NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Transcription

1 NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two oerations defined on them, addition and multilication, which are associative (a + (b + c) = (a + b) + c, a(bc) = (ab)c for a, b, c Z) and commutative (a + b = b + a, ab = ba). Moreover, these oerations interact via the distributive law (a(b + c) = ab + ac) and have neutral elements 0 and 1 resectively (a+0 = a and a 1 = a). Notice also that each integer can be negated (a+( a) = 0). In modern algebra language, a set having the aforementioned roerties is called a commutative ring. The two oerations in Z are not, however, created equal, for while every integer can be negated (for examle, 3 + ( 3) = 0), not every integer can be inverted (for examle, there is no integer b such that 3b = 1). Indeed, the only integers whose recirocals are also integers are 1 and 1. In general, an element a of a commutative ring is called a unit if there is an element b of the ring such that ab = 1. The rational numbers, denoted by Q, are all the ratios of integers: Q = {a/b a, b Z and b 0} (of course, we consider 4 and 2, for examle, to be the same element of 6 3 Q). Like Z, Q is a commutative ring, but in contrast any nonzero element of Q is a unit (if a Q and a 0, then b Q also); commutative b a rings having this additional roerty are called fields. Another field you are familiar with is the real numbers, denoted by R. Notice that Z Q R. We know how Z sits in R (imagine a number line with the integers marked off); you may have thought less about how Q sits in R. Proosition 1. Between any two real numbers, there is a rational number. Proof. Suose a, b R with a < b. Let n be a ositive integer large enough that 1 < b a. Since the rational numbers n {..., 2/n, 1/n, 0, 1/n, 2/n,... } are saced 1 n aart, at least one of them lies between a and b. Because of Proosition 1, we say that Q is dense in R. However, not every real number is rational; a real number which is not rational is called irrational.

2 Proosition 2. e is irrational. Proof. Suose that e were rational. Then e = a/b for some ositive integers a and b. It follows that the number α defined by ( α = b! e 1 1 1! 1 2! 1 3! 1 ) b! is an integer (imagine multilying the b! through). Moreover, since e is defined by 1 e = n!, n=0 we also have that α is ositive. Next note that the definition of e, along with the formula for the sum of a convergent geometric series, imlies that ( ) 1 α = b! (b + 1)! + 1 (b + 2)! + = 1 b (b + 1)(b + 2) + < 1 b (b + 1) 2 + = 1 b b+1 = 1 b 1. We conclude that α < 1, which is a contradiction since α is a ositive integer. Note that e is an infinite sum of ositive rational numbers - as such, it is the limit of an increasing sequence of rational numbers (namely, the sequence of artial sums) - yet e itself is not rational. The set of real numbers R has the remarkable roerty that every increasing sequence of rational numbers is either unbounded or converges to an element of R. In fact, R is the smallest such field, in the sense that any other field which contains Q and has this roerty also contains R as a subfield. We will see more irrational numbers later; in fact, it turns out that the irrationals are much more numerous than the rationals. Another field that you may have worked with is the field of comlex numbers C: C = {a + bi a, b R}, where i 2 = 1. Many of the commutative rings that we study in these notes (for examle, Z, Q and R) are contained in C.

3 DIVISIBILITY Let us first focus on the multilicative structure of Z. We begin by discussing how integers break down into simler multilicative arts. Definition 3. If a, b Z, we say that b divides a, and write b a, if there is an integer c such that a = bc. Synonyms for b divides a that you may be familiar with are b is a divisor of a, b is a factor of a, a is a multile of b and a is divisible by b. If b is not a divisor of a, we write b a. Examle , 7 16 Examle 5. The ositive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. Notice that any integer a is a divisor of 0 (0 = a 0) and is divisible by 1 (a = 1 a). A direct consequence of the former statement is the following surrisingly useful result. Corollary 6. If a is an integer and there is a ositive integer b such that b a, then a 0. We have thus far only discussed divisibility in Z. The analogous notion of divisibility in Q is trivial in the following sense: if r is a nonzero rational number, then r divides every rational number (this follows from the fact that we can invert any nonzero element of Q). In fact, the same is true in every field; for this reason, when we discuss divisibility we will mean it in the context of the integers unless otherwise stated. Proosition 7. Let a, b, c Z. (1) If a b and b c, then a c. (2) If a b and a c, then for any integers x and y, a (xb + yc). Proof. (1) Since a b and b c, there are integers m and n such that b = am and c = bn. Then c = (am)n = a(mn). Since mn is an integer, it follows that a c. (2) Since a b and a c, there are integers m and n such that b = am and c = an. Then and so a (xb + yc). xb + yc = x(am) + y(an) = a(xm + yn),

4 THE PRIMES Notice that every integer n > 1 has at least two ositive divisors, namely 1 and n (these are sometimes called the trivial divisors of n). If d n and 1 < d < n, d is called a roer divisor of n. Definition 8. An integer > 1 is called rime if its only ositive divisors are 1 and (i.e., if it has no roer divisors). An integer n > 1 that is not rime is called comosite. Examle 9. The first five rimes are 2, 3, 5, 7 and 11. Primes can be thought of, then, as multilicatively the simlest ositive integers. We now establish their central lace in multilicative number theory. Proosition 10. If an integer n > 1 is comosite, then the smallest roer divisor of n is rime. Proof. Let d be the smallest roer divisor of n. If d had a roer divisor m, then m would be a divisor of n by Proosition 7 (1), and since 1 < m < d < n, m would be a roer divisor of n. Since m < d, this contradicts that d is the smallest roer divisor of n. Therefore d has no roer divisors, i.e., d is rime. Theorem 11. Every integer n > 1 is a roduct of rimes. Proof. By induction. Since 2 is rime, it is the roduct of a single rime, so the theorem holds for n = 2. Now suose it holds for all the integers from 2 u to n. If n + 1 is rime, the theorem holds for n + 1. If n + 1 is comosite, then by Proosition 10 it has a roer rime divisor. Write n + 1 = m. Since 1 < < n + 1, it follows that 2 m n. By the induction hyothesis m is a roduct of rimes, and therefore so is m = n + 1. Examle = 2 42 = = We see that the rimes are the multilicative building blocks of Z, and therefore it is natural to study them as a distinguished set. One natural question to ask is how many rimes are there? Theorem 13. (Euclid) There are infinitely many rimes. Proof. Let S be any nonemty finite set of rimes. Consider the integer n = 1 + S.

