Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition. Todd Cochrane

Transcription

1 Math 511, Algebraic Systems, Fall 2017 July 20, 2017 Edition Todd Cochrane

2 Department of Mathematics Kansas State University

3 Contents Notation v Chapter 0. Axioms for the set of Integers Z. 1 Chapter 1. Algebraic Properties of the Integers Background Binary Operations Deducing the Additional Properties of Z from the Axioms Discreteness Axioms for Z Proof by Induction Basic Divisibility Properties The Euclidean Algorithm Linear Combinations and Linear Equations Solving Linear Equations in Integers Unique Factorization of Integers Further properties of primes 20 Chapter 2. Modular Arithmetic and the Modular Ring Z m Basic Properties of Congruences Modular Exponentiation A few applications of congruences Decimal Expansions Divisibility Tests Multiplicative inverses (mod m) Chinese Remainder Theorem The modular ring Z m Group of units U m and the Euler phi-function Euler s Theorem and Fermat s Little Theorem Public Key Cryptography. 31 Chapter 3. Rings, Integral Domains and Fields Basic properties of Rings Subrings of Z and Z m Zero Divisors Units Polynomial Rings Integral Domains Fields Matrix Rings Complex Numbers 44 iii

4 iv CONTENTS Polar Form and Exponential Polar Form of Complex Numbers n-th powers and n-th roots of complex numbers Subfields of the Real Numbers and Complex Numbers Venn Diagram of Rings 50 Chapter 4. Factoring Polynomials Factoring quadratic and cubic polynomials Useful Factoring Formulas Multiple zeros Unique Factorization of Polynomials Factoring Polynomials over C Factoring Polynomials over R Factoring Polynomials over Q Summary of Irreducible Polynomials over C, R, Q and Z p Cardano s Solution of the Cubic Equation Solution of the Quartic Equation and Higher Degree Equations. 68 Chapter 5. Group Theory Subgroups of Groups Generators and Orders of Elements Cyclic Groups The Klein 4-group Direct Products of Groups Lagrange s Theorem Another Proof of Euler s Theorem and Fermat s Little Theorem 79 Chapter 6. Permutation Groups and Groups of Symmetries Permutation Groups Cycle Notation Groups of Symmetries Groups generated by more than one element Dihedral Group D n Isomorphism Cayley s Theorem 91

5 Notation N = {1, 2, 3, 4, 5,... } = Natural numbers Z = {0, ±1, ±, 2, ±3,... } = Integers E = {0, ±2, ±4, ±6,... } = Even integers O = {±1, ±3, ±5,... } = Odd integers Q = {a/b : a, b Z, b 0} = Rational numbers R = Real numbers C = Complex numbers Z m = Ring of integers mod m [a] m = {a + mx : x Z} = Residue class of a mod m U m = Multiplicative group of units mod m a 1 (mod m) = multiplicative inverse of a (mod m) φ(m) = Euler phi-function (a, b) = gcd(a, b) = greatest common divisor of a and b [a, b] = lcm[a, b] = least common multiple of a and b a b = a divides b M 2,2 (R) = Ring of 2 2 matrices over a given ring R R[x] = Ring of polynomials over R S = order or cardinality of a set S S n = n-th symmetric group intersection union empty set subset there exists! there exists a unique for all implies equivalent to iff if and only if element of congruent to v

6

7 CHAPTER 0 Axioms for the set of Integers Z. We shall assume the following properties as axioms for the set of integers. 1] Addition Properties. There is a binary operation + on Z, called addition, satisfying a) Addition is well defined, that is, given any two integers a, b, a+b is a uniquely defined integer. b) Substitution Law for addition: If a = b and c = d then a + c = b + d. c) The set of integers is closed under addition. For any a, b Z, a + b Z. d) Addition is commutative. For any a, b Z, a + b = b + a. e) Addition is associative. For any a, b, c Z, (a + b) + c = a + (b + c). f) There is a zero element 0 Z (also called the additive identity), satisfying 0 + a = a = a + 0 for any a Z. g) For any a Z, there exists an additive inverse a Z satisfying a + ( a) = 0 = ( a) + a. Properties a),b), and c) above are implicit in the definition of a binary operation. Definition: Subtraction in Z is defined by a b = a + ( b) for a, b Z. 2] Multiplication Properties. There is an operation (or ) on Z called multiplication, satisfying, a) Multiplication is well defined, that is, given any two integers a, b, a b is a uniquely defined integer. b) Substitution Law for multiplication: If a = b and c = d then ac = bd. c) Z is closed under multiplication. For any a, b Z, a b Z. d) Multiplication is commutative. For any a, b Z, ab = ba. e) Multiplication is associative. For any a, b, c Z, (ab)c = a(bc). f) There is an identity element 1 Z satisfying 1 a = a = a 1 for any a Z. 3] Distributive law. This is the one property that combines both addition and multiplication. For any a, b, c Z, a(b + c) = ab + ac. One can deduce (from the given axioms) the additional distributive laws, (a + b)c = ac + bc, a(b c) = ab ac and (a b)c = ac bc. 4] Trichotomy Principle. The set of integers can be partitioned into three disjoint sets, Z = N {0} N, where N = {1, 2, 3,... } = Natural Numbers = Positive Integers, N = { 1, 2, 3,... } = Negative Integers. One then defines the inequalities > and < by saying a > b if a b N and a < b if a b N. Thus we get the Law of Trichotomy which states that for any two integers a, b exactly one of the following holds: a < b, a = b or a > b, (that is a b N, a b = 0 or a b N.) 1

8 2 0. AXIOMS FOR THE SET OF INTEGERS Z. 5] Positivity Axiom. The sum of two positive integers is positive. The product of two positive integers is positive. 6] Discreteness Axioms. a) Well Ordering Property of N. Any nonempty subset of N has a smallest element. b) Principle of Induction. Let S be a subset of N such that (i) 1 S and (ii) n S n + 1 S. Then S = N. Additional Properties of Z. The properties below can all be deduced from the axioms above. You may assume them in your homework unless specifically asked to prove the property. See Chapter 1, Section 1.3 for proofs. 1] Subtraction-Equality principle. x = y if and only if x y = 0. 2] Cancelation law for addition: If a + x = a + y then x = y. 3] Additive inverses are unique, that is, if a, b, c are integers such that a + b = 0 and a + c = 0 then b = c. 4] Zero multiplication property: a 0 = 0 for any a Z. 5] Properties of negatives: ( a)b = (ab) = a( b), ( a)( b) = ab, ( 1)a = a. 6] Basic consequence of Trichotomy: If a > 0 then a < 0 and if a < 0 then a > 0. 7] Products of Positives and Negatives: If a > 0 and b < 0 then ab < 0. If a < 0 and b < 0, then ab > 0. 8] Zero divisor property, or integral domain property: If ab = 0 then a = 0 or b = 0. 9] Cancelation law for multiplication: If ax = ay and a 0 then x = y. 10] General Associative-Commutative Law: a) Addition: When adding a collection of n integers a 1 + a a n, the numbers may be grouped in any way and added in any order. In particular, the sum a 1 +a 2 + +a n is well defined, that is, no parentheses are necessary to specify the order of operations. b) Multiplication: When multiplying a collection of n integers a 1 a 2 a n, the numbers may be grouped in any way and multiplied in any order. In particular, the product a 1 a 2 a n is well defined, that is, no parentheses are necessary to specify the order of operations. 11] FOIL Law: For any integers a, b, c, d, (a + b)(c + d) = ac + ad + bc + bd. 12] Binomial Expansion: For any integers a, b and positive integer n we have (a + b) n = n ( n ) k=0 k a k b n k = a n + ( ) n 1 a n 1 b + ( n 2) a n 2 b b n. In particular, (a + b) 2 = a 2 + 2ab + b 2 (a + b) 3 = a 3 + 3a 2 b + 3ab 2 + b 3.

9 CHAPTER 1 Algebraic Properties of the Integers 1.1. Background Definition A statement is a sentence that can be assigned a truth value. (In general there is a subject, verb and object in the statement). Example Suppose that x is a given real number. The following are statements, that is, we can definitively assert whether A, B or C is true or false: A : x 2 = 4. B : x = 2. C : x = ±2. The latter statement is read, x equals plus or minus 2. For example, if x = 2 then statement A is true, statement B is false and statement C is true. Note that these statements are complete sentences. In statement A, the subject is x 2, the verb is = and the object is 4. If A and B are statements, A B means A implies B, that is, if A is true then B is true. A B means A is equivalent to B, that is, A is true if and only if B is true. Example Which of the following are true statements? 1. If x 2 = 4 then x = If x 2 = 4 then x = ±2. 3. If x = 2 then x 2 = x 2 = 4 x = ±2. If you answered false, true, true, true to the four statements above, then you are probably thinking correctly, but note the truth value actually depends on an implicit assumption about what type of object x is, such as x is an integer or x is a real number. If our implicit assumption is that x is a natural number, then the first statement is true. If x Z 4, a ring we will see later in the semester, then statement 4 is false. Note The symbols and are used between statements. The symbol = is used between objects (numbers, functions, sets, etc. ). Be careful in making this distinction whenever you write a proof. Definition Let A, B be given sets. A function f : A B (pronounced, a function f from A to B), is a rule that assigns to each element x A a unique element f(x) B. The set A is called the domain of f and the set B, the codomain of f. The range of f, denoted f(a), is the set of all output values, The range is a subset of the codomain. f(a) := {f(x) : x A}. 3

10 4 1. ALGEBRAIC PROPERTIES OF THE INTEGERS Definition The cartesian product of two sets A, B, denoted A B, is the set of all ordered pairs (x, y) with x A, y B. That is, A B = {(x, y) : x A, y B}. Example Z Z is the set of all ordered pairs of integers, Z Z = {(x, y) : x, y Z}. Note In order to make the definition of a function precise, mathematicians usually define a function f : A B to simply be the set of ordered pairs {(x, f(x)) : x A} in A B. This point of view however will not be so useful in thinking about the concept of a binary operation in what follows Binary Operations Definition ) A binary operation on Z is a function : Z Z Z, that assigns to each ordered pair (a, b) of integers a unique integer denoted a b. 2) It is called commutative if a b = b a for all a, b Z. 3) It is called associative if a (b c) = (a b) c for all a, b, c Z. 4) An element e Z is called an identity element with respect to if a e = a and e a = a for all integers a. Example Ordinary addition and multiplication are binary operations on Z; so is subtraction. Division fails? Why? Because for a, b Z, a b in general is not an integer. All we need is one counterexample to show a given formula is not a binary operation. So we could just say 1 2 Z, so division is not a binary operation. Addition and Multiplication are both commutative and associative, and both have identities. 0 is the additive identity, and 1 is the multiplicative identity. Example Let a b := ab, for a, b Z. (Note, the colon after a b is used in mathematics to indicate that this is a definition.) Is this a binary operation on Z? No, for example, 1 2 = 2 which is not an integer. To be a binary operation on Z, the output has to be an integer for all possible integer inputs. If this fails for one example, then the operation fails to be a binary operation. Example Which of the following are binary operations on Z. a b := 3, a b := gcd(a 2 +1, b 2 +1), (where gcd is the greatest common divisor.) a b := b 2 /a, a b := ±a, a b := a b. Answer: Just the first two. Example Lets define an operation by a b := 3b for any a, b Z. (When you read a definition like this, you should keep in mind that the choice of the letters a, b is irrelevant. We could just as well have written x y = 3y. The way you should think about the operation is to use words: a b is 3 times the second number.) i) Is this a binary operation? Plainly, for any b Z, 3b is in Z and it is uniquely defined. Thus is a binary operation. ii) Is this operation commutative? Here we need to test whether a b = b a for all a, b Z. By definition a b = 3b, while b a = 3a. Thus to be commutative we would need 3b = 3a, that is, b = a for any two integers a, b, which is blatantly false. An alternate way to show the operation is not commutative is with a single counterexample: 3 2 = 6, while 2 3 = 9. iii) Is the operation associative? (1 2) 3 = 6 3 = 9, while 1 (2 3) = 1 9 = 27. Thus we have a counterexample, so the operation is not associative.

