.4. Congruences. We say that a is congruent to b modulo N i.e. a b mod N i N divides a b or equivalently i a%n = b%n. So a is congruent modulo N to an

Transcription

1 . Modular arithmetic.. Divisibility. Given ositive numbers a; b, if a 6= 0 we can write b = aq + r for aroriate integers q; r such that 0 r a. The number r is the remainder. We say that a divides b (or ajb) if r = 0 and so b = aq i.e. b factors as a times q... Primes. A number is rime if it can't be factored (as a roduct of two numbers greater or equal to ). If a number factors (i.e. it is not rime), then we say that it is comosite. Exercise.. Find all rime numbers smaller than 00. Here are several imortant questions: () How do we determine whether a number is rime? () How do we factor a number into rimes? (3) How can we nd big rime numbers? (4) How many rime numbers are there? Exercise.. Factor, 3, 34, 35, 36, 847. Exercise.3. Show that every number is either rime or divisible by a rime number. Theorem.4. There are innitely many rime numbers. Proof. Suose that there are only nitely many rime numbers P ; ; P n, then N = P P P n + is not divisible by any rime, hence it does not factor and hence it is a new rime!.3. Divisibility tricks. Recall that a number is even if its last digit is divisible by, it is divisible by 3 if the sum of its digits is divisible by 3, it is divisible by 5 if its last digit is divisible by 5 etc. Why is this? Can we nd other divisibility tricks (eg. for 7)? One ossible exlanation. Let abc be a 3 digit number so that abc = a 00 + b 0 + c. Then abc= = a 50 + b 5 + c= and this is an integer only if c= is an integer. abc=5 = a 0 + b + c=5 and this is an integer only if c=5 is an integer. abc=3 = a 33 + b 3 + (a + b + c)=3 and this is an integer only if (a + b + c)=3 is an integer. A better exlanation is given by congruences. In Python notation r = b%a and q = b==a.

2 .4. Congruences. We say that a is congruent to b modulo N i.e. a b mod N i N divides a b or equivalently i a%n = b%n. So a is congruent modulo N to any number in the arithmetic rogression Here are some examles () mod 0 () mod 00 (3) 359 mod 7 (4) 6 mod 7 f a N; a N; a; a + N; a + N g: Exercise.5. Is 765 divisible by 3? How about 7765? Exercise.6. () What is the last digit of 73 00? () Of 73? (3) What are the last two digits of the numbers above? Solution: Every integer modulo 0 is congruent to one of: f0; ; ; ; 9g: we call this a system of residues modulo 0. residue of We have: Then We now comute the 73 3; 73 9; ; 73 4 : = (73 4 ) 5 = 5 = :.5. Arithmetic of residues (modular arithmetic). Residues modulo 5: f0; ; ; 3; 4g = Z=5. Exercise.7. Write down the addition and multilication tables. We can comute 3 4 =, = etc. We have 0 = 0; 4 = ; 3 = ; = 3; = 4: Check = 0, + 4 = 0, + 3 = 0. Now a=b makes little sense (eg. what does 3=4 mean?). We should write a b, eg From the multilication table, we see that 4 4 = so that 4 = 4 and then 3 4 = 3 4 = : Exercise.8. () Write down the addition and multilication tables for Z=7, Z=8. () Find the additive and multilicative inverses of 5 mod, 7 mod 3, 7 mod 0 and 4 mod 8. (3) Find the order of 359 mod 7. (4) Find the orders of ; 3; ; 9 mod. Do you see a attern? (5) Can you solve x = 5 mod? and x = 6 mod? (6) Show that if a b, c d then a + b b + d and ac bd.

3 3. The Euclidean Algorithm.. The greatest common divisor. By denition the greatest common divisor of two numbers a; b is the largest number that divides both a and b. We denote it by GCD(a; b) or just by (a; b). Eg (7; ) =, (0; 5) = 5, (5555; 793) =. To see the last one, write 5555 = 50 and 793 = 703 so that the sets of divisors are f; 5; ; 55; 0; 505; ; 5555g and f; 7; ; 77; 03; 7; 33; 793g. We can comute the GCD in the following ways: () By brute force: Find all the divisors and comare. () Find all divisors of a and throw out the ones that do not divide b. (3) Comare rime factors and multily the highest owers that divide both numbers. (4) The Euclidean algorithm. The Euclidean algorithm is by far the fastest method (for big numbers)... The Euclidean algorithm. Start with a = 30, b = 547 and let r = a%b be the remainder. Relace a by b and b by r and reeat. The last nonzero remainder is the GCD. a b r q The GCD is 7. Exercise.. Find the GCD of 345, 543 and of , Exercise.. Factor the above numbers..3. Python Code. def gcd(a,b): r=a%b rint a,b,r while r>0: a,b,r = b,r,b%r rint a,b,r return b It works as follows: >>> gcd(30,547) Well ordering rincile. Each nonemty set of ositive integers has a least element.

