Lecture Notes for Math 492 Fall 2014 (Algebraic Number Theory)

Transcription

1 Lecture Notes for Math 49 Fall 014 (Algebraic Number Theory) 1. Outline: Properties of the integers through unique factorization. The division algorithm and Euclid s algorithm. Greatest common divisor, least common multiple. Give an overview of the the vector Euclidean algorithm (Section.7) and the map of relatively prime pairs (Section.8). State the details and leave for a project. Notes: Natural numbers: N = {1,, 3,... }. Integers: Z = {0, 1, 11,,,... }. Prime number: a natural number that cannot be factored into strictly smaller factors. For example,, 3, 5, 7. Every natural number n can be factored into prime numbers: use strong induction on n. Greatest common divisor of two numbers: maximum common divisor. Division algorithm: For each pair of natural numbers a and b > 0 there exists a unique pair of integers q and r so that a = qb + r, 0 r < b. Proof: The real number line is partitioned into intervals of the form [qb, (q + 1)b) where q is a non-negative integer. Find the one containing a and set r = a qb. From qb a < qb + b we obtain q = a b. Euclid s algorithm for constructing greatest common divisor of a and b 0: Form the sequence a 0, a 1, a,... with a 1 > a > 0 via a 0 = a, a 1 = b, and for k, a k = q k a k 1 + a k where 0 a k < a k 1. The sequence has to terminate with some a n = 0 for some n, and a n 1 is the greatest common divisor. Proof: By definition, a n 1 a n. An induction argument shows that a n 1 a n, a n 1 a n 3,..., a n 1 a 0. In particular, a n 1 is a common divisor of a and b, so a n 1 gcd(a, b). If d is any common divisor of a and b then an induction argument shows that d a 0, d a 1,..., d a n 1. This implies that d a n 1, so gcd(a, b) a n 1. Hence equality. Now we know that gcd(a, b) = xa + yb for two integers x and y. To find them, use the argument above, or the following matrix calculations: The recurrence relation can be expressed in the form [ ] [ ] [ ] ak qk 1 ak 1 =. 1 0 a k 1 a k 1

2 This can be used to obtain [ ] [ ] [ ] [ ] q0 1 q1 1 qn 1 an 1 = Simplifying, [ ] [ ] x y an 1 = z w 0 Hence [ xan 1 za n 1 ] = [ ] p. q [ ] p. q So we can see that a n 1 is a common divisor of p and q. Moreover if d is a divisor of both p and q then the recurrence relation can be used to show that d divides each a k, including a n 1. Hence d a n 1 and a n 1 is the greatest common divisor. [ ] [ ] qk Note that the inverse of is. This implies that q k Simplifying, [ a0 [ ] [ ] [ ] [ an = 0 1 q n 1 q n 3 1 q 0 [ ] an 1 = 0 [ ] [ ] x y a1 z w, x p + y q = a n 1. a 0 a 1 ]. ] [ a0 In other words, given integers p and q with greatest common divisor d there is always a pair of integers j and k such that jp + kq = d. Whenever we have jp + kq = r we must have d r. In particular, when jp + kq = 1 we must have d = 1. Example: Let a = 108 and b = 93. We have 108 = = = a 1 ].

3 hence a 0 = 108, a 1 = 93, a = 15, a 3 = 3, a 4 = 0, q 0 = 1, q 1 = 6, q = 5. Therefore gcd(108, 93) = 3. Substituting these values into [ ] [ ] [ ] [ ] [ ] an a0 = 0 1 q n 1 q n 3 1 q 0 a 1 yields [ ] [ ] [ ] [ = Simplifying, [ ] [ = This yields ] [ ] = ( 6)(108) + 7(93). ] [ ]. A useful lemma is that when (a, b) = 1 and a bc then a c. Reason: bc = ak and xa + by = 1 implies c = cxa + cby = cxa + aky = a(cx + ky). We now prove unique factorization for all integers n. There is only one factorization of into a weakly descending list of primes. Now assume that every integer up to n has a unique factorization into a weakly descending list of primes. Suppose n + 1 = p 1 p p j = q 1 q... q k with p 1 p p j and q 1 q q k. We will assume wlog that n + 1 is not prime and that p 1 q 1 If p 1 > q 1 then (p 1, q 1 ) = 1, therefore by the lemma p 1 q q k. If p 1 q then (p 1, q ) = 1 and p 1 q 3 q k. After a finite number of steps we arrive at p 1 = q i for some i, which implies p 1 q 1. Contradiction. Therefore p 1 = q 1. Dividing both sides by p 1 we have two factorizations of (n+1)/p 1 into descending lists of primes, so the factorizations must be the same, so the two factorizations of n + 1 must be the same. Note that whenever p 1, p,..., p n are the first n primes then p 1 p p n + 1 is not divisible by any of these. So it is either prime or has a prime factor not equal to any of these. Hence there are infinitely many primes. Greatest common divisor and least common multiple construction via prime factorization: (a) If n e 3 e3 then an inspection of the prime factorization of n shows that n = n 3 n3 where for each i, n i e i. 3

4 (b) If e 3 e3 n then an inspection of the prime factorization of n shows that n = n 3 n3 where for each i, e i n i. Now derive the gcd and lcm formulas. The Vector Euclidean Algorithm, Section.7: (outline and project) Algorithm yields a systematic way to produce all relatively prime pairs (a, b). It also yields the least positive solution (x, y > 0) to bx ay = 1 and bx ay = 0. Run through the Mathematica notebook describing the algorithm. Inputs do not have to be relatively prime. The Map of relatively Prime Pairs, Section.8: (outline and project) In the Mathematica notebook, 0 means go right and 1 means go left. The expressions at the end of a path are on either side of the last edge taken. When you take a particular path you arrive at the expression in the region below the edge. When you look at the ratios you can see why each primitive vector appears only once (at least once proved in the previous section). The corresponding matrices all have determinant 1 (why?).. Application of Unique Factorization to Linear Diophantine Equations. If ax + by = c, any common divisor of a and b is a divisor of c. Write d = gcd(a, b). If d does not divide c, there is no interger solution (x, y) to the equation. For example, no solution to 108x + 93y = 0. Now suppose d c. We will find all solutions. This is equivalent to finding all solutions to a 0 x + b 0 y = c 0, where a = a 0 d, b = b 0 d, c = c 0 d. Suppose ja+kb = d. Dividing by d, ja 0 +kb 0 = 1. Note that gcd(a 0, b 0 ) = 1. Multiplying through by c 0, c 0 ja 0 + c 0 kb 0 = c 0. We have found one solution: (x 0, y 0 ) = (c 0 j, c 0 k). We want to find all the solutions. Suppose (x, y) is any other solution. Then xa 0 + yb 0 = c 0. Subtracting c 0 ja 0 + c 0 kb 0 = c 0 from this, obtain (x c 0 j)a 0 + (y c 0 k)b 0 = 0. This implies a 0 (y c 0 k)b 0, hence a 0 (y c 0 k), and similarly b 0 (x c 0 j). Factoring, y c 0 k = a 0 p 4