11 1.3. DEDUCING THE ADDITIONAL PROPERTIES OF Z FROM THE AXIOMS 5 iv) Is there an identity element? Suppose that e is an identity element. Then e a = a and a e = a for all a Z. Thus, 3a = a and 3e = a for all a Z. Both of these statements are absurd. The first implies that 3 = 1, a contradiction, while the second implies that e = a/3 for all a, a contradiction. (All we would need is for one of these two statements to be false.) More generally, one can talk about a binary operation on any set S. It is simply a function that assigns to any ordered pair (s, t) of elements in S a unique value s t in S. Can you think of any binary operations that you have encountered that are not commutative? Here are a few examples. i) Function composition: In general f g g f. ii) Matrix multiplication: If A, B are square matrices of the same size then AB BA in general. iii) Cross product of vectors in R 3 : In general u v v u. In fact, we have u v = v u. Definition A subset S of Z is said to be closed under a given binary operation (or with respect to ) if for any two a, b S we have a b S. Example The set of even integers E is closed under both addition and multiplication. The set of odd integers O is closed under multiplication but not under addition. Example Let S = { 1, 0, 1}. Is S closed under ordinary addition? We must test all possible sums: = 1, = 0, = 1. So far, it looks like the values we get are always back in the set S. However, if we try we get 2, a value not in S. Therefore S is not closed under addition. Is S closed under multiplication? This time the answer is yes. The product of any two numbers in S is back in S. Example Lets define an operation by a b := 2a + b, for a, b Z. i) Is this a binary operation on Z? Yes, given any two integers a, b the output 2a + b is a uniquely defined integer. ii) Is this operation commutative? Note that a b = 2a + b, but b a = 2b + a. Thus a b b a in general, for example 1 2 = 3 but 2 1 = 5. iii) Is the operation associative? a (b c) = a (2b + c) = 2a + (2b + c) = 2a + 2b + c, whereas, (a b) c = (2a + b) c = 2(2a + b) + c = 4a + 2b + c. Since 2a + 2b + c 4a + 2b + c for a 0 we see that associativity fails. iv) Is there an identity element? Suppose that e is an identity. Then e a = a and a e = a for all a Z. Thus 2e + a = a and 2a + e = a, that is, e = 0 and e = a for all a Z. The latter condition clearly fails (e cannot equal a for all integers a.) Therefore, there is no identity. v) Is the set of odd integers O closed under? Lets check. Let a, b be odd integers. Then a b = 2a + b = even + odd = odd. Thus O is closed Deducing the Additional Properties of Z from the Axioms In this section we will deduce the Additional Properties of Z listed in Chapter 0 from the axioms. We will provide examples of two styles of proofs. The first is two-column style, where the right column provides the justification for each step. The second is text style, where the proof is written in paragraph form with complete sentences following all the rules of grammar. In formal mathematical

12 6 1. ALGEBRAIC PROPERTIES OF THE INTEGERS writing one always uses text style, but for this class the two-column style is occasionally acceptable Subtraction-Equality principle. For any integers x, y, x y = 0 if and only if x = y. Proof. x y = 0, (x y) + y = 0 + y, (x + ( y)) + y = 0 + y, x + ( y + y) = 0 + y, x + 0 = 0 + y, x = y, Next, we need to prove the converse. x = y x + ( y) = y + ( y) x y = y + ( y) x y = 0 assumption addition is well defined definition of subtraction associative law additive inverse property 0 is additive identity assumption addition is well defined definition of subtraction additive inverse property Cancelation Law for Addition. : Let a, x, y be integers such that a + x = a + y. Then x = y. Proof. a + x = a + y, assumption a + (a + x) = a + (a + y), addition is well defined ( a + a) + x = ( a + a) + y, associative law 0 + x = 0 + y, additive inverse property x = y, 0 is additive identity Note i) The following is also a version of the cancelation law: If x + a = y + a then x = y. ii) Look at the axioms required to prove the cancelation law. Any algebraic system satisfying those same axioms will also satisfy the cancelation law. Rings and Additive Groups are both examples of such systems that we will visit this semester Every integer has a unique additive inverse. Proof. (We ll do this one in text form.) By one of the axioms of Z, we know that every integer has an additive inverse, so our task here is to show that it is unique. Let a be a given integer. Suppose that b, c are additive inverses of a. Then a + b = 0 and a + c = 0. By the transitive law for equality, a + b = a + c. Thus by the cancelation law for addition (which we just proved), b = c.

13 1.3. DEDUCING THE ADDITIONAL PROPERTIES OF Z FROM THE AXIOMS Zero Multiplication Property. For any integer n, n 0 = 0. Proof. The formal proof is homework but we ll give you a hint. Since 0 is linked with additive properties of Z and this theorem is a multiplicative statement, you will need to make use of the one axiom linking addition and multiplication (what is it?) Now start by writing 0 = (what property have I just used?) Then use substitution to say n 0 = n (0 + 0), etc Properties of Negatives. For any integers a, b we have i) ( a) = a. ii) ( 1)a = a. iii) ( a)b = (ab) = a( b). iv) ( a)( b) = ab. Proof. i) Since a + ( a) = 0 = ( a) + a by the definition of additive inverse, we see that a is the additive inverse of a, that is a = ( a). ii) For this part our goal is to show that ( 1)a is the additive inverse of a, that is, ( 1)a + a = 0. Now, ( 1)a + a = ( 1)a + 1(a), iii) We have 1 is the multiplicative identity = ( 1 + 1)a, distributive law = 0a, property of additive inverses = 0, by zero mult property ( a)b = (( 1)a)b, by part (ii) = ( 1)(ab), by associativity = (ab), by part (ii) The second equality can be proven in the same manner. iv) We have ( a)( b) = (a( b)), by part (iii) = ( (ab)), by part (iii) = ab, by part (i) Basic consequence of Trichotomy. Let a Z. If a > 0 then a < 0, and if a < 0 then a > 0. Proof. Suppose that a > 0 that is, a N. Then a N and so by definition a < 0. Next, suppose that a < 0, that is, a N. Then a = c for some c N. Thus, by a property of negatives, a = ( c) = c N, and so a > Products of Positives and Negatives. i) If a > 0 and b < 0 then ab < 0. ii) If a < 0 and b < 0, then ab > 0. Proof. i) Suppose that a < 0 and b > 0. Then a = c for some c > 0, by definition of <. Thus ab = ( c)b = (cb) by a property of negatives. Now, by the Positivity Axiom, cb > 0, and thus by the preceding property, (cb) < 0, that is, ab < 0.

14 8 1. ALGEBRAIC PROPERTIES OF THE INTEGERS ii) Suppose that a < 0 and b < 0. Then a = c, b = d for some positive integers c, d. Thus ab = ( c)( d) = cd by a property of negatives. By the Positivity Axiom, cd > 0, and thus ab > Zero divisor property or Integral domain property of Z. If a, b are integers with ab = 0, then a = 0 or b = 0. Proof. We ll do a proof by contradiction. Suppose that ab = 0 but a 0 and b 0. By the Trichotomy Principle (see axiom list), either a is positive or a is negative, and the same for b. If a, b are both positive then by the Positivity Axiom ab is positive, a contradiction. If a is positive and b is negative then ab is negative by the preceding property, a contradiction. Finally if both a and b are negative, then ab is positive by the preceding property, a contradiction. Thus, in all cases we are led to a contradiction. Therefore a = 0 or b = Cancelation Law for Multiplication. If a, x, y are integers with ax = ay and a 0, then x = y. Proof. Since we have only introduced integers at this point, we wish to prove this law without using fractions. Thus we cannot simply divide both sides by a or multiply both sides by 1/a. Instead, we will make use of the subtraction equality principle and the integral domain property of Z. Since ax = ay we have ax ay = 0 by the subtraction equality principle. Next use the distributive law, the integral domain property of Z, and the subtraction equality principle again. The details are left for your homework. Note Be careful in your use of the symbols = and when writing a proof. Note, the equal symbol is used between objects (equal numbers, equal sets, equal functions, etc.), whereas the symbols and are used between statements (remember a statement is a sentence that can be assigned a truth value, true or false.) General Associative-Commutative Law. a) Addition: When adding a collection of n integers a 1 + a a n, the numbers may be grouped in any way and added in any order. In particular, the sum a 1 +a 2 + +a n is well defined, that is, no parentheses are necessary to specify the order of operations. b) Multiplication: When multiplying a collection of n integers a 1 a 2 a n, the numbers may be grouped in any way and multiplied in any order. In particular, the product a 1 a 2 a n is well defined, that is, no parentheses are necessary to specify the order of operations. Note We will not attempt to prove this law here, as it requires a rather sophisticated use of induction. Instead, lets just gain some appreciation of what it is saying, since we will be making extensive use of it throughout the semester. What does a + b + c + d mean? Remember, addition is a binary operation, that is you can only add two integers at a time. There are many possible definitions, ((a+b) +c) +d, (a+(b+c)) +d, (a+b) +(c+d), a+((b+c) +d), a+(b+(c+d)) and so on. The general associative law tells us that all of these expressions are equal, and thus there is no need to include the parentheses at all. For instance, we can see that the first two expressions in the list are plainly equal by one application of the associative law, (a + b) + c = a + (b + c). If we throw in the word commutative,

15 1.4. DISCRETENESS AXIOMS FOR Z 9 then the general associative-commutative law tells us that we can also rearrange the order. Thus for example (d + b) + (a + c) would also equal a + b + c + d. A similar discussion holds for multiplication. We can really appreciate this law when working with rational numbers. For example try calculating the following in your head: What is the easiest way to do it? The FOIL law. For any integers a, b, c, d, (a + b)(c + d) = ac + ad + bc + bd. Proof. We have (a + b)(c + d) = (a + b)c + (a + b)d, distributive law = (ac + bc) + (ad + bd), distributive law = ac + (bc + ad) + bd, general associative law = ac + (ad + bc) + bd, commutative law = ac + ad + bc + bd, general associative law Binomial Square Formula. For any positive integer n and integers a, b we have (a + b) 2 = a 2 + 2ab + b 2. We have (a + b) 2 = (a + b)(a + b), definition of square = a 2 + ba + ab + b 2, FOIL law = a 2 + ab + ab + b 2, commutative law for mult = a 2 + (ab + ab) + b 2, general associative law = a 2 + 2ab + b 2, definition of 2 times a number. We shall prove the general binomial expansion formula using induction in Section Discreteness Axioms for Z Let us return now to the two discreteness axioms for Z. These are the axioms that distinguish the integers from sets such as Q and R, which also satisfy all of the algebraic axioms (associative law, commutative law, distributive law, etc. ) These axioms imply that the integers are discrete objects. For Q and R we can say that between any two elements of the set there are infinitely many other elements of the set. Thus there is no gap between one rational or real number and the next one. For integers this is false. For instance, between 0 and 1 there are no other integers. More generally, for any distinct integers a, b we can say a b 1. a) Well Ordering Property of N. Any nonempty subset of N has a smallest element. Note that this property does not hold for the set of positive rational numbers Q + or positive real numbers R +. Consider for example the interval of real numbers (0, 1). This set has no smallest element.