4 4 Note that this is not true for the rationals. Eg. Q >0 has no smallest number. Proosition.3. Given ositive integers a; b, let S = fax + by > 0g where x; y are any integers. Let g be the least element in S, then g = GCD(a; b). Proof. It is enough to show that g divides GCD(a; b) and that GCD(a; b) divides g. Clearly GCD(a; b) divides a and b so it divides any element in S and so it divides g. To see that g divides GCD(a; b) it is enough to show that g divides a (and that g divides b). Consider a = gq + r, then r = a gq = a (ax + by)q = ( q)ax (bq)y. Now 0 r < g and so r = 0 (else r S contradicting the fact that g is the smallest element of S). Therefore g divides a (and by the same argument it divides b) and so it divides GCD(a; b). So we can always write GCD(a; b) = ax + by: This allows us to nd the inverse of any number a modulo when is rime. In fact GCD(a; ) = so we have = ax + y so modulo we have ax i.e. x = a modulo..5. Finding x and y. Use back substitution! Eg. for a = 30, b = 547 then GCD(a; b) = 7. Recall that a b r q So 763 = , = and 7 = Then 7 = = ( ) = = 73 (30 547) = : Exercise.4. Solve () 543x + 345y = 3 () 543x + 346y =. Exercise.5. Find the multilicative inverse of () 44 mod 3 () 444 mod

5 .6. Python code for the Extended Euclidean Algorithm.. def egcd(a,b): q,r = divmod(a,b) x,y,u,v=,-q,0, while r>0: qq,rr = divmod(b,r) xx,yy=u-qq*x,v-qq*y a,b,r,q,x,y,u,v=b,r,rr,qq,xx,yy,x,y rint a,b,r,q,x,y,u,v return u,v,b Exercise.6. What are the last 4 digits of the multilicative inverse of 7 mod 0 00? Exercise.7. I have encoded my SSN using the algorithm f(x) = 03x mod 0 0. The result is What is my SSN? (You will need a calculator that can comute with 0 digit numbers, eg, ython.) 3. Modular Powers We begin by writing a table for the owers modulo 3, 5, 7. Modulo 3 a a a 3 a 4 a 5 a 6 a Note that after we get a column with all 's (and a 0 at the to), the attern must reeat. Therefore, as soon as (and if) this haens, the table just kees reeating itself (and so we do not bother to kee writing the reeated entries). Modulo 5 a a a 3 a 4 a 5 a 6 a Here, the 4th column has all 's (and a 0 at the to). Modulo 7 a a a 3 a 4 a 5 a 6 a

6 6 Do you notice a attern? The rst attern, seems to be that for all a 6= 0 we have a mod 3; a 4 mod 5; a 6 mod 7. It is easy to guess what the general attern might be: Theorem 3. (Fermat's Little Theorem). Let be any rime and 0 < a <. Then a mod : Eg. 6 mod 3. (Check: 6 = ) Similarly mod 0. (Note that has more than 00 digits, so checking exlicitly might not be so easy!) Proof. We claim that the set fa; a; ; ( )ag is the same as the set f; ; ; g (the elements are not in the same order!). Granting the claim, then we have ( ) = a a ( )a = ( ) a : Since does not divide ( ), it follows that GCD(; ( )) =, so there is a number x such that x ( ) mod. But then x ( ) x ( ) a a as required. To see the claim, we must check that ) The ma x! ax mod induces a ma f; ; ; g! fa; a; ; ( )ag: I.e. that for all x, we have that does not divide ax. This is clear as is a rime number that does not divide either of a and x. ) If x 6= y then ax 6= ay mod (i.e. this function is to ). Suose in fact that ax = ay mod. As GCD(a; ) =, there is a number b such that ba = mod. Therefore bax = bay so that x = y! Exercise 3.. Comute 345 mod 7 Exercise 3.3. Comute 345 mod 0. Exercise 3.4. Comute the order of mod 9, 5, and 35. Can you make a guess about the general attern? 3.. Euler's function. How does Fermat's Little Theorem generalize to numbers m that are not rime? The key thing in the roof is that f; ; ; g are corime with so that they have multilicative inverses in Z. It is then natural to dene (m) = #fa : a m and GCD(a; m) = g: This is Euler's function. We now comute its value for some m's: () () = for all rime numbers. Eg. (7) = 6.

7 () (9) = #f; ; 6 3; 4; 5; 6 6; 7; 8g = 6 (3) (5) = #f; ; 3; 4; 6 5; 6; 7; 8; 9; 6 0; ; ; 3; 4; 6 5; 6; 7; 8; 9; 6 0; ; ; 3; 4g = 0 (4) ( ) = for any rime number. To see this, note that in the list f; g we must erase ; ; ; ( ) so we have ( ) = entries. (5) ( n ) = n n for any rime number. Exlain this in detail! (6) (6) = #f; 5g =. (7) (0) = #f; 3; 7; 9g = 4. (8) (4) = #f; 3; 5; 9; ; 3g = 6. (9) (5) = #f; ; 4; 7; 8; ; 3; 4g = 8 (0) ( q) = ( )(q ) for any rime numbers ; q. To see this, note that in the list f; ; q g we must erase ; ; ; (q ) and q; q; ; ( )q so we have q ( ) (q ) = ( )(q ) entries. () (m n) = (m) (n) whenever GCD(m; n) =. Exercise 3.5. Prove the last fact. Exercise 3.6. Comute (800). Theorem 3.7 (Euler's Formula). If GCD(a; m) =, then a (m) mod m: Exercise 3.8. Comute mod 800. Exercise 3.9. Comute 90 mod 9. Is 9 rime? So if we ick a random number 0 < a < m and we have a m 6= a mod m, then m is not rime. If a m = a mod m, then m maybe rime. If a m = a mod m for many a's, then m is robably rime. Exercise 3.0. There are some comosite numbers such that a m = a mod m for all a m! Can you nd one? 3.. Powers mod m. How would you comute 7 ;000;000;000 mod 0403 by hand? (Or maybe with a ocket calculator.) ) 0403 = 0 03 so (0403) = 000. ) 0 9 = so 7 ;000;000;000 = 7 00 mod ) 7 = 49, 7 4 = 49 = 40, 7 8 = 40 = 539, 7 6 = 539 = 7040, 7 3 = 708, 7 64 = 40, 7 8 = 3733, 7 56 = 567, 7 5 = 5508, 7 04 = 96, = Now 00 = so 7 00 = = 34 mod 0403: This was remarkably quick. It turns out that we did not need to erform ; 000; 000; 000 oerations. Just about log (00), so about oerations. note that in base, the number 00 is Exercise 3.. Comute ;000;000;000 mod 35, mod 0, mod 03. 7

