Number Theory and Cryptography

Transcription

1 Number Theory and Cryptography Paul Yiu Department of Mathematics Florida Atlantic University Fall 2017 Chapters 1 15 August 21, 2017

2

3 Contents 1 Euclidean Algorithm and Linear Diophantine Equations The gcd of two positive integers Euclidean algorithm and gcd gcd(a, b) as an integer combination of a and b Linear Diophantine equations Representation of integers in a given base Highest power of a prime dividing a factorial Parity of binomial coefficients Prime Numbers Infinitude of prime numbers The sieve of Eratosthenes The Fundamental Theorem of Arithmetic The number-of-divisors function The sum-of-divisors function Perfect numbers Distribution of prime numbers The crude prime number theorem The n-th prime number Bertrand s hypothesis Linear Congruences The ring of residues modulo n The natural mapping Z m Z n Linear congruences Simultaneous linear congruences Implementation of the Chinese remainder theorem The Units in Z n The Euler ϕ-function Wilson s theorem Fermat-Euler theorem The order of an element in Z n Generators of Z pα for an odd prime p

4 CONTENTS Generators ofz 2 α

5 0 CONTENTS

6 Chapter 1 Euclidean Algorithm and Linear Diophantine Equations 1.1 The gcd of two positive integers Given two positive integers a and b, construct a sequence of pairs of integers a i,b i as follows. a 1 = max(a,b) min(a,b), b 1 = min(a,b); a 2 = max(a 1,b 1 ) min(a 1,b 1 ), b 2 = min(a 1,b 1 ); a i+1 = max(a i,b i ) min(a i,b i ), b i+1 = min(a i,b i ); The sequence terminates when (at thenth step),a n = b n for the first time. Then gcd(a,b) = gcd(a 1,b 1 ) = = gcd(a i,b i ) = = a n = b n. 1.2 Euclidean algorithm and gcd The greatest common divisor (gcd) of two positive integers can be found without factorization of the integers, instead by a simple application of the Euclidean algorithm. Theorem 1.1 (Euclidean algorithm). Given integers a and b 0, there are unique integersq and r satisfying a = bq +r, 0 r < b. (1.1) Ifr = 0, we say thatais divisible byb, or simply thatbdividesa, and writeb a. Suppose a = bq +c for integers a, b, c, and q (with q nonzero). It is easy to see that every common divisor ofaandbis a common divisor ofbandc, and conversely. Denote by gcd(a, b) the greatest element of the (nonempty) set of common divisors

7 2 Euclidean Algorithm and Linear Diophantine Equations of a and b. Clearly, if b a, then gcd(a,b) = b. In general, from (1.1), we have gcd(a, b) = gcd(b, r). These observations lead to a straightforward calculation of the gcd of two numbers. To be systematic, we writea = r 2 andb = r 1 (assumed positive). r 2 = r 1 q 0 +r 0, 0 r 0 < r 1 r 1 = r 0 q 1 +r 1, 0 r 1 < r 0, r 0 = r 1 q 2 +r 2, 0 r 2 < r 1, r 1 = r 2 q 3 +r 3, 0 r 3 < r 2,. This division process eventually terminates since the remainders are decreasing, namely, r 2 > r 1 > r 0 > r 1 > r 2 > and yet remain nonnegative. In other words, some r n divides the preceding r n 1 (and leaves a remainder r n+1 = 0). From these,. r n 2 r n 1 q n +r n, 0 r n < r n 1, r n 1 = r n q n+1. gcd(a,b) = gcd(r 1,r 0 ) = = gcd(r n 1,r n ) = r n. Example 1.1. gcd(2 a 1, 2 b 1) = 2 gcd(a,b) 1. Proof. Suppose a = bq +r. Then 2 a 1 = 2 bq+r 1 = 2 bq+r 2 r +(2 r 1) = (2 bq 1)2 r +2 r 1 = (2 b 1)(2 b(q 1) +2 b(q 2) + +2 b +1)2 r +2 r 1. We write this in the form 2 a 1 = (2 b 1)Q+(2 r 1), with Q = 2 b(q 1)+r +2 b(q 2)+r + +2 b+r +2 r, and2 r 1 < 2 b 1. Therefore,gcd(2 a 1, 2 b 1) = gcd(2 b 1, 2 r 1). Continuing, the sequence of divisions beginning with a, b leads to gcd(a,b), whereas the sequence of divisions beginning with 2 a 1, 2 b 1 leads to gcd(2 a 1, 2 b 1), which is clearly 2 gcd(a,b) 1.

8 1.2 Euclidean algorithm and gcd gcd(a,b) as an integer combination of a andb. The above calculation of gcd(a,b) can be retraced to give gcd(a,b) as an integer combination of a and b. Beginning with r 2 = a and r 1 = b, we define two sequences (q k ), (r k ), k = 0,1,2,..., by q k = rk 2 r k 1, r k = r k 2 q k r k 1, for k = 0, 1, 2,.... The sequence (r k ), which we call the Euclidean algorithm sequence for (a,b), eventually terminates at r n. We construct two more sequences (x k ), (y k ), k = 0,1,2...,n, by the same recurrence relation as (r k ), but with different initial values: x k =x k 2 q k x k 1, x 2 = 1, x 1 = 0; y k =y k 2 q k y k 1, y 2 = 0, y 1 = 1. The calculation of gcd(a,b), and its expression in terms of a and b, can be efficiently performed by augmenting the Euclidean algorithm sequence into the Euclidean algorithm table. k n 1 n n+1 q k q 0 q 1 q 2... q n 1 q n q n+1 r k a b r 0 = a q 0 b r 1 = b q 1 r 0 r 2... r n 1 r n 0 x k 1 0 x n+1 y k 0 1 y n+1 1. The sequences(x k ) and(y k ) are alternating sequences: x k = ( 1) k x k, y k = ( 1) k 1 y k. 2. The sequence ( y k ), k = 0,1,2,...,n, is increasing. Since the defining relation ofy k can be rewritten as y k = y k 1 q k + y k 2, y k 2 < y k 1, the sequence y 0, y 1,..., y n is the reversal of a Euclidean algorithm sequence. 3. For eachk n,r k = ax k +by k.