16 10 1. ALGEBRAIC PROPERTIES OF THE INTEGERS b) Axiom of Induction. Let S be a subset of N such that (i) 1 S and (ii) n S n + 1 S. Then S = N. Again, it is plain that this axiom fails for Q + and R +. One can prove that these two axioms are equivalent, that is the well ordering property of N implies the axiom of induction, and the axiom of induction implies the well ordering property. (See if you can prove either direction!) Here are a couple more equivalent discreteness properties that we will occasionally appeal to, but will not prove here. c) Maximum Element Principle. Any nonempty subset of integers bounded above contains a maximum element. d) Minimum Element Principle. Any nonempty subset of integers bounded below contains a minimum element Proof by Induction An important method of proof that we shall use in this class is a variation of the axiom of induction that we call the principle of induction. It is used for proving that a given statement is true for all natural numbers. Principle of Induction. Let P (n) be a statement involving a natural number n. Suppose that (i) P (1) is true. (Base Case.) (ii) If P (n) is true for a given n N then P (n + 1) is true. (Inductive Step.) Then P (n) is true for all n N. The assumption P (n) is true for a given n N is called the induction assumption. Note One of the common errors in proving something is to assume the statement you wish to prove is true in the middle of the proof. How would you respond to someone who objects to the Principle of Induction by saying in the induction assumption you are assuming what you wish to prove? (Note the subtle distinction. In the induction assumption, although n is arbitrary, we are only assuming P (n) is true for one value of n, not for all integers n.) Example Prove that for any positive integer n, (1.1) n 3 = n2 (n + 1) 2. 4 Proof. Proof by induction. For n = 1 we have 1 3 = , a true statement. Suppose that statement (1.1) is true for a given n. Then for n + 1 we have n 3 + (n + 1) 3 = ( n 3 ) + (n + 1) 3 = n2 (n + 1) (n + 1) 3, by induction assumption (1.1). (Lets interrupt the proof with a little motivation. In your formal write-up you do not need to include these comments. Our goal is to establish the truth of (1.1) for

17 1.5. PROOF BY INDUCTION 11 n + 1, that is, we are hoping to get (n + 1) 2 (n + 2) 2 /4. Since this expression is in factored form, we proceed by factoring, rather than expanding.) (n + 1)2 = [n 2 + 4(n + 1)], 4 (n + 1)2 = [n 2 + 4n + 4] = 4 (n + 1)2 4 [n + 2] 2 = (n + 1)2 ((n + 1) + 1) 2. 4 Thus (1.1) holds for n + 1. At this point, there are two ways to conclude the induction proof. You can either say Thus, by the Principle of Induction, the statement is true for all n N, or you can simply write QED, which stands for the Latin expression quod erat demonstrandum meaning literally what was to be demonstrated, but is more liberally taken to mean thus we have established what we wished to prove. In this example you should also try restating everything in sigma notation. The statement in this notation would read n k=1 k3 = n2 (n+1) 2 4 for any n N. Example n 3 n is a multiple of 3 for any positive integer n. Proof. Proof by induction. For n = 1 we note that = 0 = 0 3, a multiple of 3. Suppose that the statement is true for a given n, that is, n 3 n = 3k for some k Z. Then for n + 1 we have (n + 1) 3 (n + 1) = n 3 + 3n 2 + 3n + 1 n 1 = (n 3 n) + 3n 2 + 3n = 3k + 3n 2 + 3n, by induction assumption, = 3(k + n 2 + n) = 3 integer, since the integers are closed under addition and multiplication. QED. Example n 1 is a multiple of 5 for any positive integer n. Proof. Proof by induction. For n = 1, 6 n 1 = 6 1 = 5, a multiple of 5. Suppose that the statement is true for a given n, that is, 6 n 1 = 5k for some integer k. Then for n + 1 we have, 6 n+1 1 = 6 n 6 1 = (5k + 1)6 1, by the induction hypothesis. Then, using the distributive law we see that 6 n+1 1 = 30k = 30k + 5 = 5(6k + 1), a multiple of 5, since 6k + 1 is an integer. Thus the statement is true for n + 1. QED. Example The word induction is connected to the concept of inductive reasoning, a type of reasoning where one looks at data and tries to find a pattern or rule governing the data. Try the following example. Look at the sum of the first n odd numbers for n = 1, 2, 3, 4, 5: 1=1, 1+3=4, 1+3+5=9, =16, =25. What is the pattern? Write down a conjecture for what you think (2n 1) equals in general, and then prove it by induction.

18 12 1. ALGEBRAIC PROPERTIES OF THE INTEGERS Example The Fibonacci sequence {F n } = 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144,..., is governed by the rule F n+1 = F n + F n 1 for n 2, and the initial values F 1 = F 2 = 1. It is a sequence that arises many places in mathematics and in nature. For instance the ratios of successive Fibonacci numbers, F n+1 /F n, approaches the Golden Ratio = as n ; = , 55 = , and so on. Prove that (1.2) F 1 + F F 2k 1 = F 2k, for any k N. Proof. Proof by induction on k. For k = 1 we have F 1 = 1 = F 2, so the statement is true. Suppose that the statement (1.2) is true for a given k. Then for k + 1 we have F 1 + F F 2k 1 + F 2k+1 = (F 1 + F F 2k 1 ) + F 2k+1 = F 2k + F 2k+1, by the induction hypothesis, = F 2k+2 = F 2(k+1), by the defining property of the Fibonacci sequence. QED Property 11. Binomial Expansion Formula. For any positive integer n and integers a, b we have (1.3) n ( ) ( ) ( ) ( ) n n n n (a+b) n = a k b n k = a n + a n 1 b+ a n 2 b ab n 1 +b n. k 1 2 n 1 k=0 Proof. The proof is by induction on n. For n = 1 the statement is trivial, (a + b) 1 = a + b. Suppose the statement is true for a given n. Then for n + 1 we have n ( ) n (a + b) n+1 = (a + b)(a + b) n = (a + b) a k b n k k QED. = n k=0 ( ) n a k+1 b n k + k l=1 n k=0 k=0 ( ) n a k b n+1 k k ( ) n 1 n ( ) ( ) n n n = a n+1 + a k+1 b n k + b n+1 + n k 0 k=0 k=1 n ( ) n n ( n = a n+1 + b n+1 + a l b n+1 l + l 1 l l=1 l=1 n (( ) ( )) n n = a n+1 + b n a l b n+1 l l 1 l l=1 l=0 ( ) n a k b n+1 k k ) a l b n+1 l n ( ) n+1 n + 1 ( ) n + 1 = a n+1 + b n+1 + a l b n+1 l = a l b n+1 l, l l

19 1.6. BASIC DIVISIBILITY PROPERTIES Strong Form of Induction. A variation of induction that we will sometimes use is called the Strong Form of Induction given below. It has the advantage in that one is allowed to assume a lot more in the induction assumption. We will see it used when we prove the Fundamental Theorem of Arithmetic. Strong Form of Induction. Let P (n) be a statement involving a natural number n. Suppose that (i) P (1) is true. (Base Case.) (ii) If P (k) is true for all k < n, for a given n N, then P (n) is true. (Inductive Step.) Then P (n) is true for all n N Basic Divisibility Properties Our goal is to prove the Fundamental Theorem of Arithmetic, which states that every positive integer can be uniquely expressed as a product of primes, but to get there we need to start with basic properties of divisibility. Definition Let a, b Z, a 0. ax = b for some integer x. We say a divides b, written a b, if Example since 12 = 3 4; 5 12 since 12/5 / Z. Distinguish 3 12 from 3/12: the first is a statement and the latter an object. Note There are many equivalent ways of expressing the statement a divides b: a is a divisor of b, a is a factor of b, b is divisible by a, b is a multiple of a, b/a is an integer. Note, the latter form assumes knowledge about the rational numbers. At this point in the semester, I want you to prove statements about the integers without making reference to the larger number system Q. Example a. What are the divisors of 6? {±1, ±2 ± 3 ± 6}. b. What are the divisors of 0? All integers (except 0). (Ruling 0 out is just a technical assumption in our definition of divisibility above (a 0). It might make sense to say 0 is a divisor of 0 since 0 = 0 0, indeed 0 = 0 b for any b Z. It is ruled out because 0/0 is an undefined quantity.) Theorem Basic divisibility properties. Let a, b, d be integers. (i) If d a and d b then d (a + b). (ii) If d a and d b then d (a b). (iii) If d a and d b then for any integers x, y, d (ax + by). Proof. (iii) Suppose that d a, d b and that x, y Z. Then a = dk and b = dl for some integers k, l. Thus, ax + by = (dk)x + (dl)y = d(kx) + d(ly) = d(kx + ly) = d(integer), since Z is closed under addition and multiplication. Thus d ax + by. Example Another way to think about the basic divisibility properties, is to use the word multiple. Property (i) says that if a and b are multiples of d then so is a + b, while (ii) says that if a and b are multiples of d then so is a b. For example, if a and b are multiples of 5 then so are a + b and a b. Another way yet of saying this is the following: If S is the set of all multiples of 5, then S is closed under addition and subtraction.

20 14 1. ALGEBRAIC PROPERTIES OF THE INTEGERS Theorem Transitive law for divisibility. For any integers a, b, c, if a b and b c, then a c. Proof. Homework Definition Let a, b be integers not both 0. The greatest common divisor of a, b, denoted gcd(a, b) is the largest integer that divides both a and b. An analogous definition can be given for the gcd of any number of integers, not all zero. Example ) gcd(16, 28) = 4. Why? The common positive factors are 1, 2 and 4, and 4 is the largest. 2) gcd( 16, 28) = 4. 3) gcd(6, 16, 28) = 2. Note gcd(0, 0) is undefined. Why? Because every nonzero integer is a divisor of 0, so there is no largest common divisor. 2. If a, b are not both zero, gcd(a, b) exists and is unique. Why does it exist? Let S be the set of positive common divisors. It is a nonempty set (1 S), bounded above by max( a, b ), so it has a maximum element by the Maximum Element Principle of Z (see Discreteness axioms). Uniqueness is trivial, since S can have at most one maximum element. 3. For any integer n, gcd(0, n) = n. The absolute value is needed in case n is negative. 4. For any integers a, b, gcd(a, b) = gcd(b, a) = gcd( a, b) = gcd( a, b) The Euclidean Algorithm. The Euclidean algorithm, an efficient way of computing GCDs, is based on two theorems, the Subtraction Principle for GCDs and the Division Algorithm. Before stating these theorems, lets look at an example. Example Find gcd(2023, 2033). Note that any common divisor d of 2023 and 2033 is also a divisor of by a basic divisibility property, that is, d 10. This means d = 1, 2, 5 or 10, but plainly only 1 is a divisor of Thus gcd(2023, 2026) = 1. We generalize this idea in the next theorem. Theorem Subtraction Principle for GCDs. For any a, b Z, not both zero, and any integer q, gcd(a, b) = gcd(a qb, b). Proof. Let S be the set of common divisors of a and b, and T the set of common divisors of a qb and b. We claim that S = T, and so S and T have the same maximal element, that is, gcd(a, b) = gcd(a qb, b). To show S = T we need to show S T and T S. To show S T, suppose that d S. Then d a and d b. By a basic divisibility property, d (a qb). Thus d b and d (a qb), so d T. Next, to show T S, suppose that d T, that is, d (a qb) and d b. Then again by a basic divisibility property, d [(a qb) + q b], that is, d a. Thus d a and d b, so d S. QED. Example Lets redo the preceding example using the subtraction principle for gcds. Find gcd(2023, 2033). By the subtraction principle, we have since 2 and 5 are not divisors of gcd(2023, 2033) = gcd(2023, 10) = 1,