5 If n is rime, then since n is larger than any element of S, n / S. If n is comosite, then by Proosition 10 it has a rime divisor q. Notice that q / S, for if q were an element of S, then it would divide n 1 = S, and then by Proosition 7 (2) it would divide 1 n + ( 1) (n 1) = 1, a contradiction. We see that in all cases, there is a rime that lies outside S. It follows that no finite set of rimes contains every rime, and thus the set of rimes is infinite. Let us now consider the roblem of identifying the rimes among the ositive integers. Suose we start from the very definition of a rime: an integer n > 1 with no roer divisor. We can immediately see a way to determine whether a ositive integer n is rime: search for roer divisors of n. If we find one then n is comosite, and if we do not then n is rime. Since a roer divisor d of n satisfies 1 < d < n, we know that this algorithm will involve no more than n 2 stes. Now that we have an algorithm, let us consider how to make it more efficient. First of all, let us note the obvious fact that the algorithm need not involve n 2 stes for every n; indeed, if we find a roer divisor of n we may sto immediately and conclude that n is not rime. In general, then, the efficiency of our algorithm will deend artly uon our testing the integers that are most likely to be divisors of n first. Fortunately this is not difficult to do; since one half of the ositive integers are divisible by 2, one third of the ositive integers are divisible by 3 and so on, it makes sense to test the integers in increasing order. Note that if n is not rime and we search in this way, we will automatically find the smallest roer divisor d of n first. Recall that d is rime by Proosition 10; it also has the following imortant roerty. Proosition 14. If n is comosite and d is the smallest roer divisor of n, then d n. Proof. Consider the alternative. Combining Proositions 10 and 14 and our discussion above, we obtain the following rimality test. Algorithm 15. (for determining whether n > 1 is rime) Search for divisors of n among the rimes n, in increasing order beginning with 2. If a divisor is found, we conclude that n is comosite and sto the search. If a divisor is not found, we conclude that n is rime. Examle is rime since 113 = and 113 is not divisible by 2, 3, 5 or 7.

6 Not a bad test; we don t need to check all the integers from 2 u to n 1 for divisors, only the rimes u to n. However, there is something about our rimality test that may bother you: to use it to test the rimality of n, we need to have a list of the rimes n. How does one find such a list? It turns out that we have an efficient way to do so, and for this we may thank the ancient Greek Eratosthenes. Algorithm 17. (Sieve of Eratosthenes, for finding all the rimes m) List the integers from 2 to m, then aly the following iterative rocedure to this list. The integers not eliminated in this rocess are the rimes m. (1) Determine the smallest integer in the list that is not circled. (2) If > m, sto. If m, circle it and eliminate all other multiles of from the list, then go back to ste (1). Proof that Algorithm 17 works. First, it is clear that in the algorithm only comosite numbers are eliminated. Let us now show that the circled numbers are all rimes. We do this by induction. If there is a circled integer, then clearly 2 is the smallest such, and it is rime. Now suose that the first k circled integers are rimes. The sieve eliminated all of the multiles of these k rimes (excet themselves); hence the (k + 1)st circled integer is not divisible by any of the rimes that are smaller than it, and is therefore rime itself by Proosition 10. Finally, what about the remaining uncircled numbers? They remain because they are not multiles of any of the circled rimes, which as we have seen are all the rimes m; by Proositions 10 and 14, then, the remaining numbers are also rime.

7 COMMON DIVISORS Consider the following roblem: we wish to tile a rectangular floor that is 12 feet by 18 feet. For ease of cutting we wish to use tiles that are square, of uniform size, and have integral side length s (in feet). And to minimize the amount of cutting, we would like to minimize the number of tiles used. How shall we do this? Since we are using tiles of uniform size, it is clear that this is equivalent to finding the largest usable tile. If we use a rows and b columns of tiles, then, we have the following relationshis: sa = 18 and sb = 12. These imly that s is a divisor of both 18 and 12, so the maximal s is the largest integer that is a divisor of both 18 and 12, namely 6. Definition 18. If a, b and d are integers, we say that d is a common divisor of a and b if d a and d b. If a and b are not both zero, the greatest common divisor (gcd) of a and b is denoted by (a, b). Examle 19. The set of ositive divisors of 20 is {1, 2, 4, 5, 10, 20}, and the set of ositive divisors of 35 is {1, 5, 7, 35}. The set of ositive common divisors of 20 and 35 is {1, 5}, and so (20, 35) = 5. Examle 20. If r is a ositive integer, then (r, 0) = r since r is the greatest divisor of r and every integer is a divisor of zero. Comuting the gcd of two ositive integers can always be done in a straightforward way: find the ositive divisors of each, then identify the largest integer that aears in both lists. For large numbers, however, this rocedure can become quite unwieldy - for examle, 2310 has 32 ositive divisors and 1092 has 24. We might hoe for a quicker way to find (2310, 1092), and indeed, Euclid discovered a method for finding (a, b) which has not been significantly imroved to this date. The basis of this method is the following familiar fact. Algorithm 21. (Division Algorithm) Let a and b be integers with a > 0. Then there exist unique integers q and r such that and 0 r < a. b = qa + r Proof. Let q = b/a (recall that if t R, t denotes the largest integer that is less than or equal to t). Since (b/a) 1 < b/a b/a,

8 it follows that 0 = b a(b/a) b qa < b a((b/a) 1) = a, so let r = b qa. For uniqueness, suose b = q 1 a + r 1 = q 2 a + r 2 with 0 r 1, r 2 < a. Without loss we may assume that r 1 r 2. The equality of our two exressions for b yields a(q 1 q 2 ) = r 2 r 1, which imlies that a (r 2 r 1 ). Since 0 r 2 r 1 < a, it follows that r 2 r 1 = 0. Then our last dislayed equation gives a(q 1 q 2 ) = 0, and since a 0, it must be that q 1 q 2 = 0. Examle 22. If we divide a = 7 into b = 38, we get a quotient of q = 5 and a remainder of r = 3. Euclid s algorithm combines the Division Algorithm and the following result. Proosition 23. Let a, b and r be as in the Division Algorithm. Then (a, b) = (a, r). Proof. By definition (a, b) divides a and b. Since r = 1 b + ( q) a, Proosition 7 (2) tells us that (a, b) divides r. Hence (a, b) is a common divisor of a and r, and thus (a, b) (a, r). On the other hand, (a, r) divides a and r, and since b = q a+1 r, (a, r) divides b by Proosition 7 (2). Hence (a, r) is a common divisor of a and b, and therefore (a, r) (a, b). We conclude that (a, b) = (a, r). Algorithm 24. (Euclidean Algorithm) Let a and b be ositive integers with a < b. By the Division Algorithm we have b = q 1 a + r 1 with 0 r 1 < a. If r 1 0, we find by the Division Algorithm a = q 2 r 1 + r 2 with 0 r 2 < r 1. For i 2, if r i 0 the Division Algorithm gives r i 1 = q i+1 r i + r i+1 with 0 r i+1 < r i. Since the r i form a decreasing sequence of nonnegative integers, it must be that r k = 0 for some k 1. If k = 1 Proosition 23 yields (a, b) = (a, r 1 ) = (a, 0) = a,

