Elementary Number Theory - WordPress.com · Elementary Number Theory A revision by Jim Hefferon, St...
127
Elementary Number Theory A revision by Jim Hefferon, St Michael’s College, 2003-Dec of notes by W. Edwin Clark, University of South Florida, 2002-Dec
-
Upload
doannguyet -
Category
Documents
-
view
273 -
download
7
Transcript of Elementary Number Theory - WordPress.com · Elementary Number Theory A revision by Jim Hefferon, St...
Elementary Number Theory
A revision by Jim Hefferon, St Michael’s College, 2003-Decof notes by W. Edwin Clark, University of South Florida, 2002-Dec
LATEX source compiled on January 5, 2004 by Jim Hefferon, [email protected].
License restriction claimed by W. Edwin Clark. Copyleft 2002: “Copyleft means that
unrestricted redistribution and modification are permitted, provided that all copies
and derivatives retain the same permissions. Specifically no commerical use of these
notes or any revisions thereof is permitted.”
ii
Preface
Mathematics is the queen of sciences andarithmetic the queen of mathematics
Carl Friedrich Gauss
Number theory, known to Gauss as “arithmetic,” studies the properties of theintegers: . . . − 3,−2,−1, 0, 1, 2, 3 . . . . Although the integers are familiar, andtheir properties might therefore seem simple, it is instead a very deep subject.
For example, here are some problems in number theory that remain unsolved.(Recall that a prime number is an integer greater than 1 whose only positivefactors are 1 and the number itself.) Note that these problems are simple tostate — just because a topic is accessibile does not mean that it is easy.
1. (Goldbach’s Conjecture) Is every even integer n > 2 the sum of two primes?
2. (Twin Prime Conjecture) Are there are infinitely many twin primes?(Twin primes differ by 2, like 11 and 13.)
3. Are there infinitely many primes of the form n2 + 1? Of the form 2n − 1?(Ones of this form are Mersenne primes.) Of the form 22n
+ 1? (Theseare Fermat primes.)
4. Are there infinitely many primes whose digits are all 1’s? (Numbers ofthis form are repunits.)
5. Are there infinitely many perfect numbers? (An integer is perfect if it isthe sum of its proper divisors; 6 is perfect because 1 + 2 + 3 = 6.)
6. (3n + 1 Conjecture) Consider the function f defined by: f(n) = 3n + 1if n is odd and f(n) = n/2 if n is even. Does the sequence of iteratesf(n), f(f(n)), f(f(f(n))), . . . always contain 1, no matter what startingvalue n is used?
7. Is there a fast algorithm for factoring large integers?
So the subject is not simple. However it is accessible, and beautiful.
iii
iv PREFACE
A caution In some areas a person needs to learn by starting from first princi-ples. The first course in Calculus is like that; students learn limits first to avoidgetting nutty ideas about nxn−1, But other areas are best mastered by divingright in.
In this book you dive into mathematical arguments. Number Theory is rightfor this in part because of its accessibility.
But always keep in mind the caution: do not underestimate the material.You will find this subject hard, albiet rewarding.
Prerequisites We require only Calculus I. Even that requirement is not strict(limits come up, as do the rules of logarithm manipultion), so the main purposeof the prerequisite is that we expect that with it comes a certain amount ofmathematical maturity, including familiarity with basic set theory and somefunction facts.
Other resources The Internet contains much interesting and current infor-mation about number theory; see the Bibliography. The websites by ChrisCaldwell [2] and by Eric Weisstein [13] are especially good. To see what is goingon at the frontier of the subject, you may take a look at some recent issues ofthe Journal of Number Theory which you will find in any university library.
Contents
Preface iii
1 Divisibility 1
2 Prime Numbers 3
3 Division 5
4 Greatest Common Divisor 7
5 Bezout’s Lemma 9
6 The Euclidean Algorithm 13
7 The Fundamental Theorem 15
8 Distribution of Primes 19
9 Fermat Primes and Mersenne Primes 21
10 The Functions σ and τ 25
11 Perfect Numbers and Mersenne Primes 29
12 Congruences 31
13 Divisibility Tests 35
14 More Properties of Congruences 37
15 Residue Classes 41
16 Zm and Complete Residue Systems 43
17 Addition and Multiplication in Zm 45
18 The Group of Units 47
v
vi CONTENTS
19 The Chinese Remainder Theorem 51
20 Fermat’s Little Theorem 53
21 Probabilistic Primality Tests 55
22 Representations in Other Bases 57
23 Computation of aN mod m 59
24 Public Key Cryptosystems 63
A Proof by Induction 67
B Axioms for Z 69
C Some Properties of R 71
Chapter 1
Divisibility
In this book, all numbers are integers, unless specified otherwise. Thus in thenext definition, d, n, and k are integers.
1.1 Definition The number d divides the number n if there is a k such thatn = dk. (Alternate terms are: d is a divisor of n, or d is a factor of n, or n isa multiple of d.) This relationship between d and n is symbolized d | n. Thesymbol d - n means that d does not divide n.
Note that the symbol d | n is different from the fraction symbol d/n. Itis also different from n/d because d | n is either true or false, while n/d is arational number.
1.2 Theorem (Divisibility Properties) For all numbers n, m, and d,(1) d | 0(2) 0 | n =⇒ n = 0(3) 1 | n(4) (Reflexivity property) n | n(5) n | 1 =⇒ n = 1 or n = −1(6) (Transitivity property) d | n and n | m =⇒ d | m(7) (Multiplication property) d | n =⇒ ad | an
(8) (Cancellation property) ad | an and a 6= 0 =⇒ d | n(9) (Linearity property) d | n and d | m =⇒ d | an + bm for all a and b
(10) (Comparison property) If d and n are positive and d | n then d ≤ n
proof. For the first item, take k = 0. For the second, if 0 | n then n = 0 ·k = 0.The next item holds because we can take n as the k in the definition. Re-
flexivity is similar: n = n · 1 shows that it holds. The next property followsimmediately from Basic Axiom 3 for Z, from the first Appendix.
For Transitivity, assume the d | n and that n | m. Then n = dk1 andm = nk2 for some k1, k2 ∈ Z. Substitute to get m = nk2 = (dk1)k2. By theAssociative Property of Multiplication, (dk1)k2 = d(k1k2), which shows that ddivides m.
1
2 CHAPTER 1. DIVISIBILITY
Multiplication also follows from associativity. Assume that d | n so thatn = dk. Then an = a(dk) = (ad)k shows that ad | ak.
For Cancellation, assume that a 6= 0 and that ad | an. Then there is a ksuch that an = (ad)k. We will show that n = dk. Assume first that a > 0. Bythe Trichotomy Property from the first Appendix, either n > dk or n = dk orn < dk. If n > dk then we have that an > a(dk) = (ad)k, which contradicts thisparagraph’s assumption that an = (ad)k. If n < dk then an < a(dk) = (ad)k,also contradicting the assumption. Therefore n = dk, and so d | n. Theargument for the a < 0 case is similar.
To verify Linearity, suppose that d | n and d | m so that n = dk1 andm = dk2 for k1, k2 ∈ Z. Then an + bm = a(dk1) + b(dk2) = d(ak1 + bk2) showsthat d | (an + bm).
Finally, for Comparison, assume that d, n > 0 and d | n. Then n = dkfor some k. Observe that k is positive because the other two are positive. ByTrichotomy, either d < n or d = n or d > n. We will show that the d > n caseis not possible. Assume that d > n. Then dk > nk follows by one of the firstAppendix’s Properties of Inequalities. But that gives n > nk, which means thatn · 1 > n · k despite that fact that k is positive and so 1 ≤ k. This is impossiblebecause it violates the same Property of Inequalities. qed
1.3 Definition An integer n is even (or has even parity) if it is divisible by 2and is odd (or is of odd parity) otherwise.
1.4 Lemma Recall that |a| equals a if a ≥ 0 and equals −a if a < 0.(1) If d | a then −d | a and d | −a.(2) If d | a then d | |a|(3) The largest positive integer that divides a nonzero number a is |a|.
proof. For (1), if d | a then a = dk for some k. It follows that a = (−d)(−k)and since −d and −k are also integers, this shows that −d | a. It also followsthat −a = (−k)d, and so d | −a.
For (2), suppose first that a is nonnegative. Then |a| = a and so if d | athen d | |a|. Next suppose that a is negative. Since |a| = −a for negative a, andsince (1) shows that d | −a, and d therefore divides |a|.
For (3), first note that |a| actually divides a: in the a ≥ 0 case |a| | a becausein this case |a| = a and we know that a | a, while in the a < 0 case we have thata = |a|(−1), so that |a| is indeed a factor of a. We finish by showing that |a|is maximal among the divisors of a. Suppose that d is a positive number thatdivides a. Then a = dk for some k, and also −a = d(−k). Thus d | |a|, whethera is positive or negative. So by the Comparison property of Theorem 1.2, wehave that d ≤ |a|. qed
Chapter 2
Prime Numbers
2.1 Definition An integer p ≥ 2 is prime if it has no positive divisors otherthan 1 and itself. An integer greater than or equal to 2 that is not prime iscomposite.
Note that 1 is neither prime nor composite.
2.2 Lemma An integer n ≥ 2 is composite if and only if it has factors a andb such that 1 < a < n and 1 < b < n.
proof. Let n ≥ 2. The ‘if’ direction is obvious. For ‘only if’, assume that n iscomposite. Then it has a positive integer factor a such that a 6= 1, a 6= n. Thismeans that there is a b with n = ab. Since n and a are positive, so is b. Hence1 ≤ a and 1 ≤ b. By Theorem 1.2, a ≤ n and b ≤ n. Since a 6= 1 and a 6= n wehave 1 < a < n. If b = 1 then a = n, which is not possible, so b 6= 1. If b = nthen a = 1, which is also not possible. So 1 < b < n, finishing this half of theargument. qed
2.3 Lemma If n > 1 then there is a prime p such that p | n.
proof. Let S denote the set of all integers greater than 1 that have no primedivisor. We must show that S is empty.
If S is not empty then by the Well-Ordering Property it has a smallestmember; call it m. Now m > 1 and has no prime divisor. Then m cannot beprime (as every number is a divisor of itself). Hence m is composite. Thereforeby Lemma 2.2, m = ab where 1 < a < m and 1 < b < m. Since 1 < a < m, thefactor a is not a member of S. So a must have a prime divisor p. Then p | aand a | m, so by Theorem 1.2, p | m. This contradicts the assumption that mhas no prime divisor. So the set S must be empty. qed
2.4 Theorem (Euclid’s Theorem) There are infinitely many primes.
proof. Assume, to get a contradiction, that there are only a finitely manyprimes p1 = 2, p2 = 3, . . . , pn. Consider the number N = p1p2 · · · pn + 1.
3
4 CHAPTER 2. PRIME NUMBERS
Since p1 ≥ 2, clearly N ≥ 2. So by Lemma 2.3, N has a prime divisorp. That prime must be one of p1, . . . , pn since that list was assumed to beexhaustive. However, observe that the equation
N = pi (p1p2 · · · pi−1pi+1 · · · pn) + 1
along with 0 ≤ 1 < pi shows by Lemma 3.2 that n is not divisible by pi. This isa contradiction; it follows that the assumption that there are only finitely manyprimes is not true. qed
2.5 Remark Eucild’s Theorem, and its proof, is often cited as an example ofthe beauty of Mathematics.
2.6 Theorem If n > 1 is composite then n has a prime divisor p ≤√
n.
proof. Let n > 1 be composite. Then n = ab where 1 < a < n and 1 < b < n.We claim that at least one of a or b is less than or equal to
√n. For if not then
a >√
n and b >√
n, and hence n = ab >√
n ·√
n = n, which is impossible.Suppose, without loss of generality, that a ≤
√n. Since 1 < a, by Lemma 2.3
there is a prime p such that p | a. Hence, by Transitivity in Theorem 1.2, sincea | n we have p | n. By Comparison in Theorem 1.2, since p | a we havep ≤ a ≤
√n. qed
We can use Theorem 2.6 to help compute whether an integer is prime. Givenn > 1, we need only try to divide it by all primes p ≤
√n. If none of these
divides n then n must be prime.
2.7 Example Consider the number 97. Note that√
97 <√
100 = 10. Theprimes less than 10 are 2, 3, 5, and 7. None of these divides 97, and so 97 isprime.
Chapter 3
Division
3.1 Theorem Where a and b > 0 are integers, there are integers q and r,called the quotient and the remainder on division of a by b, satisfying these twoconditions.
a = bq + r 0 ≤ r < b
Further, those integers are unique.
Note that this result has two parts. One part is that the theorem says thereexists a quotient and remainder satisfying the conditions. The second part isthat the quotient, remainder pair are unique: no other pair of numbers satisfiesthose conditions.
proof. To verify that for any a and b > 0 there exists an appropriate quotientand remainder we need only produce suitable numbers. Consider these.
q =⌊a
b
⌋r = a− bq
Obviously a = bq + r, so these satisfy the first condition. To finish the existencehalf of this proof, we need only check that 0 ≤ r < b. The Floor Lemma fromthe Some Properties of R appendix gives
a
b− 1 <
⌊a
b
⌋≤ a
b.
Multiply all of the terms of this inequality by −b. Since b is positive, −b isnegative, and so the direction of the inequality is reversed.
b− a > −b⌊a
b
⌋≥ −a
Add a to all three terms of the inequality and replace ba/bc by q to get
b > a− bq ≥ 0.
Since r = a− bq this shows that 0 ≤ r < b.
5
6 CHAPTER 3. DIVISION
We still must prove that q and r are unique. Assume that there are twoquotient, remainder pairs
a = bq1 + r1 with 0 ≤ r1 < b
anda = bq2 + r2 with 0 ≤ r2 < b.
Subtracting
0 = a− a = (bq1 + r1)− (bq2 + r2) = b(q1 − q2) + (r1 − r2)
implies that
(3.1) r2 − r1 = b(q1 − q2).
We must show that the two pairs are equal, that r1 = r2 and q1 = q2. To obtaina contradiction, suppose otherwise. First suppose that r1 6= r2. Then one mustbe larger than the other; without loss of generality assume that r2 > r1. Then
0 ≤ r1 < r2 < b
and so r2−r1 < b. But (3.1) shows that b divides r2−r1 and by the Comparisonproperty of Theorem 1.2 this implies that b ≤ r2 − r1. This is the desiredcontradiction and so we conclude that r1 = r2. With that, from equation 3.1 wehave 0 = b(q1−q2). Since b > 0, this gives that q1−q2 = 0 and so q1 = q2. qed
3.2 Corollary The number d divides the number n if and only if on divisionof n by d the remainder is 0.
proof. If the remainder is 0 then n = dq + 0 = dq shows that d | n. For theother half, if d | n then for some k we have n = dk = dk + 0 (with 0 ≤ 0 < d)and the fact that the quotient, remainder pair is uniqus shows that k and 0must be the quotient and the remainder. qed
That corollary says that Theorem 3.1 generalizes the results on divisibility.For instance, fix b = 3. Then, given a, instead of only being able to say thata is divisible or not, we can give a finer description: a leaves a remainder of 0(this is the case where b | a), or 1, or 2.
3.3 Definition For b > 0 define a mod b = r where r is the remainder when ais divided by b.
For example 23 mod 7 = 2 since 23 = 7 · 3 + 2 and −4 mod 5 = 1 since−4 = 5 · (−1) + 1.
Chapter 4
Greatest Common Divisor
4.1 Definition An integer is a common divisor of two others if it divides bothof them.
We write C(a, b) for the set of numbers that are common divisors of a and b.
4.2 Definition The greatest common divisor of two nonzero integers a and b,gcd(a, b), is the largest integer that divides both, except that gcd(0, 0) = 0.
The exception is there because every number divides zero, and so we speciallydefine gcd(0, 0) to be a convienent value.
4.3 Example The set of common divisors of 18 and 30 is
C(18, 30) = {−1, 1,−2, 2,−3, 3,−6, 6}.
So, gcd(18, 30) = 6.
4.4 Lemma gcd(a, b) = gcd(b, a).
proof. Clearly the two sets C(a, b) and C(b, a) are equal. It follows that theirlargest elements are equal, that is, that gcd(a, b) = gcd(b, a). qed
4.5 Lemma gcd(a, b) = gcd(|a|, |b|).
proof. If a = 0 and b = 0 then |a| = a and |b| = b, and so in this casegcd(a, b) = gcd(|a|, |b|). Suppose that one of a or b is not 0. Lemma 1.4 showsthat d | a ⇔ d | |a|. It follows that the two sets C(a, b) and C(|a|, |b|) are thesame set. So the largest member of that set, the greatest common divisor of aand b, is also the greatest common divisor of |a| and |b|. qed
4.6 Lemma If a 6= 0 or b 6= 0, then gcd(a, b) exists and satisfies
0 < gcd(a, b) ≤ min{|a|, |b|}.
7
8 CHAPTER 4. GREATEST COMMON DIVISOR
proof. Note that gcd(a, b) is the largest integer in the set C(a, b). Since 1 | aand 1 | b we know that 1 ∈ C(a, b). So the greatest common divisor must be atleast 1, and is therefore positive. On the other hand, if d ∈ C(a, b) then d | |a|and d | |b|, so d is no larger than |a| and no larger than |b|. Thus, d is at mostthe minimum of |a| and |b|. qed
4.7 Example The above results give that
gcd(48, 732) = gcd(−48, 732) = gcd(−48,−732) = gcd(48,−732).
We also know that 0 < gcd(48, 732) ≤ 48. Since if d = gcd(48, 732) then d | 48,to find d we need check only for positive divisors of 48 that also divide 732.
4.8 Remark Observe that the first two lemmas, which draw conclusions aboutthe properties of the gcd operator, preceed Lemma 4.6, which shows that thegcd exists.
If two numbers have a greatest common divisor of 1 then they have nonontivial common factors.
4.9 Definition Two numbers are relatively prime if they have a greatest com-mon divisor of 1.
Although the relatively prime relationship is symmetric — if gcd(a, b) = 1then gcd(b, a) = 1 —we sometimes state it as “a is relatively prime to b.”
4.10 Lemma If g = gcd(a, b) then gcd(a/g, b/g) = 1.
proof. The greatest common divisor of a/g and b/g must exist, by the priorresult. Let gcd(a/g, b/g) = k. Then k is a divisor of both a/g and b/g so thereare numbers ja and jb such that jak = a/g and jbk = b/g. Therefore ja(kg) = aand jb(kg) = b, and so kg is a common divisor of a and b. If k > 1 this wouldbe a contradiction, because then kg > g but g is the greatest common divisor.Therefore k = 1. qed
Chapter 5
Bezout’s Lemma
5.1 Definition A number c is a linear combination of the numbers a and b ifc = as + bt for some s and t.
5.2 Example The number c = 16 is a linear combination of a = 2 and b = 5since taking s = 3 and t = 2 gives 16 = 3 · 2 + 2 · 5. The number 21 is not alinear combination of 2 and 4, since in the equation 21 = s · 2 + t · 4 the rightside is divisible by 2 while the left is not. (That is, there are no integers s andt; we can solve the equation with rational numbers that are not integral.)
Thus, the Linearity statement in the Divisibility Properties theorem saysthat if d divides a and b, then d divides all linear combinations of a and b. Sothe greatest common divisor, gcd(a, b), divides every member of L(a, b), the setof all linear combinations of a and b. The next result says that gcd(a, b) is itselfa member of L(a, b).
5.3 Lemma (Bezout’s Lemma) The greatest common divisor of two num-bers is a linear combination of those two: for all integers a and b there existintegers s and t such that gcd(a, b) = sa + tb.
proof. If a and b are 0 then s and t may be anything since gcd(0, 0) = 0 =s · 0 + t · 0. So we may assume that a 6= 0 or b 6= 0. Consider the set L(a, b) ={na + mb : n, m ∈ Z} of all linear combinations of a and b.
Denote the set of positive members of L(a, b) by L+(a, b). Note that L(a, b)contains a, −a, b and −b, and since a 6= 0 or b 6= 0, at least one of these fournumbers is positive. Therefore L+(a, b) is not empty. Because of this, by theWell-Ordering Property for N, we know that the set L+(a, b) contains a smallestpositive integer; call it d. We will show that d is the greatest common divisorof a and b. That will finish the argument because d is a linear combination ofa and b as it is a member of L.
Since d ∈ L+(a, b) we have d = sa + tb for some integers s and t. Letg = gcd(a, b). Then g | a and g | b, so by the Linearity property of Theorem 1.2,we have g | (sa+tb), that is, g | d. Since g and d are positive, by the Comparisionproperty of Theorem 1.2, we have that g ≤ d.
9
10 CHAPTER 5. BEZOUT’S LEMMA
If we show that d is a common divisor of a and b, then we will have thatd ≤ g (as g is the greatest of the common divisors), and so we will have shownthat g = d. To show that d | a, write a = dq + r where 0 ≤ r < d and compute
r = a− dq = a− (sa + tb)q = (1− sq)a + (−tq)b.
to conclude that r ∈ L(a, b). Thus, if r were to be strictly greater than 0 then rwould be a member of L+(a, b). But this cannot be, since r is strictly less thand and d is the smallest integer in L+(a, b). So we must have that r = 0. Thatis, a = dq, and hence d | a. A similar argument shows that d | b. Thus, d isindeed a common divisor of a and b, and d = g = gcd(a, b). qed
5.4 Example Notice that 1 = gcd(2, 3) and 1 = (−1)2 + 1 · 3. Notice alsothat 1 = 2 · 2 + (−1)3. So the numbers s and t in Bezout’s Lemma are uniquelydetermined. In fact, as we will see later that for each pair a, b there are infinitelymany s and t.
5.5 Corollary The set L(a, b) of all linear combinations of a and b equals theset of multiples of gcd(a, b).
proof. We observed above that any member of L(a, b) is a multiple of gcd(a, b).For the converse, consider the multiple k·gcd(a, b), apply Bezout’s Lemma to gets, t ∈ Z so that gcd(a, b) = sa + tb, and substitute: k · gcd(a, b) = k · (sa + tb) =(ks)a + (kt)b. qed
5.6 Lemma If a | bc and a is relatively prime to b then a | c.
proof. Since gcd(a, b) = 1, by Bezout’s Lemma there are coefficients s and tsuch that 1 = as+bt. Multiply both sides by c to get c = cas+cbt = a(cs)+(bc)t.Note that a | a(cs) and that a | bc by assumption, so Theorem 1.2 gives that adivides the linear combination a(cs) + (bc)t = c. qed
Observe that 6 | (4 · 9) but 6 - 4 and 6 - 9 (6 is not relatively prime to 4,and is also not relatively prime to 9). Thus the condition of relative primalityis needed in that lemma.
We can completely characterize L(a, b).
5.7 Lemma Fix a, b ∈ Z. If gcd(a, b) | c then the equation sa + tb = c hasinfinitely many solution pairs s, t, which have the form
s = s0 − j · (b/d), t = t0 + j · (a/d) j ∈ Z
where s0, t0 is any particular solution pair.
proof. First assume that a solution pair s0, t0 exists, to show that any pair ofnumbers of that form also solve the equation. Plug them into the equation.
(s0−j(b/d))·a+(t0+j(a/d))·b = (s0a+t0b)+j(−(ab/d)+(ab/d)) = s0a+t0b = c
11
To finish we must show that pairs of the stated type are the only solutions..Suppose that s and t also solve the equation: sa + tb = c. Subtracting gives(s− s0)a + (t− t0)b = 0, that is,
(∗) (s− s0)a = (t0 − t)b.
Divide by g = gcd(a, b) on both sides to get (s− s0)(a/g) = (t0− t)(b/g), whichshows that b/g divides (s − s0)(a/g). By Lemma 4.10, gcd(a/g, b/g) = 1 andso the prior result, Lemma 5.6, shows that b/g divides s − s0. Thus, for thissolution pair s, t, there is a j ∈ Z such that j · (b/g) = s− s0, that is, s has theform s = s0− j(b/g). With that form for s, substituting into equation (∗) givesthat ((s0 − j(b/g)) − s0)a = −ja(b/g) equals (t0 − t)b. Dividing both sides byb and rearranging gives that t = t0 + j(a/g). qed
12 CHAPTER 5. BEZOUT’S LEMMA
Chapter 6
The Euclidean Algorithm
We can efficiently compute the greatest common divisor of two numbers.We first reduce the problem. Since gcd(a, b) = gcd(|a|, |b|) (and gcd(0, 0) =
0), we need only give a method to compute gcd(a, b) where a and b are nonneg-ative. And, since gcd(a, b) = gcd(b, a), it is enough for us to give a method fora ≥ b ≥ 0.
6.1 Lemma If a > 0 then gcd(a, 0) = a.
proof. Since every integer divides 0, C(a, 0) is just the set of divisors of a. Thelargest divisor of a is |a|. Since a is positive, |a| = a, and so gcd(a, 0) = a. qed
The prior lemma reduces the problem of computing gcd(a, b) to the casewhere a ≥ b > 0.
