(AMS - MAA Textbooks Volume 39) Campbell, Duff - An Open Door To Number Theory-Mathematical Association of America (2018)

AMS / MAA TEXTBOOKS VOL 39
An Open Door to
Number Theory
Duff Campbell
An Open Door to
Number Theory
AMS / MAA TEXTBOOKS
VOL 39
An Open Door to
Number Theory
Duff Campbell
Providence, Rhode Island

Committee on Books
Jennifer J. Quinn, Chair
MAA Textbooks Editorial Board
Stanley E. Seltzer, Editor
Bela Bajnok William Robert Green John Lorch
Matthias Beck Charles R. Hampton Virginia A. Noonburg
Otto Bretscher Jacqueline A. Jensen-Vallin Jeffrey L. Stuart
Heather Ann Dye Suzanne Lynne Larson Ruth Vanderpool
2010 Mathematics Subject Classification. Primary 11-01,
11A05, 11A07, 11A15, 11A41, 11A51, 11A55.
For additional information and updates on this book, visit

www.ams.org/bookpages/text-39
The cover photograph is courtesy of Kristin McCullough/Moonlight Photography.

All illustrations in this book were made by the author using Mathematica software.
Library of Congress Cataloging-in-Publication Data

Names: Campbell, Duff, 1959– author.
Title: An open door to number theory / Duff Campbell.
Description: Providence, Rhode Island: MAA Press, an imprint of the American Mathematical
Society, [2018] | Series: AMS/MAA textbooks; volume 39 | Includes bibliographical references
and index.
Identifiers: LCCN 2017055802 | ISBN 9781470443481 (alk. paper)
Subjects: LCSH: Number theory–Textbooks. | AMS: Number theory – Instructional exposition
(textbooks, tutorial papers, etc.). msc | Number theory – Elementary number theory – Mul-
tiplicative structure; Euclidean algorithm; greatest common divisors. msc | Number theory
– Elementary number theory – Congruences; primitive roots; residue systems. msc | Num-
ber theory – Elementary number theory – Power residues, reciprocity. msc | Number theory
– Elementary number theory – Primes. msc | Number theory – Elementary number theory
– Factorization; primality. msc | Number theory – Elementary number theory – Continued
fractions. msc
Classification: LCC QA241 .C2725 2018 | DDC 512.7/2–dc23
LC record available at https://lccn.loc.gov/2017055802
Color graphic policy. Any graphics created in color will be rendered in grayscale for the printed
version unless color printing is authorized by the Publisher. In general, color graphics will appear
in color in the online version.
Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting
for them, are permitted to make fair use of the material, such as to copy select pages for use
in teaching or research. Permission is granted to quote brief passages from this publication in
reviews, provided the customary acknowledgment of the source is given.
Republication, systematic copying, or multiple reproduction of any material in this publication
is permitted only under license from the American Mathematical Society. Requests for permission
to reuse portions of AMS publication content are handled by the Copyright Clearance Center. For
more information, please visit www.ams.org/publications/pubpermissions.
Send requests for translation rights and licensed reprints to reprint-permission@ams.org.

c 2018 by the American Mathematical Society. All rights reserved.
The American Mathematical Society retains all rights
except those granted to the United States Government.
Printed in the United States of America.

∞ The paper used in this book is acid-free and falls within the guidelines
established to ensure permanence and durability.
Visit the AMS home page at http://www.ams.org/
10 9 8 7 6 5 4 3 2 1 23 22 21 20 19 18
To my grandfather, LeRoy Archer Campbell
Contents
1 The Integers, Z 1
1 Number systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Rings and fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Some fundamental facts about Z and N . . . . . . . . . . . . . . . . 7
4 Proofs by induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5 The binomial theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6 The fundamental theorem of arithmetic (foreshadowing) . . . . . . . 26
7 Divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
8 Greatest common divisors . . . . . . . . . . . . . . . . . . . . . . . . 31
9 The Euclidean algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 33
10 The amazing array . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
11 Convergents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
12 The amazing super-array . . . . . . . . . . . . . . . . . . . . . . . . 49
13 The modified division algorithm . . . . . . . . . . . . . . . . . . . . . 56
14 Why does the amazing array work? . . . . . . . . . . . . . . . . . . . 58
15 Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
16 The proof of the fundamental theorem of arithmetic . . . . . . . . . 64
17 Unique factorization in other rings . . . . . . . . . . . . . . . . . . . 68
2 Modular Arithmetic in Z/mZ 71
18 The integers mod m, Z/mZ . . . . . . . . . . . . . . . . . . . . . . . 71
vii
viii Contents
19 Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
20 Units and zero-divisors in Z/mZ . . . . . . . . . . . . . . . . . . . . 81
21 Cancellation law in Z/mZ . . . . . . . . . . . . . . . . . . . . . . . . 85
22 Solving linear equations in Z/mZ . . . . . . . . . . . . . . . . . . . . 87
23 Solving polynomial equations in Z/mZ . . . . . . . . . . . . . . . . . 88
24 Solving systems of linear equations in Z/mZ . . . . . . . . . . . . . . 95
25 Lifting roots in Z/pn Z . . . . . . . . . . . . . . . . . . . . . . . . . . 103
26 Wilson’s theorem and its converse . . . . . . . . . . . . . . . . . . . 108
27 Calculating ϕ(n) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
28 Euler’s and Fermat’s theorems . . . . . . . . . . . . . . . . . . . . . 115
29 The order of an integer modulo m . . . . . . . . . . . . . . . . . . . 118
30 Divisibility tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
√
3 Quadratic Extensions of the Integers, Z[ d] 127
31 Divisibility in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
32 The Euclidean algorithm in Z[i] . . . . . . . . . . . . . . . . . . . . . 130
33 Unique factorization in Z[i] . . . . . . . . . . . . . . . . . . . . . . . 135

√
34 The structure of Z[ 2] . . . . . . . . . . . . . . . . . . . . . . . . . . 138
√
35 The Euclidean algorithm in Z[ d] . . . . . . . . . . . . . . . . . . . 140
36 Factoring in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
37 The primes in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
4 An Interlude of Analytic Number Theory 153
38 The distribution of primes in Z . . . . . . . . . . . . . . . . . . . . . 153
5 Quadratic Residues 157
39 Perfect squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
40 Quadratic residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
41 Calculating the Legendre symbol (hard way) . . . . . . . . . . . . . 167

Contents ix
√
42 The arithmetic of Z[ −2] and the Legendre symbol −2
p . . . . . . 169
43 Gauss’s lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
44 Calculating the Legendre symbol (easier way) . . . . . . . . . . . . . 174

√
45 The arithmetic of Z[ −3] . . . . . . . . . . . . . . . . . . . . . . . . 180
46 The arithmetic of Z[ρ] . . . . . . . . . . . . . . . . . . . . . . . . . . 182
47 Calculating the Legendre symbol (easiest way) . . . . . . . . . . . . 193
48 The Jacobi symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
6 Further Topics 203
49 When Z/nZ has a primitive root . . . . . . . . . . . . . . . . . . . . 203
50 Minkowski’s theorem (geometry in the aid of algebra) . . . . . . . . 208
Appendix A Tables 223
Appendix B Projects 233
Bibliography 279
Index 281
Preface
One of my graduate school professors said, on the first day of our number theory
course, that in other courses he could adapt himself to some standard texts in the
field, but in number theory, which was his discipline, he needed to present the
material in the way he thought best, which would not match any textbook. This
book grew slowly, over many years, as I wrestled with how to present number theory
in the way that I saw it, and no existing textbook could fit that vision. Number
theory is the study of the integers, which can make it sound easy and shallow.
It isn’t. Kronecker said, “God made the integers, all else is the work of man.”
Leaving God out of it, one thing having children has taught me is that the natural
numbers (1, 2, 3, . . . ) are in fact very natural to human beings. We count things,
automatically, from a very early age. More complicated operations like addition
and multiplication come along later, but the integers provide a very comfortable
place for calculations. Thus one of the themes of this book is to emphasize not just
theory, but also actual calculations with numbers. I have always been a generalist
in mathematics, and one aspect that attracted me to number theory is how, though
firmly set in the algebra part of mathematics, number theorists have always reached
out to use other branches of mathematics: geometry, real and complex analysis,
differential topology, functional analysis, etc. Particularly in the projects, I have
tried to show how number theorists use these tools from other areas of mathematics.
This text is intended for a one-semester course in what is often called elementary
number theory; its intended audience is students at the sophomore or junior level
in college who may not have taken abstract algebra but who have some knowledge
of what it means to write a proof. I try to cover essentially the whole book during
a semester-long course, but I would consider Sections 12, 14, 29, 30, 38, 48, 49,
and 50 optional. (I personally sacrifice other aspects of the book in order to get to
Section 50 at the end.) I have tried to put as much as possible into the exercises,
since we learn best by doing things ourselves. On a similar note, I have included
nine projects; I usually assign four during a semester-long course. The projects are
intended to give students an opportunity to wrestle with larger problems than they
might see in the exercises, and also to give some exposure to topics not normally
covered in an undergraduate course. At least two possible projects are missing at
present: a project on elliptic curves and another on quadratic forms. The former
is difficult to introduce without some preliminaries (and definitions) from abstract
algebra; writing the latter eluded me, though there are so many exercises involving
quadratic forms throughout the book that I think their importance has been made
clear.
xi
xii Preface
Readers of this book may be surprised, disappointed, or puzzled to see very little
of the history of number theory, or biographies of mathematicians, included. Such
extra material is traditional in a book of this sort, but I have decided to omit it.
Partly that is because there are so many great resources available nowadays. Please
do visit, for example, the excellent website at the University of St. Andrews.
Sir Isaac Newton said, “If I have seen further it is by standing on the shoulders
of giants,” and that is certainly how I feel about this book. I am indebted to any
number of people whom I have learned from: professors such as Andrew Wiles,
Barry Mazur, David Rohrlich, and Ralph Greenberg; authors such as Tom Apos-
tol, Harold Edwards, G. H. Hardy and E. M. Wright, Erich Hecke, Neal Koblitz,
and Daniel Marcus; friends and peers such as Patricia Pacelli, Ryota Matsuura,
Michelle Manes, Mike King, and Caleb Shor; and all the students who have studied
number theory with me at Boston University, West Point, and Hendrix College. A
special thank you goes to Olivier Kwizera, who helped tremendously with writing
a solutions manual for this textbook. Above all I would like to mention my dis-
sertation advisor, Glenn Stevens, who knows what a debt this book and I owe to
him; and Deb Hughes Hallett and Paul Blanchard, who despite showing me how
much work it is to author a textbook, inspired me to follow them down that same
difficult path. I couldn’t have written this book without a lot of inspiration from
all of these people and many others. I would also like to thank my wife, Beth
Levi, and my children, Eva and Rafael, for their love and support. Finally, I thank
Hendrix College: teaching here has been a joy, and my sabbaticals in 2006 and
especially 2014 were just what I needed to finish this book. I very much appreciate
the support and encouragement I have gotten here over the last seventeen years.
Duff Campbell
Hendrix College
Notation
We will use the following in this book; see your instructor if you don’t understand
something here.
=⇒ means “implies”
⇐⇒ means “if and only if” so each side implies the other (two proofs)
∈ means “is an element of”
⊆ means “is a subset of”
∀ means “for all”
∃
means “there exists”
means “add up all such things,” depending on the limits at the top and bottom
means “multiply all such things,” depending on the limits at the top and bottom
f : D → C means that f is a function from the domain, D, to the co-domain, C,
so f takes in elements of the set D as inputs, and then outputs elements of the
set C
x means “round x down to the nearest integer ≤ x”
In this book we will use to mark the ends of proofs.

The symbol will mark the ends of examples.
Chapter 1
The Integers, Z
1 Number systems
When humans first started using numbers, they probably used the counting or
natural numbers, N, first. These are the numbers in the set
N = {1, 2, 3, . . .}.
With these numbers one can do many useful things, like count cattle, levy taxes, or
build pyramids and temples; also mathematical things like add and multiply, but
we can’t always subtract. What is 5 − 5? We need a new number, call it zero, to
mean nothing. Then we get the whole numbers,
W = {0, 1, 2, 3, . . .}.
Now we still have trouble subtracting—what is 6−9? So we invent negative integers
and call the new system the integers:
Z = {. . . , −3, −2, −1, 0, 1, 2, 3, . . .}.
The symbol Z is from Zahlen, German for “number.”
Now we can add, subtract, and multiply, but we can’t always divide: 6 ÷ 3 = 2,
but 6 ÷ 5 = ? So we invent fractions, or rational numbers:

p
Q= : p, q in Z, q = 0 .
q
(Actually, this definition is incomplete, since, for instance, 36 is considered to be the
same number as 12 , but we will ignore that complication for now.)
Using Q, we can solve equations like 3x − 7 = 0, but what about x3 − 7 = 0? If we

throw in all√solutions to all polynomial equations (with integer coefficients), we get
things like 3 7, which are called roots, or more complicated numbers like
√ √
4 5− 43
8 + 2 − 85
√ .
3+2
1
2 Chapter 1. The Integers, Z
Those are the algebraic numbers, denoted A or Q, which is where most algebraic
number theory in fact occurs. But there are other ways of proceeding from Q.
What is π? It doesn’t solve a polynomial equation with integer coefficients, so it

isn’t “an algebraic number”, but we can find (or approximate) it on the number
line. We write
π = 3.1415926 . . .
to mean that the rational numbers 3, 3.1, 3.14, 3.141, etc., approach π as a limit.
This is the basis for calculus and analysis, the idea of a limit. This fills in the holes
in Q and gives us the real numbers
R = {all real numbers} = {x : −∞ < x < ∞}.
So when proceeding from Q we have two choices: fill in the algebraic holes, or fill
in the geometric holes. We can fill in these holes in either order; if we do both,
we will get the complex numbers, C. Define√ i ∈ A as a solution to the equation
x2 + 1 = 0, so i can be thought of as i = −1. It turns out that we can picture C
as a two-dimensional plane and write
C = {a + bi : a and b are real numbers}

= {a + bi : a, b in R},
where a + bi corresponds to the point (a, b) in the plane.
Each set of numbers N, W, Z, Q, A, R, is a subset of C (see Figure 1). In this

book we are mainly going to be concerned with N, Z, and number systems that are
related to them. Some of these number systems are subsets of C, but some are not.
C
@
@@
A R
@
@
@
Q
Figure 1: A hierarchy of sets

2. Rings and fields 3
Exercises
1. Write a precise definition of the set of rational numbers. Include in your
definition formulas for the addition, subtraction, multiplication, and division
of two rational numbers.
√ √ √ √
2. Show that 2, 3, and 2 + 3 are algebraic numbers by finding three
polynomials with integer coefficients for which these numbers are roots.
√ √ a
3. Show that 2 ∈ Q by ruling out the possibility that 2 = for integers a
b
and b. Why may you assume that a and b are not both even?
4. Show that if n is an odd integer, then n2 − 1 is an integral multiple of 8.
2 Rings and fields
To formalize two concepts you have encountered many times in your mathematical
career, we define rings and then fields.
Definition 1 A ring R is a set of objects (numbers) with two operations (usually

called “addition” and “multiplication”) and seven properties:
1. Closure under addition: a + b ∈ R for all a, b ∈ R.
2. Closure under multiplication: a · b ∈ R for all a, b ∈ R.
3. Existence of the additive identity (zero): there is 0 ∈ R such that 0 + a = a

for all a ∈ R.
4. Existence of additive inverses: for each a ∈ R, there exists b ∈ R such that

a + b = 0.
5. Commutativity of addition: a + b = b + a for all a, b ∈ R.
6. Associativity: (a + b) + c = a + (b + c) and (a · b) · c = a · (b · c) for all a, b,

c ∈ R.
7. The distributive laws: a · (b + c) = a · b + a · c and (b + c) · a = b · a + c · a for

all a, b, c ∈ R.
If, moreover, we have
8. Existence of the multiplicative identity (one): there is 1 ∈ R, such that 1 · a =

a · 1 = a for all a ∈ R,
then R is called a ring with identity.

The sets Z, Q, R, A, and C are all examples of rings with identity, as is the set of
n × n matrices with entries in Z (or in Q, or in R, or in A, or in C). In general, the
ring of n × n matrices with entries in a ring R is denoted Mn (R).
An example of a ring without identity is 2Z, the set of even numbers. You may also
know about a set that is almost a ring, with different operations than what you
might think of at first: the set of vectors in three-space, R3 , with vector addition
and the cross-product; but there we have a problem with associativity: in general,
(a × b)×c = a×(b × c). An unfamiliar ring is the set of subsets of some fixed
finite set M , with operations set intersection, ∩, and symmetric difference, .
Sometimes we have another property:
9. Commutativity of multiplication: a · b = b · a for all a, b ∈ R.
If we have properties 8 and 9 we call R a commutative ring with identity. (You

should already have seen the non-commutative rings Mn (Z) and Mn (R).)
In this book, when we say ring, we will mean commutative ring with identity
(unless specifically excepted).
Although our definition doesn’t talk about subtraction, we can define a − b in
Definition 2 Given a, b in a ring R, we define −b (pronounced “negative bee”)

as notation for the additive inverse of b. Further, we define subtraction, a − b, as
a − b = a + (−b).
It is a straightforward consequence of the definitions that additive and multiplica-

tive identities are unique and that every element has exactly one additive inverse.
(See exercises.)
We need two further definitions.
Definition 3 In a commutative ring with identity R, an element u is a unit if

it has a multiplicative inverse: if there exists v ∈ R such that u · v = 1. The
multiplicative inverse of u is often denoted u−1 .
Definition 4 A commutative ring with identity, R, is called a field if all non-

zero elements are units. There is an additional, technical requirement that the
multiplicative identity and the additive identity be different (0 = 1).
A consequence of this definition is that in fields, you can always divide (except by
zero): a ÷ b is defined to be a · b−1 . In fact, my mental shorthand for “ring” is “a set
where one can add, subtract, and multiply,” while the equivalent for “field” is “a set
where one can add, subtract, multiply (commutatively), and divide.” This is just
2. Rings and fields 5
shorthand, as it is imprecise and leaves out some crucial facts like distributivity,
but it captures the essence of the definitions.
Some of the number systems we mentioned earlier are rings, some are fields, some
are neither: which is which for N, W, Z, Q, A, R, C?
In rings that are not fields, we will be particularly interested in the units—how
many there are, how they multiply together, how they can be written explicitly,
etc. What are the units in Z, for instance? in Q?
Two examples of rings that you are familiar with are the polynomial rings Z[x] and
R[x]:
Z[x] = {all polynomials in the variable x whose coefficients are integers}
and
R[x] = {all polynomials in the variable x whose coefficients are real numbers}.
In general, the notation R[x] where R is a ring means
R[x] = {all polynomials in the variable x whose coefficients are elements of R}
n

= ai xi : n ∈ W, ai ∈ R .
i=0
We will use these polynomial rings at various times in our study of number theory,
√
but even more often we will look at some closely related rings, for instance Z[ 2]
and√Z[i], which you can think of as polynomials with integer coefficients and powers
of 2 or polynomials with integer coefficients and powers of i. Of course since
√ 2
2 = 2 is an integer, we really don’t have to worry about any powers higher
than the first: for example,
√ if we start with the polynomial 3x3 − 5x2 + x − 7 and
replace each x with 2, we get
√ 3 √ 2 √ 1 √ √ √
3 2 −5 2 + 2 − 7 = 6 2 − 10 + 2 − 7 = 7 2 − 17.
So we really have the following definition:

√ √
Z[ 2] = {a + b 2 ∈ R : a and b are integers}.
By similar reasoning, we can see that
√ √ √
Z[ 2] = {a + b 2 + c( 2)2 ∈ R : a, b, and c are integers}.
3 3 3
Similarly, since i2 = −1 ∈ Z, we get

Z[i] = {a + bi ∈ C : a and b are integers}.
The ring Z[i] will play a fundamental rule in this book; it is known as the ring of
Gaussian integers in honor of Carl Friedrich Gauss, who studied them extensively.
We will explore Z[i] quite thoroughly, but just to show you that things are very
different than they are in Z, we will multiply out (1 + 2i)(1 − 2i): what do you
get? You should get 5 if you do this correctly; so what? The point is that in Z
we know that 5 is a prime, which cannot be factored; yet we have just seen that
in Z[i], which contains Z, 5 is no longer prime! So the differences start showing up
immediately.
Exercises
1. Show that in any ring R, the additive identity, 0, is unique. You might start
by assuming there are two such elements, 0 and 0̂.
2. Show that in any ring R, each element has a unique additive inverse (thus
the notation −a is unambiguous).
3. Suppose u is a unit in R, a ring. Show that the inverse of u is unique (thus

the notation u−1 is unambiguous).
4. Let R be a ring. Using the definition given for R[x], namely that
R[x] = ai x : n ∈ W, ai ∈ R ,
i
i=0
define f + g and f − g and f · g for elements f , g ∈ R[x]. Also write the

additive inverse of f .
5. Below is a list of the primes between 2 and 100. I have indicated which
of them can be written in the form p = x2 + y 2 , for x, y ∈ Z, as well as
which can be written as p = x2 − 2y 2 , which as p = x2 + 2y 2 , and which as
p = x2 + 3y 2 . Fill out the fourth column to indicate which primes can be
written as p = x2 − 3y 2 . Then conjecture a separate rule for each quadratic
form.
Prime p = x2 + y 2 ? p = x2 − 2y 2 ? p = x2 + 2y 2 ? p = x2 − 3y 2 ? p = x2 + 3y 2 ?
2 yes yes yes
3 yes yes
5 yes
7 yes yes
11 yes
13 yes yes
17 yes yes yes
19 yes yes
23 yes
29 yes
31 yes yes
37 yes yes
41 yes yes yes
43 yes yes
47 yes
53 yes
59 yes
61 yes yes
67 yes yes
continued on next page

3. Some fundamental facts about Z and N 7
continued from previous page
Prime p = x2 + y 2 ? p = x2 − 2y 2 ? p = x2 + 2y 2 ? p = x2 − 3y 2 ? p = x2 + 3y 2 ?
71 yes
73 yes yes yes yes
79 yes yes
83 yes
89 yes yes yes
97 yes yes yes yes
You may find the following lists helpful.

Perfect squares: 1, 4, 9, 16, 25, 36, 49, 64, 81, 100, 121, 144, 169, 196, 225,
256, 289, 324, 361, 400, 441, 484, 529, 576, 625, 676, 729, 784, 841, 900, . . .
2y 2 = 2, 8, 18, 32, 50, 72, 98, 128, 162, 200, 242, 288, 338, 392, 450, 512, 578,
648, 722, 800, 882, 968, 1058, 1152, 1250, 1352, 1458, 1568, 1682, 1800, . . .
3y 2 = 3, 12, 27, 48, 75, 108, 147, 192, 243, 300, 363, 432, 507, 588, 675,
768, 867, 972, 1083, 1200, 1323, 1452, 1587, 1728, 1875, 2028, 2187, 2352,
2523, 2700, . . .
3 Some fundamental facts about Z and N
To get the study of number theory going, we need to really nail down the ring Z.
So far, we know it is a commutative ring with identity. But there are many such
rings. Which one, exactly, is Z? We start with an axiom (“trichotomy” means “cut
into three,” from the Greek):
Trichotomy Axiom: In Z, there is a non-empty subset N (the set of positive

integers) that is closed under addition and multiplication, and for any integer a,
one and only one of the following is true:
a ∈ N, that is, “a is positive”;
a = 0;
−a ∈ N, that is, “a is negative.”

√
This distinguished set still isn’t enough to distinguish Z from Q, R, or even Z[ 2],
but the next axiom (our last!) does. First we need a definition:
Definition 5 We say of two integers a and b that “a is greater than b,” written
a > b, ⇐⇒ a − b ∈ N. We also have
⎧ ⎫
⎨ a>b ⎬
a ≥ b ⇐⇒ or ;
⎩ ⎭
a=b
a < b ⇐⇒ b − a ∈ N;
⎧ ⎫
⎨ a<b ⎬
a ≤ b ⇐⇒ or .
⎩ ⎭
a=b
We now state our final axiom for Z:
The well-ordering principle: Every non-empty subset of N has a least element.

That is, if S ⊆ N and S = ∅, then there is m ∈ S such that m ≤ s for all s ∈ S.
This is our bedrock, then: the set of integers, Z, is the unique commutative ring
with identity that has a non-empty subset N for which the trichotomy axiom and
the well-ordering principle holds. We will not show that there is a unique ring
satisfying these axioms, but it is so.
From these axioms we can prove the following:
Proposition 1 For a and b ∈ Z,
a · b = 0 ⇐⇒ a = 0 or b = 0.
First, we need a lemma (a lemma is a small proposition whose main purpose is to

help prove a more important result).
Lemma 1 In any commutative ring R with identity, the following statements are
true for any a and b in R:
1. a · 0 = 0
2. (−1) · (−1) = 1
3. (−1) · a = −a
4. (−a) · b = −(a · b) = a · (−b)
5. (−a) · (−b) = a · b
I want to point out how unusual statement 1 is, and how it should strike you as
a surprising fact, not an obvious one. This says that zero, which is defined purely
in terms of addition, has a very important multiplicative property! This is why we
must use the distributive law in the proof, since that law serves as the link between
addition and multiplication. If the roles of addition and multiplication could be
reversed, we would have the surprising statement that n + 1 = 1 for all integers n!
Proof of Lemma 1.
1. For a ∈ R, we have
0+0=0 by the definition of 0

a · (0 + 0) = a · 0 multiplying both sides by a ∈ R
a·0+a·0=a·0 by distributive property
(a · 0 + a · 0) + (−(a · 0)) adding the additive inverse
= a · 0 + (−(a · 0)) of a · 0 to both sides
a · 0 + (a · 0 + (−(a · 0))) by associativity
= a · 0 + (−(a · 0))
a·0+0=0 by the definition of additive inverse
a·0=0 by the definition of 0
2.
−1 + 1 = 0 by definition of −1
(−1) · (−1 + 1) = (−1) · 0 multiply both sides by −1
(−1) · (−1) + (−1) · 1 = 0 by distributive property and part 1
(−1) · (−1) + (−1) = 0 by definition of 1
((−1) · (−1) + (−1)) + 1 = 0 + 1 adding 1 to both sides
(−1) · (−1) + ((−1) + 1) = 1 by associativity and definition of 0
(−1) · (−1) + 0 = 1 by definition of −1
(−1) · (−1) = 1 by definition of 0
3. For a ∈ R,
−1 + 1 = 0 by definition of −1
(−1 + 1) · a = 0 · a multiply both sides by a ∈ R
(−1) · a + 1 · a = 0 by distributive property and part 1
(−1) · a + a = 0 by definition of 1
((−1) · a + a) + (−a) = 0 + (−a) add −a to each side
(−1) · a + (a + (−a)) = −a by associativity and definition of 0
(−1) · a + 0 = −a by definition of −a
(−1) · a = −a by definition of 0
The last two are now easy: factor −1 out of each negative, and all three quantities
in property 4 become (−1) · a · b; in property 5 we get two −1s, and they cancel
each other by property 2.
Proof of Proposition. (⇐=) Property 1 of Lemma 1 shows that a = 0 or b = 0 =⇒

a · b = 0.
( =⇒ ) We have nine cases, based on applying trichotomy to both a and b:
a∈N a=0 −a ∈ N
b∈N ? ? ?
b=0 ? ? ?
−b ∈ N ? ? ?
Of these nine cases, the first part of this proof has filled in five, and the axiom that
N is closed under multiplication fills in a sixth case:
a∈N a=0 −a ∈ N
b∈N a·b∈N a·b=0 ?
b=0 a·b=0 a·b=0 a·b=0
−b ∈ N ? a·b=0 ?
Using symmetry, we have just two cases left: when a and b are both negative, and
when one is positive and the other negative. When a and b are both negative, we
use statement 5 of Lemma 1 to conclude that a · b = (−a) · (−b) ∈ N. In the case
−a ∈ N and b ∈ N we have −(a · b) = (−a) · b ∈ N, so by trichotomy a · b is negative;
similarly for the last case. Thus we have
a∈N a=0 −a ∈ N
b∈N a·b∈N a·b=0 −(a · b) ∈ N
b=0 a·b=0 a·b=0 a·b=0
−b ∈ N −(a · b) ∈ N a·b=0 a·b∈N
By trichotomy, a · b = 0 implies (a · b ∈ N) and (−(a · b) ∈ N), and since this rules

out the four corners of the grid above, this implies that a = 0 or b = 0.
Proposition 1 is an extremely important property of the integers. For matrices, we

have
−1 3 9 −12 0 0
· = .
−2 6 3 −4 0 0
For the (continuous) functions f , g : R → R defined by

0 if x < π x2 if x < 0
f (x) = and g(x) = ,
sin(x) if x ≥ π 0 if x ≥ 0
the product f · g is the continuous function that is zero everywhere, which serves
as zero (the additive identity) in this commutative ring. So in other rings, we may
have a product of non-zero factors equaling zero; that never happens in Z. We thus
have the following
Definition 6 In a ring R, a = 0 is called a zero-divisor if there is a non-zero b

such that a · b = 0.
Zero-divisors, like units, come in pairs; and in fact the equation for zero-divisors
is x · y = 0 while the equation for units is u · v = 1. Our basic philosophy about
zero-divisors is that they are almost zero. The field of complex numbers, C, has no
zero-divisors, and thus no subring (a subring of a ring R is a subset of R that is a
ring in its own right) of C has any zero-divisors. Zero-divisors will come up quite
a bit in what follows, however.
We may thus rephrase Proposition 1 as “The ring Z has no zero-divisors.”
We now proceed to a handy collection of basic facts about the integers.
Proposition 2 Let a, b, and c be integers.
1. N = {z ∈ Z : z > 0}
2. a > b and b > c =⇒ a > c
3. a > b and c > 0 =⇒ ac > bc
4. there are no integers between 0 and 1
5. If a = 0 then a2 > 0
6. Given a, b > 0, we have a > b ⇐⇒ a2 > b2

⎧ ⎫
⎨ a and b are in N ⎬
7. a · b ∈ N ⇐⇒ or
⎩ ⎭
−a and −b are in N
8. The only units in Z are ±1.
Proof . The proofs of 3 and 6 are left to the reader.
1. This is obvious, from the definition of the symbols > and 0.
2. a > b and b > c =⇒ a−b ∈ N and b−c ∈ N. Thus a−c = (a−b)+(b−c) ∈ N

by closure, so a > c.
4. We know that 1 ∈ N, so N is a non-empty subset of N. Thus N has a smallest

element by the well-ordering principle. Call this smallest element s. We
have 0 < s by part 1. If s < 1, then we would have 0 < s < 1 and so,
multiplying by s, we get 0 < s2 < s by part 2. But s2 ∈ N since N is closed
under multiplication; this is a contradiction to the fact that s is the smallest
element in N. Thus we must have s ≥ 1, and since 1 ∈ N we can’t have s > 1.
Thus s = 1 and we see that 1 is the smallest integer larger than zero. Thus
there are no integers between 0 and 1.
5. Clear from the nine-case box on page 10.
7. Proved earlier.
8. Let u be a positive unit in Z, so u > 0 and u · v = 1 for some v ∈ Z. Then by

part 7, we know v > 0 also. If u > 1 then we get 1 = u·v > 1·v = v > 0, which
contradicts the fact that there are no integers between 0 and 1. Similarly, we
cannot have u < 1; thus we must have u = 1, and so v = 1. Thus 1 is
the only positive unit. However, 1 = u · v = (−u) · (−v) so if u is a unit,
then −u is also. Thus if u is a negative unit, then −u is a positive unit
=⇒ −u = 1 =⇒ u = −1 and so the only negative unit is −1. Zero cannot
be a unit since 0 · v = 0 = 1; thus the only units in Z are ±1.
Exercises
1. Prove that, for a, b, and c ∈ Z, a > b and c > 0 =⇒ ac > bc (part 3 of

Proposition 2).
2. Given a, b ∈ N, we have a > b ⇐⇒ a2 > b2 (part 6 of Proposition 2).
3. Suppose S ⊆ Z[i] is closed under addition and multiplication, and that Z[i]
has trichotomy: for any non-zero z ∈ Z[i], z ∈ S or −z ∈ S (but not both).
By considering the numbers 1, −1, i, and −i, show that the existence of such
a subset S is impossible.
4. Suppose that an integer n can be written in the form n = a2 + b2 , where a,

b ∈ Z.
(a) Prove that n ≥ 0.

(b) Prove that n = 0 ⇐⇒ a = b = 0.
(c) Show that if n > 0, then there are at least three other ways to write n
as a sum of squared integers.
5. Suppose that an integer n can be written in the form n = a2 − ab + b2 , where

a, b ∈ Z.
(a) Prove that n ≥ 0.

(b) Prove that n = 0 ⇐⇒ a = b = 0.
(c) Show that if n > 0, then there are at least five other ways to write n in
the form n = X 2 − XY + Y 2 , including n = b2 − b(b − a) + (b − a)2 and
n = (a − b)2 − (a − b)a + a2 .
6. Suppose that n ∈ N, and there is some interesting fact about n that makes n
unique: for example, 6 is the smallest positive integer that is the sum of its
positive proper divisors (6 = 1 + 2 + 3). Or, 2 is the only even prime (which is
not very surprising if you think about what “even” means), or, better yet, 2
is the smallest positive prime. We will call such positive integers interesting.
(a) Use the well-ordering principle to show that all positive integers are
interesting.
4. Proofs by induction 13
(b) Make a list like that below, and continue it as far as you can
n Interesting fact about n

1 additive identity for Z
2 smallest positive prime integer
3 smallest positive integer that is not a sum of squares, a2 + b2
4 smallest positive composite integer
5 smallest positive integer that is the sum of distinct positive
squares: 5 = 12 + 22
6 smallest positive integer that is the sum of its positive proper
divisors (6 = 1 + 2 + 3)
7 smallest positive prime of the form 1 + 6k
8
...
You may find it fun (or “interesting”) to update this list (and make it
longer) as you progress through this book.
4 Proofs by induction
The well-ordering principle allows us to prove facts about N by induction. For

example, suppose I ask you to prove that every positive integer can be written as
the sum of four squares:
1 = 12 + 02 + 02 + 02
2 = 12 + 12 + 02 + 02
3 = 12 + 12 + 12 + 02
4 = 12 + 12 + 12 + 12 or 22 + 02 + 02 + 02
5 = 22 + 12 + 02 + 02
...
97 = 82 + 52 + 22 + 22
...
How can you prove it? You have to give a rule for each number, and that might be
hard. However, suppose you know that
(a) You can do it for 1.
(b) If you can do it for k in N, you can do it for k + 1.
Then you know that you can do it for every element of N. For example, to show
that you can do it for 8, you use rule (a) once and rule (b) seven times.
Example. Suppose I want to prove that, for n ∈ N,

1 1 1 1 1
1+ + + + ···+ n = 2 − n.
2 4 8 2 2
First I prove it for n = 1:

1 3 1 1 3
1+ = and 2− = 2− =
2 2 21 2 2
so when n = 1 both sides are equal. Now suppose it is true for n = k. Then
1 1 1 1 1
1+ + + + ··· + k = 2 − k.
2 4 8 2 2
1
If we add 2k+1
to each side, we get
1 1 1 1 1 1 1
1+ + + + · · · + k + k+1 = 2− k
+ k+1
2 4 8 2 2 2 2
2 1
= 2 − k+1 + k+1
2 2
1
= 2 − k+1 ,
2
which is what we wanted to prove—this is the formula when n = k + 1. We have
just completed our first proof by induction.
This was a simple case of the general formula
ar n+1 − a
a + ar + ar 2 + ar 3 + · · · + ar n = for r = 1, n ∈ N, and a ∈ C.
r−1
Suppose we want to prove this. When n = 1 the right-hand side becomes
ar 2 − a a(r 2 − 1) a(r − 1)(r + 1)

= = = a(r + 1) = a + ar,
r−1 r−1 r−1
which is what the left-hand side is for n = 1. So the first step is finished. Now
suppose the formula is true for n = k; we will try to prove it for n = k + 1. Starting
with
ar k+1 − a
a + ar + ar 2 + ar 3 + · · · + ar k = ,
r−1
we add ar k+1 to both sides to get
ar k+1 − a
a + ar + ar 2 + ar 3 + · · · + ar k + ar k+1 = + ar k+1
r−1
ar k+1 − a ar k+2 − ar k+1
= +
r−1 r−1
ar k+2
−a
= ,
r−1
which is the correct formula for n = k + 1, so we are done. You may have seen
this formula in calculus; or had it applied to your money, if you’ve ever taken out
a loan, or put money in something like a retirement account.
How does proof by induction rely on the well-ordering principle? We can rephrase
what we are doing above as follows: Let S ⊆ N be the set of numbers n for which
the statement doesn’t hold (the set of counterexamples). Assume that S is non-
empty. Then S has a smallest element; call it s0 . The integer s0 represents the
smallest counterexample. Our first step shows that 1 = s0 . Thus we may write
s0 = k + 1, where k ∈ N (here we are using part 4 of Proposition 2). What we
are trying to prove must be true for the integer k, since s0 > k represents the
smallest counterexample. But then we show that “true for k” implies “true for
k + 1 = s0 .” This contradiction shows that our assumption is false: S must be
empty, and there are no counterexamples. Thus every proof by induction is in
fact a proof by contradiction, applying the well-ordering principle to the set of
counter-examples.
There is a variant of this called strong induction. Here the steps are
(a) It’s true for 1.

(b) It’s true for k + 1 if it’s true for all numbers between 1 and k.
This is just a more powerful version—here we need all the statements before the
(k + 1)st to be true, not just the most recent one. One might be able to prove that
every positive integer can be written as the sum of four squares using Strong In-
duction; it would be much harder (or impossible) to prove using simple (or “weak”)
induction.
Example. We will show that 7n has ones digit

7 if n is of the form 4k + 1
1 if n is of the form 4k.
Note that 71 = 7, 72 = 49, 73 = 343, and 74 = 2401. We thus have shown that the
statement is true for n = 1, 2, 3, and 4. So we will assume the statement is true for
n = 1, 2, 3, . . . , N , with N ≥ 4. Now we have four cases to deal with: N could be of
the form 4k, 4k +1, 4k +2, or 4k +3. That means N +1 could be of the form 4k +1,
4k + 2, 4k + 3, or 4k + 4 = 4(k + 1). We deal with each case separately: if N + 1 =
4k + 1, then 7N +1 = 7N · 7 = (10M + 1)7 by hypothesis, so 7N +1 = 10(7M ) + 7 has
ones digit 7, as was to be proved. If N +1 = 4k+2, then 7N +1 = 7N ·7 = (10M +7)7
by hypothesis, so 7N +1 = 10(7M ) + 49 = 10(7M + 4) + 9 has ones digit 9, as was
to be proved. If N + 1 = 4k + 3, then 7N +1 = 7N · 7 = (10M + 9)7 by hypothesis,
so 7N +1 = 10(7M ) + 63 = 10(7M + 6) + 3 has ones digit 3, as was to be proved.
And, finally, if N + 1 = 4(k + 1) = 4n + 4, then 7N +1 = 7N · 7 = (10M + 3)7 by
hypothesis, so 7N +1 = 10(7M ) + 21 = 10(7M + 2) + 1 has ones digit 1, as was to
be proved.
Exercises
1. Use induction to show that the ones digit of 6n (for n ∈ N) is a 6.
∞
2. Use induction and integration by parts to show that xn e−x dx = n!.
0
3. Use induction to show that cos(nx) may be written as a polynomial in cos(x)

with integer coefficients.
4. (a) Use induction to show that 7n has last two digits
01 if n is of the form 4k
···7
(b) Let an = 77 , where there are n 7s in the expression. Use induction to
show that an has units digit 7 if n = 1, and 3 if n > 1.
5. What is wrong with the following proof by induction?
Proposition: All horses are the same color.
Proof: By (strong) induction on the number of horses.
Base cases: This is clearly true if there are zero horses. It is also clearly true
if there is only one horse.
Assume it is true for any group of k horses (or smaller).
Inductive step: Suppose we have a group of k + 1 horses. Choose one, call
it Trigger. The group, minus Trigger, has only k horses, so those horses are
all the same color by assumption. Now choose another horse, call it Silver.
The group, minus Silver (but including Trigger), has k horses again, and so
they are all the same color by assumption. The overlap, k − 1 horses, are also
all of the same color by assumption. Therefore, any group of horses are the
same color. Since there are a finite number of horses in the world, they must
all be of the same color.
6. Prove that for n ≥ 1,

n
1 2
k5 = n (n + 1)2 (2n2 + 2n − 1).
12
k=1
n
7. Prove that for n ≥ 1, (2k − 1)3 = n2 (2n2 − 1). (You are adding up the
k=1
cubes of the first n odd integers.)
8. In the Towers of Hanoi problem, there are three dowels and n disks that must
be transferred from the left dowel to the right dowel (see Figure 2). Disks
may only be moved one at a time, from one dowel to any other dowel, and
disks may only be placed on top of larger disks, not smaller ones. At the start,
there are n disks, each of a different radius, stacked on top of one another on
the left dowel, with the sizes decreasing as you go up the tower. Use induction
to show that the n disks may be moved to the right dowel in exactly 2n − 1
moves.
Figure 2: Towers of Hanoi, for Exercise 8
9. In the text we showed that

n
ar n+1 − a
a + ar + ar 2 + ar 3 + · · · + ar n = ar k = .
r−1
k=0
Take limits to show that

∞

a
ar k = ,
1−r
k=0
so long as |r| < 1. Why is the condition |r| < 1 necessary? These two formulas
are called the finite geometric sum and the geometric series, respectively.
10. Given a set S, we define |S| to be the number of elements in it; thus |{a}| = 1,
|{a, b, c, d}| = 4, |{}| = 0, and |Z| = ∞.
(a) Show that |A ∪ B| = |A| + |B| − |A ∩ B|.

(b) Show that |A ∪ B ∪ C| = |A| + |B| + |C| − |A ∩ B| − |A ∩ C| − |B ∩ C| +
|A ∩ B ∩ C|.
(c) Given a finite number n of sets A 1 , A2 , A3 , . . . An , give an expression
n

for the size of their union, Ai . This expression is sometimes called

i=1
the Inclusion-Exclusion Principle.
(d) Given a set A that is a subset of some universal set U , we denote the
complement of A by A, with the definition
A := U \ A = {u ∈ U : u ∈ A}.
Give an expression for the number of elements n of U that are not in any

of the Ai s; that is, give an expression for Ai . This is another form

i=1
of the Inclusion-Exclusion Principle. We use the first expression when
the sets Ai define properties we want our elements to have; when the
sets Ai define properties we do not want our elements to have, we use
the second expression.
3n+1
11. Use induction to show that xn = is a solution to the recurrence relation
2n−1
10xn+1 − 15xn = 0
with x0 = 6.
A B A B
C C
Figure 3: Three- and four-set Venn diagrams
12. Use induction to show that xn = 5 · 6n − 4n is a solution to the recurrence

relation
xn+2 − 10xn+1 + 24xn = 0
with x0 = 4 and x1 = 26.
For extra credit, use generating functions to show this in a different way.
13. Let n be a fixed positive integer. How many ways are there to write n as a
sum of positive integers,
n = a1 + a2 + a3 + · · · + ak ,
with k an arbitrary positive integer and a1 ≤ a2 ≤ a3 ≤ · · · ≤ ak ≤ a1 + 1?

For example, with n = 4, there are four ways: 4, 2 + 2, 1 + 1 + 2, 1 + 1 + 1 + 1.
14. A sequence is defined by a1 = 2 and an = 3an−1 + 1. Find the sum a1 + a2 +

a3 + · · · + an .
1
15. Let f0 (x) = and fn (x) = f0 (fn−1 (x)) for n = 1, 2, 3, . . . . Evaluate
1−x
f2017 (2018).
5 The binomial theorem
Now we need some more notation: for n ∈ W, we define n!, pronounced “n facto-
rial,” as

1 if n = 0
n! =
n · (n − 1)! else,
5. The binomial theorem 19
so
0! = 1
1! = 1
2! = 2
3! = 6
4! = 24
5! = 120
...
15! = 1, 307, 674, 368, 000
...
65! ≈ 8.247 × 1090 .
One of the most common uses of factorials is to define the binomial coefficients.
Thereason for this name will be made clear soon. A binomial coefficient is written

n
and pronounced “n choose k.” It is defined (for n ∈ N and 0 ≤ k ≤ n)
k
as the number of distinct waysofchoosing a subset of size k out of a set of n
4
(distinguishable) objects. Thus = 6 because out of the set {a, b, c, d} we may
2
5
choose {a, b}, {a, c}, {a, d}, {b, c}, {b, d}, or {c, d}. Similarly, = 10. It is pretty
3
n n n
easy to see that = 1, = 1, and = n straight from the definition. A
0 n 1
n n
little thought should convince you that = , since choosing a subset of
k n−k
n
size k is the same as choosing the complement, of size n − k. Note also that
k
is always a positive integer.

n
So how might we calculate for other values of n and k? If we choose 1 person
k
out of this class, we clearly have n choices. If we choose 2, we have n choices for the
first person and n − 1 choices for the second, but now we have let order matter—
since we could have chosen in the other order, we have counted each outcome twice.
We must therefore divide by two. We have just proven that

n n(n − 1)
= .
2 2

n
What about ? Is it n(n − 1)(n − 2) or n(n−1)(n−2)
2! or something else? You
3
n n(n − 1)(n − 2) · · · (n − k + 1)
should convince yourself that = since n(n −
k k!
1)(n − 2) · · · (n − k + 1) is the number of ways to choose k objects, but the k! in the
denominator takes care of the fact that the order in which the objects are chosen
doesn’t matter. We can rewrite the above in a clever way by seeing that
n! = n(n − 1)(n − 2) · · · (n − k + 1)((n − k)!)

so
n!
n(n − 1)(n − 2) · · · (n − k + 1) = .
(n − k)!
Thus
n n!
= .
k k!(n − k)!
One other formula turns
out to be very handy when dealing with binomial coeffi-
n
cients: it relates to other binomial coefficients. Thus suppose we have a set,
k
S, of size n, with n ∈ N, and we label one of the elements of this set Beth. When
we choose a subset of size k out of the set S, we will either choose the element
labeled Beth, or we won’t.If we do choose Beth, then we need to make k − 1 other
n−1
choices, and so there are ways to choose a subset of size k that contains
k−1
n−1
Beth. On the other hand, there are ways to choose a subset of size k that
k
does not contain Beth. Thus there are

n−1 n−1
+
k−1 k
ways to choose this subset, and we have thus proven the formula

n n−1 n−1
= + .
k k−1 k

n+1 n n
We can rewrite this as = + .
k k k−1
We often seebinomial coefficients formed into a triangle, called Pascal’s Trian-

n
gle with being the kth entry in the nth row (provided one always starts by
k
counting “zero, one, two, three, . . . ”). The rule above shows that entries in the
triangle can be calculated by adding the two entries (diagonally) above the entry
in question. See Figure 4.

n
The reason is called a binomial coefficient is that these integers come up in
k
Theorem 1 (The binomial theorem) Let R be a ring. If x, y ∈ R and xy = yx,

then for n ∈ N,

n
n n n−k k
(x + y) = x y .
k
k=0
We will prove this theorem in two ways. The first is combinatorial.
Proof . When we multiply out (x + y)n , we get many terms, each of which looks
like
x(power) · y (another power) .
Figure 4: Pascal’s triangle
If you think about how you would use the distributive law to multiply out
(x + y)(x + y)(x + y) · · · (x + y)
you should be able to see that each termwill

have n letters in it, each of which is
n
either x or y. And we will get precisely terms that have k xs and thus n − k
k
n k n−k
ys. Thus we get x y , and k ranges from k = 0 (no xs, all ys) to k = n (all
k
xs, no ys).
The second is by induction on n.
Proof . When n = 1 the right-hand side is
1

1 1−k k 1 1 0 1 0 1
x y = x y + x y = x + y.
k 0 1
k=0
This is what the left-hand side is for n = 1, so we assume the theorem is true for
n ≥ 1 and try to prove it for n + 1:

n
n n−k k
(x + y)n+1 = (x + y)(x + y)n = (x + y) x y
k
k=0

n n
n n+1−k k
n n−k k+1
= x y + x y
k k
k=0 k=0

n n+1
n n+1−k k
n
= x y + xn−j+1 y j (letting j = k + 1)
k j=1
j − 1
k=0
n n
n n+1 0
n n+1−k k
n
= x y + x y + xn−j+1 y j
0 k j=1
j − 1
k=1

n 0 n+1
+ x y
n
n

n n
n+1 0 n+1−k k
=x y + + x y + x0 y n+1
k k−1
k=1
n

n + 1
n+1 0 n+1−k k
=x y + x y + x0 y n+1
k
k=1

n+1
n+1
= xn+1−k y k ,
k
k=0
which is the correct formula for n + 1 so we are done.
Example. To expand (3 − 2x)5 we get

5 5 5 4 5
3 + (3 )(−2x) + (33 )(−2x)2
0 1 2

5 5 5
+ (32 )(−2x)3 + (3)(−2x)4 + (−2x)5 ,
3 4 5
which equals
1 · 35 + 5(34 )(−2x) + 10(33 )(−2x)2 + 10(32 )(−2x)3 + 5(3)(−2x)4 + 1(−2x)5 ,
which equals
243 − 810x + 1080x2 − 720x3 + 240x4 − 32x5 .
Exercises
1. You will do several calculation in the Gaussian integers, Z[i]: calculate
(a) (4 + 5i) + (3 − 6i)

(b) (4 + 5i)(3 − 6i)
(c) (2 + i)3
(d) (3 + 2i)5
3 + 4i
(e) . This may not be an element of Z[i], since Z[i] is not a field,
2 + 3i
though it is definitely in C since C is a field and you can always divide
in a field (except by zero). Can you be more specific about where the
answer is (in what ring it lives)? Is that ring a field or not?
√
2. Let ρ = − 12 + 3
2 i ∈ C.
(a) Verify that ρ3 = 1.
(b) Verify that ρ satisfies the equation x2 + x + 1 = 0.
(c) Verify that ρ is on the unit circle in C.
3. Prove that for 0 ≤ k ≤ m ≤ n,

n n−k n m
= .
k m−k m k
4. Prove that n

n
= 2n .
j=0
j
5. Prove that

n
n
(−1)j = 0.
j=0
j
6. Prove that

n
n
2j = 3n .
j=0
j
7. Prove that
2n 1 · 3 · 5 · · · (2n − 1) n
= 2 .
n n!
8. Prove that
4n 1 · 3 · 5 · · · (4n − 1) 2n
= .
2n [1 · 3 · 5 · · · (2n − 1)]2 n
9. Prove that

4n (2n + 1)(2n + 3)(2n + 5) · · · (4n − 1) n
= 2 .
2n n!
10. Prove that for 0 ≤ m ≤ n,

m
n m n−m
= .
k j=0
j k−j
What does this formula say when m = 1?

11. Prove that for 0 ≤ m ≤ n,

n

m n+1
= .
k k+1
m=k

n
n n+1 n+2 n+3 n+n n+j
+ + + +· · ·+ = = F2n+1 ,
0 2 4 6 2n j=0
2j
where Fn is the nth Fibonacci number, defined by F1 = F2 = 1, and Fn+1 =

Fn + Fn−1 for n ≥ 2.
13. (a) Show that the Fibonacci numbers, defined in Exercise 12, satisfy Binet’s
formula: √ n √ n
1 1+ 5 1− 5
Fn = √ −
5 2 2
for all n ∈ N. √
1+ 5
(b) Let ω = . Show that the formula can be simplified to Fn =
n 2
ω
round √ 5
.
14. Show that the Fibonacci numbers, defined in Exercise 12, satisfy
Fk−1 Fk+1 − Fk2 = (−1)k
for all k ≥ 2.
15. Find the sum of the coefficients in the expansion of (3x2 + x − 2)2017 .
1
16. Suppose that x is a real number such that x + is an integer. Prove that
x
1
x2017 + 2017 is an integer.
x

n
n n+1 n+2 n+3 j n+j
− + − ± ··· = (−1)
0 2 4 6 j=0
2j
2 π
= √ sin (n + 2) .
3 3
(This last expression is a way of saying “repeats the values 1, 0, −1, −1, 0,
1, over and over again, with period six”.)
18. Let d be a square-free integer (that is, m ∈ Z and m > 1 =⇒ m2 /|d). We
then have the ring
√ √
Z[ d] = {a + b d ∈ C : a and b are in Z} ⊂ C.
√ √
We define the conjugate function j : Z[ d] → Z[ d] by
√ √
j(a + b d) = a − b d,
√
and we define the norm function N : Z[ d] → Z by N (z) = z · j(z), so
√ √ √
N (a + b d) = (a + b d)(a − b d) = a2 − db2 .
√
(a) Prove that for any z1 and z2 in Z[ d], j(z1 · z2 ) = j(z1 ) · j(z2 ).
√
(b) Prove that for any z1 and z2 in Z[ d], N (z1 · z2 ) = N (z1 ) · N (z2 ).
√
(c) Can you draw Z[ d] when d = 2? What are the difficulties?
(d) What is the geometric significance of N when d = −1?
√
(e) List all the elements of Z[i] (which is the same as Z[ −1]) with norm
less than 35, and draw a picture of what you have found. Hint: Group
them by norm—which element(s), if any, have norm 0? norm 1? norm
2? norm 3? etc. How does this relate to your picture?
19. Suppose that for z ∈ Z[i] we have N (z) = p, where p is a prime in Z.
(a) Prove that z is a prime in Z[i].
(b) Eight examples of primes in Z[i] are ±2 ± i and ±1 ± 2i, all of which
have norm 5. Give some other examples of primes in Z[i].
√
20. Suppose that for z ∈ Z[ d] we have N (z) = p, where p is a prime in Z.
√
(a) Prove that z is a prime in Z[ d].
√ √ √
(b) Sixteen examples of primes in Z[ √ 2] are ±2 ± 2√and ±10 ± 7 2, all
of which have norm 2, and ±1 ± 2 2 and ±5 ± 4 2, √ all of which have
norm −7. Give some other examples of primes in Z[ 2].
√
(c) Give some examples of primes in Z[ 3].
√
(d) Give some examples of primes in Z[ −3].
21. Suppose ρ ∈ C is such that ρ3 = 1, ρ = 1 (ρ is called a cube root of unity).
Since x3 − 1 = √(x − 1)(x2 + x + 1), conclude that ρ2 + ρ + 1 = 0, and thus
that ρ = − 12 ± 23 i. We define
√
1 3
ρ=− + i.
2 2
We thus have the ring
Z[ρ] = {a + bρ ∈ C : a, b ∈ Z},
with addition defined by (a+bρ)+(c+dρ) = (a+c)+(b+d)ρ and multiplication

defined by
(a + bρ) · (c + dρ) = ac + (bc + ad)ρ + bdρ2

= ac + (bc + ad)ρ + bd(−1 − ρ)
= (ac − bd) + (bc − bd + ad)ρ.
This ring is sometimes called the ring of Eisenstein integers, or the ring of
Eulerian integers. The ring Z[ρ] has a norm function, N : Z[ρ] → Z, defined
by
N (a + bρ) = (a + bρ)(a + bρ2 ).
√
(a) Show that Z[ −3] ⊆ Z[ρ].
√ √
(b) Show that z ∈ Z[ρ] ⇐⇒ (z ∈ Z[ −3]) or (z − ρ ∈ Z[ −3]).
(c) Show that N (a+bρ) = a2 −ab+b2 , and that this norm is positive-definite.
(d) Show that the norm function defined above always gives the square of
the distance from the point a + bρ ∈ C to the origin. In this way the
norm in Z[ρ] is exactly the same as the norm in Z[i].
(e) Show that N (z · w) = N (z) · N (w) for all z, w ∈ Z[ρ].
Hint: it is easier, and more general, to show that the conjugate of a
product is the product of the conjugates. Thus show that (a + bρ)(c +
dρ) = m + nρ =⇒ (a + bρ2 )(c + dρ2 ) = m + nρ2 , then explain what
that implies about norms.
(f) Find all the units in Z[ρ].
(g) Suppose that for z ∈ Z[ρ] we have N (z) = p, where p is a prime in Z.
i. Prove that z is a prime in Z[ρ].
ii. Give four examples of primes in Z[ρ].
22. This exercise generalizes Exercise 21.
√
Let d be an integer of the form d =
−1+ d
1 + 4k, with k ∈ Z. Define D = 2 .
√
(a) Show that Z[D] = Z 1+2 d .
(b) Show that D is a root of the polynomial x2 + x + 1−d
4 .

(c) Show that (a + bD)(r + sD) = ar + 4 bs + (br + as − bs)D.
d−1
(d) Define conjugation as a map j : Z[D] → Z[D] given by j(a + bD) =

(a − b) − bD. Show that
j(z + w) = j(z) + j(w) and j(z · w) = j(z) · j(w)
for all z, w ∈ Z[D].

(e) Define the norm function, N : Z[D] → Z by N (z) = z · j(z). Show that
N (a + bD) = a2 − ab + 1−d
4 b , and that N (z · w) = N (z)N (w) for all z,
2
w ∈ Z[D].
(f) Show that if d < 0, N (z) is the square of the geometric distance from
the point z ∈ C to the origin.
For the factor d−1
4 to be an integer d = 1 + 4k is necessary; a more important
reason is discussed in Exercise 9, page 144.
6 The fundamental theorem of arithmetic (fore-

shadowing)
Our goal in the next few sections is to prove, understand, and use the fundamental
theorem of arithmetic: Any integer n = 0, ±1, can be written as
k
n = ±pe11 pe22 pe33 · · · pekk = ± pei i ,
i=1
where the pi are distinct positive primes, k ∈ N is the number of distinct prime
factors of n, and each ei ∈ N. This factorization is unique up to reordering of the
primes pi .
6. The fundamental theorem of arithmetic (foreshadowing) 27
We left out the special cases where n is the additive identity and the only two units
in Z, ±1. We will later try to come up with a similar theorem for Z[i], and see if all
non-zero, non-unit elements of Z[i] can be factored uniquely as products of primes
in Z[i]. So we need to get a feel for what the units are, what the primes are, and
how to factor in Z[i]. There is also a problem with order , since “positive primes”
√
√ sense in Z[i]. After that we will look at other rings, notably Z[ 2]
won’t make any
and other Z[ d], to see if they have unique factorization also, and to look at the
nature of the units and certain other properties of primes, such as how they are
distributed.
A major tool in our proof of the fundamental theorem of arithmetic will be the
division algorithm.
Theorem 2 (Division Algorithm) Given integers a and b, with b = 0, there

exist unique integers q (the quotient) and r (the remainder) with
a = bq + r and 0 ≤ r < |b|.
There is an important proof of this theorem, based on set theory, which we write
later (and then use the same method to prove other theorems); right now I will
give a more intuitive, geometric, but non-rigorous explanation. It is not rigorous
because our axioms don’t mention geometry at all; however, the picture may help
you to visualize the division algorithm.
We have the real line, and we can put the multiples of b on it like so:
Near a we have a picture like:
so we have qb ≤ a < qb + |b| = b(q ± 1). Thus if we let r = a − qb we get
a = qb + r,
and since a is one of the numbers in {qb, qb + 1, qb + 2, . . . , qb + |b| − 1} we must

have that r = a − qb is in the set
{0, 1, 2, . . . , |b| − 1}.
Thus 0 ≤ r ≤ |b| − 1 so we must have 0 ≤ r < |b|.
Now we give a formal proof.
Proof . We will show the existence of q and r first.

Suppose there exists a q ∈ Z such that a = bq. Then we let r = 0 and we are
done. Otherwise, b does not divide a evenly. For technical reasons, we will now use
trichotomy on a and three cases.
• If a = 0 then we may let q = r = 0 and the conditions are satisfied.
• If a > 0 then we form the set
S = {a − bt ∈ N : where t ∈ Z}.
By construction, this set is subset of N, and t = 0 corresponds to a, a positive

integer, so S is a non-empty subset of N. Thus we may apply the well-
ordering principle and define r to be the smallest element of S. Thus r is
of the form r = a − bt0 for some integer t0 , and defining q = t0 gives us
r = a − bq, or a = bq + r, as desired. Now consider the number r − |b|. We
have r − |b| = a − bq − |b| = a − b(q ± 1) = a − bt1 , so r − |b| has the correct
form to be an element of S. Since r − |b| < r, the smallest element of S, we
must have r − |b| ∈ N, so r − |b| ≤ 0. Now r = |b| =⇒ a = bq + |b| = b(q ± 1),
and since we have ruled that case out, we must have r − |b| < 0, so r < |b|;
therefore 0 < r < |b| and we have shown that the required q and r exist in
the case a > 0.
• If a < 0, then we will use the case above, applied to −a, to find −a = bq1 + r1 ,
so a = b(−q1 ) + (−r1 ) = b(−q1 ± 1) + (|b| − r1 ), with q1 ∈ Z and 0 < r1 < |b|.
But then −q1 ± 1 ∈ Z also, and 0 < |b| − r1 < |b|, so if we let q = −q1 ± 1 and
r = |b| − r1 we have found the requisite q and r.
Now that we have shown the existence of q and r, the hard work is done, and
showing uniqueness is fairly straightforward. Suppose a = bq2 + r2 = bq3 + r3 are
two ways to represent a, with 0 ≤ r2 < |b| and 0 ≤ r3 < |b|. Rearranging, we get
r3 − r2 = (a − bq3 ) − (a − bq2 ) = b(q2 − q3 ). Since q2 − q3 ∈ N, we see that r3 − r2 is
a multiple of b. Furthermore, since −|b| < r3 − r2 < |b|, and the only multiple of b
between −|b| and |b| is zero (here we are using part 4 of Proposition 2 on page 11),
we must have r3 − r2 = 0. Thus b(q2 − q3 ) = 0, and since b = 0 we have q2 − q3 = 0.
Thus we have proven that q2 = q3 , and r2 = r3 , so we have shown that the division
algorithm gives a unique q and a unique r.
Definition 7 Suppose n ∈ Z. If n can be written as n = 2k, for some k ∈ Z, we

say n is even; otherwise we say n is odd.
Exercises
1. (a) Use the division algorithm to show that every odd integer can be written
as n = 2j + 1 for some j ∈ Z.
(b) Prove that for n ∈ Z,
n is odd =⇒ n2 can be written as 1 + 8m.

7. Divisibility 29
(c) Prove that for n ∈ Z,

n2 can be written as 1 + 8m =⇒ n is odd.
2. Show that every integer falls into one of four categories:

even n is even.
threven n can be written in the form n = 3k for some k ∈ Z.
plus one n can be written in the form n = 6r + 1 for some r ∈ Z.
plus five n can be written in the form n = 6s + 5 for some s ∈ Z.
Are these categories disjoint?
3. Find the integers q and r guaranteed to exist by the division algorithm if
(a) a = 29 and b = 11
(b) a = 100 and b = 7
(c) a = 100 and b = −7
(d) a = −358 and b = −16
(e) a = 84 and b = 24
(f) a = 0 and b = 52
(g) a = −65 and b = 8
4. Show that every odd integer n can be written as n = 4k + 1 or as n = 4k + 3
for some integer k.
5. Suppose we are given integers a and b, and we calculate q and r such that
a = bq + r with 0 ≤ r < |b|. Now we run the division algorithm on −a and b.
What are the new integers Q and R such that −a = bQ + R with 0 ≤ R < |b|?
6. Some experimentation (try dividing 2x − 3 into x3 ) will quickly show you that
the polynomial ring Z[x] does not have a division algorithm. However, the
closely associated polynomial ring Q[x] does have a division algorithm. State
this fact precisely.
7 Divisibility
Next we shall look at divisibility, which is the property that b divides a, written
b|a. We have the
Definition 8 If a and b are integers, then we write b|a if a = bq for some q ∈ Z.

This is the same as saying r = 0 in the division algorithm: there is no remainder.
This is a relationship between two numbers, not an operation: it is a statement

that is true or false (like a < b), not a way of combining two numbers to get a third
(like a + b). The statement 3|6 is true because 63 = 2 is an integer; −5/|6 is true
because 6 is not an integer multiple of −5.
We have the following properties:

Proposition 3 Let a, b, c, and d be integers. Then
1. a|0, 1|a, and a|a.