9 4 Euclidean Algorithm and Linear Diophantine Equations Proof. This is clearly true for k = 2 and k = 1. If it is true for k 2 and k 1, then r k = r k 2 q k 1 r k 1 = (ax k 2 +by k 2 ) q k 1 (ax k 1 +by k 1 ) = a(x k 2 q k 1 x k 1 )+b(y k 2 q k 1 y k 1 ) = ax k +by k. Therefore r k = ax k +by k for k n. 4. In particular, gcd(a,b) = r n = ax n +by n. Example 1.2. gcd(12075,6455) = 35 = ( 83). k q k r k x k y k Theorem 1.2. Letpbe a prime number. For every integeranot divisible byp, there exists an integer b such that ab 1 is divisible by p. Proof. If a is not divisible by the prime number p, then gcd(a,p) = 1. There are integers b and c such that ab+pc = 1. It is clear that ab 1 is divisible by p. 1.3 Linear Diophantine equations Theorem 1.3. Leta,b,cbe integers,aandbnonzero, andd := gcd(a,b). Consider the linear Diophantine equation ax+by = c. (1.2) (a) The equation (1.2) is solvable in integers if and only if d divides c. (b) If (x,y) = (x 0,y 0 ) is a particular solution of (1.2), then every integer solution is of the form x = x 0 + b d t, y = y 0 a d t, wheretis an integer. (c) For c = d, a particular solution (x,y) = (x 0,y 0 ) of (1.2) can be found such that x 0 < b and y 0 < a.

10 1.3 Linear Diophantine equations 5 Proof. (a) ( ) Writea = a d andb = b d for integersa andb. Supposeax+by = c for integers x andy. Thenc = (a d)x+(b d)y = d(a x+b y) is divisible by d. ( ) Since d = ax 0 + by 0 for some integers x 0, y 0. If c = c d, then c = a(c x 0 )+b(c y 0 ), and(x,y) = (c x 0,c y 0 ) is a solution of (1.2). (b) Let(x 0,y 0 ) is a solution of (1.2). If ax+by = c, 0 = (ax+by) (ax 0 +by 0 ) = a(x x 0 )+b(y y 0 ) = d(a (x x 0 )+b (y y 0 )), and a (x x 0 )+b (y y 0 ) = 0. Since a and b do not have common divisors, b divides x x 0 and a divides y y 0 respectively. If x x 0 = b t for an integer t, then y y 0 = a t. From these, x = x 0 +b t = x 0 + b d t, y = y 0 a t = y 0 a d t. The sequencex t is an arithmetic progression of common difference b. (c) If (x,y) is a solution of (1.2), then so is (x+ty 0, y tx 0 ) for an arbitrary integer t. The sequence of x is an arithmetic progression of common difference y 0. Corollary 1.4. If (x 0,y 0 ) is a particular solution of ax + by = c, the number of nonnegative integer solutions is d a y 0 d b x (1.3) Proof. Forx 0 and y 0, d b x 0 t d a y 0. The number of integers t satisfying this condition is given by (1.3) above. Example 1.3. We apply this to find the coefficient of t 18 in the expansion of f(t) = 1 (1 t 2 )(1 t 3 )(1 t 5 ). This coefficient is the number of solutions of 2x + 3y + 5z = 18 in nonnegative integers x,y,z. For eachz = 0,1,2,3, we have a linear Diophantine equation 2x+3y = 18 5z. In each case,(a,b) = (2,3), d = 1. The number of points in the first quadrant is y0 N z := x 0 +1, 3 2

11 6 Euclidean Algorithm and Linear Diophantine Equations where (x 0,y 0 ) satisfies2x 0 +3y 0 +5z = 18. z equation (x 0,y 0 ) N z 0 2x+3y = 18 (9,0) 4 1 2x+3y = 13 (5,1) 2 2 2x+3y = 8 (4,0) 2 3 2x+3y = 3 (0,1) 1 The total number of solutions is = 9. This is the coefficient of t 18 in the expansion off(t). Example 1.4. Find the largest positive integer which cannot be written in the form 7x+11y for integers x,y 0. LetS := {7x+11y : x,y nonnegative integers}. Arrange the positive integers in the form Observations: (i) Every number in the bottom row, being a positive multiple of7, is in S. (ii) Among the first 11 columns, along each of the first 6 rows, there is a unique entry (with asterisk) which is a multiple of11. This entry (with asterisk), and those on its right along the row, are ins. (iii) None of the entries on the left of an entry with asterisk is ins. (iv) The entries with asterisks are on different columns. (v) The rightmost entry with an asterisk is 66. From this, the largest integer not in S is 66 7 = Representation of integers in a given base Given any positive integer b > 1, every positive integer n has a unique representation of the form n = c k b k +c k 1 b k 1 + +c 1 b+c 0 for nonnegative integers c 0,c 1,...,c k < b with c k nonzero. We usually write n = (c k c k 1 c 1 c 0 ) b and call this the basebexpansion of n.

12 1.5 Highest power of a prime dividing a factorial 7 Example 1.5 (Computation of high power by successive squaring and multiplication). Given an integer a and a large positive integer n, the computation of a n can be drastically simplified by making use of the binary expansion ofn. Suppose where each digit j is either 0 or 1. n = (j k j k 1 j 2 j 1 j 0 ) 2 i j i a 2j i 0 j 0 a 1 j 1 a 2 2 j 2 a 4. k 1 j k 1 a 2j k 1 k j k a 2j k Beginning with a, the entries in the third column are obtained by successive squaring. Then a n can be obtained by multiplying the entries in the third column corresponding to the 1 s in the middle column. 1.5 Highest power of a prime dividing a factorial Letpbe a prime. We define ν p (n) := max{k N : p k divides n}, and call this the exponent of p in the factorization ofn. The exponent of 2 in 18! is, counting the asterisks along the rows in the matrix below, = Proposition 1.5. The exponent of a prime p in n! is ν p (n!) = n n n + + p p 2 p 3 + = n α p(n), p 1 where α p (n) is the sum of the digits in the base p expansion ofn.