6.2 Lemma If a > 0 then gcd(a, a) = a.
proof. Obviously, a is a common divisor. By Lemma 4.6, gcd(a, a) ≤ |a| andsince a is positive, |a| = a. So a is the greatest common divisor. qed
We have now reduced the problem to the case a > b > 0. The central resultis next.
6.3 Lemma Let a > b > 0. If a = bq + r, then gcd(a, b) = gcd(b, r).
proof. It suffices to show that the two sets C(a, b) and C(b, r) are equal, becausethen they must have the same greatest member. To show that the sets are equalwe will show that they have the same members.
First, suppose that d ∈ C(a, b), so that d | a and d | b. Note that r = a− bq.By Theorem 1.2(3) we have that d | r. Thus d | b and d | r, and so d ∈ C(b, r).We have shown that any member of C(a, b) is a member of C(b, r), that is, thatC(a, b) ⊆ C(b, r).
For the other containment, assume that d ∈ C(b, r) so that d | b and d | r.Since a = bq + r, Theorem 1.2(3) applies again to shows that d | a. So d | a andd | b, and therefore d ∈ C(a, b). qed
13
14 CHAPTER 6. THE EUCLIDEAN ALGORITHM
The Euclidean Algorithm uses Lemma 6.3 to compute the greatest commondivisor of two numbers. Rather introduce a computer language in which to givealgorithm, we will illustrate it with an example.
6.4 Example Compute gcd(803, 154).
gcd(803, 154) = gcd(154, 33) since 803 = 154 · 5 + 33gcd(154, 33) = gcd(33, 22) since 154 = 33 · 4 + 22gcd(33, 22) = gcd(22, 11) since 33 = 22 · 1 + 11gcd(22, 11) = gcd(11, 0) since 22 = 11 · 1 + 0gcd(11, 0) = 11
Hence gcd(803, 154) = 11.
6.5 Remark This method is much faster than finding C(a, b) and can findgcd’s of quite large numbers.
Recall that Bezout’s Lemma asserts that given a and b there exists twonumbers s and t such that gcd(a, b) = s ·a+ t ·b. We can use Euclid’s Algorithmto find s and t by tracing through the steps, in reverse.
6.6 Example Express gcd(803, 154) as a linear combination of 803 and 154.
11 = 33 + 22 · (−1)= 33 + (154− 33 · 4) · (−1) = 154 · (−1) + 33 · 5= 154 · (−1) + (803− 154 · 5) · 5 = 803 · 5 + 154 · (−26)
Chapter 7
The Fundamental Theorem
7.1 Theorem (Fundamental Theorem of Arithmetic) Every numbergreater than 1 factors into a product of primes n = p1p2 · · · ps. Further, writ-ing the primes in ascending order p1 ≤ p2 ≤ · · · ≤ ps makes the factorizationunique.
Some of the primes in the product may be equal. For instance, 12 = 2 ·2 ·3 =22·3. So the Fundamental Theorem is sometimes stated as: every number greaterthan 1 can be factored uniquely as a product of powers of primes.
7.2 Example 600 = 2 · 2 · 2 · 3 · 5 · 5 = 23 · 3 · 52
We will break the proof of the Fundamental Theorem into a sequence ofLemmas.
7.3 Lemma (Euclid’s Lemma) If p is a prime and p | ab, then p | a or p | b.
proof. Assume that p | ab. If p | a then we are done, so suppose that it doesnot. Let d = gcd(p, a). Note that d > 0, and that d | p and d | a. Since d | pwe have that d = 1 or d = p. If d = p then p | a, which we assumed was nottrue. So we must have d = 1. Hence gcd(p, a) = 1 and p | ab. So by Lemma 5.6,p | b. qed
7.4 Lemma Let p be prime. Let a1, a2, . . . , an, n ≥ 1, be integers. If p |a1a2 · · · an, then p | ai for at least one i ∈ {1, 2, . . . , n}.
proof. We use induction on n. For the n = 1 base case the result is clear.For the inductive step, assume the inductive hypothesis: that the lemma
holds for n such that 1 ≤ n ≤ k. We must show that it holds for n = k + 1.Assume that p is prime and that p | a1a2 · · · akak+1. Write a1a2 · · · ak as a, andak+1 as b. Then p | a or p | b by Lemma 7.3. If p | a = a1 · · · ak then by theinduction hypothesis, p | ai for some i ∈ {1, . . . , k}. If p | b then p | ak+1. Sowe can say that p | ai for some i ∈ {1, 2, . . . , k + 1}. This verifies the lemma forn = k + 1. Hence by mathematical induction, it holds for all n ≥ 1. qed
15
16 CHAPTER 7. THE FUNDAMENTAL THEOREM
7.5 Lemma (Fundamental Theorem, Existence) If n > 1 then there existprimes p1, . . . , ps, where s ≥ 1, such that n = p1p2 · · · ps and p1 ≤ p2 ≤ · · · ≤ ps.
proof. We will use induction on n. The base step is n = 2: in this case, since2 is prime we can take s = 1 and p1 = 2.
For the inductive step, assume the hypothesis that the lemma holds for2 ≤ n ≤ k; we will show that it holds for n = k + 1. If k + 1 is prime then s = 1and p1 = k + 1. If k + 1 is composite then write k + 1 = ab where 1 < a < k + 1and 1 < b < k + 1. By the induction hypothesis there are primes p1, . . . , pu andq1, . . . , qv such that a = p1 · · · pu and b = q1 · · · qv. This gives that k + 1 is aproduct of primes
k + 1 = ab = p1p2 · · · puq1q2 · · · qv,
where s = u + v. Reorder the primes into ascending order, if necessary.The base step and the inductive step together give us that the statement is
true for all n > 1. qed
7.6 Lemma (Fundamental Theorem, Uniqueness) If n = p1p2 · · · ps fors ≥ 1 with p1 ≤ p2 ≤ · · · ≤ ps, and also n = q1q2 · · · qt for t ≥ 1 withq1 ≤ q2 ≤ · · · ≤ qt, then t = s, and pi = qi for all i between 1 and s.
proof. The proof is by induction on s. In the s = 1 base case, n = p1 is primeand we have p1 = q1q2 · · · qt. Now, t must be 1 or else this is a factorization ofthe prime p1, and therefore p1 = q1.
Now assume the inductive hypothesis that the result holds for all s with1 ≤ s ≤ k. We must show that the result then holds for s = k +1. Assume thatn = p1p2 · · · pkpk+1 where p1 ≤ p2 ≤ · · · ≤ pk+1, and also n = q1q2 · · · qt whereq1 ≤ q2 ≤ · · · ≤ qt. Clearly pk+1 | n, so pk+1 | q1 · · · qt. Euclid’s Lemma thengives that pk+1 divides some qi. That implies that pk+1 = qi, or else pk+1 wouldbe a non-1 divisor of the prime qi, which is impossible. Hence pk+1 = qi ≤ qt.
A similar argument shows that qt = pj ≤ pk+1. Therefore pk+1 = qt.To finish, cancel pk+1 = qt from the two sides of this equation.
p1p2 · · · pkpk+1 = q1q2 · · · qt−1qt
Now the induction hypothesis applies: k = t− 1 and pi = qi for i = 1, . . . , t− 1.So the lemma holds also in the s = k + 1 case, and so by mathematical
induction it holds for all s ≥ 1. qed
7.7 Remark Unique factorization gives an alternative, conceptually simpler,way to find the greatest common divisor of two numbers. For example, 600 =23 · 31 · 52 · 70 and 252 = 22 · 32 · 50 · 7. Now, 23 divides both number. So does31, but 32 does not divide both. Also, the highest power of 5 dividing bothnumbers is 50, and similarly the highest power of 7 that works for both is 70.So gcd(600, 252) = 22 · 31 · 50 · 70 = 24. In general, we can find the greatestcommon divisor of two numbers factoring, then taking the minimum power of2, times the minimum power of 3, etc.
17
The difficulty with this method is that we must factor the numbers. Butfactorization is very difficult! That is, for numbers that are large, factoring isslow while the Euclidean algorithm is relatively fast.
18 CHAPTER 7. THE FUNDAMENTAL THEOREM
Chapter 8
Distribution of Primes
The Sieve of Eratosthenes is an ancient method to find primes. To find theprimes less than n, list the numbers from 2 to n− 1. The smallest number, 2, isprime. Cross off all proper multiples of 2 (that is, the even numbers greater than2). The smallest number remaining, 3, is prime. Cross off all proper multiples of3, that is, 6, 9, etc. (some of them have already been eliminated). The smallestremaining number, 5, is prime. Cross off all proper multiples of 5. Continuethis process until the list is exhausted.
Here is what is left when the sieve filters out the nonprimes less than 100.
00 01 02 03 04 05 06 07 08 090 2 3 5 7
10 11 13 17 1920 23 2930 31 3740 41 43 4750 53 5960 61 6770 71 73 7980 83 8990 97
Obviously, the columns with even numbers and the columns with multiples of5 are empty (except for 2 and 5) but this is an artifact of the fact that the rowsof the table are 10 = 2 · 5 wide. Other than that, at first glance no pattern isapparent.
8.1 Theorem (Wilson’s Theorem) There are arbitrarily long gaps betweenprimes: for any positive integer n there is a sequence of n consecutive compositeintegers.
proof. Given n ≥ 1, consider a = (n + 1)! + 2. We will show that all of thenumbers a, a + 1, . . . , a + (n− 1) are composite.
19
20 CHAPTER 8. DISTRIBUTION OF PRIMES
Since n+1 ≥ 2, clearly 2 | (n+1)!. Hence 2 | (n+1)!+2. Since (n+1)!+2 > 2,we therefore have that a = (n + 1)! + 2 is composite. We will finish by showingthat the i-th number in the sequence, a + i where 0 ≤ i ≤ n− 1, is composite.Because 2 ≤ i + 2 ≤ n + 1, we have that (i + 2) | (n + 1)!. Hence i + 2 | a + i =(n+1)!+(i+2). Because a+i > i+2 > 1, we have that a+i is composite. qed
8.2 Definition For any positive real number x, the number of primes less thanor equal to x is π(x).
For example, π(10) = 4.The next result was first conjectured in 1793 by by Gauss, on the basis of
numerical evidence like that in the table above. It was, however, not proveduntil over 100 years later, by Hadamard and Vallee Poussin. The proof is beyondthe scope of this course.
8.3 Theorem (The Prime Number Theorem)
limx→∞
π(x)(x/ ln(x))
= 1.
Here is a table of values of π(10i) and 10i/ ln(10i) for i = 2, . . . , 10 (thesecond set of values have been rounded to the nearest integer).
x π(x) round(x/ ln(x))102 25 22103 168 145104 1229 1086105 9592 8686106 78498 72382107 664579 620421108 5761455 5428681109 50847534 48254942
1010 455052511 434294482
This table has been continued up to 1021, but mathematicians are still workingon finding the value of π(1022). Of course, computing the approximations areeasy, but finding the exact value of π(1022) is hard.
Chapter 9
Fermat Primes andMersenne Primes
A formula that produces the primes would be nice. Historically, lacking sucha formula, mathematicians have looked for formulas that at least produce onlyprimes.
In 1640 Fermat noted that the numbers in this list
n 0 1 2 3 4Fn = 2(2n) + 1 3 5 17 257 65, 537
are all prime. He conjectured that Fn is always prime. Numbers of the form22n
+ 1 are called Fermat numbers.
9.1 Lemma Let a > 1 and n > 1. If an +1 is prime then a is even and n = 2k
for some k ≥ 1.
proof. We first show that n is even. Suppose otherwise, and recall the well-known factorization.
an − 1 = (a− 1)(an−1 + an−2 + · · ·+ a + 1)
Replace a by −a.
(−a)n − 1 = (−a− 1)((−a)n−1 + (−a)n−2 + · · ·+ (−a) + 1
)If the exponent n is odd then n − 1 is even, n − 2 is odd, etc. So we have(−a)n = −an, (−a)n−1 = an−1, (−a)n−2 = −an−2, etc., and the factorizationbecomes
−(an + 1) = −(a + 1)(an−1 − an−2 + · · · − a + 1
).
Then changing the sign of both sides gives (an + 1) = (a + 1)(an−1 − an−2 +· · · − a + 1). But with n ≥ 2, we have 1 < a + 1 < an + 1. This shows that if nis odd and a > 1, then an + 1 is not prime.
21
22 CHAPTER 9. FERMAT PRIMES AND MERSENNE PRIMES
So n is even. Write n = 2s · t where t is odd. Then if an + 1 is prime wehave (a2s
)t + 1 is prime. But by what we just showed this cannot be prime if tis odd and t ≥ 2. So we must have t = 1 and therefore n = 2s.
Also, an + 1 prime implies that a is even since if a is odd then so is an,and in consequence an + 1 would be even. But the only even prime is 2, adndwe are assuming that a > 1 and so we have a ≥ 2, which implies that soan + 1 ≥ 3. qed
9.2 Definition A prime number of the form Fn = 2(2n) +1, n ≥ 0, is a Fermatprime.
Euler showed that Fermat number next on the table, F5 = 4, 294, 967, 297,is composite.
As n increases, the Fn’s increase in size very rapidly, and are not easy tocheck for primality. We know that Fn is composite for all n such that 5 ≤ n ≤ 30,and a large number of other values of n including 382447 (the largest one thatI know). Many researchers now conjecture that Fn is composite for n ≥ 5. SoFermat’s original thought that Fn is always prime is badly mistaken.
Mathematicians have also looked for formulas that produce many primes.That is, we can guess that numbers of various special forms are disproportion-ately prime. One form that has historically been of interest is are the Mersennenumbers Mn = 2n − 1.
n 2 3 5 7 13f(n) 3 7 31 127 8191
All of the numbers on the second row are prime. Note that 24 − 1 is not prime,so this is not supposed to be a formula that gives only primes.
9.3 Lemma Let a > 1 and n > 1. If an−1 is prime then a = 2 and n is prime.
proof. Consider again an − 1 = (a− 1)(an−1 + · · ·+ a + 1) Note that if a > 2and n > 1 then a− 1 > 1 and an−1 + · · ·+ a + 1 > a + 1 > 3 so both factors aregreater then 1, and therefore an − 1 is not prime. Hence if an − 1 is prime thenwe must have a = 2.
Now suppose 2n − 1 is prime. We claim that n is prime. For, if not, thenn = st where 1 < s < n and 1 < t < n. Then 2n − 1 = 2st − 1 = (2s)t − 1 isprime. But we just showed that if an − 1 is prime then we must have a = 2. Sowe must have 2s = 2, and hence s = 1 and t = n. Therefore n is not composite,that is, n is prime. qed
9.4 Corollary If Mn is prime, then n is prime.
proof. This is immediate from Lemma 9.3. qed
At first it was thought that Mp = 2p − 1 is prime whenever p is prime. Butin 1536, Hudalricus Regius showed that M11 = 211 − 1 = 2047 is not prime:2047 = 23 · 89.
23
9.5 Definition A prime number of the form Mn = 2n−1, n ≥ 2, is a Mersenneprime.
People continue to work on determining which Mp’s are prime. To date(2003-Dec-09), we know that 2p − 1 is prime if p is one of the following 40primes: 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279, 2203, 2281,3217, 4253, 4423, 9689, 9941, 11213, 19937, 21701, 23209, 44497, 86243, 110503,132049, 216091, 756839, 859433, 1257787, 1398269, 2976221, 3021377, 6972593,13466917, and 20996011.
The first number with more than a thousand digits known to be prime wasM4253. The largest number on that list was found on 2003-Nov-17. This numberhas 6, 320, 430 digits. It was found as part of the Great Internet Mersenne PrimeSearch (GIMPS). (You can participate in this search by setting a program torun at times when your computer is not busy; see Chris Caldwell’s page formore about this.) Later we will see a connection between Mersenne primes andperfect numbers.
One reason that we know so much about Mersenne primes is that the follow-ing test makes it easier to check whether or not Mp is prime when p is a largeprime.
9.6 Theorem (The Lucas-Lehmer Mersenne Prime Test) Let p be anodd prime. Define the sequence r1, r2, r3, . . . , rp−1 by the rules r1 = 4, and fork ≥ 2,
rk = (r2k−1 − 2) mod Mp.
Then Mp is prime if and only if rp−1 = 0.
The proof of this is beyond the scope of this book.
9.7 Example Let p = 5. Then Mp = M5 = 31.
r1 = 4
r2 = (42 − 2) mod 31 = 14 mod 31 = 14
r3 = (142 − 2) mod 31 = 194 mod 31 = 8
r4 = (82 − 2) mod 31 = 62 mod 31 = 0
Hence by the Lucas-Lehmer test, M5 = 31 is prime.
9.8 Remark Note that the Lucas-Lehmer test for Mp = 2p−1 takes only p−1steps. On the other hand, if we try to prove that Mp is prime by testing allprimes less than or equal to
√Mp then must consider about 2(p/2) steps. This
is much larger, in general, than p.
No one knows whether there are infinitely many Mersenne primes.
24 CHAPTER 9. FERMAT PRIMES AND MERSENNE PRIMES
Chapter 10
The Functions σ and τ
10.1 Definition Where n is a positive integer, τ(n) is the number of positivedivisors of n.
10.2 Example The number 12 = 3 ·22 has positive divisors 1, 2, 3, 4, 6, 12, andso τ(12) = 6.
10.3 Definition Where n is a positive integer, σ(n) is the sum of the positivedivisors of n.
A positive divisor d of n is a proper divisor if d < n. The sum of all properdivisors of n is σ∗(n).
Note that if n ≥ 2 then σ∗(n) = σ(n)− n.
10.4 Example σ(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28, σ∗(12) = 16.
10.5 Definition A number n > 1 is perfect if σ∗(n) = n.
10.6 Example The first perfect number is 6 because its proper divisors are 1,2 and 3.
10.7 Theorem Consider the prime factorization n = pe11 pe2
2 · · · perr .
(1) τ(n) = (e1 + 1)(e2 + 1) · · · (er + 1)
(2) σ(n) =pe1+11 − 1p1 − 1
· pe2+12 − 1p2 − 1
· · · per+1r − 1pr − 1
10.8 Example If n = 72 = 23 · 32 then τ(72) = (3 + 1)(2 + 1) = 12 and
σ(72) =24 − 12− 1
· 33 − 13− 1
= 15 · 13 = 195.
Proof of item (1). From the Fundamental Theorem of Arithmetic, if d is a factorof n then the prime factors of d come from those of n. Hence d | n iff d =pf11 pf2
2 · · · pfrr where for each i, 0 ≤ fi ≤ ei. There are (e1 +1)(e2 +1) · · · (er +1)
choices for the exponents f1, f2, . . . , fr. qed
25
26 CHAPTER 10. THE FUNCTIONS σ AND τ
Our proof of the second item requires two preliminary results.
10.9 Lemma Suppose that n = ab, where a > 0, b > 0 and gcd(a, b) = 1.Then σ(n) = σ(a)σ(b).
proof. Since a and b have only 1 as a common factor, the Fundamental The-orem of Arithmetic, shows that d | n only when d factors into d = d1d2 whered1 | a and d2 | b. That is, the divisors of ab are products of the divisors of awith the divisors of b. Let the divisors of a be 1, a1, . . . , as and the divisors of bbe 1, b1, . . . , bt. These are the divisors of n = ab.
1, b1, b2, . . . , bt
a1 · 1, a1 · b1, a1 · b2, . . . , a1 · bt
a2 · 1, a2 · b1, a2 · b2, . . . , a2 · bt
...as · 1, as · b1, as · b2, . . . , as · bt
This list has no repetitions because, as gcd(a, b) = 1, if aibj = akb` then ai = ak
and bj = b`. Therefore to find σ(b) we can sum the rows
1 + b1 + · · ·+ bt = σ(b)a11 + a1b1 + · · ·+ a1bt = a1σ(b)
...as · 1 + asb1 + · · ·+ asbt = asσ(b)
and add those partial sums
σ(n) = σ(b) + a1σ(b) + a2σ(b) + · · ·+ a3σ(b)= (1 + a1 + a2 + · · ·+ as)σ(b)= σ(a)σ(b)
to get the required result. qed
10.10 Lemma If p is a prime and k ≥ 0 then
σ(pk) =pk+1 − 1
p− 1.
proof. Since p is prime, the divisors of pk are 1, p, p2, . . . , pk. Hence
σ(pk) = 1 + p + p2 + · · ·+ pk =pk+1 − 1
p− 1
follows from the formula for the sum of a geometric series. qed
27
Proof of item (2). Let n = pe11 pe2
2 · · · perr . This proof is by induction on the
number of prime factors r. In the r = 1 base case we have n = pe11 and the
result follows from Lemma 10.10.For the inductive step, the inductive hypothesis is that the statment is true
when 1 ≤ r ≤ k. Consider the r = k + 1 case: n = pe11 · · · pek
k pek+1k+1 where the
primes are distinct. Let a = pe11 · · · pek
k and b = pek+1k+1 . Clearly gcd(a, b) = 1.
Lemma 10.9 applies to give that σ(n) = σ(a)σ(b). The inductive hypothesisand Lemma 10.10 give
σ(a) =(
pe1+11 − 1p1 − 1
)· · ·
(pek+1
k − 1pk − 1
)σ(b) =
pek+1+1k+1 − 1pk+1 − 1
and therefore
σ(n) =(
pe1+11 − 1p1 − 1
)· · ·
(p
ek+1+1k+1 − 1pk+1 − 1
)as desired. So the result holds for r = k + 1, and that implies that the theoremis true for all integers by the principle of mathematical induction. qed
28 CHAPTER 10. THE FUNCTIONS σ AND τ
Chapter 11
Perfect Numbers andMersenne Primes
A search for perfect numbers up to 10, 000 finds only these.
6 = 2 · 328 = 22 · 7
496 = 24 · 31
8128 = 26 · 127
Note that 3 = 22 − 1, 7 = 23 − 1, 31 = 25 − 1, and 127 = 27 − 1 are Mersenneprimes. We can conjecture that all perfect numbers fit this pattern. This chapterdiscusses to what extent this is known to be true.
11.1 Theorem If 2p − 1 is a Mersenne prime then 2p−1 · (2p − 1) is perfect.
proof. Write q = 2p−1 and n = 2p−1q. Since q is odd and prime, Theorem 10.7gives that σ(n) is
σ(2p−1q
)=(
2p − 12− 1
)(q2 − 1q − 1
)= (2p − 1)(q + 1) = (2p − 1)2p = 2n.
That is, σ(n) = 2n, and so n is perfect. qed
11.2 Theorem If n is even and perfect then there is a Mersenne prime 2p − 1such that n = 2p−1(2p − 1).
proof. Suppose that n is even and perfect. Factor out all of the 2’s to getn = 2k · q with q an odd number, and k ≥ 1 since n is even. Since q is odd,gcd(2k, q) = 1 and so by Lemmas 10.9 and 10.10 we have σ(n) = σ(2k)σ(q) =(2k+1 − 1)σ(q). Thus, as n is perfect,
2k+1q = 2n = σ(n) = (2k+1 − 1)σ(q).
29
30 CHAPTER 11. PERFECT NUMBERS AND MERSENNE PRIMES
Now substituting σ(q) = σ∗(q) + q, into the prior displayed equation gives
2k+1q = (2k+1 − 1)(σ∗(q) + q)
that is2k+1q = (2k+1 − 1)σ∗(q) + 2k+1q − q
This implies that
(∗) σ∗(q)(2k+1 − 1) = q.
So σ∗(q) is a divisor of q. Since k ≥ 1 we have that 2k+1 − 1 ≥ 4 − 1 = 3. Soσ∗(q) is a proper divisor of q. But σ∗(q) is the sum of all of the proper divisorsof q. This can only happen if q has only one proper divisor, that is, it impliesthat q is prime and so σ∗(q) = 1. Then equation (∗) shows that q = 2k+1 − 1.So q is a Mersenne prime and k + 1 = p is prime. Therefore n = 2p−1 · (2p − 1),as desired. qed
11.3 Corollary There is a one-to-one correspondence between the even perfectnumbers and the Mersenne primes.
Here are two questions that remain open: (i) Are there infinitely many evenperfect numbers? (ii) Are there any odd perfect numbers? (We know that if anodd perfect number exists, then it must be greater than 1050.)
Chapter 12
Congruences
12.1 Definition Let m ≥ 0. We we say that the numbers a and b are congruentmodulo m, denoted a ≡ b (mod m), if a and b leave the same remainder whendivided by m. The number m is the modulus of the congruence. The notationa 6≡ b (mod m) means that they are not congruent.
12.2 Lemma The numbers a and b are congruent modulo m if and only ifm | (a− b), and also if and only if m | (b− a).
proof. Write a = mqa + ra and b = mqb + rb for some qa, qb, ra, and rb, with0 ≤ ra, rb < m. Subtracting gives a− b = m(qa − qb) + (ra − rb). Observe thatthe restrictions on the remainders imply that −m < ra− rb < m, and so ra− rb
is not a multiple of m unless ra − rb = 0.If a and b are congruent modulo m then ra = rb, which implies that a− b =
m(qa − qb), which in turn gives that a− b is a multiple of m.The implications in the prior paragraph reverse: if a − b is a multiple of m
then in the equation a−b = m(qa−qb)+(ra−rb) we must have that ra−rb = 0by the observation in the first paragraph, and therefore ra = rb.