2. a|1 ⇐⇒ a = ±1.
3. a|b and b|c =⇒ a|c.
4. a|b and b|a ⇐⇒ a = ±b.
5. a|b and c|d =⇒ ac|bd.
6. a|b and b = 0 =⇒ |a| ≤ |b|.
7. a|b and a|c =⇒ a|(bx + cy) for any integers x and y.
We will prove 7 now, and then show how 4 follows from 2. We proved 2 earlier; do
you see where?
Proof . For 7, we have a|b =⇒ b = am for some m ∈ Z, and a|c =⇒ c = an for

some n ∈ Z. Thus bx + cy = (am)x + (an)y = a(mx) + a(ny) = a(mx + ny) so
a|(bx + cy) and we are done. We used the associative and distributive properties
of the integers, as well as closure under addition and multiplication, since we must
assert that mx + ny is an integer to complete the proof.
To prove 4 from 2, a|b and b|a imply that b = au and a = bv for some integers u and
v. Thus a = bv = auv so 0 = a − auv = a(1 − uv), so (here we use Proposition 1,
that Z has no zero-divisors) we see that a = 0 or 1 − uv = 0. If a = 0 then
b = au = 0 · u = 0 and we are done, since ±0 = 0. Otherwise, we get uv = 1, so v|1
and we use 2 to assert that v = ±1, in which case a = bv = b(±1) = ±b.
Exercises
1. Prove parts 1, 3, and 5 of Proposition 3.
2. Prove part 6 of Proposition 3.
3. Prove that for all a, b ∈ Z, a|b ⇐⇒ (−a)|b ⇐⇒ a|(−b) ⇐⇒ (−a)|(−b).
4. Show that for all n ∈ Z, 6|n(n + 1)(2n + 1).
5. Suppose k ∈ N. Show that k!|(n(n − 1)(n − 2) · · · (n − k + 1)) for any n ≥ k.
Is this true for all n ∈ Z?
6. Recall the Fibonacci numbers, Fn (Exercise 12 on page 24).
(a) Show that 5|Fn ⇐⇒ 5|n.
(b) Give a criterion for when 2|Fn .
(c) Give a criterion for when 3|Fn .
(d) Give a criterion for when 7|Fn .
(e) Conjecture a criterion (condition(s) on m, n) for when Fm |Fn .
8. Greatest common divisors 31
7. Here is a definition for divisibility in Z[i]:
Definition 9 For z and w in Z[i], we write z|w and say that z divides w if
there exists a v in Z[i] such that
z · v = w.
In other words, if z = a + bi and w = r + si and if
(a + bi)(c + di) = r + si
for some c + di = v ∈ Z[i], then we write (a + bi)|(r + si) (and, in fact,

(c + di)|(r + si)).
Determine whether
(a) (1 + i)|(−3 − i)
(b) (1 + 2i)|(5 − 15i)
(c) (1 − 2i)|(3 − 4i)
(d) 2|(4 − 7i)
(e) (5 + i)|17
(f) (1 + 4i)|85.
(g) (2 − i)|(2 − 11i)
8. Suppose a + bi ∈ Z[i] and c ∈ Z.
(a) Under what conditions is it true that c|(a + bi) (in Z[i])? Give conditions
on the integers a, b, and c.
(b) Under what conditions is it true that (a + bi)|c (in Z[i])? Give conditions
on the integers a, b, and c.
√ √
9. Suppose a + b d ∈ Z[ d], and c ∈ Z.
√ √

(a) Under what conditions is it true that c (a + b d) (in Z[ d])? Give
conditions on the integers a, b, c, and d.
√ √
(b) Under what conditions is it true that (a + b d) c (in Z[ d])? Give
conditions on the integers a, b, c, and d.
10. Using the definition of divisibility (in Z[i]) defined in Exercise 7, show that
(2 + 5i) |(−11 + 13i). If you try to divide, what is the best quotient to use?
What remainder is left?
8 Greatest common divisors
Now we want to define the greatest common divisor , d, of two integers a and b.
How should we? Certainly, we want d|a and d|b, but what else? If c|a and c|b, then
|c| ≤ d? In rings besides Z we don’t have order, so we won’t be able to use this
definition elsewhere. Let’s look at some examples: what is the greatest common
divisor of
1. 4 and 6?
2. 14 and 15?
3. −12 and 18?
4. 105 and 44?
5. 203567 and 765302?
We can calculate in our heads that the first three answers are , , and
(answers left to the reader). Since 105 = 3 · 5 · 7 and 44 = 22 · 11, we see that
the greatest common divisor of 105 and 44 is 1. (We are using the fundamental
theorem of arithmetic here, before we prove it!) But how do we find the last answer?
Before we do that, I want you to notice the following: the common divisors of 4
and 6 are ±1, ±2, and the greatest common divisor is 2. The common divisors of
14 and 15 are ±1, and the greatest common divisor is 1. The common divisors of
−12 and 18 are ±1, ±2, ±3, and ±6, and the greatest common divisor is 6. What
do you notice? It appears that we can make
Definition 10 The greatest common divisor, or GCD, of integers a and b is de-

noted by (a, b). If d = (a, b), then the integer d must satisfy
1. d ≥ 0
2. d|a and d|b
3. if c|a and c|b then c|d.
Let’s examine some special cases. What is (1, n) for any integer n? What is (0, n)?
What is (0, 0)? What is (n, n)? Does the definition cover all the cases? Are we
confident that the GCD always exists? Could we have a pair of integers whose set
of common divisors is, for example {±1, ±3, ±4, ±6}? It turns out that every pair
of integers does have a GCD, but that is not yet obvious.
Exercises
1. Find the following greatest common divisors:
(a) (29, 11)
(b) (100, 7)
(c) (−359, −16)
2. If a, b ∈ Z, find the greatest common divisors: (0, 0), (a, 0), (a, 1), (a, a), and
(a, ab).
3. Show that for integers a, b, and c, we have (ab, ac) = |a|(b, c).
4. Let (a, b) = 1. Show that (a + b, a − b) = 1 or 2. When is this GCD 1? When
is it 2?
9. The Euclidean algorithm 33

a b d
5. For integers a, b, and c, let d = (a, b). Show that if c|d, then , = .
c c c
6. (a) Write a definition of the least common multiple of two integers, a and b.
We will designate this least common multiple as [a, b].
(b) Prove that for integers a and b, we have (a, b)[a, b] = |ab|.
9 The Euclidean algorithm
Suppose we want to find

d = (60, 34).
What is d? How did you get it? Notice that
60 = 34 · q + r
60 = 34 · 1 + 26
34 = 26 · 1 + 8
26 = 8·3+ 2
8 = 2·4+0
We get that (60, 34) = 2. Let’s try to find (104, 39):
104 = 39 · 2 + 26
39 = 26 · 1 + 13
26 = 13 · 2 + 0
So (104, 39) = 13. Try (105, 44):
105 = 44 · 2 + 17
44 = 17 · 2 + 10
17 = 10 · 1 + 7
10 = 7·1+3
7 = 3·2+ 1
3 = 1·3+0
Hence (105, 44) = 1.
In general, repeated use of the division algorithm is known as the Euclidean algo-
rithm: Given integers a and b with b = 0, we repeatedly apply the division algorithm
and produce
a = b · q1 + r1 0 < r1 < |b|

b = r1 · q2 + r2 0 < r2 < r1
r1 = r2 · q3 + r3 0 < r3 < r2
...
rn−2 = rn−1 · qn + rn 0 < rn < rn−1
rn−1 = rn · qn+1 + 0.
The last step, where rn divides evenly into rn−1 , must happen eventually since the
remainders are all positive, and they are decreasing (what property of the integers
did we just use?). Also, if c|a and c|b, then c|(a − b · q1 ) = r1 , by Property 7 of
divisibility; similarly, we get c|(b − r1 · q2 ) = r2 , c|r3 , . . . , c|rn . So we have rn ≥ 0
by the first step, and now we know that c|rn . So rn satisfies the first and third
properties of a GCD. We need to know whether it satisfies rn |a and rn |b, i.e., we
need to know whether rn is a common divisor of a and b. The last equation states
that rn |rn−1 . Then looking at the equation before that we get that
rn |(rn−1 · qn + rn ) = rn−2 ,
and similarly we get that rn |rn−3 , rn |rn−4 , . . . , rn |r1 , rn |b, rn |a. Thus rn satisfies
all three properties of a GCD, so we have proven that the Euclidean algorithm
always works, and that it always produces the GCD. Furthermore, if we rearrange
the above, we get
rn = rn−2 − rn−1 qn
rn−1 = rn−3 − rn−2 qn−1
rn−2 = rn−4 − rn−3 qn−2
...
r3 = r1 − r2 q3
r2 = b − r1 q2
r1 = a − bq1 .
So rn is what is called a linear combination of rn−1 and rn−2 , that is, a sum of
terms each of which is linear in rk . Hence rn is also a linear combination of rn−2
and rn−3 , . . . , and thus rn is a linear combination of a and b. That is, we can write
rn = (a, b) = ax + by for some integers x and y. Try it for the first one we did,
(60, 34) = 2:
2 = 26 + (−3)(8) = (26) + (−3)[34 + (−1)(26)]

= (−3)(34) + (4)(26) = (−3)(34) + (4)[60 + (−1)(34)]
= (4)(60) + (−7)(34).
For the second we get
13 = 39 + (−1)(26) = (39) + (−1)[104 + (−2)(39)]

= (−1)(104) + (3)(39).
We thus have the
Proposition 4 The GCD of two integers a and b always exists and may be found
by the Euclidean algorithm. Also, if (a, b) = d, then there exist integers x and y
such that d = ax + by.
Though this has already been proven above, I present here an alternate proof that
there exist integers x and y for which (a, b) = ax + by. This proof uses the Well-
Ordering Principle.
Proof . Suppose a = 0. Then (a, b) = |b| = a · 0 + b · (±1) so we are done. Now

suppose a = 0. Then we form the set of positive linear combinations of a and b: let
S = {n ∈ N : n = ax + by for some x, y ∈ Z}.
We see that a2 = a · a + b · 0 ∈ S so S is a non-empty subset of N, and thus has a
smallest element, call it n0 . We know n0 = ax0 + by0 for some integers x0 and y0 . I
claim that n0 = (a, b). To see this, note that by the division algorithm, a = n0 q + r
with 0 ≤ r < n0 . But then
r = a − n0 q = a − (ax0 + by0 )q = a(1 − x0 q) + b(−y0 q)
has the requisite form to be in the set S. Since r < n0 , r is not in S, and the only
way that can happen is if r ∈ N; thus r ≤ 0. But then we must have r = 0 since
r ≥ 0 by construction. And r = 0 implies that n0 |a. A similar proof shows that
n0 |b. Thus n0 is a common divisor of a and b. Finally, if c|a and c|b, then c divides
any linear combination of a and b, so c|n0 . Therefore n0 satisfies all the criteria to
be a greatest common divisor, so we have shown that ax0 + by0 = n0 = (a, b) = d.
Hence one way to characterize the GCD (a, b) is that it is simultaneously the small-
est positive integer that can be written as a linear combination of a and b, and the
largest positive integer that divides into both a and b.
Now suppose we are given two integers a and b, and suppose further that we can
find integers x and y such that ax + by = 1. Then since d = (a, b) divides any linear
combination of a and b, we have d|1. Thus d is a unit, and since d ≥ 0 we must
have d = 1. Thus we have a theorem:
Theorem 3 For a, b ∈ Z,
(a, b) = 1 ⇐⇒ there are x, y ∈ Z with ax + by = 1.
We will find this to be an important special case.
Note: The implication only goes both ways when (a, b) = 1. We have 3·7+5·8 = 61,
but 61 = (7, 8) (nor is 61 equal to (7, 5) or (3, 5) or (3, 8)).
Definition 11 We call integers a and b relatively prime if their only common

divisors are units; thus
a and b are relatively prime ⇐⇒ (a, b) = 1 ⇐⇒ there are x, y ∈ Z with ax + by = 1.
Furthermore, we have the following
Theorem 4 Suppose a and b are integers and d = (a, b). Then

{ax + by ∈ Z : x and y integers} = {dq : q ∈ Z};
i.e., the set of linear combinations of a and b, and the set of multiples of d, are the
same set.
This implies that d = 0 (in which case a = b = 0 also) or d is the smallest positive
integer that is a linear combination of a and b.
Proof . We know that d|a and d|b, so d|(ax + by) for any integers x and y (by
Property 7 of divisibility). Thus d divides every element of the first set, so every
element of the first set is a multiple of d; all the multiples of d are in the second
set, so we have proved that
{ax + by : x and y integers} ⊆ {dq : q ∈ Z}.
On the other hand, we know that d = ax0 + by0 for some integers x0 and y0 . Thus
dq = a(x0 q) + b(y0 q) for any integer q, so all the multiples of d are in the first set.
Thus the sets are equal.
Often we will want to actually find the x and y such that ax+by = (a, b). Reversing
the algebra as we did on page 34 is tedious, so we seek a simpler method. This will
appear in the next section. Let’s look at (29, 11):
29 7
29 = 11(2) + 7 =⇒ =2+
11 11
11 4
11 = 7(1) + 4 =⇒ =1+
7 7
7 3
7 = 4(1) + 3 =⇒ =1+
4 4
4 1
4 = 3(1) + 1 =⇒ =1+
3 3
3
3 = 1(3) + 0 =⇒ = 1.
3
So we get that (29, 11) = 1; we can now rewrite the first fraction as
29 7 1
= 2+ = 2 + 11
11 11 7
1 1
= 2+ =2+
1 + 47 1+ 1
7
4
1 1
= 2+ 1 =2+ 1
1+ 1+ 34
1+ 1+ 14
3
1
= 2+ 1 .
1+ 1+ 1
1+ 1
3
We will call such a form a continued fraction. A (finite) continued fraction is a

representation of a (rational) number x such that
1
x = a0 + 1 ,
a1 + a2 + 1
a3 + 1
..
. 1
an−1 + 1
an
where a0 ∈ Z and ai ∈ N for all i. You will see infinite continued fractions in the
future.
To make things more convenient, we’ll write

1
a0 + 1 as [a0 ; a1 , a2 , . . . , an ].
a1 + a2 + 1
a3 + 1
..
. 1
an−1 + 1
an
29
Thus 11 = [2; 1, 1, 1, 3].
You can find the continued fraction representation of a number with a calculator
if you are wary of round-off error. Just plug in 2911 , and look at the integer part,
which is 2. Subtract 2, then take a reciprocal to get the expression
1
[1; 1, 1, 3] = 1 + 1 .
1+ 1+ 13
Keep subtracting and taking reciprocals until you are done, which is when what
happens? Try 105 105
44 . You should get 44 = [2; 2, 1, 1, 2, 3]. This is essentially doing
the Euclidean algorithm. This will work with any fraction, even if pq < 0, so long
as “integer part” is correctly interpreted as “round down” for the first step. Use
this algorithm to show that
85
− = [−3; 2, 1, 10].
32
Exercises
1. (a) Find the greatest common divisor (15, 6).
(b) Find integers x and y such that 15x + 6y = (15, 6).
(c) Find two more pairs of integers x and y that satisfy 15x + 6y = (15, 6).
(d) How many solutions of the equation 15x + 6y = (15, 6) are there?
2. Find (n, 0). Does your answer change if n < 0? How many solutions are there
to nx + 0 · y = (n, 0)?
3. Find (n, 1). Does your answer change if n < 0? How many solutions are there
to nx + 1 · y = (n, 1)?
4. (a) Note that (2)(79) + (31)(−5) = 3. What is (2, 31)? (2, −5)? (79, 31)?
(79, −5)?
(b) Note that (3)(53)+(−12)(13) = 3. What is (3, −12)? (3, 13)? (53, −12)?
(53, 13)?
(c) Suppose that ax + by = 3. What can you conclude about (a, b)?
(d) Suppose that ax + by = 6. What can you conclude about (a, b)?
5. Use Theorem 3 to prove that for a, b, and c in Z,
(a, bc) = 1 ⇐⇒ (a, b) = 1 and (a, c) = 1.

31 12
6. Find the continued fraction for , and for .
12 31
162 73
73 162
233 144
144 233
1001
9. Find the continued fraction for .
847
10. This exercise deals with functions from N → Z; such functions are often called
arithmetic functions. Many arithmetic functions f : N → Z are multiplicative:
that is, (m, n) = 1 =⇒ f (m · n) = f (m) · f (n). When f (m · n) = f (m) · f (n),
regardless of the GCD (m, n), we say f is completely multiplicative. For
multiplicative functions, f (1) = 1 is necessary.
Some examples of arithmetic functions are the power functions,

Pk (n) = nk
for k ∈ W, the powers of divisors functions σk (n) = dk for k ∈ W,
d>0, d|n
and the function that has value 1 if n is prime and value 0 if n is not.
(a) Show that Pk (n) is completely multiplicative.

(b) Show that σk (n) is multiplicative.

(c) Show that if f is completely multiplicative, then F (n) = f (d) is

d>0, d|n
multiplicative.
(d) Give an example

to show that even if f is completely multiplicative, then
F (n) = f (d) may not be completely multiplicative.
d>0, d|n

(e) Show that if f is multiplicative, then F (n) = f (d) is multiplica-

d>0, d|n
tive.
11. For integers a, b, and c,
(a) Write a definition of the greatest common divisor, d, of a, b, and c.

(b) Show that the greatest common divisors (a, (b, c)) and ((a, b), c) are
equal.
(c) Conclude that we may define the integer (a, (b, c)) = ((a, b), c) as the
greatest common divisor (a, b, c).
(d) What is (6, 10, 15)?
(e) What is (91, 119, 259)?
(f) Let a, b, and c be integers, and d = (a, b, c). Prove or disprove: d can be
written as d = ax + by + cz for some integers x, y, and z.
10. The amazing array 39
10 The amazing array
In mathematics, once we have performed some process, we often want to reverse it.
After multiplying, we factor. After raising to a power, we take roots. After learning
about exponential functions, we learn about logarithmic functions. Earlier, we
calculated that 29 11 = [2; 1, 1, 1, 3]. Now suppose we are given the continued fraction
[2; 1, 1, 1, 3] and we want to figure out what rational number it represents. We can
write it as
1
2+
1 + 1+ 1 1
1+ 1
3
and simplify using grade school algebra, or we can use what we shall call the amazing
array:
2 1 1 1 3
0 1 2 3 5 8 29
1 0 1 1 2 3 11
This was built as follows: we start with
0 1
1 0
Now we use the entries in the continued fraction to fill in the top row:
2 1 1 1 3
0 1
1 0
So in general this will look like
a0 a1 a2 ··· ak ··· am
0 1
1 0
The entries in the middle of the amazing array are labeled Pk on the top row and
Qk on the bottom row:
a0 a1 a2 ··· ak ··· am
0 1 P0 P1 P2 ··· Pk ··· Pm
1 0 Q0 Q1 Q2 ··· Qk ··· Qm
The Pk and Qk are filled in according to:

P0 = a0 , P1 = a0 a1 + 1, Pk = ak Pk−1 + Pk−2 for k ≥ 2;
Q0 = 1, Q1 = a1 , Qk = ak Qk−1 + Qk−2 for k ≥ 2.
If this is thought of as “multiply the last entry by ak and add the entry before
that”, then the 0, 1, 1, 0 entries on the left tell us how to start. Starting with the
continued fraction 29
11 = [2; 1, 1, 1, 3], we thus get
2 1 1 1 3
0 1 2 3 5 8 29
1 0 1 1 2 3 11
This is the easy way of undoing the Euclidean algorithm. We will be using the
amazing array in a variety of settings (that is, different rings, not just the integers)
in the coming sections. Now how does this help? Using the last two columns in the
array, we have
(8)(11) − (29)(3) = 88 − 87 = 1
so x = −3, y = 8 solves the equation
29x + 11y = 1.
So we used the last 2 × 2 determinant. What about the other determinants? They
are −1, +1, −1, +1, . . . . Is this always true? Hold that thought while we do
another
737
Example. It is an easy calculation to see that = [4; 1, 2, 3, 1, 2, 4]. Filling in
157
the amazing array, we get
4 1 2 3 1 2 4
0 1 4 5 14 47 61 169 737
1 0 1 1 3 10 13 36 157
The last two columns of the amazing array give us the determinant (169)(157) −
(737)(36) = 26, 533−26, 532 = +1. Therefore (737, 157) = 1, and x = −36, y = 169
is a solution to the equation 737x + 157y = (737, 157).
Example. To try another example, let’s try to solve 111x + 2405y = (111, 2405).
We calculate
2405 74 1 1 1
= 21 + = 21 + 111 = 21 + 37 = 21 + 1 = [21; 1, 2],
111 111 74 1 + 74 1+ 2
so we have
21 1 2
0 1 21 22 65
1 0 1 1 3
10. The amazing array 41
The determinant is (22)(3) − (65)(1) = +1, and we can also see that 65 2405
3 = 111 . We
may then calculate that 111 = 3 · 37, so 3 = 111 = 3·37 , and (111, 2405) = 37.
65 2405 65·37
Multiplying the determinant calculation by 37 and rearranging, we get (22)(3)(37)−

(65)(1)(37) = 37 = (111, 2405), so (111)(22) + (2405)(−1) = 37 = (111, 2405).
Hence x = 22, y = −1 is a solution to 111x + 2405y = (111, 2405).
737
For 157 = [4; 1, 2, 3, 1, 2, 4], we have
P0 4 P1 5
= = 4.0, = = 5.0,
Q0 1 Q1 1
P2 14 P3 47
= = 4.66, = = 4.7,
Q2 3 Q3 10
P4 61 P5 169
= ≈ 4.6923, = = 4.694,
Q4 13 Q5 36
P6 737
= ≈ 4.694267516
Q6 157
so
P0 P2 P4 P6 P5 P3 P1
< < < < < < .
Q0 Q2 Q4 Q6 Q5 Q3 Q1
Is this true in general? These fractions seem to converge towards our actual value of
737 Pk
157 , so we will call Qk the kth convergent to the continued fraction [a0 ; a1 , a2 , . . .].
Exercises
183
1. Find the continued fraction for and then fill out the amazing array for
68
it. Solve the equation 183x + 68y = (183, 68).
2094
2. Find the continued fraction for − and then fill out the amazing array
685
for it. Solve the equation −2094x + 685y = (−2094, 685).
294
3. Find the continued fraction for and then fill out the amazing array for
686
it. Solve the equation 294x + 686y = (294, 686).
4. In the text we found one solution to the equation 111x + 2405y = (111, 2405).
Find all its integer solutions (x, y).
5. Find all integer solutions (x, y) to the equation 2465x + 3298y = (2465, 3298).
6. To simplify somewhat, in football a team may score seven points (for a touch-
down) or three points (for a field goal).
(a) How many different combinations of touchdowns and field goals will
result in a score of 42 points?
(b) If we also consider the ordering of the scoring events, in how ways can a
team score 42 points?
(c) In how many ways can two teams end with a final score of 42 to 41,
regardless of order? if we consider order?
(d) If we also consider safeties, which are worth two points, in how ways can
a team score 21 points (regardless of order)?
7. Suppose a chemist has one unscaled container that holds 14cc, another that
holds 33cc, and an abundant supply of water.
(a) What can she do to end up with 18cc of water for an experiment?
(b) Find another way to answer part (a).
(c) Which of your two answers uses the least amount of water?
8. Suppose PVC pipe comes in two lengths: 44 feet long and 19 feet long.
(a) Can you lay pipe to connect two buildings that are 755 feet apart, with-
out cutting any pipes?
(b) Can you lay pipe to connect two buildings that are 754 feet apart, with-
out cutting any pipes?
(c) Obviously laying pipe is possible for 19 feet, or 38 feet, or 44 feet. No
other distances less than 57 feet are possible (without cutting any pipes),
but all distances from 780 to 784 are possible. What is the longest
distance that cannot be connected with pipes of length 44 feet and 19
feet (without cutting any pipes)?
11 Convergents
Given a continued fraction, we want to prove that the even convergents increase,
that the odd ones decrease, that all the odd convergents are larger than all the
even convergents, and that the determinants Pk Qk+1 − Pk+1 Qk are alternately ±1.
There is one further fact about determinants we would like to prove—let’s see if
we can conjecture it. We will build the amazing array for the continued fraction
[1; 2, 3, 4, 5, 6, 7, 8]:
1 2 3 4 5 6 7 8
0 1 1 3 10 43 225 1393 9976 81201
1 0 1 2 7 30 157 972 6961 56660
If we take skipped determinants, by leaving out a column, we get −1, 2, −3, 4, −5,
6, −7, 8, don’t we? Thus, we have
Proposition 5 Given an amazing array for any continued fraction [a0 ; a1 , a2 , . . . ,

Pk
am ], of level m, with convergents PQO0 , Q
P1
1
P2
, Q 2
, ..., Q k
Pm
, ..., Q m
, we have
(a)
Pk Qk+1 − Pk+1 Qk = (−1)k+1 for k ≥ 0
and, in particular, notice that Pk and Qk are relatively prime, for all k ≥ 0.
(b)
Pk Qk+2 − Pk+2 Qk = ak+2 (−1)k+1 for k ≥ 0.
11. Convergents 43
(c)
P0 P2 P4 Pm P5 P3 P1
< < < ... < < ... < < < .
Q0 Q2 Q4 Qm Q5 Q3 Q1
Proof . The proof of parts (a) and (b) are left to the reader. We will now use these
Pk Pk+2
two facts to prove part (c). To see the relationship between Q k
and Q k+2
, we will
look at the sign of their difference. We get
Pk Pk+2 Pk Qk+2 − Pk+2 Qk ak+2 (−1)k+1

− = = .
Qk Qk+2 Qk Qk+2 Qk Qk+2
Since the Qk are all positive, and all the ak are positive except possibly for a0 ,
we see that this difference is positive for k odd and negative for k even. Thus the
odd convergents decrease and the even convergents increase. On the other hand,
looking at the difference between an odd and an even convergent, we have
Pk Pk+1 Pk Qk+1 − Pk+1 Qk (−1)k+1

− = =
Qk Qk+1 Qk Qk+1 Qk Qk+1
so this difference is positive when k is odd and negative when k is even. Thus
each even convergent is smaller than the odd convergent before it, and each odd
convergent is larger than the even convergent before it. These two facts tell us
(make sure you are convinced) that indeed we have
P0 P2 P4 Pm P5 P3 P1
< < < ... < < ... < < < .
Q0 Q2 Q4 Qm Q5 Q3 Q1
√
In the exercises you are asked to work out the continued fraction for 2, which must
be infinite if there is such a thing. We get similar results for irrational numbers:
Conjecture: Any irrational number (an element of R that is not in Q) can be

written as an infinite continued fraction:
r = [a0 ; a1 , a2 , . . . , ak , . . .],
where a0 = r ∈ Z and the ak are in N for k ≥ 1; the amazing array works as

before:
a0 a1 a2 ··· ak ···
0 1 a0 a0 a1 + 1 a0 a1 a2 + a2 + a0 ··· Pk ···
1 0 1 a1 a1 a2 + 1 ··· Qk ···
with the same rules as before for generating the Pk and Qk , and the same properties
proved before:
1. Qk > 0 for all k ≥ 0.

2. Pk Qk+1 − Pk+1 Qk = (−1)k+1 for k ≥ 0.

3. Pk Qk+2 − Pk+2 Qk = ak+2 (−1)k+1 for k ≥ 0.
Pk
We get convergents Qk that are in lowest terms, so (Pk , Qk ) = 1, and
P0 P2 P4 P5 P3 P1
< < < ... < < < .
Q0 Q2 Q4 Q5 Q3 Q1
We conjecture that
Pk
lim = r.
k→∞ Qk
Let’s see an example of this process
√ and see why our conjecture is so. We will
find the continued fraction for 19 and then construct
√ the first several columns of
the amazing array. As a first step, we see that 19 is between 4 and 5. Thus we
subtract 4, and as a first step we have
√ √
19 = 4 + ( 19 − 4).
√
We know 19 − 4 is some number between 0 and 1, so we invert to get a number
bigger than 1:
√ √ 1
19 = 4 + ( 19 − 4) = 4 + 1 .
√
19−4
1
How do we figure out what the integral part of √19−4 is? We could use technology,
but the old multiply-by-the-conjugate trick we learned in high school works
√ here:
when we multiply the top and the bottom of the innermost fraction by 19 + 4,
we get
√ √ 1 1
19 = 4 + ( 19 − 4) = 4 + 1 =4+ √ .
√ √ 19+4
√
19−4 ( 19−4)( 19+4)
Simplifying, we get
√ 1 1
19 = 4 + √ =4+ √ .
√ 19+4
√ 19+4
( 19−4)( 19+4) 3
√ √ √
Now since 19 is between 4 and 5, we have 8 < 19 + 4 < 9, so 83 < 19+4 3 < 3.
Thus the integer part is 2, and we subtract 2 = 63 off to find the next fractional
part:
√ 1 1 1
19 = 4 + √ =4+ √ =4+ √ .
19+4
3 2+ 19+4
3 −2 2+ 19−2
3
Inverting as before, we get

√ 1 1
19 = 4 + √ = 4+ 1 .
2+ 19−2 2+ √ 3
3 19−2
Once again multiplying by the conjugate and simplifying, we get

√ 1 1 1
19 = 4 + 1 =4+ 1 =4+ 1 .
2+ √
3( 19+2)
2+ √
3( 19+2)
2+ √
19+2
√ √
( 19−2)( 19+2) 15 5
11. Convergents 45
√
19+2 5
Is it easy to see that 5 is between 1 and 2, so we subtract 1 = 5 and get
√ 1 1
19 = 4 + 1 =4+ .
2+ √ 2+ √1
19+2 19−3
5 1+ 5
√
Now we invert and multiply by the conjugate 19 + 3 to get
√ 1 1 1
19 = 4 + 1 =4+ 1 =4+ 1
2+ √ 2 + 1+ 2+
19−3 √1 1+ √1
1+ 5 5( 19+3) 5( 19+3)
√ √
( 19−3)( 19+3) 10
1
=4+ 1 .
2+ 1+ √ 1
19+3
2
Continuing, we get
√ √
19 + 3 19 − 3 1 1 1
=3+ =3+ =3+ √ =3+ √
2 2 √ 2 √
2( 19+3)
√
2( 19+3)
19−3 ( 19−3)( 19+3) 10
1
=3+ √ .
19+3
5
√
Now 19+3
5 √ is between 1 and 2, so we subtract 1 = 55 and multiply by the necessary
conjugate, 19 + 2, to get
√ √
19 + 3 19 − 2 1 1 1
=1+ =1+ 5 =1+ √ =1+ √ .
5 5 √ √
5( 19+2)
√
19+2
19−2 ( 19−2)( 19+2) 3
√
19+2
The next step is to see that is between 2 and 3, so we subtract 2 = 63 and
3
multiply by the conjugate to get
√ √
19 + 2 19 − 4 1 1 1
=2+ =2+ 3 =2+ √ =2+ √ .
3 3 √ √
3( 19+4)
√
3( 19+4)
19−4 ( 19−4)( 19+4) 3
√
And now (finally!), we get the payoff. The last denominator is 19 + 4, √which is
between 8 and 9. And when we subtract 8, we get a fractional part of 19 − 4,
which we dealt with before (at the first step). Therefore we would simply repeat
the work above over and over, so we get the infinite continued fraction
[4; 2, 1, 3, 1, 2, 8].
At each step, when we rounded√ down, we produced numbers that were alternately
under- and over-estimates of 19: rounding down a denominator produces a num-
ber with a denominator that is too small, and thus the number is an overestimate;
but rounding down the denominator of a denominator will make the truncated
continued fraction have a numerator that is too small,
! and
" thus we would have an
P2k
underestimate. Continuing in the way we see that Q is an increasing sequence,
! " 2k
P2k+1
bounded above by r, and Q 2k+1
is a decreasing sequence, bounded below by r,
and we have
P0 P2 P4 P5 P3 P1
< < < ... < r < ... < < < .
Q0 Q2 Q4 Q5 Q3 Q1
On the other hand, we have the following
Lemma 2 Qk ≥ k for all k ≥ 0.
Proof . By induction on k, after proving the three cases k = 0, 1, 2 separately.

We have Q0 = 1, Q1 = a1 , and Q2 = a1 a2 + 1, and we know that ak ≥ 1 for all
k > 0. Hence we have Q0 > 0, Q1 ≥ 1 and Q2 ≥ 1 + 1 = 2 so the first three cases
are proved. Now we assume that Qk ≥ k for k = 0, 1, 2, . . ., n, and try to prove it
for k = n + 1. We have
Qn+1 = an+1 Qn + Qn−1 ≥ an+1 (n) + (n − 1) ≥ n + n − 1 = (n + 1) + (n − 2) ≥ n + 1
for n ≥ 2. Since we have taken care of the first three cases, this completes the
proof.
Thus the Qk are increasing at least as fast as k, and

Pk Pk Pk+1

Qk − r < Qk − Qk+1

Pk Qk+1 − Pk+1 Qk
=
Qk Qk+1

(−1) k+1
=
Qk Qk+1
1
=
Qk Qk+1
1
≤
k(k + 1)
1
≤ .
k2
Thus successive convergents narrow in on r from each side. Hence we have proved
Proposition 6 For r ∈ R with convergents Pk /Qk , we have
P0 P2 P4 P5 P3 P1 Pk
< < < ... < r < ... < < < and lim = r.
Q0 Q2 Q4 Q5 Q3 Q1 k→∞ Qk
√
If we look at 3, we get
√
3 = [1; 1, 2, 1, 2, 1, 2, 1, . . .] = [1; 1, 2]
so our amazing array starts:
1 1 2 1 2 1 2 1 2 1 2 ···
0 1 1 2 5 7 19 26 71 97 265 362 989 ···
1 0 1 1 3 4 11 15 41 56 153 209 571 ···
11. Convergents 47
From this we can gather the following data

Pk √ Pk # $
k decimal
error = 3 − Qk Qk+1 1
Qk Qk error
0 1 1.0 0.73205 . . . 1 1
1 2 2.0 0.26795 . . . 3 3
5
2 1.6 0.06538414 . . . 12 15
3
7
3 1.75 0.017949192 . . . 44 55
4
19
4 1.72 0.00477808 . . . 165 209
11
26
5 1.73 0.001282525 . . . 615 779
15
71
6 1.73170 0.00034349 . . . 2296 2911
41
97
7 1.732142857 0.000092049 . . . 8568 10,863
56
265
8 1.732026144 . . . 0.000024663 . . . 31,977 40,545
153
362
9 1.732057416 . . . 0.0000066087 . . . 119,339 151,316
209
989
10 1.732049037 . . . 0.00000177079 . . . 445,380 564,719
571
1
The last two columns confirm that the error is less than in absolute value.
Qk Qk+1 √
We should note the significance of this calculation here. If we take 3 = 1.73205 . . .
and truncate the decimal expansion at the nth place, we would expect√the resulting
approximation to be within 12 · 10−n = 2·101
n of the actual value of 3. Since the
n
resulting approximation has a denominator
√ of 10 , we are getting, in general, an
error estimate that looks like 3 − rs < 2s
1
. This is much less accuracy (and a
much larger error, in √
general) than we get from the convergents to the continued
fraction expansion of 3. We will not explore this theme of rational approximation
much more in this book, but Project J on pages 275–277 touches on this topic.
More can be found in [Davenport].
Exercises
12 15 27
1. Find the continued fractions for , , and . Then use the amazing array
7 6 18
to solve the equations
12x + 7y = (12, 7), 15w + 6t = (15, 6), and 27r + 18s = (27, 18).
132 159 297
2. Find the continued fractions for , , and . Then use the amazing
17 87 139
array to solve the equations
132x+17y = (132, 17), 159w+87t = (159, 87), and 297r+139s = (297, 139).
1032 1597 2197

3. Find the continued fractions for , , and . Then use the amazing
217 987 1339
array to solve the equations
1032x + 217y = (1032, 217), 1597w + 987t = (1597, 987), and

2197r + 1339s = (2197, 1339).
√
4. Find the first several terms of the continued fraction for 2 and then fill out
six columns of the amazing array.
√
5. Find the first several terms of the continued fraction for 11 and then fill out
6. Find the first several terms of the continued fraction for e and then fill out
7. Find the first several terms of the continued fraction for ln(2) and then fill
out six columns of the amazing array.
8. Find the first several terms of the continued fraction for π and then fill out
six columns of the amazing array. Do you notice anything odd?
9. Prove parts (a) and (b) of Proposition 5.
10. Modify the proof given in Lemma 2 that Qk ≥ k to show that Qk ≥ Fk
where Fk is the kth Fibonacci number (the Fibonacci numbers are defined
in Exercise 12 on page 24). Conclude (using Exercise 13a on page 24) that
the denominators of the convergents to any continued fraction are growing
at least exponentially, whereas Lemma 2 only shows that these denominators
are growing at least linearly.
11. Show that the area of the parallelogram spanned by the vectors a = (a1 , a2 )
and b = (b1 , b2 ) is the absolute value |a1 b2 − a2 b1 | (see Figure 5).
Figure 5: Area of a parallelogram

√
12. Find the pattern for the infinite continued fraction for 28.
√
13. Let m ∈ N. Find the pattern for the infinite continued fraction for m2 + 1.
Then prove this pattern.
√
14. Let m ∈ N. Find the pattern for the infinite continued fraction for m2 + 2.
12. The amazing super-array 49
√
15. Let m ∈ N. Find the pattern for the infinite continued fraction for m2 − 1.
√
16. Let m ∈ N. Find the pattern for the infinite continued fraction for m2 − 2.
√
17. Let m ∈ N. Find the pattern for the infinite continued fraction for m2 + m.
1 1
18. Let α and β be positive irrational numbers such that + = 1. Consider
α β
the two sequences of integers given by
S = {α · k : k ∈ N}
and
T = {β · k : k ∈ N}.
Show that every positive integer shows up exactly once (either in S or in T ).
That is, show that S ∩ T = ∅ and S ∪ T = N.
12 The amazing super-array
The extended calculation on pages 44–45 is rather tedious, and we seek a way to
streamline it. To that end, we will introduce some notation. If r ∈ R is a real
number for which we seek a continued fraction, then we will define real numbers r0 ,
1
r1 , r2 , . . . to keep track of our calculation: r0 = r, r1 = r0 −r 0
(so that r = a0 + r11 ),
1
and in general rn+1 = rn −rn , so that at the nth step we have
1
r = [a0 ; a1 , a2 , a3 , . . . , an−1 , rn ] = a0 + 1 .
a1 + a2 + 1
a3 + 1
..
. 1
an−1 + 1
rn
Finding the terms of the continued fraction, the ak , is then a simple matter of
rounding: ak = rk . The amazing super-array is a way to make √
this calculation
a+ d
automatic in the important case where r is√of the form r = b (with a, b, and
d ∈ Z); note that every pure square root n is of this form, as is every root of
a quadratic in Z[x], or for that matter any root of a quadratic
√
in Q[x]. What we
will do is define integer sequences {Ak } and {Bk } via rk = d+A Bk . Thus in the
k
calculation on pages 44–45, we have
k 0√ 1 2 3 4 5 6 7 ...
√ √ √ √ √ √ √ √
rk 19 = 19+0
1
19+4
3
19+2
5
19+3
2
19+3
5
19+2
3
19+4
1
19+4
3 ...
Ak 0 4 2 3 3 2 4 4 ...
Bk 1 3 5 2 5 3 1 3 ...
ak 4 2 1 3 1 2 8 2 ...
% √ the &numbers Ak , Bk , and

and the columns repeat after this. So how do we generate
d+A0
ak ? Clearly A0 and B0 have to be given, and a0 = B0 ; in general we have
%√ &
d−A2k+1
ak = d+Ak
Bk . Furthermore Ak+1 = ak · Bk − Ak , while Bk+1 = Bk . This all
comes from the following calculation:
√
d + Ak
rk =
Bk
√
d + Ak
= ak + − ak
Bk
√
d + (Ak − ak Bk )
= ak +
Bk
√
d − Ak+1
= ak +
Bk
1
= ak + Bk
√
d−Ak+1
1
= ak + √
Bk ( d+Ak+1 )
d−A2k+1
1
= ak + √
d+Ak+1
(d−A2k+1 )/Bk
1
= ak + √
d+Ak+1
Bk+1
1
= ak + .
rk+1
It is left to the reader to check that these rules √have been applied correctly in the
√
19 calculation above; another example is r = 34+8 5 :
k 0 1 2 3 4 5 6 7 8 9 ...
Ak 8 2 4 5 4 2 3 2 4 5 ...
Bk 5 6 3 3 6 5 5 6 3 3 ...
ak 2 1 3 3 1 1 1 1 3 3 ...
√ √
thus r = 34+8
5 = [2; 1, 3, 3, 1, 1, 1]. The terms of the continued fraction for 34+8
5
appear on the bottom
√
row; we could use them in the usual way to produce the
convergents to 34+8
5 (that is why this is called the amazing super-array):
k 0 1 2 3 4 5 6 7 8 9 ...
Ak 8 2 4 5 4 2 3 2 4 5 ...
Bk 5 6 3 3 6 5 5 6 3 3 ...
ak 2 1 3 3 1 1 1 1 3 3 ...
0 1 2 3 11 36 47 83 130 213 769 2520 ...
1 0 1 1 4 13 17 30 47 77 278 911 ...
√
34+9
One further example, r = 3 , may help illuminate this process.
k 0 1 2 3 4 5 6 7 8 9 10 11 ...
16 16 16 16 16 16
Ak 9 3 3 3 3 3 3 3 3 3 3 3 ...
25 2 25 25 2 25 25 2 25
Bk 3 3 3 3 3 3 3 3 3 3 3 3 ...
ak 4 1 16 1 2 1 16 1 2 1 16 1 ...
√
Thus r = 34+9
3 = [4; 1, 16, 1, 2]. As we might expect from the formula for Bk , these
numbers Bk are sometimes not integers, which implies the Ak are non-integral as
well. However, the first two situations are covered by the following lemma.
√
Lemma 3 With rk = d+A Bk , ak = rk , Ak+1 = ak Bk − Ak, Bk+1 = d − Ak
k 2
defined as on page 50, we have B0 |(d − A0 ) =⇒ all the Bk (and thus all the Ak )
2
will be integers.
Proof . We proceed by induction on k. For the base case, note that d − A21 =
d − (a0 · B0 − A0 )2 = d − A20 + B0 (2a0 A0 − a20 B0 ) so d − A21 is a multiple of B0 , and
B0 |d − A21 =⇒ B1 ∈ Z. But then suppose we assume that all Bk ∈ Z for k = 0, 1,
2, . . . , m. In particular Bm ∈ Z, so Bm−1 |d − A2m , in fact d − A2m = Bm Bm−1 . Now
Am+1 = am Bm − Am , so d − A2m+1 = d − (am Bm − Am )2 = d − A2m + Bm (2am Am −
a2m Bm ) = Bm Bm−1 + Bm (2am Am − a2m Bm ) is an integer multiple of Bm , so Bm+1
is an integer.
In addition to making the calculations easier, having all the Bk and Ak be integers
allows
√ us to draw conclusions, such as ensuring that we get repetition, as we did for
19 and the other examples, and thus an eventually periodic continued fraction.
Definition 12 A continued fraction r = [a0 ; a1 , a2 , a3 , . . .] is called purely periodic

if there exists a k ∈ N such that aj+k = aj for all j ∈ W. A continued fraction
[a0 ; a1 , a2 , a3 , . . .] is called eventually periodic if there exist positive integers k and
N such that aj+k = aj for all j ≥ N . In either case, the smallest k for which this
is true is the called the period of r.
√
Proposition 7 Let d ∈ N be not a perfect square. Then r = d has an eventually
periodic continued fraction expansion.
√
Proof . In this important special case where r = d (so A0 = 0 and B0 = 1), we
can show the following inequalities (for k ≥ 0):
√
• 0 ≤ Ak < d
• 1 ≤ Bk ≤ d
√
• 1 ≤ ak < 2 d
These inequalities are all tied to each other, so we will proceed via induction on
k for all three double inequalities at once. The base case k = 0 is immediate: we
have A0 = 0 and B0 = 1 already, and we√ must have d > 1 for the calculation
to be interesting, and d > 1 =⇒ a0 = d ≥ 1. Thus we assume these three
inequalities hold up to k and we examine the (k + 1)st case. The calculation on
page 50 shows us that √
d − Ak+1
rk = a k +
Bk
√
and by the choice of ak = rk we see that we have 0 < d−A k+1
< 1. This
√ Bk
implies that Ak+1 < d since we have assumed Bk > 0. This in turn implies that
d−A2
1 ≤ Bk+1 ≤ d, since Bk+1 = Bkk+1 ≤ d was shown earlier to be an integer. And
√ %√ & √
d+Ak+1
then Bk+1 ≥ 1 and Ak+1 < d together show that ak+1 = Bk+1 < 2 d, while
ak+1 ≥ 1 by definition. Thus we have bounded Ak , Bk , and ak . The √
significance
d+Ak
of this is that there are now a finite number of possibilities for rk = Bk and so
the amazing super-array (or the algebraic calculation) must repeat at some point,
which shows that the continued fraction is eventually periodic.
√
What about quadratic irrationals that are not as simple as d? Though a similar
approach might be made √
to work, a full proof is beyond the scope of this book. As
34+9
the example with r = 3 shows, the Bk and thus the Ak may not always be
integers. One trick allows us to avoid non-integral Bk and Ak : if √ B0 /|d − A20 , we
employ an algebra trick to make sure that B0 |d − A0 : given r = d+A
2
B0 , rewrite
0
√
dt2 +A0 t
it as r = B0 t , then adjust t so that B0 t|dt2 − A20 t2 ⇐⇒ B0 |(d − A20 )t (for
√
34+9
example, t = B0 always works). If we employ this trick to re-write r = as
√ 3
r = 306+27
9 , we get
k 0 1 2 3 4 5 6 7 8 9 10 11 · · ·
Ak 27 9 16 16 9 9 16 16 9 9 16 16 · · ·
Bk 9 25 2 25 9 25 2 25 9 25 2 25 · · ·
ak 4 1 16 1 2 1 16 1 2 1 16 1 · · ·
Why do we concentrate on the case where r is the root of a quadratic polynomial?

Our next theorem will show why, but first we have some definitions:
Definition 13 A real number r is called a quadratic irrational if r ∈ Q and r is

the root of a quadratic polynomial in Z[x].
√ √
34+8
√
34+9
Thus 19 is a quadratic irrational, as are 5 and 3 .
If r is the root of √
a quadratic polynomial, then by the quadratic formula we know r
has the form −b± 2a b2 −4ac
. Since for each d ∈ Z adx2 + bdx + cd has the same roots
2
as ax + bx + c, we see that there may be scaling involved, but we shall make the
following definition.
Definition 14 Let r be a quadratic irrational.√

The type of r is (a, b, c) where a,
b, c ∈ Z, the GCD (a, b, c) = 1, and r = −b+ 2a
b2 −4ac
. Furthermore, each quadratic
irrational has a discriminant, Δ, defined to be Δ = b2 − 4ac.
√
We have Δ > 0 for all real quadratic irrationals. Thus d is of type (1, 0, −d) with
√ √
discriminant 4d, − d is of type (−1, 0, d) with discriminant 4d, 34+8 is of type
√ 5
− 34+8
(5, −16, 6) with discriminant 136 = 4 · 34 while its conjugate, , is of type
√ 5
(−5, 16, −6) with discriminant 136, and −15−7 23 is of type (−49, −210, −202) with
discriminant 4508 = 142 · 23. Also note that the purely periodic continued fraction,
x = [a0 , a1 , a2 , . . . , ak ],
Pk x+Pk−1
satisfies x = [a0 , a1 , a2 , . . . , ak , x] = Q k x+Qk−1
, thus Qk x2 + Qk−1 x = Pk x + Pk−1 ,
so x is of type (Qk , Qk−1 − Pk , −Pk−1 ), with discriminant Δ = (Qk−1 − Pk )2 +
4Pk−1 Qk = (Qk−1 + Pk )2 + 4(Pk−1 Qk − Pk Qk−1 ) = (Qk−1 + Pk )2 + 4(−1)k . Since
f (x) = Qk x2 + (Qk−1 − Pk )x − Pk−1 has f (0) = −pk−1 < 0 and f (−1) = Qk −
Qk−1 + Pk − Pk−1 = Qk−2 + Pk−2 > 0, f must have two roots, x > a0 ≥ 1 and its
conjugate, x, for which −1 < x < 0. This leads to another definition.
Definition 15 Let√ r be a quadratic irrational of type (a, b, c). If r > 1 and the
conjugate r = −b− 2a
b2 −4ac
, of type (−a, −b, −c), satisfies −1 < r < 0, then we say
r is a reduced quadratic irrational.
The significance of this is the following proposition.
Proposition 8 Of the many quadratic irrationals of a given discriminant Δ ∈ N,

there are a finite number of reduced quadratic irrationals.
Proposition 9 Let r be a quadratic irrational of type (a, b, c) and discriminant

Δ ∈ N. Then for n ∈ Z, r − n is a quadratic irrational of type (a, b + 2an, c + bn +
an2 ) and discriminant Δ, and 1r is a quadratic irrational of type (−c, −b, −a) and
discriminant Δ.
Theorem 5
• A real number q is represented by a finite continued fraction ⇐⇒ q ∈ Q.
• A real number r is represented by a periodic infinite continued fraction ⇐⇒

r is a reduced quadratic irrational.
• A real number r is represented by an eventually periodic infinite continued

fraction ⇐⇒ r is a quadratic irrational.
Proof . The first statement is quite clear: if q ∈ Q then the Euclidean algorithm will
stop after a finite number of steps, and q will be represented by a finite continued
fraction. On the other hand, a finite continued fraction can clearly be simplified
(using algebra or the amazing array) into a rational number.
As for the second part, suppose we have an eventually periodic continued fraction.
Call it y, so we have
y = [a0 ; a1 , . . . , aN , aN +1 , aN +2 , . . . , aN +k−1 ].
If we define x to be the purely periodic continued fraction
x = [aN , aN +1 , aN +2 , . . . , aN +k−1 ],
then we may find x by substituting x back into itself:
x = [aN ; aN +1 , aN +2 , . . . , aN +k−1 , x].
The right-hand side simplifies (via the amazing array, if we wish) to something of
Pk x+Pk−1
the form Q k x+Qk−1
, and Pk , Pk−1 , Qk , and Qk−1 are all integers (since all the ak
are). Thus we have
Pk x + Pk−1
x= ,
Qk x + Qk−1
which leads to Qk x2 + (Qk−1 − Pk )x − Pk−1 = 0, so x is a reduced quadratic
irrational (the first part of our theorem shows us that x is irrational, and it was
shown above that x is reduced). Going further,
y = [a0 ; a1 , . . . , aN −1 , x],
so y can be gotten from x by a finite number of operations, either adding an integer

or taking a reciprocal. Thus y is also a quadratic irrational (see√Exercise 14);
furthermore, that implies that y can be written in the form y = M +N
d
for integers
M , N and d (where d is not a perfect square), and we have shown that eventually
periodic continued fractions simplify to quadratic irrationals.
The last two proofs (that r is a quadratic irrational =⇒ r is represented by an

eventually periodic infinite continued fraction, and that r is a reduced quadratic
irrational =⇒ r is represented by a periodic infinite continued
√ fraction) are beyond
√
the scope √
of this book.
√ We have shown the special case r = d above, and r = − d
and r = d + d are dealt with in the exercises.
Exercises
1. In analogy with continued fractions expansions, for which real numbers is the
decimal expansion eventually periodic? finite? non-periodic?
√
2. (a) Find a quadratic polynomial in Z[x] for which 34+8
5 is a root.
√
(b) Find a quadratic polynomial in Z[x] for which is a root.34+9
3
√
3. Use the amazing super-array to find the continued fraction for 22.
√
√
√
3+ 59
6. Use the amazing super-array to find the continued fraction for 5 .
√
1+ 59
7. Use the amazing super-array to find the continued fraction for 2 .
8. Use the amazing super-array to find the continued fraction for the positive
root of f (x) = 8x2 − 7x − 13.
9. (a) Let r be a reduced quadratic irrational of type (a, b, c) and discriminant

Δ. Show that a > 0, b < 0, c < 0 and b < a + c < −b.
(b) Use part (a) to prove Proposition 8.
√
10. Suppose m ∈ Z, and k a positive integer less than 2m + 1, so m2 + k is
between m and m + 1.
√
(a) Show that r = m + m2 + k is a reduced quadratic irrational in two
ways:
i. directly from the definition.
ii. using the criteria developed in Exercise 9. What second-degree poly-
nomial is r a root of?
√
(b) Conclude that m2 + k = [m; a1 , a2 , . . . , at−1 , 2m].
11. Find all reduced quadratic irrationals with discriminant Δ = 12. You may
use Exercise 9.
use Exercise 9.
use Exercise 9.
14. Prove Proposition 9.
15. Suppose r = [a0 ].
(a) Show that −r = [−(a0 + 1); 1, a0 − 1, a0 ].

√
(b) Use part (a) to show that − 2 = [−2; 1, 1, 2].
√
(c) Use part (a) to show that − 17 = [−5; 1, 7, 8].
√
(d) Use part (a) to show that −ω = [−2; 2, 1], where ω = 1+ 5
2 is defined as
the positive root of the polynomial x2 − x − 1.
16. Suppose r = [a0 ; a1 ].
(a) Show that −r = [−(a0 + 1); 1, a1 − 1, a1 , a0 ].

√
(b) Use part (a) to show that − 11 = [−4, 1, 2, 6, 3].
√
(c) Use part (a) to show that − 12 = [−4, 1, 1, 6, 2].
√
(d) Use part (a) to show that − 15 = [−4; 7, 1, 6].
√
(e) Use part (a) to find the continued fraction representation of − 63.
√ √
(f) Find the continued fractions for 120
5 and − 120
5 .
√
17. Below is a table of continued fractions for n with period three (this period
is rather rare). Conjecture a rule that accounts for this data.
√ √
√130 = [11; 2, 2, 22] −√130 = [−12, 1, 1, 2, 22, 2]
√269 = [16; 2, 2, 32] −√269 = [−17, 1, 1, 2, 32, 2]
√ 370 = [19; 4, 4, 38] −√370 = [−20, 1, 3, 4, 38, 4]
√ 458 = [21; 2, 2, 42] −√458 = [−22, 1, 1, 2, 42, 2]
√697 = [26; 2, 2, 52] −√697 = [−27, 1, 1, 2, 52, 2]
√ 986 = [31; 2, 2, 62] −√ 986 = [−32, 1, 1, 2, 62, 2]
√ 1313 = [36; 4, 4, 72] −√1313 = [−37, 1, 3, 4, 72, 4]
√ 1325 = [36; 2, 2, 72] −√1325 = [−37, 1, 1, 2, 72, 2]
√ 1613 = [40; 6, 6, 80] −√1613 = [−41, 1, 5, 6, 80, 6]
1714 = [41; 2, 2, 82] − 1714 = [−42, 1, 1, 2, 82, 2]
√
18. Below is a table of continued fractions for n with period four. Conjecture a
rule that accounts for this data.
√ √
√ 7 = [2; 1, 1, 1, 4] −√ 7 = [−3, 2, 1, 4, 1, 1]
√14 = [3; 1, 2, 1, 4] −√14 = [−4, 3, 1, 6, 1, 2]
√ 23 = [4; 1, 3, 1, 8] −
√ 23 = [−5, 4, 1, 8, 1, 3]
√ 28 = [5; 3, 2, 3, 10] − √28 = [−6, 1, 2, 2, 3, 10, 3]
√32 = [5; 1, 1, 1, 10] −√32 = [−6, 2, 1, 10, 1, 1]
√ 33 = [5; 1, 2, 1, 10] −√33 = [−6, 3, 1, 10, 1, 2]
√ 34 = [5; 1, 4, 1, 10] −√34 = [−6, 5, 1, 10, 1, 4]
√ 47 = [6; 1, 5, 1, 12] −√ 47 = [−7, 6, 1, 12, 1, 5]
√ 55 = [7; 2, 2, 2, 14] − √55 = [−8, 1, 1, 2, 2, 14, 2]
60 = [7; 1, 2, 1, 14] − 60 = [−8, 3, 1, 14, 1, 2]
19. Based on Exercises 15–18, conjecture and prove a rule for the continued frac-
tion representation of −r, based on the continued fraction representation
r = [a0 ; a1 , a2 , a3 , . . .].
20. Is the number 0.123456789101112131415161718192021 . . . rational or irra-

tional?
13 The modified division algorithm
We return to the division algorithm and modify it, using the usual way of rounding,
instead of always rounding down. This gives us the modified division algorithm.
Modified division algorithm: If a and b are integers, with b = 0, then there

exist unique integers q and r with
1 1
a = bq + r − |b| < r ≤ |b|.
2 2
13. The modified division algorithm 57
Let’s use both versions to find (144, 89):
144 = 1 · 89 + 55 144 = 2 · 89 + (−34)

89 = 1 · 55 + 34 89 = (−3) · (−34) + (−13)
55 = 1 · 34 + 21 −34 = 3 · (−13) + 5
34 = 1 · 21 + 13 −13 = (−3) · 5 + 2
21 = 1 · 13 + 8 5 = 2·2+ 1
13 = 1·8+5 2 = 2·1+0
8 = 1·5+3
5 = 1·3+2
3 = 1·2+ 1
2 = 2·1+0
We can write
144 1 144 1
=1+ or =2+
89 1+ 1 89 −3 + 1
.. ..
1+ . 3+ .
so 89= [1; 1, 1, 1, 1, 1, 1, 1, 1, 2] = [2; −3, 3, −3, 2, 2]. If we try the amazing array
144
again, we get
1 1 1 1 1 1 1 1 1 2
0 1 1 2 3 5 8 13 21 34 55 144
1 0 1 1 2 3 5 8 13 21 34 89
Pk
1.0 2.0 1.5 1.6 1.6 1.625 1.61538 . . . 1.61904 . . . 1.61764 . . . 1.61799 . . .
Qk
or
2 −3 3 −3 2 2
0 1 2 −5 −13 34 55 144
1 0 1 −3 −8 21 34 89
Pk
2.0 1.6 1.625 1.61904 . . . 1.61764 . . . 1.61799 . . .
Qk
so for the modified division algorithm we have

P4 P5 P3 P2 P1 P0
< < < < < .
Q4 Q5 Q3 Q2 Q1 Q0
Which convergents are out of order? Which elements of the continued fraction are
negative?
Try [2; −1, −1, 2, −2, −2, −2, 3]:
2 −1 −1 2 −2 −2 3
0 1 2 −1 3 5 −7 19 50
1 0 1 −1 2 3 −4 11 29
Pk
2.0 1.0 1.5 1.6 1.75 1.72 1.7241 . . .
Qk
So we get
P1 P2 P3 P6 P5 P4 P0
< < < < < < .
Q1 Q2 Q3 Q6 Q5 Q4 Q0
Which convergents are out of order? Which elements of the continued fraction are
negative?
You can do this on a calculator by not just taking the integer part, x, but by
taking the rounded-off value, x or x + 1 = x, whichever is closer.
How many of the other things we proved about the amazing array will still hold
true? The determinants are −1, +1, −1, +1, −1, etc. just as they should be, and
the 2 × 2 (skipped) determinants are +1, +2, +2, −2, −3, as they should be. So
we get
50
= [2; −1, −1, 2, −2, −2, 3]
29
= [1; 1, 2, 1, 1, 1, 2]
= [2; −4, 3, −3]
and representations of rational numbers by continued fractions aren’t unique any-
more.
Exercises
50
1. Verify that = [1; 1, 2, 1, 1, 1, 2] = [2; −4, 3, −3].
29
35
2. (a) Find four different continued fraction representations for . Which
13
one(s) are canonical (that is, which ones follow from the algorithms given
so far in this book)?
(b) Use the continued fractions found in part (a) to solve the equation 35x +
13y = 1.
284
3. (a) Find four different continued fraction representations for . Which
75
one(s) are canonical (that is, which ones follow from the algorithms given
so far in this book)?
(b) Use the continued fractions found in part (a) to solve the equation 284x+
75y = 1.
a
4. (a) Suppose we have the following pattern of signs: = [+; −, +, +, +, −, −, +].
b
Predict the order of the convergents to ab .
a
(b) Check your prediction in part (a) with the continued fraction =
b
[2; −3, 1, 1, 3, −2, −4, 6].
14 Why does the amazing array work?
One thing we have not shown is that the amazing array does what it is supposed
to do, namely simplify the algebraic calculations involved in simplifying continued
14. Why does the amazing array work? 59
fractions. Why should the amazing array work? One reason to believe that it works
144
is that we have evidence: on page 57 we expanded into a continued fraction
89
144
(twice), and then used the amazing array to go the other way and recover
89
(twice). One reason not to believe that the amazing array works, though, is that
the algebra is backwards! Notice that when we simplify a continued fraction of the
form
1
a0 + 1
a1 + a + 1
2 1
a3 +
..
. 1
an−1 + 1
an
we start by multiplying an by an−1 and adding 1 to get

1
a0 + 1 .
a1 + a2 + 1
a3 + 1
..
. an−2 + an a an
n−1 +1
At the next step we simplify

1
an ,
an−2 + an an−1 +1
etc., and eventually we end up with a rational expression that represents the con-
tinued fraction [a0 ; a1 , a2 , . . . , an ]. However, when we calculate convergents in the
amazing array, the whole process proceeds, seemingly, backwards: we start by mul-
tiplying by a0 , then by a1 , etc. How could this possibly work?
Well, it turns out that this process does work. We will be using the amazing array
in a variety of settings in the coming sections, so rather than prove that it works
again and again in different settings (such as Q, R, Q[i], C, the polynomial ring
Z[x], etc.), we shall show it works in any field, F . It is left to the reader to see that
we will always have a field handy in which to do calculations.
Theorem 6 Let a0 , a1 , a2 , . . . , an be elements of a field F and let A be the

continued fraction
1
A = [a0 ; a1 , a2 , a3 , . . . , an ] = a0 + 1 .
a1 + a2 + 1
a3 + 1
..
. an−2 + 1
an−1 + 1
an
Define the elements P0 , P1 , P2 , . . . , Pn , Q0 , Q1 , Q2 , . . . , Qn of F by the rules

P0 = a0 , P1 = a0 a1 + 1, Pk = ak Pk−1 + Pk−2 for k ≥ 2 and Q0 = 1, Q1 = a1 ,
Qk = ak Qk−1 + Qk−2 for k ≥ 2. Then
Pn
A= .
Qn
P0
Proof . We proceed by induction on n. If n = 0, then A = a0 = and we
Q0
1 a0 a1 + 1 P1
are done. If n = 1, then A = [a0 ; a1 ] = a0 + = = and again
a1 a1 Q1
we are done. Thus we will assume the theorem is true for all continued fractions
consisting of k ≥ 1 elements and try to prove it is true for continued fractions with
k + 1 elements. To do this, we employ a trick: we consider the last level of the
1
continued fraction [a0 ; a1 , a2 , a3 , . . . , ak , ak+1 ] to be the single term ak + . In
ak+1
other words, we construct convergents using the amazing array as follows:
a0 a1 a2 ··· ak−1 1
ak + ak+1
0 1 P0 P1 P2 ··· Pk−1 Pk
1 0 Q0 Q1 Q2 ··· Qk−1 Qk
Then we use the induction hypothesis to simplify this new continued fraction. By
the induction hypothesis, we know that

1 1
a0 ; a1 , a2 , a3 , . . . , ak−1 , ak + = a0 + 1
ak+1 a1 + a2 + 1
a3 + 1
..
. ak−1 + 1
1
ak +
ak+1
Pk
is equal to , where the elements P0 , . . . , Pk−1 , Q0 , . . . , Qk−1 are defined as
Qk
usual, and Pk and Qk are defined by

1 1
Pk = ak + Pk−1 + Pk−2 and Qk = ak + Qk−1 + Qk−2 .
ak+1 ak+1
Therefore we have

1 Pk
a0 ; a1 , a2 , a3 , . . . , ak−1 , ak + =
ak+1 Qk
ak+1 Pk
=
ak+1 Qk
(ak ak+1 + 1)Pk−1 + ak+1 Pk−2
= .
(ak ak+1 + 1)Qk−1 + ak+1 Qk−2
On the other hand, if we start with the continued fraction [a0 ; a1 , a2 , a3 , . . . , ak−1 , ak ,
ak+1 ], we would have the same values for the elements P0 , . . . , Pk−1 , Q0 , . . . , Qk−1 ,
but then the last two numerators and denominators would be Pˆk = ak Pk−1 + Pk−2 ,
P̂k+1 = ak+1 Pˆk + Pk−1 , Q̂k = ak Qk−1 + Qk−2 , and Q̂k+1 = ak+1 Q̂k + Qk−1 . This
would correspond to the following amazing array:
a0 a1 a2 ··· ak−1 ak ak+1

0 1 P0 P1 P2 ··· Pk−1 P̂k P̂k+1
1 0 Q0 Q1 Q2 ··· Qk−1 Q̂k Q̂k+1
15. Primes 61
The algebra in this case would give us
P̂k+1 ak+1 Pˆk + Pk−1

=
Q̂k+1 ak+1 Q̂k + Qk−1
ak+1 (ak Pk−1 + Pk−2 ) + Pk−1
=
ak+1 (ak Qk−1 + Qk−2 ) + Qk−1
(ak ak+1 + 1)Pk−1 + ak+1 Pk−2
=
(ak ak+1 + 1)Qk−1 + ak+1 Qk−2
Pk
=
Qk
= [a0 ; a1 , a2 , a3 , . . . , ak−1 , ak , ak+1 ] .
Thus we get the correct result, and by induction we have shown that the amazing
array always works as it should.
Exercises
1. Show that [a0 ; a1 , a2 , . . . , an , 1] = [a0 ; a1 , a2 , . . . , an + 1]. This implies that
no continued fraction should end with a 1. (This is reminiscent of the fact
that 0.999 . . . = 1, and the rule that no decimal expansion should end with
repeating nines forever.) What other possibility (which might occur when
using the modified division algorithm) can be ruled out?
2. Use the amazing array to simplify the continued fraction [1+i; 2−i, 3+2i, 1−i].
3. Use the amazing array to simplify the continued fraction [2 + ρ; 3 − ρ, 1 −

2ρ, 4 + 5ρ]. The number ρ is defined on page 25.
4. Use the amazing array to simplify the continued fraction [ω; 1−4ω, 2+3ω, 5−
ω]. The golden ratio, ω, is defined as the positive root of the polynomial
x2 − x − 1.
5. Use the amazing array to simplify the continued fraction [x; x2 +2, x+1, 2x+3].
15 Primes
The fundamental theorem of arithmetic talks about primes, so we need a definition

of what it means to be prime. There are alternative definitions, but we will use the
following
Definition 16 Suppose p is an integer that is not zero and is not a unit. We say
p is prime if p = a · b =⇒ a is a unit or b is a unit.
This leads immediately to an important fact.

Proposition 10 If p is a prime in Z and d|p then d = ±1 or d = ±p.
Proof . d|p =⇒ p = db =⇒ d is a unit or b is a unit. If d is a unit then d = ±1.

If b is a unit then b = ±1, so d = p/b = ±p.
The following formulation will also be handy to have.
Proposition 11 If n is an integer and n = 0, ±1, then
n is not prime ⇐⇒ n can be written n = a · b where 1 < |a|, |b| < |n|.
Proof . ( =⇒ ) We can certainly write n = a · b for some integers a and b, since

for instance n = 1 · n. If n is not prime, we must have that there is a pair a and
b with n = a · b and a is neither ±1 nor ±n. We thus have that a|n; since n = 0,
a = 0 is impossible. Thus 0 < |a| and we know |a| = 1; hence we have 1 < |a|.
Similarly, b = 0 and b = ±1 =⇒ 1 < |b|. Multiplying both sides by |a|, we get
|a| < |a| · |b| = |ab| = |n|. Thus we get 1 < |a| < |n|; 1 < |b| < |n| is proved
similarly.
(⇐=) If n is prime,
⎧
⎨ a = ±1 ⇐⇒ n = ±b ⇐⇒ b = ±n
n = a · b =⇒ or
⎩
b = ±1 ⇐⇒ n = ±a ⇐⇒ a = ±n
Thus there are only four ways to write n as a product:
n = (+1)(+n)
= (−1)(−n)
= (+n)(+1)
= (−n)(−1).
In each case, 1 < |a|, |b| < |n| is false. Thus we are done as we have proved the
contrapositive of the statement we needed to prove.
The advantage of our definition is that it readily generalizes to other rings:
Definition 17 In a ring R, a non-zero element p that is not a unit is called prime

if p = a · b =⇒ a or b is a unit of R.
Recall the three facts about linear combinations:
• (a, b) = d =⇒ there are x, y ∈ Z with ax + by = d.

• d|a and d|b =⇒ d|(ax + by) for all x and y ∈ Z.
• (a, b) = 1 ⇐⇒ there are x, y ∈ Z with ax + by = 1.
15. Primes 63
Why do we care about the equation
ax + by = d = (a, b)?
We have seen how this equation has helped us in the past; it also helps in the proof
of the next theorem.
Theorem 7 (Prime Theorem) Suppose p is a prime in Z and a and b are

integers. Then p|ab =⇒ p|a or p|b.
Proof . If p|a we are done, so assume p/|a. Then let d = (a, p). We have d|p and
d ≥ 0, so d = 1 or p, by Proposition 10. If d = p then we have d|a, a contradiction;
thus we must have d = 1. Thus (a, p) = 1 = d so we can write 1 = ax + py for some
integers x and y. Therefore we get
b = abx + bpy = (ab)x + p(by)
and since we have written b as a linear combination of multiples of p, p|b.
In the proof of the prime theorem, where and how did we use the fact that p was a
prime? Only to get the statement that (a, p) = 1. Thus we can get the following,
similar statement. (This is traditionally called Euclid’s lemma, though some would
call it a proposition or even a theorem.)
Proposition 12 (Euclid’s lemma) For d, a, and b in Z, if d|ab and (a, d) = 1,

then d|b.
Proof . (a, d) = 1 so we can write 1 = ax + dy for some integers x and y. Therefore

we get
b = abx + bdy = (ab)x + d(by)
and so d|b.
Corollary 1 Suppose p is a prime in Z, and a is any integer. Then p/|a =⇒

(a, p) = 1.
Before we proceed to the proof of the fundamental theorem of arithmetic, we state

the following
Proposition 13 If a|c and b|c and (a, b) = 1, then ab|c.

Exercises
1. Prove that for integers a, b, and c
(a) If (a, b) = 1 and c|a, then (c, b) = 1.

(b) If (a, b) = 1, then (b, c) = (b, ac). Is the converse true?
(c) If
c isa positive common divisor of a and b, then c = (a, b) ⇐⇒
a b
, = 1.
c c
(d) If c|ab, then c|(a, c)(b, c).
2. Show that 0|ab =⇒ 0|a or 0|b. (In this way, zero acts like a prime integer.
But zero is not a prime.)
3. Let p be a positive prime integer, and suppose 1 ≤ a ≤ p − 1. Prove that

(a, p) = 1 and that (p, a + kp) = 1 for all k ∈ Z.

p
4. Let p be a prime integer. Prove that for 1 ≤ k ≤ p − 1, p .
k
5. Suppose ak − 1 is a prime integer (with a ≥ 1 and k ≥ 2). Show that a = 2

and that k is a prime integer.
6. If (a, b) = 1, then show that (a2 − ab + b2 , a + b) ≤ 3.

a a
7. A fraction is in lowest terms when it is written as b with (a, b) = 1. If b and
c
d are in lowest terms, prove that
a c
+ ∈ N =⇒ b = ±d.
b d
8. Prove that every composite integer is expressible in the form xy + xz + yz + 1

with positive integers x, y, and z.
9. Prove Corollary 1.
11. Using a compass and straightedge, divide a 19◦ angle into nineteen equal
parts.
16 The proof of the fundamental theorem of arith-

metic
Before we actually prove the fundamental theorem of arithmetic, we need three

lemmas:
Lemma 4 If p is a prime and p|a1 a2 a3 · · · an , then p|ak for some k with 1 ≤ k ≤ n.

16. The proof of the fundamental theorem of arithmetic 65
Proof . We know that p|a1 or p|a2 a3 · · · an by the prime theorem. If p|a1 we

are done; otherwise p|a2 a3 · · · an and so p|a2 or p|a3 · · · an by the prime theorem.
Continuing in this way, we get that if p|an−1 we are done; otherwise p|an and the
proof is complete.
(Technically, such a result should be written as a proof by induction, but here the
reasoning should be clear (and convincing!).)
Lemma 5 If p|q1 q2 q3 · · · qn where p and the qi are all primes, then p = ±qk for
some k with 1 ≤ k ≤ n.
Proof . By Lemma 4, p|qk for some k. Since qk is a prime, this implies that p = ±1
or p = ±qk . Since p is prime, p = ±1; hence p = ±qk .
Lemma 6 Any positive integer n = 1 has a positive prime factorization; i.e., n

can be written as a product of positive primes.
Proof . Let
S = {n ∈ Z : n > 1 and n has no prime factorization}.
We have S ⊆ N. Suppose S is non-empty—then it has a smallest element by

the well-ordering principle, call it n0 . If n0 is prime, then n0 = n0 is a prime
factorization and so n0 ∈ S. Thus n0 is not prime, so it can be factored as n0 = a · b
where neither a nor b is a unit. We know that either a and b are both positive or
they are both negative; by changing signs we may assume they are both positive.
Thus a, b > 0 and a, b = 1; hence we have 1 < a, b. Therefore it follows that
a < a · b = n0 , so a ∈ S. Why is a not an element of S? It must not satisfy (at
least) one of the conditions. We have 1 < a and a ∈ Z, so the only condition left
must be that a has a prime factorization. In exactly the same way, we can show
that 1 < b < n0 , so b ∈ S and hence b also has a prime factorization. But then
n0 = a · b has a prime factorization; this contradiction shows us that S must be
empty. Therefore every n ∈ N has a prime factorization, so the lemma is proved.
Theorem 8 (Fundamental Theorem of Arithmetic) Any integer n = 0, ±1

can be written as
k
n = ±pe11 pe22 pe33 · · · pekk = ± pei i
i=1
where the pi are distinct positive primes and ei ∈ N for each i. This factorization
is unique up to a reordering of the primes.
Proof . We know any integer greater than 1 has a factorization into primes, so if
n < −1, −n has a factorization into primes and by factoring out all the negative
signs we can write n as ±1 · (product of positive primes). Thus we can concentrate
on uniqueness for positive n—any factorization of n corresponds to a factorization
of |n|. Therefore let
S = {n ∈ N : n > 1, with more than one factorization into positive primes}.
Assuming S is non-empty, let n0 be its smallest element. Then we have
n0 = pe11 pe22 pe33 · · · pekk = q1f1 q2f2 q3f3 · · · qm
fm
,
where all the pi and all the qi are positive primes, and all the powers are positive
integers. We have p1 |n0 , so p1 |q1f1 q2f2 q3f3 · · · qm
fm
so we know by our earlier lemma
that p1 = qr for some r with 1 ≤ r ≤ m. Then np10 is an integer and we have
n0
= pe11 −1 pe22 pe33 · · · pekk = q1f1 q2f2 q3f3 · · · qrfr −1 · · · qm
fm
.
p1
If np10 = 1, then n0 = p1 = qr and there are no other terms. If np10 > 1, then we have
n0 > np10 > 1, so np10 is not in S so this is the unique factorization (up to order) of
n0
p1 . Hence we must have e1 = fr , k = m, and for each i, pi = qj and ei = fj for
some j. In either event, we have shown that n0 only has one factorization (up to
order); thus S is empty and the theorem is proved.
Exercises
1. Define

1 p
Z = ∈ Q : p is an integer and q = 2 for some k ∈ W .
k
2 q
' (
(a) Show that Z 12 is a ring. (Since Z[ 21 ] ⊆ Q, which we know is a ring
(in fact, a field), you need only show that Z[ 12 ] is closed under addition,
multiplication, and inversion.)
' (
(b) Find the units in Z 12 .
' (
(c) Find the primes in Z 12 .
2. For integers a and b, show that
(a, b) = 1 ⇐⇒ there is p ∈ Z, a prime, such that p|a and p|b.
Does your proof require the fundamental theorem of arithmetic?
3. Define the Möbius function, μ : N → N, by
⎧
⎪
⎨1 if n = 1
μ(n) = 0 if m2 |n for some m ∈ N, m > 1
⎪
⎩ k
(−1) if n is the product of k distinct primes.
Show that the function μ is multiplicative (see Exercise 10 in Section 9,

page 38).
16. The proof of the fundamental theorem of arithmetic 67
4. Let n ∈ N. Using the definition in Exercise 3, show that

n %n&
μ(k) = 1.
k
k=1
5. Using the prime theorem and Lemma 6, prove that for a, b, and c in Z,
(a, bc) = 1 ⇐⇒ (a, b) = 1 and (a, c) = 1.
6. Find the smallest positive integer n such that n/2 is a perfect square, n/3 is
a perfect cube, and n/5 is a perfect fifth power.
7. Given positive integers a, b, and c, that have factorizations
f
a = pe11 pe22 pe33 · · · pekk b = q1f1 q2f2 q3f3 · · · qj j c = r1g1 r2g2 r3g3 · · · rtgt ,
where all the ps, qs, and rs are positive prime integers, how do you determine
(using the factorizations above)
(a) If a|b?
(b) If (a, b) = 1?
(c) If (a, b) = c?
(d) If [a, b] = c (where [a, b] is the LCM of a and b, defined in Exercise 6 in
Section 8)?
(e) If a is a perfect square (a = n2 for some integer n)?
(f) If a is a perfect cube?
(g) If a is a perfect mth power (a = nm for some integer n)?
(h) If a · b = c?
(i) Food for thought: Is a = N (z) = u2 + v 2 (where z = u + vi ∈ Z[i])?
You probably can’t answer this one yet, but it’s a good final exam
question . . . .
8. Define the function τ : N → N by τ (n) = the number of positive divisors of
n. (In the language of Exercise 10 on page 38, this is the function σ0 . It is
more common to call it τ .)
(a) What is τ (p) where p is a positive prime integer?
(b) What is τ (p · q) where p and q are distinct positive primes?
(c) What is τ (pk ) where p is a positive prime integer?
(d) By Exercise 10b on page 38, τ is multiplicative. Use this fact to give a
formula for τ (n), where
n = pe11 pe22 pe33 · · · pekk .
(e) Show that τ (n) is odd ⇐⇒ n is a perfect square.

9. Prove that for integers a and b, we have (a, b)[a, b] = |ab|, where [a, b] is the
least common multiple of a and b.
√
10. Let p be a positive prime in Z. Prove that p is irrational.
√ √
11. Let a, n ∈ N, with n > 1. Prove that if n
a is rational, then n a is an integer.
12. Decompose 24024 and 11628 into prime factors in Z and then find (24024, 11628)
and [24024, 11628].
13. For integers a and b, (a, b) = 1 =⇒ (ak , bn ) = 1 for all k, n ∈ N.
(a) Prove this using Exercise 5.

