This action might not be possible to undo. Are you sure you want to continue?
by
David Marshall
Edward Odell
Michael Starbird
December 11, 2006
Contents
Chapter 0. Introduction 5
Number Theory and Mathematical Thinking 5
Note on the approach and organization 6
Methods of thought 6
Acknowledgments 7
Chapter 1. Divide and Conquer 9
Divisibility In The Natural Numbers 9
Deﬁnitions and examples 9
Divisibility and congruence 11
The Division Algorithm 16
Greatest common divisors and linear Diophantine equations 17
Linear Equations Through The Ages 24
Chapter 2. Prime Time 27
The Prime Numbers 27
Fundamental Theorem of Arithmetic 28
Applications of the Fundamental Theorem of Arithmetic 32
The inﬁnitude of primes 34
Primes of special form 36
The distribution of primes 37
From Antiquity To The Internet 39
Chapter 3. A Modular World 43
Thinking Cyclically 43
Powers and polynomials modulo n 43
Linear congruences 47
Systems of linear congruences: the Chinese Remainder Theorem 49
A Prince And A Master 51
1
2 CONTENTS
Chapter 4. Fermat’s Little Theorem and Euler’s Theorem 53
Abstracting the Ordinary 53
Orders of an integer modulo n 53
Fermat’s Little Theorem 55
An alternative route to Fermat’s Little Theorem 57
Euler’s Theorem and Wilson’s Theorem 58
Fermat, Wilson And . . . Leibniz? 61
Chapter 5. Public Key Cryptography 63
Public Key Codes And RSA 63
Public key codes 63
Overview of RSA 63
Let’s decrypt 64
Hard Problems 66
Chapter 6. Polynomial Congruences and Primitive Roots 71
Higher Order Congruences 71
Lagrange’s Theorem 71
Primitive roots 72
Euler’s φfunction and sums of divisors 74
Euler’s φfunction is multiplicative 76
Roots modulo a number 78
Sophie Germain Is Germane, Part I 81
Chapter 7. The Golden Rule: Quadratic Reciprocity 85
Quadratic Congruences 85
Quadratic residues 85
Gauss’ Lemma and quadratic reciprocity 88
Sophie Germain is germane, Part II 92
Chapter 8. Pythagorean Triples, Sums of Squares, and Fermat’s Last Theorem 95
Congruences to Equations 95
Pythagorean triples 95
Sums of squares 98
Pythagorean triples revisited 100
Fermat’s Last Theorem 100
CONTENTS 3
Who’s Represented? 101
Sums of squares 101
Sums of cubes, taxicabs, and Fermat’s Last Theorem 102
Chapter 9. Rationals Close to Irrationals and the Pell Equation 105
Diophantine Approximation And Pell Equations 105
A plunge into rational approximation 106
Out with the trivial 109
New solutions from old 110
Securing the elusive solution 111
The structure of the solutions to the Pell equations 113
Bovine Math 114
Chapter 10. The Search for Primes 119
Primality Testing 119
Is it prime? 119
Fermat’s Little Theorem and probable primes 120
AKS primality 122
Record Primes 122
Appendix A. Mathematical Induction: The Domino Eﬀect 125
The Inﬁnitude Of Facts 125
Gauss’ formula 125
Another formula 127
On your own 128
Strong induction 128
On your own 129
Appendix. Index 131
CHAPTER 0
Introduction
Number Theory and Mathematical Thinking
One of the great steps in the development of a mathematician is becoming an inde
pendent thinker. Every mathematician can look back and see a time when mathematics
was mostly a matter of learning techniques or formulas. Later, the challenge was to learn
some proofs. But at some point, the successful mathematics student becomes a more in
dependent mathematician. Formulating ideas into deﬁnitions, examples, theorems, and
conjectures becomes part of daily life.
This textbook has two equally signiﬁcant goals. One goal is to help you develop inde
pendent mathematical thinking skills. The second is to help you understand some of the
fundamental ideas of number theory.
You will develop skills of formulating and proving theorems. Mathematics is a partici
patory sport. Just as a person learning to play tennis would expect to play tennis, people
seeking to learn to think like a mathematician should expect to do those things that math
ematicians do. Also, in analogy to learning a sport, making mistakes and then making
adjustments are clear parts of the experience.
Number theory is an excellent subject for learning the ways of mathematical thought.
Every college student is familiar with basic properties of numbers, and yet the study of those
familiar numbers leads us into waters of extreme depth. Many simple observations about
small, whole numbers can be collected, formulated, and proved. Other simple observations
about small, whole numbers can be formulated into conjectures of amazing richness. Many
simplesounding questions remain unanswered after literally thousands of years of thought.
Other questions have recently been settled after being unsolved for hundreds of years.
Throughout this book, we will continue to emphasize the dual goals of developing math
ematical thinking skills and developing an understanding of number theory. The two goals
are inextricably entwined throughout and seeking to disentangle the two would be to miss
the essential strategy of this twopronged approach.
The mathematical thinking skills developed here include being able to
5
6 0. INTRODUCTION
• look at examples and formulate deﬁnitions and questions or conjectures;
• prove theorems using various strategies;
• determine the correctness of a mathematical argument independently without hav
ing to ask an authority.
Clearly these thinking skills are applicable across all mathematical topics and outside
mathematics as well.
Note on the approach and organization. Each chapter contains deﬁnitions, exam
ples, exercises, questions, and statements of theorems. Deﬁnitions are generally preceded by
examples and discussion that make that deﬁnition a natural consequence of the experience
of the examples and the line of thinking presented. We want you to see the development
of mathematics as a natural exploration of a realm of thought. Never should mathematics
seem to be a mysterious collection of deﬁnitions, theorems, and proofs that arise from the
void and must be memorized for a test.
Theorem statements arise as crystallized observations. Proofs are clear reasons that the
statements are true.
Each chapter concludes with some historical remarks on the chapter’s content. This is
meant to place the ideas on an historical timeline. It is fascinating to see threads begin in
antiquity and continue into the 21st century with no clear end in sight.
Chapters one through four present concepts that are used in all the future chapters.
Chapter ﬁve on cryptography does not contain material that is required for the future
chapters. Chapters six, seven, and eight are sequentially dependent. Chapters nine and
ten are independent and can be read any time after chapter four. In a semester course,
the authors generally treat chapters one through ﬁve, using the further chapters for future
work and independent study projects.
Number theory contains within it some of the most fascinating insights in mathematics.
We hope you will enjoy your exploration of this intriguing domain.
Methods of thought. Methods of thought, proof, and analysis are not facts to be
learned once and set aside. They become useful tools as they appear recurrently in diﬀerent
contexts and as you begin to incorporate them into your habits of approaching the unknown.
While looking at numbers and ﬁnding patterns among them, it will be natural to develop
an understanding of various ways to give convincing arguments. These diﬀerent styles of
proofs will become familiar and logically sound. We do not present these methods of proof
NUMBER THEORY AND MATHEMATICAL THINKING 7
in the abstract, but instead you will develop them as naturally occurring methods of stating
logically correct reasons for the truth of statements.
Some methods of thought, proof, and analysis are:
• Finding patterns and formulating conjectures.
• Making precise deﬁnitions.
• Making precise statements.
• Using basic logic.
• Forming negations, contrapositives, and converses of statements.
• Understanding examples.
• Relating examples to the general case.
• Generalizing from examples.
• Measuring complexity.
• Looking for elementary building blocks.
• Following consequences of assumptions.
• Methods of proof:
– induction,
– contradiction,
– reducing complexity,
– taking reasoning that works in a special case and making it general.
By the end of the course these abilities and techniques will be natural strategies for you to
use in your mathematical investigations and beyond.
We hope you enjoy your Inquiry Into Number Theory.
Acknowledgments. We thank the Educational Advancement Foundation and Harry
Lucas, Jr. for their generous support of the Inquiry Based Learning Project, which has
inspired us and many other faculty members and students. Many of the instructors who
tested these materials received mentoring and incentives from the EAF, and we have received
support in the writing of this book and other Inquiry Based Learning material. The EAF
fosters methods of teaching that promote independent thinking and student creativity, and
we hope that this book will make those methods broadly available to many students. We
thank the National Science Foundation for its support of this project under NSFDUECCLI
Phase I grant 0536839.
Special thanks are also due to the many students and instructors who used earlier
versions of this book and who made many useful suggestions. In particular we wish the
8 0. INTRODUCTION
thank the following faculty members who used drafts of this book while teaching number
theory at The University of Texas at Austin: Gergely Harcos, Alfred Renyi Institute of
Mathematics; Ben Klaﬀ, The University of Texas at Austin; Deepak Khosla, The University
of Texas at Austin; Susan Hammond Marshall, Monmouth University; Genevieve Walsh,
Tufts University. We also thank Stephanie Nichols who is a graduate student in mathematics
education at The University of Texas at Austin. She took the class, served as a graduate
student assistant for several semesters, and is conducting research about the eﬃcacy of
this method of introducing students to the ideas of mathematical proof. Thanks also to
Professor Jennifer Smith and her students who are doing research in mathematics education
that involves inquiry based instruction in the acquisition of mathematical thinking skills.
David Marshall: I thank foremost my coauthors Mike Starbird and Ted Odell for introducing
me to the Modiﬁed Moore Method style of inquiry based teaching and for mentoring me
during my short stay at The University of Texas. The experience was fantastic and has
had a profound impact on the way I conduct my classes today. I thank Mike and Ted as
well for inviting me to take part in this project. It has been a very enjoyable, educational,
and rewarding experience. I thank my wonderful family; my wife, Susan, who has had to
listen to me pontiﬁcate on all matters number theory for well over a year, and my daughter,
Gillian, who always makes coming home the high point of my day.
Edward Odell: Five years ago I spent numerous hours attending Mike Starbird’s inquiry
based number theory class and then attempting to duplicate his wizardry in my own class.
I am forever grateful to Mike for inviting me into this project and for his constant support.
Thanks are also due to David, a joy to work with and without whose eﬀorts and guidance
this book would still be far from completion. Last but not least I thank my wife Gail for
her love and support and my children Holly and Amy for understanding when their dad
was busy.
Michael Starbird: Thanks to Ted and David for making the writing of this book an especially
enjoyable experience. Their unfailing cheerfulness and good sense made this project a true
joy to work on. Thanks also to my wife Roberta, and children, Talley and Bryn, for their
constant encouragement and support.
CHAPTER 1
Divide and Conquer
Divisibility In The Natural Numbers
How can one natural number be expressed as the product of smaller natural numbers?
This innocent sounding question leads to a vast ﬁeld of interconnections among the natural
numbers that mathematicians have been exploring for literally thousands of years. The
adventure begins by recalling the arithmetic from our youth and looking at it afresh.
In this chapter we start our investigation of the natural numbers by deﬁning divisibility
and then presenting the ideas of the Division Algorithm, greatest common divisors, and
the Euclidean Algorithm. These ideas in turn allow us to ﬁnd integer solutions to linear
equations.
The natural numbers are naturally ordered in one long ascending list; however, many
experiences in everyday life are cyclical–hours in the day, days in a week, motions of the
planets. This concept of cyclicity gives rise to the idea of modular arithmetic, which for
malizes the intuitive idea of numbers on a cycle. In this Chapter, we will introduce the
basic idea of modular arithmetic but will develop the ideas further in future chapters.
As you explore questions of divisibility of integers and questions about modular arith
metic, you will develop skills in proving theorems, including proving theorems by induction.
Deﬁnitions and examples. Many people view the natural numbers as the most basic
of all mathematical ideas. A 19th century mathematician, Leopold Kronecker, famously said
roughly, “God gave us the natural numbers–all else is made by humankind.” The natural
numbers are the counting numbers to which we were introduced in our childhoods.
Deﬁnition. The natural numbers are the numbers {1, 2, 3, 4, . . .}.
The ideas of 0 and negative numbers are abstractions of the natural numbers. Those
ideas extend the natural numbers to the integers.
Deﬁnition. The integers are {. . ., −3, −2, −1, 0, 1, 2, 3, . . .}.
The basic relationships between integers that we will explore in this chapter are based
on the divisibility of one integer by another.
9
10 1. DIVIDE AND CONQUER
Deﬁnition. Suppose a and d are integers. Then d divides a, denoted da, if and only if
there is an integer k such that a = kd.
Notice that this deﬁnition gives us a practical conclusion from the assertion that the
integer d divides the integer a, namely, the existence of a third integer k with its multiplica
tive property, namely, that a = kd. Mathematical deﬁnitions encapsulate intuitive ideas,
but then pin them down. Having this formal deﬁnition of divisibility will allow you to say
clearly why some theorems about divisibility are true. Remembering the formal deﬁnition
of divisibility will be useful throughout the course.
We next turn to a more complicated deﬁnition that we will see captures the idea of
numbers arranged in a cyclical pattern. For example, if you wrote the natural numbers
around a clock, you would put 13 in the same place as 1 and 14 in the same place as 2, etc.
That idea is what is formalized in the following deﬁnition of congruence.
Deﬁnition. Suppose that a, b, and n are integers, with n > 0. We say that a and b are
congruent modulo n if and only if n(a −b). We denote this relationship as
a ≡ b (mod n)
and read these symbols as “a is congruent to b modulo n”.
We will soon begin with the ﬁrst set of questions. They come in several diﬀerent ﬂavors
which we roughly categorize as “Theorem” (or “Lemma” or “Corollary”), “Question”, or
“Exercise”. A Theorem denotes a mathematical statement to be proved by you. For
example:
Example Theorem. Let n be an integer. If 6n, then 3n.
Then you would supply the proof. For example, your proof might look like this:
Example Proof. Our hypothesis that 6n means, by deﬁnition, that there exists an
integer k such that n = 6k. The conclusion we want to make is that 3 also divides n. By
deﬁnition, that means we want to show that there exists an integer k
such that n = 3k
.
Since n = 6k = 3(2k), we can take k
= 2k, satisfying the deﬁnition for n to be divisible by
3.
Here’s an example that uses a congruence.
Example Theorem. Let k be an integer. If k ≡ 7 (mod 2), then k ≡ 3 (mod 2).
DIVISIBILITY IN THE NATURAL NUMBERS 11
Example Proof. Our hypothesis that k ≡ 7 (mod 2) means, by deﬁnition, that 2(k−
7), which, also by deﬁnition, means there exists an integer k such that k −7 = 2k. Adding
4 to both sides of the last equation yields k −3 = 2k + 4 = 2(k + 2). Since k + 2 is also an
integer, this means 2(k −3), or k ≡ 3 (mod 2), and so the theorem is proved.
In giving proofs, rely on the deﬁnitions of terms and symbols, and feel free to use results
that you have previously proved. Avoid using statements that you “know”, but which we
have not yet proved.
A “Question” is often more open, leaving the reader to speculate on some idea. These
should be given considerable thought. An “Exercise” is often more computational in nature,
illustrating the results of previous (or upcoming) theorems. These help you to make sure
your grasp of the material is ﬁrm and grounded in the reality of actual numbers.
Divisibility and congruence. The next theorems explore the relationship between
divisibility and the arithmetic operations of addition, subtraction, multiplication, and di
vision. Frequently a good strategy for generating valuable questions in mathematics is to
take one concept and see how it relates to other concepts.
1.1. Theorem. Let a, b, and c be integers. If ab and ac, then a(b + c).
1.2. Theorem. Let a, b, and c be integers. If ab and ac, then a(b − c).
1.3. Theorem. Let a, b, and c be integers. If ab and ac, then abc.
Any theorem has a hypothesis and a conclusion. That structure of theorems auto
matically suggests questions, namely, can the theorem be strengthened? If we are able to
deduce the same result with fewer or weaker hypotheses, then we will have constructed a
stronger theorem. Similarly, if we are able to deduce a stronger conclusion from the same
hypotheses, then we will have constructed a stronger theorem. So attempting to weaken
the hypothesis and still get the same conclusion, or keep the same hypotheses but deduce
a stronger conclusion are two fruitful investigations to follow when we seek new truths. So
let’s try this strategy with the previous theorem.
When you are considering whether a particular hypothesis implies a particular conclu
sion, you are considering a conjecture. Three outcomes are possible. You might be able
to prove it, in which case the conjecture is changed into a theorem. You might be able
to ﬁnd a speciﬁc example (called a counterexample) where the hypotheses are true, but
the conclusion is false. That counterexample would then show that the conjecture is false.
12 1. DIVIDE AND CONQUER
Frequently, you cannot settle the conjecture either way. In that case, you might try chang
ing the conjecture by strengthening the hypothesis, weakening the conclusion, or otherwise
considering a related conjecture.
1.4. Question. Can you weaken the hypothesis of the previous theorem and still prove the
conclusion? Can you keep the same hypothesis, but replace the conclusion by the stronger
conclusion that a
2
bc and still prove the theorem?
If you consider a conjecture and discover it is false, that is not the end of the road.
Instead, you then have the challenge of trying to ﬁnd somewhat diﬀerent hypotheses and
conclusions that might be true. All these strategies of exploration lead to new mathematics.
1.5. Question. Can you formulate your own conjecture along the lines of the above theo
rems and then prove it to make it your theorem?
Here is one possible such theorem. Maybe it is the one you thought of or maybe you
made a diﬀerent conjecture.
1.6. Theorem. Let a, b, and c be integers. If ab, then abc.
Let’s now turn to modular arithmetic. To begin let’s look at a few speciﬁc examples
with numbers to gain some experience with congruences modulo a number. Doing speciﬁc
examples with actual numbers is often a good strategy for developing some intuition about
a subject.
1.7. Exercise. Answer each of the following questions, and prove that your answer is
correct.
(1) Is 45 ≡ 9 (mod 4)?
(2) Is 37 ≡ 2 (mod 5)?
(3) Is 37 ≡ 3 (mod 5)?
(4) Is 31 ≡ −3 (mod 5)?
You might construct some exercises like the preceding one for yourself until you are
completely clear about how to determine whether or not a congruence is correct.
When we gain some experience with a concept, we soon begin to see patterns. The
next exercise asks you to ﬁnd a pattern that helps to clarify what groups of integers are
equivalent to one another under the concept of congruence modulo n.
1.8. Exercise. For each of the following congruences, characterize all the integers m that
satisfy that congruence.
DIVISIBILITY IN THE NATURAL NUMBERS 13
(1) m ≡ 0 (mod 3).
(2) m ≡ 1 (mod 3).
(3) m ≡ 2 (mod 3).
(4) m ≡ 3 (mod 3).
(5) m ≡ 4 (mod 3).
To understand the deﬁnition of congruence, one strategy is to consider the extent to
which congruence behaves in the same way that equality does. For example, we know that
any number is equal to itself. So we can ask, “Is every number congruent to itself?” The
reason that this is even a question is that congruence has a speciﬁc deﬁnition, so we need
to know whether that speciﬁc deﬁnition allows us to deduce that any number is congruent
to itself.
1.9. Theorem. Let a and n be integers with n > 0. Then a ≡ a (mod n).
We will explore several cases where properties of ordinary equality suggest questions
about whether congruence works the same way. For example, in equality, the order of the
left hand side versus the right hand side of an equals sign does not matter. Is the same true
for congruence?
1.10. Theorem. Let a, b, and n be integers with n > 0. If a ≡ b (mod n), then
b ≡ a (mod n).
Again, if a is equal to b and b is equal to c, we know that a is equal to c. But does the
deﬁnition of congruence allow us to conclude the same about a string of congruences? It
does.
1.11. Theorem. Let a, b, c, and n be integers with n > 0. If a ≡ b (mod n) and
b ≡ c (mod n), then a ≡ c (mod n).
Note: If you are familiar with equivalence relations, you may note that the previous
three theorems establish that congruence modulo n deﬁnes an equivalence relation on the
set of integers. In the exercise before those theorems, you described the equivalence classes
modulo 3.
The following theorems explore the extent to which congruences behave the same as
ordinary equality with respect to the arithmetic operations. We systematically go through
the operations of addition, subtraction, and multiplication. Division, as we will see, requires
more thought.
14 1. DIVIDE AND CONQUER
1.12. Theorem. Let a, b, c, d, and n be integers with n > 0. If a ≡ b (mod n)
and c ≡ d (mod n), then a +c ≡ b +d (mod n).
1.13. Theorem. Let a, b, c, d, and n be integers with n > 0. If a ≡ b (mod n)
and c ≡ d (mod n), then a −c ≡ b −d (mod n).
1.14. Theorem. Let a, b, c, d, and n be integers with n > 0. If a ≡ b (mod n)
and c ≡ d (mod n), then ac ≡ bd (mod n).
Congruences also work well when taking exponents, as we will see in Theorem 1.18.
One way to approach its proof is to start with simple cases and see how the general case
follows from them. The following exercises present a strategy of reasoning known as proof
by mathematical induction. In the appendix we explore this technique in more detail.
1.15. Exercise. Let a, b, and n be integers with n > 0. Show that if a ≡ b (mod n), then
a
2
≡ b
2
(mod n).
1.16. Exercise. Let a, b, and n be integers with n > 0. Show that if a ≡ b (mod n), then
a
3
≡ b
3
(mod n).
1.17. Exercise. Let a, b, k, and n be integers with n > 0 and k > 1. Show that if a ≡ b
(mod n) and a
k−1
≡ b
k−1
(mod n), then
a
k
≡ b
k
(mod n).
1.18. Theorem. Let a, b, k, and n be integers with n > 0 and k > 0. If a ≡ b (mod n),
then
a
k
≡ b
k
(mod n).
At this point you have proved several theorems that establish that congruences behave
similarly to ordinary equality with respect to addition, subtraction, multiplication, and
taking exponents. To make all these theorems more meaningful, it is helpful to see what
they mean with actual numbers. Doing examples is a good way to develop intuition.
1.19. Exercise. Illustrate each of Theorems 1.121.18 with an example using actual num
bers.
You will have noticed that at this point, we have not yet considered the arithmetic
operation of division. We ask you to consider the natural conjecture here.
DIVISIBILITY IN THE NATURAL NUMBERS 15
1.20. Question. Let a, b, c, and n be integers for which ac ≡ bc (mod n). Can we conclude
that a ≡ b (mod n)? If you answer “yes”, try and give a proof. If you answer “no”, try
and give a counterexample.
We will continiue the discussion of division at a later point. In the meantime, we ﬁnd
that the concept of congruence and the theorems about addition, subtraction, multiplica
tion, and taking exponents allow us to prove some interesting facts about ordinary numbers.
You may already have been told how to tell when a number is divisible by 3 or by 9. Namely,
you simply add up the digits of the number and ask whether the sum of the digits is divisible
by 3 or 9. For example, 1131 is divisible by 3 because 3 divides 1 + 1 + 3 + 1. In the next
theorems you will prove that these techniques of checking divisibility work.
1.21. Theorem. Let a natural number n be expressed in base 10 as
n = a
k
a
k−1
. . . a
1
a
0
.
(Note that what we mean by this notation is that each a
i
is a digit of a regular base 10
number, not that the a
i
’s are being multiplied together.) If m = a
k
+ a
k−1
+ . . . + a
1
+ a
0
,
then n ≡ m (mod 3).
Theorem. A natural number that is expressed in base 10 is divisible by 3 if and only if the
sum of its digits is divisible by 3.
Note: An “if and only if” theorem statement is really two separate theorems that need
two separate proofs. A good practice is to write down each statement separately so that
the hypothesis and the conclusion are clear in each case. We have done that for you in the
following case to illustrate the practice.
1.22. Theorem. If a natural number is divisible by 3, then, when expressed in base 10, the
sum of its digits is divisible by 3.
1.23. Theorem. If the sum of the digits of a natural number expressed in base 10 is divisible
by 3, then the number is divible by 3 as well.
When we have proved a theorem, it is a good idea to ask whether there are other,
related theorems that might be provable with the same technique. We encourage you to
ﬁnd several such divisibility criteria in the next exercise.
1.24. Exercise. Devise and prove other divisibility criteria similar to the preceding one.
16 1. DIVIDE AND CONQUER
The Division Algorithm. We next turn our attention to a theorem called the Division
Algorithm. Before we state it, we point out a fact about the natural numbers that is
obviously true. In fact, it’s so obvious that it is an axiom, meaning a statement that we
accept as true without proof. The reason that we can’t really give a proof of it is that we
have not really deﬁned the natural numbers, but are just using them as familiar objects
that we have known all our lives. If we were taking a very abstract and formal approach to
number theory where we deﬁned the natural numbers in terms of set theory, for example,
the following statement might be one of the axioms we would use to deﬁne the natural
numbers. Instead, we will just assume that the following WellOrdering Axiom for the
Natural Numbers is true.
Axiom (The WellOrdering Axiom for the Natural Numbers). Let S be any nonempty set
of natural numbers. Then S has a smallest element.
Since we are accepting this fact as true, you should feel free to use it whenever you wish.
The value of this axiom is that it sometimes allows us to pin down the reason why some
assertion is true in a proof. Here is an example of how you might use the WellOrdering
Axiom for the Natural Numbers.
Example Theorem. For every natural number n there is a natural number k such that
7k diﬀers from n by less than 7.
Example Proof. We could let S be the set of all numbers 7i, where i is a natural
number, such that 7i is greater than or equal to n. By the WellOrdering Axiom for the
Natural Numbers, S has a smallest element, call it 7j. Then 7j diﬀers from n by less than
7, otherwise 7(j −1) would be a smaller element of S.
This example gives the ﬂavor of how the WellOrdering Axiom for the Natural Numbers
is used, namely, we deﬁne an appropriate nonempty set of natural numbers and then look
at that set’s smallest element to deduce something we want. You might consider using the
WellOrdering Axiom for the Natural Numbers in proving the Division Algorithm below.
The Division Algorithm is a useful observation about natural numbers. Surprisingly
often it captures exactly what we need to know to prove theorems about integers. After
reading it carefully, you will see that it captures a basic property about ordinary division.
Theorem (The Division Algorithm). Let n and m be natural numbers. Then (existence
part) there exist integers q (for quotient) and r (for remainder) such that
m = nq + r
DIVISIBILITY IN THE NATURAL NUMBERS 17
and 0 ≤ r ≤ n − 1. Moreover (uniqueness part), if q, q
and r, r
are any integers that
satisfy
m = nq + r
= nq
+ r
with 0 ≤ r, r
≤ n −1, then q = q
and r = r
.
As usual, it is useful to look at some examples with actual numbers to understand the
statement.
1.25. Exercise. Illustrate the Division Algorithm for:
(1) m = 25, n = 7.
(2) m = 277, n = 4.
(3) m = 33, n = 11.
(4) m = 33, n = 45.
1.26. Theorem. Prove the existence part of the Division Algorithm.
(Hint: Given n and m, how will you deﬁne q? Once you choose this q, then how is r
chosen? Then show that 0 ≤ r ≤ n − 1.)
1.27. Theorem. Prove the uniqueness part of the Division Algorithm.
(Hint: If nq + r = nq
+ r
, then nq − nq
= r
−r. Use what you know about r and r
as part of your argument that q = q
.)
The following theorem connects the ideas of congruence modulo n with remainders such
as occur in the Division Algorithm. It says that if the remainders are the same when divided
by the modulus, then the numbers are congruent.
1.28. Theorem. Let a, b, and n be integers with n > 0. Then a ≡ b (mod n) if and only
if a and b have the same remainder when divided by n. Equivalently, a ≡ b (mod n) if and
only if when a = nq
1
+r
1
(0 ≤ r
1
≤ n−1) and b = nq
2
+r
2
(0 ≤ r
2
≤ n−1), then r
1
= r
2
.
Greatest common divisors and linear Diophantine equations. The divisors of
an integer tell us something about its structure. One of the strategies of mathematics is to
investigate commonalities. In the case of divisors, we now move from looking at the divisors
of a single number to looking at common divisors of a pair of numbers. This strategy helps
to illuminate relationships and common features of numbers.
18 1. DIVIDE AND CONQUER
Deﬁnition. A common divisor of integers a and b is an integer d such that da and db.
Once we have isolated a deﬁnition such as common divisor, we proceed to explore its
implications. The ﬁrst question involves how many common divisors there are to a pair of
integers.
1.29. Question. Do every two integers have at least one common divisor?
1.30. Question. Can two integers have inﬁnitely many common divisors?
The greatest common divisor is a concept that plays a central role in the study of many
of our future topics.
Deﬁnition. The greatest common divisor of two integers a and b, not both 0, is the largest
integer d such that da and db. The greatest common divisor of two integers a and b is
denoted gcd(a, b) or more brieﬂy as just (a, b).
One indication of the centrality of the concept of greatest common divisor is that it
has two diﬀerent notations including the extremely simple notation (a, b). You might think
that this notation would be confusing because it is the same notation as for an interval on
the real line; however, in the context of number theory, (a, b) always stands for the greatest
common divisor.
Having more divisors in common shows some commonality between numbers, but having
almost no common divisors indicates that the numbers do not share many factors. A pair of
numbers that have no extra common divisors have a special role to play and consequently
are given a name, relatively prime.
Deﬁnition. If gcd(a, b) = 1, then a and b are said to be relatively prime.
As usual, a good way to develop intuition about a concept is to investigate some speciﬁc
examples.
1.31. Exercise. Find the following greatest common divisors. Which pairs are relatively
prime?
(1) (36, 22)
(2) (45, −15)
(3) (−296, −88)
(4) (0, 256)
(5) (15, 28)
DIVISIBILITY IN THE NATURAL NUMBERS 19
(6) (1, −2436)
The next theorems explore conditions under which various pairs of numbers have the
same greatest common divisors. Notice in the next theorems that, although they look
similar to the equation that we saw in the Division Algorithm, we use integers rather than
natural numbers. Also, there is no hypothesis about the size of r in these theorems.
1.32. Theorem. Let a, n, b, r, and k be integers. If a = nb +r and ka and kb, then kr.
1.33. Theorem. Let a, b, n
1
, and r
1
be integers with a and b not both 0. If a = n
1
b + r
1
,
then (a, b) = (b, r
1
).
1.34. Exercise. As an illustration of the above theorem, note that
51 = 3 · 15 + 6,
15 = 2 · 6 + 3,
6 = 2 · 3 + 0.
Use the preceding theorem to show that if a = 51 and b = 15, then (51, 15) = (6, 3) = 3.
1.35. Exercise (Euclidean Algorithm). Using the previous theorem and the Division Al
gorithm successively, devise a procedure for ﬁnding the greatest common divisor of two
integers.
The method you probably devised for ﬁnding the greatest common divisor of two integers
is actually very famous. It dates back to the third century B.C. and is called the Euclidean
Algorithm.
1.36. Exercise. Use the Euclidean Algorithm to ﬁnd
(1) (96, 112)
(2) (175, 24)
(3) (0, 256)
(4) (−288, −166)
(5) (1, −2436)
The next exercise illustrates that the techniques that you are developing to ﬁnd common
divisors can also be used to ﬁnd integer solutions to equations.
1.37. Exercise. Find integers x and y such that 175x + 24y = 1.
20 1. DIVIDE AND CONQUER
This example is actually a special case of a general theorem that relates relatively prime
numbers to integer solutions of equations.
Note: In the next theorem, remember as before that an “if and only if” theorem state
ment is really two separate theorems. As usual, to keep things clear, it’s a good practice to
write each down separately. We have done that for you again in this case to illustrate the
practice.
Theorem. Let a and b be integers. Then a and b are relatively prime (i.e., (a, b) = 1) if
and only if there exist integers x and y such that ax + by = 1.
Here, written separately, are the two theorems you must prove:
1.38. Theorem. Let a and b be integers. If (a, b) = 1, then there exist integers x and y
such that ax + by = 1.
(Hint: Use the Euclidean Algorithm. Do some examples by taking some pairs of rela
tively prime integers, doing the Euclidean Algorithm, and seeing how to ﬁnd the x and y. It
is a good idea to start with an example where the Euclidean Algorithm takes just one step,
then do an example where the Euclidean Algorithm takes two steps, then three steps, then
look for a general procedure.)
1.39. Theorem. Let a and b be integers. If there exist integers x and y with ax +by = 1,
then (a, b) = 1.
Once we have proved a theorem, we seek to ﬁnd extensions or variations of it that are
also true. In this case, we have just proved a theorem about relatively prime numbers. So
it is natural to ask what we can say in the case that a pair of numbers is not relatively
prime. We ﬁnd that an analogous theorem is true.
1.40. Theorem. For any integers a and b not both 0, there are integers x and y such that
ax + by = (a, b).
The following three theorems appear here for two reasons; one, because you might
use some of the previous results to prove them, and, two, because they will be useful for
theorems to come.
1.41. Theorem. Let a, b, and c be integers. If abc and (a, b) = 1, then ac.
1.42. Theorem. Let a, b, and n be integers. If an, bn and (a, b) = 1, then abn.
DIVISIBILITY IN THE NATURAL NUMBERS 21
1.43. Theorem. Let a, b, and n be integers. If (a, n) = 1 and (b, n) = 1, then (ab, n) = 1.
Our analysis so far of linear Diophantine equations will now prove to be quite useful
in resolving our outstanding concern with cancellation in modular arithmetic. Recall your
work in Question 1.20. Hopefully you showed the existence of integers a, b, c, and n (c not
0) for which ac ≡ bc (mod n) and yet a is not congruent to b modulo n.
1.44. Question. What hypotheses about a, b, c, and n could be added so that ac ≡ bc
(mod n) would imply a ≡ b (mod n)? State an appropriate theorem and prove it before
reading on.
The next theorem answers the previous question, so be sure to answer Question 1.44
before reading further. The answer involves the concept of being relatively prime.
1.45. Theorem. Let a, b, c and n be integers with n > 0. If ac ≡ bc (mod n) and
(c, n) = 1, then a ≡ b (mod n).
Theorems 1.39 and 1.40 begin to address the question: Given integers a, b, and c, when
do there exist integers x and y that satisfy the equation ax+by = c? When we seek integer
solutions to an equation, the equation is called a Diophantine equation.
1.46. Question. Suppose a, b, and c are integers and that there is a solution to the linear
Diophantine equation
ax +by = c,
that is, suppose there are integers x and y which satisfy the equation ax + by = c. What
condition must c satisfy in terms of a and b?
1.47. Question. Can you make a conjecture by completing the following statement?
Conjecture. Given integers a, b, and c, there exist integers x and y that satisfy the equation
ax +by = c if and only if .
Try to prove your conjecture before reading further.
The following theorem summarizes the circumstances under which an equation ax+by =
c has integer solutions. It is an “if and only if” theorem, so, as always, you should write
down the two separate theorems that must be proved.
1.48. Theorem. Given integers a, b, and c with a and b not both 0, there exist integers x
and y that satisfy the equation ax +by = c if and only if (a, b)c.
22 1. DIVIDE AND CONQUER
This theorem tells us under what conditions our linear equation has any solution; how
ever, it does not tell us about all the solutions that such an equation might have, so it
brings up a question.
1.49. Question. For integers a, b, and c, consider the linear Diophantine equation
ax +by = c.
Suppose integers x
0
and y
0
satisfy the equation; that is, ax
0
+ by
0
= c. What other values
x = x
0
+ h and y = y
0
+ k
also satisfy ax + by = c? Formulate a conjecture that answers this question. Devise some
numerical examples to ground your exploration. For example, 6(−3) +15 · 2 = 12. Can you
ﬁnd other integers x and y such that 6x + 15y = 12? How many other pairs of integers x
and y can you ﬁnd? Can you ﬁnd inﬁnitely many other solutions?
The following question was devised by the famous mathematician Leonhard Euler (1707
1783). It presents a real life situation involving horses and oxen so that we can all identify
with the problem. Can you see how Euler’s problem is related to the preceding questions?
1.50. Exercise (Euler). A farmer lays out the sum of 1, 770 crowns in purchasing horses
and oxen. He pays 31 crowns for each horse and 21 crowns for each ox. What are the
possible numbers of horses and oxen that the farmer bought?
The following theorem theorem shows you how to generate many solutions to our linear
Diophantine equation, once you have one solution.
1.51. Theorem. Let a, b, c, x
0
, and y
0
be integers with a and b not both 0 such that
ax
0
+by
0
= c. Then the integers
x = x
0
+
b
(a, b)
and y = y
0
−
a
(a, b)
also satisfy the linear Diophantine equation ax + by = c.
This theorem leaves open the question of whether this method of generating alternative
solutions generates all the solutions or whether there are yet more solutions.
1.52. Question. If a, b, and c are integers with a and b not both 0, and the linear Dio
phantine equation
ax + by = c
has at least one integer solution, can you ﬁnd a general expression for all the integer solu
tions to that equation? Prove your conjecture.
DIVISIBILITY IN THE NATURAL NUMBERS 23
The following theorem answers this question. It is actually two separate theorems that
need two separate proofs. The ﬁrst theorem says that certain numbers are solutions to
ax + by = c. The second theorem, in the “Moreover” sentence, requires you to prove that
no additional solutions exist.
1.53. Theorem. Let a, b, and c be integers with a and b not both 0. If x = x
0
, y = y
0
is an integer solution to the equation ax + by = c (that is, ax
0
+ by
0
= c) then for every
integer k, the numbers
x = x
0
+
kb
(a, b)
and y = y
0
−
ka
(a, b)
are integers that also satisfy the linear Diophantine equation ax +by = c. Moreover, every
solution to the linear Diophantine equation ax +by = c is of this form.
1.54. Exercise. Find all integer solutions to the equation 24x + 9y = 33.
The previous theorem completes our analysis of the linear Diophantine equation
ax +by = c.
The analysis of the solutions of that Diophantine equation made good use of the greatest
common divisor. We can now prove a theorem about greatest common divisors that might
have been diﬃcult to prove before we analyzed these Diophantine equations. However,
it might be interesting to try to prove this simple sounding statement without using our
theorems about Diophantine equations.
1.55. Theorem. If a and b are integers, not both 0, and k is a natural number, then
gcd(ka, kb) = k · gcd(a, b).
We complete the chapter by taking the idea of greatest common divisor and considering
a related idea. Common divisors of two numbers divide both numbers. A sort of opposite
question is this: Suppose you are given two natural numbers. What numbers do those
two numbers both divide; in other words, can we describe their common multiples? In
particular, what is the least, common, positive multiple of two natural numbers? The ﬁrst
challenge is to write an appropriate deﬁnition.
1.56. Exercise. For natural numbers a and b, give a suitable deﬁnition for “least common
multiple of a and b”, denoted lcm(a, b). Construct and compute some examples.
The following theorem relates the ideas of the least common multiple and the greatest
common divisor.
24 1. DIVIDE AND CONQUER
1.57. Theorem. If a and b are natural numbers, then gcd(a, b) · lcm(a, b) = ab.
1.58. Corollary. If a and b are natural numbers, then lcm(a, b) = ab if and only if a and
b are relatively prime.
After completing a body of work, it is satisfying and helpful to put together the ideas
in your mind. We urge you to take that step by considering the following question.
1.59. Question. In this chapter we explored the concepts of divisibility, greatest common
divisors, and solutions to linear Diophantine equations. How are all of these ideas related?
Summarize the relationships.
Linear Equations Through The Ages
Apart from introducing key concepts we will use throughout our investigations in num
ber theory, we found in this chapter a complete solution to the linear Diophantine problem.
What do we mean by “complete”? Given a linear equation ax + by = c we can
(1) determine whether or not the equation has integer solutions,
(2) ﬁnd an integer solution when one exists,
(3) use a given solution to completely describe all integer solutions.
We will see in later chapters that such a degree of success in providing a complete solution
to a Diophantine equation is not always so simple.
Problems of ﬁnding integer solutions to polynomial equations with integer coeﬃcients
have been dubbed Diophantine problems. Little is known of the Greek mathematician
Diophantus of Alexandria. He most likely lived during the 3rd century A.D. (200284),
and most of what survives from him today are six books from his treatise Arithmetica, a
collection of 130 problems giving integer and rational solutions to equations. But unlike
our results of this chapter, Diophantus was more concerned with particular problems and
solutions rather than general methods.
General methods for ﬁnding solutions to linear Diophantine equations were ﬁrst given
by Indian mathematicians in the 5th century A.D. Notably, Aryabhata (476550 A.D.),
whose method of solving linear Diophantine equations translates as “pulverizer”, and later,
Brahmagupta (598670 A.D.) described such procedures. For Aryabhata, the problem arose
through the following consideration: can we ﬁnd an integer n which when divided by a leaves
a remainder r and when divided by b leaves a remainder r
? The problem’s conditions can
LINEAR EQUATIONS THROUGH THE AGES 25
be translated into the following pair of equations
n =ax +r
n =by + r
.
Equating the right hand sides, and setting c = r
−r, gives the linear Diophantine equation
ax −by = c.
Progress did not occur in Western Europe for another 1000 years. It was not until
the 17th century that their mathematicians began to piece together the solution as we
have presented it in this chapter. Claude Bachet (15811638), most famous for his Latin
translation of Diophantus’ Arithmetica, rediscovered in 1621 a general method of ﬁnding a
solution to ax = by + 1 when a and b are relatively prime. He employed a method much
like ours, using the division algorithm repeatedly until a remainder of 1 is reached. Bachet
then performed a sequence of “back substitutions” in a special way so as to avoid the need
of negative numbers (which were not yet in common use).
Leonhard Euler may have been the ﬁrst to give an actual proof that if a and b are
relatively prime, then ax +by = c is solvable in integers. What Euler in fact demonstrated
is that the quantities c − ka, k = 0, 1, . . . , b − 1 give b distinct remainders when divided
by b. In particular, one, say c − k
a, yields a remainder of 0; that is, c − k
a is equal to a
multiple of b. Setting c − k
a = nb then gives the solution x = k
and y = n.
Joseph Lagrange (17361830), who also proved a version of Euler’s result, went a step
further to describe all integer solutions in terms of a given one. Perhaps he summed up the
history of this problem best in stating that his method is “essentially the same as Bachet’s,
as are also all methods proposed by all mathematicians.”
CHAPTER 2
Prime Time
The Prime Numbers
One of the principle strategies by which we come to understand our physical or con
ceptual world is to break things down into pieces, describe the most basic pieces, and then
describe how those pieces are assembled to create the whole. Our goal is to understand
the natural numbers, so here we adopt that reductionist strategy and think about breaking
natural numbers into pieces.
We begin by thinking about how natural numbers can be combined to create other
natural numbers. The most basic method is through addition. So let’s think about breaking
natural numbers into their most basic pieces from the point of view of addition. What are
the ’elements’ so to speak with respect to addition of natural numbers? The answer is that
there is only one element, the number 1. Every other natural number can be further broken
down into smaller natural numbers that add together to create the number we started with.
Every natural number is simply the sum of 1+1+1+· · ·+1. Of course, this insight isn’t too
illuminating since every natural number looks very much like any other from this point of
view. However, it does underscore the most basic property of the natural numbers, namely,
that they all arise from the process of just adding 1 some number of times. In fact, this
property of natural numbers lies at the heart of inductive processes both for constructing
the natural numbers and often for proving theorems about them.
A more interesting way of constructing larger natural numbers from smaller ones is to
use multiplication. Let’s think about what the elementary particles, so to speak, are of
the natural numbers with respect to multiplication. That is, what are the natural numbers
that cannot be broken down into smaller natural numbers through multiplication. What
natural numbers are not the product of smaller natural numbers? The answer, of course,
is the prime numbers.
The study of primes is one of the main focuses of number theory. As we shall prove,
every natural number greater than 1 is either prime or it can be expressed as a product of
primes. Primes are the multiplicative building blocks of all the natural numbers.
27
28 2. PRIME TIME
The prime numbers give us a world of questions to explore. People have been exploring
primes for literally thousands of years, and many questions about primes are still unan
swered. We will prove that there are inﬁnitely many primes, but how are they distributed
among the natural numbers? How many primes are there less than a natural number n?
How can we ﬁnd them? How can we use them? These questions and others have been
among the driving questions of number theory for centuries and have led to an incredible
amount of beautiful mathematics.
New concepts in mathematics open frontiers of new questions and uncharted paths of
inquiry. When we think of an idea, like the idea of prime numbers, we can pose questions
about them to integrate the new idea with our already established web of knowledge. New
mathematical concepts then arise by making observations, seeing connections, clarifying
our ideas by making deﬁnitions, and then making generalizations or abstractions of what
we have observed.
When we have isolated a concept suﬃciently to make a deﬁnition, then we can state
new theorems. We will see not only new theorems, but also new types of proof.
All proofs are simply sequences of statements that follow logically from one another,
but one structure of proof that you will develop and use in this chapter and future chapters
is proof by induction. You will naturally come up with inductive styles of proving theorems
on your own. In fact you may already have used this kind of argument in the last chapter,
for example, in proving that the Euclidean Algorithm works. Inductive styles of proof are so
useful that it is worthwhile to reﬂect on the logic involved. We have included an appendix
that describes this technique of proof, and this may be a good time to work through that
appendix.
Fundamental Theorem of Arithmetic. The role of deﬁnitions in mathematics can
not be overemphasized. They force us to be precise in our language and reasoning. When
a new deﬁnition is introduced, you should take some time to familiarize yourself with its
details. Try to get comfortable with its meaning. Look at examples. Even memorize it.
Deﬁnition. A natural number p > 1 is prime if and only if p is not the product of natural
numbers less than p.
Deﬁnition. A natural number n is composite if and only if n is a product of natural
numbers less than n.
The following theorem tells us that every natural number larger than 1 has at least one
prime factor.
THE PRIME NUMBERS 29
2.1. Theorem. If n is a natural number greater than 1, then there exists a prime p such
that pn.
To get accustomed to primes, it’s a good idea to ﬁnd some.
2.2. Exercise. Write down the primes less than 100 without the aid of a calculator or a
table of primes and think about how you decide whether each number you select is prime or
not.
You probably identiﬁed the primes in the previous exercise by trial division. For exam
ple, to determine whether or not 91 was prime, you might have ﬁrst tried dividing it by 2.
Once convinced that 2 does not divide 91, you probably moved on to 3; then 4; then 5; then
6. Finally, you reached 7 and discovered that in fact 91 is not a prime. You were probably
relieved, as you might have secretly feared that you would have to continue the daunting
task of trial division 91 times! The following theorem tells us that you need not have been
too concerned.
2.3. Theorem. A natural number n is prime if and only if for all primes p ≤
√
n, p does
not divide n.
2.4. Exercise. Use the preceding theorem to verify that 101 is prime.
The search for prime numbers has a long and fascinating history that continues to
unfold today. Recently the search for primes has taken on practical signiﬁcance because
primes are used everyday in making internet communications secure, for example. Later,
we will investigate ways that primes are used in cryptography. And we’ll see some modern
techniques of identifying primes. But let’s begin with an ancient method for ﬁnding primes.
The following exercise introduces a very early method of identifying primes attributed to
the scholar Eratosthenes (276  194 BC).
2.5. Exercise (Sieve of Eratosthenes). Write down all the natural numbers from 1 to 100,
perhaps on a 10 ×10 array. Circle the number 2, the smallest prime. Cross oﬀ all numbers
divisible by 2. Circle 3, the next number that is not crossed out. Cross oﬀ all larger numbers
that are divisible by 3. Continue to circle the smallest number that is not crossed out and
cross out its multiples. Repeat. Why are the circled numbers all the primes less than 100?
With our list of primes, we can begin to investigate how many primes there are and
what proportion of natural numbers are prime.
30 2. PRIME TIME
2.6. Exercise. For each natural number n, deﬁne π(n) to be the number of primes less
than or equal to n.
(1) Graph π(n) for n = 1, 2, . . . , 100.
(2) Make a guess about approximately how large π(n) is relative to n. In particular, do
you suspect that
π(n)
n
is generally an increasing function or a decreasing function?
Do you suspect that it approaches some speciﬁc number (as a limit) as n goes
to inﬁnity? Make a conjecture and try to prove it. Proving your conjecture is a
diﬃcult challenge. You might use a computer to extend your list of primes to a
much larger number and see whether your conjecture seems to be holding up.
Mathematicians do not give out the title of “Fundamental Theorem” too often. In fact,
you may have only come across one or two in your lifetime (the Fundamental Theorem of
Algebra and the Fundamental Theorem of Calculus come to mind). We might think of such
theorems as somehow very important. If so, we would be correct. What makes a theorem
important? One answer might be that it captures a basic relationship and that it is widely
applicable to explaining a broad range of mathematics. We will see that the Fundamental
Theorem of Arithmetic certainly possesses these qualities.
We will write the Fundamental Theorem of Arithmetic in two parts: the Existence part
and the Uniqueness part. The Existence part says that every natural number bigger than 1
can be written as the product of primes and the Uniqueness part says basically that there
is only one way to do so. For example, 24 = 2
3
· 3 = 3 · 2
3
.
2.7. Theorem (Fundamental Theorem of ArithmeticExistence Part)). Every natural num
ber greater than 1 is either a prime number or it can be expressed as a ﬁnite product of prime
numbers. That is, for every natural number n greater than 1, there exist distinct primes
p
1
, p
2
, . . . , p
m
and natural numbers r
1
, r
2
, . . . , r
m
such that
n = p
r
1
1
p
r
2
2
· · · p
rm
m
.
The following lemma might be helpful in proving the Uniqueness part of the Fundamen
tal Theorem of Arithmetic.
2.8. Lemma. Let p and q
1
, q
2
, . . . , q
n
all be primes and let k be a natural number such
that pk = q
1
q
2
· · · q
n
. Then p = q
i
for some i.
2.9. Theorem (Fundamental Theorem of ArithmeticUniqueness part). Let n be a natural
number. Let {p
1
, p
2
, . . . , p
m
} and {q
1
, q
2
, . . . , q
s
} be sets of primes with p
i
= p
j
if i = j and
THE PRIME NUMBERS 31
q
i
= q
j
if i = j. Let {r
1
, r
2
, . . . , r
m
} and {t
1
, t
2
, . . . , t
s
} be sets of natural numbers such that
n = p
r
1
1
p
r
2
2
· · · p
rm
m
= q
t
1
1
q
t
2
2
· · · q
ts
s
.
Then m = s and {p
1
, p
2
, . . . , p
m
} = {q
1
, q
2
, . . . , q
s
}. That is, the sets of primes are equal
but their elements are not necessarily listed in the same order, that is, p
i
may or may not
equal q
i
. Moreover, if p
i
= q
j
then r
i
= t
j
. In other words, if we express the same natural
number as a product of powers of distinct primes, then the expressions are identical except
for the ordering of the factors.
Putting the existence and uniqueness parts together, we get the whole formulation of
the Fundamental Theorem of Arithmetic:
Theorem (Fundamental Theorem of Arithmetic). Every natural number greater than 1 is
either a prime number or it can be expressed as a ﬁnite product of prime numbers where the
expression is unique up to the order of the factors.
Let’s take a moment to think through a little issue about our deﬁnition of “prime”.
Humans make decisions about what deﬁnitions to make. Let’s think about the choices we
made in deﬁning “prime”. One notion of “prime” is the inability to further decompose.
Surely 1 meets this criterion. Yet our choice of deﬁnition of prime omits 1. What is the
advantage to not choosing to include 1 among the prime numbers? If 1 were called a prime,
why would the Fundamental Theorem of Arithmetic no longer be true?
The Fundamental Theorem of Arithmetic tells us that every natural number bigger than
1 is a product of primes. Here are some exercises that help to show what that means in
some speciﬁc cases.
2.10. Exercise. Express n = 12! as a product of primes.
2.11. Exercise. Determine the number of zeroes at the end of 25!.
The Fundamental Theorem of Arithmetic says that for any natural number n > 1 there
exist distinct primes {p
1
, p
2
, . . . , p
m
} and natural numbers {r
1
, r
2
, . . . , r
m
} such that
n = p
r
1
1
p
r
2
2
· · · p
rm
m
and moreover, the factorization is unique up to order. When the p
i
are ordered so that
p
1
< p
2
< · · · < p
m
we will say that p
r
1
1
p
r
2
2
· · · p
rm
m
is the unique prime factorization of n.
32 2. PRIME TIME
Applications of the Fundamental Theorem of Arithmetic. One application of
the Fundamental Theorem of Arithmetic is that if we know the prime factorizations of two
natural numbers, it is a simple matter to determine whether one divides the other. The
following is a characterization of divisibility in terms of primes. There are lots of letters
and lots of subscripts, but once understood, this theorem makes sense.
2.12. Theorem. Let a and b be natural numbers greater than 1 and let p
r
1
1
p
r
2
2
· · · p
rm
m
be the
unique prime factorization of a and let q
t
1
1
q
t
2
2
· · · q
ts
s
be the unique prime factorization of b.
Then ab if and only if for all i ≤ m there exists a j ≤ s such that p
i
= q
j
and r
i
≤ t
j
.
Prime factorizations make it easy to prove some assertions that might otherwise be more
diﬃcult.
2.13. Theorem. If a and b are natural numbers and a
2
b
2
, then ab.
Prime factorizations can help us to ﬁnd the greatest common divisor and least common
multiple of two natural numbers. Here are some examples.
2.14. Exercise. Find (3
14
· 7
22
· 11
5
· 17
3
, 5
2
· 11
4
· 13
8
· 17).
2.15. Exercise. Find lcm(3
14
· 7
22
· 11
5
· 17
3
, 5
2
· 11
4
· 13
8
· 17) .
After doing some examples, we instinctively seek the general pattern. That is, we seek to
make a general statement that captures the reason that the method we used in the speciﬁc
examples works.
2.16. Exercise. Make a conjecture that generalizes the ideas you used to solve the two
previous exercises.
2.17. Question. Do you think this method is always better, always worse, or sometimes
better and sometimes worse than using the Euclidean Algorithm to ﬁnd (a, b)? Why?
The following theorem requires a clever use of the Fundamental Theorem of Arithmetic.
2.18. Theorem. Given n + 1 natural numbers, say a
1
, a
2
, . . . , a
n+1
, all less than or equal
to 2n, then there exists a pair, say a
i
and a
j
with i = j, such that a
i
a
j
.
The Fundamental Theorem of Arithmetic can be used to prove that certain equations
do not have integer solutions.
2.19. Theorem. There do not exist natural numbers m and n such that 7m
2
= n
2
.
THE PRIME NUMBERS 33
2.20. Theorem. There do not exist natural numbers m and n such that 24m
3
= n
3
.
Up to this point we have been talking exclusively about natural numbers and integers.
Our insights into natural numbers and integers can actually help us to understand more
general kinds of numbers such as rational numbers and irrational numbers.
Deﬁnition. A rational number is a real number that can be written as
a
b
where a and b
are integers and b = 0.
Deﬁnition. A real number that is not rational is irrational.
The next theorems ask you to prove that certain speciﬁc numbers are irrational.
2.21. Exercise. Show that
√
7 is irrational. That is, there do not exist natural numbers n
and m such that
√
7 =
n
m
.
2.22. Exercise. Show that
√
12 is irrational.
2.23. Exercise. Show that 7
1
3
is irrational.
Having proved some speciﬁc numbers are irrational we take the usual step of generalizing
our insights as far as possible.
2.24. Question. What other numbers can you show to be irrational? Make and prove the
most general conjecture you can.
Let’s now return to the world of integers. The following was a theorem we ﬁrst proved
in Chapter 1. Here we repeat the theorem with the idea that the Fundamental Theorem of
Arithmetic might help to provide an alternative proof.
2.25. Theorem. Let a, b, and n be integers. If an, bn, and (a, b) = 1, then abn.
Integers are either divisible by a prime p or are relatively prime to p.
2.26. Theorem. Let p be a prime and let a be an integer. Then p does not divide a if and
only if (a, p) = 1.