13 8 Euclidean Algorithm and Linear Diophantine Equations Proof. Let n = (a k a k 1 a 1 a 0 ) p be the base p expansion of n. The exponent of the highest power of p dividing n! is the sum of the following numbers: a k a k 1 a k 2 a 2 a 1 a k a k 1 a 3 a 2 a k a 4 a 3 a k a k 1 a k Beginning with the top right hand corner, the sum of the entries along the j-diagonal is a j(p j 1) p 1. The sum of these numbers is ν p (n!) = a k(p k 1)+a k 1 (p k 1 1)+ +a 1 (p 1)+a 0 (1 1) p 1 = (a kp k +a k 1 p k 1 + +a 1 p+a 0 ) (a k +a k 1 + +a 1 +a 0 ) p 1 = n α p(n), p 1 where α p (n) is the sum of the digits in the basepexpansion ofn. Corollary 1.6. ν 2 (n!) = n α(n), where α := α 2 (n) is the number of ones in the binary expansion ofn. Theorem ( 1.7 (Kummer). The exponent of a prime p in the binomial coefficient a+b ) ( a = a+b ) b is equal to the number of carries in the base p addition ofaand b. Proof. Suppose in base p expansion, a = (a k a k 1 a 1 a 0 ) p, b = (b k b k 1 b 1 b 0 ) p, a+b = (c k c k 1 c 1 c 0 ) p. Here, we assumec k 0. Forj = 0,1,...,k, let { 1, if there is a carry in position j, ε j = 0, if there is no carry in position j. Note thatϕ k = 0. We shall also setϕ 1 = 0 for convenience. In the basepaddition ofaandb, c j = a j +b j ϕ j p+ϕ j 1 for j = 0,1,...,k. Adding these equations we obtain α p (a+b) = α p (a)+α p (b) p k ϕ j + j=0 k ϕ j 1. j=0

14 1.5 Highest power of a prime dividing a factorial 9 Note thatϕ := k j=0 ϕ j is the number of carries. Also, k j=0 ϕ j 1 = k 1 j= 1 ϕ j = k j=0 ϕ j = ϕ sinceϕ 1 = ϕ k = 0. This shows that α p (a+b) = α p (a)+α p (b) (p 1)ϕ, and (( )) a+b ν p = a+b α p(a+b) a α p(a) b α p(b) a p 1 p 1 p 1 = α p(a)+α p (b) α p (a+b) p 1 = (p 1)ϕ = ϕ, p 1 the number of carries in the base p addition of a and b Parity of binomial coefficients Theorem 1.8 (Lucas). Leta = (a k a k 1 a 1 a 0 ) 2 andb = (b k b k 1 b 1 b 0 ) 2 be the binary expansions of positive integers a b. The binomial coefficient ( a b) is odd if and only if for eachj = 0,1,...,k, a j = 1 whenever b j = 1. Proof. Leta = b+c for a nonnegative integercwith binary expansion(c k c k 1 c 1 c 0 ) 2. By Kummer s theorem, ( a b) is odd if and only if there is no carries in the binary addition of b+c = a. This means that a j = b j +c j for j = 0,1,...,k. So, if b j = 1, then a j must also be 1. Example 1.6. ( ) = is odd since 35 = On the other hand, ( Exercise ) 55 = is even since 25 = Show that (n!+1,(n+1)!+1) = The Fibonacci numbers F n are defined recursively by F n = F n 1 +F n 2, F 0 = 0, F 1 = 1. Show that gcd(f m,f n ) = F gcd(m,n). 3. (a 2m +1,a 2n +1) = 1 or 2 according asais even or odd. 1 1 Consequently, any two Fermat numbers are relatively prime. It also follows that there are infinitely many primes.

15 10 Euclidean Algorithm and Linear Diophantine Equations 4. Find a parametrization of the integer points on the line 5x+12y = In how many ways can a number of 49-cents and 110-cents stamps were purchased with exactly 40 dollars? Is it possible to buy these with exactly 20 dollars? 6. Somebody received a check, calling for a certain amount of money in dollars and cents. When he went to cash the check, the teller made a mistake and paid him the amount which was written as cents, in dollars, and vice versa. Later, after spending $3.50, he suddenly realized that he had twice the amount of the money the check called for. What was the amount on the check? 7. Given relatively prime integers a and b, what is the largest integer which cannot be written as ax+by for nonnegative integers x andy? 8. (a). Multiply in base 2: and (b). Let h k be positive integers. Multiply in base 2 the numbers 11 1 (h 1 s) and11 1 (k 1 s). Distinguish between the casesh = k andh > k. 9. Solve the equation(b x 1)(b y 1) = b z +1 for positive integersb > 1,x,y,z. 10. Multiply in base 7: [12346] 7 [06] 7 = [12346] 7 [15] 7 = [12346] 7 [24] 7 = [12346] 7 [33] 7 = [12346] 7 [42] 7 = [12346] 7 [51] 7 = 11. Find all positive integers n such that n is a square. 12. Ask your friend to write down a polynomial f(x) with nonnegative integer coefficients. Ask her for the value of f(1). She returns 7. Ask her for the value of f(8). She returns What is the polynomial? 13. (a) What is the highest power of 2 dividing 100!? (b) What is the highest power of 2 dividing the binomial coefficient ( )? 14. Prove that for n 5, there are ν 5 (n!) zeros in the tail of n!. 15. How many zeros are there in the end of the decimal expansion of 1000!.

16 Chapter 2 Prime Numbers 2.1 Infinitude of prime numbers A positive integer > 1 is prime if it is not divisible by any positive integer other than 1 and itself. Theorem 2.1 (Euclid). There are infinite many prime numbers. Proof. If p 1,p 2,...,p k were all the primes, the number p 1 p 2 p k +1, not being divisible by any of them, should admit a prime factor different from any of them. This is clearly a contradiction. 2.2 The sieve of Eratosthenes If N is not a prime number, it must have a factor N. Given an integer N, to determine all the prime numbers N, we proceed as follows. Start with the sequence 2,3,4,5,6,...,N, with each entry unmarked, and the setp =. (1) Note the smallest entry a of the sequence that is not marked. (2) If a N, mark each entry of the sequence which is a multiple of a, but not equal to a, and replace P by P {a}. (3) If a > N, stop. The set P now consists of the totality of prime numbers N.

17 12 Prime Numbers Primes below

18 2.3 The Fundamental Theorem of Arithmetic The Fundamental Theorem of Arithmetic Lemma 2.2. Letpbe a prime. If p ab, thenp a or p b. Proof. Write ab = pc for an integer c. Supposep a, thengcd(a,p) = 1. There are integersxandy such thatax+py = 1. From this, is divisible by p. b = (ax+py)b = (ab)x+p(by) = (pc)x+p(by) = p(cx+by) Theorem 2.3. Every positive integer > 1 is uniquely a product of powers of prime numbers. Proof. (Existence) This follows easily from the fact that every integer> 1 is either a prime or a product of primes. (Uniqueness) Suppose N = p 1 p 2 p h, N = q 1 q 2 q k, for prime numbers p 1,..., p h, andq 1,..., q k satisfying p 1 p 2 p h and q 1 q 2 q k. We must have h = k and p i = q i for eachi = 1,...,h. If this is not true, there must be a least positive integer N with two distinct factorizations as above. Note that none of the primes p 1,..., p h is equal to any of the primes q 1,..., q k, for if there is a common prime p in the two lists, then N/p is a smaller positive integer with two different prime factorizations. This contradicts the minimality of N. Now we may assumep 1 > q 1. Consider the number N = (p 1 q 1 )p 2 p h. Clearly,p 1 q 1 is not divisible byq 1. Therefore the primeq 1 does not appear in this factorization of N. On the other hand, if we rewrite N = p 1 p 2 p h q 1 p 2 p h = q 1 q 2 q k q 1 p 2 p h = q 1 (q 2 q k p 2 p h ), we have a factorization containing the prime divisorq 1. Hence the numbern < N has non-unique factorizations into primes. This again contradicts the minimality of N.