(b) Prove this again, using the fundamental theorem of arithmetic (and the
ideas from problem 7).
14. How many zeros are there at the end of 2017!? In general, how many zeros
are there at the end of n!?
15. Given that the integers a and b satisfy 56a = 65b, prove that a + b is
composite.
16. How many times does 2 appear in the factorization of (n + 1)(n + 2) · · · (2n −
1)(2n) into primes?
17. Prove that log2 (3) is irrational.
18. Find all integer solutions of the equation x2 − y 2 = 221.
19. Is there an integer n satisfying the following equation? If so, find it and show
that it satisfies the equation. If not, show why not.
1 + 3 + 5 + · · · + (2n − 1) 2017
= .
2 + 4 + 6 + · · · + 2n 2018
20. Out of the numbers 1, 2, 3, . . . , 200, one chooses 101 numbers. Prove that
among the numbers chosen there are at least two such that one is a multiple
of the other.
21. Let N (n) denote the smallest positive integer N such that xN = 1 for every
permutation x on n symbols, where 1 denotes the identity permutation. Prove
that if n > 1,

N (n) 1 if n is divisible by two distinct primes
=
N (n − 1) p if n is a power of a prime p.
17 Unique factorization in other rings
Let’s think about what we’ve just proven. We used two fundamental results to prove
the fundamental theorem of arithmetic—the well-ordering principle and Euclid’s
lemma that d|ab and (d, a) = 1 =⇒ d|b. What goes wrong in other rings?
In some cases, we don’t have the Euclidean algorithm (or other reasons) to force
(d, a) = 1 ⇐⇒ 1 = ax + by for some x and y in the ring. In other cases,
we might lose the well-ordering principle (which allowed us to reason about the
smallest√counterexamples to our lemmas and theorem). We will prove in the future
that Z[ 2] and Z[i] and other rings have unique factorization, and the proofs will
17. Unique factorization in other rings 69
look similar to this one. But our lists of primes and units will change: 2 and 7 are
primes in Z, but
2 = (1 + i)(1 − i) in Z[i] and 7 is still a prime

√
and in Z[ 2], we have
√ √ √ √
2 = (2 + 2)(2 − 2) and 7 = (3 + 2)(3 − 2)
√
so neither 2 nor 7 is a prime in Z[ 2].
On the other hand, consider

1 p
Z = ∈ Q : p is an integer and q = 2 for some k ∈ W ,
k
2 q
that is, the ring of all rational numbers where the denominator is a power of 2.
Here, the element 2 is a unit! (Why?)
√
What other rings will we look at? Mostly Z[ d] where d is an integer. I’ve already
asked you questions about Z[i] (when d = −1)—this is the lattice
Z[i] = {a + bi ∈ C : a and b are integers}.
This has unique factorization, but four units, not just two. And though Z ⊆ Z[i],
the primes in each ring are different.
For another example,

√ √
Z[ 2] = {a + b 2 ∈ R : a and b are integers}
has unique factorization but an infinite number of units! And

√ √
Z[ −5] = {a + b −5 ∈ C : a and b are integers}
has only two units, but it does not have unique factorization, as we’ll see. How do
we show something doesn’t have unique factorization? Two ways: find a number
that doesn’t have a factorization into primes—for instance, perhaps we can factor
n = p1 q1 = p1 p2 q2 = p1 p2 p3 q3 = · · · but this factoring process never ends! This
could happen if we cannot order our numbers and so we are unable to use the well-
ordering principle. Or it may
√ be that some √ number √ has more than one factorization:
that’s what happens in Z[ −5] and Z[ 10]. In Z[ −5] we get
√ √
6 = 2 · 3 = (1 + −5)(1 − −5)
√
and in Z[ 10] we get
√ √
6 = 2 · 3 = (2 + 10)(−2 + 10).
We will prove later, using the norm function defined in Exercise 18 on page 24, that
all these factors are in fact primes; thus in each of these rings, 6 has (at least) two
prime factorizations.
Exercises
1. Consider the ring
2Z = {m ∈ Z : m = 2n for some n ∈ Z}.
(a) What are the primes in this ring (this is a ring without identity); i.e.,
which elements cannot be factored? (This is much easier to answer than
it was in Z.)
(b) By considering the factorizations of 36 (or 60, or 84, or 100, or . . . ),
show that this ring does not have unique factorization into primes.
(c) Does Lemma 4 apply to 2Z? If so, prove it. If not, give a counterexample.
(d) Does Lemma 5 apply to 2Z? If so, prove it. If not, give a counterexample.
(e) Does Lemma 6 apply to 2Z? If so, prove it. If not, give a counterexample.
(f) What are the primes in the ring
3Z = {m ∈ Z : m = 3n for some n ∈ Z}?
Does this ring without identity have unique factorization?

√ √ √
2. Show that 4 = 2 · 2 = (1 + −3)(1 − −3) implies that Z[ −3] does not have
the property of unique factorization into primes. Hint: √ Use the norm
√ map
defined in Exercise
√ 18 in Section 5 to show that 2, 1 + −3, and 1 − −3 are
primes in Z[ −3].
3. The rings in Exercises 1 √and 2 are a little unusual in that 2Z has no multi-
√
plicative identity and Z[ −3] contains complex numbers. √ The ring Z[√ 10]
has neither of these
√ defects. Show that 6 = 2 · 3 = (2 + 10)(−2 + 10)
implies that Z[ 10] does not have the property of unique factorization into
primes.
4. In the ring Z[i], we have 10 = 2 · 5 = (3 + i)(3 − i). Explain why this does not
show that Z[i] fails to have the unique factorization into primes property.
Chapter 2
Modular Arithmetic in Z/mZ
We have been studying the ring of integers, Z, but now we will “zoom in”, so to
speak, and look at smaller, simpler versions of the integers. One way to picture
this approach is to simply look at the units place of any integers we encounter, and
ignore the tens place, the hundreds place, etc. Thus if we want to raise 2 to higher
and higher powers, we might think about the sequence 2, 4, 8, 16, 32, 64, etc., in
Chapter One. In this chapter, however, we would only see the sequence 2, 4, 8, 6,
2, 4, 8, 6, 2, etc., repeated endlessly with a period of four. We have thrown away
much information in this process of zooming in, but we have gained perspective at
the same time.
18 The integers mod m, Z/mZ
Up to now, each ring we have considered is a subring of C. That will now change.
One way to think of Z is as integers on the real line:
We want to wrap this around in a circle, so that we get
In other words, we are letting 7 = 0.
71
72 Chapter 2. Modular Arithmetic in Z/mZ
We can add still, but we get, for instance,
2+4 = 6
4+5 = 2
3 − 6 = 4,
etc. We must let all multiples of zero be zero, since we have proved that 0 · r = 0
for any r in any ring, R! Thus we get, say,
5 · 6 = 30 = 4 · 7 + 2 = 0 + 2 = 2
or
4 · 5 = 20 = 2 · 7 + 6 = 0 + 6 = 6.
What we are actually doing is using the division algorithm with b = 7 to write each
number as its remainder. We designate this system of numbers Z/7Z to indicate
that 7 (and all its multiples) is zero. In this sense the Z that you are used to is
Z/0Z.
I tell you that this is a ring. You may accept this on faith, or check yourself if
you doubt it. How to see this? We really ought to verify all the axioms: closure is
immediate from the definition, and clearly we still have additive and multiplicative
identities, and addition is still commutative, and additive inverses still exist; but
the other properties may be hard to verify. Since we will look at several different
Z/mZs, let’s see if we can do this all at once.
Another picture to keep in mind is Figure 6. In this picture, all the integers are
sorted into bins, depending on their remainders when divided by n.
Figure 6: Bins for integers
So if you want to add, say, , you just pull numbers out of the appropriate
bins, perform the addition in Z, then look for the bin that contains the answer. For
example, you might get
(2m + 1) + (−18m + 3) = −16m + 4
and the correct answer is
Does this work out? It always does, for any positive integer m. It is easy to
see that and are still 0 and 1 in the old Z, and still work as the additive
and multiplicative identities. Closure works by definition, but we have to make
sure that it is well-defined: we will be in big trouble if two different people get
two different answers for the same calculation. This works out also, because the
Euclidean algorithm says that the remainder is unique, and so when we add
18. The integers mod m, Z/mZ 73
we are off by a multiple of m in each place, perhaps, but we only end up with

uncertainty about a multiple of m, and so is determined. The same goes
for multiplication. That is, if we multiply
(km + a)(nm + b)
we get
(knm + an + bk)m + ab
and so using a and b would work just fine—the answer will be the that is the
remainder of a · b using the division algorithm:
a · b = mq + r = mq + .
You have actually used this mod arithmetic before, when you tell time: hours and
months are calculated in Z/12Z, minutes and seconds are calculated in Z/60Z.
Multiplication and addition are still commutative just as in Z, and associative also
for the same reason, and in fact the distributive property still works also. Additive
inverses also exist (clearly the inverse of a is m − a). Thus Z/mZ is a ring. Another
way to verify this is to build the addition and multiplication tables—these are finite,
so in theory they can always be computed just once and then used forever. These
are the tables for Z/7Z:
+ 0 1 2 3 4 5 6 · 0 1 2 3 4 5 6
0 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0
1 1 2 3 4 5 6 0 1 0 1 2 3 4 5 6
2 2 3 4 5 6 0 1 2 0 2 4 6 1 3 5
3 3 4 5 6 0 1 2 3 0 3 6 2 5 1 4
4 4 5 6 0 1 2 3 4 0 4 1 5 2 6 3
5 5 6 0 1 2 3 4 5 0 5 3 1 6 4 2
6 6 0 1 2 3 4 5 6 0 6 5 4 3 2 1
Actually, the addition table for Z/mZ always looks the same:
+ 0 1 2 3 ··· m−1
0 0 1 2 3 ··· m−1
1 1 2 3 4 ··· 0
2 2 3 4 5 ··· 1
3 3 4 5 6 ··· 2
.. .. .. .. .. .. ..
. . . . . . .
m−2 m−2 m−1 0 1 ··· m−3
m−1 m−1 0 1 2 ··· m−2
So this is always the same and it is boring but necessary. The multiplication table
is different in each case, and is much more interesting. We √want to
√ look
√ at it now.
Let’s look at Z/11Z. What are these numbers? −1, 12 , 23 , −1, 3, −2, 42 , 43 ,
√ √
44 , 3 5, 5 −1. These are solutions to the equations x + 1 = 0, 2x = 1, 3x = 2,
x2 + 1 = 0, x2 = 3, x2 + 2 = 0; then just powers of four, then solutions to x3 = 5
and x5 + 1 = 0. We get answers 10, 6, 8, nothing, 5 or 6, 3 or 8, 5, 9, 3, 3, 2 or 6
or 7 or 8 or 10. So here we had none or two square roots, one cube root, and five
fifth roots. We will see later how this can be analyzed.
In Z/7Z we have 1 · 1 = 2 · 4 = 3 · 5 = 6 · 6 = 1 so all the non-zero elements are

units. Thus Z/7Z is a field. One could verify all axioms directly, by a finite (but
large!) number of calculations. For instance, to verify associativity in Z/mZ would
take m3 different calculations.
Let’s show the tables for Z/6Z, to illustrate a different property:
+ 0 1 2 3 4 5 · 0 1 2 3 4 5
0 0 1 2 3 4 5 0 0 0 0 0 0 0
1 1 2 3 4 5 0 1 0 1 2 3 4 5
2 2 3 4 5 0 1 2 0 2 4 0 2 4
3 3 4 5 0 1 2 3 0 3 0 3 0 3
4 4 5 0 1 2 3 4 0 4 2 0 4 2
5 5 0 1 2 3 4 5 0 5 4 3 2 1
We have 2 · 3 = 3 · 4 = 0, yet 2 = 0, 3 = 0, and 4 = 0! We have encountered a

concept we mentioned earlier:
Definition 18 In a ring R, a = 0 is called a zero-divisor if there is a non-zero b

such that a · b = 0.
Zero-divisors, like units, come in pairs; and in fact the equation for zero-divisors is
x · y = 0 while the equation for units is x · y = 1. We may think of zero-divisors as
being almost zero.
In Z, what are the zero-divisors?

In Z/7Z, what are the zero-divisors?
In Z/6Z, what are the zero-divisors?
Notice that in Z/7Z, a field, we had {0} and {units}. In Z/6Z, we have {0} and
{units} and {zero-divisors}. We will return to this later.
Exercises
1. Complete the multiplication tables below, identifying which ring each one is
for. Then list any patterns you see, and any conjectures you can make.
· 0 1 2 3 4
· 0 1 2 3
· 0 1 2 0
0
0 1
1
1 2
2
2 3
3
4
18. The integers mod m, Z/mZ 75
· 0 1 2 3 4 5 6
· 0 1 2 3 4 5
0
0
1
1
2
2
3
3
4
4
5
5
6
· 0 1 2 3 4 5 6 7 8
· 0 1 2 3 4 5 6 7
0
0
1
1
2
2
3
3
4
4
5
5
6
6
7
7
8
· 0 1 2 3 4 5 6 7 8 9
0
1
2
3
4
5
6
7
8
9
· 0 1 2 3 4 5 6 7 8 9 10
0
1
2
3
4
5
6
7
8
9
10
2. In Z/9Z, find all the units, and pair them explicitly with their inverses.
7. In Z/18Z, find all the zero-divisors, and pair each one explicitly with another
zero-divisor, such that their product is zero. In each case, give all of the
possible pairings. For example, the zero-divisor 12 can pair with 3 or 6 or 9
or 15 or itself. So 12 has five possible partners in Z/18Z.
8. In Z/21Z, find all the zero-divisors, and pair each one explicitly with another
zero-divisor, such that their product is zero. In each case, give all of the
possible pairings. For example, the zero-divisor 14 can pair with 3 or 6 or 9
or 12 or 15 or 18. So 14 has six possible partners in Z/21Z.
9. Generalize the results of the last two exercises: in Z/mZ, if a is a zero-divisor,

how many possible zero-divisor partners does a have?
10. Let a ∈ Z, and m ∈ N. Show that {a, a + 1, a + 2, a + 3, . . . , a + (m − 1)} is a

set of representatives of the integers mod m, Z/mZ.
11. Let a, d ∈ Z, m ∈ N, and (d, m) = 1. Show that {a, a+d, a+2d, a+3d, . . . , a+
(m − 1)d} is a set of representatives of the integers mod m, Z/mZ.
19 Congruences
What we are saying above can also be written as
a ≡ b (mod m) ⇐⇒ m|(a − b) in Z.
That is, a and b differ by a multiple of m (which is zero in Z/mZ). We get
Proposition 14 For a ∈ Z, a ≡ a (mod m) for a unique a ∈ Z/mZ, that is, for

a in {0, 1, 2, . . . , m − 1}. Also
1. a ≡ a (mod m)
2. a ≡ b (mod m) ⇐⇒ b ≡ a (mod m)
3. a ≡ b (mod m) and b ≡ c (mod m) =⇒ a ≡ c (mod m)
4. a ≡ b (mod m) =⇒ a + c ≡ b + c (mod m) and ac ≡ bc (mod m) for any

c in Z or in Z/mZ
5. a ≡ b (mod m) and c ≡ d (mod m) =⇒ a + c ≡ b + d (mod m) and a · c ≡

b · d (mod m)
6. a ≡ b (mod m) =⇒ ak ≡ bk (mod m) for any positive integer k.
The first statement comes from applying the division algorithm to a and getting
a = mq + a. The other five statements are straightforward; their proofs are left to
the exercises.
19. Congruences 77
Notice that we did not get the cancellation law
ac ≡ bc (mod m) =⇒
a ≡ b (mod m).
Canceling in Z/mZ is a little trickier than one might expect, as we will see in
Section 21.
But in most ways arithmetic in Z/mZ acts like arithmetic in Z. Let’s look at the
multiplication tables again—what are our conjectures?
Exercises
1. (a) Prove part 1 of Proposition 14.
(b) Prove part 2 of Proposition 14.
(c) Prove part 3 of Proposition 14.
(d) Prove part 4 of Proposition 14.
(e) Prove part 5 of Proposition 14.
(f) Prove part 6 of Proposition 14.
7
2. (a) What are the last two digits of 77 ?
(b) What are the last two digits of 3100 ?
3. What are the last two digits of 31234 ? of 72017 ?

4. Show that 43n+1 + 23n+1 + 1 is divisible by 7 for all integers n ≥ 0.
5. Assume that a ≡ b (mod m). Prove that
n|m =⇒ a ≡ b (mod n).
6. Show that a ≡ b (mod m) =⇒ (a, m) = (b, m).

7. Show that n ≡ 1 (mod 2) =⇒ n2 ≡ 1 (mod 8). Compare this to Exercise 1b
in Section 6.
8. Show that for an odd positive prime integer, p, we have
p = a2 + b2 for some integers a and b =⇒ p ≡ 1 (mod 4).
9. What is (m − 1)! congruent to, mod m, for m = 2, 3, . . . , 14? That is, solve
x ≡ (m − 1)! (mod m)
for m ∈ {2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14}. Conjecture a general rule.
10. Consider Table 1. The columns and rows are labeled with the primes p > 2.
Conjecture a rule for when ♥ occurs and when ♣ occurs.
78
3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79
3 ♥ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
5 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
7 ♣ ♥ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
11 ♣ ♥ ♣ ♥ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
13 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
17 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
19 ♣ ♥ ♣ ♣ ♥ ♥ ♥ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
23 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♥ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
29 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
31 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♥ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
37 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
41 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
43 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♥ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♣
47 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♥ ♥ ♣ ♥ ♣ ♣ ♥ ♣
53 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
59 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♥ ♥ ♣ ♣ ♥ ♣
61 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
67 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♥ ♣
71 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♥ ♥ ♣
73 ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥ ♥
79 ♣ ♥ ♣ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♥ ♣ ♣ ♥ ♣ ♥ ♣ ♣ ♥ ♥
Table 1: ♥s and ♣s
Chapter 2. Modular Arithmetic in Z/mZ
19. Congruences 79
11. Solve x2 + 2x + 8 ≡ 0 (mod 11). Hint: Possible methods include factoring,

using the quadratic formula (will it work?), completing the square, and just
plugging in values.
12. Solve x2 + 18x + 8 ≡ 0 (mod 24). There are eight solutions.
13. Solve x2 + x + 33 ≡ 0 (mod 105). There are eight solutions.
14. Prove that for any integer n,
n can be written as n = a2 + b2 =⇒ n ≡ 3 (mod 4).
15. Prove that for any prime integer p > 2,
p can be written as p = a2 + 2b2 =⇒ p ≡ 1, 3 (mod 8).
16. Here is a list of prime integers up to 223 that can be written in the form
a2 − ab + b2 (see Exercise 21, page 25, for the significance of this expression).
Conjecture a rule for when a prime integer p can and cannot be written in
the form p = a2 − ab + b2 .
{3, 7, 13, 19, 31, 37, 43, 61, 67, 73, 79, 97, 103, 109, 127, 139, 151, 157, 163, 181,
193, 199, 211, 223}
17. Here
√ is a list of prime integers up to 223 that occur as norms of elements of
Z[ −3]. Conjecture
√ a rule for when a prime integer p occurs as the norm of
an element of Z[ −3].
{3, 7, 13, 19, 31, 37, 43, 61, 67, 73, 79, 97, 103, 109, 127, 139, 151, 157, 163, 181,
193, 199, 211, 223}
18. Similar to Exercise 17, we√wish to find a rule about which primes can occur
as norms of elements of Z[ −7]: p = a2 + 7b2 . It turns out that the rule is in
(mod 4 · 7), and we need only check the seven possibilties for each of a and b
(mod 7). Table 2 shows what a2 + 7b2 is (mod 4 · 7), based on what a and b
are (mod 7). Conjecture a rule (mod 28) for when a prime integer p occurs as
a\b 0 1 2 3 4 5 6
0 0 7 0 7 0 7 0
1 1 8 1 8 1 8 1
2 4 11 4 11 4 11 4
3 9 16 9 16 9 16 9
4 16 23 16 23 16 23 16
5 25 4 25 4 25 4 25
6 8 15 8 15 8 15 8
Table 2: What is a2 + 7b2 (mod 4 · 7)?

√
the norm of an element of Z[ −7]. You may want to treat p = 2 and p = 7
as separate cases, since all other integer primes are relatively prime to 28.
19. Make a list of primes up to 223 which can be written in the form a2 − ab + 2b2
(note that “p is prime” =⇒ (a, b) = 1, and p > 2 =⇒ a is odd). Conjecture
a rule (mod 28) for when a prime integer p can and cannot be written in the
form p = a2 − ab + 2b2 .
20. Similar to Exercises 17 and 18, we√wish to find a rule about which primes can
occur as norms of elements of Z[ −11]: p = a2 + 11b2 . It turns out that the
rule is in (mod 4 · 11), and we need only check the eleven possibilties for each
of a and b (mod 11). Table 3 shows what a2 + 11b2 is (mod 4 · 11), based
on what a and b are (mod 11). Conjecture a rule (mod 44) for when a prime
a\b 0 1 2 3 4 5 6 7 8 9 10
0 0 11 0 11 0 11 0 11 0 11 0
1 1 12 1 12 1 12 1 12 1 12 1
2 4 15 4 15 4 15 4 15 4 15 4
3 9 20 9 20 9 20 9 20 9 20 9
4 16 27 16 27 16 27 16 27 16 27 16
5 25 36 25 36 25 36 25 36 25 36 25
6 36 3 36 3 36 3 36 3 36 3 36
7 5 16 5 16 5 16 5 16 5 16 5
8 20 31 20 31 20 31 20 31 20 31 20
9 37 4 37 4 37 4 37 4 37 4 37
10 12 23 12 23 12 23 12 23 12 23 12
Table 3: What is a2 + 11b2 (mod 4 · 11)?

√
integer p occurs as the norm of an element of Z[ −11]. You may want to
treat p = 2 and p = 11 as separate cases, since all other prime integers are
relatively prime to 44.
21. Here is a list of prime integers up to 251 which can be written in the form
a2 − ab + 3b2 . Conjecture a (mod 44) rule for when a prime integer p can and
cannot be written in the form p = a2 − ab + 3b2 .
{3, 5, 11, 23, 31, 37, 47, 53, 59, 67, 71, 89, 97, 103, 113, 137, 157, 163, 179, 181,
191, 199, 223, 229, 251}
22. The ring Z[ρ] was defined in Exercise 21 on page 25. An alternate definition
is this:
√
a + b −3 √
Z[ρ] = ∈ Q[ −3] : a, b ∈ Z and a ≡ b (mod 2) .
2
√
With this characterization (as a subring of the ring (field) Q[ −3]), one need
only show that this set is closed under addition, subtraction, and multiplica-
tion to show that it is indeed a ring itself. Do so.
23. Prove that if a prime integer is divided by 30, the remainder is either a prime
integer or 1.
24. Starting with 18 slips of paper, some are selected and each is cut into 18
pieces. Then some of the smaller pieces are selected and each is cut into
20. Units and zero-divisors in Z/mZ 81
18 pieces. This process is continued for a time, and when it is stopped, the
total number of pieces of paper (which are not necessarily of the same size) is
more than 1990 but less than 2020. What is the exact number? Justify your
answer.
25. Prove that n2 + 3n + 5, where n is a positive integer, is never divisible by 121.
26. 44 birds sit on 44 trees planted in a circle, one bird per tree. From time to
time, two birds simultaneously fly to the adjacent trees, one flying clockwise
and the other counterclockwise. Is it possible for all birds to get together on
a single tree?
27. Show that it is impossible to form a regular pentagon by joining points in the
plane with integer coordinates.
20 Units and zero-divisors in Z/mZ
You should find the next theorem easy to believe, and easy to prove.
Theorem 9 If p is a prime, Z/pZ is a field.
What are the units in Z/11Z? The set {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}. So Z/11Z is a
×
field. In general, the set of units in Z/mZ is denoted (Z/mZ) , pronounced “zee
mod m zee cross”. We have
#Z/11Z = 11 #Z/mZ = m
× ×
# (Z/11Z) = 10 # (Z/mZ) = ???
×
The number of units in Z/mZ, i.e., the size of (Z/mZ) , is denoted ϕ(m), where
ϕ : N → N is an arithmetic function (we define ϕ(1) = 1). In the exercises, you
are asked to find ϕ(m) for m = 2, 3, 4, . . . , 15. We will start to work out patterns
and use this function in the future. Historically, this function was named Euler’s
totient function.
We have been writing things like 3 · 4 = 1, which is confusing, since it isn’t true in
C, the usual place our equations live. So we will write things differently:
3 · 4 ≡ 1 (mod 11).
Here, we use ≡ instead of =, and the notation (mod m) ((mod 11) in this case)
is used to remind us that we are working in Z/mZ (Z/11Z in this case). It is a
matter of interpretation as to whether writing a ≡ b (mod m) is a statement about
divisibility in the integers, Z, or about equality in the integers (mod m), Z/mZ. I
find it handy to be able to interpret this statement in several different ways:
a ≡ b (mod m)

m|a − b in Z

a = b in Z/mZ

there is k ∈ Z with a = b + km

there is j ∈ Z with b = a + jm.
We had before
−1 ≡ 10 (mod 11)
2(6) ≡ 1 (mod 11)
3(8) ≡ 2 (mod 11)
x2 + 1 ≡ 0 (mod 11) is impossible
(6)2 ≡ (5)2 ≡ 3 (mod 11)
(3)2 ≡ (8)2 ≡ −2 (mod 11)
42 ≡ 5 (mod 11)
43 ≡ 9 (mod 11)
44 ≡ 3 (mod 11)
33 ≡ 5 (mod 11)
2 ≡ 6 ≡ 7 ≡ 8 ≡ 105
5 5 5 5
≡ 3 (mod 11).
We would like a criterion for when an element of Z/mZ is a unit or a zero-divisor.

Possibly you have already conjectured something.
Proposition 15 For m not prime and a ∈ Z/mZ, if (a, m) = 1 then a is a unit.

If a = 0 and (a, m) = d > 1, then a is a zero-divisor.
Proof . If (a, m) = 1 then there are integers x and y with ax+my = 1. Thus ax ≡ 1
(mod m) so a is a unit in Z/mZ. This is one of the reasons the equation ax+by = 1
shows up so much in number theory. Now suppose (a, m) = d > 1 so d|m and d|a.
Then 1 < d ≤ a < m and a = dk, m = dj. We also get d > 1 =⇒ m = dj > j > 1,
so j can be considered a non-zero element of Z/mZ. Then
aj ≡ dkj ≡ djk ≡ mk ≡ 0 (mod m)
so a is a zero-divisor, as is j.
20. Units and zero-divisors in Z/mZ 83
Thus we get, for all a = 0 in Z/mZ,

(a, m) = 1 ⇐⇒ a is a unit
(a, m) = d > 1 ⇐⇒ a is a zero-divisor.
Corollary 2 Let m ∈ N. Then if m is prime,

×
Z/mZ = {0} ∪ (Z/mZ)
and if m is not prime,
×
Z/mZ = {0} ∪ (Z/mZ) ∪ {zero-divisors}.
These are disjoint unions.
Notice, in Z/6Z, that 2 · 3 ≡ 4 · 3 (mod 6) but 2 ≡ 4 (mod 6). We do not get to

cancel everything in Z/mZ; you should think about what and how one does cancel
in Z/mZ. Notice also that

m * +
1
ϕ(m) =
a=1
(a, m)
since each term is 1 if a is a unit, 0 if a is not a unit.
Exercises
1. Prove Theorem 9.
2. Calculate ϕ(m) = # (Z/mZ)× for m = 2, 3, 4, . . . , 15.
3. Suppose that m is an integer, m ≥ 2, and m is not prime. Thus we know that
×
Z/mZ = {0} ∪ (Z/mZ) ∪ {zero-divisors}.
Suppose u and v are units in Z/mZ and w and z are zero-divisors. We could
have u = v or u = v −1 ; we don’t know. They are just two units. Similarly,
we may have w = z or not; they are just two zero-divisors. Tell me what you
know about
• u·v
• u·z
• w·z
An answer like “u · z may be zero or a unit” is expected. Be as specific as
possible in your answer, and explain your reasoning. In other words, give
your answer and then prove it.
4. (a) Use Exercise 2 in Section 16 (page 66) and the Inclusion-Exclusion Prin-
ciple (Exercise 10 in Section 4, page 17) to show that

n
ϕ(n) = μ(d) .
d
d|n, d>0
The Möbius function, μ, is defined in Exercise 3 in Section 16 (page 66).

(b) Use part (a) and Exercise 10 in Section 9 (page 38) to conclude that ϕ
is multiplicative.
5. Let S = {a, b, c, d} be a set with four elements, and define addition and
multiplication as given by Table 4. You may assume that the associative,
distributive, and commutative rules are satisfied. How can you tell that S
is a field? Which element is the additive identity? Which element is the
multiplicative identity? Is this a familiar field? What is the significance of
the main diagonal in the addition table? What is the significance of the main
diagonal in the multiplication table?
+ a b c d · a b c d
a b a d c a c b d a
b a b c d b b b b b
c d c b a c d b a c
d c d a b d a b c d
Table 4: A field with four elements
6. Let T = {a, b, c, d, e, f, g, h, i} be a set with nine elements, and define addition

and multiplication as given by Table 5. You may assume that the associative,
distributive, and commutative rules are satisfied. How can you tell that T
is a field? Which element is the additive identity? Which element is the
multiplicative identity? Is this a familiar field? What is the significance of
the main diagonal in the multiplication table?
+ a b c d e f g h i · a b c d e f g h i
a i f b a g c h e d a b g f d c a h i e
b f e h b d g a i c b g h a d f b i e c
c b h g c i e d a f c f a e d i c b g h
d a b c d e f g h i d d d d d d d d d d
e g d i e b a f c h e c f i d h e a b g
f c g e f a h i d b f a b c d e f g h i
g h a d g f i c b e g h i b d a g e c f
h e i a h c d b f g h i e g d b h c f a
i d c f i h b e g a i e c h d g i f a b
Table 5: A field with nine elements
7. Look at Table 5, which has the addition and multiplication tables for T =
{a, b, c, d, e, f, g, h, i}, a field with nine elements.
(a) Which elements of T satisfy x2 = 1?
(b) Which elements of T satisfy x4 = 1?
(c) Which elements of T satisfy x8 = 1?
(d) Which elements of T satisfy x2 + 1 = 0?

21. Cancellation law in Z/mZ 85
21 Cancellation law in Z/mZ
In Z, our cancellation law may be written as
ac = bc and c = 0 =⇒ a = b.
This is because
ac = bc ⇐⇒ ac − bc = 0
⇐⇒ (a − b)c = 0
Key Step! ⇐⇒ c = 0 or a − b = 0 ⇐⇒ a = b.
We can do this because there are no zero-divisors in Z. But there can be in Z/mZ;
in fact we get
xy = 0 =⇒ x = 0 or y = 0 or x and y are zero-divisors.
We get as a consequence the
Proposition 16 (Cancellation Law in Z/mZ) If ac ≡ bc (mod m) and (c, m) =

d, then
m
a ≡ b (mod ).
d
Proof . If (c, m) = 1, then c is a unit in Z/mZ, so there is a v in Z/mZ with

c · v ≡ 1 (mod m). Thus acv ≡ a (mod m); but acv ≡ bcv ≡ b (mod m) also, so
a ≡ b (mod m) and the theorem is proved.
If (c, m) = d > 1 we have c = dk, m = dj for some k and j in Z/mZ. Then

m|bc − ac =⇒ bc − ac = mn for some integer n. Thus
mn = bc − ac = (b − a)c = (b − a)dk
djn = (b − a)dk
jn = (b − a)k = bk − ak (by the cancellation law in Z)
so j|(bk − ak) and since j = m

d we get
ak ≡ bk (mod j)
or c c m
a ≡b (mod ).
d d d
c m
Now (c, m) = d =⇒ , = 1 (see Exercise 5 on page 33), so we may cancel
d d
c
the unit from both sides to obtain
d
m
a ≡ b (mod ).
d
Example.
3·4 ≡ 3 · x (mod 19)

4 ≡ x (mod 19)
Clearly 3 · 4 = 12 ≡ 3 · 4 (mod 19); you can check all other possibilities for x to see
that this is the only answer in Z/19Z if you like.
Example.
3·4 ≡ 3 · x (mod 18)

4 ≡ x (mod 6).
Thus the answers in Z are . . ., −2, 4, 10, 16, 22, . . ., but in Z/18Z we get
x ≡ 4, 10, or 16 (mod 18).
You may check that x = 4, 10, and 16 are the only answers in Z/18Z.
Example.
5·9 ≡ x · 9 (mod 12)

5 ≡ x (mod 4)
x ≡ 1 (mod 4).
Thus the answers in Z are . . ., −7, −3, 1, 5, 9, 13, . . ., but in Z/12Z we get
x ≡ 1, 5, or 9 (mod 12).
How many answers did we get in each case? Any conjectures?
Exercises
1. Solve the following congruences
(a) 6x ≡ 8 (mod 12)
(b) 15t ≡ 24 (mod 105)
2. What are the roots of the polynomial f (x) = 4x − 8 in Z/16Z?
3. Suppose (as in Exercise 7 on page 42) a chemist has two unscaled containers,
one with a capacity of 14cc and the other with a capacity of 34cc. Can she
measure out exactly 18cc? If so, how? Can she measure out exactly 19cc? If
so, how?
22. Solving linear equations in Z/mZ 87
4. Can we say, in contrast to the statement on page 85, that
x = 0 or y = 0 or x and y are zero-divisors =⇒ xy = 0?
5. Let a ∈ Z/mZ. How many solutions does ax ≡ 0 (mod m) have? How does
your answer depend on a and on m? You might try a few examples, such as
12x ≡ 0 (mod m) for m = 5, 6, 7, 8, 9, and 10.
22 Solving linear equations in Z/mZ
Suppose we want to solve ax ≡ b (mod m). If (a, m) = 1, then a is a unit with

inverse a−1 and we get the single solution x ≡ a−1 b (mod m). If (a, m) = d > 1
and if we have a solution s, then we get m|b − as so d|b − as. Also, d|a, so we get
d|(+1)(b − as) + (s)(a) = b.
Thus if d/|b we
cannot
solve the equation. On the other hand, if d|b, then b = dk,
a = dj (and j, md = 1), and we get
≡ b (mod m)
ax
≡ dk (mod m)
djx
m
jx ≡ k (mod )
d
m
x ≡ j −1 k (mod ).
d
m a m
Because (a, m) = d =⇒ j, d = d , d = 1 the j −1 in the last congruence makes
sense. We get the answers
m −1 m m m
. . . , j −1 k, j −1 k + , j k + 2 , j −1 k + 3 , . . . j −1 k + (d − 1) , . . .
d d d d
and they start to repeat (mod m) after that, so we have a total of d answers. They
are all actually answers since for any i:
m m
a j −1 k + i ≡ dj j −1 k + i (mod m)
d d
≡ dk + ijm (mod m)
≡ b (mod m).
They are all distinct since if j −1 k + r m

d ≡j
−1
d (mod m) with 0 ≤ r < t < d
k + tm
then we have
m m
r ≡t (mod m)
d d
m
and we can cancel d to get
r ≡ t (mod d)
which is impossible since r and t are between 0 and d − 1. Thus we get d solutions
if d|b and none if d/|b. Putting this all together, we have proved
Proposition 17 The linear congruence ax ≡ b (mod m), where (a, m) = d, has
1 solution if d = 1
0 solutions if d/|b
d solutions if d|b.
Corollary 3 If p is a prime and p/|a, there is exactly one solution to the linear
equation ax ≡ b (mod p), namely, x ≡ a−1 b (mod p).
Exercises
1. Solve the congruences
(a) 6x ≡ 2 (mod 9)
(b) 2y ≡ 5 (mod 9)
(c) 2z ≡ 6 (mod 10)
(d) 6t ≡ 3 (mod 12)
(e) 6s ≡ 3 (mod 13)
(f) 5m ≡ 11 (mod 15)
(g) 7n ≡ 13 (mod 24)
(h) 107p ≡ 136 (mod 1001)
(i) 2718q ≡ 7 (mod 31416)
(j) 2718r ≡ 777 (mod 3137)
2. Show directly that for p a prime integer,
p can be written as p = a2 − db2 =⇒ d is a perfect square in Z/pZ.
Hint: Are a and b ∈ Z/pZ? Are a and b ∈ (Z/pZ)× ?

3. A cubical box with sides of length 7 has vertices at (0, 0, 0), (7, 0, 0), (0, 7, 0),
(7, 7, 0), (0, 0, 7), (7, 0, 7), (0, 7, 7), (7, 7, 7). The inside of the box is lined with
mirrors and from the point (0, 1, 2) a beam of light is directed toward the
point (1, 3, 4). The light then reflects repeatedly off the mirrors on the inside
of the box. Determine how far the light travels before it first returns to its
starting point (0, 1, 2).
23 Solving polynomial equations in Z/mZ
What about higher degree (polynomial) equations? We’ve already seen that they
can cause trouble:
x2 ≡ 6 ≡ −1 (mod 7)
has no solutions, while
x2 ≡ 2 (mod 7)
23. Solving polynomial equations in Z/mZ 89
has two solutions, namely x ≡ 3 or 4 (mod 7). Also,
x2 + 18x + 8 ≡ 0 (mod 24)
has eight solutions, as we saw in Exercise 12 in Section 19. However, we have
n k
Proposition 18 If P (x) = k=0 ck x is a polynomial of degree n with integer
coefficients, and a ≡ b (mod m), then
P (a) ≡ P (b) (mod m).
Proof . By property 6 of congruences, we have
ak ≡ bk (mod m)
for any k ∈ N, and by property 4 we have
ck ak ≡ ck bk (mod m)
for any k ∈ N. Adding the congruences by property 5 we get

n
ck ak ≡ ck bk (mod m)
k=0 k=0
so
P (a) ≡ P (b) (mod m).
Before we prove a special case of polynomials in Z/pZ, we need the following
Lemma 7 In any ring R, if P (x) is a polynomial with coefficients in R, we have
r is a root of P (x) ⇐⇒ P (x) = (x − r)Q(x) for some polynomial Q(x).
In other words, r is a root ⇐⇒ (x − r) is a factor.
Proof . (⇐=) Clearly if P (x) = (x − r)Q(x), then P (r) = 0 · Q(r) = 0 so r is a

root.
( =⇒ ) Since x − r is linear with leading coefficient 1, we can perform long division
to get
P (x)
= Q(x) with some remainder. (This is proven more explicitly in Exercise 4
x−r
on page 93.)
Now, since x − r is linear, the remainder will have degree less than 1; thus the
remainder will be a constant, say a. Then we have
P (x) = (x − r)Q(x) + a.
Letting x = r and using the fact that r is a root of P (x), we get

0 = 0 · Q(0) + a = a.
Thus a = 0 and we have P (x) = (x − r)Q(x).
Theorem 10 (Lagrange’s Theorem) If p is a prime, and P (x) is a polynomial

with integer coefficients of degree n, then
P (x) ≡ 0 (mod p)
has at most n solutions.
Proof . By induction on the degree of P , namely n. We have already proved the

case n = 1 in the last section; thus we assume that all polynomials of degree n have
at most n roots, and let

n+1
P (x) = c k xk
k=0
be a polynomial of degree n + 1 with integer coefficients (assume cn+1 = 0). We
need to show that P (x) has at most n + 1 roots. If it has no roots, we are done.
Otherwise, P (x) has at least one root; let r be a root of P (x). Then by the lemma,
P (x) factors as
P (x) = (x − r)Q(x),
where Q(x) has degree n and hence has at most n roots by our inductive assumption.
Hence for any x ∈ Z/pZ we get
P (x) ≡ (x − r)Q(x) (mod p).
To get P (x) ≡ 0 (mod p) we must have x − r ≡ 0 (mod p) or Q(x) ≡ 0 (mod p)
because Z/pZ is a field and thus has no zero-divisors. There are at most n values
of x that make Q(x) ≡ 0 (mod p), and there is only one value, namely x = r, that
makes x − r ≡ 0 (mod p). Thus P (x) has at most n + 1 roots and the theorem is
proved.
Note that, reworded properly, Lagrange’s theorem is true for any ring that has no
zero-divisors.
Lemma 7 pushes us in the direction of dividing polynomials into other polynomials,

and in fact if we generalize the statement that
P (x) = (x − r)Q(x) + a
by dividing x − r into Q(x), and then proceeding, we can see that eventually we
get
P (x) = (x − r)((x − r)Q2 (x) + a2 ) + a1
= (x − r)((x − r)((x − r)Q3 (x) + a3 ) + a2 ) + a1
···
= a1 + a2 (x − r) + a3 (x − r)2 + · · · + an (x − r)n ,
where n is the degree of the polynomial P (x). This form may or may not look
familiar to you. More importantly, we can try dividing P (x) by something more
general than x − r. It turns out that the important way in which x − r is special is
not that it is degree one, but that it has leading coefficient 1 (the adjective for that
is that any polynomial with leading coefficient 1 is called monic). That is, we would
not have much difficulty dividing, say, x3 − 4x + 6 into any polynomial P (x), but we
might have difficulty dividing, say, 4x2 − 5x + 11 into 6x12 − 11x11 + 3x5 − 21x + 17.
Do you see the difficulty? If your long division skills are rusty, I will remind you
that when you do long division on polynomials you only need look at the leading
term of both what you are dividing (the divisor ) and what you are dividing into
(the dividend ). Thus the first step of dividing x3 − 4x + 6 into, say, 6x12 − 11x11 +
3x5 − 21x + 17 is finding how many times x3 goes into 6x12 (the answer is 6x9 ).
But if we try to divide 4x2 − 5x + 11 into 6x12 − 11x11 + 3x5 − 21x + 17 then we first
attempt to divide 4x2 into 6x12 , and then we may be stuck—it depends on which
ring we are in. If 4 is a unit (as in Z/35Z, say), or if 6 is a multiple of 4 (as in, say,
Z/10Z), then we are all set. But that is just the first step. After the first step, long
division consists of a series of multiplications, subtractions, and then finding the
correct multiplier again. We may keep having an issue with the leading coefficients,
which change at different steps. How might we resolve this problem? The simplest
way is, as in Lagrange’s theorem, just stick with prime moduli where everything is
a unit. At the risk of moving from number theory into abstract algebra, I will state
the result we are headed towards for a general field, F:
Proposition 19 Let F be a field, so F[x] is the ring of polynomials in the variable

x with coefficients in F. Then F[x] has a division algorithm: given p(x) and b(x) ∈
F[x], with b(x) not the zero polynomial, then there exist q(x) and r(x) ∈ F[x] with
p(x) = b(x)q(x) + r(x), with r(x) ≡ 0 or 0 ≤ deg(r) < deg(b).
Just to make sure things are clear: the zero polynomial is usually said to have no
degree. Non-zero constants are polynomials of degree zero, etc. That is why there
is a separate statement that r(x) ≡ 0 is possible (we write “≡” here to say that
r(x) is the zero polynomial, not that it equals zero for some particular value of x).
Proof . We take care of some simple cases first. If b(x) ∈ F, that is if b(x) is a
non-zero constant b, then p(x) = b(b−1 p(x)) and we are done. If deg(p) < deg(b),
then using q(x) ≡ 0 and r(x) = p(x) we are done, also: p(x) = 0 · b(x) + p(x) is
the division-with-remainder we seek. What if deg(p) = deg(b)? Well, if p(x) =
d d
j=0 cj x , then the constant q(x) ≡ cd will work, and
j j ad
j=0 aj x and b(x) =
r(x) = p(x) − q(x) · b(x)

d
ad
= aj − · c j xj
j=0
c d

d−1
ad

= aj − · c j xj
j=0
cd
has degree d − 1 (or less) since the leading term has been eliminated. Since this
degree is less than d = deg(b), we are done once again.
What do we do when deg(p) > deg(b)? We construct, as we did before, a set of

counterexamples, assume this set is non-empty, and then use the degree (and the
well-ordering principle) to find a smallest counterexample: given some non-zero
b(x), let
S = {p(x) ∈ F[x] : p(x) cannot be written as p(x) = b(x)q(x) + r(x)

with r(x) = 0, nor with 0 ≤ deg(r) < deg(b)}
be the set of counterexamples. We assume S is non-empty. Then we will choose

an element of S with lowest degree; if there are several with the same degree, we
choose any one of them. We know that degree is greater than the degree of b by
the work we did above. So let’s call our counterexample of the smallest
d possible
j
degree A(x), and to make things concrete we will write b(x) = j=0 cj x and
d+k
A(x) = j=0 aj xj , for some k ∈ N. Now consider the polynomial g(x) defined by
ad+k k
g(x) = A(x) − x · b(x).
cd
I claim that deg(g) < deg(A), so by the choice of A, we know g ∈ S. To determine
the degree of g, we look for the highest degree non-zero term. It is clear that the
cd k
term x · b(x) has degree d + k (it was constructed to), since deg(xk ) = k and
ad+k
deg(b) = d. Thus g was built out of two degree d + k polynomials and so it has
degree at most d + k. But there is only one term of degree d + k in ad+kcd x · b(x),
k
ad+k
and another in A, so the coefficient of x d+k
in g is ad+k − cd · cd = 0. Hence g
has degree strictly less than d + k = deg(A) and, as claimed, g ∈ S. Now g ∈ S
means that g can be written in the needed way: g(x) = b(x)q(x) + r(x), but then
ad+k k ad+k k
A(x) = g(x) + x · b(x) = b(x)q(x) + r(x) + x · b(x)
cd cd

ad+k k
= q(x) + x · b(x) + r(x)
cd
is also in the correct form so in fact A(x) is not a counterexample. This contradic-
tion shows that our assumption that S was non-empty was false, so S is empty and
the proposition is proved.
With a division algorithm, as well as the notion of degree to measure size, F[x]
looks like a good candidate for a ring with unique factorization, and in fact that is
true. Before we state that theorem, we need the equivalent of prime in F[x]. Here
we introduce a word that, while multisyllabic, captures the flavor that the word
“prime” is supposed to convey.
Definition 19 Let F be a field. We call a polynomial p(x) ∈ F[x] an irreducible

of F[x] if p(x) = a(x)b(x) =⇒ a(x) is a unit or b(x) is a unit.
In other words, an irreducible is an element that cannot be factored in a non-trivial

way. For historical reasons, we use the word “prime” in Z to indicate the property
of being irreducible. If you study more abstract algebra, ring theory, or number
theory, the differences and similarities between the two notions will become clearer.
Theorem 11 Let F be a field, so F[x] is the ring of polynomials in the variable x

with coefficients in F. Then F[x] has unique factorization into irreducibles of F[x]:
for any g(x) ∈ F[x] that is not zero and not a unit, g(x) factors as
g(x) = u · (p1 (x))e1 (p2 (x))e2 (p3 (x))e3 · · · (pk (x))ek ,
where u is a unit in F[x], the pi (x) are distinct monic irreducible polynomials,
ei ∈ N, and k ∈ N. Moreover, this factorization is unique (up to reordering the pi ).
We require the factors to be monic to avoid the following difficulty: in Z/7Z[x], we

have
2x4 + 5 = (5x − 5)(2x + 2)(3x2 + 3) = (3x − 3)(4x + 4)(6x2 + 6),
and all the factors in the center and on the right are irreducibles of Z/7Z[x]. The
unique factorization guaranteed by the theorem is 2x4 + 5 = 2(x − 1)(x + 1)(x2 + 1).
Proving unique factorization in this setting would take us too far afield, but it is a
fact worth knowing. Some
√ of the subtleties of this situation will show up when we
prove that Z[i] and Z[ 2] have unique factorization.
Exercises
1. How many solutions are there to the equation 3x2 − 9x + 2 = 0 in the rings
(a) Z (d) C (g) Z/41Z
(b) Q (e) Z/3Z (h) Z/25Z
(c) R (f) Z/19Z (i) Z/49Z?
2. How many solutions are there to the equation 4x2 − 3x − 11 = 0 in the rings
(a) Z (d) C (g) Z/37Z
(b) Q (e) Z/5Z (h) Z/25Z
(c) R (f) Z/19Z (i) Z/49Z?
3. How many solutions are there to the equation 5x − 8x + 11 = 0 in the rings
2
(a) Z (d) C (g) Z/41Z

(b) Q (e) Z/5Z (h) Z/25Z
(c) R (f) Z/13Z (i) Z/49Z?

4. In the proof of Lemma 7, it was asserted that, given a polynomial P (x) ∈ R[x],
and r ∈ R, we can find a polynomial Q(x) ∈ R[x] and a ∈ R such that
P (x) = (x − r)Q(x) + a.

n
If P (x) = ck xk , find Q(x) and a in explicit terms. Can you characterize
k=0
a in terms of P (x)?
5. Factor x4 − 10x2 − 39 into irreducibles in
(a) Q[x]
(b) R[x]
(c) C[x]
(d) Z/13Z[x]
(e) Z/43Z[x]
6. Factor x8 − 1 into irreducibles in

(a) R[x]
(b) C[x]
(c) Z/13Z[x]
(d) Z/43Z[x]
(e) T [x], where T is the field given on page 84.
7. Factor x12 − 1 into irreducibles in
(a) R[x]
(b) C[x]
(c) Z/13Z[x]
(d) Z/43Z[x]
(e) S[x], where S is the field given on page 84.
8. Factor x3 + 5x2 + 7x − 13 into irreducibles in
(a) R[x]
(b) C[x]
(c) Z/5Z[x]
(d) Z/7Z[x]
(e) Z/13Z[x]
d
9. Let f (x) ∈ Z[x], so that f (x) = ck xk for some d ∈ W and integers ck .
k=0
Define the formal derivative of f (x), denoted f (x), by
d−1
f (x) = kck xk−1 = (j + 1)cj+1 xj .
k=1 j=0
Prove that, for a ∈ Z and f , g ∈ Z[x], we have

(a) the degree of f is one less than the degree of f
(b) (a · f ) = a · f for any integer a
(c) (f + g) = f + g
(d) (f · g) = f · g + f · g
(e) ((f (x))n ) = n(f (x))n−1 · f (x) for n ∈ N.
24. Solving systems of linear equations in Z/mZ 95
(f) (f ◦ g) = (f ◦ g) · g , where ◦ denotes composition of the polynomials

10. Using the definition in Exercise 9, show that if f ∈ Z[x], then for a ∈ Z
1 1
f (j) (a)
d
f (x + a) = f (a) + f (a)x + f (a)x2 + f (a)x3 + · · · = xj ,
2 6 j=0
j!
where f (0) = f , f (1) = f , and recursively f (j) = (f (j−1) ) is the jth formal
derivative of f , found by taking the formal derivative j times. This expression
for f is sometimes called the finite Taylor expansion of f at a.
11. How would Exercises 9 and 10 change if the polynomial ring used were C[x]?
Z/mZ[x]? F [x] for a general field F ? R[x] for a general ring R?
12. Generalize Exercise 10 to the polynomial ring in two variables, Z[x, y].
13. Let f be a polynomial with positive integer coefficients. Prove that if n is a
positive integer, then f (n) divides f (f (n) + 1) if and only if n = 1.
24 Solving systems of linear equations in Z/mZ
In the previous section we generalized solving linear equations to solving polynomial

equations, the way we often do in algebra. Another way to generalize is the linear
algebra way: solving systems of linear equations. To choose an example at random,
let’s work backward from the solution. Say x = 31. Then we get
x ≡ 1 (mod 5)
x ≡ 3 (mod 7).
Are there any other integers that solve this system also? We have two equations
in two completely different rings, but we are asking to solve them simultaneously.
This can be done since all the rings Z/mZ have the integers Z as a parent ring above
them. Other solutions you might find are x = 66 or x = −4. There are infinitely
many other solutions, but they all have this in common: for each solution x, we
have x ≡ 31 (mod 35). It may occur to you that the 35 in this case is significant;
let’s try to solve another: solve
x ≡ 3 (mod 4)
x ≡ 6 (mod 9).
What are some solutions? x = 15, −21, 51, . . . . Do you notice what they have in
common? They all have x ≡ 15 (mod 36). Another: solve
x ≡ 4 (mod 12)
x ≡ 6 (mod 10).
What are some solutions? x = . . . , −44, 16, 76, . . . . What do they have in common?
They all have x ≡ 16 (mod 60). Why is this situation different than the last? One
last one: solve
x ≡ 1 (mod 2)
x ≡ 2 (mod 4).
What are some solutions? There are none. What do you think has happened here?
As another example, consider Exercise 13 on page 79, solving x2 + x + 33 ≡ 0

(mod 105). Now, any solution s will have 105|(s2 + s + 33), so, since 105 = 3 · 5 · 7,
we will have
3|s2 + s + 33, 5|s2 + s + 33, and 7|s2 + s + 33.
We thus need to solve the equations x2 + x + 33 ≡ 0 (mod 3), x2 + x + 33 ≡ 0

(mod 5), and x2 + x + 33 ≡ 0 (mod 7). Solving the first we get
x2 + x + 33 ≡ 0 (mod 3)
x2 + x ≡ 0 (mod 3)
x(x + 1) ≡ 0 (mod 3)
x ≡ 0, −1 (mod 3).
Solving the second we get
x2 + x + 33 ≡ 0 (mod 5)
x2 + x + 3 ≡ 0 (mod 5)
x2 − 4x + 3 ≡ 0 (mod 5)
(x − 1)(x − 3) ≡ 0 (mod 5)
x ≡ 1, 3 (mod 5).
Solving the third we get
x2 + x + 33 ≡ 0 (mod 7)
x2 + x − 2 ≡ 0 (mod 7)
(x + 2)(x − 1) ≡ 0 (mod 7)
x ≡ 1, −2 (mod 7).
Trial-and-error (or some more sophisticated reasoning or calculation) should show

you that ⎧
⎪
⎨ x≡0 (mod 3)
x ≡ 36 (mod 105) =⇒ x≡1 (mod 5)
⎪
⎩
x≡1 (mod 7)
and ⎧
⎪
⎨ x ≡ −1 (mod 3)
x ≡ 26 (mod 105) =⇒ x ≡ 1 (mod 5)
⎪
⎩
x ≡ −2 (mod 7).
The other six combinations of solutions lead to the other six solutions: x ≡ 8, 33,
68, 71, 78, 96 (mod 105). It’s rather harder to see that all of these implications
are in fact double implications, but that is the case. When we generalize, we get
the Chinese remainder theorem.
Theorem 12 (Chinese Remainder Theorem) Given n numbers m1 , m2 , . . . ,

mn , all positive and relatively prime in pairs ((mi , mj ) = 1 for i = j), and given a
linear equation in each mod:
x ≡ a1 (mod m1 )
x ≡ a2 (mod m2 )
x ≡ a3 (mod m3 )
...
x ≡ an (mod mn ),
where the ai are integers, there is one and only one solution to this system
(mod m1 m2 m3 · · · mn ):
x ≡ S (mod M )
n
where M = m1 m2 m3 · · · mn = k=1 mk .
For example, there is a unique solution to the system
x ≡ 7 (mod 8)
x ≡ 1 (mod 9)
x ≡ 67 (mod 125)
x ≡ 5 (mod 7)
x ≡ 4 (mod 121)
and it is x ≡ 1234567 (mod 7623000).
Proof . By induction on n, of course! We have proved the theorem is true when we

have only one equation (which is obvious, anyway). Thus we may assume we have
a solution, S, to the first n equations in a system and try to find a solution when
we add one more equation xn+1 ≡ an+1 (mod mn+1 ). Let M = m1 m2 m3 · · · mn .
We have (M, mn+1 ) = 1 by hypothesis, so there are integers x0 and y0 such that
M x0 + mn+1 y0 = 1.
Thus mn+1 y0 ≡ 1 (mod M ) and M x0 ≡ 1 (mod mn+1 ). Set x = an+1 M x0 +

Smn+1 y0 . Then
x ≡ S (mod M )
so it solves the first n equations, and
x ≡ an+1 (mod mn+1 )
so it solves the last equation also; thus it is a solution to the entire system. We just
need to prove that it is unique.
If we have another solution, R, then for each index i we have
S ≡ ai (mod mi ) and R ≡ ai (mod mi )
so we have S − R ≡ 0 (mod mi ) and thus mi |(S − R) for each index i. Since all
the mi are relatively prime in pairs, we apply Proposition 13 (page 63) repeatedly
and get m1 m2 m3 · · · mn+1 |(S − R). Therefore,
S − R ≡ 0 (mod m1 m2 m3 · · · mn+1 )
so
S ≡ R (mod m1 m2 m3 · · · mn+1 )
and we only have a single solution in Z/(m1 m2 m3 · · · mn+1 )Z.
Suppose we wish to solve

x ≡ a2 (mod 2)
x ≡ a3 (mod 3)
x ≡ a5 (mod 5).
Then look at S = a2 (15) + a3 (10) + a5 (6). It is a solution to the system of congru-
ences above. Try the system
x ≡ a2 (mod 2)
x ≡ a3 (mod 3)
x ≡ a7 (mod 7).
Look at S = a2 (21) + a3 (14 · 2) + a7 (6 · (−1)). It is a solution to the system of
congruences above. The idea, which is another, more constructive way to prove the
n
Chinese remainder theorem, is to consider the integers Ni = mk , find appropri-
k=1
k=i
ate multipliers vi , and write the solution as
S = a1 (N1 · v1 ) + a2 (N2 · v2 ) + a3 (N3 · v3 ) + · · · + an (Nn · vn )
where vi is the inverse of Ni : Ni · vi ≡ 1 (mod mi ).
Example. We shall illustrate by solving the system

x ≡ a3 (mod 3)
x ≡ a5 (mod 5)
x ≡ a11 (mod 11)
x ≡ a13 (mod 13).
We let
S = a3 (715 · v3 ) + a5 (429 · v5 ) + a11 (195 · v11 ) + a13 (165 · v13 )
where
715 · v3 ≡ 1 (mod 3) 429 · v5 ≡ 1 (mod 5)

v3 ≡ 1 (mod 3) (−1)v5 ≡ 1 (mod 5)
v5 ≡ −1 (mod 5)
and
195 · v11 ≡ 1 (mod 11) 165 · v13 ≡ 1 (mod 13)

(−3)v11 ≡ 1 (mod 11) (−4)v13 ≡ 1 (mod 13)
v11 ≡ −4 (mod 11) v13 ≡ 3 (mod 13).
Hence
S = 715a3 − 429a5 − 780a11 + 495a13
is the solution (mod 2145)! Try this for any ai you wish to choose. This gives you
a way of solving systems of linear equations, just as you may have already done in
linear algebra.
Example. Let’s try another system, where the linear equations must each be solved
first:
2x ≡ 1 (mod 5) x ≡ 3 (mod 5)
3x ≡ 9 (mod 6) =⇒ x ≡ 1 (mod 2)
4x ≡ 1 (mod 7) x ≡ 2 (mod 7)
5x ≡ 9 (mod 11) x ≡ −18 ≡ 4 (mod 11).
So we look at
S ≡ 3(154 · (−1)) + 1(385) + 2(110 · 3) + 4(70 · 3) (mod 770)
so
S ≡ 1423 ≡ 653 (mod 770).
Check this:
2 · 653 ≡ 2 · 3 = 6 ≡ 1 (mod 5)
3 · 653 ≡ 3 · (−1) = −3 ≡ 9 (mod 6)
4 · 653 ≡ 4 · 2 = 8 ≡ 1 (mod 7)
5 · 653 ≡ 5 · (−7) = −35 ≡ 9 (mod 11).
So this works as the unique solution (mod 770) promised by the theorem.
Example. Let’s try another system:
x ≡ 3 (mod 8)
x ≡ 11 (mod 20)
x ≡ 16 (mod 75).
We cannot use the Chinese remainder theorem here—why? But you have shown in
Exercise 5 in Section 19 (see page 77) that given a ≡ b (mod m), we have
n|m =⇒ a ≡ b (mod n);
in other words, given a congruence, you can change the modulus to a lower one, as
long as it is a divisor of the original modulus. So what? Well, in this case, we get
⎧
⎨ x ≡ 11 ≡ 3 (mod 4)
x ≡ 11 (mod 20) =⇒ and
⎩
x ≡ 11 ≡ 1 (mod 5).
Also, ⎧
⎨ x ≡ 16 (mod 25)
x ≡ 16 (mod 75) =⇒ and
⎩
x ≡ 16 ≡ 1 (mod 3).
In fact, the Chinese remainder theorem states that the opposite implications also
hold, so we get
x ≡ 3 (mod 8)
x ≡ 3 (mod 8) x ≡ 3 (mod 4)
⇐⇒
x ≡ 11 (mod 20) x ≡ 1 (mod 5)
x ≡ 16 (mod 75) x ≡ 16 (mod 25)
x ≡ 1 (mod 3).
Now consider the two congruences
x ≡ 3 (mod 8) and x ≡ 3 (mod 4).
How can we satisfy both? The integers that satisfy the first are . . ., −5, 3, 11,
19, . . . while the integers that satisfy the second are . . ., −5, −1, 3, 7, 11, 15, . . ..
Thus the second one is redundant, and we can throw it away. Similarly, when we
consider the two congruences
x ≡ 1 (mod 5) and x ≡ 16 (mod 25)
we find that the first one is redundant, so we throw it away. We are left with
x ≡ 3 (mod 8)
x ≡ 1 (mod 3)
x ≡ 16 (mod 25),
and since we now have (8, 3) = (3, 25) = (8, 25) = 1, we can use the Chinese
remainder theorem to get the answer
S ≡ 3(75 · v1 ) + 1(200 · v2 ) + 16(24 · v3 ) (mod 600).
Again, we need
75 · v1 ≡ 1 (mod 8) ⇐⇒ 3 · v1 ≡ 1 (mod 8) ⇐⇒ v1 ≡ 3 (mod 8),
200 · v2 ≡ 1 (mod 3) ⇐⇒ 2 · v2 ≡ 1 (mod 3) ⇐⇒ v2 ≡ −1 (mod 3),

and
24 · v3 ≡ 1 (mod 25) ⇐⇒ −1 · v3 ≡ 1 (mod 25) ⇐⇒ v3 ≡ −1 (mod 25).
Thus we have
S ≡ 3(75 · 3) + 1(200 · (−1)) + 16(24 · (−1)) ≡ 675 − 200 − 384 ≡ 91 (mod 600)
In fact
91 ≡ 3 (mod 8)
91 ≡ 11 (mod 20)
91 ≡ 16 (mod 75)
so 91 is the solution to the original system of equations.

Example. As a final example, suppose we have
x ≡ 5 (mod 8)
x ≡ 13 (mod 20)
x ≡ 16 (mod 75).
Proceeding as before, we get
x ≡ 5 (mod 8)
x ≡ 5 (mod 8) x ≡ 1 (mod 4)
⇐⇒
x ≡ 13 (mod 20) x ≡ 3 (mod 5)
x ≡ 16 (mod 75) x ≡ 16 (mod 25)
x ≡ 1 (mod 3).
We can eliminate x ≡ 1 (mod 4) as redundant, since x ≡ 5 (mod 8) =⇒ x ≡

1 (mod 4), but we get a different situation when we consider the two equations
involving 5. The condition x ≡ 16 (mod 25) implies that x ≡ 1 (mod 5), which is
inconsistent with the condition x ≡ 3 (mod 5), and since we need to satisfy both
conditions, we see that there is no solution to this system of equations.
To summarize, if we need to solve several linear equations in different moduli si-

multaneously, we
• Break each equation down into equations (mod pk ) (using one direction of
the Chinese remainder theorem).
• Solve each equation (mod pk ), using what we know about linear equations in
Z/mZ. (See Section 22.)
• For each prime p that occurs to different powers, resolve any contradictions
or redundancies into a single equation.
• Use the (other direction of the) Chinese remainder theorem to get a single
answer.
Exercises
1. A troop of monkeys find some bananas in the jungle, mysteriously grouped
into seventeen equal piles. There are eleven monkeys, so they divide the
bananas up and find there are four bananas left over; the queen monkey gets
the extra four. How many bananas did they find?
2. A band of pirates steal a bag of gold doubloons. There are nine pirates,
and when they try to divide the doubloons evenly, there is one left over. In
the ensuing fight, one pirate is killed. When they try to divide up the loot
again (among the eight survivors), there is still one doubloon left over. In
the ensuing fight, a pirate is killed. They try to divide again, again one is
left over, there’s another fight. This time two pirates are killed! After they
wipe all the blood off the gold doubloons, the five survivors find that they
can finally divide the gold up evenly. How much gold did they steal?
3. Three children (Eva, Rafael, and Carly) try to measure their living room:
they have no rulers, so they use their feet. Each child steps off a certain
number of foot-lengths, and they all end up three inches short of the far wall.
Unfortunately, being children, they forgot to count how many steps long the
living room was. If the children’s feet were five, seven, and nine inches long,
how long do you think the living room was?
4. Calculate 6618095 (mod 63).
5. Solve the system of congruences
x ≡ 4 (mod 11)
x ≡ 3 (mod 17)
y ≡ 1 (mod 2)
y ≡ 2 (mod 3)
y ≡ 3 (mod 5)
5z ≡1 (mod 2)
8z ≡2 (mod 3)
3z ≡3 (mod 5)
4z ≡1 (mod 7)
6t ≡ 1 (mod 11)
5t ≡ 3 (mod 12)
3t ≡ 12 (mod 13)
2t ≡ 10 (mod 17)
t≡6 (mod 19)
s ≡ 5 (mod 6)
s ≡ 3 (mod 10)
s ≡ 8 (mod 15)
v ≡ 2 (mod 14)
v ≡ 16 (mod 21)
v ≡ 10 (mod 30)
25. Lifting roots in Z/pn Z 103
3w ≡ 6 (mod 27)
4w ≡ 2 (mod 15)
3w ≡ 5 (mod 25)
10m ≡ 20 (mod 12)

3m ≡ 4 (mod 8)
3m ≡ 6 (mod 14)
7m ≡ 8 (mod 15)
4p ≡ 1 (mod 9)
7p ≡ 4 (mod 10)
5p ≡ 3 (mod 12)
4p ≡ 9 (mod 15)
14. If y = x2 for x ∈ Z, what are the possibilities for y ≡ a (mod 10)? That is,
what are the possible last digits for perfect square integers?
15. If y = x2 for x ∈ Z, what are the possibilities for y ≡ a (mod 100)? That is,
what are the possible last pair of digits for perfect square integers?
16. Prove that 1110 − 1 is divisible by 100.
17. Use the Chinese remainder theorem to show that 7n has last two digits
01 if n is of the form 4k
(Compare to Exercise 4a on page 16.)
25 Lifting roots in Z/pn Z
With a little modification, we can use the template on page 101 to solve polynomial
equations in Z/mZ as well. We therefore need something similar to Section 22; that
is, a method for solving polynomial equations (mod pk ). Lagrange’s theorem is a
step in that direction, but only applies to (mod p) and even there it merely limits
the number of possible roots.
We start our investigation with an example: can we solve x2 + 5 ≡ 0 (mod 81)?