9 while if k > 1 it yields (a, b) = (a, r 1 ) = (r 1, r 2 ) = = (r k 1, r k ) = (r k 1, 0) = r k 1. Examle 25. (1092, 2310) = (1092, 126) = (126, 84) = (84, 42) = (42, 0) = 42 Notice that the Euclidean Algorithm allows us to find the gcd of two integers without first finding any divisors of either one. Moreover, as a byroduct of the algorithm we can write (a, b) as a linear combination of a and b. Proosition 26. If a and b are ositive integers, then there exist integers m and n such that (a, b) = ma + nb. Examle 27. Referring to Examle 25, the division that roduced the gcd of 42 as remainder tells us that 42 = , while the receding divisions gave us Then 84 = and 126 = = 126 ( ) = = 9( ) 1092 = Proosition 28. Given ositive integers a and b, let S = {xa + yb x, y Z} and T = {(a, b)c c Z}. Then S = T, i.e., the set of linear combinations of a and b is equal to the set of multiles of (a, b). Proof. Let s S. Then s = xa + yb for some x, y Z. Since (a, b) is a divisor of a and b, s is divisible by (a, b) by Proosition 7 (2), and thus s T. Now let t T. Then t = (a, b)c for some c Z. By Proosition 26 there exist m, n Z such that (a, b) = ma + nb. Hence and thus t S. t = (a, b)c = (ma + nb)c = (cm)a + (cn)b,

10 UNIQUE FACTORIZATION We roved earlier (Theorem 11) that every integer n > 1 can be written as a roduct of rimes. Our aim now is to show that this exression is unique - that is, one always obtains the same rime factors no matter what ath one takes to a rime factorization of a number. For examle: 90 = 3 30 = = We require one reliminary result. 90 = 5 18 = = Proosition 29. Let a, b Z. If is rime and ab, then a or b. Proof. Since ab, ab = q for some q Z. Suose a. Then (a, ) = 1, so by Proosition 26 we can find integers m and n such that ma + n = 1. Then b = b 1 = b(ma + n) = (ab)m + bn = (q)m + bn = (qm + bn), and therefore b. Theorem 30. The rime factorization of an integer n > 1 is unique u to ordering of the rime factors. Proof. Suose n = 1 2 k = q 1 q 2 q l with 1,..., k and q 1,..., q l rime. We may assume without loss of generality that k l. Then 1 q 1 (q 2 q l ) (note that the roduct q 2 q l could be emty, and thus equal to 1), so by Proosition 29, 1 q 1 (in which case 1 = q 1 ) or 1 q 2 q l. Assuming the latter holds, it must be that l 2, and by the same argument as above we then conclude that 1 = q 2, or l 3 and 1 q 3 q l. By exhaustion we find that 1 = q i for some 1 i l. Canceling these, we find that l 2 k = j=1, j i If k 2, we may reeat our argument to show that 2 = q j for some j i; canceling these and continuing in this fashion we eventually eliminate all the s, leaving the left hand roduct as 1. It follows that at this oint all of the qs must have been canceled as well (else the roduct of the remaining qs would be > 1). Thus the two factorizations are the same u to ordering of the rime factors. q j

11 Definition 31. If m is a ositive integer and is a rime, define v (m) to be the highest ower of that divides m (this is a well-defined notion by Theorem 30). Notice that m = rime v(m), and that v (m) = 0 for all but finitely many rimes. We worked hard to rove the uniqueness of rime factorizations, a result that is robably quite familiar to you. In fact, it may be so familiar as to seem trivial. Is it? The answer to this question is no, in the following sense: there are number systems very similar to the integers in which factorization into rimes is not unique. Examle 32. Consider the commutative ring Z[ 6] = {a + b 6 a, b Z} (note that this is a subset of C since we may set 6 = 6i). In this number system 2 and 5 are rimes in the sense that they have no nontrivial divisors (for examle, the only divisors of 2 are ±1 and ±2), and so are and 2 6. The fact that 2 5 = 10 = (2 + 6)(2 6) shows that we do not have unique factorization in Z[ 6]. Thinking back to our roof of Theorem 30, if we tried to use the same argument to rove that Z[ 6] has unique factorization, the art that would fail is the one involving Proosition 29. The analog of this result does not hold in Z[ 6], as our examle shows - note that desite the fact that 2 has no nontrivial divisors in Z[ 6] and is a divisor of the roduct (2 6)(2+ 6), it is clearly not a divisor of either factor. Unique factorization allows us to rove the irrationality of many real numbers. Proosition is an irrational number. Proof. Suose 7 were rational. Then 7 = a b for some integers a and b. It follows that a 2 = 7b 2. Then v 7 (a 2 ) = v 7 (7b 2 ), but v 7 (a 2 ) = 2v 7 (a) is even and v 7 (7b 2 ) = 1 + 2v 7 (b) is odd, a contradiction.

12 The roof of the receding roosition generalizes easily to yield the following result. Theorem 34. Suose b and m are ositive integers with m > 1. If b is not the mth ower of an integer, then the real mth root of b is irrational. Examle /3 and 27 are irrational.