The b− a statement is proved similarly. qed
12.3 Examples
1. 25 ≡ 1 (mod 4) since 4 | 24
2. 25 6≡ 2 (mod 4) since 4 - 23
3. 1 ≡ −3 (mod 4) since 4 | 4
4. a ≡ b (mod 1) for all a, b
5. a ≡ b (mod 0) ⇐⇒ a = b for all a, b
Do not confuse the use of mod in Definition 12.1
a ≡ b (mod m) if m | a− b
31
32 CHAPTER 12. CONGRUENCES
with that of Definition 3.3.
a mod b = r where r is the remainder when a is divided by b
The two are related but not identitical.
12.4 Example One difference between the two is that 25 ≡ 5 (mod 4) is truewhile 25 = 5 mod 4 is false (it asserts that 25 = 1).
The ‘mod’ in a ≡ b (mod m) defines a binary relation, a relationship betweentwo things. The ‘mod’ in a mod b is a binary operation, just as addition ormultiplication are binary operations. Thus,
a ≡ b (mod m) ⇐⇒ a mod m = b mod m.
That is, if m > 0 and a ≡ r (mod m) where 0 ≤ r < m then a mod m = r.Expressions such as
x = 2
42 = 16
x2 + 2x = sin(x) + 3
are equations. By analogy, expressions such as
x ≡ 2 (mod 16)25 ≡ 5 (mod 5)
x3 + 2x ≡ 6x2 + 3 (mod 27)
are called congruences.The next two theorems show that congruences and equations share many
properties.
12.5 Theorem Congruence is an equivalence relation: for all a, b, c, andm > 0 we have
(1) (Reflexivity property) a ≡ a (mod m)(2) (Symmetry property) a ≡ b (mod m) ⇒ b ≡ a (mod m)(3) (Transitivity property) a ≡ b (mod m) and b ≡ c (mod m) ⇒ a ≡ c(mod m)
proof. For reflexivity: on division by m, any number leaves the same remainderas itself.
For symmetry, if a leaves the same remainder as b, then b leaves the sameremainder as a.
For transitivity, assume that a leaves the same remainder as b on divisionby m, and that b leaves the same remainder as c. The all three leave thesame remainder as each other, and in particular a leaves the same remainder asc. qed
33
Below we will consider polynomials f(x) = anxn +an−1xn−1+ · · ·+a1x+a0.
We will assume that the coefficients an, . . . , a0 are integers and that x alsorepresents an integer variable. Here the degree of the polynomial is an integern ≥ 0.
12.6 Theorem If a ≡ b (mod m) and c ≡ d (mod m), then(1) a + c ≡ b + d (mod m) and a− c ≡ b− d (mod m)(2) ac ≡ bd (mod m)(3) an ≡ bn (mod m) for all n ≥ 1(4) f(a) ≡ f(b) (mod m) for all polynomials f(x) with integer coefficients.
Proof of (1). Since a− c = a + (−c), it suffices to prove only the addition case.By assumption m | a − b and m | c − d. By linearity of the ‘divides’ relation,m | (a − b) + (c − d), that is m | (a + c) − (b + d). Hence a + c ≡ b + d(mod m). qed
Proof of (2). Since m | a− b and m | c− d, by linearity m | c(a− b) + b(c− d).Now, c(a− b) + b(c− d) = ca− bd, hence m | ca− bd, and so ca ≡ bd (mod m),as desired. qed
Proof of (3). We prove this by induction on n. If n = 1, the result is true bythe assumption that a ≡ b (mod m). Assume that the result holds for n =1, . . . , k. Then we have ak ≡ bk (mod m). This, together with a ≡ b (mod m)using property (2) above, gives that aak ≡ bbk (mod m). Hence ak+1 ≡ bk+1
(mod m) and the result holds in the n = k + 1 case. So the result holds for alln ≥ 1, by induction. qed
Proof of (4). Let f(x) = cnxn + · · · + c1x + c0. We prove by induction onthe degree of the polynomial n that if a ≡ b (mod m) then cnan + · · · + c0 ≡cnbn + · · · + c0 (mod m). For the degree n = 0 base case, by the reflexivity ofcongruence we have that c0 ≡ c0 (mod m).
For the induction assume that the result holds for n = k. Then we have
(∗) ckak + · · ·+ c1a + c0 ≡ ckbk + · · ·+ c1b + c0 (mod m).
By item (3) above we have ak+1 ≡ bk+1 (mod m). Since ck+1 ≡ ck+1 (mod m),using item (2) above we have
(∗∗) ck+1ak+1 ≡ ck+1b
k+1 (mod m).
Now we can apply Theorem 15.3 (1) to (∗) and (∗∗) to obtain
ck+1ak+1 + ckak + · · ·+ c0 ≡ ck+1b
k+1 + ckbk + · · ·+ c0 (mod m).
So by induction the result holds for all n ≥ 0. qed
12.7 Example (From [1].) The first five Fermat numbers 3, 5, 17, 257, and65, 537 are prime. We will use congruences to show that F5 = 232 +1 is divisibleby 641 and is therefore not prime.
34 CHAPTER 12. CONGRUENCES
Everyone knows that 22 = 4, 24 = 16, and 28 = 256. Also, 216 = (28)2 =2562 = 65, 536. A straightforward division shows that 65, 536 ≡ 154 (mod 641).
Next, for 232, we have that (216)2 ≡ (154)2 (mod 641). That is, 232 ≡23, 716 (mod 641). Since an easy division finds that 23, 716 ≡ 640 (mod 641),and 640 ≡ −1 (mod 641), we have that 232 ≡ −1 (mod 641). Hence 232 +1 ≡ 0(mod 641), and so . 641 | 232 + 1, as claimed. Clearly 232 + 1 6= 641, so 232 + 1is composite.
The work done here did not require us to find the value of 232 + 1 =4, 294, 967, 297 and divide it by 641; instead the calculations were with muchsmaller numbers.
Chapter 13
Divisibility Tests
Elementary school children know how to tell if a number is even, or divisible by5, by looking at the least significant digit.
13.1 Theorem If a number a has the decimal representation an−110n−1 +an−210n−2 + · · ·+ a110 + a0 then
(1) a mod 2 = a0 mod 2(2) a mod 5 = a0 mod 5
proof. Consider f(x) = an−1xn−1 + · · ·+a1x+a0. Note that 10 ≡ 0 (mod 2).
So by Theorem 12.6
an−110n−1 + · · ·+ a110 + a0 ≡ an−10n−1 + · · ·+ a10 + a0 (mod 2).
That is, a ≡ a0 (mod 2); this proves item (1). Since 10 ≡ 0 (mod 5) also, theproof of item (2) is similar. qed
13.2 Example Thus, the number 1457 is odd because 7 is odd: 1457 mod 2 =7 mod 2 = 1. And on division by 5 it leaves a remainder of 1457 mod 5 =7 mod 5 = 2.
13.3 Theorem Where a = an−110n−1 + an−210n−2 + · · · + a110 + a0 is thedecimal representation,
(1) a mod 3 = (an−1 + · · ·+ a0) mod 3(2) a mod 9 = (an−1 + · · ·+ a0) mod 9(3) a mod 11 = (a0 − a1 + a2 − a3 + · · · ) mod 11.
proof. Note that 10 ≡ 1 (mod 3). Theorem 12.6 gives
an−110n−1 + · · ·+ a110 + a0 ≡ an−11n−1 + · · ·+ a11 + a0 (mod 3)
and so a ≡ an−1 + · · · + a1 + a0 (mod 3). This proves item (1). Since 10 ≡ 1(mod 9) also, the proof of item (2) is similar.
35
36 CHAPTER 13. DIVISIBILITY TESTS
For item (3), note that 10 ≡ −1 (mod 11) so
an−110n−1 + · · ·+ a110 + a0 ≡ an−1(−1)n−1 + · · ·+ a1(−1) + a0 (mod 11).
That is, a ≡ a0 − a1 + a2 − · · · (mod 11). qed
13.4 Example Consider 1457 again. For divisibility by 3 we have 1457 mod3 = (1 + 4 + 5 + 7) mod 3 = 17 mod 3 = 8 mod 3 = 2. As for 9, we get1457 mod 9 = (1 + 4 + 5 + 7) mod 9 = 17 mod 9 = 8 mod 9 = 8. Finally, for 11,the calculation is 1457 mod 11 = 7− 5 + 4− 1 mod 11 = 5 mod 11 = 5.
Note that m | a ⇔ a mod m = 0 so from the prior two results we obtainimmediately the following.
13.5 Corollary Let a = an−110n−1 + an−210n−2 + · · ·+ a110 + a0.(1) 2 | a ⇔ a0 = 0, 2, 4, 6 or 8(2) 5 | a ⇔ a0 = 0 or 5(3) 3 | a ⇔ 3 | a0 + a1 + · · ·+ an−1
(4) 9 | a ⇔ 9 | a0 + a1 + · · ·+ an−1
(5) 11 | a ⇔ 11 | a0 − a1 + a2 − a3 + · · · .
13.6 Theorem Let a = ar10r + · · ·+ a2102 + a110 + a0 be the decimal repre-sentation, so that we write a as the sequence arar−1 · · · a1a0. Then
(1) 7 | a ⇔ 7 | ar · · · a1 − 2a0.(2) 13 | a ⇔ 13 | ar · · · a1 − 9a0
(where ar · · · a1 is the sequence representing (a− a0)/10).
proof. For item (1), let c = ar · · · a1 so that a = 10c+a0. Since gcd(7,−2) = 1we have that 7 | a ⇔ 7 | −2a. Consequently, consider −2a = −20c − 2a0.Because 1 ≡ −20 (mod 7), we have that −2a ≡ c − 2a0 (mod 7). Therefore,7 | −2a ⇔ 7 | c − 2a0. It follows that 7 | a ⇔ 7 | c − 2a0, which is what wewanted to prove.
The proof of item (2) is similar. qed
13.7 Example We can test whether 7 divides 2481.
7 | 2481 ⇔ 7 | 248− 2 ⇔ 7 | 246 ⇔ 7 | 24− 12 ⇔ 7 | 12
Since 7 - 12 we have that 7 - 2481.
13.8 Example The number 12987 is divisible by 13 because
13 | 12987 ⇔ 13 | 1298− 63 ⇔ 13 | 1235 ⇔ 13 | 123− 45 ⇔ 13 | 78
and 13 · 6 = 78.
Chapter 14
More Properties ofCongruences
Theorem 12.6 provides some laws of algebra for ≡. A typical algebra problem isto solve for an unknown; for instance, we can look for x such that 2x ≡ 7 mod 15.
14.1 Theorem Let m ≥ 2. If a and m are relatively prime then there existsa unique integer a∗ such that aa∗ ≡ 1 (mod m) and 0 < a∗ < m.
proof. Assume that gcd(a,m) = 1. Bezout’s Lemma applies to give an s andt such that as + mt = 1. Hence as − 1 = m(−t), that is, m | as − 1 and soas ≡ 1 (mod m). Accordingly, let a∗ = s mod m so that 0 < a∗ < m. Thena∗ ≡ s (mod m) so aa∗ ≡ 1 (mod m).
To show uniqueness, assume that ac ≡ 1 (mod m) and 0 < c < m. Thenac ≡ aa∗ (mod m). Multiply both sides of this congruence on the left by c anduse the fact that ca ≡ 1 (mod m) to obtain c ≡ a∗ (mod m). Because both arein [0 ..m), it follows that c = a∗. qed
We call a∗ the inverse of a modulo m. Note that we do not denote a∗ bya−1 here since we keep that symbol for the usual meaning of inverse.
14.2 Remark The proof shows that Blankinship’s Method will compute theinverse of a, when it exists. But for small m we may find a∗ by trial and error.For example, take m = 15 and a = 2. We can check each possibility: 2 · 0 6≡ 1(mod 15), 2 · 1 6≡ 1 (mod 15), . . . , 2 · 8 ≡ 1 (mod 15). So we can take 2∗ = 8.
Note that we may well have ca ≡ 1 mod m with c 6= a if c ≡ a∗ (mod m)and c > m or c < 0. For instance, 8 · 2 ≡ 1 mod 15 and also 23 · 2 ≡ 1 mod 15.So the inverse is unique only if we specify that 0 < a∗ < m.
The converse of Theorem 14.1 holds.
14.3 Theorem Let m > 0. If ab ≡ 1 (mod m) then both a and b are relativelyprime to m.
37
38 CHAPTER 14. MORE PROPERTIES OF CONGRUENCES
proof. If ab ≡ 1 (mod m), then m | ab− 1. So ab− 1 = mt for some t. Hence,ab + m(−t) = 1.
The proof of Bezout’s Lemma, Lemma 5.3, shows that gcd(a,m) is the small-est positive linear combination of a and m. The last paragraph shows thatthere is a combination that adds to 1. Since no combination can be positiveand smaller than 1, we have that gcd(a,m) = 1. The case of gcd(b, m) issimilar.. qed
14.4 Corollary A number a has an inverse modulo m if and only if a and mare relatively prime.
The second paragraph of Theorem 14.1 uses a technique that is worth iso-lating.
14.5 Theorem (Cancellation) Let m > 0. If gcd(c,m) = 1 then ca ≡ cb(mod m) ⇒ a ≡ b (mod m).
proof. If gcd(c,m) = 1 then it has an inverse c∗ modulo m, such that c∗c ≡ 1(mod m). Since ca ≡ cb (mod m) by Theorem 12.6, c∗ca ≡ c∗cb (mod m). Butc∗c ≡ 1 (mod m) so c∗ca ≡ a (mod m) and c∗cb ≡ b (mod m). By reflexivityand transitivity this yields a ≡ b (mod m). qed
Although in general we cannot cancel if gcd(c,m) > 1, the next result issome consolation.
14.6 Theorem If c > 0 and m > 0 then a ≡ b (mod m) ⇔ ca ≡ cb (mod cm).
proof. The congruence a ≡ b (mod m) is true if and only if m | (a− b) holds,which in turn holds if and only if cm | (ca− cb). qed
14.7 Theorem Fix m > 0 and let d = gcd(c,m). Then ca ≡ cb (mod m) ⇒a ≡ b (mod m/d).
proof. Since d = gcd(c,m), the equations c = d(c/d) and m = d(m/d) involveintegers. Rewriting ca ≡ cb (mod m) gives
d( c
d
)a ≡ d
( c
d
)b (mod d
(m
d
)).
By Theorem 14.6 we have( c
d
)a ≡
( c
d
)b (mod
m
d).
Since d = gcd(c,m), we have that gcd(c/d, m/d) = 1 and so by cancellation,Theorem 14.5, a ≡ b (mod m/d). qed
14.8 Theorem If m > 0 and a ≡ b (mod m) then gcd(a,m) = gcd(b, m).
proof. Let da = gcd(m,a) and db = gcd(m, b). Since a ≡ b (mod m) we havea − b = mt for some t. Rewrite that as a = mt + b and note that db | m anddb | b, so db | a. Thus, db is a common divisor of m and a, and so db ≤ da. Asimilar argument gives that da ≤ db, and therefore db = da. qed
39
14.9 Corollary Fix m > 0. If a ≡ b (mod m) then a has an inverse modulom if and only if b does also.
proof. Immediate. qed
40 CHAPTER 14. MORE PROPERTIES OF CONGRUENCES
Chapter 15
Residue Classes
The work that we’ve seen shows that if a ≡ b (mod m) then the two numbersa and b, while not necessarily equal, are in some ways alike.
15.1 Definition Fix m > 0. The residue class class of a modulo m (orcongruence class, or equivalence class of a modulo m) is [a] = {x | x ≡ a(mod m)}, the set of all integers congruent to a modulo m.
Note that, by definition, [a] is a set.
[a] = {mq + a | q ∈ Z} = {. . . ,−2m + a,−m + a, a,m + a, 2m + a, . . . }
Note also that [a] depends on m and so it would be more accurate to write [a]minstead, but this would be cumbersome.
15.2 Theorem If m > 0 then [a] = [b] ⇔ a ≡ b (mod m).
proof. First assume that [a] = [b]. Note that a ∈ [a] because a ≡ a (mod m).And, because [a] = [b], we have a ∈ [b]. By definition of [b], then a ≡ b (mod m).
For the implication the other way, assume that a ≡ b (mod m), aiming toprove that the sets [a] and [b] are equal. To prove that the sets are equal, wewill prove that every element of the first is a member of the second, and viceversa. Suppose that x ∈ [a], so that x ≡ a (mod m). Since a ≡ b (mod m), bytransitivity of equivalence, x ≡ b (mod m), and so x ∈ [b]. The argument toshow that if x ∈ [b] then x ∈ [a] is similar. qed
15.3 Theorem Given m > 0. For every a there is a unique r ∈ [0 ..m) suchthat [a] = [r].
proof. Let r = a mod m so that 0 ≤ r < m, and a ≡ r (mod m), and byTheorem 15.2, [a] = [r]. To prove that r is unique, suppose that [a] = [r′], where0 ≤ r′ < m. By Theorem 15.2, this implies that a ≡ r′ (mod m). This, togetherwith the restriction that 0 ≤ r′ < m, implies that r′ = a mod m = r. qed
15.4 Theorem Given m > 0, there are exactly m distinct residue classesmodulo m, namely, [0], [1],. . . , and [m− 1].
41
42 CHAPTER 15. RESIDUE CLASSES
proof. By Theorem 15.3 we know that every residue class [a] is equal to oneof [0], or [1], . . . , or [m− 1]. So any residue classes is in this list. These residueclasses are distinct: if 0 ≤ r1 < m and 0 ≤ r2 < m and [r1] = [r2] then by theuniqueness part of Theorem 15.3 we must have r1 = r2. qed
15.5 Definition Any element x ∈ [a] is a class representative. The element of[a] that is in [0 ..m) is the principle class representative or principle residue.
Chapter 16
Zm and Complete ResidueSystems
Throughout this section we assume a fixed modulus m > 0.
16.1 Definition The set {[a] | a ∈ Z} of all residue classes modulo m isdenoted Zm.
Recall that in a set, the order in which elements appear does not matter,and repeat elements collapse: the set {0, 2, 3, 1} and the set {2, 0, 2, 3, 1, 4, 1} areequal. So, while at first glance Zm may seem to have infinitely many elementsZm = {. . . , [−2], [−1], [0], [1], [2], . . . }, Theorem 15.4 shows that after the repeatscollapse Zm = {[0], [1], . . . , [m− 1]}, and so instead Zm has exactly m elements.
16.2 Example Fix m = 4. Then [1] = {. . . ,−7,−3, 1, 5, . . . }, and so all ofthese classes are equal: · · · = [−7] = [−3] = [1] = [5] = · · · . We could, therefore,instead of Z4 = {[0], [1], [2], [3]}, write Z4 = {[8], [5], [−6], [11]}.
16.3 Definition A set of m integers {a0, a1, . . . , am−1} is a complete residuesystem modulo m (or a complete set of representatives for Zm) if the set Zm
equals the set {[a0], [a1], . . . , [am−1]}.
16.4 Example These are complete residue systems modulo 5.
1. {0, 1, 2, 3, 4}
2. {−2,−1, 0, 1, 2}
3. {−9, 14, 12, 10, 8}
4. {0 + 5n1, 1 + 5n2, 2 + 5n3, 3 + 5n4, 4 + 5n4}, where n1, n2, n3, n4, n5 maybe any integers.
For each m > 0 there are infinitely many distinct complete residue systemsmodulo m. In particular, {0, 1, . . . ,m−1} is the set of least nonnegative residuesmodulo m.
43
44 CHAPTER 16. ZM AND COMPLETE RESIDUE SYSTEMS
16.5 Theorem Fix m > 0. If m = 2k then {0, 1, 2, . . . , k − 1, k,−(k −1), . . . ,−2,−1} is a complete residue system modulo m. If m = 2k + 1, then{0, 1, 2, . . . , k,−k, . . . ,−2,−1} is a complete residue system modulo m.
proof. If m = 2k, then since Zm = {[0], [1], . . . , [k], [k+1], . . . , [k+i], [k+k−1]},it suffices to note that [k + i] = [k + i − 2k] = [−k + i] = [−(k − i)]. So[k + 1] = [−(k − 1)], [k + 2] = [−(k − 2)], . . . , [k + k − 1] = [−1], as desired.
In the n = 2k+1 case, [k+i] = [−(2k+1)+k+i] = [−k+i+1] = [−(k−i+1)]so [k + 1] = [−k], [k + 2] = [−(k − 1)], . . . , [2k] = [−1], as desired. qed
16.6 Definition The complete residue system modulo m given in the priortheorem is the least absolute residue system modulo m.
16.7 Example Where m = 232, the least absolute residue system is
{−(231 − 1),−(231 − 2), . . . ,−2,−1, 0, 1, 2, . . . , 231}.
Chapter 17
Addition and Multiplicationin Zm
In this chapter we show how to define addition and multiplication of residueclasses modulo m. With respect to these binary operations Zm is a ring asdefined in Appendix A.
17.1 Definition For [a], [b] ∈ Zm, the sum of the residue class [a] and theresidue class [b] is the residue class [a + b]. The product of the residue class [a]and the residue class [b] is the residue class [ab]. That is,
[a] + [b] = [a + b] [a][b] = [ab].
17.2 Example For m = 5 we have [2] + [3] = [5] and [2][3] = [6]. Note thatsince 5 ≡ 0 (mod 5) and 6 ≡ 1 (mod 5) we can also write [2] + [3] = [0] and[2][3] = [1].
We must check that these binary operations are well defined. That is, sincea residue class can have many representatives, we must check that the resultsof an operation do not depend on the representatives chosen for that operation.
For example, fix m = 5 and consider [7] + [11]. We know that the residueclasses [7] and the residue class [2] are equal, and also that [11] = [21]. Thereforefor the binary operations to make sense we must have that [7]+ [11] = [2]+ [21].In this case, [7] + [11] = [18] and [2] + [21] = [23], and [18] = [23] so this oneexample is fine.
17.3 Theorem The results of the sum and product of residue classes does notdepend on the choice of class representative: for any modulus m > 0, if [a] = [b]and [c] = [d] then [a] + [c] = [b] + [d] and [a][c] = [b][d].
proof. This follows immediately from Theorem 12.6. qed
When performing addition and multiplication in Zm, we may at any timechange class representatives, rewriting [a] by [a′], where a ≡ a′ (mod m).
45
46 CHAPTER 17. ADDITION AND MULTIPLICATION IN ZM
17.4 Example Take m = 151 and consider the calculation [150][149]. Then150 ≡ −1 (mod 151) and 149 ≡ −2 (mod 151), and so [150][149] = [−1][−2] =[2], an easier calculation.
When working with Zm it is often useful to write all residue classes in theleast nonnegative residue system, as we do in constructing the following additionand multiplication tables for Z4.
+ [0] [1] [2] [3][0] [0] [1] [2] [3][1] [1] [2] [3] [0][2] [2] [3] [0] [1][3] [3] [0] [1] [2]
· [0] [1] [2] [3][0] [0] [0] [0] [0][1] [0] [1] [2] [3][2] [0] [2] [0] [2][3] [0] [3] [2] [1]
Notice that we have reduced results of the sum and product to keep the repre-sentative in [0 .. 4). That is, in constructing those tables we follow the alogrithmthat resclassa + [b] = [(a + b) mod m] and [a][b] = [(ab) mod m].
This leads to an alternative way to define Zm and addition and multiplicationin Zm. For clarity we will use different notation.
17.5 Definition For m > 0, let Jm be the set = {0, 1, 2, . . . ,m− 1} endowedwith two binary operations: for a, b ∈ Jm, let a ⊕ b = (a + b) mod m anda� b = (ab) mod m.
Here are the addition and multiplication tables for J4.
⊕ 0 1 2 30 0 1 2 31 1 2 3 02 2 3 0 13 3 0 1 2
� 0 1 2 30 0 0 0 01 0 1 2 32 0 2 0 23 0 3 2 1
17.6 Remark The precise expression of the intuition that Jm with ⊕ and� is just like Zm with addition and multiplication is to say that the two are“isomorphic.” In this book we will leave the idea as informal.
17.7 Example Let’s solve the congruence 272x ≡ 901 (mod 9). Using residueclasses modulo 9 we see that this congruence is equivalent to [272x] = [901],which is equivalent to [272][x] = [901]. That is equivalent to [2][x] = [1]. Weknow [x] ∈ {[0], [1], . . . , [8]}, so by trial and error we see that x = 5 is a solution.
Chapter 18
The Group of Units
This is the multiplication table for Z6.