Our first step is to see if we can solve x2 + 5 ≡ 0 (mod 3); clearly if this cannot be
solved then neither can the original equation. By inspection, x ≡ ±1 (mod 3) are
both solutions. Thus any integer solution must be in the form x = ±1 + 3k. We
now use this to work upwards to a solution in Z/9Z: let x = 1 + 3k, substitute,
and try to find k. We get
(1 + 3k)2 + 5 ≡ 0 (mod 9)
1 + 6k + 9k2 + 5 ≡ 0 (mod 9)
6k + 6 ≡ 0 (mod 9)
2k + 2 ≡ 0 (mod 3)
k ≡ 2 (mod 3).
Thus we get the solution x ≡ 7 (mod 9); if we had started with x ≡ −1 (mod 3)
we would also have x ≡ −7 (mod 9). We now work upward again in the same way:
substitute x = 7 + 9k into the equation and try to find a solution in Z/27Z:
(7 + 9k)2 + 5 ≡ 0 (mod 27)

49 + 2 · 7 · 9k + 5 ≡ 0 (mod 27)
54 + 2 · 7 · 9k ≡ 0 (mod 27)
6 + 2 · 7k ≡ 0 (mod 3)
2k ≡ 0 (mod 3)
k ≡ 0 (mod 3).
Thus we have x ≡ 7 (mod 27) ⇐⇒ x = 7 + 27k, and we work upward one more
step:
(7 + 27k)2 + 5 ≡ 0 (mod 81)

49 + 2 · 7 · 27k + 5 ≡ 0 (mod 81)
54 + 2 · 7 · 27k ≡ 0 (mod 81)
2 + 2 · 7k ≡ 0 (mod 3)
2 + 2k ≡ 0 (mod 3)
k ≡ 2 (mod 3).
Therefore, we get x = 7 + 2 · 27 ≡ 61 (mod 81). This process is known as lifting

roots, and it is very similar to the process in Project F. If we had lifted the solution
x ≡ −1 (mod 3) it is not hard to see that we would have found the solution
x ≡ −61 ≡ 20 (mod 81). Brute force will confirm that x ≡ 20, 61 (mod 81) are in
fact the only solutions to the equation x2 + 5 ≡ 0 (mod 81).
Another example is the following: solve x2 + x + 4 ≡ 0 (mod 125). As before, we

first solve the simpler equation x2 + x + 4 ≡ 0 (mod 5) and get x ≡ 2 (mod 5) as
the only solution. Thus x = 2 + 5k and we substitute to get
(2 + 5k)2 + (2 + 5k) + 4 ≡ 0 (mod 25)

4 + 2 · 2 · 5k + 2 + 5k + 4 ≡ 0 (mod 25)
10 + 25k ≡ 0 (mod 25),
which clearly has no solutions. Thus we cannot solve x2 + x + 4 ≡ 0 (mod 25), let
alone x2 + x + 4 ≡ 0 (mod 125); again brute force confirms this.
As a final example, let’s solve x4 + 3x + 45 ≡ 0 (mod 343). First, we find roots of

x4 +3x+45 in Z/7Z; by inspection, x ≡ 1 (mod 7) is the only solution. Substituting
x = 1 + 7k, we get
(1 + 7k)4 + 3(1 + 7k) + 45 ≡ 0 (mod 49)

1 + 4 · 7k + 3 + 21k + 45 ≡ 0 (mod 49)
49 + 4 · 7k + 21k ≡ 0 (mod 49)
4k + 3k ≡ 0 (mod 7)
0 ≡ 0 (mod 49),
so any value of k works. Thus we get solutions x ≡ 1, 8, 15, 22, 29, 36, 43 (mod 49),
and we must attempt to lift each one to a solution or solutions in Z343 . To attempt
to do so without making seven separate calculations, we may write x = 1+7k+49m,
where we already know that k = 0, 1, 2, 3, 4, 5, or 6 and we are trying to find m.
We get
(1 + 7k + 49m)4 + 3(1 + 7k + 49m) + 45 ≡ 0 (mod 343)

(1 + 7k) + 4(1 + 7k)3 49m + 3(1 + 7k + 49m) + 45
4
≡ 0 (mod 343)
f (1 + 7k) + 4(1 + 7k)3 49m + 3 · 49m ≡ 0 (mod 343)
f (1 + 7k) + (4(1 + 7k)3 + 3)49m ≡ 0 (mod 343)
f (1 + 7k) + f (1 + 7k) · 49m ≡ 0 (mod 343),
where we are using the formal derivative f (x) = 4x3 + 3 of f (x) = x4 + 3x + 45

(see Exercise 9 in Section 23). This last equation can clearly be reduced to
f (1 + 7k)
+ f (1 + 7k)m ≡ 0 (mod 7),
49
since we know that f (1 + 7k) ≡ 0 (mod 49) from the work above. Since 1 + 7k ≡ 1
(mod 7), we have f (1 + 7k) ≡ f (1) ≡ 0 (mod 7). Thus this equation reduces to
f (1 + 7k)
≡ 0 (mod 7),
49
and we are merely checking whether the seven answers above, for each of which
f (r) ≡ 0 (mod 49), also satisfy f (r) ≡ 0 (mod 343). It turns out that none of the
seven solutions in Z/49Z is a solution in Z/343Z:
f (1) ≡ 49 (mod 343)

f (8) ≡ 49 (mod 343)
f (15) ≡ 294 (mod 343)
f (22) ≡ 98 (mod 343)
f (29) ≡ 147 (mod 343)
f (36) ≡ 98 (mod 343)
f (43) ≡ 294 (mod 343);
therefore the equation x4 + 3x + 45 ≡ 0 (mod 343) has no solutions.
How can we make sense of what is going on? One thing to note is that although
at the first step we have to solve a polynomial equation in Z/pZ, as we lift we only
have to solve linear equations (in Z/pZ) from then on. The higher order terms
always disappear, and after dividing out an appropriate power of p, we are always
left with a linear equation, in Z/pZ. Section 22 gave us a mechanism for dealing
with that problem, and in fact what we saw is that we will always get a unique
solution if the coefficient of x is non-zero (remember, we are in Z/pZ), else we will
get either p roots or no roots, depending on whether the constant term is zero
or non-zero. Can we get our hands on the coefficient of x, and on the constant
term? In general, we are faced with the following problem: suppose f (x) ∈ Z[x] is
a polynomial with integer coefficients, and suppose r ∈ Z/pn Z is a root: f (r) ≡ 0
(mod pn ), so f (r) = s · pn for some integer s. Then we write x = r + k · pn and
substitute, using a finite Taylor expansion (see Exercise 10 in Section 24):
f (r + k · pn ) ≡ 0 (mod pn+1 )
f (r) + k · pn f (r) + terms involving at least pn+1 ≡ 0 (mod pn+1 )
f (r) + k · pn f (r) ≡ 0 (mod pn+1 )
s · pn + k · pn f (r) ≡ 0 (mod pn+1 )
s + kf (r) ≡ 0 (mod p).
We thus will get a unique value for k ⇐⇒ (f (r), p) = 1; if p|f (r) then we get
p solutions if p|s, and zero solutions otherwise. We may rephrase p|s as f (r) ≡ 0
(mod pn+1 ), and we get something I will call the lifting roots theorem, which has
traditionally been called Hensel’s lemma. (A lemma for what? Answering that
would take us beyond the scope of this book, but a partial answer may be found in
Project F.)
Theorem
13 (Lifting Roots Theorem orHensel’s Lemma) Given f (x) =
ak xk ∈ Z[x], define f ∈ Z[x] by f (x) = kak xk−1 . Suppose p is a positive
prime, and suppose r is an integer such that f (r) ≡ 0 (mod pn ). Then f (x) has
a unique solution (mod pn+1 ) that is ≡ r (mod pn ) if (p, f (r)) = 1,
p solutions (mod pn+1 ) that are ≡ r (mod pn ) if p|f (r) and pn+1 |f (r),
no solutions (mod pn+1 ) that are ≡ r (mod pn ) otherwise;
that is, if p|f (r) and pn+1 /|f (r).
In other words, a root r (mod pn ) lifts uniquely if p does not divide the formal
derivative f (r). If p does divide the formal derivative f (r), then we get p roots
above r if r was already a root (mod pn+1 ); if r was a solution (mod pn ) but
not a solution (mod pn+1 ), then there are no solutions above r (mod pn+1 ) (or,
obviously, in (mod pt ) for any t > n).
For the three examples at the beginning of the section, we had
1. f (x) = x2 + 5, p = 3, r = ±1. Since the formal derivative f (x) = 2x,

f (r) = ±2 ≡ 0 (mod 3) and so the roots each lifted uniquely (up to p2 , then
to p3 , and then to p4 = 81).
2. f (x) = x2 + x + 4, p = 5, r = 2. The formal derivative is f (x) = 2x + 1, so
f (r) = f (2) ≡ 0 (mod 5). r = 2 is a solution (mod 5), but not (mod 25),
so r = 2 doesn’t lift, and there are no solutions in Z/25Z, nor in Z/125Z.
3. f (x) = x4 + 3x + 45, p = 7, r = 1. Then f (x) = 4x3 + 3, so f (1) = 7. Since

f (r) = 49 is a solution (mod 49) as well as (mod 7), the root x = 1 splits into
the seven solution x = 1, 8, 15, 22, 29, 36, and 43 (mod 49); however, none
of these roots is a solution (mod 343), so none of them lift to Z/343Z.
As a final example, let’s look back at Exercise 12 (page 79). How do we solve
x2 + 18x + 8 ≡ 0 (mod 24)? The Chinese remainder theorem says we can solve
this by solving x2 + 18x + 8 ≡ 0 (mod 3) and x2 + 18x + 8 ≡ 0 (mod 8). The
first equation reduces to x2 + 2 ≡ 0 (mod 3) or better yet x2 ≡ 1 (mod 3) and
we see the solutions are x ≡ ±1 (mod 3). As for the second equation, we will
attack it by starting in Z/2Z and lifting roots up to Z/8Z. In Z/2Z we have to
solve x2 ≡ 0 (mod 2), which clearly has the single root x ≡ 0 (mod 2). Now
f (x) = 2x + 18, so this will always be zero (mod 2), so roots will either fail to
lift at all, or they will split into two roots in the higher modulus. In this case,
f (0) = 8 ≡ 0 (mod 4), so the single root x ≡ 0 (mod 2) becomes the two roots
x ≡ 0, 2 (mod 4). Once again f (r) ≡ 0 (mod 2) for both roots r, and now we
see that f (0) = 8 ≡ 0 (mod 8) and f (2) = 48 ≡ 0 (mod 8); thus these two
roots again split into four roots: x ≡ 0, 2, 4, 6 (mod 8). At this point we can
stop and glue our Z/8Z and Z/3Z answers together to get the eight solutions
x ≡ 2, 4, 8, 10, 14, 16, 20, 22 (mod 24). It is instructive, though, to continue from
Z/8Z up to Z/16Z. Now we get f (0) ≡ f (6) ≡ 8 (mod 16), so these two roots do
not lift at all, but f (2) ≡ f (4) ≡ 0 (mod 16), so these two roots split and we have
the four solutions x ≡ 2, 4, 10, 12 (mod 16). Going one more step up to Z/32Z, the
two roots x = 2 and x = 12 fail to lift, but the two roots x = 4 and x = 10 do lift
and split into the four roots x ≡ 4, 10, 20, 26 (mod 32). One could keep going, but
at this point we will stop and hope that the method, and the reasoning, is clear.
Exercises
1. Find the roots of x4 + x2 + x − 3 in Z/49Z.
2. Find the roots of x4 + x2 + 3x − 1 in Z/49Z.
3. Find the roots of x4 − 1 in
(a) Z/125Z
(b) Z/27Z
(c) Z/73 Z.
4. Find the roots of x6 − 1 in Z/27Z.
5. How many roots does x2 + x + 1 have in Z/3k Z?
6. A unit in Zm is its own inverse ⇐⇒ u2 ≡ 1 (mod m) ⇐⇒ u is a root of
x2 − 1 in (Z/mZ)× . How many roots does x2 − 1 have (how many self-inverse
units are there) in
(a) Z/7Z, Z/49Z, Z/343Z
(b) Z/pZ, Z/p2 Z, Z/p3 Z (here p is an odd prime integer)
(c) Z/pqZ, Z/pq 2 Z, Z/p2 qZ, Z/p2 q 2 Z, . . . , Z/pm q n Z (here p and q are dis-
tinct odd prime integers)
(d) Z/2Z, Z/4Z, Z/8Z, Z/16Z, . . . , Z/2k Z (here k is a positive integer)

(e) Z/mZ, in general?
7. Consider the equation xd ≡ 0 (mod pk ), for d and k ∈ N and p a prime

integer.
(a) Count how many solutions there are by considering the prime factoriza-
tion of any solution.
(b) Use Theorem 13 to count how many solutions there are.
26 Wilson’s theorem and its converse
If you have done Exercise 9 in Section 19 (see page 77), you should have conjectured
the following:
Theorem 14 (Wilson’s Theorem (plus))

⎧
⎪
⎨2 (mod m) if m = 4;
(m − 1)! ≡ −1 (mod m) if m is a prime;
⎪
⎩
0 (mod m) otherwise.
Wilson’s original theorem only stated that “if m is a prime, then (m − 1)! ≡ −1
(mod m).” We have improved on that.
Proof . Clearly the statement is true for m = 4, since in that case (m − 1)! =
3! = 6 ≡ 2 (mod 4). It is also clear that the statement is true when m = 2,
since (1 − 1)! = 1 ≡ −1 (mod 2). Now, suppose m > 2 is a prime. Then we
are multiplying together all the units in Z/mZ. Now, we know all the units have
(unique) inverses, so we expect them all to cancel out in pairs and give us 1. Why
do we get −1 instead? Well, some units may be their own inverses, hence they won’t
cancel out of the product. In fact, those are the only units we need to worry about,
since the other units will cancel out in pairs. So we need to think about which units
are their own inverses. We already know 1 and −1 are their own inverses; are there
others? Well, we need to worry about
u ∈ (Z/mZ)× such that u · u ≡ 1 (mod m).
But Lagrange’s theorem states that this equation has at most two solutions, since
we are trying to solve the quadratic equation x2 − 1 = 0 in a prime modulus. Thus
we already have the only solutions, x = ±1. (If m = 1 we have a single solution,
which we may call +1 or −1.) Thus all the other units cancel in pairs and we are
left with (m − 1)! ≡ 1 · (−1) ≡ −1 (mod p). The second statement is proved.
For the third statement, we must realize that
m is not a prime ⇐⇒ m = a · b where 1 < a < m and 1 < b < m.

26. Wilson’s theorem and its converse 109
Thus when we multiply out (m − 1)! = (m − 1)(m − 2)(m − 3) · · · (3)(2)(1), we will

get a · b · (rest) as long as a = b. Thus we must only worry about numbers m that
can only be factored as m = a · a. A little thought or experimentation will convince
you that this can only occur for m = p2 where p is a prime. But in that case we
get
(m − 1)! = (1)(2)(3) · · · (p)(p + 1) · · · (2p)(2p + 1) · · · (p2 − 1)
and since m = p2 , we will have m|(m − 1)! =⇒ (m − 1)! ≡ 0 (mod m). Thus
we will have proved the theorem as long as 2p < p2 , because in that case 2p as
well as p will appear when we multiply out (m − 1)!, so we will get zero. But
p > 2 =⇒ p2 > 2p, so we have proved the third statement in all cases except
p = 2, m = p2 = 4; and that is exactly the exception most of you noted and we
wrote into the theorem. Thus the theorem is proved.
You will notice that we got zero when m is not a prime because we were multiplying
out everything in Z/mZ, units as well as zero-divisors. When m is a prime, we
multiplied out all the units and got −1. What if we just multiply out all the units:
what is
u (mod m)?
u∈(Z/mZ)×
We have proved that m is prime implies that the product is −1; what do we get
for m not a prime? A little experimentation gives
product = 1 · 3 ≡ −1 (mod 4)
product = 1 · 5 ≡ −1 (mod 6)
product = 1 · 2 · 4 · 5 · 7 · 8 ≡ −1 (mod 9)
product = 1 · 3 · 7 · 9 ≡ −1 (mod 10),
so you may think it is always −1, just like in the prime case. But we also have
product = 1 · 3 · 5 · 7 ≡ 1 (mod 8)
product = 1 · 5 · 7 · 11 ≡ 1 (mod 12)
product = 1 · 3 · 5 · 9 · 11 · 13 ≡ −1 (mod 14)
product = 1 · 2 · 4 · 7 · 8 · 11 · 13 · 14 ≡ 1 (mod 15),
so it’s not so clear.
Exercises
1. If p is an odd positive prime in Z, prove that
p+1
12 · 32 · 52 · · · (p − 4)2 (p − 2)2 ≡ (−1) 2 (mod p)
and that
p+1
22 · 42 · 62 · · · (p − 3)2 (p − 1)2 ≡ (−1) 2 (mod p).
2. Let p be a positive prime integer.

(a) What is the constant term of the polynomial
p−1
fp (x) = (x − 1)(x − 2)(x − 3) · · · (x − (p − 1)) = (x − k)
k=1
in Z/pZ[x]?
(b) Calculate f2 (x), f3 (x), f5 (x), and f7 (x).
(c) Conjecture a closed-form expression for fp (x), where p is a positive prime
integer.
3. Prove that the product of all the units in Z/mZ, u, is always ±1.
u∈(Z/mZ)×
4. After gathering more evidence, conjecture a rule for when the product of units
in Zm is +1, and when the product is −1.
5. Let p > 2 be aprimeinteger. Rather than calculate (p−1)! (mod p), suppose
p−1
we calculate ! (mod p), as in the table
2
p−1 p 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
.
2 ! (mod p) 1 2 6 10 5 13 18 1 12 1 31 9 42 46 23 1

p−1
Conjecture a rule for ! (mod p).
2
27 Calculating ϕ(n)
The function ϕ(n) goes from N to N (that is, it takes as input positive integers and
×
gives back positive integers), and it counts the number of elements in (Z/nZ) ; i.e.,
the number of units in Z/nZ. We have conjectured that
(m, n) = 1 =⇒ ϕ(mn) = ϕ(m) · ϕ(n)
and that n > 2 =⇒ ϕ(n) is even. We will prove these, and also come up with a
formula for ϕ(n).
First, consider the two statements
(a, mn) = 1 and (a, m) = (a, n) = 1.
The first is equivalent to saying “a is a unit in Z/mnZ” and the second is equivalent
to saying “a is a unit in Z/mZ and also in Z/nZ.” What is the relationship between
the two statements? We will prove the
Proposition 20 For integers a, m, and n, we have
(a, mn) = 1 ⇐⇒ (a, m) = (a, n) = 1.

27. Calculating ϕ(n) 111
Proof . ( =⇒ ) We have (a, mn) = 1 ⇐⇒ ax + mny = 1 for some integers x and

y. But then we get
a(x) + m(ny) = 1 =⇒ (a, m) = 1
and
a(x) + n(my) = 1 =⇒ (a, n) = 1.
(⇐=) Now suppose (a, mn) = 1. Then we have (a, mn) > 1 (you can take care of
the case (a, mn) = 0 yourself), so there is a prime p that divides (a, mn). Then we
have p|a and p|mn =⇒ p|m or p|n. Therefore p|(a, m) or p|(a, n); in either case,
we must have that (a, m) = (a, n) = 1 is false. Thus we have proved the implication
in both directions, and the theorem is proved.
(A quicker proof of the ⇐= direction above is this: (a, m) = (a, n) = 1 =⇒ ar +

ms = ax+ny = 1, so 1 = (ar +ms)(ax+ny) = a(arx+msx+rny)+(mn)(sy) =⇒
(a, mn) = 1. It’s a silly trick, but it’s quick.)
× ×
So we have proved that a is in (Z/mnZ) ⇐⇒ a is in (Z/mZ) and a is in
(Z/nZ)× . Before we proceed to the proof that ϕ is multiplicative, i.e., that (m, n) =
1 =⇒ ϕ(mn) = ϕ(m)ϕ(n), let’s try an example of how the proof will proceed.
Let’s write Z/36Z as
1 2 3 4
5 6 7 8
9 10 11 12
13 14 15 16
17 18 19 20
21 22 23 24
25 26 27 28
29 30 31 32
33 34 35 36.
We can consider the first row as Z/4Z. What we will do is cross out every number
a such that (a, 4) = 1 and then cross out all the numbers such that (a, 9) = 1.
We will be left with all a such that (a, 4) = (a, 9) = 1, hence with all a such that
×
(a, 36) = 1, hence we will have (Z/36Z) . We can then count to get ϕ(36).
In Exercise 6 in Section 19 (see page 77) it was shown that
a ≡ b (mod m) =⇒ (a, m) = (b, m).
Since all the numbers in each column are congruent (mod 4), when we cross out
one number we can cross out its whole column. We thus cross out the second and
fourth columns, and we are left with all the odd numbers, which are all relatively
prime to 4. Now consider each column that is left. There are nine numbers in each.
Do these nine numbers represent Z/9Z? Why or why not? From Exercise 11 in
Section 18 (page 76), you can see that since each column is the set
{a, a + 4, a + 2 · 4, a + 3 · 4, . . . , a + (9 − 1) · 4}
and since (4, 9) = 1 (this fact is crucial), we must have that each column (crossed
out or not) is in fact a set of representatives of Z/9Z. There are ϕ(4) columns left
(since we crossed out all the columns whose top number was not in (Z/4Z)× ), and
each column contains ϕ(9) units in Z/9Z, hence in Z/36Z. We have proved that
ϕ(36) = ϕ(4·9) = ϕ(4)·ϕ(9), and the fact that (4, 9) = 1 was crucial; we could have
arranged it in six columns of six numbers, and crossed out until there were only
two columns left (ϕ(6) = 2), but then each column would not have represented
Z/6Z, and we could not have proceeded as we did.
Let’s try this in general, to make sure the reasoning is sound. Suppose we have
positive integers m and n that are relatively prime: (m, n) = 1. Then we wish to
calculate ϕ(mn) = #(Z/mnZ)× . We thus write Z/mnZ in a rectangular m × n
array and cross out everything that is not relatively prime to mn. By the above
proposition, that is all the numbers that are not relatively prime to m, as well as
all the numbers that are not relatively prime to n. So we proceed: write Z/mnZ
as
1 2 3 4 ··· m
m+1 m+2 m+3 m+4 ··· 2m
2m + 1 2m + 2 2m + 3 2m + 4 ··· 3m
3m + 1 3m + 2 3m + 3 3m + 4 ··· 4m
.. .. .. .. .. ..
. . . . . .
(n − 1)m + 1 (n − 1)m + 2 (n − 1)m + 3 (n − 1)m + 4 · · · nm.
Each row represents Z/mZ, that is clear; but each column is the set
{a, a + m, a + 2m, a + 3m, . . . , a + (n − 1)m}
and we know from Exercise 11 in Section 18 (page 76) that because (m, n) = 1,
this is a set of representatives for Z/nZ. Thus each row is Z/mZ and each column
is Z/nZ. We cross out whole columns when the top number is not in (Z/mZ)× ;
this leaves ϕ(m) columns. In each column not crossed out, we cross out everything
that is not in (Z/nZ)× ; now each column has either zero or ϕ(n) units in it. Every
number left is relatively prime to mn, since it is relatively prime to m and relatively
prime to n; every number crossed out had something in common with m or with n,
thus it has something in common with mn. We are thus left with ϕ(n) numbers in
each of ϕ(m) columns, and these are all the elements of (Z/mnZ)× . This proves
Proposition 21 For m and n in N with (m, n) = 1, we have

ϕ(mn) = ϕ(m) · ϕ(n).
What is ϕ(n), therefore? We have said before that ϕ(1) = 1, so we may assume
n > 1. Thus n has a factorization into powers of primes:
r
n = pe11 pe22 pe33 · · · perr = pei i .
i=1
Therefore
ϕ(n) = ϕ (pe11 ) ϕ (pe22 pe33 · · · perr )
since (pe11 , rest) = 1. Similarly, we may break up n into relatively prime chunks and
get
r
ϕ(n) = ϕ (pe11 ) ϕ (pe22 ) ϕ (pe33 ) · · · ϕ (perr ) = ϕ (pei i ) .
i=1
27. Calculating ϕ(n) 113
So to calculate ϕ(n) all we need to know is how to calculate ϕ(pk ) where p is a

prime and k ≥ 1. We already know that ϕ(p) = p − 1, since we have proved that
Z/pZ is a field; what about ϕ p2 ? or ϕ p3 ? The thing to notice is that for any
integer a, whether or not (a, pk ) is 1 is a very easy question to answer. What can
(a, pk ) be? It must be a divisor of pk , and the only divisors of pk are 1, or p, or p2 ,
etc., i.e., pj where 0 ≤ j ≤ k. All of the divisors except 1 are divisible by p. Thus
(a, pk ) = 1 ⇐⇒ p|a. Thus to calculate ϕ(pk ) we need only see how many of the
numbers in Z/pk Z are divisible by p; once we’ve crossed them off, only the units
will remain. We have
Z/pk Z = {1, 2, 3, . . . , p, p + 1, . . . , 2p, . . . , 3p, . . . , p2 , p2 + 1, . . . , pk }.
There are pk elements, and among every p of them we get one that is divisible by
p, and hence is not a unit. Thus there are p1 pk = pk−1 non-units, hence pk − pk−1
units. Therefore
ϕ(pk ) = pk − pk−1 = pk−1 (p − 1)
for p a prime and k ≥ 1. We may use this to calculate ϕ(n) for any positive integer.
We get
ϕ(n) = ϕ (pe11 ) ϕ (pe22 ) ϕ (pe33 ) · · · ϕ (perr )
r
= ϕ (pei i )
i=1
r
= pei i −1 (pi − 1)
i=1
r
pi − 1
= pei i
i=1
pi
r
pi − 1
= n
i=1
pi
r
1
= n 1−
i=1
pi
This is the formula that many people use to calculate ϕ(n). Thus to calculate ϕ(60)
we just notice that 60 = 22 · 3 · 5, and we get

1 1 1 1 2 4
ϕ(60) = 60 1 − 1− 1− = 60 = 16.
2 3 5 2 3 5
A good way, I find, to think of this formula, is to realize that for a in Z/nZ,
a is not a unit ⇐⇒ there is a prime p such that p|n and p|a.
Since for each prime p, p1 of all numbers are divisible by it, we can get (Z/nZ)× by
starting
Z/nZ (n elements) and throwing away the numbers divisible by p1
with
(n 1 − p11 elements left), then of the numbers that are left, throwing away those

divisible by p2 (n 1 − p11 1 − p12 elements left), and continuing this way for all
the primes that divide n. In the example above, we start with
Z/60Z = {1, 2, 3, . . . , 60}
then throw away all the even numbers (those that share the prime 2 with 60) to
get
{1, 3, 5, 7, 9, . . . , 57, 59} (thirty are left)
then throw away the ones that are left that are divisible by 3, namely 3, 9, 15, 21,
27, 33, 39, 45, 51, and 57, to get
{1, 5, 7, 11, 13, 17, 19, 23, 25, 29, 31, 35, 37, 41, 43, 47, 49, 53, 55, 59} (twenty left)
and then throw away those that share the prime 5 with 60: namely, 5, 25, 35, and
55. Thus
(Z/60Z)× = {1, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 49, 53, 59} (sixteen left).
You might try this for, say n = 105 = 3 · 5 · 7 and see why we get

2 4 6
ϕ(105) = 105 = 48
3 5 7
because we kept the 23 that were not divisible by 3 (70 numbers), then kept the 45
of what was left that were not divisible by 5 (56 numbers), then kept the 67 of what
was left that were not divisible by 7 (48 units).
Another thing you can try is to prove that

ϕ(d) = n;
d|n,d>0
that is, if you add up ϕ(d) for all the positive divisors, d, of n, you will get n itself.
An example is to take, say, n = 60. Then the positive divisors of 60 are d = 1, 2,
3, 4, 5, 6, 10, 12, 15, 20, 30, and 60; and we have

ϕ(d) = ϕ(1) + ϕ(2) + ϕ(3) + ϕ(4) + ϕ(5) + ϕ(6) + ϕ(10) + ϕ(12) + ϕ(15)
d|60,d>0
+ ϕ(20) + ϕ(30) + ϕ(60)

= 1 + 1 + 2 + 2 + 4 + 2 + 4 + 4 + 8 + 8 + 8 + 16
= 60.
Exercises
1. Show that ϕ(n) = 2 ⇐⇒ n = 3, 4 or 6.
2. Show that ϕ(n) = 4 ⇐⇒ n = 5, 8, 10, or 12.
3. Calculate ϕ(n) for n = 21, 22, 23, 24, 25, 26, and 27.
4. Show that n is odd =⇒ ϕ(2n) = ϕ(n). Is the converse true? State and
prove a theorem relating ϕ(2n) to ϕ(n).
5. Explain why ϕ(p3 q 2 r) = ϕ(pq 3 r 2 ) for distinct primes p, q, and r.
6. Explain why ϕ(n) is even if n > 2

28. Euler’s and Fermat’s theorems 115
(a) by using the formulas derived in this section

(b) by pairing the units (in some way) in (Z/mZ)× .
7. If u is a unit (mod m) then u−1 , −u, and −u−1 are also. However, the units
1 and −1 are self-inverses as well as being additive inverses of each other.
This would seem to imply that ϕ(m) ≡ 2 (mod 4), but that would sometimes
contradict the rule ϕ(p) = p − 1 for prime integers p. What can we conclude,
when p ≡ 1 (mod 4)?
8. If u is a unit (mod m) then u−1 , −u, and −u−1 are also. However, the units
1 and −1 are self-inverses as well as being additive inverses of each other.
This would seem to imply that ϕ(m) ≡ 2 (mod 4); however this is false. The
prime case is taken care of in the previous exercise; in this exercise we look
at the composite case. For composite m < 150, we have
ϕ(m) = 4k+2 ⇐⇒ m ∈ {4, 6, 9, 14, 18, 22, 27, 38, 46, 49, 54, 62, 81, 86, 94, 98,
118, 121, 134, 142}.
Conjecture a rule for when ϕ(m) ≡ 2 (mod 4) for composite m.
9. ϕ(10) = 4 = ϕ(12). Can you find other sets of primes p, q, and r for which
ϕ(pq) = ϕ(p2 r)?
10. Suppose ϕ(n) = 23 n. What can you deduce about the prime factorization of
n?
8
n?
8
n?
13. There are five values of n (all < 100) for which ϕ(n) = 20. Find these values
(without the use of technology).
14. There are ten values of n (all < 100) for which ϕ(n) = 24. Find these values
(without the use of technology).
15. Show that, for n ∈ N, we have

ϕ(d) = n.
d|n, d>0
16. Let m, n ∈ N. Show that m|n =⇒ ϕ(m)|ϕ(n). Is the converse true?
28 Euler’s and Fermat’s theorems
Given m ∈ N, the number ϕ(m) counts how many elements of Z/mZ are units, but
there are other significant facts about the function ϕ. We have the following very
important
Theorem 15 (Euler’s Theorem) If m ≥ 2 is an integer, and (a, m) = 1 for

some integer a, then
aϕ(m) ≡ 1 (mod m)
i.e.,
×
a ∈ (Z/mZ)× =⇒ a(size of (Z/mZ) ) ≡ 1 (mod m).
Proof . Some of you, those who have taken abstract algebra, already know this
theorem; in that course, it is an example of the fact that an element of a finite
group, raised to the power of the size of the group, is the identity. We will prove it
by looking at the set
(Z/mZ)× = {u1 , u2 , u3 , . . . , uϕ(m) }.
It was proved in Exercise 3 (page 110) that
b = u1 u2 u3 · · · uϕ(m) = u
u∈(Z/mZ)×
is ±1; but all we care about is that this element, which is a product of units, is also
a unit in Z/mZ.
Now suppose a is any unit in (Z/mZ)× , and consider the set
S = {au1 , au2 , au3 , . . . , auϕ(m) }.
What is this set? Everything in S is a unit, so S ⊆ (Z/mZ)× . On the other hand,

if two elements of S were equal, then we would have
aui ≡ auj (mod m) ⇐⇒ ui ≡ uj (mod m)
since a is a unit. Thus we have no repeats, so S is the same size as (Z/mZ)× and
so we must have S = (Z/mZ)× . So if we multiply all the elements of S, we must
get b again. Thus we have
b ≡ (au1 )(au2 )(au3 ) · · · (auϕ(m) ) = aϕ(m) u1 u2 u3 · · · uϕ(m) = aϕ(m) b (mod m)
and since b is a unit we can cancel it to get
1 ≡ aϕ(m) (mod m).
An important corollary is called Fermat’s little theorem.
Theorem 16 (Fermat’s Little Theorem) If p is a prime integer and p/|a, then
ap−1 ≡ 1 (mod p).

28. Euler’s and Fermat’s theorems 117
Proof . We have p/|a ⇐⇒ (a, p) = 1, and p a prime =⇒ ϕ(p) = p − 1, so we may

use Euler’s theorem to prove Fermat’s little theorem.
This theorem should not be confused with Fermat’s last theorem, which was un-
proved from when Fermat stated it (“no positive solution in integers x, y and z
exists to the equation xn + y n = z n if the (integral) power n is greater than 2”) in
1637 until 358 years later, when it was proven by Andrew Wiles, building on earlier
work by Gerd Faltings, Gerhard Frey, Goro Shimura, Hitaka Taniyama, Kenneth
Ribet, and many others. (Andrew Wiles was the present author’s calculus professor
freshman year.)
Corollary 4 If p is a prime in Z, we have ap ≡ a (mod p) for all integers a.
Corollary 5 If p is a prime in Z, we have (x + y)p ≡ xp + y p (mod p) for any

integers x and y.
Exercises
3. Prove that 5n3 + 7n5 ≡ 0 (mod 12) for all integers n.
4. Find all positive integers n for which
n13 ≡ n (mod 1365).
5. One of the following statements is always true and one is sometimes false:
n7 ≡ n3 (mod 40) n6 ≡ n2 (mod 40).
By thinking a little first you should know which one is true and which isn’t;
you should prove the true statement and give a counterexample for the false
statement.
6. For which integers n is the following true?
n21 ≡ n (mod 2310).
Hint: It is true for n = 1 but false for n = 2, so we see it is sometimes true
and sometimes false. Your answer to this problem should tell your reader if
is true or false for n = 99, or n = −35, or n = 123456789, etc.
7. Let p be a prime integer. Factor xp−1 − 1 in Z/pZ[x]. Use this factorization
to prove Wilson’s theorem again.
8. One of the themes in this book is whether a given ring contains a solution to
the equation x2 = −1 (such a solution plays the role of the complex number
i). Suppose p > 2 is a prime integer, and suppose a solution exists to the
equation x2 ≡ −1 (mod p). Use Fermat’s little theorem to show that p ≡ 1
(mod 4).
9. Extending the definition of Z/pZ[x], we denote by Z/pZ[x, y] the ring of all

polynomials in the two variables x and y with coefficients in Z/pZ. We may
also write
⎧ ⎫
⎨
n ⎬
Z/pZ[x, y] = cj,k xj y k : such that n ∈ W, cj,k ∈ Z/pZ .
⎩ ⎭
j=0,k=0
Use Exercise 4 in Section 15 to show that in Z/pZ[x, y],

(x + y)p = xp + y p .
Is this statement weaker than, equivalent to, or stronger than Corollary 5?
10. Sum the series 1 + 22 + 333 + · · · + n(11 · · · 1/).
, -.
n
29 The order of an integer modulo m
We have looked at addition in Z/mZ and Z/pZ, which is pretty boring, and we have
looked at multiplication, from which we got the ideas of units and zero-divisors. In
Chapter 5 we will look closely at squaring in the field Z/pZ, and try to find rules
about which elements of Z/pZ are perfect squares. Right now we want to look at
the whole idea of raising to powers or exponentiation, and see if we can see some
patterns.
Let’s look at the powers of 1, 2, . . . , 22 in (Z/23Z)× :

1k = 1 always
2, 4, 8, 16, 9, 18, 13, 3, 6, 12, 1, then we repeat
3, 9, 4, 12, 13, 16, 2, 6, 18, 8, 1, then we repeat
4, 16, 18, 3, 12, 2, 8, 9, 13, 6, 1, then we repeat
5, 2, 10, 4, 20, 8, 17, 16, 11, 9, 22, 18, 21, 13, 19, 3, 15, 6, 7, 12, 14, 1, so we got all
22 units
6, 13, 9, 8, 2, 12, 3, 18, 16, 4, 1, then we repeat
7, 3, 21, 9, 17, 4, 5, 12, 15, 13, 22, 16, 20, 2, 14, 6, 19, 18, 11, 8, 10, 1, all 22 units
8, 18, 6, 2, 16, 13, 12, 4, 9, 3, 1, then we repeat
9, 12, 16, 6, 8, 3, 4, 13, 2, 18, 1, then we repeat
10, 8, 11, 18, 19, 6, 14, 2, 20, 16, 22, 13, 15, 12, 5, 4, 17, 9, 21, 3, 7, 1, all 22 units
11, 6, 20, 13, 5, 9, 7, 8, 19, 2, 22, 12, 17, 3, 10, 18, 14, 16, 15, 4, 21, 1, all 22 units
12, 6, 3, 13, 18, 9, 16, 8, 4, 2, 1, then we repeat
13, 8, 12, 18, 4, 6, 9, 2, 3, 16, 1, then we repeat
14, 12, 7, 6, 15, 3, 19, 12, 21, 18, 22, 9, 11, 16, 17, 8, 20, 4, 10, 2, 5, 1, all 22 units
15, 18, 17, 2, 7, 13, 11, 4, 14, 3, 22, 8, 5, 6, 21, 16, 10, 12, 19, 9, 20, 1, all 22 units
16, 3, 2, 9, 6, 4, 18, 12, 8, 13, 1, then we repeat
17, 13, 14, 8, 21, 12, 20, 18, 7, 4, 22, 6, 10, 9, 15, 2, 11, 3, 5, 16, 19, 1, all 22 units
18, 2, 13, 4, 3, 8, 6, 16, 12, 9, 1, then we repeat
19, 16, 5, 3, 11, 2, 15, 9, 10, 6, 22, 4, 7, 18, 20, 12, 21, 8, 14, 13, 17, 1, all 22 units
20, 9, 19, 12, 10, 16, 21, 6, 5, 8, 22, 3, 14, 4, 11, 13, 7, 2, 17, 18, 15, 1, all 22 units
21, 4, 15, 16, 14, 18, 10, 3, 17, 12, 22, 2, 19, 8, 7, 9, 5, 13, 20, 6, 11, 1, all 22 units
22, 1, then we repeat.
29. The order of an integer modulo m 119
What do you notice here? There are several observations one might make:
• We always eventually repeat
• We always repeat after we get 1
• We always repeat after 1, 2, 11, or 22 steps
• If u · v = 1 then the steps are reversed for u and for v
• At step 11, we either have 1 or −1; if we have −1, we get all the units
• There are ten elements that generate all the units.
Can we prove or explain any of these observations? Let’s see: it is clear that since
we are staying inside (Z/23Z)× , which only has 22 elements, we must eventually
repeat. Why don’t we repeat anywhere else besides 1?
Well, suppose we do: suppose that for some a such that (a, p) = 1, we get
ar ≡ as (mod p)
for some positive integers r and s, and we may as well assume r < s. Then since a
is a unit, we can cancel it from each side of the equation r times to get
1 ≡ as−r (mod p).
Thus we always repeat 1 first. You can also see this by realizing that a0 = 1, so
this is really the first power that can be repeated. In fact, this leads to a
Definition 20 In Z/mZ where m ∈ N, the order (mod m) of a unit, a, is the

smallest positive power of a that is congruent to 1 (mod m), if such a power exists.
I.e., k is the order of a (mod m) if and only if
• ak ≡ 1 (mod m)
• an ≡ 1 (mod m) for any n such that 1 ≤ n < k
We will sometimes write this as ordm (a) = k.
If you get all the units by raising r to powers, we have a special name for r.
Definition 21 An element r of the group of units (Z/mZ)× is a primitive root

modulo m if
{r k : k ∈ N} = (Z/mZ)× ,
that is, every unit in Z/mZ can be written as a positive power of r. Another way
to say this is
r ∈ (Z/mZ)× is a primitive root modulo m ⇐⇒ ordm (r) = ϕ(m) = #(Z/mZ)× .

Thus we have shown above that
ord23 (a) = 1 ⇐⇒ a=1

ord23 (a) = 2 ⇐⇒ a = −1
ord23 (a) = 11 ⇐⇒ a = 2, 3, 4, 6, 8, 9, 12, 13, 16, 18
ord23 (a) = 22 ⇐⇒ a = 5, 7, 10, 11, 14, 15, 17, 19, 20, 21.
From these lists, we can also notice that in Z/23Z, we have (except for a = ±1)
a is a primitive root modulo 23 ⇐⇒ −a is not a primitive root modulo 23
and
a is a primitive root modulo 23 ⇐⇒ a−1 is a primitive root modulo 23.
We will soon see how to generalize this.
Let’s try another modulus to see if this holds true in general: in Z/19Z, we get
1k = 1 always;
2, 4, 8, 16, 13, 7, 14, 9, 18, 17, 15, 11, 3, 6, 12, 5, 10, 1, so we got all 18 units
3, 9, 8, 5, 15, 7, 2, 6, 18, 16, 10, 11, 14, 4, 12, 17, 13, 1, so we got all 18 units
4, 16, 7, 9, 17, 11, 6, 5, 1, then we repeat
5, 6, 11, 17, 9, 7, 16, 4, 1, then we repeat
6, 17, 7, 4, 5, 11, 9, 16, 1, then we repeat
7, 11, 1, then we repeat
8, 7, 18, 11, 12, 1, then we repeat
9, 5, 7, 6, 16, 11, 4, 17, 1, then we repeat
10, 5, 12, 6, 3, 11, 15, 17, 18, 9, 14, 7, 13, 16, 8, 4, 2, 1, all 18 units
11, 7, 1, then we repeat
12, 11, 18, 7, 8, 1, then we repeat
13, 17, 12, 4, 14, 11, 10, 16, 18, 6, 2, 7, 15, 5, 8, 9, 3, 1, all 18 units
14, 6, 8, 17, 10, 7, 3, 4, 18, 5, 13, 11, 2, 9, 12, 16, 15, 1, all 18 units
15, 16, 12, 9, 2, 11, 13, 5, 18, 4, 3, 7, 10, 17, 8, 6, 14, 1, all 18 units
16, 9, 11, 5, 4, 7, 17, 6, 1, then we repeat
17, 4, 11, 16, 6, 7, 5, 9, 1, then we repeat
18, 1, then we repeat.
Thus we have that
ord19 (a) = 1 ⇐⇒ a=1

ord19 (a) = 2 ⇐⇒ a = −1
ord19 (a) = 3 ⇐⇒ a = 7, 11
ord19 (a) = 6 ⇐⇒ a = 8, 12
ord19 (a) = 9 ⇐⇒ a = 4, 5, 6, 9, 16, 17
ord19 (a) = 18 ⇐⇒ a = 2, 3, 10, 13, 14, 15.
In Z/19Z, we have
2 · 10 = 3 · 13 = 4 · 5 = 6 · 16 = 7 · 11 = 8 · 12 = 9 · 17 = 14 · 15 = 1.
29. The order of an integer modulo m 121
We have only gathered data in the two rings Z/23Z and Z/19Z, but maybe we can
conjecture that (for p a prime)
• ordp (a) = 1 ⇐⇒ a = 1
• ordp (a) = 2 ⇐⇒ a = −1
• ordp (a) is always a divisor of p − 1 = ϕ(p)
• a is a primitive root modulo p ⇐⇒ a−1 is a primitive root modulo p
• a is a primitive root modulo p ⇐⇒ −a is not a primitive root modulo p
(except for a = 1)
• There are always ϕ(p − 1) primitive roots modulo p
• In fact, there are always ϕ(k) elements of order k, as long as k|(p − 1). If
k/|(p − 1), there are no elements of order k.
If we prove the last fact, we will get the first three and the second-to-last fact for
free! Also, we will have proved that for any prime p, we have

ϕ(k) = p − 1.
k|p−1
k>0
This is just a special case of the formula

ϕ(d) = n
d|n, d>0
that was mentioned earlier, in Exercise 15 on page 115; in the exercises below we
will suggest a second approach.
Exercises
1. Find ord31 (2), ord31 (3), ord31 (4), ord31 (5), and ord31 (6).
2. Find ord11 (a) for all a ∈ (Z/11Z)× .
5. Show that ordm (a) = s =⇒ ordm (ak ) = ds , where d = (k, s).
6. Show that for m ∈ N and a ∈ Z/mZ,
ordm (a) exists ⇐⇒ (a, m) = 1.
7. Suppose p is prime, and ordp (a) = k. What can you say about ordp (a−1 )?
about ordp (−a)?
8. Suppose m ∈ N, and ordm (a) = k. What can you say about ordm (a−1 )?
about ordm (−a)?
9. For n ∈ N, define F (n) = ϕ(d).

d|n, d>0
(a) Show that F (pk ) = pk for any prime p and k ∈ N.

(b) Use Exercise 10(e) in Section 9 (page 38) to conclude that F (n) = n for
all n ∈ N.
30 Divisibility tests
Now we want to look at one of the uses of congruences: divisibility tests. Classically,
there are tests for divisibility by 2, 4, 8, 3, 5, 25, 9, 11, and all other powers of 2
and 5. They are consequences of
• 10 = 2 · 5
• 10k = 2k · 5k
• 10 = 9 + 1
• 10 = 32 + 1
• 10 = 11 − 1.
Suppose we have a large number, n, and we want to know how (or whether) it fac-
tors. We all know the test for evenness—look at the last digit. This works because
if n has m + 1 decimal digits, so n can be written as n = am am−1 am−2 · · · a3 a2 a1 a0 ,
then we have

m
n = am am−1 am−2 · · · a3 a2 a1 a0 = ak 10k ,
k=0
so

m
n= ak 10k ≡ a0 (mod 2).
k=0
Similarly, since 10 ≡ 0 (mod 4) for all k ≥ 2, we need only look at the last two
k
digits to check for divisibility by 4. And in fact one can look at just the last t digits
to check for divisibility by 2t . In exactly the same way, one need only look at the
last digit to check divisibility by 5, the last two digits for divisibility by 25, the
last t digits to check for divisibility by 5t , since 10k ≡ 0 (mod 5t ) for all k ≥ t.
So we can tell at a glance that 5|43562364029643640 but 25/|43562364029643640,
while just a little more work will show us that 43562364029643640 is divisible by
2, 4, and 8, but not by 16.
What about the test for 9? Do you know it? We have 10k ≡ 1k ≡ 1 (mod 9) for
all k, so
m
n= ak 10k ≡ ak = a0 + a1 + a2 + · · · + am (mod 9);
k=0 k=0
30. Divisibility tests 123
i.e., just add up the digits. This can be done again and again: to check
614302945982634,
we get
614302945982634 ≡ 6+1+4+3+0+2+9+4+5+9+8+2+6+3+4 = 66 ≡ 6+6 = 12

≡ 1+2 = 3 (mod 9)
so 9/|614302945982634. Similarly, we have 10k ≡ 1k ≡ 1 (mod 3) for all k, so

adding up the digits works for 3 as well as for 9. We have shown above that
3|614302945982634.
What is the test for 11? Do you know it? Since 10k ≡ (−1)k (mod 11) for all k,
we can alternately add and subtract digits to check for divisibility by 11:

m
n= ak 10k ≡ (−1)k ak = a0 − a1 + a2 − · · · + (−1)m am (mod 11).
k=0 k=0
Thus we get
614302945982634 ≡ 4 − 3 + 6 − 2 + 8 − 9 + 5 − 4 + 9 − 2 + 0 − 3 + 4 − 1 + 6 = 18
≡ 8 − 1 = 7 (mod 11)
so 11/|614302945982634. If all we care about is does 11|n?, we can reverse the order
and subtract from left to right the way we read: since m|a ⇐⇒ m|(−a) ⇐⇒ a ≡ 0
(mod m), we don’t care about the sign of the answer, only whether or not we get
zero. So you may subtract in either direction, so long as you alternate.
These tests allow us to test for divisibility by all the primes less than 13, except for 7.
What do we do to test for divisibility by 7? Of course we can do long division, which
is not terribly hard if we know our sevens table well. Does 7|43562364029643640?
It should not take you long to say no, and you might even see that the remainder
on division by 7 is 6 (and the quotient is 6223194871377662). Can we speed up this
process? I will suggest three possibilities.
First, notice that
21 ≡ 0 (mod 7) =⇒ 1 ≡ −2 · 10 (mod 7).
Thus, starting with n = 614302945982634, we get
614302945982634 = 614302945982630 + 4 ≡ 614302945982630 + (−80) (mod 7).
If all we care about is divisibility (or not), then
7|614302945982634 ⇐⇒ 7|(614302945982630 + (−80))

⇐⇒ 7|61430294598263 + (−8) = 61430294598260 + (−5),
and so we can proceed iteratively by taking −2 times the units digit, adding that to
the tens digit (and lopping off the 0 at the end), and keeping track of the resulting
ones digit, which we can adjust by a multiple of 7 if that makes it easier to keep
track. Thus the successive ones digits for n = 614302945982634 would be 4, −5 ≡ 2
(mod 7), 2, −2, 12 ≡ −2 (mod 7), 13 ≡ −1 (mod 7), 7 ≡ 0 (mod 7), 4, 1, 0, 0, 3,

−2, 5 ≡ −2 (mod 7), and 10 ≡ 0 (mod 7), and we are done, so 7/|614302945982634.
As another test, we could try n = 43562364029643641, which we know from the
last paragraph is divisible by 7. Again keeping track of the units digit, we get 1, 2,
2, −1, 6 ≡ −1 (mod 7), 8 ≡ 1 (mod 7), 7 ≡ 0 (mod 7), 2, −4 ≡ 3 (mod 7), −2,
10 ≡ 3 (mod 7), −3, 8 ≡ 1 (mod 7), 4, −3, 9 ≡ 2 (mod 7), and 0, which indicates
that, as expected, 7|43562364029643641. It takes getting used to, but I’d say this
method is somewhat faster (and less error-prone) than trial division by 7, though
of course one does not get the remainder (or the quotient) (mod 7), just a yes or
no answer to divisibility.
Alternatively, we might note that 1 ≡ 5 · 10 (mod 7). We can thus calculate in

a manner similar to above, but use +5 as our multiplier rather than −2. That
is, we we can proceed iteratively by taking 5 times the units digit, adding that
to the tens digit (and lopping off the 0 at the end), and keeping track of the
resulting ones digit. The calculation for n = 614302945982634 would be 4, 23 ≡ 2
(mod 7), 16 ≡ 2 (mod 7), 12 ≡ 5 (mod 7), 33 ≡ 5 (mod 7), 34 ≡ 6 (mod 7),
35 ≡ 0 (mod 7), 4, 29 ≡ 1 (mod 7), 7 ≡ 0 (mod 7), 0, 3, 19 ≡ 5 (mod 7), 26 ≡ 5
(mod 7), and 31 ≡ 0 (mod 7), so 7/|614302945982634. The intermediate results
are the same (mod 7) as the results obtained above. All the calculations involve
non-negative integers, but we deal with larger integers, on average. Which method
is best is a matter of taste; they are essentially the same calculation.
In a similar vein, we might try using the fact that
98 ≡ 0 (mod 7) =⇒ 100 ≡ 2 (mod 7).
This avoids the negative signs, but we have to deal with two digits at a time. If we
test the integer 860706209262639264 for divisibility by 7, we get (note that 26 ≡ 1
(mod 7) by Fermat’s little theorem)
860706209262639264 = 86 · 1008 + 7 · 1007 + 6 · 1006 + 20 · 1005 + 92 · 1004

+ 62 · 1003 + 63 · 1002 + 92 · 100 + 64
≡ 86 · 2 + 7 · 27 + 6 · 26 + 20 · 25 + 92 · 24 + 62 · 23
8
+ 63 · 22 + 92 · 2 + 64 (mod 7)
≡ 2 · 22 + 0 · 2 + 6 · 1 + 6 · 4 + 1 · 2 + 6 · 1 + 0 · 4
+ 1 · 2 + 1 (mod 7)
≡ 49 (mod 7)
≡ 0 (mod 7),
using the fact that the powers of 2 (mod 7) are 2, 4, 1, 2, 4, 1, . . . . As another ex-
ample, we know from above that 43562364029643640 ≡ 6 (mod 7); can we confirm
30. Divisibility tests 125
this? The calculation is
43562364029643640 = 4 · 1008 + 35 · 1007 + 62 · 1006 + 36 · 1005 + 40 · 1004

+ 29 · 1003 + 64 · 1002 + 36 · 100 + 40
= 4·4+0·2+6·1+1·4+5·2+1·1+1·4+1·2+5
≡ 48 (mod 7)
≡ 6 (mod 7),
as expected.
One final test relies on the interesting numerical happenstance that 1001 = 7·11·13.
Thus we can test for the three primes 7, 11, and 13 by setting 1000 equal to −1.
Starting with the number n = 87640660954693, we get
87640660954693 = 87 · 10004 + 640 · 10003 + 660 · 10002 + 954 · 1000 + 693

≡ 87 · (−1)4 + 640 · (−1)3 + 660 · (−1)2 + 954 · (−1)
+ 693 (mod 1001)
≡ 87 − 640 + 660 − 954 + 693 (mod 1001)
≡ −154 (mod 1001).
It is then very easy to see that
7|87640660954693, 11|87640660954693, and 13/|87640660954693,
and in fact 87640660954693 ≡ 2 (mod 13).
Exercises
1. Test n = 25083587439645 for divisibility by
(a) 5
(b) 25
(c) 3
(d) 9
(e) 11
(f) 7
(g) 13.
2. Find the remainder when m = 6666666666 is divided by
(a) 4
(b) 8
(c) 16
(d) 3
(e) 9
(f) 11
(g) 7
(h) 13.
3. Find the remainder when k = 7777777777 is divided by

(a) 25
(b) 8
(c) 3
(d) 9
(e) 11
(f) 7
(g) 13.
4. Factor 2155140 into primes. You may want to use Table 10 that starts on
page 226.
5. Factor 6629589316350 into primes. You may want to use Table 10 that starts
on page 226.
6. Use the four methods given in the text to test whether 7 divides
309346530823754.
Which method is easiest?

7. To test divisibility by 7, we used the fact that 7|21 =⇒ 1 ≡ −2 · 10 (mod 7).
(a) Write your own test for divisibility by 19, based on 1 ≡ 2 · 10 (mod 19).
(b) Use your test to see if 19|6474984387639.
(c) Use your test to see if 19|6274976398438.
(d) Use your test to see if 19|9367884874726.
8. To test divisibility by 7, we used the fact that 7|21 =⇒ 1 ≡ −2 · 10 (mod 7).
(a) Write your own test for divisibility by 37, based on 1 ≡ 1000 (mod 37).
(b) Use your test to see if 37|940973429245965.
(c) Use your test to see if 37|2853450843793482.
(d) Use your test to see if 37|135393678348745365.
Chapter 3
Quadratic Extensions
√ of the
Integers, Z[ d]
If Chapter Two represented a zoom in to look at smaller, simpler rings than Z, then
this chapter will represent more of a zoom out as we situate Z inside some √ other
rings, mostly the Gaussian integers Z[i], but also other rings of the form Z[ d] (for
a square-free integer d). By seeing how these rings are similar to, and different
from, the ring of integers Z, we hope to learn more about both of these objects of
study. For example, you have most likely seen and used the fundamental theorem
of arithmetic so often that you probably don’t find its statement very interesting
nor its proof very illuminating. But by repeating this argument (rather, making
analogous arguments) in a less familiar setting, I hope that you will see the power
of unique factorization; and by seeing how it can fail, we see what an important
fact it is about the ring Z.
31 Divisibility in Z[i]
In Z, to prove that we have unique factorization into primes, we needed the well-
ordering principle and the fact that for integers a and b with (a, b) = d, we have
d = ax + by for some integers x and y.
This was proved via the Euclidean algorithm, using the amazing array to undo the
continued fraction for ab . Our norm function, N , (or its absolute value) will give
√
us a way to use the well-ordering principle, since the norm of an element in Z[ d]
is in some sense a measure
√ of its size. What about
√ the Euclidean algorithm? Will
this work in Z[i]? in Z[ 2]? in other rings Z[ d]?
127
√
128 Chapter 3. Quadratic Extensions of the Integers, Z[ d]
Let’s try to find the GCD of −23 − i and 2 + 5i. Notice that N (−23 − i) = 530 and
N (2 + 5i) = 29. We calculate:
−23 − i = (2 + 5i)(−2 + 4i) + (1 + i)

2 + 5i = (1 + i)(3 + 2i) + 1
1 + i = 1(1 + i) + 0
so it works—we think the GCD of −23 − i and 2 + 5i is 1 and they are relatively
prime. If 2 + 5i = (z1 )(z2 ) then by taking norms we get 29 = N (z1 )N (z2 ) so
N (z1 ) = 1 or N (z2 ) = 1 so one of them is a unit. Thus 2 + 5i acts like a prime
in Z[i], since any factorization must have one factor being a unit. What could
(−23 − i, 2 + 5i) be? It must divide 2 + 5i so it must be 2 + 5i or 1, right? But if
it is 2 + 5i, then (2 + 5i)|(−23 − i) so
−23 − i = (2 + 5i)z
for some Gaussian integer z, and then by taking norms we get
530 = 29 · N (z)
so 29|530 and this is false! So we can use the norm function to prove that the two
Gaussian integers are relatively prime, just as we found from the Euclidean algo-
rithm. We need some preliminaries before we generalize this. Recall the definition
of a prime in any ring R:
Definition 22 In a ring R, an element p that is not a unit is called prime if
p = a · b =⇒ a or b is a unit.
Proposition 22 If N (z) is a prime in Z, then z is prime in Z[i].
Proof . Just as we did above, suppose N (z) is prime and suppose z factors in Z[i]
as z = a · b. Then we have N (z) = N (a)N (b) so either N (a) or N (b) is a unit in Z.
But norms in Z[i] are non-negative, so we must have N (a) = 1 or N (b) = 1. Thus
either a or b is a unit.
The converse of this theorem is false; for instance we will prove soon that 3 is a
prime in Z[i], but it certainly not true that N (3) = 9 is a prime in Z.
Following Exercise 7 in Section 7, we have
Definition 23 For Gaussian integers a and b, we write a|b if there is a Gaussian

integer c such that b = a · c.
We immediately get
a|b =⇒ b = a · c =⇒ N (b) = N (a)N (c) =⇒ N (a)|N (b).

31. Divisibility in Z[i] 129
You should think about whether the converse is true: does N (a)|N (b) =⇒ a|b?
All the properties of divisibility still hold (compare Proposition 23 to Proposition 3

in Section 7), sometimes modified as follows:
Proposition 23 For a, b, c, and d in Z[i],
1. a|0, 1|a, and a|a for all a ∈ Z[i]
2. a|1 ⇐⇒ a is a unit ⇐⇒ N (a) = 1 ⇐⇒ a = ±1 or ±i
3. a|b and b|c =⇒ a|c
4. a|b and b|a ⇐⇒ a = (unit)b ⇐⇒ a = ±b or a = ±ib
5. a|b and c|d =⇒ ac|bd
6. a|b and b = 0 =⇒ N (a) ≤ N (b)
7. a|b and a|c =⇒ a|(bx + cy) for any Gaussian integers x and y.
Proof . The proofs of 1, 3, 5, and 7 are exactly like their analogs in Z, since all that
was used there were closure, the distributive property, the definition of divisibility,
etc.; facts that are true in any ring. The proofs of 2, 4, and 6 are left to the reader.
Exercises
1. (a) Show that 3, 7, and 107 are primes in Z[i].

(b) Conjecture a rule for which prime integers are prime in Z[i].
2. Is 6 + 7i a prime in Z[i]? You will need to either factor this Gaussian integer
(to show the answer is no) or give an argument as to why it cannot be factored
(to show the answer is yes).
6. Prove that, just like Z, Z[i] has no zero divisors.
7. Show that if (N (z), N (w)) = 1, then z and w ∈ Z[i] are relatively prime.
8. Calculate (2 − i)(3 − 3i) + (9 + 2i)(i). Use this to show that 2 − i and 9 + 2i

are relatively prime. Note that this shows the converse of Exercise 7 is false.
√
32 The Euclidean algorithm in Z[i]
What is (60, 34)? It’s 2, remember. Why? Because 2|60 and 2|34, so 2 is a
common divisor; and if c|60 and c|34 so that c is also a common divisor, we must
also have c|2. But the above also holds for −2; we write (60, 34) = 2 only because
we always want our GCDs to be positive. Without that condition, we could write,
say, (60, 34) = ±2 = (unit)2. Earlier, we had
−23 − i = (2 + 5i)(−2 + 4i) + (1 + i)

2 + 5i = (1 + i)(3 + 2i) + 1
1 + i = 1(1 + i) + 0
but the last two steps could have easily been
2 + 5i = (1 + i)(4 + i) + (−1)
or
1 + i = −1(−1 − i) + 0
2 + 5i = (1 + i)(3 + i) + i
or
1 + i = i(1 − i) + 0
2 + 5i = (1 + i)(4 + 2i) + (−i)

1 + i = −i(−1 + i) + 0
So we could have ended with a GCD of any unit. How did I find the correct
quotients, especially in the step
−23 − i = (2 + 5i)(−2 + 4i) + (1 + i)?
Think about the modified division algorithm in Section 13, where we divide and
choose the nearest integer as the quotient, rather than always rounding down as we
did originally. We can do the same here: we divide and choose the nearest Gaussian
integer! Let’s see:
−23 − i −23 − i 2 − 5i −51 + 113i −51 113
= · = = + i ≈ −1.76 + 3.89i.
2 + 5i 2 + 5i 2 − 5i 2
2 +5 2 29 29
Now you can see why I chose −2 + 4i as the correct multiplier to use: it was the
nearest Gaussian integer to the fraction above (which is in the field Q[i]).
When we try this for the next step we get

2 + 5i 2 + 5i 1 − i 7 + 3i 7 3
= · = 2 = + i = 3.5 + 1.5i,
1+i 1+i 1−i 1 + 12 2 2
and it isn’t clear what to choose, since the Gaussian integers 4 + 2i, 4 + i, 3 + 2i,
and 3 + i are all the same distance away. That’s why we have a choice as to what
the GCD is. What we get, in general, is
a + bi a + bi c − di (ac + bd) + (bc − ad)i ac + bd bc − ad

= · = = 2 + 2 i
c + di c + di c − di c2 + d2 c + d2 c + d2
= (q1 + q2 i) + (
1 +
2 i)
32. The Euclidean algorithm in Z[i] 131
where q1 + q2 i is a Gaussian integer and

1 +
2 i isn’t, but we have that
1 and
2
are fractions with |
1 | ≤ 12 and |
2 | ≤ 12 . Then
a + bi = (c + di)(q1 + q2 i) + (c + di)(
1 +
2 i)
and the remainder, (c + di)(

1 +
2 i), must be a Gaussian integer since it is also
a + bi − (c + di)(q1 + q2 i). We also have
N (remainder) = N ((c + di)(

1 +
2 i))
= N (c + di)N (
1 +
2 i)
= (c2 + d2 )((
1 )2 + (
2 )2 )

1 1
≤ (c + d )
2 2
+
4 4
1
= N (c + di).
2
We have just proved that we have a division algorithm, and hence a Euclidean
algorithm, for Z[i]—therefore, we should be able to prove that Z[i] has unique
factorization also!
Proposition 24 If z and w = 0 are in Z[i], then there are Gaussian integers

q = q1 + q2 i and r = r1 + r2 i (not necessarily unique), with
z =w·q+r
and 0 ≤ N (r) ≤ 12 N (w).
Let’s look at the situation geometrically, which will provide a different proof of this
very important proposition. We will draw Z[i] as a lattice in two dimensions, where
the Gaussian integer a+bi is graphed as the point (a, b); thus we have identified the
usual plane R2 as the complex plane C, and then we see that Z[i] is a discrete subset
of that plane. The word “discrete” is often contrasted with the word “continuous”
in mathematics, but I would like instead to contrast discrete with dense. The
rational numbers, Q, are said to be dense in R, by which we mean that in any small
neighborhood (or open interval (c, d) ⊆ R), there exists at least one element of Q
(and thus an infinite number of them). You may or may not have seen that idea
in another class. Thus Q may be thought of as appearing almost everywhere in R
(though if you know the difference between countable and uncountable you know
that there is still a wide gap between Q and R). By contrast, when we think of Z as
a subset of the real line R, we see that for each z ∈ Z, there exists a neighborhood
(z − h, z + h) such that no other element of Z (besides z itself) lies within this
interval. So in some sense Z appears hardly anywhere in R. That is the intuitive
sense of discrete.
Now when we thought about the usual (or the modified) division algorithm geo-
metrically, we first thought about all the integer multiples of the integer b. The
integer we were trying to divide, a, could be found between two of them, etc. So
our first step now is to think about all the multiples of w by all other Gaussian
integers. As before, multiplication by an integer simply increases the distance from
the origin, perhaps with a flip if the integer multiplier is negative. But what does
√
multiplication by i, or by −4i, or by 3 − 6i, do? Well, multiplying a + bi by i gives

−b + ai, and a little experimentation should convince you that what happens is
that
multiplication by i corresponds to rotation by 90◦ counterclockwise.
Some more experimentation with multiplication will show that all the multiples of
w form a square sublattice of Z[i]; see Figure 7.
Figure 7: Multiples of 3 − 5i in Z[i]
All multiples of w = c + di form a lattice, so in general z = a + bi will fall inside one

of the squares making up this sublattice, and thus z will be between four multiples
of w, namely the four corners of the square in which z resides. Hence we can write
z = a + bi as a multiple of c + di plus a remainder that will make up the difference
between z and the closest (or most convenient) corner of this square. Hence we get
N (remainder) = (length of remainder)2

√ 2
2
≤ length of side
2
1 2
= (length of side)
2
1
= N (w).
2
The picture for the division we did on page 130 looks like Figure 8.
This completes a second proof that the ring Z[i] has a division algorithm. The
fact that the norm decreases at each step (and is a positive integer) immediately
implies that Z[i] has a Euclidean algorithm, which will end in a finite number of
steps, and thus the final non-zero remainder will be a common divisor, d, of z and
w, and by reversing the algebra of the Euclidean algorithm (perhaps by using the
32. The Euclidean algorithm in Z[i] 133
Figure 8: Dividing −23 − i by 2 + 5i in Z[i] (see page 130)
amazing array?), we know that we can write d as a linear combination of z and

w: d = rz + sw for some Gaussian integers r and s. Does that imply that d is a
GCD? In fact, how do we make sense of or define the GCD in Z[i]? Recall our old
definition of the GCD in Z: d = (a, b) means
• d ≥ 0, and d = 0 ⇐⇒ a = b = 0
• d|a and d|b
• if c|a and c|b, then c|d.
We can’t use the first condition since there is no easy way to order the Gaussian
integers. What we will do is just to give up the idea of having a unique GCD. We
need the following definition, which deals with the slipperiness of Gaussian integers.
Definition 24 In a ring R, a and b are said to be associates if a = bu where u is

a unit in R. We write a ∼ b.
Thus, in Z, a ∼ b ⇐⇒ a = ±b. In Z[i], a ∼ b ⇐⇒ a = ±b or a = ±ib. We also

have
Proposition 25 In any ring R,
1. a ∼ a for all a ∈ R
2. a ∼ b ⇐⇒ b ∼ a
3. a ∼ b and b ∼ c =⇒ a ∼ c.
√
Thus being associates is an example of an equivalence relation.
Notice that a ∼ 1 ⇐⇒ a = 1 · (unit) ⇐⇒ a is a unit. We will often write “a ∼ 1”

instead of “a is a unit” from now on.
Another way to characterize this equivalence relation is
Proposition 26 In a ring with no zero-divisors, R, a ∼ b ⇐⇒ (a|b and b|a).
Definition 25 In Z[i], the GCD of two numbers is defined (by the Euclidean algo-
rithm as modified for Z[i] above) only up to associates. For z, w ∈ Z[i], we write
(z, w) ∼ d if d is a Gaussian integer such that
• d|z and d|w
• if c|z and c|w, then c|d.
Thus we proved earlier that (−23 − i, 2 + 5i) ∼ 1. As in Z, having only trivial

common divisors means that two Gaussian integers will be called relatively prime.
Definition 26 Elements z and w are relatively prime in Z[i] if (z, w) ∼ 1 (i.e.,

the only common divisors of z and w are the units).
Exercises
5. Note that 4 + 3i ∼ 3 + 4i, but 4 + 3i ∼ 3 − 4i. Is it always true that
N (z) = N (w) =⇒ (z ∼ w) or (z ∼ w)?
6. Use the Euclidean algorithm in Z[i] to find d ∼ (1 + 2i, 9 − 12i). Use the
amazing array to solve (1 + 2i)u + (9 − 12i)v = d for u and v ∈ Z[i].
7. Use the Euclidean algorithm in Z[i] to find d ∼ (3 − 4i, 15 + 5i). Use the
amazing array to solve (3 − 4i)u + (15 + 5i)v = d for u and v ∈ Z[i].
8. Let z, w, and d be Gaussian integers, with (z, w) ∼ d. Mimic the proof of

Proposition 4 on page 34 and prove that there exist Gaussian integers u and
v such that zu + wv = d.
33. Unique factorization in Z[i] 135
33 Unique factorization in Z[i]
Theorem 17 (Unique Factorization in Z[i]) Any Gaussian integer z that is

not zero and not a unit can be written as
z = upe11 pe22 pe33 . . . perr
or r
e
z ∼ pe11 pe22 pe33 . . . perr = pj j
j=1
where u is a unit and the pj are distinct primes in Z[i]. This representation is
unique in the sense that if
s
z = vq1f1 q2f2 q3f3 . . . qsfs ∼ qkfk
k=1
with v a unit and the qj primes in Z[i], then we have
• r=s
• For each j, there is a k for which pj ∼ qk and ej = fk .
In fact we could reword the fundamental theorem of arithmetic exactly this way:
any integer n ∈ Z can be written as
n ∼ pe11 pe22 pe33 . . . perr
where the pj are distinct integer primes (not necessarily positive), and this repre-
sentation is unique in the sense that if
s
n = vq1f1 q2f2 q3f3 . . . qsfs ∼ qkfk
j=1
with v a unit in Z and the qj ’s primes in Z, then we have
• r=s
• For each j, there is a k such that pj ∼ qk and ej = fk .
We prove the theorem exactly the same way we proved the theorem in Z: First we
see that if (a, b) ∼ d then
d = ax + by for some x, y in Z[i].
This comes from the Euclidean algorithm, exactly as before (recall that you can use
the amazing array to find x and y). Next we prove the (reworded) prime theorem
and Euclid’s lemma:
Theorem 18 (Prime Theorem in Z[i]) For p a prime in Z[i] and Gaussian

integers a and b, p|ab =⇒ p|a or p|b.
√
Theorem 19 (Euclid’s Lemma) For Gaussian integers a, b, and c,
c|ab and (a, c) ∼ 1 =⇒ c|b.
Then we write down the same lemmas as before:
Lemma 8 For p a prime in Z[i] and Gaussian integers ai , we have
p|a1 a2 a3 · · · an =⇒ p|aj for some j, 1 ≤ j ≤ n.
Lemma 9 If p and all qi are prime in Z[i], then we have
p|q1 q2 q3 · · · qn =⇒ p ∼ qj for some j, 1 ≤ j ≤ n.
The proofs of Lemmas 8 and 9 are left to the reader.
Lemma 10 Any z in Z[i] that is not zero and not a unit has a factorization into
primes: we can write
z ∼ p1 p2 p3 · · · pr
where the pi are primes in Z[i].
Proof . Let
S = {z ∈ Z[i] : z = 0, z is not a unit, and z has no such factorization}
and assume S is non-empty. Then choose an element of smallest norm (the well-
ordering principle insures there is such an element, but it may not be unique).
Call this smallest element s. We know s is not prime, so we must have s = z · w,
where neither z nor w is a unit. Thus N (z) > 1 and N (w) > 1, so we have
1 < N (z), N (w) < N (s). Thus z and w have factorizations into primes, say z ∼
p1 p2 p3 · · · ps and w ∼ q1 q2 q3 · · · qt , so s = z · w ∼ p1 p2 p3 · · · ps q1 q2 q3 · · · qt does also.
This contradiction shows us that S is indeed empty.
We thus have only to prove the uniqueness of the factorization. Let
S = {z ∈ Z[i] : z = 0, z is not a unit, and z has more than one such factorization}
and assume S is non-empty. Then we may choose an element of S with the smallest
norm (there may be choice involved in choosing it, but the smallest norm repre-
sented by elements of S exists, by the well-ordering principle), call it s, so we have
at least two factorizations of s:
s ∼ pe11 pe22 pe33 . . . perr ∼ q1f1 q2f2 q3f3 . . . qsfs
and we have p1 |q1f1 q2f2 q3f3 . . . qsfs =⇒ p1 ∼ qk for some k, by Lemma 9. If ps1 ∼ 1,
we have s ∼ p1 ∼ qk and the factorization must be unique. Otherwise, we have
33. Unique factorization in Z[i] 137

that ps1 is a Gaussian integer that is not a unit, and 1 < N ps1 < N (s), so s
p1 has
the unique factorization
s
∼ p1e1 −1 pe22 pe33 . . . perr ∼ q1f1 q2f2 q3f3 . . . qkfk −1 · · · qsfs
p1
so we must have e1 = fk , r = s, and for each j, there is a k with pj ∼ qk and
ej = fk . But then the two factorizations of s are not different. This contradiction
shows that S is empty, and the theorem is proved.
Exercises
1. Let d ∼ (3 + 5i, 7 − 6i).
(a) Find d.
(b) Solve (3 + 5i)(z + wi) + (7 − 6i)(x + yi) = d.
2. Let d ∼ (3 + 4i, 4 + 3i).
(a) Find d.
(b) Solve (3 + 4i)(z + wi) + (4 + 3i)(x + yi) = d.
3. Let d ∼ (6 − 57i, 14 + 29i).
(a) Find d.
(b) Solve (6 − 57i)(z + wi) + (14 + 29i)(x + yi) = d.
4. Prove Lemma 8 on page 136.
5. Prove Lemma 9 on page 136.
6. (Compare this to Exercise 7 on page 67.) Given Gaussian integers z, w, and
v, which have factorizations
f
z ∼ pe11 pe22 pe33 · · · pekk w ∼ q1f1 q2f2 q3f3 · · · qj j v ∼ r1g1 r2g2 r3g3 · · · rtgt ,
where all the ps qs, and rs are prime Gaussian integers, how do you determine
(using the factorizations above) if
(a) z|w?
(b) (z, w) ∼ 1?
(c) (z, w) ∼ v?
(d) [z, w] ∼ v (where [a, b] is a least common multiple of a and b, as defined
by you in analogy with Exercise 6 in Section 8)?
(e) z is a perfect square? (That is, z = u2 for some Gaussian integer u.)
(f) z is a perfect cube?
(g) z is a perfect mth power? (That is, z = um for some Gaussian integer u
and some positive integer m.)
(h) z · w = v?
7. Prove Theorem 18 on page 135.
8. Prove Theorem 19 on page 136.
√
√
34 The structure of Z[ 2]
Recall that
√ √
Z[ 2] = {a + b 2 ∈ R : a, b ∈ Z}
√ √ √
√ function N (a + b 2) = (a + b 2)(a − b 2) = a − 2b .
2 2
and we have the norm
Unlike in Z[i], in Z[ 2] the norm may be negative.
√ √
Proposition 27 u = a + b 2 is a unit in Z[ 2] ⇐⇒ N (u) = a2 − 2b2 = ±1.
√
Proof . If u is a unit, then there is a u−1 in Z[ 2] such that u · u−1 = 1. Then we
get
√
N (u)N (u−1 ) = N (u · u−1 ) = N (1) = N (1 + 0 2) = 12 − 2 · 02 = 1
so N (u) is a unit in Z, hence N (u) = ±1.