5 and x c 0 j = b 0 q. We just have to find p and q. Substituting, (b 0 q)a 0 + (a 0 p)b 0 = 0. This implies q + p = 0, so q = p. Hence y = c 0 k + a 0 p, x = c 0 j b 0 p. In short, any other solution looks like (x, y) = (c 0 j b 0 p, c 0 k + a 0 p). We still haven t found p, but any p willl work. The solution set is therefore where ja + kb = d. {(c 0 j b 0 p, c 0 k + a 0 p) : p Z} Example: solve 108x + 93y = 7. Earlier we found gcd(108, 93) = 3 = 6(108) + 7(93), so d = 3, a 0 = 36, b 0 = 31, c 0 = 9, j = 6, k = 7, and finally (x, y) = ( 54 31p, p). Using x[p ]:=-54-31p; y[p ]:=63+36p; Table[{x[p],y[p]},{p,-3,3}] we obtain {{39, 45}, {8, 9}, { 3, 7}, { 54, 63}, { 85, 99}, { 116, 135}, { 147, 171}}. 3. Congruence Arithmetic Definition. Given a natural number n {1,, 3,... } we say that integers a and b satisfy a b (mod n) provided n (b a). This is an equivalence relation. Properties: (1) a b and a b imply a ± a b ± b and aa bb. () a r where a = qn + r and 0 r < n, which implies that there are exactly n different congruence classes mod n. 5

6 Divisibility by 3, 4, 11: Reduce the decimal expansion. Lemma 1: When n = p, ab 0 mod p forces a 0 or b 0 mod p. False when n is composite. Lemma : When n = p, ab ac mod p and a equiv0 mod p implies b c mod p. Fermat s little theorem: a p 1 1 mod p when gcd(a, b) = 1. Proof: The numbers a, a,..., (p 1)a are distinct mod p, and none of them are congruent to 0, hence are some permutation of 1,,..., p 1. Multiplying, a p 1 (p 1)! (p 1)!. Canceling, a p 1 1. Fermat s theorem yields inverses. Whenever gcd(a, n) = 1, a has an inverse mod n. Inverses are unique mod n: ab 1 and ac 1 implies ab ac implies n a(b c). But since gcd(a, n) = 1, n (b c) and so b c. Example: Inverses mod 5 and mod 6. Wilson s Theorem: (p 1)! 1 mod p. Proof: The numbers 1,..., p 1 all have inverses. Classify into two types: numbers which are their own inverse, and numbers which are not. In the product (p 1)!, numbers which are not their own inverse have product 1 mod p, leaving just the numbers which are their own inverse. These satisfy x 1 mod p, p (x 1)(x + 1), leaving only x = 1 and x = p 1. Hence (p 1)! 1(p 1) 1 mod p. Lagrange s polynomial congruence theorem: f(x) Z[x] of degree n has at most n distinct roots mod p. Proof: Let x represent an unknown integer. Performing long division mod p, f(x) q(x)(x a) + r mod p for any integer a. Do an example mod 5. This implies f(a) r mod p. Hence f(a) 0 iff r 0 iff f(x) q(x)(x a). Now use an induction argument: a 1 x +a 0 has at most 1 root mod p. Assume f(x) has at most n roots mod p when f(x) has degree n. Let F (x) have degree n + 1. Any root a of F (x) has to satisfy F (x) = f(x)(x a) for f(x) of degree n, therefore any other root of F (x) must be a root of f(x), hence at most n other roots. For a general n, a has an inverse mod n iff gcd(a, n) = 1. Number of inverses is called φ(n). We will prove later that φ(ab) = φ(a)φ(b) when gcd(a, b) = 1. This allows us to compute φ(n) in general, because φ(p k ) = p k p k 1. Euler s Theorem: a φ(n) 1 mod n. 6

7 Proof: Let x 1,..., x k be coprime with n. Then so are ax 1,..., ax k, and these are all distinct, so form a permutation of x 1,..., x k. This implies a k x 1 x k = x 1 x k, and canceling we obtain the result. Primes of the form x + y : We will show soon that primes in the list 1, 5, 9, 13,... can be written in this form and primes in the list 3, 7, 11, 15,... cannot. Proof of the second statement: look at congruence mod 4. Primes of the form x + y : Certain ones ruled out mod 8. What about the others? Primes of the form x + 3y : Certain ones ruled out mod 3. What about the others? Project : Primitive roots. Non-zero congruence classes mod p can be represented in the form a k for a given a. Example: p = 7, a = 3. So we can solve an equation like x 5 mod 7: Replace x by 3 k and by 3. Then we are solving 3 5k 3 mod 7, so 5k 3 mod 6 and we can determine all possible k, hence all possible x. Using this, one can say something about the pattern in the decimal expansion of 1 (for example). See Sections 3.8. In 7 section 3.9 the fact existence of primitive roots mod p is proved. 4. The RSA Cryptosystem Goal: send an encrypted message publically in such a way that only certain people can decode the message. How to encode the message The password is cat : 1. Encode the message in integer form: 0, 8, 5, 7,... (7 represents a space). Pick a number n = pq where p and q are different, very large primes. 3. Pick a number e carefully. 4. Reduce the numbers 0 e, 8 e, 5 e,... mod n. 5. Publish the list in 4, along with the message we used e and n to encode the message. 6. Make sure the person the message is intended for knows the value of p and q. Using this special knowledge, the person can decrypt the message. Without this knowledge it could take a very long time to decrypt the message. Example: p = 47, q = 109, n = 513, e = 5, message is 348, 030, 315, 4507,.... Knowing this, the person who knows p = 47 and q = 109 can 7