Notice that 9(6 · 12) and yet 9 does not divide either 6 or 12. However, if a prime
divides a product of two integers, then it must divide one or the other.
2.27. Theorem. Let p be a prime and let a and b be integers. If pab, then pa or pb.
34 2. PRIME TIME
The following theorems explore the relationships among the greatest common divisor
and various arithmetic operations. You might consider proving them in at least two ways,
one using the Fundamental Theorem of Arithmetic and one using the techniques from
Chapter 1.
2.28. Theorem. Let a, b, and c be integers. If (b, c) = 1, then (a, bc) = (a, b) · (a, c).
2.29. Theorem. Let a, b, and c integers. If (a, b) = 1 and (a, c) = 1, then (a, bc) = 1.
2.30. Theorem. Let a and b be integers. If (a, b) = d, then (
a
d
,
b
d
) = 1.
2.31. Theorem. Let a, b, u, and v be integers. If (a, b) = 1 and ua and vb, then (u, v) = 1.
The inﬁnitude of primes. One of the most basic questions we can ask about prime
numbers is, “How many are there?” In this section, we will prove that there are inﬁnitely
many. To prove that there are inﬁnitely many primes, we need to show that there are large
natural numbers that are not the product of smaller natural numbers. Our ﬁrst observation
points out that consecutive natural numbers cannot share common divisors greater than 1.
2.32. Theorem. For all natural numbers n, (n, n + 1) = 1.
Can you think of a natural number that is divisible by 2, 3, 4, and 5? Can you think of
a natural number that has a remainder of 1 when divided by 2, 3, 4, and 5? If you think
of systematic ways to answer these questions, you will be well on your way to proving the
following theorem.
2.33. Theorem. Let k be a natural number. Then there exists a natural number n (which
will be much larger than k) such that no natural number less than k and greater than 1
divides n.
The previous theorem shows us how to produce natural numbers that are speciﬁcally
not divisible by certain natural numbers. This insight helps us to ﬁnd natural numbers
that are not divisible by any natural numbers other than themselves and 1, in other words,
primes.
2.34. Theorem. Let k be a natural number. Then there exists a prime larger than k.
The Inﬁnitude of Primes Theorem is one of the basic results of mathematics. It was
proved in ancient times and is recognized as one of the foundational theorems about num
bers. At ﬁrst you might think, “Of course, there must be inﬁnitely many primes. How could
THE PRIME NUMBERS 35
there not be inﬁnitely many primes since there are inﬁnitely many natural numbers?” But
remember that the same prime can be used many times. For example, we can construct
arbitrarily large natural numbers just by raising 2 to large powers. So it is conceivable that
some ﬁnite number of primes would suﬃce to produce all natural numbers. However, in
fact there are inﬁnitely many primes, as you will now prove.
2.35. Theorem (Inﬁnitude of Primes Theorem). There are inﬁnitely many prime numbers.
After you have devised a proof or proofs or learned a proof, it is satisfying to reﬂect
on the logic of the argument and celebrate and appreciate the beauty or cleverness of the
reasoning.
2.36. Question. What were the most clever or most diﬃcult parts in your proof of the
Inﬁnitude of Primes Theorem?
One of the principal ways that new mathematics is created is to take one result and see
whether it can be extended or variations of it can be proved. In the case of the Inﬁnitude
of Primes, we can ask whether there are inﬁnitely many primes of a certain type. We begin
by making an observation about numbers congruent to 1 modulo 4, which then will help us
to prove that there are inﬁnitely many primes of the form 4k + 3.
2.37. Theorem. If r
1
, r
2
, . . . , r
m
are natural numbers and each one is congruent to 1
modulo 4, then the product r
1
r
2
· · · r
m
is also congruent to 1 modulo 4.
To prove the following theorem, remember the proof of the Inﬁnitude of Primes Theorem
and see how the strategy of that proof might be adapted to prove the following harder
theorem.
2.38. Theorem (Inﬁnitude of 4k + 3 Primes Theorem). There are inﬁnitely many prime
numbers that are congruent to 3 modulo 4.
When you have proved the previous theorem, you will have forced yourself to understand
a technique of proving theorems about the existence of inﬁnitely many primes of a certain
type. Now is the time to see how far that technique can be pushed. In other words ask
yourself how many theorems like the preceding one are provable using a similar idea.
2.39. Question. Are there other theorems like the previous one that you can prove?
In fact, the following much more general theorem is true. Its proof in its full generality,
however, is quite diﬃcult and we will not attempt it in this course.
36 2. PRIME TIME
Theorem (Inﬁnitude of ak + b Primes Theorem). If a and b are relatively prime natural
numbers, then there are inﬁnitely many natural numbers k for which ak +b is prime.
The previous theorem is often called Dirichlet’s Theorem on primes in an arithmetic
progression and is due to Lejeune Dirichlet (18051859). An arithmetic progression is a
sequence of numbers of the form ak + b, k = 0, 1, 2, . . . , where b is any integer and a is
a natural number. It is a sequence of numbers all of which are congruent to b modulo a.
The study of primes in arithmetic progressions is still an active ﬁeld today. Consider the
following recent result due to Ben Green and Terrence Tao.
Theorem (Green and Tao, 2005). There are arbitrarily long arithmetic progressions of
primes.
This means that for any natural number n there exists a prime p and a natural number
a such that p, p +a, p +2a, p +3a, . . . , p +na are all prime. As an example, an arithmetic
progression of primes of length ﬁve is found by choosing p = 5 and a = 6, which yields the
sequence 5, 11, 17, 23, 29. The longest known arithmetic progess of primes as of July of 2004
has length 23 and is given by
56211383760397 +k44546738095860, k = 0, . . . , 22.
Terrence Tao was awarded a Fields medal in part for his work related to this result.
Fields medals, the mathematical equivalent of the Nobel prize, are awarded once every four
years to outstanding mathematicians under the age of 40.
2.40. Exercise. Find the current record for the longest arithmetic progression of primes.
Primes of special form. The largest known prime is of a special type known as a
Mersenne prime, which is a prime of the form 2
n
−1. The theorems here show some features
of Mersenne primes and related primes.
2.41. Exercise. Use polynomial long division to compute (x
m
−1) ÷(x −1).
2.42. Theorem. If n is a natural number and 2
n
−1 is prime, then n must be prime.
2.43. Theorem. If n is a natural number and 2
n
+ 1 is prime, then n must be a power of
2.
Deﬁnition. A Mersenne prime is a prime of the form 2
p
−1, where p is a prime. A prime
of the form 2
2
k
+ 1 is called a Fermat prime.
THE PRIME NUMBERS 37
2.44. Exercise. Find the ﬁrst few Mersenne primes and Fermat primes.
2.45. Exercise. For an A in the class and a Ph.D. in mathematics, prove that there
are inﬁnitely many Mersenne primes (or Fermat primes) or prove that there aren’t (your
choice).
The distribution of primes. How are the primes distributed among the natural
numbers? Is there some pattern to their distribution? There are inﬁnitely many primes,
but how rare are they among the numbers? What proportion of the natural numbers are
prime numbers? To explore these questions, the best way to start is to look at the natural
numbers and the primes among them. Here then are some ranges of natural numbers with
the primes printed in bold:
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, . . .
. . . , 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, . . .
. . . , 2025, 2026, 2027, 2028, 2029, 2030, 2031, 2032, 2033, 2034, 2035, 2036, 2037, 2038, . . .
What observations can we make? First, we may notice that the proportion of bold
numbers occuring seems to be getting smaller. That is, primes tend to be more sparse as
we move further out into the sequence of natural numbers. Stated another way, we tend to
see longer and longer runs of consecutive composite numbers.
2.46. Theorem. There exist arbitrarily long strings of consecutive composite numbers.
That is, for any natural number n there is a string of more than n consecutive composite
numbers.
On the other hand, we still observe primes clustered together, such as 311 and 313, or
2027 and 2029. It is a famous open question as to whether or not this behavior continues
indeﬁnitely. If you have already settled the previous question about Mersenne primes, then
solving the following question will give you another Ph.D.
2.47. Question (The Twin Primes Question). Are there inﬁnitely many pairs of prime
numbers that diﬀer from one another by two? (The pairs 11 and 13, 29 and 31, 41 and 43
are examples of some such pairs.)
Out of the ﬁrst 24 natural numbers, 9 of them are primes. We see that
9
24
of the ﬁrst 24
natural numbers are primes–that’s just a little over one third. We saw how this fraction
changes as n increases in the Sieve of Eratosthenes exercise.
38 2. PRIME TIME
n π(n)
n
ln(n)
π(n)
n
1
ln(n)
π(n)/n
1/ln(n)
=
π(n)
n/ ln(n)
10 4 4.3 . . . .4 .43429 . . . 0.92104 . . .
10
2
25 21.7 . . . .25 .21714 . . . 1.15133 . . .
10
3
168 144.7 . . . .168 .14476 . . . 1.16054 . . .
10
4
1229 1085.7 . . . .1229 .10857 . . . 1.13199 . . .
10
5
9592 8685.8 . . . .09592 .08685 . . . 1.10443 . . .
10
6
78498 72382.4 . . . .078498 .07238 . . . 1.08452 . . .
10
7
664579 620420.7 . . . .0664579 .06204 . . . 1.07121 . . .
10
8
5761455 5428681.0 . . . .05761455 .05428 . . . 1.06144 . . .
10
9
50847534 48254942.4 . . . .050847534 .04825 . . . 1.05385 . . .
Table 1. Prime Proportions
Before highspeed computers were available, calculating (or just estimating) the pro
portion of prime numbers in the natural numbers was a diﬃcult task. In fact, years ago
“computers” were in fact humans who did computations. Such people were amazingly accu
rate, but required a great deal of time and dedication to accomplish what today’s computers
can do in seconds. An eighteenthcentury Austrian arithmetician by the name of J. P. Kulik
spent 20 years of his life creating, by hand, a table of the ﬁrst 100 million primes. His table
was never published and sadly the volume containing the primes between 12,642,600 and
22,852,800 has since disappeared.
Nowadays, there are programs that compute the number of primes less than n, denoted
π(n), for increasingly large values of n and print out the proportion:
π(n)
n
. As we observed
above, the proportion of primes seems to slowly go downward. That is, the percentage of
numbers less than a million that are prime is smaller than the percentage of numbers less
than a thousand that are prime. The primes, in some sense, get sparser and sparser among
the bigger numbers.
In the early 1800’s, well before computers were even imagined, Carl Friedrich Gauss
(17771855), known by many as the Prince of Mathematics, and AdrienMarie Legendre
(17521833) made an insightful observation about the primes. They noticed that even
though primes do not appear to occur in any predictable pattern, the proportion of primes
is related to the natural logarithm.
Gauss and Legendre conjectured that the proportion of primes among the ﬁrst n natural
numbers is approximately
1
ln(n)
. Table 1 shows the number of primes up to n, the proportions
of primes, and a comparison with
1
ln(n)
.
FROM ANTIQUITY TO THE INTERNET 39
Notice how the last column seems to be getting closer and closer to 1. That is, the
proportion of primes in the ﬁrst n natural numbers is approximately
1
ln(n)
and the fraction
π(n)
n
is becoming increasingly closer to
1
ln(n)
as n grows without bound.
Theorem(The Prime Number Theorem). As n approaches inﬁnity, the proportion of prime
numbers less than or equal to n,
π(n)
n
, approaches
1
ln(n)
. Speciﬁcally,
lim
n→∞
_
π(n)/n
1/ ln(n)
_
= 1.
Alternatively, as n appraches inﬁnity, the number of primes less than n, π(n), approaches
n
ln(n)
. Speciﬁcally,
lim
n→∞
_
π(n)
n/ ln(n)
_
= 1.
The proofs of this theorem are diﬃcult, and beyond the scope of this book. Finally, we
mention here one more famous open question concerning prime numbers.
2.48. Exercise. Express each of the ﬁrst 20 even numbers greater than 2 as a sum of two
primes. (For example: 8 = 5 + 3.)
In a letter to Euler, dated June 7, 1742, Christian Goldbach (16901764) claimed that
every natural number greater than 2 was the sum of three primes. It was convention at the
time to include the number 1 as being among the primes. The conjecture was reexpressed
by Euler as follows.
Conjecture (The Goldbach Conjecture). Every positive, even number greater than 2 can
be written as the sum of two primes.
The Goldbach Conjecture has been veriﬁed by computer, as of June of 2006, for all even
numbers up to 400,000,000,000,000,000. As the even numbers get larger, there seem to be
more ways to write them as a sum of two primes. For example, the number 100,000,000
can be written as the sum of two primes in 219,400 diﬀerent ways. But no one knows how
to prove that in general all even natural numbers are the sum of two primes. Perhaps some
even number with 10 trillion digits is not the sum of two primes. Until we have a general
method of proof that will apply to all even numbers, we will not know whether such a
natural number might not exist.
From Antiquity To The Internet
Interest in the multiplicative properties of the natural numbers surely predated the
works of Euclid (Elements, Books VII, VIII, IX), but it is here that we ﬁnd the ﬁrst written
40 2. PRIME TIME
study. For example, Proposition 20 of Book IX gives the ﬁrst known proof of the inﬁnitude
of primes. The ancient Greeks’ interest in the primes may have been further spawned by
the connection they shared with perfect numbers. A natural number is said to be perfect if
it is equal to the sum of its proper divisors. For example, the smallest perfect number is 6,
since 6=1+2+3; and the ﬁrst four perfect numbers are
6 = 2
2−1
(2
2
− 1) = 1 + 2 + 3
28 = 2
3−1
(2
3
− 1) = 1 + 2 + 4 + 7 + 14
496 = 2
5−1
(2
5
− 1) = 1 + 2 + 4 + 8 + 16 + 31 + 62 + 124 + 248
8128 = 2
7−1
(2
7
− 1) = 1 + 2 + 4 + 8 + 16 + · · · + 2032 + 4064
In Book IX of his Elements Euclid proved the following: if for some n, 2
n
−1 is prime, then
2
n−1
(2
n
− 1) is perfect. This established the link between perfect numbers and primes of
the form 2
n
−1.
The serious study of perfect numbers and primes of special forms was picked up again
in the seventeenth century by the likes of Rene Descartes (15961650), Pierre de Fermat
(16011665), and Marin Mersenne (15881648). In a 1638 letter to Mersenne, Descartes
stated that he thought he could prove that every even perfect number was of the form given
by Euclid’s theorem, but no proof was given. Also in a letter to Mersenne, dated 1640,
Fermat indicated he had proved the following: if n is composite, then 2
n
− 1 is composite;
but if n is prime, then 2
n
−1 need not be prime, with two examples being 2
11
−1 = 23 · 89,
and 2
23
− 1 = 47 · 178481.
In 1647 Mersenne gave the following list of 11 primes p for which he believed 2
p
− 1
was prime as well: 2, 3, 5, 7, 13, 17, 19, 31, 67, 127, 257. He erred only by including 67
(and excluding 61, 89 and 107). To this day primes of the form 2
p
−1 are called Mersenne
primes, and it is still unknown whether inﬁnitely many exist. In a posthumously published
paper, Euler ﬁnally succeeded in proving that all even perfect numbers are of Euclid’s type,
giving a onetoone correspondence between Mersenne primes and even perfect numbers.
Curiously, it is not known if any odd perfect numbers exist.
The search for new Mersenne primes continues to this day. In fact, anyone with a home
computer and an internet connection can join the Great Internet Mersenne Prime Search
(GIMPS). Mersenne’s list has only been increased to contain 44 examples as of September,
2006, with the largest having over 9.8 million digits.
2.49. Exercise. Find the current record for the largest known Mersenne prime.
FROM ANTIQUITY TO THE INTERNET 41
There is a monetary award of $100,000 for the ﬁrst person (or group) to ﬁnd a Mersenne
prime with at least 10 million digits. So happy hunting.
CHAPTER 3
A Modular World
Thinking Cyclically
In Chapter 1 we established the basics of modular arithmetic. Now we proceed to see
how modular arithmetic relates to other familiar algebraic constructions such as functions
and equations, and how it can help us to better understand primes and composite numbers.
Modular arithmetic is interesting as an abstract topic in number theory, but it also
plays important roles in real life. It is the basis for public key cryptography and check
digits associated with error detection. Here we further develop the theory of modular
arithmetic and later explore some of its applications outside mathematics.
Powers and polynomials modulo n. Recall the following deﬁnition of congruence
from Chapter 1.
Deﬁnition. Suppose that a, b, and n are integers with n > 0. We say that a and b are
congruent modulo n if and only if n(a −b). We denote this relationship as
a ≡ b (mod n)
and read these symbols as “a is congruent to b modulo n”.
Here are some exercises that will encourage you to refresh your memory about some of
the modular arithmetic theorems that you proved back in Chapter 1.
3.1. Exercise. Show that 41 divides 2
20
−1 by following these steps. Explain why each step
is true.
(1) 2
5
≡ −9 (mod 41).
(2) (2
5
)
4
≡ (−9)
4
(mod 41).
(3) 2
20
≡ 81
2
(mod 41) ≡ (−1)
2
(mod 41).
(4) 2
20
− 1 ≡ 0 (mod 41).
3.2. Question. In your head, can you ﬁnd the natural number k, 0 ≤ k ≤ 11, such that
k ≡ 37
453
(mod 12)?
43
44 3. A MODULAR WORLD
(Hint: Don’t try to multiply it out and then divide by 12. Of course, this hint is a rather
lame joke, since if you could actually multiply 37
453
in your head, you would not be taking
a number theory class. You would be performing mental feats in some carnival sideshow.)
The next question continues to show you the value of thought (and modular arithmetic)
rather than brute force.
3.3. Question. In your head or using paper and pencil, but no calculator, can you ﬁnd the
natural number k, 0 ≤ k ≤ 6, such that 2
50
≡ k (mod 7).
The next question asks you to compute a larger power (453) of a number modulo 12.
Try to think of how to do this eﬃciently. Here is a hint. If you want to raise a number to the
16th power, you can ﬁrst square it, then square the result, then square the result, and then
square the result. So only four multiplications accomplish raising to the 16th power, rather
than using 16 multiplications. Also, remember that you can reduce answers modulo 12,
so you never have to multiply numbers larger than 11. While doing the following exercise,
think about systematizing your strategy. In particular, can you see why your strategy
might involve expressing 453 as a sum of powers of 2? See whether you can do the following
problem without ever multiplying numbers larger than 12 and without doing more than 10
steps of multiplying two numbers less than 12 and reducing the answers modulo 12.
3.4. Question. Using paper and pencil, but no calculator, can you ﬁnd the natural number
k, 0 ≤ k ≤ 11, such that 39
453
≡ k (mod 12).
Now that you have developed the power to take powers, here is another exercise that
takes advantage of your method.
3.5. Exercise. Show that 39 divides 17
48
−5
24
.
At this point, you have developed some ideas about how to eﬃciently raise numbers to
powers in modular arithmetic. The next question asks you to crystallize your method and
clearly describe it.
3.6. Question (Describe technique). Let a, n, and r be natural numbers. Describe how to
ﬁnd the number k (0 ≤ k ≤ n − 1) such that k ≡ a
r
(mod n) subject to the restraint that
you never multiply numbers larger than n and that you only have to do about log
2
r such
multiplications.
The technique you just developed and described allows computers to deal with taking
very large numbers (containing several hundred digits) and raising them to huge powers
THINKING CYCLICALLY 45
modulo other enormous numbers. The ability of computers to deal with such arithmeti
cal challenges turns out to be an essential ingredient in modern methods of secure data
transmission used over the internet everyday. We will explore these methods, which involve
cryptography, in a later chapter.
We now turn our attention to polynomials and how they behave when viewed from a
modular arithmetic point of view. We begin with a speciﬁc example.
3.7. Question. Let f(x) = 13x
49
− 27x
27
+x
14
− 6. Is it true that
f(98) ≡ f(−100) (mod 99)?
As usual, after doing a speciﬁc example, we think about what more general statement
the speciﬁc example suggests.
3.8. Theorem. Suppose f(x) = a
n
x
n
+a
n−1
x
n−1
+. . . +a
0
is a polynomial of degree n > 0
with integer coeﬃcients. Let a, b, and m be integers with m > 0. If a ≡ b (mod m),
then f(a) ≡ f(b) (mod m).
The next corollaries are repeats of results from Chapter 1 about criteria for determining
when a natural number is divisible by 3 or 9. Here you are being asked to recognize a
natural number as thre evaluation of a polynomial, and to deduce the following statements
from the previous theorem.
3.9. Corollary. Let the natural number n be expressed in base 10 as
n = a
k
a
k−1
. . . a
1
a
0
.
Let m = a
k
+ a
k−1
+ . . . +a
1
+ a
0
. Then 9n if and only if 9m.
3.10. Corollary. Let the natural number n be expressed in base 10 as
n = a
k
a
k−1
. . . a
1
a
0
.
If m = a
k
+a
k−1
+. . . + a
1
+ a
0
. Then 3n if and only if 3m.
During your work on Chapter 1, you may have devised other criteria for divisibility.
If so, does this polynomial view of those divisibility theorems help you to see why your
methods are true? Can you now think of new divisibility theorems like the above?
The next two theorems do not involve modular arithmetic. They roughly state that
every polynomial gets big.
3.11. Theorem. Suppose f(x) = a
n
x
n
+ a
n−1
x
n−1
+ . . . + a
0
is a polynomial of degree
n > 0 and suppose a
n
> 0. Then there is an integer k such that if x > k, then f(x) > 0.
46 3. A MODULAR WORLD
Note: We are only assuming that the leading coeﬃcient a
n
is greater than zero. The
other coeﬃcients may be positive or negative or zero.
The next theorem extends the idea that polynomials get positive and roughly states that
not only do they get positive, but they get big and stay big from some point on. Notice
that the theorem does not ask you to be eﬃcient and ﬁnd the ﬁrst place after which the
polynomial stays larger than some value. It just asks you to prove that eventually that
happens.
3.12. Theorem. Suppose f(x) = a
n
x
n
+ a
n−1
x
n−1
+ . . . + a
0
is a polynomial of degree
n > 0 and suppose a
n
> 0. Then for any number M there is an integer k (which depends
on M) such that if x > k, then f(x) > M.
The next theorem connects polynomials with primes. It says that every polynomial
with integer coeﬃcients produces many composite numbers. There is no polynomial that
produces only primes. Too bad. In proving the next theorem, it might be useful to think
about modular arithmetic. Remember that if a number is congruent to 0 modulo n, then
n divides the number, and being divisible is the fundamental issue about being composite.
The proof of the following theorem is a challenge, but if you look at it just right, then you
can give a convincing proof. So the hint is to use Theorems 3.8 and 3.12.
3.13. Theorem. Suppose f(x) = a
n
x
n
+a
n−1
x
n−1
+. . .+a
0
is a polynomial of degree n > 0
with integer coeﬃcients. Then f(x) is a composite number for inﬁnitely many integers x.
Note: This theorem implies that we cannot ﬁnd a magical polynomial that produces
only prime values for every integer input. Nevertheless, some polynomials do pretty well.
The polynomial f(x) = x
2
+ x + 41 has a prime value (that is, f(n) is prime) for 80
consecutive integer inputs, n = −40, −39, . . . , 38, 39. Try a few values to test this assertion.
When we think of a natural number modulo n, it is congruent to some nonnegative
integer less than n. The next theorem pins that idea down.
3.14. Theorem. Given any integer a and any natural number n, there exists a unique
integer t in the set {0, 1, 2, . . . , n −1} such that a ≡ t (mod n).
This theorem suggests the following deﬁnition of one set of numbers to which every
natural number is congruent.
Deﬁnition. Let n be a natural number. The set {0, 1, 2, . . . , n−1} is the called the canonical
complete residue system modulo n.
THINKING CYCLICALLY 47
There are other collections of integers besides the canonical complete residue system
modulo n with the property that they represent all integers modulo n.
Deﬁnition. Let k and n be natural numbers. A set {a
1
, a
2
, . . . , a
k
} of integers is called
a complete residue system modulo n if every integer is congruent modulo n to exactly one
element of the set.
Let’s get used to these deﬁnitions by looking at some examples and constructing com
plete residue systems.
3.15. Exercise. Find three complete residue systems modulo 4: the canonical complete
residue system, one containing negative numbers, and one containing no two consecutive
numbers.
3.16. Theorem. Let n be a natural number. Every complete residue system modulo n
contains n elements.
Arithmetic modulo n puts the integers into n diﬀerent equivalence classes. A complete
residue system modulo n has one representative of each equivalence class. Even if you
don’t know the technical deﬁnition of equivalence class, the idea is just that the integers
are divided into groups, namely, the integers congruent to 0, the integers congruent to 1,
the integers congruent to 2, and so on up to the integers congruent to n − 1 modulo n.
The following theorem says that any set of n noncongruent integers will form a complete
residue system modulo n.
3.17. Theorem. Let n be a natural number. Any set of n integers {a
1
, a
2
, . . . , a
n
} for
which no two are congruent modulo n is a complete residue system modulo n.
Linear congruences. In the ﬁrst chapter, we discussed some questions about ﬁnding
solutions to linear Diophantine equations. Now we are going to take up analogous questions
about ﬁnding solutions to equations in modular arithmetic. Speciﬁcally, our next goal is to
determine when there are solutions to the general linear congruence
ax ≡ b (mod n)
and how to ﬁnd all the solutions. A solution is an integer value for x that makes the
congruence true. We’ll start with some examples.
3.18. Exercise. Find all solutions in the appropriate canonical complete residue system
modulo n that satisfy the following linear congruences:
48 3. A MODULAR WORLD
(1) 26x ≡ 14 (mod 3).
(2) 2x ≡ 3 (mod 5).
(3) 4x ≡ 7 (mod 8).
(4) 24x ≡ 123 (mod 213). (This congruence is tedious to do by trial and error, so per
haps we should defer work on it for now and instead try to develop some techniques
that might help.)
This next theorem clearly connects the question of how to solve linear congruences with
the techniques of solving linear Diophantine equations that we developed in Chapter 1.
3.19. Theorem. Let a, b, and n be integers with n > 0. Show that ax ≡ b (mod n) has a
solution if and only if there exist integers x and y such that ax + ny = b.
These theorems will encourage you to remember your work from Chapter 1.
3.20. Theorem. Let a, b, and n be integers with n > 0. The equation ax ≡ b (mod n) has
a solution if and only if (a, n)b.
Now we have a speciﬁc condition that tells whether a linear congruence will or will
not have a solution. We can use this criterion to see whether our deferred congruence in
Exercise 3.18 does or does not have a solution.
3.21. Question. What does the preceding theorem tell us about the congruence (4) in Ex
ercise 3.18 above?
Now let’s actually solve the congruence in a systematic way. As usual, this work is tying
back into the work we did in solving linear Diophantine equations in Chapter 1.
3.22. Exercise. Use the Euclidean Algorithm to ﬁnd a member x of the canonical complete
residue system modulo 213 that satisﬁes 24x ≡ 123 (mod 213). Find all members x of the
canonical complete residue system modulo 213 that satisfy 24x ≡ 123 (mod 213).
Having done a speciﬁc example, as usual we step back and try to describe a general
procedure.
3.23. Question. Let a, b, and n be integers with n > 0. How many solutions are there to
the linear congruence ax ≡ b (mod n) in the canonical complete residue system modulo n?
Can you describe a technique to ﬁnd them?
THINKING CYCLICALLY 49
The next theorem gives the answer, so try to think it through on your own before reading
on. While thinking about this question, crystallizing the ideas about linear Diophantine
equations will help.
3.24. Theorem. Let a, b, and n be integers with n > 0. Then,
(1) The congruence ax ≡ b (mod n) is solvable in integers if and only if (a, n)b.
(2) If x
0
is a solution to the congruence ax ≡ b (mod n), then all solutions are given
by
x
0
+
_
n
(a, n)
· m
_
(mod n)
for m = 0, 1, 2, . . . , (a, n) − 1.
(3) If ax ≡ b (mod n) has a solution, then there are exactly (a, n) solutions in the
canonical complete residue system modulo n.
Systems of linear congruences: the Chinese Remainder Theorem. Sometimes
in real life, we are confronted with problems involving simultaneous linear congruences.
Something like the following has probably happened to you.
3.25. Exercise. A band of 17 pirates stole a sack of gold coins. When they tried to divide
the fortune into equal portions, 3 coins remained. In the ensuing brawl over who should
get the extra coins, one pirate was killed. The coins were redistributed, but this time an
equal division left 10 coins. Again they fought about who should get the remaining coins
and another pirate was killed. Now, fortunately, the coins could be divided evenly among
the surviving 15 pirates. What was the fewest number of coins that could have been in the
sack?
Perhaps your experience is less violent and more bucolic. Eggs need counting too.
3.26. Exercise (Brahmagupta, 7th century A.D.). When eggs in a basket are removed two,
three, four, ﬁve or six at a time, there remain, respectively, one, two, three, four, or ﬁve
eggs. When they are taken out seven at a time, none are left over. Find the smallest number
of eggs that could have been contained in the basket.
These exercises are challenging but fun to do. The question now is whether we can
formulate general statements that tell us when solutions to such problems exist and how
those solutions can be found. This ﬁrst theorem gives a criterion for when we can ﬁnd a
single number that is congruent to two diﬀerent values modulo two diﬀerent moduli. That
50 3. A MODULAR WORLD
single number is called a solution to a system of two linear congruences. Later we will
consider solutions to arbitrarily large systems of linear congruences.
3.27. Theorem. Let a, b, m, and n be integers with m > 0 and n > 0. Then the system
x ≡ a (mod n)
x ≡ b (mod m)
has a solution if and only if (n, m)a − b.
The next theorem asserts that in the case where (m, n) = 1, the solution is unique
modulo the product mn.
3.28. Theorem. Let a, b, m, and n be integers with m > 0, n > 0, and (m, n) = 1. Then
the system
x ≡ a (mod n)
x ≡ b (mod m)
has a unique solution modulo mn.
The most famous theorem along these lines is the Chinese Remainder Theorem. Here
the moduli are relatively prime, but there can be any ﬁnite number of them. The pirate
problem is a Chinese Remainder Theorem problem in disguise (possibly with an eye patch).
The Chinese Remainder Theorem involves L diﬀerent linear congruences. Whenever you
see a theorem or a problem that has a potentially large natural number involved, it is a
good idea to start thinking about the cases where L is 1 or 2 or 3. Doing those special cases
is a great way to teach yourself how to do the general case. The previous theorem gets you
started by doing the case L = 2. Also, you might think about induction in trying to then
do the general case.
3.29. Theorem (Chinese Remainder Theorem). Suppose n
1
, n
2
, . . . , n
L
are positive inte
gers that are pairwise relatively prime, that is, (n
i
, n
j
) = 1 for i = j, 1 ≤ i, j ≤ L. Then
the system of L congruences
x ≡ a
1
(mod n
1
)
x ≡ a
2
(mod n
2
)
.
.
.
x ≡ a
L
(mod n
L
)
has a unique solution modulo the product n
1
n
2
n
3
· · · n
L
.
A PRINCE AND A MASTER 51
A Prince And A Master
Carl Friedrich Gauss, sometimes called the Prince of Mathematics, is considered by
many to be one of the greatest mathematicians in history, and it is to him that we owe
the modern theory and notation of congruences (i.e., modular arithmetic). His treatise
Disquisitiones Arithmeticae, published in 1801 when Gauss was just 24, brought together
for the ﬁrst time in one source the important number theory contributions of many previous
mathematicians, including Fermat, Euler, Joseph Lagrange, and AdrienMarie Legendre.
Some of Gauss’ own contributions to number theory will be treated in later chapters.
Sun Zi wrote the Chinese treatise Sun Tze Suan Ching, which translates to Master
Sun’s Mathematical Manual. He is assumed to have lived during either the third or fourth
centuries AD. There is some evidence that he was a Buddhist monk, but little else is known
of him. Master Sun’s manual is divided into three volumes, and Problem 26 from Volume
3 is translated
We have a number of things, but we do not know exactly how many. If
we count them by threes we have two left over. If we count them by ﬁves
we have three left over. If we count them by sevens we have two left over.
How many things are there?
You will of course recognize this as a problem requiring a solution to a system of linear
congruences, not unlike Brahmagupta’s egg basket problem. It is because Sun Zi’s text
provides the earliest known example of such a problem that the Chinese Remainder Theorem
obtained its name.
CHAPTER 4
Fermat’s Little Theorem and Euler’s Theorem
Abstracting the Ordinary
One way that mathematics is created is to abstract, change, or generalize some features
of familiar mathematical objects and see what happens. For example, we started with the
familiar idea of arithmetic with integers and then made some changes to consider modular
arithmetic, a sort of cyclical version of arithmetic. Abstract algebra is a mathematical
exploration of generalizations of various familiar ideas such as the integers, the rational
numbers, and the real numbers and the associated arithmetic operations and properties
of them. By selectively focusing on some properties of these examples, abstract algebra
constructs categories of algebraic entities including objects called groups, rings, and ﬁelds.
Modular arithmetic provides us with examples of some of these algebraic structures and
illustrates some of the properties that lead to many fundamental ideas in abstract algebra.
Solving the linear congruence ax ≡ b (mod n) means ﬁnding a number that when added
to itself a times results in b modulo n. In studying such congruences we are implicitly
studying the results of repeated addition modulo n and patterns that this process might
produce. Equally interesting, as well as fruitful, is the study of repeated multiplication
modulo n, that is, taking powers of numbers and reducing those powers modulo n. The
operations of addition and multiplication are so well understood in the natural numbers
that looking at their behavior in modular arithmetic is a natural exploration to undertake.
Orders of an integer modulo n. We begin here by exploring how powers of numbers
behave modulo n. We will ﬁnd a structure among numbers modulo n that is interesting in
its own right, has applications in cryptography and codes among other places, and leads to
central ideas of group theory. As usual we will do some speciﬁc examples in order to help
us develop some intuition about what we might expect.
4.1. Exercise. For i = 0, 1, 2, 3, 4, 5, and 6, ﬁnd the number in the canonical complete
residue system to which 2
i
is congruent modulo 7. In other words, compute 2
0
(mod 7), 2
1
(mod 7), 2
2
(mod 7), . . . , 2
6
(mod 7).
53
54 4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
Taking powers of an integer cannot create common factors with another integer if none
existed to start with.
4.2. Theorem. Let a and n be natural numbers with (a, n) = 1. Then (a
j
, n) = 1 for any
natural number j.
Reducing a number modulo n cannot create a common factor with n.
4.3. Theorem. Let a, b, and n be integers with n > 0 and (a, n) = 1. If a ≡ b (mod n),
then (b, n) = 1.
If you raise a number to various powers, you will sometimes get the same values modulo
n.
4.4. Theorem. Let a and n be natural numbers. Then there exist natural numbers i and
j, with i = j, such that a
i
≡ a
j
(mod n).
The next theorem repeats a theorem we saw before, but it is one of the most used
theorems in the exploration of powers, so you should have its statement and proof at the
tips of your ﬁngers.
4.5. Theorem. Let a, b, c, and n be integers with n > 0. If ac ≡ bc (mod n) and (c, n) = 1,
then a ≡ b (mod n).
The next theorem tells us that if we take a natural number relatively prime to a modulus
n, then some power of it will be congruent to 1 modulo n. One consequence of this theorem
is that after a power gets to 1, the powers will just recycle.
4.6. Theorem. Let a and n be natural numbers with (a, n) = 1. Then there exists a natural
number k such that a
k
≡ 1 (mod n).
The preceding theorem tells us that every natural number relatively prime to a modulus
has an exponent naturally associated with it, namely, the smallest exponent that makes the
power congruent to 1. That concept is so useful that we give it a name.
Deﬁnition. Let a and n be natural numbers with (a, n) = 1. The smallest natural number
k such that a
k
≡ 1 (mod n) is called the order of a modulo n and is denoted ord
n
(a).
ABSTRACTING THE ORDINARY 55
Fermat’s Little Theorem. The culminating theorem of this section is Fermat’s Little
Theorem. It gives us information about what power of a number will be congruent to 1
modulo a prime. We will approach that theorem by ﬁrst ﬁnding some sort of a bound on
the size of the order of a natural number. Experimenting with some actual numbers is a
good way to begin.
4.7. Question. Choose some relatively prime natural numbers a and n and compute the
order of a modulo n. Frame a conjecture concerning how large the order of a modulo n can
be, depending on n.
In doing your experiments of taking a number to powers, you might have noticed that
until the power was congruent to 1 modulo n, the values modulo n never repeated. That
observation is the content of the next theorem.
4.8. Theorem. Let a and n be natural numbers with (a, n) = 1 and let k = ord
n
(a). Then
the numbers a
1
, a
2
, . . . , a
k
are pairwise incongruent modulo n.
Taking powers of a natural number beyond its order will never produce diﬀerent numbers
modulo n.
4.9. Theorem. Let a and n be natural numbers with (a, n) = 1 and let k = ord
n
(a). For
any natural number m, a
m
is congruent modulo n to one of the numbers a
1
, a
2
, . . ., a
k
.
The only powers of a natural number that give 1 modulo n are powers that are multiples
of the order.
4.10. Theorem. Let a and n be natural numbers with (a, n) = 1, let k = ord
n
(a), and let
m be a natural number. Then a
m
≡ 1 (mod n) if and only if km.
This next theorem may have been what you conjectured when you did your experiments
about order in the ﬁrst question of this section. It states that the order of a natural number,
that is, the power that ﬁrst gets you to 1 modulo n, is less than n.
4.11. Theorem. Let a and n be natural numbers with (a, n) = 1. Then ord
n
(a) < n.
The following question asks you to do some experiments that might lead you to make a
conjecture about powers of numbers modulo primes. You will probably make the conjecture
that we will see later is in fact a theorem, Fermat’s Little Theorem.
4.12. Exercise. Compute a
p−1
(mod p) for various numbers a and primes p, and make a
conjecture.
56 4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
The numbers 1, 2, 3, . . . , p form a complete residue system modulo p. The next theorem
states that if p is a prime, then multiplying each of those numbers by a ﬁxed number that
is not divisible by p produces another complete residue system. You might want to take a
small prime, like 5, and multiply each of the numbers 1, 2, 3, 4, 5 by some other number, for
example, 6, and check that you produce a complete residue system.
4.13. Theorem. Let p be a prime and let a be an integer not divisible by p; that is,
(a, p) = 1. Then {a, 2a, 3a, . . . , pa} is a complete residue system modulo p.
Multiplying all the natural numbers less than a prime p will give the same result modulo
p as multiplying a ﬁxed multiple of those numbers.
4.14. Theorem. Let p be a prime and let a be an integer not divisible by p. Then
a · 2a · 3a · . . . · (p −1)a ≡ 1 · 2 · 3 · . . . · (p −1) (mod p).
This theorem can be used to prove Fermat’s Little Theorem, which follows. We state
two versions of Fermat’s Little Theorem, but ask you to prove that the two versions are
equivalent to one another. Both of them tell us important and applicable facts about powers
of natural numbers modulo a prime.
4.15. Theorem (Fermat’s Little Theorem, Version I). If p is a prime and a is an integer
relatively prime to p, then a
(p−1)
≡ 1 (mod p).
4.16. Theorem (Fermat’s Little Theorem, Version II). If p is a prime and a is any integer,
then a
p
≡ a (mod p).
4.17. Theorem. The two versions of Fermat’s Little Theorem stated above are equivalent
to one another, that is, each one can be deduced from the other.
Fermat’s Little Theorem states that a natural number not divisible by p, raised to the
(p − 1)st power, is congruent to 1 modulo p. Recall that the order of a natural number
is the smallest power that is congruent to 1 modulo p. The next theorem states that the
order of each such number must divide (p − 1).
4.18. Theorem. Let p be a prime and a be an integer. If (a, p) = 1, then ord
p
(a) divides
p −1, that is, ord
p
(a)p − 1.
One of the impressive applications of Fermat’s Little Theorem is that it allows us to do
computations involving modular arithmetic that would be impossible otherwise. Impress
your friends by doing the following computations in your head.
ABSTRACTING THE ORDINARY 57
4.19. Exercise. Compute each of the following without the aid of a calculator or computer.
(1) 512
372
(mod 13).
(2) 3444
3233
(mod 17).
(3) 123
456
(mod 23).
4.20. Exercise. Find the remainder upon division of 314
159
by 31.
Fermat’s Little Theorem tells us information about prime moduli, but how are we going
to deal with moduli that are not prime? One strategy is to decompose a composite (non
prime) modulus into relatively prime parts. The following theorem shows that a natural
number that is congruent to a ﬁxed number modulo two diﬀerent, relatively prime moduli is
congruent to that same number modulo the product of the moduli. For example, if you have
a natural number that is congruent to 12 modulo 15 and that same number is congruent to
12 modulo 8, that number is also congruent to 12 modulo 120 (= 8 · 15).
4.21. Theorem. Let n and m be natural numbers that are relatively prime, and let a be
an integer. If x ≡ a (mod n) and x ≡ a (mod m), then x ≡ a (mod nm).
4.22. Exercise. Find the remainder when 4
72
is divided by 91 (= 7 · 13).
When you see powers and a modulus, it is a good idea to think about the modulus as a
product of primes and then see whether you can use Fermat’s Little Theorem to advantage.
4.23. Exercise. Find the natural number k < 117 such that 2
117
≡ k (mod 117). (Notice
that 117 is not prime.)
An alternative route to Fermat’s Little Theorem. Many theorems have several
diﬀerent proofs. One approach to proving Fermat’s Little Theorem is by induction using
the Binomial Theorem. So the ﬁrst step in this approach is to state and prove the Binomial
Theorem.
Deﬁnition. If n and m are natural numbers with m ≤ n, then
_
n
m
_
=
n!
m!(n − m)!
.
We deﬁne 0! to equal 1. Thus, we can extend the deﬁnition to include m = 0. In that case,
we have
_
n
0
_
= 1 for any natural number n.
Note: You may recall that
_
n
m
_
is equal to the number of subsets of size m in a set of
size n.
58 4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
4.24. Theorem (Binomial Theorem). Let a and b be numbers and let n be a natural
number. Then
(a +b)
n
=
n
i=0
_
n
i
_
a
n−i
b
i
.
The Binomial Theorem describes the coeﬃcients of each term when you expand (a+b)
n
.
When n is equal to a prime p, p will divide all those coeﬃcients, except the end ones, of
course.
4.25. Lemma. If p is prime and i is a natural number less than p, then p divides
_
p
i
_
.
Using this observation, you can prove Fermat’s Little Theorem, Version II, by ﬁrst
observing that 0
p
is congruent to 0 modulo p, 1
p
is congruent to 1 modulo p, then moving
on to prove that 2
p
is congruent to 2 modulo p and then proving that 3
p
is congruent to 3
modulo p and so on. You might ﬁnd the preceding lemma useful in executing this inductive
procedure.
4.26. Theorem (Fermat’s Little Theorem, Version II). If p is a prime and a is an integer,
then a
p
≡ a (mod p).
Euler’s Theorem and Wilson’s Theorem. Fermat’s Little Theorem suﬀers from
the limitation that the modulus is prime. As usual, our strategy is to take an idea, in this
case Fermat’s Little Theorem, and see how it can be extended to apply to a more general
case. So we need to ask ourselves what aspects of Fermat’s Little Theorem can we hope to
extend to a case where the modulus is not prime. If we start with a number that is not
relatively prime to the modulus, then no power of it will ever be congruent to 1. So we focus
our attention on those numbers that are relatively prime to the modulus. The ﬁrst concept
we introduce is the Euler φfunction that simply counts how many of these relatively prime
numbers there are.
Deﬁnition. For a natural number n, the Euler φfunction, φ(n), is equal to the number of
natural numbers less than or equal to n that are relatively prime to n. (Note that φ(1) = 1.)
Let’s just do a few examples to make sure that the deﬁnition is clear.
4.27. Question. The numbers 1, 5, 7, and 11 are all the natural numbers less than or
equal to 12 that are relatively prime to 12, so φ(12) = 4.
(1) What is φ(7)?
(2) What is φ(15)?
ABSTRACTING THE ORDINARY 59
(3) What is φ(21)?
(4) What is φ(35)?
It is always a good idea to revisit useful and important results and remind yourself of
their proofs. We restate the following three theorems here because of their importance and
usefulness in the upcoming work.
4.28. Theorem. Let a, b, and n be integers such that (a, n) = 1 and (b, n) = 1. Then (ab, n) = 1.
4.29. Theorem. Let a, b, and n be integers with n > 0. If a ≡ b (mod n) and (a, n) = 1,
then (b, n) = 1.
4.30. Theorem. Let a, b, c, and n be integers with n > 0. If ab ≡ ac (mod n) and
(a, n) = 1, then b ≡ c (mod n).
The following theorem begins by listing those numbers that are being counted when we
ﬁnd the Euler φfunction of a number . It observes that multiplying two of those numbers by
a common number that is relatively prime to the modulus can not create congruent numbers.
They start not congruent (because they are diﬀerent numbers less than the modulus) and
they end not congruent.
4.31. Theorem. Let n be a natural number and let x
1
, x
2
, . . ., x
φ(n)
be the natural numbers
less than or equal to n that are relatively prime to n. Let a be a nonzero integer relatively
prime to n and let i and j be diﬀerent natural numbers less than or equal to φ(n). Then ax
i
≡
ax
j
(mod n).
The next theorem is Euler’s Theorem, which generalizes Fermat’s Little Theorem. Since
Euler’s Theorem generalizes Fermat’s Little Theorem, the way to start thinking about its
proof is to think about the proof of Fermat’s Little Theorem and see whether you can
imitate the steps in this diﬀerent setting. It is always a good idea to start with what you
know and see how it can be modiﬁed to ﬁt a new situation.
4.32. Theorem (Euler’s Theorem). If a and n are integers with n > 0 and (a, n) = 1, then
a
φ(n)
≡ 1 (mod n).
4.33. Corollary (Fermat’s Little Theorem). If p is a prime and a is an integer relatively
prime to p, then a
(p−1)
≡ 1 (mod p).
As long as we can compute φ(n), Euler’s Theorem can be used just like Fermat’s Little
Theorem for computing powers of numbers modulo n.
60 4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
4.34. Exercise. Compute each of the following without the aid of a calculator or computer.
(1) 12
49
(mod 15).
(2) 139
112
(mod 27).
4.35. Exercise. Find the last digit in the base 10 representation of the integer 13
474
.
The next theorem tells us that every natural number less than a given prime can be
multiplied by another natural number to yield 1 modulo the prime. This observation says
that numbers have something that behaves like a multiplicative inverse in the “mod p”
world.
4.36. Theorem. Let p be a prime and let a be an integer such that 1 ≤ a < p. Then there
exists a unique natural number b less than p such that ab ≡ 1 (mod p).
Deﬁnition. Let p be a prime and let a and b be integers such that ab ≡ 1 (mod p). Then
a and b are said to be inverses modulo p.
4.37. Exercise. Let p be a prime. Show that the natural numbers 1 and p − 1 are their
own inverses modulo p.
The next theorem asserts that except for the special numbers 1 and p−1, the inverse of
a number modulo p is diﬀerent from itself. In other words, squaring a natural number less
than p other than 1 or p −1 will not give you a number congruent to 1 modulo the prime p.
4.38. Theorem. Let p be a prime and let a and b be integers such that 1 < a, b < p − 1
and ab ≡ 1 (mod p). Then a = b.
Let’s see how numbers pair up with their inverses in a speciﬁc case.
4.39. Exercise. Find all pairs of numbers a and b in {2, 3, . . . , 11} such that ab ≡ 1
(mod 13).
The preceding theorems and examples are giving us a perspective about numbers and
their multiplicative inverses modulo a prime p. One consequence of this picture is that when
we multiply all the numbers from 2 up to (p −2), we get a number congruent to 1 modulo
the prime p.
4.40. Theorem. If p is a prime larger than 2, then 2 · 3 · 4 · . . . · (p −2) ≡ 1 (mod p).
We end the chapter with Wilson’s Theorem which is perhaps the most famous conse
quence of our understanding of numbers and their inverses modulo a prime p.
FERMAT, WILSON AND . . . LEIBNIZ? 61
4.41. Theorem (Wilson’s Theorem). If p is a prime, then (p − 1)! ≡ −1 (mod p).
The converse of Wilson’s Theorem is also true; that is, if the product of all the natural
numbers less than n is congruent to −1 modulo n, then n must be prime.
4.42. Theorem (Converse of Wilson’s Theorem). If n is a natural number such that (n −
1)! ≡ −1 (mod n), then n is prime.
Whenever we prove a good theorem, we can ask about extensions of it. After we proved
Fermat’s Little Theorem that talked about prime moduli, we extended it to Euler’s Theorem
that dealt with composite moduli. Can you make a conjecture that would extend Wilson’s
Theorem to moduli that are not prime?
Fermat, Wilson And . . . Leibniz?
Tracing the history of named results like those of this chapter can be trying. Shake
speare’s famous “What’s in a name?” aptly applies. In a letter to Frenicle de Bessy (1605
1675) dated 1640, Fermat stated what we now call Fermat’s Little Theorem. Characteristic
of Fermat, the theorem was explained without proof stating “I would send you the demon
stration, if I did not fear its being too long.”
It is not until 1736 that we ﬁnd the ﬁrst published proof in the works of Euler. The
argument is based on the Binomial Theorem, and could likely have been known to Fermat.
The algebraic proof given in Theorems 4.134.15 appeared in 1806, and is attributed to
James Ivory (17651842). Euler, of course, went on to generalize Fermat’s Little Theorem
and published a proof of Euler’s Theorem in 1760.
Abu Ali alHasan ibn alHaytham (approx. 9651040) considered the following problem:
To ﬁnd a number such that if we divide by two, one remains; if we divide by three, one
remains; if we divide by four, one remains; if we divide by ﬁve, one remains; if we divide
by six, one remains; if we divide by seven, there is no remainder. His method of solution
gives, in this particular case, the number (7 − 1)! + 1, which clearly leaves a remainder of
1 upon division by 2, 3, 4, 5 and 6. But alHaytham was also aware that this number was
divisible by 7, which is an instance of Wilson’s theorem.
Nearly 800 years later Edward Waring (17361798) ﬁrst published the general statement
of Wilson’s Theorem, attributing the result to his student John Wilson (17411793). No
proof was given in Waring’s publication, and it is believed that neither Waring nor Wilson
were aware of a proof. The ﬁrst published proof, based on the binomial theorem, appeared
in 1773 by Lagrange and also included a proof of the converse of Wilson’s Theorem.
62 4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
Enter Leibniz. In 1894 attention was called to a collection of unpublished manuscripts
located in the Hanover Library attributed to Gottfried Wilhelm von Leibniz (16461716),
most famous as one of the creators of Calculus as well as for his philosophical theory of
monads. We usually do not think of Leibniz as a pioneer of number theory. However,
among his works found in the Hanover Library are results believed to have been attained
prior to 1683 which include proofs of both Fermat’s Little Theorem and Wilson’s Theorem.
These dates precede Euler’s ﬁrst published proof of Fermat’s Little Theorem by 53 years
and Lagrange’s ﬁrst published proof of Wilson’s Theorem by 90 years.
CHAPTER 5
Public Key Cryptography
Public Key Codes And RSA
Public key codes. Public key codes are codes in which the encoding method is public
knowledge; i.e. anyone can encode messages. However, even though everybody knows how
messages are encoded, only the receiver knows how to decode an encrypted message. For
example, suppose I want to sell a product and I want customers to be able to send me
their credit card numbers in a secure manner. I can “publish” a public encoding scheme.
People use this scheme to encode their credit card numbers before sending them to me.
For the scheme to be secure, I should be the only person who can decode the numbers. So
even though everyone knows exactly how the numbers were encoded, only I can “undo” the
encoding in order to decode the message.
Such codes are called public key codes. The notion is counterintuitive. How can such
a scheme work? The answer is based on the fact that certain mathematical operations are
easy to perform, but hard to undo. We will look at a speciﬁc public key encoding scheme
called RSA encryption, ﬁrst discovered by mathematicians Ronald Rivest, Adi Shamir, and
Leonard Adleman.
Overview of RSA. Suppose we select two enormous prime numbers, each on the
order of 200 digits long, for example. Now we multiply them (computers are whizzes at
multiplying natural numbers, even numbers with hundreds of digits). Now we give our
result to a friend and ask her to factor it. She goes oﬀ to have her computer help her out,
and is never seen again. Factoring large numbers is hard, even for a computer. There are
limits to the size of natural numbers that a computer can factor. Our product of two 200
digit primes is much too large for even the fastest computers to factor.
So we can announce our enormous number to the world, but only we know its factors.
At this point, you would be justiﬁed in saying, “So what? Who cares what the factors
of a 400 digit number are anyway?” The answer is that you care. You care because the
inability to factor such numbers is at the heart of public key encryption systems that are
used millions of times a day to keep data that is sent over the internet secure. The challenge
63
64 5. PUBLIC KEY CRYPTOGRAPHY
for this chapter is for you to discover how to make a public key code system by exploiting
this example of a mathematical operation that is easy to perform (the multiplication of two
large primes), but hard to undo (factor). We will see how the huge product is the public
part of the RSA encryption scheme that will somehow allow anyone to encode messages
while the decoding requires knowing its factorization, thus making the code unbreakable
except by the person who knows the factors. Of course, at this point there is no apparent
connection between factoring numbers and encoding messages. That is the content of this
chapter.
For convenience, let’s suppose the message we wish to encode is a number. If our
message contained words, we could do some sort of simple transformation turning letters
into numbers. We will take our message number and perform a mathematical operation on
it to produce a new number. This new number is the encoded message. What operation
will we perform? We will raise our original number message to some power modulo some
base. Recovering the original number message from the encoded message number will
be practically impossible without some secret knowledge. With the secret knowledge, we
simply raise the encoded number to another power to obtain the original message. The key
to the whole process is the work we have already done, including the Euclidean Algorithm
and Euler’s Theorem.
Let’s decrypt. Before getting to James Bond, let’s begin with some theorems about
modular arithmetic. This ﬁrst theorem has a familiar conclusion reminiscent of Fermat’s
Little Theorem and Euler’s Theorem, namely, that under certain conditions a number to a
power is congruent to 1 modulo another number.
5.1. Theorem. If p and q are distinct prime numbers and W is a natural number with
(W, pq) = 1, then W
(p−1)(q−1)
≡ 1 (mod pq).
You might think that the next theorem would require the hypothesis that (W, pq) = 1;
however, it is true for all natural numbers W. One strategy for proving a theorem is ﬁrst
to prove the theorem with a stronger hypothesis and later deal with the other cases. Here,
you might ﬁrst prove the theorem assuming the extra hypothesis that (W, pq) = 1. After
that success, you can analyze what would happen if p or q divides W.
5.2. Theorem. Let p and q be distinct primes, k be a natural number, and W be a natural
number less than pq. Then
W
1+k(p−1)(q−1)
≡ W (mod pq).
PUBLIC KEY CODES AND RSA 65
Notice how this next theorem has a conclusion that looks similar to theorems from
Chapter 1 about linear Diophantine equations. As usual, an excellent strategy in mathe
matics is to remember previous theorems or insights that seem to be related to the current
question.
5.3. Theorem. Let p and q be distinct primes and E be a natural number relatively prime
to (p −1)(q −1). Then there exist natural numbers D and y such that
ED = 1 +y(p −1)(q −1).
