7 947 333 3 1 3 6 1 948 1 9 3 5 3 3 3 l l 3 949 .ll 998 367 3 7 3 1 3 3 1 9 999 9 7 3 1 3 3 Reprinted with permission from u.l l 965 3 7 313 966 37 3 967 t 9 t 7 968 323 3 969 l 1 3 3 1379 856 7-1311 857 3323 858 331 3 859 l l 1 3 860 3 7 386r 7 9 3 7 3 862 3 7 .4 3 72917959 353 329 33 1 7 990 33 33 991 r r 2 3 4 7 7 7tt3r992 3333993 319 3 1 3 3 4 3 3 994 .4 1 1 9 l 1 7 8 9 s 3 956 373 3 7 33 6 7 957 t 7 3 6 1 3 33 958 1 1 7 . .7 19. All rights reserved.1 3 953 333 4 t 3 7 954 7 33 33 955 . copyrighto 1969 and l97g by w.863 389 353 864 33 865 4 t t 7 t t 7 866 33867 1 3 3 3 868 .l l . Elementary Number Theory..1 9 7 869 33870 7 33 871 3 1 . Second Edition. Appendix Table 2. Values of Some Arithmetic Functions' 419 I 2 3 4 5 6 'l I 9 l0 ll t2 l3 l4 l5 l6 t'l l8 l9 2A 2l 22 23 24 25 26 2'I 28 29 30 3l 32 33 34 35 36 5I 38 39 40 4l 42 43 44 45 46 4"1 48 49 I I 2 2 4 2 6 4 6 4 l0 4 t2 6 I 8 l6 6 l8 8 t2 l0 22 8 20 t2 l8 t2 28 I 30 l6 20 l6 24 t2 36 l8 24 l6 40 t2 42 20 24 22 46 l6 42 I 2 2 J I 3 4 6 t2 I l5 l3 l8 t2 28 t4 24 24 3l l8 39 20 42 32 36 24 60 3l 42 40 56 30 72 32 63 48 54 48 9l 38 60 56 90 42 96 44 84 78 72 48 124 57 2 4 2 4 3 4 2 6 2 4 4 5 2 6 2 6 4 4 2 8 3 4 4 6 2 8 2 6 4 4 4 9 2 4 4 8 2 8 2 6 6 4 2 l0 3 . | 98 99 100 20 32 24 52 l8 40 24 36 28 58 l6 60 30 36 32 48 20 66 32 44 24 70 24 72 36 40 36 60 24 78 32 54 40 82 24 64 42 56 40 88 24 72 44 60 46 72 32 96 42 60 40 6 4 6 2 8 4 8 4 4 2 t2 2 4 6 7 4 8 2 6 4 8 2 t2 2 4 6 6 4 8 2 t0 5 4 2 t2 4 4 4 8 2 t2 4 6 4 4 4 t2 2 6 6 9 93 72 98 54 120 72 120 80 90 60 168 62 96 104 127 84 144 68 r26 96 t44 72 r95 74 n4 t24 140 96 168 80 186 t2r r26 84 224 108 t32 120 180 90 234 n2 r68 128 t44 t20 252 98 t7l r56 217 .420 A ppendi x Table 2. 50 5l 52 53 54 55 56 57 58 59 60 6r 62 63 64 65 66 67 68 69 7A 7l 72 73 74 75 76 11 78 79 80 8l 82 83 84 85 86 87 88 89 90 9l 92 93 94 95 96 9'. (Continued). p < 1000is givenin the table' The leastprimitive root r modulop for each 2 3 5 7 1l l3 t7 l9 23 29 31 3'.1 4l 43 47 53 59 6l 67 7I 73 79 83 89 97 l0l 103 107 109 113 127 131 r37 139 t49 l5l 157 163 r67 r73 179 l8l 1 2 2 3 2 2 3 2 5 2 3 2 6 3 5 2 2 2 2 7 5 3 2 3 5 2 5 2 6 3 3 2 3 2 2 6 5 2 5 2 2 2 l9l 193 r97 199 2tl 223 227 229 233 239 241 251 257 263 269 271 277 28r 283 293 307 311 313 317 331 33'.1 347 349 3s3 359 367 373 379 383 389 397 401 409 419 421 43r 433 l9 5 2 t 2 3 2 6 3 7 7 6 3 5 2 6 5 3 3 2 5 T7 l0 2 3 10 2 2 3 7 6 2 2 5 2 5 3 21 2 2 7 5 439 443 449 457 46r 463 467 479 487 49r 499 s03 s09 521 523 541 547 5)/ r5 2 3 l3 2 J 2 13 n J 2 1 563 569 57r 577 587 593 599 601 607 613 617 6r9 63r 641 643 647 653 659 601 6 73 677 683 691 701 ) 2 3 2 2 2 2 2 3 3 5 2 3 7 7 3 2 3 2 3 3 ll 5 2 2 z 5 2 5 3 2 709 719 727 733 739 743 75r 751 76r 769 773 787 797 809 811 82r 823 827 829 839 853 857 859 863 877 881 883 887 907 9ll 919 929 937 94r 947 953 967 97r 977 983 991 997 2 ll 5 6 3 5 3 2 6 ll 2 2 2 3 3 2 J 2 2 ll 2 3 I 5 2 3 2 5 2 l7 7 3 5 2 2 3 5 6 3 5 6 7 . PrimitiveRootsModulo Primes prime p.421 Appendix Table 3. Y. McGraw-Hill Book Company.li l^ilrrl Numbers 5 l l I e 24 z6i 4 8 1 7 1 3 5 25 1 6I e 34 z s l r c 37 1 2 l 4 s 37 3 s l ' 3 7 49 43138 8 t 3 l i 2 6 24 1 3 ll 0 17 5 8 11 6 40 2 0 1 6 2 17 6 1 3 2 70 6 3 1 4 7 29 r 8 1 3 5 t4 7 8 1 8 1 69 t 7 1 8 l 1 9 20 2 l 22 23 24 25 26 27 28 29 30 3 l 32 33 l9 23 29 3l 37 4l 43 47 53 59 6l 67 7l 73 79 83 89 97 l0 7 2l 7 7 33 38 t6 l0 40 47 64 49 2l 2l 56 6 89 r z lr s el I l3 t7 29 22 t4 36 6 3l t0 55 62 27 39 54 80 82 5 lt 26 t7 3l 29 t5 25 7 26 l6 60 37 63 72 25 t2 24 20 27 l5 36 t6 5 39 l5 57 28 l5 46 26 60 57 77 8 l3 29 l3 40 28 20 53 9 42 44 30 l3 I 75 49 76 l6 l0 l0 4 8 2 42 t2 44 30 56 2 46 54 52 2 l9 5 t2 l7 l7 29 25 46 4l 20 45 67 38 78 39 59 l5 t4 23 ll t 4 l 2 2 l 3 s 39 sl116146 l3 34120128 57 29 s t l 2 s l 4 4 55 aI rr I oa 60 18l4el35 l5 3l6llll 67 s2lt0l12 l8 3 l 2 s l s e 87 l8l 3l13 9 r s lr + l rlrol I 6l34l2l s rr j 3I s I 4 r l l Indices tl nlsrlrs 9 28 34 3 33 49 59 47 ll ll 56 38 3l 46 5 20 l0 l8 9 3l 44 27 f 23 5 t7 5 2l 5 32 30 57 40 6 l 20 69 5 t4 80 85 74 60 Reprinted with permission from J. . V. A.Copyright O 1939. Heaslet.i 'ilil. Elementary Number Theory.l trlfr|JIl. Indices p Numbers Appendix I l: lt2 l: l! l8 )1 I r( I to 22 29 28 3 r 30 3 i 36 4l 43 47 53 59 6l 67 7l 73 79 83 89 97 p 40 42 46 52 58 60 66 70 72 78 82 88 96 'il.422 Table 4. Uspensky and M. 423 Numbers p 3'l I 4l r9 43 23 47 34 s3 l l 59 4 l 6 l 48 67 65 7 l 55 7 8 29 79 25 83 5 7 89 22 97 27 p l9 2l l8 33 9 24 ll 38 29 34 37 35 63 32 t8 2 l4 30 36 44 l4 l4 64 28 l0 64 34 t6 32 35 4 42 l 7 30 3 8 55 39 39 27 22 l l 2A 22 64 70 t 9 36 20 48 ll 5l 9l l9 6 33 3l 4l 3'l 46 58 65 65 35 67 24 95 20 22 9 50 9 I n dices 6 l2l I t s l 2 4 1 3 | 4314 l ')) | 8 l 29 4s132 1 4 l l l 33I 27148 2s 5 4 1 5 6 431r i I 34 l 8 s 3 1 6 3 e l 6 r l 27 46 2 5 1 3 3 481431 l 0 I 25 t l + t 5 r I 7 r I l 3 74 7 5 1 5 8 4 e l76164 30 4 0 1 8 1 7 t l 26 1 7 2 e l28172 30 2 l l l 0 8 5 1 3 9 4 l 5 8 1 45 Numbers 23 40 16 58 29 2l 54 30 6l 73 l5 44 23 20 50 9 3l 59 23 54 84 2l 54 l0 43 50 38 l7 76 65 l4 23 36 38 46 2 66 28 l6 74 62 50 5 l 53 59 6l 67 7l '73 79 83 89 97 p 66 67 7l 78 79 83 89 97 p 82 83 4 l 89 3 7 97 23 83 6l t7 52 76 47 42 2l 5l 3 42 79 55 93 53 22 33 57 23 53 '7'7 54 35 t9 52 l4 26 )) 56 2l 52 26 t9 57 65 ll 4l 37 )t 5 8 5 9 60 29 36 45 4 43 t5 13 75 47 