8 figure out that the way to decode the message is to raise each number in the code to the power 891 and reduce mod 513. For eaxmple, mod 513, mod 513, etc. 5. The Ring of Gaussian Integers. Primes of the form x + y. The ring of Gaussian Integers is Z[i] = {a + bi : a, b Z}. Closed under addition, has additive identity 0 + 0i, has additive inverses, closed under multiplication, has a multiplicative identity 1 + 0i. Notation: (a+bi) (c+di) means c+di = (a+bi)(x+iy) for some x+iy Z[i]. Example: (1 + i) (11 + i). How to tell: divide. Example: ( + 5i) (11 + i) does not divide 11. How to tell: divide. Norm of a + bi: a + b. N(αβ) = N(α)N(β): just do it. Factoring α: suppose β α. Then N(β) N(α). Factoring i: N(9 + 38i) = 155 = Sums of squares that are divisors of this number: must be of the form 4n + 1. Divisors are {1, 5, 5, 61, 305, 155}. 5 = 1 +, 5 = 3 +4, 61 = 5 +6, 305 = Trying some of these, i = i 1 + i i 1 i = i i 3 + 4i = i i = 5 + 6i 3 4i i 5 + 6i = i 61 So we have i = (1 + i)(17 + 4i) = (3 4i)( 5 + 6i). Factoring 5 + 6i: Norm is prime, so cannot be non-trivially factored. Division with remainder: Given α and β 0+0i in Z[i], write α = γ+(x+iy) β where γ Z[i] and x, y 1. Then we have α = γβ + ρ. 8

9 Example: α = 11 + i, β = + 5i, 11 + i = (1 i)( + 5i) + ( 1 + i). Remainder is ρ = 1 + i. Given α and β, form sequence α 0, α 1, α,... as in Euclid s Method. Since N(α 1 ) > N(α ) >, eventually some remainder is 0. Example: Properties of sequence α 0, α 1, α,... : 11 + i = (1 i)( + 5i) + ( 1 + i) + 5i = (1 4i)( 1 + i) + ( 1) 1 + i = (1 i)( 1) + (0 + 0i) (1) δ α 0 and δ α 1 implies δ α i for all i, including α n 1. () δ α n 1 implies δ α i for all i, including α 0 and α 1. Summary: δ α and δ β if and only if δ α n 1. They have the same divisors. We will call α n 1 a greatest common divisor. There could be more than one, because when α could be rounded either up or down if the quotient consists β of half integers. More generally, we will say that γ is a greatest common divisor of α and β when γ is a common divisor and when any common divisor of α and β divides γ. Relationship between two greatest common divisors γ 1 and γ : γ 1 = δ 1 γ and γ = δ γ 1, therefore γ 1 = δ 1 δ γ 1, therefore δ 1 δ = 1, therefore N(δ 1 ) = 1, therefore δ {±1, ±i}. We will call the elements of norm 1 the units in Z[i] since they are the elements that have multiplicative inverses in Z[i]. Gaussian prime: not zero, not a unit, but when it factors, one of the factors is a unit or an associate. Gaussian composite: not prime, so factors into two numbers with strictly smaller norm. Every number can be factored into Gaussian primes by repeated splitting. Associates: α = µβ where µ is a unit. All associates of a prime are prime. Goal: show prime factorization is unique up to units. In other words, when p 1 p m = q 1 q n then m = n and for each p i there is a q j such that p i = uq j for some unit u. 9

10 Lemma: When gcd(α, β) = 1 then µα + νβ = δ is possible. Example: use 11 + i and + 5i above. Lemma: when π is a Gaussian Prime and π α then gcd(π, α) is a unit. Proof: Let δ = gcd(π, α). The divisors of π are units and associates of π. But no associate can divide α, otherwise π divides α. Therefore δ is a unit. Lemma: when π is a Gaussian Prime and π αβ then π α or π β. Proof: Suppose π α. We have µπ + να = δ, µπβ + ναβ = δβ, therefore π δβ, therefore π β. This lemma can be extended to showing that when π α 1 α then π α i for some i. To prove unique factorization into Gaussian Primes, cancel off primes as we did before using this lemma. Gaussian Primes in Z[i]: Let π be a Gaussian Prime. Then N(π) = ππ = p 1 p k, therefore π p i for some i. Hence each Gaussian prime divides a prime number. The prime must be unique, otherwise π 1 which is impossible. We will characterize the Gaussian Primes according to the unique prime numbers they divide. Let p be a prime number. Let p = π 1 π k be Gaussian Prime factorization. Then k by consideration of the norm. Cases: k = 1. p is a Gaussian Prime. Note that in this case we cannot have p = a +b where a, b 0, otherwise we have the factorization p = (a+bi)(a bi). The Gaussian Primes associated with p are ±p and πpi. k =. We have p = ππ = a + b, and corresponding Gaussian Primes are associates of a ± bi. Standard representation of a Gaussian Prime: up where u is a unit and p is a prime, or u(a + bi) where a > b and a > 0. Every number can be uniquely factored into a unit times some product of standard Gaussian Primes. Theorem: an odd prime p is of the form x + y iff p 1 mod 4. Proof: We already know that p = x + y implies p 1 mod 4. Now suppose p 1 mod 4. We will show that p is not a Gaussian prime, which by case k = above implies that p = a + b. 10

11 Given that (p 1)! 1 mod p, we have 1 (p 1)! = (4n)! m for some m. Do an example. Therefore p m + 1, p (m + i)(m i). Since p divides neither factor, p is not a Gaussian Prime. Two derivations of Pythagorean Triples. First method: Unique Factorization in N. Our goal is to find all solutions to x +y = z when x, y, z N. A modulus 4 argument shows that x and y cannot both be odd. Given a solution (x, y, z) with gcd(x, y) = d > 1, we can obtain another solution (x 0, y 0, z 0 ) after division by d. So it suffices to characterize primitive solutions (x, y, z) where x, y, z > 0, gcd(x, y) = 1, and x is odd and y is even and z is odd. Any other solution must be of the form (kx, ky, kz) where gcd(x, y) = 1. A solution satisfies (z +x)(z x) = y = 4y 0. The factors z x and z +x are even. We claim that gcd(z + x, z x) =. Reason: Any prime divisor p of z + x and z x must be a divisor of (z + x) (z x) = x. It cannot divide x, otherwise it divides z and therefore y. Hence p =. Hence the greatest common divisor is k for some k. But k x, therefore k 1 x, and since x is odd, k = 1. Now write z + x = u, z x = v. Then u and v are coprime and satisfy uv = y 0. Hence u = a, v = b, z + x = a, z x = b, x = a b, z = a + b, y = ab, (x, y, z) = (a b, ab, a + b ). Moreover a > b, a and b must have opposite parity to make x odd, and gcd(a, b) = 1 (the last two conditions because gcd(x, y) = 1). To complete our characterization we will show that every such triple is a primitive Pythagorian triple. It suffices to show that a b and ab are coprime. Given that a b is odd and ab is even, any prime that divides a b and ab must divide a or b, hence both. So there are no common prime divisors. We can use the Tree of Coprime Pairs to organize the Pythagorean Triples. Second Proof: Lemma: α β implies N(α) N(β). Proof: β = αγ implies N(β) = N(α)N(γ). Suppose x +y = z where x is odd and y is even and z is odd and gcd(x, y) = 1. Then we have (x + iy)(x iy) = z. If π x + iy and π x iy then π x and π iy and π z. Taking norms, N(π) 4x and N(π) 4y and N(π) z. Since z is odd, N(π) is odd. Therefore N(π) x and N(π) y, therefore N(π) = 1, 11