5.4. Theorem. Let p and q be distinct primes, W be a natural number less than pq, and
E, D, and y be natural numbers such that ED = 1 + y(p − 1)(q −1). Then
W
ED
≡ W (mod pq).
Notice that the conclusion of the preceding theorem is that raising W to a certain
power, the ED power, and reducing modulo pq just gives us W back again. Remember that
W
ED
= (W
E
)
D
.
We now have all the pieces used to make up the RSA Public Key Coding System. The
next exercise asks you to put the pieces together.
5.5. Exercise. Consider two distinct primes p and q. Describe every step of the RSA
Public Key Coding System. State what numbers you choose to make public, what messages
can be encoded, how messages should be encoded, and how messages are decoded. What
number should be called the encoding exponent and what number should be called the decoding
exponent?
The next exercise asks you to develop an RSA Public Key Coding System using an actual
pair of primes. These primes might be slightly too small for any real value in applications,
but the goal of the exercise is for you to understand every step of how the RSA system
works and see it actually work with numbers. Again, state what numbers you choose to
make public, what messages can be encoded, how messages should be encoded, and how
messages are decoded. It is neat to see all these steps and to see that you can encode and
decode actual numbers.
5.6. Exercise. Describe an RSA Public Key Code System based on the primes 11 and 17.
Encode and decode several messages.
66 5. PUBLIC KEY CRYPTOGRAPHY
Of course, the fun of being a spy is to break codes. So get on your trench coat, pull out
your magnifying glass, and begin to spy. The next exercise asks you to break an RSA code
and save the world.
5.7. Exercise. You are a secret agent. An evil spy with shallow number theory skills uses
the RSA Public Key Coding System in which the public modulus is n = 1537, and the
encoding exponent is E = 47. You intercept one of the encoded secret messages being sent
to the evil spy, namely the number 570. Using your superior number theory skills, decode
this message, thereby saving countless people from the ﬁendish plot of the evil spy.
The next exercise asks you to explain in general how you can break RSA codes if you
are able to factor n.
5.8. Exercise. Suppose an RSA Public Key Coding System publishes n (which is equal
to the product of two undisclosed primes p and q) and E, with E relatively prime to (p −
1)(q − 1). Suppose someone wants to send a secret message and so encodes the message
number W (less than n) by ﬁnding the number m less than n such that m ≡ W
E
(mod n).
Suppose you intercept this number m and you are able to factor n. How can you ﬁgure out
the original message W?
Notice that the two previous exercises tell us that the RSA Public Key Coding System
would be useless if it were possible to factor pq. Factoring sounds like a simple process;
however, when p and q are primes containing several hundred digits each, no person nor
computer in the world knows how to factor pq. It is interesting that such a simple process as
factoring lies at the heart of secret codes on which billions of dollars of secure transactions
rely.
Hard Problems
The RSA encryption system actually has two keys. One is made public (the encoding
key E), and the other is kept private (the decoding key D). Such a system is said to use
an asymmetrical key, as opposed to a symmetrical key where the same key is used to both
encrypt and decrypt. The asymmetrical public key allows anyone to encode messages, but
only the receiver can decode. In practice, the RSA system is ineﬃcient for encoding and
decoding large amounts of data. Encryption methods such as AES (Advanced Encryption
Standard) are much more eﬀecient, but require a symmetric key to be shared by the sender
and receiver. Sharing such a key poses many potential problems. So we have
HARD PROBLEMS 67
• AES: eﬃcient, but requires a shared key.
• RSA: ineﬃcient, but uses a public key.
In practice, the two methods are often combined to take advantage of their positive qualities
(the eﬃciency of AES and the public key of RSA).
If Alice wishes to send a message M to Bob, she encrypts M using a randomly chosen
AES key. Then, using Bob’s public RSA encoding key, she encrypts her AES key. Alice then
sends Bob two items: her AES encoded message and her RSA encryted AES key. Bob can
easily decrypt the AES key (using his private RSA decryption key), then use the decrypted
AES key to decrypt the AES encoded message. So in this regard, RSA is primarily used as
a method of key exchange.
The security of the RSA encryption system relies on the fact that factoring is hard.
How hard? According to the RSA Laboratories website, it was reported in November of
2005 that a 193 digit integer was factored after 30 2.2GHzOpteronCPU years of work
(which occurred over about 5 months of calendar time). We’re not exactly sure what that
statement means, but it sure makes factoring sound hard. But factoring is not the only
hard mathematical problem used for public key exchange.
Some of the earliest work on public key exchange methods occurred in the mid 1970’s
at Stanford University. Graduate student Whitﬁeld Diﬃe and his advisor Martin Hellman
developed a public key exchange system based on the hard mathematical problem of com
puting “logarithms modulo p.” It works as follows. Suppose Alice and Bob wish to share
a secret key (which will simply be a number). Two quantities are made public: a prime
number p, and an integer g < p which has the property that {0, g, g
2
, . . . , g
p−1
} form a
complete residue system modulo p. Such a g is called a primitive root modulo p, and is
explored further in the next chapter.
Next, Alice and Bob each choose a private value, say a and b. These numbers are not
made public. Alice then makes public her value g
a
(mod p), and Bob makes public his
value g
b
(mod p). Finally, Alice and Bob can now compute their shared secret key: Alice
takes Bob’s public value and computes (g
b
)
a
(mod p), and Bob takes Alice’s public value
and computes (g
a
)
b
(mod p). Since
(g
b
)
a
≡ g
ba
≡ g
ab
≡ (g
a
)
b
(mod p),
they have a shared key (which, for example, could then be used for a symmetric key system
like AES). How secret is it? Essentially, the only way to ﬁgure out the shared key is to
obtain the secret values a and b. So the problem becomes: given the public values g and g
a
68 5. PUBLIC KEY CRYPTOGRAPHY
(mod p), determine the secret value a. This is called the discrete logarithm problem modulo
p, and it is believed to be just as diﬃcult as the factoring problem associated with RSA.
The group of integers modulo n are not the only source of mathematics making its way
into public key cryptography. In the mid 1980’s Victor Miller and Neal Koblitz indepen
dently proposed using mathematical objects called elliptic curves to generate public key
codes. An elliptic curve is a plane cubic curve. For example, an elliptic curve might be
given by an equation of the form
y
2
= x
3
+ bx + c,
where b and c are chosen from an appropriate set of numbers. What is special about these
curves is that they come with an arithmetic as well. That is, there is a natural way to
“add” two points on the curve and obtain a third point.
As with DiﬃeHellman, certain objects are made public: the elliptic curve, a prime
number p, and a “point” P on the elliptic curve. The prime p speciﬁes where the coeﬃcients
b and c in the equation of our curve are coming from. Namely, they come from the set of
integers modulo p, i.e. the set {0, 1, 2, . . . , p − 1}. The point P is then an ordered pair
P = (x, y) where x and y are integers modulo p which satisfy the curve’s equation modulo
p; that is, x and y satisfy
y
2
≡ x
3
+ bx + c (mod p).
For example, consider the following curve with coeﬃcients coming from the set of integers
modulo 23 (so p = 23): y
2
= x
3
+ x. It is a good exercise to check that P = (17, 13) is in
fact a “point” on the curve (there are actually 23 “points” on this curve modulo 23).
Alice uses her secret value a to compute a public “point”
aP = P + P + · · · +P
. ¸¸ .
a terms
,
and Bob makes public bP. They can then compute their shared secret key
a(bP) = (ab)P = (ba)P = b(aP).
For a third party to discover their secret key, the values a and b must be found. So
the problem becomes: given the public quantities P and aP, ﬁnd a. This is the discrete
logarithm problem for elliptic curves modulo p, and is currently considered a harder problem
than the discrete logarithm problem for the integers modulo p that provides the security
for DiﬃeHellman.
These public key coding systems use abstract results in number theory to do the very
practical work of sending messages over the internet. When mathematicians were working
HARD PROBLEMS 69
on the underlying number theory, they had no notion that their work would have any
practical applications. Fermat and Euler, whose theorems are crucial to the public key
coding messages we developed in this chapter, lived hundreds of years ago. They found the
number theory results beautiful and interesting. Often mathematics has been developed
without applications in mind and then later those insights are discovered to be crucial to
some very important practical issue. Public key cryptography is a prime example of how
important it is for human beings to continue to explore ideas in mathematics and science
with the only goal being to seek and develop the beauty of ideas. Practical applications
will inevitably follow.
CHAPTER 6
Polynomial Congruences and Primitive Roots
Higher Order Congruences
The RSA coding system embodies a beautiful application of Euler’s Theorem. A key
step in the decoding process was our ability to solve the congruence x
E
≡ m (mod pq),
where E was the encoding exponent and m was the encoded word. This may have been
our ﬁrst example of a polynomial congruence of degree greater than 1 (recall we covered
linear congruences back in Chapter 3). In this Chapter and the next we continue the study
of solutions to polynomial congruences of higher degree, encountering some fascinating new
mathematics along the way.
Lagrange’s Theorem. One of the most basic theorems about polynomials is the Fun
damental Theorem of Algebra. Among other things, it tells us that an nth degree polynomial
f(x) = a
n
x
n
+a
n−1
x
n−1
+ . . . +a
0
has no more than n roots. We will not attempt to give a proof here of the Fundamental
Theorem of Algebra. Rather, we will derive a “mod p” version of it due to Lagrange.
Deﬁnition. Recall that r is a root of the polynomial f(x) = a
n
x
n
+a
n−1
x
n−1
+. . . +a
0
if
and only if f(r) = 0.
This ﬁrst theorem does not have any modular arithmetic in it. Do you remember how
to do long division with polynomials?
6.1. Theorem. Let a
n
x
n
+a
n−1
x
n−1
+. . . +a
0
be a polynomial of degree n > 0 with integer
coeﬃcients and assume a
n
= 0. Then an integer r is a root of f(x) if and only if there exists
a polynomial g(x) of degree n − 1 with integer coeﬃcients such that f(x) = (x −r)g(x).
This next theorem is very similar to the one above, but in this case (x − r)g(x) is not
quite equal to f(x), but is the same except for the constant term of f(x) and the constant
term of (x − r)g(x). Those constant terms are not the same, but are congruent using an
appropriate modulus.
71
72 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
6.2. Theorem. Let f(x) = a
n
x
n
+ a
n−1
x
n−1
+ . . . + a
0
be a polynomial of degree n > 0
with integer coeﬃcients and a
n
= 0. Let p be a prime number and r an integer. Then, if
f(r) ≡ 0 (mod p), there exists a polynomial g(x) of degree n − 1 such that
(x − r)g(x) = a
n
x
n
+a
n−1
x
n−1
+ . . . +a
1
x + b
0
where a
0
≡ b
0
(mod p).
The ﬁnal theorem of this section is a generalization of the Fundamental Theorem of
Algebra in the setting of polynomials modulo a prime.
6.3. Theorem (Lagrange’s Theorem). If p is a prime and f(x) = a
n
x
n
+a
n−1
x
n−1
+. . .+a
0
is a polynomial with integer coeﬃcients and a
n
= 0, then f(x) ≡ 0 (mod p) has at most n
noncongruent solutions modulo p.
Primitive roots. Fermat’s Little Theorem tells us that if we raise a natural number a
less than a prime p to the p −1 power, the result is congruent to 1 modulo p. However, for
some natural numbers a, raising a to lower powers may also result in a number congruent
to 1 modulo p. In this section, you will explore the orders of elements in more detail. Let’s
begin by proving that the order of a is the same as the order of a
i
if i is relatively prime to
the order.
6.4. Theorem. Suppose p is a prime and ord
p
(a) = d. Then for each natural number i
with (i, d) = 1, ord
p
(a
i
) = d.
The preceding theorem gives us a whole collection of numbers that have the same order
modulo p. The next theorem, by contrast, puts a limit on how many incongruent natural
numbers can have the same order modulo p. You might notice that a natural number k
of order d modulo a prime p is a solution of the congruence x
d
≡ 1 (mod p). Recall that
we earlier proved some theorems concerning the number of incongruent solutions that an
equation of degree d could have modulo p.
6.5. Theorem. For a prime p and natural number d, at most φ(d) incongruent integers
modulo p have order d modulo p.
Of course, there are many natural numbers d in the above theorem for which there are
no numbers with that order modulo p. Recall that the order of any integer modulo p is less
than p. In fact, recall the theorem that if p is a prime and k is a natural number less than
p, then ord
p
(k)(p − 1). It is always a good idea to review the proof or the main steps of
the proof when you recall a theorem. In this case, you may remember something like the
HIGHER ORDER CONGRUENCES 73
following key ideas. By deﬁnition of order, k
ordp(k)
≡ 1 (mod p) and no lower power of k is
congruent to 1 modulo p. Therefore, k
2 ordp(k)
≡ 1 (mod p) and k
3ordp(k)
≡ 1 (mod p) and
... k
i ordp(k)
≡ 1 (mod p) and no intermediate powers are congruent to 1 modulo p. Since
k
p−1
≡ 1 (mod p), then some multiple of ord
p
(k) must equal p −1.
If you get in the habit of remembering sketches of proofs like the above every time you
recall a theorem, then soon the proofs and the theorems will become much more real and
immediate to you.
Returning now to the orders of elements modulo a prime p, we know that the order of
every integer divides p−1. An integer whose order is as large as possible, namely p−1, has
special signiﬁcance, because, as you will soon prove, its powers give every nonzero member
of a complete residue system modulo p. We ﬁrst give such numbers a name and then prove
that theorem.
Deﬁnition. Let p be a prime. An integer g such that ord
p
(g) = p −1 is called a primitive
root modulo p.
6.6. Theorem. Let p be a prime and suppose g is a primitive root modulo p. Then the set
{0, g, g
2
, g
3
, . . . , g
p−1
} forms a complete residue system modulo p.
As usual, ideas become more meaningful if you look at actual numerical examples.
6.7. Exercise. For each of the primes p less than 20 ﬁnd a primitive root and make a chart
showing what powers of the primitive root give each of the natural numbers less than p.
Your exploration of the ﬁrst few primes might suggest to you that every prime has
at least one primitive root. In fact, that is true. We state that theorem here, and you
may be able to think of a proof of it now; however, there are some preliminary theorems
about the Euler φfunction that will help us to prove the existence of primitive roots. We
will investigate those theorems in the next section and then return to this theorem about
primitive roots.
6.8. Theorem. Every prime p has a primitive root.
One approach to proving the existence of primitive roots for a prime p is to put together
a few of the ideas we already know. You proved that for any divisor d of p − 1, at most
φ(d) incongruent numbers have order d modulo p. We know that every natural number k
less than p has an order d that divides p −1. So we could list the divisors d of p −1 and for
each such d we notice that at most φ(d) of the numbers 1, 2, 3, ..., p − 1 have order d and
74 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
systematically cross the order d numbers oﬀ the list. Let’s try this strategy with the prime
p = 13.
6.9. Exercise. Consider the prime p = 13. For each divisor d = 1, 2, 3, 4, 6, 12 of 12 = p−1,
mark which of the natural numbers in the set {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12} have order d.
Notice in the above exercise that there are φ(d) numbers of order d for each d. Of
course, each number from 1 to 12 has some order. So in the case of 12,
φ(1) +φ(2) +φ(3) + φ(4) + φ(6) +φ(12) = 12.
A more compact way of writing the above sum is to use summation notation. We will write
dn
φ(d)
for the sum of the Euler φfunction of the natural number divisors of the natural number
n. So, for example, the previous observation can be written
d12
φ(d) = 12.
This example is suggestive of a more general relationship between the Euler φfunction and
the divisors of a natural number, which we will explore in the next section.
Euler’s φfunction and sums of divisors. For the moment, let’s not think about
primes and primitive roots and instead just look at any natural numbers. The ﬁrst exercise
below asks you to look at all the natural number divisors of a natural number, take the
Euler φfunction of each divisor, add up those values and look for a pattern.
6.10. Exercise. Compute each of the following sums.
(1)
d6
φ(d)
(2)
d10
φ(d)
(3)
d24
φ(d)
(4)
d36
φ(d)
(5)
d27
φ(d)
Make a sweeping conjecture about the sum of φ(d) taken over all the natural number divisors
of any natural number n.
HIGHER ORDER CONGRUENCES 75
Your sweeping conjecture is, in fact, true. Since every natural number larger than 1
is the product of primes, we adopt the strategy of seeing how to prove the conjecture for
primes and then seeing how to compute it for products of primes. In the case of primes,
there are not many divisors to consider, so that simpliﬁes the situation.
6.11. Lemma. If p is a prime, then
dp
φ(d) = p.
You can list all the divisors of powers of primes very speciﬁcally. So that is the next
case to tackle.
6.12. Lemma. If p is a prime, then
dp
k
φ(d) = p
k
.
To build up our understanding, the easiest case that involves more than one prime would
be a natural number that is the product of exactly two primes. So that is the next case
that we ask you to prove.
6.13. Lemma. If p and q are two diﬀerent primes, then
dpq
φ(d) = pq.
The proof of the preceding lemma has allowed you to develop the insights that enable
you to deal with the product of any two relatively prime natural numbers, which is what
you will do next.
6.14. Lemma. If n and m are relatively prime natural numbers, then
_
dm
φ(d)
_
·
_
dn
φ(d)
_
=
dmn
φ(d).
All the preceding lemmas allow you to ﬁnally prove your conjecture that the sum
dn
φ(d)
will just equal the natural number that you started with.
6.15. Theorem. If n is a natural number, then
dn
φ(d) = n.
76 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
After thinking about an idea for a few hundred years, it is sometimes possible to see the
same result from a diﬀerent point of view. The approach above is a clear strategy of doing
simpler cases ﬁrst and putting them together to get the result. But in this case, there is a
slick alternative proof to the above theorem, which we thought you might enjoy. So please
verify the steps of the following diﬀerent approach to the same theorem.
6.16. Exercise. For a natural number n consider the fractions
1
n
,
2
n
,
3
n
, . . . ,
n
n
,
all written in reduced form. For example, with n = 10 we would have
1
10
,
1
5
,
3
10
,
2
5
,
1
2
,
3
5
,
7
10
,
4
5
,
9
10
,
1
1
.
Try to ﬁnd a natural onetoone correspondence between the reduced fractions and the num
bers φ(d) for dn. Show how that observation provides a very clever proof to the preceding
theorem.
Having established the theorem that
dn
φ(d) = n,
we can now prove that every prime p has a primitive root. In fact, we can prove that it has
φ(p −1) primitive roots.
6.17. Theorem. Every prime p has φ(p −1) primitive roots.
Euler’s φfunction is multiplicative. Although we deﬁned the Euler φfunction, saw
how to use it to prove a generalization of Fermat’s Little Theorem, and saw how it was used
in the discussion of primitive roots, we do not yet know how to compute the value of the
Euler φfunction for an arbitrary natural number n. Since every natural number larger
than 1 is the product of primes, we adopt the strategy of seeing how to compute the Euler
φfunction for primes and then we see how to compute it for products of primes. We’ll ﬁrst
ask you to make and prove a conjecture about the value of the Euler φfunction of a prime.
6.18. Exercise. Make a conjecture about the value φ(p) for a prime p. Prove your conjec
ture.
The next simpler kind of natural number is a product of primes where just one prime is
involved, in other words, a power of a prime. Once again, we ask you to make a conjecture
and prove it about the value of the Euler φfunction for powers of primes. If you get stuck,
HIGHER ORDER CONGRUENCES 77
try just writing out the natural numbers 1, 2, 3, 4, ..., p
k
for some primes p and small powers
k and just circle those numbers on the list that are relatively prime to p
k
. By looking at
examples and looking for patterns, you can make and prove your conjecture for a formula
that tells us φ(p
k
).
6.19. Exercise. Make a conjecture about the value φ(p
k
) for a prime p and natural numbers
k. Prove your conjecture.
Our goal is to be able to compute the Euler φfunction for any natural number n. To
do so, we ﬁrst observe that the Euler φfunction counts relatively prime members of any
complete residue system. That is, the Euler φfunction φ(n) counts the number of numbers
in the set {1, 2, 3, . . . , n} that are relatively prime to n, but it also counts the number of
numbers in any complete residue system modulo n that are relatively prime to n.
6.20. Theorem. If n is a natural number and A is a complete residue system modulo n,
then the number of numbers in A that are relatively prime to n is equal to φ(n).
We can construct a complete residue system for a natural number n by taking an
arithmetic progression of numbers where the steps are relatively prime to n.
6.21. Theorem. If n is a natural number, k is an integer, and m is an integer relatively
prime to n, then the set of n integers
{k, k +m, k + 2m, k + 3m, . . . , k + (n −1)m}
is a complete residue system modulo n.
The previous two theorems can be used to prove the next theorem that states that
the Euler φfunction of a product of relatively prime numbers is equal to the product of
the Euler φfunctions of each. You might gain some insight by taking a few examples of
relatively prime natural numbers m and n.
6.22. Exercise. Consider the relatively prime natural numbers 9 and 4. Write down all
the natural numbers less than or equal to 36 = 9· 4 in a rectangular array that is 9 wide and
4 high. Then circle those numbers in that array that are relatively prime to 36. Try some
other examples using relatively prime natural numbers.
Now, using the insights you have gained from the examples, prove the following theorem.
6.23. Theorem. If n and m are relatively prime natural numbers, then
φ(mn) = φ(m)φ(n).
78 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
Deﬁnition. A function f of natural numbers is multiplicative if and only if for any pair of
relatively prime natural numbers m and n, f(mn) = f(m)f(n).
The previous theorem could be restated by saying that the Euler φfunction is multi
plicative. There are many other useful and interesting multiplicative functions in number
theory, none of which will appear in this book.
We can now compute the Euler φfunction of any natural number by taking its unique
prime factorization.
6.24. Exercise. Compute each of the following.
(1) φ(3)
(2) φ(5)
(3) φ(15)
(4) φ(45)
(5) φ(98)
(6) φ(5
6
11
4
17
10
)
We can now be more speciﬁc about what powers of numbers will be congruent to 1
modulo n.
6.25. Question. To what power would you raise 15 to be certain that you would get an
answer that is congruent to 1 modulo 98? Why?
We can now compute the number of primitive roots of a prime.
6.26. Question. How many primitive roots does the prime 251 have?
Roots modulo a number. In Chapter 4 we investigated the process of repeated
multiplication of numbers modulo another number, that is, taking powers of numbers and
reducing those powers modulo n. Finding a number that when multiplied by itself k times
results in the number b modulo n translates into solving the congruence
x
k
≡ b (mod n).
A solution could be called a kth root of b modulo n. Our work on orders of elements and
primitive roots sheds some light on the nature of the set of solutions when n is a prime and
b = 1. Finding general solutions to congruences of this form is a diﬃcult task to accomplish,
but for certain choices of k, b, and n success is within our grasp.
Our goal is to develop a technique using Euler’s Theorem for ﬁnding solutions to congru
ences of the form x
k
≡ b (mod n), that is, ﬁnding kth roots of b modulo a number n. You
HIGHER ORDER CONGRUENCES 79
have already seen instances of this technique in Chapter 5. Let’s begin by experimenting
with actual numbers.
6.27. Exercise. Try, using paper and pencil, to solve several congruences of the form x
k
≡ b
(mod 5) and x
k
≡ b (mod 6).
You hopefully observed that depending on the choice of k, b, and n in the previous
exercise the congruence may have no solutions, one solution, or more than one solution. (If
you did not observe this go try more examples!) In the next exercise you are asked to make
an observation (one that you may very well have made already) that will get us on track
for developing a more systematic strategy for ﬁnding kth roots modulo n.
6.28. Exercise. Compute a
9
(mod 5) for several choices of a. Can you explain what hap
pens? Now compute a
17
(mod 15) for several choices of a. Does your previous explanation
apply here too?
The following theorem should capture your explanations from the last exercise. It is a
straightforward and hopefully enlightening consequence of Euler’s Theorem.
6.29. Theorem. If a is an integers and v and n are natural number such that (a, n) = 1,
then a
vφ(n)+1
≡ a (mod n).
Now let’s apply these observations to solve actual congruences.
6.30. Question. Consider the congruence x
5
≡ 2 (mod 7). Can you think of an appropri
ate operation we can apply to both sides of the congruence that would allow us to “solve”
for x? If so, is the value obtained for x a solution to the original congruence?
6.31. Question. Consider the congruence x
3
≡ 7 (mod 10). Can you think of an appro
priate operation we can apply to both sides of the congruence that would allow us to “solve”
for x? If so, is the value obtained for x a solution to the original congruence?
You hopefully discovered that raising both sides of our congruence to an appropriately
chosen exponent seems to always yield a solution. The following theorem, which generalizes
Theorem 5.3, asserts that such an exponent is always available.
6.32. Theorem. If k and n are natural numbers with (k, φ(n)) = 1, then there exist positive
integers u and v satisfying ku = φ(n)v + 1.
80 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
The previous theorem not only asserts than an appropriate exponent is always available,
but it also tells us how to ﬁnd it. The numbers u and v are solutions to a linear Diophantine
equation just like those we studied in Chapter 1.
6.33. Exercise. Use your observations so far to ﬁnd solutions to the following congruences.
Be sure to check that your answers are indeed solutions.
(1) x
7
≡ 4 (mod 11)
(2) x
5
≡ 11 (mod 18)
(3) x
7
≡ 2 (mod 8)
You have probably devised a method for ﬁnding a solution to a congruence of the form
x
k
≡ b (mod n), but the third congruence in the above exercise shows that this method
does not always work.
6.34. Question. What hypotheses on k, b, and n do you think are necessary for your
method to produce a solution to the congruence x
k
≡ b (mod n)? Make a conjecture prove
it.
6.35. Theorem. If b is an integer and k and n are natural numbers such that (k, φ(n)) = 1
and (b, n) = 1, then x
k
≡ b (mod n) has a unique solution modulo n. Moreover, that
solution is given by
x ≡ b
u
(mod n),
where u and v are positive integers such that ku = φ(n)v + 1.
Our experiments at the beginning of the section showed that a number can have multiple
roots modulo another number. But the previous theorem asserts that under the given
hypotheses, our method not only ﬁnds a kth root modulo n, but in fact ﬁnds the only kth
root.
6.36. Exercise. Find the 49th root of 100 modulo 151.
The following two theorems assert that for squarefree numbers n, that is, numbers
which are products of distinct primes, the hypothesis (b, n) = 1 from Theorem 6.35 can be
dropped. The ﬁrst theorem is a generalization of Theorem 5.2.
6.37. Theorem. If a is an integer, v is a ntural number, and n is a product of distinct
primes, then a
vφ(n)+1
≡ a (mod n).
SOPHIE GERMAIN IS GERMANE, PART I 81
6.38. Theorem. If n is a natural number that is a product of distinct primes, and k is a
natural number such that (k, φ(n)) = 1, then x
k
≡ b (mod n) has a unique solution modulo
n for any integer b. Moreover, that solution is given by
x ≡ b
u
(mod n),
where u and v are positive integers such that ku − φ(n)v = 1.
6.39. Exercise. Find the 37th root of 100 modulo 210.
General solutions to the congruence x
k
≡ b (mod n) when (k, φ(n)) > 1 are much
harder to come by. In Chapter 7 we will consider in depth the special case of k = 2 and
n a prime. Using our work on primitive roots modulo a prime we can prove the following
ﬁnal result which tells us something about the number of roots a number can have modulo
a prime.
6.40. Theorem. Let p be a prime, b an integer, and k a natural number. Then the number
of kth roots of b modulo p is either 0 or (k, p − 1).
Sophie Germain Is Germane, Part I
Your work so far has hopefully convinced you of the usefulness of primitive roots modulo
a prime p. The powers of a primitive root produce a complete residue system that is often
as useful as the canonical system. From a practical point of view, ﬁnding a primitive root
is a necessary ingredient in the DiﬃeHellman public key exchange described in the last
chapter. But although their existence is guaranteed, ﬁnding a primitive root modulo p is
not completely straightforward.
We know that a prime p has φ(p−1) primitive roots, which can be a large proportion of
the numbers modulo p. For example, the prime 65537 has 37768 primitive roots (although
the preceeding prime 65521 has only 13824 primitive roots). So trial and error is likely to
produce a primitive root without much trouble. But trial and error is an irksome procedure
to many mathematicians. For them we oﬀer
Theorem (A Primitive Root Test). Let p be a prime. Then a is a primitive root modulo p
if and only if for all factors f of p −1,
a
p−1
f
≡ 1 (mod p).
This test just asserts that if ord
p
(a) is not a proper divisor of p−1, then a is a primitive
root. But this is hardly a new insight. In addition, performing this test requires factoring
p −1, which is a one of our “hard problems.”
82 6. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS
Unfortunately we do not have a recipe for conjuring up a primitive root for an arbitrary
prime. The mathematician Emil Artin (18981962) made a conjecture regarding primitive
roots that would imply the following.
Conjecture (Artin’s Conjecture). Every integer which is neither −1 nor a perfect square
is a primitive root for inﬁnitely many primes.
The conjecture is still unproven. In fact, there is not a single integer satisfying the
hypotheses of Artin’s Conjecture for which we know the conjecture to be true. Although
such a statment is not meant to imply that no progress has been made. For example, we
know that it suﬃces to show that the conjecture is true for just the primes; that is, it suﬃces
to show that every prime is a primitive root for inﬁnitely many other primes.
Strangely, although we cannot site a single example for which Artin’s Conjecture is
true, we know that there are no more than two exceptions. But we have no idea what those
exceptions might be. So for example, it is known that at least one of the primes 3, 5, or 7 is
a primitive root for inﬁnitely many primes, but we can’t say for sure that 3 is or that 5 is or
that 7 is! It’s also known that at least one of the primes 67867979, 256203221, 2899999517
is a primitive root for inﬁnitely many primes. If you are a betting person, we suggest you
bet a dollar that 2899999517 is a primitive root for inﬁnitely many primes. If you are ever
proved wrong, we’ll buy you a fancy dinner at the restaurant of your choice and a car.
Sometimes, focusing on primes of a special form can lead to interesting progress. Sophie
Germain (17761831) was a French mathematician who made wonderful contributions to
number theory. For cultural reasons of the period, she communicated much of her early work
under the male pseudonym “Monsieur Le Blanc.” Under this pseudonym, she submitted one
of her early manuscripts to Lagrange. Aware of the mathematical talent required to produce
such work, Lagrange discovered her true identity and became a mathematical mentor to
Sophie.
Sophie Germain is credited with making one of history’s great advances towards a proof
of Fermat’s Last Theorem. Fermat’s Last Theorem is the statement that there are no
natural number solutions to the Diophantine equation
x
q
+y
q
= z
q
when q is a natural number greater than 2. Sophie Germain studied the famous Fermat
equation x
q
+ y
q
= z
q
for primes q with the property that p = 2q + 1 is also prime. Such
primes are now known as Sophie Germain primes.
SOPHIE GERMAIN IS GERMANE, PART I 83
The orders of elements modulo a prime p = 2q + 1, where q is also prime, are very
restricted. In fact, since the order of any element must divide p − 1 = 2q, we see that the
only possible orders are 1, 2, q, and 2q. There is only one element of order 1 (namely 1
itself), and only one element of order 2 (namely p−1). And so the remaining elements split
into those of order q and those of order 2q, the latter being our primitive roots. In a 1909
paper titled Methods to Determine the Primitive Root of a Number, G. A. Miller showed
there is at least one element we can always count on to be in this latter group. He proved
Theorem (Miller’s Theorem). Let p be an odd prime of the form p = 2q +1 where q is an
odd prime. Then the complete set of primitive roots modulo p are −(2)
2
, −(3)
2
, . . . , −(q)
2
.
In particular, −4 is a primitive root of every prime of this form.
So why didn’t Miller ﬁnd the ﬁrst example of an integer for which Artin’s Conjecture
holds? Alas, unfortunately, it is still unknown whether or not there are inﬁnitely many
Sophie Germain primes.
In the next Chapter we introduce the Law of Quadratic Reciprocity, which will then
allow you to prove Miller’s theorem above and describe a satisfying symmetry among prim
itive roots and perfect squares modulo p in the world of Sophie Germain primes p.
CHAPTER 7
The Golden Rule: Quadratic Reciprocity
Quadratic Congruences
We previously analyzed the solutions to all linear Diophantine equations modulo a
number n, that is, we investigated congruences ax ≡ b (mod n). We proved that we can
ﬁnd at least one number x that satisﬁes that congruence if and only if (a, n)b. Now we
investigate quadratics modulo n, that is, congruences that involve an unknown that is
squared. As always, our exploration of this question begins with the easiest case we can
think of, namely where the modulus is a prime and the quadratic expression is just to square
x. In other words, we want to understand the congruence
x
2
≡ a (mod p),
where a is an integer and p is a prime. We seek to answer the question, “Which numbers
are perfect squares modulo p and which are not?”
This exploration of perfect squares modulo a prime p has fascinating insights that at
tracted the attention of some of the greatest mathematicians of all time.
Quadratic residues. Our ﬁrst two theorems assert that our simplest quadratic con
gruences actually encompass all cases. That is, any quadratic congruence modulo a prime
can be replaced with a much simpler congruence.
7.1. Theorem. Let p be a prime and let a, b, and c be integers with a not divisible by p.
Then there are integers b
and c
such that the set of solutions to the congruence ax
2
+bx+c ≡
0 (mod p) is equal to the set of solutions to a congruence of the form x
2
+ b
x + c
≡ 0
(mod p).
7.2. Theorem. Let p be a prime, and let b and c be integers. Then there exists a linear
change of variable, y = x+α with α an integer, transforming the congruence x
2
+bx+c ≡ 0
(mod p) into a congruence of the form y
2
≡ β (mod p).
Our goal is to understand which integers are perfect squares of other integers modulo
a prime p. The ﬁrst theorem below tells us that half the natural numbers less than an odd
85
86 7. THE GOLDEN RULE: QUADRATIC RECIPROCITY
prime p are perfect squares and half are not. To prove that theorem and some of the others
in the chapter, keep the idea of a primitive root in mind. Remember that every prime p
has a primitive root g and the set {0, g
1
, g
2
, g
3
, . . . , g
(p−1)
} forms a complete residue system
modulo p. This picture of the numbers modulo p is frequently valuable.
7.3. Theorem. Let p be an odd prime. Then half the numbers not congruent to 0 in any
complete residue system modulo p are perfect squares modulo p and half are not.
As usual, it is a good idea to look at a speciﬁc example. You may want to do the
following exercise with several primes.
7.4. Exercise. Determine which of the numbers 1, 2, 3, ..., 12 are perfect squares modulo
13. For each such perfect square, list the number or numbers in the set whose square is that
number.
The following question asks you to rephrase your insight about perfect squares modulo
a prime p in terms of their representation as the power of a primitive root.
7.5. Question. Can you characterize perfect squares modulo a prime p in terms of their
representation as a power of a primitive root?
Perfect squares modulo a prime p attracted so much interest from number theorists that
such squares are given their own alternative name, quadratic residue. Here is the deﬁnition.
Deﬁnition. If a is an integer and p is a prime and a ≡ b
2
(mod p) for some integer b, then
a is called a quadratic residue modulo p. If a is not congruent to any square modulo p, then
a is a quadratic nonresidue modulo p.
We can rephrase our previous theorem in terms of quadratic residues.
7.6. Theorem. Let p be a prime. Then half the numbers not congruent to 0 modulo p in
any complete residue system modulo p are quadratic residues modulo p and half are quadratic
nonresidues modulo p.
From elementary school days, we have known that the product of a positive number and
a positive number is positive, a positive times a negative is negative, and the product of
two negative numbers is positive. Quadratic residues and nonresidues are related similarly.
7.7. Theorem. Suppose p is an odd prime and p does not divide either of the two integers
a or b. Then
QUADRATIC CONGRUENCES 87
(1) if a and b are both quadratic residues modulo p, then ab is a quadratic residue
modulo p;
(2) if a is a quadratic residue modulo p and b is a quadratic nonresidue modulo p, then
ab is a quadratic nonresidue modulo p;
(3) if a and b are both quadratic nonresidues modulo p, then ab is a quadratic residue
modulo p.
One of the mathematicians who studied quadratic residues modulo p was the French
mathematician Legendre. He invented a symbol called the Legendre symbol that gives a
value of 1 to quadratic residues and −1 to quadratic nonresidues. The symbol is convenient
because it lets us express theorems like the previous one is a compact way. Here is the
deﬁnition.
Deﬁnition. For an odd prime p and a natural number a with p not dividing a, the Legendre
symbol
_
a
p
_
is deﬁned by
_
a
p
_
=
_
1 if a is a quadratic residue modulo p,
−1 if a is a quadratic nonresidue modulo p.
Now we can express the preceding theorem using the Legendre symbol.
7.8. Theorem. Suppose p is an odd prime and p does not divide either a or b. Then
_
ab
p
_
=
_
a
p
__
b
p
_
.
Our goal is to be able to take an integer a and determine whether it is a quadratic
residue modulo a prime p or a quadratic nonresidue. Euler gave one method for determining
whether a number is a quadratic residue that depends on raising it to the (p −1)/2 power.
7.9. Theorem (Euler’s Criterion). Suppose p is an odd prime and p does not divide the
natural number a. Then a is a quadratic residue modulo p if and only if a
(p−1)/2
≡ 1
(mod p); and a is a quadratic nonresidue modulo p if and only if a
(p−1)/2
≡ −1 (mod p).
This criterion can be abbreviated using the Legendre symbol:
a
(p−1)/2
≡
_
a
p
_
(mod p).
The number 1 is always a quadratic residue. Other numbers modulo p sometimes are and
sometimes are not quadratic residues, depending on p, but we can give a good description
for when a number congruent to −1 modulo a prime p is a quadratic residue.
88 7. THE GOLDEN RULE: QUADRATIC RECIPROCITY
7.10. Theorem. Let p be an odd prime. Then −1 is a quadratic residue modulo p if and
only if p is of the form 4k + 1 for some integer k. Or, equivalently,
_
−1
p
_
=
_
1 if p ≡ 1 (mod 4),
−1 if p ≡ 3 (mod 4).
The following theorem identiﬁes the square roots of −1 modulo p when p is congruent
to 1 modulo 4.
7.11. Theorem. Let k be a natural number and p = 4k + 1 be a prime congruent to 1
modulo 4. Then
(±2k!)
2
≡ −1 (mod p).
We end this section with one ﬁnal application of Theorem 7.10. In Chapter 2 you proved
there are inﬁnitely many primes. Except for the prime 2, all primes are congruent to either
1 or 3 modulo 4. You proved that inﬁnitely many primes are congruent to 3 modulo 4, but
probably did not show that inﬁnitely many primes are congruent to 1 modulo 4.
7.12. Theorem (Inﬁnitude of 4k + 1 Primes Theorem). There are inﬁnitely many primes
congruent to 1 modulo 4.
(Hint: If p
1
, p
2
, . . . , p
r
are primes each congruent to 1 modulo 4, what can you say about
each prime factor of the number N = (2p
1
p
2
· · · p
r
)
2
+ 1?)
Gauss’ Lemma and quadratic reciprocity. Euler’s criterion worked well for analyz
ing whether or not −1 is a quadratic residue or quadratic nonresidue. But the computation
of a
(p−1)/2
modulo p for a general value of a is a nontrivial task. Gauss gave us a use
ful lemma which will allow us to proceed a little further with our strategy of analyzing
particular numbers.
It will be useful to have in mind a proof strategy that we found useful for proving
Fermat’s Little Theorem and Euler’s Theorem. One proof of Fermat’s Little Theorem
involved multiplying 1a · 2a · 3a · . . . · (p −1)a and gathering the a’s to get the factor a
(p−1)
.
Euler’s Criterion tells us that an integer a relatively prime to p is a quadratic residue modulo
p if and only if a
(p−1)/2
is congruent to 1 modulo p. So let’s think about producing a product
that will have a
(p−1)/2
in it.
Consider the numbers a, 2a, 3a, . . .,
p−1
2
a modulo p. These numbers are distinct modulo
p (do you recall why?) and each is congruent to a member of the complete residue system
{−
p −1
2
, . . . , −1, 0, 1, . . . ,
p − 1
2
}.
QUADRATIC CONGRUENCES 89
The product of these numbers, regardless of which complete residue system they come from,
are congruent modulo p.
For example, consider the case of a = 3 and p = 11, so
(p−1)
2
= 5. We obtain the
congruence
3 · 2(3) · 3(3) · 4(3) · 5(3) ≡ 3 · −5 · −2 · 1 · 4 (mod 11),
or
3
5
· 5! ≡ 5! (mod 11).
Since 5! is not divisible by 11 we may cancel it from both sides to obtain 3
5
≡ 1 (mod 11)
which, by Euler’s Criterion, tells us that 3 is a quadratic residue modulo 11. The following
lemma asserts that it was not just a coincidence that we obtained 5! on both sides of the
congruence.
7.13. Lemma. Let p be a prime, a an integer not divisible by p, and r
1
, r
2
, . . . , r(p−1)
2
the
representatives of a, 2a, . . . ,
p−1
2
a in the complete residue system
{−
p −1
2
, . . . , −1, 0, 1, . . . ,
p − 1
2
}.
Then
r
1
· r
2
· . . . · r(p−1)
2
= (−1)
g
(
p − 1
2
)!,
where g is the number of r
i
’s which are negative.
(Hint: It suﬃces to show that we never have r
i
≡ −r
j
(mod p) for some i and j.)
7.14. Theorem (Gauss’ Lemma). Let p be a prime and a an integer not divisible by p.
Let g be the number of negative representatives of a, 2a, . . . ,
p−1
2
a in the complete residue
system {−
p−1
2
, . . . , −1, 0, 1, . . . ,
p−1
2
}. Then
_
a
p
_
= (−1)
g
.
We now apply Gauss’ Lemma to characterize those primes p for which 2 is a quadratic
residue. Consider the following data and make a conjecture about what criterion the primes
p satisfy for which 2 is a quadratic residue modulo p. The question after the data gives
you a hint, so you might enjoy trying to devise your criterion before looking at the next
question.
Here are the ﬁrst primes for which 2 is a quadratic residue:
7, 17, 23, 31, 41, 47, 71, 73, 79, 89, 97, 103, 113, 127.
Here are the ﬁrst primes for which 2 is a quadratic nonresidue:
3, 5, 11, 13, 19, 29, 37, 43, 53, 59, 61, 67, 83, 101, 107, 109.
90 7. THE GOLDEN RULE: QUADRATIC RECIPROCITY
3 5 7 11 13 17 19 23 29 31 37 41 43 47
3 −1 1 −1 1 −1 1 −1 −1 1 1 −1 1 −1
5 −1 −1 1 −1 −1 1 −1 1 1 −1 1 −1 −1
7 −1 −1 1 −1 −1 −1 1 1 −1 1 −1 1 −1
11 1 1 −1 −1 −1 −1 1 −1 1 1 −1 −1 1
13 1 −1 −1 −1 1 −1 1 1 −1 −1 −1 1 −1
17 −1 −1 −1 −1 1 1 −1 −1 −1 −1 −1 1 1
19 −1 1 1 1 −1 1 1 −1 −1 −1 −1 1 1
23 1 −1 −1 −1 1 −1 −1 1 1 −1 1 −1 1
29 −1 1 1 −1 1 −1 −1 1 −1 −1 −1 −1 −1
31 −1 1 1 −1 −1 −1 1 −1 −1 −1 1 −1 1
37 1 −1 1 1 −1 −1 −1 −1 −1 −1 1 −1 1
41 1 1 −1 −1 −1 −1 −1 1 −1 1 1 1 −1
43 −1 −1 −1 1 1 1 −1 1 −1 1 −1 1 1
47 1 −1 1 −1 −1 1 −1 −1 −1 −1 1 −1 −1
Table 1. Values of
_
p
q
_
for p across the top and q down the side.
7.15. Question. Does the prime’s residue class modulo 4 determine whether or not 2 is a
quadratic residue? Consider the primes’ residue class modulo 8 and see whether the residue
class seems to correlate with whether or not 2 is a quadratic residue. Make a conjecture.
7.16. Theorem. Let p be an odd prime, then
_
2
p
_
=
_
1 if p ≡ 1 or 7 (mod 8),
−1 if p ≡ 3 or 5 (mod 8).
You might fear that we will proceed to analyze
_
3
p
_
, then
_
4
p
_
, then
_
5
p
_
, and so
on for ever; however, fortunately, there is a shortcut. The shortcut occurs by making an
observation about pairs of primes. If you have two odd primes p and q, then whether p is
a quadratic residue modulo q and whether q is a quadratic residue modulo p are related.
As we have seen in the cases of −1 and 2, questions of being a perfect square modulo p
are related to what p is modulo 4 or 8, so it is natural to consider the residues of p and q
modulo 4 while investigating the relationship between
_
p
q
_
and
_
q
p
_
.
7.17. Exercise. Table 1 shows
_
p
q
_
for the ﬁrst several odd primes. For example, the table
indicates that
_
7
3
_
= 1, but that
_
3
7
_
= −1. Make another table that shows when
_
p
q
_
=
_
q
p
_
and when
_
p
q
_
=
_
q
p
_
.
QUADRATIC CONGRUENCES 91
7.18. Exercise. Can you make a conjecture about the relationship between
_
p
q
_
and
_
q
p
_
depending on p and q.
Your conjecture is called “quadratic reciprocity.”
7.19. Theorem (Quadratic Reciprocity Theorem (Reciprocity Part)). Let p and q be odd
primes, then
_
p
q
_
=
_
_
_
_
q
p
_
if p ≡ 1 (mod 4) or q ≡ 1 (mod 4),
−
_
q
p
_
if p ≡ q ≡ 3 (mod 4).
(Hint: Try to use the techniques used in the case of
_
2
p
_
.)
Putting together all our insights, we can write one theorem called the Law of Quadratic
Reciprocity that will allow us to determine for any integer whether or not it is a quadratic
residue modulo a prime p.
Theorem (Law of Quadratic Reciprocity). Let p and q be odd primes, then
(1)
_
−1
p
_
=
_
1 if p ≡ 1 (mod 4),
−1 if p ≡ 3 (mod 4)
(2)
_
2
p
_
=
_
1 if p ≡ 1 (mod 8) or p ≡ 7 (mod 8),
−1 if p ≡ 3 (mod 8) or p ≡ 5 (mod 8)
(3)
_
p
q
_
=
_
_
_
_
q
p
_
if p ≡ 1 (mod 4) or q ≡ 1 (mod 4),
−
_
q
p
_
if p ≡ q ≡ 3 (mod 4).
Recall that we proved that if p is an odd prime and p does not divide a or b, then
_
ab
p
_
=
_
a
p
__
b
p
_
. That fact along with the Law of Quadratic Reciprocity lets us develop an
eﬀective technique for determining for any integer a whether or not it is a quadratic residue
modulo the prime p.
7.20. Exercise (Computational Technique). Given a prime p, show how you can determine
whether a number a is a quadratic residue modulo p. Equivalently, show how to ﬁnd
_
a
p
_
.
To illustrate your method, compute
_
1248
93
_
and some other examples.
7.21. Exercise. Find all the quadratic residues modulo 23.
The Law of Quadratic Reciprocity allows us to determine whether or not an integer is
a perfect square modulo a prime p; however, it does not help us to actually ﬁnd the square
roots. Sometimes we can obtain general expressions for certain square roots, like we did in
Theorem 7.11. But there is no known algorithm for doing that in general.
92 7. THE GOLDEN RULE: QUADRATIC RECIPROCITY
Sophie Germain is germane, Part II. Recall from Chapter 6 that a Sophie Germain
prime is a prime q for which p = 2q +1 is also prime. For example, 23 is a Sophie Germain
prime since 47 = 2 · 23 + 1 is also prime.
We know that for any prime p, the order of any integer a relatively prime to p must
divide p − 1. If p is a prime, p = 2q + 1, and q is also prime, then p − 1 = 2q, so the
elements modulo p have orders either 1, 2, q, or 2q (since these are all the possible divisors
of p − 1). We know that 1 and p − 1 are, respectively, the only elements of order 1 and 2.
So we conclude that every natural number a with 1 < a < p − 1, must have order either q
or 2q, where those with order 2q are the primitive roots modulo p. Euler’s Criterion can
help us characterize the elements of order q.
7.22. Theorem. Let p be a prime of the form p = 2q + 1 where q is a prime. Then every
natural number a, 0 < a < p −1, is either a quadratic residue or a primitive root modulo p.
Let’s illustrate the above theorem by looking at the example furnished by the primes
q = 11 and p = 23. According to the above theorem, each of the numbers 2, 3, . . . , 21 is
either a quadratic residue of order 11 (= q) modulo 23 or a primitive root modulo 23. In
exercise 7.21 you computed the quadratic residues modulo 23, yielding the numbers
2, 3, 4, 6, 8, 9, 12, 13, 16, 18 (mod 23)
(the number 1 is a quadratic residue as well, but is not one of order q). It follows that the
primitive roots modulo 23 must be given by
5, 7, 10, 11, 14, 15, 17, 19, 20, 21 (mod 23).
And in fact, putting together the list of primitive roots (in bold) and the list of quadratic
residues greater than 1 (underlined), we have
2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 (mod 23),
which is a complete list of all numbers from 2 to 21 modulo 23.
A second and more subtle observation we might make about the above list of numbers
modulo 23 has to do with symmetry. If you imagine a vertical line dividing the list between
the numbers 11 and 12, a certain sort of mirror symmetry appears. In fact, it might be
better described as “antisymmetry”, as the mirror image of a primitive root is a quadratic
residue, and vice versa. This symmetry is a consequence of a more general property shared
by primes arising from odd Sophie Germain primes.
QUADRATIC CONGRUENCES 93
7.23. Theorem. Let p be a prime congruent to 3 modulo 4. Let a be a natural number with
1 < a < p − 1. Then a is a quadratic residue modulo p if and only if p − a is a quadratic
nonresidue modulo p.
7.24. Theorem. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Then
p ≡ 3 (mod 4).
The next theorem describes the symmetry between primitive roots and quadratic residues
for primes arising from odd Sophie Germain primes.
7.25. Theorem. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Let a
be a natural number, 1 < a < p −1. Then a is a quadratic residue if and only of p −a is a
primitive root modulo p.
An attractive property of primes that arise from Sophie Germain primes is that they
have primitive roots that we can actually compute. We saw the statement of this fact in
Miller’s Theorem in Chapter 6. Here we ask you to prove some theorems that will allow
you to prove Miller’s Theorem. We ﬁrst note that perfect squares cannot be primitive roots
modulo p for any prime p.
7.26. Theorem. Let p be a prime and a be an integer. Then a
2
is not a primitive root
modulo p.
Next we see that natural numbers less than half a prime p cannot yield equivalent
squares modulo p.
7.27. Theorem. Let p be a prime and let i and j be natural numbers with i = j satisfying
1 < i, j <
p
2
. Then i
2
≡ j
2
(mod p).
Now we start to deal with primes p that arise from Sophie Germain primes. Here we
list all the integers modulo p that are not primitive roots modulo p.
7.28. Theorem. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Then
the complete set of numbers that are not primitive roots modulo p are 1, −1, 2
2
, 3
2
, . . . , q
2
.
Now we can prove Miller’s Theorem that characterizes the primitive roots of a prime
that arises from a Sophie Germain prime.
7.29. Theorem. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Then
the complete set of primitive roots modulo p are −2
2
, −3
2
, . . . , −q
2
.
94 7. THE GOLDEN RULE: QUADRATIC RECIPROCITY
7.30. Exercise. Verify that the primitive roots modulo 23 that we listed earlier in this
section are in fact the same as those given by Miller’s Theorem.
7.31. Exercise. List the primitive roots and quadratic residues modulo 47.
We are able to analyze primes that arise from Sophie Germain primes successfully
because we have such useful information about the prime factorization of p −1. Of course,
these special primes are rare. So many questions remain about how to ﬁnd and describe
primitive roots and perfect squares modulo more general primes.
CHAPTER 8
Pythagorean Triples, Sums of Squares, and Fermat’s Last
Theorem
Congruences to Equations
The Law of Quadratic Reciprocity gives us a neat view of which numbers are squares
modulo a prime p. Information about squares modulo p can help us to understand actual
numbers and equations in addition to modular numbers and congruences. In this chapter
and the next we turn from quadratic congruences to quadratic (and higher order) Diophan
tine equations. We start with a quadratic equation we should all have some familiarity
with from its connections to right triangles and the Pythagorean Theorem. Some of the
questions will lead us to ask which numbers can be written as sums of squares, and the
Law of Quadratic Reciprocity will help us ﬁnd an answer. Finally, we turn one of the most
famous recent results of number theory, Fermat’s Last Theorem.
Pythagorean triples. The Pythagorean Theorem asserts that the sum of the squares
on the legs of a right triangle equals the square on the hypotenuse. Said another way, the
lengths of the sides of a right triangle always provide a solution to the equation
x
2
+ y
2
= z
2
by substituting the lengths of the legs for x and y and the length of the hypotenuse for
z. In this section we consider the above quadratic as a Diophantine equation, that is, we
consider only its integer solutions.
Deﬁnition. A triple of three positive integers (a, b, c) satisfying a
2
+ b
2
= c
2
is called a
Pythagorean triple.
Due to the close relationship with right triangles, the values a and b in a Pythagorean
triple will sometimes be referred to as the legs, and the value c as the hypotenuse.
There are no Pythagorean triples in which both legs are odd.
8.1. Theorem. If (a, b, c) is a Pythagorean triple, then at least one of a or b is even.
95
96 8. PYTHAGOREAN TRIPLES, SUMS OF SQUARES, AND FERMAT’S LAST THEOREM
The most famous Pythagorean triples are (3, 4, 5) and (5, 12, 13), but there are inﬁnitely
many. Lets begin by just ﬁnding a few.
8.2. Exercise. Find at least seven diﬀerent Pythagorean triples. Make a note of your
methods.
You may have discovered howto generate new Pythagorean triples from old ones through
multiplication. Namely, if (a, b, c) is any Pythagoren triple and d is any natural number,
then (da, db, dc) is also a Pythagorean triple. Pythagorean triples that are not simply
multiples of smaller Pythagorean triples have a special designation.
Deﬁnition. A Pythagorean triple (a, b, c) is said to be primitive if a, b, and c have no
common factor.
There are inﬁnitely many primitive Pythagorean triples, so let’s start by ﬁnding a few.
8.3. Exercise. Find at least ﬁve primitive Pythagorean triples.
We sawearlier that no Pythagorean triple has both legs odd, but for primitive Pythagorean
triples, the legs cannot both be even either.
8.4. Theorem. In any primitive Pythagorean triple, one leg is odd, one leg is even, and
the hypotenuse is odd.
It turns out that there is a method for generating inﬁnitely many Pythagorean Triples
in an easy way. It comes from looking at some simple algebra from high school. Remember
that
(x + y)
2
= x
2
+ 2xy +y
2
and
(x − y)
2
= x
2
− 2xy + y
2
.
The diﬀerence between the two is 4xy. So we have a relationship that looks almost like
a Pythagorean triple, namely, one square (x + y)
2
equals another square (x − y)
2
plus
something that we wish were a square, namely 4xy. How could we ensure that 4xy is a
square? Simple, just choose x and y to be squares. This kind of analysis leads to the
following theorem.
8.5. Theorem. Let s and t be any two diﬀerent natural numbers with s > t. Then
(2st, (s
2
−t
2
), (s
2
+t
2
))
is a Pythagorean triple.