13 CONGRUENCES We develo here the language of congruences, which is extremely useful when discussing number theoretic questions. Definition 36. Let a, b and m be integers with m > 0. We say that a is congruent to b modulo m if m (a b), and in this case we write a b (mod m). Examle (mod 5) since 23 8 = 15 and 15 = (mod 8) since 53 ( 3) = 56 and 56 = (mod 7) since 7 28 Note that the integers congruent to 0 modulo m are those that are multiles of m. More generally, suose a is a ositive integer and we get a remainder of r uon dividing m into a (i.e., a = qm + r in the notation of the Division Algorithm). Then since a r = qm, we have that m a r, and thus a r (mod m). For examle, since dividing 497 by 5 gives a remainder of 2, (mod 5). Examle 38. The integers that are congruent to 0 modulo 3 are those congruent to 1 modulo 3 are {..., 6, 3, 0, 3, 6,... }, {..., 5, 2, 1, 4, 7,... }, and those congruent to 2 modulo 3 are {..., 4, 1, 2, 5, 8,... }. The sets shown above are sometimes called the congruence classes (or residue classes) modulo 3; note that every integer is congruent to 0, 1 or 2 modulo 3. In general, modulo m every integer is congruent to exactly one element of the set {0, 1, 2,..., m 1} (as er our discussion above, this is a consequence of the Division Algorithm since these are the ossible remainders on dividing by m). We often choose these m numbers, which are called the least residues, as reresentatives of the congruence classes modulo m (of course, we could also choose other sets, such as {1, 2,..., m}). When we work modulo m we consider integers a and b to be the same if a b (mod m) - as a result we end u dealing with a finite set. For examle, with hours in standard time we work modulo 12 and use the reresentatives {1, 2, 3,..., 12}, while with minutes we work modulo 60 and use the reresentatives {0, 1, 2,..., 59}. We now show that one can erform arithmetic modulo m, and that this is consistent with the usual arithmetic in Z.

14 Proosition 39. Suose a, b, c, d and m are integers with m > 0. If a c (mod m) and b d (mod m), then a + b c + d (mod m) and ab cd (mod m). Proof. Since a c (mod m) and b d (mod m), we know that m (a c) and m (b d). Then by Proosition 7 (2), m is a divisor of 1 (a c) + 1 (b d) = (a + b) (c + d), and so a + b c + d (mod m). Moreover, Proosition 7 (2) also tells us that m is a divisor of and therefore ab cd (mod m). b (a c) + c (b d) = ab cd, Proosition 39 imlies that the congruence classes modulo m form a commutative ring under the addition and multilication induced from Z. This ring is denoted Z/mZ. Examle 40. Suose we wish to know what the least residue of is modulo 10. One way to do this is to multily these numbers together and find the least residue of the result. Another way is to find the least residues of the factors first, then use Proosition 39: (mod 10) and (mod 10), so (mod 10). Examle 41. Suose we wish to calculate the least residue of modulo 7. Rather than actually comuting (which has hundreds of digits), we can simly note that and then by Proosition 39, 4 3 = 64 1 (mod 7), = = (4 3 ) (mod 7). We see that modular arithmetic is often easier than the usual arithmetic in Z since there are only m congruence classes modulo m and we may choose a small reresentative of each class (for examle, one lying in {0, 1,..., m 1}). Another way that modular arithmetic differs is that while there are only two units in Z (namely 1 and 1), there can be many more units in Z/mZ. For examle, there is no

15 integer a such that 5a = 1, but modulo 7 we have that 5 3 = 15 1 (mod 7). Proosition 42. Let a and m be integers with m > 0. There exists an integer b such that ab 1 (mod m) if and only if (a, m) = 1. Proof. Suose that (a, m) = 1. By Proosition 26 there exist integers b and n such that ab + mn = 1. Then ab = 1 mn 1 0 n 1 (mod m). Now suose there exists an integer b such that ab 1 (mod m). Then m ab 1, so ab 1 = km for some integer k. Since (a, m) is a common divisor of a and m, by Proosition 7 (2), (a, m) is a divisor of Thus (a, m) = 1. b a + ( k) m = 1. Corollary 43. If ax ay (mod m) and (a, m) = 1, then x y (mod m). Proof. Since (a, m) = 1, by Proosition 42 there is an integer b such that ab 1 (mod m). Then x = 1 x (ab)x b(ax) b(ay) (ab)y 1 y y (mod m). Thus we may cancel a common factor a from a congruence modulo m if (a, m) = 1. Notice that we may NOT necessarily cancel if (a, m) > 1; for examle, (mod 15) even though 8 3 (mod 15). Definition 44. If a and m are integers, we say that a and m are corime, or relatively rime, if (a, m) = 1. We have seen that there are exactly m distinct congruence classes modulo m. Let us now study the commutative ring Z/mZ further. Definition 45. For m > 1, let U(m) = {0 a m 1 (a, m) = 1}. The Euler hi function φ is defined by φ(m) = #U(m). Examle 46. U(6) = {1, 5}, U(11) = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} and U(12) = {1, 5, 7, 11}, so φ(6) = 2, φ(11) = 10 and φ(12) = 4. Proosition 47. If is rime, then φ() = 1.

16 Proof. Since the only ositive divisors of are 1 and, { 1 if a, (a, ) = if a. Thus U() = {1, 2,..., 1}. We will now focus on the structure of the units in Z/mZ. We begin by roving two reliminary roositions. Proosition 48. Let a, b and m be integers with m > 0. If a b (mod m), then (a, m) = (b, m). Proof. Since a b (mod m), a b = km for some integer k. By definition (b, m) divides b and m, so by Proosition 7 (2), (b, m) divides b+km = a. Hence (b, m) is a common divisor of m and a, and therefore (b, m) (a, m). On the other hand, (a, m) is a divisor of a and m, and so Proosition 7 (2) tells us that (a, m) divides a km = b. Since (a, m) is a common divisor of m and b, it follows that (a, m) (b, m). Notice that by Proositions 42 and 48, the elements of U(m) are reresentatives for the units of Z/mZ. Proosition 49. Let a, b and c be ositive integers. (1) If (a, b) = (a, c) = 1, then (a, bc) = 1. (2) If a c, b c and (a, b) = 1, then ab c. (3) If a bc and (a, b) = 1, then a c. Proof. (1) By contraositive. Suose (a, bc) = d > 1. Then d has a rime divisor by Theorem 11. Since d and d a and d bc, we have that a and bc by Proosition 7 (1). The latter yields that b or c by Proosition 29, and combining this with a we conclude that (a, b) > 1 or (a, c) > 1. (2) Since a c, c = ka for some integer k. Moreover, by Proosition 26 there exist integers m and n such that ma + nb = 1. Then k = k 1 = k(ma + nb) = (ka)m + knb = cm + knb. Clearly b b, and since b c, it follows by Proosition 7 (2) that b k. Then k = bl for some integer l, which yields c = ka = (bl)a = l(ab). (3) Since a bc and (a, b) = 1, there exist integers k, m and n such that bc = ak and ma + nb = 1. Then c = c(ma + nb) = cma + nbc = cma + nak = a(cm + nk).