8 8 Exercise 3.. Estimate the number of doublings needed to comute mod Exercise 3.3. Comute 9990 mod 999 without factoring 999. Is 999 rime? Factor k-th roots mod m. We wish to solve the equation x k = b modm: For examle x 5 = 47 mod 999. We have that 999 = and so (999) = 0 96 = 979. Now, GCD(5; 979) = and so we can invert 5 modulo 979. We must write 5 u = mod 979. We use the Euclidean Algorithm to get ( ) =. Therefore (x 5 ) 397 = x 979+ = (x 979 ) x = x mod 999: So x = (47) 397 mod 999. The general strategy to solve x k = b mod m where GCD(b; m) = and GCD(k; (m)) = is exactly the same: () We comute (m). (This is easy if we can factor m.) () Write ku = + (m)v. (Use the Euclidean Algorithm.) (3) Then x = x +(m)v = x ku = b u. (Comute b u via the method of successive squaring. Exercise 3.4. Solve x 5 = 7 mod 35 and x 3 = 37 mod RSA The rst ste is to convert the alhabet to numbers. Eg. A!, B!, C! 3, D! 4, E! 5, F! 6, G! 7,..., Y! 35, Z! 36. So GOODM ORN IN G! This code is very easy to break by frequency analysis. So we want to jumble the numbers u in a way that will look comletely random (to the code breaker). Fix ; q two very large rimes (eg. 00 to 00 digits). Let m = q so that (m) = ( )(q ). Pick k with GCD(k; (m)) =. Everyone knows m; k (they are ublic). ; q (and hence (m)) are secret. For examle, let = 0, q = 03 so that (m) = 000. Pick k = 77. () Break a message u in to numbers < m. (Eg. 75, 54, 35, 84, 94, 700.) () Let b i = a k i mod m. We comute this by reeated squaring to get the encoded message b ; : : : ; b r. This is made ublic/sent to the intended receiver. (Eg. b i = a 77 i mod 0403 gives 4377, 9088, 475, 64, 3358, 35.)

9 (3) To decode, solve x k = b i mod m. So nd j with jk = mod (m). Then a i = b j i mod m. (Eg. j = 83. Check that kj = mod 000 and that = 75 mod 0403 etc.) This system is very easy to exlain and imlement on a comuter. In order to decode it you must know (m) So you must factor m. This is very hard! Factoring a 00 digit number requires about 0 00 comutations! In contrast, it is easy to roduce big rimes. (We will do this later.) Question: Couldn't we nd (m) without factoring m and so easily break the code? Answer: No. Since m = q, if we know (m) = ( )(q ) = m q + then we know +q = m (m)+ and so we can nd the roots of x ( + q)x + m = 0. But these are the roots of (x )(x q) and hence we have found ; q. Exercise 4.. Encode GOODMORNING using m = 77 ( digits at a time). Decode 33; 7; ; ; 4; 53; 73; RSA signatures. In ractice each individual (A,B,C...) will have will have his/her secret rimes A ; q A and will make m A = A q A and k A ublic. Anyone can encryt a message and send it to A (or B, C etc.). Just do a ; : : : ; a r! a k A ; : : : ; a k A r = b ; : : : ; b r : We assume that b ; : : : ; b r is ublic (or could be interceted!). Only A can decode this message since only A knows (m A ) so only A can solve j A k A = mod (m A ) and then comute a i = b j A i mod m A. Suose that A is execting a message from B. How does A know that it really comes from the friendly B and not from the evil C? B can attach a signature as follows: BART SIMP SON! ; : : : ; s! j B ; : : : ; j B s mod m B : Only B can do this. Only B can nd j B. Now B encodes his message with the signature aended a ; : : : ; a r ; j B ; : : : ; j B s! b ; : : : ; b r ; b r+ ; : : : ; b r+s = a k A r ; : : : ; a k A Only A can decode the message and see a ; : : : ; a r ; j B ; : : : ; j B s. But everyone knows k B so A can comute ( j B ) k B ; : : : ; ( j B s ) k B = ; : : : ; s = BART SIMP SON: So A can tell that B sent the message and no one else can! 5. Counting large rimes We already know that there are innitely many rime numbers, but how common are they? Eg: \Half of the numbers are even." 9 ; ( j B ) k A ; : : : ; ( j B s ) k A :

10 0 To be more recise, if we let ev(x) = #feven numbers n with n xg then ev() = 0, ev() =, ev(3) =, ev(4) =, ev(5) =, etc. So ev(x) = x= if x is even and ev(x) = (x )= if x is odd. Then ev(x)=x = = if x is even and ev(x)=x = = =x if x is odd. Then ev(x)=x! = and x!. Eg ev(0; 000)=0; 000 = = and ev(000)=0; 00 = = =0; 00 = 0:49995:::. We will now consider the function (x) = #frimes such that xg: Exercise 5.. Find (0), (5), (50), (00). Use a comuter to nd (; 000), (; 000), (4; 000), (8; 000), (6; 000). We have x (x) (x)=x It would be reasonable to guess that (x)=x! 0 as x!. This means that for any > 0, we have that for big values of x the inequality (x) < x. 5.. The Prime Number Theorem. Theorem 5.. We have that (x)=(x=ln(x))! as x!, i.e. lim x! (x) x=ln(x) = : This means that for large x, the number (x) is very close to x=ln(x). Eg. (0 0 )=0 0 =ln(0 0 ) = =0ln(0) = 0:0434:::. So the robability of a random number n 0 0 being rime is 4:34%. Exercise 5.3. How many rimes 0 0 are there? How many rimes with 0 digits? How many rimes between 0 0 and Finding large rimes We would like to roduce big rime numbers (eg. with 00 digits). We could ick a random number with 00 digits and try and divide by all the numbers = (0 00 ) = = This would take way too long. Exercise 6.. How long would this take assuming we can erform ; 000; 000; 000 divisions each second? We will haily settle for a number which is rime with robability say 99:9999%.