21 1.8. LINEAR COMBINATIONS AND LINEAR EQUATIONS 15 Division of Integers with remainder. Ex = 7R3, that is, 38 = Recall, 7 is called the quotient, 3 the remainder, 38 the dividend and 5 the divisor. Ex = 4R4, that is, 24 = ( 4) Ex. 3 8 = 0R3, that is, 3 = Note the remainder is always nonnegative and strictly smaller than the divisor. Theorem Division Algorithm. Let a, b be integers with b > 0. Then there exist integers q, r such that a = qb + r with 0 r < b. Moreover q, r are unique. (q=quotient and r= remainder in dividing a by b.) Proof. Existence: Let q be the greatest integer such that qb a. Such a q exists by the Maximum Element Principle. In particular (q + 1)b > a, by the maximality of q. Thus qb a < (q + 1)b. Set r = a qb. It is easy to see that a = qb + r. Also, subtracting qb from all sides of the preceding inequality we obtain 0 a qb < b, that is, 0 r < b. Uniqueness: If a = qb+r = q b+r with 0 r, r < b, then b q q = r r < b and so q q < 1. Since q q Z we must have q q = 0, that is, q = q. Returning to the identity qb + r = q b + r we see that qb + r = qb + r and consequently r = r. We are now ready to describe the Euclidean Algorithm with an example. (Recall, an algorithm is a step by step procedure for carrying out some task.) Example Find d = gcd(126, 49), using the Euclidean Algorithm. To get started we calculate = 2R28 by long division, and so 126 = Then, by the subtraction principle for GCDs, gcd(126, 49) =gcd( , 49) =gcd(28, 49). We now repeat the process by calculating 49 28, etc. (1) 126 = , d = gcd(28, 49) (2) 49 = , d = gcd(28, 21) (3) 28 = , d = gcd(7, 21) (4) 21 = 3 7, d = gcd(7, 0) = 7, ST OP The process stops when you get a remainder of Linear Combinations and Linear Equations Definition A linear combination (LC) of two integers a, b is an integer of the form ax + by where x, y Z. Claim: If d = gcd(a, b) then d can be expressed as a linear combination of a and b, that is, the equation (1.4) ax + by = d, has a solution in integers x, y. Example gcd(20, 8) = 4. By trial and error, we see that 4 = 1 20+( 2)8. gcd(21, 15) = 3. By trial and error, we get 3 = We will see two methods for solving the GCD equation (1.4). The first is the method of Back Substitution and the second, the Array Method. Back Substitution: A method of solving the equation d = ax + by (with d = gcd(a, b)) by working backwards through the steps of the Euclidean algorithm.

22 16 1. ALGEBRAIC PROPERTIES OF THE INTEGERS Example Use example above for gcd(126, 49) to express 7 as a LC of 126 and 49. Use the method of back substitution. Start with equation (3): 7 = By (2) we have 21 = Substituting this into the preceding equation (7 = 28 21) yields 7 = 28 (49 28) = , a linear combination of 28 and 49. Next, by (1) we have 28 = Substituting this into previous equation yields 7 = 2 ( ) 49 = , a linear combination of 126 and 49. QED. Array Method. A method for solving the linear equation ax + by = c for any c Z. Here we will do it for the case where c = gcd(a, b). Example We shall redo the previous example using the array method. To begin, set up an array with the first three columns initialized as shown below. For a given choice of x and y the linear combination 126x + 49y is given in the first row. Now, perform the Euclidean Algorithm on the numbers in top row, but do the corresponding column operations on the entire array. Let C 1 be the column with top entry 126, C 2 the column with top entry 49, etc.. The first step in the Euclidean algorithm is to subtract 2 times 49 from 126, so we let the next column C 3 be given by C 3 = C 1 2C 2. Then C 4 = C 2 C 3, C 5 = C 3 C x + 49y x y Thus, 7 = Example Find gcd(83, 17) and express it as a LC of 83 and x + 17y x Thus gcd = 1 and 1 = y By applying these methods to an arbitrary pair of integers a, b, we obtain the following theorem, called the GCDLC-theorem, Greatest Common Divisor Linear Combination Theorem. Theorem GCDLC theorem. Let a, b be integers not both zero, d = gcd(a, b). Then d can be expressed as a linear combination of a and b, d = ax + by for some x, y Z. Proof. There are two types of proof we can give. The first is a constructive proof, that provides an algorithm for actually obtaining the integers x, y, and the second is an existence proof that merely proves that such x, y exist, but does not provide a way of finding these values. A constructive proof can be given using either of the two methods we provided in the examples above, the Euclidean Algorithm together with back substitution, or the array method. The notation is rather cumbersome however for a general pair of integers a, b so we shall not pursue this further. We shall give here instead a non-constructive, existence proof. Let S = {ax + by : x, y Z}, the set of all linear combinations of a and b. This set clearly contains positive integers, so let e be the smallest positive integer in the set (e exists by well ordering). Say e = ax 0 + by 0, for some x 0, y 0 Z. We claim that e = d. Since d a and d b, we know d e, by a basic divisibility property. In particular, d e. Thus, it suffices to show that e is a common divisor of a and b, for this would imply that e d, the greatest common divisor of a and b.

23 1.9. SOLVING LINEAR EQUATIONS IN INTEGERS 17 Lets show that e a. To do this, we shall compute a e and show that the remainder is 0. By the division algorithm, a = qe + r, for some q, r Z with 0 r < e. Thus a = q(ax 0 + by 0 ) + r, so r = a(1 qx 0 ) bqy 0 a linear combination of a and b. Since r < e we must have r = 0 by the minimality of e in S. Therefore e a. In the same manner we obtain e b. QED Corollary GCDLC corollary. Let d = gcd(a, b). (i) The set of all linear combinations of a, b is just the set of multiples of d. (ii) The gcd of a and b is the smallest positive linear combination of a and b. Proof. (i) Suppose that e is a LC of a, b, so that, e = ax+by for some x, y Z. Since d a and d b we must have d (ax + by) by basic divisibility property. Thus d e, that is e is a multiple of d. Conversely, suppose that e is a multiple of d, say e = dk for some k Z. By GCDLC theorem we know d = ax + by for some x, y Z. Thus e = kd = k(ax + by) = (kx)a + (ky)b a LC of a and b. (ii) This follows immediately from the fact that every LC of a and b is a multiple of d, and the smallest positive multiple of d is d Solving Linear Equations in Integers Suppose that we wish to solve the equation ax + by = c in integers x, y. The preceding corollary tells us that this equation can be solved iff c is a multiple of d, where d = gcd(a, b), that is d c. This gives us Theorem Solvability of a Linear Equation. The linear equation (1.5) ax + by = c has a solution in integers x, y if and only if d c, where d = gcd(a, b). Proof. Suppose that (1.5) has a solution x, y Z. Then c is a linear combination of a and b. Since d a and d b, it follows from a basic divisibility property, Theorem 1.6.1(iii), that d c. Conversely, suppose that d c, say dk = c for some k Z. By the GCDLC Theorem we know d = ax 0 + by 0 for some x 0, y 0 Z. Thus, c = dk = (ax 0 + by 0 )k = a(x 0 k) + b(y 0 k), and so (x, y) = (x 0 k, y 0 k) is a solution of (1.5). Note that the proof of the preceding theorem is a constructive proof that actually tells us how to solve (1.5). To construct a solution we first solve the linear equation ax+by = d (using one of the methods of the preceding section), and then, assuming d c, multiply this solution by c/d. Example Solve the following equations or show that there is no solution. 120x 75y = 150, 120x 75y = 11. By the array method we obtain gcd(120, 75) = 15 and 120(2) 75(3) = 15. Multiplying by 10 gives the solution x = 20, y = 30 to the first equation above. Since the second equation has no solution. Example A parcel costs $2 to mail and we only have 13 cent and 17 cent stamps. How can we do it? We must solve the equation 13x + 17y = 200 with x, y nonnegative integers. Since gcd(13, 17) = 1 and 1 200, we know by Theorem 1.9.1, that 200 is a linear combination of 13 and 17. Using the array method we obtain the solution x = 50, y = 50. Note that new solutions

24 18 1. ALGEBRAIC PROPERTIES OF THE INTEGERS can then be obtained by repeatedly adding (17,-13). Thus we obtain solutions (x, y) = ( 33, 37), ( 16, 24), (1, 11), (18, 2) and so on. Of course, the only solution that makes practical sense is (1, 11) Unique Factorization of Integers Definition Two integers a, b are called relatively prime if gcd(a, b) = 1. Lemma Euclid s Lemma. If d ab and gcd(d, a) = 1 then d b. Proof. Since d ab we have dz = ab for some integer z. Since gcd(d, a) = 1, by GCDLC Theorem, there exist integers x, y with dx + ay = 1. Multiplying by b we obtain b = b(dx + ay) = d(bx) + (ab)y = d(bx) + (dz)y = d(bx + zy), and so d b since bx + zy is an integer. Note This lemma fails if gcd(d, a) 1. For example 4 (2 2), but 4 2. Thus d ab does not imply that d a or d b. Note Applications of Euclid s Lemma. (i) Every rational number can be uniquely expressed as a fraction in reduced form. Proof. Homework. (ii) If n is not a perfect square, then n is irrational. Proof. Homework. Definition i) A positive integer p > 1 is called a prime if its only positive factors are 1 and itself, for example 2,3,5,7,11,13,... ii) A positive integer n > 1 is called a composite if it is not a prime, that is, n = ab for some positive integers a, b with a > 1 and b > 1, for example 4,6,8,9,10,12,... Note is not a prime or a composite. It is called the multiplicative identity element. (Later, we will call it a unit in Z, meaning an element having a multiplicative inverse in the set.) There are a couple reasons why 1 is not called a prime. The most important reason is that if 1 is a prime then we would not have unique factorization, eg. 6 = 2 3 = = , etc. would all be different factorizations of 6. Another reason is that 1 just has a single positive factor, whereas every prime has two distinct positive factors. Example Use a factor tree to factor 240. There are many paths we can take, for example or 240 = = (6 4)(2 5) = ((3 2)(2 2))(2 5) = , 240 = 8 30 = (2 4)(5 6) = (2 (2 2))(5 (2 3)) = , by the general associative-commutative law. Every path we take leads to the same factorization. This is a remarkable fact, but why is it true? Lemma a) Let p be a prime such that p ab. Then p a or p b. b) Let p be a prime such that p a 1 a 2... a n where a i are integers. Then p a i for some i.

25 1.10. UNIQUE FACTORIZATION OF INTEGERS 19 Proof. a) Suppose that p ab. If p a we are done. Otherwise p a. But in this case gcd(p, a) = 1 because the only divisors of p are 1 and p, and only 1 is a common divisor of both p and a (since p a.) Thus, by Euclid s lemma we must have p b. b) We prove part b) by induction on n. The base case is n = 2 which was proven in part a). Suppose the statement is true for a given k, and now consider the case n + 1. Suppose that p a 1 a n a n+1. Then p (a 1 a n )a n+1. Viewing the latter quantity as a product of two integers, we see by the case n = 2, either p a 1 a n or p a n+1. In the former case we have p a i for some i n by the induction hypothesis. Thus, in both cases p a i for some i. Theorem FTA: Fundamental Theorem of Arithmetic. Any positive integer n > 1 can be expressed as a product of primes, and this expression is unique up to the order of the primes. Note (i) 12 = = = 3 2 2, are all considered the same factorization. (ii) We say that a prime p has a trivial factorization as a product of primes. Proof of FTA. Existence. The proof is by the strong form of induction. Let P (n) be the statement that n has a factorization as a product of primes. P (2) is trivially true since 2 is a prime. Suppose now that P (k) is true for all values of k smaller than a given n and consider P (n). If n is prime we are done. Otherwise n = ab for some integers a, b with 1 < a < n, 1 < b < n. By the induction assumption, a and b can be expressed as products of primes, say a = p 1 p k, b = q 1 q l. Then ab = p 1 p k q 1 q l, a product of primes. QED Uniqueness. Suppose that n is a positive integer with two representations as a product of primes, say, (1.6) n = p 1 p k = q 1 q r for some primes p i, q j, 1 i k, 1 j r. We may assume WLOG (without loss of generality) that k r. Then p 1 q 1... q r, so by the preceding lemma, p 1 q i1 for some i 1 {1, 2,..., r}. Since p 1 and q i1 are primes, we must have p 1 = q i1. Canceling p 1 in (1.6) yields (1.7) p 2 p 3 p k = q 1 ˆq i1 q r, where ˆq i1 indicates that this factor has been removed. We can then repeat the argument with p 2 in place of p 1, and conclude that p 2 = q i2 for some i 2 i 1. After repeating this process k times we have that (1.8) p 1 = q i1, p 2 = q i2,..., p k = q ik for some distinct integers i 1, i 2,..., i k {1, 2,..., r}. Moreover, after canceling each of the p i from (1.6) we are left with 1 on the LHS. If r > k then (1.6) would say that 1 is a product of primes, a contradiction. Therefore r = k, and so by (1.8), the primes p i are just a permutation of the primes q i. Example As another application of the preceding lemma, lets show that p is irrational for any prime p (Of course, this is just a special case of the more general result we saw earlier that n is irrational for any n that is not a perfect square.)