12 therefore π is a unit. So the unique factorizations of x + iy and x iy have no common Gaussian primes. Since every Gaussian Prime in z appears an even number of times, they do in x + iy and x iy, so x + iy is a perfect square. Hence we can write x + iy = (a + bi) = a b + abi, which forces x = a b and y = ab. Project: Section 6.7, Primes of the form 4n + 1. Description: characterization. Infinitely many of them. 6. Primality versus Irreducibility. We have defined primes in N, Z, and Z[i] as non-zero non-units that cannot be factored into two non-units. In all cases our primes have two properties: irreducibility and primality. Irreducibility: π = αβ implies α or β is a unit. Primality: π αβ implies π α or π β. Irreduciblity is by definition, and primality is a consequence of Euclid s method (review proof). We will show that irreducibility alone does not guarantee primality. Define a restricted number to be any natural number 1 mod 4. Define the restricted divisors of a restricted number to be all the divisors which are 1 mod 4. For example, the restricted divisors of 5 are {1, 5, 9, 5, 45, 5}, whereas the entire set of divisors also includes 3, 15, and 75. Define a restricted prime number to be any restricted number that has exactly two restricted divisors. The first few restricted primes are {5, 9, 13, 17, 1, 9, 33, 37, 41, 49}. The restricted factorization of a restricted number is a factorization into restricted numbers. Every restricted number greater than 1 is either a restricted prime or factors into two restricted primes. Two restricted prime factorizations of the restricted number 441 are 441 = (9)(49) and 441 = (1)(1). The restricted prime 1 violates primality: 1 (9)(49) yet 1 divides neither 9 nor 49. The proof that p ab implies p a or p b rests on p a implies gcd(p, a) = 1, therefore xp + ya = 1, therefore xpb + yab = b, therefore p b. This requires x ad y to be integers. There is nothing analoguous to Euclid s method among restricted integers, because a = bq+r among restricted integers is impossible. Exercise: (a) show that 693 and 1617 are restricted numbers that have nonunique restricted prime factorizations. (b) Find a restricted prime larger than 49 that violates primality. 1

13 7. The ring Z[ ]. Elements are a + b where a, b Z. Closed with respect to addition and multipication. N(α) = αα, hence N(a + b ) = a + b. N(αβ) = N(α)N(β). Units: α Z[ ] is a unit iff αβ = 1 for some β Z[ ]. The units are ±1: 1 and 1 are both units. If α is any unit then αβ = 1, N(α)N(β) = 1, N(α) = 1, a + b = 1, a = 1 and b = 0. Division: α β = αβ ββ = αβ N(β). Divisiblity: α β means β α = γ Z[ ], i.e. β = γα. Divisbility criterion: α β implies N(α) N(β). Composite number: α = βγ where N(β) 1, N(γ) 1. Prime number: Not a unit and not composite. Equivalently, α = βγ implies N(β) = 1 or N(γ) = 1. Standard prime: π = a+b where the first non-zero coefficient is positive. Every non-zero non-unit factors into a product of primes by repeated factorization, hence a product of standard primes times a unit. Division algorithm: Given α and β where β 0, let α = γ + µ where γ has β rounded integer coefficients. Then coefficients of µ are 1 and N(µ) 3. 4 Hence we have α = γβ + ρ where ρ = µβ. We have ρ = α γβ Z[ ] and N(ρ) = N(µ)N(β) < N(β). Euclid algorithm: same as before. Halts after a finite number of steps because remainder norms strictly decrease. If π is prime and π α then µα + βπ = 1 is possible: Using Euclid s method we can compute δ = gcd(α, π) = µα + νπ. Since δ π, N(δ) = 1 or N(δ) = N(π). To rule out the latter case, suppose N(δ) = N(π) and write α = α 0 δ and π = π 0 δ. Then N(π 0 ) = 1, therefore 13

14 π 0 = ±1 and we have δ = ±π, α = α 0 δ = ±α 0 π, which contradicts π α. So N(δ) = 1 and µα + νπ = ±1. Primes satisfy primality: suppose π is prime and π αβ. If π α we re done. If π α, write µα + νπ = 1 and αβ = γπ. Then we have µαβ + νπβ = β, µγπ + νπβ = β, π β. Since primes satisfy primality, factorization into standard primes is unique: Given θπ 1 π π j = θ π 1π π k where j k, by primality we have wlog π 1 π 1, hence π 1 = ±π 1, hence π 1 = π 1 since both primes are standard. Cancel them out. Keep on going until π 1 π j is cancelled out, leaving θ = θ π j+1 π k. By comparison of norms, j = k, which forces θ = θ also. Determining the primes in Z[ ]: 1. Any α with prime norm has to be a prime in Z[ ], because if α = βγ then N(α) = N(β)N(γ), therefore N(β) = 1 or N(γ) = 1.. Every π divides exactly one integer prime p, so the primes in Z[ ] are found by the prime factorization of the integer primes. 3. Suppose p does not occur as N(α) for any α. Then p is prime: p = αβ implies p = N(α)N(β), and since N(α) p, N(α) = 1 or N(α) = p, so either α or β is a unit. The prime factors of p are p and p. 4. Suppose p = N(α) for some α. In this case p = αα, so p is not prime. However, in this case N(α) = N(α) = p, so both α and α are prime. By unique factorization, the prime factors of p are ±α and ±α. Integer primes of the form a + b : For a prime p, p = a + b is possible iff x has a solution mod p. Proof: p = a + b implies a b implies (ab 1 ). Conversely, x implies p (x + )(x ), and since p divides neither factor, p violates primality, therefore p is not a prime in Z[ ], therefore p = αβ where neither α nor β is a unit, therefore p = N(α) = a + b. Primes p that permit a solution to x mod p: just look at 1,,..., (p 1) and see if p occurs. Solving y 3 = x + : Write this as y 3 = (x + )(x ). We would like to apply unique factorization in Z[ ] to this, but that requires that 14