6l 62 63 64 65 43 27 r3 32 45 5 3 3l 5t 62 5 l 0 27 50 22 5 5 46 7 68 36 63 Lices Inc 3l 37 8 59 56 52 59 5 3 5 l 78 l 9 66 l 0 \) 8 7 30 32 49 42 68 33 37 36 55 3 l 30 36 56 J 66 5 23 3l 7l 34 l 9 43 l 5 67 43 48 69 I 1 7 58 l l e 45 1 6 0 66 l 3 e 69 1 4 7 64 t 8 0 3 5 6 34 5 3 36 67 45 48 60 5 5 24 1 8 70 6 22 5 83 8 75 t 2 26 Numbers 67 47 50 48 45 56 57 68 6l JI 69 't0 'tl 7 2 7 3 74 7 5 't6 II 7 8 79 80 Inclices 8l 33 63 69 73 t5 13 94 4l 52 29 2'7 5 8 50 38 58 6l 5l 35 42 4l 36 79 66 44 5l 33 62 lt 36 t4 65 50 50 44 69 20 28 23 4'l z l 44 27 5 3 29 72 40 49 67 53 43 39 32 68 1 4 3 3 l 42 77 40 1 4 2 46 4 2 l J J t 3 0 4 l 88 I Numbers 84 85 86 45 38 87 60 83 88 44 92 89 90 91 92 93 94 95 96 I n d lces 26 76 '73 90 s 4 l ' 7 e 1 5 61 4 9 20122 82 48 . (Continued).Appendix Table 4. (Continued).rzlrslrrl 5 l 2 l t o l + l z o l r l 1 7 l1 6 ll l I t l z z l r s l zrrl o l r z l s l 2 1 4 l a l t o l : l 6 l r z z + r s I r s t v l I n a ll s l I z ztI zs 1 ! ! I I I 3 l e l 2 7 1 r o l z e l r c lt 7 2 0 2 e z s n a l + o 2 1 4 l a l r o l t z l z t l t 7 | 3 4I I I n I z e lz s l:ro I : o I z sI r :I s o l r e l r r l z s l z t l : B l z eIl t ol 3 t l 2 s I I + l z +Il z t lI zg l r s lI lrel32l28l 3l slzt llslzel+rl 37 l r r z z s r ro s l z s r r I r +l z z l u l n |l 28 |. 2l 3l 3'' 41 43 4'l 53 59 6l 67 7l 73 79 83 89 97 p 7l3l6l 'l I ul el slrol zl I 3l elrolnl slrs trlrolr+l al tl 4 t2 2l al r l 21 4l sl rol rgl 7) t4l elrs. p I Indices 2 3 4 5 6 7 8 e{t0llt l2 l3 t4 l5 ll I I r' l l! 2. 1 1+ l r z l x l z t s l z + l z z l s s l r o l I z l 4 l s l r o l t z l o a l 15 t I t+ | zaI seI zqI ssI t: I ee| +qI 3 l e l 2 7l s r l o s l r z l i t l|6 4 l t + l + z l y l z z I e o z oI o o z l I I sl2sl28l43l2tl s l o l o l l o l s : I z r I u l z g l+ s| + e l: e I Indices 3l 21 6l 41 5l I 2l 4l8l slrol I 2l 4l 8l 3l aln 2l rl | | 21 41 3l rl t6 | I Numbers ll t7 1 9 l0 23 l 5 29 2 l 3 l 22 37 l 8 4 1 26 43 26 47 3 8 53 J 59 3 3 6 l 44 67 20 7 l 62 7 3 20 79 48 83 l 5 89 6 9? 83 I l8 I 6 l3 4 36 33 35 2 6 27 40 8 27 65 30 t8 2t t 9 20 2 l 22 23 24 25 26 27 28 29 30 3r 32 33 I 26 l2 35 34 l9 l0 t2 t4 54 t3 56 62 37 60 54 38 t2 23 5 33 40 l4 3 24 28 47 26 37 l8 32 37 73 93 l4 t7 l5 29 35 42 l5 48 56 33 I ) t4 21 5 40 28 43 53 5 37 38 t2 5l 65 34 94 l0 II ) 30 34 46 33 47 l0 7 53 60 74 47 I3 82 s2 46 t7 t7 74 4l 77 I 20 2 l0 t6 t6 42 l3 35 20 l4 t6 8 64 ll 39 22 I Numbers l l 22 6 l8 I 20 3 | 6 l t 2 l 2 4 l l t4 2 Irzltrlzz 9 ) l5 | 2l 6l18 II 22 1 6 3 3 1 2 4 1 2 36 6 26 52 s l l 4 e l 4 s 3 7 l l 22 4 4 l 2 e l s 8 57 40 l 9 3 8 l 1 5 l 3 0 60 l 28 56 4 s l 2 3 l 4 6 25 l 4l 3 2 t l 5 1 3 5 1 32 40 54 24 34 23 6 e l 4 e l 6 8 l 46 22 44 s | 'o I zo 40 I 28 84 t + 1 + + l + t l 40 t 3 65 z + l t s l u l 79 I r sI r I lr:l tlzr srl:el:+l 22 l 3 37 33 I 3 39 2 1 42 )5 5l 59 5 7 50 3 3 ll 6 47 1 6 59 t 9 80 't7 3l 4 35 1 t4 t'l 39 35 3r 43 53 66 42 57 7l t2 78 . 4z Il r zI r o| r+ | + zIl z cll + zll n t Il 0 I r: I e l t t I 2l 4l 8lt6l:zlrrl z2l44l s rz :+ rs r m t A za z l + l s l r o l r z l s i t0 z0 40I 2t | +z| zsI soI +r I zt l +e l | | | | ! I I I I I z l 4 l a l r e l : z l : l 6 l t 2 1z + l+ t t q r s : o t z 2 l 4 l s l r o l t z l e q lr 5 s l + r l u l I r s I o lI r s Il : o I rs lI z o il sl l r I Tl4elsqlsrlsrl zl 14121 21 s :r +lztl s +I z : I r s I 1+ + | | s l z s l s z l + r l s t l s l r i l 2 l l o l s o l: r I e l + s l o l s o l a I 3 l e l z t l z l e l r s l .Appendix Table 4. 4 64'.1 65 7l l0 73 35 79 l 3 83 59 89 36 97 2 p 3 5 1 3 6 37 3 8 39 40 4 l 19 I 3 8 23 zl t 29 4 l 8 36 54 49 29 5 8 63 59 70 & 29 72 39 3 8 3 5 70 l 9 57 l 0 50 15 20 20 l9 39 55 5l 22 68 35 57 82 56 8 17 6 38 l9 49 35 t2 48 26 3l 68 86 I 24 9 46 l7 l3 6 20 32 76 4l 78 l6 42 4t 4 4 i | 4 5 i .| ) i ' 1 7 0 3 2 1 24 23 I ti l 9 0 1 6 2 l 9 t r 95 82 83 I 89 2r 97 95 83184 85186187188 89190 9t192193 I 8l 94 96 63I ll 3 3 l l o l 3 0 87147 4l I ll I 55 1 7 1 8 5 37 88 52 N umbrlrs 66 l r s .'riiiiii l5 42 60 25 )) 31 I 46 39 18 6l 42 68 69 44 N mbers 3l 1l 55 l3 47 53 29 26 I 22 30 65 62 23 87 33 M 68 33 28 46 83 68 I I 21l|42 50166 rel22 5t15 17 36 37 45 36 7 1 1 3 5 l6 4 9 1 5 1 6l rlrs 34 39 39 56 72 48 t4 Indices o o e tl o al o sl i o l u r l n l t t l r a l r s l t t l t t l z t l r e 1 8 08 t l | I 60 49 10 6l 55 70 65 26 30 39 76 59 I 29 6 l 5 7 66 3 8 44 {umbt 67 7l 73 19 83 89 97 p I I I l l 3 3 20 60 22 66 40 6 l2 3 7 8 7 3 63 43 5 l 5 45 46 49 50 6 l 3 1 5 75 84 32 4 20 Indices 4l 24 58 63 44 5 3 48 l 3 2(' l s 2 l 2 r 42 85 7'. Indices p 34 17 28 4 l 20 43 3 l 47 34 53 9 5 9 27 6 l 45 6'.425 Ap p e n dix Table 4.7 23 5 7 9 l 67 . (Continued)..1 48 49 I Numbers I 8 30 23 38 37 3 l3 2l 78 62 26 42 29 45 39 34 26 t2 69 l4 70 82 56 80 I 37 25 9 52 24 57 70 52 8l 79 12 M 50 l8 43 48 44 58 77 79 59 60 32llel I 4 7 l 4 r l 2 e 5 l 0 20 52 3 6 1 1 3 1 2 6 45 3 t 2 5 l 5 0 l 3 e t'l 34 2el58l4e 3l 1625i l 67 24l|26140 143 17 I 42 71163123 164 28 1 ? 3 l 6 r l 2 s t) :l611 4 3 l ? 5 1 6 7 1 5 1 9 1 3 8t 1 6 | 62 88186180 l8 124 e l 4 5 l 3 1 58 t 9 6 1 9 2 1 rl lndices 5 3 40 59 3 6r l4 67 47 'll 48 1 3 61 19 50 8 3 69 89 72 97 72 p 27 6 28 27 52 43 7l 55 38 69 I t2 56 54 9 69 55 27 25 54 24 5l 4l 63 53 48 4l t5 l5 46 zl I 54 25 7 5 47 76 89 37 2l 30 34 ll 63 50 30 23 53 33 56 t4 l 7 34 <) 6'. lot -I 7 l l8. 