√ √ √ √
If N (a + b √2) = 1, then (a√ + b 2)(a − b 2) =√1 so u =√a + b 2 is a unit, with
√
inverse a − b 2. If N (a + b 2)√= −1, then (a√+ b 2)(a − b 2) = −1 so u = a + b 2
is a unit, with inverse −(a − b 2) = −a + b 2.
√
It is straightforward to show that 2 = [1, 2]. This gives the following amazing
array, with an added row for the values of Pn2 − 2Q2n :
1 2 2 2 2 2 2 2 2 ···
0 1 1 3 7 17 41 99 239 577 1393 ···
1 0 1 2 5 12 29 70 169 408 985 ···
Pn2 − 2Q2n −1 1 −1 1 −1 1 −1 1 −1 ···
There seems to be a pattern to the Qn ; can you see it? The sum of the nth column
is always Qn+1 : for n ≥ 1, we have Pn + Qn = Qn+1 . Also, with a little more effort
we can find a pattern for the Pn : Pn = Qn + Qn−1 for n ≥ 1. Can we prove these
assertions? What are the rules for constructing the Pn and Qn ? They are
n ≥ 2 =⇒ Pn = 2Pn−1 + Pn−2 and Qn = 2Qn−1 + Qn−2
and we have verified (by eye) that these formulas hold for 1 ≤ n ≤ 8. That is more
than adequate for a base case to do induction: let’s assume the formulas are true
for n = 1, 2, 3, . . . , k and let’s try to prove them for n = k + 1: we have
Qk+1 = 2Qk + Qk−1

= 2(Pk−1 + Qk−1 ) + (Pk−2 + Qk−2 )
= 2Pk−1 + Pk−2 + 2Qk−1 + Qk−2
= Pk + Qk
√
34. The structure of Z[ 2] 139
and the first formula is proved for all n ≥ 1. As for the second formula, we assume
Pn = Qn + Qn−1 for all n = 1, 2, 3, . . . , k, and try to prove it for n = k + 1:
Pk+1 = 2Pk + Pk−1
= 2(Qk + Qk−1 ) + (Qk−1 + Qk−2 )
= (2Qk + Qk−1 ) + (2Qk−1 + Qk−2 )
= Qk+1 + Qk
and the formula is proved for all n ≥ 1.
Also,
√ 2 √
(1 + 2) = 3 + 2 2
√ √ √ √
(1 + 2)3 = 3 + 2 2 + 3 2 + 4 = 7 + 5 2
√ √ √
(1 + 2)4 = 9 + 8 + 12 2 = 17 + 12 2.
√ √
We conjecture that (1 + 2)n+1 = Pn + Qn 2. We have just checked that the
equation is true for n = 0, 1, 2, and 3, so we may assume it is true for 0 ≤ n ≤ k
and try to prove it for n = k + 1:
√ √ √
(1 + 2)k+2 = (1 + 2)k+1 (1 + 2)
√ √
= (Pk + Qk 2)(1 + 2)
√
= (Pk + 2Qk ) + (Pk + Qk ) 2
√
= (Pk + Qk + Qk ) + Qk+1 2
√
= (Qk+1 + Qk ) + Qk+1 2
√
= Pk+1 + Qk+1 2
√
and the formula is proved for all√n ≥ 0. So these units are all powers of 1 + 2, the
fundamental
√ unit of the ring Z[ 2]! Also,
√ their inverses must
√ be negative powers
of 1 + 2, and so are all the units −(1 + 2)n = −Pn − Qn 2. We hope that these
are all the units. Can we prove this? See Exercise 5.
√ √
Proposition 28 For u = a + b 2 in Z[ 2], we have
√
N (u) = ±1 ⇐⇒ u is a unit ⇐⇒ u = ±(1 + 2)n for some integer n.
√
In other words, the group of units in Z[ 2] is
√ √
(Z[ 2])× = {±(1 + 2)n , n ∈ Z}.
This proposition generalizes as follows.
Theorem 20 Let d be a positive, square-free integer. Form the amazing array for
√ Ps
d, and let be the first convergent for which Pk2 − dQ2k = ±1. Then the group
Q√s
of units in Z[ d] is
√ √
(Z[ d])× = {±(Ps + Qs d)n , n ∈ Z}.
√
Furthermore, if the √continued fraction for√ d has period t, then√the fundamental
unit is Pt−1 + Qt−1 d, and (Pt−1 + Qt−1 d)n = Ptn−1 + Qtn−1 d for all n ∈ N.
√
For a proof of almost all of this, see Project J. The proof of the rest is beyond the
scope of this book.
Exercises
1. Show that every
√ column of the amazing √ array for the continued fraction ex-
pansion√of 5 represents a unit in Z[ 5]. Are these√ units all of the form
±(a + b 5)n , n ∈ Z, for some fundamental unit a + b 5?
√ √
2. Find units in Z[ 3], recalling how we found √ them in Z[ 2], and noticing the
√ Are they all of the form ±(a+b 3) , n ∈ Z, for some fundamental
n
differences.
unit a + b 3?
√ √
3. Find units in Z[ 7], recalling how we found √ them in Z[ 2], and noticing the
√ Are they all of the form ±(a+b 7) , n ∈ Z, for some fundamental
n
differences.
unit a + b 7?
√ √
4. Find units in Z[ 13], recalling how we found them √ in Z[ 2], and noticing
the differences. Are they
√ all of the form ±(a + b 13) n
, n ∈ Z, for some
fundamental unit a + b 13?
√ √
5. Prove that every unit in Z[ 2] is of the form ±(1 + 2)n for some integer n.
(This completes the proof of Proposition 28.)
√
35 The Euclidean algorithm in Z[ d]
√
Let’s try the Euclidean algorithm in Z[ d]:
√ √ √
a+b d a+b d c−e d
√ = √ · √
c+e d c+e d c−e d
√
(ac − bde) + (bc − ae) d
=
c2 − de2
ac − bde bc − ae √
= + d
c2 − de2 c2 − de2
√ √
= (q1 + q2 d) + (
1 +
2 d),
√ √ √ √
where q1 + q2 d is in Z[ d] and
1 +
2 d ∈ Q[ d], and
1 and
2 are fractions
with |
1 | ≤ 12 and |
2 | ≤ 12 . Then
√ √ √ √ √
a + b d = (c + e d)(q1 + q2 d) + (c + e d)(
1 +
2 d)
√ √
and
√ despite appearances the √ remainder,
√ (c + e d)(
√ 1 +
2 d), must be in the ring
Z[ d] since it is also a + b d − (c + e d)(q1 + q2 d). We also have
√ √

|N (remainder)| = N (c + e d)(
1 +
2 d)
√ √

= N (c + e d)N (
1 +
2 d)

= c2 − de2 (
1 )2 − d(
2 )2 .
√
35. The Euclidean algorithm in Z[ d] 141
Now we have 0 ≤
1 ≤ 1
2 and 0 ≤
2 ≤ 12 . If d < 0, we have (
1 )2 − d(
2 )2 ≥ 0 and
also
1
(1 − d)
(
1 )2 − d(
2 )2 ≤
4
so we can get a Euclidean algorithm as long as
1
(1 − d) < 1 ⇐⇒ 1 − d < 4 ⇐⇒ −3 < d
4
√
√ there is a Euclidean algorithm for the ring Z[2 −2], as
so we have proved well as
for the ring Z[ −1] = Z[i]. On the other hand, if d > 0 then (
1 ) − d(
2 )2 may be
negative as well as positive, depending on
1 and
2 . But we certainly have
1 1 1
− d ≤ −d(
2 )2 ≤ (
1 )2 − d(
2 )2 ≤ ≤ d
4 4 4
and thus
1
0 ≤ (
1 )2 − d(
2 )2 ≤ d.
4
Since we want this to be less
√ than 1, we
√ must have d < 4; thus there is a Euclidean
algorithm for the rings Z[ 2] and Z[ 3] also. The norm function, or rather its
absolute value, will provide us a way of using the well-ordering principle to find
smallest elements, and so you should be able to√see that we have (the beginnings
of) a proof of unique factorization in the ring Z[ d] for d = −2, −1, 2, and 3.
On the other hand, just because we can’t prove it doesn’t mean that we don’t have
unique
√ factorization in other rings as well. We need some counterexamples: in
Z[ −3] we have √ √
4 = 2 · 2 = (1 + −3)(1 − −3)
√
and in √this ring N (a + b −3) = a2 + 3b2 . Thus N (2) = 4, N (4) = 16, and
N (1 ± −3) = 4. But it is clear that 2 2
√ a + 3b can never equal √ 2, so there are no
elements with norm 2. If 2 or 1 ± −3 were to factor in Z[ −3], it would have to
be into two elements of norm 2; since there are no such elements, these numbers
must be primes! We have thus used the√norm function to prove √ that 4 has two
different factorizations into primes in√ Z[ −3], so the ring Z[ −3] does not have
unique factorization. Similarly, in Z[ −5] we have
√ √
6 = 2 · 3 = (1 + −5)(1 − −5)
√
and in √this ring N (a + b −5) = a2 + 5b2 . Thus N (2) = 4, N (3) = 9, and
N (1 ± −5) = 6. But it is clear that a2 + 5b2 can never equal 2 or 3, so there are
no elements of norm 2 or 3. Just as above, we conclude that the elements √ above
must be primes.
√ Thus 6 has two different factorizations into primes in
√ Z[ −5], so
the ring Z[ −5] does not have unique factorization. Similarly, in Z[ 10] we have
√ √
6 = 2 · 3 = (−2 + 10)(2 + 10)
√
√= a − 10b . Thus N (2) = 4 and N (3) = 9
2 2
and the norm function is N (a + b 10)
as before, but now we have N (±2 + 10) = −6. Suppose we could find integers
such that a2 − 10b2 = ±2. Then in Z/5Z this equation would be a2 ≡ ±2 (mod 5),
which has no solutions since the only squares in Z/5Z are 0 and ±1. Thus there are
no integers a and b that solve a2 − 10b2 = ±2. Similarly, there√are no integers a and
b that solve a2 − 10b2 = ±3. Thus there are no elements of Z[ 10] with norm ±2 or
√
√
±3, so the elements above, with norms 4, 9, and −6, must be primes√ in Z[ 10], so
Z[ 10]. Thus once
again 6 has two different factorizations into primes in the ring √
again we have given a counterexample to show that the ring Z[ 10] does not have
unique factorization.
We√ have not given here a complete characterization of which rings of the form
Z[ d] have unique factorization and which do not; it is beyond the scope of this
book, and such questions are the subject of ongoing research. These questions have
been the subject of some controversy in the past; most of the controversy has to
do with which rings are eligible (Z[ρ]? Z[φ]?) and what exactly is meant by unique
factorization vs. whether a Euclidean algorithm exists, etc. Feel free to research
this topic further on your own (see [Marcus]).
To return to the case where √ d < 0, we have shown that there exists a Euclidean
algorithm in Z[i] and Z[ −2]. √ The geometric picture in Z[i] was based√on the
square lattice Z[i]; the ring Z[ −2] has a different geometry.
√ draw Z[ −2] as
If we √
a subset of C, we √will need to have the number a + b −2 = a + (b 2)i correspond
to the point (a, b 2), and thus we will get a rectangular lattice, stretched in the
vertical direction, as shown in Figure 9.
√
Figure 9: The geometry of Z[ −2]
√ √
Now if we √ multiply all the elements of Z[ −2] by some non-zero w ∈ Z[ −2], say
w = 5 + 3 −2, we will get a rectangular sublattice, as in Figure 10. And if we
want to divide w into some z, we can see that z lies inside one rectangle, and so we
should once again choose the nearest corner, and that will give the correct q and
r to use for the division algorithm. The largest possible remainder will occur if z
happens to be in the very center on the rectangle, but a√simple calculation shows
that in that case the length of the remainder, q, will be 23 the length of the short
side of the rectangle, which means that N (r) ≤ 34 N (w); thus the geometry exactly
confirms the algebra done earlier.
√
What happens in Z[ −3]? Well, the rectangular lattice is now stretched a√little
more in the vertical direction, but essentially we have the same picture as in Z[ −2].
However, once we form the rectangular sublattice of multiples of w, an interesting
change occurs: the worst possible case, when z is in the center of a rectangle, makes
the length of the remainder equal to the length of the shortest side of the rectangle,
and so we have N (r) ≤ N(w), which is not enough to ensure that the norm shrinks
(in fact, it is possible to do a division algorithm calculation over and over and never
√
35. The Euclidean algorithm in Z[ d] 143
√ √
Figure 10: Multiples of 5 + 3 −2 in Z[ −2]
get anywhere, since the norms don’t shrink). Again,

√ this agrees with the algebra
we saw earlier, and so we are in difficulty with Z[ −3]. This difficulty will √ be dealt
with
√ in subsequent sections. None of this geometry applies to the cases Z[ 2] and
Z[ 3], where a Euclidean algorithm also exists; we will see if we can look at these
rings from another perspective.
Exercises
√ √ √
1. Find a GCD d for a = 104 √ − 79 2 and b = 18 + 22 2 in Z[ 2], and solve
ax + by = d for x, y ∈ Z[ 2].
√ √ √
2. Find a GCD d for a = 104 √ − 79 3 and b = 18 + 22 3 in Z[ 3], and solve
ax + by = d for x, y ∈ Z[ 3].
√ √ √
3. Find the GCD d for a = 16 +√25 −3 and b = 25 − 3 −3 in Z[ −3], and
solve ax + by = d for x, y ∈ Z[ −3].
4. Is the following statement true or false?
√ √ √ √ √
(26+15 3)(10−3 3) = 125+72 3 =⇒ 125 + 72 3 is not a prime in Z[ 3].
Explain your reasoning why or why not.
5. Prove that for p a positive prime in Z, and d an integer,
√
can write ±p = a2 − db2 ⇐⇒ p is not prime in Z[ d].
6. Show directly that for p a prime integer,

p can be written as p = a2 − db2 =⇒ d is a perfect square in Z/pZ.
Hint: Are a and b ∈ Z/pZ? Are a and b ∈ (Z/pZ)× ?
√
7. Can you draw Z[ 2]? What are the difficulties? If you succeed in drawing a
picture, what is the significance of the norm in your picture? Does√it measure
distance from zero? Also, what is the effect of multiplying by 2 in your
picture?
√
√
8. Calculate the continued fraction for 7 and set
√ up the amazing2 array, adding
a final row where you calculate N (Pn + Qn 7) = Pn2 − 7Q √ n . Are all the
columns units, as proved in Exercise 1 on page 140 for Z[ 2]? Are all the
units powers of some fundamental unit? For √ extra credit, you may try to
prove that you have found all the units in Z[ 7].
9. Every element of Q is a root of a polynomial in Z[x]; namely, ab is a root of the
polynomial bx − a. The integers are special in that they are the only elements
of Q that are roots of monic polynomials, those whose leading coefficient is
one. This is one way number theorists have used to distinguish the equivalent
of the integers within certain fields (namely, finitely generated subfields of A,
or (what is the same thing) finite field extensions of Q). If K is the field in
question, then OK is the ring of integers in that field. Thus OQ = Z itself. As
another example, if we start with the field Q[i] = {a + bi ∈ C : a and b ∈ Q},
each element of which is a root of a polynomial in Z[x], then we could ask
which elements of Q[i] satisfy monic polynomials in Z[x]. That subset of Q[i]
(which is actually a subring of Q[i]) is the ring of integers in Q[i], designated
OQ[i] .
(a) Show that every element of Q[i] is a root of a quadratic polynomial in
Z[x].
(b) Determine OQ[i] , the ring of integers in Q[i].
√
(c) Now let√ d be a fixed, square-free integer. Consider the field Q[ d]√=
{a + b d ∈ C : a and b ∈ Q}. Show that every element of Q[ d]
satisfies a quadratic polynomial in Z[x].
√ ! √ "
(d) Show that the sets Z 1+2 d := a + b 1+2 d : a and b ∈ Z and
!r s√ "
+ d : r≡s (mod 2)
2 2
are the same.
√
(e) Show that OQ[√d] , the ring of integers in Q[ d], is
√
Z 1+2 d if d ≡ 1 (mod 4)
√
Z[ d] else.
!r s√ "
(f) Show that if d ≡ 1 (mod 4), then the set + d : r ≡ s (mod 2)
2 2
is not a ring: in particular, show that it is not closed under multiplica-
√ 2
tion, by considering 1+2 d .
36 Factoring in Z[i]
We want to figure out how to factor Gaussian integers. We will get a partial converse
to the earlier statement that for Gaussian integers z and w,
z|w =⇒ N (z)|N (w).
First, we need the
36. Factoring in Z[i] 145
Definition 27 In Z[i], the conjugate of z = a + bi is z = a − bi.
Proposition 29 For any z and w in Z[i], we have
z+w =z+w and z · w = z · w.
Proof . Let z = a + bi and w = c + di. Then
z + w = (a + c) + (b + d)i
and
z + w = (a − bi) + (c − di) = (a + c) − (b + d)i;
these Gaussian integers are clearly conjugates of each other. Similarly,
z · w = (a + bi)(c + di) = (ac − bd) + (bc + ad)i
and
z · w = (a − bi) · (c − di) = (ac − bd) − (bc + ad)i;
again, these Gaussian integers are clearly conjugates of each other.
Proposition 30 For z and w in Z[i], we have
z|w ⇐⇒ z|w.
Proof . z|w =⇒ w = z · v for some Gaussian integer v. But then w = z · v = z · v

so z|w. On the other hand, we have just proved that
z|w =⇒ z|w
and it is clear that z = z and w = w.
Proposition 31 If a + bi ∈ Z[i] and 2|N (a + bi) = a2 + b2 , then
• a2 + b2 = 2 ⇐⇒ a + bi ∼ 1 + i
• a2 + b2 > 2 =⇒ (1 + i)|(a + bi).
Proof . Clearly, a2 + b2 = 2 ⇐⇒ a = ±1 and b = ±1. But ±1 ± i ∼ 1 + i, so we

are done.
We have (1 + i)(1 − i) = 2 so (1 + i)|2. Then 2|(a2 + b2 ) =⇒ (1 + i)|(a2 + b2 ) =

(a + bi)(a − bi) so we conclude that
(1 + i)|(a + bi) or (1 + i)|(a − bi).

√
This is because N (1 + i) = 2, which is a prime in Z, so we know that 1 + i is a

prime in Z[i], and we may apply the prime theorem in Z[i]. If 1 + i|a − bi, then since
1 + i|2, we know that 1 + i divides the linear combination (a − bi) + 2(bi) = a + bi.
Thus we are done.
We might also notice that 2|a2 + b2 ⇐⇒ a and b are both even or they are both
odd. Thus we have a very simple criterion for whether 1 + i is a factor of a + bi:
we know that
(1 + i)|9817461027 + 31606813423i
but
(1 + i)/|14329485671497 − 109834172632i.
This actually leads to a different proof: if 2|(a2 + b2 ), then it is clear that a and b
are both even or they are both odd. Now
a + bi a + bi 1 − i (a + b) + (b − a)i a+b b−a
= · = = + i
1+i 1+i 1−i 2 2 2
and this is a Gaussian integer since a + b and b − a are each even. Thus (1 + i)|(a +
bi).
What about other Gaussian integers? What we used in this proof was the fact that
N (1 + i) = 2 is a prime in Z, so 1 + i was a prime in Z[i]. Thus we could use the
prime theorem in Z[i]. Can we imitate this proof to get something like
5|(a2 + b2 ) =⇒ (1 + 2i)|(a + bi)?
This seems promising, but an example may be instructive here: what about the
Gaussian integer 4 + 7i? It has norm 16 + 49 = 65, so we have that 5|(a2 + b2 ). But
4 + 7i 4 + 7i 1 − 2i 18 − i
= · =
1 + 2i 1 + 2i 1 − 2i 5
and this is not a Gaussian integer, so 1 + 2i/|4 + 7i. What is happening here may
be clearer if we notice that 4 + 7i = (2 + i)(3 + 2i), so 1 + 2i/|4 + 7i, but 2 + i|4 + 7i.
Also, notice that the only Gaussian integers with norm 5 are ±2 ± i and ±1 ± 2i,
and we have that
2 + i ∼ −1 + 2i ∼ −2 − i ∼ 1 − 2i
while
1 + 2i ∼ −2 + i ∼ −1 − 2i ∼ 2 − i
so these eight Gaussian integers split into two sets of four associates. The correct
statement about this situation is
Proposition 32 For a Gaussian integer a + bi, we have

5|(a2 + b2 ) =⇒ (1 + 2i)|(a + bi) or (2 + i)|(a + bi).
Proof . Once again, we have two proofs: we have 5|(a + bi)(a − bi) and (2 + i)|5
since (2 + i)(1 + 2i) = 5. Thus (2 + i)|(a + bi)(a − bi) and, using the prime theorem
in Z[i], we get
(2 + i)|(a + bi) or (2 + i)|(a − bi).
36. Factoring in Z[i] 147
In the first case, we are done; in the second, we get (2 − i)|(a + bi) by taking
conjugates, and then we can multiply by the divisibility statement i|1 to get (1 +
2i)|(a + bi), and we are done.
Alternate proof: 5|(a2 + b2 ) =⇒ a2 + b2 ≡ 0 (mod 5). What are the perfect

squares in Z/5Z? They are 0 and ±1. Thus
⎧
⎪
⎪ a2 ≡ b2 ≡ 0 (mod 5)
⎪
⎪
⎪
⎪
⎨or
a + b ≡ 0 (mod 5) =⇒ a2 ≡ 1 (mod 5) and b2 ≡ −1 (mod 5)
2 2
⎪
⎪
⎪
⎪ or
⎪
⎪
⎩a2 ≡ −1 (mod 5) and b2 ≡ 1 (mod 5).
Now, if a2 ≡ b2 ≡ 0 (mod 5), then 5|a and 5|b, so 5|(a + bi) and then (2 + i)|(a + bi)
and (1 + 2i)|(a + bi). So in this case we are done. On the other hand, x2 ≡ 1
(mod 5) ⇐⇒ x ≡ ±1 (mod 5), and x2 ≡ −1 (mod 5) ⇐⇒ x ≡ ±2 (mod 5).
Also, we have
a + bi a + bi 2 − i (2a + b) + (2b − a)i
= · =
2+i 2+i 2−i 5
and
a + bi a + bi 1 − 2i (a + 2b) + (b − 2a)i
= · = .
1 + 2i 1 + 2i 1 − 2i 5
You may check for yourself that
⎧ ⎫
⎨ a ≡ 1 (mod 5) ⎬
and =⇒ (2 + i)|(a + bi)
⎩ ⎭
b ≡ −2 (mod 5)
⎧ ⎫
⎨ a ≡ 1 (mod 5) ⎬
and =⇒ (1 + 2i)|(a + bi)
⎩ ⎭
b ≡ 2 (mod 5)
⎧ ⎫
⎨ a ≡ −1 (mod 5) ⎬
and =⇒ (1 + 2i)|(a + bi)
⎩ ⎭
b ≡ −2 (mod 5)
⎧ ⎫
⎨ a ≡ −1 (mod 5) ⎬
and =⇒ (2 + i)|(a + bi).
⎩ ⎭
b ≡ 2 (mod 5)
The other four possibilities are checked similarly.
Can we generalize this to other Gaussian integers? We can try to prove the following
Proposition 33 If N (r + si) = p, a prime in Z, then r + si is a prime in Z[i],

and therefore
p|(a2 + b2 ) =⇒ (r + si)|(a + bi) or (s + ri)|(a + bi).

√
Before we prove this proposition, let’s see how it can be useful. Suppose we wish
to factor 18 + 25i. We have N (18 + 25i) = 182 + 252 = 324 + 625 = 949 = 13 · 73.
We have 13 = 22 + 32 and 73 = 82 + 32 . Thus if our proposition is true, we will
know that (2 + 3i)|(18 + 25i) or (3 + 2i)|(18 + 25i); and further we will know the
other factor also: it will be either 8 + 3i or 3 + 8i, right? Let’s just try:
18 + 25i 18 + 25i 2 − 3i 111 − 4i
= · = ,
2 + 3i 2 + 3i 2 − 3i 13
which is not a Gaussian integer. But, we also have
18 + 25i 18 + 25i 3 − 2i 104 + 39i
= · = = 8 + 3i
3 + 2i 3 + 2i 3 − 2i 13
so we see that 18+25i = (3+2i)(8+3i). Let’s try another example: how does 34+13i
factor? We have N (34 + 13i) = 342 + 132 = 1156 + 169 = 1325 = 5 · 265 = 52 · 53.
The 5 tells us that 2 + i or 1 + 2i is a factor; the 53 tells us that 7 + 2i or 2 + 7i is
a factor. Let’s try:
34 + 13i 34 + 13i 2 − i 81 − 8i
= · = ,
2+i 2+i 2−i 5
which doesn’t work, but
34 + 13i 34 + 13i 1 − 2i 60 − 55i
= · = = 12 − 11i.
1 + 2i 1 + 2i 1 − 2i 5
Now we must factor 12 − 11i, which has norm 122 + 112 = 144 + 121 = 265 = 5 · 53.
Once again we have two options, 2 + i or 1 + 2i:
12 − 11i 12 − 11i 2 − i 13 − 34i
= · = ,
2+i 2+i 2−i 5
which doesn’t work, but
12 − 11i 12 − 11i 1 − 2i −10 − 35i
= · = = −2 − 7i.
1 + 2i 1 + 2i 1 − 2i 5
So, we have
34 + 13i = (1 + 2i)(12 − 11i) = (1 + 2i)2 (−2 − 7i) = (−1)(1 + 2i)2 (2 + 7i).
Now we have the
Proof . We have p = r 2 + s2 = (r + si)(r − si), and p|(a2 + b2 ) = (a + bi)(a − bi);

thus (r + si)|p and (r + si)|(a + bi)(a − bi), so we have
(r + si)|(a + bi) or (r + si)|(a − bi)
since we can apply the prime theorem in Z[i]. Then if (r + si)|(a + bi) we are done,
and if (r + si)|(a − bi) then (r − si)|(a + bi) and we can multiply by i|1 to get
(s + ri)|(a + bi).
This will be a powerful weapon when we try to factor Gaussian integers.

37. The primes in Z[i] 149
Exercises
1. Factor 231 + 1792i into primes in Z[i].
2. Factor 4275 − 4121i into primes in Z[i].
5. How many Gaussian integers have norm 2 · 5 · 13? Try to count them without
doing a lot of calculations.
6. How many Gaussian integers have norm 2 · 32 · 5 · 13? Try to count them
without doing a lot of calculations.
7. How many Gaussian integers have norm 2 · 33 · 53 · 133 ? Try to count them
8. How many Gaussian integers have norm 32 · 52 · 72 · 294 ? Try to count them
37 The primes in Z[i]
Now, which sort of primes in Z can be written as p = r 2 + s2 ? We have gathered

some evidence in the exercises:
Can Can’t
5 3
13 7
17 11
29 19
37 23
41 31
43
47
51
Any guesses about the prime 101? 103? 107? 109?
We get a
Proposition 34 For p a prime in Z, we have
there are a, b ∈ Z with p = a2 + b2 ⇐⇒ p ≡ 1 (mod 4) or p = 2.
Proof . You will prove =⇒ in the exercises. We will prove ⇐= later.

√
We have seen that prime integers are the building blocks of Z, and prime Gaussian
integers are building blocks of Z[i]. How can we find them? One way is directly:
since a|b =⇒ |a| ≤ |b| in Z, we can just try all numbers less than some integer
n—if none is a proper factor, n must be a prime! An ancient Greek mathematician,
Eratosthenes, had a good method for doing this: list all the positive integers up to
some large number, say 1000. Then since 1 is the only integer less than 2, 2 must
be a prime. Now cross out all multiples of 2, since they aren’t prime. Now what
is the next integer not crossed out? 3, of course. So 3 must be prime, since it is
not a multiple of anything smaller than it. Cross out all the multiples of 3, since
they aren’t prime, and look for the next prime—5. Continue until you have finished
your list. (Which happens once you have crossed out all multiples of 31—why?)
This is called the Sieve of Eratosthenes: all the non-primes fall through the sieve,
leaving the primes behind. There are other methods for checking specific numbers,
but we will see them later. One way we’ve seen already (see Section 26, page 108):
for n = 4, we have

−1 (mod n) if n is a prime
(n − 1)! ≡
0 (mod n) otherwise.
However, this is not practical in the case of large numbers, since (n − 1)! gets very
large very quickly as n gets large.
We can use something similar to the Sieve of Eratosthenes to find the primes in Z[i],
but now the work we have done in Z helps. First you list all the Gaussian integers,
grouped by norm, up to some limit. Then you see that anything with prime norm
must be a prime. Then you look at the Gaussian integers that remain and try to
factor them, using the norm to eliminate all but a few candidates. Thus to factor
the Gaussian integers with norm 65, we need only see if they can be divided by
some Gaussian integer with norm 5. It turns out that this will always work, as
we proved in Proposition 33, but even before we knew that proposition, we could
see that we needed to perform at most two divisions to check all eight elements
with norm 5 (since they come in two sets, of four associates each). Thus we have a
(tedious) way of finding all the primes in Z[i].
In fact, we can do more. Though we have not yet proved Proposition 34, we can
use it to completely characterize all Gaussian integers and their factorizations into
Gaussian integer primes.
Theorem 21 Let z = a+bi be a Gaussian integer. Then N (z) has the factorization
(into prime integers)
N (z) = a2 + b2 = 2t pe11 pe22 pe33 . . . perr q12f1 q22f2 q32f3 . . . qs2fs
where t ∈ W, each pj ≡ 1 (mod 4) and each qj ≡ 3 (mod 4), r and s are in W, and
each power ej and fj is a positive integer. Furthermore, z itself factors (uniquely,
by Theorem 17) into Gaussian integers as follows
z ∼ (1 + i)t ℘g11 ℘ê11 −g1 ℘g22 ℘ê22 −g2 . . . ℘grr ℘ˆgrr −er q1f1 q2f2 q3f3 . . . qsfs
where pj = a2j + b2j and ℘j = aj + bj i, ℘ˆj = bj + aj i, and for each j, 0 ≤ gj ≤ ej .

37. The primes in Z[i] 151
Specifically, every prime, ℘, in Z[i] takes one of three forms
• ℘∼1+i
• ℘ ∼ a + bi where N (℘) = a2 + b2 = p ≡ 1 (mod 4) is a prime integer
• ℘ ∼ qj where qj ≡ 3 (mod 4) is a prime integer.
We have phrased this as facts about the primes in the larger ring, Z[i]. We could
instead phrase this as facts about what happens to the primes in Z when we pass
to the larger ring, Z[i]. Now we see that every prime integer, p, falls into one of
three categories:
• p ∼ (a + bi)2 (the prime p is said to be ramified in Z[i], or to ramify in

Z[i])
• p ∼ (a + bi)(c + di) with a + bi ∼ c + di (the prime p is said to split in
Z[i])
• p is a prime element of the larger ring Z[i] (the prime p is said to remain
inert in Z[i])
The only positive prime integer that ramifies in Z[i] is 2. Positive prime integers
that are 1 (mod 4) split in Z[i], and positive prime integers that are 3 (mod 4)
remain inert in Z[i]. (Alternatively, one may say that a prime in Z of the form
4k + 1 is a split prime and a prime in Z of the form 4k + 3 is an inert prime. This
phrasing assumes that the larger ring (in this case, Z[i]) is clear.)
These facts (about how elements of the larger rings factor into primes, and √ how
prime
√ integers
√ factor in√the larger
√ ring) will be shown to have analogs in Z[ 2],
Z[ 3], Z[ −2], Z[ρ], Z[ −3], Z[ 5], and Z[ω] (where ω is the golden ratio). Each
time, there will only be a finite number of ramified primes, which are distinguished
from the split primes by the fact that they factor √ into2 powers of primes, not into
products
√ of distinct primes. As examples, 2 ∼ ( −2) is the only ramified prime
in Z[ −2], and 3 ∼ (1 + 2ρ)2 is the only ramified prime in Z[ρ].
Exercises
1. Prove the forward implication ( =⇒ ) in Proposition 34.
2. Prove Theorem 21. You may use Proposition 34, which will be proved in
Section 39. You may well wish to write (and prove) a lemma along the lines
of “If p ≡ 3 (mod 4) is a prime and p|a2 + b2 , then p|a and p|b.”
3. Use Theorem 21 to characterize those integers that can be written in the form
a2 + b2 , and which cannot.
4. Following Exercise 3, and following up on Exercise 16 (page 79), characterize
those integers n that can be written in the form n = a2 − ab + b2 . We do not
have a theorem that applies (yet). However, we have the following data:
√
primes that can primes that cannot

be written as be written as
p = a2 − ab + b2 p = a2 − ab + b2
3, 7, 13, 19, 31, 37, 2, 5, 11, 17, 23, 29,
43, 61, 67, 73, 79, 41, 47, 53, 59, 71,
97, 103, 109, 127, 83, 89, 101, 107,
139, 151, 157, 163, 113, 131, 137, 149,
181, 193, 199, . . . 167, 173, 179, 191,
197, . . .
composites that can composites that cannot
be written as be written as
n = a2 − ab + b2 n = a2 − ab + b2
4, 9, 12, 16, 21, 25, 6, 8, 10, 14, 15, 18, 20,
27, 28, 36, 39, 48, 22, 24, 26, 30, 32, 33,
49, 52, 57, 63, 64, 34, 35, 38, 40, 42, 44,
75, 76, 81, 84, 91, 45, 46, 50, 51, 54, 55,
93, 100, . . . 56, 58, 60, 62, 65, 66,
68, 69, 70, 72, 74, . . .
Chapter 4
An Interlude of Analytic
Number Theory
38 The distribution of primes in Z
There are five theorems I want you to know about how the primes in Z are dis-
tributed (we will only prove two of them here; one more is proved in the Project H
on arithmetic functions and Dirichlet series). The branch of mathematics that deals
with the distribution of the primes in Z is called analytic number theory; most of
this course is instead from algebraic number theory. It is important to see these
theorems, even if we won’t go into this topic in depth.
1. Theorem 22 (Euclid’s Theorem on Primes) There are infinitely many

primes in Z.
Proof . Suppose not, so the only primes in Z are p1 = 2, p2 = 3, p3 = 5,
. . . , pn . Let N = (p1 p2 p3 · · · pn ) + 1. Then by the fundamental theorem of
arithmetic (actually we only need Lemma 6 from page 65 here), since N > 1
we know that N has a factorization into primes. However, p1 /|N , p2 /|N , p3 /|N ,
. . . , pn /|N ; so we get a contradiction, since these are the only primes in Z.
This contradiction shows that we must have an infinite number of primes in
Z.
2. Theorem 23 The primes in Z are scattered irregularly: there are arbitrarily

large gaps between the primes.
Proof . Look at the numbers

n! + 2, n! + 3, n! + 4, . . . , n! + (n − 1), n! + n.
It is clear that n! + 2 is not prime since 2 divides it; similarly, 3|(n! + 3),
4|(n! + 4), . . . , n|(n! + n). Thus we have n − 1 consecutive numbers that are
not primes.
153
154 Chapter 4. An Interlude of Analytic Number Theory
3. Theorem 24 There are more primes than perfect squares, so there are lots
of primes. One way to measure this is to notice that

1
1
1
diverges, diverges, but converges.
n p n2
n∈N p prime ∈ N n∈N
You should already have seen the first and third facts in calculus.
4. Theorem 25 (Prime Number Theorem) The primes are distributed
evenly: If π(x) denotes the number of primes p such that 2 ≤ p ≤ x, then
π(x)
lim x =1
x→∞
ln x
or
π(x)
lim =1
x→∞ Li(x)
where x
1
Li(x) = dt.
2 ln t
This theorem says that in contrast to Theorem 23, the number of primes in
any given range is statistically predictable. So there is an evenness to the
unevenness.
5. Theorem 26 (Dirichlet’s Theorem on Primes in an Arithmetic
Progression) If (a, n) = 1 then there are infinitely many primes p such
that
p ≡ a (mod n).
Thus, for instance, since (100, 21) = 1, this very important theorem states
that there are infinitely many primes in the set
{21, 121, 221, 321, 421, . . . , 21 + 100k, . . .}.
In fact, Dirichlet proved much more. He showed that if (a, n) = 1, then as

N → ∞, the proportion of primes that are congruent to a (mod n) and less
1
than N (as compared to all the primes less than N ) approached . Since
ϕ(n)
there are exactly ϕ(n) such congruence classes, Dirichlet is telling us that, in
the long run, the primes are distributed across congruence classes as evenly
as possible. The proof of Dirichlet’s theorem is beyond the scope of this book,
but we will explore several special cases in the exercises. Here is one special
case (the proof is similar to the proof of Theorem 22, but there’s a slight
twist):
Proposition 35 There are infinitely many primes in Z of the form 4k + 3;

i.e., there are infinitely many primes p such that p ≡ 3 (mod 4).
Proof . Assume there are only finitely many such primes, say
p1 ≡ p2 ≡ p3 ≡ · · · ≡ pn ≡ 3 (mod 4).
38. The distribution of primes in Z 155
Then consider the number

N = 4p1 p2 p3 · · · pn − 1.
We have N > 1 so N has a factorization into primes. Also N ≡ −1 ≡ 3

(mod 4). N is odd so all its prime factors are odd; in particular, they are all
congruent to either 1 or 3 (mod 4). If all the prime factors of N were ≡ 1
(mod 4), then N ≡ 1 (mod 4) also. Thus N must have at least one prime
factor, p, with p ≡ 3 (mod 4); and so p = pk for some k with 1 ≤ k ≤ n. But
p1 /|N , p2 /|N , p3 /|N , . . . , pn /|N . This is a contradiction, so the list must be
infinite.
Exercises
1. Prove the converse of Dirichlet’s theorem: If there are infinitely many primes,
p, with p ≡ a (mod n), then (a, n) = 1.
2. The proof of Proposition 35 is written as a proof by contradiction. Proofs
by contradiction should be avoided when possible; rephrase the proof as a
construction proof that shows how to construct a new prime, given a finite
list of primes.
3. Mimic the proof of Proposition 35 to prove that there are infinitely many
primes of the form 3k + 2.
4. Mimic the proof of Proposition 35 to prove that there are infinitely many
primes of the form 6k + 5.
5. Every odd prime is ≡ 1, 3, 5, or 7 (mod 8). Since there are now four groups
of primes, the ideas used in Proposition 35 and Exercises 3 and 4 won’t quite
work in modulus 8. But we can add another twist: suppose we take a finite
list of odd primes, p1 , p2 , p3 , . . . , pn . Consider the numbers
A = (p1 p2 p3 · · · pn )2 + 2,
B = (p1 p2 p3 · · · pn )2 + 4,
and
C = (p1 p2 p3 · · · pn )2 − 2.
We have A ≡ 3 (mod 8), B ≡ 5 (mod 8), and C ≡ 7 (mod 8). If we define
Pk = {integer primes that are ≡ k (mod 8)},

argue that at least two of the sets P3 , P5 , and P7 are infinitely large.
6. Since ϕ(5) = ϕ(10) = ϕ(12) = 4, we have a chance to deal with the mod 5,
mod 10, and mod 12 cases in the same way as we dealt with mod 8. Can you
extend Exercise 5 to cover one or more of these other moduli?
7. Consider the arithmetic progression a, a + d, a + 2d, . . . , where a and d are
positive integers. For any positive integer k, prove that the progression has
either no exact kth powers or infinitely many.
Chapter 5
Quadratic Residues
In the complex field C, every number is a perfect square. In the real field R, all
non-negative numbers are perfect squares, and none of the negative numbers are.
Which numbers are perfect squares in the rational field Q and in the ring of integers
Z is essentially answered by the fundamental theorem of arithmetic (see Exercise 7
on page 67). There is thus an analogous answer in the ring Z[i] (see Exercise 6 on
page 137). Most of the present chapter will be devoted to answering this seemingly
simple question in the ring Z/pZ. The Law of Quadratic Reciprocity, conjectured by
Euler and Legendre and first proved by Gauss, answers this question. Its statement
and proof are one of the high points of any first course in number theory.
39 Perfect squares
In the exercises most of the following has been proved.
Proposition 36 For p a prime in Z,
p ≡ 3 (mod 4) =⇒ p cannot be written as p = a2 + b2 for integers a and b

⇐⇒ p is prime in Z[i]
⇐⇒ there are no Gaussian integers with norm p.
Proof . The first implication is the contrapositive of Exercise 8 in Section 19, and
the first double implication is Exercise 20(a) in Section 5. We will prove the second
double implication here.
Suppose there were no Gaussian integers with norm p. If p = z · w then taking

norms we get p2 = N (z)N (w); so if N (z) = p is impossible we must have N (z) = 1
and N (w) = p2 , or N (z) = p2 and N (w) = 1. Thus we must have that either z or
w is a unit. Thus p fulfills the definition of a prime in Z[i]. Conversely, suppose
there are Gaussian integers with norm p, for example suppose N (r + si) = p. Then
157
158 Chapter 5. Quadratic Residues
(r + si)(r − si) = p and N (r + si) = N (r − si) = p so we have factored p into

non-units; thus p is not a prime in Z[i].
Now suppose p is an odd prime in Z and suppose also that we have a solution,
S, to the equation x2 ≡ −1 (mod p). We may assume that S is an integer with
1 ≤ S ≤ p − 1 (in fact we may even assume 1 ≤ S ≤ p−1
2 , but we don’t need to), so
we have
S 2 ≡ −1 (mod p) ⇐⇒ p|(S 2 + 1)
so p|(S 2 + 1) in Z and thus

p|(S + i)(S − i)
in Z[i]. Now if p is a prime in Z[i], then p|(S + i) or p|(S − i) by the prime theorem
for Z[i]. But this is impossible (see Exercise 8a on page 31 if this isn’t clear to you),
so p is not a prime in Z[i]. Hence we have
there is a solution to x2 ≡ −1 (mod p) =⇒ p is not a prime in Z[i]
and
p is a prime in Z[i] =⇒ there is no solution to x2 ≡ −1 (mod p).
Between this and Exercise 5 in Section 35 and Exercise 8 in Section 19, we have
proved something we will call “le carré,” which is French for “the square.” (The
reason for this choice of terminology is that the term “square,” as in perfect square,
has already been taken. Also, I like French. Also, I like reading John le Carré.)
For p an odd prime in Z, we have le carré:
can’t write p = a2 + b2 in Z ⇐⇒ p is prime in Z[i]

⇑ ⇓
p ≡ 3 (mod 4) ??? −1 is not a perfect square in Z/pZ
We want “ ⇐⇒ ” in the second line, so that we will know that any of the statements
is equivalent to the others. All we need is to show that −1 is not a perfect square
in Z/pZ implies that p ≡ 3 (mod 4). We will prove the contrapositive:
Lemma 11 If p is a prime in Z and p ≡ 1 (mod 4), then x2 ≡ −1 (mod p) can

be solved; in fact this equation has the two solutions

p−1
x≡± ! (mod p).
2
39. Perfect squares 159
Proof . By Wilson’s theorem we know that (p − 1)! ≡ −1 (mod p). Thus we have

p−1 p+1
(1)(2)(3) · · · · · · (p − 3)(p − 2)(p − 1) ≡ −1 (mod p)
2 2

p−1 p−1
(1)(2)(3) · · · − · · · (−3)(−2)(−1) ≡ −1 (mod p)
2 2

p−1 p−1 p−1
! · · · (3)(2)(1)(−1) 2 ≡ −1 (mod p)
2 2
2
p−1 p−1
! (−1) 2 ≡ −1 (mod p)
2
2
p−1 p−1
! ≡ (−1)1− 2 (mod p).
2
Now, if p ≡ 1 (mod 4) then p = 1 + 4k for some k in Z. But then 1 − p−1

2 = 1 − 2k
is odd, so we have
2
p−1
! ≡ −1 (mod p)
2
and we have a solution to the equation x2 ≡ −1 (mod p). Of course, if p ≡ 3

(mod 4), all we have found is that we can solve the equation x2 ≡ 1 (mod p),
which clearly has solutions x ≡ ±1 (mod p)!
The theorem is thus proved.
Theorem 27 For p an odd prime in Z, we have:
can’t write p = a2 + b2 in Z ⇐⇒ p is prime in Z[i]

p ≡ 3 (mod 4) ⇐⇒ −1 is not a perfect square in Z/pZ
The four equivalent statements are about different rings: Z, Z[i], Z/4Z, and Z/pZ.
It will be handy on occasion to also rephrase this theorem as
Theorem 27 For p an odd prime in Z, we have:
p = a2 + b2 is possible in Z ⇐⇒ p is not prime in Z[i]

p ≡ 1 (mod 4) ⇐⇒ −1 is a perfect square in Z/pZ
Exercises
1. We can illustrate Theorem 27 in the case p = 37 by writing
• 37 = 62 + 12 in Z.
• 37 = (6 + i)(6 − i) in Z[i].
• 37 = 9 · 4 + 1 so 37 ≡ 1 (mod 4).
• 62 ≡ −1 (mod 37).
Do the same for p = 73, p = 113, and p = 829.
2. Let p be an odd prime in Z, and p ≡ 1 (mod 4). Show that p can be written
as a sum of squares uniquely; that is, if p = a2 + b2 = c2 + d2 , then the sets
{±a, ±b} and {±c, ±d} are the same.
3. The goal of this exercise is to show that there are infinitely many prime inte-
gers of the form 4k + 1. Together with Proposition 35, this will demonstrate
Dirichlet’s theorem in the case n = 4.
Assume there is a finite number of prime integers p such that p ≡ 1 (mod 4),
and let N = (2p1 p2 p3 · · · pk )2 + 1 be formed from their product. N > 1 so N
has a prime factor q.
(a) Show that q ∼ pi for any i, 1 ≤ i ≤ k.
(b) Show that the equation x2 ≡ −1 (mod q) has solutions.
(c) Conclude that q ≡ 1 (mod 4).
(d) State the contradiction you have found, and conclude that there must
be an infinite number of prime integers of the form 4k + 1.
4. Table 6 shows data calculated about which prime integers p are perfect squares
(mod q): a “+” indicates that x2 ≡ p (mod q) can be solved, and a “−”
indicates that x2 ≡ p (mod q) cannot be solved.
(a) Calculate the entries for the q = 113 and q = 127 rows of the table, by
whatever method you choose.
(b) Make conjectures about how the columns of the table can be organized.
For instance, you might note that x2 ≡ 5 (mod q) can be solved ⇐⇒ q
ends with the digit one or nine, i.e., ⇐⇒ q ≡ ±1 (mod 10). Try to
come up with similar rules for each of the other columns.
5. A number is written with 300 ones and 300 zeros. Can it be a perfect square?
6. Let N = 44444444 and let the sum of the digits of N be A. Let B be the sum
of the digits of A. Let C be the sum of the digits of B. Find C.
40 Quadratic residues
The proof of Theorem 27 (le carré) is part of why we care about the question
What are the perfect squares in Z/pZ?

40. Quadratic residues 161
q\p 2 3 5 7 11 13 17 19 23 29
2 0 + + + + + + + + +
3 − 0 − + − + − + − −
5 − − 0 − + − − + − +
7 + − − 0 + − − − + +
11 − + + − 0 − − − + −
13 − + − − − 0 + − + +
17 + − − − − + 0 + − −
19 − − + + + − + 0 + −
23 + + − − − + − − 0 +
29 − − + + − + − − + 0
31 + − + + − − − + − −
37 − + − + + − − − − −
41 + − + − − − − − + −
43 − − − − + + + − + −
47 + + − + − − + − − −
53 − − − + + + + − − +
59 − + + + − − + + − +
61 − + + − − + − + − −
67 − − − − − − + + + +
71 + + + − − − − + − +
73 + + − − − − − + + −
79 + − + − + + − + + −
83 − + − + + − + − + +
89 + − + − + − + − − −
97 + + − − + − − − − −
101 − − + − − + + + + −
103 + − − + − + + + + +
107 − + − − + + − + + +
109 − + + + − − − − − +
113
127
Table 6: Can x2 ≡ p (mod q) be solved?

but there are other reasons, for instance we may want to solve quadratic equations
in Z/pZ. As we saw earlier, we can solve any linear equation, ax + b ≡ 0 (mod p),
and given a quadratic equation, ax2 + bx + c ≡ 0 (mod p), we proved that there
are at most two roots, but we aren’t sure how many there are nor can we find
them easily, in general. Finding them will remain a problem, but we will see that
counting how many there are is an easy calculation.
Suppose we want to solve
ax2 + bx + c = 0
in Z. How would we know whether or not we had any solutions? What if we want
to solve the same equation in Q? in R? in C? Our procedure is different in each
case, but we have a simple test in each case that will tell us whether we can solve
the equation, and in fact with a little more work we can see how many roots we
have in each ring. The quadratic formula gives us the answer in each case, because
using purely algebraic operations we see that
√
−b ± b2 − 4ac
ax2 + bx + c = 0 =⇒ x = .
2a
In the fields Q, R, and C we have no problem with anything but the square root; in
Z there is a further problem with division; in C the fundamental theorem of algebra
tells us there are exactly two roots (though we may get a double root if b2 −4ac = 0).
The test for Q and R is exactly this: “is b2 −4ac a perfect square”? The answer in Q
is difficult, depending on the factorization into primes of the numerator and of the
denominator of the rational number; in R it reduces to asking “is b2 −4ac positive?”
We will start with the same test as in Q, but we can simplify it considerably, until
it is almost as easy to answer as it is in R.
Let’s try some examples: what are the perfect squares in Z? Z/2Z? Z/3Z? Z/5Z?
Z/7Z? Z/11Z? Z/13Z? Z/17Z? Z/19Z? Z/23Z?
As we answer these questions, do any pattern emerge? How many answers do we

have in each case? We get a more striking pattern if we leave out zero and just
look at the units that are perfect squares. In fact we have the following
Definition 28 Given a prime p and an integer r we call r a quadratic residue

(mod p) if (r, p) = 1 and the equation x2 ≡ r (mod p) has a solution. We call n a
quadratic non-residue (mod p) if (n, p) = 1 and the equation x2 ≡ n (mod p) has
no solution.
We have split up Z/pZ into
Z/pZ = {0} ∪ {quadratic residues} ∪ {quadratic non-residues.}

We have
Z/2Z = {0} ∪ {1} ∪ {}
Z/3Z = {0} ∪ {1} ∪ {2}
Z/5Z = {0} ∪ {1, 4} ∪ {2, 3}
Z/7Z = {0} ∪ {1, 2, 4} ∪ {3, 5, 6}
Z/11Z = {0} ∪ {1, 3, 4, 5, 9} ∪ {2, 6, 7, 8, 10}
Z/13Z = {0} ∪ {1, 3, 4, 9, 10, 12} ∪ {2, 5, 6, 7, 8, 11}
Z/17Z = {0} ∪ {1, 2, 4, 8, 9, 13, 15, 16} ∪ {3, 5, 6, 7, 10, 11, 12, 14}.
What do you notice? Unlike the splitting up of Z/mZ we did before, as

Z/mZ = {0} ∪ {units} ∪ {zero-divisors},
where we had 1 + ϕ(m)+ an undetermined number, here we seem to have 1 + p−1 2 +
p−1
2 elements; the units split exactly into two equal pieces! Can we prove this? We
usually think of Z/pZ as {0, 1, 2, . . . , p − 1}, but this time it is more convenient to
think of it as

p−1
Z/pZ = {0} ∪ (Z/pZ)× = {0} ∪ ±1, ±2, ±3, . . . , ± .
2
Then when we square everything we get

(p − 1)2
{the quadratic residues in Z/pZ} = 1, 4, 9, . . . , .
4
Are there in fact exactly p−1

2 quadratic residues? This is equivalent to asking “Do
we get any repeats?” As we always do, we answer this by looking at
a2 ≡ b2 (mod p),
where 1 ≤ a ≤ p−1 2 and 1 ≤ b ≤ 2 . Then we have p|(a − b ) = (a + b)(a − b)
p−1 2 2
so p|(a + b) or p|(a − b) by the prime theorem. But we have 2 ≤ a + b ≤ p − 1

so p|(a + b) is impossible; therefore p|(a − b) and a ≡ b (mod p). Thus we get no
repeats, and we have proved
Proposition 37 In Z/pZ, there are exactly p−1 2 quadratic residues and exactly
p−1
2 quadratic non-residues. The set of quadratic residues is exactly
2
p−1
1, 22 , 32 , . . . , .
2
Although this proposition tells us how many quadratic residues there are in Z/pZ,
we still don’t know what they are. Can we solve
x2 ≡ 56 (mod 1009)?
Right now all we know is that we have a 50–50 chance of a “yes” answer and a 50–50
chance of a “no” answer, but the only way to answer the question is to calculate
{1, 22 , 32 , . . . , (504)2 },
reduce these integers (mod 1009), and look in the list for 56. Yuck! We need an
easier method.
What happens when we multiply residues and non-residues? In Exercise 3 on

page 83, you were asked to figure out what happens when you multiply a unit and
a zero-divisor, or two zero-divisors, etc. What are the analogous rules here, if any?
Let’s try an example: the residues in Z/7Z are {1, 2, 4}, and we have the following
multiplication table for (Z/7Z)× :
· 1 2 3 4 5 6
1 1 2 3 4 5 6
2 2 4 6 1 3 5
3 3 6 2 5 1 4
4 4 1 5 2 6 3
5 5 3 1 6 4 2
6 6 5 4 3 2 1
Furthermore, the residues in Z/13Z are {1, 3, 4, 9, 10, 12}, and we have the following
multiplication table for (Z/13Z)× :
· 1 2 3 4 5 6 7 8 9 10 11 12
1 1 2 3 4 5 6 7 8 9 10 11 12
2 2 4 6 8 10 12 1 3 5 7 9 11
3 3 6 9 12 2 5 8 11 1 4 7 10
4 4 8 12 3 7 11 2 6 10 1 5 9
5 5 10 2 7 12 4 9 1 6 11 3 8
6 6 12 5 11 4 10 3 9 2 8 1 7
7 7 1 8 2 9 3 10 4 11 5 12 6
8 8 3 11 6 1 9 4 12 7 2 10 5
9 9 5 1 10 6 2 11 7 3 12 8 4
10 10 7 4 1 11 8 5 2 12 9 6 3
11 11 9 7 5 3 1 12 10 8 6 4 2
12 12 11 10 9 8 7 6 5 4 3 2 1
We conjecture that
Res · Res = Res
Res · Non = Non
Non · Non = Res.
These rules look like what? Maybe the rules for adding odds and evens! Or the rules
for multiplying positives and negatives! Keep that in mind. Some notation will be
handy from this point onward; rather than continuing to say “a is a quadratic
residue (mod p),” we will introduce the Legendre symbol:

a
Definition 29 Given an odd prime p and any integer a, we write and say
p
“the Legendre of a over p” for the Legendre symbol. It is defined as follows

a
• = 0 ⇐⇒ p|a
p

a
• = +1 ⇐⇒ a is a quadratic residue mod p, i.e., p/|a and a is a perfect
p
square in Z/pZ

a
• = −1 ⇐⇒ a is a quadratic non-residue mod p, i.e., p/|a and a is not
p
a perfect square in Z/pZ
We have proved most of the following
Proposition 38 For integers a and b and a prime p, we have

ab a b
= .
p p p
Also, if p/|a, we have

a2
= +1.
p
Further, we have
a b
a ≡ b (mod p) =⇒ = .
p p

a
Finally, the equation x ≡ a (mod p) has 1 +
2
solutions.
p

Proof . We have ab p = 0 ⇐⇒ p|ab. But if p|ab then p|a or p|b by the prime
theorem, so in either case we get

a b ab
=0= .
p p p
Similarly, if p|a or p|b then p|ab and so both sides

of the
equation are zero.
Thus
we may assume p/|a, p/|b, and p/|ab. Then p = ±1, p = ±1, and pb = ±1,
ab a
and we only need to prove that the signs match up the correct way. But that is
exactly
what
the rules we conjectured above say. You will have a chance to prove
ab a b
that = in the exercises. The other statements are immediate from
p p p
the definition of the Legendre symbol.
We have already proved
Proposition 39

−1 +1 if p ≡ 1 (mod 4)
=
p −1 if p ≡ 3 (mod 4).

What we are ultimately interested in is a rule that will relate pq and pq for odd
primes p and q. Exercise 10 and Table
1 on page 77 presented the data for this
rule, with ♥ showing when q = pq and ♣ showing when they are unequal. It
p
is not hard to conjecture a rule; it will take us a while to justify that rule.
We will begin with an example of how we may calculate the Legendre symbol:

56 2 4 7
=
1009 1009 1009 1009

2 −1002
=
1009 1009

2 −1 2 501
=
1009 1009 1009 1009

−1 3 167
=
1009 1009 1009

−1 3 −842
=
1009 1009 1009

3 2 421
=
1009 1009 1009

3 2 −588
=
1009 1009 1009

3 2 −1 4 147
=
1009 1009 1009 1009 1009

3 2 −1 3 49
=
1009 1009 1009 1009 1009

2 −1
=
1009 1009
−1
and we know
that 1009 = +1 because 1009 ≡ 1 (mod 4). Thus if we know the
2
56
rule for p we can calculate this answer. We will also be able to calculate 1009
in another way later, by using a rule for flipping theLegendre
symbol:
clearly for
distinct odd primes p and q we have p/|q and q/|p, so pq = ±1 and pq = ±1 and

we only need to see whether pq = pq or pq = − pq . Once we have this rule
to use, we can calculate the above as

56 2 4 7
=
1009 1009 1009 1009

2 1009
= ±
1009 7

2 1
= ±
1009 7

2
= ± .
1009
7 1009
From the above two calculations we can see that 1009 = 7 ; it remains for us
to find and prove the general rule.
41. Calculating the Legendre symbol (hard way) 167
Exercises
1. Show that a is a quadratic residue (mod p) ⇐⇒ a−1 is a quadratic residue
(mod p).
2. Suppose that a and b are quadratic residues (mod p). Show that ab is also a
quadratic residue (mod p).
3. Suppose that a is a quadratic residue (mod p) and that b is a quadratic non-
residue (mod p). Show that ab is a quadratic non-residue (mod p).
4. Suppose that a and b are quadratic non-residues (mod p). Use Exercise 3 or
some other way to show that ab is a quadratic residue (mod p).
61
5. To choose a simple example, 372 ≡ 61 (mod 109), so 109 = +1. Using the
known rules for Legendre symbols,
61 find a chain of calculations similar to the
one on page 166 to show that 109 = +1.
449
6. To choose a nearly random example, 2552 ≡ 449 (mod 1009), so 1009 = +1.
Using the known rules for Legendre symbols, find
449 a chain of calculations
similar to the one on page 166 to show that 1009 = +1.
41 Calculating the Legendre symbol (hard way)
To choose three examples, we have:
• The quadratic residues in Z/7Z are 1, 2, and 4.

• The quadratic residues in Z/11Z are 1, 3, 4, 5, and 9.
• The quadratic residues in Z/13Z are 1, 3, 4, 9, 10, and 12.
p−1
2
Euler’s Theorem tells us that if p/|a, then 1 ≡ ap−1 ≡ a 2 (mod p), so we
p−1 p−1
know that a 2≡ ±1 (mod p). Thus we will calculate a 2 in each case. We have
(Z/7Z)× = {1, 2, 3, 4, 5, 6} so when we raise to the power p−1
2 = 3, we get
{1, 23 = 8 = 1, 33 = 27 = −1, 43 = 64 = 1, 53 = 125 = −1, 63 = (−1)3 = −1}.
What do you notice? Let’s try (Z/11Z)× = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}: we get
{1, 25 = 32 = −1, 35 = 243 = 1, 45 = (−1)2 = 1, 55 = 3125 = 1,
65 = 25 · 35 = (−1)(1) = −1, 75 = (−4)5 = −45 = −1,
85 = (−3)5 = −35 = −1, 95 = (−2)5 = −25 = 1, 105 = (−1)5 = −1}.
What do you notice? Finally, let’s try (Z/13Z)× = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}:
we get
{1, 26 = 64 = −1, 36 = 93 = (−4)3 = −64 = 1, 46 = (26 )2 = (−1)2 = 1,
56 = 1252 = (−5)2 = 25 = −1, 66 = 26 · 36 = (−1)(1) = −1,
76 = (−6)6 = 66 = −1, 86 = (−5)6 = 56 = −1, 96 = (−4)6 = 46 = 1,
106 = (−3)6 = 36 = 1, 116 = (−2)6 = 26 = −1, 126 = (−1)6 = 1}.
We might thus conjecture what is called Euler’s criterion.
Proposition 40 (Euler’s Criterion) For any integer a, we have

p−1 a
a 2 ≡ (mod p).
p
Proof
. If p|a, both sides of the equation are zero, so the proposition is true. If
a
p = +1, then we can solve the equation x2 ≡ a (mod p), so suppose S is a
solution. Then we have S 2 ≡ a (mod p), and we get
p−1 p−1
a 2 ≡ (S 2 ) 2 ≡ S p−1 ≡ 1 (mod p)

by Fermat’s little theorem. Thus in this case we get equality also. What if ap =
−1? The trick here is to use Fermat’s little theorem in a different way. We know
that
xp−1 − 1 ≡ 0 (mod p)
has p − 1 solutions by Fermat’s little theorem. But we can factor this polynomial,
since p − 1 is even, as
p−1 p−1
x 2 − 1 x 2 + 1 ≡ 0 (mod p).
We know that there are no zero-divisors in Z/pZ, since it is a field, so if a is an

integer such that ap−1 ≡ 1 (mod p), we must have
p−1 p−1
a 2 − 1 ≡ 0 (mod p) or a 2 + 1 ≡ 0 (mod p).
Thus a is a root of the polynomial xp−1 − 1 ⇐⇒ a is a root of one of the

p−1 p−1
polynomials x 2 − 1 or x 2 + 1. We know that each smaller polynomial has at
most p−1
2 roots, by Lagrange’s theorem, and we have found that all the quadratic
residues are roots of the first polynomial. Since there are exactly p−12 quadratic
p−1
residues, we have found all the roots of the polynomial x 2 − 1. Hence, the p−1
2
p−1
quadratic non-residues must all be roots of the polynomial x 2 + 1. We have just
proved that
a p−1
= −1 =⇒ a 2 ≡ −1 (mod p)
p
and the proposition is proved.

a
We now have a way to calculate p . We will use this in the future. Also, we have
already proved that

−1 +1 if p ≡ 1 (mod 4)
=
p −1 if p ≡ 3 (mod 4),
√
42. The arithmetic of Z[ −2] and the Legendre symbol −2
p 169
but we can now prove this fact another way: if p ≡ 1 (mod 4), then p = 1 + 4k for
some integer k, and so p−1
2 = 2k is even. Thus we get

−1 p−1
≡ (−1) 2 ≡ +1 (mod p).
p

−1 −1
This does not say that p = +1, until we notice that since p = ±1, saying it
is congruent to +1 (mod p) means it must equal +1. Similarly, if p ≡ 3 (mod 4),
then p = 3 + 4k for some integer k, and so p−1
2 = 2k + 1 is odd, and we get

−1 p−1
≡ (−1) 2 ≡ −1 (mod p),
p

−1
and this must mean that p = −1, as expected.
Exercises

2
1. Use Euler’s criterion to calculate . You may want to use the fact that
31
25 ≡ 1 (mod 31).

3
13
33 ≡ 1 (mod 13).

2
41
210 = 1024 ≡ −1 (mod 41).

ab a b
4. Use Euler’s criterion to show that = .
p p p
5. Suppose (using the notation of 29) ordp (a) = p − 1, so a is a prim-

Section
a
itive root (mod p). Prove that = −1. Thus primitive roots are never
p
quadratic residues, and vice versa.
√
42 The arithmetic
of Z[ −2] and the Legendre
symbol −2p
√
We can now √ form a new le carré (sorry, “le carré neuf”?) for the ring Z[ −2],
because Z[ −2] has unique factorization, as was proved in Section 35. Given a
prime integer p > 2, we have the four conditions:
√
can write p = a2 + 2b2 p is not prime in Z[ −2]
p ≡??? (mod ???) −2 is a quadratic residue mod p
√
The two conditions on top are equivalent, as they are equivalent in any ring Z[ d];
this was proved in Exercise 5 in Section 35. If −2 is a quadratic residue (mod p)
we have an integer S such that S 2 ≡ −2 (mod p) ⇐⇒ p|(S 2 + 2)√in Z. But√then
S 2 +√ √ factor S√ + 2 = (S + −2)(S − −2)
2
2 = pn for some integer √
n, and we can
in Z[ −2]. But then√ p|(S + −2)(S − −2) √ in Z[ −2], and we √ conclude that if
p is a prime in Z[ −2], we must have p|(S + −2) √ or p|(S − −2), because the
Euclidean
√ algorithm we have proved exists in Z[ −2] gives us the prime theorem
in Z[ −2]. But just as we proved earlier in Z[i], we have for any integer n
√ √
n|(a + b d) in Z[ d] ⇐⇒ n|a and n|b.
√ we have a contradiction, since p/|1, so we see that p must not be a prime in

Thus
Z[ −2]. Also, from Exercise 15 in Section 19 (page 79), we have
p can be written as p = a2 + 2b2 =⇒ p ≡ 1, 3 (mod 8).
Thus our conditions become
√
can write p = a2 + 2b2 ⇐⇒ p is not prime in Z[ −2]
⇓ ⇑
p ≡ 1, 3 (mod 8) −2 is a quadratic residue mod p
Last time, Wilson’s theorem allowed us to get p ≡ 1 (mod 4) =⇒ −1 is a

quadratic residue (mod p), but we can’t use that here. Nor can we (easily) use
Euler’s criterion. What can we do? We would like to show that
p ≡ 1, 3 (mod 8) ⇐⇒ −2 is a quadratic residue mod p
but we can’t (yet). We can prove that
p can be written p = a2 + 2b2 =⇒ −2 is a quadratic residue mod p
in the same way that we did this for Z[i]: use Exercise 2 in Section 22 (page 88).
Thus we do get the equivalence of the three conditions (three corners of le carré)
√
p can be written as p = a2 + 2b2 ⇐⇒ p is not prime in Z[ −2]
⇓
⇐
⇒

−2
p ≡ 1, 3 (mod 8) = +1.
p
To connect the fourth (and easiest) condition to the others, we need another tool.
43. Gauss’s lemma 171
Exercises
1. We can illustrate the four conditions on page 170 in the case p = 41 by writing
• 41 = 32 + 2 · 42 in Z.
√ √ √
• 41 = (3 + 4 −2)(3 − 4 −2) in Z[ −2].
• 41 = 5 · 8 + 1 or 41 ≡ 1 (mod 8).
• 112 ≡ −2 (mod 41).
Do the same for p = 73, p = 107, and p = 827.

2. For which primes p is p2 = +1, and for which primes p is p2 = −1? Give
your answer in terms of a (simple) mod calculation.
43 Gauss’s lemma
Recall the modified division algorithm, which was introduced in Section 13: for any
integers a and b, with b = 0, we know there are unique integers q and r such that
1 1
a = bq + r where − |b| < r ≤ |b|.
2 2
This says that we can divide by b and always get a remainder that is less than or
equal to 12 |b| in absolute value. Now suppose p is a positive odd prime, and a is
any integer such that p/|a. Then we can write
1 1
a = pq + r where − p < r ≤ p.
2 2
Now p/|a ⇐⇒ r = 0, and 12 p is not an integer, so we can rewrite the condition on

r as
1 p−1
0 < |r| < p ⇐⇒ 1 ≤ |r| ≤ .
2 2
Thus any integer a that is not a multiple of p can be written as
a ≡ pq + r ≡ r ≡ ±a (mod p),
where a is an integer in the set {1, 2, 3, . . . , p−1

2 }. We will make use of that in the
following.
5
Suppose we want to evaluate 31 . We can calculate it if we can evaluate 515
(mod 31), but this could be tedious to do. Let’s try a different method: consider
the set
S = {1, 2, 3, . . . , 15}.
Then multiply everything by 5 to get T = 5S:
T = {5, 10, 15, 20, 25, 30, 4, 9, 14, 19, 24, 29, 3, 8, 13}
≡ {5, 10, 15, −11, −6, −1, 4, 9, 14, −12, −7, −2, 3, 8, 13} (mod 31).
What do you notice? We have
T = {−1, −2, 3, 4, 5, −6, −7, 8, 9, 10, −11, −12, 13, 14, 15}
≡ {5 · 1, 5 · 2, 5 · 3, . . . , 5 · 15} (mod 31).
Thus if we multiply everything in T together the six negative signs will cancel and
we will get
product = (−1)(−2)(3)(4)(5)(−6)(−7)(8)(9)(10)(−11)(−12)(13)(14)(15)
≡ (5 · 1)(5 · 2)(5 · 3) · · · (5 · 15) (mod 31)
15! ≡ 515 15! (mod 31)

5
1 ≡ 515 ≡ (mod 31).
31
5
Thus we have 31 = +1 and we can solve x2 ≡ 5 (mod 31). (The solutions are
clearly x ≡ ±6 (mod 31).) This method will be the basis for our next proposition,
often called Gauss’s lemma.
Proposition 41 (Gauss’s
lemma) Given an odd prime p and an integer such
that p/|a, we have p = (−1)N where N is the number of negative remainders in
a
the set
p−1
T = {a, 2a, 3a, 4a, . . . , a}
2
when the numbers are reduced to their smallest remainder (mod p) (i.e., the re-
mainder, positive or negative, that is closest to zero).
p−1
Proof . The product of the elements of T is clearly a 2 · p−1 2 !. What we need to
prove is that when we reduce these numbers to their smallest remainder (mod p),
we get each number 1, 2, 3, . . . , p−1
2 exactly once, but with a plus or a minus sign.
Thus suppose we have
i · a ≡ ±j · a (mod p).
Then we can cancel a since p/|a ⇐⇒ a is a unit, and get
i ≡ ±j (mod p)
so p|(i∓j). But we have 1 ≤ i ≤ p−12 and 1 ≤ j ≤ 2 . Thus 2 ≤ i+j ≤ p−1 so we

p−1
cannot have p|(i + j). Thus we must have p|(i − j). But 1 − p−1 2 ≤ i − j ≤ 2 − 1.
p−1
And the only number in this range that is divisible by p is zero. So we have i−j = 0,
so i = j and we have proved that there are no repeats! Thus we get that the product
of the elements of T is

p−1 p−1 p−1
(−1)N !≡a 2 ! (mod p).
2 2
and so
p−1 a
(−1) N
≡a 2 ≡ (mod p)
p
and again, since each number is ±1 we must have that they are equal.
43. Gauss’s lemma 173
Notice the similarity of this proof to the proof of Euler’s theorem in Section 28.
For Euler’s theorem, we multiply a specific unit by all the units, and see that this
simply rearranges all the units. For Gauss’s lemma, we multiply a specific unit
(in a prime mod) by half of the units, and observe that they are again rearranged,
though with changes of signs this time. Such is the genius of Gauss (and of Euler).

Gauss’s lemma allows us to calculate p2 directly, since the numbers are so simple:
the set T is
p−1
T = {2, 4, 6, . . . , p − 1} = {2, 4, 6, . . . , −3, −1} = {−1, 2, −3, 4, . . . , ± },
2
and we need to calculate the number of negative remainders we get. Since we only
need to know this number (mod 2), we can calculate the sum
p−1
1 + 2 + 3 + 4 + ··· + ,
2
since each odd number in this sum corresponds to a negative sign in T , and each
even number corresponds to a positive sign in T . Thus

2
= (−1)N ,
p
p−1 1 p−1 p+1 p2 − 1

where N = 1 + 2 + 3 + 4 + · · · + = · · = .
2 2 2 2 8

2 p2 −1
We have thus proved that = (−1) 8 . However, this is inconvenient; gener-
p
ally one uses the proposition

2 +1 if p ≡ ±1 (mod 8)
Proposition 42 For p an odd prime integer, =
p −1 if p ≡ ±3 (mod 8).
The proof is left to the reader (see Exercise 3).

−2 −1 2
As a corollary, we can calculate = :
p p p

−1 −2
• If p ≡ 1 (mod 8), we have 2
p = +1 and p = +1 so p = +1.

−1 −2
p = −1 and p = −1 so p = +1.

−1 −2
p = −1 and p = +1 so p = −1.