11 6.. Primality testing. How can we test if is rime? By Fermat's little theorem, if is rime then a = a mod for all a : So if a 6= a mod, then is denitely not rime. If a = a mod, we have some evidence that might be rime. If a = a, a = a,..., a 00 = a 00 mod we are temted to conclude that is robably rime. But what is the actual robability? Also, does this test detect all non-rime numbers? If n = 0, then 0 = 4, 3 0 = 9, 4 0 = 6, 7 0 = 9, 8 0 = 4 and 9 0 = mod 0 so we have 6 negatives (AKA witnesses) and 3 false ositives (the numbers ; 5; 6). Therefore this test is 6=9 = 66:67% eective. Eg. n = 935 has 908 negatives/witnesses i.e. numbers such that a 6= a mod. So this test is 908=934 = 97:% accurate. Eg. n = 87; 90; 34 accuracy = 96:9%; 78:9%; 98:7%. Problem: 56 = 3 7 satises a 56 = a mod 56 for all a 56. The test is 0% accurate. Proof. (56) = 0 6 = 30. It is enough to show that a 56 = a mod 3; ; 7. Modulo 3: If GCD(a; 3) =, then a =, so a 560 = (a ) 80 = 80 =. Modulo : If GCD(a; ) =, then a 0 =, so a 560 = (a 0 ) 5 6 = 56 =. Modulo 7: If GCD(a; 7) =, then a 6 =, so a 560 = (a 6 ) 0 = 0 =. Numbers with this roerty (a = a mod for all a ) are called Carmichael numbers. Eg. 56, 05, 79, 465, 8, 660, 89 are all the Carmichael numbers less than 0; 000. So maybe these numbers are very rare and this is not a roblem. Exercise 6.. Can you show that there are innitely many Carmichael numbers? Notice that 560 = 54 6= mod 56, so maybe we should be testing for a m = mod m (not a m = a mod m). It would be even better to nd a test that always works! 6.. The Miller Rabin test. Theorem 6.3. If 6= is rime, then we write = q k where q is odd. If (a; ) = then either ) a q = mod, or ) a q = or a q = or a 4q = or... or a k q = mod. Proof. We will use that fact that if is rime, then the only numbers that square to mod are ;. Now, a kq = a = so a k q =

12 . If a k q = we are done, otherwise a k q =. Reeat this rocedure until ossibly a q =. if its a q = we are in case. Otherwise, a q = and we are in case. Notice that for a comosite number such as 4 we may have many more square roots of (eg. ; 5; 9; 3). The Rabin Miller test for rime numbers works as follows: Pick n any odd integer, and write n = q k with q odd. If a q 6= mod n and a iq 6= mod n for i = 0; ; : : : ; k, then n is comosite. Theorem 6.4. If n is comosite and odd, then at least 75% of the numbers between and n fail the Rabin Miller test. So at least 75% of such numbers are Rabin-Miller witnesses. So if n asses the test for 00 random numbers, then n is not rime with robability less than 0:5 00 = =( 00 ) Exercise 6.5. Aly the Rabin-Miller test with a = to n = The Primitive Element Theorem We now return to the study of owers of a number a mod where is rime. By Fermat's Little Theorem, we know that for all a we have a = mod. We would now like to answer, the question: Are there any smaller owers such that a e = mod?. Let e (a) be the smallest ositive number such that a e(a) = mod. The number e (a) is the exonent of a mod. Exercise 7.. Find e (a) for a and = 5; 7;. Do you see a attern? There are two main observations, that are true for all rimes: Theorem 7.. Let be any rime and a. Then () e (a) divides. () There are exactly ( ) distinct numbers a such that e (a) =. Proof. For ), if e (a) does not divide, then g = GCD(e (a); ) < e (a) and we may write g = xe (a) + y( ) so that a g = a xe(a)+y( ) = (a e(a) ) x (a ) y = x y = and this contradicts the fact that e (a) is the smallest integer such that a e = mod. For ) we roceed as follows: since e (a) always divides, we begin by counting how many a's with exonent e < are there? If = q n where q is rime, then if e (a) 6=, we have that e (a) divides q n and hence a is a root of the olynomial x qn = 0. There are at most q n such roots and so there are at least q n q n > 0 rimitive roots. If = q n qr nr with r, then if e (a) 6=,