2 .r.4 .ffi.r-:_:.6 l I i 53 I t - t - I I I 11 | t q . 1 ..Table 5.l . Tt.mr .l 4 l I I 63 I t z .xJ. t t+ 1 lz I 6 l tz. .1.6] Itt I l:.t.2. y e t l | [3:6] l: lrr:1-l | . z r e .l. 48lle. @ .r.1.r. 1 .r.te] lg.-r'r. 1 6 1 1 I 70 ts. 4 . 1 . I rs:s.zr+l l 57 I t7.ol | 'o I f3:LAGt I is ltz. r l o 4 7 [ [ o .l. 5 . + .8 i lnq i .' I ts. 5 . 3 . t .t]Jm1 l|. 1 8 itq.1 . 2 .I 8 ] I I 8 3I I q . Z t.r.3. l . l 6 ] l . 1 8 ] L 16 tq:1. G t / ) | [ 8 -.t . .n I r+.1 | 72 [8.ffirli 4slt6.o.t.rJ . 1 8 1 l .8 1 I . . l 6 J O ] l 7 8 I t s :r . 2 . I 77 1 [ 8 : 1 . t 6 1 .T. 1 . 3 .r.1.l ll I [ 9 .l.:n. 1 .' o i [ 9 . 2 . 6 . l l u . J .l)"rl Jt s J l + .z. l 8 l I t -5l - t7. l .. l . 3 .6:l. l . r . ..22. a l ln|t+:st i t5 I [3.l. 3 .1i.r.tq I 60 |I t[tl.tol . 1 . l .l .ill [q. 1 rJ. l . r .l.ut l:r 116'aJI ] q ol t o . 18 1 1 l . 1 .iJJJJst |. 4 .rrr. 5 .t.s]. . I 6 8 | [s:+. r + t I 5 5 I tt. l .1. l .t.18] lq.z I t+rr..141 54 I t z . 5 .Nl InItl. I . 7 .q3JJtr.2JJ.rf. 5 . 1S l I9 . . 1 .zl.l 8 1 I zeI ts. 2 .rsl tg:t.t z l s. I 2 3| [ + : t . l 8 l l . r . t .2.ro] i 6 9 t 8 : 3 . 3 l _ -: 11.1. 1 6 1 I l t g .l... t o ] I 66 I t s .4. 426 +e1ro.z.3. J o t I :o I Is:z. q .I 80 [ 8 .I .t 5t. 6 . a .ql lolt2:2+t lt lrz. r o 1 l:+ I ts.raJJat I 6 2 I t 7 . s T ' t I 6 1 l E-5 2 1 .u.rzl soltz.t.rr. ror I .t. 1 .zT.l.t2 1 io'lto:fut I 2 eI t s : t t J .zJal I I 7 e l ta. l . 2l .l. |6.:.rol I . I 8 t [9.l.T. l 6 l | 8 2 I [ 9 . 4 . t'tl I l 9 : l . l . e J8 t I 34 1 [ 9 .. 3. Simple Continued Fractions for Square Roots of positive lntegers d J7 d J7 t- I 42 ) [ 6: 2 . l . :o l r .+rlot l:s lts:_ol I i7 | t6:l2l i:a j to.TJ'+t l s0 ) r 2 .r.:.l. I . 3 .l.16J | 73 [ 8 . 1 r + t | 65 I [ a . 1.lol | : l I t s .2.l.a. 3 .l4l I 58 I I 7 : l . 4.l8t i . J 7 ll [ 9 .tql szltt:+ttfV. t . t l.iJTl rg.r.l2l 4l I g' t lq6l l. I 76 I E 1 .sJJJmr l .r"sl I 20 I I a :2 . l .r. I r. r e l [\ry. : J 2 l j 2 8 j t s .l+l 5r I tt:t.ll l a a. d . | . t .. l . 2 ..rol I 32 | t5:l.l2.ot I tz I t:. 5 .tqi I 5 6 I t't.-l .rol I zt I t4. t 4 l | 59 . s ] I z q I t 4 . {I . 't . 2.. 0 i f a i s a n i n t e g e r . . 1 2 0 . 1 2 02 5 2 . 6. 5 6 : 2 ' 4 + l ' 3 ! + l ' 2 ! . 2.( 2 f i 2 ) r c (328)ro(l I I I loooooo)2 . 9 9 : 3 ' 3 3 . 8 . ( r o o t 0l o l l o ) 2 (rttilolll)z ( r o tt 0 0 0 l l 0 l ) 2 ( l l l o ) 2 .( 1 0 0 1 l 0 l ) . 72 05 0 4 0 . b ) 2 0 0 . 2. a). .3 9 . a) 5. 2. t.( l o o o l ) 2 (too65)ro (338F) e r (8705736)6 r ( l I C) r c . Section 1. 2 8Y e s Section 1. 3. 4.4 l. S t . 4. ( 5 5 5 4 ) r .15 b) 17. 120. ( 7 4 E )6 ( t O t O t 0 l I l 0 0 l l 0 l I l l 0 l I I l ) 2 . 0 8n o . ( t r s ) . d). . 6. 2 6 ) ( t o o l ) .1 2 6 2 1 0 2n \ n + D/ 2 10. 4. ( t t O tI 1 l 0 l I I I l 0 l 0 l l 0 0 l I l 0 l l 0 l ) 2 . 8 4 . l .l 1. c 6 . e) 3. g.2 .3 4 3 : 7 ' 4 9 .2n rr.2 : l .0 c)-3.b 4.$ 1 .z t 1 4 . 65536 21 x : y : l.Answers to Selected Problems Sectionl.7 d)-6. 8. b ) . 3. 1 4 5: 5 ' 7 9 . u .l 8 2 4 .l ] .2 *. 24. a ) 20 b) s 5 c ) : as d ) 2 0 4 6 d a ) 3 2 b ) 1 2 0c ) 1 4 4 0 0 ) 3 2 7 6 8 . 5. 2 3 .i l t + : 2 ' 3 1 + l ' 2 1 . a: 13. b) 3 1 1 .( 2895)r o . 2 0 + l 8 [ x . 0 2. 4 .c). 4 0 .l o t h e r w i s e . I c ) 1 2 8 . 3 8 4 : 3 ' 5 !+ l ' 4 ! Section1. 3. 0 3 2 0 3 6 2 8 8 03 6 2 8 8 00 I. z :2 . I 888'0 ( r o o tl o l o o o o o l o ) 2 ll . 5.3 l.2 ( l l 0 0 l l ) .

r 3 8 ) 6 6 6d ) 5 : 8 0 0 .g7. 5 .73. ilZ s.59 r 0 .7 0 . 71 0 9 7. 1 3 ) 1 0 1 1 0 0 0 . 2 . z e n . a) 1. 7 .331 1 0 .. 3 3: 9 .a)rsb)6dZd)s 2.4 3 .7g. 1 0 8 . 4 1 . r o l i l 2 3 . 5 3 . a f u c ) 2 . 1 t. 51 . 3 0. d ) 6 9 3 : 2 1 .7.99 Section 2. b ) 5 . I if a is odd and b is evenor vice versa. t 7 .75. .31. 4 2 .3 .1 d 2 . and 6 eggs Section 1.1 6 5 6. . 5 . 1 7 .428 A nsw ers to S el ected probl ems 2 3 ' a ) 7 g r o s s . 9 |. l l f ) 2 8 g ) s . s . 105 6 . 5 7 . 2 5 . 5 .280+ 4. 6 t .5 k + 3 ) : I s i n c e 3 k + D _ 3 ( 5 k + 3 ) : I s Section 2.. 5 2d ) 1 7 2 d . Z g . 1 1 .3 3 . 7 I 3 l ) 9 . l 0 + ( . 2 1 . 5 7 17 . or 1 9 . i l 2 2 . 3 7 . il 24 b) 210 c) r+o d) I l2l I e) soo+oil 3426s7 1 5 . 3. 7 d o . 7 b 2. 249. i l 2 2 3 35 37 2 . 44 f7 r r 7 g | rg 3 i l r l 0 l r 0 0 l d l i 1 d ) 3 2 .3 7 .1 9 .1 6 5 . il2 Section 2. 2 7 . 3 .2 l.53 16.5 a) prime b) prime c) prime d) compositee) prime f) I composite 7.I I dozen.1 . g 7l O l 7 l 4 7 6 7 7 g .490 25. l 0 l t .490 + 4. l . | 2 6 5 3 k ) 3 . 2 9 1 7 .3 .3 0 2 . 1 0 5 c) 5 : -5.1 5 . 2 7 0 : 5 4 .2 otherwise 5. 5 .222 (_13)102 + c ) z : 6 5 ' 1 4 1 4 + ( . 2 4 te ) 5 2 1 3 . 4 3i ) 2 4 . 5 4 0 3 6 . 2 6 . I 3 . 7 0 + ( _ l ) 9 g+ 1 . r 5 r f ) 3 3 . 1 9 . 3 . a) rs :2. l 0 0 l 29. 308. : r .1 3 . 1 . 3 2 . t g ' 4 1 t. 1 8 . 3 2 ) 3 .3 0 3 . a n d g e gb ) i l g r o s s . a n d gs lreggs c) 3 gross. ( 3 k + 2 . 1 .3 l . 7..3 1 .1 3 .2311.7 3 .51. 2 . 3.3 0 1 .1 8 0 . 1 3 2 1 . 1 0 0 0 0 0 1 !0 0 0 0 0 1 1+ t4. 2 3 . 3.67. 1 3 c ) 2 2 . 4 9 .9 0 .7 0 . b ) 2 r 83 8 . .49. 3 .1 1 0 1 ) 2 0 1 8 5 + 3 .93. 9 . 2 3 . 3 7 . 2t2l 14. 7 7 1 4 . 1 3 7 . 5 .6 9 . 9. 1 0 3 .69.2 1 . . 2 1 3 s s 5 7 7 b ) 1 .3 0 4 | 2 . a ) 3 0 . 1 1 . . 4 4 3 5 0 ( . 2 . 1 0 0 0 0 0 1 ! + . 7 .2 5 .45 + (-l)75 b) 6 . 1 3 . i l 2 4 . 3 0 0 . 1 .il2 b)sc)ssd)3 e)t f)1001 15. 66.t ) t 5 b ) 7 : 0 . a ) I : l ' 6 + l .63. 5 d o z e n .6. 2 9 b ) 1 0 0 0 0 0 +l 2 .l i l 8 . 3 . 70. il5 b) lll c)o d) I e)rr il2 4.211.1 l.330 (-t)+os+ 1. g g . 3 .