−1 −2
p = +1 and p = −1 so p = −1.
We thus have the

−2 +1 if p ≡ 1, 3 (mod 8)
Corollary 6 For p an odd prime integer, =
p −1 if p ≡ 5, 7 (mod 8).
Corollary 7 For a prime integer p > 2, we have

√
p can be written as p = a2 + 2b2 ⇐⇒ p is not prime in Z[ −2]

−2
p ≡ 1, 3 (mod 8) ⇐⇒ = +1.
p
Exercises
7

1. Calculate 11 using Gauss’s lemma.
6

2. Calculate using Gauss’s lemma.
29

2 +1 if p ≡ ±1 (mod 8)
3. Show that =
p −1 if p ≡ ±3 (mod 8).
√
4. (a) Write le carré for Z[ 2], analogous to le carré for Z[i] on page 158.
√
(b) Write an analog of Theorem 21 (page 150) for the ring Z[ 2]. Include a
characterization of which prime integers split, and which prime integers
are inert.
√
5. Write an analog of Theorem 21 for the ring Z[ −2]. Include a characterization
of which prime integers split, and which prime integers are inert.
6. Use Proposition 42 and mimic Exercise 3 in Section 39 to show that there are
infinitely many prime integers of the form 8k + 7.
7. Use Corollary 6 and mimic Exercise 3 in Section 39 to show that there are
infinitely many prime integers of the form 8k + 3.
44 Calculating the Legendre symbol (easier way)
We want to use Gauss’slemma

to calculate Legendre symbols in general. We will
2
do it just as we did for p , by looking at smallest remainders.
The greatest integer function, written x, is defined by
x = the greatest integer n such that n ≤ x
i.e., given an integer n such that n ≤ x < n + 1, we have x = n. We will use this
function quite a bit in this section.
44. Calculating the Legendre symbol (easier way) 175
Proposition 43 If p is a positive odd prime, then any integer a can be written as

p
a ≡
r (mod p) where 0 ≤ r <
2
and

= (−1) p .
2a
We have r = 0 ⇐⇒ p|a.
Proof . Using the usual Euclidean algorithm, we know we can write a as

a = pq + r where 0 ≤ r < p.
Then we get
2a = 2pq + 2r where 0 ≤ 2r < 2p
2a 2r 2r
= 2q + where 0 ≤ <2
p p p
* + * +
2a 2r 2r
= 2q + where 0 ≤ < 2.
p p p
% & % &
Since 0 ≤ 2r
p < 2, 2r
p = 0 or 1 are the only possibilities. So when is 2a
p odd
and when is it even? We have
* + * +
2a 2r 2r p
is even ⇐⇒ = 0 ⇐⇒ < 1 ⇐⇒ r <
p p p 2
and * + * +
2a 2r 2r p
is odd ⇐⇒ = 1 ⇐⇒ ≥ 1 ⇐⇒ r ≥ .
p p p 2
Now, if r = 0 the claim is clearly true, and also if r < p2 , as we have shown above.
r = p2 is impossible since r is an integer and p is odd. If r > p2 , use r = p − r so
0 < r < p2 , and then
r ≡ p − r ≡ −r ≡ (−1) p r (mod p)
2a
so the claim is true in this case also.
We have found a way to calculate when we get positive remainders and when we get
negative
remainders—this proposition and Gauss’s lemma tell us how to calculate
a
p . We will put them together in the following
Proposition 44 If p is an odd positive prime in Z, and a is an integer such that

p/|a (so that (a, p) = 1), then

a p−1
≡ a 2 ≡ (−1)S (mod p)
p
where
2 * +
p−1

2at
S= .
t=1
p
This is really just a restatement of Gauss’s lemma, using the modified division
algorithm in Proposition 43. Instead of counting negative
5 signs we are adding up
odd and even numbers. In fact, when we calculated 31 using Gauss’s lemma, we
had the set
T = {5, 10, 15, −11, −6, −1, 4, 9, 14, −12, −7, −2, 3, 8, 13}.
Now we have the calculation
2 * + 15 * +
p−1

2at
10t
=
t=1
p t=1
31
* +
* + * + * +
10 20 30 150
= + + + ··· +
31 31 31 31
= 0+0+0+1+1+1+2+2+2+3+3+3+4+4+4
= 20.
In this calculation we got odd numbers in exactly the same spots we had negative
signs when we applied Gauss’s lemma.

Let’s see an example to illustrate how this allows us to calculate ap . We have

72 ≡ 49 ≡ 20 (mod 29). Thus we know that 20 29 = +1. Let’s calculate it anyway,
using Gauss’s lemma and the above rule. For Gauss’s lemma we have
T = 20 · {1, 2, 3, . . . , 14}.
Multiplying and reducing, we get
T = {−9, 11, 2, −7, 13, 4, −5, −14, 6, −3, −12, 8, −1, −10},
20
and eight negative signs means that 29 = +1. On the other hand, we can find
2 * +
p−1

2at
S=
t=1
p
where a = 20 and p = 29. We thus have
14 *

+
40t
S =
t=1
29
* +
* + * + * +
40 80 120 560
= + + + ···+
29 29 29 29
= 1 + 2 + 4 + 5 + 6 + 8 + 9 + 11 + 12 + 13 + 15 + 16 + 17 + 19
= 138.

Since this is even, we know that 20
29 = +1, as expected. Once again we got odd
numbers in exactly the spots where we had negative signs using Gauss’s lemma.
20 4 5 5
A simpler way to calculate 20
29 would be to realize that 29 = 29 29 = 29 ,
5
and then use Proposition 44 to calculate 29 :
14 *

+
10t
S =
t=1
29
* +* + * + * +
10 20 30 140
= + + + ··· +
29 29 29 29
= 0+0+1+1+1+2+2+2+3+3+3+4+4+4
= 30;
5
once again we get an even number, so the answer is 2029 = 29 = +1.
So this allows us a method of calculation, but it is not much better than just
2 }. We need something better! First we
squaring all the numbers in {1, 2, 3, . . . , p−1
will get rid of the factor 2 in the sum S:
Lemma 12 If p is an odd positive prime in Z, and a is an odd integer such that

p/|a, we have
p−1

2
* +
p−1
2
* +
2at at
≡ (mod 2).
t=1
p t=1
p
Proof . We will use lattice sums to prove this lemma. Our basic set of points
will be those shown in Figure 11, inside the triangle with vertices at the origin, the
point (p, 0), and the point (p, a). The line that connects the origin to the point
Figure 11: The points in S
(p, a) is the line y = ap x, hence the points we are interested in may be described as
the set
S = {(x, y) ∈ R2 : x, y ∈ Z, 0 < x < p, 0 < y < ap x}.
There are no integer points on the line y = ap x between the points (0, 0) and (p, a),
since if x and y are integers and y = ap x, then py = ax, so p|ax, and since p/|a, p|x.
But there are no multiples of p between x = 0 and x = p, so no such integral points
exist. Now the points in S that have first coordinate t are (t, 1),
% (t,& 2), (t, 3), . . . ,
for which the second coordinate is less than ap t. There are thus atp of them. That
is the connection between the lattice pictures and the sums we have been seeing
involved in the calculation of Legendre symbols. We can thus conclude that the
2 * +
p−1

2at
sum from Proposition 44, , is the number of points in S with even first
t=1
p
cooordinate. Those points are marked in white in Figure 12 (left). They fall into
Figure 12: The regions A, B, C and D, before and after transformation
four regions marked A, B, C and D. Now note that the points in region B have
even x coordinates, but if we fold them over into region A, they will have odd x
coordinates, since p − even = odd. Thus after folding region B into region A, we
get Figure 12 (right), where all the points in region A are now white. The last
thing is for us to see that there are exactly as many white points in region C as in
region D, since a point (2r, s) in region C can be folded up into a point (2r, a − s)
in region D, and vice versa. So there is an even number of white points in regions
C and D; thus we have
2 * + 2 * +
p−1 p−1

2at
at
≡ (mod 2),
t=1
p t=1
p
as was to be proved. (In the figures given, p = 29 and a = 25, so there are 45 white
points in A, 39 black points in A, 39 white points in B, and 45 white points each
in C and in D.)
Putting Lemma 12 together with Proposition 44, we get an immediate
Corollary 8 If p is an odd positive prime in Z, and a is an odd integer such that

p/|a, we have
a
= (−1)R
p
where

2
* +
p−1
at
R= .
t=1
p
31
a
We now have five ways to calculate p . To illustrate, we will calculate 43 :
Brute Force: We can calculate {12 , 22 , 32 , . . . , 212 = 441}, reduce them all (mod 43)
and see if any is equal to 31. That is 21 calculations. Alternatively, we can
calculate 31 ≡ 74 ≡ 117 ≡ · · · (mod 43) and see if any of these is a perfect
square integer. The second way we only need to do about 11 calculations,
though recognizing perfect squares isn’t always easy. In this case we get
31 ≡ 74 ≡ 117 ≡ 160 ≡ 203 ≡ 246 ≡ 289 (mod 43) and we recognize
289 = 172 so 3143 = +1.
Euler’s Criterion: We need to calculate 3121 (mod 43). There are many ways
to calculate this, but notice that 312 ≡ (−12)2 = 144 ≡ 15 (mod 43). Also,
314 ≡ 152 = 225 ≡ 10 (mod 43). Thus 318 ≡ 102 = 100 ≡ 14 (mod 43).
Finally, 3116 ≡ 142 = 196 ≡ 24 (mod 43). Hence 3121 = 3116 · 314 · 31 ≡
24 · 10 · 31 = 24 · 310 ≡ 24 · 9 = 216 ≡ 1 (mod 43). Therefore 31
43 = +1.
Gauss’s lemma: The set T = 31S = {31, 62, . . . , 31·21} can be reduced (mod 43)
to
T = {−12, 19, 7, −5, −17, 14, 2, −10, 21, 9, −3, −15, 16, 4, −8, −20, 11, −1,
− 13, 18, 6},
31
which has ten negative signs. Hence 43 = +1.
Proposition 44:
21 *

+ * + * + * +
2 · 31x 62 124 1302
= + + ··· +
x=1
43 43 43 43
= 1 + 2 + 4 + 5 + 7 + 8 + 10 + 11 + 12 + 14 + 15 + 17 + 18
+ 20 + 21 + 23 + 24 + 25 + 27 + 28 + 30
= 322
31
so 43 = +1.
Corollary 8:
21 *

+ * + * + * +
31x 31 62 651
= + + ··· +
x=1
43 43 43 43
= 0 + 1 + 2 + 2 + 3 + 4 + 5 + 5 + 6 + 7 + 7 + 8 + 9 + 10 + 10
+ 11 + 12 + 12 + 13 + 14 + 15
= 156
31
so 43 = +1.
Exercises
1. Draw a picture of the situation of Lemma 12 with p = 13, a = 11, and verify
the counts of the points in the various regions.
7

2. Repeat the five calculations done at the end of this section to find 19 .
11
6

5. Suppose you had to calculate 65 89 . Which of the five methods used at the
end of this section would you use? Does your answer change depending on
whether
109 you are allowed to use technology? How about if you had to calculate
331 ?
6. In this exercise, we will get rid of the 2 using algebra rather than geometry
(as in Lemma 12). Suppose p is an odd positive prime integer, and a is an
odd integer such that p/|a.

p+a
2 2a
(a) Show that = .
p p

p+a
p2 − 1
(b) Use Proposition 44 to show that 2
= (−1)U where U = +
p 8
2 * +
p−1

at
.
t=1
p
2 *
p−1

+
a R at
(c) Conclude that = (−1) where R = .
p t=1
p
√
45 The arithmetic of Z[ −3]
For an odd positive prime that is not 3, we clearly have

√
it is possible to write p = a2 + 3b2 ⇐⇒ p is not prime in Z[ −3],
and from what we have done earlier it is reasonable to expect that we can relate
these two facts to a statement of the form

−3
p ≡ ??? (mod ???) ⇐⇒ −3 is a quadratic residue mod p ⇐⇒ = +1.
p
In fact, from previous experience, one would think that the modulus on the left is
12. A brute force calculation in Z/12Z then gives us
√
it is possible to write p = a2 + 3b2 ⇐⇒ p is not prime in Z[ −3]
⇓
p ≡ 1, 7 (mod 12) −3 is a quadratic residue mod p
√
45. The arithmetic of Z[ −3] 181

3 −3
We continue this process by calculating and using Gauss’s lemma: to
p p
3
calculate we have to consider the set
p

p−1
3, 6, 9, · · · , 3 · .
2
We begin this analysis by noting that 0 < a < p2 ⇐⇒ 0 < 3a < 3p 2 . Thus
when we reduce these numbers using the modified division algorithm, roughly the
first third will give positive remainders, then about one-third will give negative
remainders, then the last third (approximately) will give positive remainders. To
be concrete, we will get a positive remainder whenever 0 < 3a < p2 , a negative
remainder when p2 < 3a < p, and then a positive remainder when p < 3a < 3p 2 .
p
Thus we may apply Gauss’s lemma by counting how many
# $ # $ integers a satisfy 2 <
3a < p ⇐⇒ p6 < a < p3 . The count is thus exactly p3 − p6 . When p = 1 + 12k,
# $ # 1+12k $
we get 1+12k − 6 = 4k − 2k = 2k, so there is an even number of negative
3
# $ # 5+12k $
remainders and we get p = +1. When p = 5 + 12k, we get 5+12k
3
3 − 6 =
4k
+ 1 − 2k = 2k + 1, so there is an odd number of negative remainders and we get
# 7+12k $ # 7+12k $
3
= −1. When p = 7+12k, we get − = 4k+2−(2k+1) = 2k+1,
p
3 6
so an odd number of −1s and we get p3 = −1. And finally, when p = 11 + 12k,
# $ # 11+12k $
we get 11+12k3 − 6 = 4k + 3 − (2k + 1) = 2k + 2, so an even number of
negative remainders and we get p3 = +1. Thus

3
= +1 ⇐⇒ p ≡ ±1 (mod 12).
p
It follows from this that

−3 −1 3
= = +1 ⇐⇒ p ≡ 1, 7 (mod 12) ⇐⇒ p ≡ 1 (mod 6).
p p p
We now have
√
⇓
p ≡ 1 (mod 6) ⇐⇒ p ≡ 1, 7 (mod 12) ⇐⇒ −3 is a quadratic residue mod p.
We could also replicate an earlier argument to show that

p = a2 + 3b2 =⇒ a2 + 3b2 ≡ 0 (mod p) =⇒ (ab−1 )2 ≡ −3 (mod p)

−3
=⇒ = +1
p
and thus get
√
⇓
=⇒
p ≡ 1 (mod 6) ⇐⇒ p ≡ 1, 7 (mod 12) ⇐⇒ −3 is a quadratic residue mod p

√
but we are now stuck, because Z[ −3] does not have a division algorithm and
in fact we have shown by counterexample that the prime theorem does not hold,
and that is the avenue by which we have gone from the bottom to the top before.
Numerical experimentation may convince you that it is indeed true that p ≡ 1
(mod 6) ⇐⇒ p can be written as p = a2 + 3b2 , but that is far from a proof. How
can we rectify this?
Exercises
31 −12
1. Calculate 3143 via 43 = 43 . Compare with the calculations at the end
of Section 44.
√ √
2. The√only primes in Z[ −3 √ with even√norms are 2, p = 1 + −3 and q =
1 − −3. Thus if z = a + b −3 ∈ Z[ −3] is divisible by any of these three
primes, N (z) must be even.
√ Give conditions on a and b for when 2|z, when
p|z, and when q|z in Z[ −3].
3. Does the table in Exercise 5 in Section 2 (page 6) solidify the claim that p ≡ 1
(mod 6) ⇐⇒ p can be written as p = a2 + 3b2 ? Demonstrate that this claim
is correct for the primes 101, 103, 107, and 109.

4. For which primes p is p6 = +1, and for which primes p is p6 = −1? Give
your answer in terms of a (simple) mod calculation.
46 The arithmetic of Z[ρ]

√
As we have seen in Exercise 21 in Section 5 (page 25), Z[ −3] ⊆ Z[ρ]. In fact,
Exercise 21b implies that geometrically,
√ what we have done to produce Z[ρ] is to
take the rectangular lattice of Z[ −3] and added a single point inside each rectangle
of the lattice. In fact, that point is the center of the rectangle, and we then get a
lattice based on equilateral triangles; see Figure 13.
We will now show that Z[ρ] does have a division algorithm and a version of the
prime theorem. The proper statement of the division algorithm in Z[ρ] follows.
Proposition 45 If z and w = 0 are elements of Z[ρ], then there are elements of

Z[ρ] q = q1 + q2 ρ and r = r1 + r2 ρ (not necessarily unique), with
z =w·q+r
and 0 ≤ N (r) ≤ 13 N (w).
This should be provable by algebra, calculus, or geometry, and the last two ap-
proaches are sketched in the exercises. Unfortunately, an algebraic proof has been
elusive (to me). We will use algebra to prove the weaker statement that “there
exist elements of Z[ρ] q and r with z = w · q + r and 0 ≤ N (r) ≤ 34 N (w).” (This is
all we need, but it is misleading; in particular, it says that we might need as many
46. The arithmetic of Z[ρ] 183
√
Figure 13: The lattices Z[ −3] and Z[ρ]
as eighteen steps to reduce the norm by a factor of 200, when in fact at most five
steps are needed.)
√
Proof . As we did with the division algorithm in a general Z[ d], we start with a
calculation: if we try to divide a + bρ by c + dρ we will get
a + bρ (a + bρ)(c + dρ2 ) (ac + bd − ad) + (bc − ad)ρ

= = = (q1 + q2 ρ) + (
1 +
2 ρ),
c + dρ (c + dρ)(c + dρ2 ) N (w)
where q = q1 + q2 ρ ∈ Z[ρ], r = r1 + r2 ρ = (c + dρ)(

1 +
2 ρ) is also in Z[ρ], and
|
1 | ≤ 12 and |
2 | ≤ 12 . Now N (r) = N (c + dρ)N (
1 +
2 ρ) = N (w)(
21 −
1
2 +
22 ),
and the largest
21 −
1
2 +
22 could be is 14 + 14 + 14 = 34 . Thus z = w · q + r with
N (r) ≤ 34 N (w) and we are done.
For a prime integer p > 3, we thus get:

−3 √ √
= +1 =⇒ p|(s2 + 3) = (s + −3)(s − −3).
p
√ √
Now ρ = − 12 + 12 −3, so −3 = 2ρ + 1. Furthermore, p(r + sρ) = (pr) + (ps)ρ, so
p|(e + f ρ) ⇐⇒ p|e and p|f . Thus
√ √
p|(s + −3)(s − −3) =⇒ p|(s + 1 + 2ρ)(s − 1 − 2ρ),
but p/|2 =⇒ p/|(s + 1 + 2ρ) and p/|(s − 1 − 2ρ) (all divisibility statements are
statements in Z[ρ]). The prime theorem (which holds in Z[ρ], because it follows
from the Euclidean algorithm) thus implies that p is not prime in Z[ρ]. Thus we
have proved that for a prime integer p > 3

it is possible to write p = a2 − ab + b2 ⇐⇒ p is not prime in Z[ρ]
⇓ ⇑
p ≡ 1 (mod 6) ⇐⇒ p ≡ 1, 7 (mod 12) ⇐⇒ −3 is a quadratic residue mod p
and it follows that for a prime integer p > 3 we get the full le carré:
it is possible to write p = a2 − ab + b2 ⇐⇒ p is not prime in Z[ρ]

Thus an integer prime p > 3 that is 1 (mod 6) is factorable in Z[ρ]. Unfortunately,

√
being factorable in Z[ρ] does not imply being factorable in the smaller ring Z[ −3].
Can we fix this small discrepancy? Note that
p = (a + bρ)(c + dρ) ⇐⇒ ac − bd = p, bc + ad − bd = 0
√
and using ρ = − 12 + 12 −3 implies that

b b√ d d√
p = (a + bρ)(c + dρ) = a − + −3 c− + −3 .
2 2 2 2
√
Thus we have factored p in Z[ −3] if b and d are both even. What if one or both
of them are odd?
If (without loss of generality) b is odd and d is even, then ac = p + bd is odd, so a

and c are both odd. But then 0 = bc + ad − bd ≡ 1 + 0 − 0 ≡ 1 (mod 2), which is
impossible.
On the other hand, if both b and d are odd, then bd is odd, and then ac = p + bd is
even, so at least one of a and c must be even. In addition, since b ≡ d ≡ 1 (mod 2),
we get 0 = bc + ad − bd ≡ c + a + 1 (mod 2), so c + a ≡ 1 (mod 2), and we may
assume without loss of generality that a is odd and c is even. But then
p = (a + bρ)(c + dρ)
= ρ3 (a + bρ)(c + dρ)
= ρ(a + bρ) · ρ2 (c + dρ)
= (aρ + bρ2 ) · (cρ2 + d)
= (−b + (a − b)ρ) · (d − c − cρ),
and now the coefficients
√ of ρ are both even, so this is a factorization of p into two
elements of Z[ −3]! We have thus√ proved a lemma: a prime integer p is not prime
in Z[ρ] ⇐⇒ p is not prime in Z[ −3]. An example of this is
7 = (3 + ρ)(2 − ρ)
= ρ(3 + ρ) · ρ2 (2 − ρ)
= (3ρ + ρ2 ) · (2ρ2 − 1)
= (−1 + 2ρ) · (−3 − 2ρ)
√ √
= (−2 + −3) · (−2 − −3).
√
We thus have used the arithmetic and the geometry of Z[ρ] ⊇ Z[ −3] to conclude
that for any prime p > 3, we have
√

√ √ √
It turns out that something
similar
can be done for Z[ 5], Z[ −7] and Z[ −11].
√ √
The rings Z[ 5] and Z 1+2 5 are explored in Project G; as subrings of R, these
may be more comfortable rings for you to explore,√ but the geometry
√ is hard to deal
with. On the other hand, the complex
√ rings Z[ −7] and
√ Z[ −11] form rectangular
lattices in the plane, just as Z[ −3] does. Just as Z[ −3] looked
√ like the√Gaussian
integers, but stretched in the vertical direction, so too do Z[ −7] and Z[ −11]; see
Figures 14 and 15. The comparisons and contrasts between these rings are explored
in the exercises.
√ √
Figure 14: The lattices Z[ −7] and Z −1+2 −7
Exercises
√
1. Factor 13 into primes in Z[ρ] and in Z[ −3].
√
√
√ √
Figure 15: The lattices Z[ −11] and Z −1+2 −11
4. Factor 20 + 31ρ into primes in Z[ρ].

√ √
5. Factor 20 + 31 −3 into primes in Z[ −3] and in Z[ρ].
√ √
6. Factor 83 + 13 −3 into primes in Z[ −3] and in Z[ρ].
√
√ the GCD of a = 16 + 25 −3
7. In Exercise 3 on√page 143 you were asked to find
and b = 18+22 −3 using the arithmetic of Z[ −3]. The Euclidean algorithm
took eight steps and the norms of the remainders were 652, 49, 36, 25, 16, 9,
4, and 1. What happens when you use the Euclidean algorithm in Z[ρ] to do
the same problem? Find the amazing array for ab and solve ax + by = (a, b)
for x and y in Z[ρ].
8. The prime 241 is in the form 1 (mod 6). Show that it can be written as
241 = a2 + 3b2 as well as in the form 241 = c2 − cd + d2 . Are your solutions
unique (up to sign)?
9. The prime 439 is in the form 1 (mod 6). Show that it can be written as
439 = a2 + 3b2 as well as in the form 439 = c2 − cd + d2 . Are your solutions
unique (up to sign)?
10. Use le carré above and mimic Exercise 3 in Section 39 to show that there are
infinitely many primes of the form 6k + 1.
11. Write an analog of Theorem 21 for the ring Z[ρ]. Include a characterization
√
12. Write an analog of Theorem 21 for the ring Z[ −3]. Include a characterization
13. The powers of ρ are ρ0 = 1, ρ1 = ρ, ρ2 = −ρ − 1, ρ3 = 1, and so on; they

repeat in a cycle of three, since ρ3 = 1. On the other hand, the powers of
the golden ratio, ω, obey the rule ω k+1 = Fk + Fk+1 ω, where Fk is the kth
Fibonacci number (see Exercise 12, page 24 for a definition).
(a) Show that ω k+1 = Fk + Fk+1 ω, where Fk is the kth Fibonacci number.
√
−1 + −7 √
(b) In analogy with ρ, define θ = , and show that Z[θ] ⊇ Z[ −7].
2
Then find the first eight powers of θ in the form θ k = ak θ + bk . Do you
see a pattern to the ak s or the bk s?
√
−1 + −11 √
(c) Now define η = , and show that Z[η] ⊇ Z[ −11]. Then find
2
the first eight powers of η in the form η k = ck η + dk . Do you see a
pattern to the ck s or the dk s?
√ √ √
14. In Z[ −7], 8 = (1 + −7)(1 − −7) = 23 is an example of a number that
has more than one factorization into primes.
√ √ √
(a) Show that 1 + −7, 1 − −7, and 2 are all primes in Z[ −7].
(b) Factor 8 into primes in Z[θ].
15. In Z[i], the multiples of w form a square lattice, and it was relatively easy
to use geometry to see that the largest possible norm of a remainder was
2 the norm of w. For Z[ρ] the corresponding picture is a rhombus, and
1
the calculations involved are rather more complicated. Figure 16 shows four
multiples of w: w · (q1 + q2 ρ), w · ((q1 + 1) + q2 ρ), w · (q1 + (q2 + 1)ρ), and
w·((q1 +1)+(q2 +1)ρ). When z lies inside this rhombus, one of these multiples
should be chosen so as to minimize the norm of the remainder: in region III
choose w ·(q1 +q2 ρ), in region II choose w ·(q1 +(q2 +1)ρ), etc. The two points
where three regions meet give the largest possible remainder; they 0 correspond,
1
in the notation given in the proof on page 183, to {
1 ,
2 } = 13 , 23 , which
corresponds to a norm (for
i +
j ρ) of 4−2+1 9 = 39 = 13 . Your goal in this
problem is to justify all these statements, thus proving that Z[ρ] has a division
algorithm.
(a) Verify that the points in Figure 17 are labeled correctly in terms of
1
and
2 .
(b) Write down inequalities on
1 and
2 that describe each of the areas I,
II, III, and IV. For example, the inequalities that describe the rhombus
itself are 0 ≤
1 ≤ 1 and 0 ≤
2 ≤ 1.
(c) Use geometry (recall that the norm in Z[ρ] corresponds to geometric
1
length, squared) to show that the largest possible norm (which is 3 )
1 2 2 1
occurs at the points (
1 ,
2 ) = 3 , 3 and (
1 ,
2 ) = 3 , 3 .
(d) Use multivariable calculus (or algebra? or anything else) to show that
the function f (
1 ,
2 ) =
21 −
1
2+
22 attains its maximum
value in
Region III at the points (
1 ,
2 ) = 13 , 23 and (
1 ,
2 ) = 23 , 13 .
(e) Use multivariable calculus (or algebra? or anything else) to show that
the function f (
1 ,
2 ) = (1 −
1 )2 − (1 −
1 )(1 −
2 ) + (1 −
2 )2 attains

its maximum 2 1value
in Region IV at the points (
1 ,
2 ) = 13 , 23 and
(
1 ,
2 ) = 3 , 3 .
Figure 16: Multiples of w in Z[ρ]
Figure 17: Coordinates in terms of

1 and
2
(f) Use multivariable calculus (or algebra? or anything else) to show that
the function f (
1 ,
2 ) = (1 −
1 )2 − (1 −
1 )
2 +
22 attains its maximum
value in Region I at the point (
1 ,
2 ) = 23 , 13 .
(g) Use multivariable calculus (or algebra? or anything else) to show that
the function f (
1 ,
2 ) =
21 −
1 (1 −
2 ) + (1 −
2 )2 attains its maximum
value in Region II at the point (
1 ,
2 ) = 13 , 23 .
You may find Figure 18 helpful to think about as you work on this problem;
it shows four parallelograms surrounding the point w · (q1 + q2 ρ), rather than
just one parallelogram. The reasons for the strange shapes shown in Figure 17
are perhaps clearer now.
Figure 18: Coordinates in terms of

1 and
2
16. Using the definitions in Exercise 13, we know that given two elements of the
ring Z[θ], z and w, with w = 0, then we can find q ∈ Z[θ] and
=
1 +
2 θ ∈
Q[θ], such that wz = q +
and so if we define r = w
, we have z = qw + r. We
would like to assert that N (r) < N (w); this will show that Z[θ] has a division
algorithm.
(a) Using algebra, show that since |

1 | ≤ 12 and |
2 | ≤ 12 , N (r) < N (w).
You may want to use two cases: one where
1 = 12 =
2 , and all other
situations.
(b) Use Figure 19 to show that in fact N (r) ≤ 47 N (w). Here points A, B,
√
C, and D form a rectangle as elements of Z[ −7] which are multiples
of w, E ∈ Z[θ] lies at the center of that rectangle, and point P is the
worst possible case, the point equidistant from points A, D, and E. In
analogy with Figure 18, Figure 20 shows how four parallelograms with
corners at elements of Z[θ] join to form a hexagonal region closest to one
multiple of w.
17. Exercise 16 showed that Z[θ] has a division algorithm and thus has unique
factorization. Write an analog of Theorem 21 (page 150) for the ring Z[θ].
√
Figure 19: Geometry of Z[ −7] and Z[θ]
√
Figure 20: Geometry of Z[ −7] and Z[θ]
Include a characterization of which prime integers split, and which prime

integers are inert.
18. Factor 23 + 31θ into primes in Z[θ].
19. Factor 27 − 37θ into primes in Z[θ].
20. Suppose p is a prime integer, p = 2, p = 7, and p factors non-trivially in Z[θ]

(defined in Exercise 13).
(a) Show that p can be written as p = a2 − ab + 2b2 .

(b) Show that a is odd.
(c) Show that a is odd =⇒ b is even.
√
(d) Conclude that p can be factored non-trivially in Z[ −7].
(e) Write down le carré for Z[θ]. Then demonstrate how each of the four
statements applies specifically to the primes p = 79, 277, and 617 (see
Exercise 1 on page 160 if you need an example).
√
(f) Write down le carré for Z[ −7]. Then demonstrate how each of the four
21. Using the definitions in Exercise 13, we know that given two elements of the
ring Z[η], z and w, with w = 0, then we can find q ∈ Z[η] and
=
1 +
2 η ∈
Q[η], such that wz = q +
and so if we define r = w
, we have z = qw + r. We
would like to assert that N (r) < N (w); this will show that Z[η] has a division
algorithm. An algebraic proof is elusive, but using geometry we can prove it.
Use Figure 21 to show that in fact N (r) ≤ 11
9
N (w). Here points A, B, C, and
√
D form a rectangle as elements of Z[ −11] that are multiples of w, E ∈ Z[η]
lies at the center of that rectangle, and point P is the worst possible case,
the point equidistant from points A, D, and E. In analogy with Figure 18,
√
Figure 21: Geometry of Z[ −11] and Z[η]
Figure 22 shows how four parallelograms with corners at elements of Z[η] join
to form a hexagonal region closest to one multiple of w.
22. Exercise 21 showed that Z[η] has a division algorithm and thus has unique
factorization. Write an analog of Theorem 21 (page 150) for the ring Z[η].
Include a characterization of which prime integers split, and which prime
integers are inert.
√
Figure 22: Geometry of Z[ −11] and Z[η]
√ 27 − 34η into primes in Z[η]. Also factor 27 − 34η into primes in

23. Factor
Z[ −11].
√ 35 + 114η into primes in Z[η]. Also factor 35 + 114η into primes in

24. Factor
Z[ −11].
√
√ the rings Z[η] and Z[ −11]
25. The relationship between √is not as simple as that
between Z[ρ] and Z[ −3], or between Z[θ] and Z[ −7]. In particular, we
have primes like 31 that can be written as 31 = a2 − ab + 3b2 but cannot be
written as 31 = c2 + 11d2 . In fact, odd primes p = 11 now fall into one of
three categories:
p can be written p = a2 − ab + 3b2 , p can’t be written

both ways p = c2 + 11d2 either way
47, 53, 103, 163, 199, 3, 5, 23, 31, 37, 7, 13, 17, 19, 29,
257, 269, 311, 397, 401, 59, 67, 71, 89, 97, 41, 43, 61, 73, 79,
419, 421, 499, 587, 599, 113, 137, 157, 179, 181, 83, 101, 107, 109, 127,
617, 683, 757, 773, 863, 191, 223, 229, 251, 313, 131, 139, 149, 151, 167,
883, 907, 911, 929, 991, 317, . . . 173, . . .
1021, . . .
(a) Suppose p is a prime integer, p = 2, p = 11, and p factors non-trivially

in Z[η] (defined in Exercise 13). Show that p can be written as p =
a2 − ab + 3b2 .
(b) Write down le carré for Z[η]. Then demonstrate how each of the four
√
(c) Write down le carré for Z[ −11] (“le carré manqué”? There will not be
four double implications for this le carré). Then demonstrate how each
of the four statements applies specifically to the primes p = 53, 251, and
401 (see Exercise 1 on page 160 if you need an example).
√ √
26. Building on Exercises 21 and 25, note that 1 + 2 −11 ∈ Z[ −11] has norm
45 = 32 · 5.
√ √ √
(a) Show that 1 + 2 −11, 1 − 2 −11, 3, and √ 5 are all primes in Z[ −11], so
that 45 is an example of an element in Z[ −11] which has two different
factorizations into primes.
√
(b) Factor 1 + 2 −11 = 3 + 4η into primes in Z[η].
47. Calculating the Legendre symbol (easiest way) 193
√
(c) Factor 1 − 2 −11 = −1 − 4η into primes in Z[η].
(d) Factor 45 into primes in Z[η].
√ √
27. (a) Factor −4 + 15 −11 into primes in Z[ −11].
√
(b) Factor −4 + 15 −11 = 11 + 30η into primes in Z[η].
(c) What is the connection between the answers in parts (a) and (b)?
47 Calculating the Legendre symbol (easiest way)
Finally, we state and prove the lemma:
Lemma 13 If p and q are positive odd integers such that (p, q) = 1, we have
2 * + 2 * +
p−1 q−1

qx
py p−1 q−1
+ = .
x=1
p y=1
q 2 2
Proof . Let’s graph the point (p, q) and look at the rectangle defined by 0 < x < p2 ,
Figure 23: Lemma 13 in the case p = 23, q = 17
0 < y < q2 (outlined in dashed lines in Figure 23). We want to count the number
of integer points in this rectangle. Hence we must count the points (x, y) such that
x and y are integers and
p p−1
0<x< =⇒ 1 ≤ x ≤
2 2
and
q q−1
0<y< =⇒ 1 ≤ y ≤ .
2 2
q−1
There are clearly p−1
2 2 such points. Now we will count the points in a
different way, and so get the equality we want. We will count how many points
are below the line from (p, q) to the origin, and then count how many points are
above, and get the two sums we need. This is similar to the work we did in proving
Lemma 12. Since (p, q) = 1, there are no integer points on the boundary between
the two triangles. Below the line y = pq x, we get
2
* +
p−1
qx
number of points in the lower triangle = .
x=1
p
Similarly, above the line (which also has equation x = pq y), we have
2 * +
q−1

py
number of points in the upper triangle = .
y=1
q
Thus the lemma is proved.
This is the last step we need to prove the law of quadratic reciprocity:
Theorem 28 (The Law of Quadratic Reciprocity) If p and q are distinct odd

primes, we have ⎧
⎪ ⎪
⎨−
q
if p ≡ q ≡ 3 (mod 4)
p p
=
q ⎪
⎪ q
⎩ otherwise.
p

q p
Proof . We have already proved that p q = (−1)R (−1)Q where
2 * + 2 * +
p−1 q−1

qt
pk
R= and Q= .
t=1
p q
k=1
q−1
But then since Lemma 13 tells us that R + Q = p−12 2 , we have that

q p p−1 q−1
= (−1)( 2 )( 2 ) .
p q
p−1
But (−1)( 2 )( q−1
2 ) = +1 if the exponent is even, −1 if the exponent is odd. We
have
p−1 p−1
p ≡ 1 (mod 4) ⇐⇒ p = 4k + 1 ⇐⇒ = 2k ⇐⇒ is even
2 2
p−1 p−1
p ≡ 3 (mod 4) ⇐⇒ p = 4k + 3 ⇐⇒ = 2k + 1 ⇐⇒ is odd.
2 2
p−1
The only way to get an odd exponent is if both 2 and q−1 2 are odd. Thus
p−1 q−1
(−1)( 2 )( 2 ) = −1 ⇐⇒ p ≡ q ≡ 3 (mod 4), and it is +1 otherwise. Hence we
have
q p −1 if p ≡ q ≡ 3 (mod 4)
=
p q +1 otherwise.

We can now multiply both sides of the equation by pq , and remembering that

p = ±1 so when it is squared it is always +1, we get what we needed to prove.
q
47. Calculating the Legendre symbol (easiest way) 195

613
Example. Let’s calculate :
1031

613 1031
=
1031 613

418
=
613

2 11 19
=
613 613 613

613 613
= (−1)
11 19

8 5
= (−1)
11 19

2 4 19
= (−1)
11 11 5

4
= (−1)(−1)
5
= +1
so we know that we can solve x2 ≡ 613 (mod 1031). (The solution is x ≡ ±252
(mod 1031), but I used a computer to find it!)

698
Example. Let’s try :
1129

698 2 349
=
1129 1129 1129

1129
= (+1)
349

82
=
349

2 41
=
349 349

349
= (−1)
41

21
= (−1)
41

3 7
= (−1)
41 41

41 41
= (−1)
3 7

2 −1
= (−1)
3 7
= (−1)(−1)(−1)
= −1
so 698 is not a quadratic residue (mod 1129). Even my computer can’t solve x2 ≡
698 (mod 1129)!

457
Example. Let’s try :
1229

457 1229
=
1229 457

−142
=
457

−2 71
=
457 457

457
= (+1)
71

31
=
71

71
= −
31

9
= −
31
= −1
so 457 is not a quadratic residue (mod 1229).
Exercises

1019
1. Calculate the Legendre symbol .
3343

1741
3343

1913
3571

6442
4259

3557
4523

4855
5087
7. How many solutions does x2 + 41x − 15 ≡ 0 (mod 3343) have?
8. How many solutions does 3x2 + 2900x + 3291 ≡ 0 (mod 5087) have?

14 14
9. Give a criterion on the prime p for when = +1 and when = −1.
p p
48. The Jacobi symbol 197
a
10. It turns out that = +1 for a = 1, 2, 3, . . . , 6.
71
(a) Verify that this is so.
(b) Prove that p = 71 is the smallest positive prime for which this is so.
a
311
a
479
48 The Jacobi symbol
It might seem that with the law of quadratic reciprocity we have reached a peak
for this book, and we have. But as in mountaineering, so in mathematics: there
are always other peaks to conquer. A relatively modest new peak is to generalize
the Legendre symbol to cases where the lower number is not a prime. For technical
reasons we still require that the lower number be odd.
a
Definition 30 For a ∈ Z and n an odd integer, we define the Jacobi symbol, ,
n
by
a a e1 a e2 a e3 ek
a
= ···
n p1 p2 p3 pk
where n = pe11 pe22 pe33 · · · pekk is the prime factorization of n.

14
Example. We may calculate by calculating
45
2 2
14 14 14 14 2 4
= = = = (−1)2 (+1) = +1.
45 32 · 5 3 5 3 5
Now, why would we care about this new calculation? It is tempting to say that
we are answering the question “Does x2 ≡ a (mod n) have a solution?”, but that
is not quite correct. Reflecting on the Chinese remainder theorem and Hensel’s
lemma, we should see that the equation x2 ≡ a (mod n) has a solution if and only
if the equation x2 ≡ a (mod pi ) has a solution for each prime
pithat appears in
14
the prime factorization of n. Thus in our example, we got = +1, but we
45
still cannot solve the equation x2 ≡ 14 (mod 45), since we cannot solve the simpler
equation x2 ≡ 14 (mod 3). However, we can see that if we get −1 as an answer for
a Jacobi symbol, we must have at least one −1 for one of the constituent primes,
and so in fact we cannot solve the corresponding quadratic equation. So the Jacobi
symbol gives us a partial answer to the question “Does x2 ≡ a (mod n) have a
a a
solution?”; if = −1, the answer is no, and if = +1, the answer is maybe,
n n
but we will have to do more work to find out.
All the rules we have developed for the Legendre have analogs for the Jacobi symbol:
Proposition 46 Let P and Q be odd integers. Then
a a
1. if P is a prime, then the Legendre symbol and the Jacobi symbol
P P
have the same value
a
2. if the equation x2 ≡ a (mod P ) has a solution, then = +1
P
a
b
3. if a ≡ b (mod P ), then =
P P
a b
ab
4. for integers a and b, =
P P P
a a
a
5. =
PQ P Q

−1 P −1
6. = (−1) 2
P

2 P 2 −1
7. = (−1) 8
P

P Q P −1 Q−1
8. = (−1) 2 · 2
Q P
The first property follows directly from the definition. The other properties may
be proved directly from the corresponding properties for the Legendre symbol.
Leaving the proofs to the exercises, we illustrate how the Jacobi symbol (by avoiding
factorization) simplifies calculations.

2341
Example. Let’s calculate the Jacobi symbol . We can use rule 8 immedi-
9873
ately, and then rule 3, to get

2341 9873 509
= = .
9873 2341 2341
Flipping and reducing again, we get

2341 509 2341 305
= = = .
9873 2341 509 509
And then flipping and reducing again, we get

2341 305 509 204
= = = .
9873 509 305 305
Now we factor out a 4 and use rule 2:

2341 204 4 51 51
= = = (+1) .
9873 305 305 305 305
Again we flip and reduce to get

2341 51 305 −1
= = = ,
9873 305 51 51
and by rule 6 this is −1, so the equation x2 ≡ 2341 (mod 9873) has no solutions.

1234
Example. Let’s calculate the Jacobi symbol . First we factor a 2 out of
8765
2 617
the top, and then use rule 7 to evaluate and rule 8 to flip :
8765 8765

1234 2 617 8765
= = (−1) .
8765 8765 8765 617
We use rule 3 to reduce 8765 (mod 617), and then flip the result to get

1234 8765 127 617
=− =− =− .
8765 617 617 127
We use rule 3 again, and then flip again to get

1234 617 109 127
=− =− =− .
8765 127 127 109
After reduction this time, we can factor out a 2 to get

1234 127 18 2 9
=− =− =− .
8765 109 109 109 109
And now rule 2 and rule 7 finish the calculation:

1234 2 9
=− = −(−1)(+1) = +1.
8765 109 109
Here we see that we have to do more work (namely, factor 8765 = 5 · 1753) to see
if 1234 is a perfect square in Z/8765Z. Since

1234 1234 1234
=
8765 5 1753
and
1234 4
= = +1,
5 5

1234
we can infer that = +1 as well, and thus since 1234 is a perfect square
1753
in both Z/5Z and in Z/1753Z, we have two solutions in each prime modulus, and
thus there are four solutions in Z/8765Z. (A quick computer search shows that the
solutions are {232, 3738, 5027, 8533}, which could be written as {±232, ±3738}.)
Exercises

1019
1. Calculate the Jacobi symbol . How many solutions are there to x2 ≡
1419
1019 (mod 1419)?

1741
2485
1742 (mod 2485)?

1913
3579
1913 (mod 3579)?

3579
4807
3579 (mod 4807)?

6535
5005
6535 (mod 5005)?

4855
9699
4855 (mod 9699)?

8047
9699
8047 (mod 9699)?

9577
9699
9577 (mod 9699)?

39790
9. Calculate the Jacobi symbol . How many solutions are there to
49049
x2 ≡ 39790 (mod 49049)?
p p
10. (a) Give a criterion on the prime p for when = +1 and when =
35 35
−1.
(b) Formulate a rule for how many solutions x2 ≡ p (mod 35) has.
p p
75 75
−1.
p p
105 105
−1.
13. (a) Prove rule 2 in Proposition 46.

a
(b) Assume = +1. Can you give a formula for how many solutions
P
x ≡ a (mod P ) has?
2
14. Prove rule 3 in Proposition 46.


Chapter 6
Further Topics
49 When Z/nZ has a primitive root
We wish to see under what circumstances Z/nZ has a primitive root. Based on
numerical evidence, you should have already conjectured that this happens if and
only if n = 2, n = 4, n = pm for p an odd prime and m ∈ N, or n = 2pm for p an
odd prime and m ∈ N. Let’s see why it is true in the case when n is a prime.
Theorem 29 Let p > 0 be an odd prime. Then there exist exactly ϕ(p − 1) units
r ∈ (Z/pZ)× such that ordp (r) = p−1. In other words, Z/pZ has ϕ(ϕ(p)) primitive
roots.
The proof makes extensive use of polynomials and Lagrange’s theorem. We seek
r ∈ (Z/pZ)× such that r p−1 ≡ 1 (mod p), but r k ≡ 1 (mod p) for 1 ≤ k ≤ p − 2.
We require three lemmas.
Lemma 14 Let r, s ∈ N be such that r|s. Then (xr − 1)|(xs − 1) as polynomials;

that is, there exists P (x) ∈ Z[x] such that (xr − 1)P (x) = xs − 1.
Proof . Because r|s =⇒ s = r · w for some positive integer w we have
(xr − 1)(xr(w−1) + xr(w−2) + xr(w−3) + · · · + x2r + xr + 1) = xrw − 1 = xs − 1,
since multiplying out the left-hand side reveals that all the cross-terms cancel one
another.
Lemma 15 Let p be a positive prime, and let a ∈ (Z/pZ)× . Then
ak ≡ 1 (mod p) ⇐⇒ ordp (a)|k.
203
204 Chapter 6. Further Topics
Proof . Suppose ordp (a)|k, so k = ordp (a)·m. Then ak ≡ aordp (a)·m ≡ (aordp (a) )m ≡
1m ≡ 1 (mod p). Going in the other direction, suppose ak ≡ 1 (mod p), and use
the division algorithm to find integers q and r such that
k = ordp (a)q + r, 0 ≤ r < ordp (a).
Then 1 ≡ a ≡ a
k
≡ (a
ordp (a)q+r
) · a ≡ ar (mod p). If r > 0 we would have
ordp (a) q r
a contradiction of the definition of ordp (a) as the smallest positive power of a that
gives 1. Thus we must have r = 0, so ordp (a)|k.
Lemma 16 Suppose a, b ∈ Z/mZ for some positive integer m, and suppose r =

ordm (a), s = ordm (b), with (r, s) = 1. Then ordm (a · b) = r · s. That is, the order
of a product is the product of the orders, if those orders are relatively prime.
Proof . Let ordm (a · b) = t. Clearly (a · b)rs ≡ (ar )s · (bs )r ≡ 1 (mod m), so by the
last lemma we have t|rs. But we also have 1 ≡ ((a·b)t )s ≡ ats ·(bs )t ≡ ats (mod m),
so r|ts by the previous lemma. It follows that r|t, since (r, s) = 1. Similarly, it can
be shown that s|t (by considering ((a · b)t )r ). Another use of the fact that (r, s) = 1
shows that rs|t. And thus we have that r · s = t, which was to be proved.
t e
Proof of Theorem. Now let p − 1 = j=1 qj j = q1e1 q2e2 q3e3 · · · qtet be the prime
factorization of p − 1. Consider the polynomial f (x) = xp−1 − 1 ∈ Z/pZ[x]. By
Fermat’s little theorem, we know that f has roots 1, 2, 3, . . . , p − 1. By Lagrange’s
theorem f has at most pe − 1 roots, so this must be all of them. Now consider the
polynomial gj (x) = xqj − 1 in Z/pZ[x]. By Lemma 14, there is a polynomial
j
Pj such that gj (x)Pj (x) = f (x). Thus any root of gj is a root of f , and Pj has
e e
degree p − 1 − qj j . By Lagrange’s theorem, gj has at most qj j roots, and Pj has
e
at most p − 1 − qj j roots. But f has p − 1 roots and there are no zero-divisors
e
in Z/pZ, so of these p − 1 roots, exactly qj j of them must be roots of gj (the rest
ej
being roots of Pj ). Now consider the roots of gj . Each of them satisfies r qj ≡ 1
e e
(mod p), so each one has an order that divides qj j . The only divisors of qj j are of
e
the form qjs , 0 ≤ s ≤ ej . If every root of gj had order strictly less than qj j , then each
ej −1
e −1 e
order would divide qj j , and we would have qj j roots for the polynomial xqj −1,
e −1
which has at most qj j roots by Lagrange’s theorem. Thus there must exist exactly
e e −1 e e
qj j − qj j = ϕ(qj j ) elements of (Z/pZ)× that have order exactly qj j . Proceeding
in this fashion with each of the primes q1 , q2 , q3 , . . . , qt , we see that there are
ϕ(qkek ) elements of (Z/pZ)× with order qkek for each k, 1 ≤ k ≤ t. We can therefore
use Lemma 16 to produce exactly ϕ(q1e1 )ϕ(q2e2 ) · · · ϕ(qtet ) = ϕ(p − 1) elements of
(Z/pZ)× of order q1e1 q2e2 q3e3 · · · qtet = p − 1; namely, the products. These products
are the sought-for primitive roots. We have thus shown (in a semi-constructive
fashion) that for primes p, (Z/pZ)× always has ϕ(p − 1) primitive roots. The fact
that each of these products is different from all the others is left to the reader (see
Exercise 7).
49. When Z/nZ has a primitive root 205
As an illustration, let’s find a primitive root of 109. We have ϕ(109) = 108 = 22 ·33 ;
thus we seek two elements, one of order 4 and the other of order 27. We start by
finding the order of 2, because 2 is small and therefore easy to calculate with. The
powers of 2 (mod 109) are 2, 4, 8, 16, 32, 64, 128 = 19, 38, 76, 152 = 43, 86 = −23,
−46, −92 = 17, 34, 68, 136 = 27, 54, 108 = −1, and then it is clear we will get the
additive inverses until we get 236 = 1. Thus ord109 (2) = 36. We can get a unit of
order 4 by raising 2 to the ninth power: ord109 (29 ) = ord109 (76) = 4. If we do the
same with 3 we get 3, 9, 27, 81 = −28, −84 = 25, 75, 225 = 7, 21, 63, 189 = −29,
−87 = 22, 66, 198 = −20, −60, −180 = 38, 114 = 5, 15, 45, 135 = 26, 78, 234 = 16,
48, 144 = 35, 105 = −4, −12, −36, −108 = 1. So ord109 (3) = 27. And thus by our
theorem we know that ord109 (76 · 3) = ord109 (10) = 108, so 10 is a primitive root
modulo 109.
Let’s try again in (Z/151Z)× . Then ϕ(151) = 150 = 2 · 3 · 52 . The powers of 2

are 2, 4, 8, 16, 32, 64, 128 = −23, −46, −92 = 59, 118 = −33, −66, −132 = 19,
38, 76, 152 = 1, so ord151 (2) = 15. The powers of 3 are 3, 9, 27, 81, 243 = −59,
−177 = −26, −78 = 73, 219 = 68, 204 = 53, 159 = 8, 24, 72, 216 = 65, 195 = 44,
132 = −19, −57, −171 = −20, −60, −180 = −29, −87 = 64, 192 = 41, 123 = −28,
−84 = 67, 201 = 50, 150 = −1, etc., so ord151 (3) = 50. Thus ord151 (9) = 25, and
ord151 (32) = 3. In any modulus, we have ordp (−1) = 2, and so we may use this
to see that ord151 (−1 · 9 · 32) = ord151 (14) = 150, so 14 is a primitive root modulo
151.
It is, of course, easily checked that (Z/2Z)× and (Z/4Z)× have primitive roots.
How can we show that we get primitive roots not just when the modulus is a prime
p but also when the modulus is a prime power pm (where p is odd and m ∈ N)?
Here our theorem about lifting roots (see Theorem 13 on page 106) is a key tool.
Given a prime power pm , p odd, we seek r ∈ Z/pm Z with order ϕ(pm ), that is, for
m
which r ϕ(p ) ≡ 1 (mod pm ), but r k ≡ 1 (mod pm ) for smaller powers k. We know
that ϕ(pm ) = pm−1 (p − 1), and since (pm−1 , p − 1) = 1, we will work on each term
separately (and then use Lemma 16 to find the r that we seek).
We will start by showing that an element of order pm−1 exists. For technical
t
reasons, we turn our attention to the polynomial g(x) = xp − 1; we will specify t
later. Once again, we start with Z/pZ and see if we can lift any roots we find up
to Z/pm Z. In this case, we use Corollary 4 to Fermat’s little theorem (page 117).
That corollary tells us that raising elements of Z/pZ to the pth power has no effect,
t
and thus if we do that t times, we see that ap = (· · · (((ap )p )p ) · · · )p ≡ a (mod p)
t
for any integer. Thus we see that the only root of g(x) = xp − 1 in Z/pZ is the
number 1 itself. Moreover, g (1) = pt (1)p −1 ≡ 0 (mod p), and since 1 is a root of
t
g(x) in any modulus, we see that 1 splits into p roots in Z/p2 Z: namely the roots
x = 1, 1 + p, 1 + 2p, . . . , 1 + (p − 1)p. What happens at the next step, when we try
to raise these roots to Z/p3 Z? Well, the derivative is still 0 (mod p), so we have
to see whether the roots we have, which are roots in Z/p2 Z, are still roots of the
polynomial g(x) in Z/p3 Z. We calculate
1
g(1 + kp) = g(1) + (kp)g (1) + (kp)2 g (1) + · · · ≡ g(1) ≡ 0 (mod p3 ),
2
since all the formal derivatives are divisible by pt , and thus we get zero (so long as
t ≥ 2). In fact, we claim that this situation obtains at all levels up to pt : suppose r
is a root of g(x), (mod pj ), with j ≤ t. Then we know r = 1 + kp for some integer

k, and
1
g(r) = g(1 + kp) = g(1) + (kp)g (1) + (kp)2 g (1) + · · · ≡ g(1) ≡ 0 (mod pj+1 )
2
since each term after the first has at least t + 1 ≥ j + 1 ps in it. Thus the roots keep
splitting as we move upwards, and we have pt roots of g in Z/pt+1 Z. Now suppose
we go one step further, to Z/pt+2 Z. If r is a root of g(x) (mod pt+1 ), then we see
that again g (r) ≡ pt (t)p −1 ≡ 0 (mod p), but now
t
1
g(r) = g(1 + kp) = g(1) + (kp)g (1) + (kp)2 g (1) + · · · ≡ g(1) + (kp)pt
2
≡ kpt+1 (mod pt+2 ).
Thus roots will only lift if p|k, so all the roots of the form 1 + jp2 (of which there
are pt−1 ) split into p roots each in Z/pt+2 Z; all the other roots don’t lift at all. So
we end up with pt roots of g(x) in Z/pt+2 Z.
The payoff to all of these calculations is this: in Z/pm Z we know we have pm−1
m−1
roots of the polynomial xp − 1. However, these roots may not have order pm−1 ;
the order of any particular root could be smaller. But now (here we are using the
same reasoning we used in the proof of Theorem 29), any order of such a root must
divide pm−1 , and so in fact any order smaller than pm−1 will be a divisor of pm−2 .
m−1
Thus any root of the polynomial f (x) = xp − 1 that does not have order pm−1
m−2
will be a root of the polynomial g(x) = x p
− 1. But there are only pm−2 roots
of g, while f has p m−1
roots. Thus there must be pm−1 − pm−2 = ϕ(pm−1 ) roots of
m−1
f that have order p . We will use them to build our primitive roots modulo pm .
So now we try to find an element of order p−1, by looking at roots of the polynomial
q(x) = xp−1 −1. Clearly there are p−1 roots of this polynomial in Z/pZ, by Fermat’s
little theorem, and these roots are all prime to p. Now q (x) = (p − 1)xp−2 , so
q (u) ≡ 0 (mod p) for any of the units in Z/pZ, so each of these roots lifts uniquely
up to Z/p2 Z, and then up to Z/p3 Z, etc., all the way to Z/pn Z. Thus the polynomial
q(x) has exactly p − 1 roots in Z/pm Z; in fact, all these roots are units in Z/pm Z,
since they each lifted from a unit in Z/pZ, and thus each root is relatively prime
to p. Once again we face the issue of whether these units have order p − 1, or some
smaller number (which necessarily divides p − 1, by Lemma 15). And here we are
going to wave our hands a little. (That’s what mathematicians say when they are
going to sketch a proof and skip some important details.) Everything we have said
above about roots of q(x) = xp−1 − 1 is true of roots of s(x) = xd − 1, with d|p − 1.
Using this fact repeatedly, we can see that the number of units of order d, with
d|(p − 1), stays the same as we lift from Z/pZ to Z/p2 Z, to Z/p3 Z, etc. Since there
are ϕ(p − 1) roots of q(x) with order p − 1 in Z/pZ (namely, the primitive roots
modulo p), and they each lift uniquely at each level, we end up with ϕ(p − 1) units
of order p − 1 in Z/pn Z.
Multiplying the ϕ(pm−1 ) elements of order pm−1 by the ϕ(p − 1) elements of order
p − 1 gives us exactly ϕ(pm−1 )ϕ(p − 1) = ϕ(pm−1 (p − 1)) = ϕ(ϕ(pm )) elements of
order pm−1 (p − 1) = ϕ(pm ), namely, the primitive roots modulo pm . We have thus
(mostly) proven the
49. When Z/nZ has a primitive root 207
Proposition 47 Let p > 0 be an odd prime. Then there exist exactly ϕ(ϕ(pm ))
units r ∈ (Z/pm Z)× such that ordp (r) = ϕ(pm ). In other words, Z/pm Z has
ϕ(ϕ(pm )) primitive roots modulo pm .
As an illustration, consider Table 7, which shows how many elements of the specified
orders each ring has. Notice that the numbers of elements of orders dividing 12 =
p − 1 don’t change at any level.
ring\order 1 2 3 4 6 12 13 132 133

Z/13Z 1 1 2 2 2 4 0 0 0
Z/132 Z 1 1 2 2 2 4 12 0 0
Z/133 Z 1 1 2 2 2 4 12 156 = 12 · 13 0
Z/134 Z 1 1 2 2 2 4 12 156 = 12 · 13 2028 = 12 · 132
Table 7: Table of significant orders occurring in the rings Z/13k Z
Finally, this leads to the following Theorem.
Theorem 30 The ring Z/mZ has a primitive root ⇐⇒ m = 2, m = 4, m = pk

where p is an odd prime and k ∈ N, or m = 2pk where p is an odd prime and k ∈ N.
Proof . See Exercises 10 and 11.
Exercises
1. Find a primitive root modulo 25.
4. Find all the primitive roots modulo 25.
5. Find all the primitive roots modulo 27.
6. Given that 10 is a primitive root modulo 109, find all the other primitive
roots modulo 109.
7. Suppose a, b, c and d ∈ (Z/mZ)× for some positive integer m, and suppose
r = ordm (a) = ordm (b) and s = ordm (c) = ordm (d), with (r, s) = 1. Show
that
ac ≡ bd (mod m) ⇐⇒ (a ≡ b (mod m) and c ≡ d (mod m)).
8. Where does the proof of Proposition 47 break down if p = 2?

9. Suppose r is a primitive root modulo p, where p is an odd prime integer.
r
Show that = −1. (This can be a quick way to eliminate a candidate for
p
being a primitive root modulo p.)
10. State and prove a proposition about the existence of primitive roots modulo
2pm , where p is an odd prime. Note that ϕ(2pm ) = ϕ(pm ).
11. (a) Prove that if m = 2j and j ≥ 3, then there are no primitive roots modulo
m.
(b) Prove that if p is an odd prime and m = 2j pk where j ≥ 2, then there
are no primitive roots modulo m.
(c) Prove that if there exist two distinct odd primes, p and q, such that
pq|m, then there are no primitive roots modulo m.
50 Minkowski’s theorem (geometry in the aid of

algebra)
Hermann Minkowski devised a very interesting geometric approach to the question

of deciding when a prime integer can be written as a sum of squares (p = a2 + b2 )
or other forms like p = a2 + 2b2 , p = a2 + 3b2 , p = a2 − ab + b2 , etc. The approach
rests on
Proposition 48 Let L be the square lattice defined by L = {(a, b) ∈ R2 : a and b

are in Z}. Let R be a convex region, symmetric about the origin. Suppose the area
of R is greater than 4. Then R contains at least one element of L that is not the
origin.
Examples of convex regions R, symmetric about the origin are given in Figure 24.
(A geometric region R is convex if, given any two points in R, the entire line segment
joining the two points lies within R.)
Figure 24: Convex regions symmetric about the origin
The proof of the theorem relies on the following idea: Let
F = {(x, y) ∈ R2 : 0 ≤ x < 1, 0 ≤ y < 1}.
This is a fundamental region for the lattice L, as for any point P = (x, y) ∈ R2 ,
there exists an element of L and a point P̂ ∈ F such that P = P̂ + . That is, any
point can be transported, via an element of L, so that it lands in F. (The point P
and the element are unique in this case, but that will not matter in what follows.)
We now expand F to
F4 = {(x, y) ∈ R2 : −1 ≤ x < 1, −1 ≤ y < 1}

50. Minkowski’s theorem (geometry in the aid of algebra) 209
and use a sub-lattice of L, namely 2L = {(2a, 2b) ∈ R2 : (a, b) ∈ L}. Given a

region R ⊆ R2 with area greater than 4, we may chop R up into pieces and use
elements of 2L to translate them back into subsets of F4 . Since R has area greater
than 4, we will inevitably get overlapping points of R in F4 . That is, we will have
points P1 = (c, d) and P2 = (r, s), both in R, such that (c, d) = (r, s) + (2a, 2b)
with a, b ∈ Z (since (a, b) ∈ L). We may now use the convexity of R and symmetry
about the origin to produce a lattice point in R that is not the origin. Details are
left to the reader. (See the exercises.)
Minkowski realized that this didn’t only apply to the square lattice defined by the
integers, but could be generalized to
Proposition 49 Let v1 and v2 be two vectors in R2 . Define L to be the lattice

defined by v1 and v2 : L = {mv1 + nv2 : m and n are in Z}. Define F to be a
fundamental region for L (often F is chosen to be the parallelogram with corners
at the origin and at the heads of the vectors v1 , v2 , and v1 + v2 ). Let R be a
convex region, symmetric about the origin. Suppose the area of R is greater than
4 · (area of F). Then R contains at least one element of L that is not the origin.
How is this used? We will use this proposition to prove that for p > 2 an odd prime
integer,
−1
= +1 =⇒ p = a2 + b2 for a, b in Z.
p
The proof proceeds as follows. Let r be a solution to the equation x2 ≡ −1 (mod p).
Then define L = {(a, b) ∈ Z2 : a ≡ br (mod p)}. An example with p = 13, r = 5
is shown below, and it can easily be shown that each point in L is of the form
m(r, 1) + n(p, 0) with m, n ∈ Z. Thus this is a lattice spanned by the vectors
(r, 1) and (p, 0), whose fundamental region has area p. Now define R to be the disk
defined by x2 + y 2 < 2p. This region has area π · 2p, which is greater than 4p, so
we see that a lattice point other than the origin lies in R. All points of L are of the
form (mr + np, m), which satisfies
x2 + y 2 = (mr + np)2 + m2 ≡ (mr)2 + m2 = m2 (r 2 + 1) ≡ 0 (mod p).
But points inside R also satisfy x2 + y 2 < 2p, so we must have a lattice point with
x2 + y 2 = p, and we are done.
We thus
have
yet another proof concerning le carré (more specifically, the implica-
tion −1
p = +1 =⇒ it is possible to write p = a2 + b2 ):
it is possible to write p = a2 + b2 ⇐⇒ p is not prime in Z[i]

−1
p ≡ 1 (mod 4) ⇐⇒ = +1.
p
One thing to point out is that we have phrased this proof in terms of points and
vectors in R2 , rather than complex numbers and elements of Z[i]. That is partially
Figure 25: The lattice L = {(a, b) ∈ Z2 : a ≡ 5b (mod 13)} and the region
x2 + y 2 < 2 · 13
to stay true to Minkowski’s original formulation, and partly to be able to use earlier
results that were phrased in terms of R2 rather than C. In what follows we √ will
consider the plane√to be R2 √rather than C, and thus write, say, the point (a, b 2)
rather than a + b −2 ∈ Z[ −2]. Hopefully this will not undercut the work we
have done getting comfortable with these rings earlier.
Now, can we generalize this argument to other carrés of this form?
√
it is possible to write ±p = a2 − db2 ⇐⇒ p is not prime in Z[ d]

d
p ≡ ??? (mod 4d) ⇐⇒ = +1.
p
We need geometrical distance to make this argument work, so it seems we may

need d to be negative. Suppose we try to prove that

−2
= +1 =⇒ p = a2 + 2b2 for a, b in Z.
p
√
We start by forming the lattice that corresponds to Z[ −2] ⊂ C, namely
M =
√
{(a, b 2) ∈ R2 : a, b ∈ Z}. If we have a prime integer p for which −2
p = +1,
then we can find an r such that r 2 ≡ −2 (mod p). We may then, as above, form a
sublattice of M , namely
√
L = {(a, b 2) ∈ M : a ≡ br (mod p)}.
√
This lattice is spanned
√ by the vectors (r, 2) and (p, 0), and thus the fundamental
region has area 2p. Once again we let R be the disk defined by x2 + y 2 < 2p. This
√
region has area π · 2p, which is greater than 4 2p, so we see that a lattice point
√
other than the origin lies in R. All points of L are of the form (mr + np, m 2),
which satisfies
x2 + y 2 = (mr + np)2 + 2m2 ≡ (mr)2 + 2m2 = m2 (r 2 + 2) ≡ 0 (mod p).
But points inside R also satisfy x2 + y 2 < 2p, so we must have a lattice point with
x2 + y 2 = p, and we are done. The case with p = 43 and r = 16 is shown in
Figure 26.
√
Figure 26: The lattice L = {(a, b 2) ∈ R2 : a ≡ 16b (mod 43)} and the region
x2 + y 2 < 2 · 43
√ √
Z[ −3] = {(a, b 3) ∈ R : a, b ∈ Z},
Now what if d = −3? We can form the lattice 2
−3
and we can find a prime integer p for which p = +1, and thus we have a solution
to the equation x2 ≡ −3 (mod p), namely, r. We can even form the sublattice
√
{(a, b 3) ∈ R2 : a ≡ br (mod p)}.
But √now we cannot

√ apply Minkowski’s theorem, since the fundamental region has
size 3p, and 4 3p > π√· 2p. This agrees with the algebraic calculations we did
earlier, showing that Z[ −3] did not have a division algorithm where we could
guarantee a remainder with a smaller radius or norm. However, just as we did in
Section 46, we can use the larger ring Z[ρ] to rescue the situation. We form the
lattice that corresponds√to Z[ρ], which simply adds a point in the center of all the
rectangles formed by Z[ −3]: let

a b√
M= , 3 ∈ R2 : a ≡ b (mod 2) .
2 2
Then we define the sublattice L as follows. First, we find a solution, s, to the

equation x2 ≡ −3 (mod p) that is also an odd integer. (This is possible because if
r is one solution, then p − r is the other solution; one of r and p − r must be odd,
since p is odd.) Then we define

a b√
L= , 3 ∈ R2 : a ≡ bs (mod 2p) .
2 2
This new lattice is a sublattice of M , since s is odd (thus a ≡ bs (mod 2p) =⇒ a ≡

b (mod
2)). But now the fundamental region is a parallelogram spanned by the vec-
√
s 3
tors 2 , 2 and (p, 0). This parallelogram is half as large as the (rectangular) fun-
√ √
damental region for Z[ −3], and we have the comparison 2 3p < π · 2p. √ Examples
of these two fundamental regions are shown in Figure 27. Because 2 3p < π · 2p,
√
Figure 27: Two versions of F4 , for Z[ −3] and for Z[ρ] (with p = 43 and s = 13)
we can conclude that there is an element of L, call it u + vρ, inside the circle
x2 + y 2 = 2p, and thus we have a solution to p = u2 − uv + v 2 . (The quantity
u2 − uv + v 2 is the square
√ of the distance from the point u + vρ to the origin.) If v is
even, then u + vρ ∈ Z[ −3] and so we also have a solution to p = x2 + 3y 2 . On the
other hand, if v is odd, then we may replace u + vρ by (u + vρ)ρ = −v + (u − v)ρ
√ or by (u + vρ)ρ = (v − u) − uρ (if u is even), again finding an ele-
2
(if u is odd)
ment of Z[ −3] inside the circle. An example with p = 43 and s = 13√is shown
in Figure 28. One of the points inside the circle is −1 + 6ρ = −4 + 3 −3; this
corresponds to the solutions 43 = (−1)2 − (−1)6 + 62 as well as 43 = 42 + 3 · (−3)2 .
Another point is 7 + ρ; this corresponds
√ to the solution 43 = 72 − 7 · 1 + 12 , and
(7 + ρ)ρ = −1 + 6ρ = −4 + 3 −3. A third point inside the circle is 6 + 7ρ, which√
corresponds to the solution 43 = 62 − 6 · 7 + 72 and (6 + 7ρ)ρ2 = 1 − 6ρ = 4 − 3 −3.
(We end up with three different solutions to p = a2 − ab + b2 but only one solution
to p = x2 + 3y 2 .) We thus have a direct proof, without using the division algorithm
or the prime theorem, that

−3
= +1 =⇒ p = c2 − cd + d2 for c, d in Z ⇐⇒ p = a2 + 3b2 for a, b in Z.
p
The results we have seen here exactly mirror what we saw when we used
√ the division
algorithm and the prime theorem: the√applications to Z[i] and Z[ −2] are direct
and immediate. The application to Z[ −3] is not direct or immediate, but takes
place through Z[ρ], and the fact
√ that Z[ρ] has six units comes into play in bridging
the gap
√ between Z[ρ]
√ and Z[ −3]. Now we shall see whether and how this extends
to Z[ −7] and Z[ −11] (and beyond?).
√
Figure 28: Two related lattices L, and the region x2 + y 2 < 2 · 43, inside Z[ −3]
and Z[ρ]
√
When we consider the rectangular lattice that corresponds to Z[ −7], we see im-
mediately√ that we cannot
√ apply Minkowski’s theorem, since the fundamental region
has size 7p, and 4 7p > π · 2p. When we introduce the lattice based √ on parallelo-
grams that corresponds to Z[θ], Minkowski’s theorem does apply, as 2 7p < π · 2p.
And, just as in Section 46 we see that by a quirk of the algebra we get√ not only an
element of Z[θ] with norm p, but an element of the smaller ring Z[ −7] as well.
(See Exercise 4.)
√
The situations with Z[ −11] and Z[η] are similar, but√there is a major difference.
First of all, the rectangular lattice corresponding to Z[ −11] and the lattice based
on parallelograms that corresponds to Z[η] both have fundamental
√ √regions that are
too large to apply Minkowski’s theorem to, as both 4 11p and 2 11p are bigger
than π · 2p. However, we 2 2
√ get to cheat a little here and use the disk x + y < 3p,
which is big enough (2 11p < π · 3p) to ensure that an element of Z[η] can be
found with norm p or 2p. And now we use some low-level algebra to eliminate the
2p possibility. But there is a fundamental disconnect in that there are
√ primes that
are norms of elements of Z[η], but are not norms of elements of Z[ −11] (just as
we saw in Exercise 25 in Section 46, page 192). (See Exercise 5.)
In Section 46 we had to stop at d = −11 since the geometry of these rectangular

and other lattices prevented us from getting the division algorithm after that point.
(That means that we can’t write a division algorithm based on the rings we were
dealing with and using geometric distance to measure the size of the remainders;
it is still possible that one could find an associated ring or a different way to
measure the size of the remainders in such a way that the Euclidean algorithm could
proceed; we will not explore those ideas further here. But it is worth emphasizing
that being unable to adapt our existing proof to show unique factorization is not
the same as saying some ring in which we are interested does not have unique
factorization—there could be other routes to the same goal, as Minkowski shows us
in this section.) It turns out that Minkowski’s ideas can go a step or two further.
Using the same trick that helped in Z[η] means that
we to skip d = −15 and
need
√ √
−1+ −19
proceed to Z[ −19] as well as the larger ring Z 2 . Here we can use the
√
disk
x √
2
+y < 4p, which is big enough (2 19p < π ·4p) to ensure that an element of
2
Z −1+2 −19 can be found with norm p or 2p or 3p, but then some low-level algebra
eliminates
√
the
2p and 3p possibilities, and we can thus be sure to find an element
−1+ −19
Z with norm exactly p. Once again we see that there are primes that
2
√ √
are norms of elements of Z −1+2 −19 , but are not norms of elements of Z[ −19].
(See Exercise 6.)
We close with one final illustration of what Minkowski can tell us. To extend the ad
hoc tricks we have seen above, we need to go to d = −43(!). This rectangular
√ lattice
will be very elongated, and since the fundamental region has area 2 43 ≈ 13.1, we
will need to use a circle of radius 5p to ensure that Minkowski’s thorem applies.
One more ad hoc trick allows us to get the conclusion we desire. (See Exercise 7.)
So the final results we have, all courtesy of Minkowski’s geometric approach, are
that

−1
• = +1 =⇒ p = a2 + b2 for a, b in Z.
p

−2
• = +1 =⇒ p = a2 + 2b2 for a, b in Z.
p

−3
• = +1 =⇒ p = j 2 − jk + k2 for j, k in Z ⇐⇒ p = a2 + 3b2
p
for a, b in Z.