13 we have that e (a) divides ( )=q or e (a) divides ( )=q, so a is a root of (x ( )=q )(x ( )=q ) = 0. There are at most ( )=q + ( )=q distinct roots of this equation (the root is counted twice). It follows that there are at least ( )=q ( )=q + = ( )( q q ) + > 0 rimitive roots. (We have used the fact that q i so that q + q.) We have so far veried that there is at least one rimitive root say g. So we know that f; : : : ; g = fg; g ; : : : ; g g (as unordered sets). The order of g i is exactly when GCD(i; ) = (exercise for the reader) and so we have exactly ( ) rimitive roots. Exercise 7.3. Find an element of order mod 3 (i.e. a rimitive element). What are the other elements of order? Find elements of order ; 3; 4; 6. Is there an element of order 5? 8. Squares modulo a rime Exercise 8.. Is 5 a square modulo? I.e. can we nd a number a such that a = 5 mod? Exercise 8.. Comute all squares mod 3, 7, 9, 3. Do you notice a attern? Theorem 8.3. Let be a rime, then there are ( )= non-zero squares mod. Proof. Clearly a = ( a) so there can be at most ( )= distinct squares. Suose that there are less than ( )= squares, then there is a number say a which is the square of at least 3 dierent numbers, say b; c; d mod. But then b; c; d are distinct roots of x a. This is imossible! (In fact, then x b, x c and x d all divide x a so x a is divisible by a degree 3 equation which is imossible.) Exercise 8.4. Show that if is a rime and a is a root of x + bx + c, then a and (b + a) are the only roots of x + bx + c. Exercise 8.5. Find a number m and an equation x + bx + c that has at least 3 solution. Conclude that x + bx + c has more than one factorization. We will call the squares mod Quadratic Residues or just QR. The non-zero numbers that are not QR will be called Non Residues or just NR. 3

14 4 The next observation is that if a and b are squares modulo, then ab is a square mod. In other words QR QR = QR: Exercise 8.6. What haens when you multily QR NR, NR NR or NR QR mod 7? Exeriment mod. Can you draw any conclusions? Theorem 8.7. Let be a rime, then modulo, we have that QR QR = QR, QR NR = NR QR = NR and NR NR = QR Proof. The rimitive root Theorem states that there is an integer g such that g; g ; : : : ; g gives all numbers x mod. The QR's are exactly the even owers of g and the NR are the odd owers. So, to verify that NR QR = NR we take a non-residue of the form g k+ and a residue of the form g j and we multily them to get g k+ g j = g (k+j)+ which is not a residue as (k+j)+ is odd. So multilying QR's and NR's behaves like multilying and. It makes sense to dene the Legendre symbol of a mod as follows: ( a ) = if a is a QR mod and ( a ) = if a is a NR mod. So, if a is a QR and b is a NR mod, then ab is a NR mod which can be exressed by the following equality: a a b = = ( ) = : Exercise 8.8. Find a rimitive element mod = ; 3; 7. Find all QR's mod = ; 3; 7. Exercise 8.9. Find the sum of all QR's a mod = ; 3; 7. Do the same for the NR's. Do you notice a attern? Exercise 8.0. Comute ( ) for = 3; 5; 7; ; 3; 7; 9; 3; 9; 3. Do you notice a attern? The attern is: = if = mod 4; = if = 3 mod 4: This follows immediately from Euler's Criterion: If 6= is a rime, then a a ( )= = mod : Clearly, if = mod 4, then = 4k + so that ( ) = ( )k = and if = 3 mod 4, then = 4k + 3 so that ( ) = ( )k+ =. It remains to rove Euler's Criterion:

15 Proof. If a is a QR, then a = b so that a ( )= = b = as required. If a is a NR, then a is an odd ower of a rimitive element, i.e. a = g k+ so that a ( )= = g (k+)( )= = (g ) k g ( )= = g ( )= : Now, g = so that g ( )= =, but since e (g) = (i.e. is the smallest ower e such that g e = ), then g ( )= =. Next we would like to determine When is a QR mod? I.e. we would like to comute ( ) for all odd rimes. Exercise 8.. Determine ( ) for all rimes Do you see a attern? The attern (which is hard to sot) is = if = or 7 mod 8; = if = 3 or 5 mod 8: Proof. We multily the even numbers 4 6 ( ) = ( )= 3 : We now wish to rewrite the LHS 4 6 ( ) in a dierent way. Consider the numbers > ( )= which are : : : ; ( 5); ( 3); ( ) or equivalently : : : ; 5; 3;. So when we multily 46 ( ), we are actually multilying all the even numbers ( )= and all the odd numbers ( )= with a minus sign. Therefore 4 6 ( ) = ( ) t where t is the number of odd integers a ( )=. Comaring the two equations above and canceling a ( )=, we get ( )= = ( ) t mod : We now can easily conclude via a case by case analysis: If = mod 8, then = 8k + so that ( )= = 4k and t = k. Then ( )= = ( ) k = mod and by Euler's Criterion, is a square mod. If = 3; 5; 7 mod 8, then = 8k + 3; 8k + 5; 8k + 7 so that ( )= = 4k + ; 4k + ; 4k + 3 and hence t = k + ; k + ; k + and hence ( )= = ; ; and by Euler's Criterion, is a NR, NR, QR mod. Exercise 8.. Comute ( ) ) for = 0; 03; 07; 09; 3. Exercise 8.3. Does x + 4x + 54 have a solution mod 97; 0; 03? If a > ( )=, then (+)= > a so that (+)= a i.e. ( )= a. 5