1 7 . d17. t2. ( 2 1 ' .t9 9 9 . z ( 1 1 .1 1 ) . dimes. 4 .4 c l.a\qzlr)zc)t8 (modp) whenp is prime andpla 26. n il x:889+ 1969 . g ) . ( 1 2 . oranges 8-'l.1 l . ( 4 . 2 ( 18 . 8 .0). 2 5 ) . 2 7 . 2 : 7 ) .1 0 0 + 3n. 3 7 ) 10. 3 3 ) . u) l 7 .293'3413 Section 2. 5 .13:::il.8)' 5.Answers to Selected Problems 429 Section 2.4. 13 . a) 15621 . 7 c e n t sa n d 1 2 c e n t s 4l l9 1 3 .+ 0 4 2 0 105 5 0 5 4 210 J 5 0 5 A J 2 I 12. i l g b) b c ) o d ) 1 2 d + f) I 9. a ) l . (nickels. 9 . 2 3 ) ' .4 O O .61.(22.2).3i.9 ) . 1 . d)13'17.1 1 n 'y sorution . s q r b ) 7 3 c ) t z ' 6 + t d ) 1 0 3 ' 1 0 7e ) t o o t ' 1 9 9 9 2.6 n . I. 6 14.(13. l : . 3 ) .1:-ll-2n b) x:*300* .4). n 7 + I (mod 6) l l 1 8 . 1 ) ' : quarters) ( 2 0 . 5 ' 1 3 ' 3 ? ' 1 0 9z ' 5 l 3 ' 2 n l o g r c 2 5. 0 . l 3 ) . a)x:33 *5n. 1 5 ) .l ( m o d p ) w h e np i s p r i m e -l c) -t d) -l e) 27.fr c ) x : 5 0 * n .Y:-633-1402n francs I francs.(16. ( 1 4 .1 4 ) . 9 . w -. 1 1 1 .( 3 0 . ( 9 . 17 apples. second-class. b) no solution =(54.c e n t a m p s ) ( 3 3 . ! : | * 7 n . a) 4 o'clock b) 6 o'clock c) 4 o'clock I 3 . a) t b) I cl f O) I e) ap-t = 1 ( p .(19. 3 5 ) .l ) ! : . a ) x : 9 8 . l8 =(25.3 1 ) .c e ns t a m p s . 1 2 ) . I Swiss 2.x'ZI cb1 y =-zi^\n d)no 4 5 0 | 2 3 4 5 10. x 0r23 0 0 0 0 0 321 I 0 I 2 J 432 2 0 L + 0 543 J 0 J 0 J 054 . 4 ) . 2 J l P $1 . 3 J .( 6 . 4 .0 .a)3 t)ze d242 . 1 9 . 0 l0r 2345 I 2 3450 lr z 3 4501 l3 4 2 t 5012 4 0r23 5 ls 0 t234 J t - l o. 2 l . 1 5 . ( 3 9 . ( 2 7' 1 9 ) '( 2 4 ' .( 3 .1 6 . 0 | 2 054 105 2r0 321 432 543 3 4 5ll. 39 French 0f 23 3.5 l. 2 5 2t. 7 . ( 4 2 .z : 150-3n.( 3 6 . l 7 ) .( ? . 3 . il zz'ql'eu b) 7'37'53'107 ) t92'3r'4969 f) 4957'4967 r : .2l-centstamps) (1. a) -1 b) 30. ' "ff2. ( 8 . 2 3 . (0'.16) ( 1 0 . 0 ) n o 1 5 . 1 o ) . "Pt 4.1 2 . 9 first-class. 2 ) .-"44r. ( 17 . Section 3. s t a n d b y 1 4 .a 7 + b (modp) 17. 2 r \ ' . 3 3. 3 . 0 I 2 J l 3 n'il .6).( 1 5 .41. a) (14-centstamps.l-n b) no solution I l . 5 .347 6. 2 1 .1)' (51'3)' (48' 5)'(45'7)' s t c ) ( 1 4 . 2 -2 (mod7) b) x : = 5 .y) = (0..1). y ) ( 0 . . a) x = 28 (mod 30) b) no solution 10.(t.(5.qj. 0. a ) ( x . 5( 2 . .2).5 . g )( m o d 9) d) no solution Section 3.5). -)i . 6 ) .0 g) (mod c ) ( x .(2.e . e . 0 ) . 0000.5. a) rl l 0 o l b ) ls rl c ) fr 4 l l o 2/ l l-.2 ). g ) . (2 .0625. 6 s o l u t i o n s d) no solurion s.4 l .0001.zl. rJ U / \ t l) 545 l 4 t o l b )l z ' o l c ) 4 5 5 4 4) { 8.(g.zi.7). 6 .(3 .6 ). l ) . .0). a ) ( x . . I ) .$ . r. ( 5 . O .3 l ' a ) x = 3 7 ( m o dl g 7 ) b ) x : 2 3 ( m o d3 0 ) c ) x : 6 ( m o d2 r 0 ) d ) x = 1 5 0 9 9 9( m o d 5 5 4 2 6 8 ) *201 4.0) (mod7) b) no sol uti on 3. ( 3 ( 3 ( 4 . . 2l0l 8. w = 5 ( m o d7 ) c) r 0 .tr.(l.430 A nsw ers to S el ected probl ems Section 3. I t hours 4 . a) x :0. .y E 7.2). ( . 4 ) o(d .ul. ( 4 .5).4). y ) = ( 0 .3). ( D.2 L a) x:3 (mod 7) b) x:2. 6) 7 b) (x.4).3). 1 2 . .4 )l .0) or (4.ii'. ( 8 . (7.a)r:D7c)sd)t6 8 .(6. a) x :23 (mod30) b) x = 100 (mod 210) c) no solurion d) x : 44 (mod g40) e) no solution il. l. ( 4 . 2 6 f e e t6 i n c h e s Section 3.( l .G.5 ).7).(7. 2 4( m o d 3 0 ) . 5 ) .4). 5 ) . 6 .(5. \ t . 3 ) . y )= ( 0 .(5. ( g . a) t -) t l0 1. 1 8 .(4 . a) {q I 4 3J [z o 6l ls 5 5 4 [4 555 9.1) (mod5) 2 .1). 4 ) . (7. 3 ) .3). i l 0"b ) 5 c ) 2 s d ) l lr lr ll 4 oj l5 l .y = 5 .(7. 1 ) . ro.(5.3).2).9376 1 7 . = 5 .(7. 6 ) I .ir. 1 ) = (m. 30t | 3. c) x=5 (mod 23) 3. orp2 ( 4. 4 ) . p. ( 5.(7. i l ( 3 .: i . D . . 2 ) ( m o d 5 ) b ) n o s o l u ti o n c ) (x.(1. 2 = 0 ( m o d7 ) .(5 .g (mod 9) c) x=7 (mod 2l) e) x=812 (modl00l) f) x:1596 (mod t5g7) 2.y E 0 . 0 ) . 0 ) .ol = . ( 3 . 2 ) 2J . a ) ( x . g . 5 ) .(1.t:. y ) = ( 2 . 7 . ( 2 .( I ( I (0 (0 (. .l).)o l .(:. . 3 ) .0 .y) (t. D . ( 4 .

12. .1 I ')l -l ) 3 .| b)'c -.2 2.c J o 1 I brc 1 4 5 o 2 bvc 4 I 5 o . and 9 c) by 3' and b) Yes c) no d) no a) no 3. a) Tcanr Round I 1 b-vc 6 1 I ') 3 .l -l 1 b)'c 6 1 3 2 3 4 5 6 5 6 1 . R o u n d2 : 2 .An swer s t o S elec t e d P ro b l e ms 431 Section 4. a ) H o m e t e a m s R o u n d l : 4 . and by 9 b) those with an a) thosewith their number of digits divisibleby with their numbcr of digits divisibleby 6 even number of digits c) those (same ior 7 and for 13) d) I 1 * a5 aaa3l at apo (mod 3l)' t 8 . 4 ' R o u n d5 : : 3 .2 Section 4. 5 . o z r o 2 n . 4. 3 7l1 1 2 7 8 s 10.----.1 l. 5 .z* 09 3 7t r4 $6 e 2 . R o u n d t. ll.2 t . 3.4 t () ') l 't . by 5 c) not by 5' not by 13 73e '!-6 castingout nines check d) no' for example a) incorrect b) incorrect c) passes check passes part (c) is incorrect. . 3 .t 4 .3 l.4 5 . a p s . 5 5 8 . 1 0 0 2 ..t .R o u n d4 : 3 . I 3.but Section 4.4 .a z n o 2 n -a z n . 2.1 b\. a) 28 b) 24 c) 2ro d) 2t a) 53 b) 54 c) 5r c) 5e 9 d) not bv 3 a) by 3.4 ) 3 1 5 2 ) blc 3 : 1 . a) Friday e) Saturday i) Monday b) Friday f) Saturday j) Sunday c) Monday g) Tuesday k) Friday d) Thursday h) Thursday l) Wednesday Section 4. d) yes a) no b) not by 3. 5. not by 9 b) by 3. 4 5 . il +o b) t28 d t2o il 5760 2' a) 1. 6 d no sorurion d) 7. _l l" 2.4 5.23. j:l ii<tta.432 A nsw ers to S el ected probl ems Section 5. 5 6 .r 7 c ) | 4 . 7.J 2 . 1 3e ) t .a)t 02 dq d)t2 dtgz f)45360 8' a) primes b) squaresof primes c) products to two distinct primes or cubesof primes 9. 3 5 .2 t7. a) r b) I 1 2 . t 3 .r : 18.. 7 . | 5 . 9 . . d ( 2 0 ): 8 l. n has at reasttwo odd prime factors. 2 3 d ) 3 3 . 4.r(r8:6. a ) 1 . 2 5 2 . c ) 1 .k:1. 2 .a n d r g e ) n o s o r u t i o n f ) 3 5 . 2 9 . 5 . 2 0 4 4 ) r + p k c ) ( p k u + r t _ D / g k _ D b o Section 6. 7 0 .g I 2 g . 4 . 3 9 . 5 b ) 1 . 5 . 4 9 6 . : ._. 7 .or n has a prime factor p = t (mod 4) c)zk. 2 . 1 4 .2 b) 3..7 e ) n o s o r u t i o n f ) 4 4 . ) d(I7) : 16. 9 . 0 0 4 : 6 . \ L I 17 (mod 19) ) 5. g 4 . . Section 6. nr(n) /2 1 0 . o(tg): Section 6. 9d ) g 1 .*t)_D/Qf_t) . a ) 6 . a n dn h a s a t l e a s to n c o d d p r i n r c | factor. a) 48 b) 399 d 2sqo d) 2r0r_l e) 6912 2.3 1 .67 Section 5. 7 g . 52 Section 5. 5 2 . . r r b ) r 0 . g 0 3 ' i l l ' z b ) t h o s ei n t e g e r s s u c h t h a t 8 n : a l n n . I 24. 1 5 11\ 1m-l r a r . 9 .il9 b)6 c)rs il2s6 3. s .a ) 7 3 . a) x : 9 (mod 17) b) . ll 9. J \ . .1 l. I 4. 3 3 5 5 0 3 3 6g 5 g g g 6 9 0 5 6 . . 6 . .6 5 6.1 il f t 8 . d ( 1 3 ): 1 2 .3 l . a ( 1 6 ) : 8 . 3 . a) x :9 (mod 14) b) x : 13 (mod 15) c) -r = 7 (mod t6) ll. 2 1 4 .2 1. perfect squares 4' thosepositiveintegersthat have only even powers of odd primes in their primepower factorization 5 .2. 3 . a J. D W W D FN D W G D Z Q 2.18. I CAME I SAW I coNQUERED 3. 5. IEXXK FZKXCUUKZC STKJW 4 .20. a). 9.b).3 l.2 RL OQ NZ OF XM CQ KE QI VD AZ T 2.4 . il t2. 4. 1 4 5 33 0 1 9 0 t 1 3 . 6. 4. Z. Iz t: I I I I 23101 1 2 5 37 ) matrix Itj 163] Hill cipherwith enciphering i.An sw er s t o S elec t e d Pro b l e m s 433 b 3. 