CONGRUENCES TO EQUATIONS 97
The preceding theorem lets us easily generate inﬁnitely many Pythagorean triples, but,
in fact, every primitive Pythagorean triple can be generated by choosing appropriate natural
numbers s and t and making the Pythagorean triple as described in the preceding theorem.
As a hint to the proof, we make a little observation.
8.6. Lemma. Let (a, b, c) be a primitive Pythagorean triple where a is the even number.
Then
c+b
2
and
c−b
2
are perfect squares, say, s
2
and t
2
, respectively; and s and t are relatively
prime.
So now we can completely characterize all primitive Pythagorean triples.
8.7. Theorem (Pythagorean Triple Theorem). Let (a, b, c) be a triple of natural numbers
with a even, b odd, and c odd. Then, (a, b, c) is a primitive Pythagorean triple if and only
if there exist relatively prime positive integers s and t, one even and one odd, such that
a = 2st, b = (s
2
−t
2
), and c = (s
2
+t
2
).
The formulas given in the Pythagorean Triple Theorem allow us to investigate the types
of numbers that can occur in Pythagorean triples. Let’s start our investigation by looking
at examples.
8.8. Exercise. Using the above formulas make a lengthy list of primitive Pythagorean
triples.
We’ll begin by looking at the legs and then think about the hypotenuse later.
8.9. Exercise. Make a conjecture that describes those natural numbers that can appear as
legs in a primitive Pythagorean triple.
You might have come up with the following theorem.
8.10. Theorem. In every primitive Pythagorean triple, one leg is an odd integer greater
than 1 and the other is a positive multiple of 4.
This observation does not tell us which odd numbers are allowable or which multiples
of 4 occur, but in fact every odd number and every multiple of 4 occurs as a leg in a
Pythagorean triple.
8.11. Theorem. Any odd number greater than 1 can occur as a leg in a primitive Pythagorean
triple.
98 8. PYTHAGOREAN TRIPLES, SUMS OF SQUARES, AND FERMAT’S LAST THEOREM
8.12. Theorem. Any positive multiple of 4 can occur as a leg in a primitive Pythagorean
triple.
To analyze what numbers can occur as the hypotenuse of a primitive Pythagorean triple
is a bit trickier. It amounts to investigating the general problem of representing numbers
as sums of two squares.
Sums of squares. The question we seek to answer is, for which numbers n does the
Diophantine equation
x
2
+ y
2
= n
have a solution? As usual we will ﬁrst investigate the case of primes.
8.13. Question. Make a list of the ﬁrst ﬁfteen primes and write each as the sum of as
few squares of natural numbers as possible. Which ones can be written as the sum of two
squares? Make a conjecture about which primes can be written as the sum of two squares
of natural numbers.
Your conjecture likely singles out those primes that are congruent to 1 modulo 4.
Theorem. Let p be a prime. Then p can be written as the sum of two squares of natural
numbers if and only if p = 2 or p ≡ 1 (mod 4).
There are really two theorems here and we will state them separately below. The ﬁrst
is a much simpler theorem to prove than the second.
8.14. Theorem. Let p be a prime such that p = a
2
+ b
2
for some natural numbers a and
b. Then either p = 2 or p ≡ 1 (mod 4).
The fact that every prime congruent to 1 modulo 4 is expressible as the sum of two
squares is more challenging to prove. As you work to prove this result in the next few
theorems it is worthwhile to recall another theorem you recently proved about primes that
are congruent 1 modulo 4. For primes congruent to 1 modulo 4, −1 is a quadratic residue;
that is, for any prime p that is congruent to 1 modulo 4, there is some natural number a
such that a
2
is congruent to −1 modulo p. To prove the second theorem, try applying the
following lemma to a square root of −1 modulo p.
8.15. Lemma. Let p be a prime and let a be a natural number not divisible by p. Then
there exist integers x and y such that ax ≡ y (mod p) with 0 < x, y <
√
p.
CONGRUENCES TO EQUATIONS 99
8.16. Theorem. Let p be a prime such that p ≡ 1 (mod 4). Then p is equal to the sum of
two squares of natural numbers.
(Hint: Try applying the previous lemma to a square root of −1 modulo p.)
Knowing which primes can be written as the sum of two squares is a great start, but
that does not yet answer the question as to which numbers can occur as the hypotenuse of
a primitive Pythagorean triple. We need a strategy for moving from primes to products of
primes.
8.17. Exercise. Check the following identity:
(u
2
+ v
2
)(A
2
+ B
2
) = (uA+ vB)
2
+ (vA−uB)
2
.
The preceding exercise tells us that the products of sums of two squares are themselves
sums of two squares.
8.18. Theorem. If an integer x can be written as the sum of two squares of natural numbers
and an integer y can be written as the sum of two squares of natural numbers, then xy can
be written as the sum of two squares of natural numbers.
Let’s try writing a few numbers as sums of squares of natural numbers.
8.19. Exercise. For each of the following numbers, (i) determine the number’s prime
factorization and (ii) write the number as the sum of two squares of natural numbers.
(1) 205
(2) 6409
(3) 722
(4) 11745
8.20. Question. Which natural numbers can be written as the sum of two squares of natural
numbers? State and prove the most general theorem possible about which natural numbers
can be written as the sum of two squares of natural numbers, and prove it.
We give the most general result next.
8.21. Theorem. A natural number n can be written as a sum of two squares of natural
numbers if and only if every prime congruent to 3 modulo 4 in the unique prime factorization
of n occurs to an even power.
100 8. PYTHAGOREAN TRIPLES, SUMS OF SQUARES, AND FERMAT’S LAST THEOREM
Pythagorean triples revisited. We are now in a position to describe the possible
values for the hypotenuse in a primitive Pythagorean triple.
8.22. Theorem. If (a, b, c) is a primitive Pythagorean triple, then c is a product of primes
each of which is congruent to 1 modulo 4.
8.23. Theorem. If the natural number c is a product of primes each of which is congruent
to 1 modulo 4, then there exist integers a and b such that (a, b, c) is a primitive Pythagorean
triple.
Having satisfactorily analyzed the question of which squares are the sum of two smaller
squares, it is natural to ask the analogous question for higher powers, and Pierre Fermat
did ask that question in what became known as Fermat’s Last Theorem.
Fermat’s Last Theorem. There are inﬁnitely many Pythagorean triples of natural
numbers (a, b, c) such that a
2
+b
2
= c
2
. A natural question arises if we replace the exponent
2 with larger numbers. In other words, can we ﬁnd triples of natural numbers (a, b, c) such
that a
3
+ b
3
= c
3
or a
4
+ b
4
= c
4
, or, in general, a
n
+ b
n
= c
n
for n ≥ 3. In 1637, Fermat
claimed to be able to prove that no triple of natural numbers (a, b, c) exists that satisﬁes
the equation a
n
+ b
n
= c
n
for any natural number n ≥ 3. During his lifetime, Fermat
probably realized his “proof” was inadequate, but the question tantalized mathematicians
for hundreds of years. Incremental progress was made. By 1992 it was known that the
equations a
n
+ b
n
= c
n
had no natural number solutions for 3 ≤ n ≤ 4000000 (as well as
many other special cases). But there are inﬁnitely many possible exponents larger than
4000000, so Fermat’s Last Theorem was far from being resolved. But all the remaining
exponents were taken care of by the groundbreaking work of Andrew Wiles, which took
place some 350 years after Fermat ﬁrst considered the question.
Theorem (Fermat’s Last Theorem, proved by Andrew Wiles in 1994). For natural numbers
n ≥ 3, there are no natural numbers x, y, z such that x
n
+y
n
= z
n
.
We probably won’t ﬁnd a proof of this theorem ourselves since it took mathematicians
350 years to do so. Instead, let’s look at one case of this theorem which can be proved using
a strategy known as Fermat’s method of descent. The method involves showing how a given
solution in natural numbers can be used to produce a “smaller” natural number solution.
That new solution would imply the existence of a yet smaller solution, and so on. Since any
decreasing sequence of natural numbers must be just ﬁnite in length, the method of descent
WHO’S REPRESENTED? 101
implies that there could not be a solution to begin with. Let’s see how this strategy can be
used to prove the case of Fermat’s Last Theorem when the exponent is 4.
In fact, notice that the following statement is a little stronger than what is called for in
Fermat’s Last Theorem since the z is squared rather than raised to the fourth power.
8.24. Theorem. There are no natural numbers x, y, and z such that x
4
+ y
4
= z
2
.
(Hint: Note that if there were a solution x = a, y = b, and z = c, then (a
2
, b
2
, c) would
be a Pythagorean triple, which we could assume to be a primitive Pythagorean triple by
removing common factors. Can you use the characterization of Pythagorean triples to ﬁnd
other natural numbers d, e, f such that d
4
+e
4
= f
2
where f is less than c? If you can do
that, how can you complete your proof ?)
Who’s Represented?
Representing numbers as the sum of two squares had immediate practical relevence to
the description of Pythagorean triples. But it is also a problem that lends itself well to
many diﬀerent possible directions of generalization. For example,
(1) Which numbers can be represented as the sum of three squares; sum of four squares;
etc.?
(2) Which numbers can be represented as the sum of two cubes; sum of two fourth
powers, etc.?
Mathematicians have given much attention to all of these questions. This is another one of
the many instances of simple sounding questions leading to deep and important mathemat
ics.
Sums of squares. Albert Girard (15951632) appeared to know which numbers could
be written as the sum of two squares as early as 1625, although a proof due to Girard is
lacking. Descartes proved in a 1638 letter to Mersenne that primes of the form 4n+3 could
not be represented as a sum of two squares. Fermat stated in a letter to Pascal in 1654
that he had a proof of the fact that primes of the form 4n + 1 were always the sum of two
squares. But a proof of Girard’s complete (and correct) observation would have to wait for
Euler, who gave a complete proof in two letters to Goldbach dated 1747 and 1749.
What about representing numbers as the sum of three squares? In a letter to Mersenne
dated 1636, Fermat stated (again without proof!) that no integer of the form 8n + 7 could
be expressed as the sum of three squares. Mersenne communicated the claim to Descartes
who provided a proof in 1638. The complete characterization is given here.
102 8. PYTHAGOREAN TRIPLES, SUMS OF SQUARES, AND FERMAT’S LAST THEOREM
Theorem. A natural number can be expressed as the sum of three squares of natural num
bers if and only if it is not of the form 4
n
(8k + 7) for nonnegative integers n and k.
The proof of this theorem is due in large part to Legendre, but a key step also requires
Dirichlet’s work on primes in arithmetic progressions.
What about sums of four squares? Fermat stated that he had a proof of the fact that
every number is either a square or the sum of two, three, or four squares, although, as we
now expect when dealing with Fermat, no proof was communicated. Building on the work
of Fermat and Euler, it is Lagrange in 1770 who ﬁnally provided the proof of the following
theorem.
Theorem (Four Squares Theorem). Every natural number is the sum of at most four
squares of natural numbers.
A key identity needed for Lagrange’s proof was due to Euler, who spent more than 40
years trying to establish the Four Squares Theorem. Euler established an amazing identity
showing that the product of two numbers, each of which can be expressed as the sum of
four squares, is also a sum of four squares, namely,
(a
2
1
+ a
2
2
+a
2
3
+ a
2
4
)(b
2
1
+b
2
2
+b
2
3
+b
2
4
) =(a
1
b
1
+a
2
b
2
+ a
3
b
3
+a
4
b
4
)
2
+ (a
1
b
2
− a
2
b
1
+a
3
b
4
− a
4
b
3
)
2
+ (a
1
b
3
− a
2
b
4
−a
3
b
1
+ a
4
b
2
)
2
+ (a
1
b
4
+ a
2
b
3
−a
3
b
2
− a
4
b
1
)
2
.
Sums of cubes, taxicabs, and Fermat’s Last Theorem. Euler, in 1770, provided
us with a proof of the ﬁrst case of Fermat’s Last Theorem by establishing that no cube is
the sum of two cubes. Of the numbers which can be expressed as the sum of two cubes,
perhaps 1729 is the most famous.
Suﬀering from tuberculosis and lying in a hospital bed in London, the young Indian
mathematician Ramanujan (18871920) was paid a visit by his friend and mentor G. H.
Hardy (18771947). Hardy remarked that he had arrived in a taxicab numbered 1729,
which he considered a rather dull number. Ramanujan responded that 1729 is not dull at
all. It is, in fact, the smallest number that can be expressed as the sum of two cubes in two
essentially distinct ways,
1729 = 1
3
+ 12
3
= 9
3
+ 10
3
.
WHO’S REPRESENTED? 103
Said another way, there are (at least) four distinct integer points, namely (1, 12), (12, 1),
(9, 10), and (10, 9), on the cubic plane curve
x
3
+ y
3
= 1729.
Taking statements about numbers and transforming them into statements about points
on curves (or surfaces, etc.) is now a fairly common practice in the ﬁeld of arithmetical
geometry. For example, in studying whether the number m is expressible as a sum of two
cubes, the corresponding plane curve is given by
x
3
+y
3
= m.
This is another example of what is known as an elliptic curve. While naturally arising when
looking at the problem of expressing a number as the sum of two cubes, elliptic curves have
also played a much more central role in the modern development of number theory. They
are the central objects under study in Andrew Wiles’ proof of Fermat’s Last Theorem.
In 1990 it was known that if (a, b, c) were a triple of natural numbers satisfying an
equation of the form
a
p
+b
p
= c
p
,
where p is a prime greater than 2 (i.e. if the triple (a, b, c) provided a counterexample to
Fermat’s Last Theorem), then the curve
y
2
= x(x − a
p
)(x +b
p
)
would be an elliptic curve with some very strange properties. The precise statement is that
the curve would be semistable but not modular, although the exact meanings of these words
is beyond the scope of this book. Such a curve was believed not to exist. More precisely,
it was believed by many (and was the content of the ShimuraTaniyama Conjecture) that
all elliptic curves were modular. This conjecture is now known to be true. The ﬁrst major
contribution to the proof of the ShimuraTaniyama Conjecture was due to Wiles with the
help of his student Richard Taylor. Wiles and Taylor proved in 1994 that all semistable
elliptic curves are modular, once and for all conﬁrming the truth of Fermat’s Last Theorem.
CHAPTER 9
Rationals Close to Irrationals and the Pell Equation
Diophantine Approximation And Pell Equations
Linear Diophantine equations were considered and solved in Chapter 1. In the previous
Chapter we asked which natural numbers could be written as the sum of two squares. That
is, we sought solutions to the quadratic Diophantine equation x
2
+y
2
= n which in turn gave
us a complete description of the natural numbers that could occur as the hypotenuse in a
primitive Pythagorean triple. In this chapter we consider one additional family of quadratic
Diophantine equations called Pell equations. A Pell equation is any equation of the form
x
2
−Ny
2
= 1 where N is any natural number. These equations have surprising connections
to at least two diﬀerent issues. One is a famous Bovine Problem about herds of cows and
bulls whose sizes are related in various ways. This story problem was framed by Archimedes
in the third century B.C. and was not completely solved until 1965. The minimum number
of cattle that would satisfy the conditions of Archimedes’ problem is vastly greater than the
number of atoms in the universe, so you may not encounter all of them during the running
of the bulls.
On a less frivolous note, the socalled Pell equations are also connected with the subject
of Diophantine approximation; namely, the study of rational number approximations to
irrational quantities. Of course, every irrational number can be arbitrarily closely approxi
mated by rational numbers by just truncating the decimal representation of the irrational
number, but here we consider the question of ﬁnding rational approximations where the
size of the denominator of the approximating fraction is small relative to how close the
approximation is. One challenge is to clarify the questions about rational approximations.
Then we will ﬁnd that the Pell equations, x
2
− Ny
2
= 1, help us analyze good rational
approximations of certain irrational numbers.
Unfortunately, the name of the Pell equations is a misnomer. Mathematician John Pell
(16111685) had little if anything to do with the study of the equations which now bear his
name. In a published paper Euler mistakenly attributed what is believed to be the work of
William Brouncker (16201684) to Pell, and the name has stuck. So there are at least two
105
106 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
roads to mathematical immortality–prove something great or have a famous person think
you proved it.
A plunge into rational approximation. Irrational numbers can sometimes pose a
problem when it comes to practical computation. In practice, we always have to rely on
rational approximations when irrationals are involved. We have all used close rational ap
proximations in order to simplify and expedite solutions to problems that involve irrational
numbers. For example, 1.414 is a convenient approximation for
√
2; and 3.14 or
22
7
are
often used as approximations for π. In fact, wise political minds have not overlooked the
advantages of rational approximations to π. At times politicians have considered cutting the
Gordian Knot by legislating π to equal a convenient rational value. In 1897, the Indiana
Legislature considered and nearly accomplished the passage of such legislation; however,
after being recommended for passage by the Committee on Education and passed by the
House, a mathematician gave some advice that derailed this progressive legislation and the
bill ﬂoundered in the Senate. Too bad.
Let’s begin our investigation into rational approximations of irrational numbers by ob
serving that it is an easy matter to approximate irrational numbers by fractions
a
b
that lie
within
1
2b
of the irrational. Recall that the quatity x − y measures the distance between
the numbers x and y.
9.1. Theorem. Let α be an irrational number and let b be a natural number. Then there
exists an integer a such that
α −
a
b
 ≤
1
2b
.
So a harder challenge of rational approximation is to ﬁnd fractions
a
b
that lie within a
smaller distance of the target irrational, for example, within
1
b
2
. One technique for ﬁnding
such approximations involves noticing that in any large collection of real numbers, some
pair of them must have a diﬀerence that is close to being an integer in value. We begin
by considering multiples of
√
2 and asking you to ﬁnd a way to produce a good rational
approximation to
√
2.
9.2. Exercise. Among the ﬁrst eleven multiples of
√
2,
0
√
2,
√
2, 2
√
2, 3
√
2, . . . , 10
√
2,
ﬁnd the two whose diﬀerence is closest to a positive integer. Feel free to use a calculator.
Use those two multiples to ﬁnd a good rational approximation for
√
2. By good, we mean
DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 107
that you ﬁnd integers a and b such that

a
b
−
√
2 ≤
1
b
2
.
The technique of using a list of integer multiples to obtain good approximations to an
irrational number is a valuable strategy to understand well. So after doing the previous
exercise, think carefully about your method to see how generally the method can be applied
and how each step was involved in the solution. To understand the method, do it once
again for
√
7.
9.3. Exercise. Repeat the previous exercise for
√
7 using the ﬁrst 13 multiples of
√
7.
Before we move along any further, was it important in the previous two exercises that
the irrational being approximated was a square root?
9.4. Exercise. Repeat the previous exercise for π, using the ﬁrst 15 multiples of π.
Now take some time to think through what you have done and why it works. By
considering the following questions you are exploring how the preceding speciﬁc examples
can be extended to apply to more general cases.
9.5. Question. Let α be an irrational number.
(1) Imagine making a list of the ﬁrst 11 multiples of α. Can you predict how close to
an integer the nearest diﬀerence between two of those numbers must be?
(2) Now imagine making a list of 11 multiples of α, but not the ﬁrst 11. Can you still
predict how close to an integer the nearest diﬀerence between two of those numbers
must be?
(3) Now imagine making a list of 50 multiples of α, rather than just 11. Can you
predict how close to an integer the nearest diﬀerence between two of those numbers
must be?
(4) What is the general relationship between how many multiples of α we consider and
how well we can rationally approximate α using our multiples?
The next three theorems formalize what you may have discovered in the preceding group
of questions.
9.6. Theorem. Let K be a positive integer. Then, among any K real numbers, there is a
pair of them whose diﬀerence is within 1/K of an being an integer.
108 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
When we take our collection of real numbers to be multiples of an irrational number,
then we can ﬁnd good rational approximations for the irrational number. Remember how
multiples of an irrational could lead to rational approximations of the irrational by ﬁnding
multiples whose diﬀerence is close to an integer.
9.7. Theorem. Let α be a positive irrational number and K be a positive integer. Then
there exist positive integers a, b, and c with 0 ≤ a < b ≤ K and 0 ≤ c ≤ Kα such that

c
b −a
− α ≤
1
(b −a)
2
.
The theorem before the last theorem told us that increasingly large collections of real
numbers contain pairs whose diﬀerences get increasing close to being an integer. Now you
will need to understand your proof of the above theorem suﬃciently well so that you ﬁgure
out how to make (b −a) arbitrarily large. You might consider the fact that for an irrational
number α, any ﬁxed, ﬁnite collection of multiples of α will have every diﬀerence of every
pair of those multiples diﬀering from being an integer by at least some speciﬁc nonzero
amount. So taking a yet bigger collection of multiples will give you a pair whose diﬀerence
is even closer to being an integer. That observation might help to generalize your technique
to prove Dirichlet’s Rational Approximation Theorem.
9.8. Theorem (Dirichlet’s Rational Approximation Theorem, Version I). Let α be any real
number. Then there exist inﬁnitely many rational numbers
a
b
satisfying

a
b
− α ≤
1
b
2
.
It is often useful to put the same result in diﬀerent forms, because the diﬀerent forms
might help us to see a connection with some other work. In this case, the following al
ternative form of Dirichlet’s Rational Approximation Theorem takes the ﬁrst step toward
making the connection between rational approximation and Pell’s equation.
Theorem (Dirichlet’s Rational Approximation Theorem, Version II). Let α be any real
number. Then there exist inﬁnitely many integers a and b satisfying
a −bα ≤
1
b
.
Before going further, let’s conﬁrm that these two versions of Dirichlet’s Rational Ap
proximation Theorem actually are equivalent.
9.9. Theorem. Show that Versions I and II of Dirichlet’s Rational Approximation Theorem
can be deduced from one another.
DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 109
If we consider the special case where α is the square root of a natural number, we
get a form of Dirichlet’s Rational Approximation Theorem that looks even more like Pell’s
Equation.
Theorem (Dirichlet’s Rational Approximation Theorem, Version III). Let N be a positive
integer that is not a square. Then there exist inﬁnitely many positive integers a and b
satisfying
a −b
√
N ≤
1
b
.
The connection between Pell equations and rational approximations to irrational num
bers that are square roots of natural numbers is not hard to make.
9.10. Exercise. Show that if N is a natural number which is not a square and x = a and
y = b is a positive integer solution to the Pell equation x
2
− Ny
2
= 1, then
a
b
gives a good
rational approximation to
√
N.
The next theorem clariﬁes that by a “good” rational approximation we mean the same
thing as occurs in Dirichlet’s Theorem Version I.
9.11. Theorem. Let N be a positive integer that is not a square. If x = a and y = b is a
solution in positive integers to x
2
−Ny
2
= 1, then

a
b
−
√
N <
1
b
2
.
So we see that solutions in positive integers to the Pell equation x
2
−Ny
2
= 1 give rise
to good approximations to the irrational number
√
N. So our challenge now is to analyze
the Pell equation and see whether we can ﬁnd solutions. We’ll start by disposing of trivial
cases so that we can focus on the ones that count.
Out with the trivial. In chapter 1 we considered the family of linear Diophantine
equations
ax +by = c.
Certain values of the parameters a, b, and c led to Diophantine equations with no hope of
having solutions. For example, the equation 6x+3y = 17 will not have any integer solutions
because the left hand side will always be divisible by 3, and the right hand side will never
be divisible by 3.
When working with a parameterized family of equations, it is worthwhile to make an
eﬀort to recognize whether certain values of the parameters will lead to obvious conclusions
110 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
or whether there are some trivial solutions that are not of interest. Let’s try this with the
Pell equations x
2
− Ny
2
= 1, which have the single parameter, the natural number N.
9.12. Question. For every natural number N, there are some trivial values of x and y that
satisfy the Pell equation x
2
−Ny
2
= 1. What are those trivial solutions?
Let’s pin that down by making the following deﬁnitions of trivial and nontrivial solu
tions.
Deﬁnition. Let N be a natural number. The trivial solutions to the Diophantine equation
x
2
−Ny
2
= 1 are x = 1, y = 0 and x = −1, y = 0. All other integer solutions are nontrivial.
9.13. Question. For what values of the natural number N can you easily show that there
are no nontrivial solutions to the Pell equation x
2
−Ny
2
= 1?
We record your observation in the following theorem.
9.14. Theorem. If the natural number N is a perfect square, then the Pell equation
x
2
−Ny
2
= 1
has no nontrivial integer solutions.
After all this talk about trivial solutions, let’s at least conﬁrm that in some cases non
trivial solutions do exist.
9.15. Exercise. Find, by trial and error, at least two nontrivial solutions to each of the
Pell equations x
2
−2y
2
= 1 and x
2
− 3y
2
= 1.
Bolstered by the existence of solutions for N = 2 and N = 3, our focus from this point
forward will be on ﬁnding nontrivial solutions to the Pell equations x
2
−Ny
2
= 1 where N
is a natural number that is not a perfect square.
New solutions from old. For a positive integer N that is not a perfect square, the
nontrivial solutions to x
2
− Ny
2
= 1 come to us in natural groups of four since the square
of a negative number is positive.
9.16. Question. To know all the integer solutions to a Pell equation, why does it suﬃce
to know just the positive integer solutions?
One solution to a Pell equation gives rise to related ones by taking negatives, but there
are other ways to take some solutions and combine them to create other solutions. Since
DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 111
1 times 1 equals 1, multiplication of solutions also gives a new solution. Here is what we
mean.
9.17. Theorem. Suppose N is a natural number and the Pell equation x
2
− Ny
2
= 1 has
two solutions, namely, a
2
−Nb
2
= 1 and c
2
−Nd
2
= 1 for some integers a, b, c, and d. Then
x = ac +Nbd and y = ad+bc is also an integer solution to the Pell equation x
2
−Ny
2
= 1.
That is,
(ac +Nbd)
2
− N(ad +bc)
2
= 1.
So we can generate new solutions to the Pell equation from old solutions; but the
question remains: For which positive integers N (which are not squares) does x
2
−Ny
2
= 1
have nontrivial solutions? To fully answer this question we return to the world of rational
approximation.
Securing the elusive solution. We observed earlier that nontrivial solutions to the
Pell equation x
2
− Ny
2
= 1 give rise to good approximations of
√
N. Now we look at
the connection been good rational approximations of
√
N and Pelllike equations in the
opposite way. That is, starting with a “good” rational approximation
x
y
of
√
N, let’s
investigate x
2
− Ny
2
. Recall Version II of Dirichlet’s Rational Approximation Theorem.
That version described the closeness of the rational approximation of the fraction
x
y
to
√
N
by stating that x − y
√
N <
1
y
. That concept of a good rational approximation is used as
the hypothesis in the following theorem.
9.18. Theorem. Let N be a natural number and suppose that x and y are positive integers
satisfying x −y
√
N <
1
y
. Then
x +y
√
N < 3y
√
N.
A tiny bit of algebra gets us back to a Pelllike expression.
9.19. Theorem. Let N be a natural number and suppose that x and y are positive integers
satisfying x −y
√
N <
1
y
. Then
x
2
−Ny
2
 < 3
√
N.
Notice that the preceding theorem tells us that any good rational approximation of
√
N
gives rise to a Pelllike expression, x
2
− Ny
2
, which is an integer with a ﬁxed bound. We
want to ﬁnd solutions to the Pell equation x
2
−Ny
2
= 1; however, let’s take what we can get
at this point, namely, solutions to a Pelllike equation where the right side is some integer
possibly diﬀerent from 1.
112 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
9.20. Theorem. There exists a nonzero integer M such that the equation
x
2
−Ny
2
= M
has inﬁnitely many solutions in positive integers.
Now we have inﬁnitely many positive integer solutions to a Pelllike equation,
x
2
−Ny
2
= M.
In the next few theorems we investigate how to use these to obtain a nontrivial solution to
x
2
− Ny
2
= 1.
9.21. Lemma. Let n be a natural number and suppose that (x
i
, y
i
), i = 1, 2, 3, . . . are
inﬁnitely many ordered pairs of integers. Then there exist distinct natural numbers j and k
such that
x
j
≡ x
k
(mod n) and y
j
≡ y
k
(mod n).
9.22. Lemma. Let N be a natural number and M be a nonzero integer and let (x
j
, y
j
) and
(x
k
, y
k
) be two distinct integer solutions to x
2
− Ny
2
= M satisfying
x
j
≡ x
k
(mod M) and y
j
≡ y
k
(mod M).
Then
x =
x
j
x
k
−y
j
y
k
N
M
and y =
x
j
y
k
−x
k
y
j
M
are integers satisfying x
2
−Ny
2
= 1.
What you have now proved is that the Pell equation x
2
− Ny
2
= 1 has nontrivial
solutions for every possible case, namely for any natural number N that is not a perfect
square.
9.23. Theorem. If N is a positive integer that is not a square, then the Pell equation
x
2
−Ny
2
= 1 has a nontrivial solution in positive integers.
An excellent way to understand a proof is to follow the steps of the proof for some
particular examples. That is what we ask you to do in the next exercise.
9.24. Exercise. Follow the steps of the preceding theorems to ﬁnd several solutions to the
Pell equations x
2
−5y
2
= 1 and x
2
−6y
2
= 1 and then give some good rational approximations
to
√
5 and
√
6.
DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 113
The structure of the solutions to the Pell equations. We have now proved that
the Pell equations have solutions, but in fact those solutions have a satisfying kind of
structure to them, which we will explore in this section. This structure arises from our
inability to resist factoring when we have the chance.
The left sides of the Pell equations x
2
− Ny
2
= 1 look very much like the diﬀerence
of two squares. It is diﬃcult to see a diﬀerence of two squares without succumbing to
the urge to factor. Giving in to that temptation pays oﬀ in this case. Of course, there is
one unpleasant part of that factoring, namely, when N is not a perfect square, the factors
involve an irrational number,
√
N. Never mind, let’s factor anyway.
x
2
− Ny
2
= 1
(x + y
√
N)(x −y
√
N) = 1,
Deﬁnition. Let N be a natural number. We say that a real number α = r +s
√
N, with r
and s integers, gives a solution to the Pell equation x
2
− Ny
2
= 1 if r
2
−Ns
2
= 1.
The next several Theorems work out the algebraic structure of the real numbers that
give integer solutions to a given Pell equation.
9.25. Theorem. Let N be a natural number and r
1
, r
2
, s
1
, and s
2
be integers. If α =
r
1
+s
1
√
N and β = r
2
+s
2
√
N both give solutions to the Pell equation x
2
−Ny
2
= 1, then
so does αβ.
9.26. Theorem. Let N be a natural number and r and s integers. If α = r + s
√
N gives
a solution to x
2
−Ny
2
= 1, then so does 1/α.
Note: Abstract algebra is a study of algebraic structures and relationships. When you
study abstract algebra, one of the ﬁrst structures you will encounter is a group. We won’t
deﬁne the idea of a group here, but the previous two theorems tell us that the set of real
numbers of the form r+s
√
N, with r and s integers, that give solutions to the Pell equation
x
2
−Ny
2
= 1 form a group with respect to the operation of multiplication.
9.27. Corollary. Let N be a natural number and r and s integers. If α = r + s
√
N gives
a solution to x
2
−Ny
2
= 1, then so does α
k
for any integer k.
9.28. Exercise. Let N be a natural number and r and s integers. Show that if r + s
√
N
gives a solution to x
2
− Ny
2
= 1, then so do each of
r −s
√
N, −r +s
√
N, and −r − s
√
N.
114 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
9.29. Theorem. Let N be a positive integer that is not a square. Let A be the set of all
real numbers of the form r + s
√
N, with r and s positive integers, that give solutions to
x
2
−Ny
2
= 1. Then
(1) there is a smallest element α in A.
(2) the real numbers α
k
, k = 1, 2, . . . give all positive integer solutions to x
2
−Ny
2
= 1.
(Hint: For part (1), try showing that the numbers in question are ordered by r. Then use
the WellOrdering Axiom.
Let’s reﬂect on what we have shown so far. If the natural number N is a perfect square,
then the Pell equation x
2
−Ny
2
= 1 has only trivial solutions. In all other cases, it suﬃces
to focus on just the positive integer solutions. In these cases, Theorem 9.23 tells us that
there is a nontrivial solution and Theorem 9.29 suggests that in a sense there is a “smallest”
solution in positive integers, which generates all of the inﬁnitely many other positive integer
solutions. So our investigation of the Pell equations has revealed a satisfying mathematical
structure.
Bovine Math
Pell equations are not merely mathematical amusements. They also arise in ranching
by the gods. The following is an English translation, due to Ivor Thomas, of the problema
bovinum attributed to Archimedes. It is written in the form of a challenge, and considers
the number of four diﬀerent types of cattle belonging to the herd of the sun god Helios.
If thou art diligent and wise, O stranger, compute the number of cattle
of the Sun, who once upon a time grazed on the ﬁelds of the Thrinacian
isle of Sicily, divided into four herds of diﬀerent colours, one milk white,
another a glossy black, a third yellow and the last dappled. In each herd
were bulls, mighty in number according to these proportions: Understand,
stranger, that the white bulls were equal to a half and a third of the black
together with the whole of the yellow, while the black were equal to the
fourth part of the dappled and a ﬁfth, together with, once more, the whole
of the yellow. Observe further that the remaining bulls, the dappled, were
equal to a sixth part of the white and a seventh, together with all of the
yellow. These were the proportions of the cows: The white were precisely
equal to the third part and a fourth of the whole herd of the black; while
the black were equal to the fourth part once more of the dappled and with
BOVINE MATH 115
it a ﬁfth part, when all, including the bulls, went to pasture together. Now
the dappled in four parts were equal in number to a ﬁfth part and a sixth
of the yellow herd. Finally the yellow were in number equal to a sixth
part and a seventh of the white herd. If thou canst accurately tell, O
stranger, the number of cattle of the Sun, giving separately the number
of wellfed bulls and again the number of females according to each colour,
thou wouldst not be called unskilled or ignorant of numbers, but not yet
shalt thou be numbered among the wise.
But come, understand also all these conditions regarding the cattle
of the Sun. When the white bulls mingled their number with the black,
they stood ﬁrm, equal in depth and breadth, and the plains of Thrinacia,
stretching far in all ways, were ﬁlled with their multitude. Again, when
the yellow and the dappled bulls were gathered into one herd they stood in
such a manner that their number, beginning from one, grew slowly greater
till it completed a triangular ﬁgure, there being no bulls of other colours
in their midst nor none of them lacking. If thou art able, O stranger, to
ﬁnd out all these things and gather them together in your mind, giving
all the relations, thou shalt depart crowned with glory and knowing that
thou hast been adjudged perfect in this species of wisdom.
How can we hope to be crowned with glory? Obviously, we must get our cows and bulls
in a row, steer clear of mooving mooers, and solve this bully conundrum.
The ﬁrst paragraph translates mathematically into a system of 7 linear equations in 8
unknowns (the 4 types of bulls: W, B, Y , D, and the 4 types of cows: w, b, y, d). There
is a 1parameter family of solutions given by
W = 10366482k
B = 7460514k
Y = 4149387k
D = 7358060k
w = 7206360k
b = 4893246k
y = 5439213k
d = 3515820k
116 9. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION
The second paragraph imposes two additional conditions: the sum of the white bulls
and the black bulls should be a square, and the sum of the yellow bulls and the dappled bulls
should be a triangular number, that is, a number of the form 1 +2 +· · · +m = m(m+1)/2.
These constraints tell us that
(1) W + B = 10366482k + 7460514k = 17826996k = n
2
for some integer n, and
(2) Y +D = 4149387k + 7358060k = 11507447k =
m(m+ 1)
2
for some integer m. The factorization 17826996 = 2
2
· 3 · 11 · 29 · 4657 tells us that the value
of k in equation (1) must be of the form
k = 3 · 11 · 29 · 4657 · y
2
= 4456749y
2
for some integer y. Combining this with the equation (2) gives
11507447 · 4456749y
2
=
m(m+ 1)
2
,
or
(3) 51285802909803y
2
=
m(m+ 1)
2
.
Completing the square on the right hand side of equation (3) we obtain
m(m+ 1)
2
=
(m+ 1/2)
2
−1/4
2
=
1
8
((2m+ 1)
2
− 1).
So, by multiplying equation (3) by 8, and making the substitution x = 2m+ 1 we obtain
8 · 51285802909803y
2
= x
2
− 1,
or
x
2
−410286423278424y
2
= 1,
a Pell equation!
Our translation of the cattle problem into a Pell equation is unlikely to have been
employed during Archimedes’ time. And even more unlikely is it that he, or any of his
contemporaries, produced a solution, even though we now know that in fact there are
inﬁnitely many. The ﬁrst known complete solution, aided by computers, was given in 1965
by H. C. Williams, R. A. German, and C. R. Zarnke. The smallest sized herd satisfying
all the conditions is so vast that to write down the number of cattle we would need to use
206545 digits! That’s a lot of bulls. To put that number in perspective, the number of
atoms in the universe is estimated to be described with a number with a mere 80 digits.
BOVINE MATH 117
Archimedes was not the only mathematician to issue challenges. Fermat was known to
challenge his contemporaries as well. In 1657 he sent letters asking William Brouncker and
John Wallis to ﬁnd integer solutions to the equations x
2
− 151y
2
= 1 and x
2
− 313y
2
= 1.
Both stepped up to the challenge and gave integer solutions in reply.
But it is in early Indian mathematics that we ﬁnd the ﬁrst systematic study of Pell
equations. Brahmagupta was aware of how to generate new solutions from old in much
the same manner as we explored in Theorem 9.17, and both Brahmagupta and Bhaskara
(11141185) discovered methods for turning solutions of x
2
− Ny
2
= k (for small k) into
solutions to x
2
− Ny
2
= 1. So Pell equations have spanned the ages, spanned the globe,
and have even amused the sun god.
CHAPTER 10
The Search for Primes
Primality Testing
Determining whether or not a large number is prime has practical importance in cryp
tography as seen in Chapter 5. If a number is relatively small, we might try simple trial
division up to its square root (see Theorem 2.3). If we ﬁnd no divisor, we have a prime. But
trial division quickly becomes an overwhelming burden. Trial division on a large number,
say with 100’s of digits, would take today’s fastest computers longer than the entire history
of the universe since the Big Bang 13.6 billion years ago. That is too long to wait. So trial
division is not a fast algorithm for determining primaility.
Is it prime? In this section we look at the notion of a primality test. We also examine
just exactly what mathematicians mean when describing an algorithm as “fast”.
To be precise, by a primality test we mean a theorem of the form
A natural number n is prime if and only if .
where the blank would be ﬁlled in by some testable condition on n. For example
Theorem. A natural number n is prime if and only if for all primes p ≤
√
n, p does not
divide n.
Although this theorem provides a primality test, it does little to help our agent in the
ﬁeld set up a secure RSA public key code system. It is completely impractical for identifying,
say, 200 digit primes. In Chapter 4 we ﬁnd the following primality test.
Theorem (Wilson’s Theorem and Converse). A natural number n is prime if and only if
(n −1)! ≡ −1 (mod n).
Unfortunately, there are no general shortcuts for computing (n−1)! (mod n), and as n
begins to grow, even our fastest computers become overwhelmed with the computation.
Mathematicians measure the speed or complexity of a primality testing algorithm as a
function of the number of digits in the number to be tested.
119
120 10. THE SEARCH FOR PRIMES
10.1. Exercise. If n is a ddigit number, explain why the trial division primality test
requires roughly 10
d/2
trials.
10.2. Exercise. If n is a ddigit number, explain why the Wilson’s Theorem primality test
requires roughly 10
d
multiplications.
These two algorithms are said to run in exponential time since the required number of
steps is an exponential function in the number of digits in the number to be tested. Ex
ponential time algorithms are considered slow, and quickly become impractical for modern
computers to carry out. A faster class of algorithms are those which run in polynomial
time, that is, those for which the number of required steps is a polynomial function in the
number of digits. Just how much of a diﬀerence does polynomial time versus exponential
time make?
10.3. Question. Suppose that Algorithm A requires d
2
steps and Algorithm B requires 2
d
steps, where d is the number of digits in the number to be tested. Suppose our computer can
carry out one million steps per second. How long would it take for our computer to carry
out each algorithm when the number to be tested has 200 digits?
Fermat’s Little Theorem and probable primes. Both primality tests given in the
preceding section are impractical for identifying really large primes. On the other hand,
computing powers modulo n is an operation we have seen to be fast even for large numbers.
In fact, in Chapter 3 you discovered that the computation of a
r
(mod n) requires roughly
log
2
r multiplications.
10.4. Exercise. Show that the algorithm described in Question 3.6 for computing a
r
(mod n)
is a polynomial time algorithm in the number of digits in r.
In the next series of problems you will explore the use of this operation as a means of
testing for primality by starting with a familiar theorem.
Theorem (Fermat’s Little Theorem). Let p be a prime. Then for all natural numbers a
less than p, a
p−1
≡ 1 (mod p).
Fermat’s Little Theorem can be useful for showing certain numbers are composite.
10.5. Exercise. State the contrapositive of Fermat’s Little Theorem.
10.6. Exercise. Use Fermat’s Little Theorem to show that n = 737 is composite.
PRIMALITY TESTING 121
Unfortunately, the statement of Fermat’s Little Theorem lacks the logical connective
“if and only if” that we desire for a primality test. This raises the question of whether the
converse to Fermat’s Little Theorem is true.
10.7. Question. State the converse to Fermat’s Little Theorem. Do you think the converse
to Fermat’s Little Theorem is true?
10.8. Theorem. Let n be a natural number. Then n is prime if and only if a
n−1
≡ 1
(mod n) for all natural numbers a less than n.
10.9. Question. Does the previous theorem give a polynomial or exponential time primality
test?
Inventing polynomial time primality tests is quite a challenge. One way to salvage some
good from Fermat’s Little Theorem is to weaken our demand of certainty. What if instead
we look for a probable prime test, by which we mean a statement of the form
If , then n is very likely to be prime.
where the blank would be ﬁlled in by some testable condition on n.
10.10. Exercise. Compute 2
n−1
(mod n) for all odd numbers n less than 100. If you have
access to a computer, and some computing software, keep going. Test any conjectures you
make along the way. State a probable prime test based on your observations.
The evidence you collected hopefully suggests the following probable prime test for
natural numbers n bigger then 2.
If
_
2
n−1
≡ 1 (mod n), then n is composite.
2
n−1
≡ 1 (mod n), then n is very likely prime.
We cannot remove the words “very likely” in this probable prime test because there
are composite numbers n for which 2
n−1
≡ 1 (mod n). The ﬁrst composite that fools our
probable prime test is 341 = 11 · 31. Composite numbers n such that 2
n−1
≡ 1 (mod n) are
sometimes called Poulet numbers. There are inﬁnitely many, but they are so rare that for
practical purposes, most people feel completely comfortable using our probable prime test
to identify large primes.
For example, if n is a randomly chosen 13 digit odd number and 2
n−1
≡ 1 (mod n),
then there is a 99.9999996% chance that n is prime, because there are 308457624821 13
digit primes and 132640 13 digit Poulet numbers. Would you feel safe with those odds? At
a cost of guaranteed certainty, we now have a polynomial time probable prime test!
122 10. THE SEARCH FOR PRIMES
AKS primality. There are many polynomial time probable prime tests, but it was
not known until the summer of 2002 whether or not a polynomial time primality test could
exist. That summer an Indian scientist and two of his undergraduate students made public
their discovery of a deterministic polynomial time primality test. Manindra Agrawal and his
students Neeraj Kayal and Nitin Saxena would eventually win the Godel prize in computer
science for their work.
The test, now know as the AKS primality test, is based on the following theorem.
10.11. Theorem. Let a and n be relatively prime natural numbers. Then n is prime if
and only if (x +a)
n
≡ x
n
+a (mod n) for every integer x.
This theorem alone constitutes a primality test, but a slow one at that. The problem
lies in the fact that there are n diﬀerent coeﬃcients to compute in (x +a)
n
(mod n). Part
of what Agrawal, Kayal, and Saxena were able to ﬁgure out is how to reduce the degree of
the polynomials that need to be checked.
The polynomial time deterministic AKS primality test may be beyond the scope of this
book, but please do not assume that it is beyond the scope of your abilities. With a little
bit of abstract algebra and the number theory you have learned so far you’ll be more than
prepared to tackle the AKS primality test for yourself.
Record Primes
A list of the largest known primes will show that they all share the following property:
each prime is either 1 more or 1 less than an easily factored number. In September, 2006,
the largest known prime was
2
32582657
− 1,
which is a Mersenne prime with over 9.8 million digits. Clearly it is 1 less than a very easily
factored number. In fact, the six largest known primes are Mersenne primes (again, as of
September 2006), and the seventh largest is
27653 · 2
9167433
+ 1,
which is 1 more than an easily factored number (27653 is prime). This fact is not just
coincidence. When n is a natural number of a certain special form, much more eﬃcient
primality tests are available for determining the nature of n. In this section we present
some of these wonderful theorems that have helped people discover some of the largest
known primes.
RECORD PRIMES 123
The late nineteenth century witnessed tremendous progress in the mathematics of pri
mality testing. Edouard Lucas (18421891) was one of the thinkers who concerned them
selves with such matters. The nth Fermat number is given by F
n
= 2
2
n
+ 1. Fermat
had determined that F
1
, F
2
, F
3
, and F
4
are each prime and conjectured that every Fermat
number was prime (although he didn’t call them Fermat numbers). In 1732 Euler proved
that Fermat’s conjecture was false by showing that F
5
= 4294967297 is divisible by 641.
But the nature of F
6
remained unresolved until Lucas developed a primality test for Fermat
numbers that proved that F
6
is also composite.
Father Theophile Pepin (18261905), a contemporary of Lucas, published another pri
mality test for Fermat numbers in 1877 which still bears his name.
Theorem (Pepin’s Test). Let F
n
denote the nth Fermat number. Then F
n
is prime if and
only if
3
(Fn−1)/2
≡ −1 (mod F
n
).
In Pepin’s original theorem the condition appears as 5
(Fn−1)/2
≡ −1 (mod F
n
). It was
another contemporary, Francois Proth (18521879), who pointed out that 3 would work as
well as 5. Proth contributed primality tests of his own as well, which have been implemented
today (see Yves Gallot’s Proth.exe) and are responsible for ﬁnding some of the currently
largest known primes (at least those that are not Mersenne primes). Proth’s 1878 test is as
follows.
Theorem (Proth’s Test). Let n and k be a natural numbers, and let N = k · 2
n
+ 1 with
2
n
> k. If there is an integer a such that
a
(N−1)/2
≡ −1 (mod N),
then N is prime.
So what about the record–holding Mersenne primes? In 1930 D. H. Lehmer (1905
1991) completed a dissertation at Brown University titled An Extended Theory of Lucas’
Functions. In it, we ﬁnd the following test, which is responsible for identifying today’s
largest known primes. The form of this theorem is similar to that of Lucas’ earlier primality
tests for Fermat numbers.
Theorem (LucasLehmer Test). Let M
n
= 2
n
−1 denote the nth Mersenne number, and
deﬁne the sequence {S
i
} by
S
0
= 4, S
i+1
= S
2
i
− 2.
Then M
n
is prime if and only if S
n−2
≡ 0 (mod M
n
).
124 10. THE SEARCH FOR PRIMES
Since there are inﬁnitely many primes, the quest for ever larger primes is an endless
pursuit. The current strategies for ﬁnding such primes involve having many computers,
contributed by volunteers around the world, work in concert to ﬁnd new, huge primes.
Number theory has had unexpected applications to cryptography, as we saw in Chapter 5.
Perhaps an unexpected consequence of the search for large primes will be the development
of previously unimagined strategies for global cooperation.
APPENDIX A
Mathematical Induction: The Domino Eﬀect
The Inﬁnitude Of Facts
Many mathematical theorems are really inﬁnitely many little theorems all packaged into
one statement. For example, we learn the following theorem in calculus: Every polynomial
function is continuous. If you were lucky enough to also see a proof of this theorem, you
would know that we did not separately consider every polynomial. If we did, you would
still be sitting in that calculus class. One of the great strengths of mathematical reasoning
and logic is the ability to prove an inﬁnite number of facts in a ﬁnite amount of space and
time.
Gauss’ formula. Carl Friedrich Gauss was a famous mathematician of the early 19th
century. A story about his boyhood has made its way into mathematical folklore. As the
story goes, an elementary school teacher of Gauss wanted to keep his students busy while he
graded papers. To this end, he asked his students to add up the ﬁrst one hundred numbers,
thinking this task would keep them quiet for a long time. To the dismay of the teacher,
Gauss quickly discovered a shortcut to replace the tedious addition problem and came up
with the answer after only a few short moments. As a cultural aside, historians feel that
this story is probably false, and some feel that it promotes the false myth that mathematics
is a subject only for the rare genius rather than for everybody. Regardless of the historical
or political status of the story, the technique for adding the ﬁrst n natural numbers is an
excellent one to use to illustrate a form of reasoning known as mathematical induction.
Let’s see how we would develop and prove Gauss’ formula for adding up numbers.
To show that we are really proving a lot of separate facts, we start by listing a few of
those facts, designating them as theorems. Of course, you can simply verify each of the
following theorems by just doing the arithmetic. That’s ﬁne for now.
A.1. Theorem. 1 =
(1)(2)
2
.
A.2. Theorem. 1 + 2 =
(2)(3)
2
.
A.3. Theorem. 1 + 2 + 3 =
(3)(4)
2
.
125
126 A. MATHEMATICAL INDUCTION: THE DOMINO EFFECT
A.4. Theorem. 1 + 2 + 3 + 4 =
(4)(5)
2
.
A.5. Theorem. 1 + 2 + 3 + 4 + 5 =
(5)(6)
2
.
Okay, this is getting a little tedious. Let’s see that it is not necessary to start each of
this potentially inﬁnite list of theorems from scratch. Once we have successfully proved one
of these theorems, verifying the next one is much easier.
A.6. Question. Can you use the fact that 1 + 2 + 3 + 4 + 5 =
(5)(6)
2
to verify that
1 + 2 + 3 + 4 + 5 + 6 =
(6)(7)
2
,
without having to readd 1 + 2 + 3 + 4 + 5?
Hopefully, your strategy did not depend in any meaningful way on the speciﬁc numbers
involved. To clarify this fact, let’s do another one. Notice that you are not asked to verify
the sum up to 129–just accept that one as true.
A.7. Question. Suppose it is true that 1 +2 +3 +· · · +129 =
(129)(130)
2
. Can you use this
fact to show that
1 + 2 + 3 +· · · + 129 + 130 =
(130)(131)
2
?
Try to do it without performing extensive addition.
Just one more to drive the point home.
A.8. Question. Suppose it is true that 1 +2 +3 +· · · +172391 =
(172391)(172392)
2
. Can you
use this fact to show that
1 + 2 + 3 +· · · + 172391 + 172392 =
(172392)(172393)
2
?
In fact, what you are really doing is proving that if you know that the formula holds
for any natural number, then it also holds for the next natural number.
A.9. Exercise. Suppose some natural number k is chosen and you are told it is true that
1 + 2 + 3 + · · · +k =
(k)(k+1)
2
. Use this fact to show that
1 + 2 + 3 + · · · +k + (k + 1) =
(k + 1)(k + 2)
2
.
Once you have done the above exercise, you have all the ingredients to prove that the
formula is true for any number. You have proved (1) that the formula is true for the ﬁrst
natural number and (2) you have proved that you can always take one more step, that is,
you have proved that if the formula is true for any given natural number, then it is also true
THE INFINITUDE OF FACTS 127
for the next natural number. Why do those two steps convince you that the formula must
be true for all natural numbers? This reasoning provides a proof of the following theorem.
A.10. Theorem. Let n be a natural number. Then 1 + 2 + 3 +· · · + n =
(n)(n+1)
2
.
The strategy of (1) proving a base case and then (2) proving that the truth of the
assertion of an arbitrary natural number implies its truth for the next natural number is a
method of reasoning called proof by induction.
Another formula. Let’s go through the same process for another formula. Start by
directly verifying the ﬁrst few theorems.
A.11. Theorem. 1 + 2 = 2
2
−1
A.12. Theorem. 1 + 2 + 2
2
= 2
3
−1
A.13. Theorem. 1 + 2 + 2
2
+ 2
3
= 2
4
−1
A.14. Theorem. 1 + 2 + 2
2
+ 2
3
+ 2
4
= 2
5
−1
Can you use the truth of one step to prove the truth of the next one?
A.15. Question. Can you use the fact that 1 + 2 + 2
2
+ 2
3
+ 2
4
= 2
5
−1 to verify that
1 + 2 + 2
2
+ 2
3
+ 2
4
+ 2
5
= 2
6
− 1,
without performing extensive arithmetic?
In the next question, don’t independently verify the case up to 2
37
–just assume that
formula is true to do the next higher case.
A.16. Question. Suppose it is true that 1 +2 +2
2
+· · · +2
37
= 2
38
−1. Can you use this
fact to show
1 + 2 + 2
2
+ · · · + 2
38
= 2
39
−1?
Do it without performing any extensive arithmetic.
Of course, your method did not depend on the particular number 37, so let’s write down
the fact that you can now prove that you can always take one more step, that is, the truth
of the formula for one natural number implies the truth of the formula for the next natural
number.
128 A. MATHEMATICAL INDUCTION: THE DOMINO EFFECT
A.17. Question. Suppose it is true that 1 +2 +2
2
+· · · +2
k
= 2
k+1
−1. Can you use this
fact to show
1 + 2 + 2
2
+ · · · + 2
k
+ 2
k+1
= 2
k+2
−1?
Again, you have proved (1) that the formula is true for the ﬁrst natural number and
(2) you have proved that you can always take one more step, that is, you have proved that
if the formula is true for any given natural number, then it is also true for the next natural
number. Why do those two steps convince you that the formula must be true for all natural
numbers? This reasoning provides a proof of the following theorem.
A.18. Theorem. For every natural number n, 1 + 2 + 2
2
+· · · + 2
n
= 2
n+1
− 1.
On your own. Prove the following theorems by induction.
A.19. Theorem. For every natural numbers n,
1
2
+ 2
2
+· · · +n
2
=
n(n + 1)(2n + 1)
6
.
A.20. Theorem. For every natural number n > 3, 2
n
< n!.
A.21. Theorem. For every natural number n,
1
3
+ 2
3
+ · · · +n
3
= (1 + 2 +· · · + n)
2
.
Strong induction. In this section we are going to introduce a slightly diﬀerent mode
of reasoning that is called strong induction.
Consider the following game involving two players, whom we will call Player 1 and
Player 2. Two piles each containing the same number of rocks sit between the players. At
each turn a player may remove any number of rocks (other than zero) from one of the piles.
The player to remove the last rock wins. Player 1 always goes ﬁrst.
A.22. Theorem. If each pile contains exactly one rock, Player 2 will win.
A.23. Theorem. If each pile contains two rocks, Player 2 has a winning strategy.
A.24. Theorem. If each pile contains three rocks, Player 2 has a winning strategy.
A.25. Theorem. If each pile contains four rocks, Player 2 has a winning strategy.
A.26. Question. In proving the theorem for piles with four rocks each, did you consider
all possible scenarios, or did you make use of the previous three theorems?
THE INFINITUDE OF FACTS 129
In the next question you are not being asked to analyze each of the ﬁrst 11 cases.
Instead, you are asked to assume that those have been done and then use that information
to show that Player 2 has a winning strategy when there are 12 rocks.
A.27. Exercise. Suppose you know that Player 2 has a winning strategy for this game
when the number of rocks in each pile is 1, 2, 3, . . . , 10, or 11. Show that Player 2 has a
winning strategy when each pile contains 12 rocks.