16 6 8.. Quadratic recirocity. We would like to comute ( a ) for any integer a. If we write a = q n qr nr, then we have ( a ) = ( qn ) ( qnr r ). Now if n i is even, then q n i i is clearly a square so that ( qn i i ) =. If n i is odd, then ( qn i i ) = ( q i ). Therefore, we just need to comute q for any rimes q; : Exercise 8.4. Make a table for ( q ) for the rimes 3; 5; 7; ; 3; 7; 9; 3; 9. Can you see a attern? Look at the rows and columns for = 5; 3; 7; 9. Now rub these out. Is there a attern? The attern is the following: Theorem 8.5. If 6= q are rimes, then 3 q = if either = mod 4 or q = mod 4; q q = if 6= mod 4 and q 6= mod 4: q Exercise 8.6. Comute ( ), ( ), ( ): We also have the Generalized Law of Quadratic Recirocity: Theorem 8.7. Let a; b be odd numbers, then () ( ) = if b = mod 4 and ( ) = if b = 3 mod 4 b b () ( ) = b if b = mod 8 and ( ) = if b = 3 mod 8, b (3) ( a) = ( b ) if either a = mod 4 or b = mod 4; b a and ( a) = b ( b ) if a 6= mod 4 and a 6= mod 4: a 9. Pythagorean triles By denition, a Pythagorean trile is an integer solution to the equation a +b = c. It yields a rectangle triangle with sides of integer length a; b; c. You are robably familiar with the Pythagorean trile 3; 4; 5. Exercise 9.. Can you nd any other Pythagorean triles? Of course, 6; 8; 0 is also a Pythagorean trile and so is 3a; 4a; 5a for any ositive integer a. We will say that a; b; c is a rimitive Pythagorean trile if a +b = c and a; b; c have no common factors. (5; ; 3) is another such trile. 3 Together with the rules ) ( ) = if = mod 4 and ( ) = if = 3 mod 4 and ) ( ) = if = mod 8 and ( ) = if = 3 mod 8, this is known as the Law of Quadratic Recirocity.

17 Exercise 9.. Can you nd any other rimitive Pythagorean triles? Can you show that there are innitely many such triles? Write a rogram to nd all such triles with a; b 00. We would like to nd all rimitive Pythagorean triles. We notice that if a and b are even, then c is even so that is a common factor of a; b; c and then a; b; c is not a rimitive trile. If a and b are both odd, then a = x +, b = y + and c = a + b = 4x + 4x + + 4y + 4y + = mod 4: Now, is not a square mod 4 so this is imossible. Therefore we conclude that the set a; b are not both even or odd. So, we may assume that a is odd; b is even; and c is odd: We now consider the factorization a = c b = (c b)(c + b): We claim that: Both c b and c + b are squares. Proof. First of all g = GCD(c b; c + b) = as otherwise g divides c b and c + b so that g divides c = ((c b) + (c + b)) and g divides b = ((c + b) (c b)). Since c + b is odd, g is odd, so g divides c and b and hence g divides a (as g divides a = c b ) so that as a; b; c have no common factor, we have g =. So, if is a rime number such that divides c + b, then does not divide c b. Let t be the highest ower of dividing c + b, then t is the highest ower of dividing a = (c b)(c + b): Therefore t is even and so if we write c + b = n nr r with i distinct rimes, we have that all the n i are even so that c + b is a square. The same reasoning also shows that c b is a square. So we write c + b = s and c b = t where s > t are odd integers. Therefore, we have that Theorem 9.3. All rimitive Pythagorean triles are of the form c = s + t ; b = s t ; and a = st for some odd integers s > t. 0. Which rime numbers are sums of two squares Exercise 0.. Find all rime numbers 47 that are sums of two squares. do you notice a attern? The attern is Theorem 0.. A rime number 6= is the sum of two squares if and only if = mod 4. 7

18 8 Proof. If is the sum of two squares, then = mod 4: To see this, write = a + b. As is odd, then we may assume that a is even and b is odd. So mod 4 we have a f0; g so that a = 0 mod 4. Similarly b f; 3g mod 4 so that b = mod 4, so = 0 + = mod 4. If = mod 4 then is the sum of two squares: This imlication is much harder! The idea is as follows: By quadratic recirocity, we know that = A mod so letting B =, we have A + B = 0 mod i.e. A + B = M. If M = we are done. Otherwise we need a rocedure to nd new integers a; b; m such that a + b = m and m < M. We then reeat this rocedure until m =. This is known as Fermat's Descent Procedure. This is how it works: () Let be any rime with = mod 4 (eg. 53), we may write A + B = M with M < (eg = 0 53). () We may ick u = A; v = B mod M such that M u; v M (eg. u = 3, v = ), then u + v = A + B = 0 mod M. (3) We have u + v = Mr and A + B = M for some r < M (eg. 3 + ( ) = 0 and = 0 53). Notice that r 6= 0 since otherwise u + v = 0 so u = v = 0 so A = u = 0 mod M and B = v = 0 mod M. But then M divides A + B = M so that M divides. But < M < so that this is imossible. Notice that r < M since r = u +v (M=) +(M=) = M < M M M. (4) If we multily these together, we get (ua + vb) + (va ub) = (u + v )(A + B ) = M r: (5) Notice that (ua + vb) = A + B = M = 0 mod M and (va ub) = BA AB = 0 mod M. So (ua + vb) and (va ub) are divisible by M. (Eg.(uA + vb) = 39 9 = 0 and (va ub) = 3 57 = 70.) (6) We have therefore obtained the equation ua + vb va ub + = r M M with r < M (eg. + ( 7) = + 7 = 53). Reeating this we will get r = as required. Exercise 0.3. Use Fermat's descent rocedure to write 97 as the sum of squares. Do the same for = 88.. Fermat's Last Theorem In the 7th century Fermat stated that the equation a n + b n = c n