26 20 1. ALGEBRAIC PROPERTIES OF THE INTEGERS Proof. Proof by contradiction. Suppose that p is rational. Then by a homework problem we can write p = a/b for some relatively prime integers a, b. Squaring, we obtain b 2 p = a 2, and so p a 2. Since p is a prime, it follows from the lemma that p a. Say a = pk with k N. Then b 2 p = p 2 k 2. Canceling p we get pk 2 = b 2, that is, p b 2. But this implies p b. Thus we have p a and p b, contradicting our assumption that gcd(a, b) = 1. Therefore, p is irrational Further properties of primes Primes have two intrinsic properties: i) They are irreducible, that is if p is a prime then p ab for any positive integers a, b strictly greater than 1. ii) They satisfy a basic divisibility property, namely that if p ab for some integers a, b, then p a or p b. In number theory, we usually define a prime using the irreducibility concept in i), but in higher algebra, the word prime is usually defined using the divisibility property in ii). Both properties of a prime are equally valuable, and for the set of integers, the definitions are equivalent. But for some algebraic systems this is not the case. Indeed, in some algebraic systems it is possible to have an element that is irreducible, but does not satisfy the basic divisibility property of primes! For now we will just focus on the set of primes in N. Theorem There exist infinitely many primes. Proof. (Euclid) Proof by contradiction. Suppose that there are finitely many primes, say {p 1, p 2,..., p k }. Let N = p 1 p 2 p k +1. By FTA, N has a prime factor p i, for some i k. Thus, p i N and p i (p 1 p 2 p k ). Therefore p i (N p 1 p k ), that is, p i 1, a contradiction. Therefore there are infinitely many primes. Theorem Basic primality test. Let n > 1 be a positive integer such that n is not divisible by any prime p with p n. Then n is a prime. Proof. Proof by contradiction. Let n > 1 be a positive integer not divisible by any prime p n. Suppose that n is composite. Then n = ab for some integers a, b with 1 < a < n, 1 < b < n. We claim that either a n or b n, else ab > n n = n = ab, a contradiction. Say, WLOG, a n. Let p be any prime divisor of a. Then p a n, and, since p a and a n we have p n (by the transitive property of divisibility.) But this contradicts our assumption that n has no prime divisor p n. Therefore n is a prime. The Sieve of Eratosthenes: This is the method of finding all of the primes in a given interval [a, b] by crossing out (sieving) all multiples of primes p b. Example Find all primes between 200 and 220. Start by making a list of all the integers from 200 to 220, then cross out all multiples of 2,3,5,7, 11 and 13. Since 17 2 = 289 > 220 we don t need to consider 17 or any larger prime. Also, note that we don t need to cross out multiples of composites such as 4,6,8,9,.. since they already have smaller prime factors. At the end of this process, the only values left in the array must be primes by the preceding theorem.

27 CHAPTER 2 Modular Arithmetic and the Modular Ring Z m 2.1. Basic Properties of Congruences Example What s the pattern? 3+5=8, 6+4=10, 7+6=1, 9+8=5, 9+2=11. Hint: Look at a clock. This gives rise to what is called clock arithmetic. Let m N. m =modulus. Definition We say that two integers a, b are congruent modulo m, written a b (mod m), if a and b differ by a multiple of m, that is m (a b). Note a b (mod m) is equivalent to a = b + mk for some integer k. Example Clock Arithmetic: Let m = 12. Then 16 4 (mod 12) since 16 4 = (mod 12). In the example above we see = 17 5 (mod 12). How about 256 what is it (mod 12). 256 = , so (mod 12). Definition The least residue of a (mod m) is the smallest nonnegative integer that a is congruent to (mod m). Note i) The least residue of a (mod m) is a value in the set {0, 1, 2, 3,..., m 1}. ii) The least residue of a (mod m) is the remainder in dividing a by m. Indeed if a = qm + r for some q, r Z with 0 r < m, then a r (mod m). Example m = 5. Wrap the integers around a five hour clock. Label the hours [0] 5,..., [4] 5 where [0] 5 = {0, ±5, ±10,... } = {5k : k Z}, the set of values congruent to 0 (mod 5); [1] 5 = {1 + 5k : k Z};..;[4] 5 = {4 + 5k : k Z}. Theorem Congruence (mod m) is an equivalence relation, that is, (i) Reflexive: For any a Z, a a (mod m). (ii) Symmetric: If a b (mod m) then b a (mod m). (iii) Transitive: If a b (mod m) and b c (mod m), then a c (mod m). Proof. We ll be brief. The reader can fill in details. (i) m 0. (ii) If m (a b) then m (b a). (iii) If m (a b) and m (b c) then by a basic divisibility property m (a b) + (b c), that is m a c. Theorem The Substitution Laws. Suppose that a b (mod m), and c d (mod m). Then (i) a ± c b ± d (mod m). (ii) a c b d (mod m). Proof. (i) a b (mod m) m (a b). c d (mod m) m (d c). Thus, by a basic divisibility property, m [(a b) + (d c)], and so, by the associative and commutative laws, m [(a + d) (b + c)], that is, a + d b + c (mod m). 21

28 22 2. MODULAR ARITHMETIC AND THE MODULAR RING Z m (ii) We ll do this one in a different style. a b (mod m) a = b + mk for some k Z. c d (mod m) c = d + ml for some l Z. Thus ac = (b + mk)(d + ml) = bd + mkd + bml + mkml = bd + m(kd + bl + kml), by the distributive, commutative and associative laws. Since kd + bl + kml Z we see that ac and bd differ by a multiple of m, that is ac bd (mod m). Note By induction it is easy to see that the substitution laws generalize to the sum or product on any number of integers. Thus if a i b i (mod m) for 1 i n, then we have a 1 + a a n b 1 + b b n (mod m), and a 1 a 2 a n b 1 b 2 b n (mod m). In particular, for any natural number n, if a b (mod m) then a n b n (mod m). Example a) Calculate (mod 7), that is, find the least residue. Since (mod 7) and (mod 7), we have (mod 7). b) Calculate (mod 5). We have (mod 5) and 27 2 (mod 5) and 39 4 (mod 5) and so (mod 5). Note that for a chain of congruences on one line, the modulus written once on the far right. (mod 5) is only Note It is easy to verify that axioms 1,2,3 for Z (Section 0) hold just as well for congruences. In particular the associative, commutative and distributive laws hold for congruences (mod m). Thus for any integers a, b, c we have a + (b + c) (a + b) + c (mod m) a(bc) (ab)c (mod m) a + b b + a mod m ab ba (mod m) a(b + c) ab + ac (mod m), 2.2. Modular Exponentiation Example Explore the powers of 2 (mod 3), (mod 6), (mod 7), (mod 8), (mod 9), etc.. For instance working (mod 6) we have 2 1, 2 2, 2 3, = 2, 4, 2, 4, 2,..., whereas (mod 7) we get 2 1, 2 2, 2 3, = 2, 4, 1, 2, 4, 1,.... Find the length of the repeating pattern in each case: 2 for (mod 3); 2 for (mod 6); 3 for (mod 7); 1 for (mod 8) (eventually); 6 for (mod 9). Note that the repeating pattern always has length less than the modulus. Use the pattern discovered for (mod 6) and (mod 7) to calculate (mod 6) and (mod 7). Answers: 4, 2. Note Standard trick for calculating a n (mod m) if gcd(a, m) = 1. First find a power k such that a k ±1 (mod m). We will see a theorem called Euler s theorem later on that will give us an explicit value for such a k. For now, we will just use computation as in the previous example to find such a k.

29 2.4. DECIMAL EXPANSIONS 23 Example i) Find (mod 5). First note that 47 2 (mod 5), then compute 2 1, 2 2, 2 3, = 2, 4, 3, 1, 2,... to see that (mod 5). Thus (2 4 ) (mod 5). ii) Find (mod 7). This time we note that (mod 7) and so (2 3 ) (mod 7). iii) Find (mod 17). This time we observe that (mod 17) and so (2 4 ) 25 ( 1) (mod 17) A few applications of congruences Example a) Day of the week. What day of the week will it be 10 years from today? Let Sunday=0, Monday=1, etc. Let T =today, and let l be the number of leap years over the next 10 years. Then we need to compute T l (mod 7). Since (mod 7) we get T l (mod 7). b) What time will it be 486 hours from now? Answer: N 6 + N (mod 24), where N is the current time. Example On many products, the UPC symbol is a 12 digit number d 1, d 2,..., d 12, where the check digit d 12 is chosen such that 3(d 1 + d d 11 ) + (d d 12 ) 0 (mod 10). This extra digit is included to prevent errors in the scanning or human input of the UPC digits. If the congruence fails after inputting the digits then you will know there is an error in the input. However, if the congruence holds, you are not guaranteed that the input is correct Decimal Expansions Before discussing the application of congruences to divisibility tests let s first recall the concept of the decimal (base-10) representation of any positive integer. For example 2715 = The left-hand side is called the standard form and the right-hand side the expanded form. Theorem Every positive integer n has a unique decimal representation (2.1) n = a k 10 k + a k 1 10 k a a 0 where the a i are the digits of n, a i {0, 1, 2,..., 9}, a k 0. (In standard form, n would be written n = a k a k 1... a 0, but we will avoid this notation in order to avoid confusion with the product of the digits.) Proof. We ll prove the existence part by the strong form of induction. For n = 1 we have 1 is already in expanded form. Suppose the statement is true for all positive integers less than n and now consider the value n. Let 10 k be the largest power of 10 less than or equal to n. By the division algorithm n = q 10 k + r for some q, r Z with 0 r < 10 k. Certainly q > 0, and since n < 10 k+1 we must have q 9. Thus q {1, 2,..., 9}. Since r < 10 k n we see that r < n and so it follows from the induction hypothesis that r has a decimal expansion of the form r = b l 10 l + + b 0, for some l < k and b i {0, 1,..., 9}, 0 i l. It follows that which is in the desired form. n = q10 k + b l 10 l + + b 0,