17 Proosition 50. If a and m are integers with m > 1 and (a, m) = 1, then there is a ositive integer s φ(m) such that a s 1 (mod m). Proof. Consider the integers a, a 2, a 3,..., a φ(m)+1. Since (a, m) = 1, (a n, m) = 1 for any n 1 by Proosition 49 (1). Hence the list above consists of φ(m) + 1 integers, each corime to m. By Proosition 48 the least residues of these are in the set U(m), and since U(m) has φ(m) elements, these owers of a cannot all be distinct modulo m. So a j a i (mod m) for some 1 i < j φ(m) + 1. By Corollary 43, then, a j i 1 (mod m). Definition 51. If a and m are corime integers with m > 1, we call the smallest ositive integer t such that a t 1 (mod m) the order of a modulo m. Examle 52. The order of 3 modulo 11 is 5 since (mod 11), (mod 11), (mod 11), (mod 11), (mod 11). Proosition 53. Suose a and m are integers with m > 1 and (a, m) = 1. If s is a ositive integer such that a s 1 (mod m), then the order of a modulo m divides s. Proof. Denote by t the order of a modulo m. By the Division Algorithm we obtain s = qt + r with 0 r < t. Then 1 a s a qt+r (a t ) q a r 1 q a r a r (mod m). Since r < t, by the definition of order we conclude that r = 0, and therefore t s. Theorem 54. (Fermat) If m > 1 and (a, m) = 1, then a φ(m) 1 (mod m). Proof. Consider the set of φ(m) congruence classes modulo m reresented by the elements of U(m). By Corollary 43 the φ(m) integers {an n U(m)} also reresent φ(m) distinct congruence classes modulo m, and since (an, m) = 1 for n U(m) by Proosition 49 (1), it follows that they

18 reresent the same congruence classes as the elements of U(m). Therefore n an a φ(m) n (mod m), n U(m) n U(m) n U(m) and uon canceling the common factors (via Corollary 43) we find that a φ(m) 1 (mod m). Corollary 55. If m > 1 and (a, m) = 1, then the order of a modulo m divides φ(m). Examle 56. Suose we want to know the order of 5 modulo 257. Since 5 and 257 are rime and 5 257, we know that this order exists and is a divisor of φ(257) = 256 = 2 8. Since the ositive divisors of 2 8 are 1, 2, 2 2,..., 2 8, to find the order of 5 we need only comute (mod 257), 5 4 = (5 2 ) 2 = (mod 257), (mod 257), (mod 257), (mod 257), (mod 257), (mod 257), from which we conclude that 5 has order 256 modulo 257. Corollary 57. If is rime and a, then a 1 1 (mod ). Corollary 58. If is rime and a is any integer, then a a (mod ). We end this section by considering the question of simultaneous congruences. Theorem 59. (Chinese Remainder Theorem) Suose m 1, m 2,..., m r are ositive integers such that (m i, m j ) = 1 if i j. Let a 1, a 2,..., a r be any integers, and write m = m 1 m 2 m r. Then there exists an integer x such that x a i (mod m i ) for every 1 i r. Moreover, for any integer y satisfying these congruences, y x (mod m). Proof. For each 1 j r, m/m j is an integer, and by Proosition 49 (1), (m/m j, m j ) = 1. Then by Proosition 42 there is an integer b j such that (m/m j )b j 1 (mod m j ). Let r x = (m/m j )b j a j. j=1

19 Since m/m j is divisible by m i if i j, we have that (m/m j )b j a j 0 b j a j 0 (mod m i ). It follows that for every 1 i r, x (m/m i )b i a i + j i (m/m j )b j a j 1 a i + j i 0 a i (mod m i ). Finally, if y is any solution of the stated congruences, then x y (mod m j ), and hence m j (y x), for all 1 j r. By Proosition 49 (2) it follows that m (y x), and thus y x (mod m).

20 POLYNOMIALS Some of the most famous roblems in number theory are stated in terms of olynomials. Perhas the most renowned of all, and which remained unsolved for over 300 years, is known as Fermat s Last Theorem. Theorem 60. (Wiles) If x, y and z are ositive integers and n 3, then x n + y n z n. There are many techniques for studying integer solutions of olynomial equations; we illustrate some here. Examle 61. The equation x 2 + 5y 2 = 2 has no integer solutions because for any x, y Z the LHS (left hand side) is nonnegative. The same argument shows that this equation also has no real solutions. Examle 62. The equation x 2 + 5y 2 = 2 has no integer solutions. To see this, notice first that if x, y Z, then LHS 5y 2 5 whenever y 0. Hence any solution would have y = 0, but this leaves x 2 = 2, which has no integer solution. While it has no integer solutions, this equation does have infinitely many real solutions (the grah of these solutions is an ellise). Examle 63. The equation x 2 5y 2 = 2 has no integer solutions. To see this notice that if x, y Z, then LHS x 2 (mod 5). Now, (mod 5), (mod 5), (mod 5), (mod 5), (mod 5), and since every integer is congruent modulo 5 to exactly one element of {0, 1, 2, 3, 4}, it follows that x 2 cannot be congruent to 2 modulo 5. This equation has infinitely many real solutions (grah is a hyerbola). Examle 64. The equation x 2 + 5y 2 = 1 has exactly two integer solutions, namely (x, y) = (±1, 0) since LHS 5y 2 5 if y 0, so any integer solution has y = 0, leaving x 2 = 1. Examle 65. The equation x 2 5y 2 = 1 has infinitely many integer solutions. To see this note first that (x, y) = (9, 4) is an integer solution. Factoring the LHS gives (x y 5)(x + y 5) = 1, and so (9 4 5)( ) = 1. For each n 1, define a n, b n Z by ( ) n = a n + b n 5.