19 14 Prime Numbers 2.4 The number-of-divisors function The number-of-divisors function: d(n) := {d N : d n}. Lemma 2.4. Letaand b be relatively prime, and leta b divide ab. (a) If a is relatively prime tob, then a is a divisor ofa. (b) Ifb is relatively prime to a, thenb is a divisor of b. Proof. Suppose ab = a b c for some integer c. It is enough to prove (a). If a is relatively prime to b, then there are integers x and y such that a x+by = 1. From this, a = a(a x+by) = a (ax)+(ab)y = a (ax)+(a b c)y = a (ax+b cy). This shows that a divides a. Corollary 2.5. Let a and b be relatively prime. Every divisor of ab is of the form a b, with a a andb b. Proposition 2.6. The number-of-divisors function is multiplicative, i.e., if a and b are relatively prime, then d(ab) = d(a)d(b). Proposition 2.7. Letpbe a prime. d(p k ) = k +1. Proof. The divisors of p k are p h for h = 0,...,k. Example 2.1. Find the least number n with d(n) = 12. Since 12 = 6 2 = 4 3 = 3 2 2, Ifd(n) = 12, n has one of the factorizations: p 11, p 5 q, p 3 q 2, p 2 qr for prime numbers p,q,r. The smallest is = 60. Example 2.2. In how many ways can 1 be written as n x y andy? If = 1, we obtain, by clearing denominators, x y n for positive integers x (x n)(y n) = n 2. Therefore each factorization ofn 2 into a productab witha b determines uniquely x y with 1 x + 1 y = 1 n. There are exactly 1 2 (d(n2 )+1) pairs.

20 2.5 The sum-of-divisors function The sum-of-divisors function The sum-of-divisors function: σ(n) := d n d. Proposition 2.8. The sum-of-divisors function is multiplicative, i.e., if a and b are relatively prime, then σ(ab) = σ(a)σ(b). Proof. Letaandbbe relatively prime integers. σ(ab) = d = = d ab h a,k bhk h k = h a k b h a hσ(b) = h a h σ(b) = σ(a)σ(b). Proposition 2.9. Letpbe a prime. σ(p k ) = 1+p+ +p k = pk+1 1 p Perfect numbers A numbernis perfect if it is equal to the sum of all its proper divisors, including1. Equivalently,nis perfect ifσ(n) = 2n. Thus,6 = 1+2+3,28 = are perfect numbers. Theorem 2.10 (Euclid). Let p be a prime number such that M p = 2 p 1 is prime. Then the number E P := 2 p 1 M p is perfect. Proof. IfM p is prime, it clearly does not divide 2 p 1. σ(e p ) = σ(2 p 1 M p ) = σ(2 p 1 )σ(m p ) = (2 p 1)(M p +1) = M p 2 p = 2E p, showing thate p is perfect. Theorem 2.11 (Euler). If n is an even perfect number, then n = 2 k 1 (2 k 1) for some integer k and M k = 2 k 1 is prime. Proof. Write n = 2 k 1 q,q odd. Since n is perfect, 2 k q = 2n = σ(n) = σ(2 k 1 )σ(q) = (2 k 1)σ(q). From this, σ(q) = q + q 2 k 1. Since σ(q) is an integer, 2k 1 must be a divisor of q. Indeed, we must have 2 k 1 = q, for otherwise q would have other positive divisors, which should enter into the sum σ(q). It follows that σ(q) = q + 1, and this means thatq = 2 k 1 is a prime.

21 16 Prime Numbers The number M k is called the k-th Mersenne number. It is easy to see that M k is prime only if k is prime. The converse is not true. For example M 11 = 2047 = It is not known if there are infinitely many Mersenne primes, equivalently perfect numbers. Here are the records of Mersenne primes. k Year Discoverer k Year Discoverer 2 Ancient 3 Ancient 5 Ancient 7 Ancient 13 Ancient P.A.Cataldi P.A.Cataldi L.Euler I.M.Pervushin R.E.Powers E.Fauquembergue E.Lucas R.M.Robinson R.M.Robinson R.M.Robinson R.M.Robinson R.M.Robinson H.Riesel A.Hurwitz A.Hurwitz D.B.Gillies D.B.Gillies D.B.Gillies B.Tuckerman C.Noll, L.Nickel C.Noll H.Nelson, D.Slowinski D.Slowinski W.N.Colquitt, L.Welsch D.Slowinski D.Slowinski D.Slowinski,P.Gage D.Slowinski Slowinski and Gage Armengaud, Woltman et al Spence, Woltman, et.al Clarkson et. al Hajratwala et. al Cameron, Woltman, Michael Shafer Findlay Nowak Cooper, Boone et al Cooper, Boone et al The most recently discovered Mersenne primes M and M have 17,425,170 and22,338,618 digits and are the largest known primes. Exercise 1. d(n) is an odd number if and only ifnis a square. 2. Find the least number n with d(n) = Find the least number n with d(n) = Show that3,5,7form the only prime triple, i.e., the only triplep,p+2,p+4 in which all three numbers are prime. 5. Given any integerk 2, it is always possible to find a sequence ofk consecutive integers which are all composites.

22 2.6 Perfect numbers If n is a positive integer, does there exist a positive integer k such that the sequence k +1, 2k +1, 3k +1,...,nk +1 consists only of composite numbers? 7. Prove that in the infinite sequence of integers there is no prime number , , , If n = k i=1 pa i i is the prime factorization of n, then n has altogether d(n) = k i=1 (1+a i) divisors. 9. Find all sequences of 49 consecutive integers whose squares add up to a square. 10. Prove that for n 2, n is never an integer. 11. (a) Show that 2 is not a rational number. (b) More generally, for an integer N, N is a rational number if and only if N is the square of an integer. 12. Show thatσ(n) = 2 k if and only ifnis a product of distinct Mersenne primes.