30 24 2. MODULAR ARITHMETIC AND THE MODULAR RING Z m Next, lets turn to uniqueness. Suppose that n has two such representations n = a k 10 k +a k 1 10 k 1 + +a 1 10+a 0 = b l 10 l +b l 1 10 l 1 + +b 1 10+b 0, say with k l. Plainly a 0 b 0 (mod 10) (since all of the other terms are 0 (mod 10)), and thus a 0 = b 0 since 0 a 0, b 0 < 10. Canceling a 0 and dividing by 10 we obtain a similar equation with a 1 and b 1 now in the one s place. It follows that a 1 b 1 (mod 10), and thus a 1 = b 1. Repeating the process k + 1 times, we have a i = b i, 0 i k, and after the cancelation and division process we are left with 0 on the left-hand side. If l > k the right-hand side would be a positive integer, a contradiction. Thus l = k and all of the digits match Divisibility Tests Theorem Divisibility tests for 3,9 and 11. Let n be a positive integer with decimal representation as in (2.1). (i) 3 n iff 3 (a k + + a 0 ). (ii) 9 n iff 9 (a k + + a 0 ). (iii) 11 n iff 11 (a k a k 1 + a k 2 + ( 1) k a 0 ). Proof. (ii) We ll do the test for 9, and leave the others for homework. Let n be a positive integer with decimal representation as in (2.1). First we observe that by the substitution properties for congruences, since 10 1 (mod 9), we have n a k 1 k + a k 1 1 k a 0 a k + a k a 0 (mod 9). Thus n 0 (mod 9) if and only if a k + a 0 0 (mod 9), that is 9 n iff 9 (a k + + a 0 ). Example Here is a test for divisibility by 7. Let n = a k a 0. Then n is divisible by 7 if and only if a k a 1 2a 0 is divisible by 7. We ll leave the proof for an exercise. For example if n = 7861 then we first calculate = 784. Then calculate 78 8 = 70, which is divisible by 7. Thus 7861 is divisible by Multiplicative inverses (mod m) Definition An integer x is called a multiplicative inverse of a (mod m) if ax 1 (mod m). We write x a 1 (mod m) in this case. (Another notation commonly used is a for the inverse of a (mod m), but fraction notation 1 a or 1/a is not used in modular arithmetic.) Note i) Sometimes the word multiplicative is dropped and a 1 (mod m) is just called the inverse of a (mod m). ii) If a has a multiplicative inverse (mod m), then the inverse is unique. Indeed, if x, y are both inverses, so that ax ay 1 (mod m), then multiplying both sides by x we get x(ax) x(ay) (mod m) and so (xa)x (xa)y (mod m). But xa 1 (mod m), and so x y (mod m). Example a) Find the multiplicative inverse of 3 (mod 7) by trial and error. We must solve the congruence 3x 1 (mod 7), so we simply test (mod 7), (mod 7),..., (mod 7), and see that (mod 7). In Example 2.6.3, we give an algorithm for finding the multiplicative inverse.

31 2.7. CHINESE REMAINDER THEOREM 25 Example Find the multiplicative inverse of 4 (mod 6) if possible. One observes that 4x is always congruent to an even number (0, 2 or 4) (mod 6) and so there is no multiplicative inverse. Another way to see this is, we must solve 4x 1 (mod 6), but this says 4x = 1 + 6y for some integer y, or 4x 6y = 1. Since gcd(4, 6) = 2 and 2 1 this equation has no solution. These examples suggest the following theorem. Theorem GCD-test for multiplicative inverses. multiplicative inverse (mod m) if and only if gcd(a, m) = 1. An integer a has a Proof. Let d = gcd(a, m). Suppose that a has a multiplicative inverse (mod m), that is, ax 1 (mod m) for some integer x. Then ax = 1 + my for some y Z. Thus the linear equation ax my = 1 is solvable, and so by the linear equation theorem, d 1, that is d = 1. Conversely, suppose that d = 1. Then by the GCDLC Theorem, ax+my = 1 for some integers x, y. This implies that ax 1 (mod m), that is, x is a multiplicative inverse of a (mod m). Example The Array Method for finding multiplicative inverses: Find the multiplicative inverse of 13 (mod 33). We must solve 13x 1 (mod 33), that 13x 33y is, 13x = y or 13x 33y = 1. x Thus, y By the array method we find that x = 5, y = 2 is a solution. (There actually is no need to keep track of y here.) Thus x 5 28 (mod 33). Example Solve 3x 4 (mod 14), using the multiplicative inverse of 3 (mod 14). By trial and error, we have (mod 14) (since (mod 14).) Thus multiplying both sides of the congruence by 5 we obtain x 20 6 (mod 14). Theorem Cancelation Law for modular arithmetic. Suppose that ax ay (mod m) and that gcd(a, m) = 1. Then x y (mod m). Proof. Homework Chinese Remainder Theorem Example Find a whole number x such that the remainder is 3 when x is divided by 7, and 5 when divided by 11. This is equivalent to solving the system, x 3 (mod 7), x 5 (mod 11). The second congruence means x = t for some integer t. Inserting this into the first congruence gives t 3 (mod 7), that is, 4t 2 (mod 7). Multiplying by 2 gives t 3 (mod 7), that is, t = 3 + 7s for some integer s. Thus x = (3 + 7s) = s, that is, x 38 (mod 77). Theorem Chinese Remainder Theorem. (CRT) Let a, b be positive integers with (a, b) = 1. Let h, k be any integers. Then the system x h (mod a) x k (mod b). has a unique solution (mod ab).

32 26 2. MODULAR ARITHMETIC AND THE MODULAR RING Z m Proof. The first congruence is equivalent to x = h + at with t Z. Substituting this into the second congruence gives (2.2) at k h (mod b). Since (a, b) = 1, a has a multiplicative inverse (mod b) and thus the congruence has a unique solution t 0 a 1 (k h) (mod b). The general integer solution of (2.2) is t = t 0 + bs with s Z, and thus x = h + a(t 0 + bs) = h + at 0 + abs is the general solution of the original system, that is, x h + at 0 (mod ab). Note It is clear from the proof that we may relax the constraint that a and b are relatively prime. Indeed, if we set d = (a, b) then we see that (2.2) is solvable if and only if d (k h). If this condition is met then the system of congruences is solvable, and in fact we obtain d distinct solutions (mod ab). Note As a general rule of thumb, when solving a CRT system as in the example above, it pays to start with the largest modulus. Usually this makes the arithmetic easier. Thus if a > b we would start by setting x = h + at, while if b > a we would start by setting x = k + bt. The Chinese Remainder Theorem generalizes to more than two congruences. Example Historical example used by the ancient Chinese. Suppose we wish to determine the exact number of people in a large crowd of about 500 people. Have the crowd break into groups of 7, 8 and 9 people, and say there are 2, 4, and 6 people left over for the three groupings. Thus we must solve the system x 2 (mod 7) x 4 (mod 8) x 6 (mod 9). To solve the system, start with the biggest modulus, that is set x = 6 + 9t, t Z. Substitute into the second congruence to get t 6 (mod 8) and consequently x 60 (mod 72), say x = s. Substitute again into the first congruence to get s 6 (mod 7) and x 492 (mod 504). Thus there are 492 people. Definition We say a set of integers {a 1, a 2,..., a k } are pairwise relatively prime if (a i, a j ) = 1 for all i, j with 1 i < j k. Example The integers 6, 11, 15 are not pairwise relatively prime, even though gcd(6, 11, 15) = 1. Theorem CRT with more than 2 congruences Let m 1,..., m n be pairwise relatively prime positive integers, and h 1,..., h n be any integers. Then the system x h i (mod m i ), 1 i n, has a unique solution (mod m 1 m 2 m n ) The modular ring Z m Definition The (residue class) congruence class of a (mod m), denoted [a] m is the set of all integers congruent to a (mod m). Thus [a] m = {a + km : k Z}.

33 2.8. THE MODULAR RING Z m 27 Example [2] 5 = {2, 7, 12,... } { 3, 8,... }. Note [7] 5, [12] 5 also represent the same class. Draw a five hour clock and observe the different residue classes at each of the five hours. Note [a] m = [b] m if and only if a b (mod m). Thus eg. [2] 5 = [12] 5. The values 2,7,12, etc. are called representatives for the class [2] 5. Definition (i) Let m be a positive integer. The ring of integers (mod m) (also called the modular ring or residue class ring (mod m)) denoted Z m, is the set of all congruence classes (mod m), Z m = {[0] m,..., [m 1] m }, together with the addition and multiplication laws defined in (ii). (ii) We define addition and multiplication on Z m as follows: For [a] m, [b] m Z m, [a] m + [b] m := [a + b] m, [a] m [b] m := [ab] m. Example [3] 5 + [4] 5 = [2] 5. [3] 5 [4] 5 = [2] 5. Note Addition and multiplication are well defined on Z m, that is, if [a] m = [b] m and [c] m = [d] m then [a + c] m = [b + d] m and [ac] m = [bd] m. (That is, the sum and product do not depend on the choice of representatives for the congruence classes.) Proof. We ll do multiplication. The proof for addition is similar. First, the definition of multiplication in Z m is [x] n [y] m = [xy] m, for any [x] m, [y] m Z m. To show that the product is well defined we must show that the product does not depend on the choice of representatives for the congruence classes. Now lets begin the proof. Suppose that [a] m = [a ] m and [b] m = [b ] m. Our goal is to show that [ab] m = [a b ] m. By the definition of a congruence classes, we have a a (mod m) and b b (mod m). By the substitution property of congruences this implies that ab a b (mod m), that is, [ab] m = [a b ] m. QED. Note (i) The following algebraic axioms for Z hold for Z m as well: Commutative, Associative, Distributive, zero element, additive inverses. (ii) Note one important property that Z has that Z m doesn t have in general: Integral domain property. If m is composite and xy = 0 in Z m, we cannot conclude that x = 0 or y = 0. We will return to this in the next chapter. Short-hand notation for Z m. If it is understood that we are working in Z m then the bracket notation can be dropped. Thus we can abbreviate Z m = {0, 1, 2,..., m 1}, and we can say things like in Z 6, 3 7 = 3. What is in Z 5? Answer: 2. The example of clock-arithmetic that we started this chapter with is abbreviated notation in Z 12. Example Make an addition table and multiplication table for Z 4 using the abbreviated notation.

34 28 2. MODULAR ARITHMETIC AND THE MODULAR RING Z m Group of units U m and the Euler phi-function Definition i) Let [x] m Z m. An element [y] m Z m is called a multiplicative inverse of [x] m if [x] m [y] m = [1] m in Z m. In this case we write [y] m = [x] 1 m. ii) An element [x] m Z m is called a unit if it has a multiplicative inverse in Z m. iii) The set of all units in Z m, denoted U m, is called the group of units (mod m). Note i) Note [x] m [y] m = [1] m is equivalent to saying xy 1 (mod m). Thus [x] m has a multiplicative inverse in Z m if and only if x has a multiplicative inverse mod m. ii) We saw earlier that an integer x has a multiplicative inverse mod m if and only if x is relatively prime to m. Thus U m is the set of elements [x] m Z m with gcd(x, m) = 1. iii) U m is closed under multiplication. Why? Suppose that [a] m, [b] m U m. Then gcd(a, m) = 1 and gcd(b, m) = 1, that is, a and b share no common prime factor with m. Thus gcd(ab, m) = 1 and so [ab] m is a unit. Example Below is the multiplication table for U Observe the following: U 9 is closed under multiplication; each row and column is a permutation of U 9 ; multiplicative inverses can be found by finding the entry 1 in each row. For example, 4 1 = 7 in U 9, that is (mod 9). The cancelation law (mod m) can be restated for Z m as follows. Theorem Cancelation Law for Z m. Suppose that ax = ay in Z m and that a is a unit in Z m. Then x = y. Definition For any set S we define the cardinality of S, S, to be the number of elements in S. We write S =, if S is infinite. Example Z 9 = 9 since Z 9 = {0, 1, 2, 3,..., 8}. U 9 = 6, since U 9 = {1, 2, 4, 5, 7, 8}, Z =. Definition Euler phi-function. For any positive integer m, we define φ(m) to be the number of positive integers k < m with gcd(k, m) = 1. Note We saw earlier that an integer a has a multiplicative inverse (mod m) if and only if gcd(a, m) = 1. Thus, φ(m) = U m.