1 2 1 5 2 2 44 7 l 0 0 2 3 l 1 6 4 . a ) .36) 945 7 .24. t2 6.00 00s ol ol 0l r lI 'l rl Section 7. A ) V S P F X HH I P K L BK I P M I EG T G b ) Section 7. P H O N EH O M E 5. IGNORE HIS 24] Il 12425) l. E A T CHO CO L A T EC AK E .t7 'r d (mod 26) 7 . c ) P r im e 8.1 l . t 4 t 7 t 7 2 7 l l 1 7 6 5 7 6 0 77 6 t 4 D O N O T R E A DT H I S G O O DG U E S S 92 150 Section 7. a) t b) l3 d 2 6 6. digraphic [52 ro 1 3r I 000 310 12 310 l o 0 2 tt 3 o2 7 l0 l. i l C : 7 P + 1 6 ( m o d2 6 ) b ) C : a c P * bc EXPLOSIVESINSIDE 8 . l .30.d) Prime Section7. g . 2 1 . 5 . : i n d 5 J : I . 5. d 2209 Section 8.7 2. 1 0 b ) 1 5 9 6 0 :g . 1 0 .l l 4. 1 0 : 2 . 3. 2. 7 .50. il q b) the modulus not prime is 6.2 L a)2 04 c)8 d)6 e)t2 f)22 4.37.i n d 5 7: 19. a) yes b) no c) yes d) no 4 .434 A nsw ers to S el ected probl ems 5 ' a) 037103540 8 5 80 8 5 80 0 8 71 3 5 9 0 3 5 40 0 0 000871543I 7g7 053sb) g 001 0977 0274 0872 ffi8 #l 3l1i'u* 082r 0073 07400000 0r48 04r5 084s 0008 0803 6' d 004200560481048107630000 00510000 029402620995049505:|' ag72 00000734 015206470972 7' d) 1383 81203520000 83 130 1 13 0 1 0 8 0 3 5 r r 3 8 3r 8 1 2 0 1 3 0 0 g 7 2 r 2 0 8 r 0956 00000972l5l5 0 9 3 7 1 2 9 71 2 0 82 2 7 3 l 5 l 5 0 0 00 8. b 2. 9 e ) 3 . l 8 : 2 * 1 6 : 2 * 3 * 1 3: 3 * 4 * l I : 7*l I 5 . il4 04 c)6 2 .3 c ) 3 . I I Section 8. 1 i l .24) 4.4 l . (44. g 5 . i n d 5 6: 1 8 . 4. 89 18. s t . ( t z .2 2 ilz 02 c): il2 il2 02 dz d)3 a)5 b)5 c)rs d)15 7 . 3 g .5600.4 1 6. i n d 5 4 : 4 . i n d 5 l: 2 2 .7 1 0 . 6 : 6 . i n d 5 3 1 6 . Section 8. 4 .1 l.3 l. 4 g . a) 36962640.6 l. .5 l. 3 . c ) 2 2 . 1 7 t.6 . 7 d ) 2 .3g5 ) 53g9 . 6 .5 f ) 5 . 1 3 . 6 . i n d 5 2 : 2 . 9 5 Section 7. 829 Section8. il 23. 0872I 152 15 3 70 1 6 9 Section 7.a ) 0 o: 2 . g . 6 4 ) 1 6. 3 7 g . a ) 3 b ) 2 .2 6 . 6242382306332274 g. b) 6 1 2 . a) -r = 2. 8 4 .Z). 1 4 .6 . 1. a) usesPread : 3 b) u s es p r e a s : 2 l Section 9.a ) l t b ) 7 1 5 8 2 7 8 8 2c ) 3 l d ) 1 9 5 2 2 5 7 8 c ) l o z 3 z + 9 . 2 2 9 l 2 3 3 2 . a ) 2 0 b ) 1 2 c ) : 0 d ) 4 8 e) t 3 d ) 5 . o r x E 1 . 2 5 . 252. ( m o d l 2 ) .-1. ? .7 5 . 9 . 2 7 73 2l .7. 1 2 . 1 3 . 9 9 .l. a ) s b ) 5 d 2 d ) 6 e) 30 i) 20 2. 4 6I. 3 0 ' l l . 2 9 .5 ' l T ' 2 9 5 ' . 6 ' 8 . a)tt b)2 c)l d)ll e)tg f)38 . 6 3 . 1 . 2 9 ' 1 3 Section 8. 5 .' 2 1 8 3 l' 8 5 . .10.65520 4. a)2 b)3 d2 il2 e)5 t)7 d s 3. o r | .1 6 . . l.) .r = 1. 4 . 1 8 8 .1 2.4. 6 . l .5 2 6. 5 2 .0' 1. 9 0 . 9 2 . l6. l 0 ' 1 5 . 8 4 .I 3 ' l ' l ' 2 9 . 8 0. a) -r=9 (mod23) b) x=9'14 x : 7. l0 tttz: 6 " 7 . . 2 5 . 5 . 45 . 1 | 3 . (0. 2 0 . 1 4 .2) c) -x = 29 = 1 7 ( m o d6 0 ) 12 b) (0.2 4 c ) n o s o l u t i o n 1 2 ' 8 4 '1 2 6 ' q.. Section 8.l7 2 I.i n d 5 2 2 : l l (mod23) 2. l 0 Section 8.6.4) d) 'x l6. 7 6 . .6 2 . I ' 1 2 . z b ) 3 .b)(49938.1 . 2 8 .4 2 ( n r o d8 ) lt. 1 0 .. . a ) t .9.1 36.3.-1. a) (t. .1. 18 (mod 22) b) no solution 3.ind59:l0. c) DETOUR . 4 5 .11. 7 t t ' 9 1 ' 9 3 ' 1 0 0 ' 1 3 7 ' 1 3 9 ' 1 4 4 ' T .1 9 . b : 8 .1 d c ) u s cs P r c a s : 2 l.5 6 ) I 1 5 3 5 3 1 0 . 1 7 . I 2 .ind5l7:7'ind5l8:12'indslg:15'indr2O:5' i n d 5 2 l: 1 3 .4. 4 1 .r ( r n o d2 3 ) .1 8 .gg8. 7 4 . (0. 1 5 .I 1 . 1 6 .4993999811):'74999249.9 . l . 4 . 2 7 4 5 9 . a) t b) I. .Answers to Selected Problems 435 ind58:6. 0 ' 4 0 ' 4 8 ' 6 0 ' 2 .3 6 .-s.7O1@. e r i o de n g t hs 9 7 .1 d) 1.4. 1 4 .ind5l0:3'indsll:9'ind:12:20'ind5l3:14'indi14:71' ind5l5:l7. 1 4 4 . 3 6 .1 4 . I 4 . 4 5 . 4 2 . a : 2 . 120.ind5l6:8. 5 . 2 0o r 2 l ( r . ] 0 ' . 7 ' 1 8 .240 e) no s o l u ti o n f ) z .9. l).4 c) I.4 (mod 7) b) -r = | (4 o dl 5 ) m 15. 5 6 . 3 2 3 . ' t .3 6 7 ' 3 6 9 ' 36 . I 6 8. l 3 3. 4 6 1o r 4 9 6 ( m o d 5 0 6 ) .6 I g o f) 3 8 8 0 8 0 g ) 8o+ o h) I 254 l 328000 r . 5 7 .I 8 . 2 1 0 . 1 2 . I l o d.1 6 . x = I ( m o d 2 2 ) .0.I 4 9 .a .8 62'" l . i l p .-l (mod 7) c) no solution I l.2 1 . s '2 5 . 2 5 4 .t l r 6 ( r n o d l 3 ) (mod29) . .504 3.0 1 tt 5 . 6 9 . 0 c ) 1 . a) l.109. 1 .t d) 0. a) T'i' 6'T'.103.2.d ] 4] |.. b) [ lo. . Section 10. o b) 2 . .1.l'3'4 ^7'32'39'7t: 4t 69 o.. 1.sl to..l.22.43. 1 .. .f t5'22'29'36.02721350564)R c) el6 343 70 20 I 365 10. a1 zero not ll.T'.53. + b) c) a) IU.*3. (mod 91. 2 .. .1.t b) 6J.t c) z.20]117:frl.17.E-'T.5 e) xOq f) . I4t:il) .000999 i.92.p=+l(mod5) +1.+1 t3.Fazlto 4..49.7 ? 312689 99532 /^\238il1997106193 9 l l 1 3 -1 3 5 ' 1 5 7t 7 g ' 2 0 12 2 3 z 4 s 2 6 7 z } s 3 l l 1 l l . 4_l.'.4 t4.+g(mod2g) 5. a ) [ l .2937.l.2 l .b ) [ t ..l. . e ) (..1 d . e ) [ . . 4 .l e)r f)l 8 u)3 b)+ dL 25 90 33 s.FrZt 3. .13.19.21 f) [o. 1 9 9 .2.052)6f) (. a) 3 b) l1 d tt d) l0l d +t.d ) t 1 . 1 . where s1.'t't't'.22 e) 3.s.1. d ) 2g '7g 'g5 .. 9 d ) [ 0 . 4 .l.d.3 l. 221. 1 .5.r+o:).7.7l Section 10.92nr6 d) .. ") [ l .'i6.:.113.14 ) 0.4 l. n : 1./+sl/z c) (s + . a) -l b) -l c) -r Section l0. a) 2. a) .)Ad) 6.a)r b)-lc)r d)l e)_l f)l 2. sa are nonnegative and integers.r.r. 4 .s3.zT D 7..o1 12.l. 2 ] a) l.4.4 d ) 2 . z l c ) [ 0 .2ll l Section10..3 I .J 2..or59 mod60) ( 3. ai'f.1.3. 2 . .1 b) l.1..7. a) (:s)g b) (..5.10 or I l9 120) 9.l f) 2 . ) [ .lb) .1.71. a ) [ t .6.17.e rl o.z.'. 2 .436 Answersto Setectedproblems Section 9.61 ta.107.2)s (. i l t 5 / 7 0 t 0 / 7 d o l z l d ) 3 s s / l l 3 d z f ) 3/2 s/3 h) 8/5 2 .l":. )c ) [ 2 .1 e ) l ./Til/rc b) (-l +.2 l. 2 .Jt. b :2s'3s'5"7"'. 2 .t..3.a)-l b)-l c)_l d)_l 4. 1 . 1 .11.J c) 0.7.ar6c) .u)Sb)+. s ] U )B .L!.13 0 l I 1 I 2 t_2 3 1 4 3 2 5 3 4 5 6l 23.10. . a) (z: +.t.p= Section 9.lt. n = 1.g3. Y : l 52Q.9' 1 l . 3. a ) 3 .y *rrTln.Y t i^l where m and n a(e positiveintegers. 2 9 : 3 5 . 3 7 8 1 0 '. e). d to:ffil.. +2 . r ?\ r.(^2+3n2) = n(mod 2) l-{^z-3n2).andm Section 11.y : 829920.y:*l a)x: : 1820 a) x : 70. 2 O .1.y:!l +5'l:0.. c).y : 13 b) x :9801. . 5 : 5 .25.! .36. 1 3 . x : 4620799.2 4 ' 2 6 : 2 1 ' 2 0 ' 2 9l .8. 2 5 : 2 1 .40 I (m2+Zn2) 1 ' .35. ) . 1 2 . 3 0 ' 1 6 ' 3 4 .2. z.y:0.24. ! : 19892016576262330040 x : 6239'765965'120528801.l .t5. : ^r. 21. 2 4 . 12. 5' + l'y: b)nosolutionc)x: a)x:!2.39. ' 2 4 ' 3 0 .24.15. x:*13'y:+3 b)nosolution c)xt3. o:z2o|lte. c) [q.321 :7.32.12.37 I 5. : L(2^2-nz).20..Answers to Selected Problems 437 tt 5.Tt4I?q. 1 2 .6'8'105'.17:12. h) Yes b)' c)' f) no '1.: : 8.15.{ .x:+l. b). : 273 . 8 . 4 . : n l n .15.-o ^^"iti'r.12'. f.li. x .+t1 I l6.35.J8].(m"-Zn"). b) 3'4'5.5 . 9.^^ ---. 2.j. 1 7 : ' 7 .16. y X : 766987012160 Y 6. 17 I l.20:7. a). 6. e) Section I l.l. I andn is even | .13. g).m2+n2) *>it.3 l.2\ w h e r em a n d n a r e p o s i t i v e i n t e g e r s .28. d).: +Q.x : 42703566796801. : mn.t41. where m ^and n ^are positive integers.25 . An Introduction to the Theory of Numbers. 12. Introduction to the Theory of Numbers. Introduction to Analytic Number Theory. Number Theory. 7. Theory. E. D. w. lg7l. I. J. G. New Jersey.philadelphia. 1966. Merrill. chelsea. Dover. 9. New York. Prentice-Hall. 1969.EnglewoodCliffs. 1952 (reprint of the l9l9 original). w. three volumes. L. The Higher Arithmetic. Archibald. M. Dickson.. History of the Theory of Numbers. Boston. New york. Columbus. New York. Number Theory. and A. I.Ohio.. D. 4. 1966. Davenport. New York. The Theory of Numbers and Diophantine Analysis. E. 1970. T. 1970. Elementary Number Theory. Dickson. 