23 18 Prime Numbers 2.7 Distribution of prime numbers We study the functions and p n := the n th prime number, π(x) := {p : 1 < p x, p prime}, the number of primes x. We shall establish the following results. Theorem 2.12 (Crude prime number theorem). There are constants c 1,c 2 > 0 such that c 1 x logx < x π(x) < c 2 (A) (B) logx. Theorem There are constants c 3,c 4 > 0 such that c 3 nlogn < p n < c 4 nlogn. (C) (D) Theorem 2.14 (Betrand s hypothesis). If n 2, there is a prime p satisfying n < p 2n. The proofs of these theorems depend on some preliminary results. Lemma For every positive integern, p < 4 n. p n Proof. This is clearly true of n = 1,2. Assume it is true for 1,2,...,n 1,n 3. Ifnis even, then p = p 4 n 1 < 4 n. p n p n 1 Now suppose n is odd. We write n = 2m+1. The binomial coefficient ( ) 2m+1 = (2m+1)! m m!(m+1)! is divisible by every prime p with m+2 p 2m+1. Hence, ( ) 2m+1 ( ) 2n+1 p p < 4 m+1. m m p 2m+1 p m+1 But the numbers ( ) ( 2m+1 m = 2m+1 m+1), and both occur in (1+1) 2m+1. Therefore, ( ) 2m+1 1 m 2 22m+1 = 4 m,

24 2.7 Distribution of prime numbers 19 and p 2m+1 This completes the induction. p < 4 m 4 m+1 = 4 2m+1. Lemma If n 3, the central binomial coefficient ( 2n n) has no prime divisor in the interval ( 2 n, n]. 3 Proof. Let p be a prime satisfying 2 n < p n. p and 2p are the only multiples of 3 p not exceeding2n. Therefore,ν p ((2n)!) = 2. Also,ν p (n!) = 1. It follows that ν p (( 2n n )) = ν p ( (2n)! (n!) 2 ) = 0. Lemma For any real number x, x 0 x Proof. Write x = { x x 2}. (i) If 0 { } x 2 < 1, then 2 x { x x = } with 0 2 { x 2} < 1, and x = 2 x 2. (ii) If 1 { x 2 2} < 1, then ( x ) ( { x ) x = , 2 2} with 0 2 { x 2} 1 < 1, and x x = The crude prime number theorem For every prime number p 2n, there is a unique integer r p = r p (n) such that i.e., p rp is the highest power of p 2n. p rp 2n < p rp+1, 1. n<p 2n p divides ( 2n n). This is clear.

25 20 Prime Numbers 2. ( ) 2n n divides p 2n prp. Proof. (( )) 2n ν p = ν p ((2n)!) 2ν p (n!) n r p r 2n p n = 2 = m=1 r p m=1 r p m=1 = r p. p m p m m=1 p m p m ( ) 2n n 2 1 Therefore, n π(2n) π(n) < (i) n<p 2n p < ( ) 2n p rp (2n) π(2n). n (ii) p 2n (i) The second term has π(2n) π(n) factors each greater than n. (ii) The last second term hasπ(2n) terms each less than 2n. Therefore, (π(2n) π(n))logn log (a) ( Now,2 n < 2n ) n < 2 2n. (i) (ii) Proof. (i) ( ) 2n n = (n+1)(n+2) (2n) 1 2 n (ii) ( ) 2n n < 2n From (b), Therefore, k=0( 2n k) = (1+1) 2n = 2 2n. π(2n)log2n log ( ) 2n π(2n) log 2n. n (b) = n n+k k=1 n k k=1 2 = 2n. ( ) 2n log2 n = nlog2. n π(2n) nlog2 log2n. ( x x 2 log2 x π(x) π 2 2 ) log2 2 log2 x logx 2 This proves (A). > c 1 x logx.

26 2.7 Distribution of prime numbers 21 Proof of (B) From (a), If y 4, ( ) 2n (π(2n) π(n))logn log < 2nlog2 n = π(2n) π(n) < n(2log2) logn. ( y ( y π(y) π = π(y) π 2) ( 2 ) y = π( y ) π 2 ) y ( y π(1+2 ) π ( 2 2 ) y ( y 1+π 2 π 2 ) 2 ) y 2 c log y. 2 With y = x and2 m x,m 0, this becomes 2 m 2 ( x ) π log x ( x ) 2 m 2 π log m 2 m+1 Summing overm, we have π(x)logx π x 2 m+1 < c ( x 2 µ+1 ) log x 2 µ+1 < 2c x, x 2 m. where 2 µ x < 2 µ+1 x. But < 2, so that π ( ) x 2 2 µ+1 2 = 0, and we have µ+1 π(x)logx < c 2 x. This proves (B) The n-th prime number If in the crude prime number theorem x c 1 logx < x π(x) < c 2 (A) (B) logx, we put x = p n, thenπ(x) = n and this becomes Since p n > n, we have c 1 p n p n < n < c 2. logp n logp n p n > 1 c 2 nlogp n > 1 c 2 nlogn = c 3 nlogn.

27 22 Prime Numbers This proves (C). Proof of (D). Givenc 1, logpn pn < c 1 for sufficiently largen. Together with (*), we have logp n < c 1 < nlogp n. pn p n Therefore, 1 pn < n p n = p n < n = p n < n 2. It follows that logp n < 2logn and This proves (D). p n < nlogp n c 1 < 2nlogn c 1 = c 4 nlogn. 2.8 Bertrand s hypothesis Theorem For every integer n 2, there is a prime number between n and 2n. Proof. Consider the central binomial coefficient ( 2n n). It does not have any prime divisor in the range ( 2 n, n]. If there is no prime betweennand2n, then the prime 3 divisors of ( ) ( 2n n are all in 1, 2 n]. 3 Let p 2n be a prime, and 3 pe is the highest power of p dividing ( 2n n). Then p 2 2n. If e 2, then p 2 2n and p 2n. There are at most 2n primes in ( ) 2n n with exponent larger than 1. In each case,p e < 2n. Hence, ( ) 4 n 2n 2n+1 (2n) 2n p < (2n) 2n 4 2n/3. n Since2n+1 < (2n) 2, we have Taking logarithms, we have Now the function p 2p/3 4 n/3 < (2n) 2n +2 (2n) 2n+2. log4 3 n < ( 2n+2)log2n. f(x) := ( 2x+2)log(2x) is concave: f (x) = 8+ 2xlog(2x). Its graph intersects the line y = log4 x at two 4x 2 3 points x 0 and x 1. The inequality is true only when n lies in (x 0, x 1 ). These two

28 2.8 Bertrand s hypothesis 23 intersections arex andx Therefore, the inequality is false for n 512. For n 512, it is easy to see the chain of primes completes the claim of Bertrand s hypothesis: 2, 3, 5, 7, 13, 23, 43, 83, 163, 317, 557.