15 x + and x have no prime factors in common. If π is a prime satisfying π (x + ) and π (x then π x and π and π y 3. Therefore N(π) 4x and N(π) 8 and N(π) y 3. So N(π) is even, which forces y 3 even. This forces x even. Reducing y 3 = x + mod 4 we get 0 mod 4, a contradiction. So there is no common prime divisor. Hence x + = ±(a + b ) 3 = (A + B ) 3 = A A B 6AB B 3. This yields x = A 3 6AB 1 = 3A B B 3 = B(3A B ). When B = 1 we have 3A = 1, therefore A = ±1. When B = 1 we have 3A = 1 and there is no solution for A. We obtain (A, B) = (1, 1) = x = 5, y = 3 (A, B) = ( 1, 1) = x = 5, y = 3. Exercises: 1. Factor into primes in Z[ ]. Hint: compute the norm first, use Mathematica to factor the norm into prime factors, then try dividing by one of the primes in Z[ ] related to one of these primes. Keep on going.. Find gcd( + 8, + 7 ) = δ using Euclid s Method, then find µ, ν Z[ ] such that µ( + 8 ) + ν( + 7 ) = δ. 8. The rings Z[ 3] and Z[ 1+ 3 ] First consider the ring Z[ 3]. We can define divisibility and norm and primes as before. Units: N(α) = 1 implies x + 3y = 1 implies α = ±1. Unique factorization into primes fails: consider = (1 + 3)(1 3). Each of the factors is prime but none is an associate of the other. What s wrong: unique factorization follows from π αβ implies π α or π β where π is 15

16 prime. So this must fail. So Euclid s method must fail. It does: let α =, β = Then = = This can be rounded to either , 0 3, , 1 3. Each yields a bad result: yields yields yields yields = ( ) + ( 1 1 3) = ( )(1 + 3) = (0 3) + ( ) = (0 3)(1 + 3) + ( 1 3) = ( ) + ( 1 1 3) = ( )(1 + 3) + (1 3) = (1 3) + ( ) = (1 3)(1 + 3). So in each case ρ = β = 4. In the abstract: write α = x + y 3. Round β x and y to nearest integers x and y with remainders r 1, s. In the worst case scenario, r = s = 1, yielding ρ = (r + s 3)β, N(ρ) = (r + 3s )N(β) = N(β). A way to fix things: Expand Z[ 3] to Z[ω] = {a + bω : a, b Z} where ω = One can check that this produces all a + b 3 with a, b Z and all r +s 3 with r and s equal to half-integers. It is closed with respect to addition and multiplication (addition is clear, multiplication follows from ω = ω 1. So when Euclid s method with rounding is performed and = r + s 3 where r and s are half-integers, we actually have β α with α β 16

17 remainder 0. Unique factorization is restored. We gain new units: when r and s are half-integers and r + 3s = 1, the only possibilities are r = 1 and s = 1. So we pick up four more units: ± 1 ± 1 3. Primes in Z[ω]: 1. Any α with prime norm has to be a prime in Z[ω], because if α = βγ then N(α) = N(β)N(γ), therefore N(β) = 1 or N(γ) = 1.. Every π divides exactly one integer prime p, so the primes in Z[ω] are found by the prime factorization of the integer primes. 3. Suppose p does not occur as N(α) for any α. Then p is prime: p = αβ implies p = N(α)N(β), and since N(α) p, N(α) = 1 or N(α) = p, so either α or β is a unit. The prime factors of p are p and p. 4. Suppose p = N(α) for some α. In this case p = αα, so p is not prime. However, in this case N(α) = N(α) = p, so both α and α are prime. By unique factorization, the prime factors of p are ±α and ±α. Lemma: Let p be an integer prime number. Then p = N(α) for some α Z[ω] if and only if x 3 mod p has a solution. Proof: Suppose p = N(α) for some α. If α = a + b 3 where a, b Z then p = a + 3b, and if α = a+1 + b+1 3 then 4p = (a + 1) + 3(b + 1), so in either case a + 3b 0 mod p, which implies a 3b mod p. If b 0 mod p then we have (a/b) 3 mod p, as desired. If b 0 then a 0 then something bad happens: 0 4p = (a + 1) + 3(b + 1) 4 mod p, which forces p = and 8 = (a + 1) + 3(b + 1). There is no solution to this. Hence we always have a solution to x 3 mod p when p = N(α). Conversely, suppose that x 3 mod p has a solution. Then p (x + 3), therefore p (x + 3)(x 3). Since p divides neither factor in Z[ω], it is not a prime in this ring, so p = αβ where N(α) 1 and N(β) 1. Taking norms, p = N(α)N(β), therefore N(α) = p. Primes p that permit a solution to x 3 mod p: just look at 1,,..., (p 1) and see if p 3 occurs. Project: Section 7.5, Rational solutions of x 3 + y 3 = z 3 + w 3. 17

18 Project: Sections 7.6 and 7.7. There is no positive integer solution so x 3 + y 3 = z Four Squares Theorem Quaterions are expressions of the form a + bi + cj + dk with a, b, c, d Z and i = j = k = 1 and ij = k, jk = i, ji = j and the other products producing opposite sign. The quaternions form a non-commutative ring. The conjugate of a+bi+cj +dk is a bi cj dk and N(α) is defined in the usual way and satisfies N(αβ) = N(α)N(β). This implies that the product of a sum of four squares is a sum of four squares. The Eight-Squares Theorem, which is Project 8, is to prove that the product of a sum of eight squares is a sum of eight squares. Each nonzero α has an inverse, but αβ 1 is not the same as β 1 α, so division must be done carefully. We will say that α β if βα 1 is a valid quaterion. The division algorithm is αβ 1 = γ +µ where γ has rounded coefficients, hence α = γβ +µβ = γβ +ρ, but it is possible for µ to have norm 1, hence ρ to have norm β. An example of this is α = 1 + i + j + k, β =. Hence primes (defined in the usual way) do not necessarily satisfy primality. An example: We have (1+i)(1 i) = (1+j)(1 j). The factor 1+i is prime: 1 + i = αβ implies = N(α)N(β) implies N(α) = 1 or N(β) = 1. Yet 1 + i does not divide 1 + j or 1 j because (1 + i)(1 + j) 1 = (1 + i)( 1 1 j) = i 1 j 1 k and (1 + i)(1 j) 1 = (1 + i)( j) = i + 1 j + 1 k. Given the failure of at least one prime to satisfy primality, we can t prove unique factorization into primes. Proving that (a + bi + cj + dk)(a bi cj dk) = a + b + c + d and N(αβ) = N(α)N(β): observe that all quaternions can be written in the form z + wj where z, w C. Hence z + wj = z wj. We also have jw = wj for all w C and N(z + wj) = N(z) + N(w). Hence (z + wj)(z + wj) = (z + wj)(z wj) = zz zwj wjz wjwj = Also, zz + ww = N(z) + N(w) = N(z + wj). (z 1 +w 1 j)(z +w j) = z 1 z +z 1 w j+w 1 jz +w 1 jw j = (z 1 z w 1 w )+(z 1 w +w 1 z )j hence N((z 1 + w 1 j)(z + w j)) = N(z 1 z w 1 w ) + N(z 1 w + w 1 z ) = 18