8. E. 10. Cambridge University Press. R. Apostol. Recreations in the Theory of Numbers. Academic press. A. 1982. H. 3. Elementary Number Theory. SpringerVerlag. Dov er . New Y o rk . New York 1957 (reprint of the original 1929 edition). Bolker. W. H. . 1976. R. Shafarevich.1g76. R' G. prindle. 2nd ed.Bibliography BOOKS Number Theory l' 2. Carmichael. B. I l. Beiler. New York. t976. Andrews. Saunders. Allyn and Bacon. Barnett. L. Borevich and I. 5. Intoduction to Number Theory. Adams and L. 13. 6. Z. 1 9 5 9 (re p ri n t o f th e o ri gi nal 1914and l 9l 5 edi ti ons). A. Boston. weber. Burton. E. 438 Dover.Cambridge. D. Elements of Number Schmidt. Benjamin. Goldstein. 5th ed. K. Random House. LeVeque.A. 1 9 1 9 . K. G.EnglewoodCliffs. Ore. Niven and H. 982. l. Ireland and M. McGraw-Hill. Rademacher. Ribenboim.Spri nger-verl ag. Long. ed. 1974' 2 4 ..W a s h i n g to n . ed. New York. Oxford University Press. Theory. Springer-verlag. E . 1977 Reading. I 948. . 1982' I Y um berT heo ry . Chelsea.reprint Krieger. six volumes. t'7.Massachusetts. 1981 Theory of 1 8 .. . Addispn-Wesley. 29. G . A.Springer-Verlag. W i l e y . R.Bi b l i ogr aP hY 439 N ew Y ork' 1 4 . ew Y ork.9 7 2 . (no date)' 25..M a s s a c h u s e tts . W ri g h t. New York' t967. W. Guy.Markham'Chicagol970. Landau. A n In troducti on to the Oxford. L Rosen. New Jersey.New York 26. Lex in g to n . Theory of Numbers. M .Gioia. Matthews. 1919' 5th 1. 20. springer-verlag.Topics from the Theory of Numbers. Hua.1970' 30..1-JLectures on Fermat's Last Theorem. J. An Introduction to the Theory of Num ber s . T. M . Byrkit.C .{umbers.Sp ri n g e r-Ve rl a g . 2nd ed. J. I. Fundamentals of Number Theory. An Invitation to Number Theory. Reviewsin Number TheOry. . A.C hel sea.. Introduction to Number Theory. Elements of Number Prentice-Hall. New York 1 9 . Grosswald. E. O. LeVeque. A Classical Introduction to Modern N e w Y o r k. Blaisdell. w. New York. H. New York 1964. Lectures on Elementary [t{umber Theory. Zuckerman. J.{umber Theory. 28. B. E dwar d s . 4t h e d . H. 2 3 .. Birkhausero 1 6 . Number Theory and its History. L. New Y or k . . R.)nsolvedProblems in l. Pettofrezzo and D. l 982. 1 9 8 0 . Ore. O. . American D M at hem at ic a lS o c i e ty . F e rm a t' s L a s t T h e o re m. 1911 15. C. S.E l e m e n ta ryN u m b e r T h e o ry .TheTheoryofIYttmbers. Elementary Introduction to Number Theory. N 2 1 . 31. . 1977 P. H. 2nd 1 Boston. Har dy a n d E. N e w Y o rk .. 1958' 2 2 . 2l. 1 Heat h. . A. 33. chicago. I. 1979. D. 3 8 . A. Shockley. Markham. Elementary Number Theory. Sierpirlski. Uspensky and 4l' 42. J. Kirch. 1964. Elementary McGraw-Hill. 1970. 1967. New York. Heaslet. Introduction to Number Theory. M.solved and unsolvedproblemsin Number Theory. computers in Number Theory. r9ig. cambridge. A computer Laboratory Manual for Number Theory.New york.440 B i bl i ography 32.. J. 250 problems in Elementory Number Theory. D. M. . 44. 1964. w. E. 1974. International Textbook. New york. PergammonPress. COMPress. vinogradov. computer science press.reprint MIT press. 3 4 . 40. New Hampshire. w. 1977. 3 6 . Theory of Numbers. 3 9 . t 954. spencer. H. Warsaw. Number Theory with Computer Science 4 3 . 4 5 . Chelsea. C' Vanden Eyden. press. lg3g. polski Akademic Nauk. Warsaw. B. Intext.2nd ed. polish ScientificPublishers. A selection of problems in the Theory of Numbers. Pennsylvania. J. 1982. Sierpifiski. Sierpifski. G. D. 197g. Dover. MIT Massachusetts. Massachuseits. Stark. 2nd. Wentworth. Number Theory. M. w. New York. shanks. Rockville. Macmiilan. Stewart. 1970. Malm. M. v. 3 5 . 3 7 . Elementary Theory of Numbers. M. The New York. D. Scranton. Roberts. Maryland. 1964. Holt. Rinehart. and Winston. Number Theory. New york. Elements of Number Theory.cambridge. ed. An Introduction to Number Theory. Elementary Number Theory: A computer Approach. 1g70. . Kullback. Rochelle Park. Wiley. 47. 2nd €d. D.A. Art 2. wiley. D. New 58. J.McGraw-Hill' 1967' . Elements of Cryptanalysis. California. Denning. Laguna Hills. M. Arithmetic and its Applications 59. 1981' A.. 5 2 . N. Algorithms: Their complexity and Efficiency. sinkov. Elementary cryptanalysis. York. Park Press.1982. B. 1979. R. G.AdvancesinCryptography'Dept'ofElectricaland 1982. E. 46. 48.Massachusetts. S. Knuth. Massachusetts. and computers. Art of computer Programming: sorting 1973. Friedman. 1982' America. Addison-wesley. E. Washington. s/atis tical Methods in cryptanalysis. Architecture WileY. Addison wesley. calif.Wesley. Residue to Computer Technology.Univ. Kronsjo. C. codes. New York. 1976. 1978' 49. Szab5 and R. Addison. w. Reading volume Algorithms l98l . D. Mathematical Computer Science 55. Bosworth.Reading. Meyer and S. E. 57. 1979.ed. 50. Macmillan' D. S. Cryptography: A Primer.Bi b l i o gr aP hY 441 CryptographY Hayden.C. A. volume 3. Tanaka. Kahn. Konheim.Gersho. L. Dimension 5 3 . and searching. 'of computer Programming: semi-Numertcal 56. 1966' tn 51. The Codebreakers.the Story of Secret Writing' New York' 1967. Aegean Association of 5 4 . and Design' K. ciphers. New JerseY.. Matyas' Cryptography: A New Computer Data Security. F. New York.D. Computer Arithmetic: Principles. H. California. Hwan g. Wiley' New York' Laguna Hills. computer Engineering. Aegean Park Press. Knuth. Santa Barbara. Cryptography and Data Security. 1982' Reading. Massachusetts. Manitoba. E. H. "New algorithms for computing n(ff). Volume 5 (1983). Hea d . Adleman." Studieweek Getaltheorie en Co[nputers. Wiley. Elementary Linear Algebra. ARTICLES Numben Theory 63. 7 0 . " Mu l ti p l i c a ti o n mo d u l o n . 115I16. 64.. Jr. 2nd ed. telephonecables. Hagis.. P. 6 1 . Lawther. 5." Mathematics of Computations. . 1981. ll2-114. Freund. C. Ll M. C. Pomerancq and R. 7 1 . 1960. "On distinguishing prlime numbers from composite numbers. M. Arfrsterdam. Utilitas." Annals of Mathematics." Bell LaboratoriesTechnical Memorandum TM-82-1 I 218-57. "Sketch of a proof that an odd perfect number relatively 69. 65. K . "Primality testing. Principles of Mathematical Analysis. I ot. 6 8 . Foundations of Analysfs. "Round Robin Mathematicso" American Mathematical tullonthly. 3rd ed.. Volume 46 0983).lE. H. Ewing. Jr. P. "How to factor a number" Proceedings of the Ftfth Manitoba Coderence on Numerical Mathematics.442 Bibliography General 60. New York 1964. Anton. 1-5 September 1980. Landau. Lenstra. 2nd ed. 66. Volume 63 (1 956). Guy.. K. Rudin." 8l -91 . Holland. "An application of number theory to the splicing of American Mathematical Monthly.60. J. t 286243-lis prime. Rumely. New York. Chelsea.. Winnepeg.. V ol ume 20 (tgS O). R.1 W. l A . S. prime to 3 has at least eleven prime factors. H. v o l u m e 1 1 7 ( 1 9 8 3 ) .Yolume 42 (tggS). McGraw-Hill. Stichting Mathematisch Centrum.1 7 3 . W.2 A 6 .New York. J. Jr. 399-404. Odlyzko. 197 49-89. " B IT. 6 2 . J. Lagarias and A." The Mathematical Intelligencer. M. C. Rabin. 4. "The search for primes. 