� [0] [1] [2] [3] [4] [5][0] [0] [0] [0] [0] [0] [0][1] [0] [1] [2] [3] [4] [5][2] [0] [2] [4] [0] [2] [4][3] [0] [3] [0] [3] [0] [3][4] [0] [4] [2] [0] [4] [2][5] [0] [5] [4] [3] [2] [1]
Note that some rows, and some columns, contain all of the members of Z6
while others do not. We can state that as: for some [a], [b] ∈ Z6 the equation[a]� x = [b] has no solution x.
18.1 Example The equation [5]�x = [3] has the solution x = [3]. In fact, forany [b] ∈ Z6, the equation [5] � x = [b] has a solution. However, the equation[4]� x = [1] has no solution.
18.2 Definition Let m > 0. A residue class [a] ∈ Zm is a unit if there isanother residue class [b] ∈ Zm such that [a] � [b] = [1]. In this case [a] and [b]are said to be inverses of each other in Zm.
18.3 Theorem Let m > 0. A residue class [a] ∈ Zm is a unit if and only ifgcd(a,m) = 1.
proof. Let [a] be a unit. Then there is a [b] such that [a] � [b] = [1]. Hence[ab] = [1] and so ab ≡ 1 (mod m). Thus, by Theorem 14.3, gcd(a,m) = 1.
To prove the converse, let gcd(a,m) = 1. By Theorem 14.1 there is aninteger a∗ such that aa∗ ≡ 1 (mod m). Hence [aa∗] = [1]. So [a] � [a∗] = [1]and we can take b = a∗. qed
Note that from Theorem 14.8 if [a] = [b]— that is, if a ≡ b (mod m)— thengcd(a,m) = 1 ⇔ gcd(b, m) = 1. So, in checking whether or not a residue classis a unit we can use any representative of the class.
47
48 CHAPTER 18. THE GROUP OF UNITS
18.4 Theorem For m > 0, the set of units in Zm is the set of residue classes{[i] | 1 ≤ i ≤ m and gcd(i,m) = 1}.
proof. If [a] ∈ Zm then [a] = [i], where 0 ≤ i ≤ m − 1, so for each m > 0 weneed only consider residue classes with representatives in the interval [0 ..m).
If m = 1 then Zm consists of a single residue class Z1 = {[0]} = {[1]}. Since[1]� [1] = [1], we have that this single class [1] is a unit.
If m > 1 then gcd(0,m) = m 6= 1 and gcd(m,m) = m 6= 1, but gcd(i,m) = 1for 1 ≤ i ≤ m. So the theorem follows from Theorem 18.3. qed
18.5 Definition The set of all units in Zm, the group of units, is denoted Um.
(See Appendix A for the definition of a group.)
18.6 Example Here are the first few Um’s.
i 1 2 3 4 5 6Ui {[1]} {[1]} {[1], [2]} {[1], [3]} {[1], [2], [3], [4]} {[1], [5]}
18.7 Theorem The set of units Um has these properties.
1. (Closure) If [a] and [b] are members of Um then the product [a][b] is alsoa member of Um.
2. (Associativity) For all [a], [b], [c] in Um we have ([a] � [b]) � [c] = [a] �([b]� [c]).
3. (Existence of an identity) [1]� [a] = [a]� [1] = [a] for all [a] ∈ Um.
4. (Existence of inverses) For each [a] ∈ Um there is a [a]∗ ∈ Um such that[a]� [a]∗ = [1].
5. (Commutativity) For all [a], [b] ∈ Um, we have that [a]� [b] = [b]� [a].
18.8 Example Theorem 18.3 shows that
U15 = {[1], [2], [4], [7], [8], [11], [13], [14]}= {[1], [2], [4], [7], [−7], [−4], [−2], [−1]}.
Rather than list the entire multiplication table, we just show the inverse of eachelement.
r [1] [2] [4] [7] [8] [11] [13] [14]inverse of r [1] [8] [4] [13] [2] [11] [7] [14]
18.9 Theorem Let m > 0 and fix [a], [b] ∈ Um. Then the equation [a]� xresclassb has a unique solution x ∈ Um.
proof. To see that it has a solution, consider [a]∗�[b]. By the closure property,that is an element of Um. Also, [a]� ([a]∗ � [b]) = ([a]� [a]∗)� [b] = [1]� [b] =[1 · b] = [b], as required (the first equality follows by the associative property).
To see that the solution is unique, suppose that x, x′ ∈ Um are such that[a] � x = [b] and also [a] � x′ = [b]. Then [a] � x = [a] � x′. Multiplying bothsides of that equation by the inverse [a]∗ gives [a]∗� ([a]�x) = ([a]∗� [a])�x =[1]� x = x on the left, and x′ on the right. So the two are equal. qed
49
18.10 Definition If X is a set, the cardinality |X| is the number of elementsin X.
18.11 Example |{1}| = 1, |{0, 1, 3, 9}| = 4, |Zm| = m if m > 0.
18.12 Definition If m ≥ 1 then the Euler phi function (or the totient) isφ(m) = |{i ∈ Z | 1 ≤ i ≤ m and gcd(i, m) = 1}|.
18.13 Example Here are the first few values of φ.
i 1 2 3 4 5 6φ(i) 1 1 2 2 4 2
Compare this to the table in Example 18.6.
18.14 Corollary If m > 0 then |Um| = φ(m).
Note that if p is any prime then φ(p) = p− 1.In general, though, φ(m) is not easy to calculate. However, computing φ(m)
is easy once we know the prime factorization of m.
18.15 Theorem Fix a, b > 0. If gcd(a, b) = 1 then φ(ab) = φ(a)φ(b).
18.16 Theorem If p is prime and n > 0 then φ (pn) = pn − pn−1.
18.17 Theorem Let p1, p2, . . . , pk be distinct primes and let n1, n2, . . . , nk bepositive integers. Then
φ (pn11 pn2
2 · · · pnk
k ) =(pn11 − pn1−1
1
)· · ·(pnk
k − pnk−1k
).
The proofs of Theorem 18.15 and Theorem 18.17 are routine arguments byinduction on n, and are left as exercises.
Proof of Theorem 18.16. We want to count the number of elements in the setA = {1, 2, . . . , pn} that are relatively prime to pn. Let B be the set of elementsof A that are not relatively prime, that is, that have a factor greater than 1 incommon with pn. The nuber p is prime, so the only factors of pn are 1, p, . . . , pn,and hence b = pk for some k. It follows that if a number b is an element of Bthen it has the form b = kp for some 1 ≤ k ≤ pn−1. That is, B is a subset ofthis set: {p, 2p, 3p, . . . , kp, . . . , pn−1p}. But obviously every element of that setis not relatively prime to pn, so in fact B equals that set.
The number of elements in A is |A| = pn and the number in B is |B| = pn−1,so the number of elements of A that are not in B is pn − pn−1. qed
18.18 Example φ(12) = φ(22 · 3) = (22 − 21)(31 − 30) = 2 · 2 = 4
18.19 Example φ(9000) = φ(23 · 53 · 32) = (23 − 22)(53 − 52)(32 − 31) =4 · 100 · 6 = 2400
50 CHAPTER 18. THE GROUP OF UNITS
Chapter 19
The Chinese RemainderTheorem
19.1 Definition A linear congruence has the form ax ≡ b (mod n) where x isa variable.
19.2 Example The linear congruence 2x ≡ 1 (mod 3) is solved by x =2 because 2 · 2 = 4 ≡ 1 (mod 3). The solution set of that congruence is{. . . , 2, 5, 8, 11, . . . }.
19.3 Example The congruence 4x ≡ 1 (mod 2) has no solution, because 4xis even, and so is not congruent to 1, modulo 2.
19.4 Lemma Fix a modulus m and a number a. The congruence ax ≡ b(mod m) has a solution if an only if gcd(a,m) | b. If a solution x0 does existthen, where d = gcd(a, b), the set of solutions is
{. . . , x0 + (−m/d), x0, x0 + (m/d), x0 + (2m/d), x0 + (3m/d), . . . }
the residue class [x0] modulo m/d.
proof. The existence of an x solving ax ≡ b (mod m) is equivalent to theexistence of a k such that ax − b = km, which in turn is equivalent to theequivalence of a k such that xa + (−k)m = b. With that, this result is arestatement of Lemma 5.7. qed
One generalization of Lemma 19.4 is to consider systems of linear congru-ences. In 1247, Ch’in Chiu-Shao published a solution for a special case of thatproblem. We first need a preliminary result.
19.5 Lemma If gcd(a, b) = 1 and c is a number such that a | c and b | c thenab | c
51
52 CHAPTER 19. THE CHINESE REMAINDER THEOREM
proof. Because a | c and b | c there are numbers ka, kb such that kaa = c andkbb = c. By Bezout’s Lemma, there are s and t such that as + bt = 1. Multiplyby c to get cas + cbt = c. Substitution gives (kbb)as + (kaa)bt = c. Then abdivides the left side of the equation and so ab must divide the right side, c. qed
19.6 Theorem (Chinese Remainder Theorem) Suppose that m1, . . . ,mn
are pairwise relatively prime (that is, gcd(mi,mj) = 1 whenever i 6= j). Thenthe system of congruences
x ≡ a1 (mod m1)x ≡ a2 (mod m2)
...x ≡ an (mod mn)
has a unique solution modulo m1m2 . . .mn.
proof. Let M = m1m2 . . .mn and for i ∈ {1, . . . , n} let Mi = M/mi =m1m2 . . .mi−imi+1 . . .mn. Observe that gcd(Mi,mi) = 1 and so Lemma 19.4says that the linear congruence Mix ≡ 1 (mod mi) has a set of solutions thatis a single congruence class [xi] modulo mi.
Now consider the number
s0 = a1M1x1 + a2M2x2 + · · ·+ anMnxn.
We claim that s0 solves the system. For, consider the i-th congruence x ≡ ai
(mod mi). Because mi divides Mj when i 6= j, we have that s0 ≡ aiMixi
(mod mi). Since xi was chosen because of the property that Mixi ≡ 1 (mod mi),we have that s0 ≡ ai · 1 ≡ ai (mod mi), as claimed.
To finish we must show that the solution is unique modulo M . Suppose thatx also solves the system, so that for each i ∈ {1, . . . , n} we have that x ≡ ai ≡ x0
(mod mi). Restated, for each i we have that ni | (x− x0).We can now show that m1m2 . . .mn | (x−x0). We have that gcd(m1,m2) =
1 and m1 | (x − x0) and m2 | (x − x0), so the prior lemma applies and weconclude that m1m2 | (x − x0). In this way, we can build up to the entireproduct m1 . . .mn. qed
Chapter 20
Fermat’s Little Theorem
20.1 Definition For [a] ∈ Um, the powers of the residue class are given by[a]1 = [a], [a]2 = [a][a], etc.
20.2 Lemma If [a] ∈ Um then [a]n ∈ Um for n ≥ 1, and [a]n = [an].
proof. We will check this by induction on n. The n = 1 base case is trivial:[a]1 = [a] = [a1], and by assumption [a] ∈ Um. For the inductive step, supposethat [a]k = [ak] ∈ Um for k ≥ 1 and consider the k + 1-st power.
[a]k+1 = [a]k[a] = [ak][a] = [aka] = [ak+1]
By induction the theorem holds for all n ≥ 1. qed
20.3 Theorem (Euler’s Theorem) If m > 0, and a is relatively prime to m,then aφ(m) ≡ 1 (mod m).
proof. For m > 0, we have that gcd(a,m) = 1 if and only if [a] ∈ Um. The priorresult gives that an ≡ 1 (mod m) ⇐⇒ [an] = [1] ⇐⇒ [a]n = [1]. Therefore,Euler’s Theorem is equivalent to the following: if m > 0 and [a] ∈ Um then[a]φ(m) = [1].
We will write X1, X2, . . . , Xφ(m) for the residue classes in Um.We first show that if X ∈ Um then the set O = {XX1, XX2, . . . , XXφ(m)}
equals the set Um. Containment one way is easy: any member of O is a memberof Um by the closure property of Theorem 18.7. For containment the otherway, consider Xi ∈ Um,and note that Theorem 18.9 shows that the equationX �x = Xi has a solution x = Xj for some j, so Xi = XXj is an element of O.
Next, for any X ∈ Um consider the product XX1XX2 · · ·XXφ(m). Theassociative property says that we can parenthesize this term in any way, andthe prior paragraph then gives that the product is (XX1)(XX2) · · · (XXφ(m)) =X1X2 · · ·Xφ(m).
Finally, let A = X1X2 · · ·Xφ(m), and for any X ∈ Um consider Xφ(m)A.The commutative property of Theorem 18.7 gives that
Xφ(m)A = Xφ(m)X1X2 · · ·Xφ(m) = (XX1)(XX2) · · · (XXφ(m)).
53
54 CHAPTER 20. FERMAT’S LITTLE THEOREM
The prior paragraph then shows that Xφ(m)A = A.Multiplying both sides of that equation by the inverse A∗ of A gives
(Xφ(m)A)A∗ = Xφ(m)(AA∗) = Xφ(m)[1] = Xφ(m)
on the left and AA∗ = [1] on the right, as desired. qed
20.4 Example Fix m = 12. The positive integers a < m with gcd(a,m) = 1are 1, 5, 7 and 11, and so φ(m) = 4. We will check Euler’s result for all four.
First, 14 ≡ 1 (mod 12) is clear. Next, 52 ≡ 1 (mod 12) since 12 | 25−1, andso 54 ≡ (52)2 ≡ 12 (mod 12). From that one, and because 7 ≡ −5 (mod 12)and 4 is even, 74 ≡ 54 (mod 12) ≡ 1 (mod 12). And, fourth, 11 ≡ −1 (mod 12)and again since 4 is even we have that 114 ≡ (−1)4 (mod 12) ≡ 1 (mod 12).
20.5 Theorem (Fermat’s Little Theorem) If p is prime, and a is relativelyprime to p, then ap−1 ≡ 1 (mod p).
proof. Where p is prime, φ(p) = p− 1. qed
20.6 Example Fermat’s Little Theorem can simplify the computation ofan mod p where p is prime. Recall that if an ≡ r (mod p) where 0 ≤ r < p, thenan mod p = r. We can do two things to simplify the computation: (i) replace aby a mod p, and (ii) replace n by n mod (p− 1).
Suppose that we want to calculate 12347865435 mod 11 Note that 1234 ≡−1 + 2 − 3 + 4 (mod 11), that is, 1234 ≡ 2 (mod 11). Since gcd(2, 11) = 1 wehave that 210 ≡ 1 (mod 11). Now 7865435 = (786543) · 10 + 5 so
27865435 ≡ 2(786543)·10+5 (mod 11)
≡(210)786543 · 25 (mod 11)
≡ 1786543 · 25 (mod 11)
≡ 25 (mod 11),
and 25 = 32 ≡ 10 (mod 11). Hence, 12347865435 ≡ 10 (mod 11). It follows that12347865435 mod 11 = 10.
20.7 Remark Fermat’s theorem is called “little ” as a contrast with Fermat’sLast Theorem, which states that xn + yn = zn has no solutions x, y, z ∈ Nwhen n > 2. For many years this was the most famous unsolved problem inMathematics, until it was proved by Andrew Wiles in 1995, over 350 years afterit was first mentioned by Fermat. Fermat’s Little Theorem is much easier toprove, but has more far-reaching consequences for applications to cryptographyand secure transmission of data on the Internet.
Chapter 21
Probabilistic PrimalityTests
Fermat’s Little Theorem says that if p is prime and 1 ≤ a ≤ p−1, then ap−1 ≡ 1(mod p). It has this converse.
21.1 Theorem If m ≥ 2 and for all a such that 1 ≤ a ≤ m − 1 we haveam−1 ≡ 1 (mod m) then m must be prime.
proof. If the hypothesis holds, then for all a with 1 ≤ a ≤ m − 1, we knowthat a has an inverse modulo m, namely, am−2. By Theorem 18.3, this saysthat for all 1 ≤ a ≤ m− 1 we have that gcd(a,m) = 1. But this means that mis prime, because if not then we would have m = ab with 1 < a, b < m, whichwould mean gcd(a,m) = a > 1. qed
Therefore, one way to check that a number m is prime would be to check that1m−1 ≡ 1 (mod m), and that 2m−1 ≡ 1 (mod m), . . . , and that m− 1m−1 ≡ 1(mod m).
This check is a lot of work, but it does have an advantage. Consider m = 63.Note that 26 = 64 ≡ 1 (mod 63) and raising both sides to the 10-th power gives260 ≡ 1 (mod 63). Multiplying both sides by 22 yields the conclusion that262 ≡ 4 (mod 63). Since 4 6≡ 1 (mod 63) we have that 262 6≡ 1 (mod 63). Thistells us, without factoring 63, that 63 is not prime.
On the other hand, knowing only that 2m−1 ≡ 1 (mod m) is not enoughto show that m is prime. For instance, 2m−1 ≡ 1 (mod m) for the compositenumber m = 341.
Nonetheless, consider only the base b = 2. There are 455,052,511 odd primesp ≤ 1010, all of which satisfy 2p−1 ≡ 1 (mod p). There are only 14,884 com-posite numbers 2 < m ≤ 1010 that satisfy 2m−1 ≡ 1 (mod m). Thus, for arandome number m with 2 < m ≤ 1010, if m satisfies 2m−1 ≡ 1 (mod m) thenthe probability that m is prime is
455, 052, 511455, 052, 511 + 14, 884
≈ .999967292.
55
56 CHAPTER 21. PROBABILISTIC PRIMALITY TESTS
In other words, if we find that 2m−1 ≡ 1 (mod m), then it is highly likely (butnot a certainty) that m is prime, at least when m ≤ 1010. Thus we are led tothe following algorithm (expressed in the syntax of Maple).
> is_prob_prime:=proc(n)if n <=1 or Power(2,n-1) mod n <> 1 then
return "not prime";else
return "probably prime";end if;
end proc:
What happens if we use 3 instead of 2 in the above probabilistic primalitytest? Or, better yet, what if we evaluate am−1 mod m for several different a’s?
The number of primes less than 106 is 78, 498. The number of numbersm ≤ 106 that are composite and such that 2m−1 ≡ 1 (mod m) is 245. Thenumber of numbers m ≤ 106 that are composite and such that both 2m−1 ≡ 1(mod m) and 3m−1 ≡ 1 (mod m) is 66. The number of numbers m ≤ 106 thatare composite and such that am−1 ≡ 1 (mod m) where a is any of the firstthirteen primes is 0. (If m > 106 and am−1 ≡ 1 (mod m) for all a in the set ofthe first thirteen prime then it is highly likely, but not certain, that m is prime.)
That is, if we check for primality by using the scheme of this chapter then wemay possibly find out early that the number is not prime, having done very littlework. Otherwise, as we work our way through bases a ∈ [1 ..m), calculatingwhether am−1 ≡ 1 (mod m), we gain confidence that m is prime. This is theSolovay-Strassen pseudoprimality test .
In practice, there are better probabilistic primality tests than the one de-scribed here. For instance, the built-in Maple procedure isprime is a verysophisticated probabilistic primality test. So far no one has found an integer nfor which isprime(n) gives the wrong answer.
Chapter 22
Representations in OtherBases
22.1 Definition Let b ≥ 2 and n > 0. The base b representation of n is n =[ak, ak−1, . . . , a1, a0]b for some k ≥ 0, where n = akbk +ak−1b
k−1 + · · ·+a1b+a0
and ai ∈ {0, 1, . . . , b− 1} for i = 0, 1, . . . , k.
22.2 Example (1) 267 = [5, 3, 1]7, since 267 = 5 · 72 + 3 · 7 + 1(2) 147 = [1, 0, 0, 1, 0, 0, 1, 1]2, since 147 = 1 · 27 + 0 · 26 + 0 · 25 + 1 · 24 + 0 ·23 + 0 · 22 + 1 · 2 + 1
(3) 4879 = [4, 8, 7, 9]10, since 4879 = 4 · 103 + 8 · 102 + 7 · 10 + 9(4) 10705679 = [A, 3, 5, B, 0, F ]16, since 10705679 = 10 · 165 + 3 · 164 + 5 ·163 + 11 · 162 + 0 · 16 + 15
Observe that a number’s base 10 representation is just its ordinary one.The representations are said to be in binary if b = 2, in ternary if b = 3,
in octal if b = 8, in decimal if b = 10, and in hexadecimal if b = 16. If b isunderstood, especially if b = 10, we write akak−1 · · · a1a0, without the subscriptbase. In the case of b = 16, which is used frequently in computer science, forthe ai of 10, 11, 12, 13, 14 and 15 we use A, B, C, D, E and F , respectively.
For a fixed base b > 2, the numbers ai’s the digits of the base b representa-tion. In the binary case, the ai’s are bits, a shortening of “binary digits”.
22.3 Theorem If b ≥ 2 then every n > 0 has a unique base b representation.
proof. To show that a representation exists, iterate the Division Algorithm:
n = bq0 + r0 0 ≤ r0 < b
q0 = bq1 + r1 0 ≤ r1 < b
q1 = bq2 + r2 0 ≤ r2 < b
...qk = bqk+1 + rk+1 0 ≤ rk+1 < b.
57
58 CHAPTER 22. REPRESENTATIONS IN OTHER BASES
Note that n > q0 > q1 > · · · > qk. This shows that iteration of the DivisionAlgorithm cannot go on forever, and we must eventually obtain q` = 0 forsome `, so that q`−1 = b · 0 + r`. We claim that the desired representation isn = [r`, r`−1, . . . , r0]. For, note that n = bq0 + r0 and q0 = bq1 + r1, and hencen = b(bq1 + r1) + r0 = b2q1 + br1 + r0. Continuing in this way we find thatn = b`+1q` + b`r` + · · ·+ br1 + r0. And, since q` = 0 we have
(∗) n = b`r` + · · ·+ br1 + r0,
which shows that n = [r`, . . . , r1, r0]b.To see that this representation is unique, note that from equation (∗) we
haven = b
(b`−1r` + · · ·+ r1
)+ r0, 0 ≤ r0 < b.
Because r0 is uniquely determined by n, so is the quotient q = b`−1r` + · · ·+ r1.A similar argument shows that r1 is uniquely determined. Continuing in thisway we see that all the digits r`, r`−1, . . . , r0 are uniquely determined. qed
22.4 Example We find the base 7 representation of 1,749.
1749 = 249 · 7 + 6249 = 35 · 7 + 435 = 5 · 7 + 05 = 0 · 7 + 5
Hence 1749 = [5, 0, 4, 6]7.
22.5 Example This finds the binary representation of 137.
137 = 2 · 68 + 168 = 2 · 34 + 034 = 2 · 17 + 017 = 2 · 8 + 18 = 2 · 4 + 04 = 2 · 2 + 02 = 2 · 1 + 01 = 2 · 0 + 1
Therefore 137 = [1, 0, 0, 0, 1, 0, 0, 1]2.
22.6 Remark We can sometimes “eyeball” the representation in another baseof a small number. For instance, we can see how to represent n = 137 in binary,without the machinery of the proof. Note that 21 = 2, 22 = 4, 23 = 8, 24 = 16,25 = 32, 26 = 64, 27 = 128, and 28 = 256. By eye, we spot that the value closestto 137 but not greater than it is 27, and we compute that 137 − 27 = 9. Thepower of 2 closest to it but not above 9 is 23, and 9−23 = 1. Finally, 1 is a powerof 2, since 1 = 20. Therefore 137 = 27+23+20 and so 137 = [1, 0, 0, 0, 1, 0, 0, 1]2.
Chapter 23
Computation of aN mod m
Some Number Theory work involves computing with large numbers. Since com-puter multiplication of numbers is a slow operation (relative to computer addi-tion), we can ask: where n is any positive integer, what is the smallest numberof multiplications required to compute an?
For instance, the naive way to calculate 28 is to do seven multiplications.
22 = 2 · 2 = 4
23 = 2 · 4 = 8
24 = 2 · 8 = 16
25 = 2 · 16 = 32
26 = 2 · 32 = 64
27 = 2 · 64 = 128
28 = 2 · 128 = 256
In general, computing an by this naive method requires n− 1 multiplications.
But we can compute 28 with only three multiplications
22 = 2 · 2 = 4
24 =(22)2
= 4 · 4 = 16
28 =(24)2
= 16 · 16 = 256
If the exponent has the form n = 2k then this successive squaring method
59
60 CHAPTER 23. COMPUTATION OF AN MOD M
requires only k-many multiplications.
a2 = a · a
a22= (a2)2 = a2 · a2
a23= (a22
)2 = a22· a22
...
a2k
= (a2k−1)2 = a2k−1
· a2k−1
This is quite a savings because if n = 2k then k is generally much smaller thann− 1, just as 3 is smaller than 7.
This is the foundation of the binary method to compute an. It is bestexplained by example.
23.1 Example To compute 315, first express the exponent in binary 15 =23 + 22 + 2 + 1 = [1, 1, 1, 1]2. Thus, 315 = 323 · 322 · 32 · 3.
Next, we use successive squaring to get the factors in that expansion of 315.