19 (N(z 1 ) + N(w 1 ))(N(z ) + N(w 1 )). An example that shows βα 1 a valid quaternion yet α 1 β not a valid quaternion: β = 1 + i + 3j + 6k, α = 1 + 3j. Hurwitz numbers are expressions of the form A 1+i+j+k +Bi+Cj +Dk where A, B, C, D Z. These form a ring. The coefficients of 1, i, j, k are all integers or all half-integers (n + 1 where n Z). An example of Hurwitz factoring: let α = 4 + 5j + k. Then N(α) = 4. If β α then N(β) N(α). One of the divisors of N(α) is. Any Hurwitz number with two coefficients equal to 0 and two coefficients equal to ±1 has norm, and these are potential divisors of α. There is no divisor with halfinteger coefficients. There are ( 4 ) = 6 ways to decide which two positions are 0, and 4 ways to assign the other two coordinates, for a total of 4 possible divisors. Using Mathematica we see that all 4 possibilities produce actual divisors. For example, (4 + 5j + k)(1 + i) 1 = i + j + 3k and (4 + 5j + k)(1 + j) 1 = 9 + 1i + 1j + 1 k. One can check that ( i + j + 3k)(1 + i) = ( i + 1 j + 1 k)(1 + j) = 4 + 5j + k. Exercise: Factor 3i + 4j into two quaternions with norm equal to 5. The ring H of Hurwitz integers has a kind of Euclid s algorithm: The division algorithm for quaternions fails precisely when αβ 1 has half-integer coefficients. But in H, when αβ 1 has half-integer coefficients, β α and the remainder is 0, which has norm less than β. We will define gcd(α, β) as α n 1 in the following system of equations: α 0 = α, α 1 = β, α 0 = γ 0 α 1 + α (N(α ) < N(α 1 ), α 1 = γ 1 α + α 3 (N(α 3 ) < N(α ),. α n = γ n α n 1 + α n (N(α n ) = 0). We can prove by induction (last equation to first) that α n 1 α k for each k, hence α n 1 α and α n 1 β. We can prove by induction (first equation to last) 19

20 that if δ α and δ β then δ α k for all k, hence δ α n 1. So δ = gcd(α, β) acts in the usual way as a greatest common divisor. Moreover, the algorithm shows (by the usual methods) that there exist µ and ν such that µα + νβ = δ. When N(δ) = 1, there is a solution to µα + νβ = 1. Note: you can find µ and ν using a procedure analogous to the Vector Euclid Algorithm. For example, let α = 3 + i j + 8k and β = 7 + 3i j + 4k. The first two steps of Euclid s method yield and 3 + i j + 8k = (1 + k)(7 + 3i j + 4k) + ( 4i 3j 3k) 7 + 3i j + 4k = ( 1 + 0i + j + k)( 4i 3j 3k) + (1 i j 3k). Symbolically, the progression is (α, β) (β, α (1 + k)β) (α (1 + k)β, β ( 1 + 0i + j + k)(α (1 + k)β)). We will eventuall arrive at (δ, 0) and at this point δ will be in the form µα + νβ. Exercise: Let α = 3+i j+8k and β = 7+3i j+4k. (a) Find gcd(α, β) = δ using Euclid s Method. (b) Verify that αδ 1 H and βδ 1 H. (c) Find µ and ν such that µα + νβ = δ. Every non-zero non-unit Hurwitz integer that cannot be factored into Hurwitz integers with smaller norm will be called a Hurwitz prime. Every nonzero non-unit can be factored into Hurwitz primes. Now suppose π is a Hurwitz prime and α is a Hurwitz integer and π does not divide α. We claim that δ = gcd(π, α) has norm 1. To see this, let µ be a common divisor off π and α. We have π = π 0 µ and α = α 0 µ. If N(µ) > 1 then N(π 0 ) = 1, hence π 0 is invertible and we have µ = π0 1 π. Therefore α = α 0 π0 1 π, a contradiction since π does not divide α. Claim: when an ordinary prime p is a Hurwitz prime, then p αβ implies p α or p β. For suppose p does not divide α. Then the greatest common divisor 0

21 of p and α has norm 1 and there is a solution to µp + να = 1. This yields µpβ + ναβ = β. We can also write αβ = γp. Hence µpβ + νγp = β. Since p commutes with Hurwitz integers, we can factor this as Hence p β. (µβ + νγ)p = β. Four Squares Theorem: Every positive integer is the sum of four squares. To prove this we need only prove that every prime number is the norm of some quaternion. Given an arbitrary integer n, factor it into the product of primes n = p 1 p p k = N(α 1 )N(α ) N(α k ) = N(α 1 α α k ). We have = N(1 + i). Now let p be an arbitrary odd prime. If we can find integers a and b such that p (1 + a + b ) then we will have p (1 + ai + bj)(1 ai bj). Since p divides neither factor, p is not a Hurwitz prime, therefore p = αβ where N(α) 1 and N(β) 1. Computing norms we quickly see that p = N(α). To finish the proof we must show that a and b can always be found and that the norm of any Hurwitz number can always be expressed as the norm of an appropriate quaternion. We find a and b as follows: we are really looking for a and b that satisfy 1 + a + b 0 mod p. Write p = r + 1. The numbers 1 + 0, 1 + 1,..., 1 + r are distinct mod p, and the numbers 0, 1,..., r are distinct mod p. If the lists have no common modulus in the range [0, r] then we have identified r + different numbers in this range, which is one too many. So we must have 1 + a b mod p, which yields 1 + a + b 0 mod p. We now show that the norm of every Hurwitz number α is the norm of some quaternion. If α is already a quaternion then we are done. If not then α has half-integer coordinates and we can write α = a.5 + b.5i + c.5j + d.5k where a, b, c, d are integers. Since every half-integer is within one unit of an even 1