1. R.258-261' Vo Rec r eat ionaM a th e m a ti c s . Volume 7 . Volume 6 09ll)' SIAM Journal for Computing. Williams. algorithm for the discrete logarithm L.73. Volume public key g4. Strassen' "A fast 84-85 and erratum. Rumely."IEEE Proceedings'Spring Compcon" in cryptography"' IEEE 83. Adleman. Volume 2'7th Mersenne prime"' Journal of 77. American Mathematical Sociely.15. M.. L. v In te l l i g e n c e r.probabilistic . algorithms for lesting primality. "Annotated bibliographicalin conventionaland (1983)' 12'24' cryptograpnr. pomerance. number theory.V o l u me 1 2 0 9 8 0 )' of the . Miller.75-93' Ars combinatorica' g0. Diffie and M. 1 8 . "A subexponential Proceedings of the 2ath problem with applications to cryptogiaphy. of . o. Floyd. Cryptologia. Solovay and V." Computers and Mathematics 8 Volume (1982). Slowinski.7." Scientific American' Volume 241(tgSD. H. "searching for the (1 9 18/9). 1 2 8 -138' Num ber T he o ry . "New directions (l976). D./6." Notices 30 (1983). .Recent advances in primality testing. D. "Riemann'shypothesis on the Theory of computing. "Recent developments (l g g l ). H. 1 v o l u m e7 ( 1 9 7 8 ) . "Primalitytestingon a computer". R. 136'147. (1978) 27-185' 5 . "' of thq seventhAnnual Ac:M symposium 234-239. l u m e I I l Monte Carlo test for PrimalitY.1 volume CryptograPhY 81.porium on the Fonia'tioit 60. "coin-flipping by telephone.. C. "The influence of computers with APPlications. Blum." of Computer Science' 1979' 55' Annual Sy*:.75-47. impossible g2. G. w. Hellman. R." Journal M. williams.443 Bi b l i ogr aP hY and testsfor primality Proceedings 72. c. o l u m e 3 ur r ir *" r ic al i' \lq." 7 8 . pomerance.. 97-105. in the develoPment of 7 9 .a protocol for solving 133-137' problems. in primality testing"' The -' C.644-655' 22 on Transactions Idormation Theory. R.University of California. 8 6 . A. The Mathematical Gardner. 9 5 .. R. volume ll Q 979) . Shamir. Rabin. wadsworth International.nce. . and L. Belmont. Volume 2 (19g0). R. "Concerning certain linear transformation apparatus of cryptography.An improved power encryption method." l 3 5 -15 4 .. "Hiding information and signaturesin trapdoor knapsacks. D. ed. and . Hellman. 8 8 .ryptog. "How to cheat at mental poker. A. Lipton. "A method for obtaining 9 6 . Hellman. Gordon. "Mentar poker. A. M. American Mathematical Monthl y. o. digital signaturesa1d public-key cryptosystems... M. L. Hellman.. Transactiins in Idormatioi 90. 28 5 -3 0 3 . V ol ume 3g (1931). E. c." communications of the ACM. "cryptology in transition. Shamir. 6 1 2 -6 t3 . r45-r52. L. Theory.." Information Privacy.. 9 4 . R. V olum e 22 0 9 7 9 ).upt i. S. Department of computer Science." MIT Laboratory for computer science Technical Report LCS/TR-212. L. "How to share a secret. A. A. M. l7g-fg4. Shamir. Adleman. 9 2 .t 5 7 . significance. shamir. M. Volume 2t (1979). "Digitalized signatures and public-key functions as intractable as factorization." computing surveys. 9 3 . Lempel. 1979. 8 9 . roC_iio. Hill. J. Volume 241 (1979) t 4 6 . "Use of intractable problems rn cryptography. Adleman. California. "The mathematics of public-key cryptography. Klarner." proceedings of the 2ird Annual symposium of the Foundations of computeiscie. cambridge. volume 24 (rgj"$.' IEEE Transactionson Information Theory. 198l. Rivest." communications of the ACM. and L. Rivest. Berklir'y. E. tZO-126. Pohlig and M. rg7g. A. 37-43. 5 2 5 -5 3 0 ." unpublished reports. Massachusetts. 9 1 ." IEEE V olum e 24 (1 9 7 9 ).444 B i bl i ography 8 5 . "An improved argorithm for computing logarithms over GF(p) and its . uA polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem." Scientffic American. 8 7 . J. s. Merkle and M.

l0 Divides. 122 Hashingfunction. 76 multiple (of n integers). .-.b) (a 1.kJ (a1ra1r-1. y ) p'lln ta 1 . 8 Product. I l9 Congruent (of matrix). Baseb word size.. 9 Binomial coeficient. anl F. 141 Euler'sphi-function. 20 Greatest 27 exPansion. l2l Adjoint. a = b(mod z) a # b(mod nr) a A:B(modra) 7 I adj Ca) h (k) 6h) . 38 Number of Primes. .a2. l2l Inverse Identity lnatrix.a2. l6l II l*) It olb olt lxl t. 72 Maximum. 33 Computer Big-O notation. 5 5 Fibonaccinumber. 47 Greatestcommondivisor.r(.x) G..9l Not congruent.List of SYmbols t 2 nt Summation. . 72 Exactlydivide.7 7 Leastcommon Fermatnumber.. 7 2 Minimum.. 5 3 Greatestcommondivisor (of n integers).bl min(xy) ma x( x .afl0) t ov) . 19 integer. 81 Congruent. 5 Factorial..91 Inverse. . 19 Doesnot divide. 104 (matrices).an) un la. 60 Least commonmultiPle.

. 314 BaseD expansion.a1. 2g0 Legendre symbol..1 r Fn Iag. I74 Number of divisors function 17s ..212 Orderof a modulom. 354 Infinite simplecontinued fraction. at . 3i4 Conjugate.e111 Ck : Pr/qr [ a g . 172 Miibius function.List of Symbols dln Summation overdivisors.a2.. 362 Periodic continued fraction. .a * .. 289 f*s ph) o(n) r(n) ME*(P) D*(c) ord.. l b lLl lp ) r) Jacobi symbol. 6 343 Fareyseries ordern. Mersenne number.. 377 Iag. 351 Convergent a continued of fraction. c r .ZI2 Deciphering transformation. . .) 6 ( ..ffifr|' r.269 Maximal +l . 252 Minimal universal exponent.a I(n ) X6(n ) |t Is-l ln J (c p2ca.l g2 Enciphering transformation. 341 Periodic base expansion. 349 of Finitesimple continued fraction. Z3Z Index of a to the baser... c1 . ...exponent.a ind. 173 Sum of divisors function. a z . . 170 Dirichletproduct..o Q.

2. 107 Cicada. 185 Approximation. 215 RSA.69 Arithmetic progression. 38. 212 substitution. 34 Casting out nines.39 Binary notation. 19'l public-key. 208 Common ratio. 134 Character ciPher.ancient. fundamental theorem of. 188 block. 43 for modular exPonentiation. 2 5 Balanced ternary exPansion.107. 224 knapsack. 30 Base. 37 | by rationals. l0 Binomial theorem. 369 Arithmetic function. I l4 Bit operation. 174 Affine transformation. 101 Coefficients. 174 . 142 Coconut problem.341 Best rational aPProximation. 198 Caesar. 27 Binomial coeffficient. 152 Carmichael number. 155'272 Carry. 27 Block cipher. 188 Clustering. 38 Bits. 298 Collatz conjecture.212 Rabin. 12 Biorhythms. periodic. 166. 134 Gregorian. 135 International Fixed. 205 Hill. 189 character. 189 transposition.1 . 33.39 for subtraction. 198 product. 142 Common key.Julius. 27. 221 monographic. 189 digraphic. 35. primes in. 204 Vigndre.lndex Absolute least residues. 189 Caesarcipher.418 Arithmetic. 67 Amicable pair. 371 Big-O notation. 198 Borrow.41 for matrix multiPlication. 93 Completelyadditive function. 35 Caesar. l9l Algorithm.58 division. 2. 197 Ciphertext.binomial. 2. 189 Chinese. 58 for addition. 74 AutomorPh. 198 exponentiation. 33 for division. 198 iterated knapsack. 24 Collision. 114 B a b y l o n i a n s . 27 BaseD expansion. 93 Abundant integer. 3'7. 10 Coin flipping. 189 Calendar. best rational. 5 Complete system of residues. 19 Euclidean. 138 Cantor expansion. 34 least-remainder. Chinese remainder theorem. 30 Card shuffiing. 5'l Cipher. 185 Additive function. 189 polygraphic. 97 for modular multiPlication. 100 for multiplication.