29 24 Prime Numbers

30 Chapter 3 Linear Congruences 3.1 The ring of residues modulo n Letn > 1 be a positive integer. We define the congruence relation modulonon the set of integers: a b (mod n) if and only if a b = nq for some q Z. Proposition 3.1. The congruence relation modulo n is an equivalence relation in the setzof integers. Proof. (i) It is reflexive: a a (mod n) for every integer a. (ii) It is symmetric. If a b (mod n), then a b = nq for some integer q. It follows that b a = n( q), and q is an integer. Therefore, b a (mod n). (iii) It is transitive. If a b (mod n) and b c (mod n), then a b = nq and b c = nq for integers q, q. It follows that q + q is an integer and a c = (a b)+(b c) = nq +nq = n(q +q ), anda c (mod n). For each integer x, we write [x] n := {y Z : y x (mod n)} and call this the congruence or residue class ofx (mod n), and Z n := {[x] n : x Z}. There are altogether n distinct residue classes, represented by 0, 1,..., n 1. We shall simply write [x] for [x] n when the base integer n is clear from context. The arithmetic operations of integers respect the congruence relation modulo n, i.e., ifa a (mod n) andb b (mod n), then (i) a±b a ±b (mod n), (ii) ab a b (mod n). Thus, there are an addition and a multiplication in the setz n given by [a]+[b] = [a+b] and [a] [b] = [ab].

31 26 Linear Congruences Clearly, the additive and multiplicative identities are the residue classes [0] and [1] respectively. We summarize these by saying thatz n is a ring. Proposition 3.2. [a] Z n has an inverse if and only ifgcd(a,n) = 1. An element of Z n with an inverse is called a unit in Z. The units in Z n form a multiplicative group Z n := {[a] Z : [a][b] = [1] for some [b] Z n }. Ifpis a prime, then Z p = Z p \{0}. Proposition 3.3. Z n is a field if and only if n is a prime The natural mappingz m Z n Proposition 3.4. The function f : Z m Z n given by f([x] m ) = [x] n is well defined if and only ifmis divisible by n. Proof. ( ) If f is well-defined, then [m] n = f([m] m ) = f([0] m ) = [0] n = m 0 (mod n), andmis divisible byn. ( ) Supposemis divisible byn. If[x] m = [x ] m, thenx x is divisible bym, and therefore by n. This means that f([x] m ) = [x] n = [x ] n = f([x ] m ), and f is well-defined. If m is divisible by n, the natural mapping f : Z m Z n is a surjective ring homomorphism. This means that (i) f is onto, (ii) f([x]+[x ]) = f([x])+f([x ]), (iii) f([x][x ]) = f([x])f([x ]). 3.2 Linear congruences Proposition 3.5. The linear congruence ax b (mod n) is solvable if and only if gcd(a, n) b. Proof. Necessity: If ax+b = ny for some integers x and y, ax+n( y) = b. It follows thatgcd(a,n) b. Sufficiency: If d := gcd(a,n) b, we write d = ap + nq and b = dr for some integers p, q, r. From these, a(pr) + n(qr) = (ap + nq)r = dr = b, and with x pr (mod n), we have ax b (mod n).

32 3.3 Simultaneous linear congruences Simultaneous linear congruences An ancient Chinese problem: solve the simultaneous congruences x 2 (mod 3), x 3 (mod 5), x 2 (mod 7). Solution. It is easier to solve the following analogous problems: (1) x 1 (mod 3), x 0 (mod 5), x 0 (mod 7). (2) x 0 (mod 3), x 1 (mod 5), x 0 (mod 7). (3) x 0 (mod 3), x 0 (mod 5), x 1 (mod 7). For problem (1), we must have x 0 (mod 35). Since 35 2 (mod 3), and 70 1 (mod 3), we may choose x 1 = 70 for a solution of the first problem. Similarly, for problem (2), x 0 (mod 21). Since 21 1 (mod 5), we may choose x 2 = 21 for a solution of the second problem. For problem (3), x 0 (mod 15), and we may choosex 3 = 15 for a solution. Using these, we can find a solution to the original problem: x = 2x 1 + 3x 2 + 2x 3 = 233. Since the least common multiple of 3,5,7 is 105, we may reduce this modulo 105, and obtain x 23 (mod 105) for the solution. Theorem 3.6 (Chinese Remainder Theorem). Let n 1,n 2,...,n k be pairwise relatively prime integers. For arbitrary integersa 1,a 2,...,a k, the system of simultaneous congruences x a 1 (mod n 1 ), x a 2 (mod n 2 ),. x a k (mod n k ) has a unique solution modulo n 1 n 2 n k. Proof. For each i = 1, 2,..., k, the system of simultaneous linear congruences x 0 (mod n 1 ),...,x 1 (mod n i ),...,x 0 (mod n k ), (with 1 in the i-th congruence and 0 in the remaining k 1 congruences) has a unique solutionx i (mod n 1 n 2 n i n k ). The original problem has solutionx a 1 x 1 + +a k x k (mod n 1 n 2 n k ) Implementation of the Chinese remainder theorem LetM andn be relatively prime positive integers, withm > N. Givenaandb, to solve the simultaneous congruences { x a (mod M), x b (mod N),

33 28 Linear Congruences we make use of the Euclidean algorithm sequence r 0, r 1,..., r n, for (M, N) and the two associated sequences x 0, x 1,..., x n, y 0, y 1,..., y n. Note that 1 = gcd(m,n) = r n = Mx n +Ny n. We claim that the solution of the simultaneous congruences is x Mx n b+ny n a (mod MN). Proof. x Mx n b+ny n a Mx n b+(1 Mx n )a a (mod M), x Mx n b+ny n a (1 Ny n )b+ny n a b (mod N). Example 3.1. Solve the simultaneous congruences { x 16 (mod 23), x 9 (mod 19). Solution. The Euclidean algorithm sequence for (23, 19) and the associated sequences are k q k r k x k y k Since gcd(23,19) = 1 = ( 6), the solution of the simultaneous congruences is x ( 6) (mod 437). The rightmost nonzero digit ofn! We have known that for n 5, the decimal expansion of n! ends in ν 5 (n!) = n α 5 (n) 4 zeros. We find the nonzero digit before this tail of zeros. Write n = c k 5 k +c k 1 5 k 1 + +c 1 5+c 0 for integers c 0, c 1,..., c k 1, c k between 0 and 4. It is enough to find n! 5 ν 5 (n!) modulo 5.