Of course, the number 11 could have been any number. Let’s replace it with a variable.
A.28. Exercise. Let k be a natural number. Suppose you know that Player 2 has a winning
strategy for this game when the number of rocks in each pile is any one of the following
natural numbers: 1, 2, 3, . . . , k. Show that Player 2 has a winning strategy when each pile
contains k + 1 rocks.
You have proved (1) that Player 2 has a winning strategy for the ﬁrst natural number
and (2) you have proved that you can always take one more step, that is, you have proved
that if Player 2 has a winning strategy for each natural number up to a certain point, then
Player 2 has a winning strategy for the next natural number. Why do those two steps
convince you that Player 2 has a winning strategy for any size of beginning piles? This
reasoning provides a proof of the following theorem.
A.29. Theorem. For any natural number n of rocks in each pile to begin, Player 2 has a
winning strategy.
The strategy of (1) proving a base case and then (2) proving that the truth of the
assertion for all natural numbers up to a certain natural number implies its truth for the
next natural number is a method of reasoning called proof by strong induction.
On your own. Prove the following theorems by strong induction.
A.30. Theorem. Every natural number can be written as the sum of distinct powers of 2.
A.31. Theorem. Every natural number greater than 7 can be written as a sum of 3’s and
5’s.
Deﬁnition. A polynomial is said to be reducible if it can be written as a product of two
polynomials each of smaller degree. Otherwise it is said to be irreducible.
A.32. Theorem. Every polynomial can be written as a product of irreducible polynomials.
130 A. MATHEMATICAL INDUCTION: THE DOMINO EFFECT
A.33. Exercise. Describe in detail the strategies of induction and strong induction and
explain why those modes of proof are valid.
Index
abstract algebra, 53
alHaytham, Abu, 61
Artin’s Conjecture, 85
Artin, Emil, 85
Aryabhata, 26
Bachet, Claude, 26
Bessy, Frenicle de, 61
Binomial Theorem, 57–58, 61
Brahmagupta, 26, 51
canonical complete residue system modulo n, 47,
54
Chinese Remainder Theorem, 50–51
common divisor, 19
common multiple, 25
complete residue system modulo n, 47, 56
composite number, 30, 57
congruent modulo n, 12, 43
Descartes, Rene, 42, 101
DiﬃeHellman key exchange, 84
Diophantine equation, 23
Diophantus of Alexandria, 26
Dirichlet, Legune, 38, 101
Disquisitiones Arithmeticae, 51
divide, 12
divisibility tests, 17, 45
Division Algorithm, 18–19
equivalence class, 47
equivalence relation, 15
Eratosthenes, 31
Euclid, 41
Euclidean Algorithm, 21, 48
Euler φfunction, 58–59
Euler’s Criterion, 89
Euler’s Theorem, 59–61
Euler, Leonhard, 24, 27, 41, 42, 51, 61, 101
Fermat prime, 38
Fermat’s Last Theorem, 100
exponent 4, 100
Fermat’s Little Theorem, 55–59, 61, 62
Fermat, Pierre, 101
Fermat, Pierre de, 42, 51, 61, 99
Fundamental Theorem of Arithmetic, 32–36
applications, 34–36
statement, 33
Gauss’ Lemma, 91
Gauss, Carl Friedrich, 40, 50
Germain, Sophie, 85
Girard, Albert, 101
Goldbach Conjecture, 41
Goldbach, Christian, 41
Great Internet Mersenne Prime Search, 42
greatest common divisor, 20
Hardy, G. H., 101
integer, 11
inverse modulo p, 60
irrational number, 35
Ivory, James, 61
Lagrange’s Theorem, 76
Lagrange, Joseph, 27, 51, 61, 101
least common multiple, 25
Legendre symbol, 89
Legendre, Adrien, 101
Legendre, AdrienMarie, 40, 51
Leibniz, Gottfried Wilhelm, 61, 62
linear congruence, 47–49, 53
linear Diophantine equation, 19–25, 48
mathematical induction, 30
Mersenne prime, 38, 42
Mersenne, Marin, 42
method of descent, 100
method of successive squaring, 44–45
multiplicative function, 81
natural number, 11
order of a modulo n, 54–56
perfect number, 41–42
polynomials, 46
131
132 INDEX
polynomials modulo n, 45
prime number, 30, 55, 56
congruent to 3 modulo 4, 37
Fermat prime, 38
in an arithmetic progression, 37–38
inﬁnitude of, 36–37
Mersenne prime, 38
Sophie Germain prime, 85
Prime Number Theorem, 40
primitive Pythagorean triple, 96
Primitive Root, 77
Pythagorean Theorem, 95
Pythagorean triple, 95, 99
inﬁnitude of, 96
primitive, 96
Pythagorean Triple Theorem, 97
quadratic nonresidue, 88
quadratic reciprocity, 92
quadratic residue, 88
Ramanujan, Srinivasa, 101
rational number, 35
relatively prime, 20, 57, 59
Sieve of Eratosthenes, 31
Sophie Germain prime, 85
sums of squares, 98
representing numbers, 99
representing primes, 98
system of linear congruences, 49–50
Twin Prime Question, 39
Waring, Edward, 61
WellOrdering Axiom, 18
Wiles, Andrew, 100, 102
Wilson’s Theorem, 60–62
Wilson, John, 61
Contents
Chapter 0. Introduction Number Theory and Mathematical Thinking Note on the approach and organization Methods of thought Acknowledgments Chapter 1. Divide and Conquer Divisibility In The Natural Numbers Deﬁnitions and examples Divisibility and congruence The Division Algorithm Greatest common divisors and linear Diophantine equations Linear Equations Through The Ages Chapter 2. Prime Time The Prime Numbers Fundamental Theorem of Arithmetic Applications of the Fundamental Theorem of Arithmetic The inﬁnitude of primes Primes of special form The distribution of primes From Antiquity To The Internet Chapter 3. A Modular World Thinking Cyclically Powers and polynomials modulo n Linear congruences Systems of linear congruences: the Chinese Remainder Theorem A Prince And A Master 5 5 6 6 7 9 9 9 11 16 17 24 27 27 28 32 34 36 37 39 43 43 43 47 49 51
1
2
CONTENTS
Chapter 4. Fermat’s Little Theorem and Euler’s Theorem Abstracting the Ordinary Orders of an integer modulo n Fermat’s Little Theorem An alternative route to Fermat’s Little Theorem Euler’s Theorem and Wilson’s Theorem Fermat, Wilson And . . . Leibniz? Chapter 5. Public Key Cryptography Public Key Codes And RSA Public key codes Overview of RSA Let’s decrypt Hard Problems Chapter 6. Polynomial Congruences and Primitive Roots Higher Order Congruences Lagrange’s Theorem Primitive roots Euler’s φfunction and sums of divisors Euler’s φfunction is multiplicative Roots modulo a number Sophie Germain Is Germane, Part I Chapter 7. The Golden Rule: Quadratic Reciprocity Quadratic Congruences Quadratic residues Gauss’ Lemma and quadratic reciprocity Sophie Germain is germane, Part II Chapter 8. Pythagorean Triples, Sums of Squares, and Fermat’s Last Theorem Congruences to Equations Pythagorean triples Sums of squares Pythagorean triples revisited Fermat’s Last Theorem
53 53 53 55 57 58 61 63 63 63 63 64 66 71 71 71 72 74 76 78 81 85 85 85 88 92 95 95 95 98 100 100
taxicabs.CONTENTS 3 Who’s Represented? Sums of squares Sums of cubes. The Search for Primes Primality Testing Is it prime? Fermat’s Little Theorem and probable primes AKS primality Record Primes Appendix A. Mathematical Induction: The Domino Eﬀect The Inﬁnitude Of Facts Gauss’ formula Another formula On your own Strong induction On your own Appendix. Rationals Close to Irrationals and the Pell Equation Diophantine Approximation And Pell Equations A plunge into rational approximation Out with the trivial New solutions from old Securing the elusive solution The structure of the solutions to the Pell equations Bovine Math Chapter 10. and Fermat’s Last Theorem Chapter 9. Index 101 101 102 105 105 106 109 110 111 113 114 119 119 119 120 122 122 125 125 125 127 128 128 129 131 .
.
Many simplesounding questions remain unanswered after literally thousands of years of thought. Later. making mistakes and then making adjustments are clear parts of the experience. Number theory is an excellent subject for learning the ways of mathematical thought. whole numbers can be formulated into conjectures of amazing richness. we will continue to emphasize the dual goals of developing mathematical thinking skills and developing an understanding of number theory. people seeking to learn to think like a mathematician should expect to do those things that mathematicians do. But at some point. The two goals are inextricably entwined throughout and seeking to disentangle the two would be to miss the essential strategy of this twopronged approach. theorems. Throughout this book.CHAPTER 0 Introduction Number Theory and Mathematical Thinking One of the great steps in the development of a mathematician is becoming an independent thinker. and proved. Mathematics is a participatory sport. the successful mathematics student becomes a more independent mathematician. You will develop skills of formulating and proving theorems. Formulating ideas into deﬁnitions. whole numbers can be collected. the challenge was to learn some proofs. One goal is to help you develop independent mathematical thinking skills. formulated. This textbook has two equally signiﬁcant goals. Other simple observations about small. and yet the study of those familiar numbers leads us into waters of extreme depth. Also. Just as a person learning to play tennis would expect to play tennis. Many simple observations about small. Other questions have recently been settled after being unsolved for hundreds of years. and conjectures becomes part of daily life. in analogy to learning a sport. examples. The second is to help you understand some of the fundamental ideas of number theory. Every mathematician can look back and see a time when mathematics was mostly a matter of learning techniques or formulas. The mathematical thinking skills developed here include being able to 5 . Every college student is familiar with basic properties of numbers.
• prove theorems using various strategies. We hope you will enjoy your exploration of this intriguing domain. Number theory contains within it some of the most fascinating insights in mathematics. using the further chapters for future work and independent study projects. Note on the approach and organization. They become useful tools as they appear recurrently in diﬀerent contexts and as you begin to incorporate them into your habits of approaching the unknown.6 0. and statements of theorems. exercises. We do not present these methods of proof . and eight are sequentially dependent. Chapter ﬁve on cryptography does not contain material that is required for the future chapters. We want you to see the development of mathematics as a natural exploration of a realm of thought. seven. questions. Each chapter concludes with some historical remarks on the chapter’s content. theorems. it will be natural to develop an understanding of various ways to give convincing arguments. Never should mathematics seem to be a mysterious collection of deﬁnitions. Chapters one through four present concepts that are used in all the future chapters. While looking at numbers and ﬁnding patterns among them. Proofs are clear reasons that the statements are true. Chapters nine and ten are independent and can be read any time after chapter four. It is fascinating to see threads begin in antiquity and continue into the 21st century with no clear end in sight. Theorem statements arise as crystallized observations. This is meant to place the ideas on an historical timeline. Deﬁnitions are generally preceded by examples and discussion that make that deﬁnition a natural consequence of the experience of the examples and the line of thinking presented. In a semester course. the authors generally treat chapters one through ﬁve. These diﬀerent styles of proofs will become familiar and logically sound. examples. and proofs that arise from the void and must be memorized for a test. Each chapter contains deﬁnitions. • determine the correctness of a mathematical argument independently without having to ask an authority. Clearly these thinking skills are applicable across all mathematical topics and outside mathematics as well. proof. and analysis are not facts to be learned once and set aside. Methods of thought. INTRODUCTION • look at examples and formulate deﬁnitions and questions or conjectures. Chapters six. Methods of thought.
By the end of the course these abilities and techniques will be natural strategies for you to use in your mathematical investigations and beyond. The EAF fosters methods of teaching that promote independent thinking and student creativity. Jr. for their generous support of the Inquiry Based Learning Project. • Relating examples to the general case. – taking reasoning that works in a special case and making it general. • Making precise statements. Many of the instructors who tested these materials received mentoring and incentives from the EAF. and we hope that this book will make those methods broadly available to many students. • Following consequences of assumptions. Acknowledgments. • Generalizing from examples. proof. and we have received support in the writing of this book and other Inquiry Based Learning material. We hope you enjoy your Inquiry Into Number Theory. • Using basic logic. • Measuring complexity. but instead you will develop them as naturally occurring methods of stating logically correct reasons for the truth of statements. • Understanding examples. • Forming negations.NUMBER THEORY AND MATHEMATICAL THINKING 7 in the abstract. • Making precise deﬁnitions. We thank the Educational Advancement Foundation and Harry Lucas. and analysis are: • Finding patterns and formulating conjectures. – contradiction. • Looking for elementary building blocks. We thank the National Science Foundation for its support of this project under NSFDUECCLI Phase I grant 0536839. • Methods of proof: – induction. In particular we wish the . contrapositives. and converses of statements. – reducing complexity. Special thanks are also due to the many students and instructors who used earlier versions of this book and who made many useful suggestions. which has inspired us and many other faculty members and students. Some methods of thought.
who always makes coming home the high point of my day. Ben Klaﬀ. and children. Edward Odell: Five years ago I spent numerous hours attending Mike Starbird’s inquiry based number theory class and then attempting to duplicate his wizardry in my own class. David Marshall: I thank foremost my coauthors Mike Starbird and Ted Odell for introducing me to the Modiﬁed Moore Method style of inquiry based teaching and for mentoring me during my short stay at The University of Texas. I thank Mike and Ted as well for inviting me to take part in this project. She took the class. The University of Texas at Austin. Last but not least I thank my wife Gail for her love and support and my children Holly and Amy for understanding when their dad was busy. Thanks also to my wife Roberta. The experience was fantastic and has had a profound impact on the way I conduct my classes today. We also thank Stephanie Nichols who is a graduate student in mathematics education at The University of Texas at Austin. for their constant encouragement and support. Monmouth University. Susan Hammond Marshall. Thanks also to Professor Jennifer Smith and her students who are doing research in mathematics education that involves inquiry based instruction in the acquisition of mathematical thinking skills. served as a graduate student assistant for several semesters. who has had to listen to me pontiﬁcate on all matters number theory for well over a year. and my daughter. a joy to work with and without whose eﬀorts and guidance this book would still be far from completion.8 0. The University of Texas at Austin. INTRODUCTION thank the following faculty members who used drafts of this book while teaching number theory at The University of Texas at Austin: Gergely Harcos. I thank my wonderful family. and rewarding experience. Genevieve Walsh. my wife. Thanks are also due to David. . educational. I am forever grateful to Mike for inviting me into this project and for his constant support. and is conducting research about the eﬃcacy of this method of introducing students to the ideas of mathematical proof. Talley and Bryn. Their unfailing cheerfulness and good sense made this project a true joy to work on. Michael Starbird: Thanks to Ted and David for making the writing of this book an especially enjoyable experience. Alfred Renyi Institute of Mathematics. Deepak Khosla. Tufts University. Susan. It has been a very enjoyable. Gillian.
. . −1. and the Euclidean Algorithm. . The natural numbers are the numbers {1.CHAPTER 1 Divide and Conquer Divisibility In The Natural Numbers How can one natural number be expressed as the product of smaller natural numbers? This innocent sounding question leads to a vast ﬁeld of interconnections among the natural numbers that mathematicians have been exploring for literally thousands of years. however. which formalizes the intuitive idea of numbers on a cycle. 3. 2. famously said roughly. The ideas of 0 and negative numbers are abstractions of the natural numbers. 3. The integers are {. . . 4. As you explore questions of divisibility of integers and questions about modular arithmetic. −2.. days in a week. In this chapter we start our investigation of the natural numbers by deﬁning divisibility and then presenting the ideas of the Division Algorithm. 1. many experiences in everyday life are cyclical–hours in the day.” The natural numbers are the counting numbers to which we were introduced in our childhoods. Leopold Kronecker. “God gave us the natural numbers–all else is made by humankind. In this Chapter.}. 9 . 0. This concept of cyclicity gives rise to the idea of modular arithmetic. motions of the planets. Many people view the natural numbers as the most basic of all mathematical ideas. Deﬁnition. you will develop skills in proving theorems. including proving theorems by induction. Those ideas extend the natural numbers to the integers. . A 19th century mathematician. greatest common divisors. −3. These ideas in turn allow us to ﬁnd integer solutions to linear equations. we will introduce the basic idea of modular arithmetic but will develop the ideas further in future chapters. The natural numbers are naturally ordered in one long ascending list. 2. The adventure begins by recalling the arithmetic from our youth and looking at it afresh. Deﬁnition.}. Deﬁnitions and examples. The basic relationships between integers that we will explore in this chapter are based on the divisibility of one integer by another. . .
Then d divides a. We say that a and b are congruent modulo n if and only if n(a − b). if you wrote the natural numbers around a clock. “Question”. For example: Example Theorem. you would put 13 in the same place as 1 and 14 in the same place as 2. We next turn to a more complicated deﬁnition that we will see captures the idea of numbers arranged in a cyclical pattern. the existence of a third integer k with its multiplicative property. b. Suppose a and d are integers. and n are integers. The conclusion we want to make is that 3 also divides n. For example. Deﬁnition. Let k be an integer. namely. but then pin them down. Then you would supply the proof. Let n be an integer. They come in several diﬀerent ﬂavors which we roughly categorize as “Theorem” (or “Lemma” or “Corollary”). that there exists an integer k such that n = 6k. if and only if there is an integer k such that a = kd. satisfying the deﬁnition for n to be divisible by 3. A Theorem denotes a mathematical statement to be proved by you. we can take k = 2k. Example Theorem. DIVIDE AND CONQUER Deﬁnition. Suppose that a. By deﬁnition. If 6n. that a = kd. If k ≡ 7 (mod 2). then k ≡ 3 (mod 2). with n > 0. . then 3n. Our hypothesis that 6n means. Here’s an example that uses a congruence. namely. Having this formal deﬁnition of divisibility will allow you to say clearly why some theorems about divisibility are true.10 1. That idea is what is formalized in the following deﬁnition of congruence. etc. Notice that this deﬁnition gives us a practical conclusion from the assertion that the integer d divides the integer a. your proof might look like this: Example Proof. that means we want to show that there exists an integer k such that n = 3k . Mathematical deﬁnitions encapsulate intuitive ideas. Since n = 6k = 3(2k). We denote this relationship as a ≡ b (mod n) and read these symbols as “a is congruent to b modulo n”. For example. denoted da. by deﬁnition. We will soon begin with the ﬁrst set of questions. or “Exercise”. Remembering the formal deﬁnition of divisibility will be useful throughout the course.
DIVISIBILITY IN THE NATURAL NUMBERS
11
Example Proof. Our hypothesis that k ≡ 7 (mod 2) means, by deﬁnition, that 2(k− 7), which, also by deﬁnition, means there exists an integer k such that k − 7 = 2k. Adding 4 to both sides of the last equation yields k − 3 = 2k + 4 = 2(k + 2). Since k + 2 is also an integer, this means 2(k − 3), or k ≡ 3 (mod 2), and so the theorem is proved. In giving proofs, rely on the deﬁnitions of terms and symbols, and feel free to use results that you have previously proved. Avoid using statements that you “know”, but which we have not yet proved. A “Question” is often more open, leaving the reader to speculate on some idea. These should be given considerable thought. An “Exercise” is often more computational in nature, illustrating the results of previous (or upcoming) theorems. These help you to make sure your grasp of the material is ﬁrm and grounded in the reality of actual numbers. Divisibility and congruence. The next theorems explore the relationship between divisibility and the arithmetic operations of addition, subtraction, multiplication, and division. Frequently a good strategy for generating valuable questions in mathematics is to take one concept and see how it relates to other concepts. 1.1. Theorem. Let a, b, and c be integers. If ab and ac, then a(b + c). 1.2. Theorem. Let a, b, and c be integers. If ab and ac, then a(b − c). 1.3. Theorem. Let a, b, and c be integers. If ab and ac, then abc. Any theorem has a hypothesis and a conclusion. That structure of theorems automatically suggests questions, namely, can the theorem be strengthened? If we are able to deduce the same result with fewer or weaker hypotheses, then we will have constructed a stronger theorem. Similarly, if we are able to deduce a stronger conclusion from the same hypotheses, then we will have constructed a stronger theorem. So attempting to weaken the hypothesis and still get the same conclusion, or keep the same hypotheses but deduce a stronger conclusion are two fruitful investigations to follow when we seek new truths. So let’s try this strategy with the previous theorem. When you are considering whether a particular hypothesis implies a particular conclusion, you are considering a conjecture. Three outcomes are possible. You might be able to prove it, in which case the conjecture is changed into a theorem. You might be able to ﬁnd a speciﬁc example (called a counterexample) where the hypotheses are true, but the conclusion is false. That counterexample would then show that the conjecture is false.
12
1. DIVIDE AND CONQUER
Frequently, you cannot settle the conjecture either way. In that case, you might try changing the conjecture by strengthening the hypothesis, weakening the conclusion, or otherwise considering a related conjecture. 1.4. Question. Can you weaken the hypothesis of the previous theorem and still prove the conclusion? Can you keep the same hypothesis, but replace the conclusion by the stronger conclusion that a2bc and still prove the theorem? If you consider a conjecture and discover it is false, that is not the end of the road. Instead, you then have the challenge of trying to ﬁnd somewhat diﬀerent hypotheses and conclusions that might be true. All these strategies of exploration lead to new mathematics. 1.5. Question. Can you formulate your own conjecture along the lines of the above theorems and then prove it to make it your theorem? Here is one possible such theorem. Maybe it is the one you thought of or maybe you made a diﬀerent conjecture. 1.6. Theorem. Let a, b, and c be integers. If ab, then abc. Let’s now turn to modular arithmetic. To begin let’s look at a few speciﬁc examples with numbers to gain some experience with congruences modulo a number. Doing speciﬁc examples with actual numbers is often a good strategy for developing some intuition about a subject. 1.7. Exercise. Answer each of the following questions, and prove that your answer is correct. (1) Is 45 ≡ 9 (mod 4)? (2) Is 37 ≡ 2 (mod 5)? (3) Is 37 ≡ 3 (mod 5)? (4) Is 31 ≡ −3 (mod 5)? You might construct some exercises like the preceding one for yourself until you are completely clear about how to determine whether or not a congruence is correct. When we gain some experience with a concept, we soon begin to see patterns. The next exercise asks you to ﬁnd a pattern that helps to clarify what groups of integers are equivalent to one another under the concept of congruence modulo n. 1.8. Exercise. For each of the following congruences, characterize all the integers m that satisfy that congruence.
DIVISIBILITY IN THE NATURAL NUMBERS
13
(1) m ≡ 0 (mod 3). (2) m ≡ 1 (mod 3). (3) m ≡ 2 (mod 3). (4) m ≡ 3 (mod 3). (5) m ≡ 4 (mod 3). To understand the deﬁnition of congruence, one strategy is to consider the extent to which congruence behaves in the same way that equality does. For example, we know that any number is equal to itself. So we can ask, “Is every number congruent to itself?” The reason that this is even a question is that congruence has a speciﬁc deﬁnition, so we need to know whether that speciﬁc deﬁnition allows us to deduce that any number is congruent to itself. 1.9. Theorem. Let a and n be integers with n > 0. Then a ≡ a (mod n). We will explore several cases where properties of ordinary equality suggest questions about whether congruence works the same way. For example, in equality, the order of the left hand side versus the right hand side of an equals sign does not matter. Is the same true for congruence? 1.10. Theorem. Let a, b, and n be integers with n > 0. b ≡ a (mod n). Again, if a is equal to b and b is equal to c, we know that a is equal to c. But does the deﬁnition of congruence allow us to conclude the same about a string of congruences? It does. 1.11. Theorem. Let a, b, c, and n be integers with n > 0. If a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n). Note: If you are familiar with equivalence relations, you may note that the previous three theorems establish that congruence modulo n deﬁnes an equivalence relation on the set of integers. In the exercise before those theorems, you described the equivalence classes modulo 3. The following theorems explore the extent to which congruences behave the same as ordinary equality with respect to the arithmetic operations. We systematically go through the operations of addition, subtraction, and multiplication. Division, as we will see, requires more thought. If a ≡ b (mod n), then
and n be integers with n > 0 and k > 1. Let a. and n be integers with n > 0. Exercise. We ask you to consider the natural conjecture here.14 1. then a k ≡ bk (mod n). Theorem. Show that if a ≡ b (mod n) and ak−1 ≡ bk−1 (mod n). In the appendix we explore this technique in more detail. k.12. c. Illustrate each of Theorems 1. and n be integers with n > 0. DIVIDE AND CONQUER 1.121.18 with an example using actual numbers. then a + c ≡ b + d (mod n). and taking exponents. k. At this point you have proved several theorems that establish that congruences behave similarly to ordinary equality with respect to addition.17. and n be integers with n > 0. and c ≡ d (mod n). b. Doing examples is a good way to develop intuition. If a ≡ b (mod n) If a ≡ b (mod n) If a ≡ b (mod n) Congruences also work well when taking exponents. Exercise. b. and n be integers with n > 0. and c ≡ d (mod n). then ac ≡ bd (mod n). The following exercises present a strategy of reasoning known as proof by mathematical induction. as we will see in Theorem 1. Theorem. it is helpful to see what they mean with actual numbers. multiplication. b. we have not yet considered the arithmetic operation of division.13. Theorem. 1. 1. Let a. subtraction. then a2 ≡ b2 (mod n). then a − c ≡ b − d (mod n). 1. 1. To make all these theorems more meaningful. Let a. b. d. c. Let a.16. c. Exercise. .15. and n be integers with n > 0 and k > 0. then a3 ≡ b3 (mod n). 1.18. Show that if a ≡ b (mod n). 1. 1. Let a. b. b. You will have noticed that at this point.18. then a k ≡ bk (mod n). Exercise.19. Let a. Let a. and n be integers with n > 0. One way to approach its proof is to start with simple cases and see how the general case follows from them. If a ≡ b (mod n). d. d. Theorem.14. b. Show that if a ≡ b (mod n). and c ≡ d (mod n).
Theorem. If you answer “no”. related theorems that might be provable with the same technique. . In the next theorems you will prove that these techniques of checking divisibility work.) If m = ak + ak−1 + . If the sum of the digits of a natural number expressed in base 10 is divisible by 3.24. try and give a proof. and n be integers for which ac ≡ bc (mod n). 1. When we have proved a theorem. 1. the sum of its digits is divisible by 3. when expressed in base 10. try and give a counterexample. . 1131 is divisible by 3 because 3 divides 1 + 1 + 3 + 1. then. Can we conclude that a ≡ b (mod n)? If you answer “yes”. then the number is divible by 3 as well. not that the ai ’s are being multiplied together. A natural number that is expressed in base 10 is divisible by 3 if and only if the sum of its digits is divisible by 3.DIVISIBILITY IN THE NATURAL NUMBERS 15 1. Note: An “if and only if” theorem statement is really two separate theorems that need two separate proofs. We encourage you to ﬁnd several such divisibility criteria in the next exercise. subtraction. Devise and prove other divisibility criteria similar to the preceding one. we ﬁnd that the concept of congruence and the theorems about addition. (Note that what we mean by this notation is that each ai is a digit of a regular base 10 number. We have done that for you in the following case to illustrate the practice. Theorem. Theorem. 1. . + a1 + a0 . . For example. Exercise. multiplication. . then n ≡ m (mod 3). If a natural number is divisible by 3. c. A good practice is to write down each statement separately so that the hypothesis and the conclusion are clear in each case. Namely. a1a0 . b. 1. We will continiue the discussion of division at a later point. it is a good idea to ask whether there are other. In the meantime. Let a natural number n be expressed in base 10 as n = ak ak−1 .22. Let a.23.20. Theorem. You may already have been told how to tell when a number is divisible by 3 or by 9. Question. you simply add up the digits of the number and ask whether the sum of the digits is divisible by 3 or 9.21. and taking exponents allow us to prove some interesting facts about ordinary numbers.
for example. we deﬁne an appropriate nonempty set of natural numbers and then look at that set’s smallest element to deduce something we want. Then (existence part) there exist integers q (for quotient) and r (for remainder) such that m = nq + r . After reading it carefully. S has a smallest element. You might consider using the WellOrdering Axiom for the Natural Numbers in proving the Division Algorithm below. In fact. Here is an example of how you might use the WellOrdering Axiom for the Natural Numbers. We next turn our attention to a theorem called the Division Algorithm. We could let S be the set of all numbers 7i. Then S has a smallest element. Example Theorem. Axiom (The WellOrdering Axiom for the Natural Numbers). For every natural number n there is a natural number k such that 7k diﬀers from n by less than 7. By the WellOrdering Axiom for the Natural Numbers. where i is a natural number. Instead. it’s so obvious that it is an axiom. we will just assume that the following WellOrdering Axiom for the Natural Numbers is true. The value of this axiom is that it sometimes allows us to pin down the reason why some assertion is true in a proof. The Division Algorithm is a useful observation about natural numbers. such that 7i is greater than or equal to n. DIVIDE AND CONQUER The Division Algorithm. The reason that we can’t really give a proof of it is that we have not really deﬁned the natural numbers. Surprisingly often it captures exactly what we need to know to prove theorems about integers. we point out a fact about the natural numbers that is obviously true. Let n and m be natural numbers. you will see that it captures a basic property about ordinary division. Example Proof. Since we are accepting this fact as true. namely. but are just using them as familiar objects that we have known all our lives.16 1. meaning a statement that we accept as true without proof. otherwise 7(j − 1) would be a smaller element of S. you should feel free to use it whenever you wish. Then 7j diﬀers from n by less than 7. Theorem (The Division Algorithm). This example gives the ﬂavor of how the WellOrdering Axiom for the Natural Numbers is used. the following statement might be one of the axioms we would use to deﬁne the natural numbers. Before we state it. If we were taking a very abstract and formal approach to number theory where we deﬁned the natural numbers in terms of set theory. call it 7j. Let S be any nonempty set of natural numbers.
it is useful to look at some examples with actual numbers to understand the statement. n = 4. b. 1. Theorem. This strategy helps to illuminate relationships and common features of numbers. (2) m = 277. Exercise. Use what you know about r and r as part of your argument that q = q .25.DIVISIBILITY IN THE NATURAL NUMBERS 17 and 0 ≤ r ≤ n − 1.) The following theorem connects the ideas of congruence modulo n with remainders such as occur in the Division Algorithm. It says that if the remainders are the same when divided by the modulus. (Hint: If nq + r = nq + r . Moreover (uniqueness part). .) 1. n = 45. Greatest common divisors and linear Diophantine equations. then r1 = r2.26. Theorem. Theorem. if q. r are any integers that satisfy m = nq + r = nq + r with 0 ≤ r. n = 11. n = 7. The divisors of an integer tell us something about its structure. then nq − nq = r − r. As usual. and n be integers with n > 0. then q = q and r = r . Equivalently. then the numbers are congruent. 1. r ≤ n − 1. (4) m = 33. (Hint: Given n and m.27. 1. q and r.28. One of the strategies of mathematics is to investigate commonalities. Then a ≡ b (mod n) if and only if a and b have the same remainder when divided by n. Prove the uniqueness part of the Division Algorithm. how will you deﬁne q? Once you choose this q. In the case of divisors. Prove the existence part of the Division Algorithm. a ≡ b (mod n) if and only if when a = nq1 + r1 (0 ≤ r1 ≤ n − 1) and b = nq2 + r2 (0 ≤ r2 ≤ n − 1). (3) m = 33. Illustrate the Division Algorithm for: (1) m = 25. Let a. we now move from looking at the divisors of a single number to looking at common divisors of a pair of numbers. then how is r chosen? Then show that 0 ≤ r ≤ n − 1.
Do every two integers have at least one common divisor? 1. As usual. then a and b are said to be relatively prime.18 1. Exercise. 28) . b) = 1. DIVIDE AND CONQUER Deﬁnition. The ﬁrst question involves how many common divisors there are to a pair of integers. The greatest common divisor of two integers a and b is denoted gcd(a. b) always stands for the greatest common divisor. You might think that this notation would be confusing because it is the same notation as for an interval on the real line. 22) (2) (45. Question. b). Deﬁnition. One indication of the centrality of the concept of greatest common divisor is that it has two diﬀerent notations including the extremely simple notation (a. not both 0.31. (a. however. 256) (5) (15. relatively prime. we proceed to explore its implications. −15) (3) (−296. −88) (4) (0. Having more divisors in common shows some commonality between numbers. a good way to develop intuition about a concept is to investigate some speciﬁc examples.29. The greatest common divisor of two integers a and b. is the largest integer d such that da and db. Deﬁnition. Question.30. Can two integers have inﬁnitely many common divisors? The greatest common divisor is a concept that plays a central role in the study of many of our future topics. 1. in the context of number theory. but having almost no common divisors indicates that the numbers do not share many factors. Once we have isolated a deﬁnition such as common divisor. A common divisor of integers a and b is an integer d such that da and db. Find the following greatest common divisors. b) or more brieﬂy as just (a. 1. A pair of numbers that have no extra common divisors have a special role to play and consequently are given a name. Which pairs are relatively prime? (1) (36. If gcd(a. b).
Theorem. we use integers rather than natural numbers.37. then (a. Theorem. and r1 be integers with a and b not both 0. Let a.C. If a = nb + r and ka and kb. b) = (b. Use the Euclidean Algorithm to ﬁnd (1) (96. −2436) The next exercise illustrates that the techniques that you are developing to ﬁnd common divisors can also be used to ﬁnd integer solutions to equations. 1. The method you probably devised for ﬁnding the greatest common divisor of two integers is actually very famous. and k be integers. Let a. Notice in the next theorems that. n1 . there is no hypothesis about the size of r in these theorems. devise a procedure for ﬁnding the greatest common divisor of two integers. r1). then (51. and is called the Euclidean Algorithm.36. 15) = (6.DIVISIBILITY IN THE NATURAL NUMBERS 19 (6) (1.35.33. Also. Exercise. although they look similar to the equation that we saw in the Division Algorithm. −166) (5) (1. 15 = 2 · 6 + 3. 1. −2436) The next theorems explore conditions under which various pairs of numbers have the same greatest common divisors. Use the preceding theorem to show that if a = 51 and b = 15. b. 1. Exercise. . 256) (4) (−288. It dates back to the third century B. r. Find integers x and y such that 175x + 24y = 1. 6 = 2 · 3 + 0. Exercise (Euclidean Algorithm). As an illustration of the above theorem. 3) = 3. 24) (3) (0. If a = n1 b + r1. 1.34. 1. 1. Exercise. n. 112) (2) (175. Using the previous theorem and the Division Algorithm successively. b.32. note that 51 = 3 · 15 + 6. then kr.
. because they will be useful for theorems to come. then three steps. we seek to ﬁnd extensions or variations of it that are also true. Theorem.) 1. Here. It is a good idea to start with an example where the Euclidean Algorithm takes just one step. We ﬁnd that an analogous theorem is true. bn and (a. b) = 1. Theorem. and seeing how to ﬁnd the x and y. b) = 1. For any integers a and b not both 0. Theorem.41. there are integers x and y such that ax + by = (a.39. If (a. Let a and b be integers. If there exist integers x and y with ax + by = 1. b) = 1. Note: In the next theorem.38. Let a and b be integers. because you might use some of the previous results to prove them. and n be integers. 1. In this case.e. b. As usual. we have just proved a theorem about relatively prime numbers.40. So it is natural to ask what we can say in the case that a pair of numbers is not relatively prime. then ac. one. b. are the two theorems you must prove: 1. it’s a good practice to write each down separately. doing the Euclidean Algorithm.20 1. to keep things clear. and. 1. (a. If an. Theorem. Let a and b be integers. and c be integers.42. Theorem. Let a. Then a and b are relatively prime (i. then (a. (Hint: Use the Euclidean Algorithm. then look for a general procedure. then abn. If abc and (a. Do some examples by taking some pairs of relatively prime integers. then there exist integers x and y such that ax + by = 1. remember as before that an “if and only if” theorem statement is really two separate theorems. Let a. written separately. Theorem. then do an example where the Euclidean Algorithm takes two steps. We have done that for you again in this case to illustrate the practice. b) = 1) if and only if there exist integers x and y such that ax + by = 1. . The following three theorems appear here for two reasons. Once we have proved a theorem. b) = 1. DIVIDE AND CONQUER This example is actually a special case of a general theorem that relates relatively prime numbers to integer solutions of equations. 1. two. b).
44 before reading further. b. Question. The next theorem answers the previous question. The answer involves the concept of being relatively prime. Can you make a conjecture by completing the following statement? Conjecture. n) = 1 and (b. n) = 1. b. Recall your work in Question 1. The following theorem summarizes the circumstances under which an equation ax+by = c has integer solutions. If ac ≡ bc (mod n) and (c. Our analysis so far of linear Diophantine equations will now prove to be quite useful in resolving our outstanding concern with cancellation in modular arithmetic. 1. and n be integers.43. then (ab. and c are integers and that there is a solution to the linear Diophantine equation ax + by = c. c. Question. What condition must c satisfy in terms of a and b? 1.DIVISIBILITY IN THE NATURAL NUMBERS 21 1. b)c. b.48. so. 1. 1. n) = 1. and n (c not 0) for which ac ≡ bc (mod n) and yet a is not congruent to b modulo n. It is an “if and only if” theorem. and c. Theorem. when do there exist integers x and y that satisfy the equation ax + by = c? When we seek integer solutions to an equation. Theorem. Let a. Given integers a. Hopefully you showed the existence of integers a. b. Question. c. you should write down the two separate theorems that must be proved. b. the equation is called a Diophantine equation. b. suppose there are integers x and y which satisfy the equation ax + by = c. Theorem.40 begin to address the question: Given integers a. and c. so be sure to answer Question 1. What hypotheses about a.20. Theorems 1. c and n be integers with n > 0. b. n) = 1.44. that is.46.47. Given integers a.45. and n could be added so that ac ≡ bc (mod n) would imply a ≡ b (mod n)? State an appropriate theorem and prove it before reading on. b. Suppose a. there exist integers x and y that satisfy the equation ax + by = c if and only if .39 and 1. Let a. there exist integers x and y that satisfy the equation ax + by = c if and only if (a. then a ≡ b (mod n). Try to prove your conjecture before reading further. . as always. If (a. 1. and c with a and b not both 0.
b. and c are integers with a and b not both 0. If a. It presents a real life situation involving horses and oxen so that we can all identify with the problem. Question. Let a.22 1. c. b) (a. can you ﬁnd a general expression for all the integer solutions to that equation? Prove your conjecture. 770 crowns in purchasing horses and oxen. however. For example. Suppose integers x0 and y0 satisfy the equation. x = x0 + This theorem leaves open the question of whether this method of generating alternative solutions generates all the solutions or whether there are yet more solutions. and the linear Diophantine equation ax + by = c has at least one integer solution.52. Can you ﬁnd other integers x and y such that 6x + 15y = 12? How many other pairs of integers x and y can you ﬁnd? Can you ﬁnd inﬁnitely many other solutions? The following question was devised by the famous mathematician Leonhard Euler (17071783). and c. Then the integers b a and y = y0 − (a.49. 1. 1. so it brings up a question. DIVIDE AND CONQUER This theorem tells us under what conditions our linear equation has any solution. What other values x = x0 + h and y = y0 + k also satisfy ax + by = c? Formulate a conjecture that answers this question. b. Exercise (Euler). Devise some numerical examples to ground your exploration. For integers a. 1. Question. b. ax0 + by0 = c.50. and y0 be integers with a and b not both 0 such that ax0 + by0 = c. . Theorem. Can you see how Euler’s problem is related to the preceding questions? 1.51. that is. once you have one solution. b) also satisfy the linear Diophantine equation ax + by = c. A farmer lays out the sum of 1. What are the possible numbers of horses and oxen that the farmer bought? The following theorem theorem shows you how to generate many solutions to our linear Diophantine equation. x0 . He pays 31 crowns for each horse and 21 crowns for each ox. it does not tell us about all the solutions that such an equation might have. consider the linear Diophantine equation ax + by = c. 6(−3) + 15 · 2 = 12.
1. every x = x0 + solution to the linear Diophantine equation ax + by = c is of this form. Exercise. Theorem. in the “Moreover” sentence.55. then gcd(ka. The second theorem. b. denoted lcm(a. Construct and compute some examples. The ﬁrst theorem says that certain numbers are solutions to ax + by = c. and k is a natural number. b).53.DIVISIBILITY IN THE NATURAL NUMBERS 23 The following theorem answers this question. We can now prove a theorem about greatest common divisors that might have been diﬃcult to prove before we analyzed these Diophantine equations. Find all integer solutions to the equation 24x + 9y = 33. The previous theorem completes our analysis of the linear Diophantine equation ax + by = c. y = y0 is an integer solution to the equation ax + by = c (that is. The following theorem relates the ideas of the least common multiple and the greatest common divisor. Theorem. give a suitable deﬁnition for “least common multiple of a and b”. and c be integers with a and b not both 0. not both 0. 1. . It is actually two separate theorems that need two separate proofs. 1. If a and b are integers. What numbers do those two numbers both divide. A sort of opposite question is this: Suppose you are given two natural numbers. requires you to prove that no additional solutions exist.54. can we describe their common multiples? In particular. Moreover. The analysis of the solutions of that Diophantine equation made good use of the greatest common divisor. b) are integers that also satisfy the linear Diophantine equation ax + by = c. kb) = k · gcd(a. the numbers kb ka and y = y0 − (a.56. 1. Common divisors of two numbers divide both numbers. ax0 + by0 = c) then for every integer k. common. b). b) (a. Exercise. it might be interesting to try to prove this simple sounding statement without using our theorems about Diophantine equations. Let a. If x = x0 . what is the least. positive multiple of two natural numbers? The ﬁrst challenge is to write an appropriate deﬁnition. For natural numbers a and b. However. We complete the chapter by taking the idea of greatest common divisor and considering a related idea. in other words.
What do we mean by “complete”? Given a linear equation ax + by = c we can (1) determine whether or not the equation has integer solutions. whose method of solving linear Diophantine equations translates as “pulverizer”.24 1.57.D. 1. and later. Corollary. Notably. (200284).). General methods for ﬁnding solutions to linear Diophantine equations were ﬁrst given by Indian mathematicians in the 5th century A. We will see in later chapters that such a degree of success in providing a complete solution to a Diophantine equation is not always so simple. We urge you to take that step by considering the following question. (3) use a given solution to completely describe all integer solutions. DIVIDE AND CONQUER 1.59. Aryabhata (476550 A. In this chapter we explored the concepts of divisibility. Question. For Aryabhata. Problems of ﬁnding integer solutions to polynomial equations with integer coeﬃcients have been dubbed Diophantine problems. and solutions to linear Diophantine equations. Little is known of the Greek mathematician Diophantus of Alexandria.D. Theorem. b) = ab. But unlike our results of this chapter. the problem arose through the following consideration: can we ﬁnd an integer n which when divided by a leaves a remainder r and when divided by b leaves a remainder r ? The problem’s conditions can . If a and b are natural numbers. it is satisfying and helpful to put together the ideas in your mind. (2) ﬁnd an integer solution when one exists. b) · lcm(a. 1. then gcd(a. and most of what survives from him today are six books from his treatise Arithmetica.D. How are all of these ideas related? Summarize the relationships. After completing a body of work. He most likely lived during the 3rd century A.58. Diophantus was more concerned with particular problems and solutions rather than general methods. then lcm(a. greatest common divisors.) described such procedures. If a and b are natural numbers. b) = ab if and only if a and b are relatively prime.D. a collection of 130 problems giving integer and rational solutions to equations. Linear Equations Through The Ages Apart from introducing key concepts we will use throughout our investigations in number theory. Brahmagupta (598670 A. we found in this chapter a complete solution to the linear Diophantine problem.
then ax + by = c is solvable in integers. Progress did not occur in Western Europe for another 1000 years. Perhaps he summed up the history of this problem best in stating that his method is “essentially the same as Bachet’s. Leonhard Euler may have been the ﬁrst to give an actual proof that if a and b are relatively prime. . b − 1 give b distinct remainders when divided by b. . He employed a method much like ours. and setting c = r − r.LINEAR EQUATIONS THROUGH THE AGES 25 be translated into the following pair of equations n =ax + r n =by + r . . one. that is. c − k a is equal to a multiple of b. Claude Bachet (15811638). say c − k a. most famous for his Latin translation of Diophantus’ Arithmetica. Joseph Lagrange (17361830). gives the linear Diophantine equation ax − by = c. It was not until the 17th century that their mathematicians began to piece together the solution as we have presented it in this chapter. What Euler in fact demonstrated is that the quantities c − ka. . Equating the right hand sides. k = 0. who also proved a version of Euler’s result. went a step further to describe all integer solutions in terms of a given one. yields a remainder of 0. Setting c − k a = nb then gives the solution x = k and y = n. Bachet then performed a sequence of “back substitutions” in a special way so as to avoid the need of negative numbers (which were not yet in common use).” . using the division algorithm repeatedly until a remainder of 1 is reached. 1. as are also all methods proposed by all mathematicians. rediscovered in 1621 a general method of ﬁnding a solution to ax = by + 1 when a and b are relatively prime. In particular.
.
We begin by thinking about how natural numbers can be combined to create other natural numbers. this property of natural numbers lies at the heart of inductive processes both for constructing the natural numbers and often for proving theorems about them. So let’s think about breaking natural numbers into their most basic pieces from the point of view of addition. the number 1. namely. The most basic method is through addition. so to speak. is the prime numbers. Of course. The study of primes is one of the main focuses of number theory. Our goal is to understand the natural numbers. what are the natural numbers that cannot be broken down into smaller natural numbers through multiplication. A more interesting way of constructing larger natural numbers from smaller ones is to use multiplication. 27 . Let’s think about what the elementary particles. As we shall prove. are of the natural numbers with respect to multiplication. Every other natural number can be further broken down into smaller natural numbers that add together to create the number we started with. In fact. and then describe how those pieces are assembled to create the whole. every natural number greater than 1 is either prime or it can be expressed as a product of primes. of course. What are the ’elements’ so to speak with respect to addition of natural numbers? The answer is that there is only one element. However. describe the most basic pieces. it does underscore the most basic property of the natural numbers. That is. Primes are the multiplicative building blocks of all the natural numbers.CHAPTER 2 Prime Time The Prime Numbers One of the principle strategies by which we come to understand our physical or conceptual world is to break things down into pieces. Every natural number is simply the sum of 1+1+1+· · ·+1. What natural numbers are not the product of smaller natural numbers? The answer. so here we adopt that reductionist strategy and think about breaking natural numbers into pieces. that they all arise from the process of just adding 1 some number of times. this insight isn’t too illuminating since every natural number looks very much like any other from this point of view.
Deﬁnition. A natural number n is composite if and only if n is a product of natural numbers less than n. Look at examples. You will naturally come up with inductive styles of proving theorems on your own. PRIME TIME The prime numbers give us a world of questions to explore. A natural number p > 1 is prime if and only if p is not the product of natural numbers less than p. in proving that the Euclidean Algorithm works. Deﬁnition. and many questions about primes are still unanswered. like the idea of prime numbers. Try to get comfortable with its meaning. but how are they distributed among the natural numbers? How many primes are there less than a natural number n? How can we ﬁnd them? How can we use them? These questions and others have been among the driving questions of number theory for centuries and have led to an incredible amount of beautiful mathematics. We have included an appendix that describes this technique of proof. you should take some time to familiarize yourself with its details. They force us to be precise in our language and reasoning. New mathematical concepts then arise by making observations. We will see not only new theorems. Fundamental Theorem of Arithmetic. and this may be a good time to work through that appendix. Inductive styles of proof are so useful that it is worthwhile to reﬂect on the logic involved. and then making generalizations or abstractions of what we have observed. for example. but also new types of proof. When we think of an idea. The role of deﬁnitions in mathematics cannot be overemphasized. seeing connections.28 2. then we can state new theorems. When we have isolated a concept suﬃciently to make a deﬁnition. The following theorem tells us that every natural number larger than 1 has at least one prime factor. We will prove that there are inﬁnitely many primes. When a new deﬁnition is introduced. we can pose questions about them to integrate the new idea with our already established web of knowledge. but one structure of proof that you will develop and use in this chapter and future chapters is proof by induction. All proofs are simply sequences of statements that follow logically from one another. In fact you may already have used this kind of argument in the last chapter. Even memorize it. People have been exploring primes for literally thousands of years. clarifying our ideas by making deﬁnitions. New concepts in mathematics open frontiers of new questions and uncharted paths of inquiry. .
we can begin to investigate how many primes there are and what proportion of natural numbers are prime. The search for prime numbers has a long and fascinating history that continues to unfold today.2. Write down all the natural numbers from 1 to 100. And we’ll see some modern techniques of identifying primes. Circle the number 2. Continue to circle the smallest number that is not crossed out and cross out its multiples. You probably identiﬁed the primes in the previous exercise by trial division. 2. For example. Exercise (Sieve of Eratosthenes). To get accustomed to primes. Write down the primes less than 100 without the aid of a calculator or a table of primes and think about how you decide whether each number you select is prime or not. we will investigate ways that primes are used in cryptography. Recently the search for primes has taken on practical signiﬁcance because primes are used everyday in making internet communications secure. to determine whether or not 91 was prime. then 5. then 6. the next number that is not crossed out. You were probably relieved.4. the smallest prime.THE PRIME NUMBERS 29 2. Finally. 2. then there exists a prime p such that pn.3. p does . √ n. it’s a good idea to ﬁnd some. 2. Cross oﬀ all larger numbers that are divisible by 3. The following exercise introduces a very early method of identifying primes attributed to the scholar Eratosthenes (276 . 2. Theorem. you reached 7 and discovered that in fact 91 is not a prime. then 4. as you might have secretly feared that you would have to continue the daunting task of trial division 91 times! The following theorem tells us that you need not have been too concerned. If n is a natural number greater than 1. Circle 3. A natural number n is prime if and only if for all primes p ≤ not divide n. Theorem. Once convinced that 2 does not divide 91. Later. But let’s begin with an ancient method for ﬁnding primes.5. Use the preceding theorem to verify that 101 is prime. you might have ﬁrst tried dividing it by 2.1. perhaps on a 10 × 10 array. Exercise. you probably moved on to 3. Repeat. Why are the circled numbers all the primes less than 100? With our list of primes. for example.194 BC). Exercise. Cross oﬀ all numbers divisible by 2.
there exist distinct primes p1. . . What makes a theorem important? One answer might be that it captures a basic relationship and that it is widely applicable to explaining a broad range of mathematics. do you suspect that π(n) n is generally an increasing function or a decreasing function? Do you suspect that it approaches some speciﬁc number (as a limit) as n goes to inﬁnity? Make a conjecture and try to prove it. . . . Let {p1 . Theorem (Fundamental Theorem of ArithmeticUniqueness part). (2) Make a guess about approximately how large π(n) is relative to n. (1) Graph π(n) for n = 1..30 2. . . 100. q2. . Then p = qi for some i. . We will write the Fundamental Theorem of Arithmetic in two parts: the Existence part and the Uniqueness part. Let n be a natural number. . For example. The Existence part says that every natural number bigger than 1 can be written as the product of primes and the Uniqueness part says basically that there is only one way to do so. pm } and {q1 . . rm such that n = pr1 pr2 · · · prm . 2. qs } be sets of primes with pi = pj if i = j and . Every natural number greater than 1 is either a prime number or it can be expressed as a ﬁnite product of prime numbers. p2. Let p and q1 . . Lemma.8. For each natural number n. q2. Theorem (Fundamental Theorem of ArithmeticExistence Part)). . m 1 2 The following lemma might be helpful in proving the Uniqueness part of the Fundamental Theorem of Arithmetic. 2. In fact.9. 24 = 23 · 3 = 3 · 23 . That is. we would be correct. r2. you may have only come across one or two in your lifetime (the Fundamental Theorem of Algebra and the Fundamental Theorem of Calculus come to mind). We will see that the Fundamental Theorem of Arithmetic certainly possesses these qualities. Mathematicians do not give out the title of “Fundamental Theorem” too often. PRIME TIME 2. 2. . In particular. . for every natural number n greater than 1. .7. . . . pm and natural numbers r1. . Exercise. . deﬁne π(n) to be the number of primes less than or equal to n. 2.6. p2. qn all be primes and let k be a natural number such that pk = q1 q2 · · · qn . . We might think of such theorems as somehow very important. . If so. Proving your conjecture is a diﬃcult challenge. You might use a computer to extend your list of primes to a much larger number and see whether your conjecture seems to be holding up.
. . m 1 2 . the sets of primes are equal but their elements are not necessarily listed in the same order. Here are some exercises that help to show what that means in some speciﬁc cases. that is. Determine the number of zeroes at the end of 25!. Putting the existence and uniqueness parts together. . . . . . why would the Fundamental Theorem of Arithmetic no longer be true? The Fundamental Theorem of Arithmetic tells us that every natural number bigger than 1 is a product of primes. p2. pm} and natural numbers {r1. Let {r1. r2. The Fundamental Theorem of Arithmetic says that for any natural number n > 1 there exist distinct primes {p1. . That is. . Surely 1 meets this criterion. . p2. What is the advantage to not choosing to include 1 among the prime numbers? If 1 were called a prime. Then m = s and {p1. pi may or may not equal qi . Let’s think about the choices we made in deﬁning “prime”. Express n = 12! as a product of primes. Yet our choice of deﬁnition of prime omits 1. ts } be sets of natural numbers such that n = pr1 pr2 · · · prm m 1 2 t t t = q11 q22 · · · qss . Moreover. . . . In other words. 2. t2. Let’s take a moment to think through a little issue about our deﬁnition of “prime”. . Exercise. then the expressions are identical except for the ordering of the factors. rm} and {t1 .THE PRIME NUMBERS 31 qi = qj if i = j. . . .11.10. . Exercise. . . 2. Humans make decisions about what deﬁnitions to make. if pi = qj then ri = tj . . Every natural number greater than 1 is either a prime number or it can be expressed as a ﬁnite product of prime numbers where the expression is unique up to the order of the factors. . qs }. r2. if we express the same natural number as a product of powers of distinct primes. rm} such that n = pr1 pr2 · · · prm m 1 2 and moreover. When the pi are ordered so that p1 < p2 < · · · < pm we will say that pr1 pr2 · · · prm is the unique prime factorization of n. pm} = {q1 . we get the whole formulation of the Fundamental Theorem of Arithmetic: Theorem (Fundamental Theorem of Arithmetic). . One notion of “prime” is the inability to further decompose. . the factorization is unique up to order. q2.