19 has no solutions for n 3 and a; b; c > 0. Remember that for n = this equation has innitely many solutions and we can describe all of these. So this fact is very surrising. It also turns out to be a very dee result which was eventually roven by Wiles at the end of the 0th century. We will show the following: Theorem.. The equation a n + b n = c n has no solution when n is divisible by 4 and a; b; c > 0. Proof. It is enough to show that the equation x 4 + y 4 = z has no solution for x; y; z > 0. In fact if a; b; c is a solution of the original equation, then x = a n=4, y = b n=4 and z = c n= are solutions to our new equation. The idea is once again to show that if there is a solution x; y; z, then we can nd a new solution x 0 ; y 0 ; z 0 with z 0 < z. We can't reeat this innitely many times, so there was no solution to begin with! To begin with, notice that we may assume that x; y; z have no common factor. Now, if we let a = x, b = y and c = z, then a; b; c is a rimitive Pythagorean trile and so we may write x = a = st; y = b = s t ; z = c = s + t for some odd integers s; t with no common factor. Now st = x is an odd square so that st = mod 4. It follows that either Also, we have s = t = mod 4 or s = t = = 3 mod 4: y = s t = (s + t)(s t): Since s; t are odd and relatively rime, then the only common factor of s + t and s t is. Now 4 divides s t so s + t = r where r is an odd number. Now y = (s t)(s + t) so we have s + t = u and s t = 4v where GCD(u; v) =. Solving for s; t we get s = u + v and t = u v ; and so from the formula x = st it follows that x = u 4 4v 4 or x + 4v 4 = u 4 : We now let A = x, B = v and C = u so that A = B + C and A; B; C have no common factor i.e. A; B; C is a rimitive Pythagorean trilet. Therefore, we know that there are odd relatively rime integers S; T such that x = A = ST; v = B = S T ; u = C = S + T : 9

20 0 So we get 4v = S T = (S T )(S + T ): Now GCD(S T; S + T ) = (S; T are odd and relatively rime). So we must have S + T = x and S T = y so S = x + y and T = x y so u = S + T = (x + y ) + (x y ) = x 4 + y 4 : This is the new solution (x; y; u) to the original equation x 4 + y 4 = z. We must still show that u < z, but this is clear from the formula z = s + t = (u + v ) + (u v ). Answers to the exercises: = u 4 + 4v 4 : Ex. (.), 3, 5, 7,, 3, 7, 9, 3, 9, 3, 37, 4, 43, 47, 53, 59, 6, 67, 7, 73, 79, 83, 87, 89, 97. Ex. (.) = 3, 3 = 3 4, 34 = 67, 35 = 5 3 9, 36 = Ex. (.5) 3 does not divide 765, but it does divide Ex. (.6) To comute the last two digits of we just need to comute the last two digits of various owers of 73: 73 = 9, 73 4 = 4, 73 8 = 8, 73 6 = 6, 73 3 =, = 4, = = 4 4 = = = = 57. Ex. (.7) () 5 9 = mod, 7 0 = mod 3, 7 9 = mod 0, 4 mod 8 does not exist. (3) Mod 7 we have 359 =, = 4, 3 = 8, 4 = 6 = so 8 =. (4) Mod the owers of are ; 4; 8; 5; 0; 9; 7; 3; 6; so the order is 0. The owers of 3 are 3; 9; 5; 4; so the order is 5. The owers of 4 are 4; 5; 9; 3; so the order is 5. The owers of 5 are 5; 3; 4; 9; so the order is 5. The owers of 6 are 6; 3; 7; 9; 0; 5; 8; 4; ; so the order is 0. The owers of 7 are 7; 5; ; 3; 0; 4; 6; 9; 8; so the order is 0. The owers of 8 are 8; 9; 6; 4; 0; 3; ; 5; 7; so the order is 0. The owers of 9 are 9; 4; 3; 5; so the order is 5. The owers of 0 are 0; so the order is. (5) the squares mod are: ; 4; 9; 5; 3 so x = 6 has no solution mod and 4 = 7 = 5. Ex. (.) 543 = , 345 = , 494 = 463+5, 463 = 645+3, 5 = 53+0 so GCD(543; 345) = %89643 = , 89643% = 07886, %07886 = , 07886% = 03, %03 = %797 =

21 486, 797%486 = 73, 486%73 = 667, 73%667 = 506, 667%506 = 6, 506%6 = 3, 6%3 = 0 Ex. (.) 345 = , 543 = , = and has no divisors 4. We would need to use a comuter = (we got lucky here). Ex. (.4) () (referring to ex..) 3 = = ( ) = = 39( ) = = ( ) = : Ex. (.5) () 3 = 44+35, 44 = 35+9, 35 = 93+8, 9 = 8+ so = 9 8 = 9 (35 93) = = 4(44 35) 35 = = (3 44 ) = so 4 44 = mod 3. Ex. (.6) ::::::abcd 7 = + X 0 00 = :::::000. So 7d = mod 0 i.e. d = 3, c3 7 = mod 00 i.e. c 70 = 5 = 50 = 50 mod 00 so that c 7 = 5, mod 0 so that c = 5, b53 7 = mod 000 i.e. b 700 = 90 = 00 mod 000 i.e. b 7 =, mod 0 so b = 3 a3537 = mod 0000 i.e. a7000 = 600 = 4000 mod 0000 so a 7 = 4 mod 0 so a =. Ex. (.7) 0 0 = , 03 = , 66 = , 37 = 9 + 8, 9 = , 8 = 5 + 3, 5 = 3 +, 3 = +. So = 3 = 3 (5 3) = 3 5 = (8 5) 5 = = 8 (9 8 3) 3 = = (37 9) 9 3 = = 37 (66 37) 4 = = (03 66) = = 03 5 ( ) 39 = So 03 = mod 0 0 so SSN = = mod 0 0 Ex. (3.) = 4, 4 = ( ) = 4 = 6 =, 8 = ( 4 ) = ( ) =. Since 345 = , we have 345 = ( 8 ) 543 = 543 = : Ex. (3.3) = 4, 4 = 6, 8 = 56 = 54, 6 = 54 = 96 = 88, 3 = 88 = 7744 = 68. So 345 = ( 00 ) 3 45 = = = 4: Ex. (3.4) Mod 9: 3 =, 6 =. Mod 5: 4 = 6 =, 8 =. The order is 8. Mod : 5 = 3 =, 6 = =. The order is 6. Mod 35: 6 = 64 = 9, 7 = 58 = 3, 8 = 46 =, 9 =, 0 = 44 = 9, = 8, = 36 =. The order is. Ex. (3.6) 480. Ex. (3.8) 7. Ex. (3.9) 90 = 64 6= mod 9. 9 is not rime!