21 Then (9 4 5) n = a n b n 5, and since 1 = 1 n = [( )(9 5)] n = (a n + b n 5)(an b n 5) = a 2 n 5b 2 n, we find that (x, y) = (a n, b n ) is an integer solution of our equation for every n 1. One can check that a n+1 > a n for every n 1, and from this it follows that {(a n, b n )} n 1 is an infinite set of integer solutions. For examle, ( ) 2 = , and so (x, y) = (a 2, b 2 ) = (161, 72) is a solution. Perhas the most widely known olynomial equation is that arising in the Pythagorean Theorem: x 2 + y 2 = z 2. Let us now study this equation. Notice first that (x, y, z) is an integer solution of this equation with z 0 (called a Pythagorean trile) if and only if (x/z, y/z) is a oint with rational coordinates (i.e., a rational oint) on the unit circle X 2 +Y 2 = 1. We now use a geometric argument to show that one can arametrize the rational oints on the unit circle (and thus also the Pythagorean triles). Consider a line through the oint ( 1, 0) with rational sloe µ. Its equation is Y = µ(x + 1), and such a line intersects the unit circle in a second oint. To see what this other oint is, we substitute to get 1 = X 2 + [µ(x + 1)] 2, which yields 0 = (µ 2 + 1)X 2 + 2µ 2 X + (µ 2 1) = (X + 1)[(µ 2 + 1)X + (µ 2 1)]. The second oint of intersection is thus ( ) 1 µ 2 (X, Y ) = 1 + µ, 2µ, µ 2 and hence every µ Q gives rise to a rational oint on the unit circle distinct from ( 1, 0). Moreover, if (α, β) ( 1, 0) is a rational oint on the unit circle, then the line through it and ( 1, 0) has sloe β/(α+ 1), a rational number. It follows that every rational oint on the unit circle (excet ( 1, 0)) has the form given in the last dislayed equation for some µ Q. Letting µ = a/b in our receding discussion, we find: Theorem 66. Every Pythagorean trile (x, y, z) with y even has the form x = b 2 a 2, y = 2ab, z = a 2 + b 2 with a, b Z.

22 For the rest of this section we focus on olynomials in one variable. Let Z[x] denote the set of olynomials in the variable x with coefficients in Z. We consider quadratic olynomials first. Proosition 67. Let be rime, x Z. Then x 2 1 (mod ) if and only if x ±1 (mod ). Proof. Using Proosition 29, x 2 1 (mod ) (x 2 1) (x 1)(x + 1) (x 1) or (x + 1) x 1 (mod ) or x 1 (mod ) Theorem 68. (Wilson s Theorem) If is rime, then ( 1)! 1 (mod ). Proof. One can easily check that the theorem is true if = 2 or = 3, so let us assume that 5. Given 1 a 1 we have that (a, ) = 1, so by Proosition 42 there is a b Z such that ab 1 (mod ). And by Proosition 67, b a (mod ) if and only if a ±1 (mod ), i.e. a = 1 or a = 1. Therefore, in the roduct ( 1)! we may air each 2 a 2 with its multilicative inverse and multily them (giving 1 modulo ). It follows that ( 2 ) ( 1)! = 1 a ( 1) 1 1 ( 1) 1 (mod ). a=2 Examle 69. If = 7, 6! = 1 (2 4) (3 5) (mod 7). Our next result concerns the existence of an analog of the comlex number i in the integers modulo. Proosition 70. Let be a rime. There is an integer x such that x 2 1 (mod ) if and only if = 2 or 1 (mod 4). Proof. If = 2 we may take x = 1. Now consider the case where is odd. Suose 1 (mod 4). Then 4 1, so 1 = 4k for some k Z. Using Theorem 68, 1 ( 1)! [ ] [ ] ( 2) ( 1)

23 2 j 1 j=1 ( 1) ( j) 1 j=1 2 j 2 ( 1) 2k j=1 2 j( j) 1 j=1 1 j=1 2 ( j 2 ) 1 j= j 2 j j=1 2 (mod ), which shows we have a solution when 1 (mod 4). Now suose that we have an integer solution x. Note that x, since x imlies that x 0 (mod ) and x 2 0 (mod ). Therefore ( 1) 1 2 (x 2 ) 1 2 x 1 1 (mod ) by Corollary 57. Since is odd, 2 and hence 1 is not congruent to 1 modulo. It follows that ( 1)/2 is even, and therefore 1 (mod 4). We have just seen that the question of whether the congruence x 2 1 (mod ) has an integer solution naturally artitions the odd rimes into congruence classes (namely 1 and 3) modulo 4. Moreover, Proosition 70 imlies that x is never equal to a rime that is congruent to 3 modulo 4 when x is an integer. Here is an interesting oen question in number theory: Is x rime for infinitely many integer values of x? In fact, there is no olynomial in Z[x] of degree at least two which has been roven to be rime for infinitely many integer values of x. We now exand our view to olynomials of higher degree. In our roof of the next result we use the well-ordering rincile, which states that any nonemty set of integers that is bounded below has a least element. We also recall that a olynomial is called monic if its leading coefficient is 1. Algorithm 71. (Division Algorithm for olynomials) Given nonconstant f(x), g(x) Z[x] with f(x) monic, there exist unique q(x), r(x) Z[x] such that g(x) = q(x)f(x) + r(x) with r(x) = 0 or deg(r(x)) < deg(f(x)). Proof. For the existence of q(x) and r(x), let S = {g(x) h(x)f(x) h(x) Z[x]}. If 0 S, then there exists q(x) Z[x] such that g(x) = q(x)f(x). Now suose 0 / S.

24 Let D be the set of integers consisting of the degrees of the elements of S. Then D is a nonemty (since it contains the degree of g(x), for examle) set of nonnegative integers. Since D is bounded below by 0, it has a least element by the well-ordering rincile. Let r(x) be an element of S of minimal degree. Then r(x) = g(x) q(x)f(x) for some q(x) Z[x]. We claim that deg(r(x)) < deg(f(x)). To see this, observe that if deg(r(x)) deg(f(x)) and we denote the leading coefficient of r(x) by c, then g(x) [ q(x) + c x deg(r(x)) deg(f(x))] f(x) is an element of S whose degree is less than deg(r(x)), a contradiction. For uniqueness, suose g(x) = q 1 (x)f(x) + r 1 (x) = q 2 (x)f(x) + r 2 (x) with r 1 (x) = 0 or deg(r 1 (x)) < deg(f(x)) and r 2 (x) = 0 or deg(r 2 (x)) < deg(f(x)). Then r 1 (x) r 2 (x) = (q 2 (x) q 1 (x))f(x). Since it cannot be the case that deg(r 1 (x) r 2 (x)) deg(f(x)), it follows that q 2 (x) q 1 (x) = 0, which in turn imlies that r 1 (x) r 2 (x) = 0. Given integers a and m with m > 0 and f(x) Z[x], we say that a is a root of f modulo m if f(a) 0 (mod m). For examle, 4 is a root of f(x) = x 2 3x + 12 modulo 5 since f( 4) = 40 0 (mod 5). Note that while f(1) = 10 0 (mod 5), we do not consider 4 and 1 to be distinct roots of f modulo 5 since 4 1 (mod 5). Theorem 72. If is rime and f(x) Z[x] is a nonconstant monic olynomial, then f has no more than deg(f(x)) distinct roots modulo. Proof. By induction on the degree of f. If deg(f(x)) = 1, then f(x) = x a for some a Z. Clearly this has exactly one root, namely x a (mod ). Now suose that for some n 1 the result holds for all nonconstant monic olynomials of degree n, and let f be a monic olynomial of degree n + 1. If f has no roots modulo the result certainly holds for f, so let us assume that there is an integer a such that f(a) 0 (mod ). By the Division Algorithm, f(x) = (x a)q(x) + r(x)