−7
• = +1 =⇒ p = j 2 − jk + 2k2 for j, k in Z ⇐⇒ p = a2 + 7b2
p
for a, b in Z.

−11
• = +1 =⇒ p = j 2 − jk + 3k2 for j, k in Z ⇐= p = a2 + 11b2
p
for a, b in Z.

−19
p
for a, b in Z.

−43
p
for a, b in Z.
We can get from the last condition to the first using Exercise 2 on page 88, so
in the first four situations we have equivalent conditions, and thus a version of le
carré. In the other cases we get a more complicated setup. For example, the fifth
situation may be reorganized
√ to give the following six statements (in the five rings
Z/pZ, Z/44Z, Z, Z[ −11], and Z[η]):
Proposition 50 For an odd positive prime integer p that is not 11, we have
√
p can be written as p = a2 + 11b2 ⇐⇒ p splits in Z[ −11]
⇓ ⇓
p can be written as p = a − ab + 3b2
2
⇐⇒ p splits in Z[η]

−11
p ≡ 1, 3, 4, 5, 9 (mod 11) ⇐⇒ = +1.
p
The sixth and seventh situations lead to
√
⇓ ⇓
√
p can be written as p = a2 − ab + 5b2 ⇐⇒ p splits in Z −1+2 −19

−19
p ≡ 1, 4, 5, 6, 7, 9, 11, 16, 17 (mod 19) ⇐⇒ = +1.
p
√
⇓ ⇓
√
p can be written as p = a2 − ab + 11b2 ⇐⇒ p splits in Z −1+2 −43

p ≡ 1, 4, 6, 9, 10, 11, 13, 14, 15, 16, 17, 21,

−43
23, 24, 25, 31, 35, 36, 38, 40, 41 (mod 43) ⇐⇒ = +1.
p
The details of these various situations are worked out in the exercises.
Exercises
1. Finish the proof of Proposition 48.

−3
3. As on page 211, let p be an odd prime for which p = +1, and let s be an
odd integer satisfying x ≡ −3 (mod p). Define a lattice
2

a b√
L= , 3 ∈ R2 : a ≡ bs (mod 2p) .
2 2
√
(a) Show that L is spanned by the vectors 2s , 23 and (p, 0). That is, show
√ √
that any element a2 , 2b 3 can be written as c· 2s , 23 +d·(p, 0), where
c and d are integers.
(b) Use the results of Exercise 11 in Section 11 (page
√
48) to show that
the fundamental region for the lattice has area 23 p (so F4 has area
√
2 3p < 2πp).
(c) Show that for any element of the lattice (x, y) the number x2 + y 2 is an
integral multiple of p.
√
k k 3
(d) Rewrite an element of the lattice (x, y) as the point j − , , with
2 2
j and k ∈ Z, and show that we have p|(j 2
− jk + k2 ). (If we reinterpret
√
k k 3
the plane as C rather than R2 , the point j − , may be thought
2 2
of as the complex number j + kρ.)
This cleans up the details of the proof that

−3
= +1 =⇒ p = j 2 − jk + k2 for j, k in Z ⇐⇒ p = a2 + 3b2
p
for a, b in Z.
(e) In the specific case p = 37, find s, and then use Figure 29 to solve
37 = a2 + 3b2 for integers a, b as well as 37 = j 2 − jk + k2 for integers j
and k.
Figure 29: For Exercise 3, with p = 37


−7
4. As on page 211, let p be an odd prime for which p = +1, and let r be an
odd integer satisfying x ≡ −7 (mod p). Define a lattice
2

a b√
L= , 7 ∈ R2 : a ≡ br (mod 2p) .
2 2
√
(a) Show that the lattice is spanned by the vectors r2 , 27 and (p, 0). That
√ √
is, show that any element a2 , 2b 7 can be written as c· 2r , 27 +d·(p, 0),
where c and d are integers.
√
48) to show that
7
√
2 7p < 2πp).
(c) Show that for any element of the lattice (x, y) the number x2 + y 2 is an
integral multiple of p.
√
k k 7
(d) Rewrite an element of the lattice (x, y) as the point j − , , with
2 2
j and k ∈ Z, and show that we have p|(j 2
− jk + 2k2 ).(If we reinterpret
√
k k 7
the plane as C rather than R , the point j − ,
2
may be thought
2 2
of as the complex number j + kθ.)
(e) Show that p = j 2 − jk + 2k2 =⇒ k is even, and thus not only is there
an√element of Z[θ] with norm p, but it is a element of the smaller ring
Z[ −7] already.
We may thus conclude that

−7
= +1 =⇒ p = j 2 − jk + 2k2 for j, k in Z ⇐⇒ p = a2 + 7b2
p
for a, b in Z.
(f) In the specific case p = 53, find r, and then use Figure 30 to solve
53 = j 2 − jk + 2k2 for integers j and k as well as 53 = a2 + 7b2 for
integers a and b .

5. As on page 211, let p be an odd prime for which −11p = +1, and let t be
an odd integer satisfying x2 ≡ −11 (mod p). Define a lattice

a b√
L= , 11 ∈ R : a ≡ bt (mod 2p) .
2
2 2
√
(a) Show that the lattice is spanned by the vectors 2t , 211 and (p, 0). That
√ √
is, show that any element a2 , 2b 11 can be written as c · 2t , 211 + d ·
(p, 0), where c and d are integers.
√
48) to show that
√
2 11p < 3πp).
Figure 30: For Exercise 4, with p = 53
(c) Using the region x2 + y 2 < 3p this time, show that for any element of
this lattice, (x, y), the number x2 + y 2 is an integral multiple of p.
√
k k 11
(d) Rewrite an element of the lattice (x, y) as the point j − , ,
2 2
with j and k ∈ Z, and show that we have p|(j 2 − jk+ 3k2 ). (If we
√
k k 11
reinterpret the plane as C rather than R , the point j − ,
2
2 2
may be thought of as the complex number j + kη.)
(e) Show that 2p = a2 − ab + 3b2 is impossible for integers a and b.

−11
= +1 =⇒ p = j 2 − jk + 3k2 for j, k in Z.
p
(f) In the specific case p = 89, find t, and then use Figure 31 to solve
89 = j 2 − jk + 3k2 for integers j and k.

6. As on page 211, let p be an odd prime for which −19
p = +1, and let u be

a b√
L= , 19 ∈ R2 : a ≡ bu (mod 2p) .
2 2
√
(a) Show that the lattice is spanned by the vectors u2 , 219 and (p, 0). That
√ √
is, show that any element a2 , 2b 19 can be written as c · u2 , 219 + d ·
√ √
Figure 31: For Exercise 5, with p = 89; the disks shown have radii 2p and 3p

√
48) to show that
√
2 19p < 3πp).
(c) Using the region x2 + y 2 < 3p this time, show that for any element of
√
k k 19
(d) Rewrite an element of the lattice (x, y) as the point j − , ,
2 2
with j and k ∈ Z, and show that we have p|(j 2 − jk+ 5k2 ). (If we
√
k k 19
reinterpret the plane as C rather than R , the point j − ,
2
2 2
√
may be thought of as the complex number j + k −1+2 −19 .)
(e) Show that 2p = a2 − ab + 5b2 is impossible for integers a and b.

−19
= +1 =⇒ p = j 2 − jk + 5k2 for j, k in Z.
p
(g) In the specific case p = 73, find u, and then use Figure 32 to solve

7. As on page 211, let p be an odd prime for which −43
p = +1, and let w be

a b√
L= , 43 ∈ R2 : a ≡ bw (mod 2p) .
2 2
√ √
Figure 32: For Exercise 6 with p = 73; the disks shown have radii 2p and 3p
√
(a) Show that the lattice is spanned by the vectors w2 , 243 and (p, 0). That
√ √
is, show that any element a2 , 2b 43 can be written as c · w2 , 243 + d ·
(b) Use the results of Exercise 11 in Section 11√ (page 48) to show that the
√
fundamental region for the lattice has area 243 p (so F4 has area 2 43p).
√ √
(c) Check that 2 43p > 4πp but 2 43p < 5πp.
(d) Using the region x2 + y 2 < 5p this time, show that for any element of
√
k k 43
(e) Rewrite an element of the lattice (x, y) as the point j − , ,
2 2
with j and k ∈ Z, and show that we have p|(j 2 − jk + 11k2 ). (If we
√
k k 43
reinterpret the plane as C rather than R2 , the point j − ,
2 2
√
may be thought of as the complex number j + k −1+2 −43 .)
(f) Show that 2p = a2 − ab + 11b2 is impossible for integers a and b.
(g) Show that 3p = a2 − ab + 11b2 is impossible for integers a and b.
(h) Show that if 4p = a2 − ab + 11b2 is possible for integers a and b, then
p = A2 − AB + 11B 2 is also possible for integers A and B.

−43
= +1 =⇒ p = j 2 − jk + 11k2 for j, k in Z.
p
(i) In the specific case p = 139, find w, and then use Figure 33 to solve
√ √ √
Figure
√ 33: For Exercise 7 with p = 139; the disks shown have radii 2p, 3p, 4p,
and 5p
Appendix A
Tables
On the next few pages are
• Tables 8 and 9, which list the prime integers up to 12,689.

• Tables 10–13, which list integers below 4000 together with their smallest
proper divisor. Thus in Table 10 on page 226 the entry for 9 (with 3 below it)
shows that 3 is the smallest divisor of 9. The entry for 11 (with — below it)
shows that 11 is prime. Even integers and integers ending in 5 were excluded
for the obvious reason.
• Tables 14–16, which list each of the primes up to 9049 together with the small-
est primitive root of that prime modulus. Thus in Table 16 (on page 232),
the last two entries show that 7 is the smallest primitive root of p = 9049.
223
224 Appendix A. Tables
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47
53 59 61 67 71 73 79 83 89 97 101 103 107 109 113
127 131 137 139 149 151 157 163 167 173 179 181 191 193 197
199 211 223 227 229 233 239 241 251 257 263 269 271 277 281
283 293 307 311 313 317 331 337 347 349 353 359 367 373 379
383 389 397 401 409 419 421 431 433 439 443 449 457 461 463
467 479 487 491 499 503 509 521 523 541 547 557 563 569 571
577 587 593 599 601 607 613 617 619 631 641 643 647 653 659
661 673 677 683 691 701 709 719 727 733 739 743 751 757 761
769 773 787 797 809 811 821 823 827 829 839 853 857 859 863
877 881 883 887 907 911 919 929 937 941 947 953 967 971 977
983 991 997 1009 1013 1019 1021 1031 1033 1039 1049 1051 1061 1063 1069
1087 1091 1093 1097 1103 1109 1117 1123 1129 1151 1153 1163 1171 1181 1187
1193 1201 1213 1217 1223 1229 1231 1237 1249 1259 1277 1279 1283 1289 1291
1297 1301 1303 1307 1319 1321 1327 1361 1367 1373 1381 1399 1409 1423 1427
1429 1433 1439 1447 1451 1453 1459 1471 1481 1483 1487 1489 1493 1499 1511
1523 1531 1543 1549 1553 1559 1567 1571 1579 1583 1597 1601 1607 1609 1613
1619 1621 1627 1637 1657 1663 1667 1669 1693 1697 1699 1709 1721 1723 1733
1741 1747 1753 1759 1777 1783 1787 1789 1801 1811 1823 1831 1847 1861 1867
1871 1873 1877 1879 1889 1901 1907 1913 1931 1933 1949 1951 1973 1979 1987
1993 1997 1999 2003 2011 2017 2027 2029 2039 2053 2063 2069 2081 2083 2087
2089 2099 2111 2113 2129 2131 2137 2141 2143 2153 2161 2179 2203 2207 2213
2221 2237 2239 2243 2251 2267 2269 2273 2281 2287 2293 2297 2309 2311 2333
2339 2341 2347 2351 2357 2371 2377 2381 2383 2389 2393 2399 2411 2417 2423
2437 2441 2447 2459 2467 2473 2477 2503 2521 2531 2539 2543 2549 2551 2557
2579 2591 2593 2609 2617 2621 2633 2647 2657 2659 2663 2671 2677 2683 2687
2689 2693 2699 2707 2711 2713 2719 2729 2731 2741 2749 2753 2767 2777 2789
2791 2797 2801 2803 2819 2833 2837 2843 2851 2857 2861 2879 2887 2897 2903
2909 2917 2927 2939 2953 2957 2963 2969 2971 2999 3001 3011 3019 3023 3037
3041 3049 3061 3067 3079 3083 3089 3109 3119 3121 3137 3163 3167 3169 3181
3187 3191 3203 3209 3217 3221 3229 3251 3253 3257 3259 3271 3299 3301 3307
3313 3319 3323 3329 3331 3343 3347 3359 3361 3371 3373 3389 3391 3407 3413
3433 3449 3457 3461 3463 3467 3469 3491 3499 3511 3517 3527 3529 3533 3539
3541 3547 3557 3559 3571 3581 3583 3593 3607 3613 3617 3623 3631 3637 3643
3659 3671 3673 3677 3691 3697 3701 3709 3719 3727 3733 3739 3761 3767 3769
3779 3793 3797 3803 3821 3823 3833 3847 3851 3853 3863 3877 3881 3889 3907
3911 3917 3919 3923 3929 3931 3943 3947 3967 3989 4001 4003 4007 4013 4019
4021 4027 4049 4051 4057 4073 4079 4091 4093 4099 4111 4127 4129 4133 4139
4153 4157 4159 4177 4201 4211 4217 4219 4229 4231 4241 4243 4253 4259 4261
4271 4273 4283 4289 4297 4327 4337 4339 4349 4357 4363 4373 4391 4397 4409
4421 4423 4441 4447 4451 4457 4463 4481 4483 4493 4507 4513 4517 4519 4523
4547 4549 4561 4567 4583 4591 4597 4603 4621 4637 4639 4643 4649 4651 4657
4663 4673 4679 4691 4703 4721 4723 4729 4733 4751 4759 4783 4787 4789 4793
4799 4801 4813 4817 4831 4861 4871 4877 4889 4903 4909 4919 4931 4933 4937
4943 4951 4957 4967 4969 4973 4987 4993 4999 5003 5009 5011 5021 5023 5039
5051 5059 5077 5081 5087 5099 5101 5107 5113 5119 5147 5153 5167 5171 5179
Table 8: The primes up to 5179

Appendix A. Tables 225
5189 5197 5209 5227 5231 5233 5237 5261 5273 5279 5281 5297 5303 5309 5323
5333 5347 5351 5381 5387 5393 5399 5407 5413 5417 5419 5431 5437 5441 5443
5449 5471 5477 5479 5483 5501 5503 5507 5519 5521 5527 5531 5557 5563 5569
5573 5581 5591 5623 5639 5641 5647 5651 5653 5657 5659 5669 5683 5689 5693
5701 5711 5717 5737 5741 5743 5749 5779 5783 5791 5801 5807 5813 5821 5827
5839 5843 5849 5851 5857 5861 5867 5869 5879 5881 5897 5903 5923 5927 5939
5953 5981 5987 6007 6011 6029 6037 6043 6047 6053 6067 6073 6079 6089 6091
6101 6113 6121 6131 6133 6143 6151 6163 6173 6197 6199 6203 6211 6217 6221
6229 6247 6257 6263 6269 6271 6277 6287 6299 6301 6311 6317 6323 6329 6337
6343 6353 6359 6361 6367 6373 6379 6389 6397 6421 6427 6449 6451 6469 6473
6481 6491 6521 6529 6547 6551 6553 6563 6569 6571 6577 6581 6599 6607 6619
6637 6653 6659 6661 6673 6679 6689 6691 6701 6703 6709 6719 6733 6737 6761
6763 6779 6781 6791 6793 6803 6823 6827 6829 6833 6841 6857 6863 6869 6871
6883 6899 6907 6911 6917 6947 6949 6959 6961 6967 6971 6977 6983 6991 6997
7001 7013 7019 7027 7039 7043 7057 7069 7079 7103 7109 7121 7127 7129 7151
7159 7177 7187 7193 7207 7211 7213 7219 7229 7237 7243 7247 7253 7283 7297
7307 7309 7321 7331 7333 7349 7351 7369 7393 7411 7417 7433 7451 7457 7459
7477 7481 7487 7489 7499 7507 7517 7523 7529 7537 7541 7547 7549 7559 7561
7573 7577 7583 7589 7591 7603 7607 7621 7639 7643 7649 7669 7673 7681 7687
7691 7699 7703 7717 7723 7727 7741 7753 7757 7759 7789 7793 7817 7823 7829
7841 7853 7867 7873 7877 7879 7883 7901 7907 7919 7927 7933 7937 7949 7951
7963 7993 8009 8011 8017 8039 8053 8059 8069 8081 8087 8089 8093 8101 8111
8117 8123 8147 8161 8167 8171 8179 8191 8209 8219 8221 8231 8233 8237 8243
8263 8269 8273 8287 8291 8293 8297 8311 8317 8329 8353 8363 8369 8377 8387
8389 8419 8423 8429 8431 8443 8447 8461 8467 8501 8513 8521 8527 8537 8539
8543 8563 8573 8581 8597 8599 8609 8623 8627 8629 8641 8647 8663 8669 8677
8681 8689 8693 8699 8707 8713 8719 8731 8737 8741 8747 8753 8761 8779 8783
8803 8807 8819 8821 8831 8837 8839 8849 8861 8863 8867 8887 8893 8923 8929
8933 8941 8951 8963 8969 8971 8999 9001 9007 9011 9013 9029 9041 9043 9049
9059 9067 9091 9103 9109 9127 9133 9137 9151 9157 9161 9173 9181 9187 9199
9203 9209 9221 9227 9239 9241 9257 9277 9281 9283 9293 9311 9319 9323 9337
9341 9343 9349 9371 9377 9391 9397 9403 9413 9419 9421 9431 9433 9437 9439
9461 9463 9467 9473 9479 9491 9497 9511 9521 9533 9539 9547 9551 9587 9601
9613 9619 9623 9629 9631 9643 9649 9661 9677 9679 9689 9697 9719 9721 9733
9739 9743 9749 9767 9769 9781 9787 9791 9803 9811 9817 9829 9833 9839 9851
9857 9859 9871 9883 9887 9901 9907 9923 9929 9931 9941 9949 9967 9973 10007
10009 10037 10039 10061 10067 10069 10079 10091 10093 10099 10103 10111 10133 10139 10141
10151 10159 10163 10169 10177 10181 10193 10211 10223 10243 10247 10253 10259 10267 10271
10273 10289 10301 10303 10313 10321 10331 10333 10337 10343 10357 10369 10391 10399 10427
10429 10433 10453 10457 10459 10463 10477 10487 10499 10501 10513 10529 10531 10559 10567
10589 10597 10601 10607 10613 10627 10631 10639 10651 10657 10663 10667 10687 10691 10709
10711 10723 10729 10733 10739 10753 10771 10781 10789 10799 10831 10837 10847 10853 10859
10861 10867 10883 10889 10891 10903 10909 10937 10939 10949 10957 10973 10979 10987 10993
11003 11027 11047 11057 11059 11069 11071 11083 11087 11093 11113 11117 11119 11131 11149
11159 11161 11171 11173 11177 11197 11213 11239 11243 11251 11257 11261 11273 11279 11287
11299 11311 11317 11321 11329 11351 11353 11369 11383 11393 11399 11411 11423 11437 11443
11447 11467 11471 11483 11489 11491 11497 11503 11519 11527 11549 11551 11579 11587 11593
11597 11617 11621 11633 11657 11677 11681 11689 11699 11701 11717 11719 11731 11743 11777
11779 11783 11789 11801 11807 11813 11821 11827 11831 11833 11839 11863 11867 11887 11897
11903 11909 11923 11927 11933 11939 11941 11953 11959 11969 11971 11981 11987 12007 12011
12037 12041 12043 12049 12071 12073 12097 12101 12107 12109 12113 12119 12143 12149 12157
12161 12163 12197 12203 12211 12227 12239 12241 12251 12253 12263 12269 12277 12281 12289
12301 12323 12329 12343 12347 12373 12377 12379 12391 12401 12409 12413 12421 12433 12437
12451 12457 12473 12479 12487 12491 12497 12503 12511 12517 12527 12539 12541 12547 12553
12569 12577 12583 12589 12601 12611 12613 12619 12637 12641 12647 12653 12659 12671 12689
Table 9: The primes from 5189 to 12689

1 3 7 9 11 13 17 19 21 23 27 29 31 33 37 39
— — — 3 — — — — 3 — 3 — — 3 — 3
41 43 47 49 51 53 57 59 61 63 67 69 71 73 77 79
— — — 7 3 — 3 — — 3 — 3 — — 7 —
81 83 87 89 91 93 97 99 101 103 107 109 111 113 117 119
3 — 3 — 7 3 — 3 — — — — 3 — 3 7
121 123 127 129 131 133 137 139 141 143 147 149 151 153 157 159
11 3 — 3 — 7 — — 3 11 3 — — 3 — 3
161 163 167 169 171 173 177 179 181 183 187 189 191 193 197 199
7 — — 13 3 — 3 — — 3 11 3 — — — —
201 203 207 209 211 213 217 219 221 223 227 229 231 233 237 239
3 7 3 11 — 3 7 3 13 — — — 3 — 3 —
241 243 247 249 251 253 257 259 261 263 267 269 271 273 277 279
— 3 13 3 — 11 — 7 3 — 3 — — 3 — 3
281 283 287 289 291 293 297 299 301 303 307 309 311 313 317 319
— — 7 17 3 — 3 13 7 3 — 3 — — — 11
321 323 327 329 331 333 337 339 341 343 347 349 351 353 357 359
3 17 3 7 — 3 — 3 11 7 — — 3 — 3 —
361 363 367 369 371 373 377 379 381 383 387 389 391 393 397 399
19 3 — 3 7 — 13 — 3 — 3 — 17 3 — 3
401 403 407 409 411 413 417 419 421 423 427 429 431 433 437 439
— 13 11 — 3 7 3 — — 3 7 3 — — 19 —
441 443 447 449 451 453 457 459 461 463 467 469 471 473 477 479
3 — 3 — 11 3 — 3 — — — 7 3 11 3 —
481 483 487 489 491 493 497 499 501 503 507 509 511 513 517 519
13 3 — 3 — 17 7 — 3 — 3 — 7 3 11 3
521 523 527 529 531 533 537 539 541 543 547 549 551 553 557 559
— — 17 23 3 13 3 7 — 3 — 3 19 7 — 13
561 563 567 569 571 573 577 579 581 583 587 589 591 593 597 599
3 — 3 — — 3 — 3 7 11 — 19 3 — 3 —
601 603 607 609 611 613 617 619 621 623 627 629 631 633 637 639
— 3 — 3 13 — — — 3 7 3 17 — 3 7 3
641 643 647 649 651 653 657 659 661 663 667 669 671 673 677 679
— — — 11 3 — 3 — — 3 23 3 11 — — 7
681 683 687 689 691 693 697 699 701 703 707 709 711 713 717 719
3 — 3 13 — 3 17 3 — 19 7 — 3 23 3 —
721 723 727 729 731 733 737 739 741 743 747 749 751 753 757 759
7 3 — 3 17 — 11 — 3 — 3 7 — 3 — 3
761 763 767 769 771 773 777 779 781 783 787 789 791 793 797 799
— 7 13 — 3 — 3 19 11 3 — 3 7 13 — 17
801 803 807 809 811 813 817 819 821 823 827 829 831 833 837 839
3 11 3 — — 3 19 3 — — — — 3 7 3 —
841 843 847 849 851 853 857 859 861 863 867 869 871 873 877 879
29 3 7 3 23 — — — 3 — 3 11 13 3 — 3
881 883 887 889 891 893 897 899 901 903 907 909 911 913 917 919
— — — 7 3 19 3 29 17 3 — 3 — 11 7 —
921 923 927 929 931 933 937 939 941 943 947 949 951 953 957 959
3 13 3 — 7 3 — 3 — 23 — 13 3 — 3 7
961 963 967 969 971 973 977 979 981 983 987 989 991 993 997 999
31 3 — 3 — 7 — 11 3 — 3 23 — 3 — 3
Table 10: Odd integers with their smallest proper divisor

1001 1003 1007 1009 1011 1013 1017 1019 1021 1023 1027 1029 1031 1033 1037 1039
7 17 19 — 3 — 3 — — 3 13 3 — — 17 —
1041 1043 1047 1049 1051 1053 1057 1059 1061 1063 1067 1069 1071 1073 1077 1079
3 7 3 — — 3 7 3 — — 11 — 3 29 3 13
1081 1083 1087 1089 1091 1093 1097 1099 1101 1103 1107 1109 1111 1113 1117 1119
23 3 — 3 — — — 7 3 — 3 — 11 3 — 3
1121 1123 1127 1129 1131 1133 1137 1139 1141 1143 1147 1149 1151 1153 1157 1159
19 — 7 — 3 11 3 17 7 3 31 3 — — 13 19
1161 1163 1167 1169 1171 1173 1177 1179 1181 1183 1187 1189 1191 1193 1197 1199
3 — 3 7 — 3 11 3 — 7 — 29 3 — 3 11
1201 1203 1207 1209 1211 1213 1217 1219 1221 1223 1227 1229 1231 1233 1237 1239
— 3 17 3 7 — — 23 3 — 3 — — 3 — 3
1241 1243 1247 1249 1251 1253 1257 1259 1261 1263 1267 1269 1271 1273 1277 1279
17 11 29 — 3 7 3 — 13 3 7 3 31 19 — —
1281 1283 1287 1289 1291 1293 1297 1299 1301 1303 1307 1309 1311 1313 1317 1319
3 — 3 — — 3 — 3 — — — 7 3 13 3 —
1321 1323 1327 1329 1331 1333 1337 1339 1341 1343 1347 1349 1351 1353 1357 1359
— 3 — 3 11 31 7 13 3 17 3 19 7 3 23 3
1361 1363 1367 1369 1371 1373 1377 1379 1381 1383 1387 1389 1391 1393 1397 1399
— 29 — 37 3 — 3 7 — 3 19 3 13 7 11 —
1401 1403 1407 1409 1411 1413 1417 1419 1421 1423 1427 1429 1431 1433 1437 1439
3 23 3 — 17 3 13 3 7 — — — 3 — 3 —
1441 1443 1447 1449 1451 1453 1457 1459 1461 1463 1467 1469 1471 1473 1477 1479
11 3 — 3 — — 31 — 3 7 3 13 — 3 7 3
1481 1483 1487 1489 1491 1493 1497 1499 1501 1503 1507 1509 1511 1513 1517 1519
— — — — 3 — 3 — 19 3 11 3 — 17 37 7
1521 1523 1527 1529 1531 1533 1537 1539 1541 1543 1547 1549 1551 1553 1557 1559
3 — 3 11 — 3 29 3 23 — 7 — 3 — 3 —
1561 1563 1567 1569 1571 1573 1577 1579 1581 1583 1587 1589 1591 1593 1597 1599
7 3 — 3 — 11 19 — 3 — 3 7 37 3 — 3
1601 1603 1607 1609 1611 1613 1617 1619 1621 1623 1627 1629 1631 1633 1637 1639
— 7 — — 3 — 3 — — 3 — 3 7 23 — 11
1641 1643 1647 1649 1651 1653 1657 1659 1661 1663 1667 1669 1671 1673 1677 1679
3 31 3 17 13 3 — 3 11 — — — 3 7 3 23
1681 1683 1687 1689 1691 1693 1697 1699 1701 1703 1707 1709 1711 1713 1717 1719
41 3 7 3 19 — — — 3 13 3 — 29 3 17 3
1721 1723 1727 1729 1731 1733 1737 1739 1741 1743 1747 1749 1751 1753 1757 1759
— — 11 7 3 — 3 37 — 3 — 3 17 — 7 —
1761 1763 1767 1769 1771 1773 1777 1779 1781 1783 1787 1789 1791 1793 1797 1799
3 41 3 29 7 3 — 3 13 — — — 3 11 3 7
1801 1803 1807 1809 1811 1813 1817 1819 1821 1823 1827 1829 1831 1833 1837 1839
— 3 13 3 — 7 23 17 3 — 3 31 — 3 11 3
1841 1843 1847 1849 1851 1853 1857 1859 1861 1863 1867 1869 1871 1873 1877 1879
7 19 — 43 3 17 3 11 — 3 — 3 — — — —
1881 1883 1887 1889 1891 1893 1897 1899 1901 1903 1907 1909 1911 1913 1917 1919
3 7 3 — 31 3 7 3 — 11 — 23 3 — 3 19
1921 1923 1927 1929 1931 1933 1937 1939 1941 1943 1947 1949 1951 1953 1957 1959
17 3 41 3 — — 13 7 3 29 3 — — 3 19 3
1961 1963 1967 1969 1971 1973 1977 1979 1981 1983 1987 1989 1991 1993 1997 1999
37 13 7 11 3 — 3 — 7 3 — 3 11 — — —

2001 2003 2007 2009 2011 2013 2017 2019 2021 2023 2027 2029 2031 2033 2037 2039
3 — 3 7 — 3 — 3 43 7 — — 3 19 3 —
2041 2043 2047 2049 2051 2053 2057 2059 2061 2063 2067 2069 2071 2073 2077 2079
13 3 23 3 7 — 11 29 3 — 3 — 19 3 31 3
2081 2083 2087 2089 2091 2093 2097 2099 2101 2103 2107 2109 2111 2113 2117 2119
— — — — 3 7 3 — 11 3 7 3 — — 29 13
2121 2123 2127 2129 2131 2133 2137 2139 2141 2143 2147 2149 2151 2153 2157 2159
3 11 3 — — 3 — 3 — — 19 7 3 — 3 17
2161 2163 2167 2169 2171 2173 2177 2179 2181 2183 2187 2189 2191 2193 2197 2199
— 3 11 3 13 41 7 — 3 37 3 11 7 3 13 3
2201 2203 2207 2209 2211 2213 2217 2219 2221 2223 2227 2229 2231 2233 2237 2239
31 — — 47 3 — 3 7 — 3 17 3 23 7 — —
2241 2243 2247 2249 2251 2253 2257 2259 2261 2263 2267 2269 2271 2273 2277 2279
3 — 3 13 — 3 37 3 7 31 — — 3 — 3 43
2281 2283 2287 2289 2291 2293 2297 2299 2301 2303 2307 2309 2311 2313 2317 2319
— 3 — 3 29 — — 11 3 7 3 — — 3 7 3
2321 2323 2327 2329 2331 2333 2337 2339 2341 2343 2347 2349 2351 2353 2357 2359
11 23 13 17 3 — 3 — — 3 — 3 — 13 — 7
2361 2363 2367 2369 2371 2373 2377 2379 2381 2383 2387 2389 2391 2393 2397 2399
3 17 3 23 — 3 — 3 — — 7 — 3 — 3 —
2401 2403 2407 2409 2411 2413 2417 2419 2421 2423 2427 2429 2431 2433 2437 2439
7 3 29 3 — 19 — 41 3 — 3 7 11 3 — 3
2441 2443 2447 2449 2451 2453 2457 2459 2461 2463 2467 2469 2471 2473 2477 2479
— 7 — 31 3 11 3 — 23 3 — 3 7 — — 37
2481 2483 2487 2489 2491 2493 2497 2499 2501 2503 2507 2509 2511 2513 2517 2519
3 13 3 19 47 3 11 3 41 — 23 13 3 7 3 11
2521 2523 2527 2529 2531 2533 2537 2539 2541 2543 2547 2549 2551 2553 2557 2559
— 3 7 3 — 17 43 — 3 — 3 — — 3 — 3
2561 2563 2567 2569 2571 2573 2577 2579 2581 2583 2587 2589 2591 2593 2597 2599
13 11 17 7 3 31 3 — 29 3 13 3 — — 7 23
2601 2603 2607 2609 2611 2613 2617 2619 2621 2623 2627 2629 2631 2633 2637 2639
3 19 3 — 7 3 — 3 — 43 37 11 3 — 3 7
2641 2643 2647 2649 2651 2653 2657 2659 2661 2663 2667 2669 2671 2673 2677 2679
19 3 — 3 11 7 — — 3 — 3 17 — 3 — 3
2681 2683 2687 2689 2691 2693 2697 2699 2701 2703 2707 2709 2711 2713 2717 2719
7 — — — 3 — 3 — 37 3 — 3 — — 11 —
2721 2723 2727 2729 2731 2733 2737 2739 2741 2743 2747 2749 2751 2753 2757 2759
3 7 3 — — 3 7 3 — 13 41 — 3 — 3 31
2761 2763 2767 2769 2771 2773 2777 2779 2781 2783 2787 2789 2791 2793 2797 2799
11 3 — 3 17 47 — 7 3 11 3 — — 3 — 3
2801 2803 2807 2809 2811 2813 2817 2819 2821 2823 2827 2829 2831 2833 2837 2839
— — 7 53 3 29 3 — 7 3 11 3 19 — — 17
2841 2843 2847 2849 2851 2853 2857 2859 2861 2863 2867 2869 2871 2873 2877 2879
3 — 3 7 — 3 — 3 — 7 47 19 3 13 3 —
2881 2883 2887 2889 2891 2893 2897 2899 2901 2903 2907 2909 2911 2913 2917 2919
43 3 — 3 7 11 — 13 3 — 3 — 41 3 — 3
2921 2923 2927 2929 2931 2933 2937 2939 2941 2943 2947 2949 2951 2953 2957 2959
23 37 — 29 3 7 3 — 17 3 7 3 13 — — 11
2961 2963 2967 2969 2971 2973 2977 2979 2981 2983 2987 2989 2991 2993 2997 2999
3 — 3 — — 3 13 3 11 19 29 7 3 41 3 —

3001 3003 3007 3009 3011 3013 3017 3019 3021 3023 3027 3029 3031 3033 3037 3039
— 3 31 3 — 23 7 — 3 — 3 13 7 3 — 3
3041 3043 3047 3049 3051 3053 3057 3059 3061 3063 3067 3069 3071 3073 3077 3079
— 17 11 — 3 43 3 7 — 3 — 3 37 7 17 —
3081 3083 3087 3089 3091 3093 3097 3099 3101 3103 3107 3109 3111 3113 3117 3119
3 — 3 — 11 3 19 3 7 29 13 — 3 11 3 —
3121 3123 3127 3129 3131 3133 3137 3139 3141 3143 3147 3149 3151 3153 3157 3159
— 3 53 3 31 13 — 43 3 7 3 47 23 3 7 3
3161 3163 3167 3169 3171 3173 3177 3179 3181 3183 3187 3189 3191 3193 3197 3199
29 — — — 3 19 3 11 — 3 — 3 — 31 23 7
3201 3203 3207 3209 3211 3213 3217 3219 3221 3223 3227 3229 3231 3233 3237 3239
3 — 3 — 13 3 — 3 — 11 7 — 3 53 3 41
3241 3243 3247 3249 3251 3253 3257 3259 3261 3263 3267 3269 3271 3273 3277 3279
7 3 17 3 — — — — 3 13 3 7 — 3 29 3
3281 3283 3287 3289 3291 3293 3297 3299 3301 3303 3307 3309 3311 3313 3317 3319
17 7 19 11 3 37 3 — — 3 — 3 7 — 31 —
3321 3323 3327 3329 3331 3333 3337 3339 3341 3343 3347 3349 3351 3353 3357 3359
3 — 3 — — 3 47 3 13 — — 17 3 7 3 —
3361 3363 3367 3369 3371 3373 3377 3379 3381 3383 3387 3389 3391 3393 3397 3399
— 3 7 3 — — 11 31 3 17 3 — — 3 43 3
3401 3403 3407 3409 3411 3413 3417 3419 3421 3423 3427 3429 3431 3433 3437 3439
19 41 — 7 3 — 3 13 11 3 23 3 47 — 7 19
3441 3443 3447 3449 3451 3453 3457 3459 3461 3463 3467 3469 3471 3473 3477 3479
3 11 3 — 7 3 — 3 — — — — 3 23 3 7
3481 3483 3487 3489 3491 3493 3497 3499 3501 3503 3507 3509 3511 3513 3517 3519
59 3 11 3 — 7 13 — 3 31 3 11 — 3 — 3
3521 3523 3527 3529 3531 3533 3537 3539 3541 3543 3547 3549 3551 3553 3557 3559
7 13 — — 3 — 3 — — 3 — 3 53 11 — —
3561 3563 3567 3569 3571 3573 3577 3579 3581 3583 3587 3589 3591 3593 3597 3599
3 7 3 43 — 3 7 3 — — 17 37 3 — 3 59
3601 3603 3607 3609 3611 3613 3617 3619 3621 3623 3627 3629 3631 3633 3637 3639
13 3 — 3 23 — — 7 3 — 3 19 — 3 — 3
3641 3643 3647 3649 3651 3653 3657 3659 3661 3663 3667 3669 3671 3673 3677 3679
11 — 7 41 3 13 3 — 7 3 19 3 — — — 13
3681 3683 3687 3689 3691 3693 3697 3699 3701 3703 3707 3709 3711 3713 3717 3719
3 29 3 7 — 3 — 3 — 7 11 — 3 47 3 —
3721 3723 3727 3729 3731 3733 3737 3739 3741 3743 3747 3749 3751 3753 3757 3759
61 3 — 3 7 — 37 — 3 19 3 23 11 3 13 3
3761 3763 3767 3769 3771 3773 3777 3779 3781 3783 3787 3789 3791 3793 3797 3799
— 53 — — 3 7 3 — 19 3 7 3 17 — — 29
3801 3803 3807 3809 3811 3813 3817 3819 3821 3823 3827 3829 3831 3833 3837 3839
3 — 3 13 37 3 11 3 — — 43 7 3 — 3 11
3841 3843 3847 3849 3851 3853 3857 3859 3861 3863 3867 3869 3871 3873 3877 3879
23 3 — 3 — — 7 17 3 — 3 53 7 3 — 3
3881 3883 3887 3889 3891 3893 3897 3899 3901 3903 3907 3909 3911 3913 3917 3919
— 11 13 — 3 17 3 7 47 3 — 3 — 7 — —
3921 3923 3927 3929 3931 3933 3937 3939 3941 3943 3947 3949 3951 3953 3957 3959
3 — 3 — — 3 31 3 7 — — 11 3 59 3 37
3961 3963 3967 3969 3971 3973 3977 3979 3981 3983 3987 3989 3991 3993 3997 3999
17 3 — 3 11 29 41 23 3 7 3 — 13 3 7 3

2 3 5 7 11 13 17 19 23 29 31 37 41 43 47
1 2 2 3 2 2 3 2 5 2 3 2 6 3 5
53 59 61 67 71 73 79 83 89 97 101 103 107 109 113
2 2 2 2 7 5 3 2 3 5 2 5 2 6 3
127 131 137 139 149 151 157 163 167 173 179 181 191 193 197
3 2 3 2 2 6 5 2 5 2 2 2 19 5 2
199 211 223 227 229 233 239 241 251 257 263 269 271 277 281
3 2 3 2 6 3 7 7 6 3 5 2 6 5 3
283 293 307 311 313 317 331 337 347 349 353 359 367 373 379
3 2 5 17 10 2 3 10 2 2 3 7 6 2 2
383 389 397 401 409 419 421 431 433 439 443 449 457 461 463
5 2 5 3 21 2 2 7 5 15 2 3 13 2 3
467 479 487 491 499 503 509 521 523 541 547 557 563 569 571
2 13 3 2 7 5 2 3 2 2 2 2 2 3 3
577 587 593 599 601 607 613 617 619 631 641 643 647 653 659
5 2 3 7 7 3 2 3 2 3 3 11 5 2 2
661 673 677 683 691 701 709 719 727 733 739 743 751 757 761
2 5 2 5 3 2 2 11 5 6 3 5 3 2 6
769 773 787 797 809 811 821 823 827 829 839 853 857 859 863
11 2 2 2 3 3 2 3 2 2 11 2 3 2 5
877 881 883 887 907 911 919 929 937 941 947 953 967 971 977
2 3 2 5 2 17 7 3 5 2 2 3 5 6 3
983 991 997 1009 1013 1019 1021 1031 1033 1039 1049 1051 1061 1063 1069
5 6 7 11 3 2 10 14 5 3 3 7 2 3 6
1087 1091 1093 1097 1103 1109 1117 1123 1129 1151 1153 1163 1171 1181 1187
3 2 5 3 5 2 2 2 11 17 5 5 2 7 2
1193 1201 1213 1217 1223 1229 1231 1237 1249 1259 1277 1279 1283 1289 1291
3 11 2 3 5 2 3 2 7 2 2 3 2 6 2
1297 1301 1303 1307 1319 1321 1327 1361 1367 1373 1381 1399 1409 1423 1427
10 2 6 2 13 13 3 3 5 2 2 13 3 3 2
1429 1433 1439 1447 1451 1453 1459 1471 1481 1483 1487 1489 1493 1499 1511
6 3 7 3 2 2 3 6 3 2 5 14 2 2 11
1523 1531 1543 1549 1553 1559 1567 1571 1579 1583 1597 1601 1607 1609 1613
2 2 5 2 3 19 3 2 3 5 11 3 5 7 3
1619 1621 1627 1637 1657 1663 1667 1669 1693 1697 1699 1709 1721 1723 1733
2 2 3 2 11 3 2 2 2 3 3 3 3 3 2
1741 1747 1753 1759 1777 1783 1787 1789 1801 1811 1823 1831 1847 1861 1867
2 2 7 6 5 10 2 6 11 6 5 3 5 2 2
1871 1873 1877 1879 1889 1901 1907 1913 1931 1933 1949 1951 1973 1979 1987
14 10 2 6 3 2 2 3 2 5 2 3 2 2 2
1993 1997 1999 2003 2011 2017 2027 2029 2039 2053 2063 2069 2081 2083 2087
5 2 3 5 3 5 2 2 7 2 5 2 3 2 5
2089 2099 2111 2113 2129 2131 2137 2141 2143 2153 2161 2179 2203 2207 2213
7 2 7 5 3 2 10 2 3 3 23 7 5 5 2
2221 2237 2239 2243 2251 2267 2269 2273 2281 2287 2293 2297 2309 2311 2333
2 2 3 2 7 2 2 3 7 19 2 5 2 3 2
2339 2341 2347 2351 2357 2371 2377 2381 2383 2389 2393 2399 2411 2417 2423
2 7 3 13 2 2 5 3 5 2 3 11 6 3 5
2437 2441 2447 2459 2467 2473 2477 2503 2521 2531 2539 2543 2549 2551 2557
2 6 5 2 2 5 2 3 17 2 2 5 2 6 2
Table 14: Each prime (up to 2557) with its smallest primitive root
2579 2591 2593 2609 2617 2621 2633 2647 2657 2659 2663 2671 2677 2683 2687
2 7 7 3 5 2 3 3 3 2 5 7 2 2 5
2689 2693 2699 2707 2711 2713 2719 2729 2731 2741 2749 2753 2767 2777 2789
19 2 2 2 7 5 3 3 3 2 6 3 3 3 2
2791 2797 2801 2803 2819 2833 2837 2843 2851 2857 2861 2879 2887 2897 2903
6 2 3 2 2 5 2 2 2 11 2 7 5 3 5
2909 2917 2927 2939 2953 2957 2963 2969 2971 2999 3001 3011 3019 3023 3037
2 5 5 2 13 2 2 3 10 17 14 2 2 5 2
3041 3049 3061 3067 3079 3083 3089 3109 3119 3121 3137 3163 3167 3169 3181
3 11 6 2 6 2 3 6 7 7 3 3 5 7 7
3187 3191 3203 3209 3217 3221 3229 3251 3253 3257 3259 3271 3299 3301 3307
2 11 2 3 5 10 6 6 2 3 3 3 2 6 2
3313 3319 3323 3329 3331 3343 3347 3359 3361 3371 3373 3389 3391 3407 3413
10 6 2 3 3 5 2 11 22 2 5 3 3 5 2
3433 3449 3457 3461 3463 3467 3469 3491 3499 3511 3517 3527 3529 3533 3539
5 3 7 2 3 2 2 2 2 7 2 5 17 2 2
3541 3547 3557 3559 3571 3581 3583 3593 3607 3613 3617 3623 3631 3637 3643
7 2 2 3 2 2 3 3 5 2 3 5 15 2 2
3659 3671 3673 3677 3691 3697 3701 3709 3719 3727 3733 3739 3761 3767 3769
2 13 5 2 2 5 2 2 7 3 2 7 3 5 7
3779 3793 3797 3803 3821 3823 3833 3847 3851 3853 3863 3877 3881 3889 3907
2 5 2 2 3 3 3 5 2 2 5 2 13 11 2
3911 3917 3919 3923 3929 3931 3943 3947 3967 3989 4001 4003 4007 4013 4019
13 2 3 2 3 2 3 2 6 2 3 2 5 2 2
4021 4027 4049 4051 4057 4073 4079 4091 4093 4099 4111 4127 4129 4133 4139
2 3 3 10 5 3 11 2 2 2 12 5 13 2 2
4153 4157 4159 4177 4201 4211 4217 4219 4229 4231 4241 4243 4253 4259 4261
5 2 3 5 11 6 3 2 2 3 3 2 2 2 2
4271 4273 4283 4289 4297 4327 4337 4339 4349 4357 4363 4373 4391 4397 4409
7 5 2 3 5 3 3 10 2 2 2 2 14 2 3
4421 4423 4441 4447 4451 4457 4463 4481 4483 4493 4507 4513 4517 4519 4523
3 3 21 3 2 3 5 3 2 2 2 7 2 3 5
4547 4549 4561 4567 4583 4591 4597 4603 4621 4637 4639 4643 4649 4651 4657
2 6 11 3 5 11 5 2 2 2 3 5 3 3 15
4663 4673 4679 4691 4703 4721 4723 4729 4733 4751 4759 4783 4787 4789 4793
3 3 11 2 5 6 2 17 5 19 3 6 2 2 3
4799 4801 4813 4817 4831 4861 4871 4877 4889 4903 4909 4919 4931 4933 4937
7 7 2 3 3 11 11 2 3 3 6 13 6 2 3
4943 4951 4957 4967 4969 4973 4987 4993 4999 5003 5009 5011 5021 5023 5039
7 6 2 5 11 2 2 5 3 2 3 2 3 3 11
5051 5059 5077 5081 5087 5099 5101 5107 5113 5119 5147 5153 5167 5171 5179
2 2 2 3 5 2 6 2 19 3 2 5 6 2 2
5189 5197 5209 5227 5231 5233 5237 5261 5273 5279 5281 5297 5303 5309 5323
2 7 17 2 7 10 3 2 3 7 7 3 5 2 5
5333 5347 5351 5381 5387 5393 5399 5407 5413 5417 5419 5431 5437 5441 5443
2 3 11 3 2 3 7 3 5 3 3 3 5 3 2
5449 5471 5477 5479 5483 5501 5503 5507 5519 5521 5527 5531 5557 5563 5569
7 7 2 3 2 2 3 2 13 11 5 10 2 2 13
5573 5581 5591 5623 5639 5641 5647 5651 5653 5657 5659 5669 5683 5689 5693
2 6 11 5 7 14 3 2 5 3 2 3 2 11 2
Table 15: Each prime (2579–5693) with its smallest primitive root
5701 5711 5717 5737 5741 5743 5749 5779 5783 5791 5801 5807 5813 5821 5827
2 19 2 5 2 10 2 2 7 6 3 5 2 6 2
5839 5843 5849 5851 5857 5861 5867 5869 5879 5881 5897 5903 5923 5927 5939
6 2 3 2 7 3 5 2 11 31 3 5 2 5 2
5953 5981 5987 6007 6011 6029 6037 6043 6047 6053 6067 6073 6079 6089 6091
7 3 2 3 2 2 5 5 5 2 2 10 17 3 7
6101 6113 6121 6131 6133 6143 6151 6163 6173 6197 6199 6203 6211 6217 6221
2 3 7 2 5 5 3 3 2 2 3 2 2 5 3
6229 6247 6257 6263 6269 6271 6277 6287 6299 6301 6311 6317 6323 6329 6337
2 5 3 5 2 11 2 7 2 10 7 2 2 3 10
6343 6353 6359 6361 6367 6373 6379 6389 6397 6421 6427 6449 6451 6469 6473
3 3 13 19 3 2 2 2 2 6 3 3 3 2 3
6481 6491 6521 6529 6547 6551 6553 6563 6569 6571 6577 6581 6599 6607 6619
7 2 6 7 2 17 10 5 3 3 5 14 13 3 2
6637 6653 6659 6661 6673 6679 6689 6691 6701 6703 6709 6719 6733 6737 6761
2 2 2 6 5 7 3 2 2 5 2 11 2 3 3
6763 6779 6781 6791 6793 6803 6823 6827 6829 6833 6841 6857 6863 6869 6871
2 2 2 7 10 2 3 2 2 3 22 3 5 2 3
6883 6899 6907 6911 6917 6947 6949 6959 6961 6967 6971 6977 6983 6991 6997
2 2 2 7 2 2 2 7 13 5 2 3 5 6 5
7001 7013 7019 7027 7039 7043 7057 7069 7079 7103 7109 7121 7127 7129 7151
3 2 2 2 3 2 5 2 7 5 2 3 5 7 7
7159 7177 7187 7193 7207 7211 7213 7219 7229 7237 7243 7247 7253 7283 7297
3 10 2 3 3 2 5 2 2 2 2 5 2 2 5
7307 7309 7321 7331 7333 7349 7351 7369 7393 7411 7417 7433 7451 7457 7459
2 6 7 2 6 2 6 7 5 2 5 3 2 3 2
7477 7481 7487 7489 7499 7507 7517 7523 7529 7537 7541 7547 7549 7559 7561
2 6 5 7 2 2 2 2 3 7 2 2 2 13 13
7573 7577 7583 7589 7591 7603 7607 7621 7639 7643 7649 7669 7673 7681 7687
2 3 5 2 6 2 5 2 7 2 3 2 3 17 6
7691 7699 7703 7717 7723 7727 7741 7753 7757 7759 7789 7793 7817 7823 7829
2 3 5 2 3 5 7 10 2 3 2 3 3 5 2
7841 7853 7867 7873 7877 7879 7883 7901 7907 7919 7927 7933 7937 7949 7951
12 2 3 5 2 3 2 2 2 7 3 2 3 2 6
7963 7993 8009 8011 8017 8039 8053 8059 8069 8081 8087 8089 8093 8101 8111
5 5 3 14 5 11 2 3 2 3 5 17 2 6 11
8117 8123 8147 8161 8167 8171 8179 8191 8209 8219 8221 8231 8233 8237 8243
2 2 2 7 3 2 2 17 7 2 2 11 10 2 2
8263 8269 8273 8287 8291 8293 8297 8311 8317 8329 8353 8363 8369 8377 8387
3 2 3 3 2 2 3 3 6 7 5 2 3 5 2
8389 8419 8423 8429 8431 8443 8447 8461 8467 8501 8513 8521 8527 8537 8539
6 3 5 2 3 2 5 6 2 7 5 13 5 3 2
8543 8563 8573 8581 8597 8599 8609 8623 8627 8629 8641 8647 8663 8669 8677
5 2 2 6 2 3 3 3 2 6 17 3 5 2 2
8681 8689 8693 8699 8707 8713 8719 8731 8737 8741 8747 8753 8761 8779 8783
15 13 2 2 5 5 3 2 5 2 2 3 23 11 5
8803 8807 8819 8821 8831 8837 8839 8849 8861 8863 8867 8887 8893 8923 8929
2 5 2 2 7 2 3 3 2 3 2 3 5 2 11
8933 8941 8951 8963 8969 8971 8999 9001 9007 9011 9013 9029 9041 9043 9049
2 6 13 2 3 2 7 7 3 2 5 2 3 3 7
Table 16: Each prime (5701–9049) with its smallest primitive root
Appendix B
Projects
In my own teaching, I have found assigning projects to be invaluable. Not every

student loves them, but most appreciate them. These longer assignments give
students a chance to explore topics that aren’t in the text, delve deeper into a topic
touched on in the text, or pull together a body of knowledge that otherwise might
be parceled out in several exercises. Writing up their results is also an invaluable
exercise in getting students to work on their mathematical writing. I have generally
assigned four projects during a semester of number theory (I often assign Project
A on the first day of class); in most other courses I assign three. Enjoy!
233
234 Appendix B. Projects
Project A: Patterns in Number Theoretic Data
One of the most important skills in mathematics is the ability to generalize. In

this project you are asked to look for patterns in numerical data (most of which
have some number theoretic interest), and to describe any patterns you find or
conjecture. Some of the patterns may be proved to exist later in the course.
This project will not require much in the way of writing.
Part One - Number Theoretic Functions
One of the tools we will use to study number theory are functions. They will
typically map the natural numbers to the integers; thus we want to be familiar with
functions f : N → Z. On the next four pages you see a table containing data for
eighteen such functions. Your goal is to deduce, from the data, what each function
is. Thus your answers will take the form of eighteen definitions; each definition can
be given as a formula, or a paragraph of explanation, or an algorithm for computing
values, etc. If you are unable to deduce one (or more) function’s definition, try to
give partial answers, and some indication of where you got stuck. If you need more
data than is given, just ask.
This project was inspired by [Davenport], specifically the table on p. 105.

Appendix B. Projects 235
prime
n factorization f1 (n) f2 (n) f3 (n) f4 (n) f5 (n) f6 (n) f7 (n) f8 (n) f9 (n)
of n
1 – −1 1 1 1 0 1 3 0 1
2 2 1 1 −1 2 1 2 7 3 2
3 3 1 1 −1 3 1 2 7 8 3
4 22 0 2 0 2 1 3 7 15 2
5 5 1 1 −1 5 0 2 7 24 5
6 2·3 1 1 1 3 1 4 3 35 2
7 7 1 1 −1 7 0 2 7 48 7
8 23 0 3 0 2 1 4 7 63 2
9 32 0 2 0 3 1 3 7 80 3
10 2·5 1 1 1 5 1 4 3 99 2
11 11 1 1 −1 11 0 2 7 120 11
12 22 · 3 1 2 0 3 1 6 3 143 2
13 13 1 1 −1 13 0 2 7 168 13
14 2·7 1 1 1 7 1 4 3 195 2
15 3·5 1 1 1 5 1 4 3 224 3
16 24 0 4 0 2 1 5 7 255 2
17 17 1 1 −1 17 0 2 7 288 17
18 2 · 32 1 2 0 3 1 6 3 323 2
19 19 1 1 −1 19 0 2 7 360 19
20 22 · 5 1 2 0 5 1 6 3 399 2
21 3·7 1 1 1 7 1 4 3 440 3
22 2 · 11 1 1 1 11 1 4 3 483 2
23 23 1 1 −1 23 0 2 7 528 23
24 23 · 3 1 3 0 3 1 8 3 575 2
25 52 0 2 0 5 0 3 7 624 5
26 2 · 13 1 1 1 13 1 4 3 675 2
27 33 0 3 0 3 1 4 7 728 3
28 22 · 7 1 2 0 7 1 6 3 783 2
29 29 1 1 −1 29 0 2 7 840 29
30 2·3·5 1 1 −1 5 1 8 3 899 2
31 31 1 1 −1 31 0 2 7 960 31
32 25 1 5 0 2 1 6 7 1023 2
33 3 · 11 1 1 1 11 1 4 3 1088 3
34 2 · 17 1 1 1 17 1 4 3 1155 2
35 5·7 1 1 1 7 0 4 3 1224 5
36 22 · 32 0 4 0 3 1 9 3 1295 2
37 37 1 1 −1 37 0 2 7 1368 37
38 2 · 19 1 1 1 19 1 4 3 1443 2
39 3 · 13 1 1 1 13 1 4 3 1520 3
40 23 · 5 1 3 0 5 1 8 3 1599 2
41 41 1 1 −1 41 0 2 7 1680 41
42 2·3·7 1 1 −1 7 1 8 3 1763 2
43 43 1 1 −1 43 0 2 7 1848 43
44 22 · 11 1 2 0 11 1 6 3 1935 2
45 32 · 5 1 2 0 5 1 6 3 2024 3
46 2 · 23 1 1 1 23 1 4 3 2115 2
47 47 1 1 −1 47 0 2 7 2208 47
48 24 · 3 1 4 0 3 1 10 3 2303 2
49 72 0 2 0 7 0 3 7 2400 7
50 2 · 52 1 2 0 5 1 6 3 2499 2
prime
of n
51 3 · 17 1 1 1 17 1 4 3 2600 3
52 22 · 13 1 2 0 13 1 6 3 2703 2
53 53 1 1 −1 53 0 2 7 2808 53
54 2 · 33 1 3 0 3 1 8 3 2915 2
55 5 · 11 1 1 1 11 0 4 3 3024 5
56 23 · 7 1 3 0 7 1 8 3 3135 2
57 3 · 19 1 1 1 19 1 4 3 3248 3
58 2 · 29 1 1 1 29 1 4 3 3363 2
59 59 1 1 −1 59 0 2 7 3480 59
60 22 · 3 · 5 1 2 0 5 1 12 3 3599 2
61 61 1 1 −1 61 0 2 7 3720 61
62 2 · 31 1 1 1 31 1 4 3 3843 2
63 32 · 7 1 2 0 7 1 6 3 3968 3
64 26 −1 6 0 2 1 7 7 4095 2
65 5 · 13 1 1 1 13 0 4 3 4224 5
66 2 · 3 · 11 1 1 −1 11 1 8 3 4355 2
67 67 1 1 −1 67 0 2 7 4488 67
68 22 · 17 1 2 0 17 1 6 3 4623 2
69 3 · 23 1 1 1 23 1 4 3 4760 3
70 2·5·7 1 1 −1 7 1 8 3 4899 2
71 71 1 1 −1 71 0 2 7 5040 71
72 23 · 32 1 6 0 3 1 12 3 5183 2
73 73 1 1 −1 73 0 2 7 5328 73
74 2 · 37 1 1 1 37 1 4 3 5475 2
75 3 · 52 1 2 0 5 1 6 3 5624 3
76 22 · 19 1 2 0 19 1 6 3 5775 2
77 7 · 11 1 1 1 11 0 4 3 5928 7
78 2 · 3 · 13 1 1 −1 13 1 8 3 6083 2
79 79 1 1 −1 79 0 2 7 6240 79
80 24 · 5 1 4 0 5 1 10 3 6399 2
81 34 0 4 0 3 1 5 7 6560 3
82 2 · 41 1 1 1 41 1 4 3 6723 2
83 83 1 1 −1 83 0 2 7 6888 83
84 22 · 3 · 7 1 2 0 7 1 12 3 7055 2
85 5 · 17 1 1 1 17 0 4 3 7224 5
86 2 · 43 1 1 1 43 1 4 3 7395 2
87 3 · 29 1 1 1 29 1 4 3 7568 3
88 23 · 11 1 3 0 11 1 8 3 7743 2
89 89 1 1 −1 89 0 2 7 7920 89
90 2 · 32 · 5 1 2 0 5 1 12 3 8099 2
91 7 · 13 1 1 1 13 0 4 3 8280 7
92 22 · 23 1 2 0 23 1 6 3 8463 2
93 3 · 31 1 1 1 31 1 4 3 8648 3
94 2 · 47 1 1 1 47 1 4 3 8835 2
95 5 · 19 1 1 1 19 0 4 3 9024 5
96 25 · 3 1 5 0 3 1 12 3 9215 2
97 97 1 1 −1 97 0 2 7 9408 97
98 2 · 72 1 2 0 7 1 6 3 9603 2
99 32 · 11 1 2 0 11 1 6 3 9800 3
100 22 · 52 0 4 0 5 1 9 3 9999 2
prime
of n
1 – 1 1 0 0 0 0 1 1 1
2 2 1 1 1 0 −1 1 2 −1 3
3 3 2 1 1 0 −1 1 3 1 4
4 22 2 2 0 0 −1 0 2 −1 7
5 5 4 1 1 1 −1 1 5 −1 6
6 2·3 2 2 0 0 −1 1 6 1 12
7 7 6 1 1 0 −1 1 7 −1 8
8 23 4 4 0 0 1 0 2 −1 15
9 32 6 3 0 0 −1 0 3 −1 13
10 2·5 4 2 0 1 −1 1 10 1 18
11 11 10 1 1 0 −1 1 11 −1 12
12 22 · 3 4 4 0 0 1 1 6 −1 28
13 13 12 1 1 0 −1 1 13 −1 14
14 2·7 6 2 0 0 −1 1 14 −1 24
15 3·5 8 3 0 1 1 1 15 1 24
16 24 8 8 0 0 1 0 2 −1 31
17 17 16 1 1 0 −1 1 17 −1 18
18 2 · 32 6 6 0 0 −1 1 6 −1 39
19 19 18 1 1 0 −1 1 19 −1 20
20 22 · 5 8 4 0 1 1 1 10 −1 42
21 3·7 12 3 0 0 1 1 21 1 32
22 2 · 11 10 2 0 0 −1 1 22 −1 36
23 23 22 1 1 0 −1 1 23 −1 24
24 23 · 3 8 8 0 0 1 1 6 −1 60
25 52 20 5 0 1 −1 0 5 −1 31
26 2 · 13 12 2 0 0 −1 1 26 −1 42
27 33 18 9 0 0 −1 0 3 −1 40
28 22 · 7 12 4 0 0 1 1 14 1 56
29 29 28 1 1 0 −1 1 29 −1 30
30 2·3·5 8 6 0 1 1 1 30 −1 72
31 31 30 1 1 0 −1 1 31 −1 32
32 25 16 16 0 0 1 0 2 −1 63
33 3 · 11 20 3 0 0 1 1 33 −1 48
34 2 · 17 16 2 0 0 −1 1 34 −1 54
35 5·7 24 5 0 1 1 1 35 −1 48
36 22 · 32 12 12 0 0 1 0 6 1 91
37 37 36 1 1 0 −1 1 37 −1 38
38 2 · 19 18 2 0 0 −1 1 38 −1 60
39 3 · 13 24 3 0 0 1 1 39 −1 56
40 23 · 5 16 8 0 1 1 1 10 −1 90
41 41 40 1 1 0 −1 1 41 −1 42
42 2·3·7 12 6 0 0 1 1 42 −1 96
43 43 42 1 1 0 −1 1 43 −1 44
44 22 · 11 20 4 0 0 1 1 22 −1 84
45 32 · 5 24 9 0 1 1 1 15 1 78
46 2 · 23 22 2 0 0 −1 1 46 −1 72
47 47 46 1 1 0 −1 1 47 −1 48
48 24 · 3 16 16 0 0 1 1 6 −1 124
49 72 42 7 0 0 −1 0 7 −1 57
50 2 · 52 20 10 0 1 −1 1 10 −1 93
prime
of n
51 3 · 17 32 3 0 0 1 1 51 −1 72
52 22 · 13 24 4 0 0 1 1 26 −1 98
53 53 52 1 1 0 −1 1 53 −1 54
54 2 · 33 18 18 0 0 −1 1 6 −1 120
55 5 · 11 40 5 0 1 1 1 55 1 72
56 23 · 7 24 8 0 0 1 1 14 −1 120
57 3 · 19 36 3 0 0 1 1 57 −1 80
58 2 · 29 28 2 0 0 −1 1 58 −1 90
59 59 58 1 1 0 −1 1 59 −1 60
60 22 · 3 · 5 16 12 0 1 1 1 30 −1 168
61 61 60 1 1 0 −1 1 61 −1 62
62 2 · 31 30 2 0 0 −1 1 62 −1 96
63 32 · 7 36 9 0 0 1 1 21 −1 104
64 26 32 32 0 0 1 0 2 −1 127
65 5 · 13 48 5 0 1 1 1 65 −1 84
66 2 · 3 · 11 20 6 0 0 1 1 66 1 144
67 67 66 1 1 0 −1 1 67 −1 68
68 22 · 17 32 4 0 0 1 1 34 −1 126
69 3 · 23 44 3 0 0 1 1 69 −1 96
70 2·5·7 24 10 0 1 1 1 70 −1 144
71 71 70 1 1 0 −1 1 71 −1 72
72 23 · 32 24 24 0 0 1 1 6 −1 195
73 73 72 1 1 0 −1 1 73 −1 74
74 2 · 37 36 2 0 0 −1 1 74 −1 114
75 3 · 52 40 15 0 1 1 1 15 −1 124
76 22 · 19 36 4 0 0 1 1 38 −1 140
77 7 · 11 60 7 0 0 1 1 77 −1 96
78 2 · 3 · 13 24 6 0 0 1 1 78 1 168
79 79 78 1 1 0 −1 1 79 −1 80
80 24 · 5 32 16 0 1 1 1 10 −1 186
81 34 54 27 0 0 −1 0 3 −1 121
82 2 · 41 40 2 0 0 −1 1 82 −1 126
83 83 82 1 1 0 −1 1 83 −1 84
84 22 · 3 · 7 24 12 0 0 1 1 42 −1 224
85 5 · 17 64 5 0 1 1 1 85 −1 108
86 2 · 43 42 2 0 0 −1 1 86 −1 132
87 3 · 29 56 3 0 0 1 1 87 −1 120
88 23 · 11 40 8 0 0 1 1 22 −1 180
89 89 88 1 1 0 −1 1 89 −1 90
90 2 · 32 · 5 24 18 0 1 1 1 30 −1 234
91 7 · 13 72 7 0 0 1 1 91 1 112
92 22 · 23 44 4 0 0 1 1 46 −1 168
93 3 · 31 60 3 0 0 1 1 93 −1 128
94 2 · 47 46 2 0 0 −1 1 94 −1 144
95 5 · 19 72 5 0 1 1 1 95 −1 120
96 25 · 3 32 32 0 0 1 1 6 −1 252
97 97 96 1 1 0 −1 1 97 −1 98
98 2 · 72 42 14 0 0 −1 1 14 −1 171
99 32 · 11 60 9 0 0 1 1 33 −1 156
100 22 · 52 40 20 0 1 1 0 10 −1 217
Part Two - CF Expansions

Below and on the next page are CF expansions for the first 120 natural numbers.
These are similar to, for example, decimal expansions such as 14 = 0.25, 15 = 0.2,
1 1
6 = 0.16, 7 = 0.142857, . . . , in that some CF expansions are finite, and some
are infinite with repetition; in those that repeat the part that repeats is indicated
by the bar. Thus the CF expansion for the natural number 33 is an initial five,
followed by the infinitely-repeated pattern “one, then two, then one, then ten.”
Describe as many patterns as you can detect in these CF expansions. (The most
obvious one is that “The CF expansion for m2 is [m], with no repetition.”)
n CF expansion for n n CF expansion for n

1 [1] 26 [5; 10]
2 [1; 2] 27 [5; 5, 10]
3 [1; 1, 2] 28 [5; 3, 2, 3, 10]
4 [2] 29 [5; 2, 1, 1, 2, 10]
5 [2; 4] 30 [5; 2, 10]
6 [2; 2, 4] 31 [5; 1, 1, 3, 5, 3, 1, 1, 10]
7 [2; 1, 1, 1, 4] 32 [5; 1, 1, 1, 10]
8 [2; 1, 4] 33 [5; 1, 2, 1, 10]
9 [3] 34 [5; 1, 4, 1, 10]
10 [3; 6] 35 [5; 1, 10]
11 [3; 3, 6] 36 [6]
12 [3; 2, 6] 37 [6; 12]
13 [3; 1, 1, 1, 1, 6] 38 [6; 6, 12]
14 [3; 1, 2, 1, 6] 39 [6; 4, 12]
15 [3; 1, 6] 40 [6; 3, 12]
16 [4] 41 [6; 2, 2, 12]
17 [4; 8] 42 [6; 2, 12]
18 [4; 4, 8] 43 [6; 1, 1, 3, 1, 5, 1, 3, 1, 1, 12]
19 [4; 2, 1, 3, 1, 2, 8] 44 [6; 1, 1, 1, 2, 1, 1, 1, 12]
20 [4; 2, 8] 45 [6; 1, 2, 2, 2, 1, 12]
21 [4; 1, 1, 2, 1, 1, 8] 46 [6; 1, 3, 1, 1, 2, 6, 2, 1, 1, 3, 1, 12]
22 [4; 1, 2, 4, 2, 1, 8] 47 [6; 1, 5, 1, 12]
23 [4; 1, 3, 1, 8] 48 [6; 1, 12]
24 [4; 1, 8] 49 [7]
25 [5] 50 [7; 14]
n CF expansion for n n CF expansion for n

51 [7; 7, 14] 86 [9; 3, 1, 1, 1, 8, 1, 1, 1, 3, 18]
52 [7; 4, 1, 2, 1, 4, 14] 87 [9; 3, 18]
53 [7; 3, 1, 1, 3, 14] 88 [9; 2, 1, 1, 1, 2, 18]
54 [7; 2, 1, 6, 1, 2, 14] 89 [9; 2, 3, 3, 2, 18]
55 [7; 2, 2, 2, 14] 90 [9; 2, 18]
56 [7; 2, 14] 91 [9; 1, 1, 5, 1, 5, 1, 1, 18]
57 [7; 1, 1, 4, 1, 1, 14] 92 [9; 1, 1, 2, 4, 2, 1, 1, 18]
58 [7; 1, 1, 1, 1, 1, 1, 14] 93 [9; 1, 1, 1, 4, 6, 4, 1, 1, 1, 18]
59 [7; 1, 2, 7, 2, 1, 14] 94 [9; 1, 2, 3, 1, 1, 5, 1, 8, 1, 5, 1, 1, 3, 2, 1, 18]
60 [7; 1, 2, 1, 14] 95 [9; 1, 2, 1, 18]
61 [7; 1, 4, 3, 1, 2, 2, 1, 3, 4, 1, 14] 96 [9; 1, 3, 1, 18]
62 [7; 1, 6, 1, 14] 97 [9; 1, 5, 1, 1, 1, 1, 1, 1, 5, 1, 18]
63 [7; 1, 14] 98 [9; 1, 8, 1, 18]
64 [8] 99 [9; 1, 18]
65 [8; 16] 100 [10]
66 [8; 8, 16] 101 [10; 20]
67 [8; 5, 2, 1, 1, 7, 1, 1, 2, 5, 16] 102 [10; 10, 20]
68 [8; 4, 16] 103 [10; 6, 1, 2, 1, 1, 9, 1, 1, 2, 1, 6, 20]
69 [8; 3, 3, 1, 4, 1, 3, 3, 16] 104 [10; 5, 20]
70 [8; 2, 1, 2, 1, 2, 16] 105 [10; 4, 20]
71 [8; 2, 2, 1, 7, 1, 2, 2, 16] 106 [10; 3, 2, 1, 1, 1, 1, 2, 3, 20]
72 [8; 2, 16] 107 [10; 2, 1, 9, 1, 2, 20]
73 [8; 1, 1, 5, 5, 1, 1, 16] 108 [10; 2, 1, 1, 4, 1, 1, 2, 20]
74 [8; 1, 1, 1, 1, 16] 109 [10; 2, 3, 1, 2, 4, 1, 6, 6, 1, 4, 2, 1, 3, 2, 20]
75 [8; 1, 1, 1, 16] 110 [10; 2, 20]
76 [8; 1, 2, 1, 1, 5, 4, 5, 1, 1, 2, 1, 16] 111 [10; 1, 1, 6, 1, 1, 20]
77 [8; 1, 3, 2, 3, 1, 16] 112 [10; 1, 1, 2, 1, 1, 20]
78 [8; 1, 4, 1, 16] 113 [10; 1, 1, 1, 2, 2, 1, 1, 1, 20]
79 [8; 1, 7, 1, 16] 114 [10; 1, 2, 10, 2, 1, 20]
80 [8; 1, 16] 115 [10; 1, 2, 1, 1, 1, 1, 1, 2, 1, 20]
81 [9] 116 [10; 1, 3, 2, 1, 4, 1, 2, 3, 1, 20]
82 [9; 18] 117 [10; 1, 4, 2, 4, 1, 20]
83 [9; 9, 18] 118 [10; 1, 6, 3, 2, 10, 2, 3, 6, 1, 20]
84 [9; 6, 18] 119 [10; 1, 9, 1, 20]
85 [9; 4, 1, 1, 4, 18] 120 [10; 1, 20]

n
Project B: Binomial Coefficients,
k
In this project we will

follow
Newton’s lead and generalize the definition of the
n
binomial coefficients, , and use these generalized binomial coefficients in various
k
ways.

n
We have defined the binomial coefficients as , the number of distinct subsets of
k
n
a set S that contain n distinguishable objects (see page 19). Thus is defined
k
for n ∈ N and k = 0, 1, 2, . . . , n. We may extend this
definition to n = 0, since our
n
set S could be empty, and then we can agree that = 1 for all n ∈ W, since the
0
empty set is the unique subset of S that has size zero.
The first part of this project
n
is to see how far we can extend the definition of , for other numbers n and k.
k
First we might see that the restriction k ≤ n is unnecessary, since for instance we
4
can see that = 0 since a set of size four has no subsets of size seven. Similarly,
7
n
the restriction k ≥ 0 is unnecessary, since = 0 for all n ∈ W.
−3

n
Exercise 1: Make a careful definition of for n ∈ W and k ∈ Z. What are the
k
n
values of when k < 0 or k > n?
k

n
Exercise 2: In a similar vein, we can extend the definition of to the case
k
where n < 0, even
though there are no sets with negative
sizes. Make a careful
n n
definition of for n ∈ Z and k ∈ Z. Compute for −5 ≤ n ≤ 7, −5 ≤ k ≤ 7
k k
and fill in the table on page 245.
Exercise 3: Recall the addition rule for binomial coefficients:

n n−1 n−1
= + .
k k−1 k
There is exactly one pair of integers (n, k) for which this rule is false, and that pair
of values appears in the table you produced in Exercise 2. What is it?

n
In Section 5, page 20, we showed that may be computed with the formula
k
n n!
= but this formula only makes sense for our original set of ns and
k k!(n − k)!
ks. We may rewrite, this, however, to cancel the factors of (n − k)! with some of
the factors of n!, and obtain:

n n(n − 1)(n − 2) · · · (n − k + 1)
= ,
k k!
which can be computed for any real number n and any non-negative integer k.
Exercise 4: Extend the definition above to all n ∈ R and all integers k in a way
consistent with Exercise 1. That is, complete the following definition
⎧
⎪
⎪
n(n−1)(n−2)···(n−k+1)
if k > 0
⎪
⎪ k!
⎪ ⎪
⎨
n
= if k = 0
k ⎪
⎪
⎪
⎪
⎪
⎪
⎩ if k < 0.
Is your definition consistent with Exercise 1 when k > n? Is your definition consis-
tent with Exercise 2 when n < 0?
Exercise 5: Show that with the definition in Exercise 4, we have

n n−1 n−1
= +
k k−1 k
for all n ∈ R and k ∈ Z. This new definition leads to the table of values in Table 17
on page 246.
We wish to use these new, extended-definition binomial coefficients to calculate

things like square
1roots. Newton was the first to do this; he wanted to use the
2 π
definite integral 1 − x2 dx = as a way to calculate π. Our first step towards
0 4
this calculation is
√
Exercise 6: Assume that the function f (x) = 1 + x can be written as
∞

√
f (x) = 1 + x = c 0 + c 1 x + c 2 x2 + c 3 x3 + c 4 x4 + · · · = c k xk .
k=0
Use f (0) = 1 and (f (x))2 = 1 + x to calculate the first six coefficients, c0 up to c5 .