22 integer, we have α = (A + Bi + Cj + Dk) + (x + yi + zj + dk) where x = y = z = w = 1. Therefore α(x yi zj wk) = (A+Bi+cJ +Dkl)(x yi zj wk)+(x+yi+zj +dk)(x yi zj wk) = (A + Bi + Cj + Dk)(x yi zj wk) + 1. Since the last expression is a quaternion, α(x yi zj wk) is a quaternion. Moreover we have N(α) = N(α) 1 = N(α)N(x yi zj dk) = N(α(x yi zj wk)). 10. The rings Z[ ] and Z[ 3] Both are Euclidean: Let R stand for one of these rings. Let α, β R with β 0. Write α/β = u + v d where u, v Q. Choosing x closest to u and y closest to v we have where r, s 1. For d = we have α = (x + y d)β + (r + s d)β For d = 3 we have r s r + s /4 3s r 3s r 1 4. In both cases N((r + s d)β) 3 N(β) < N(β). 4 Units in Z[ ]: We must find all integer solutions to x y = 1. By trial and error, one solution is (x, y) = (3, ), so 3 + is a unit. We want to find all the others.

23 We will classify the units according to x. There are no units with x = 0. When x = 1 the units are ±1. When x = there are no units because x y is an even number. So all units not equal to ±1 have x 3. Next, we classify the units according to y. The units corresponding to y = 0 are ±1. When y = 1 there are no integer solutions to x y = 1, so no units. So all units not equal to ±1 have y. Summary: the units other than ± are of the form x + y where x 3 and y. Classification of units other than ±1 according to the sign of x and y: Type I: x 3 and y : x + y > 1. Type II: x 3 and y : This is the conjugate of a Type I unit, hence 0 < x + y < 1. Type III: x 3 and y : This is 1 times a Type II unit, hence 1 < x + y < 0. Type IV: x 3 and y : This is 1 times a Type I unit, hence x + y < 1. We now find all the Type I units. The smallest one is µ = 3 +. Let α > µ be any other one. Since µ > 1, µ k as k, and so µ k α < µ k+1 for some k. Hence 1 α µ k < µ. Since α is a unit and µ is the smallest Type I unit, the only possiblity µ k is α = 1. Therefore α = µ k. This implies that the Type I units are µ k µ, µ, µ 3,.... All other units can be expressed in terms of these. Hence we can find all solutions to x y = 1. There is nothing special about in the remarks above. We will define the norm of x + y n to be x ny for any integer n. There has to be a lower limit to x and y given that x + y n = 1 is a unit, and we can classify the units as we did above and prove that all Type I solutions are of the form (a + b n) k where a + b n is the smallest Type I unit. The only problem is finding a + b n in the first place we can t do this if there are no Type I solutions to x ny = 1. 3

24 An application: find infinitely many integer solutions to x y = 7. Restate as N(x + y ) = 7. One solution is (x, y) = (3, 1). Others are in the form (x, y) where x + y = u n (3 + ) where N(u) = 1. Another application: find infinitely many integer solutions to x 3y =. One solution is (x, y) = (5, 1). Others are in the form u n where N(u) = 1. It is a theorem that x ny = 1 always has a Type I solution. Instead of doing this in full generality, we will arguing that x 5y = 1 has a nontrivial solution. We will give enough information to indicate how to find the solution, but will omit the actual solution since the details are messy. First suppose we can find a sequence X 1 + Y 1 5, X + Y 5,..., all with the same norm N. If N = 1, great. If N 1, observe that reducing each (X k, Y k ) mod N, there are only N possible reduced pairs, so after looking at the first N + 1 pairs we will have (X i, Y i ) and (X j, Y j ) with X i X j mod N and Y i Y j mod N. This produces a solution to x 5y = 1 as follows: X i + Y i 5 = (X i + Y i 5)(Xj Y j 5) X j + Y j 5 N = (X jx j 5Y i Y j ) + ( X i Y j + X j Y i ) 5. N This works out to A + B 5 for some A, B Z, and A 5B = 1. How to produce the sequence X 1 + Y 1 5, X + Y 5,...: Suppose for each k we can find x k + y k 5 such that 1 yk k and x k y k 5 < 1 k. Then x k 5yk 1 = x k y k 5 xk +y k 5 k ( 1 k +y 1 k 5) = k +y k < 6. k In other words, each x k +y k 5 has norm in the range [ 5, 5]. Since the norm will never be 0, there are 10 possible values of N(x k + y k 5). One of these norms, say N, has to be attained at least N + 1 times, say X1 5Y1 = N, X 5Y = N, etc. How to produce the sequence x 1 +y 1 5, x +y 5,...: Round 5 up to the integer a 1, round 5 up to the integer a, etc. Then the differences a i i 5 all fall between 0 and 1, therefore the differences b i = k(a i i 5) all fall between 0 and k. Each b i lives in exactly one of the intervals (0, 1), (1, ),..., (k 1, k). Since there only k of these intervals, two of the numbers b 1, b,..., b k+1 lie in the same interval. This implies b j b i < 1 where 1 i < j k + 1. In other words, (a j a i ) (j i) 5 < 1 k. We can set x k = a j a i, y k = j i. 4

25 Example using k = 4: a 1 = 5 = 3, a = 5 = 5, a 3 = 3 5 = 7, a 4 = 4 5 = 9, a 5 = 5 5 = 1, b 1 = , b =.11146, b 3 = , b 4 = 0.91, b 5 = Since b 1 and b 5 both live in (3, 4), we have i = 1, j = 5, x 4 = a 5 a 1 = 1 3 = 9, y 4 = 5 1 = 4, = < 1 4. Continued fraction calculation: see hand-written notes. 11. Positive integers of the form x + y and x + y. Theorem: Let n be an integer with prime factorization e 3 e 3 5 e5. Then n = x + y where x, y Z if and only if e p is an even number for each prime p 3 mod 4. Theorem: Let n be an integer. Then n = x + y if and only if every prime factor of n that is prime in Z[i] appears with even exponent in the prime factorization of n. Remark: We proved that the ordinary primes that are prime in Z[i] are those congruent to 3 mod 4. Proof: Suppose the prime factorization of n has this property. Then n = A B where the prime divisors of B are not prime in Z[i]. If p is not prime in Z[i] then p = αβ, therefore p = N(α)N(β), therefore p = N(α). Hence B = p 1 p p k = N(α 1 )N(α ) N(α k ) = N(α k ) = N(α 1 α α k ) = x + y. This implies n = (Ax) + (Ay). Example: = = (1 + 1 )(4 + 1)11 19 = (3 + 5 )11 19 = Conversely, assume n is a sum of two squares. If n does not have the desired prime factorization, then there is a smallest counterexample n 0. Write n 0 = x 0 + y0. Since n 0 does not have the desired prime factorization, there must be some prime divisor p 0 of n 0 that is prime in Z[i]. We have p 0 (x 0 + iy 0 )(x 0 iy 0 ), so by primality p 0 divides one of these factors, so p 0 x 0 and p 0 y 0. This implies that p 0 n 0. Let n 1 = n 0 = (x p 0 /p 0 ) + (y 0 /p 0 ). Since n 0 is 0 the smallest counterexample, n 1 must have the desired prime factorization. Since n 0 = n 1 p, n 0 has the desired prime factorization. Contradiction. So there are no counterexamples and n is a sum of two squares. 5