22 Ex. (3.) Mod 35, we have (35) = 4 6 = 4 so 0 9 %4 = 6 and 09 = 6. Now 4 = 6, 8 = 6 = 56 =, 6 = = = 6. Mod 0: (0) = 00 so that 09 = ( 00 ) 07 = 07 =. Mod 03: (03) = 0, 0 9 %0 = = 6, 8 = 56 = 50, 6 = 500 = 8, 3 = 8 = 784 = 63, 58 = = = 5. Ex. (3.) (0 03) ; 000; 000 and log (0 6 ) 0 so about 0 doublings. Ex. (3.3) 9990 = 4599 mod 999. Ex. (3.4) Mod 35: (35) = 4, 5 5 = mod 4 so x = (x 5 ) 5 = 7 5 = 7 mod 35. Mod 0: (0) = 00 and 3 67 = 0 = mod 00 so x = (x 3 ) 67 = mod 0. Now 37 = 56, 37 4 = 5, 37 8 = 5, 37 6 = 9, 37 3 = 58, = 3. So = = 97. Ex. (4.) 5, 53,53,4,3,53,63,73,68,73,5; WELLDONE (note that (77) = 60 and 7 03 = 7 = mod 60). Ex. (5.3) (0 0 ) 434; 94; 48; (0 0 ) (0 9 ) 434; 94; 48 48; 54; 94 = 386; 039; 540; ( ) (0 0 ) = 4; 54 Ex. (6.) 0 4 s = : hrs = 3: years. Ex. (7.) n = 560 = = 63 mod = 63 = 66 mod = 66 = 67 mod = 67 = mod 56 and 560 = = mod 56. So 56 failed the Rabin-Miller test, therefore it can not be rime. is a Rabin-Miller witness for the number 56. Ex. (7.3) 4 = 3 and 3 = 8 mod 3, so the order of is. The other elements of order are 5, 7,. has order 6, 3 has order 4, 4 has order 3 and 6 has order. Ex. (8.) We square all the residues mod and we get 0 = 0 ; = = 0, 4 = = 9, 9 = 3 = 8, 5 = 4 = 7 and 3 = 5 = 6 mod. So the answer is yes. Ex. (8.) Mod 3: ; 4; 9; 3; ; 0. Mod 7: ; 4; 9; 6; 8; ; 5; 3. Mod 9: ; 4; 9; 6; 6; 7; ; 7; 5 Mod 3: ; 4; 9; 6; ; 3; 3; 8; ; 8; 6. Ex. (8.4) (x a)(x + b + a) = x + b x a(b + a) so we must show that c = a(b + a) but this is clear as a is a root of x + b x + c so a + ab + c = 0. If z is a third root of x + b x + c mod, then (z a)(z + b + a) = 0 so that divides (z a) or it divides (z + b + a), but then z = a mod or z = b a mod. So these are the only two roots. Ex. (8.5) ; 4; 8; 0 are roots of x = 4 mod so x 4 = (x )(x 0) = (x 4)(x 8). Ex. (8.6) QR=, 4, ; NR = 3, 5, 6 so QR * NR =NR * QR =3, 5, 6 =NR and NR * NR =, 4, = QR. Ex. (8.8) Mod : ; QR= 0 =, = 4, 4 = 5, 6 = 9, 8 = 3. Mod 3: ; QR= 0 =, = 4, 4 = 3, 6 =, 8 = 9, 0 = 0.

23 Mod 7: 3; QR=3 0 =, 3 = 9, 3 4 = 3, 3 6 = 5, 3 8 = 6, 3 0 = 8, 3 = 4, 3 4 =. Ex. (8.9) Mod : = ; Mod 3: = 39 Mod 7: = 68. They are all 0 mod. Ex. (8.0) ( 3 ) =, ( ) =, ( ) =, ( ) =, ( 3) =, 5 7 ; ( ) =, ( ) = ( 3) =, ( ) =, ( ) =. 7 9 ; 9 3 Ex. (8.) ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) =, ( ) = Ex. (8.) ( ) = ; ; ; ; and ( ) = ; ; ; ;. Ex. (8.3) x + 4x + 54 = (x + ) + 50 so is 50 = 5 a square mod? Equivalently is a square mod? Mod 97: ( ) = and ( ) = so no Mod 0: ( ) = so no. Mod 03 ( ) so no. Ex. (8.6) ( 44) = ( ) = ( 53) = ( 9 ) = ( ) = ( ) = ( 9 3 ) = ; ( 5 0 ) = ( 0 5 ) = ( 49 5 ) = ; Ex.(0.) = +, 5 = +, 3 = + 3, 7 = + 5, 9 = + 5, 37 = + 6, 4 = Ex. (0.3) A =, B = so + = 5 97 so M = 5, u = ; v = so (ua + vb)=m = 9 and (va ub)=m = 4, so 97 =