32 = 3 · 3 = 9
322= 9 · 9 = 81
323= 81 · 81 = 6561
Putting those factors together
3 · 32 = 3 · 9 = 27
(3 · 32) · 322= 27 · 81 = 2187
(3 · 32 · 322)323
= 2187 · 6561 = 14348907
gives that 315 = 14348907. This took just six multiplications, while the naivemethod would have taken fourteen. (Finding the binary representation of 15took some extra effort, but not much.)
23.2 Theorem Computing xn using the binary method requires blg(n)c divi-sions and at most 2blg(n)c multiplications.
proof. If n = [ar, . . . , a0]2 and ar = 1 then 2r ≤ n ≤< 2r+1. By the familiarproperties of any logarithm, lg(2r) ≤ lg(n) < lg(2r+1). Since lg2(2x) = x thisgives r ≤ lg(n) < r + 1, hence r = blg(n)c. Note that r is the number of timeswe need to divide to get n’s binary representation n = [ar, . . . , a0]2.
To compute the powers x, x2, x22, . . . , x2r
by successive squaring requiresr = blg(n)c multiplications and similarly to compute the product
x2r
· xar−12r−1
· · ·xa12 · xa0
requires r multiplications. So after obtaining the binary representation we needat most 2r = 2blg(n)c multiplications. qed
61
Note that if we count an application of the Division Algorithm and a mul-tiplication as having the same cost then the above tells us that we need atmost 3blg(n)c operations to compute xn. So, for example, if n = 106, then3blg(n)c = 57.
To compute an mod m, we use the binary method of exponentiation, withthe added refinement that after every multiplication we reduce modulo m. Thiskeeps the products from getting too big for our computer or calculator.
23.3 Example We compute 315 mod 10:
32 = 3 · 3 = 9 ≡ 9 (mod 10)
34 = 9 · 9 = 81 ≡ 1 (mod 10)
38 ≡ 1 · 1 ≡ 1 ≡ 1 (mod 10)
and so 315 = 38 · 34 · 32 · 31 ≡ 1 · 1 · 9 · 3 = 27 ≡ 7 (mod 10).Note that 315 ≡ 7 (mod 10). In Example 23.1 we calculated that 315 =
14348907 which is clearly congruent to 7 mod 10, but the multiplications therewere not so easy.
23.4 Example To find 2644 mod 645, we first get the binary representation644 = [1, 0, 1, 0, 0, 0, 0, 1, 0, 0]2. That is, 644 = 29 + 27 + 22 = 512 + 128 + 4. Bysuccessive squaring and reducing modulo 645 we get
22 = 2 · 2 = 4 ≡ 4 (mod 645)
24 ≡ 4 · 4 = 16 ≡ 16 (mod 645)
28 ≡ 16 · 16 = 256 ≡ 256 (mod 645)
216 ≡ 256 · 256 = 65, 536 ≡ 391 (mod 645)
232 ≡ 391 · 391 = 152, 881 ≡ 16 (mod 645)
264 ≡ 16 · 16 = 256 ≡ 256 (mod 645)
2128 ≡ 256 · 256 = 65, 536 ≡ 391 (mod 645)
2256 ≡ 391 · 391 = 152, 881 ≡ 16 (mod 645)
2512 ≡ 16 · 16 = 256 ≡ 256 (mod 645).
Now 2644 = 2512 · 2128 · 24, and hence 2644 ≡ 256 · 391 · 16 (mod 645). So256 · 391 = 100099 ≡ 121 (mod 645) and 121 · 16 = 1936 ≡ 1 (mod 645). Hence2644 mod 645 = 1.
62 CHAPTER 23. COMPUTATION OF AN MOD M
Chapter 24
Public Key Cryptosystems
Everyone has tried secret codes. A common one is the Caesar cipher: thesender and the recipient agree in advance to express letters as numbers (1 forA, 2 for B, etc.) and also agree to use an encoding that offsets the message;for instance f(n) = (n + 13) mod 26 offsets the letters by 13. The sender then,in place of transmitting the number n, will transmit f(n) — instead of A, thesender will transmit K, the thirteenth letter. This code is very easy to break,but nonetheless notice that there is a general encryption/decryption scheme ofsending offset letters, and within that scheme it relies on the single secret key,the 13.
In 1976, W Diffie and M Hellman proposed a new kind of cryptographicsystem where there are two keys. A message encrypted with the first key can bedecrypted with the second, and a message encrypted with the second key canbe decrypted with the first. We will first illustrate some advantages of such asystem and then give one way to produce such key pairs.
24.1 Example If two people, Alice and Bob, want to have private commu-nications then each can take a key. Bob alone can read Alice’s messages, andAlice alone can read Bob’s.
24.2 Example Alice can keep one key a secret, and publish the other key in apublic place such as the Internet. Then people who receive an encrypted messagethat claims to be from Alice can get Alice’s public key and try to decrypt themessage. If the result is sensible text, then Alice must have been the one whoencrypted it, since she kept her other key private. This is authentication; hermessage has been digitally signed .
Also, people who want to send a message to Alice in private can encrypt itwith her public key. Only she can decrypt it, using her private key.
24.3 Example Key pairs can be used to do things that seem impossible.Suppose that Alice and Bob want to settle a dispute by flipping a coin, but theymust do so over the Internet. Each person will flip separately, and they agreethat Alice wins if the two coins come out the same while Bob wins if they are
63
64 CHAPTER 24. PUBLIC KEY CRYPTOSYSTEMS
different. However they do not trust each other and so they cannot just emaileach other the results. How can they agree if neither will believe the other?
Each person generates a key pair. Each then sends the other the messagewith “heads” or “tails” encrypted using one of their two keys. After that, eachperson publishes their other key, the one that they did not use to encrypt. Theother person can now decrypt the message they’ve received— they are sure thatthey are not being cheated because they now have the other person’s outcome,albiet encrypted (and the key pairs have the property that finding a new keypair that makes the message decrypt the other way is essentially impossible).
Implicit in these examples are a number of technical requirements on keypairs: from either key we should not be able to find the other, we should not beable to decrypt the message by just trying every possible key, etc. These techni-cal requirements have been met by a number of schemes. The most importantis RSA, due to R Rivest, A Shamir, and L Adelman in 1977 [11]. This chapteroutlines its number-theoretic underpinning.
Assume that our message has been converted to an integer in the set Jm ={0, 1, 2, . . . ,m − 1} where m is some positive integer to be determined. (Forexample, we can take the file as a collection of bits and interpret it as a num-ber written in binary.) Generally this is a large integer. We will require twofunctions:
E : Jm → Jm (E for encipher) and D : Jm → Jm (D for decipher).
By ‘encipher’ and ‘decipher’ we only mean that D(E(x)) = x for all x ∈ Jm.We first need two statements about congruences.
24.4 Lemma Let m1,m2 ∈ Z+ be relatively prime. Then a ≡ b (mod m1)and a ≡ b (mod m2) if and only if a ≡ b (mod m1m2).
proof. One direction is easy: if a ≡ b (mod m1m2) then there is k ∈ Z suchthat a− b = k(m1m2). Rewriting that as a− b = (km1)m2 shows that a− b isa multiple of m2 and so a ≡ b (mod m2). The other equivalence is similar.
If a ≡ b (mod m1) and a ≡ b (mod m2) then there are k1, k2 ∈ Z suchthat a − b = k1m1 and a − b = k2m2. Therefore k1m1 = k2m2. This showsthat m1 | k2m2. As m1 is relatively prime to m2, Lemma 5.6 then gives thatm1 | k2. Writing k2 = km1 for some k, and substituting into the earlier equationa− b = k2m2 gives that a− b = km1m2. Therefore a− b | m1m2 and so a ≡ b(mod m1m2). qed
24.5 Lemma Let p and q be two distinct primes and let m = pq. Supposethat e and d are positive integers that are inverses of each other modulo φ(m).Then xed ≡ x (mod m) for all x.
proof. By Theorem 18.17, φ(m) = (p − 1)(q − 1). Since ed ≡ 1 (mod φ(m))we have that ed − 1 = kφ(m) = k(p − 1)(q − 1) for some k. Note the k > 0unless ed = 1, in which case the theorem is obvious. So we have
(∗) ed = kφ(m) + 1 = k(p− 1)(q − 1) + 1
65
for some k > 0.We will show that xed ≡ x (mod b) for all x. There are two cases. For
the first case, if gcd(x, p) = 1 then by Fermat’s Little Theorem we have thatxp−1 ≡ 1 (mod p). Raising both sides of the congruence to the power (q − 1)kgives x(p−1)(q−1)k ≡ 1 (mod p). Then multiplying by x gives x(p−1)(q−1)k+1 ≡ x(mod p). That is, by (∗)
(∗∗) xed ≡ x (mod p).
For the second case, the gcd(x, p) = p case, the relation (∗∗) is obvious, sincethen x ≡ 0 (mod p).
A similar argument proves that xed ≡ x (mod q) for all x. So by Lemma 24.4and the fact that gcd(p, q) = 1, we have that xed ≡ x (mod m) for all x. qed
24.6 Theorem Let p and q be two distinct primes, let m = pq, and supposethat e and d are positive integers that are inverses of each other modulo φ(m).Where Jm = {0, 1, 2, . . . ,m− 1}, define E : Jm → Jm and D : Jm → Jm by
E(x) = xe mod m and D(x) = xd mod m.
Then E and D are inverse functions.
proof. It suffices to show that D(E(x)) = x for all x ∈ Jm. Suppose thatx ∈ Jm, and that E(x) = xe mod m = r1, and also that D (r1) = rd
1 mod m =r2. We must show that r2 = x. Since xe mod m = r1 we know that xe ≡ r1
(mod m). Hence xed ≡ rd1 (mod m). We also know that rd
1 ≡ r2 (mod m) andhence xed ≡ r2 (mod m). By Lemma 24.5, xed ≡ x (mod m) so we have thatx ≡ r2 (mod m). Since both x and r2 are elements of Jm, both are the principleresidue: x = r2. qed
66 CHAPTER 24. PUBLIC KEY CRYPTOSYSTEMS
Appendix A
Proof by Induction
Most of the proof methods used in mathematics are instinctive to a person witha talent for the work. This section covers a method, the method of MathematicalInduction that is not.
As with all proofs, we will have some assertion to prove. Each assertion willsay that something is true for all integers. Thus, we can denote the assertionP (n). Our first example is the proof that for all n, if n ≥ 5 then 2n > 5n.
P (n): n ≥ 5 ⇔ 2n > 5n
An argument by induction involves two steps. In the base step we show thatP is true for some first integer. Typically, that is a straightforward verification.For our example, we show that P (5) is true by just checking that 25 = 32 isindeed greater than 5 · 5 = 25, which of course it is.
The second step is called the inductive step. We must show that
if P (5), . . . , P (k) are all true then P (k + 1) is also true.
At the end of the proof we will show why this suffices. For the moment noteonly that we are not asserting that P (5), . . . , P (k) are in fact all true (as thatwould be assuming the thing that we are to prove); instead we are proving thatif they are true then P (k + 1) follows.
To prove this if-then statement, take the inductive hypothesis that P (5),. . . , P (k) hold. Then, by the hypothesis that P (k) is true we have 2k > 5k,and Multiplying both sides by 2 gives 2k+1 > 10k We are trying to prove that2k+1 > 5(k + 1) so if we can show 10k ≥ 5k + 5 then we will be done. Becausek ≥ 5, we have that 5k ≥ 5 and therefore 10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).We have therefore established P (k + 1) follows from the inductive hypothesis,as 2k+1 > 10k ≥ 5(k + 1). That ends the inductive step.
To see why the two steps togehter prove the assertion, note that we havechecked the statement for 5. To see it is true for 6, note that in the inductivestep we proved that P (5) ⇔ P (6). To see that the statement is true for 7, notethat we have proved in the inductive step that P (5) and P (6) ⇔ P (7) (and the
67
68 APPENDIX A. PROOF BY INDUCTION
prior sentence shows that P (6) holds). In this way we can see that the statementis true for all numbers n ≥ 5.
Here is an induction proof that is more streamlined, more like the ones givenelsewhere in the book..
1.1 Proposition If n ≥ 5 then 2n > 5n.
proof. We prove the proposition by induction on the variable n.If n = 5 then we have 25 > 5 · 5 or 32 > 25, which is true.Next, assume the hypothesis that 2n > 5n for 5 ≤ n ≤ k. Taking n = k gives
that 2k > 5k. Multiplying both sides by 2 gives 2k+1 > 10k. Now 10k = 5k+5kand k ≥ 5, and so 5k ≥ 5. Hence 10k = 5k + 5k ≥ 5k + 5 = 5(k + 1). It followsthat 2k+1 > 10k ≥ 5(k + 1) and therefore 2k+1 > 5(k + 1).
Hence by mathematical induction we conclude that 2n > 5n for n ≥ 5. qed
Appendix B
Axioms for Z
The set of natural numbers is N = {0, 1, 2, 3, · · · }. The set of integers includesthe natural numbers and the negative integers Z = {. . . ,−2,−1, 0, 1, 2, · · · }. Wesometimes want to restrict our attention to the positive integers Z+ = {1, 2, · · · }.
The rational numbers include all of the fractions Q = {n/m | n, m ∈Z and m 6= 0}. The real numbers R enlarge that set with the irrationals (whichare too hard to precisely describe here). Note that Z+ ⊂ N ⊂ Z ⊂ Q ⊂ R.
In the first chapter we rely on some particularly important properties of Z,the axioms.
1. If a, b ∈ Z, then a + b, a − b and ab ∈ Z. (That is, Z is closed underaddition, subtraction and multiplication.)
2. If a ∈ Z then there is no x ∈ Z such that a < x < a + 1.
3. If a, b ∈ Z and ab = 1, then either a = b = 1 or a = b = −1.
4. Laws of Exponents For n, m ∈ N and a, b ∈ R with a and b not both 0 wehave (an)m = anm and (ab)n = anbn. and anam = an+m.
5. Properties of Inequalities: For a, b, c in R the following hold: if a < b andb < c, then a < c, and if a < b then a + c < b + c, and if a < b and 0 < cthen ac < bc, and if a < b and c < 0 then bc < ac, and finally, given a andb, one and only one of a = b , a < b, b < a holds.
6. Well-Ordering Property Every non-empty subset of N contains a leastelement.
7. Mathematical Induction Let P (n) be a statement concerning the integervariable n. Let n0 be any fixed integer. Then P (n) is true for all integersn ≥ n0 if both of the following statements hold: (the base step) P (n)is true for n = n0, and (the inductive step) whenever P (n) is true forn0 ≤ n ≤ k then P (n) is true for n = k + 1.
69
70 APPENDIX B. AXIOMS FOR Z
Appendix C
Some Properties of R
3.1 Definition Where x ∈ R, the floor (or greatest integer) bxc is the largestinteger less than or equal to x. Its ceiling dxe is the least integer greater thanor equal to x.
For example, b3.1c = 3 and d3.1e = 4, b3c = 3 and d3e = 3, and b−3.1c = −4and d−3.1e = −3.
From that definition we immediately have that bxc = max{n ∈ Z | n ≤ x},and that n = bxc ⇐⇒ n ≤ x < n + 1. From this we have also that bxc ≤ x andthat bxc = x ⇐⇒ x ∈ Z.
3.2 Lemma (Floor Lemma) Where x is real, x− 1 < bxc ≤ x.
proof. Let n = bxc. Then by the above comments, we have n ≤ x < n + 1.This gives immediately that bxc ≤ x, as already noted above. It also gives thatx < n + 1 which implies that x− 1 < n, that is, that x− 1 < bxc. qed
3.3 Definition The decimal representation of a positive integer a is given bya = an−1an−2 · · · a1a0 where
a = an−110n−1 + an−210n−2 + · · ·+ a110 + a0
and the digits an−1, an−2, . . . , a1, a0 are in the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9}, withan−1 6= 0. This representation shows that a is, with respect to base 10, an ndigit number (or is n digits long).
71
72 APPENDIX C. SOME PROPERTIES OF R
Bibliography
[1] Tom Apostol, Introduction to Analytic Number Theory, Springer-Verlag,New York-Heidelberg, 1976.
[2] Chris Caldwell, The Primes Pages,http://www.utm.edu/research/primes/
[3] W. Edwin Clark, Number Theory Links,http://www.math.usf.edu/~eclark/numtheory_links.html
[4] W Diffie, M Hellman, New Directions in Cryptography, IEEE Transactionson Information Theory 22 (1976), 644-654.
[5] Earl Fife and Larry Husch, Number Theory (Mathematics Archives,http://archives.math.utk.edu/topics/numberTheory.html
[6] Ronald Graham, Donald Knuth, and Oren Patashnik, Concrete Mathemat-ics, Addison-Wesley, 1994.
[7] Donald Knuth The Art of Computer Programming, Vols I and II, Addison-Wesley, 1997.
[8] The Math Forum, Number Theory Siteshttp://mathforum.org/library/topics/number_theory/
[9] Oystein Ore, Number Theory and its History, Dover Publications, 1988.
[10] Carl Pomerance and Richard Crandall, Prime Numbers – A ComputationalPerspective, Springer -Verlag, 2001.
[11] R Rivest, A Shamir, L Adelman, A Method for Obtaining Digital Signaturesand Public-Key Cryptosystems available from http://citeseer.nj.nec.com/rivest78method.html, 1977
[12] Kenneth A. Rosen, Elementary Number Theory, (Fourth Edition),Addison-Wesley, 2000.
[13] Eric Weisstein, World of Mathematics –Number Theory Section,http://mathworld.wolfram.com/topics/NumberTheory.html
73
Index
3n + 1 Conjecture, iiin digit number, 71n digits long, 71
authentication, 63axioms, 69
base b representation, 57binary, 57binary method, 60bits, 57
cardinality, 49ceiling, 71class representative, 42closed, 69common divisor, 7complete residue system modulo m,
43complete set of representatives, 43composite, 3congruence class, 41congruences, 32congruent modulo m, 31
decimal, 57decimal representation, 71decipher, 64digitally signed, 63digits, 57, 71divides, 1divisor, 1
encipher, 64equivalence class of a modulo m, 41Euclidean Algorithm, 14Euler phi function, 49even, 2
even parity, 2
factor, 1Fermat numbers, 21Fermat prime, 22Fermat primes, iiiFermat’s Last Theorem, 54floor, 71
Goldbach’s Conjecture, iiigreatest common divisor, 7greatest integer, 71group of units, 48
hexadecimal, 57
integers, 69inverse, 37inverses of each other, 47
Laws of Exponents, 69least absolute residue system mod-
ulo m, 44least nonnegative residues modulo
m, 43linear combination, 9linear congruence, 51
Mathematical Induction, 67, 69Mersenne numbers, 22Mersenne prime, 23Mersenne primes, iiimodulus, 31
natural numbers, 69
octal, 57odd, 2
75
76 INDEX
odd parity, 2
perfect, iii, 25positive integers, 69powers of the residue class, 53prime, 3prime number, iiiprinciple class representative, 42principle residue, 42product, 45proper divisor, 25
quotient, 5
rational numbers, 69real numbers, 69relatively prime, 8remainder, 5repunits, iiiresidue class, 41RSA, 64
Sieve of Eratosthenes, 19Solovay-Strassen pseudoprimality test,
56sum, 45
ternary, 57totient, 49Twin Prime Conjecture, iiiTwin primes, iii
unit, 47
Well-Ordering Property, 69
Number TheoryNaoki Sato <[email protected]>
0 Preface
This set of notes on number theory was originally written in 1995 for studentsat the IMO level. It covers the basic background material that an IMOstudent should be familiar with. This text is meant to be a reference, andnot a replacement but rather a supplement to a number theory textbook;several are given at the back. Proofs are given when appropriate, or whenthey illustrate some insight or important idea. The problems are culled fromvarious sources, many from actual contests and olympiads, and in generalare very difficult. The author welcomes any corrections or suggestions.
1 Divisibility
For integers a and b, we say that a divides b, or that a is a divisor (orfactor) of b, or that b is a multiple of a, if there exists an integer c suchthat b = ca, and we denote this by a | b. Otherwise, a does not divide b, andwe denote this by a - b. A positive integer p is a prime if the only divisors ofp are 1 and p. If pk | a and pk+1 - a where p is a prime, i.e. pk is the highestpower of p dividing a, then we denote this by pk‖a.
Useful Facts
• If a, b > 0, and a | b, then a ≤ b.
• If a | b1, a | b2, . . . , a | bn, then for any integers c1, c2, . . . , cn,
a |n∑
i=1
bici.
Theorem 1.1. The Division Algorithm. For any positive integer a andinteger b, there exist unique integers q and r such that b = qa + r and0 ≤ r < a, with r = 0 iff a | b.
1
Theorem 1.2. The Fundamental Theorem of Arithmetic. Every integergreater than 1 can be written uniquely in the form
pe11 pe2
2 · · · pekk ,
where the pi are distinct primes and the ei are positive integers.
Theorem 1.3. (Euclid) There exist an infinite number of primes.
Proof. Suppose that there are a finite number of primes, say p1, p2, . . . ,pn. Let N = p1p2 · · · pn + 1. By the fundamental theorem of arithmetic, Nis divisible by some prime p. This prime p must be among the pi, since byassumption these are all the primes, but N is seen not to be divisible by anyof the pi, contradiction.
Example 1.1. Let x and y be integers. Prove that 2x + 3y is divisibleby 17 iff 9x + 5y is divisible by 17.
Solution. 17 | (2x + 3y) ⇒ 17 | [13(2x + 3y)], or 17 | (26x + 39y) ⇒17 | (9x + 5y), and conversely, 17 | (9x + 5y) ⇒ 17 | [4(9x + 5y)], or17 | (36x + 20y) ⇒ 17 | (2x + 3y).
Example 1.2. Find all positive integers d such that d divides both n2+1and (n + 1)2 + 1 for some integer n.
Solution. Let d | (n2 + 1) and d | [(n + 1)2 + 1], or d | (n2 + 2n + 2).Then d | [(n2 + 2n + 2)− (n2 + 1)], or d | (2n + 1) ⇒ d | (4n2 + 4n + 1), sod | [4(n2+2n+2)−(4n2+4n+1)], or d | (4n+7). Then d | [(4n+7)−2(2n+1)],or d | 5, so d can only be 1 or 5. Taking n = 2 shows that both of thesevalues are achieved.
Example 1.3. Suppose that a1, a2, . . . , a2n are distinct integers suchthat the equation
(x− a1)(x− a2) · · · (x− a2n)− (−1)n(n!)2 = 0
has an integer solution r. Show that
r =a1 + a2 + · · ·+ a2n
2n.
(1984 IMO Short List)
Solution. Clearly, r 6= ai for all i, and the r−ai are 2n distinct integers,so
|(r − a1)(r − a2) · · · (r − a2n)| ≥ |(1)(2) · · · (n)(−1)(−2) · · · (−n)| = (n!)2,
2
with equality iff
{r − a1, r − a2, . . . , r − a2n} = {1, 2, . . . , n,−1,−2, . . . ,−n}.
Therefore, this must be the case, so
(r − a1) + (r − a2) + · · ·+ (r − a2n)
= 2nr − (a1 + a2 + · · ·+ a2n)
= 1 + 2 + · · ·+ n + (−1) + (−2) + · · ·+ (−n) = 0
⇒ r =a1 + a2 + · · ·+ a2n
2n.
Example 1.4. Let 0 < a1 < a2 < · · · < amn+1 be mn+1 integers. Provethat you can select either m + 1 of them no one of which divides any other,or n + 1 of them each dividing the following one.
(1966 Putnam Mathematical Competition)
Solution. For each i, 1 ≤ i ≤ mn + 1, let ni be the length of the longestsequence starting with ai and each dividing the following one, among theintegers ai, ai+1, . . . , amn+1. If some ni is greater than n then the problemis solved. Otherwise, by the pigeonhole principle, there are at least m + 1values of ni that are equal. Then, the integers ai corresponding to these ni
cannot divide each other.
Useful Facts
• Bertrand’s Postulate. For every positive integer n, there exists a primep such that n ≤ p ≤ 2n.
• Gauss’s Lemma. If a polynomial with integer coefficients factors intotwo polynomials with rational coefficients, then it factors into two poly-nomials with integer coefficients.
Problems
1. Let a and b be positive integers such that a | b2, b2 | a3, a3 | b4, b4 | a5,. . . . Prove that a = b.
2. Let a, b, and c denote three distinct integers, and let P denote a poly-nomial having all integral coefficients. Show that it is impossible thatP (a) = b, P (b) = c, and P (c) = a.
(1974 USAMO)
3
3. Show that if a and b are positive integers, then(a +
1
2
)n
+
(b +
1
2
)n
is an integer for only finitely many positive integers n.
(A Problem Seminar, D.J. Newman)
4. For a positive integer n, let r(n) denote the sum of the remainders whenn is divided by 1, 2, . . . , n respectively. Prove that r(k) = r(k− 1) forinfinitely many positive integers k.
(1981 Kurschak Competition)
5. Prove that for all positive integers n,
0 <n∑
k=1
g(k)
k− 2n
3<
2
3,
where g(k) denotes the greatest odd divisor of k.