You will want to use the method of equating coefficients.
Exercise 7: Use Taylor’s theorem (from calculus) to write out the Taylor series
at a = 0 for f (x). Check that the first five coefficients are the same as those you
found in Exercise 6.
Exercise 8: Use Taylor’s theorem (from calculus) to write out the Taylor series at
a = 0 for g(t) = (1 + t)p , where p is a constant. Write it in the form
∞

(1 + t)p = g(t) = c k tk .
k=0
p
Then substitute t = xy , and multiply by y p to get an expression for y p 1 + xy =
p
(y + x) . Is your expression consistent with the binomial theorem? What are the
similarities, and what are the differences?
√
Exercise 9: We wish to use the results of Exercise 6 to approximate 2, which
technology gives as 1.41421356237310 . . .. We will use the approximation
√
f (x) = 1 + x ≈ p(x) = c0 + c1 x + c2 x2 + c3 x3 + c4 x4 + c5 x5 ,
for the coefficients you found in Exercise 6. It turns out that we can use this
approximation in several ways to estimate square roots.
1. Calculate p(1) and see how close it is, in relative error, to

√
2 = 1.41421356237310 . . . .
Relative error is defined to be

|absolute error| |estimated value − actual value|
relative error = = .
actual value actual value

1 4 1 7 1
2. Repeat part 1 using 2p − . Then calculate p , p , and
2 3 8 5 49

10 1 √
p − (note that each of these expressions is equal to 2). Present
7 50
your results in a table:
approximation absolute error relative error
p(1)

1
2p −
2

4 1
p
3 8

7 1
p
5 49

10 1
p −
7 50
In a vein similar to Exercise 9, we can manipulate the results of Exercise 6 to

approximate the transcendental number, π. The first step is to use the quarter-
circle rule, for r > 0: r2
1
r 2 − x2 dx = πr 2 .
0 4
12
√
Exercise 10: Calculate π = 4 1 − x2 dx, using the idea that 1 − x2 =
2 0
1 + (−x2 ) = f (−x2 ), which can thus be approximated by p(−x2 ).
Exercise 11: A better approximation to π can be found using the following:

12 2 √
π 3
1 − x dx = piece of pie + triangle =
2 + ,
0 12 8
√
1
22 3 3
so π = 12 1 − x dx −
2 . (Draw a picture of the area represented by the
0 2
definite integral to see why it splits into a piece of pie and a triangle.) Calculate
√
the
3 integral as you did the integral in Exercise
3 10. We could approximate 3 using
4 4 4
2 3 1 5 2 7 1 12 1
3 1+ − , 1+ , 1+ , 1+ − , or 1 + ; you should
3 2 3 3 25 4 49 7 48
use the most accurate approximation.
Exercise 12: Use the results of Exercise 8 to write the series representation for
1
b(t) = = (1 + (−t))−1 .
1−t
Does this agree with what you learned about this series in calculus?
Exercise 13: Some people have a difficult time understanding what number the
expression 0.99999 . . . represents. Rewrite this number as
0.9999 . . . = 9(0.11111 . . .)

1 1 1 1
= 9 + + + + ···
10 100 1000 10, 000

9 1 1 1
= 1+ + + + ···
10 10 100 1000
∞
9
1
= .
10 10k
k=0
Use the expression obtained in Exercise 12 to simplify this number.


n
Table for Exercise 2: Fill in the values of .
k
n\k −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
−5 0
−4 0
−3 0
−2 0
−1 0
0 0
1 0
2 0
3 0
4 0
5 0
6 0
7 0
8 0 0 0 0 0 1 8 28 56 70 56 28 8 1
n\k −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
−5 0 0 0 0 0 1 −5 15 −35 70 −126 210 −330 495
−4 0 0 0 0 0 1 −4 10 −20 35 −56 84 −120 165
−3 0 0 0 0 0 1 −3 6 −10 15 −21 28 −36 45
−2 0 0 0 0 0 1 −2 3 −4 5 −6 7 −8 9
−1 0 0 0 0 0 1 −1 1 −1 1 −1 1 −1 1
0 0 0 0 0 0 1 0 0 0 0 0 0 0 0
1 0 0 0 0 0 1 1 0 0 0 0 0 0 0
2 0 0 0 0 0 1 2 1 0 0 0 0 0 0
3 0 0 0 0 0 1 3 3 1 0 0 0 0 0
4 0 0 0 0 0 1 4 6 4 1 0 0 0 0
5 0 0 0 0 0 1 5 10 10 5 1 0 0 0
6 0 0 0 0 0 1 6 15 20 15 6 1 0 0
7 0 0 0 0 0 1 7 21 35 35 21 7 1 0
8 0 0 0 0 0 1 8 28 56 70 56 28 8 1

n
Table 17: A table of values using the extended definition of
k
Project C: Bernoulli Numbers and Bernoulli Poly-

nomials
This project was inspired by a summer course taught by David Rohrlich of Boston
University.
The Bernoulli numbers, b0 , b1 , b2 , b3 , . . . , are defined by:

∞

tk
t
= bk .
et − 1 k!
k=0
t
That is, expand the function f (t) = into a power series centered at a = 0,
et − 1
and then define the Bernoulli numbers to be the coefficients of the resulting power
series. The way to do this is not to use Taylor’s theorem and differentiation; instead,
write ∞

tk
t = (e − 1)
t
bk ,
k!
k=0
expand the right-hand side as a single series, and then equate coefficients. (So you
should think of the left-hand side as a power series, all of whose coefficients are zero
except the coefficient of t, which is one.)
Exercise 1: Calculate the first seven Bernoulli numbers, b0 up to b6 .
Exercise 2: Explain why the Bernoulli numbers are rational: bk ∈ Q.
Exercise 3: Use the method above (equating coefficients) to justify the following
recursive formula for bk , k ∈ N:

k k−1
k+1 1
k+1
bj = 0, so bk = − bj .
j=0
j k + 1 j=0 j
1 t 1
Exercise 4: Show that the function g(t) = f (t) + t = t + t is even (that
2 e −1 2
is, g(−t) = g(t)), and thus conclude that when k is odd, k > 1, bk = 0.
Now define the Bernoulli polynomials, B0 (x), B1 (x), B2 (x), B3 (x), . . . by:

∞
text tk
f (t)ext = = B k (x) .
et − 1 k!
k=0
Exercise
5: Calculate
the first four Bernoulli polynomials (using text = (et −
∞ k
k=0 Bk (x) k! ) and then explain why Bk (x) ∈ Q[x]. That is, explain why the
t
1)
definition above implies that Bk (x) is a polynomial (rather than a power series),
and why the coefficients must be rational numbers.
Exercise 6: What is the connection between the Bernoulli numbers and the
Bernoulli polynomials? (Hint: you can let x equal . . . .)
As I was writing my Ph.D. dissertation, I noticed that I kept doing similar calcu-
lations, all of which looked like

m
m
Bj (x) (something)m−j = something in closed form.
j=0
j
I finally realized I needed a lemma:
Lemma 17 m

m
Bj (x)y m−j = Bm (x + y).
j=0
j
te(x+y)t
Proof . Let m(t, x, y) = . Then by the definition of the Bernoulli polyno-
et − 1
mials, we have

∞
te(x+y)t tm
= B m (x + y) .
et − 1 m=0
m!
Then we may expand the left-hand side (with different indices) to get
te(x+y)t text
= · eyt
et − 1 et − 1
∞ ⎛ ∞ ⎞

tk ⎝
(yt)j ⎠
= Bk (x) .
k! j=0
j!
k=0
Multiplying out the two series on the right, we get a power series in t. When we
collect all terms that involve the power tm , say, we will need terms in the first sum
with tk and terms in the second sum with tj , and we also need k + j = m. Thus
the coefficient of tm will be a sum that looks like

Bk (x) y j
.
k! j!
k+j=m
Since k ≥ 0 and j ≥ 0, we will have m + 1 terms, with k = 0, 1, 2, . . . , m and

m − k = j = m, m − 1, m − 2, . . . , 3, 2, 1, 0. Thus the coefficient of tm will be

m m−k
m
Bk (x) y 1 m
= Bk (x)y m−k .
k! (m − k)! m! k
k=0 k=0
Thus we have shown that

∞
m
te(x+y)t

m tm
m−k
= Bk (x)y .
e −1
t
m=0
k m!
k=0
Since power series are uniquely determined by their coefficients, we see that

m
m
Bk (x)y m−k = Bm (x + y).
k
k=0
Exercise 7: Justify the formula

k
k
Bk (x) = bj xk−j .
j=0
j
Exercise 8: Use Exercise 7 to conclude that Bk (x) is monic; that is, that the
leading term has coefficient one.
Exercise 9: Show that

1
1 if k = 0
(a) Bk (x) dx =
0 0 else.
d
(b) Bk (x) = kBk−1 (x) for k ∈ W.
dx
(c) Bk (1 − x) = (−1)k Bk (x) for k ∈ W.
(d) Bk (x + 1) − Bk (x) = kxk−1 for k ∈ W.
(e) Bk (1) = Bk (0) for k ∈ N, k ≥ 2.
n
Bk+1 (n + 1) − Bk+1 (0)
(f) jk = for k, n ∈ N.
j=1
k+1
N −1
x+j
(g) N k−1
Bk = Bk (x) for k ∈ W, N ∈ N.
j=0
N
Exercise 10: Show that the formula in Exercise 9(f) above is consistent with the
formulas for the sums of first, second and third powers of positive integers:
n 2
n(n + 1) n(n + 1)(2n + 1) n(n + 1)
j= , j= , and j3 = .
j=1
2 j=1
6 j=1
2
Exercise 11: On the next page are the factorizations of the denominators of the
Bernoulli numbers into primes. Use the data to formulate a rule that gives the
denominators of the Bernoulli numbers. You are welcome to try to prove your rule,
but that is above and beyond the call of duty.
Okay, that was fun, but why do we care? The Bernoulli numbers and Bernoulli
polynomials come up all over number theory:
• Of course, the formulas in Exercise 9(f) above are handy to have (in number
theory as well as in calculus and elsewhere). This was in fact the reason Jakob
Bernoulli first studied the polynomials.
• The Riemann zeta function, defined by
ζ(s) = 1−s + 2−s + 3−s + 4−s + 5−s + · · · = n−s ,

n=1
which is the subject of the celebrated Riemann hypothesis, can be shown to

satisfy
(2π)k B2k
ζ(2k) = (−1)k+1 , for k ∈ N.
2(2k)!
• In 1847 Ernst Kummer showed that Fermat’s last theorem was true for those
exponents that are regular primes; a prime p is regular ⇐⇒ p does not divide
the numerators of b2 , b4 , . . . , bp−3 . That still leaves all the irregular primes,
but it was a major step forward in showing that Fermat’s last theorem was
true.
√
• For certain rings R such as the Z[ d]’s you may have worked with in the
exercises, the class number of R is a measure of how badly unique factorization
fails; many class numbers may be calculated using Bernoulli numbers.
• In my Ph.D. dissertation, a theory of integration in the p-adic numbers is

developed. It turns out that the formula in Exercise 9(g) is crucial in that
development, and the Bernoulli polynomials form the basis for the work my
advisor and I did on p-adic integration.
Further facts:
• Though the Bernoulli numbers b1 , b2 , b4 , b6 , . . . are non-integral rational

numbers, they are close to being integral; in fact,

1
bk + ∈ Z.
p
(p−1)|k
• For x ∈ R, define {x} = x − x, so 0 ≤ {x} < 1. Then the Bernoulli function

Bk (x) = Bk ({x}) is periodic with period 1. By Exercise 9(e), the functions
Bk are continuous for k ≥ 2. They have Fourier series expansions given by
−k!
e2πinx
Bk (x) = .
(2πi)k nk
n∈Z, n
=0
Factorization of Factorization of
k denominator of bk k denominator of bk
8 2·3·5 56 2 · 3 · 5 · 29
10 2 · 3 · 11 58 2 · 3 · 59
12 2 · 3 · 5 · 7 · 13 60 2 · 3 · 5 · 7 · 11 · 13 · 31 · 61
14 2·3 62 2·3
16 2 · 3 · 5 · 17 64 2 · 3 · 5 · 17
18 2 · 3 · 7 · 19 66 2 · 3 · 7 · 23 · 67
20 2 · 3 · 5 · 11 68 2·3·5
22 2 · 3 · 23 70 2 · 3 · 11 · 71
24 2 · 3 · 5 · 7 · 13 72 2 · 3 · 5 · 7 · 13 · 19 · 37 · 73
26 2·3 74 2·3
28 2 · 3 · 5 · 29 76 2·3·5
30 2 · 3 · 7 · 11 · 31 78 2 · 3 · 7 · 79
32 2 · 3 · 5 · 17 80 2 · 3 · 5 · 11 · 17 · 41
34 2·3 82 2 · 3 · 83
36 2 · 3 · 5 · 7 · 13 · 19 · 37 84 2 · 3 · 5 · 7 · 13 · 29 · 43
38 2·3 86 2·3
40 2 · 3 · 5 · 11 · 41 88 2 · 3 · 5 · 23 · 89
42 2 · 3 · 7 · 43 90 2 · 3 · 7 · 11 · 19 · 31
44 2 · 3 · 5 · 23 92 2 · 3 · 5 · 47
46 2 · 3 · 47 94 2·3
48 2 · 3 · 5 · 7 · 13 · 17 96 2 · 3 · 5 · 7 · 13 · 17 · 97
50 2 · 3 · 11 98 2·3
52 2 · 3 · 5 · 53 100 2 · 3 · 5 · 11 · 101
54 2 · 3 · 7 · 19 102 2 · 3 · 7 · 103
Project D: Polygons in Lattices
In this project we will find, and justify, an easy formula to calculate the areas of
simple polygons that are formed on a (square) lattice.
Exercise 1: On page 256 you will see a lattice of points that looks like a pegboard.
The lattice is the subset L = Z2 ⊆ R2 ;
L = {(a, b) ∈ R2 : a, b ∈ Z}.
It turns out that if you draw a polygon using only straight lines to connect points
of the lattice (and the lines you draw never intersect), the area of the polygon is
easy to find. There is a formula for the area of such a figure, based only on two
numbers: let I be the number of interior lattice points (those entirely within the
polygon) and let B be the number of lattice points that are on the boundary of the
polygon. Your task is to find a formula for the area A based on the two numbers I
and B. An (incorrect) example of such a formula would be A = B 2 sin(3I). Some
examples of polygons are drawn for you in Figure 39 on page 255. Your answer to
this question should consist of a formula and some indication of how you arrived
at it. (Page 256 has an empty lattice, if you wish to draw your own figures to test
conjectures, etc.)
Exercise 2: As an easiest case, show that your formula is correct for all rectangles
with sides parallel to the axes (Figure 34).
Figure 34: Rectangles with sides parallel to the axes
Exercise 3: Now cut such a rectangle diagonally and show that your formula is
correct for all right triangles with legs parallel to the axes (Figure 35).
Exercise 4: Show that if your formula works for two separate figures P and Q,
then it works when P and Q are joined to form a single figure (Figure 36).
Exercise 5: Show that if your formula works for a figure P , and it also works
when P and Q are joined to form a single figure, then your formula works for the
separate figure Q also (Figure 37).
Exercise 6: Use the previous exercises to show that your result works for any
triangle drawn in the lattice (Figure 38).
Figure 35: Triangles with legs parallel to the axes
Figure 36: Two separate polygons, joined
Figure 37: One polygon, separated into two polygons

Figure 38: Triangles with any orientation
Exercise 7: Since any polygon can be cut up into triangles, Exercises 4 and 6
show that your formula works for any (simple) polygon drawn on the lattice. Use
your formula to find the area of the polygon shown in Figure 40.
(Most of the) Data for Figure 39

Figure B (Boundary) I (Interior) A (Area)
small square 4 0 1
small rectangle 6 0 2
medium rectangle 0 3
long rectangle 0 4
small triangle 0 1/2
medium triangle 0 2
large triangle 1 9/2
backwards “L” 0 4
“I” 0 8
pointy triangle 0 3
“D” 12 6 11
“E” 0 11
“F” 0 10
“M” 0 14
medium square 8 1 4
large square 4 9
fat “T” 7 14
monster 36 20 37
Exercise 8: Show that your formula does not work when the polygon is not simple.
Can you conjecture a rule for the areas of non-simple polygons (Figure 41)?
Figure 39: Some simple polygons
Figure 40: A more complicated polygon
Figure 41: Some non-simple polygons

Figure 42: A blank lattice upon which you may practice

Project E: Primes of the form p = x2 + y 2
Your goal in this project is to prove a conjecture most of you made on Exercise 5,
Section 2.
Theorem 31 Let p > 2 be a prime integer. Then
p can be written as p = a2 + b2 ⇐⇒ p is of the form p = 4k + 1.
Exercise 1: Prove the forward implication.
That was easy; the rest of the project is devoted to proving the other implication.
We start by defining the set
S = {(x, y, z) ∈ N3 : x2 + 4yz = p}.
Exercise 2: You have been assigned a prime, p (see the Table 18 on page 258).
Find the set S, based on your prime p.
Exercise 3: Prove that the set S is finite (no matter what prime p is chosen).
Now define a map f : N3 → N3 by

⎧
⎪
⎨(x + 2z, z, y − x − z) if x < y − z
f (x, y, z) = (2y − x, y, x − y + z) if y − z < x < 2y
⎪
⎩
(x − 2y, x − y + z, y) if 2y < x.
Exercise 4: Prove that f does in fact map elements of N3 to elements of N3 .
Exercise 5: Prove further that f maps S to S.
Exercise 6: For your set S, describe the action of f on S.
Exercise 7: Show that if f has a fixed point (that is, a solution to f (x, y, z) =
(x, y, z)), that it must take the form (1, 1, p−1
4 ), and thus that the fixed point is
unique.
Exercise 8: Prove that if p is of the form p = 1 + 4k, then the point (1, 1, k) is a
fixed point for f . Conclude that
p = 4k + 1 ⇐⇒ the function f : S → S has a unique fixed point.
Exercise 9: Show that the function f is an involution, that is, that f ◦ f is the
identity. You will want to consider cases here.
Exercise 10: Use Exercises 8 and 9 to conclude that S always has an odd number
of elements. Hint: pair up the elements as (P, f (P )) and note that the unique fixed
point pairs up with itself.
Exercise 11: As a general lemma, show that if X is a finite set with an odd number
of elements, any involution ι : X → X must have at least one fixed point.
Exercise 12: Now define g : N3 → N3 by g(x, y, z) = (x, z, y). Prove that g also
maps S to itself, and that it is an involution on S. Conclude that S has a fixed
point under g, which must be of the form (a, c, c). Show that this gives the desired
solution: p = a2 + (2c)2 . In fact you have shown the stronger statement that
a prime p is of the form p = 4k + 1 =⇒ p can be written uniquely as p = a2 + b2 .
Exercise 13: For your set S, describe the action of g on S. Give the unique
solution (in positive integers a and b) to p = a2 + b2 for your prime, p.
student prime
197
181
173
157
149
137
113
109
Table 18: For Exercise 2
Most of the material for this project was taken from the excellent book [Moll]. The
author of that work references the article [Zagier].
Project F: The p-adic Numbers
The real numbers R may be thought of as being built out of the rational numbers
Q by filling in the holes through the use of limits. This is implicit in decimal
notation, as we write “π = 3.1415926 . . .” to mean that the number ∞ π1 is the limit
of the rational numbers 31 , 31 , 314 3141
,
10 100 1000 , . . . . Similarly,
e = k=0 k! means e is
defined to be the limit of the rational numbers qn = nk=0 k! 1
. To create the p-adic
numbers, denoted Qp , we fill in the holes in a different manner.
The p-adic norm: Given a field A and a function f : A → R we say that f is a

norm if
• f (a) > 0 for all a = 0 and f (0) = 0 (positive-definiteness)

• for all a, b ∈ A, f (a · b) = f (a) · f (b) (multiplicativity)
• for all a, b ∈ A, f (a + b) ≤ f (a) + f (b) (triangle inequality).
The usual absolute value (also known as the Archimedean norm), |·| : Q → R,
satisfies the properties; in addition, there is a non-Archimedean norm associated to
each positive prime, p. We define the p-adic absolute value |·|p : Q → R as follows:
|0|p = 0. Given q ∈ Q× , write q = ab with (a, b) = 1, a ∈ Z, and b ∈ N (convince
yourself that this representation is unique). Then consider
the prime factorizations
of a and of b. If (ab, p) = 1, then define |q|p = ab p = 1. Otherwise, p appears in
n
both. If p is the highest power of
the prime factorization of a, or of b, but not in
p that divides the numerator a then |q|p = ab p = p−n . If pm is the highest power

of p that divides the denominator b then |q|p = ab p = pm . Thus, for example,
⎧1
⎪
⎪ if p = 3
⎪
⎪1
9
⎪
⎪ if p = 5
⎪
⎪5
32 · 5 32 · 5 ⎨ 8 if p = 2
− = =
23 · 72 · 11 p 23 · 72 · 11 p ⎪
⎪
⎪ 49 if p = 7
⎪
⎪
⎪11
⎪ if p = 11
⎪
⎩
1 else.
Representations in base p: Choose a positive prime, p. Each positive integer can

be written uniquely in base p by expressing it as a polynomial in p, with coefficients
that are non-negative but less than p: 100 = 1 + 0 · 3 + 2 · 32 + 0 · 33 + 1 · 34 , and
142 = 1 + 2 · 3 + 0 · 32 + 2 · 33 + 1 · 34 . Denote by Dp the set of digits {0, 1, 2, . . . p − 1}.
Then the representations are unique:
⎧ ⎫
⎨
M ⎬
N= aj pj : aj ∈ Dp , M ∈ W, aM = 0 .
⎩ ⎭
j=0
For typographical reasons, I will write the expansion as a0 .a1 a2 a3 · · · aM ; thus for
example, we have
100 = (1.0201)3 and 142 = (1.2021)3 .

You may confirm that 125 = (1.011111)2 = (2.2111)3 = (0.01)5 = (6.32)7 =

(4.01)11 , etc. The number zero is of course written as (0.)p (all digits are zero).
What about the negative numbers? It turns out that we are forced to write them
as infinite series in p: −100 = (2.2021222222 . . .)3 , or better yet −100 = (2.20212)3 .
This may seem bizarre,
since we are adding higher and higher powers of p, but note
that limk→∞ pk p = 0, and these series converge!
Exercise 1: Confirm that
−N = {−n ∈ Z : n ∈ N}
∞

= aj pj : aj ∈ Dp ,
j=0

and there is M ∈ W such that aj = p − 1 for all j ≥ M .
Now that we have represented the integers in this way, two natural questions arise:
what is the set ⎧ ⎫
⎨
∞ ⎬
Zp = aj pj : aj ∈ Dp ?
⎩ ⎭
j=0
and what about the rational numbers? The questions are related, in fact, but we
will work on them in order.
If q = ab ∈ Q and (b, p) = 1 then q can be written as an element of Zp : there is a

simple way, involving a geometric series. Suppose we wish to express, for example,
9/7 in Z5 . Then we have
9 5 5 · 2232
= 2− =2−
7 7 7 · 2232
11160 1
= 2− = 2 − 11160 · 6
15624 5 −1
1
= 2 + 11160 ·
1 − 56
= 2 + 11160 · (1 + 56 + 512 + 518 + · · · ).
It is now a simple matter to write 11160 in base 5 as
11160 = 0 · 1 + 2 · 5 + 1 · 52 + 4 · 53 + 2 · 54 + 3 · 55 = (0.21423)5 ,
and thus
9
= (2.0)5 + (0.21423)5 = (2.214230)5 .
7
In general, we round q up (to make the negative signs work out) to the nearest
integer, take the fractional part (which is between 0 and 1) and multiply top and
bottom so that the bottom is in the form pt − 1, and then use a geometric series as
above. We will always get a repeating pattern to the digits: convince yourself that
even when the integer part is negative (and thus has an infinite number of digits),
we will still get digits that eventually repeat.
Now, what happens when p|b? Well, it is a simple matter to factor out all the ps
from the denominator, and proceed as above. What happens when we multiply all
the ps back in? We get a Laurent series in powers of p: define
⎧ ⎫
⎨
∞ ⎬
Qp = aj pj : aj ∈ Dp , m ∈ Z, am = 0 {0}.
⎩ ⎭
j=m
Thus each element of Qp is a series in powers of p, with coefficients in Dp , and there

are only finitely many negative powers of p. A typical element of Qp will look like,
for m ∈ N,
a−m a−m+1 a−m+2 a−1
+ m−1 + m−2 + · · · + + a0 + a1 p + a2 p 2 + · · · + ak p k + · · · ,
pm p p p
where the digits aj are taken from the set Dp = {0, 1, 2, . . . , p − 1} and a−m = 0.
So far, this looks very much like decimal notation, though you should note that the
powers of p are in the opposite order of the powers of 10. A real number can be
written in decimal notation with a finite number of positive powers of 10: a typical
real number has the form
am ·10m +am−1 ·10m−1 +am−2 ·10m−2 +· · ·+a1 ·10+a0 +a−1 ·10−1 +a−2 ·10−2 +· · · ,
with ai ∈ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, and m ∈ N. In decimal notation we call the
symbols ai digits, and a1 is the tens digit, a0 is the ones digit, a−1 is the tenths
digit, etc.
So far all we have is a set, Qp (together with a map from Q into Qp ). But Qp is
actually a ring, with addition and multiplication defined just as in decimal notation:
add corresponding digits, but carry (in the correct direction!) if necessary. (In fact,
it is not hard to show that, with this definition, Qp is in fact a field. You may do
so for extra credit.) Thus you may check that in Q7 we have

2 5 4
+ + 2 + 4 · 7 + 6 · 72
+ · · · + + 3 + 6 · 7 + 2 · 72
+ · · ·
72 7 7
2 2
= 2 + + 6 + 3 · 7 + 2 · 72 + · · ·
7 7
and

2 5 4
+ + 2 + 4 · 7 + 6 · 72 + · · · · + 3 + 6 · 7 + 2 · 7 + ···
2
72 7 7
1 6 3
= 3 + 2 + + 5 + ··· .
7 7 7
Again for typographical reasons, I will write the two calculations as
(252.46 . . .)7 + (43.62 . . .)7 = (226.32 . . .)7
and
(252.46 . . .)7 · (43.62 . . .)7 = (1635.3 . . .)7
5
Exercise 2: Show that the rational number can be expressed as
3
(1.110)2 , (21.0)3 , (0.231)5 , (4.2)7 , and (9.37)11 .
98
Exercise 3: Express as an element of Q7 .
5
Exercise 4: One can of course go in the other direction, in much the same way
that one can show that the real number 15.3142 = 153127
9999 . Express (34.423)5 and
(0.04316)7 as rational numbers.
Exercise 5: Explain why, for q ∈ Qp ,
q ∈ Q ⇐⇒ q has a terminating or repeating representation in Qp .
√
Exercise 6: Find the first five 5-adic digits of the number α = 6 by
√ √
1. showing that 65 = 1 by using the definition ( 6)2 = 6 and the properties
of the norm map
2. assuming α can be written as α = ak · 5k

k=0
∞
2

3. writing 6 = α2 = ak · 5k , collecting like terms, and solving for a0 , a1 ,

k=0
. . . , a4 . (You will have to make a choice, since there are two answers.)
Exercise 7: Find the first five 5-adic digits of the number β = i. (You will first
need to express −1 as element of Q5 .)
√ √
Exercise 8: Explain why 2 ∈ Q7 (you need not find many digits of 2, but
explain why they could be found, if needed), but i does not exist in Q7 (that is,
x2 + 1 = 0 has no solutions in Q7 ).
√
Exercise 9: Explain why neither 6 nor i exists in Q3 .
Now that you have some familiarity with Qp , we extend the definition of the p-adic
absolute value to |·|p : Qp → R by defining, for z ∈ Q× p , |z|p = p
−n
where an
is the first non-zero digit of z; that is, an is the coefficient of the lowest power
of p (for k < n, the coefficient ak = 0). This definition is consistent with the
p-adic absolute value defined earlier on Q, and with this definition we may say that
Zp = {z ∈ Qp : |z| ≤ 1}, so Zp is the unit disk in Qp .
Exercise 10: (For those who have taken analysis—this is a self-graded exercise.)
Convince yourself that Qp is complete.
For everyone, the content of Exercise 10 is that Qp fills in the holes in Q, and so
Qp is a number-theoretic analog to the analysts’ R: a geometric extension of Q,
with no holes. It is a place where one can do calculus and analysis, since limits
exist. Another way to say this is that we are using analysis tools and geometry to
do arithmetic: the size of a number depends on how divisible it is by the prime p.
Consequences:
Exercise 11: Show that the p-adic absolute value defined above satisfies the three
axioms a norm must satisfy (listed on page one).
Exercise 12: Show that the p-adic absolute value defined above satisfies a stronger
third condition:
for all a, b ∈ Qp , f (a + b) ≤ max{f (a), f (b)}.
This property is called the non-Archimedean property; the reason for this name is
that the Archimedean property of the integers states that for any real number x,
there exists an integer n with n > x. However, by contrast, we have this:
Exercise 13: Show that z ∈ Z =⇒ |z|p ≤ 1. That is, the integers lie in the unit
ball of Qp , which is Zp . (This is surprising.)
Extra Credit: Show that the integers are dense in the unit ball Zp .
Extra Credit: Show that the positive integers are dense in Zp .
Extra Credit: Let p be an odd prime. Show that the positive even integers are
dense in Zp . (I needed this result in my dissertation.)
Any norm defined on a field A gives a distance function d : A × A → R; namely

d(a, b) = norm of (a − b). Given a ∈ Qp and r ∈ R, r > 0, define the open ball
B(a, r) = {b ∈ Qp : |a − b|p < r}
and the closed ball

B[a, r] = {b ∈ Qp : |a − b|p ≤ r}.
We may thus rephrase Exercise 13 as saying that Z ⊆ Zp = B[0, 1]: the integers lie
in the closed unit ball centered at the origin. (This is surprising.)
Exercise 14: Show that for all a, b, and c, the distance property given by the
p-adic norm satisfies
d(a, c) = max{d(a, b), d(b, c)} if d(a, b) = d(b, c).
Conclude that in Qp , all triangles are isosceles. (This is surprising.)
Exercise 15: Given a, b ∈ Qp , and positive real numbers r1 and r2 , show that
B(a, r1 ) ∩ B(b, r2 ) = {} or B(a, r1 ) ⊆ B(b, r2 ) or B(b, r2 ) ⊆ B(a, r1 ). Thus open
balls in Qp never intersect non-trivially. (This is surprising.)
In contrast with R, series in Qp are easy to analyze:

∞

a series ak , ak ∈ Qp , converges ⇐⇒ lim |ak |p = 0. (This is surprising.)

k→∞
k=0

∞
1 k
That’s the good news. The bad news is that in series like ex = x , the
k!
k=0
denominators, which make the series converge for all x ∈ R, now make convergence
much more difficult in Qp .
∞
− n n
Exercise 16: Show that |n!|p = p k=1
≥ p 1−p . Conclude that ex converges
pk
1

for x ∈ B 0, p 1−p . In particular, the number e doesn’t exist in Qp , even though
the function ex does. (This is surprising.)
∞

(−1)k+1
Exercise 17: Show that the function log(x) = (x − 1)k converges for
k
k=1
x ∈ B(1, 1). The logarithm function thus has a larger radius of convergence than
the exponential function. (This is surprising.)
Okay, that was fun, but why do we care?
• This construction allows us to use analysis tools to study algebraic objects.

Much as I usually prefer algebra over analysis, it can be a very powerful tool.
• There are many possible norms on Q, but one can prove that each is equivalent
to the usual absolute value or to one of the p-adic norms. If only for the sake
of diversity, we should study them.
• Seeing the construction of the p-adic numbers Qp as a completion of Q, and

how it mirrors the construction of R from Q, can be very illuminating. Many
students think of R as a simple object, but it isn’t. R is a very complicated
object (it can be thought of as an infinite-dimensional vector space over the
field Q, and the degree of the extension is not just infinite, it is uncountably
infinite).
• One way to build analysis is to start with Q, do a geometric completion

and get R, and then do an algebraic completion and get C, which is both
algebraically complete and geometrically complete (and is only a degree-two
extension of R). Alternatively, one can start with Q, form the algebraic
completion A = Q, and then do a geometric completion, again getting C. If
you use the p-adic norm, things are a little trickier. A geometric completion
gets you Qp , as outlined in this project. Then an algebraic completion gets
you Qp . This field is not geometrically closed, so you can make a geometric
completion once again. In theory, this could go on forever, but in fact this is
the last step: the geometric closure of Qp is algebraically complete as well as
geometrically complete. We thus denote this enormous field Cp , in analogy
with C. Again, seeing this construction in such an unfamiliar setting (I am
nowhere close to understanding all of this) helps us to see the construction of
C in a very different light. Though algebraically complete and geometrically
complete, like C, Cp has some real differences from C: Cp is not locally
compact, and Cp is totally disconnected. (This is surprising.)
• p-adic L-functions are in my Ph.D. dissertation, which is entitled The Eisen-

stein Distribution, p-adic L-Functions, and Dedekind Symbols (Boston Uni-
versity, 1997).
Most of the material for this project was taken from the excellent book [Koblitz].
I also used the book [Gouvea].
√
Project G: The Arithmetic of Z[ 5] and of Z[ω]
In this project we will mimic Section 45 and Section √ 46 of the text and try to
examine the arithmetic of two closely related rings, Z[ 5] and Z[ω]. Here we define
ω, the golden ratio, as the positive root of the polynomial x2 − x − 1. (The notation
for the golden ratio has not been standardized; some authors call it ϕ. We will not
use this Greek letter, for obvious reasons.) Furthermore, we have
√ √
Q[ 5] = {a + b 5 ∈ R : a, b ∈ Q},
√ √
Z[ 5] = {a + b 5 ∈ R : a, b ∈ Z},
and
Z[ω] = {a + bω ∈ R : a, b ∈ Z}.
Part One
√ √
Exercise
√ 1: Show that√ Z[ 5] ⊆ Z[ω]
√ ⊆ Q[ √5]. Furthermore, if we define N :
Q[ 5] → Q by N (a + b 5) = (a + b 5)(a − b 5) = a2 − 5b2 , show that
√
(a) In Q[ 5], N (z) = 0 ⇐⇒ z = 0.
(b) If z ∈ Z[ω], then N (z) ∈ Z.
(c) In Z[ω], we may calculate N (a + bω) by using the formula N (a + bω) =
a2 + ab − b2 .
(d) Since ω 2 − ω = 1, we see that ω(ω − 1) = 1. We will define the conjugate of
ω to be ω − 1. Does this agree with the usual definition?
(e) Show that N (a + bω) = (a + bω)(a − b(ω − 1)).
√ √
Exercise 2: The prime 5 factors as 5 = ( 5)2 in Z[ 5]. Show that 5 ramifies in
Z[ω] also (the definition of ramify is in Section 37).
Exercise 3: We already know (from Exercise 5 in Section 35 on page 143) that for
a prime integer p
√
we can write ±p = a2 − 5b2 ⇐⇒ p is not prime in Z[ 5].
Show the analogous fact for Z[ω]:
we can write ±p = a2 + ab − b2 ⇐⇒ p is not prime in Z[ω].
Exercise 4: Show that for a prime integer p,
we can write ±p = a2 − 5b2 =⇒ p = ±5 or p ≡ ±1 (mod 5).
Exercise 5: Show that for a prime integer p,
we can write ±p = a2 + ab − b2 =⇒ p = ±5 or p ≡ ±1 (mod 5).

√ √
Exercise 6: Unlike Z[ √−3] and Z[ρ], Z[ 5] and Z[ω] have many units. Find a
fundamental unit for Z[ 5].
Exercise 7: Find the continued fraction for ω and calculate the first eight conver-
gents to ω. Do you notice anything interesting about the entries in the amazing
array?
Exercise 8: Show that Fn + Fn+1 ω is a unit for all n ∈ W. Here Fn is the nth
Fibonacci number (see Exercise 12, page 24 for a definition). For extra credit, give
the inverse of Fn + Fn+1 ω explicitly.
Exercise 9: Show that, given elements of Z[ω] a and b, with b = 0, that one can
find q and r ∈ Z[ω] with a = bq + r and 0 ≤ |N (r)| ≤ 34 |N (b)|. Conclude that Z[ω]
has a Euclidean algorithm, and thus that Z[ω] has unique factorization.
Exercise 10: Use the unique factorization in Z[ω] to show that for a positive prime
p = 5, we have

5
= +1 =⇒ p is not prime in Z[ω].
p
Exercise 11: Conclude that for an odd prime integer p = ±5, we have le carré:
p can be written as p = a2 + ab − b2 ⇐⇒ p is not prime in Z[ω]

5
p ≡ ±1 (mod 5) ⇐⇒ = +1.
p
√ √
Our next objective is to get le carré for Z[ 5]. If we have a p that factors in Z[ 5],
√ carries over to the larger ring, Z[ω]. How do we go the other
then that factorization
way? As in the Z[ −3] and Z[ρ] situation, one way to proceed√is to adjust any
factorization we get in Z[ω] so as to produce a factorization in Z[ 5]. We will then
have
√
p is not prime in Z[ω] ⇐⇒ p is not prime in Z[ 5]
√
and that will give us le carré for Z[ 5].
For Exercises 12–14, suppose p is an odd positive prime, and p factors in Z[ω] as
p = (a + bω)(c + dω).
√
Exercise 12: Show that if b and d are both even, then p factors in Z[ 5].
Exercise 13: Show that if one of b and d is odd and the other is even, then a and
c are both odd. But this leads to a contradiction, so this case is ruled out.
Exercise 14: Show that if b and d are both odd, then without loss of generality,
you may assume a is odd and c is even. Then rewrite p = (a + bω)(c + dω) as
p = ((a + bω)ω)((c + dω)(−1 + ω)).

√
Conclude that p factors in Z[ 5], and thus for an odd prime integer p = ±5, we
have le carré
√
p can be written as p = a2 − 5b2 ⇐⇒ p is not prime in Z[ 5]

5
p ≡ ±1 (mod 5) ⇐⇒ = +1.
p
Exercise 15: The prime integer 19 factors as 19 = (4 + ω)(5 − ω). Show

√ that 4 + ω
and 5 − ω are primes in Z[ω]. Factor the integer√19 into primes Z[ 5], and show
that the two factors you obtain are primes in Z[ 5]. Repeat this exercise starting
√ 19 = (11 + 17ω)(28 − 17ω). Find another factorization
with √ of 19 into primes in
Z[ 5]. Relate this exercise to whether or not the rings Z[ 5] and Z[ω] have unique
factorization.
Exercise 16: Let p = 29. Illustrate the four facts in le carré in Exercise 11
explicitly, for p = 29. Do the same for le carré in Exercise 14. Repeat this for
p = 41 and p = 109. Present your results in table form, like Table 19 on page 269.
Part Two
Finally, we would like to show that every unit in Z[ω] is in the form ±ω k for k ∈ Z;
equivalently,
Z[ω]× = {±1} ∪ {±(Fn + Fn+1 ω) : n ∈ Z} ∪ {±(Fn+1 − Fn ω) : n ∈ Z}.
Exercise 17: Assume that u = a + bω is a unit in Z[ω]. If either a or b is zero,

show that u ∈ {±1, ±ω}.
Exercise 18: Assume that u = a + bω is a unit in Z[ω]. Show that b − aω, −b + aω,
and −a − bω are all units also.
Exercise 19: Assume that u = a + bω is a unit in Z[ω]. By Exercises 17 and 18

we may assume that a and b are both positive. Show that if a = b then a = b = 1,
so u = 1 + ω = ω 2 . Also show that if a = b, then a < b.
Exercise 20: Assume that u = a + bω is a unit in Z[ω]. By the previous exercises,

if u = 1 + ω, we may assume 0 < a < b. Show that c + dω = u(ω −1 ) = u(−1 + ω) is
also a unit, with 0 < c and d < b. Conclude that we may divide out ω repeatedly
until c = d = 1. Thus u = (1 + ω)ω k = ω k+2 for some k ∈ N.
Exercise 21: Show that ω n = Fn−1 + Fn ω for n = 2, 3, 4, . . . . Conclude that, by

Exercises 18 and 20,
Z[ω]× = {±1} ∪ {±(Fn + Fn+1 ω) : n ∈ Z} ∪ {±(Fn+1 − Fn ω) : n ∈ Z}.
Exercise 22: Exercise 20 shows that if u = a + bω is a unit with a and b positive,

then u = ω n for n = 2, 3, 4, . . . . The case with a and b negative is thus easy:
if u = a + bω is a unit with a and b both negative, then u = −ω n for n = 2, 3,
4, . . . . What if a is positive and b is negative? Show that if u is a unit in Z[ω] and

u = c − dω for positive integers c and d, then c = d =⇒ c = d = 1, and otherwise
0 < d < c.
Exercise 23: Finally, show that if u = c − dω is a unit in Z[ω] with 0 < d < c, then
u(−ω) = a − bω with 0 < a < c and b > 0. Conclude that after multiplying by −ω
repeatedly, we must get 1 − ω = (−ω)−1 . Thus u(−ω)k = (−ω)−1 , so u = ±ω −m
for some m = 2, 3, 4, . . . .
Exercise 24: Putting this all together, conclude that (in addition to the expression
in Exercise 21)
Z[ω]× = {±ω k : k ∈ Z}.
p = 29 p = 41 p = 109
p = a2 + ab − b2
p factors in Z[ω]
p≡ (mod 5)
Solutions to x2 ≡ 5 (mod p)
p = a2 − 5b2
√
p factors in Z[ 5]
Table 19: For Exercise 16

Project H: Arithmetic Functions and Dirichlet Series
In Project A we looked at several arithmetic functions f : N → Z. One way these

are studied systematically is in terms of generating functions, which some of you
have seen in combinatorics or other courses; these were also used in Project C.
Although the generating functions you are used to are all power series in x or t,
we will look at number-theoretic generating functions, or Dirichlet series, that take
a different form. Given a function f : N → C, we define the associated Dirichlet
series by
∞

Df (s) = f (n)n−s = f (1) + f (2)2−s + f (3)3−s + f (4)4−s + · · · .

n=1
The differences are that our variable is s, not x or t; the starting index is one, not
zero; and the variable appears in the exponent, not the base. Thus instead of an
infinite polynomial, we have an infinite sum of exponentials. (All the functions we
will deal with will be functions from N → Z, and we will treat Dirichlet series as
formal objects, i.e., there are no questions of convergence; but in their most general
form, Dirichlet series have complex coefficients, and s is considered a complex
variable: s ∈ C.)
Suppose we have functions p, q : N → Z defined by

√
−1 if n is a prime n if n is a perfect square
p(n) = and q(n) =
1 else, 1 else.
Then we can construct Dirichlet series from each and get

∞

Dp (s) = p(n)n−s = 1 − 2−s − 3−s + 4−s − 5−s + 6−s − 7−s ± · · ·

n=1
and
∞

Dq (s) = q(n)n−s = 1 + 2−s + 3−s + 2 · 4−s + 5−s + 6−s + 7−s + 8−s + 3 · 9−s + · · · .
n=1
Just as with regular generating functions, we may combine these two by multiplying
to get

Dp (s) · Dq (s) = 1 − 2−s − 3−s + 4−s − 5−s + 6−s ± · · ·

· 1 + 2−s + 3−s + 2 · 4−s + 5−s + 6−s + 7−s + · · ·

∞
= v(n)n−s
n=1
= Dv (s).
for some function v : N → Z.
Exercise 1: Calculate v(n) for n = 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10.

We may generalize this to the product of any two functions: if

∞

∞

−s
Df (s) = f (n)n and Dg (s) = g(n)n−s ,
n=1 n=1
then the product Df (s) · Dg (s) = Dh (s) is a new Dirichlet series, and the formula
for the coefficient function h(n) is

n
h(n) = f (d)g .
d
d|n, d>0
Exercise 2: Justify this formula.
The formula defines an operation ∗ on the set
F = {functions f : N → C}.
For f , g ∈ F, define f ∗ g by

n
Df ∗g (s) = Df (s)·Dg (s), and thus (f ∗g)(n) = f (d)g .
d
d|n, d>0
The makes the set F into a monoid : a set with an associative binary operation
(you may check this yourself) and an identity element. Thus monoids have three
of the four properties that define groups, and monoid is to group as ring is to
field. A further fact which will be useful in this project is that the operation ∗ is
commutative.
Exercise 3: Find the identity element for the operation ∗. That is, define a
function ι : N → Z such that f ∗ ι = ι ∗ f = f for all f ∈ F.
Dirichlet generating functions give us a way to systematically study arithmetic

functions. Some examples of arithmetic functions are

1 if n = 1
B(n) =
0 else
Pk (n) = nk , for k ∈ W
τ (n) = P0 ∗ P0
σk (n) = Pk ∗ P0 , k ≥ 0
ϕ(n) = Euler’s ϕ-function

1 if n = a2 + b2 for integers a and b
G(n) =
0 else
r(n) = the number of ways of representing n as n = a2 + b2
(not counting rearrangements and sign changes)

1 if n = a2 − ab + b2 for integers a and b
R(n) =
0 else.
Several other examples (as well as some of these) appeared in Project A.
Exercise 4: Note that τ = σ0 (both notations are prevalent in the literature).

Show that
τ (n) = number of positive divisors of n.
t
Exercise 5: Show that τ (1) = 1. For n > 1, let n = pe11 pe22 pe33 · · · pet t = pei i be
i=1
the unique factorization of n into distinct positive primes. Show that for n > 1,
t
τ (n) = (1 + e1 )(1 + e2 )(1 + e3 ) · · · (1 + et ) = (1 + ei ).
i=1
Many arithmetic functions f : N → Z are multiplicative: that is, (m, n) = 1 =⇒

f (m · n) = f (m) · f (n); we have seen in Proposition 21 on page 112 that the Euler
ϕ-function is multiplicative, and Exercise 5 shows that τ is multiplicative. It is not
hard to show that if f and g are multiplicative, so is f ∗ g. You may use that fact in
the rest of this project. When f (m · n) = f (m) · f (n), regardless of (m, n), we say
f is completely multiplicative. For multiplicative functions, f (1) = 1 is necessary.
Exercise 6: Show that the functions Pk defined above are completely multiplica-
tive.
Exercise 7: Generalize Exercises 4 and 5. Let k > 0. Show that σk (n) = sum of
the kth powers of the positive divisors of n. Show that σk (1) = 1. For n > 1, let
t
n = pe11 pe22 pe33 · · · pet t = pei i be the unique factorization of n into distinct positive
i=1
primes. Use the formula for finite geometric sums to show that
t k(1+ei )
1 − pi
σk (n) = .
i=1
1 − pki
Euler Products
The Dirichlet series
ζ(s) = DP0 (s)
is generally called the Riemann zeta-function; its properties are the subject of the
Riemann hypothesis, perhaps the most important open question in number theory
at present.
Exercise 8: Show that the Riemann zeta-function can be written as

∞

ζ(s) = n−s
n=1
= (1 + 2−s + 4−s + 8−s + · · · )(1 + 3−s + 9−s + 27−s + · · · )
·(1 + 5−s + 25−s + · · · ) · · ·
∞

−si
= p
primes p > 0 i=0

1
= .
1 − p−s
primes p > 0
This may be called the analytic statement of the fundamental theorem of arithmetic;
make sure your proof mentions the fundamental theorem of arithmetic.
Exercise 9: Substituting in s = 1, we get

∞
1 1
= .
n=1
n 1 − p−1
primes p > 0
As the harmonic series on the left diverges, this may be thought of as a proof that
there are infinitely many positive primes. Explain.
Exercise 10: Show that for a multiplicative function f , we have

∞

Df (s) = f (n)n−s
n=1
= f (1) + f (2)2−s + f (3)3−s + f (4)4−s + · · ·

= 1 + f (2)2−s + f (4)4−s + f (8)8−s + · · ·

· 1 + f (3)3−s + f (9)9−s + f (27)27−s + · · · · · ·
∞

= f (pi )p−si .
primes p > 0 i=0
Exercise 11: Show that for a completely multiplicative function f , we may use a
geometric series to go a step further:
∞ ∞

Df (s) = f (pi )p−si = (f (p)p−s )i

primes p > 0 i=0 primes p > 0 i=0

1
= .
1 − f (p)p−s
primes p > 0
1
Exercise 12: We may expand = (1 − p−s ) = μ(n)n−s =
ζ(s) n=1
primes p > 0
Dμ (s), for some function μ : N → Z. Give an explicit formula for μ(n). This
function is called the Möbius μ-function.
Exercise 13: The Möbius μ-function gives rise to the Möbius inversion formula:
F = f ∗ P0 ⇐⇒ f = F ∗ μ.
Prove this. Hint: F = f ∗ P0 =⇒ F ∗ μ = f ∗ P0 ∗ μ. So prove that P0 ∗ μ = ι.
Exercise 14: We have conjectured that ϕ ∗ P0 = P1 . By the previous exercise,

this is equivalent to P1 ∗ μ = ϕ. Define A : N → Z by A = P1 ∗ μ. Give a general
formula for A(pk ), where p is a positive prime. Does this agree with ϕ(pk )? Use
the fact that P1 and μ are multiplicative to conclude that A = ϕ, and thus that
ϕ ∗ P0 = P1 .
Exercise 15: Give a formula for μ2 = μ ∗ μ. Show that μ2 ∗ τ = ι.
Exercise 16: Give a formula for P1 ∗ P1 .
Exercise 17: Show that ϕ ∗ τ = σ1 . Illustrate this surprising fact by calculating

(ϕ ∗ τ )(n) for n = 18, 42, and 72. Also calculate (ϕ ∗ τ )(p) and (ϕ ∗ τ )(p2 ), where
p is a positive prime integer.
Extra Credit: Is the arithmetic function G(n) (defined on page 271) multiplica-
tive? is r(n)?
Extra Credit: Is R(n) (defined on page 271) multiplicative?
The inspiration for this project, and many of the ideas in it, came from the excellent
article [Berberian].
Project J: The Geometry of

Continued Fraction Convergents
The purpose of this project is to use geometry to organize some of our earlier
results on convergents to infinite continued fractions, and to provide a partial proof
of Theorem 20 (page 139).
Let d > 0 be an integer that is not a perfect square. Then we have seen numerical
√
evidence that we can√use the convergents to the continued fraction for α = d to
find the units in Z[ d]. Namely, we calculate the convergents, and√ we see that
eventually we get Pk2 − dQ2k = ±1 for some k ∈ N. Then Pk + Qk d becomes our
fundamental unit, and
√ √
Z[ d]× = {±(Pk + Qk d)n n ∈ Z}.
We will use some geometry in R2 to examine these results. To start, we will

consider the line y = √1d x. Since it has an irrational slope, the only point with
integer coordinates that lies on it is the origin. However, there are points with
integer coordinates (that is, elements of the lattice Z2 ) that lie close to this line.
The Metaphor of the Rubber Bands: Now pretend that every point in the integer
lattice
Z2 = {(a, b) ∈ R2 : a, b ∈ Z}
is a peg protruding perpendicular to the plane, and that we have two rubber bands
stretched along the line y = √1d x, with one end at the origin and the other end
anchored out “at infinity” in the first quadrant. We move one elastic band to the
right until its lower left end is at the point (1, 0), and we see which pegs it now
touches; we also move the other rubber band up until its lower left end is at the
point (0, 1), and also ask what pegs this rubber band touches. In the language
of geometry, we have described the convex hulls of two sets in the first quadrant,
namely
a
S1 = (a, b) ∈ Z2 : a ≥ 0, 0 ≤ b < √
d
and
a
S2 = (a, b) ∈ Z2 : a ≥ 0, b > √ .
d
We will name these convex hulls H1 and H2 , respectively.
Exercise 1: Consider the two hyperbolas x2 − dy 2 = 1 and x2 − dy 2 = −1. Show

that the only element of Z2 strictly between them is the origin. Conclude that any
first quadrant point on either hyperbola that has integer coefficients must lie in H1
or H2 .
Exercise 2: Define points in the plane A0 = (0, 1), Ak = (P2k−2 , Q2k−2 ) for k ≥ 1,
and B0 = (1, 0), Bk = (P2k−1 , Q2k−1 ) for k ≥ 1. Show that the A points lie above
the line y = √1d x and the B points lie below it.
Exercise 3: Show that there are exactly ak + 1 integer points on the line segment
connecting the points (Pk−2 , Qk−2 ) and (Pk , Qk ).
Exercise 4: Consider the region R defined by the set of points
{. . . , B3 , B2 , B1 , B0 , origin, A0 , A1 , A2 , A3 , . . .}.
Use the results of Exercise 11 (page 48) and Project D to show that there are no
points inside R.
Exercise 5: Show that the boundary of R makes a non-zero change of direction

at each point in the list {. . . , B3 , B2 , B1 , B0 , origin, A0 , A1 , A2 , A3 , . . .}.
Exercise 6: Conclude that H1 is the set {B0 , B1 , B2 , B3 , . . .} and H2 = {A0 , A1 , A2 ,

A3 , . . .}.
Figure 43: The geometry of convergents
The metaphor of the√ rubber bands thus shows that the convergents to the con-
tinued fraction for d (or, really, any irrational number) are the closest rational
approximations one can get. Exercises 7–10 expand on that theme.
Exercise 7: Show that r ∈ R is irrational

if and only if there are infinitely many
p
rational numbers q such that q − r < q2 .
p 1
Pk
Exercise 8: Let Q k
be the usual kth convergent to the continued fraction for
r ∈ R. Show that if pq is closer to r than the convergent Q
Pk
k
is, then q > Qk .
Exercise 9: Show that if r ∈ R is irrational then there are infinitely many rational

numbers pq such that pq − r < 2q12 .
Exercise 10: Let r ∈ R be irrational. Prove that of any two consecutive conver-

P
gents to the continued fraction for r, at least one satisfies the inequality Q − r <
1
2Q2 .
√
We now show that there is at least one non-trivial element of Z[ d]× : namely, a
unit that is neither +1 nor −1.
√
Exercise 11: Show that for all n ≥ 0, Pn2 − dQ2n < 2 d + 1. Hint: difference of
squares.
√
Exercise 12: Show that there exists an integer M with |M | < 2 d + 1 such that
x2 − dy 2 = M has an infinite number of integral solutions (x, y).
√
Exercise 13: Conclude that there exists
√ an integer M with |M | < 2 d + 1 such
that there are infinitely many α ∈ Z[ d] such that N (α) = M .
√
Exercise 14: Suppose M ∈ Z and α, β ∈ Z[ d] with N (α) = N (β) = M . Suppose
further that α ≡ β (mod M√ ). (What does this statement mean?) Conclude that
α = βu for some unit u ∈ Z[ d].
√
Exercise 15: Use Exercise √ 14 to show that Z[ d] has a unit that is neither +1
nor −1. Conclude that Z[ d] has an infinite number of units.
Putting the geometry together with the algebra, you have proved most of Theo-
rem 20.
Extra Credit: What exactly is missing to complete the proof of Theorem 20?
Bibliography
[Apostol] Tom M. Apostol, Introduction to Analytic Number Theory, Springer-

Verlag, New York, 1976.
[Berberian] S. K. Berberian, “Number-theoretic functions via convolution rings”,

Mathematics Magazine, 65–2 (1992), 75–90.
[Burton] David M. Burton, Elementary Number Theory, 3rd ed., Wm. C. Brown,
Dubuque, 1994.
[Davenport] Harold Davenport, The Higher Arithmetic, 8th ed., Cambridge Uni-
versity Press, Cambridge, 2008.
[Gouvea] Fernando Gouvêa, p-adic Numbers, Springer-Verlag, New York, 1993.

[Hardy] G.H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers,
5th ed., Oxford University Press, Oxford, 1980.
[Hecke] Erich Hecke, Lectures on the Theory of Algebraic Numbers, Springer-Verlag,
New York, 1981.
[Koblitz] Neal Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions,
Springer-Verlag, New York, 1976.
[Marcus] Daniel A. Marcus, Number Fields, Springer-Verlag, New York, 1977.
[Moll] Victor Moll, Numbers and Functions, American Mathematical Society, 2012.
[Wilf] Herbert S. Wilf, generatingfunctionology, Academic Press, San Diego, 1980.
[Zagier] Don Zagier, “A one-sentence proof that every prime p ≡ 1 (mod 4) is a
sum of two squares”, American Mathematical Monthly, 97–2 (1990), 144.
279
Index
p-adics, 259 complex, 145

multiplication by, 44
algebraic integers, 26, 144 continued fraction, 36, 61, 275
algorithm contrapositive, 62
division, 29, 33, 56, 72, 73, 76, 91, convex, 208
171 counterexample
in Z, 27 smallest, 15
in Z[η], 191
in Z[ρ],
√ 182, 187 daughter, see Eva
in Z[√−2], 142 derivative, 105
in Z[ d], 140 Dirichlet series, 270
in Z[θ], 189 discriminant, 53
in Z[i], 130, 132 distributivity, 3, 9, 73
modified, 56, 175 divisibility, 29, 31
Euclidean, 33, 132, 170 division
amazing array, 39, 138, 139 long, 91
super, 49 division algorithm, see algorithm, divi-
approximation, 243 sion
Archimedean property, 263
arithmetic functions, 38, 270 Eisenstein integers, Z[ρ], 23, 25, 61, 80,
σk , 38 182
Euler’s ϕ, 81, 110 equation ax + by = 1, 35, 62, 68
Möbius, μ, 66, 273 Euler’s ϕ function, 81, 110
tau, τ , 67, 272 Euler’s criterion, 168
arithmetic progression, 154, 155 Eva, 102
associate, 133 even, 28
associativity, 3, 9, 74 existence, 28, 65, 135, 150, 174
Bernoulli Fibonacci numbers, 24, 30, 48, 187, 267

numbers, 247 field, 4, 74, 80
polynomials, 247 football, 41
Beth, 20 fundamental region, 208
Binet’s formula, 24 fundamental theorem of arithmetic, 26,
binomial coefficient, 19, 64, 241 32, 65, 66, 127, 135, 157
fundamental unit, see unit, fundamental
cancellation, 77
cancellation law, 85 Gauss’s lemma, 172
Carly, 102 Gaussian integers, Z[i], 5, 22, 25, 27, 61,
chemist, 42 68
class number, 250 generating functions, 248, 270
congruence, 76 geometric series, 17
conjugate, 24, 26, 266 finite, 14
281
282 Index
golden ratio, 61, 266 in 2Z, 70

in Z, 61
Hensel’s lemma, 106, 197 in Z[ρ],
√ 26
hyperbola, 275 in Z[ 2], 25
in Z[i],
' (25, 70
Inclusion-Exclusion Principle, 17 in Z 12 , 66
induction of the form x2 + y 2 , 6, 7
strong, 15 of the form x2 − 2y 2 , 6, 7
inert, 151 of the form x2 + 2y 2 , 6, 7
interesting, 12 of the form 3k + 2, 155
irrational, 43 of the form 4k + 3, 154, 155
irreducible, 92 of the form 6k + 1, 186
of the form 6k + 5, 155
Kummer, 250
of the form 8k + 3, 155
lattice, 69, 208, 275 of the form 8k + 5, 155
Laurent series, 261 of the form 8k + 7, 155
le carré, 158, 159, 170, 174, 184, 185, of the form a2 − ab + 11b2 , 214
209, 215, 267, 268 of the form a2 − ab + 2b2 , 80, 214
least common multiple, 33, 67, 137 of the form a2 − ab + 3b2 , 80, 214
Legendre symbol, 164, 171 of the form a2 − ab + 5b2 , 214
lemma, 8 of the form a2 − ab + b2 , 79, 214
lifting roots, 106, 197 of the form x2 + 11y 2 , 214
limit, 44, 46, 259 of the form x2 + 19y 2 , 214
linear combination, 30, 34, 35, 41, 62, of the form x2 + 2y 2 , 214
133 of the form x2 + 3y 2 , 6, 7, 214
of the form x2 + 43y 2 , 214
Möbius inversion formula, 274 of the form x2 + 7y 2 , 79, 214
Minkowski, 208 of the form x2 + y 2 , 214
monic, 91, 93, 144, 249 of the form x2 − 3y 2 , 6, 7
monkeys, 101 relatively, 35
multiplicative, 38, 66, 67, 272 theorem, 63
primitive root, 119
negative, 3, 4, 8 PVC pipe, 42
niece, see Carly
norm function, 24–26, 69 quadratic irrational, 52
reduced, 53
odd, 28 quadratic reciprocity
order, 119 law of, 157, 194
evidence, 77
parallelogram
area of, 48 Rafael, 102
Pascal’s triangle, 20 ramify, 151, 266
periodic, 250 recurrence relation, 17, 18
pirates, 101 reduced, 53
polynomial relatively prime, 35
counting roots, 90 Riemann hypothesis, 250, 272
long division, 89 Riemann zeta-function, 272
ring, 5, 61, 118, 144 ring, 3, 66, 70, 72, 80
solving polynomial equations, 88 ring of integers, 144
power series, 242, 248 root
prime, 5, 61, 62 lifting, 106, 197
Index 283
rubber band, 275 wife, see Beth
Sieve of Eratosthenes, 150 zero-divisor, 8, 10, 30, 74, 82, 134, 163,
son, see Rafael 164, 168, 204
split, 151
square-free, 24, 127, 139, 144
squares
perfect, 7, 154, 157
subring, 11, 71, 80
subtraction, 4
sums of powers, 249
Taylor series, 106, 242

theorem
binomial, 20, 242
Chinese remainder, 96, 107, 197
Dirichlet’s, 154
Euclid’s, 153
Euler’s, 116, 173
Fermat’s last, 250
Fermat’s little, 116
Lagrange’s, 90
prime, 63
prime number, 154
Taylor’s, 242, 247
Wilson’s, 77, 108
threven, 29
totient, 81
Towers of Hanoi, 16
trichotomy, 7, 8, 10, 28
type, 53
unique factorization, 250

in 2Z, 70
in 3Z, 70
in Z, see fundamental theorem of
arithmetic
in Z[η], 191
in Z[ω],
√ 267
in Z[√2], 68
in Z[ d], 27, 142
in Z[i], 27, 68, 70, 135
uniqueness, 6, 12, 28, 65, 135, 150, 174
unit, 4, 26, 62, 66, 69, 74, 81, 82, 119,
133
fundamental, 139, 144
vector, 48, 216
well-ordering principle, 8, 11, 14, 28, 65,

69, 127
AMS / MAA TEXTBOOKS
A well-written, inviting textbook designed for a one-semester, junior-level

course in elementary number theory. The intended audience will have
had exposure to proof writing, but not necessarily to abstract algebra.
That audience will be well prepared by this text for a second-semester
course focusing on algebraic number theory. The approach throughout is
geometric and intuitive; there are over 400 carefully designed exercises,
which include a balance of calculations, conjectures, and proofs. There
are also nine substantial student projects on topics not usually covered
in a first-semester course, including Bernoulli numbers and polynomials,
geometric approaches to number theory, the p-adic numbers, quadratic
extensions of the integers, and arithmetic generating functions.
For additional information

and updates on this book, visit
www.ams.org/bookpages/text-39
TEXT/39

(AMS - MAA Textbooks Volume 39) Campbell, Duff - An Open Door To Number Theory-Mathematical Association of America (2018)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(AMS - MAA Textbooks Volume 39) Campbell, Duff - An Open Door To Number Theory-Mathematical Association of America (2018)

Uploaded by

Copyright:

Available Formats

AMS / MAA TEXTBOOKS VOL 39

Providence, Rhode Island

For additional information and updates on this book, visit

The cover photograph is courtesy of Kristin McCullough/Moonlight Photography.

Library of Congress Cataloging-in-Publication Data

2 Rings and ﬁelds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

3 Some fundamental facts about Z and N . . . . . . . . . . . . . . . . 7

5 The binomial theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 18

6 The fundamental theorem of arithmetic (foreshadowing) . . . . . . . 26

8 Greatest common divisors . . . . . . . . . . . . . . . . . . . . . . . . 31

9 The Euclidean algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 33

10 The amazing array . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

12 The amazing super-array . . . . . . . . . . . . . . . . . . . . . . . . 49

13 The modiﬁed division algorithm . . . . . . . . . . . . . . . . . . . . . 56

14 Why does the amazing array work? . . . . . . . . . . . . . . . . . . . 58

16 The proof of the fundamental theorem of arithmetic . . . . . . . . . 64

17 Unique factorization in other rings . . . . . . . . . . . . . . . . . . . 68

2 Modular Arithmetic in Z/mZ 71

18 The integers mod m, Z/mZ . . . . . . . . . . . . . . . . . . . . . . . 71

20 Units and zero-divisors in Z/mZ . . . . . . . . . . . . . . . . . . . . 81

21 Cancellation law in Z/mZ . . . . . . . . . . . . . . . . . . . . . . . . 85

22 Solving linear equations in Z/mZ . . . . . . . . . . . . . . . . . . . . 87

23 Solving polynomial equations in Z/mZ . . . . . . . . . . . . . . . . . 88

24 Solving systems of linear equations in Z/mZ . . . . . . . . . . . . . . 95

25 Lifting roots in Z/pn Z . . . . . . . . . . . . . . . . . . . . . . . . . . 103

26 Wilson’s theorem and its converse . . . . . . . . . . . . . . . . . . . 108

27 Calculating ϕ(n) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

28 Euler’s and Fermat’s theorems . . . . . . . . . . . . . . . . . . . . . 115

29 The order of an integer modulo m . . . . . . . . . . . . . . . . . . . 118

30 Divisibility tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

31 Divisibility in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

32 The Euclidean algorithm in Z[i] . . . . . . . . . . . . . . . . . . . . . 130

33 Unique factorization in Z[i] . . . . . . . . . . . . . . . . . . . . . . . 135

36 Factoring in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

37 The primes in Z[i] . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

4 An Interlude of Analytic Number Theory 153

38 The distribution of primes in Z . . . . . . . . . . . . . . . . . . . . . 153

5 Quadratic Residues 157

39 Perfect squares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

40 Quadratic residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

41 Calculating the Legendre symbol (hard way) . . . . . . . . . . . . . 167

43 Gauss’s lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

44 Calculating the Legendre symbol (easier way) . . . . . . . . . . . . . 174

46 The arithmetic of Z[ρ] . . . . . . . . . . . . . . . . . . . . . . . . . . 182

47 Calculating the Legendre symbol (easiest way) . . . . . . . . . . . . 193

48 The Jacobi symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

6 Further Topics 203

49 When Z/nZ has a primitive root . . . . . . . . . . . . . . . . . . . . 203

50 Minkowski’s theorem (geometry in the aid of algebra) . . . . . . . . 208

Appendix A Tables 223

Appendix B Projects 233

In this book we will use to mark the ends of proofs.

Using Q, we can solve equations like 3x − 7 = 0, but what about x3 − 7 = 0? If we

What is π? It doesn’t solve a polynomial equation with integer coeﬃcients, so it

R = {all real numbers} = {x : −∞ < x < ∞}.

C = {a + bi : a and b are real numbers}

where a + bi corresponds to the point (a, b) in the plane.

Each set of numbers N, W, Z, Q, A, R, is a subset of C (see Figure 1). In this

Figure 1: A hierarchy of sets

4. Show that if n is an odd integer, then n2 − 1 is an integral multiple of 8.

2 Rings and ﬁelds

Deﬁnition 1 A ring R is a set of objects (numbers) with two operations (usually

1. Closure under addition: a + b ∈ R for all a, b ∈ R.

By trichotomy, a · b = 0 implies (a · b ∈ N) and (−(a · b) ∈ N), and since this rules

Deﬁnition 6 In a ring R, a = 0 is called a zero-divisor if there is a non-zero b