34 3.3 Simultaneous linear congruences 29 Note that modulo 5, n! 5 = ((c kc k 1 c 1 c 0 ) 5 )! ν 5(n!) 5 ν 5(((c k c k 1 c 1 c 0 ) 5 )!). ( ) n 5 ((c kc k 1 c 1 ) 5 )! 5 ν 5(((c k c k 1 c 1 ) 5 )!) c 0! ( 1) n 5 ((c kc k 1 c 1 ) 5 )! 5 ν 5(((c k c k 1 c 1 ) 5 )!) c 0! ( 1) n 5 + n 5 2 ((c k c k 1 c 2 ) 5 )! 5 ν 5(((c k c k 1 c 2 ) 5 )!) c 1!c 0! ( 1) n 5 + n n 5 k c k! 5 ν 5(c k!) c k 1! c 1!c 0! ( 1) ν 5(n!) c k!c k 1! c 1!c 0!. It follows that modulo 5, n! 10 ν 5(n!) 2 ν 5(n!) ( 1) ν 5(n!) c k!c k 1! c 1!c 0! ( 2 1 ) ν 5(n!) c k!c k 1! c 1!c 0! 2 ν 5(n!) c k!c k 1! c 1!c 0!. The rightmost nonzero decimal digit of n! can be found from the Chinese Remainder Theorem by solving { x 0 (mod 2), x 2 ν 5(n!) c k!c k 1! c 1!c 0! (mod 5). Example. Letxbe the rightmost nonzero decimal digit of1000!. Since 1000 = ,ν 5 (1000!) = 1000 ( ) = Modulo 5, x ! 3! (2 4 ) Since x 0 (mod 2), x = 2. Exercise 1. Solve the congruences (a)3x 5 (mod 7); (b)4x 12 (mod 16); (c)4x 10 (mod 24). 2. Find all residues modulo 12 which have multiplicative inverses. 3. Compute (mod 1093) and (mod ).

35 30 Linear Congruences 4. Solve the equation for positive integers m andn. 1!+2!+3!+ +n! = m 2 5. An army has about 20,000 soldiers. If the soldiers line up 7 by 7, there is an incomplete line of 6 soldiers; if they line up 11 by 11, there is an incomplete line of 4; if they line up 13 by 13, there is also an incomplete line of 4; if they line up 17 by 17, there is an incomplete line of 13. How many soldiers are there in the army? 6. Counting from the right end, what is the 2500th digit of 10,000!?

36 Chapter 4 The Units in Z n 4.1 The Euler ϕ-function Letn > 1 be an integer. The units in Z n form a multiplicative subgroup Z n := {[a] Z n : [a][b] = [1] for some b Z}. The Euler ϕ-function ϕ(n) is the number of units in Z n. This is the order of the group Z n of units of Z n. Theorem 4.1. The Eulerϕ-function is a multiplicative function, i.e., ϕ(mn) = ϕ(m)ϕ(n) if gcd(m,n) = 1. Proof. The function F : Z mn Z m Z n given by F([x] mn ) = ([x] m, [x] n ) is well-defined and is onto. (i) F is well defined: if x y (mod mn), then x y is divisible by mn, and therefore by each of m and n. It follows that x y (mod m) and x y (mod n), andf([x] mn ) = ([x] m,[x] n ) = ([y] m,[y] n ) = F([y] mn ). (ii) F is onto. Let a Z m and b Z n. Since gcd(m,n) = 1, by the Chinese remainder theorem, there exists an integer x, defined up to congruence modulo mn, such that x a (mod m) and x b (mod n). For this, F([x] mn ) = ([x] m,[x] n ) = (a,b). This shows that F is onto. Since the domain and the range have the cardinality, the functionf is also oneto-one, and is a bijection. Now,F restricts to a functionf : Z mn Z m Z n. To see this, consider a unit [x] mn Z mn. There exists an integer y such that [x] mn [y] mn = [1] mn. This means that xy 1 is divisible by mn, and so is divisible by each of m and n. Therefore, [x] m [y] m = [1] m and [x] n [y] n = [1] n. This shows that [x] m Z m and [x] n Z n. The function F maps Z mn onto Z m Z n. Clearly F is one-to-one sincef is one-to-one. Therefore, the domain and the range off have the same cardinality, i.e.,ϕ(mn) = ϕ(m)ϕ(n).

37 32 The Units in Z n Lemma 4.2. Letpbe a prime. (a)ϕ(p) = p 1. ) (b) ϕ(p k ) = p (1 k 1. p Proposition 4.3. ϕ(n) = n p n ( 1 1 ). p Lemma 4.4. Iff(n) is a multiplicative function, then so is F(n) := d n f(d). Proof. Letmandnbe relatively prime. F(mn) = d mnf(d) = d1 mf(d 1 ) 2 ) = F(m)F(n). d2 nf(d Theorem 4.5. d nϕ(d) = n. Proof. LetF(n) := d n ϕ(d). For a prime power pk, F(p k ) = d p k ϕ(d) = k ϕ(p i ) = 1+ i=0 k (p i p i 1 ) = 1+(p k 1) = p k. i=1 By Lemma 4.4, F is a multiplicative function. If n = p k i i, then ( ) F(n) = F p k i i = F ( ) p k i i = p k i i = n. Therefore, d nϕ(d) = n Wilson s theorem Theorem 4.6 (Wilson). If p is prime, then (p 1)! 1 (mod p). Proof. Since the statement is trivially true for p = 2, we shall assume p an odd prime. Consider the product of all the nonzero elements of Z p. This is clearly 1 2 (p 1) = (p 1)!. Apart from x = ±1, the remaining p 3 elements can be grouped into pairs of multiplicative inverses. Since each pair of multiplicative inverses multiply to 1, we have This means (p 1)! 1 (mod p). (p 1)! = 1 ( 1) 1 p 3 2 = 1 Z p.