(1973 Austrian Mathematics Olympiad)
6. Let d be a positive integer, and let S be the set of all positive integersof the form x2 + dy2, where x and y are non-negative integers.
(a) Prove that if a ∈ S and b ∈ S, then ab ∈ S.
(b) Prove that if a ∈ S and p ∈ S, such that p is a prime and p | a,then a/p ∈ S.
(c) Assume that the equation x2 + dy2 = p has a solution in non-negative integers x and y, where p is a given prime. Show that ifd ≥ 2, then the solution is unique, and if d = 1, then there areexactly two solutions.
2 GCD and LCM
The greatest common divisor of two positive integers a and b is the great-est positive integer that divides both a and b, which we denote by gcd(a, b),and similarly, the lowest common multiple of a and b is the least positive
4
integer that is a multiple of both a and b, which we denote by lcm(a, b). Wesay that a and b are relatively prime if gcd(a, b) = 1. For integers a1, a2,. . . , an, gcd(a1, a2, . . . , an) is the greatest positive integer that divides all ofa1, a2, . . . , an, and lcm(a1, a2, . . . , an) is defined similarly.
Useful Facts
• For all a, b, gcd(a, b) · lcm(a, b) = ab.
• For all a, b, and m, gcd(ma, mb) = m gcd(a, b) and lcm(ma, mb) =mlcm(a, b).
• If d | gcd(a, b), then
gcd
(a
d,b
d
)=
gcd(a, b)
d.
In particular, if d = gcd(a, b), then gcd(a/d, b/d) = 1; that is, a/d andb/d are relatively prime.
• If a | bc and gcd(a, c) = 1, then a | b.
• For positive integers a and b, if d is a positive integer such that d | a,d | b, and for any d′, d′ | a and d′ | b implies that d′ | d, then d =gcd(a, b). This is merely the assertion that any common divisor of aand b divides gcd(a, b).
• If a1a2 · · · an is a perfect kth power and the ai are pairwise relativelyprime, then each ai is a perfect kth power.
• Any two consecutive integers are relatively prime.
Example 2.1. Show that for any positive integer N , there exists amultiple of N that consists only of 1s and 0s. Furthermore, show that if Nis relatively prime to 10, then there exists a multiple that consists only of 1s.
Solution. Consider the N +1 integers 1, 11, 111, . . . , 111...1 (N +1 1s).When divided by N , they leave N +1 remainders. By the pigeonhole princi-ple, two of these remainders are equal, so the difference in the correspondingintegers, an integer of the form 111...000, is divisible by N . If N is relativelyprime to 10, then we may divide out all powers of 10, to obtain an integer ofthe form 111...1 that remains divisible by N .
5
Theorem 2.1. For any positive integers a and b, there exist integers xand y such that ax + by = gcd(a, b). Furthermore, as x and y vary over allintegers, ax + by attains all multiples and only multiples of gcd(a, b).
Proof. Let S be the set of all integers of the form ax+by, and let d be theleast positive element of S. By the division algorithm, there exist integers qand r such that a = qd + r, 0 ≤ r < d. Then r = a− qd = a− q(ax + by) =(1 − qx)a − (qy)b, so r is also in S. But r < d, so r = 0 ⇒ d | a, andsimilarly, d | b, so d | gcd(a, b). However, gcd(a, b) divides all elements of S,so in particular gcd(a, b) | d ⇒ d = gcd(a, b). The second part of the theoremfollows.
Corollary 2.2. The positive integers a and b are relatively prime iff thereexist integers x and y such that ax + by = 1.
Corollary 2.3. For any positive integers a1, a2, . . . , an, there existintegers x1, x2, . . . , xn, such that a1x1+a2x2+· · ·+anxn = gcd(a1, a2, . . . , an).
Corollary 2.4. Let a and b be positive integers, and let n be an integer.Then the equation
ax + by = n
has a solution in integers x and y iff gcd(a, b) | n. If this is the case, then allsolutions are of the form
(x, y) =
(x0 + t · b
d, y0 − t · a
d
),
where d = gcd(a, b), (x0, y0) is a specific solution of ax + by = n, and t is aninteger.
Proof. The first part follows from Theorem 2.1. For the second part, asstated, let d = gcd(a, b), and let (x0, y0) be a specific solution of ax+ by = n,so that ax0 + by0 = n. If ax+ by = n, then ax+ by− ax0− by0 = a(x−x0)+b(y − y0) = 0, or a(x− x0) = b(y0 − y), and hence
(x− x0) ·a
d= (y0 − y) · b
d.
Since a/d and b/d are relatively prime, b/d must divide x−x0, and a/d mustdivide y0 − y. Let x− x0 = tb/d and y0 − y = ta/d. This gives the solutionsdescribed above.
6
Example 2.2. Prove that the fraction
21n + 4
14n + 3
is irreducible for every positive integer n. (1959 IMO)
Solution. For all n, 3(14n + 3)− 2(21n + 4) = 1, so the numerator anddenominator are relatively prime.
Example 2.3. For all positive integers n, let Tn = 22n+ 1. Show that if
m 6= n, then Tm and Tn are relatively prime.
Solution. We have that
Tn − 2 = 22n − 1 = 22n−1·2 − 1
= (Tn−1 − 1)2 − 1 = T 2n−1 − 2Tn−1
= Tn−1(Tn−1 − 2)
= Tn−1Tn−2(Tn−2 − 2)
= · · ·= Tn−1Tn−2 · · ·T1T0(T0 − 2)
= Tn−1Tn−2 · · ·T1T0,
for all n. Therefore, any common divisor of Tm and Tn must divide 2. Buteach Tn is odd, so Tm and Tn are relatively prime.
Remark. It immediately follows from this result that there are an infinitenumber of primes.
The Euclidean Algorithm. By recursive use of the division algorithm, wemay find the gcd of two positive integers a and b without factoring either,and the x and y in Theorem 2.1 (and so, a specific solution in Corollary 2.4).For example, for a = 329 and b = 182, we compute
329 = 1 · 182 + 147,
182 = 1 · 147 + 35,
147 = 4 · 35 + 7,
35 = 5 · 7,
and stop when there is no remainder. The last dividend is the gcd, so inour example, gcd(329,182) = 7. Now, working through the above equations
7
backwards,
7 = 147− 4 · 35 = 147− 4 · (182− 1 · 147)
= 5 · 147− 4 · 182 = 5 · (329− 182)− 4 · 182
= 5 · 329− 9 · 182.
Remark. The Euclidean algorithm also works for polynomials.
Example 2.4. Let n be a positive integer, and let S be a subset of n+1elements of the set {1, 2, . . . , 2n}. Show that
(a) There exist two elements of S that are relatively prime, and
(b) There exist two elements of S, one of which divides the other.
Solution. (a) There must be two elements of S that are consecutive, andthus, relatively prime.
(b) Consider the greatest odd factor of each of the n + 1 elements inS. Each is among the n odd integers 1, 3, . . . , 2n − 1. By the pigeon-hole principle, two must have the same greatest odd factor, so they differ(multiplication-wise) by a power of 2, and so one divides the other.
Example 2.5. The positive integers a1, a2, . . . , an are such that each isless than 1000, and lcm(ai, aj) > 1000 for all i, j, i 6= j. Show that
n∑i=1
1
ai
< 2.
(1951 Russian Mathematics Olympiad)
Solution. If 1000m+1
< a ≤ 1000m
, then the m multiples a, 2a, . . . , ma do
not exceed 1000. Let k1 the number of ai in the interval (10002
, 1000], k2 in(1000
3, 1000
2], etc. Then there are k1 + 2k2 + 3k3 + · · · integers, no greater
than 1000, that are multiples of at least one of the ai. But the multiples aredistinct, so
k1 + 2k2 + 3k3 + · · · < 1000
⇒ 2k1 + 3k2 + 4k3 + · · · = (k1 + 2k2 + 3k3 + · · · ) + (k1 + k2 + k3 + · · · )< 1000 + n
< 2000.
8
Therefore,
n∑i=1
1
ai
≤ k12
1000+ k2
3
1000+ k3
4
1000+ · · ·
=2k1 + 3k2 + 4k3 + · · ·
1000< 2.
Note: It can be shown that n ≤ 500 as follows: Consider the greatestodd divisor of a1, a2, . . . , a1000. Each must be distinct; otherwise, two differ,multiplication-wise, by a power of 2, which means one divides the other,contradiction. Also, there are only 500 odd numbers between 1 and 1000,from which the result follows. It also then follows that
n∑i=1
1
ai
<3
2.
Useful Facts
• Dirichlet’s Theorem. If a and b are relatively prime positive integers,then the arithmetic sequence a, a + b, a + 2b, . . . , contains infinitelymany primes.
Problems
1. The symbols (a, b, . . . , g) and [a, b, . . . , g] denote the greatest commondivisor and lowest common multiple, respectively of the positive inte-gers a, b, . . . , g. Prove that
[a, b, c]2
[a, b][a, c][b, c]=
(a, b, c)2
(a, b)(a, c)(b, c).
(1972 USAMO)
2. Show that gcd(am − 1, an − 1) = agcd(m,n) − 1 for all positive integersa > 1, m, n.
9
3. Let a, b, and c be positive integers. Show that
lcm(a, b, c) =abc · gcd(a, b, c)
gcd(a, b) · gcd(a, c) · gcd(b, c).
Express gcd(a, b, c) in terms of abc, lcm(a, b, c), lcm(a, b), lcm(a, c), andlcm(b, c). Generalize.
4. Let a, b be odd positive integers. Define the sequence (fn) by puttingf1 = a, f2 = b, and by letting fn for n ≥ 3 be the greatest odd divisorof fn−1 + fn−2. Show that fn is constant for n sufficiently large anddetermine the eventual value as a function of a and b.
(1993 USAMO)
5. Let n ≥ a1 > a2 > · · · > ak be positive integers such that lcm(ai, aj) ≤n for all i, j. Prove that iai ≤ n for i = 1, 2, . . . , k.
3 Arithmetic Functions
There are several important arithmetic functions, of which three are pre-sented here. If the prime factorization of n > 1 is pe1
1 pe22 · · · pek
k , then thenumber of positive integers less than n, relatively prime to n, is
φ(n) =
(1− 1
p1
)(1− 1
p2
)· · ·(
1− 1
pk
)n
= pe1−11 pe2−1
2 · · · pek−1k (p1 − 1)(p2 − 1) · · · (pk − 1),
the number of divisors of n is
τ(n) = (e1 + 1)(e2 + 1) · · · (ek + 1),
and the sum of the divisors of n is
σ(n) = (pe11 + pe1−1
1 + · · ·+ 1)(pe22 + pe2−1
2 + · · ·+ 1)
· · · (pekk + pek−1
k + · · ·+ 1)
=
(pe1+1
1 − 1
p1 − 1
)(pe2+1
2 − 1
p2 − 1
)· · ·(
pek+1k − 1
pk − 1
).
Also, φ(1), τ(1), and σ(1) are defined to be 1. We say that a functionf is multiplicative if f(mn) = f(m)f(n) for all relatively prime positive
10
integers m and n, and f(1) = 1 (otherwise, f(1) = 0, which implies thatf(n) = 0 for all n).
Theorem 3.1. The functions φ, τ , and σ are multiplicative.
Hence, by taking the prime factorization and evaluating at each primepower, the formula above are found easily.
Example 3.1. Find the number of solutions in ordered pairs of positiveintegers (x, y) of the equation
1
x+
1
y=
1
n,
where n is a positive integer.
Solution. From the given,
1
x+
1
y=
1
n⇔ xy = nx + ny ⇔ (x− n)(y − n) = n2.
If n = 1, then we immediately deduce the unique solution (2,2). Forn ≥ 2, let n = pe1
1 pe22 · · · pek
k be the prime factorization of n. Since x, y > n,there is a 1-1 correspondence between the solutions in (x, y) and the factorsof n2, so the number of solutions is
τ(n2) = (2e1 + 1)(2e2 + 1) · · · (2ek + 1).
Example 3.2. Let n be a positive integer. Prove that∑d|n
φ(d) = n.
Solution. For a divisor d of n, let Sd be the set of all a, 1 ≤ a ≤ n, suchthat gcd(a, n) = n/d. Then Sd consists of all elements of the form b · n/d,where 0 ≤ b ≤ d, and gcd(b, d) = 1, so Sd contains φ(d) elements. Also, it isclear that each integer between 1 and n belongs to a unique Sd. The resultthen follows from summing over all divisors d of n.
Problems
1. Let n be a positive integer. Prove that
n∑k=1
τ(k) =n∑
k=1
⌊n
k
⌋.
11
2. Let n be a positive integer. Prove that
∑d|n
τ 3(d) =
∑d|n
τ(d)
2
.
3. Prove that if σ(N) = 2N + 1, then N is the square of an odd integer.
(1976 Putnam Mathematical Competition)
4 Modular Arithmetic
For a positive integer m and integers a and b, we say that a is congruent tob modulo m if m | (a− b), and we denote this by a ≡ b modulo m, or morecommonly a ≡ b (mod m). Otherwise, a is not congruent to b modulo m,and we denote this by a 6≡ b (mod m) (although this notation is not usedoften). In the above notation, m is called the modulus, and we consider theintegers modulo m.
Theorem 4.1. If a ≡ b and c ≡ d (mod m), then a+ c ≡ b+d (mod m)and ac ≡ bd (mod m).
Proof. If a ≡ b and c ≡ d (mod m), then there exist integers k and lsuch that a = b + km and c = d + lm. Hence, a + c = b + d + (k + l)m, soa + c ≡ b + d (mod m). Also,
ac = bd + dkm + blm + klm2
= bd + (dk + bl + klm)m,
so ac ≡ bd (mod m).
Useful Facts
• For all integers n,
n2 ≡{
01
}(mod 4)
{if n is even,if n is odd.
• For all integers n,
n2 ≡
041
(mod 8)
if n ≡ 0 (mod 4),if n ≡ 2 (mod 4),if n ≡ 1 (mod 2).
12
• If f is a polynomial with integer coefficients and a ≡ b (mod m), thenf(a) ≡ f(b) (mod m).
• If f is a polynomial with integer coefficients of degree n, not identicallyzero, and p is a prime, then the congruence
f(x) ≡ 0 (mod p)
has at most n solutions modulo p, counting multiplicity.
Example 4.1. Prove that the only solution in rational numbers of theequation
x3 + 3y3 + 9z3 − 9xyz = 0
is x = y = z = 0.(1983 Kurschak Competition)
Solution. Suppose that the equation has a solution in rationals, withat least one non-zero variable. Since the equation is homogeneous, we mayobtain a solution in integers (x0, y0, z0) by multiplying the equation by thecube of the lowest common multiple of the denominators. Taking the equa-tion modulo 3, we obtain x3
0 ≡ 0 (mod 3). Therefore, x0 must be divisibleby 3, say x0 = 3x1. Substituting,
27x31 + 3y3
0 + 9z30 − 27x1y0z0 = 0
⇒ y30 + 3z3
0 + 9x31 − 9x1y0z0 = 0.
Therefore, another solution is (y0, z0, x1). We may then apply this reductionrecursively, to obtain y0 = 3y1, z0 = 3z1, and another solution (x1, y1, z1).Hence, we may divide powers of 3 out of our integer solution an arbitrarynumber of times, contradiction.
Example 4.2. Does one of the first 108 +1 Fibonacci numbers terminatewith 4 zeroes?
Solution. The answer is yes. Consider the sequence of pairs (Fk, Fk+1)modulo 104. Since there are only a finite number of different possible pairs(108 to be exact), and each pair is dependent only on the previous one,this sequence is eventually periodic. Also, by the Fibonacci relation, onecan find the previous pair to a given pair, so this sequence is immediatelyperiodic. But F0 ≡ 0 (mod 104), so within 108 terms, another Fibonaccinumber divisible by 104 must appear.
13
In fact, a computer check shows that 104 | F7500, and (Fn) modulo 104
has period 15000, which is much smaller than the upper bound of 108.
If ax ≡ 1 (mod m), then we say that x is the inverse of a modulo m,denoted by a−1, and it is unique modulo m.
Theorem 4.2. The inverse of a modulo m exists and is unique iff a isrelatively prime to m.
Proof. If ax ≡ 1 (mod m), then ax = 1+km for some k ⇒ ax−km = 1.By Corollary 2.2, a and m are relatively prime. Now, if gcd(a, m) = 1, thenby Corollary 2.2, there exist integers x and y such that ax+my = 1 ⇒ ax =1−my ⇒ ax ≡ 1 (mod m). The inverse x is unique modulo m, since if x′ isalso an inverse, then ax ≡ ax′ ≡ 1 ⇒ xax ≡ xax′ ≡ x ≡ x′.
Corollary 4.3. If p is a prime, then the inverse of a modulo p exists andis unique iff p does not divide a.
Corollary 4.4. If ak ≡ bk (mod m) and k is relatively prime to m, thena ≡ b (mod m).
Proof. Multiplying both sides by k−1, which exists by Theorem 4.2,yields the result.
We say that a set {a1, a2, . . . , am} is a complete residue system modulom if for all i, 0 ≤ i ≤ m−1, there exists a unique j such that aj ≡ i (mod m).
Example 4.3. Find all positive integers n such that there exist completeresidue systems {a1, a2, . . . , an} and {b1, b2, . . . , bn} modulo n for which {a1+b1, a2 + b2, . . . , an + bn} is also a complete residue system.
Solution. The answer is all odd n. First we prove necessity.For any complete residue system {a1, a2, . . . , an} modulo n, we have that
a1 + a2 + · · · + an ≡ n(n + 1)/2 (mod n). So, if all three sets are completeresidue systems, then a1+a2+· · ·+an+b1+b2+· · ·+bn ≡ n2+n ≡ 0 (mod n)and a1 + b1 +a2 + b2 + · · ·+an + bn ≡ n(n+1)/2 (mod n), so n(n+1)/2 ≡ 0(mod n). The quantity n(n+1)/2 is divisible by n iff (n+1)/2 is an integer,which implies that n is odd.
Now assume that n is odd. Let ai = bi = i for all i. Then ai + bi = 2ifor all i, and n is relatively prime to 2, so by Corollary 4.4, {2, 4, . . . , 2n} isa complete residue system modulo n.
Theorem 4.5. Euler’s Theorem. If a is relatively prime to m, thenaφ(m) ≡ 1 (mod m).
14
Proof. Let a1, a2, . . . , aφ(m) be the positive integers less than m thatare relatively prime to m. Consider the integers aa1, aa2, . . . , aaφ(m). Weclaim that they are a permutation of the original φ(m) integers ai, modulom. For each i, aai is also relatively prime to m, so aai ≡ ak for some k. Sinceaai ≡ aaj ⇔ ai ≡ aj (mod m), each ai gets taken to a different ak undermultiplication by a, so indeed they are permuted. Hence,
a1a2 · · · aφ(m) ≡ (aa1)(aa2) · · · (aaφ(m))
≡ aφ(m)a1a2 · · · aφ(m)
⇒ 1 ≡ aφ(m) (mod m).
Remark. This gives an explicit formula for the inverse of a modulo m:a−1 ≡ aφ(m)−2 (mod m). Alternatively, one can use the Euclidean algorithmto find a−1 ≡ x as in the proof of Theorem 4.2.
Corollary 4.6. Fermat’s Little Theorem (FLT). If p is a prime, and pdoes not divide a, then ap−1 ≡ 1 (mod p).
Example 4.4. Show that if a and b are relatively prime positive integers,then there exist integers m and n such that am + bn ≡ 1 (mod ab).
Solution. Let S = am + bn, where m = φ(b) and n = φ(a). Thenby Euler’s Theorem, S ≡ bφ(a) ≡ 1 (mod a), or S − 1 ≡ 0 (mod a), andS ≡ aφ(b) ≡ 1 (mod b), or S−1 ≡ 0 (mod b). Therefore, S−1 ≡ 0, or S ≡ 1(mod ab).
Example 4.5. For all positive integers i, let Si be the sum of the productsof 1, 2, . . . , p − 1 taken i at a time, where p is an odd prime. Show thatS1 ≡ S2 ≡ · · · ≡ Sp−2 ≡ 0 (mod p).
Solution. First, observe that
(x− 1)(x− 2) · · · (x− (p− 1))
= xp−1 − S1xp−2 + S2x
p−3 − · · · − Sp−2x + Sp−1.
This polynomial vanishes for x = 1, 2, . . . , p − 1. But by Fermat’s LittleTheorem, so does xp−1 − 1 modulo p. Taking the difference of these twopolynomials, we obtain another polynomial of degree p− 2 with p− 1 rootsmodulo p, so it must be the zero polynomial, and the result follows fromcomparing coefficients.
15
Remark. We immediately have that (p − 1)! ≡ Sp−1 ≡ −1 (mod p),which is Wilson’s Theorem. Also, xp − x ≡ 0 (mod p) for all x, yet wecannot compare coefficients here. Why not?
Theorem 4.7. If p is a prime and n is an integer such that p | (4n2 +1),then p ≡ 1 (mod 4).
Proof. Clearly, p cannot be 2, so we need only show that p 6≡ 3 (mod 4).Suppose p = 4k + 3 for some k. Let y = 2n, so by Fermat’s Little Theorem,yp−1 ≡ 1 (mod p), since p does not divide n. But, y2 + 1 ≡ 0, so
yp−1 ≡ y4k+2 ≡ (y2)2k+1 ≡ (−1)2k+1 ≡ −1 (mod p),
contradiction. Therefore, p ≡ 1 (mod 4).
Remark. The same proof can be used to show that if p is a prime andp | (n2 + 1), then p = 2 or p ≡ 1 (mod 4).
Example 4.6. Show that there are an infinite number of primes of theform 4k + 1 and of the form 4k + 3.
Solution. Suppose that there are a finite number of primes of the form4k + 1, say p1, p2, . . . , pn. Let N = 4(p1p2 · · · pn)2 + 1. By Theorem 4.7, Nis only divisible by primes of the form 4k + 1, but clearly N is not divisibleby any of these primes, contradiction.
Similarly, suppose that there are a finite number of primes of the form4k + 3, say q1, q2, . . . , qm. Let M = 4q1q2 · · · qm − 1. Then M ≡ 3 (mod 4),so M must be divisible by a prime of the form 4k + 3, but M is not divisibleby any of these primes, contradiction.
Example 4.7. Show that if n is an integer greater than 1, then n doesnot divide 2n − 1.
Solution. Let p be the least prime divisor of n. Then gcd(n, p− 1) = 1,and by Corollary 2.2, there exist integers x and y such that nx+(p−1)y = 1.If p | (2n − 1), then 2 ≡ 2nx+(p−1)y ≡ (2n)x(2p−1)y ≡ 1 (mod p) by Fermat’sLittle Theorem, contradiction. Therefore, p - (2n − 1) ⇒ n - (2n − 1).
Theorem 4.8. Wilson’s Theorem. If p is a prime, then (p − 1)! ≡ −1(mod p). (See also Example 4.5.)
Proof. Consider the congruence x2 ≡ 1 (mod p). Then x2 − 1 ≡ (x −1)(x + 1) ≡ 0, so the only solutions are x ≡ 1 and −1. Therefore, for each i,2 ≤ i ≤ p− 2, there exists a unique inverse j 6= i of i, 2 ≤ j ≤ p− 2, modulo
16
p. Hence, when we group in pairs of inverses,
(p− 1)! ≡ 1 · 2 · · · (p− 2) · (p− 1)
≡ 1 · 1 · · · 1 · (p− 1)
≡ −1 (mod p).
Example 4.8. Let {a1, a2, . . . , a101} and {b1, b2, . . . , b101} be completeresidue systems modulo 101. Can {a1b1, a2b2, . . . , a101b101} be a completeresidue system modulo 101?
Solution. The answer is no. Suppose that {a1b1, a2b2, . . . , a101b101} isa complete residue system modulo 101. Without loss of generality, assumethat a101 ≡ 0 (mod 101). Then b101 ≡ 0 (mod 101), because if any otherbj was congruent to 0 modulo 101, then ajbj ≡ a101b101 ≡ 0 (mod 101),contradiction. By Wilson’s Theorem, a1a2 · · · a100 ≡ b1b2 · · · b100 ≡ 100! ≡−1 (mod 101), so a1b1a2b2 · · · a100b100 ≡ 1 (mod 101). But a101b101 ≡ 0(mod 101), so a1b1a2b2 · · · a100b100 ≡ 100! ≡ −1 (mod 101), contradiction.
Theorem 4.9. If p is a prime, then the congruence x2 + 1 ≡ 0 (mod p)has a solution iff p = 2 or p ≡ 1 (mod 4). (Compare to Theorem 7.1)
Proof. If p = 2, then x = 1 is a solution. If p ≡ 3 (mod 4), then by theremark to Theorem 4.7, no solutions exist. Finally, if p = 4k + 1, then letx = 1 · 2 · · · (2k). Then
x2 ≡ 1 · 2 · · · (2k) · (2k) · · · 2 · 1≡ 1 · 2 · · · (2k) · (−2k) · · · (−2) · (−1) (multiplying by 2k −1s)
≡ 1 · 2 · · · (2k) · (p− 2k) · · · (p− 2) · (p− 1)
≡ (p− 1)! ≡ −1 (mod p).