32 2. 2. 52 · 114 · 138 · 17) . we instinctively seek the general pattern. Let a and b be natural numbers greater than 1 and let pr1 pr2 · · · prm be the m 1 2 t t t unique prime factorization of a and let q11 q22 · · · qss be the unique prime factorization of b. say a1 . . Theorem. then there exists a pair. all less than or equal to 2n. After doing some examples. Make a conjecture that generalizes the ideas you used to solve the two previous exercises. always worse. . then ab. it is a simple matter to determine whether one divides the other. 52 · 114 · 138 · 17).15. . Exercise. PRIME TIME Applications of the Fundamental Theorem of Arithmetic. 2. The following is a characterization of divisibility in terms of primes. say ai and aj with i = j.16.17. 2. .14. If a and b are natural numbers and a2 b2. an+1. Theorem. Prime factorizations make it easy to prove some assertions that might otherwise be more diﬃcult. 2. Given n + 1 natural numbers. Find (314 · 722 · 115 · 173. but once understood. Theorem.12. 2.13. The Fundamental Theorem of Arithmetic can be used to prove that certain equations do not have integer solutions. this theorem makes sense. That is. Prime factorizations can help us to ﬁnd the greatest common divisor and least common multiple of two natural numbers. Exercise. 2. we seek to make a general statement that captures the reason that the method we used in the speciﬁc examples works. There are lots of letters and lots of subscripts. such that ai aj . Exercise. There do not exist natural numbers m and n such that 7m2 = n2 . 2. a2. Here are some examples. One application of the Fundamental Theorem of Arithmetic is that if we know the prime factorizations of two natural numbers. . b)? Why? The following theorem requires a clever use of the Fundamental Theorem of Arithmetic. Question. Do you think this method is always better. Find lcm(314 · 722 · 115 · 173.18. Then ab if and only if for all i ≤ m there exists a j ≤ s such that pi = qj and ri ≤ tj . or sometimes better and sometimes worse than using the Euclidean Algorithm to ﬁnd (a.19. Theorem. 2.
if a prime divides a product of two integers.27. Show that 7 3 is irrational. 2. Exercise. 1 2. Let p be a prime and let a be an integer. 2.21. b) = 1. Exercise. Theorem. If an. Theorem. bn. . The following was a theorem we ﬁrst proved in Chapter 1.24. Deﬁnition. A rational number is a real number that can be written as are integers and b = 0. 2.20. Let p be a prime and let a and b be integers. there do not exist natural numbers n a b where a and b √ 12 is irrational. Exercise. If pab. Question.23. and (a. b. Show that √ 7 is irrational. then it must divide one or the other. A real number that is not rational is irrational.25. Our insights into natural numbers and integers can actually help us to understand more general kinds of numbers such as rational numbers and irrational numbers. Let’s now return to the world of integers. Here we repeat the theorem with the idea that the Fundamental Theorem of Arithmetic might help to provide an alternative proof. However. Show that √ n and m such that 7 = m .22. 2. then abn. Let a. That is.THE PRIME NUMBERS 33 2. p) = 1. Then p does not divide a if and only if (a. The next theorems ask you to prove that certain speciﬁc numbers are irrational. 2. Integers are either divisible by a prime p or are relatively prime to p. There do not exist natural numbers m and n such that 24m3 = n3 . Notice that 9(6 · 12) and yet 9 does not divide either 6 or 12. Having proved some speciﬁc numbers are irrational we take the usual step of generalizing our insights as far as possible. and n be integers. Deﬁnition. What other numbers can you show to be irrational? Make and prove the most general conjecture you can.26. Up to this point we have been talking exclusively about natural numbers and integers. Theorem. 2. then pa or pb. Theorem.
Theorem. c) = 1. b) = d. The inﬁnitude of primes. Theorem. c) = 1. Let k be a natural number. 4. we need to show that there are large natural numbers that are not the product of smaller natural numbers.29. b) = 1 and (a. Let a and b be integers. b. Then there exists a prime larger than k. “How many are there?” In this section.33. PRIME TIME The following theorems explore the relationships among the greatest common divisor and various arithmetic operations. 2. primes. Let a. Theorem. u. then ( a . Let a. Theorem.30. then (a. If (a. To prove that there are inﬁnitely many primes. If (a. This insight helps us to ﬁnd natural numbers that are not divisible by any natural numbers other than themselves and 1. then (u. 2. d ) = 1. 3. bc) = 1. b) · (a. and v be integers.34. 2. b. Let a. 3. The previous theorem shows us how to produce natural numbers that are speciﬁcally not divisible by certain natural numbers. in other words. and 5? If you think of systematic ways to answer these questions. there must be inﬁnitely many primes. How could . It was proved in ancient times and is recognized as one of the foundational theorems about numbers. Can you think of a natural number that is divisible by 2. and 5? Can you think of a natural number that has a remainder of 1 when divided by 2. 2. 2. b. At ﬁrst you might think. d 2. Theorem. then (a. The Inﬁnitude of Primes Theorem is one of the basic results of mathematics. For all natural numbers n. bc) = (a. Theorem. If (a. b 2. Let k be a natural number. One of the most basic questions we can ask about prime numbers is. v) = 1. b) = 1 and ua and vb. Then there exists a natural number n (which will be much larger than k) such that no natural number less than k and greater than 1 divides n. You might consider proving them in at least two ways.32. one using the Fundamental Theorem of Arithmetic and one using the techniques from Chapter 1. “Of course.34 2. Theorem. you will be well on your way to proving the following theorem. and c be integers. we will prove that there are inﬁnitely many. If (b.31. (n. Our ﬁrst observation points out that consecutive natural numbers cannot share common divisors greater than 1. c).28. n + 1) = 1. 4. and c integers.
Theorem (Inﬁnitude of 4k + 3 Primes Theorem). the following much more general theorem is true.36. rm are natural numbers and each one is congruent to 1 modulo 4. in fact there are inﬁnitely many primes. however. If r1. 2. Are there other theorems like the previous one that you can prove? In fact. 2. . Now is the time to see how far that technique can be pushed. as you will now prove.39. In other words ask yourself how many theorems like the preceding one are provable using a similar idea. . Question. 2.THE PRIME NUMBERS 35 there not be inﬁnitely many primes since there are inﬁnitely many natural numbers?” But remember that the same prime can be used many times. To prove the following theorem. Its proof in its full generality. Question. For example. Theorem. 2. you will have forced yourself to understand a technique of proving theorems about the existence of inﬁnitely many primes of a certain type. then the product r1r2 · · · rm is also congruent to 1 modulo 4. which then will help us to prove that there are inﬁnitely many primes of the form 4k + 3.38. r2. . In the case of the Inﬁnitude of Primes. There are inﬁnitely many prime numbers. it is satisfying to reﬂect on the logic of the argument and celebrate and appreciate the beauty or cleverness of the reasoning. 2. we can ask whether there are inﬁnitely many primes of a certain type. There are inﬁnitely many prime numbers that are congruent to 3 modulo 4. remember the proof of the Inﬁnitude of Primes Theorem and see how the strategy of that proof might be adapted to prove the following harder theorem. However. is quite diﬃcult and we will not attempt it in this course.35. we can construct arbitrarily large natural numbers just by raising 2 to large powers. . After you have devised a proof or proofs or learned a proof. . We begin by making an observation about numbers congruent to 1 modulo 4. When you have proved the previous theorem. Theorem (Inﬁnitude of Primes Theorem).37. What were the most clever or most diﬃcult parts in your proof of the Inﬁnitude of Primes Theorem? One of the principal ways that new mathematics is created is to take one result and see whether it can be extended or variations of it can be proved. So it is conceivable that some ﬁnite number of primes would suﬃce to produce all natural numbers.
36
2. PRIME TIME
Theorem (Inﬁnitude of ak + b Primes Theorem). If a and b are relatively prime natural numbers, then there are inﬁnitely many natural numbers k for which ak + b is prime. The previous theorem is often called Dirichlet’s Theorem on primes in an arithmetic progression and is due to Lejeune Dirichlet (18051859). An arithmetic progression is a sequence of numbers of the form ak + b, k = 0, 1, 2, . . ., where b is any integer and a is a natural number. It is a sequence of numbers all of which are congruent to b modulo a. The study of primes in arithmetic progressions is still an active ﬁeld today. Consider the following recent result due to Ben Green and Terrence Tao. Theorem (Green and Tao, 2005). There are arbitrarily long arithmetic progressions of primes. This means that for any natural number n there exists a prime p and a natural number a such that p, p + a, p + 2a, p + 3a, . . . , p + na are all prime. As an example, an arithmetic progression of primes of length ﬁve is found by choosing p = 5 and a = 6, which yields the sequence 5, 11, 17, 23, 29. The longest known arithmetic progess of primes as of July of 2004 has length 23 and is given by 56211383760397 + k44546738095860, k = 0, . . . , 22. Terrence Tao was awarded a Fields medal in part for his work related to this result. Fields medals, the mathematical equivalent of the Nobel prize, are awarded once every four years to outstanding mathematicians under the age of 40. 2.40. Exercise. Find the current record for the longest arithmetic progression of primes. Primes of special form. The largest known prime is of a special type known as a Mersenne prime, which is a prime of the form 2n −1. The theorems here show some features of Mersenne primes and related primes. 2.41. Exercise. Use polynomial long division to compute (xm − 1) ÷ (x − 1). 2.42. Theorem. If n is a natural number and 2n − 1 is prime, then n must be prime. 2.43. Theorem. If n is a natural number and 2n + 1 is prime, then n must be a power of 2. Deﬁnition. A Mersenne prime is a prime of the form 2p − 1, where p is a prime. A prime of the form 22 + 1 is called a Fermat prime.
k
THE PRIME NUMBERS
37
2.44. Exercise. Find the ﬁrst few Mersenne primes and Fermat primes. 2.45. Exercise. For an A in the class and a Ph.D. in mathematics, prove that there are inﬁnitely many Mersenne primes (or Fermat primes) or prove that there aren’t (your choice). The distribution of primes. How are the primes distributed among the natural numbers? Is there some pattern to their distribution? There are inﬁnitely many primes, but how rare are they among the numbers? What proportion of the natural numbers are prime numbers? To explore these questions, the best way to start is to look at the natural numbers and the primes among them. Here then are some ranges of natural numbers with the primes printed in bold: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, . . . . . . , 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, . . . . . . , 2025, 2026, 2027, 2028, 2029, 2030, 2031, 2032, 2033, 2034, 2035, 2036, 2037, 2038, . . . What observations can we make? First, we may notice that the proportion of bold numbers occuring seems to be getting smaller. That is, primes tend to be more sparse as we move further out into the sequence of natural numbers. Stated another way, we tend to see longer and longer runs of consecutive composite numbers. 2.46. Theorem. There exist arbitrarily long strings of consecutive composite numbers. That is, for any natural number n there is a string of more than n consecutive composite numbers. On the other hand, we still observe primes clustered together, such as 311 and 313, or 2027 and 2029. It is a famous open question as to whether or not this behavior continues indeﬁnitely. If you have already settled the previous question about Mersenne primes, then solving the following question will give you another Ph.D. 2.47. Question (The Twin Primes Question). Are there inﬁnitely many pairs of prime numbers that diﬀer from one another by two? (The pairs 11 and 13, 29 and 31, 41 and 43 are examples of some such pairs.) Out of the ﬁrst 24 natural numbers, 9 of them are primes. We see that changes as n increases in the Sieve of Eratosthenes exercise.
9 24
of the ﬁrst 24
natural numbers are primes–that’s just a little over one third. We saw how this fraction
38
2. PRIME TIME π(n) n π(n)/n 1/ln(n) π(n) n/ ln(n)
n 10 102 103 104 105 106 107 108 109
π(n) 4 25 168 1229 9592 78498 664579 5761455 50847534
n ln(n)
1 ln(n)
=
4.3 . . . 21.7 . . . 144.7 . . . 1085.7 . . . 8685.8 . . . 72382.4 . . . 620420.7 . . . 5428681.0 . . . 48254942.4 . . .
.4 .25 .168 .1229 .09592 .078498 .0664579 .05761455 .050847534
.43429 . . . .21714 . . . .14476 . . . .10857 . . . .08685 . . . .07238 . . . .06204 . . . .05428 . . . .04825 . . .
0.92104 . . . 1.15133 . . . 1.16054 . . . 1.13199 . . . 1.10443 . . . 1.08452 . . . 1.07121 . . . 1.06144 . . . 1.05385 . . .
Table 1. Prime Proportions
Before highspeed computers were available, calculating (or just estimating) the proportion of prime numbers in the natural numbers was a diﬃcult task. In fact, years ago “computers” were in fact humans who did computations. Such people were amazingly accurate, but required a great deal of time and dedication to accomplish what today’s computers can do in seconds. An eighteenthcentury Austrian arithmetician by the name of J. P. Kulik spent 20 years of his life creating, by hand, a table of the ﬁrst 100 million primes. His table was never published and sadly the volume containing the primes between 12,642,600 and 22,852,800 has since disappeared. Nowadays, there are programs that compute the number of primes less than n, denoted π(n), for increasingly large values of n and print out the proportion:
π(n) n .
As we observed
above, the proportion of primes seems to slowly go downward. That is, the percentage of numbers less than a million that are prime is smaller than the percentage of numbers less than a thousand that are prime. The primes, in some sense, get sparser and sparser among the bigger numbers. In the early 1800’s, well before computers were even imagined, Carl Friedrich Gauss (17771855), known by many as the Prince of Mathematics, and AdrienMarie Legendre (17521833) made an insightful observation about the primes. They noticed that even though primes do not appear to occur in any predictable pattern, the proportion of primes is related to the natural logarithm. Gauss and Legendre conjectured that the proportion of primes among the ﬁrst n natural numbers is approximately
1 ln(n) .
Table 1 shows the number of primes up to n, the proportions
1 ln(n) .
of primes, and a comparison with
1742. n→∞ lim π(n) = 1. From Antiquity To The Internet Interest in the multiplicative properties of the natural numbers surely predated the works of Euclid (Elements. we will not know whether such a natural number might not exist.000. Finally.48. VIII. Every positive. It was convention at the time to include the number 1 as being among the primes.000. π(n) n .FROM ANTIQUITY TO THE INTERNET 39 Notice how the last column seems to be getting closer and closer to 1. IX). 1/ ln(n) Alternatively. the number of primes less than n. Conjecture (The Goldbach Conjecture). The conjecture was reexpressed by Euler as follows.) In a letter to Euler. Speciﬁcally. and beyond the scope of this book. we mention here one more famous open question concerning prime numbers. the proportion of prime numbers less than or equal to n. Speciﬁcally.000 can be written as the sum of two primes in 219. as of June of 2006. Perhaps some even number with 10 trillion digits is not the sum of two primes. As the even numbers get larger. π(n).000. the number 100. Christian Goldbach (16901764) claimed that every natural number greater than 2 was the sum of three primes.400 diﬀerent ways. the proportion of primes in the ﬁrst n natural numbers is approximately π(n) n 1 ln(n) and the fraction is becoming increasingly closer to 1 ln(n) as n grows without bound. 2. dated June 7. (For example: 8 = 5 + 3. As n approaches inﬁnity. The Goldbach Conjecture has been veriﬁed by computer. For example. π(n)/n = 1. for all even numbers up to 400. approaches 1 ln(n) . there seem to be more ways to write them as a sum of two primes.000. That is. Books VII. but it is here that we ﬁnd the ﬁrst written .000.000. approaches n→∞ lim n ln(n) . Exercise. Theorem (The Prime Number Theorem). Until we have a general method of proof that will apply to all even numbers. even number greater than 2 can be written as the sum of two primes. n/ ln(n) The proofs of this theorem are diﬃcult. But no one knows how to prove that in general all even natural numbers are the sum of two primes. as n appraches inﬁnity. Express each of the ﬁrst 20 even numbers greater than 2 as a sum of two primes.
Fermat indicated he had proved the following: if n is composite. with the largest having over 9. Proposition 20 of Book IX gives the ﬁrst known proof of the inﬁnitude of primes. and Marin Mersenne (15881648). 7. 67. 2n − 1 is prime. In a 1638 letter to Mersenne.40 2. Euler ﬁnally succeeded in proving that all even perfect numbers are of Euclid’s type. PRIME TIME study. anyone with a home computer and an internet connection can join the Great Internet Mersenne Prime Search (GIMPS). To this day primes of the form 2p − 1 are called Mersenne primes. For example. Find the current record for the largest known Mersenne prime. but no proof was given. it is not known if any odd perfect numbers exist. 3. Descartes stated that he thought he could prove that every even perfect number was of the form given by Euclid’s theorem. For example. In a posthumously published paper. In fact. 17. giving a onetoone correspondence between Mersenne primes and even perfect numbers. The serious study of perfect numbers and primes of special forms was picked up again in the seventeenth century by the likes of Rene Descartes (15961650). the smallest perfect number is 6. and it is still unknown whether inﬁnitely many exist. Mersenne’s list has only been increased to contain 44 examples as of September. then 2n − 1 is composite. In 1647 Mersenne gave the following list of 11 primes p for which he believed 2p − 1 was prime as well: 2. The ancient Greeks’ interest in the primes may have been further spawned by the connection they shared with perfect numbers. He erred only by including 67 (and excluding 61.49. 19. and the ﬁrst four perfect numbers are 6 = 22−1 (22 − 1) = 1 + 2 + 3 28 = 23−1 (23 − 1) = 1 + 2 + 4 + 7 + 14 496 = 25−1 (25 − 1) = 1 + 2 + 4 + 8 + 16 + 31 + 62 + 124 + 248 8128 = 27−1 (27 − 1) = 1 + 2 + 4 + 8 + 16 + · · · + 2032 + 4064 In Book IX of his Elements Euclid proved the following: if for some n. This established the link between perfect numbers and primes of the form 2n − 1. but if n is prime. 2006. 31.8 million digits. and 223 − 1 = 47 · 178481. 2. 5. dated 1640. 257. then 2n − 1 need not be prime. Exercise. since 6=1+2+3. then 2n−1 (2n − 1) is perfect. Pierre de Fermat (16011665). 13. with two examples being 211 − 1 = 23 · 89. Also in a letter to Mersenne. The search for new Mersenne primes continues to this day. Curiously. 89 and 107). A natural number is said to be perfect if it is equal to the sum of its proper divisors. 127. .
.000 for the ﬁrst person (or group) to ﬁnd a Mersenne prime with at least 10 million digits.FROM ANTIQUITY TO THE INTERNET 41 There is a monetary award of $100. So happy hunting.
.
Recall the following deﬁnition of congruence from Chapter 1. (2) (25)4 ≡ (−9)4 (mod 41). 3. and how it can help us to better understand primes and composite numbers. Explain why each step is true. We say that a and b are congruent modulo n if and only if n(a − b). Powers and polynomials modulo n. Exercise. 3. Question. It is the basis for public key cryptography and check digits associated with error detection. 0 ≤ k ≤ 11.CHAPTER 3 A Modular World Thinking Cyclically In Chapter 1 we established the basics of modular arithmetic. such that k ≡ 37453 (mod 12)? 43 . Deﬁnition. Suppose that a. Here are some exercises that will encourage you to refresh your memory about some of the modular arithmetic theorems that you proved back in Chapter 1. In your head. Modular arithmetic is interesting as an abstract topic in number theory. Here we further develop the theory of modular arithmetic and later explore some of its applications outside mathematics. b. Show that 41 divides 220 − 1 by following these steps. (4) 220 − 1 ≡ 0 (mod 41). but it also plays important roles in real life. can you ﬁnd the natural number k.2. (3) 220 ≡ 812 (mod 41) ≡ (−1)2 (mod 41).1. and n are integers with n > 0. Now we proceed to see how modular arithmetic relates to other familiar algebraic constructions such as functions and equations. We denote this relationship as a ≡ b (mod n) and read these symbols as “a is congruent to b modulo n”. (1) 25 ≡ −9 (mod 41).
but no calculator. Also. A MODULAR WORLD (Hint: Don’t try to multiply it out and then divide by 12.3. While doing the following exercise. 3. In your head or using paper and pencil. can you ﬁnd the natural number k. think about systematizing your strategy. The next question asks you to compute a larger power (453) of a number modulo 12.5. 3. can you ﬁnd the natural number k. Let a. and then square the result. you have developed some ideas about how to eﬃciently raise numbers to powers in modular arithmetic.44 3. Describe how to ﬁnd the number k (0 ≤ k ≤ n − 1) such that k ≡ ar (mod n) subject to the restraint that you never multiply numbers larger than n and that you only have to do about log2 r such multiplications. 3. 0 ≤ k ≤ 11. Question. Question (Describe technique). can you see why your strategy might involve expressing 453 as a sum of powers of 2? See whether you can do the following problem without ever multiplying numbers larger than 12 and without doing more than 10 steps of multiplying two numbers less than 12 and reducing the answers modulo 12. If you want to raise a number to the 16th power.6. so you never have to multiply numbers larger than 11. you would not be taking a number theory class. At this point. then square the result. and r be natural numbers. here is another exercise that takes advantage of your method. The next question asks you to crystallize your method and clearly describe it. Using paper and pencil. such that 39453 ≡ k (mod 12). since if you could actually multiply 37453 in your head. rather than using 16 multiplications. Here is a hint. Now that you have developed the power to take powers. In particular. Show that 39 divides 1748 − 524.) The next question continues to show you the value of thought (and modular arithmetic) rather than brute force. this hint is a rather lame joke. then square the result. So only four multiplications accomplish raising to the 16th power. 0 ≤ k ≤ 6. you can ﬁrst square it. Question. n.4. You would be performing mental feats in some carnival sideshow. The technique you just developed and described allows computers to deal with taking very large numbers (containing several hundred digits) and raising them to huge powers . Try to think of how to do this eﬃciently. remember that you can reduce answers modulo 12. Of course. such that 250 ≡ k (mod 7). 3. Exercise. but no calculator.
3. Theorem. 3. Let the natural number n be expressed in base 10 as n = ak ak−1 . . Suppose f (x) = an xn + an−1 xn−1 + . and m be integers with m > 0. . Then there is an integer k such that if x > k.10. They roughly state that every polynomial gets big. We begin with a speciﬁc example. We will explore these methods. We now turn our attention to polynomials and how they behave when viewed from a modular arithmetic point of view. a1a0 . Corollary. Then 9n if and only if 9m. Then 3n if and only if 3m.11. . + a1 + a0. . Let m = ak + ak−1 + . a1a0 . then f (a) ≡ f (b) (mod m).THINKING CYCLICALLY 45 modulo other enormous numbers. + a0 is a polynomial of degree n > 0 and suppose an > 0. in a later chapter. If so. then f (x) > 0. Let a. after doing a speciﬁc example. 3. which involve cryptography. . Let f (x) = 13x49 − 27x27 + x14 − 6. If m = ak + ak−1 + . Is it true that f (98) ≡ f (−100) (mod 99)? As usual. does this polynomial view of those divisibility theorems help you to see why your methods are true? Can you now think of new divisibility theorems like the above? The next two theorems do not involve modular arithmetic. Theorem. . Question.7. . If a ≡ b (mod m). 3.8. . . . 3.9. you may have devised other criteria for divisibility. and to deduce the following statements from the previous theorem. The ability of computers to deal with such arithmetical challenges turns out to be an essential ingredient in modern methods of secure data transmission used over the internet everyday. we think about what more general statement the speciﬁc example suggests. . Let the natural number n be expressed in base 10 as n = ak ak−1 . Here you are being asked to recognize a natural number as thre evaluation of a polynomial. b. . + a0 is a polynomial of degree n > 0 with integer coeﬃcients. . Suppose f (x) = an xn + an−1 xn−1 + . The next corollaries are repeats of results from Chapter 1 about criteria for determining when a natural number is divisible by 3 or 9. During your work on Chapter 1. Corollary. + a1 + a0 .
When we think of a natural number modulo n. then f (x) > M . then n divides the number. Theorem. 3. . . Remember that if a number is congruent to 0 modulo n. Suppose f (x) = an xn + an−1 xn−1 + . . . Too bad. . then you can give a convincing proof. Given any integer a and any natural number n. 2. Suppose f (x) = an xn +an−1 xn−1 +. 3.12. there exists a unique integer t in the set {0. . Then f (x) is a composite number for inﬁnitely many integers x. but if you look at it just right.13. . 1. Note: This theorem implies that we cannot ﬁnd a magical polynomial that produces only prime values for every integer input. The next theorem pins that idea down. So the hint is to use Theorems 3. 2.. Try a few values to test this assertion. 38. In proving the next theorem. Deﬁnition. 39. . but they get big and stay big from some point on. The proof of the following theorem is a challenge. . . . The other coeﬃcients may be positive or negative or zero. Theorem.8 and 3. The next theorem connects polynomials with primes. This theorem suggests the following deﬁnition of one set of numbers to which every natural number is congruent.. It says that every polynomial with integer coeﬃcients produces many composite numbers. −39.46 3. The polynomial f (x) = x2 + x + 41 has a prime value (that is. There is no polynomial that produces only primes. f (n) is prime) for 80 consecutive integer inputs. Notice that the theorem does not ask you to be eﬃcient and ﬁnd the ﬁrst place after which the polynomial stays larger than some value. and being divisible is the fundamental issue about being composite. It just asks you to prove that eventually that happens. . . n = −40. Then for any number M there is an integer k (which depends on M ) such that if x > k. n − 1} such that a ≡ t (mod n).. some polynomials do pretty well. Theorem. it is congruent to some nonnegative integer less than n. n−1} is the called the canonical complete residue system modulo n.+a0 is a polynomial of degree n > 0 with integer coeﬃcients. it might be useful to think about modular arithmetic. The set {0. + a0 is a polynomial of degree n > 0 and suppose an > 0. . A MODULAR WORLD Note: We are only assuming that the leading coeﬃcient an is greater than zero.14.12. Let n be a natural number. Nevertheless. 1. 3. The next theorem extends the idea that polynomials get positive and roughly states that not only do they get positive.
Every complete residue system modulo n contains n elements. . a2. Arithmetic modulo n puts the integers into n diﬀerent equivalence classes. the integers congruent to 1. Even if you don’t know the technical deﬁnition of equivalence class. the integers congruent to 0. 3. . one containing negative numbers. Theorem. Now we are going to take up analogous questions about ﬁnding solutions to equations in modular arithmetic. . We’ll start with some examples. 3. an } for which no two are congruent modulo n is a complete residue system modulo n.15. . and so on up to the integers congruent to n − 1 modulo n. 3. Exercise. Exercise. A solution is an integer value for x that makes the congruence true. . the integers congruent to 2. . A complete residue system modulo n has one representative of each equivalence class. our next goal is to determine when there are solutions to the general linear congruence ax ≡ b (mod n) and how to ﬁnd all the solutions. A set {a1 . 3. Theorem. Let n be a natural number. and one containing no two consecutive numbers.16. Find three complete residue systems modulo 4: the canonical complete residue system. Deﬁnition. In the ﬁrst chapter. the idea is just that the integers are divided into groups. . The following theorem says that any set of n noncongruent integers will form a complete residue system modulo n.18. ak } of integers is called a complete residue system modulo n if every integer is congruent modulo n to exactly one element of the set.. Linear congruences.THINKING CYCLICALLY 47 There are other collections of integers besides the canonical complete residue system modulo n with the property that they represent all integers modulo n. we discussed some questions about ﬁnding solutions to linear Diophantine equations.17. Speciﬁcally. a2. Let n be a natural number. Any set of n integers {a1. Let’s get used to these deﬁnitions by looking at some examples and constructing complete residue systems. Let k and n be natural numbers. namely. Find all solutions in the appropriate canonical complete residue system modulo n that satisfy the following linear congruences: .
Let a.23. so perhaps we should defer work on it for now and instead try to develop some techniques that might help. (4) 24x ≡ 123 (mod 213). Having done a speciﬁc example. (2) 2x ≡ 3 (mod 5). 3. and n be integers with n > 0. Let a. 3. Exercise.48 3. Question. What does the preceding theorem tell us about the congruence (4) in Exercise 3. Let a.19. The equation ax ≡ b (mod n) has a solution if and only if (a.22. b. and n be integers with n > 0.18 does or does not have a solution. and n be integers with n > 0. b.21. Question. These theorems will encourage you to remember your work from Chapter 1. 3. (This congruence is tedious to do by trial and error.18 above? Now let’s actually solve the congruence in a systematic way. Show that ax ≡ b (mod n) has a solution if and only if there exist integers x and y such that ax + ny = b. n)b. Now we have a speciﬁc condition that tells whether a linear congruence will or will not have a solution. Theorem. How many solutions are there to the linear congruence ax ≡ b (mod n) in the canonical complete residue system modulo n? Can you describe a technique to ﬁnd them? . A MODULAR WORLD (1) 26x ≡ 14 (mod 3). as usual we step back and try to describe a general procedure. Find all members x of the canonical complete residue system modulo 213 that satisfy 24x ≡ 123 (mod 213). (3) 4x ≡ 7 (mod 8). b. Use the Euclidean Algorithm to ﬁnd a member x of the canonical complete residue system modulo 213 that satisﬁes 24x ≡ 123 (mod 213).20. this work is tying back into the work we did in solving linear Diophantine equations in Chapter 1. As usual. 3.) This next theorem clearly connects the question of how to solve linear congruences with the techniques of solving linear Diophantine equations that we developed in Chapter 1. Theorem. 3. We can use this criterion to see whether our deferred congruence in Exercise 3.
three. Eggs need counting too. .). When eggs in a basket are removed two. What was the fewest number of coins that could have been in the sack? Perhaps your experience is less violent and more bucolic. but this time an equal division left 10 coins. This ﬁrst theorem gives a criterion for when we can ﬁnd a single number that is congruent to two diﬀerent values modulo two diﬀerent moduli. two. Theorem. n) for m = 0. Find the smallest number of eggs that could have been contained in the basket. we are confronted with problems involving simultaneous linear congruences. Something like the following has probably happened to you. That . When they are taken out seven at a time. and n be integers with n > 0.THINKING CYCLICALLY 49 The next theorem gives the answer.25. x0 + (mod n) (3) If ax ≡ b (mod n) has a solution.D. (2) If x0 is a solution to the congruence ax ≡ b (mod n). Again they fought about who should get the remaining coins and another pirate was killed. three. the coins could be divided evenly among the surviving 15 pirates. none are left over. Exercise (Brahmagupta. 7th century A. four. 3 coins remained. then there are exactly (a. Exercise. Sometimes in real life. Systems of linear congruences: the Chinese Remainder Theorem. 3. . . 3. Then. (a. ﬁve or six at a time. or ﬁve eggs. . While thinking about this question. respectively. When they tried to divide the fortune into equal portions. n)b. A band of 17 pirates stole a sack of gold coins. n) solutions in the canonical complete residue system modulo n. crystallizing the ideas about linear Diophantine equations will help. b. The question now is whether we can formulate general statements that tell us when solutions to such problems exist and how those solutions can be found. 1. n) − 1. 2. there remain. four. then all solutions are given by n ·m (a. Let a. (1) The congruence ax ≡ b (mod n) is solvable in integers if and only if (a. The coins were redistributed. so try to think it through on your own before reading on. These exercises are challenging but fun to do. In the ensuing brawl over who should get the extra coins.24. one. 3. one pirate was killed. Now. fortunately.26.
Doing those special cases is a great way to teach yourself how to do the general case. 3. Suppose n1 . m)a − b. n) = 1. . Later we will consider solutions to arbitrarily large systems of linear congruences. Theorem. A MODULAR WORLD single number is called a solution to a system of two linear congruences. and n be integers with m > 0. (ni . Theorem (Chinese Remainder Theorem). the solution is unique modulo the product mn. The previous theorem gets you started by doing the case L = 2. it is a good idea to start thinking about the cases where L is 1 or 2 or 3. nj ) = 1 for i = j. . . Also. . The most famous theorem along these lines is the Chinese Remainder Theorem.29. . m.28.50 3. Then the system x ≡ a (mod n) x ≡ b (mod m) has a unique solution modulo mn. 3. that is. (mod nL ) has a unique solution modulo the product n1 n2 n3 · · · nL . and n be integers with m > 0 and n > 0. Then the system x ≡ a (mod n) x ≡ b (mod m) has a solution if and only if (n. Then the system of L congruences x ≡ a1 x ≡ a2 x ≡ aL (mod n1 ) (mod n2 ) . j ≤ L. b. n > 0. Theorem. b. Let a. The next theorem asserts that in the case where (m.. 3. 1 ≤ i. The pirate problem is a Chinese Remainder Theorem problem in disguise (possibly with an eye patch). n) = 1.27. n2 . Let a. and (m. . The Chinese Remainder Theorem involves L diﬀerent linear congruences. Whenever you see a theorem or a problem that has a potentially large natural number involved. nL are positive integers that are pairwise relatively prime. Here the moduli are relatively prime. but there can be any ﬁnite number of them. m. you might think about induction in trying to then do the general case.
published in 1801 when Gauss was just 24. His treatise Disquisitiones Arithmeticae. Master Sun’s manual is divided into three volumes. Sun Zi wrote the Chinese treatise Sun Tze Suan Ching. not unlike Brahmagupta’s egg basket problem. is considered by many to be one of the greatest mathematicians in history. . sometimes called the Prince of Mathematics. and Problem 26 from Volume 3 is translated We have a number of things. brought together for the ﬁrst time in one source the important number theory contributions of many previous mathematicians. but we do not know exactly how many.. modular arithmetic). and it is to him that we owe the modern theory and notation of congruences (i. including Fermat. If we count them by sevens we have two left over. Euler. which translates to Master Sun’s Mathematical Manual. Some of Gauss’ own contributions to number theory will be treated in later chapters. There is some evidence that he was a Buddhist monk. Joseph Lagrange. It is because Sun Zi’s text provides the earliest known example of such a problem that the Chinese Remainder Theorem obtained its name.e. He is assumed to have lived during either the third or fourth centuries AD. but little else is known of him. If we count them by threes we have two left over. If we count them by ﬁves we have three left over. How many things are there? You will of course recognize this as a problem requiring a solution to a system of linear congruences.A PRINCE AND A MASTER 51 A Prince And A Master Carl Friedrich Gauss. and AdrienMarie Legendre.
.
2. 21 (mod 7). is the study of repeated multiplication modulo n. as well as fruitful. and leads to central ideas of group theory. As usual we will do some speciﬁc examples in order to help us develop some intuition about what we might expect. Exercise. the rational numbers. For example. and ﬁelds. Solving the linear congruence ax ≡ b (mod n) means ﬁnding a number that when added to itself a times results in b modulo n. 4. or generalize some features of familiar mathematical objects and see what happens. We begin here by exploring how powers of numbers behave modulo n. We will ﬁnd a structure among numbers modulo n that is interesting in its own right. 26 (mod 7). rings. For i = 0. ﬁnd the number in the canonical complete residue system to which 2i is congruent modulo 7.1. and the real numbers and the associated arithmetic operations and properties of them. 1. . compute 20 (mod 7).. 3. In other words. abstract algebra constructs categories of algebraic entities including objects called groups. a sort of cyclical version of arithmetic. Orders of an integer modulo n. . . and 6. Modular arithmetic provides us with examples of some of these algebraic structures and illustrates some of the properties that lead to many fundamental ideas in abstract algebra. 53 . In studying such congruences we are implicitly studying the results of repeated addition modulo n and patterns that this process might produce. change.CHAPTER 4 Fermat’s Little Theorem and Euler’s Theorem Abstracting the Ordinary One way that mathematics is created is to abstract. Abstract algebra is a mathematical exploration of generalizations of various familiar ideas such as the integers. Equally interesting. By selectively focusing on some properties of these examples. The operations of addition and multiplication are so well understood in the natural numbers that looking at their behavior in modular arithmetic is a natural exploration to undertake. 4. that is. 22 (mod 7). has applications in cryptography and codes among other places. we started with the familiar idea of arithmetic with integers and then made some changes to consider modular arithmetic. 5. taking powers of numbers and reducing those powers modulo n.
Let a and n be natural numbers with (a. Then there exists a natural number k such that ak ≡ 1 (mod n). Theorem. so you should have its statement and proof at the tips of your ﬁngers. Then (aj . then (b. Let a and n be natural numbers with (a. the powers will just recycle. n) = 1.2. The next theorem tells us that if we take a natural number relatively prime to a modulus n. Let a. Let a and n be natural numbers with (a. Deﬁnition. 4. n) = 1. The smallest natural number k such that ak ≡ 1 (mod n) is called the order of a modulo n and is denoted ordn (a).5. If you raise a number to various powers. Theorem. then a ≡ b (mod n). That concept is so useful that we give it a name. The preceding theorem tells us that every natural number relatively prime to a modulus has an exponent naturally associated with it. Reducing a number modulo n cannot create a common factor with n. 4. If a ≡ b (mod n). n) = 1. . such that ai ≡ aj (mod n). Theorem. n) = 1 for any natural number j. 4. 4. then some power of it will be congruent to 1 modulo n. with i = j. 4. the smallest exponent that makes the power congruent to 1. One consequence of this theorem is that after a power gets to 1.4.54 4. c. you will sometimes get the same values modulo n.6. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM Taking powers of an integer cannot create common factors with another integer if none existed to start with. The next theorem repeats a theorem we saw before. n) = 1. Theorem. and n be integers with n > 0. namely.3. b. Let a. b. but it is one of the most used theorems in the exploration of powers. If ac ≡ bc (mod n) and (c. Then there exist natural numbers i and j. and n be integers with n > 0 and (a. n) = 1. n) = 1. Theorem. Let a and n be natural numbers.
. the power that ﬁrst gets you to 1 modulo n. is less than n. n) = 1. Frame a conjecture concerning how large the order of a modulo n can be. . . Question. and let m be a natural number. the values modulo n never repeated. . . This next theorem may have been what you conjectured when you did your experiments about order in the ﬁrst question of this section. You will probably make the conjecture that we will see later is in fact a theorem.. Exercise. Fermat’s Little Theorem. Let a and n be natural numbers with (a. n) = 1 and let k = ordn (a). Theorem. you might have noticed that until the power was congruent to 1 modulo n. It gives us information about what power of a number will be congruent to 1 modulo a prime. The only powers of a natural number that give 1 modulo n are powers that are multiples of the order. Then ordn (a) < n. It states that the order of a natural number.12. Then the numbers a1 .9. We will approach that theorem by ﬁrst ﬁnding some sort of a bound on the size of the order of a natural number.ABSTRACTING THE ORDINARY 55 Fermat’s Little Theorem. Theorem. depending on n. . Theorem. let k = ordn (a). The culminating theorem of this section is Fermat’s Little Theorem.11.7. That observation is the content of the next theorem. 4. Compute ap−1 (mod p) for various numbers a and primes p. ak are pairwise incongruent modulo n. Let a and n be natural numbers with (a. ak . that is. Let a and n be natural numbers with (a. Experimenting with some actual numbers is a good way to begin. n) = 1 and let k = ordn (a). 4. and make a conjecture. Then am ≡ 1 (mod n) if and only if km. In doing your experiments of taking a number to powers. Taking powers of a natural number beyond its order will never produce diﬀerent numbers modulo n. Choose some relatively prime natural numbers a and n and compute the order of a modulo n. n) = 1. . 4. 4. Let a and n be natural numbers with (a. 4. am is congruent modulo n to one of the numbers a1 . For any natural number m.10. Theorem.8. . 4. The following question asks you to do some experiments that might lead you to make a conjecture about powers of numbers modulo primes. a2 . a2 .
6. If (a. . Theorem. We state two versions of Fermat’s Little Theorem. 4. Theorem. p) = 1. · (p − 1)a ≡ 1 · 2 · 3 · . like 5.13. is congruent to 1 modulo p. 2a. that is. 4.17. then a(p−1) ≡ 1 (mod p). Version II). . which follows. Impress your friends by doing the following computations in your head. Both of them tell us important and applicable facts about powers of natural numbers modulo a prime. 5 by some other number. pa} is a complete residue system modulo p. that is. then ordp (a) divides p − 1. Let p be a prime and let a be an integer not divisible by p. The next theorem states that the order of each such number must divide (p − 1). Theorem. . Then a · 2a · 3a · . Then {a. One of the impressive applications of Fermat’s Little Theorem is that it allows us to do computations involving modular arithmetic that would be impossible otherwise. (a. . 3. ordp(a)p − 1. Theorem (Fermat’s Little Theorem.18. and check that you produce a complete residue system.15. for example.56 4. . The next theorem states that if p is a prime. then multiplying each of those numbers by a ﬁxed number that is not divisible by p produces another complete residue system. and multiply each of the numbers 1. but ask you to prove that the two versions are equivalent to one another. 4. The two versions of Fermat’s Little Theorem stated above are equivalent to one another. · (p − 1) (mod p). . 4. p) = 1. . 2. Recall that the order of a natural number is the smallest power that is congruent to 1 modulo p. 3. Theorem (Fermat’s Little Theorem. . 3a. Version I). that is. Theorem. each one can be deduced from the other. . then ap ≡ a (mod p).16. . This theorem can be used to prove Fermat’s Little Theorem.. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM The numbers 1. You might want to take a small prime. . . Let p be a prime and let a be an integer not divisible by p. 4. 4. If p is a prime and a is an integer relatively prime to p. 2. Multiplying all the natural numbers less than a prime p will give the same result modulo p as multiplying a ﬁxed multiple of those numbers. Let p be a prime and a be an integer. p form a complete residue system modulo p. raised to the (p − 1)st power.14. If p is a prime and a is any integer. 4. Fermat’s Little Theorem states that a natural number not divisible by p.
relatively prime moduli is congruent to that same number modulo the product of the moduli. = 1 for any natural number n. Exercise.22. One approach to proving Fermat’s Little Theorem is by induction using the Binomial Theorem. Fermat’s Little Theorem tells us information about prime moduli.21. and let a be an integer. For example. When you see powers and a modulus. then x ≡ a (mod nm). (2) 34443233 (mod 17). Exercise. if you have a natural number that is congruent to 12 modulo 15 and that same number is congruent to 12 modulo 8. (3) 123456 (mod 23). but how are we going to deal with moduli that are not prime? One strategy is to decompose a composite (nonprime) modulus into relatively prime parts. 4. Compute each of the following without the aid of a calculator or computer. Find the natural number k < 117 such that 2117 ≡ k (mod 117). (1) 512372 (mod 13). Find the remainder when 472 is divided by 91 (= 7 · 13). Find the remainder upon division of 314159 by 31. we can extend the deﬁnition to include m = 0.ABSTRACTING THE ORDINARY 57 4. then n m we have n 0 = n! . Exercise.19.) An alternative route to Fermat’s Little Theorem. If x ≡ a (mod n) and x ≡ a (mod m).23. Let n and m be natural numbers that are relatively prime. If n and m are natural numbers with m ≤ n. 4. (Notice that 117 is not prime. Thus. 4. is equal to the number of subsets of size m in a set of . it is a good idea to think about the modulus as a product of primes and then see whether you can use Fermat’s Little Theorem to advantage. that number is also congruent to 12 modulo 120 (= 8 · 15). Exercise. Theorem. Deﬁnition. In that case. So the ﬁrst step in this approach is to state and prove the Binomial Theorem. The following theorem shows that a natural number that is congruent to a ﬁxed number modulo two diﬀerent. 4.20. Many theorems have several diﬀerent proofs. n m Note: You may recall that size n. m!(n − m)! We deﬁne 0! to equal 1.
5. 7. Euler’s Theorem and Wilson’s Theorem. Version II).27. then p divides p i . Let a and b be numbers and let n be a natural number. If we start with a number that is not relatively prime to the modulus. If p is prime and i is a natural number less than p. by ﬁrst observing that 0p is congruent to 0 modulo p. then moving on to prove that 2p is congruent to 2 modulo p and then proving that 3p is congruent to 3 modulo p and so on. the Euler φfunction. (Note that φ(1) = 1. you can prove Fermat’s Little Theorem. our strategy is to take an idea. Theorem (Fermat’s Little Theorem. 4. Then (a + b)n = i=0 n n n−i i a b. Using this observation. in this case Fermat’s Little Theorem. Lemma. then ap ≡ a (mod p). except the end ones. So we focus our attention on those numbers that are relatively prime to the modulus. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM 4. You might ﬁnd the preceding lemma useful in executing this inductive procedure. (1) What is φ(7)? (2) What is φ(15)? . i The Binomial Theorem describes the coeﬃcients of each term when you expand (a+b)n. Version II. φ(n). The ﬁrst concept we introduce is the Euler φfunction that simply counts how many of these relatively prime numbers there are. then no power of it will ever be congruent to 1. Deﬁnition. and see how it can be extended to apply to a more general case.58 4. So we need to ask ourselves what aspects of Fermat’s Little Theorem can we hope to extend to a case where the modulus is not prime.) Let’s just do a few examples to make sure that the deﬁnition is clear. so φ(12) = 4. 4. of course. Question. 1p is congruent to 1 modulo p.24. p will divide all those coeﬃcients.26. 4.25. Theorem (Binomial Theorem). If p is a prime and a is an integer. and 11 are all the natural numbers less than or equal to 12 that are relatively prime to 12. Fermat’s Little Theorem suﬀers from the limitation that the modulus is prime. For a natural number n. As usual. When n is equal to a prime p. The numbers 1. is equal to the number of natural numbers less than or equal to n that are relatively prime to n.
ABSTRACTING THE ORDINARY
59
(3) What is φ(21)? (4) What is φ(35)? It is always a good idea to revisit useful and important results and remind yourself of their proofs. We restate the following three theorems here because of their importance and usefulness in the upcoming work. 4.28. Theorem. Let a, b, and n be integers such that (a, n) = 1 and (b, n) = 1. Then (ab, n) = 1. 4.29. Theorem. Let a, b, and n be integers with n > 0. If a ≡ b (mod n) and (a, n) = 1, then (b, n) = 1. 4.30. Theorem. Let a, b, c, and n be integers with n > 0. If ab ≡ ac (mod n) and (a, n) = 1, then b ≡ c (mod n). The following theorem begins by listing those numbers that are being counted when we ﬁnd the Euler φfunction of a number . It observes that multiplying two of those numbers by a common number that is relatively prime to the modulus can not create congruent numbers. They start not congruent (because they are diﬀerent numbers less than the modulus) and they end not congruent. 4.31. Theorem. Let n be a natural number and let x1 , x2, . . ., xφ(n) be the natural numbers less than or equal to n that are relatively prime to n. Let a be a nonzero integer relatively prime to n and let i and j be diﬀerent natural numbers less than or equal to φ(n). Then axi ≡ axj (mod n). The next theorem is Euler’s Theorem, which generalizes Fermat’s Little Theorem. Since Euler’s Theorem generalizes Fermat’s Little Theorem, the way to start thinking about its proof is to think about the proof of Fermat’s Little Theorem and see whether you can imitate the steps in this diﬀerent setting. It is always a good idea to start with what you know and see how it can be modiﬁed to ﬁt a new situation. 4.32. Theorem (Euler’s Theorem). If a and n are integers with n > 0 and (a, n) = 1, then aφ(n) ≡ 1 (mod n). 4.33. Corollary (Fermat’s Little Theorem). If p is a prime and a is an integer relatively prime to p, then a(p−1) ≡ 1 (mod p). As long as we can compute φ(n), Euler’s Theorem can be used just like Fermat’s Little Theorem for computing powers of numbers modulo n.
60
4. FERMAT’S LITTLE THEOREM AND EULER’S THEOREM
4.34. Exercise. Compute each of the following without the aid of a calculator or computer. (1) 1249 (mod 15). (2) 139112 (mod 27). 4.35. Exercise. Find the last digit in the base 10 representation of the integer 13474. The next theorem tells us that every natural number less than a given prime can be multiplied by another natural number to yield 1 modulo the prime. This observation says that numbers have something that behaves like a multiplicative inverse in the “mod p” world. 4.36. Theorem. Let p be a prime and let a be an integer such that 1 ≤ a < p. Then there exists a unique natural number b less than p such that ab ≡ 1 (mod p). Deﬁnition. Let p be a prime and let a and b be integers such that ab ≡ 1 (mod p). Then a and b are said to be inverses modulo p. 4.37. Exercise. Let p be a prime. Show that the natural numbers 1 and p − 1 are their own inverses modulo p. The next theorem asserts that except for the special numbers 1 and p − 1, the inverse of a number modulo p is diﬀerent from itself. In other words, squaring a natural number less than p other than 1 or p − 1 will not give you a number congruent to 1 modulo the prime p. 4.38. Theorem. Let p be a prime and let a and b be integers such that 1 < a, b < p − 1 and ab ≡ 1 (mod p). Then a = b. Let’s see how numbers pair up with their inverses in a speciﬁc case. 4.39. Exercise. Find all pairs of numbers a and b in {2, 3, . . ., 11} such that ab ≡ 1 (mod 13). The preceding theorems and examples are giving us a perspective about numbers and their multiplicative inverses modulo a prime p. One consequence of this picture is that when we multiply all the numbers from 2 up to (p − 2), we get a number congruent to 1 modulo the prime p. 4.40. Theorem. If p is a prime larger than 2, then 2 · 3 · 4 · . . . · (p − 2) ≡ 1 (mod p). We end the chapter with Wilson’s Theorem which is perhaps the most famous consequence of our understanding of numbers and their inverses modulo a prime p.
FERMAT, WILSON AND . . . LEIBNIZ?
61
4.41. Theorem (Wilson’s Theorem). If p is a prime, then (p − 1)! ≡ −1 (mod p). The converse of Wilson’s Theorem is also true; that is, if the product of all the natural numbers less than n is congruent to −1 modulo n, then n must be prime. 4.42. Theorem (Converse of Wilson’s Theorem). If n is a natural number such that (n − 1)! ≡ −1 (mod n), then n is prime. Whenever we prove a good theorem, we can ask about extensions of it. After we proved Fermat’s Little Theorem that talked about prime moduli, we extended it to Euler’s Theorem that dealt with composite moduli. Can you make a conjecture that would extend Wilson’s Theorem to moduli that are not prime? Fermat, Wilson And . . . Leibniz? Tracing the history of named results like those of this chapter can be trying. Shakespeare’s famous “What’s in a name?” aptly applies. In a letter to Frenicle de Bessy (16051675) dated 1640, Fermat stated what we now call Fermat’s Little Theorem. Characteristic of Fermat, the theorem was explained without proof stating “I would send you the demonstration, if I did not fear its being too long.” It is not until 1736 that we ﬁnd the ﬁrst published proof in the works of Euler. The argument is based on the Binomial Theorem, and could likely have been known to Fermat. The algebraic proof given in Theorems 4.134.15 appeared in 1806, and is attributed to James Ivory (17651842). Euler, of course, went on to generalize Fermat’s Little Theorem and published a proof of Euler’s Theorem in 1760. Abu Ali alHasan ibn alHaytham (approx. 9651040) considered the following problem: To ﬁnd a number such that if we divide by two, one remains; if we divide by three, one remains; if we divide by four, one remains; if we divide by ﬁve, one remains; if we divide by six, one remains; if we divide by seven, there is no remainder. His method of solution gives, in this particular case, the number (7 − 1)! + 1, which clearly leaves a remainder of 1 upon division by 2, 3, 4, 5 and 6. But alHaytham was also aware that this number was divisible by 7, which is an instance of Wilson’s theorem. Nearly 800 years later Edward Waring (17361798) ﬁrst published the general statement of Wilson’s Theorem, attributing the result to his student John Wilson (17411793). No proof was given in Waring’s publication, and it is believed that neither Waring nor Wilson were aware of a proof. The ﬁrst published proof, based on the binomial theorem, appeared in 1773 by Lagrange and also included a proof of the converse of Wilson’s Theorem.
FERMAT’S LITTLE THEOREM AND EULER’S THEOREM Enter Leibniz. However.62 4. . These dates precede Euler’s ﬁrst published proof of Fermat’s Little Theorem by 53 years and Lagrange’s ﬁrst published proof of Wilson’s Theorem by 90 years. In 1894 attention was called to a collection of unpublished manuscripts located in the Hanover Library attributed to Gottfried Wilhelm von Leibniz (16461716). We usually do not think of Leibniz as a pioneer of number theory. among his works found in the Hanover Library are results believed to have been attained prior to 1683 which include proofs of both Fermat’s Little Theorem and Wilson’s Theorem. most famous as one of the creators of Calculus as well as for his philosophical theory of monads.
The challenge 63 . suppose I want to sell a product and I want customers to be able to send me their credit card numbers in a secure manner. even though everybody knows how messages are encoded. for example. Adi Shamir. Overview of RSA. you would be justiﬁed in saying. and is never seen again. Suppose we select two enormous prime numbers. So even though everyone knows exactly how the numbers were encoded. Public key codes are codes in which the encoding method is public knowledge. We will look at a speciﬁc public key encoding scheme called RSA encryption. I should be the only person who can decode the numbers. but hard to undo. ﬁrst discovered by mathematicians Ronald Rivest.CHAPTER 5 Public Key Cryptography Public Key Codes And RSA Public key codes. Such codes are called public key codes. So we can announce our enormous number to the world. even for a computer. even numbers with hundreds of digits). anyone can encode messages. However. Our product of two 200 digit primes is much too large for even the fastest computers to factor. How can such a scheme work? The answer is based on the fact that certain mathematical operations are easy to perform. Factoring large numbers is hard. I can “publish” a public encoding scheme. only the receiver knows how to decode an encrypted message. Now we multiply them (computers are whizzes at multiplying natural numbers. “So what? Who cares what the factors of a 400 digit number are anyway?” The answer is that you care. For the scheme to be secure. People use this scheme to encode their credit card numbers before sending them to me. i. Now we give our result to a friend and ask her to factor it. There are limits to the size of natural numbers that a computer can factor. The notion is counterintuitive. At this point.e. each on the order of 200 digits long. She goes oﬀ to have her computer help her out. For example. but only we know its factors. and Leonard Adleman. You care because the inability to factor such numbers is at the heart of public key encryption systems that are used millions of times a day to keep data that is sent over the internet secure. only I can “undo” the encoding in order to decode the message.
however. . If our message contained words. then W (p−1)(q−1) ≡ 1 (mod pq). and W be a natural number less than pq. we simply raise the encoded number to another power to obtain the original message. pq) = 1. but hard to undo (factor). let’s suppose the message we wish to encode is a number.1. we could do some sort of simple transformation turning letters into numbers. Theorem. The key to the whole process is the work we have already done. If p and q are distinct prime numbers and W is a natural number with (W. For convenience. Here. that under certain conditions a number to a power is congruent to 1 modulo another number. We will see how the huge product is the public part of the RSA encryption scheme that will somehow allow anyone to encode messages while the decoding requires knowing its factorization. namely. 5. k be a natural number. pq) = 1. Recovering the original number message from the encoded message number will be practically impossible without some secret knowledge. 5. pq) = 1. Theorem. This ﬁrst theorem has a familiar conclusion reminiscent of Fermat’s Little Theorem and Euler’s Theorem. You might think that the next theorem would require the hypothesis that (W. Before getting to James Bond. Let p and q be distinct primes. you can analyze what would happen if p or q divides W .2. This new number is the encoded message.64 5. including the Euclidean Algorithm and Euler’s Theorem. One strategy for proving a theorem is ﬁrst to prove the theorem with a stronger hypothesis and later deal with the other cases. Then W 1+k(p−1)(q−1) ≡ W (mod pq). After that success. PUBLIC KEY CRYPTOGRAPHY for this chapter is for you to discover how to make a public key code system by exploiting this example of a mathematical operation that is easy to perform (the multiplication of two large primes). at this point there is no apparent connection between factoring numbers and encoding messages. Let’s decrypt. Of course. let’s begin with some theorems about modular arithmetic. What operation will we perform? We will raise our original number message to some power modulo some base. it is true for all natural numbers W . We will take our message number and perform a mathematical operation on it to produce a new number. you might ﬁrst prove the theorem assuming the extra hypothesis that (W. thus making the code unbreakable except by the person who knows the factors. That is the content of this chapter. With the secret knowledge.