35 2.10. EULER S THEOREM AND FERMAT S LITTLE THEOREM. 29 Example Explain why φ(p) = p 1, for a prime p and more generally, φ(p k ) = p k p k 1 for any prime power p k. Hint: Consider the numbers from 1 to p k. In order for such a number to not be relatively prime to p k it must be divisible by p. But there are exactly p k 1 such numbers, namely p, 2p, 3p,..., p k 1 p. Thus there are p k p k 1 numbers left that are relatively prime to p k. Example Next, lets find φ(n) where n = p k q l, a product of prime powers with p q. We will use the inclusion-exclusion principle to do this. Let U = {1, 2, 3,..., n}, S p = {k U : p k}, S q = {k U : q k}, S pq = {k U : pq k}. Then U = n, S p = n/p, S q = n/q and S pq = n/(pq). Also, note that S p S q = S pq. By definition, φ(n) is the number of elements in U not in S p or S q. Thus, by the inclusion-exclusion principle φ(n) = U S p S q + S p S q = n n p n q + n pq ( = n 1 1 ) ( 1 1 ) ( = p k q l 1 1 ) ( 1 1 ) = ( p k p k 1) ( q l q l 1) p q p q = φ(p k )φ(q l ). Generalizing the above example to any product of prime powers we obtain the following theorem. Theorem Let m be a positive integer with prime power factorization m = p e pe k k, where the p i are distinct primes. Then, (i) φ(m) = φ(p e1 1 )φ(pe2 2 )... φ(pe k k ) = (pe1 1 pe1 1 1 )... (p e k k (ii) φ(m) = m(1 1 p 1 )... (1 1 p k ). pe k 1 k ). Proof. There are many proofs for this theorem, one of which involves using a general version of the inclusion-exclusion principle as noted above. These proofs will be discussed in more detail in Math 506. For the purposes of this class, you should be able to show that the formulas in (i) and (ii) are equivalent. This is just an application of the distributive, commutative and associative laws. Example Calculate φ(1500). First we factor 1500 = = Thus, φ(1500) = φ(2 2 )φ(3)φ(5 3 ) = (2 2 2)(3 1)( ) = = Euler s Theorem and Fermat s Little Theorem. We saw earlier that in order to perform modular exponentiation a n (mod m) it is useful to first find an exponent k such that a k 1 (mod m). Euler s Theorem does just that. Theorem Eulers Theorem. Let m N, and a Z with gcd(a, m) = 1. Then a φ(m) 1 (mod m). We will prove Euler s theorem below, but first lets look at some applications and special cases. Example Find (mod 1500). First note that φ(1500) = 400 by the previous example. Thus, by Euler s theorem, since gcd(17, 1500) = 1 we have (mod 1500). Therefore ( ) (mod 1500).

36 30 2. MODULAR ARITHMETIC AND THE MODULAR RING Z m Fermat s Little Theorem is just a special case of Euler s Theorem, in the case where the modulus is a prime p. In this case φ(p) = p 1 and the condition gcd(a, p) = 1 is equivalent to p a. Thus we get: Theorem Fermats Little Theorem. Let p be a prime, and a Z with p a. Then a p 1 1 (mod p). Example Find (mod 17). By FLT (mod 17) and so (2 16 ) (mod 17). Note (i) If p a then FLT fails. Indeed, in this case a p 1 0 (mod p). However, FLT can be restated as follows: For any integer a and prime p, a p a (mod p). (why?) (ii) Similarly, Euler s theorem fails if gcd(a, m) 1. The key tool used for proving Euler s theorem is the Permutation Lemma. Lets start by returning to the multiplication table of U 9 we saw earlier: As we noted, each row is just a permutation of the values in U 9. Thus the product of the numbers in each row is the same (mod 9). Lets say we look at the third row. The entries here are 4 1, 4 2, 4 4, 4 5, 4 7 and 4 8 (mod 9). Thus the product of these entries is 4 6 ( ) (mod 9) and so we have 4 6 ( ) (mod 9). After cancelation we get (mod 9), which is just the statement of Euler s Theorem for this example. Generalizing this example we obtain the following lemma. Lemma Permutation Lemma. Let m N and U m = {x 1, x 2,..., x r } where r = φ(m). Let a Z with gcd(a, m) = 1. Then U m = {ax 1, ax 2,..., ax r }, that is ax 1,..., ax r is just a permutation of the values x 1,..., x r. Proof. Note (i) for 1 i r, ax i U m. (ii) The values ax i are distinct, by cancelation law. Thus{ax 1,..., ax r } is a set of r distinct elements in U m, and so it must equal all of U m since U m = r. Example Note that the Permutation Lemma fails if gcd(a, m) 1. For instance if we look at U 9 and let a = 3, then the 6-tuple (3 1, 3 2, 3 4, 3 5, 3 7, 3 8) (3, 6, 3, 6, 3, 6) (mod 9). Proof of Euler s Theorem. Let a Z with gcd(a, m) = 1 and U m = {x 1,..., x r }, where r = φ(m). By the permutation lemma, we also have U m = {ax 1,..., ax r }. Thus, taking the product of all the elements in each of these sets we see that (ax 1 )(ax 2 ) (ax r ) x 1 x 2 x r (mod m). By the commutative law this implies that a r x 1 x r x 1 x r (mod m).

37 2.11. PUBLIC KEY CRYPTOGRAPHY. 31 Now since gcd(x i, m) = 1 for 1 i r, we can apply the cancelation law to obtain a r 1 (mod m), which is the statement of the theorem Public Key Cryptography. We will just provided a simple variation of the RSA-method here. This topic is discussed in more detail in Math 506. The idea is to send a secure message over a public medium such as radio, tv, cell phone, internet, etc. in such a way that only the intended recipient can decipher the message. First, words are converted to numbers: A=01, B=02, etc. For example Hello = 805,121,215. Each person in the network selects their own modulus m, encoding exponent e, and calculates a decoding exponent d satisfying de 1 (mod φ(m)). The values e and m are public, but the value d is top secret (that is, known only to the recipient of the message). It follows from Euler s theorem that for any integer M with gcd(m, m) = 1, we have M de M (mod m). Say John wishes to send the message M to Mary. He looks up Mary s m and e in the phone book. Assume that M < m and gcd(m, m) = 1. John calculates M e M e (mod m) (encoded message). M e is then sent publicly to Mary. Mary then calculates Me d (mod m). Note Me d M de M (mod m). Thus Mary recovers the original message! Example Say M = 805, m = 1147 = 31 37, e = 23, d = 47. Note that φ(m) = = If gcd(m, m) = 1, then by Euler s theorem, M φ(m) 1 (mod m), that is M (mod m). Thus M de M 1081 M (mod m). Lets check this calculation using Wolfram Alpha: M e (mod 1147). M d (mod m). Bingo! In practice m is chosen to be a huge number (say 200 digits) that cannot be factored, and so φ(m) cannot be determined from the phone book information. Thus d remains secure. In the RSA-method one takes m to be a product of two large (say hundred digit) primes p, q, m = pq. Security depends on the fact that we have no factoring algorithms for 200 digit numbers that can run in less time than the age of the universe. Thus m can be made public without revealing what p and q are.

38

39 CHAPTER 3 Rings, Integral Domains and Fields Before defining what a ring is let us recall that a binary operation on a set S is a function that assigns to any ordered pair (x, y) of elements in S a unique value x y in S. In the definition that follows we will use the standard symbols + and for two binary operations on a set R, and call these operations addition and multiplication, although these symbols need not represent the standard operations of addition and multiplication. They just need to satisfy the list of properties given in the definition. Definition A ring is a set R with two binary operations +, satisfying i) R is closed under + and, that is, if a, b R then a + b R and ab R. ii) R satisfies the associative law for both addition and multiplication: For a, b, c R, a + (b + c) = (a + b) + c, and a(bc) = (ab)c. iii) R satisfies the commutative law for addition: For a, b R, a + b = b + a. iv) R satisfies the distributive laws: For a, b, c R, a(b + c) = ab + ac, and (a + b)c = ac + bc. v) R has a zero element 0, satisfying 0 + a = a for all a R. vi) Every element a R has an additive inverse a satisfying a + a = 0. Example We have already seen several examples of rings: Z, Q, R and Z m for any positive integer m, are all examples of rings under ordinary addition and multiplication. We shall assume that the six properties of a ring are all axioms for Z, Q and R. Note The word ring is used because it suggests a closed system of objects, in this case a system closed under two binary operations, just as a ring you might wear on your finger is a closed circle. The word is particularly appropriate for the modular rings Z m, which we can think of as the different hours on a circular m-hour clock. Definition a) If R is a ring with commutative multiplication then R is called a commutative ring. b) If R is a ring with unity element 1 satisfying 1 a = a = a 1 for all a R, then R is called a ring with unity. (We require 1 0, so that R {0}.) Note i) The unity element 1 is also called the identity element or multiplicative identity, when it exists. A ring with unity can also be called a ring with identity. 33

40 34 3. RINGS, INTEGRAL DOMAINS AND FIELDS ii) The rings we mentioned in the first example above are all commutative rings with unity. iii) There exist noncommutative rings as we shall see later in this chapter with the example of matrix rings. Also there exist rings without unity elements such as the set of even integers. Definition a) Subtraction is defined on a ring R in the usual manner: For a, b R, a b = a + ( b), where b represents the additive inverse of b. One readily deduces the distributive law for subtraction: a(b c) = ab ac for a, b, c R. b) Repeated Addition: If n N and a R then na = a + a + + a a sum of n a s. Theorem If R is a ring, then R is closed under subtraction. Proof. Let a, b R. Since R contains additive inverses b R. Since R is closed under addition a + ( b) R. But a + ( b) = a b by definition of subtraction, and so a b R. Definition Let R be a given ring. A subset S of R is called a subring if S is a ring under the same two binary operations. Note To verify that a subset S of a given ring R is a subring of R, it suffices to verify properties i) S is closed under + and, v) 0 S and vi) if x S then x S. Properties ii), iii) and iv) are inherited from R. Example Z is a subring of R. Q is a subring of R. Example Let E be the set of even numbers, O, the set of odd numbers. Is either of these a subring of Z? Yes, E is a ring without unity element. O is not a ring since it has no zero element and it is not closed under addition. Example Consider the subset S := {[0] 6, [2] 6, [4] 6 } of Z 6. It is easy to see that S satisfies properties i),v) and vi), and therefore is a subring of Z 6. Definition For m Z we let mz denote the set of multiples of m, mz = {ma : a Z} = {0, ±m, ±2m, ±3m,... }. The set of even integers is E = 2Z. The next theorem generalizes the observation we made that E is a subring of Z. Theorem For any integer m, mz is a subring of Z. Proof. We must verify properties (i), (v) and (vi). i) Let ma, mb mz. Then ma + mb = m(a + b) mz since a + b Z. Also, ma mb = m(amb) mz, since amb Z. v) 0 = m 0 mz. vi) If ma Z, then ma = m( a) mz. The converse of this theorem will be proved in Theorem Instead of verifying properties i), v) and vi) to show that a subset of a given ring is a subring, one can also use the following lemma. Lemma Let S be a subset of a given ring R such that S is closed under multiplication and subtraction. Then S is a subring of R. Proof. We must verify properties i), v) and vi). Let a S. Since S is closed under subtraction 0 = a a S, since S is closed under subtraction, and so property v) is satisfied. Next, since 0, a S, a = 0 a S, so property vi) is satisfied.