Theorem 4.10. Let p be a prime such that p ≡ 1 (mod 4). Then thereexist positive integers x and y such that p = x2 + y2.
Proof. By Theorem 4.9, there exists an integer a such that a2 ≡ −1(mod p). Consider the set of integers of the form ax − y, where x and yare integers, 0 ≤ x, y <
√p. The number of possible pairs (x, y) is then
(b√pc + 1)2 > (√
p)2 = p, so by pigeonhole principle, there exist integers0 ≤ x1, x2, y1, y2 <
√p, such that ax1−y1 ≡ ax2−y2 (mod p). Let x = x1−x2
and y = y1 − y2. At least one of x and y is non-zero, and ax ≡ y ⇒ a2x2 ≡
17
−x2 ≡ y2 ⇒ x2 + y2 ≡ 0 (mod p). Thus, x2 + y2 is a multiple of p, and0 < x2 + y2 < (
√p)2 + (
√p)2 = 2p, so x2 + y2 = p.
Theorem 4.11. Let n be a positive integer. Then there exist integersx and y such that n = x2 + y2 iff each prime factor of n of the form 4k + 3appears an even number of times.
Theorem 4.12. The Chinese Remainder Theorem (CRT). If a1, a2, . . . ,ak are integers, and m1, m2, . . . , mk are pairwise relatively prime integers,then the system of congruences
x ≡ a1 (mod m1),
x ≡ a2 (mod m2),
...
x ≡ ak (mod mk)
has a unique solution modulo m1m2 · · ·mk.
Proof. Let m = m1m2 · · ·mk, and consider m/m1. This is relativelyprime to m1, so there exists an integer t1 such that t1 ·m/m1 ≡ 1 (mod m1).Accordingly, let s1 = t1 · m/m1. Then s1 ≡ 1 (mod m1) and s1 ≡ 0(mod mj), j 6= 1. Similarly, for all i, there exists an si such that si ≡ 1(mod mi) and si ≡ 0 (mod mj), j 6= i. Then, x = a1s1 + a2s2 + · · ·+ aksk isa solution to the above system. To see uniqueness, let x′ be another solution.Then x− x′ ≡ 0 (mod mi) for all i ⇒ x− x′ ≡ 0 (mod m1m2 · · ·mk).
Remark. The proof shows explicitly how to find the solution x.
Example 4.9. For a positive integer n, find the number of solutions ofthe congruence x2 ≡ 1 (mod n).
Solution. Let the prime factorization of n be 2epe11 pe2
2 · · · pekk . By CRT,
x2 ≡ 1 (mod n) ⇔ x2 ≡ 1 (mod peii ) for all i, and x2 ≡ 1 (mod 2e). We
consider these cases separately.
We have that x2 ≡ 1 (mod peii ) ⇔ x2−1 = (x−1)(x+1) ≡ 0 (mod pei
i ).But pi cannot divide both x− 1 and x + 1, so it divides one of them; that is,x ≡ ±1 (mod pei
i ). Hence, there are two solutions.
Now, if (x− 1)(x + 1) ≡ 0 (mod 2e), 2 can divide both x− 1 and x + 1,but 4 cannot divide both. For e = 1 and e = 2, it is easily checked that thereare 1 and 2 solutions respectively. For e ≥ 3, since there is at most one factor
18
of 2 in one of x− 1 and x + 1, there must be at least e− 1 in the other, fortheir product to be divisible by 2e. Hence, the only possibilities are x− 1 orx + 1 ≡ 0, 2e−1 (mod 2e), which lead to the four solutions x ≡ 1, 2e−1 − 1,2e−1 + 1, and 2e − 1.
Now that we know how many solutions each prime power factor con-tributes, the number of solutions modulo n is simply the product of these,by CRT. The following table gives the answer:
e Number of solutions0, 1 2k
2 2k+1
≥ 3 2k+2
Theorem 4.11. Let m be a positive integer, let a and b be integers, andlet k = gcd(a, m). Then the congruence ax ≡ b (mod m) has k solutions orno solutions according as k | b or k - b.
Problems
1. Prove that for each positive integer n there exist n consecutive positiveintegers, none of which is an integral power of a prime.
(1989 IMO)
2. For an odd positive integer n > 1, let S be the set of integers x,1 ≤ x ≤ n, such that both x and x + 1 are relatively prime to n. Showthat ∏
x∈S
x ≡ 1 (mod n).
3. Find all positive integer solutions to 3x + 4y = 5z.
(1991 IMO Short List)
4. Let n be a positive integer such that n + 1 is divisible by 24. Provethat the sum of all the divisors of n is divisible by 24.
(1969 Putnam Mathematical Competition)
5. (Wolstenholme’s Theorem) Prove that if
1 +1
2+
1
3+ · · ·+ 1
p− 1
19
is expressed as a fraction, where p ≥ 5 is a prime, then p2 divides thenumerator.
6. Let a be the greatest positive root of the equation x3 − 3x2 + 1 = 0.Show that ba1788c and ba1988c are both divisible by 17.
(1988 IMO Short List)
7. Let {a1, a2, . . . , an} and {b1, b2, . . . , bn} be complete residue systemsmodulo n, such that {a1b1, a2b2, . . . , anbn} is also a complete residuesystem modulo n. Show that n = 1 or 2.
8. Let m, n be positive integers. Show that 4mn−m− n can never be asquare.
(1984 IMO Proposal)
5 Binomial Coefficients
For non-negative integers n and k, k ≤ n, the binomial coefficient(
nk
)is
defined asn!
k!(n− k)!,
and has several important properties. By convention,(
nk
)= 0 if k > n.
In the following results, for polynomials f and g with integer coefficients,we say that f ≡ g (mod m) if m divides every coefficient in f − g.
Theorem 5.1. If p is a prime, then the number of factors of p in n! is⌊n
p
⌋+
⌊n
p2
⌋+
⌊n
p3
⌋+ · · · .
It is alson− sn
p− 1,
where sn is the sum of the digits of n when expressed in base p.
Theorem 5.2. If p is a prime, then(p
i
)≡ 0 (mod p)
20
for 1 ≤ i ≤ p− 1.
Corollary 5.3. (1 + x)p ≡ 1 + xp (mod p).
Lemma 5.4. For all real numbers x and y, bx + yc ≥ bxc+ byc.Proof. x ≥ bxc ⇒ x + y ≥ bxc+ byc ∈ Z, so bx + yc ≥ bxc+ byc.Theorem 5.5. If p is a prime, then(
pk
i
)≡ 0 (mod p)
for 1 ≤ i ≤ pk − 1.
Proof. By Lemma 5.4,
k∑j=1
(⌊i
pj
⌋+
⌊pk − i
pj
⌋)≤
k∑j=1
⌊pk
pj
⌋,
where the LHS and RHS are the number of factors of p in i!(pk − i)! and
pk! respectively. But,⌊
ipk
⌋=⌊
pk−ipk
⌋= 0 and
⌊pk
pk
⌋= 1, so the inequality is
strict, and at least one factor of p divides(
pk
i
).
Corollary 5.6. (1 + x)pk ≡ 1 + xpk(mod p).
Example 5.1. Let n be a positive integer. Show that the product of nconsecutive positive integers is divisible by n!.
Solution. If the consecutive integers are m, m + 1, . . . , m + n− 1, then
m(m + 1) · · · (m + n− 1)
n!=
(m + n− 1
n
).
Example 5.2. Let n be a positive integer. Show that
(n + 1) lcm
((n
0
),
(n
1
), . . . ,
(n
n
))= lcm(1, 2, . . . , n + 1).
(AMM E2686)
Solution. Let p be a prime ≤ n + 1 and let α (respectively β) be thehighest power of p in the LHS (respectively RHS) of the above equality.Choose r so that pr ≤ n + 1 < pr+1. Then clearly β = r. We claim that
if pr ≤ m < pr+1, then pr+1 -(
m
k
)for 0 ≤ k ≤ m. (∗)
21
Indeed, the number of factors of p in(
mk
)is
γ =r∑
s=1
(⌊m
ps
⌋−⌊
k
ps
⌋−⌊
m− k
ps
⌋).
Since each summand in this sum is 0 or 1, we have γ ≤ r; that is, (*) holds.For 0 ≤ k ≤ n, let
ak = (n + 1)
(n
k
)= (n− k + 1)
(n + 1
k
)= (k + 1)
(n + 1
k + 1
).
By (∗), pr+1 does not divide any of the integers(
nk
),(
n+1k
), or
(n+1k+1
). Thus,
pr+1 can divide ak only if p divides each of the integers n + 1, n− k + 1, andk + 1. This implies that p divides (n + 1) − (n − k + 1) − (k + 1) = −1,contradiction. Therefore, pr+1 - ak. On the other hand, for k = pr − 1,we have that k ≤ n and ak = (k + 1)
(n+1k+1
)is divisible by pr. Therefore,
β = r = α.
Theorem 5.7. Lucas’s Theorem. Let m and n be non-negative integers,and p a prime. Let
m = mkpk + mk−1p
k−1 + · · ·+ m1p + m0, and
n = nkpk + nk−1p
k−1 + · · ·+ n1p + n0
be the base p expansions of m and n respectively. Then(m
n
)≡(
mk
nk
)(mk−1
nk−1
)· · ·(
m1
n1
)(m0
n0
)(mod p).
Proof. By Corollary 5.6,
(1 + x)m ≡ (1 + x)mkpk+mk−1pk−1+···+m1p+m0
≡ (1 + x)pkmk(1 + x)pk−1mk−1 · · · (1 + x)pm1(1 + x)m0
≡ (1 + xpk
)mk(1 + xpk−1
)mk−1 · · · (1 + xp)m1(1 + x)m0 (mod p).
By base p expansion, the coefficient of xn on both sides is(m
n
)≡(
mk
nk
)(mk−1
nk−1
)· · ·(
m1
n1
)(m0
n0
)(mod p).
22
Corollary 5.8. Let n be a positive integer. Let A(n) denote the numberof factors of 2 in n!, and let B(n) denote the number of 1s in the binaryexpansion of n. Then the number of odd entries in the nth row of Pascal’sTriangle, or equivalently the number of odd coefficients in the expansion of(1 + x)n, is 2B(n). Furthermore, A(n) + B(n) = n for all n.
Useful Facts
• For a polynomial f with integer coefficients and prime p,
[f(x)]pn ≡ f(xpn
) (mod p).
Problems
1. Let a and b be non-negative integers, and p a prime. Show that(pa
pb
)≡(
a
b
)(mod p).
2. Let an be the last non-zero digit in the decimal representation of thenumber n!. Is the sequence a1, a2, a3, . . . eventually periodic?
(1991 IMO Short List)
3. Find all positive integers n such that 2n | (3n − 1).
4. Find the greatest integer k for which 1991k divides
199019911992
+ 199219911990
.
(1991 IMO Short List)
5. For a positive integer n, let a(n) and b(n) denote the number of binomialcoefficients in the nth row of Pascal’s Triangle that are congruent to 1and 2 modulo 3 respectively. Prove that a(n)− b(n) is always a powerof 2.
6. Let n be a positive integer. Prove that if the number of factors of 2 inn! is n− 1, then n is a power of 2.
23
7. For a positive integer n, let
Cn =1
n + 1
(2n
n
),
and Sn = C1 + C2 + · · ·+ Cn.
Prove that Sn ≡ 1 (mod 3) if and only if there exists a 2 in the base 3expansion of n + 1.
6 Order of an Element
We know that if a is relatively prime to m, then there exists a positive integern such that an ≡ 1 (mod m). Let d be the smallest such n. Then we saythat d is the order of a modulo m, denoted by ordm(a), or simply ord(a) ifthe modulus m is understood.
Theorem 6.1. If a is relatively prime to m, then an ≡ 1 (mod m) ifford(a) | n. Furthermore, an0 ≡ an1 iff ord(a) | (n0 − n1).
Proof. Let d = ord(a). It is clear that d | n ⇒ an ≡ 1 (mod m). Onthe other hand, if an ≡ 1 (mod m), then by the division algorithm, thereexist integers q and r such that n = qd + r, 0 ≤ r < d. Then an ≡ aqd+r ≡(ad)qar ≡ ar ≡ 1 (mod m). But r < d, so r = 0 ⇒ d | n. The second part ofthe theorem follows.
Remark. In particular, by Euler’s Theorem, ord(a) | φ(m).
Example 6.1. Show that the order of 2 modulo 101 is 100.
Solution. Let d = ord(2). Then d | φ(101), or d | 100. If d < 100,then d divides 100/2 or 100/5; that is, d is missing at least one prime factor.However,
250 ≡ 10245 ≡ 145 ≡ 196 · 196 · 14 ≡ (−6) · (−6) · 14 ≡ −1 (mod 101),
and220 ≡ 10242 ≡ 142 ≡ −6 (mod 101),
so d = 100.
Example 6.2. Prove that if p is a prime, then every prime divisor of2p − 1 is greater than p.
24
Solution. Let q | (2p − 1), where q is a prime. Then 2p ≡ 1 (mod q), soord(2) | p. But ord(2) 6= 1, so ord(2) = p. And by Fermat’s Little Theorem,ord(2) | (q − 1) ⇒ p ≤ q − 1 ⇒ q > p.
In fact, for p > 2, q must be of the form 2kp + 1. From the above,ord(2) | (q − 1), or p | (q − 1) ⇒ q = mp + 1. Since q must be odd, m mustbe even.
Example 6.3. Let p be a prime that is relatively prime to 10, and let nbe an integer, 0 < n < p. Let d be the order of 10 modulo p.
(a) Show that the length of the period of the decimal expansion of n/p isd.
(b) Prove that if d is even, then the period of the decimal expansion of n/pcan be divided into two halves, whose sum is 10d/2 − 1. For example,1/7 = 0.142857, so d = 6, and 142 + 857 = 999 = 103 − 1.
Solution. (a) Let m be the length of the period, and let n/p =0.a1a2 . . . am. Then
10mn
p= a1a2 . . . am.a1a2 . . . am
⇒ (10m − 1) n
p= a1a2 . . . am,
an integer. Since n and p are relatively prime, p must divide 10m − 1, so ddivides m. Conversely, p divides 10d−1, so (10d−1)n/p is an integer, with atmost d digits. If we divide this integer by 10d − 1, then we obtain a rationalnumber, whose decimal expansion has period at most d. Therefore, m = d.
(b) Let d = 2k, so n/p = 0.a1a2 . . . akak+1 . . . a2k. Now p divides 10d−1 =102k − 1 = (10k − 1)(10k + 1). However, p cannot divide 10k − 1 (since theorder of 10 is 2k), so p divides 10k + 1. Hence,
10kn
p= a1a2 . . . ak.ak+1 . . . a2k
⇒ (10k + 1) n
p= a1a2 . . . ak + 0.a1a2 . . . ak + 0.ak+1 . . . a2k
is an integer. This can occur iff a1a2 . . . ak+ak+1 . . . a2k is a number consistingonly of 9s, and hence, equal to 10k − 1.
Problems
25
1. Prove that for all positive integers a > 1 and n, n | φ(an − 1).
2. Prove that if p is a prime, then pp−1 has a prime factor that is congruentto 1 modulo p.
3. For any integer a, set na = 101a−100 ·2a. Show that for 0 ≤ a, b, c, d ≤99, na + nb ≡ nc + nd (mod 10100) implies {a, b} = {c, d}.(1994 Putnam Mathematical Competition)
4. Show that if 3 ≤ d ≤ 2n+1, then d - (a2n+ 1) for all positive integers a.
7 Quadratic Residues
Let m be an integer greater than 1, and a an integer relatively prime to m. Ifx2 ≡ a (mod m) has a solution, then we say that a is a quadratic residueof m. Otherwise, we say that a is a quadratic non-residue. Now, let p bean odd prime. Then the Legendre symbol(
a
p
)is assigned the value of 1 if a is a quadratic residue of p. Otherwise, it isassigned the value of −1.
Theorem 7.1. Let p be an odd prime, and a and b be integers relativelyprime to p. Then
(a)(
ap
)≡ a(p−1)/2 (mod p), and
(b)(
ap
)(bp
)=(
abp
).
Proof. If the congruence x2 ≡ a (mod p) has a solution, then a(p−1)/2 ≡xp−1 ≡ 1 (mod p), by Fermat’s Little Theorem. If the congruence x2 ≡ a(mod p) has no solutions, then for each i, 1 ≤ i ≤ p − 1, there is a uniquej 6= i, 1 ≤ j ≤ p − 1, such that ij ≡ a. Therefore, all the integers from 1 top− 1 can be arranged into (p− 1)/2 such pairs. Taking their product,
a(p−1)/2 ≡ 1 · 2 · · · (p− 1) ≡ (p− 1)! ≡ −1 (mod p),
26
by Wilson’s Theorem. Part (b) now follows from part (a).
Remark. Part (a) is known as Euler’s criterion.
Example 7.1. Show that if p is an odd prime, then(1
p
)+
(2
p
)+ · · ·+
(p− 1
p
)= 0.
Solution. Note that 12, 22, . . . , ((p − 1)/2)2 are distinct modulo p,and that ((p + 1)/2)2, . . . , (p − 1)2 represent the same residues, simply inreverse. Hence, there are exactly (p−1)/2 quadratic residues, leaving (p−1)/2quadratic non-residues. Therefore, the given sum contains (p − 1)/2 1s and(p− 1)/2 −1s.
Theorem 7.2. Gauss’s Lemma. Let p be an odd prime and let a berelatively prime to p. Consider the least non-negative residues of a, 2a, . . . ,((p− 1)/2)a modulo p. If n is the number of these residues that are greaterthan p/2, then (
a
p
)= (−1)n.
Theorem 7.3. If p is an odd prime, then(−1p
)= (−1)(p−1)/2; that is,(
−1
p
)=
{1 if p ≡ 1 (mod 4),−1 if p ≡ 3 (mod 4).
Proof. This follows from Theorem 4.9 (and Theorem 7.1).
Theorem 7.4. If p is an odd prime, then(
2p
)= (−1)(p2−1)/8; that is,(
2
p
)=
{1 if p ≡ 1 or 7 (mod 8),−1 if p ≡ 3 or 5 (mod 8).
27
Proof. If p ≡ 1 or 5 (mod 8), then
2(p−1)/2
(p− 1
2
)! ≡ 2 · 4 · 6 · · · (p− 1)
≡ 2 · 4 · 6 · · ·(
p− 1
2
)·(−p− 3
2
)· · · (−5) · (−3) · (−1)
≡ (−1)(p−1)/4
(p− 1
2
)!
⇒ 2(p−1)/2 ≡ (−1)(p−1)/4 (mod p).
By Theorem 7.1,(
2p
)= (−1)(p−1)/4. Hence,
(2p
)= 1 or −1 according as
p ≡ 1 or 5 (mod 8).Similarly, if p ≡ 3 or 7 (mod 8), then
2(p−1)/2
(p− 1
2
)! ≡ 2 · 4 · 6 · · ·
(p− 3
2
)·(−p− 1
2
)· · · (−5) · (−3) · (−1)
≡ (−1)(p+1)/4
(p− 1
2
)!
⇒ 2(p−1)/2 ≡ (−1)(p+1)/4 (mod p).
Hence,(
2p
)= 1 or −1 according as p ≡ 7 or 3 (mod 8).
Example 7.2. Prove that if n is an odd positive integer, then everyprime divisor of 2n − 1 is of the form 8k ± 1. (Compare to Example 6.2)
Solution. Let p | (2n − 1), where p is prime. Let n = 2m + 1. Then
2n ≡ 22m+1 ≡ 2(2m)2 ≡ 1 (mod p) ⇒(
2p
)= 1 ⇒ p is of the form 8k ± 1.
Theorem 7.5. The Law of Quadratic Reciprocity. For distinct oddprimes p and q, (
p
q
)(q
p
)= (−1)
p−12· q−1
2 .
Example 7.3. For which primes p > 3 does the congruence x2 ≡ −3(mod p) have a solution?
Solution. We seek p for which(−3p
)=(−1p
)(3p
)= 1. By quadratic
reciprocity, (3
p
)(p
3
)= (−1)(p−1)/2 =
(−1
p
),
28
by Theorem 7.3. Thus, in general,(−3
p
)=
(−1
p
)(3
p
)=
(p
3
)(−1
p
)2
=
(p
3
).
And, (p3) = 1 iff p ≡ 1 (mod 3). Since p 6≡ 4 (mod 6), we have that x2 ≡ −3
(mod p) has a solution iff p ≡ 1 (mod 6).
Example 7.4. Show that if p = 2n + 1, n ≥ 2, is prime, then 3(p−1)/2 + 1is divisible by p.
Solution. We must have that n is even, say 2k, for otherwise p ≡ 0(mod 3). By Theorem 7.1,(
3
p
)≡ 3(p−1)/2 (mod p).
However, p ≡ 1 (mod 4), and p ≡ 4k + 1 ≡ 2 (mod 3) ⇒(
p3
)= −1, and by
quadratic reciprocity, (3
p
)(p
3
)= (−1)(p−1)/2 = 1,
so (3
p
)= −1 ⇒ 3(p−1)/2 + 1 ≡ 0 (mod p).
Useful Facts
• (a) If p is a prime and p ≡ 1 or 3 (mod 8), then there exist positiveintegers x and y such that p = x2 + 2y2.
(b) If p is a prime and p ≡ 1 (mod 6), then there exist positive integersx and y such that p = x2 + 3y2.
Problems
1. Show that if p > 3 is a prime, then the sum of the quadratic residuesamong the integers 1, 2, . . . , p− 1 is divisible by p.
2. Let Fn denote the nth Fibonacci number. Prove that if p > 5 is a prime,then
Fp ≡(p
5
)(mod p).
29
3. Show that 16 is a perfect 8th power modulo p for any prime p.
4. Let a, b, and c be positive integers that are pairwise relatively prime,and that satisfy a2 − ab + b2 = c2. Show that every prime factor of c isof the form 6k + 1.
5. Let p be an odd prime and let ζ be a primitive pth root of unity; that is,ζ is a complex number such that ζp = 1 and ζk 6= 1 for 1 ≤ k ≤ p− 1.Let Ap and Bp denote the set of quadratic residues and non-residuesmodulo p, respectively. Finally, let α =
∑k∈Ap
ζk and β =∑
k∈Bpζk.
For example, for p = 7, α = ζ + ζ2 + ζ4 and β = ζ3 + ζ5 + ζ6. Showthat α and β are the roots of
x2 + x +1−
(−1p
)p
4= 0.
8 Primitive Roots
If the order of g modulo m is φ(m), then we say that g is a primitive rootmodulo m, or simply of m.
Example 8.1. Show that 2 is a primitive root modulo 3n for all n ≥ 1.
Solution. The statement is easily verified for n = 1, so assume the resultis true for some n = k; that is, 2φ(3k) ≡ 22·3k−1 ≡ 1 (mod 3k). Now, let d bethe order of 2 modulo 3k+1. Then 2d ≡ 1 (mod 3k+1) ⇒ 2d ≡ 1 (mod 3k),so 2 · 3k−1 | d. However, d | φ(3k+1), or d | 2 · 3k. We deduce that d is either2 · 3k−1 or 2 · 3k. Now we require the following lemma:
Lemma. 22·3n−1 ≡ 1 + 3n (mod 3n+1), for all n ≥ 1.This is true for n = 1, so assume it is true for some n = k. Then by
assumption,
22·3k−1
= 1 + 3k + 3k+1m for some integer m
⇒ 22·3k
= 1 + 3k+1 + 3k+2M for some integer M (obtained by cubing)
⇒ 22·3k ≡ 1 + 3k+1 (mod 3k+2).
By induction, the lemma is proved.
Therefore, 22·3k−1 ≡ 1+3k 6≡ 1 (mod 3k+1), so the order of 2 modulo 3k+1
is 2 · 3k, and again by induction, the result follows.
30
Corollary 8.2. If 2n ≡ −1 (mod 3k), then 3k−1 | n.
Proof. The given implies 22n ≡ 1 (mod 3k) ⇒ φ(3k) | 2n, or 3k−1 | n.
Theorem 8.3. If m has a primitive root, then it has φ(φ(m)) (distinct)primitive roots modulo m.
Theorem 8.4. The positive integer m has a primitive root iff m is oneof 2, 4, pk, or 2pk, where p is an odd prime.
Theorem 8.5. If g is a primitive root of m, then gn ≡ 1 (mod m) iffφ(m) | n. Furthermore, gn0 ≡ gn1 iff φ(m) | (n0 − n1).
Proof. This follows directly from Theorem 6.1.
Theorem 8.6. If g is a primitive root of m, then the powers 1, g, g2,. . . , gφ(m)−1 represent each integer relatively prime to m uniquely modulo m.In particular, if m > 2, then gφ(m)/2 ≡ −1 modulo m.