25 with r(x) = 0 or deg(r(x)) < deg(x a). Then r(x) = r Z, and since f(a) = r(a) = r and f(a) 0 (mod ), we have that r 0 (mod ). Now, since x a and f(x) are monic, so is q(x). Next, since x a has degree one, deg(q(x)) = deg(f(x)) 1 = n, and moreover q(x) is nonconstant since n 1. By the induction hyothesis it follows that q(x) has less than deg(f(x)) roots modulo. To conclude note that for any b Z, so by Proosition 29, f(b) 0 f(b) = (b a)q(b) + r (b a)q(b) (mod ), (mod ) (b a)q(b) (b a) or q(b) b a (mod ) or q(b) 0 (mod ). Thus f has deg(f(x)) roots modulo. Examle 73. The assumtion that is rime is crucial in Theorem 72. For examle, the degree two olynomial x 2 1 has four roots modulo 8 (namely 1, 3, 5 and 7), and has eight roots modulo 24. Proosition 74. Suose is an odd rime, a Z and a. Then x 2 a (mod ) has zero or two solutions modulo. Proof. If there are no solutions we are done, so from now on suose there exists x Z such that x 2 a (mod ). Then x is also a solution. Next note that since a, we have that a 0 (mod ). This imlies that x 0 (mod ), i.e. x, and since is odd we also have that 2. By Proosition 29 it follows that 2x = x ( x), and hence x and x are not congruent modulo. Thus there are at least two solutions modulo, and we conclude by noting that Theorem 72 imlies that there are at most two solutions modulo. We now endeavor to use our results on olynomials to describe the structure of the set of units of Z/Z when is a rime. Recall that by Proositions 42 and 47 the congruence classes reresented by {1, 2,..., 1} are the units of Z/Z. Definition 75. If a and m are integers with m > 1 and (a, m) = 1, we say that a is a rimitive root modulo m if a has order φ(m) modulo m. Notice that by Proosition 50, φ(m) is the maximal order that an integer can have modulo m. Examle is a rimitive root modulo 7 since it has order φ(7) = 7 1 = 6: (mod 7), (mod 7), (mod 7),

26 3 4 4 (mod 7), (mod 7), (mod 7). One can also check that 2 has order 6 modulo 9. Since φ(9) = 6, it follows that 2 is a rimitive root modulo 9. There is no rimitive root modulo 8; here φ(8) = 4, and one can check that each element of U(8) = {1, 3, 5, 7} has order 1 or 2. If a is a rimitive root modulo a rime, one can show that each congruence class in {1, 2,..., 1} is a ower of a, i.e., the ositive owers of a run through all of the nonzero congruence classes modulo. More generally, if a is a rimitive root modulo m, then the ositive owers of a run through all the congruence classes reresented by the elements of U(m). We have seen that rimitive roots exist for some moduli but not others. Let us now focus on the question of the existence of a rimitive root. We begin with a reliminary result which shows that one can sometimes find integers with larger orders using integers with smaller orders. Proosition 77. Suose a, b and m are integers with m > 1 and (a, m) = (b, m) = 1. If a has order k modulo m, b has order l modulo m and (k, l) = 1, then ab has order kl modulo m. Proof. By Proosition 49 (1) we have that (ab, m) = 1, so ab has an order modulo m by Proosition 50; denote this order by t. Now, (ab) kl = a kl b kl = (a k ) l (b l ) k 1 l 1 k 1 so t kl by Proosition 53. Next note that (mod m), b kt = 1 t b kt (a k ) t (b kt ) (ab) kt = ((ab) t ) k 1 k 1 (mod m), so by Proosition 53, l kt. And since (k, l) = 1, it follows by Proosition 49 (3) that l t. Moreover, by considering a lt instead of b kt, an exactly analogous argument shows that k t. Then since (k, l) = 1, Proosition 49 (2) tells us that kl t. As we showed earlier that t kl, it must be that t = kl. Theorem 78. If is rime, then there exists a rimitive root modulo. Proof. If = 2, then a = 1 is a rimitive root modulo. Assume from now on that is odd. We claim first that if d ( 1) and d > 0, then x d 1 (mod ) has exactly d solutions modulo. To see this, write 1 = de. Since y e 1 = (y 1)(y e 1 + y e y + 1),

27 by letting y = x d we obtain x 1 1 = x de 1 = (x d 1)(x d(e 1) + x d(e 2) + + x d + 1). By Corollary 57, x 1 1 has 1 roots modulo. And by Theorem 72, x d(e 1) has at most d(e 1) = ( 1) d roots. Proosition 29 then imlies that x d 1 has at least d roots modulo, and by Theorem 72 it therefore has exactly d roots modulo. For each rime divisor q of 1, define α(q) := q vq( 1). By what we have just shown, x α(q) 1 has α(q) roots modulo. Moreover, x α(q)/q 1 has α(q)/q roots modulo, and each of these is also a root of x α(q) 1. Thus x α(q) 1 has α(q) (α(q)/q) roots that are not roots of x α(q)/q 1. Now, by Proosition 53 the roots of x s 1 modulo are those elements whose order modulo is a divisor of s. Since the only divisor of α(q) that is not also a divisor of α(q)/q is α(q) itself, we have shown the existence of α(q) (α(q)/q) elements of order α(q). To finish the roof, for each rime divisor q of 1, let β q be an integer whose order modulo is α(q). Then by Proosition 77, q ( 1) β q has order q ( 1) α(q) = 1.