Remember that W ED = (W E )D . and E. and y be natural numbers such that ED = 1 + y(p − 1)(q − 1). Encode and decode several messages. 5. W be a natural number less than pq. what messages can be encoded. how messages should be encoded. an excellent strategy in mathematics is to remember previous theorems or insights that seem to be related to the current question. We now have all the pieces used to make up the RSA Public Key Coding System. As usual. Let p and q be distinct primes.3. what messages can be encoded. Then there exist natural numbers D and y such that ED = 1 + y(p − 1)(q − 1). Describe every step of the RSA Public Key Coding System. Theorem. Consider two distinct primes p and q. Let p and q be distinct primes and E be a natural number relatively prime to (p − 1)(q − 1). state what numbers you choose to make public. .5. how messages should be encoded. and reducing modulo pq just gives us W back again. but the goal of the exercise is for you to understand every step of how the RSA system works and see it actually work with numbers. D. What number should be called the encoding exponent and what number should be called the decoding exponent? The next exercise asks you to develop an RSA Public Key Coding System using an actual pair of primes. Exercise. The next exercise asks you to put the pieces together. Describe an RSA Public Key Code System based on the primes 11 and 17. and how messages are decoded. Then W ED ≡ W (mod pq). 5.6. the ED power. Theorem.4. Exercise. 5. It is neat to see all these steps and to see that you can encode and decode actual numbers. State what numbers you choose to make public.PUBLIC KEY CODES AND RSA 65 Notice how this next theorem has a conclusion that looks similar to theorems from Chapter 1 about linear Diophantine equations. Notice that the conclusion of the preceding theorem is that raising W to a certain power. Again. These primes might be slightly too small for any real value in applications. and how messages are decoded. 5.
namely the number 570. Suppose an RSA Public Key Coding System publishes n (which is equal to the product of two undisclosed primes p and q) and E.7. 5. the RSA system is ineﬃcient for encoding and decoding large amounts of data. 5. but only the receiver can decode. thereby saving countless people from the ﬁendish plot of the evil spy. The next exercise asks you to break an RSA code and save the world. How can you ﬁgure out the original message W ? Notice that the two previous exercises tell us that the RSA Public Key Coding System would be useless if it were possible to factor pq. Suppose someone wants to send a secret message and so encodes the message number W (less than n) by ﬁnding the number m less than n such that m ≡ W E (mod n). however. One is made public (the encoding key E). Using your superior number theory skills. the fun of being a spy is to break codes. Sharing such a key poses many potential problems.66 5. Such a system is said to use an asymmetrical key. with E relatively prime to (p − 1)(q − 1). and begin to spy. but require a symmetric key to be shared by the sender and receiver. Hard Problems The RSA encryption system actually has two keys. no person nor computer in the world knows how to factor pq. Encryption methods such as AES (Advanced Encryption Standard) are much more eﬀecient. pull out your magnifying glass. In practice. So we have . as opposed to a symmetrical key where the same key is used to both encrypt and decrypt. Exercise. when p and q are primes containing several hundred digits each. Exercise. It is interesting that such a simple process as factoring lies at the heart of secret codes on which billions of dollars of secure transactions rely. PUBLIC KEY CRYPTOGRAPHY Of course. An evil spy with shallow number theory skills uses the RSA Public Key Coding System in which the public modulus is n = 1537. The next exercise asks you to explain in general how you can break RSA codes if you are able to factor n. decode this message. You are a secret agent. Suppose you intercept this number m and you are able to factor n. So get on your trench coat. You intercept one of the encoded secret messages being sent to the evil spy. The asymmetrical public key allows anyone to encode messages. and the encoding exponent is E = 47.8. and the other is kept private (the decoding key D). Factoring sounds like a simple process.
Two quantities are made public: a prime number p. and is explored further in the next chapter. she encrypts her AES key. g 2. But factoring is not the only hard mathematical problem used for public key exchange. . then use the decrypted AES key to decrypt the AES encoded message. could then be used for a symmetric key system like AES).HARD PROBLEMS 67 • AES: eﬃcient. Finally. for example. and Bob takes Alice’s public value and computes (g a)b (mod p). g p−1} form a complete residue system modulo p. using Bob’s public RSA encoding key. the only way to ﬁgure out the shared key is to obtain the secret values a and b. In practice.2GHzOpteronCPU years of work (which occurred over about 5 months of calendar time). say a and b. We’re not exactly sure what that statement means. So in this regard. So the problem becomes: given the public values g and g a . Such a g is called a primitive root modulo p. they have a shared key (which. Then. • RSA: ineﬃcient. Alice then makes public her value g a (mod p). RSA is primarily used as a method of key exchange. and an integer g < p which has the property that {0. she encrypts M using a randomly chosen AES key. Graduate student Whitﬁeld Diﬃe and his advisor Martin Hellman developed a public key exchange system based on the hard mathematical problem of computing “logarithms modulo p. Alice and Bob can now compute their shared secret key: Alice takes Bob’s public value and computes (g b)a (mod p). How secret is it? Essentially. . . but uses a public key. Suppose Alice and Bob wish to share a secret key (which will simply be a number). but it sure makes factoring sound hard. Alice then sends Bob two items: her AES encoded message and her RSA encryted AES key. the two methods are often combined to take advantage of their positive qualities (the eﬃciency of AES and the public key of RSA). Since (g b)a ≡ g ba ≡ g ab ≡ (g a)b (mod p). How hard? According to the RSA Laboratories website. . The security of the RSA encryption system relies on the fact that factoring is hard. These numbers are not made public. g. Bob can easily decrypt the AES key (using his private RSA decryption key). and Bob makes public his value g b (mod p). Some of the earliest work on public key exchange methods occurred in the mid 1970’s at Stanford University. it was reported in November of 2005 that a 193 digit integer was factored after 30 2. Alice and Bob each choose a private value. If Alice wishes to send a message M to Bob. Next. but requires a shared key.” It works as follows.
the values a and b must be found. The point P is then an ordered pair P = (x. there is a natural way to “add” two points on the curve and obtain a third point. It is a good exercise to check that P = (17. For example. When mathematicians were working . determine the secret value a. For a third party to discover their secret key. certain objects are made public: the elliptic curve. The prime p speciﬁes where the coeﬃcients b and c in the equation of our curve are coming from. In the mid 1980’s Victor Miller and Neal Koblitz independently proposed using mathematical objects called elliptic curves to generate public key codes. .68 5. an elliptic curve might be given by an equation of the form y 2 = x3 + bx + c. a prime number p. 1. ﬁnd a. Namely. where b and c are chosen from an appropriate set of numbers.e. a terms and Bob makes public bP . That is. 13) is in fact a “point” on the curve (there are actually 23 “points” on this curve modulo 23). This is the discrete logarithm problem for elliptic curves modulo p. What is special about these curves is that they come with an arithmetic as well. and a “point” P on the elliptic curve. This is called the discrete logarithm problem modulo p. that is. 2. y) where x and y are integers modulo p which satisfy the curve’s equation modulo p. An elliptic curve is a plane cubic curve. For example. x and y satisfy y 2 ≡ x3 + bx + c (mod p). p − 1}. . The group of integers modulo n are not the only source of mathematics making its way into public key cryptography. consider the following curve with coeﬃcients coming from the set of integers modulo 23 (so p = 23): y 2 = x3 + x. Alice uses her secret value a to compute a public “point” aP = P + P + · · · + P . So the problem becomes: given the public quantities P and aP . . These public key coding systems use abstract results in number theory to do the very practical work of sending messages over the internet. they come from the set of integers modulo p. As with DiﬃeHellman. PUBLIC KEY CRYPTOGRAPHY (mod p). They can then compute their shared secret key a(bP ) = (ab)P = (ba)P = b(aP ). and it is believed to be just as diﬃcult as the factoring problem associated with RSA. . and is currently considered a harder problem than the discrete logarithm problem for the integers modulo p that provides the security for DiﬃeHellman. i. the set {0.
they had no notion that their work would have any practical applications. Practical applications will inevitably follow. Public key cryptography is a prime example of how important it is for human beings to continue to explore ideas in mathematics and science with the only goal being to seek and develop the beauty of ideas. lived hundreds of years ago. .HARD PROBLEMS 69 on the underlying number theory. whose theorems are crucial to the public key coding messages we developed in this chapter. They found the number theory results beautiful and interesting. Often mathematics has been developed without applications in mind and then later those insights are discovered to be crucial to some very important practical issue. Fermat and Euler.
.
we will derive a “mod p” version of it due to Lagrange. 71 . Let an xn + an−1 xn−1 + . encountering some fascinating new mathematics along the way. A key step in the decoding process was our ability to solve the congruence xE ≡ m (mod pq). Rather. + a0 if and only if f (r) = 0. but are congruent using an appropriate modulus. We will not attempt to give a proof here of the Fundamental Theorem of Algebra. Recall that r is a root of the polynomial f (x) = an xn + an−1 xn−1 + . Among other things. . Lagrange’s Theorem. . Deﬁnition. .CHAPTER 6 Polynomial Congruences and Primitive Roots Higher Order Congruences The RSA coding system embodies a beautiful application of Euler’s Theorem. but is the same except for the constant term of f (x) and the constant term of (x − r)g(x). . In this Chapter and the next we continue the study of solutions to polynomial congruences of higher degree. Do you remember how to do long division with polynomials? 6. .1. This next theorem is very similar to the one above. + a0 has no more than n roots. . but in this case (x − r)g(x) is not quite equal to f (x). Theorem. One of the most basic theorems about polynomials is the Fundamental Theorem of Algebra.+ a0 be a polynomial of degree n > 0 with integer coeﬃcients and assume an = 0. Those constant terms are not the same. it tells us that an nth degree polynomial f (x) = an xn + an−1 xn−1 + . This may have been our ﬁrst example of a polynomial congruence of degree greater than 1 (recall we covered linear congruences back in Chapter 3). This ﬁrst theorem does not have any modular arithmetic in it. Then an integer r is a root of f (x) if and only if there exists a polynomial g(x) of degree n − 1 with integer coeﬃcients such that f (x) = (x − r)g(x). where E was the encoding exponent and m was the encoded word.
you may remember something like the . Let’s begin by proving that the order of a is the same as the order of ai if i is relatively prime to the order. However. Fermat’s Little Theorem tells us that if we raise a natural number a less than a prime p to the p − 1 power. + a1 x + b0 where a0 ≡ b0 (mod p).4. puts a limit on how many incongruent natural numbers can have the same order modulo p.5. recall the theorem that if p is a prime and k is a natural number less than p. Theorem. Let p be a prime number and r an integer. . In this case. Theorem. In fact.+a0 is a polynomial with integer coeﬃcients and an = 0. for some natural numbers a. then f (x) ≡ 0 (mod p) has at most n noncongruent solutions modulo p. Of course. The preceding theorem gives us a whole collection of numbers that have the same order modulo p. 6. . Then for each natural number i with (i. . + a0 be a polynomial of degree n > 0 with integer coeﬃcients and an = 0. Theorem (Lagrange’s Theorem). Suppose p is a prime and ordp (a) = d. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS 6.72 6. then ordp (k)(p − 1). ordp (ai) = d. 6. if f (r) ≡ 0 (mod p). If p is a prime and f (x) = an xn +an−1 xn−1 +. You might notice that a natural number k of order d modulo a prime p is a solution of the congruence xd ≡ 1 (mod p). by contrast. The ﬁnal theorem of this section is a generalization of the Fundamental Theorem of Algebra in the setting of polynomials modulo a prime. It is always a good idea to review the proof or the main steps of the proof when you recall a theorem. For a prime p and natural number d.2. Primitive roots.3. the result is congruent to 1 modulo p. Recall that we earlier proved some theorems concerning the number of incongruent solutions that an equation of degree d could have modulo p. Recall that the order of any integer modulo p is less than p. . In this section. there exists a polynomial g(x) of degree n − 1 such that (x − r)g(x) = an xn + an−1 xn−1 + . Let f (x) = an xn + an−1 xn−1 + . at most φ(d) incongruent integers modulo p have order d modulo p. . The next theorem. raising a to lower powers may also result in a number congruent to 1 modulo p. you will explore the orders of elements in more detail. d) = 1. 6. Then. Theorem. there are many natural numbers d in the above theorem for which there are no numbers with that order modulo p. .
. We state that theorem here. By deﬁnition of order. . Since kp−1 ≡ 1 (mod p). . We know that every natural number k less than p has an order d that divides p − 1. . So we could list the divisors d of p − 1 and for each such d we notice that at most φ(d) of the numbers 1. g p−1} forms a complete residue system modulo p. kordp (k) ≡ 1 (mod p) and no lower power of k is congruent to 1 modulo p. we know that the order of every integer divides p − 1. If you get in the habit of remembering sketches of proofs like the above every time you recall a theorem. namely p − 1. Exercise.7. 2. has special signiﬁcance. Therefore. Theorem. Then the set {0. Theorem. In fact. Deﬁnition. Your exploration of the ﬁrst few primes might suggest to you that every prime has at least one primitive root. . As usual. g2. and you may be able to think of a proof of it now. An integer whose order is as large as possible. 6. . g. Returning now to the orders of elements modulo a prime p. One approach to proving the existence of primitive roots for a prime p is to put together a few of the ideas we already know. k2 ordp (k) ≡ 1 (mod p) and k3 ordp (k) ≡ 1 (mod p) and . For each of the primes p less than 20 ﬁnd a primitive root and make a chart showing what powers of the primitive root give each of the natural numbers less than p. because. that is true.8. p − 1 have order d and . ideas become more meaningful if you look at actual numerical examples. however.6. then soon the proofs and the theorems will become much more real and immediate to you.. You proved that for any divisor d of p − 1. 3.. g 3. We will investigate those theorems in the next section and then return to this theorem about primitive roots. there are some preliminary theorems about the Euler φfunction that will help us to prove the existence of primitive roots. Let p be a prime. ki ordp (k) ≡ 1 (mod p) and no intermediate powers are congruent to 1 modulo p. 6. Every prime p has a primitive root. its powers give every nonzero member of a complete residue system modulo p.HIGHER ORDER CONGRUENCES 73 following key ideas. as you will soon prove. at most φ(d) incongruent numbers have order d modulo p. An integer g such that ordp (g) = p − 1 is called a primitive root modulo p.. 6. then some multiple of ordp(k) must equal p − 1. We ﬁrst give such numbers a name and then prove that theorem.. Let p be a prime and suppose g is a primitive root modulo p.
6. 3. 11. For each divisor d = 1. For the moment. 10. Exercise. 4. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS systematically cross the order d numbers oﬀ the list. 7. d12 This example is suggestive of a more general relationship between the Euler φfunction and the divisors of a natural number. Compute each of the following sums. Notice in the above exercise that there are φ(d) numbers of order d for each d. 6. mark which of the natural numbers in the set {1.10. 3. 5. add up those values and look for a pattern. 2. We will write φ(d) dn for the sum of the Euler φfunction of the natural number divisors of the natural number n. 4. 12} have order d. 9. So. (1) d6 φ(d) φ(d) d10 (2) (3) d24 φ(d) φ(d) d36 (4) (5) d27 φ(d) Make a sweeping conjecture about the sum of φ(d) taken over all the natural number divisors of any natural number n. each number from 1 to 12 has some order. . the previous observation can be written φ(d) = 12. Of course. Euler’s φfunction and sums of divisors. 8. 6. which we will explore in the next section. φ(1) + φ(2) + φ(3) + φ(4) + φ(6) + φ(12) = 12. let’s not think about primes and primitive roots and instead just look at any natural numbers. Let’s try this strategy with the prime p = 13. for example. Consider the prime p = 13. take the Euler φfunction of each divisor.74 6.9. 2. 6. 12 of 12 = p−1. Exercise. The ﬁrst exercise below asks you to look at all the natural number divisors of a natural number. So in the case of 12. A more compact way of writing the above sum is to use summation notation.
6.HIGHER ORDER CONGRUENCES 75 Your sweeping conjecture is. dp You can list all the divisors of powers of primes very speciﬁcally. 6. 6. Lemma. dpq The proof of the preceding lemma has allowed you to develop the insights that enable you to deal with the product of any two relatively prime natural numbers. then φ(d) = p. 6. If n is a natural number.13. then φ(d) = pk . there are not many divisors to consider. So that is the next case to tackle. If n and m are relatively prime natural numbers. then φ(d) · dm dn φ(d) = dmn φ(d). then φ(d) = pq. Lemma. dn .15. which is what you will do next. If p is a prime. If p is a prime. we adopt the strategy of seeing how to prove the conjecture for primes and then seeing how to compute it for products of primes. then φ(d) = n. true. so that simpliﬁes the situation. In the case of primes. in fact. So that is the next case that we ask you to prove. dpk To build up our understanding. Lemma.12. the easiest case that involves more than one prime would be a natural number that is the product of exactly two primes. If p and q are two diﬀerent primes. Theorem. 6. Lemma. Since every natural number larger than 1 is the product of primes.11.14. All the preceding lemmas allow you to ﬁnally prove your conjecture that the sum φ(d) dn will just equal the natural number that you started with.
. But in this case. . . So please verify the steps of the following diﬀerent approach to the same theorem. . n n n n all written in reduced form. we do not yet know how to compute the value of the Euler φfunction for an arbitrary natural number n. .76 6. . saw how to use it to prove a generalization of Fermat’s Little Theorem. Since every natural number larger than 1 is the product of primes.16. Theorem. . 10 5 10 5 2 5 10 5 10 1 Try to ﬁnd a natural onetoone correspondence between the reduced fractions and the numbers φ(d) for dn. . . and saw how it was used in the discussion of primitive roots. Once again. Make a conjecture about the value φ(p) for a prime p. 6. it is sometimes possible to see the same result from a diﬀerent point of view. . we adopt the strategy of seeing how to compute the Euler φfunction for primes and then we see how to compute it for products of primes. If you get stuck. we can prove that it has φ(p − 1) primitive roots. We’ll ﬁrst ask you to make and prove a conjecture about the value of the Euler φfunction of a prime. . in other words. Although we deﬁned the Euler φfunction. a power of a prime. Exercise. The next simpler kind of natural number is a product of primes where just one prime is involved. Having established the theorem that φ(d) = n. . . . dn we can now prove that every prime p has a primitive root. we ask you to make a conjecture and prove it about the value of the Euler φfunction for powers of primes. For a natural number n consider the fractions 1 2 3 n .18. Show how that observation provides a very clever proof to the preceding theorem. Every prime p has φ(p − 1) primitive roots.17. 6. Euler’s φfunction is multiplicative. there is a slick alternative proof to the above theorem. For example. In fact. Exercise. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS After thinking about an idea for a few hundred years.. Prove your conjecture. . with n = 10 we would have 1 1 3 2 1 3 7 4 9 1 . 6. The approach above is a clear strategy of doing simpler cases ﬁrst and putting them together to get the result. . which we thought you might enjoy.
. 6. 6. 2. k + m. By looking at examples and looking for patterns. Prove your conjecture. but it also counts the number of numbers in any complete residue system modulo n that are relatively prime to n.20. If n is a natural number. and m is an integer relatively prime to n.HIGHER ORDER CONGRUENCES 77 try just writing out the natural numbers 1. Write down all the natural numbers less than or equal to 36 = 9 · 4 in a rectangular array that is 9 wide and 4 high. then the set of n integers {k. Then circle those numbers in that array that are relatively prime to 36. 6.19. You might gain some insight by taking a few examples of relatively prime natural numbers m and n. 4. Theorem. . Make a conjecture about the value φ(pk ) for a prime p and natural numbers k. 6. That is. . Now. To do so. Theorem. . If n and m are relatively prime natural numbers. The previous two theorems can be used to prove the next theorem that states that the Euler φfunction of a product of relatively prime numbers is equal to the product of the Euler φfunctions of each. If n is a natural number and A is a complete residue system modulo n. then φ(mn) = φ(m)φ(n). . Try some other examples using relatively prime natural numbers. 6. k is an integer. we ﬁrst observe that the Euler φfunction counts relatively prime members of any complete residue system. Consider the relatively prime natural numbers 9 and 4. Exercise. Exercise. . . then the number of numbers in A that are relatively prime to n is equal to φ(n).21. . you can make and prove your conjecture for a formula that tells us φ(pk ). .23. pk for some primes p and small powers k and just circle those numbers on the list that are relatively prime to pk . 3... We can construct a complete residue system for a natural number n by taking an arithmetic progression of numbers where the steps are relatively prime to n..22. k + 2m. Our goal is to be able to compute the Euler φfunction for any natural number n. k + (n − 1)m} is a complete residue system modulo n. n} that are relatively prime to n. 2. prove the following theorem. . k + 3m. the Euler φfunction φ(n) counts the number of numbers in the set {1. 3. using the insights you have gained from the examples. Theorem.
Question. 6. that is.25. and n success is within our grasp. There are many other useful and interesting multiplicative functions in number theory. b. A solution could be called a kth root of b modulo n. Question. Compute each of the following. We can now compute the Euler φfunction of any natural number by taking its unique prime factorization. How many primitive roots does the prime 251 have? Roots modulo a number.26. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS Deﬁnition. To what power would you raise 15 to be certain that you would get an answer that is congruent to 1 modulo 98? Why? We can now compute the number of primitive roots of a prime. Our goal is to develop a technique using Euler’s Theorem for ﬁnding solutions to congruences of the form xk ≡ b (mod n). Exercise. 6. none of which will appear in this book. In Chapter 4 we investigated the process of repeated multiplication of numbers modulo another number. 6. Finding general solutions to congruences of this form is a diﬃcult task to accomplish. taking powers of numbers and reducing those powers modulo n.78 6. You . (1) φ(3) (2) φ(5) (3) φ(15) (4) φ(45) (5) φ(98) (6) φ(561141710) We can now be more speciﬁc about what powers of numbers will be congruent to 1 modulo n. Our work on orders of elements and primitive roots sheds some light on the nature of the set of solutions when n is a prime and b = 1. f (mn) = f (m)f (n). but for certain choices of k. The previous theorem could be restated by saying that the Euler φfunction is multiplicative. A function f of natural numbers is multiplicative if and only if for any pair of relatively prime natural numbers m and n. that is. ﬁnding kth roots of b modulo a number n.24. Finding a number that when multiplied by itself k times results in the number b modulo n translates into solving the congruence xk ≡ b (mod n).
Can you explain what happens? Now compute a17 (mod 15) for several choices of a. . You hopefully observed that depending on the choice of k. Does your previous explanation apply here too? The following theorem should capture your explanations from the last exercise. Theorem. 6. using paper and pencil.32. Consider the congruence x3 ≡ 7 (mod 10). n) = 1. The following theorem. 6. Exercise. Exercise. Consider the congruence x5 ≡ 2 (mod 7). one solution. Can you think of an appropriate operation we can apply to both sides of the congruence that would allow us to “solve” for x? If so. Try.31. Let’s begin by experimenting with actual numbers. (If you did not observe this go try more examples!) In the next exercise you are asked to make an observation (one that you may very well have made already) that will get us on track for developing a more systematic strategy for ﬁnding kth roots modulo n. asserts that such an exponent is always available.30. If a is an integers and v and n are natural number such that (a.3. to solve several congruences of the form xk ≡ b (mod 5) and xk ≡ b (mod 6). is the value obtained for x a solution to the original congruence? 6. which generalizes Theorem 5. Question. 6. φ(n)) = 1. 6. then avφ(n)+1 ≡ a (mod n). or more than one solution.HIGHER ORDER CONGRUENCES 79 have already seen instances of this technique in Chapter 5. 6. Question. Compute a9 (mod 5) for several choices of a. Can you think of an appropriate operation we can apply to both sides of the congruence that would allow us to “solve” for x? If so. and n in the previous exercise the congruence may have no solutions.29.27. If k and n are natural numbers with (k. is the value obtained for x a solution to the original congruence? You hopefully discovered that raising both sides of our congruence to an appropriately chosen exponent seems to always yield a solution. Theorem. Now let’s apply these observations to solve actual congruences. b. then there exist positive integers u and v satisfying ku = φ(n)v + 1. It is a straightforward and hopefully enlightening consequence of Euler’s Theorem.28.
Our experiments at the beginning of the section showed that a number can have multiple roots modulo another number.34. and n do you think are necessary for your method to produce a solution to the congruence xk ≡ b (mod n)? Make a conjecture prove it.37. our method not only ﬁnds a kth root modulo n. 6. n) = 1. Exercise. φ(n)) = 1 and (b. then xk ≡ b (mod n) has a unique solution modulo n. where u and v are positive integers such that ku = φ(n)v + 1. 6. . that is. then avφ(n)+1 ≡ a (mod n). The following two theorems assert that for squarefree numbers n. The numbers u and v are solutions to a linear Diophantine equation just like those we studied in Chapter 1. What hypotheses on k. that solution is given by x ≡ bu (mod n).33. (1) x7 ≡ 4 (mod 11) (2) x5 ≡ 11 (mod 18) (3) x7 ≡ 2 (mod 8) You have probably devised a method for ﬁnding a solution to a congruence of the form xk ≡ b (mod n). the hypothesis (b. 6. 6. numbers which are products of distinct primes. and n is a product of distinct primes. n) = 1 from Theorem 6. Exercise. but in fact ﬁnds the only kth root. Be sure to check that your answers are indeed solutions. Question. 6.80 6. Use your observations so far to ﬁnd solutions to the following congruences. but it also tells us how to ﬁnd it. Moreover. But the previous theorem asserts that under the given hypotheses. v is a ntural number. Theorem. Find the 49th root of 100 modulo 151.2. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS The previous theorem not only asserts than an appropriate exponent is always available.35.36. If b is an integer and k and n are natural numbers such that (k. b. The ﬁrst theorem is a generalization of Theorem 5. but the third congruence in the above exercise shows that this method does not always work. Theorem. If a is an integer.35 can be dropped.
SOPHIE GERMAIN IS GERMANE. In Chapter 7 we will consider in depth the special case of k = 2 and n a prime. This test just asserts that if ordp(a) is not a proper divisor of p − 1. Sophie Germain Is Germane. Theorem. But this is hardly a new insight. a p−1 f ≡ 1 (mod p). and k is a natural number such that (k. Theorem.40.39. Using our work on primitive roots modulo a prime we can prove the following ﬁnal result which tells us something about the number of roots a number can have modulo a prime. ﬁnding a primitive root modulo p is not completely straightforward. then xk ≡ b (mod n) has a unique solution modulo n for any integer b. b an integer. the prime 65537 has 37768 primitive roots (although the preceeding prime 65521 has only 13824 primitive roots). then a is a primitive root. From a practical point of view. PART I 81 6. For them we oﬀer Theorem (A Primitive Root Test). The powers of a primitive root produce a complete residue system that is often as useful as the canonical system. Let p be a prime. Exercise. performing this test requires factoring p − 1. Let p be a prime. 6. which can be a large proportion of the numbers modulo p. φ(n)) > 1 are much harder to come by. So trial and error is likely to produce a primitive root without much trouble. Part I Your work so far has hopefully convinced you of the usefulness of primitive roots modulo a prime p. If n is a natural number that is a product of distinct primes. which is a one of our “hard problems. ﬁnding a primitive root is a necessary ingredient in the DiﬃeHellman public key exchange described in the last chapter. In addition. We know that a prime p has φ(p − 1) primitive roots. Then a is a primitive root modulo p if and only if for all factors f of p − 1. For example. that solution is given by x ≡ bu (mod n). Moreover. φ(n)) = 1. 6. and k a natural number. Then the number of kth roots of b modulo p is either 0 or (k. where u and v are positive integers such that ku − φ(n)v = 1. Find the 37th root of 100 modulo 210. But trial and error is an irksome procedure to many mathematicians.38. p − 1).” . General solutions to the congruence xk ≡ b (mod n) when (k. But although their existence is guaranteed.
Sophie Germain (17761831) was a French mathematician who made wonderful contributions to number theory. Aware of the mathematical talent required to produce such work. focusing on primes of a special form can lead to interesting progress. 2899999517 is a primitive root for inﬁnitely many primes. although we cannot site a single example for which Artin’s Conjecture is true. The conjecture is still unproven. If you are ever proved wrong. we know that it suﬃces to show that the conjecture is true for just the primes. 5. it is known that at least one of the primes 3. we suggest you bet a dollar that 2899999517 is a primitive root for inﬁnitely many primes. she communicated much of her early work under the male pseudonym “Monsieur Le Blanc. Sometimes.” Under this pseudonym. Conjecture (Artin’s Conjecture). there is not a single integer satisfying the hypotheses of Artin’s Conjecture for which we know the conjecture to be true. If you are a betting person. Sophie Germain is credited with making one of history’s great advances towards a proof of Fermat’s Last Theorem. Although such a statment is not meant to imply that no progress has been made. In fact. 256203221. Sophie Germain studied the famous Fermat equation xq + y q = z q for primes q with the property that p = 2q + 1 is also prime. POLYNOMIAL CONGRUENCES AND PRIMITIVE ROOTS Unfortunately we do not have a recipe for conjuring up a primitive root for an arbitrary prime. For example. So for example. we know that there are no more than two exceptions. Fermat’s Last Theorem is the statement that there are no natural number solutions to the Diophantine equation xq + y q = z q when q is a natural number greater than 2. we’ll buy you a fancy dinner at the restaurant of your choice and a car. For cultural reasons of the period. Such primes are now known as Sophie Germain primes. Lagrange discovered her true identity and became a mathematical mentor to Sophie. but we can’t say for sure that 3 is or that 5 is or that 7 is! It’s also known that at least one of the primes 67867979. The mathematician Emil Artin (18981962) made a conjecture regarding primitive roots that would imply the following. Strangely. she submitted one of her early manuscripts to Lagrange. it suﬃces to show that every prime is a primitive root for inﬁnitely many other primes. But we have no idea what those exceptions might be. that is. . Every integer which is neither −1 nor a perfect square is a primitive root for inﬁnitely many primes.82 6. or 7 is a primitive root for inﬁnitely many primes.
SOPHIE GERMAIN IS GERMANE. since the order of any element must divide p − 1 = 2q. unfortunately.. In particular. . Miller showed there is at least one element we can always count on to be in this latter group. In a 1909 paper titled Methods to Determine the Primitive Root of a Number. which will then allow you to prove Miller’s theorem above and describe a satisfying symmetry among primitive roots and perfect squares modulo p in the world of Sophie Germain primes p. In the next Chapter we introduce the Law of Quadratic Reciprocity. −(q)2. −4 is a primitive root of every prime of this form. 2. There is only one element of order 1 (namely 1 itself). In fact. Then the complete set of primitive roots modulo p are −(2)2. and 2q. A. . PART I 83 The orders of elements modulo a prime p = 2q + 1. . −(3)2. And so the remaining elements split into those of order q and those of order 2q. it is still unknown whether or not there are inﬁnitely many Sophie Germain primes. G. q. So why didn’t Miller ﬁnd the ﬁrst example of an integer for which Artin’s Conjecture holds? Alas. . where q is also prime. Let p be an odd prime of the form p = 2q + 1 where q is an odd prime. He proved Theorem (Miller’s Theorem). are very restricted. we see that the only possible orders are 1. the latter being our primitive roots. and only one element of order 2 (namely p − 1).
.
2. and let b and c be integers. Then there exists a linear change of variable. As always.1. Theorem. where a is an integer and p is a prime. y = x + α with α an integer. we want to understand the congruence x2 ≡ a (mod p). we investigated congruences ax ≡ b (mod n). Let p be a prime and let a. b. “Which numbers are perfect squares modulo p and which are not?” This exploration of perfect squares modulo a prime p has fascinating insights that attracted the attention of some of the greatest mathematicians of all time. 7. In other words. any quadratic congruence modulo a prime can be replaced with a much simpler congruence. Theorem. We proved that we can ﬁnd at least one number x that satisﬁes that congruence if and only if (a. Then there are integers b and c such that the set of solutions to the congruence ax2 +bx+c ≡ 0 (mod p) is equal to the set of solutions to a congruence of the form x2 + b x + c ≡ 0 (mod p). Our goal is to understand which integers are perfect squares of other integers modulo a prime p.CHAPTER 7 The Golden Rule: Quadratic Reciprocity Quadratic Congruences We previously analyzed the solutions to all linear Diophantine equations modulo a number n. that is. n)b. That is. We seek to answer the question. Quadratic residues. namely where the modulus is a prime and the quadratic expression is just to square x. and c be integers with a not divisible by p. Our ﬁrst two theorems assert that our simplest quadratic congruences actually encompass all cases. our exploration of this question begins with the easiest case we can think of. 7. Now we investigate quadratics modulo n. congruences that involve an unknown that is squared. that is. The ﬁrst theorem below tells us that half the natural numbers less than an odd 85 . transforming the congruence x2 + bx + c ≡ 0 (mod p) into a congruence of the form y 2 ≡ β (mod p). Let p be a prime.
3. Then half the numbers not congruent to 0 modulo p in any complete residue system modulo p are quadratic residues modulo p and half are quadratic nonresidues modulo p. 2.4. Exercise. As usual. Question.7.5. . . 3. g 3. we have known that the product of a positive number and a positive number is positive. 12 are perfect squares modulo 13. Let p be a prime.. 7. If a is an integer and p is a prime and a ≡ b2 (mod p) for some integer b. Suppose p is an odd prime and p does not divide either of the two integers a or b.. Theorem. g 2. Quadratic residues and nonresidues are related similarly. . THE GOLDEN RULE: QUADRATIC RECIPROCITY prime p are perfect squares and half are not. quadratic residue.. it is a good idea to look at a speciﬁc example. You may want to do the following exercise with several primes. g 1. 7. Then .86 7. Can you characterize perfect squares modulo a prime p in terms of their representation as a power of a primitive root? Perfect squares modulo a prime p attracted so much interest from number theorists that such squares are given their own alternative name. . g (p−1)} forms a complete residue system modulo p. and the product of two negative numbers is positive. 7. Theorem. Determine which of the numbers 1. list the number or numbers in the set whose square is that number. then a is a quadratic nonresidue modulo p. Here is the deﬁnition. 7. Theorem. Let p be an odd prime. The following question asks you to rephrase your insight about perfect squares modulo a prime p in terms of their representation as the power of a primitive root.6. We can rephrase our previous theorem in terms of quadratic residues. Deﬁnition. For each such perfect square. . If a is not congruent to any square modulo p. From elementary school days. Then half the numbers not congruent to 0 in any complete residue system modulo p are perfect squares modulo p and half are not. This picture of the numbers modulo p is frequently valuable. To prove that theorem and some of the others in the chapter. Remember that every prime p has a primitive root g and the set {0. then a is called a quadratic residue modulo p. a positive times a negative is negative. 7. keep the idea of a primitive root in mind.
For an odd prime p and a natural number a with p not dividing a. 7. Then a is a quadratic residue modulo p if and only if a(p−1)/2 ≡ 1 (mod p).QUADRATIC CONGRUENCES 87 (1) if a and b are both quadratic residues modulo p.8. the Legendre symbol a p is deﬁned by a p = 1 if a is a quadratic residue modulo p. . Other numbers modulo p sometimes are and sometimes are not quadratic residues. Theorem (Euler’s Criterion). (2) if a is a quadratic residue modulo p and b is a quadratic nonresidue modulo p. Now we can express the preceding theorem using the Legendre symbol. −1 if a is a quadratic nonresidue modulo p. 7. Suppose p is an odd prime and p does not divide either a or b. but we can give a good description for when a number congruent to −1 modulo a prime p is a quadratic residue. then ab is a quadratic residue modulo p. This criterion can be abbreviated using the Legendre symbol: a(p−1)/2 ≡ a p (mod p). then ab is a quadratic residue modulo p. One of the mathematicians who studied quadratic residues modulo p was the French mathematician Legendre. Then ab p = a p b . He invented a symbol called the Legendre symbol that gives a value of 1 to quadratic residues and −1 to quadratic nonresidues. then ab is a quadratic nonresidue modulo p. and a is a quadratic nonresidue modulo p if and only if a(p−1)/2 ≡ −1 (mod p). p Our goal is to be able to take an integer a and determine whether it is a quadratic residue modulo a prime p or a quadratic nonresidue.9. Theorem. Suppose p is an odd prime and p does not divide the natural number a. depending on p. (3) if a and b are both quadratic nonresidues modulo p. Euler gave one method for determining whether a number is a quadratic residue that depends on raising it to the (p − 1)/2 power. Deﬁnition. The symbol is convenient because it lets us express theorems like the previous one is a compact way. The number 1 is always a quadratic residue. Here is the deﬁnition.
all primes are congruent to either 1 or 3 modulo 4.10. Theorem. p−1 2 a modulo p. . pr are primes each congruent to 1 modulo 4. . 7. We end this section with one ﬁnal application of Theorem 7. Theorem. . . . . 2 2 . what can you say about each prime factor of the number N = (2p1p2 · · · pr )2 + 1?) Gauss’ Lemma and quadratic reciprocity.. Or. . Gauss gave us a useful lemma which will allow us to proceed a little further with our strategy of analyzing particular numbers. . (Hint: If p1. Euler’s Criterion tells us that an integer a relatively prime to p is a quadratic residue modulo p if and only if a(p−1)/2 is congruent to 1 modulo p. There are inﬁnitely many primes congruent to 1 modulo 4. Then −1 is a quadratic residue modulo p if and only if p is of the form 4k + 1 for some integer k. . equivalently. Theorem (Inﬁnitude of 4k + 1 Primes Theorem). 0. 3a. . 2a. 7. But the computation of a(p−1)/2 modulo p for a general value of a is a nontrivial task. So let’s think about producing a product that will have a(p−1)/2 in it. . THE GOLDEN RULE: QUADRATIC RECIPROCITY 7. You proved that inﬁnitely many primes are congruent to 3 modulo 4. .12. 1. .88 7. The following theorem identiﬁes the square roots of −1 modulo p when p is congruent to 1 modulo 4. Let k be a natural number and p = 4k + 1 be a prime congruent to 1 modulo 4. Then (±2k!)2 ≡ −1 (mod p). (mod 4).. It will be useful to have in mind a proof strategy that we found useful for proving Fermat’s Little Theorem and Euler’s Theorem. Except for the prime 2. −1. In Chapter 2 you proved there are inﬁnitely many primes. These numbers are distinct modulo p (do you recall why?) and each is congruent to a member of the complete residue system {− p−1 p−1 . . . Consider the numbers a. · (p − 1)a and gathering the a’s to get the factor a(p−1). Let p be an odd prime. One proof of Fermat’s Little Theorem involved multiplying 1a · 2a · 3a · . but probably did not show that inﬁnitely many primes are congruent to 1 modulo 4. −1 p = 1 −1 if p ≡ 1 if p ≡ 3 (mod 4). p2. }.11.10. Euler’s criterion worked well for analyzing whether or not −1 is a quadratic residue or quadratic nonresidue. .
For example. 5. 0. 2 2 p−1 )!. 37.. 13. r (p−1) the representatives of a. . 103. 19. 7. Let p be a prime and a an integer not divisible by p.. 61. Theorem (Gauss’ Lemma). in the complete residue system p−1 p−1 {− . 67. tells us that 3 is a quadratic residue modulo 11. Let g be the number of negative representatives of a. . regardless of which complete residue system they come from. . . by Euler’s Criterion. 97. consider the case of a = 3 and p = 11. 11. Here are the ﬁrst primes for which 2 is a quadratic residue: 7. 89. . . 0. 79. 71. . 59. . 113. 1. 43. 23. 127. Here are the ﬁrst primes for which 2 is a quadratic nonresidue: 3. . 1. . Lemma. 2 p−1 2 a 2 (p−1) 2 = 5. . . 29. }. Let p be a prime.) 7. The following lemma asserts that it was not just a coincidence that we obtained 5! on both sides of the congruence. . 47. (Hint: It suﬃces to show that we never have ri ≡ −rj (mod p) for some i and j. 83. . p−1 2 a in the complete residue We now apply Gauss’ Lemma to characterize those primes p for which 2 is a quadratic residue. or 35 · 5! ≡ 5! (mod 11). system {− p−1 . 2a. 101. Then 2 2 a p = (−1)g . . . 109. p−1 }. . . r2. and r1. 107. . . . so you might enjoy trying to devise your criterion before looking at the next question. . Since 5! is not divisible by 11 we may cancel it from both sides to obtain 35 ≡ 1 (mod 11) which. −1. are congruent modulo p. 53.QUADRATIC CONGRUENCES 89 The product of these numbers. 17. . so congruence 3 · 2(3) · 3(3) · 4(3) · 5(3) ≡ 3 · −5 · −2 · 1 · 4 (mod 11). 41. . . Consider the following data and make a conjecture about what criterion the primes p satisfy for which 2 is a quadratic residue modulo p.13. . 2a. 73. The question after the data gives you a hint. . 31. −1. .14. We obtain the Then r1 · r2 · . · r (p−1) = (−1)g ( 2 where g is the number of ri’s which are negative. . a an integer not divisible by p.
but that q p = q p = . Make a conjecture.90 7. Let p be an odd prime. then 2 p = 1 −1 if p ≡ 1 or 7 if p ≡ 3 or 5 (mod 8). For example. Question. 3 p You might fear that we will proceed to analyze . Values of for p across the top and q down the side. Make another table that shows when p q = 1. 7. Table 1 shows indicates that and when p q 7 3 p q 3 7 p q and q p . Theorem. then 5 p . then whether p is a quadratic residue modulo q and whether q is a quadratic residue modulo p are related. Does the prime’s residue class modulo 4 determine whether or not 2 is a quadratic residue? Consider the primes’ residue class modulo 8 and see whether the residue class seems to correlate with whether or not 2 is a quadratic residue. so it is natural to consider the residues of p and q modulo 4 while investigating the relationship between 7. and so on for ever. THE GOLDEN RULE: QUADRATIC RECIPROCITY 3 3 5 7 11 13 17 19 23 29 31 37 41 43 47 −1 −1 1 1 −1 −1 1 −1 −1 1 1 −1 1 5 −1 −1 1 −1 −1 1 −1 1 1 −1 1 −1 −1 7 11 13 1 −1 1 −1 1 −1 1 −1 −1 −1 −1 −1 −1 −1 1 1 1 −1 −1 −1 1 1 −1 1 1 −1 −1 1 1 −1 −1 −1 −1 −1 1 1 1 −1 −1 p q 17 19 −1 1 −1 1 −1 −1 −1 −1 1 −1 1 1 −1 −1 −1 −1 −1 1 −1 −1 −1 −1 1 −1 1 −1 23 −1 −1 1 1 1 −1 1 1 −1 −1 1 1 −1 29 −1 1 1 −1 1 −1 −1 1 31 1 1 −1 1 −1 −1 −1 1 −1 −1 −1 −1 −1 1 1 −1 1 −1 1 −1 −1 1 −1 −1 37 1 −1 1 1 −1 −1 −1 −1 −1 −1 41 −1 1 −1 −1 −1 −1 −1 1 −1 1 1 43 1 −1 1 −1 1 1 1 −1 −1 −1 −1 1 47 −1 −1 −1 1 −1 1 1 1 −1 1 1 −1 1 Table 1. Exercise. 7. then 4 p .17.16. however.15. If you have two odd primes p and q. (mod 8). questions of being a perfect square modulo p are related to what p is modulo 4 or 8. for the ﬁrst several odd primes. The shortcut occurs by making an observation about pairs of primes. As we have seen in the cases of −1 and 2. the table = −1. . there is a shortcut. fortunately.
Let p and q be odd primes.18.QUADRATIC CONGRUENCES 91 p q 7. . compute 1248 93 a p . Equivalently.) Putting together all our insights. Sometimes we can obtain general expressions for certain square roots. then ab p = a p b p .20.” and q p 7. if p ≡ 3 (mod 8) or p ≡ 5 (mod 8) if p ≡ 1 (mod 4) or q ≡ 1 (mod 4). Find all the quadratic residues modulo 23. The Law of Quadratic Reciprocity allows us to determine whether or not an integer is a perfect square modulo a prime p.11. we can write one theorem called the Law of Quadratic Reciprocity that will allow us to determine for any integer whether or not it is a quadratic residue modulo a prime p. show how to ﬁnd To illustrate your method. But there is no known algorithm for doing that in general. if p ≡ 3 (mod 4) if p ≡ 1 (mod 8) or p ≡ 7 (mod 8). and some other examples. show how you can determine whether a number a is a quadratic residue modulo p. Theorem (Quadratic Reciprocity Theorem (Reciprocity Part)). then (1) (2) −1 p 2 p p q = = 1 −1 if p ≡ 1 (mod 4). Theorem (Law of Quadratic Reciprocity). Let p and q be odd primes. Given a prime p. Can you make a conjecture about the relationship between depending on p and q. Exercise (Computational Technique). Exercise. Recall that we proved that if p is an odd prime and p does not divide a or b. if p ≡ q ≡ 3 (mod 4). 7. 7.19. then p q = q p q p if p ≡ 1 (mod 4) or q ≡ 1 (mod 4). q p (3) = 1 −1 q p − if p ≡ q ≡ 3 (mod 4). That fact along with the Law of Quadratic Reciprocity lets us develop an eﬀective technique for determining for any integer a whether or not it is a quadratic residue modulo the prime p. 2 p − (Hint: Try to use the techniques used in the case of . however. like we did in Theorem 7. it does not help us to actually ﬁnd the square roots.21. Exercise. Your conjecture is called “quadratic reciprocity.
0 < a < p − 1. 15. In fact. respectively. then p − 1 = 2q. as the mirror image of a primitive root is a quadratic residue. and q is also prime. 14. 12. 16. yielding the numbers 2. Let’s illustrate the above theorem by looking at the example furnished by the primes q = 11 and p = 23. If p is a prime. the order of any integer a relatively prime to p must divide p − 1. 4. . 6. We know that for any prime p. 14. 13. 21 (mod 23). 18. . 18 (mod 23) (the number 1 is a quadratic residue as well. where those with order 2q are the primitive roots modulo p. 6. 4. 2. Let p be a prime of the form p = 2q + 1 where q is a prime. So we conclude that every natural number a with 1 < a < p − 1. but is not one of order q). 12. A second and more subtle observation we might make about the above list of numbers modulo 23 has to do with symmetry. 5. 3. 15. Then every natural number a. 7. It follows that the primitive roots modulo 23 must be given by 5. 13. 3. q. .22. 8. In exercise 7. This symmetry is a consequence of a more general property shared by primes arising from odd Sophie Germain primes. According to the above theorem. Euler’s Criterion can help us characterize the elements of order q. 9. 7.21 you computed the quadratic residues modulo 23. 23 is a Sophie Germain prime since 47 = 2 · 23 + 1 is also prime. p = 2q + 1. 20. . each of the numbers 2. must have order either q or 2q. THE GOLDEN RULE: QUADRATIC RECIPROCITY Sophie Germain is germane. 19. 20. is either a quadratic residue or a primitive root modulo p. so the elements modulo p have orders either 1. 9. or 2q (since these are all the possible divisors of p − 1). 16. 19. which is a complete list of all numbers from 2 to 21 modulo 23. 17. Theorem. 21 (mod 23). . 10. putting together the list of primitive roots (in bold) and the list of quadratic residues greater than 1 (underlined). 17.92 7. 3. Part II. If you imagine a vertical line dividing the list between the numbers 11 and 12. it might be better described as “antisymmetry”. Recall from Chapter 6 that a Sophie Germain prime is a prime q for which p = 2q + 1 is also prime. For example. 10. the only elements of order 1 and 2. 11. a certain sort of mirror symmetry appears. And in fact. 11. 7. and vice versa. we have 2. 8. We know that 1 and p − 1 are. 21 is either a quadratic residue of order 11 (= q) modulo 23 or a primitive root modulo 23.
7. . −1. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Theorem. Theorem. 2 Now we start to deal with primes p that arise from Sophie Germain primes. 7. 32. We saw the statement of this fact in Miller’s Theorem in Chapter 6. Here we ask you to prove some theorems that will allow you to prove Miller’s Theorem. Theorem. Here we list all the integers modulo p that are not primitive roots modulo p.23. Theorem.25. Theorem. 22. . ..28. Let p be a prime of the form p = 2q + 1 where q is an odd prime. −32. Let p be a prime and let i and j be natural numbers with i = j satisfying 1 < i. j < p . . Then the complete set of numbers that are not primitive roots modulo p are 1. Let p be a prime congruent to 3 modulo 4. Then p ≡ 3 (mod 4). 7.24.QUADRATIC CONGRUENCES 93 7. . Let a be a natural number with 1 < a < p − 1. The next theorem describes the symmetry between primitive roots and quadratic residues for primes arising from odd Sophie Germain primes. Then i2 ≡ j 2 (mod p). Then a2 is not a primitive root modulo p. Theorem. Theorem. 7. Then a is a quadratic residue if and only of p − a is a primitive root modulo p. Let p be a prime of the form p = 2q + 1 where q is an odd prime. Then the complete set of primitive roots modulo p are −22 . We ﬁrst note that perfect squares cannot be primitive roots modulo p for any prime p. Then a is a quadratic residue modulo p if and only if p − a is a quadratic nonresidue modulo p. .26. Let p be a prime and a be an integer. Next we see that natural numbers less than half a prime p cannot yield equivalent squares modulo p. . 7. q 2. Let p be a prime of the form p = 2q + 1 where q is an odd prime. −q 2. 7. 1 < a < p − 1.27. Now we can prove Miller’s Theorem that characterizes the primitive roots of a prime that arises from a Sophie Germain prime. .29. Let a be a natural number. An attractive property of primes that arise from Sophie Germain primes is that they have primitive roots that we can actually compute.
Exercise. these special primes are rare.30.31. . Exercise. Of course. Verify that the primitive roots modulo 23 that we listed earlier in this section are in fact the same as those given by Miller’s Theorem. 7. We are able to analyze primes that arise from Sophie Germain primes successfully because we have such useful information about the prime factorization of p − 1. List the primitive roots and quadratic residues modulo 47. So many questions remain about how to ﬁnd and describe primitive roots and perfect squares modulo more general primes. THE GOLDEN RULE: QUADRATIC RECIPROCITY 7.94 7.
Deﬁnition. Theorem. If (a. Information about squares modulo p can help us to understand actual numbers and equations in addition to modular numbers and congruences. c) satisfying a2 + b2 = c2 is called a Pythagorean triple. and the Law of Quadratic Reciprocity will help us ﬁnd an answer. Pythagorean triples. we consider only its integer solutions. we turn one of the most famous recent results of number theory. and Fermat’s Last Theorem Congruences to Equations The Law of Quadratic Reciprocity gives us a neat view of which numbers are squares modulo a prime p. that is. Finally. c) is a Pythagorean triple. 95 . Due to the close relationship with right triangles. b. the values a and b in a Pythagorean triple will sometimes be referred to as the legs. The Pythagorean Theorem asserts that the sum of the squares on the legs of a right triangle equals the square on the hypotenuse. the lengths of the sides of a right triangle always provide a solution to the equation x2 + y 2 = z 2 by substituting the lengths of the legs for x and y and the length of the hypotenuse for z. Said another way. 8. In this chapter and the next we turn from quadratic congruences to quadratic (and higher order) Diophantine equations. A triple of three positive integers (a.1. In this section we consider the above quadratic as a Diophantine equation. There are no Pythagorean triples in which both legs are odd. Some of the questions will lead us to ask which numbers can be written as sums of squares. Fermat’s Last Theorem.CHAPTER 8 Pythagorean Triples. and the value c as the hypotenuse. then at least one of a or b is even. b. We start with a quadratic equation we should all have some familiarity with from its connections to right triangles and the Pythagorean Theorem. Sums of Squares.
(s2 − t2 ).4. then (da. 13). Lets begin by just ﬁnding a few. Theorem.5.2.96 8. and c have no common factor. Deﬁnition. dc) is also a Pythagorean triple. 8. b. Theorem. A Pythagorean triple (a. one square (x + y)2 equals another square (x − y)2 plus something that we wish were a square. db. namely 4xy. the legs cannot both be even either. We saw earlier that no Pythagorean triple has both legs odd. 12. c) is any Pythagoren triple and d is any natural number. but for primitive Pythagorean triples. 5) and (5. It comes from looking at some simple algebra from high school. So we have a relationship that looks almost like a Pythagorean triple. 8. How could we ensure that 4xy is a square? Simple. (s2 + t2 )) is a Pythagorean triple. It turns out that there is a method for generating inﬁnitely many Pythagorean Triples in an easy way. Remember that (x + y)2 = x2 + 2xy + y 2 and (x − y)2 = x2 − 2xy + y 2 . This kind of analysis leads to the following theorem. b. Then (2st. Find at least ﬁve primitive Pythagorean triples. 8. if (a. just choose x and y to be squares. one leg is even.3. 8. Namely. Pythagorean triples that are not simply multiples of smaller Pythagorean triples have a special designation. SUMS OF SQUARES. 4. Exercise. b. namely. Make a note of your methods. The diﬀerence between the two is 4xy. but there are inﬁnitely many. and the hypotenuse is odd. In any primitive Pythagorean triple. AND FERMAT’S LAST THEOREM The most famous Pythagorean triples are (3. Exercise. Let s and t be any two diﬀerent natural numbers with s > t. Find at least seven diﬀerent Pythagorean triples. You may have discovered how to generate new Pythagorean triples from old ones through multiplication. . one leg is odd. c) is said to be primitive if a. There are inﬁnitely many primitive Pythagorean triples. so let’s start by ﬁnding a few. PYTHAGOREAN TRIPLES.
and c = (s2 + t2 ). In every primitive Pythagorean triple. respectively. b.CONGRUENCES TO EQUATIONS 97 The preceding theorem lets us easily generate inﬁnitely many Pythagorean triples. Exercise. Then. b. As a hint to the proof. Lemma. but. one even and one odd. Let (a. . 8. Make a conjecture that describes those natural numbers that can appear as legs in a primitive Pythagorean triple. but in fact every odd number and every multiple of 4 occurs as a leg in a Pythagorean triple. Theorem (Pythagorean Triple Theorem).6.8. such that a = 2st. in fact. 8. Any odd number greater than 1 can occur as a leg in a primitive Pythagorean triple.9. Using the above formulas make a lengthy list of primitive Pythagorean triples.10. c) be a primitive Pythagorean triple where a is the even number. and c odd. say. 8. 8. every primitive Pythagorean triple can be generated by choosing appropriate natural numbers s and t and making the Pythagorean triple as described in the preceding theorem. Theorem. The formulas given in the Pythagorean Triple Theorem allow us to investigate the types of numbers that can occur in Pythagorean triples. c) be a triple of natural numbers with a even. Let (a. Exercise. Let’s start our investigation by looking at examples. 8. one leg is an odd integer greater than 1 and the other is a positive multiple of 4. We’ll begin by looking at the legs and then think about the hypotenuse later. This observation does not tell us which odd numbers are allowable or which multiples of 4 occur. s2 and t2 . (a. 8.7. we make a little observation. Theorem. and s and t are relatively prime. b odd.11. b = (s2 − t2 ). So now we can completely characterize all primitive Pythagorean triples. You might have come up with the following theorem. Then c+b 2 and c−b 2 are perfect squares. c) is a primitive Pythagorean triple if and only if there exist relatively prime positive integers s and t. b.
that is.15.14. The fact that every prime congruent to 1 modulo 4 is expressible as the sum of two squares is more challenging to prove.13. To analyze what numbers can occur as the hypotenuse of a primitive Pythagorean triple is a bit trickier. Sums of squares. Let p be a prime and let a be a natural number not divisible by p. Your conjecture likely singles out those primes that are congruent to 1 modulo 4.98 8. SUMS OF SQUARES. Let p be a prime such that p = a2 + b2 for some natural numbers a and b. 8. Theorem. Then p can be written as the sum of two squares of natural numbers if and only if p = 2 or p ≡ 1 (mod 4). try applying the following lemma to a square root of −1 modulo p. Any positive multiple of 4 can occur as a leg in a primitive Pythagorean triple. The question we seek to answer is. Theorem. −1 is a quadratic residue. for which numbers n does the Diophantine equation x2 + y 2 = n have a solution? As usual we will ﬁrst investigate the case of primes. . Theorem. To prove the second theorem. It amounts to investigating the general problem of representing numbers as sums of two squares. PYTHAGOREAN TRIPLES. Lemma. The ﬁrst is a much simpler theorem to prove than the second. For primes congruent to 1 modulo 4. Then √ there exist integers x and y such that ax ≡ y (mod p) with 0 < x. Let p be a prime. Then either p = 2 or p ≡ 1 (mod 4). Which ones can be written as the sum of two squares? Make a conjecture about which primes can be written as the sum of two squares of natural numbers. Question. there is some natural number a such that a2 is congruent to −1 modulo p. There are really two theorems here and we will state them separately below. As you work to prove this result in the next few theorems it is worthwhile to recall another theorem you recently proved about primes that are congruent 1 modulo 4. 8. y < p. Make a list of the ﬁrst ﬁfteen primes and write each as the sum of as few squares of natural numbers as possible. for any prime p that is congruent to 1 modulo 4.12. 8. AND FERMAT’S LAST THEOREM 8.