Proof. Clearly, each power gi is relatively prime to m, and there areφ(m) integers relatively prime to m. Also, if gi ≡ gj (mod m), then gi−j ≡1 ⇒ φ(m) | (i − j) by Theorem 8.6, so each of the powers are distinctmodulo m. Hence, each integer relatively prime to m is some power gi
modulo m. Furthermore, there is a unique i, 0 ≤ i ≤ φ(m) − 1, such thatgi ≡ −1 ⇒ g2i ≡ 1 ⇒ 2i = φ(m), or i = φ(m)/2.
Proposition 8.7. Let m be a positive integer. Then the only solutions tothe congruence x2 ≡ 1 (mod m) are x ≡ ±1 (mod m) iff m has a primitiveroot.
Proof. This follows from Example 4.9.
Example 8.2. For a positive integer m, let S be the set of positiveintegers less than m that are relatively prime to m, and let P be the productof the elements in S. Show that P ≡ ±1 (mod m), with P ≡ −1 (mod m)iff m has a primitive root.
Solution. We use a similar strategy as in the proof of Wilson’s Theorem.The result is clear for m = 2, so assume that m ≥ 3. We partition S asfollows: Let A be the elements of S that are solutions to the congruencex2 ≡ 1 (mod m), and let B be the remaining elements. The elements in Bcan be arranged into pairs, by pairing each with its distinct multiplicativeinverse. Hence, the product of the elements in B is 1 modulo m.
The elements in A may also be arranged into pairs, by pairing each with
31
its distinct additive inverse, i.e. x and m − x. These must be distinct,because otherwise, x = m/2, which is not relatively prime to m. Note thattheir product is x(m − x) ≡ mx − x2 ≡ −1 (mod m). Now if m has aprimitive root, then by Proposition 8.7, A consists of only the two elements1 and −1, so P ≡ −1 (mod m). Otherwise, by Example 4.9, the number ofelements of A is a power of two that is at least 4, so the number of such pairsin A is even, and P ≡ 1 (mod m).
Remark. For m prime, this simply becomes Wilson’s Theorem.
Theorem 8.8.(1) If g is a primitive root of p, p a prime, then g or g + p is a primitive
root of p2, according as gp−1 6≡ 1 (mod p2) or gp−1 ≡ 1 (mod p2).(2) If g is a primitive root of pk, where k ≥ 2 and p is prime, then g is a
primitive root of pk+1.
By Theorem 8.6, given a primitive root g of m, for each a relatively primeto m, there exists a unique integer i modulo φ(m) such that gi ≡ a (mod m).This i is called the index of a with respect to the base g, denoted by indg(a)(i is dependent on g, so it must be specified). Indices have striking similarityto logarithms, as seen in the following properties:
(1) indg(1) ≡ 0 (mod φ(m)), indg(g) ≡ 1 (mod φ(m)),
(2) a ≡ b (mod m) ⇒ indg(a) ≡ indg(b) (mod φ(m)),
(3) indg(ab) ≡ indg(a) + indg(b) (mod φ(m)),
(4) indg(ak) ≡ k indg(a) (mod φ(m)).
Theorem 8.9. If p is a prime and a is not divisible by p, then the con-gruence xn ≡ a (mod p) has gcd(n, p−1) solutions or no solutions accordingas
a(p−1)/ gcd(n,p−1) ≡ 1 (mod p) or a(p−1)/ gcd(n,p−1) 6≡ 1 (mod p).
Proof. Let g be a primitive root of p, and let i be the index of a withrespect to g. Also, any solution x must be relatively prime to p, so let u bethe index of x. Then the congruence xn ≡ a becomes gnu ≡ gi (mod p) ⇔nu ≡ i (mod p− 1). Let k = gcd(n, p− 1). Since g is a primitive root of p,k | i ⇔ gi(p−1)/k ≡ a(p−1)/k ≡ 1. The result now follows from Theorem 4.11.
32
Remark. Taking p to be an odd prime and n = 2, we deduce Euler’scriterion.
Example 8.3 Let n ≥ 2 be an integer and p = 2n + 1. Show that if3(p−1)/2 + 1 ≡ 0 (mod p), then p is a prime. (The converse to Example 7.4.)
Solution. From 3(p−1)/2 ≡ 32n−1 ≡ −1 (mod p), we obtain 32n ≡ 1(mod p), so the order of 3 is 2n = p−1, but the order also divides φ(p) ≥ p−1.Therefore, φ(p) = p− 1, and p is a prime.
Example 8.4. Prove that if n = 3k−1, then 2n ≡ −1 (mod 3k). (Apartial converse to Corollary 8.2.)
Solution. By Example 8.1, 2 is a primitive root of 3k. Therefore, 2 hasorder φ(3k) = 2 · 3k−1 = 2n ⇒ 22n ≡ 1 ⇒ (2n − 1)(2n + 1) ≡ 0 (mod 3k).However, 2n − 1 ≡ (−1)3k−1 − 1 ≡ 1 6≡ 0 (mod 3), so 2n + 1 ≡ 0 (mod 3k).
Example 8.5. Find all positive integers n > 1 such that
2n + 1
n2
is an integer.(1990 IMO)
Solution. Clearly, n must be odd. Now assume that 3k‖n; that is, 3k
is the highest power of 3 dividing n. Then 32k | n2 | (2n + 1) ⇒ 2n ≡ −1(mod 32k) ⇒ 32k−1 | n, by Corollary 8.2 ⇒ 2k − 1 ≤ k ⇒ k ≤ 1, showingthat n has at most one factor of 3. We observe that n = 3 is a solution.
Suppose that n has a prime factor greater than 3; let p be the least suchprime. Then p | (2n+1) ⇒ 2n ≡ −1 (mod p). Let d be the order of 2 modulop. Since 22n ≡ 1, d | 2n. If d is odd, then d | n ⇒ 2n ≡ 1, contradiction,so d is even, say d = 2d1. Then 2d1 | 2n ⇒ d1 | n. Also, d | (p − 1), or2d1 | (p−1) ⇒ d1 ≤ (p−1)/2 < p. But d1 | n, so d1 = 1 or d1 = 3. If d1 = 1,then d = 2, and 22 ≡ 1 (mod p), contradiction. If d1 = 3, then d = 6, and26 ≡ 1 (mod p), or p | 63 ⇒ p = 7. However, the order of 2 modulo 7 is 3,which is odd, again contradiction. Therefore, no such p can exist, and theonly solution is n = 3.
Useful Facts
• All prime divisors of the Fermat number 22n+1, n > 1, are of the form
2n+2k + 1.
33
Problems
1. Let p be an odd prime. Prove that
1i + 2i + · · ·+ (p− 1)i ≡ 0 (mod p)
for all i, 0 ≤ i ≤ p− 2.
2. Show that if p is an odd prime, then the congruence x4 ≡ −1 (mod p)has a solution iff p ≡ 1 (mod 8).
3. Show that if a and n are positive integers with a odd, then a2n ≡ 1(mod 2n+2).
4. The number 142857 has the remarkable property that multiplying itby 1, 2, 3, 4, 5, and 6 cyclically permutes the digits. What are othernumbers that have this property? Hint: Compute 142857× 7.
9 Dirichlet Series
Despite the intimidating name, Dirichlet series are easy to work with, and canprovide quick proofs to certain number-theoretic identities, such as Example3.2. Let α be a function taking the positive integers to the integers. Thenwe say that
f(s) =∞∑
n=1
α(n)
ns= α(1) +
α(2)
2s+
α(3)
3s+ · · ·
is the Dirichlet series generating function (Dsgf) of the function α,which we denote by f(s) ↔ α(n). Like general generating functions, thesegenerating functions are used to provide information about their correspond-ing number-theoretic functions, primarily through manipulation of the gen-erating functions.
Let 1 denote the function which is 1 for all positive integers; that is,1(n) = 1 for all n. Let δ1(n) be the function defined by
δ1(n) =
{1 if n = 1,0 if n > 1.
It is easy to check that 1 and δ1 are multiplicative.
34
Now, let α and β be functions taking the positive integers to the integers.The convolution of α and β, denoted α ∗ β, is defined by
(α ∗ β)(n) =∑d|n
α(d)β(n/d).
Note that convolution is symmetric; that is, α ∗ β = β ∗ α.
Theorem 9.1. Let f(s) ↔ α(n) and g(s) ↔ β(n). Then (f · g)(s) ↔(α ∗ β)(n).
We now do three examples. The Dsgf of 1(n) is the well-known RiemannZeta function ζ(s):
ζ(s) =∞∑
n=1
1
ns= 1 +
1
2s+
1
3s+ · · · ,
so ζ(s) ↔ 1(n). This function will play a prominent role in this theory.What makes this theory nice to work with is that we may work with thesefunctions at a purely formal level; no knowledge of the analytic properties ofζ(s) or indeed of any other Dsgf is required.
By Theorem 9.1, the number-theoretic function corresponding to ζ2(s) is∑d|n
1(d)1(n/d) =∑d|n
1 = τ(n).
Hence, ζ2(s) ↔ τ(n). Finally, it is clear that 1 ↔ δ1(n).If α is a multiplicative function, then we can compute the Dsgf corre-
sponding to α using the following theorem.
Theorem 9.2. Let α be a multiplicative function. Then
∞∑n=1
α(n)
ns=∏
p
∞∑k=0
α(pk)
pks=∏
p
[1 + α(p)p−s + α(p2)p−2s + α(p3)p−3s + · · · ],
where the product on the right is taken over all prime numbers.
35
As before, if we take α = 1, then we obtain
ζ(s) =∏
p
(1 + p−s + p−2s + p−3s + · · · )
=∏
p
(1
1− p−s
)=
1∏p(1− p−s)
,
an identity that will be useful.We say that a positive integer n > 1 is square-free if n contains no
repeated prime factors; that is, p2 - n for all primes p. With this in mind, wedefine the Mobius function µ as follows:
µ(n) =
1 if n = 1,0 if n is not square-free, and
(−1)k if n is square-free and has k prime factors.
It is easy to check that µ is multiplicative. By Theorem 9.2, the correspondingDsgf is given by ∏
p
(1− p−s) =1
ζ(s).
Hence, 1/ζ(s) ↔ µ(n), and this property makes the the seemingly mysteriousfunction µ very important, as seen in the following theorem.
Theorem 9.3. (Mobius Inversion Formula) Let α and β be functionssuch that
β(n) =∑d|n
α(d).
Thenα(n) =
∑d|n
µ(n/d)β(d).
Proof. Let f(s) ↔ α(n) and g(s) ↔ β(n). The condition is equivalent toβ = α ∗ 1, or g(s) = f(s)ζ(s), and the conclusion is equivalent to α = β ∗ µ,or f(s) = g(s)/ζ(s).
Theorem 9.4. Let f(s) ↔ α(n). Then for any integer k, f(s − k) ↔nkα(n).
36
For more on Dirichlet series, and generating functions in general, see H.Wilf, Generatingfunctionology.
Problems
1. Let α, β, and γ be functions taking the positive integers to the integers.
(a) Prove that α ∗ δ1 = α.
(b) Prove that (α ∗ β) ∗ γ = α ∗ (β ∗ γ).
(c) Prove that if α and β are multiplicative, then so is α ∗ β.
2. Prove that the following relations hold:
ζ(s− 1)
ζ(s)↔ φ(n),
ζ(s)ζ(s− 1) ↔ σ(n),
ζ(s)
ζ(2s)↔ |µ(n)|.
3. Let the prime factorization of a positive integer n > 1 be pe11 pe2
2 · · · pekk .
Define the functions λ and θ by λ(n) = (−1)e1+e2+···+ek and θ(n) = 2k.Set λ(1) = θ(1) = 1. Show that λ and θ are multiplicative, and that
ζ(2s)
ζ(s)↔ λ(n) and
ζ2(s)
ζ(2s)↔ θ(n).
4. For all positive integers n, let
f(n) =n∑
m=1
n
gcd(m, n).
(a) Show that f(n) =∑
d|n dφ(d).
(b) Let n = pe11 pe2
2 · · · pekk > 1 be the prime factorization of n. Show
that
f(n) =
(p2e1+1
1 + 1
p1 + 1
)(p2e2+1
2 + 1
p2 + 1
)· · ·(
p2ek+11 + 1
pk + 1
).
5. Verify Example 3.2 in one calculation.
37
6. Let id denote the identity function; that is, id(n) = n for all n. Verifyeach of the following identities in one calculation:
(a) φ ∗ τ = σ.
(b) µ ∗ 1 = δ1.
(c) µ ∗ id = φ.
(d) φ ∗ σ = id · τ .
(e) σ ∗ id = 1 ∗ (id · τ).
7. Let a1, a2, . . . , be the sequence of positive integers satisfying∑d|n
ad = 2n
for all n. Hence, a1 = 2, a2 = 22 − 2 = 2, a3 = 23 − 2 = 6, a4 =24 − 2− 2 = 12, and so on. Show that for all n, n | an.
Hint: Don’t use the Dsgf of (an)∞1 ; use the Mobius Inversion Formula.
Bigger Hint: Consider the function f : [0, 1] → [0, 1] defined by f(x) ={2x}, where {x} = x − bxc is the fractional part of x. Find how theformula in the problem relates to the function f (n) = f ◦ f ◦ · · · ◦ f︸ ︷︷ ︸
n
.
8. For all non-negative integers k, let σk be the function defined by
σk(n) =∑d|n
dk.
Thus, σ0 = τ and σ1 = σ. Prove that
ζ(s)ζ(s− k) ↔ σk(n).
10 Miscellaneous Topics
10.1 Pell’s Equations
Pell’s equations (or Fermat’s equations, as they are rightly called) arediophantine equations of the form x2 − dy2 = N , where d is a positive non-square integer. There always exist an infinite number of solutions whenN = 1, which we characterize.
38
Theorem 10.1.1. If (a, b) is the lowest positive integer solution of x2 −dy2 = 1, then all positive integer solutions are of the form
(xn, yn) =
((a + b
√d)n + (a− b
√d)n
2,
(a + b√
d)n − (a− b√
d)n
2√
d
).
We will not give a proof here, but we will verify that every pair indicatedby the formula is a solution.
The pair (xn, yn) satisfy the equations
xn + yn
√d = (a + b
√d)n, and
xn − yn
√d = (a− b
√d)n.
Therefore,
x2n − dy2
n = (xn + yn
√d)(xn − yn
√d)
= (a + b√
d)n(a− b√
d)n
= (a2 − db2)n
= 1,
since (a, b) is a solution.
Remark. The sequences (xn), (yn) satisfy the recurrence relations xn =2axn−1 − xn−2, yn = 2ayn−1 − yn−2.
For x2 − dy2 = −1, the situation is similar. If (a, b) is the least positivesolution, then the (xn, yn) as above for n odd are the solutions of x2− dy2 =−1, and the (xn, yn) for n even are the solutions of x2 − dy2 = 1.
Example 10.1.1 Find all solutions in pairs of positive integers (x, y) tothe equation x2 − 2y2 = 1.
Solution. We find that the lowest positive integer solution is (3,2), soall positive integer solutions are given by
(xn, yn) =
((3 + 2
√2)n + (3− 2
√2)n
2,
(3 + 2√
2)n − (3− 2√
2)n
2√
2
).
The first few solutions are (3,2), (17,12), and (99,70).
39
Example 10.1.2. Prove that the equation x2−dy2 = −1 has no solutionin integers if d ≡ 3 (mod 4).
Solution. It is apparent that d must have a prime factor of the form 4k+3, say q. Then x2 ≡ −1 (mod q), which by Theorem 4.9 is a contradiction.
Problems
1. In the sequence1
2,
5
3,
11
8,
27
19, . . . ,
the denominator of the nth term (n > 1) is the sum of the numeratorand the denominator of the (n − 1)th term. The numerator of the nth
term is the sum of the denominators of the nth and (n−1)th term. Findthe limit of this sequence.
(1979 Atlantic Region Mathematics League)
2. Let x0 = 0, x1 = 1, xn+1 = 4xn − xn−1, and y0 = 1, y1 = 2, yn+1 =4yn − yn−1. Show for all n ≥ 0 that y2
n = 3x2n + 1.
(1988 Canadian Mathematical Olympiad)
3. The polynomials P , Q are such that deg P = n, deg Q = m, have thesame leading coefficient, and P 2(x) = (x2 − 1)Q2(x) + 1. Show thatP ′(x) = nQ(x).
(1978 Swedish Mathematical Olympiad, Final Round)
10.2 Farey Sequences
The nth Farey sequence is the sequence of all reduced rationals in [0,1],with both numerator and denominator no greater than n, in increasing order.Thus, the first 5 Farey sequences are:
0/1, 1/1,0/1, 1/2, 1/1,0/1, 1/3, 1/2, 2/3, 1/1,0/1, 1/4, 1/3, 1/2, 2/3, 3/4, 1/1,0/1, 1/5, 1/4, 1/3, 2/5, 1/2, 3/5, 2/3, 3/4, 4/5, 1/1.
Properties of Farey sequences include the following:
40
(1) If a/b and c/d are consecutive fractions in the same sequence, in thatorder, then ad− bc = 1.
(2) If a/b, c/d, and e/f are consecutive fractions in the same sequence, inthat order, then
a + e
b + f=
c
d.
(3) If a/b and c/d are consecutive fractions in the same sequence, thenamong all fractions between the two, (a + c)/(b + d) (reduced) is theunique fraction with the smallest denominator.
For proofs of these and other interesting properties, see Ross Honsberger,“Farey Sequences”, Ingenuity in Mathematics.
Problems
1. Let a1, a2, . . . , am be the denominators of the fractions in the nth Fareysequence, in that order. Prove that
1
a1a2
+1
a2a3
+ · · ·+ 1
am−1am
= 1.
10.3 Continued Fractions
Let a0, a1, . . . , an be real numbers, all positive, except possibly a0. Then let〈a0, a1, . . . , an〉 denote the continued fraction
a0 +1
a1 + · · ·+1
an−1 +1
an
.
If each ai is an integer, then we say that the continued fraction is simple.Define sequences (pk) and (qk) as follows:
p−1 = 0, p0 = a0, and pk = akpk−1 + pk−2,
q−1 = 0, q0 = 1, and qk = akpk−1 + qk−2, for k ≥ 1.
Theorem 10.3.1. For all x > 0 and k ≥ 1,
〈a0, a1, . . . , ak−1, x〉 =xpk−1 + pk−2
xqk−1 + qk−2
.
41
In particular,
〈a0, a1, . . . , ak〉 =pk
qk
.
Theorem 10.3.2. For all k ≥ 0,
(1) pkqk−1 − pk−1qk = (−1)k−1,
(2) pkqk−2 − pk−2qk = (−1)kak.
Define ck to be the kth convergence 〈a0, a1, . . . , ak〉 = pk/qk.
Theorem 10.3.3. c0 < c2 < c4 < · · · < c5 < c3 < c1.
For a nice connection between continued fractions, linear diophantineequations, and Pell’s equations, see Andy Liu, “Continued Fractions andDiophantine Equations”, Volume 3, Issue 2, Mathematical Mayhem.
Problems
1. Let a = 〈1, 2, . . . , 99〉 and b = 〈1, 2, . . . , 99, 100〉. Prove that
|a− b| < 1
99!100!.
(1990 Tournament of Towns)
2. Evaluate
8
√√√√√2207−1
2207−1
2207− · · ·
.
Express your answer in the form a+b√
cd
, where a, b, c, d are integers.
(1995 Putnam)
10.4 The Postage Stamp Problem
Let a and b be relatively prime positive integers greater than 1. Consider theset of integers of the form ax + by, where x and y are non-negative integers.The following are true:
(1) The greatest integer that cannot be written in the given form is (a −1)(b− 1)− 1 = ab− a− b.
42
(2) There are 12(a − 1)(b − 1) positive integers that cannot be written in
the given form.
(3) For all integers t, 0 ≤ t ≤ ab− a− b, t can be written in the given formiff ab− a− b− t cannot be.
(If you have not seen or attempted this enticing problem, it is stronglysuggested you have a try before reading the full solution.)
Before presenting the solution, it will be instructive to look at an example.Take a = 12 and b = 5. The first few non-negative integers, in rows of 12,with integers that cannot be written in the given form in bold, are shown:
0 1 2 3 4 5 6 7 8 9 10 1112 13 14 15 16 17 18 19 20 21 22 2324 25 26 27 28 29 30 31 32 33 34 3536 37 38 39 40 41 42 43 44 45 46 4748 49 50 51 52 53 54 55 56 57 58 59
With this arrangement, one observation should become immediately ap-parent, namely that bold numbers in each column end when they reach amultiple of 5. It should be clear that when reading down a column, onceone hits an integer that can be written in the given form, then all successiveintegers can be as well, since we are adding 12 for each row we go down. Itwill turn out that this one observation is the key to the solution.
Proof. Define a grapefruit to be an integer that may be written in thegiven form. For each i, 0 ≤ i ≤ a−1, let mi be the least non-negative integersuch that b | (i + ami). It is obvious that for k ≥ mi, i + ak is a grapefruit.We claim that for 0 ≤ k ≤ mi − 1, i + ak is not a grapefruit. It is sufficientto show that i + a(mi − 1) is not a grapefruit, if mi ≥ 1.
Let i + ami = bni, ni ≥ 0. Since i + a(mi − b) = b(ni − a), mi must bestrictly less than b; otherwise, we can find a smaller mi. Then i+a(mi−b) ≤a−1−a = −1, so ni < a, or ni ≤ a−1. Suppose that ax+by = i+a(mi−1) =bni − a, for some non-negative integers x and y. Then a(x + 1) = b(ni − y),so ni − y is positive. Since a and b are relatively prime, a divides ni − y.However, ni ≤ a− 1 ⇒ ni − y ≤ a− 1, contradiction.
Therefore, the greatest non-grapefruit is of the form bni − a, ni ≤ a− 1.The above argument also shows that all positive integers of this form are alsonon-grapefruits. Hence, the greatest non-grapefruit is b(a−1)−a = ab−a−b,proving (1).
43
Now, note that there are mi non-grapefruits in column i. The above tellsus the first grapefruit appearing in column i is nib. Since 0, b, 2b, . . . , (a−1)bappear in different columns (because a and b are relatively prime), and thereare a columns, we conclude that as i varies from 0 to a− 1, ni takes on 0, 1,. . . , a− 1, each exactly once. Therefore, summing over i, 0 ≤ i ≤ a− 1,∑
i
(i + ami) =∑
i
i +∑
i
ami =a(a− 1)
2+ a
∑i
mi
=∑
i
bni =a(a− 1)b
2
⇒ a∑
i
mi =a(a− 1)(b− 1)
2
⇒∑
i
mi =(a− 1)(b− 1)
2,
proving (2).
Finally, suppose that ax1 + by1 = t, and ax2 + by2 = ab − a − b − t, forsome non-negative integers x1, x2, y1, and y2. Then a(x1 +x2)+ b(y1 + y2) =ab− a− b, contradicting (1). So, if we consider the pairs (t, ab− a− b− t),0 ≤ t ≤ (a− 1)(b− 1)/2− 1, at most one element in each pair can be writtenin the given form.
However, we have shown that exactly (a− 1)(b− 1)/2 integers cannot bewritten in the given form, which is the number of pairs. Therefore, exactlyone element of each pair can be written in the given form, proving (3).
Remark. There is a much shorter proof using Corollary 2.4. Can youfind it?
For me, this type of problem epitomizes problem solving in number theory,and generally mathematics, in many ways. If I merely presented the proofby itself, it would look artificial and unmotivated. However, by looking ata specific example, and finding a pattern, we were able to use that patternas a springboard and extend it into a full proof. The algebra in the proofis really nothing more than a translation of observed patterns into formalnotation. (Mathematics could be described as simply the study of pattern.)Note also that we used nothing more than very elementary results, showinghow powerful basic concepts can be. It may have been messy, but one shouldnever be afraid to get one’s hands dirty; indeed, the deeper you go, the
44
more you will understand the importance of these concepts and the subtlerelationships between them. By trying to see an idea through to the end,one can sometimes feel the proof almost working out by itself. The moral ofthe story is: A simple idea can go a long way.
For more insights on the postage stamp problem, see Ross Honsberger,“A Putnam Paper Problem”, Mathematical Gems II.
Problems
1. Let a, b, and c be positive integers, no two of which have a commondivisor greater than 1. Show that 2abc − ab − bc − ca is the largestinteger that cannot be expressed in the form xab + yca + zab, where x,y, and z are non-negative integers.
(1983 IMO)
References
A. Adler & J. Coury, The Theory of Numbers, Jones and Bartlett
I. Niven & H. Zuckerman, An Introduction to the Theory of Numbers,John Wiley & Sons
c© First Version October 1995c© Second Version January 1996c© Third Version April 1999c© Fourth Version May 2000
Thanks to Ather Gattami for an improvement to the proof of the PostageStamp Problem.
This document was typeset under LATEX, and may be freely distributedprovided the contents are unaltered and this copyright notice is not removed.Any comments or corrections are always welcomed. It may not be sold forprofit or incorporated in commercial documents without the express permis-sion of the copyright holder. So there.
45