26 Theorem: Let n be an integer. Then n = x +y if and only if every prime factor of n that is prime in Z[ ] appears with even exponent in the prime factorization of n. Proof: The proof above depends only on the fact that Z[i] has unique factorization into primes. Since Z[ ] also has unique factorization, we can use the same proof. This raises the question: exactly which ordinary primes are prime in Z[ ]? Theorem: An ordinary prime p is prime in Z[ ] if and only if x mod p does not have a solution. Proof: Let p be an ordinary prime which is prime in Z[ ]. If x mod p has a solution then p (x + ), therefore p (x + )(x + ), therefore p (x+ ) or p (x ). But neither is possible: contradiction. So there can be no solution to x mod p. Conversely, suppose x mod p does not have a solution. If p is not prime in Z[ ] then p = αβ, p = N(α), p = a + b, a b mod p. If b is divisible by p then both a and b are divisible by p, hence a + b is divisible by p, which is impossible. Therefore b 0 mod p and b 1 exists mod p. This implies (ab 1 ) mod p, a contradiction. Therefore p is prime in Z[ ]. This raises the question: when does x mod p have a solution? Definition: A quadratic residue mod p is any integer k such that x k mod p has a solution. Characterizing the inequivalent quadratic residues mod p: When p =, both 0 and 1 are quadratic residues. Now let p = r + 1 be an odd prime. The numbers 0, 1,..., r are all distinct mod p, so they represent distinct quadratic residues. Any non-zero quadratic residue a k is a root of x r 1 mod p since a r 1 = k r = k p 1 1 mod p. There can be at most r distinct roots of x r 1 mod p (proved earlier), so 1,,..., r represents a complete list of non-zero inequivalent quadratic residues mod p. Any non-quadratic residue a satisfies a r = a p 1 1 mod p, hence a r ±1 mod p, hence a r 1 mod p. We have proved the following theorem: Theorem (Euler s Criterion): Let p be an odd prime. When (a, p) = 1, a quadratic residue mod p iff a p 1 1 mod p. 6

27 Let p be an odd prime and assume (p, a) = 1. The Legendre symbol is ( ) { } a 1 a is a quadratic residue mod p = a p 1 mod p. p 1 a is not a quadratic residue mod p ( We wish to derive a formula for a p ) for an arbitrary odd prime p that does not depend on computing a p 1 mod p, which can be difficult when p is large. Toward this end, observe that given an odd prime p = r + 1, every integer k is equivalent to a unique number in { r, r + 1,..., 1, 0, 1,..., r 1}. To see this, use the division algorithm to write k + r = dp + s where 0 s r. Then k s r mod p and r s r < r. We will say that k has a negative representation mod p if k s for some s { r, r + 1,..., 1} where p = r + 1. Theorem: Let p = r + 1 be an odd prime and let (a, p) = 1. Then ( ) a = ( 1) n p where n is the number of integers in the set {a, a,..., ra} that have a negative representation mod p. Proof: For each i {1,,..., r} say that ia a i mod p where a i { r, r+1,..., r 1}. Then a 1, a,..., a r is a rearrangement of 1,,..., r. Hence (r!)a r = (1a)(a) (ra) a 1 a a r = a 1 a a r ( 1) n = (r!)( 1) n mod p, ( Let s calculate p a r ( 1) n mod p, ( ) a ( 1) n mod p, p ( ) a = ( 1) n. p ) for an odd prime p. Write p = r + 1. Then { 1,,..., r} {r + 1, r +,..., r 1} 7

28 mod p. Using a = we must determine If r = k then n = {, 4,..., r} {r + 1, r +,..., r 1}. n = {, 4,..., 4k} {k + 1, k +,..., 4k} = {k +, k + 4,..., 4k} = k and ( ) = ( 1) k. 4k + 1 If r = k + 1 then n = {, 4,..., 4k+} {k+, k+3,..., 4k+} = {k+, k+4,..., 4k+} = k+1 and ( ) = ( 1) k+1. 4k + 3 Hence ( ) ( ) a = = ( 1) j = 1 8j + 1 4(j) + 1 ( ) ( ) a = = ( 1) j+1 = 1 8j + 3 4(j) + 3 ( ) ( ) a = = ( 1) j+1 = 1 8j + 5 4(j + 1) + 1 ( ) ( ) a = = ( 1) j+ = 1. 8k + 7 4(j + 1) + 3 Hence is a quadratic residue mod an odd prime p iff p 1, 7 mod 8 and is a non-quadratic residue mod p iff p 3, 5 mod 8. To determine which integers are of the form x +y we must ( decide ) when is a non-quadratic residue mod p. For an odd prime p, ( ) p 1 = p ( ) ( 1) p 1 p 1 ( 1) p 1. This yields p ( ) = ( 1) 4j = 1 8j + 1 8

29 ( ) = ( 1) 4j+1 = 1 8j + 3 ( ) = 1( 1) 4j+ = 1 8j + 5 ( ) = ( 1) 4j+3 = 1. 8k + 7 So x mod p has no solution for an odd prime p iff p 5, 7 mod 8. So n = x + y iff every prime divisor of n congruent to 5 or 7 mod 8 appears with even exponent. Recall the example = = (1 + 1 )(4 + 1)11 19 = (3 + 5 )11 19 = None of the primes in its prime factorization are congruent to 5 or 7 mod 8, so they appear with exponent 0, so this number should be expressible in the form x + y. In fact we have = = (0 + (1 ))(3 + (1 )) (3 + () )(1 + (3 )) = N(0 + 1 )N(3 + 1 ) N(3 + )N(1 + 3 ) = N((0+1 )(3+1 ) (3+ )(1+3 ) ) = N( ) = 114 +(333 ). Moreover = 18, 069, 868, 718 cannot be expressed in the form x + y since the prime 3 is congruent to 7 mod 8 and appears with odd exponent in the prime factorization. 9