8. Exercise.19. .) Knowing which primes can be written as the sum of two squares is a great start.CONGRUENCES TO EQUATIONS 99 8.17. We need a strategy for moving from primes to products of primes.21. For each of the following numbers. A natural number n can be written as a sum of two squares of natural numbers if and only if every prime congruent to 3 modulo 4 in the unique prime factorization of n occurs to an even power. If an integer x can be written as the sum of two squares of natural numbers and an integer y can be written as the sum of two squares of natural numbers. We give the most general result next. then xy can be written as the sum of two squares of natural numbers. Let p be a prime such that p ≡ 1 (mod 4). (i) determine the number’s prime factorization and (ii) write the number as the sum of two squares of natural numbers. 8. The preceding exercise tells us that the products of sums of two squares are themselves sums of two squares. and prove it. Theorem. 8. (Hint: Try applying the previous lemma to a square root of −1 modulo p.20.18. but that does not yet answer the question as to which numbers can occur as the hypotenuse of a primitive Pythagorean triple. Which natural numbers can be written as the sum of two squares of natural numbers? State and prove the most general theorem possible about which natural numbers can be written as the sum of two squares of natural numbers. Then p is equal to the sum of two squares of natural numbers. Theorem. Let’s try writing a few numbers as sums of squares of natural numbers. Question. 8. Theorem.16. Exercise. (1) 205 (2) 6409 (3) 722 (4) 11745 8. Check the following identity: (u2 + v 2)(A2 + B 2 ) = (uA + vB)2 + (vA − uB)2 .
the method of descent .22. During his lifetime. We probably won’t ﬁnd a proof of this theorem ourselves since it took mathematicians 350 years to do so. By 1992 it was known that the equations an + bn = cn had no natural number solutions for 3 ≤ n ≤ 4000000 (as well as many other special cases). b. let’s look at one case of this theorem which can be proved using a strategy known as Fermat’s method of descent. c) is a primitive Pythagorean triple. b. Fermat’s Last Theorem. but the question tantalized mathematicians for hundreds of years. there are no natural numbers x. c) exists that satisﬁes the equation an + bn = cn for any natural number n ≥ 3. Theorem (Fermat’s Last Theorem. That new solution would imply the existence of a yet smaller solution. There are inﬁnitely many Pythagorean triples of natural numbers (a. y. A natural question arises if we replace the exponent 2 with larger numbers. If (a. SUMS OF SQUARES. AND FERMAT’S LAST THEOREM Pythagorean triples revisited. proved by Andrew Wiles in 1994). b. Theorem. Incremental progress was made. so Fermat’s Last Theorem was far from being resolved.100 8. Having satisfactorily analyzed the question of which squares are the sum of two smaller squares. Theorem. z such that xn + y n = z n . and so on. b. If the natural number c is a product of primes each of which is congruent to 1 modulo 4. PYTHAGOREAN TRIPLES.23. Fermat probably realized his “proof” was inadequate. then c is a product of primes each of which is congruent to 1 modulo 4. or. Fermat claimed to be able to prove that no triple of natural numbers (a. and Pierre Fermat did ask that question in what became known as Fermat’s Last Theorem. an + bn = cn for n ≥ 3. b. 8. We are now in a position to describe the possible values for the hypotenuse in a primitive Pythagorean triple. The method involves showing how a given solution in natural numbers can be used to produce a “smaller” natural number solution. But there are inﬁnitely many possible exponents larger than 4000000. In other words. c) such that a2 + b2 = c2 . then there exist integers a and b such that (a. In 1637. Since any decreasing sequence of natural numbers must be just ﬁnite in length. For natural numbers n ≥ 3. which took place some 350 years after Fermat ﬁrst considered the question. can we ﬁnd triples of natural numbers (a. Instead. But all the remaining exponents were taken care of by the groundbreaking work of Andrew Wiles. it is natural to ask the analogous question for higher powers. 8. c) is a primitive Pythagorean triple. in general. c) such that a3 + b3 = c3 or a4 + b4 = c4.
(1) Which numbers can be represented as the sum of three squares. and z = c. etc. In fact. Sums of squares. Fermat stated in a letter to Pascal in 1654 that he had a proof of the fact that primes of the form 4n + 1 were always the sum of two squares. who gave a complete proof in two letters to Goldbach dated 1747 and 1749. f such that d4 + e4 = f 2 where f is less than c? If you can do that. There are no natural numbers x. The complete characterization is given here. sum of four squares. . sum of two fourth powers. c) would be a Pythagorean triple. Mersenne communicated the claim to Descartes who provided a proof in 1638. (Hint: Note that if there were a solution x = a. how can you complete your proof ?) Who’s Represented? Representing numbers as the sum of two squares had immediate practical relevence to the description of Pythagorean triples. y = b. Albert Girard (15951632) appeared to know which numbers could be written as the sum of two squares as early as 1625. Descartes proved in a 1638 letter to Mersenne that primes of the form 4n + 3 could not be represented as a sum of two squares. and z such that x4 + y 4 = z 2 . But it is also a problem that lends itself well to many diﬀerent possible directions of generalization. Theorem.WHO’S REPRESENTED? 101 implies that there could not be a solution to begin with. But a proof of Girard’s complete (and correct) observation would have to wait for Euler.? (2) Which numbers can be represented as the sum of two cubes. y. Can you use the characterization of Pythagorean triples to ﬁnd other natural numbers d. e. then (a2 . 8. Let’s see how this strategy can be used to prove the case of Fermat’s Last Theorem when the exponent is 4. What about representing numbers as the sum of three squares? In a letter to Mersenne dated 1636. etc. For example. Fermat stated (again without proof!) that no integer of the form 8n + 7 could be expressed as the sum of three squares.24. This is another one of the many instances of simple sounding questions leading to deep and important mathematics. although a proof due to Girard is lacking. b2. which we could assume to be a primitive Pythagorean triple by removing common factors.? Mathematicians have given much attention to all of these questions. notice that the following statement is a little stronger than what is called for in Fermat’s Last Theorem since the z is squared rather than raised to the fourth power.
namely. provided us with a proof of the ﬁrst case of Fermat’s Last Theorem by establishing that no cube is the sum of two cubes. Of the numbers which can be expressed as the sum of two cubes. Euler established an amazing identity showing that the product of two numbers. in 1770.102 8. SUMS OF SQUARES. (a2 + a2 + a2 + a2)(b2 + b2 + b2 + b2) =(a1b1 + a2 b2 + a3b3 + a4 b4)2 1 2 3 4 1 2 3 4 + (a1 b2 − a2b1 + a3 b4 − a4b3 )2 + (a1 b3 − a2b4 − a3 b1 + a4b2 )2 + (a1 b4 + a2b3 − a3 b2 − a4b1 )2. but a key step also requires Dirichlet’s work on primes in arithmetic progressions. A key identity needed for Lagrange’s proof was due to Euler. in fact. taxicabs. three. A natural number can be expressed as the sum of three squares of natural numbers if and only if it is not of the form 4n (8k + 7) for nonnegative integers n and k. PYTHAGOREAN TRIPLES. H. perhaps 1729 is the most famous. AND FERMAT’S LAST THEOREM Theorem. What about sums of four squares? Fermat stated that he had a proof of the fact that every number is either a square or the sum of two. The proof of this theorem is due in large part to Legendre. who spent more than 40 years trying to establish the Four Squares Theorem. Suﬀering from tuberculosis and lying in a hospital bed in London. Hardy remarked that he had arrived in a taxicab numbered 1729. . which he considered a rather dull number. Sums of cubes. Euler. although. Ramanujan responded that 1729 is not dull at all. each of which can be expressed as the sum of four squares. as we now expect when dealing with Fermat. Theorem (Four Squares Theorem). Hardy (18771947). is also a sum of four squares. or four squares. Building on the work of Fermat and Euler. the smallest number that can be expressed as the sum of two cubes in two essentially distinct ways. It is. no proof was communicated. 1729 = 13 + 123 = 93 + 103. it is Lagrange in 1770 who ﬁnally provided the proof of the following theorem. Every natural number is the sum of at most four squares of natural numbers. the young Indian mathematician Ramanujan (18871920) was paid a visit by his friend and mentor G. and Fermat’s Last Theorem.
on the cubic plane curve x3 + y 3 = 1729. in studying whether the number m is expressible as a sum of two cubes. This is another example of what is known as an elliptic curve. b. Taking statements about numbers and transforming them into statements about points on curves (or surfaces. 12). and (10. etc. where p is a prime greater than 2 (i. (9. This conjecture is now known to be true. c) provided a counterexample to Fermat’s Last Theorem).e. if the triple (a. once and for all conﬁrming the truth of Fermat’s Last Theorem. In 1990 it was known that if (a. although the exact meanings of these words is beyond the scope of this book. The precise statement is that the curve would be semistable but not modular. While naturally arising when looking at the problem of expressing a number as the sum of two cubes. They are the central objects under study in Andrew Wiles’ proof of Fermat’s Last Theorem. . c) were a triple of natural numbers satisfying an equation of the form a p + bp = cp .WHO’S REPRESENTED? 103 Said another way. 10). elliptic curves have also played a much more central role in the modern development of number theory. then the curve y 2 = x(x − ap)(x + bp ) would be an elliptic curve with some very strange properties. More precisely. the corresponding plane curve is given by x3 + y 3 = m. For example. there are (at least) four distinct integer points. namely (1.) is now a fairly common practice in the ﬁeld of arithmetical geometry. The ﬁrst major contribution to the proof of the ShimuraTaniyama Conjecture was due to Wiles with the help of his student Richard Taylor. it was believed by many (and was the content of the ShimuraTaniyama Conjecture) that all elliptic curves were modular. Such a curve was believed not to exist. 9). (12. b. Wiles and Taylor proved in 1994 that all semistable elliptic curves are modular. 1).
.
namely. we sought solutions to the quadratic Diophantine equation x2 +y 2 = n which in turn gave us a complete description of the natural numbers that could occur as the hypotenuse in a primitive Pythagorean triple. but here we consider the question of ﬁnding rational approximations where the size of the denominator of the approximating fraction is small relative to how close the approximation is. so you may not encounter all of them during the running of the bulls. and the name has stuck. every irrational number can be arbitrarily closely approximated by rational numbers by just truncating the decimal representation of the irrational number. x2 − N y 2 = 1. That is. In a published paper Euler mistakenly attributed what is believed to be the work of William Brouncker (16201684) to Pell. the study of rational number approximations to irrational quantities. Of course. On a less frivolous note. So there are at least two 105 .C. This story problem was framed by Archimedes in the third century B. A Pell equation is any equation of the form x2 − N y 2 = 1 where N is any natural number. One challenge is to clarify the questions about rational approximations. One is a famous Bovine Problem about herds of cows and bulls whose sizes are related in various ways. the name of the Pell equations is a misnomer. Then we will ﬁnd that the Pell equations. the socalled Pell equations are also connected with the subject of Diophantine approximation.CHAPTER 9 Rationals Close to Irrationals and the Pell Equation Diophantine Approximation And Pell Equations Linear Diophantine equations were considered and solved in Chapter 1. Unfortunately. Mathematician John Pell (16111685) had little if anything to do with the study of the equations which now bear his name. The minimum number of cattle that would satisfy the conditions of Archimedes’ problem is vastly greater than the number of atoms in the universe. In the previous Chapter we asked which natural numbers could be written as the sum of two squares. help us analyze good rational approximations of certain irrational numbers. and was not completely solved until 1965. In this chapter we consider one additional family of quadratic Diophantine equations called Pell equations. These equations have surprising connections to at least two diﬀerent issues.
1. A plunge into rational approximation. Feel free to use a calculator. Theorem.414 is a convenient approximation for 2. wise political minds have not overlooked the advantages of rational approximations to π. √ 9. Exercise. we always have to rely on rational approximations when irrationals are involved. 2. Let α be an irrational number and let b be a natural number. In fact. a b that lie within a One technique for ﬁnding such approximations involves noticing that in any large collection of real numbers. 3 2. after being recommended for passage by the Committee on Education and passed by the House. 10 2. Then there exists an integer a such that a 1 α −  ≤ . Too bad.. At times politicians have considered cutting the Gordian Knot by legislating π to equal a convenient rational value. In 1897. 2 2. ﬁnd the two whose diﬀerence is closest to a positive integer. . By good. the Indiana Legislature considered and nearly accomplished the passage of such legislation. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION roads to mathematical immortality–prove something great or have a famous person think you proved it. We have all used close rational approximations in order to simplify and expedite solutions to problems that involve irrational √ numbers. however. Among the ﬁrst eleven multiples of 2. a mathematician gave some advice that derailed this progressive legislation and the bill ﬂoundered in the Senate. √ √ √ √ √ 0 2. Let’s begin our investigation into rational approximations of irrational numbers by observing that it is an easy matter to approximate irrational numbers by fractions within 1 2b a b that lie of the irrational. for example. . We begin √ by considering multiples of 2 and asking you to ﬁnd a way to produce a good rational √ approximation to 2. and 3. Irrational numbers can sometimes pose a problem when it comes to practical computation. √ Use those two multiples to ﬁnd a good rational approximation for 2.1. In practice. For example. some pair of them must have a diﬀerence that is close to being an integer in value.106 9. 9. Recall that the quatity x − y measures the distance between the numbers x and y.14 or 22 are 7 often used as approximations for π. we mean . . b 2b So a harder challenge of rational approximation is to ﬁnd fractions smaller distance of the target irrational. within 1 b2 .2.
By considering the following questions you are exploring how the preceding speciﬁc examples can be extended to apply to more general cases. Theorem. b b The technique of using a list of integer multiples to obtain good approximations to an irrational number is a valuable strategy to understand well. Repeat the previous exercise for 7 using the ﬁrst 13 multiples of √ 7. among any K real numbers. Can you still predict how close to an integer the nearest diﬀerence between two of those numbers must be? (3) Now imagine making a list of 50 multiples of α. . do it once √ again for 7.3. Now take some time to think through what you have done and why it works. was it important in the previous two exercises that the irrational being approximated was a square root? 9. Can you predict how close to an integer the nearest diﬀerence between two of those numbers must be? (4) What is the general relationship between how many multiples of α we consider and how well we can rationally approximate α using our multiples? The next three theorems formalize what you may have discovered in the preceding group of questions. there is a pair of them whose diﬀerence is within 1/K of an being an integer. Before we move along any further. (1) Imagine making a list of the ﬁrst 11 multiples of α. think carefully about your method to see how generally the method can be applied and how each step was involved in the solution. Then. Question. Exercise.6. To understand the method. but not the ﬁrst 11. 9. Exercise. 9. Let K be a positive integer. Can you predict how close to an integer the nearest diﬀerence between two of those numbers must be? (2) Now imagine making a list of 11 multiples of α. √ 9.DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 107 that you ﬁnd integers a and b such that 1 a √  − 2 ≤ 2 . So after doing the previous exercise.5. Let α be an irrational number. Repeat the previous exercise for π. rather than just 11. using the ﬁrst 15 multiples of π.4.
Theorem (Dirichlet’s Rational Approximation Theorem. Show that Versions I and II of Dirichlet’s Rational Approximation Theorem can be deduced from one another. let’s conﬁrm that these two versions of Dirichlet’s Rational Approximation Theorem actually are equivalent. 9. In this case. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION When we take our collection of real numbers to be multiples of an irrational number. b.9. Then there exist positive integers a.108 9. Now you will need to understand your proof of the above theorem suﬃciently well so that you ﬁgure out how to make (b − a) arbitrarily large. b Before going further. ﬁnite collection of multiples of α will have every diﬀerence of every pair of those multiples diﬀering from being an integer by at least some speciﬁc nonzero amount. because the diﬀerent forms might help us to see a connection with some other work. Version II). Let α be any real number. So taking a yet bigger collection of multiples will give you a pair whose diﬀerence is even closer to being an integer. Then there exist inﬁnitely many integers a and b satisfying 1 a − bα ≤ . Remember how multiples of an irrational could lead to rational approximations of the irrational by ﬁnding multiples whose diﬀerence is close to an integer. 9. and c with 0 ≤ a < b ≤ K and 0 ≤ c ≤ Kα such that c 1  . Then there exist inﬁnitely many rational numbers a 1  − α ≤ 2 . 9. then we can ﬁnd good rational approximations for the irrational number.7. b b It is often useful to put the same result in diﬀerent forms. Theorem. any ﬁxed. Version I). Let α be any real number.8. a b satisfying . That observation might help to generalize your technique to prove Dirichlet’s Rational Approximation Theorem. Theorem. − α ≤ b−a (b − a)2 The theorem before the last theorem told us that increasingly large collections of real numbers contain pairs whose diﬀerences get increasing close to being an integer. You might consider the fact that for an irrational number α. Theorem (Dirichlet’s Rational Approximation Theorem. Let α be a positive irrational number and K be a positive integer. the following alternative form of Dirichlet’s Rational Approximation Theorem takes the ﬁrst step toward making the connection between rational approximation and Pell’s equation.
11. Version III). Exercise. b The connection between Pell equations and rational approximations to irrational numbers that are square roots of natural numbers is not hard to make. b b So we see that solutions in positive integers to the Pell equation x2 − N y 2 = 1 give rise √ to good approximations to the irrational number N . 9. the equation 6x+3y = 17 will not have any integer solutions because the left hand side will always be divisible by 3. When working with a parameterized family of equations. it is worthwhile to make an eﬀort to recognize whether certain values of the parameters will lead to obvious conclusions . a b gives a good The next theorem clariﬁes that by a “good” rational approximation we mean the same thing as occurs in Dirichlet’s Theorem Version I. then a √ 1  − N < 2 . Theorem. Theorem (Dirichlet’s Rational Approximation Theorem. 9. Then there exist inﬁnitely many positive integers a and b satisfying √ 1 a − b N ≤ . For example. Show that if N is a natural number which is not a square and x = a and y = b is a positive integer solution to the Pell equation x2 − N y 2 = 1. and c led to Diophantine equations with no hope of having solutions. In chapter 1 we considered the family of linear Diophantine equations ax + by = c. Out with the trivial. Certain values of the parameters a. Let N be a positive integer that is not a square. and the right hand side will never be divisible by 3. If x = a and y = b is a solution in positive integers to x2 − N y 2 = 1. then √ rational approximation to N.10. Let N be a positive integer that is not a square. we get a form of Dirichlet’s Rational Approximation Theorem that looks even more like Pell’s Equation.DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 109 If we consider the special case where α is the square root of a natural number. We’ll start by disposing of trivial cases so that we can focus on the ones that count. So our challenge now is to analyze the Pell equation and see whether we can ﬁnd solutions. b.
Let N be a natural number. but there are other ways to take some solutions and combine them to create other solutions. our focus from this point forward will be on ﬁnding nontrivial solutions to the Pell equations x2 − N y 2 = 1 where N is a natural number that is not a perfect square. y = 0 and x = −1. Question. After all this talk about trivial solutions.12. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION or whether there are some trivial solutions that are not of interest. 9. What are those trivial solutions? Let’s pin that down by making the following deﬁnitions of trivial and nontrivial solutions. Let’s try this with the Pell equations x2 − N y 2 = 1. To know all the integer solutions to a Pell equation. let’s at least conﬁrm that in some cases nontrivial solutions do exist. 9.14. For a positive integer N that is not a perfect square.16. Bolstered by the existence of solutions for N = 2 and N = 3. by trial and error. Question. Theorem. 9. 9. y = 0. Deﬁnition. Since . For what values of the natural number N can you easily show that there are no nontrivial solutions to the Pell equation x2 − N y 2 = 1? We record your observation in the following theorem.110 9. All other integer solutions are nontrivial. which have the single parameter.13. The trivial solutions to the Diophantine equation x2 − N y 2 = 1 are x = 1. the nontrivial solutions to x2 − N y 2 = 1 come to us in natural groups of four since the square of a negative number is positive. If the natural number N is a perfect square. For every natural number N . Find. Exercise. Question. why does it suﬃce to know just the positive integer solutions? One solution to a Pell equation gives rise to related ones by taking negatives. there are some trivial values of x and y that satisfy the Pell equation x2 − N y 2 = 1. then the Pell equation x2 − N y 2 = 1 has no nontrivial integer solutions. at least two nontrivial solutions to each of the Pell equations x2 − 2y 2 = 1 and x2 − 3y 2 = 1.15. New solutions from old. 9. the natural number N .
That is. 9.19. Then x = ac + N bd and y = ad + bc is also an integer solution to the Pell equation x2 − N y 2 = 1.18. a2 −N b2 = 1 and c2 −N d2 = 1 for some integers a. (ac + N bd)2 − N (ad + bc)2 = 1. starting with a “good” rational approximation x of N . x2 − N y 2. however. That concept of a good rational approximation is used as the hypothesis in the following theorem. A tiny bit of algebra gets us back to a Pelllike expression. Notice that the preceding theorem tells us that any good rational approximation of √ N gives rise to a Pelllike expression. and d. namely. Then y √ √ x + y N < 3y N. 9. Theorem. let’s y investigate x2 − N y 2. Recall Version II of Dirichlet’s Rational Approximation Theorem. Securing the elusive solution. Theorem. That is. We want to ﬁnd solutions to the Pell equation x2 −N y 2 = 1. Now we look at √ the connection been good rational approximations of N and Pelllike equations in the √ opposite way. Let N be a natural number and suppose that x and y are positive integers √ satisfying x − y N < 1 . Let N be a natural number and suppose that x and y are positive integers √ satisfying x − y N < 1 . c. which is an integer with a ﬁxed bound. √ That version described the closeness of the rational approximation of the fraction x to N y √ 1 by stating that x − y N < y . Here is what we mean. 9.DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 111 1 times 1 equals 1. b. namely. We observed earlier that nontrivial solutions to the √ Pell equation x2 − N y 2 = 1 give rise to good approximations of N . . Theorem. but the question remains: For which positive integers N (which are not squares) does x2 − N y 2 = 1 have nontrivial solutions? To fully answer this question we return to the world of rational approximation. let’s take what we can get at this point. So we can generate new solutions to the Pell equation from old solutions. Then y √ x2 − N y 2 < 3 N . Suppose N is a natural number and the Pell equation x2 − N y 2 = 1 has two solutions. solutions to a Pelllike equation where the right side is some integer possibly diﬀerent from 1. multiplication of solutions also gives a new solution.17.
In the next few theorems we investigate how to use these to obtain a nontrivial solution to x2 − N y 2 = 1. 9. An excellent way to understand a proof is to follow the steps of the proof for some particular examples. Then there exist distinct natural numbers j and k such that xj ≡ x k (mod n) and yj ≡ yk (mod n). x= and y = x j yk − x k yj M (mod M ) and yj ≡ yk (mod M ). 3. 2. i = 1. yk ) be two distinct integer solutions to x2 − N y 2 = M satisfying x j ≡ xk Then x j xk − y j yk N M are integers satisfying x2 − N y 2 = 1. then the Pell equation x2 − N y 2 = 1 has a nontrivial solution in positive integers. That is what we ask you to do in the next exercise. 9. What you have now proved is that the Pell equation x2 − N y 2 = 1 has nontrivial solutions for every possible case. Theorem. namely for any natural number N that is not a perfect square. 9. 9. Exercise. Follow the steps of the preceding theorems to ﬁnd several solutions to the Pell equations x2 −5y 2 = 1 and x2 −6y 2 = 1 and then give some good rational approximations √ √ to 5 and 6. There exists a nonzero integer M such that the equation x2 − N y 2 = M has inﬁnitely many solutions in positive integers. Theorem. . Now we have inﬁnitely many positive integer solutions to a Pelllike equation. Let N be a natural number and M be a nonzero integer and let (xj .21. are inﬁnitely many ordered pairs of integers.20. Lemma. If N is a positive integer that is not a square. Let n be a natural number and suppose that (xi .112 9. yj ) and (xk .22. yi ). . RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION 9.23.24. . x2 − N y 2 = M. . Lemma.
that give solutions to the Pell equation x2 − N y 2 = 1 form a group with respect to the operation of multiplication. then so do each of √ √ √ r − s N . If α = r + s N gives a solution to x2 − N y 2 = 1. when N is not a perfect square. with r and s integers. Let N be a natural number and r and s integers. Giving in to that temptation pays oﬀ in this case. and s2 be integers. √ 9. then so does αk for any integer k. Exercise.28. one of the ﬁrst structures you will encounter is a group. namely. but the previous two theorems tell us that the set of real √ numbers of the form r + s N . √ Deﬁnition.DIOPHANTINE APPROXIMATION AND PELL EQUATIONS 113 The structure of the solutions to the Pell equations. √ 9. but in fact those solutions have a satisfying kind of structure to them. Let N be a natural number. with r and s integers. let’s factor anyway. We have now proved that the Pell equations have solutions. and − r − s N. 9. which we will explore in this section. Let N be a natural number and r1. The left sides of the Pell equations x2 − N y 2 = 1 look very much like the diﬀerence of two squares.25. Of course. We say that a real number α = r + s N . Note: Abstract algebra is a study of algebraic structures and relationships. x2 − N y 2 = 1 √ √ (x + y N)(x − y N) = 1. Theorem. r2. Theorem. The next several Theorems work out the algebraic structure of the real numbers that give integer solutions to a given Pell equation. s1 . gives a solution to the Pell equation x2 − N y 2 = 1 if r2 − N s2 = 1. Corollary. then so does αβ. √ 9. This structure arises from our inability to resist factoring when we have the chance. Let N be a natural number and r and s integers.26. If α = r + s N gives a solution to x2 − N y 2 = 1. Never mind. If α = √ √ r1 + s1 N and β = r2 + s2 N both give solutions to the Pell equation x2 − N y 2 = 1. N . then so does 1/α. We won’t deﬁne the idea of a group here. When you study abstract algebra. the factors √ involve an irrational number. −r + s N. . Let N be a natural number and r and s integers. Show that if r + s N gives a solution to x2 − N y 2 = 1. there is one unpleasant part of that factoring. It is diﬃcult to see a diﬀerence of two squares without succumbing to the urge to factor.27.
RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION 9.29 suggests that in a sense there is a “smallest” solution in positive integers. mighty in number according to these proportions: Understand. If the natural number N is a perfect square. Theorem. (Hint: For part (1).29. Let’s reﬂect on what we have shown so far. that the white bulls were equal to a half and a third of the black together with the whole of the yellow.23 tells us that there is a nontrivial solution and Theorem 9. together with. If thou art diligent and wise. a third yellow and the last dappled. were equal to a sixth part of the white and a seventh. divided into four herds of diﬀerent colours. So our investigation of the Pell equations has revealed a satisfying mathematical structure. In these cases. O stranger. . the whole of the yellow. together with all of the yellow. who once upon a time grazed on the ﬁelds of the Thrinacian isle of Sicily. compute the number of cattle of the Sun. of the problema bovinum attributed to Archimedes. Theorem 9. stranger. that give solutions to x2 − N y 2 = 1. once more. while the black were equal to the fourth part once more of the dappled and with . It is written in the form of a challenge. with r and s positive integers. . . Let A be the set of all √ real numbers of the form r + s N. give all positive integer solutions to x2 −N y 2 = 1. In all other cases. The following is an English translation. Then use the WellOrdering Axiom. k = 1. try showing that the numbers in question are ordered by r. while the black were equal to the fourth part of the dappled and a ﬁfth. (2) the real numbers αk . and considers the number of four diﬀerent types of cattle belonging to the herd of the sun god Helios. it suﬃces to focus on just the positive integer solutions. then the Pell equation x2 − N y 2 = 1 has only trivial solutions. which generates all of the inﬁnitely many other positive integer solutions. In each herd were bulls. due to Ivor Thomas. one milk white. the dappled.114 9. another a glossy black. Observe further that the remaining bulls. They also arise in ranching by the gods. These were the proportions of the cows: The white were precisely equal to the third part and a fourth of the whole herd of the black. Then (1) there is a smallest element α in A. Bovine Math Pell equations are not merely mathematical amusements. 2. Let N be a positive integer that is not a square.
How can we hope to be crowned with glory? Obviously. y. There is a 1parameter family of solutions given by W = 10366482k B = 7460514k Y = 4149387k D = 7358060k w = 7206360k b = 4893246k y = 5439213k d = 3515820k . including the bulls. But come. Now the dappled in four parts were equal in number to a ﬁfth part and a sixth of the yellow herd. O stranger. giving all the relations. but not yet shalt thou be numbered among the wise. understand also all these conditions regarding the cattle of the Sun. and the 4 types of cows: w. O stranger. D. If thou art able. giving separately the number of wellfed bulls and again the number of females according to each colour. d). thou wouldst not be called unskilled or ignorant of numbers. equal in depth and breadth. there being no bulls of other colours in their midst nor none of them lacking. we must get our cows and bulls in a row. b. When the white bulls mingled their number with the black. beginning from one. and the plains of Thrinacia. when the yellow and the dappled bulls were gathered into one herd they stood in such a manner that their number. Y .BOVINE MATH 115 it a ﬁfth part. steer clear of mooving mooers. went to pasture together. B. and solve this bully conundrum. thou shalt depart crowned with glory and knowing that thou hast been adjudged perfect in this species of wisdom. grew slowly greater till it completed a triangular ﬁgure. were ﬁlled with their multitude. the number of cattle of the Sun. to ﬁnd out all these things and gather them together in your mind. The ﬁrst paragraph translates mathematically into a system of 7 linear equations in 8 unknowns (the 4 types of bulls: W . Finally the yellow were in number equal to a sixth part and a seventh of the white herd. stretching far in all ways. when all. If thou canst accurately tell. they stood ﬁrm. Again.
was given in 1965 by H. and the sum of the yellow bulls and the dappled bulls should be a triangular number. that is.116 9. Williams. And even more unlikely is it that he. and making the substitution x = 2m + 1 we obtain 8 · 51285802909803y 2 = x2 − 1. The smallest sized herd satisfying all the conditions is so vast that to write down the number of cattle we would need to use 206545 digits! That’s a lot of bulls. even though we now know that in fact there are inﬁnitely many. RATIONALS CLOSE TO IRRATIONALS AND THE PELL EQUATION The second paragraph imposes two additional conditions: the sum of the white bulls and the black bulls should be a square. and (2) Y + D = 4149387k + 7358060k = 11507447k = m(m + 1) 2 for some integer m. and C. . A. a number of the form 1 + 2 + · · ·+ m = m(m + 1)/2. C. Zarnke. Combining this with the equation (2) gives 11507447 · 4456749y 2 = or (3) 51285802909803y 2 = m(m + 1) . The factorization 17826996 = 22 · 3 · 11 · 29 · 4657 tells us that the value of k in equation (1) must be of the form k = 3 · 11 · 29 · 4657 · y 2 = 4456749y 2 for some integer y. The ﬁrst known complete solution. 2 2 8 So. the number of atoms in the universe is estimated to be described with a number with a mere 80 digits. German. aided by computers. or x2 − 410286423278424y 2 = 1. R. a Pell equation! Our translation of the cattle problem into a Pell equation is unlikely to have been employed during Archimedes’ time. by multiplying equation (3) by 8. 2 m(m + 1) . These constraints tell us that (1) W + B = 10366482k + 7460514k = 17826996k = n2 for some integer n. produced a solution. or any of his contemporaries. 2 Completing the square on the right hand side of equation (3) we obtain m(m + 1) (m + 1/2)2 − 1/4 1 = = ((2m + 1)2 − 1). To put that number in perspective. R.
and have even amused the sun god. spanned the globe.17. Both stepped up to the challenge and gave integer solutions in reply. Fermat was known to challenge his contemporaries as well. So Pell equations have spanned the ages.BOVINE MATH 117 Archimedes was not the only mathematician to issue challenges. In 1657 he sent letters asking William Brouncker and John Wallis to ﬁnd integer solutions to the equations x2 − 151y 2 = 1 and x2 − 313y 2 = 1. Brahmagupta was aware of how to generate new solutions from old in much the same manner as we explored in Theorem 9. But it is in early Indian mathematics that we ﬁnd the ﬁrst systematic study of Pell equations. and both Brahmagupta and Bhaskara (11141185) discovered methods for turning solutions of x2 − N y 2 = k (for small k) into solutions to x2 − N y 2 = 1. .
.
If a number is relatively small. Although this theorem provides a primality test. If we ﬁnd no divisor. there are no general shortcuts for computing (n − 1)! (mod n). That is too long to wait. 200 digit primes.6 billion years ago. say with 100’s of digits. A natural number n is prime if and only if for all primes p ≤ divide n. Unfortunately. Is it prime? In this section we look at the notion of a primality test. So trial division is not a fast algorithm for determining primaility. Theorem (Wilson’s Theorem and Converse). It is completely impractical for identifying. by a primality test we mean a theorem of the form A natural number n is prime if and only if .CHAPTER 10 The Search for Primes Primality Testing Determining whether or not a large number is prime has practical importance in cryptography as seen in Chapter 5. we have a prime. To be precise. In Chapter 4 we ﬁnd the following primality test. we might try simple trial division up to its square root (see Theorem 2. But trial division quickly becomes an overwhelming burden. A natural number n is prime if and only if (n − 1)! ≡ −1 (mod n). say. We also examine just exactly what mathematicians mean when describing an algorithm as “fast”.3). Mathematicians measure the speed or complexity of a primality testing algorithm as a function of the number of digits in the number to be tested. and as n begins to grow. p does not 119 . √ n. where the blank would be ﬁlled in by some testable condition on n. even our fastest computers become overwhelmed with the computation. would take today’s fastest computers longer than the entire history of the universe since the Big Bang 13. it does little to help our agent in the ﬁeld set up a secure RSA public key code system. Trial division on a large number. For example Theorem.
Suppose that Algorithm A requires d2 steps and Algorithm B requires 2d steps. 10. State the contrapositive of Fermat’s Little Theorem. explain why the trial division primality test requires roughly 10d/2 trials.5. and quickly become impractical for modern computers to carry out. 10. where d is the number of digits in the number to be tested. A faster class of algorithms are those which run in polynomial time. On the other hand. those for which the number of required steps is a polynomial function in the number of digits. Both primality tests given in the preceding section are impractical for identifying really large primes. If n is a ddigit number. Exponential time algorithms are considered slow. in Chapter 3 you discovered that the computation of ar (mod n) requires roughly log2 r multiplications. How long would it take for our computer to carry out each algorithm when the number to be tested has 200 digits? Fermat’s Little Theorem and probable primes.120 10. Suppose our computer can carry out one million steps per second. that is. If n is a ddigit number. THE SEARCH FOR PRIMES 10. In the next series of problems you will explore the use of this operation as a means of testing for primality by starting with a familiar theorem. Exercise. In fact.6. Let p be a prime. Just how much of a diﬀerence does polynomial time versus exponential time make? 10. Theorem (Fermat’s Little Theorem).4.2. Use Fermat’s Little Theorem to show that n = 737 is composite. Then for all natural numbers a less than p.1. Show that the algorithm described in Question 3. . 10. Question. computing powers modulo n is an operation we have seen to be fast even for large numbers.3. Exercise.6 for computing ar (mod n) is a polynomial time algorithm in the number of digits in r. Exercise. Exercise. 10. Exercise. explain why the Wilson’s Theorem primality test requires roughly 10d multiplications. Fermat’s Little Theorem can be useful for showing certain numbers are composite. These two algorithms are said to run in exponential time since the required number of steps is an exponential function in the number of digits in the number to be tested. ap−1 ≡ 1 (mod p).
most people feel completely comfortable using our probable prime test to identify large primes. State a probable prime test based on your observations. What if instead we look for a probable prime test.8. There are inﬁnitely many. Question. If 2n−1 ≡ 1 (mod n). then n is composite. if n is a randomly chosen 13 digit odd number and 2n−1 ≡ 1 (mod n). we now have a polynomial time probable prime test! . The ﬁrst composite that fools our probable prime test is 341 = 11 · 31. One way to salvage some good from Fermat’s Little Theorem is to weaken our demand of certainty. by which we mean a statement of the form If . then n is very likely to be prime. then n is very likely prime. because there are 308457624821 13 digit primes and 132640 13 digit Poulet numbers. then there is a 99.7. Exercise. For example. We cannot remove the words “very likely” in this probable prime test because there are composite numbers n for which 2n−1 ≡ 1 (mod n). Theorem. Question. Do you think the converse to Fermat’s Little Theorem is true? 10. Let n be a natural number.9999996% chance that n is prime. the statement of Fermat’s Little Theorem lacks the logical connective “if and only if” that we desire for a primality test. 2n−1 ≡ 1 (mod n). 10. and some computing software.10. Would you feel safe with those odds? At a cost of guaranteed certainty. Test any conjectures you make along the way.9. 10. This raises the question of whether the converse to Fermat’s Little Theorem is true. Does the previous theorem give a polynomial or exponential time primality test? Inventing polynomial time primality tests is quite a challenge. If you have access to a computer. but they are so rare that for practical purposes. keep going. State the converse to Fermat’s Little Theorem. Composite numbers n such that 2n−1 ≡ 1 (mod n) are sometimes called Poulet numbers. where the blank would be ﬁlled in by some testable condition on n. 10.PRIMALITY TESTING 121 Unfortunately. The evidence you collected hopefully suggests the following probable prime test for natural numbers n bigger then 2. Then n is prime if and only if an−1 ≡ 1 (mod n) for all natural numbers a less than n. Compute 2n−1 (mod n) for all odd numbers n less than 100.
THE SEARCH FOR PRIMES AKS primality. There are many polynomial time probable prime tests. Manindra Agrawal and his students Neeraj Kayal and Nitin Saxena would eventually win the Godel prize in computer science for their work. 2006. but a slow one at that. the six largest known primes are Mersenne primes (again. Record Primes A list of the largest known primes will show that they all share the following property: each prime is either 1 more or 1 less than an easily factored number. In this section we present some of these wonderful theorems that have helped people discover some of the largest known primes. and the seventh largest is 27653 · 29167433 + 1. but it was not known until the summer of 2002 whether or not a polynomial time primality test could exist. Theorem. Clearly it is 1 less than a very easily factored number. but please do not assume that it is beyond the scope of your abilities. and Saxena were able to ﬁgure out is how to reduce the degree of the polynomials that need to be checked.122 10. the largest known prime was 232582657 − 1. The problem lies in the fact that there are n diﬀerent coeﬃcients to compute in (x + a)n (mod n). In September.11.8 million digits. 10. When n is a natural number of a certain special form. This fact is not just coincidence. In fact. Kayal. That summer an Indian scientist and two of his undergraduate students made public their discovery of a deterministic polynomial time primality test. The polynomial time deterministic AKS primality test may be beyond the scope of this book. Then n is prime if and only if (x + a)n ≡ xn + a (mod n) for every integer x. This theorem alone constitutes a primality test. Let a and n be relatively prime natural numbers. much more eﬃcient primality tests are available for determining the nature of n. is based on the following theorem. which is 1 more than an easily factored number (27653 is prime). now know as the AKS primality test. The test. With a little bit of abstract algebra and the number theory you have learned so far you’ll be more than prepared to tackle the AKS primality test for yourself. Part of what Agrawal. which is a Mersenne prime with over 9. as of September 2006). .
F3 . Theorem (Proth’s Test). In 1732 Euler proved that Fermat’s conjecture was false by showing that F5 = 4294967297 is divisible by 641. Proth contributed primality tests of his own as well. which have been implemented today (see Yves Gallot’s Proth. and deﬁne the sequence {Si } by S0 = 4. The nth Fermat number is given by Fn = 22 + 1. In it.RECORD PRIMES 123 The late nineteenth century witnessed tremendous progress in the mathematics of primality testing. Edouard Lucas (18421891) was one of the thinkers who concerned themselves with such matters. and F4 are each prime and conjectured that every Fermat number was prime (although he didn’t call them Fermat numbers). Fermat had determined that F1 . Si+1 = Si2 − 2. published another primality test for Fermat numbers in 1877 which still bears his name. we ﬁnd the following test. Father Theophile Pepin (18261905). who pointed out that 3 would work as well as 5. The form of this theorem is similar to that of Lucas’ earlier primality tests for Fermat numbers. Theorem (LucasLehmer Test). which is responsible for identifying today’s largest known primes. Lehmer (19051991) completed a dissertation at Brown University titled An Extended Theory of Lucas’ Functions. Let Fn denote the nth Fermat number. It was another contemporary. (mod N ). Proth’s 1878 test is as follows. Theorem (Pepin’s Test).exe) and are responsible for ﬁnding some of the currently largest known primes (at least those that are not Mersenne primes). Let n and k be a natural numbers. In Pepin’s original theorem the condition appears as 5(Fn −1)/2 ≡ −1 (mod Fn ). Then Fn is prime if and only if 3(Fn −1)/2 ≡ −1 (mod Fn ). Let Mn = 2n − 1 denote the nth Mersenne number. a contemporary of Lucas. and let N = k · 2n + 1 with 2n > k. But the nature of F6 remained unresolved until Lucas developed a primality test for Fermat numbers that proved that F6 is also composite. Francois Proth (18521879). So what about the record–holding Mersenne primes? In 1930 D. If there is an integer a such that a(N −1)/2 ≡ −1 then N is prime. F2 . n . Then Mn is prime if and only if Sn−2 ≡ 0 (mod Mn ). H.
the quest for ever larger primes is an endless pursuit. huge primes. Number theory has had unexpected applications to cryptography. as we saw in Chapter 5.124 10. Perhaps an unexpected consequence of the search for large primes will be the development of previously unimagined strategies for global cooperation. THE SEARCH FOR PRIMES Since there are inﬁnitely many primes. work in concert to ﬁnd new. contributed by volunteers around the world. . The current strategies for ﬁnding such primes involve having many computers.
To the dismay of the teacher. As a cultural aside. Theorem. he asked his students to add up the ﬁrst one hundred numbers. you would know that we did not separately consider every polynomial. 1 + 2 = A. Gauss quickly discovered a shortcut to replace the tedious addition problem and came up with the answer after only a few short moments. As the story goes. A story about his boyhood has made its way into mathematical folklore. historians feel that this story is probably false.APPENDIX A Mathematical Induction: The Domino Eﬀect The Inﬁnitude Of Facts Many mathematical theorems are really inﬁnitely many little theorems all packaged into one statement. and some feel that it promotes the false myth that mathematics is a subject only for the rare genius rather than for everybody. an elementary school teacher of Gauss wanted to keep his students busy while he graded papers. That’s ﬁne for now. One of the great strengths of mathematical reasoning and logic is the ability to prove an inﬁnite number of facts in a ﬁnite amount of space and time. (2)(3) 2 . you can simply verify each of the following theorems by just doing the arithmetic.3. designating them as theorems. you would still be sitting in that calculus class. For example. Carl Friedrich Gauss was a famous mathematician of the early 19th century. To this end. To show that we are really proving a lot of separate facts. (3)(4) 2 . we learn the following theorem in calculus: Every polynomial function is continuous.1. Of course. thinking this task would keep them quiet for a long time. Let’s see how we would develop and prove Gauss’ formula for adding up numbers. If you were lucky enough to also see a proof of this theorem. Theorem. 1 + 2 + 3 = 125 . Theorem. A.2. we start by listing a few of those facts. the technique for adding the ﬁrst n natural numbers is an excellent one to use to illustrate a form of reasoning known as mathematical induction. A. If we did. Regardless of the historical or political status of the story. Gauss’ formula. 1 = (1)(2) 2 .
9. 1 + 2 + 3 + 4 = A. Suppose it is true that 1 + 2 + 3 + · · · + 172391 = use this fact to show that 1 + 2 + 3 + · · · + 172391 + 172392 = (172392)(172393) ? 2 (172391)(172392) . Just one more to drive the point home. Question.8. you have all the ingredients to prove that the formula is true for any number. Let’s see that it is not necessary to start each of this potentially inﬁnite list of theorems from scratch. this is getting a little tedious. verifying the next one is much easier. Can you use the fact that 1 + 2 + 3 + 4 + 5 = 1+2+3+4+5+6 = without having to readd 1 + 2 + 3 + 4 + 5? Hopefully. A. Once we have successfully proved one of these theorems.4.6.5. A. 2 1 + 2 + 3 + · · · + k + (k + 1) = Once you have done the above exercise. 2 Use this fact to show that (k + 1)(k + 2) . that is. Theorem. 2 Can you use this (130)(131) ? 2 Can you In fact. Suppose it is true that 1 + 2 + 3 + · · · + 129 = fact to show that 1 + 2 + 3 + · · · + 129 + 130 = Try to do it without performing extensive addition. Question.7. 2 (5)(6) 2 to verify that (6)(7) . Suppose some natural number k is chosen and you are told it is true that 1+2+3+ ···+k = (k)(k+1) . Notice that you are not asked to verify the sum up to 129–just accept that one as true. then it is also true . (5)(6) 2 . 1 + 2 + 3 + 4 + 5 = Okay. what you are really doing is proving that if you know that the formula holds for any natural number. A. Exercise. you have proved that if the formula is true for any given natural number. 2 (129)(130) . let’s do another one. MATHEMATICAL INDUCTION: THE DOMINO EFFECT (4)(5) 2 . Theorem. your strategy did not depend in any meaningful way on the speciﬁc numbers involved. A. To clarify this fact. then it also holds for the next natural number. A.126 A. You have proved (1) that the formula is true for the ﬁrst natural number and (2) you have proved that you can always take one more step. Question.
Can you use this fact to show 1 + 2 + 22 + · · · + 238 = 239 − 1? Do it without performing any extensive arithmetic.11. Start by directly verifying the ﬁrst few theorems. Let n be a natural number.12. 1 + 2 + 22 + 23 + 24 = 25 − 1 Can you use the truth of one step to prove the truth of the next one? A.13. the truth of the formula for one natural number implies the truth of the formula for the next natural number. .14.16.THE INFINITUDE OF FACTS 127 for the next natural number. A. Of course. Theorem. Let’s go through the same process for another formula. Theorem. Theorem. Another formula. Theorem. Can you use the fact that 1 + 2 + 22 + 23 + 24 = 25 − 1 to verify that 1 + 2 + 22 + 23 + 24 + 25 = 26 − 1. 2 The strategy of (1) proving a base case and then (2) proving that the truth of the assertion of an arbitrary natural number implies its truth for the next natural number is a method of reasoning called proof by induction. 1 + 2 = 22 − 1 A. without performing extensive arithmetic? In the next question. Question. Suppose it is true that 1 + 2 + 22 + · · · + 237 = 238 − 1. Why do those two steps convince you that the formula must be true for all natural numbers? This reasoning provides a proof of the following theorem. so let’s write down the fact that you can now prove that you can always take one more step.10.15. A. 1 + 2 + 22 + 23 = 24 − 1 A. Then 1 + 2 + 3 + · · · + n = (n)(n+1) . Theorem. that is. 1 + 2 + 22 = 23 − 1 A. A. don’t independently verify the case up to 237–just assume that formula is true to do the next higher case. Question. your method did not depend on the particular number 37.
Question. that is.25. Consider the following game involving two players. or did you make use of the previous three theorems? . For every natural number n > 3. 6 A. If each pile contains exactly one rock. If each pile contains two rocks. Two piles each containing the same number of rocks sit between the players. A. In this section we are going to introduce a slightly diﬀerent mode of reasoning that is called strong induction. 1 + 2 + 22 + · · · + 2n = 2n+1 − 1.128 A. Prove the following theorems by induction.21. Theorem. If each pile contains four rocks. For every natural numbers n. Theorem. Theorem. A. For every natural number n. Question. Theorem.22. Player 1 always goes ﬁrst.17.24.18. A. Theorem. Strong induction.19. A. For every natural number n. In proving the theorem for piles with four rocks each.26. Theorem. A. then it is also true for the next natural number. If each pile contains three rocks.20. MATHEMATICAL INDUCTION: THE DOMINO EFFECT A. A. At each turn a player may remove any number of rocks (other than zero) from one of the piles. 13 + 23 + · · · + n3 = (1 + 2 + · · · + n)2. Player 2 has a winning strategy. Theorem. A. Player 2 will win. The player to remove the last rock wins. Player 2 has a winning strategy. you have proved that if the formula is true for any given natural number. Can you use this fact to show 1 + 2 + 22 + · · · + 2k + 2k+1 = 2k+2 − 1? Again. On your own. you have proved (1) that the formula is true for the ﬁrst natural number and (2) you have proved that you can always take one more step. 2n < n!.23. whom we will call Player 1 and Player 2. Theorem. Why do those two steps convince you that the formula must be true for all natural numbers? This reasoning provides a proof of the following theorem. A. did you consider all possible scenarios. Suppose it is true that 1 + 2 + 22 + · · · + 2k = 2k+1 − 1. 12 + 22 + · · · + n2 = n(n + 1)(2n + 1) . Player 2 has a winning strategy.
3. .THE INFINITUDE OF FACTS 129 In the next question you are not being asked to analyze each of the ﬁrst 11 cases. you are asked to assume that those have been done and then use that information to show that Player 2 has a winning strategy when there are 12 rocks. k. The strategy of (1) proving a base case and then (2) proving that the truth of the assertion for all natural numbers up to a certain natural number implies its truth for the next natural number is a method of reasoning called proof by strong induction. . Of course. Let’s replace it with a variable. that is. Suppose you know that Player 2 has a winning strategy for this game when the number of rocks in each pile is any one of the following natural numbers: 1. then Player 2 has a winning strategy for the next natural number. Deﬁnition. you have proved that if Player 2 has a winning strategy for each natural number up to a certain point. A. Show that Player 2 has a winning strategy when each pile contains 12 rocks. Every polynomial can be written as a product of irreducible polynomials. Theorem. A. 3. A. . You have proved (1) that Player 2 has a winning strategy for the ﬁrst natural number and (2) you have proved that you can always take one more step. or 11. A. Prove the following theorems by strong induction. Instead. . A polynomial is said to be reducible if it can be written as a product of two polynomials each of smaller degree. A. . Every natural number can be written as the sum of distinct powers of 2.32. . . For any natural number n of rocks in each pile to begin. Theorem. the number 11 could have been any number. Every natural number greater than 7 can be written as a sum of 3’s and 5’s. Player 2 has a winning strategy.31. .27. 2.29. Suppose you know that Player 2 has a winning strategy for this game when the number of rocks in each pile is 1. 2. On your own. Let k be a natural number. Show that Player 2 has a winning strategy when each pile contains k + 1 rocks. Why do those two steps convince you that Player 2 has a winning strategy for any size of beginning piles? This reasoning provides a proof of the following theorem. 10. Exercise. Theorem.28. Theorem.30. Exercise. . Otherwise it is said to be irreducible. A.
MATHEMATICAL INDUCTION: THE DOMINO EFFECT A. Describe in detail the strategies of induction and strong induction and explain why those modes of proof are valid. .33.130 A. Exercise.
Pierre. 101 least common multiple. 89 Euler’s Theorem. 19–25. Claude. 34–36 statement. Leonhard. 100 method of successive squaring. 101 Fermat. H. 101 DiﬃeHellman key exchange. 50 Germain. James. 38. 85 Girard. 99 Fundamental Theorem of Arithmetic. 18–19 equivalence class. 43 Descartes. 42. 60 irrational number. Christian. Abu. Frenicle de. 42 method of descent. 41. Carl Friedrich. 30 Mersenne prime. 26 Dirichlet. 101 integer. 100 Fermat’s Little Theorem. 53 linear Diophantine equation. 30. Rene. 101 Disquisitiones Arithmeticae. 61. 101 Goldbach Conjecture. 47. 61. 11 inverse modulo p. 47 equivalence relation. 58–59 Euler’s Criterion. 51. 17. 61. 84 Diophantine equation. 26. 27. 44–45 multiplicative function. Marin. 23 Diophantus of Alexandria. 46 131 . 45 Division Algorithm. 48 mathematical induction. 26 Bachet. 62 Fermat. 81 natural number. Albert. 51. 54 Chinese Remainder Theorem. Gottfried Wilhelm. 57–58. 57 congruent modulo n. 32–36 applications. 38. 24. 62 linear congruence. 76 Lagrange. 21. 27. 61 Artin’s Conjecture. AdrienMarie. 91 Gauss. 51 canonical complete residue system modulo n. 47–49. 61 Lagrange’s Theorem. 56 composite number. 35 Ivory. 12 divisibility tests. 42 greatest common divisor. 51 Leibniz. 41–42 polynomials.. 38 Fermat’s Last Theorem. 50–51 common divisor. 25 Legendre symbol. 51. 100 exponent 4. 61 Brahmagupta. 85 Artin. 51 divide. 41 Goldbach. 53 alHaytham. 26 Bessy. 54–56 perfect number. 42 Mersenne. Joseph. Legune. 25 complete residue system modulo n. 101 Legendre. 12. 61 Binomial Theorem. Sophie. 40. 42. Adrien. 48 Euler φfunction. 101 Fermat prime. 31 Euclid. 89 Legendre. 40. 61. 59–61 Euler. 85 Aryabhata. G.Index abstract algebra. 33 Gauss’ Lemma. 41 Great Internet Mersenne Prime Search. 61. 15 Eratosthenes. 47. 41 Euclidean Algorithm. 19 common multiple. Emil. 11 order of a modulo n. 42. 55–59. 20 Hardy. Pierre de.
39 Waring. 38 Sophie Germain prime. 38 in an arithmetic progression. 101 rational number. 30. 100. 102 Wilson’s Theorem. 57. 56 congruent to 3 modulo 4. 61 WellOrdering Axiom. 99 representing primes. 59 Sieve of Eratosthenes. 92 quadratic residue. Edward. 99 inﬁnitude of.132 INDEX polynomials modulo n. 20. 31 Sophie Germain prime. 97 quadratic nonresidue. 40 primitive Pythagorean triple. 96 Primitive Root. Andrew. 37 Fermat prime. John. 35 relatively prime. 85 Prime Number Theorem. 95 Pythagorean triple. 96 primitive. 49–50 Twin Prime Question. 88 quadratic reciprocity. 88 Ramanujan. 18 Wiles. 85 sums of squares. 98 representing numbers. 45 prime number. 37–38 inﬁnitude of. 60–62 Wilson. 77 Pythagorean Theorem. Srinivasa. 98 system of linear congruences. 55. 96 Pythagorean Triple Theorem. 36–37 Mersenne prime. 95. 61 .