gl linear. 30 continuedfraction. 39 of subtraction. Ccllatz. l8 Divisibilitytests. g5 Euler's theorem. 2. 188 Encryption. 398 Diabolic matrix. 185 Descent. 290 Euler's factorizationmethod. I Euclideanalgorithm. 213 Decryption. 43 of multiplication. I l9 Congruenceclass. 2. 280 Exponentiation cipher. 62 of division. base b. 188 Cryptology. G. 39 Computer arithmetic. diophantine.391 linear. 102 of matrices. 5g Euler.. 141. 404 Eratosthenes.109 Computer files. 4ll Factorial function. 172 Dirichlet's theorem on primes in arithmetic progression. 341 t l-exponent.79 Draim. 374 425 purely periodic. 27 Cantor. 74 Dirichlet product.304 Enciphering.109 Congruence. 39 of Euclidean algorithm.45 Computationalcomplexity. lZ9 Division algorithm.I l5 C r y p t a n a l y s i s . 374 terminating.448 Index Completelymultiplicative function. 24 Goldbach. 86. 3g3 simple. 27 Deciphering.1 8 8 Cryptography. 354 Coversionof bases. 362 periodic. sieveof.227 Computer word size. 351 infinite.l 67 l Euler pseudoprime. 350 periodic base b. 74 Divide. l8 Factor table. 33. 1. 143 Draim factorization. 262 Database.proof by. 161 Exactly divide. 86 Pell's.4 of matrix multiplication. 69. 186 Decipheringkey. Lejeune. 188 Deficient integer. 44 Electronic poker.351 Convergent. 209. 350 finite. 86 Dirichlet. 134 Decimal notation. 166 Composite. 50 Conjugate. i6 Expansion. 227 Day of the week. 92 Conjecture. 33. 188 Equation. Zg Coveringset of congruences. I Eratosthenes. 377 Continued fraction.6l . l8 Divisibility. 188 Cubic residue. 3g of addition. 205 Factor. 84 Euler. 325 Euler'scriterion. g4 Duodecimal notation. I Eu l e rphi -functi on. l9 Divisor. 198 Diophantineequations. 127 Digraphic cipher. l8 Double hashing. 8 Factorization. 343 periodiccontinuedfunction. L. 86 Diophantus.46 Euclid. 85 .

16 square-free. 141 Hexadecimal notation.215 Faltings. 76 Hill cipher. 219 Frequencies. 3 0 2 .. 80 F e r m a t n u m b e r . 4 Infinite simple continued fraction. 166 completely additive. 161 factorial. 202 of polygraphs. 17. 203 Function.lndex Fermat. 50 Goldbach's conjecture.36'l Jacobi symbol.. 68 Fibonacci pseudo-randomnumber generator. 175 sum of divisors. 27 Hilbert prime. tower of. 398 Fermat's little theorem. 148 Fibonacci. 252. Incongruent. Mobius. 1. 9l Index of an integer. 60 Fibonacci numbers. 141 double. 5 Index system. 8 greatest integer. 2. mathematical. 158 Generalized Fibonacci numbers. 69 speedof. G. 60 generalized. 213 enciphering. 212 mastero 228 public. 133 powerful. 126.G. 67 Gauss.421 Index of summation. 174 arithmetic. 304 Hashing function.244 Irrational number. abdundant. 174 Fundamental Theorem of Arithmetic. l2l principle of. 362 Infinitude of primes. additive. 20 Greeks. 152 Fermat's last theorem.185 deficient. 31 Fermat prime. 193 of digraphs. 336. 349 Fermat. 45. ancient. l4l common. de. 68 Geometric progression. 141 Liouville's 174 . 80. 69 Game of Euclid. l7 4 completely multiPlicative. 208 deciphering.51 Inclusion-exclusion. 68 prime-power. 53 Greatest integer function. J.75 Inverse of an arithmetic function. 3l Key. 262 Induction. 152 Gauss'lemma. 314 Kaprekar constant. 8l Fermat quotient. 104 Inverse of a matrix modulo nr. 400 Farey series.47 Gauss' generalization of Wilson's theorem. l'73 multiplicative. l'l Hashing.397 Fermat factorization. t73 Inverse modulo lrr. 20 hashing. 198 Identity matrix modulo z. 185 palindromic.C. 8 1 . of letters. 80 prime.82 Integer. 293 Generalized Riemann hypothesis. 2 Hadamard.C. 5 Goldbach. 208 . l2I Involutory matrix. 50 Greatest common divisor. 48 Hanoi.. 143 quadratic. P. 166 number of divisors. 166 Euler phi.. 212 shared.

62 Lam6's theorem. 336 superperfect. 8l Fibonacci. 3l I Perfect number. 232 Pairwise relatively prime. 221 Knapsack problem. 147 Lagrange interpolation. 156 Minimal universal exponent. 27 Operation. 173 Modular exponentiation.25 Mersenne.5. 37 Partial quotient. 228 Mathematical induction.M. 52 Mersenne. 186 Number of divisors function. 3l Notation. bit.l70 Number. 186 Kronecker symbol. 378 Lagrange's theorem (on polynomial congruences) 219 . 180 rational. 189 Monkeys. 182 Mersenne number. 114 Logarithms modulo p.2'12 Fermat. 126 Matrix multiplication. 404 Pepin'stest. 275 Miller's test. 336 Lucas-Lehmertest. 54 greatest common divisor as a. 175 Octal notation. 44 hexadecimal. 102 Linear congruential method.39 matrix. 133 Partial remainder. big-O. 67 Legendre symbol. 182 perfect. 166 Multiplicative knapsackproblem. l0l Multiple precision. 242 Lagrange's theorem (on continued functions). 183 Lucky numbers. 56 Palindromic integer. 336 k-perfect. 226 Mutually relatively prime. 54. 43 Maximal t1-exponent.. 207 Lowest terms. 1. 38 Order of an integer. 280 Mayans. 182 Mersenne prime. 297. 62 Law of quadratic reciprocity. 4 Matrix. 219 k-perfect number. Carmichael. 127 Master key. 173 Mobius inversion formula. 52 Magic square. 351 Pascal'striangle. 97 Monographic cipher. 43 Multiplicative function.63 Linear congruence. 324 k th power residue. 180 Period. 289 Lemma. 93 Least-remainder algorithm. 293 Linear combination. 398 Middle-squaremethod. 155. 269 Mobius function. . 27 duodecimal. 275 Liouville's function. 68 irrational. involutory. 27 product. 256 Lagrange. 97 algorithm for. 9 summation..450 Index Knapsack cipher. 35.314 Least common multiple. G. 27 octal.. 38 binary. 182 Method of infinite descent. Lam6. Gauss'.J. 56 Nim. 33 Multiplication. 60 generalizedFibonacci. 12 Pell's equation. 186 lucky. 72 Least nonnegativeresidue. 27 decimal.

absoluteleast. 212.304 Quadratic residue. 325 strong. 158'334 Probing sequence. knapsack.2. 182 Wilson.374 Pseudoprime. 3 0 3 Rabin's probabilisticPrimalitY t e s t . 279 linear congruential.165 Residue. 227 Recursivedefinition. 275 number generator' Pseudo-random Fibonacci. 277 c Public-key iPher. 92 well-ordering. 162 Reducedquadratic irrational. 343 of a continued fraction. 8 Probabilisticprimality test.3 4 Rational number. 384 ReflexiveproPertY. 157 Pseudo-randomnumbers. 152 Prime number theorem. 93 complete sYstemof. 45 Mersenne. 374 Periodic base b exPansion. 143 Problem. 5'l Periodiccontinuedfraction. 297. 343 Primality test. 92 Regular polygon. 93 reduced. l9 Repunit. 275 pure multiPlicative. 188 Poker. 83 Relativelyprime. 93 quadratic.153 Euler. 288 Quotient. 304 Quadratic irrational. 56 Remainder. 92 symmetric. 198 Powerful integer.288 Quadratic reciProcitYlaw. 1 triPle. Principle second. 391 Pythagorean theorem. 68 R a b i n ' sc i p h e r s y s t e m . 172 Product ciPher. 153.263 probabilistic. 2. 2 1 5 . 158. infinitude of. Dirichlet. 288 Residues. 8 Reducedresiduesystem. 391 Pythagorean Quadratic hashing. reflexive.lndex 451 of a base b exPansion. 53 mutually. 336 Read subkeY. 238 Round-robintournament.334 Primes. 162 Root of a polynomialmodulo rn. 4 Pseudoconvergent. 69 Primitive root. 375 Quadratic nonresidue.212 Purely periodiccontinuedfraction' 383 Pythagoras.304 PolygraphicciPher. 351 Rabbits. 343 Periodic cicada. l9 Fermat. of mathematicalinduction. 139 RSA cipher system.45 Fermat. constructabilitY. 391 Primitive Pythagorean l7 Principleof inclusion-exclusion.243 42O triPle. 76 74 in arithmetic Progressions. 192 Property. 76 Prepperiod. 262 k th power.274 Second princiPle of . 226 Product. 209. l52 partial. 275 middle'square. 47 Prime-power factorization. 234. 2 1 4 . 92 transitive. cubic. 256 least nonnegative. I 5 8 . 374 Plaintext. 8l Hilbert. 56 pairwise. 219 multiplicativeknaPsack. 1. 133.

problem of. 324 Legendre. 33. 147 Gauss' generalization of. Jacobi. l6l Fermat's last. 284 Spread of a splicing scheme. 17 Transitive property. 284 Terminating expansion. 183 Miller's. 228. 266 Sum of divisors function. 391 Twin primes. 74 Eulerns. 156 Pepin's. 227 write. 2.263 probalisticprimality. 147 Threshold scheme. 147 Wilson prime. binomial. 92 Transpositioncipher. 129 Lucas-Lehmer. 341 Test. 93 reduced.334 Theorem. l9l Shifting. 62 Wilson's. 228 Shift transformation.104 Write subkey. 314 Kronecker.218 probabilistic Solovay-Strassen primality test. 5 Super-increasingsequence. read.243 Tower of Hanoi. l2 Pythogrean. 186 Symbol. Vignrire ciphers. 158.4s2 lndex mathematical induction. 22'l . 284 Square-free integer. 216. 107 Dirichlet's. 92 System of residues. 174 Summation notation. 152 Word size. 8 Seed.. 30 Well-ordering property. 227 Substitution cipher. 334 Splicing of telephonecables.1 Telephonecables.46 Signature.107. 189 Succinct certificate of primality. 12 Chineseremainder. de la. 7 5 Strong pseudoprime. 152 Wilson's theorem. 162 l6 System of congruences. 378 Lagrange's (on polynomial congruences). 153. 148 Lagrange's (on continued fractions). complete. 4 Wilson. 48 C. 204 Triangle. 276 Shadows. 3l I primality. divisibility. 269 Vall6e-Poussin. 50 Universal exponent. 35 Sieve of Eratosthenes. 197 Weights. J. Pascal's. 289 Symmetric property. 239 Lam6's. 216 Signed message. 157 Subkey. 398 Fermat's little. 22O Superperfect number.