38 4.2 Fermat-Euler theorem 33 Remark. The converse of Wilson s theorem is also true: If n is composite and n = ab for relatively prime divisors a, b > 1, then n = ab divides (n 1)!, and (n 1)! 0 (mod n). It remains to consider n = p k for a prime number p and k > 1. The base p expansion of n 1 = p k 1 consists of k digits each of which is p 1. Therefore, the exponent of the highest power of p dividing (n 1)! is p k 1 k(p 1) p 1 = p k 1 +p k k k except whenp = 2 andk = 2. This means that(n 1)! 0 (mod n) except when p = 2 andk = 2, in which case we have 3! 2 (mod 4). 4.2 Fermat-Euler theorem Theorem 4.7 (Fermat-Euler). If gcd(a,n) = 1, a ϕ(n) 1 (mod n). Proof. The function f a : Z n Z n given by f a ([x]) = [ax] induces a bijection Z n Z n. This means that if x 1,..., x ϕ(n) are the elements of Z n, then [ax 1 ],..., [ax ϕ(n) ] is a permutation of the same ϕ(n) elements. In other words, or [ax 1 ] [ax ϕ(n) ] = [x 1 ] [x ϕ(n) ], (a ϕ(n) 1)x 1 x ϕ(n) 0 (mod n). Since each of x 1,..., x ϕ is relatively prime to n, it follows that a ϕ(n) 1 0 (mod n). Corollary 4.8 (Fermat s Little Theorem). Let p be a prime, and a an integer. If p does not divide a, then a p 1 1 (mod p). 4.3 The order of an element in Z n Let a Z n. By the Fermat-Euler theorem a ϕ(n) = 1, there is a smallest positive integer d := order n (a) such that a d = 1 Z n. Such an integer is called the order of a inz n. Proposition 4.9. order n (a) is a divisor ofϕ(n). Proof. Let t = order n (a), and write ϕ(n) = tq + r for some integers q and r, 0 r < t. If r 0, then a r = a ϕ(n) tq = a ϕ(n) (a t ) q = 1. This contradicts the minimality of ord n (a). Therefore, r = 0, and ϕ(n) = tq. The order of a is a divisor of ϕ(n).

39 34 The Units in Z n Proposition Iforder n (a) = t, then order n (a k ) = t gcd(t,k). Proof. Let d = gcd(t,k) and write t = dt, k = dk for integers t, k. Note that gcd(t,k ) = 1. (1) (a k ) t = a kt = a k dt = a k t = (a t ) k = 1. (2) If(a k ) t = 1 for somet < t, thenkt is a multiple oft = kt. This means that t is a multiple of t, an impossibility. This shows that order n (a k ) = t = t d. Example 4.1. n = 13; ϕ(13) = 12: a order 13(a) In this case, there exist elements of order12, for example,a = 2,6. This means the first12 powers ofaare all distinct, and hence exhaust all the units of Z 13: n n n Definition. A primitive root for n is a generator of the multiplicative group of units Z n, if its exists. Example 4.2. n = 16; ϕ(16) = 8: a order 16 (a) The group Z 16 is not cyclic; it has no primitive root, i.e., element of order 8. Theorem If F is a finite field, the multiplicative group F = F \ {0} is a cyclic group. Proof. Suppose F = q. For each d q 1, suppose there are ψ(d) elements of order d in F = F \ {0}. Clearly, q 1 = d q 1ψ(d). Note that there are at mostdelements inf satisfyingx d 1 = 0. In fact, ifαis element of orderd, then the elements satisfying x d 1 = 0 are precisely 1, α, α 2,..., α d 1. In particular, there are precisely ϕ(d) elements of order d. Hence, ψ(d) = 0 or ϕ(d). Since q 1 = d q 1ϕ(d) by Theorem 4.5, there are exactly ϕ(d) elements of order d. In particular, there are ϕ(q 1) elements of order q 1. Corollary Letpbe an odd prime. (a) For each divisor t of p 1, there are exactly ϕ(t) elements of Z p = Z p \{0} of ordert. (b) There are exactly ϕ(p 1) primitive roots for p.

40 4.4 Generators of Z pα for an odd primep 35 Smallest primitive root g for prime p. 1 p g p g p g p g p g Generators of Z pα for an odd primep We show that for an odd prime powerp α,z pα is cyclic by exhibiting a generator. Theorem Letpbe an odd prime, andb Z p a generator, withb p 1 = 1+ap for some integer a. Letq = p α. (a) Ifa 0 (mod p), then b is a generator ofz q. (b) If a 0 (mod p), thenb+p is a generator of Z q. Lemma Ifpis an odd prime, the binomial coefficients ( p k),k = 1,2,...,p 1, are all divisible by p. Lemma Letpbe an odd prime, and α 2. Then(1+ap) pα 2 1+ap α 1 (mod p α ). Proof. Induction on α. This is clearly true for α = 2. Assuming (1+ap) pα 2 1+ap α 1 (mod p α ), we write (1+ap) pα 2 = 1+ap α 1 +bp α for some integer b. Note that This completes the inductive proof. (1+ap) pα 1 = ((1+ap) pα 2 ) p = (1+ap α 1 +bp α ) p 1+ap α (mod p α+1 ). Proof of Theorem 4.13 For the generator b Z p, we write b p 1 = 1+ap for some integer a. By Lemma 4.15, b pα 2 (p 1) = (b p 1 ) pα 2 1+ap α 1 (mod p α ). (a) Ifa 0 (mod p), i.e.,b pα 2 (p 1) 1 (mod p α ), then inz q,bis an element of order ϕ(q) = p α 1 (p 1), a generator. 1 Those with asterisks are primes admitting 10 for a primitive root.

41 36 The Units in Z n (b) If a 0 (mod p), then b pα 2 (p 1) 1 (mod p α ). We claim that b+p is a generator ofz q. (b+p) pα 2 (p 1) = ((b+p) p 1 ) pα 2 = (b p 1 +(p 1)b p 2 p+bp 2 ) pα 2 for some integer B = (1+ap b p 2 p+b p 2 p 2 +Bp 2 ) pα 2 = (1 b p 2 p+b p 2 ) pα 2 note that b p 2 1 (mod p) = (1+Ap) pα 2 where A 0 (mod p) 1+Ap α 1 (mod p α ). Since this is not congruent to1 (mod p α ), we conclude thatb+p has orderp α 1 (p 1) and is a generator of Z q. Example 4.3. (a) p = 3. The field Z 3 has b = 2 as a generator. Consider q = 3 α. b p 1 = 2 2 = Here a = 1 0 (mod 3). Therefore, for eachα, b = 2 is a generator ofz 3 α. (b) p = 29. The field Z 29 has b = 14 as a generator. (Other generators are 2,3,8,10,11,15,18,19,21,26,27). Considerq = 29 α. b p 1 = We want to compute this (mod 29 2 ). k k (mod 841) = (mod 841). Therefore, a generator of Z 29 2 is = 43. What is the order of 14 Z 29 2? Exercise In each of the following cases, show that b is a generator ofz p but not a generator of Z p 2. (p,b) = (37,18), (43,19), (71,11), (103,43), (109,96), (113,68), (131,111), (181,78), (191,176), (211,165). 4.5 Generators ofz 2 α The multiplicative group of units Z 2 k has 2 k 1 elements, represented by the odd numbers < 2 k. (i) Z 2 = {1} is the trivial group. (ii) Z 4 = {1, 1} is a cyclic group of order 2.