28 PSEUDOPRIMES Recall that we have a way of testing whether an integer n > 1 is rime (Algorithm 15). Since we have a rimality test, our goal should now be to find the most efficient rimality test ossible. Notice that Corollary 57 gives a necessary condition for n to be rime: if n is rime, it must be the case that a n 1 1 (mod n) for any integer a such that n a. Thus Corollary 57 can be used to rove that a number is comosite. For examle, suose we wanted to rove that 91 is comosite. One way would be to exhibit a roer divisor of 91. Another way is to note that 2 91 and (mod 91) - it then follows from Corollary 57 that 91 is not rime. This second method of roof that 91 is comosite might seem a bit strange and indirect. However, its indirectness is its strength; indeed, notice that it allowed us to rove that 91 is comosite WITHOUT FINDING A PROPER DIVISOR OF 91. Finding a roer divisor is not a big issue if the integer of interest is 91, of course, but it might be if the only roer divisors of the integer you are dealing with are two 100-digit rimes (rather than 7 and 13). Note that we could take this same aroach for any odd integer n. The calculations (mod 9), (mod 15), (mod 21), (mod 25), (mod 27), (mod 33) show that our 2-test detects every odd comosite 33. This is very intriguing because, as we will now see, alying the 2-test is generally much quicker than using Algorithm 15. Definition 79. For any real number x, we denote by π(x) the number of rimes that are less than or equal to x. Examle 80. The first eight rimes are 2, 3, 5, 7, 11, 13, 17 and 19. Therefore π(10) = 4, π(13) = 6, π(14) = 6 and π(19) = 8. In the worst case, which is when n is rime, Algorithm 15 involves testing all of the rimes u to n for divisors. Thus, the test takes at most π( n) stes. How about our 2-test? We may imlement this test in an efficient way as follows. If n 1 = log 2 (n 1) j=0 a j 2 j (a j {0, 1}) is the binary exansion of n 1, by successive squaring we may comute the least residues of 2 2, 2 4 = (2 2 ) 2, 2 8 = (2 4 ) 2,..., 2 2 log 2 (n 1)

29 modulo n, and then use these residues along with the fact that 2 n 1 2 2j (mod n). j with a j =1 This entire rocess involves no more than 2 log 2 (n) multilications. If we comare π( n) to 2 log 2 (n) for increasingly large values of n, we see that the 2-test requires many fewer stes than Algorithm 15 as n grows: π( 10000) = 25, 2 log 2 (10000) = π( ) = 168, 2 log 2 ( ) = π( ) = 1229, 2 log 2 ( ) = The question, then, becomes Is the 2-test a rimality test? Unfortunately the answer is no ; for examle, 341 = and (mod 341), so 341 is a comosite that asses the 2-test. That was quick. Now, you might be thinking what is so secial about 2? The answer is nothing. Indeed, for any n such that 3 n we may subject n to a 3-test as well to try to determine whether n is comosite. Indeed, if we aly it to 341 we find that (mod 341), from which we may conclude that 341 is comosite by Corollary 57. Like the 2-test, the 3-test is not a rimality test; indeed, the smallest comosite that asses the 3-test is 91. However, we saw that the comosite 341, which asses the 2-test, does not ass the 3-test; also, the comosite 91 asses the 3-test, but does not ass the 2-test. Perhas the 2-test and 3-test together constitute a rimality test? Unfortunately this is not the case either; the comosite 1105 asses both the 2-test and the 3-test (it is the smallest such comosite). So we have not found another rimality test yet. Are we barking u the wrong tree? Perhas, or maybe we simly aren t working hard enough; after all, for a ositive integer n, Corollary 57 offers us an a-test for any integer a such that (a, n) = 1 (of course, since these tests involve comutations modulo n we may as well assume that 1 a n). And since each a-test is much more efficient (for large n) than Algorithm 15, it is conceivable that we could aly multile a-tests and still erform less comutations than in a single alication of Algorithm 15. Definition 81. If n is comosite and (a, n) = 1, we call n a seudorime to the base a if a n 1 1 (mod n). Examle is a seudorime to the base 2, and 91 is a seudorime to the base 3.

30 Examle 83. {341, 561, 645, 1105, 1387, 1729, 1905} is the set of all seudorimes to the base 2 that are 2000, {91, 121, 286, 671, 703, 949, 1105, 1541, 1729, 1891} is the set of all seudorimes to the base 3 that are 2000, and {4, 124, 217, 561, 781, 1541, 1729, 1891} is the set of all seudorimes to the base 5 that are We see from the last examle that the only comosite less than 2000 that asses the 2-test, the 3-test and the 5-test is Definition 84. A comosite integer n is called a Carmichael number if it is a seudorime to the base a for every integer a with (a, n) = 1. The question of whether a battery of a-tests constitutes a rimality test comes down to the question are there any Carmichael numbers, and if so, how many? For our goal of using Corollary 57 to create a new rimality test, this question has the worst ossible answer: not only do Carmichael numbers exist (561 is the smallest), but Alford, Granville and Pomerance have roven that there are infinitely many of them.

31 QUADRATIC RESIDUES We have seen some of the interesting asects of quadratic olynomials. We now develo language that will make discussion of this toic easier. Definition 85. Let a and m be integers such that m > 1 and a is corime to m. We say that a is a quadratic residue modulo m if there exists an integer x such that x 2 a (mod m); if no such x exists, we say that a is a quadratic nonresidue modulo m. Notice that by the very definition of quadratic residue, if a and b are integers such that (a, m) = 1 = (b, m) and a b (mod m), then a is a quadratic residue modulo m if and only if b is a quadratic residue modulo m. Examle 86. Since U(5) = {1, 2, 3, 4}, (mod 5), (mod 5), (mod 5) and (mod 5), 1 and 4 are the quadratic residues modulo 5, and 2 and 3 are the quadratic nonresidues modulo 5. And since U(6) = {1, 5}, (mod 6) and (mod 6), 1 is the only quadratic residue modulo 6. Examle 87. If is rime, then by Proosition 70, 1 is a quadratic residue modulo if and only if = 2 or 1 (mod 4). Proosition 88. Let be an odd rime. Then exactly ( 1)/2 of the integers {1, 2,..., 1} (i.e., exactly half of them) are quadratic residues modulo. Proof. Follows directly from Proosition 74. Definition 89. If ( is ) an odd rime and a is an integer, we define the a Legendre symbol by ( ) a 1 if a is a quadratic residue modulo, = 1 if a is a quadratic nonresidue modulo, 0 if a. By the ( definitions ) ( ) of quadratic residue and nonresidue, if a b (mod ), then =. a b Examle 90. By Examle 86, ( ) ( ) 1 2 = 1, = 1, 5 5 ( ) 3 = 1 and 5 ( ) 4 = 1. 5