41 3.1. BASIC PROPERTIES OF RINGS 35 Finally, if a, b S, then b S by property vi) and so a + b = a ( b) S, since S is closed under subtraction. We are given that ab S. Therefore property vi) holds Basic properties of Rings In the following we repeat the list of further properties of Z given in Chapter 0. Some of these properties hold true for an arbitrary ring R, and some require R to satisfy further properties. Here, a, b, x, y represent arbitrary elements of a ring R. We start with a list of those properties that are valid for any ring R. The proofs are identical to the proofs given for Z Properties Valid in any Ring. 1] Subtraction-Equality principle. x = y if and only if x y = 0. 2] Cancelation law for addition: If a + x = a + y then x = y. 3] Additive inverses are unique, that is, if a, b, c R are such that a + b = 0 and a + c = 0 then b = c. 4] Zero multiplication property: a 0 = 0 for any a R. 5] Properties of negatives: ( a)b = (ab) = a( b), ( a)( b) = ab, ( 1)a = a. 10a] General Associative-Commutative Law for Addition: When adding a collection of n elements of R, a 1 + a a n, the elements may be grouped in any way and added in any order. In particular, the sum a 1 + a a n is well defined, that is, no parentheses are necessary to specify the order of operations. 11] FOIL Law: For any a, b, c, d R, (a + b)(c + d) = ac + ad + bc + bd Properties Valid in any Commutative Ring. 10b] General Associative-Commutative Law for Multiplication: When multiplying a collection of n elements of R, a 1 a 2 a n, the values may be grouped in any way and multiplied in any order. In particular, the product a 1 a 2 a n is well defined, that is, no parentheses are necessary to specify the order of operations. 12] Binomial Expansion: For any a, b R and positive integer n we have (a + b) n = n ( n ) k=0 k a k b n k = a n + ( ) n 1 a n 1 b + ( n 2) a n 2 b b n. In particular, (a + b) 2 = a 2 + 2ab + b 2 (a + b) 3 = a 3 + 3a 2 b + 3ab 2 + b Properties Valid in any Integral Domain (see section 3.6). 8] Zero divisor property, or integral domain property: If ab = 0 then a = 0 or b = 0. 9] Cancelation law for multiplication: If ax = ay and a 0 then x = y Properties Requiring an Ordering on the Ring. In general, rings do not come with an ordering such as less than, <, or greater than >, consider for example the modular rings Z m, which we visualize as points wrapped around a circular clock. We will not define the concept of an ordering here, except to say that the real numbers are an ordered ring with respect to the standard orderings <

42 36 3. RINGS, INTEGRAL DOMAINS AND FIELDS and >, and so any subring of R comes with an ordering. The following properties are valid on R, and so would also be valid on any subring of R. 6] Basic consequence of Trichotomy: If a > 0 then a < 0 and if a < 0 then a > 0. 7] Products of Positives and Negatives: If a > 0 and b < 0 then ab < 0. If a < 0 and b < 0, then ab > Subrings of Z and Z m In Theorem we saw that subsets of Z of the form mz, such as the evens, E = 2Z, the multiples of 3, 3Z, and the multiples of 5, 5Z, are all subrings of Z. Here we prove that these are the only subrings of Z. Theorem A subset S of Z is a subring of Z if and only if S = mz for some m N {0}. Note It is the case that mz is a subring of Z for any integer m, but in the statement of the theorem we may take m to be nonnegative because ( m)z = mz for any integer m. Proof. We already proved one direction in Theorem 3.0.2, so we need only consider the converse. Suppose that S is a given subring of Z. If S = {0} then S = 0Z. Suppose now that S contains a nonzero element. Then since S contains its additive inverses, S must contain some positive element. Let m be the smallest positive element of S (m exists by the well-ordering axiom). We claim that S = mz. First, since S is closed under addition, it follows that 2m = m + m S, 3m = 2m + m S and, by induction, that km S for any k N. Thus mn S. Since 0 S and S contains additive inverses, we deduce that mz S. We are left with showing that S mz. Let a S. By the division algorithm a = qm + r for some q, r Z with 0 r < m. Since a, qm S, and S is closed under subtraction, we deduce that r = a qm S. Since r < m and m is the smallest positive element of S, we must have r = 0, and therefore a = qm mz. QED. Subrings of Z m enjoy a similar structure. Let Z m be represented by the shorthand notation Z m = {0, 1, 2,..., m 1}. For any positive integer d, we let dz m = {da : a Z m }. It is easy to see that this is a subring of Z m. In particular if d m then and dz m = m d. dz m = {0, d, 2d,..., ( m d 1) d}, Example i) Find 2Z 12 and 7Z 21 : 2Z 12 = {0, 2, 4, 6, 8, 10}, 7Z 21 = {0, 7, 14}. ii) Now find 8Z 12, 14Z 21 and 5Z 12. 8Z 12 = {0, 8, 4} = 4Z 12, 14Z 21 = {0, 14, 7} = 7Z 21, 5Z 12 = Z 12. The second examples are special cases of the following lemma. Lemma If a Z and d = gcd(a, m), then az m = dz m.

43 3.3. ZERO DIVISORS 37 Proof. Since d a, a = dk for some k Z. Thus for any u Z m, we have au = (dk)u = d(ku) dz m. Thus az m dz m. Conversely, by the GCDLC Theorem, we have d = ax + my for some integers x, y and so for any u Z m we have du = (ax + my)u = a(xu) az m. Thus dz m az m. Thus, we may assume d m in studying subrings of the form dz m. Theorem A subset S of Z m is a subring of Z m if and only if it is of the form S = dz m for some d m. Proof. It is straightforward to show that any such subset dz m is a subring, (that is, it satisfies properties (i), (v) and (vi) for a ring.) The converse can be proved in a manner similar to the converse in the proof of the analogous result for Z. Example Consider Z 12. Find all subrings. The divisors of 12 are 1, 2, 3, 4, 6, 12. Thus, the subrings are 1Z 12 = Z 12, 2Z 12 = {0, 2, 4, 6, 8, 10}, 3Z 12 = {0, 3, 6, 9}, 4Z 12 = {0, 4, 8}, 6Z 12 = {0, 6} and 12Z 12 = {0}. Here s a curious fact about these subrings. It appears as though these subrings do not contain a unity element, since they do not contain 1. However, such is not always the case. The unity element can be disguised. Take for example 3Z 12 = {0, 3, 6, 9}. We claim that 9 is the unity element. Indeed, 9 0 = 0, 9 3 = 3, 9 6 = 6 and 9 9 = 9, that is, 9 x = x for all x 3Z 12. Strange! Thus 3Z 12 is a commutative ring with unity Zero Divisors Definition Let R be a ring. A nonzero element a R is called a zero divisor if ab = 0 or ba = 0 for some nonzero b R. Example is a zero divisor in Z 6 since 3 2 = 0 in Z 6 and 2 0. This same example also shows that 2 is a zero divisor. Example What are the zero divisors in Z? integral domain property of Z. There are none, by the Example Find all zero divisors in Z 9. One can do this by trial and error, but lets try to reason it out. Suppose that ab = 0 in Z 9 with a 0 and b 0. Then 9 ab (viewing a, b as integers.) Since a, b are nonzero element of Z 9 we know 9 a and 9 b. Thus, we must have 3 a, but a 0 and so a = 3 or 6. The preceding example is a special case of the following theorem. Theorem A nonzero element [a] m Z m is a zero divisor if and only if gcd(a, m) > 1. Proof. Suppose that [a] m is a zero divisor. Then [a] m [b] m = [0] m for some nonzero [b] m, that is, [ab] m = [0] m. This means m ab. If gcd(a, m) = 1 then Euclid s Lemma implies that m b, meaning [b] m = [0] m, a contradiction. Thus gcd(a, m) > 1. Suppose now that gcd(a, m) = d > 1. We must show that [a] m is a zero divisor. Let b = m/d. Since d > 1, we have b < m and so [b] m 0 in Z m. Also, ab = a m d = a d m 0 (mod m) and so [a] m[b] m = [ab] m = [0] m in Z m. (Note that a d Z since d a.) Therefore, [a] m is a zero divisor.

44 38 3. RINGS, INTEGRAL DOMAINS AND FIELDS Note We note that the gcd condition in the theorem does not depend on the choice of representative for the class [a] m. Indeed, if [a] m = [b] m then b = a+qm for some q Z and so gcd(b, m) = gcd(a + qm, m) = gcd(a, m) by the subtraction property of gcds Units Recall, the group of units for Z m, denoted U m, consists of all elements in Z m having a multiplicative inverse. We generalize this concept here to an arbitrary ring. Definition Let R be a ring with unity. An element a R is called a unit if a has a multiplicative inverse in R, that is, ab = 1 = ba for some b R. In this case we write a 1 = b. Example Find all the units in Z, Q, and Z 6. First, in Z the only integers having multiplicative inverses in Z are ±1. In Q every nonzero fraction a b has a multiplicative inverse b a. In Z 6 the set of units is given by U 6 = {1, 5} (recall, the units in Z m are the elements relatively prime to m.) Putting together our earlier observation that an element a Z m has a multiplicative inverse if and only if gcd(a, m) = 1, with Theorem 3.3.1, we have Theorem For any m N, any nonzero element [a] m Z m is either a unit or a zero divisor. If gcd(a, m) = 1 then [a] m is a unit. If gcd(a, m) > 1 then [a] m is a zero divisor. Thus for the modular ring Z m, every nonzero element is either a unit or a zero divisor. For a general ring R we cannot make this conclusion. For instance, in Z, 2 is neither a unit nor a zero divisor. However, we do have the following: Theorem a) If a is a unit in a ring R, then a is not a zero divisor. b) If a is a zero divisor in a ring R, then a is not a unit. Proof. Did you observe that these two statements are actually equivalent (called contrapositives of one another.) Thus, to prove the lemma it suffices to prove either part. Lets do part a). Suppose that a is a unit in R, with inverse a 1. We wish to show that a is not a zero divisor, so suppose that ab = 0 for some b R. Multiplying on the left by a 1 we obtain a 1 (ab) = a 1 0, and so (a 1 a)b = 0, that is, b = 0. Similarly, if ba = 0 for some b R, then we again conclude that b = 0. Therefore a is not a zero divisor Polynomial Rings Definition Let R be a given ring. a) A polynomial over R in the variable x is an expression of the form f(x) = a n x n + a n 1 x n a 0, where the a i are elements of R. b) The values a i are called coefficients of the polynomial. c) If a n 0 then a n is called the leading coefficient of the polynomial and the polynomial is said to be of degree n.

45 3.5. POLYNOMIAL RINGS 39 d) A polynomial of the form f(x) = a with a R, is called a constant polynomial. If a 0 then it has degree 0. The zero polynomial, f(x) = 0, is not assigned a degree. e) Two polynomials are said to be equal if they have the same degree and the coefficients of like powers of x are all identical. Addition and multiplication of polynomials are defined in the standard manner: Let f(x), g(x) R[x], and let n be the maximum degree of f(x) and g(x). Then we can write f(x) = n i=0 a ix i, g(x) = n i=0 b ix i, for some a i, b i R, 0 i n (allowing some leading 0 coefficients if the two degrees are not the same.) Addition: f(x) + g(x) := n i=0 (a i + b i )x i. Multiplication: f(x) g(x) := n n i=0 j=0 a ib j x i+j = 2n k=0 ( i+j=k a ib j )x k. (The colon in front of the equal sign, :=, signifies that this is a definition.) Definition Let R be given ring. The polynomial ring in (the variable) x over R, denoted R[x], is the set of all polynomials in x with coefficients in R, R[x] = {a n x n + + a 0 : n N {0}, a i R, 0 i n, }, together with the standard laws for addition and multiplication of polynomials. Of course, to call R[x] a ring we must verify that all six properties of a ring are satisfied by R[x]. Note that since R is a ring and therefore closed under addition and multiplication, the coefficients of f(x) + g(x) and f(x)g(x) are again in R, and so property (i) for rings is satisfied. We also have 0 R[x] (trivially) and f(x) = n i=0 ( a i)x i R[x] (since a i R for all i), and so properties (v) and (vi) for rings are satisfied. It is routine, but tedious to verify that properties (ii), (iii) and (iv) all follow from the corresponding laws in R. Example i) In Z 3 [x], (1 + x + 2x 2 ) + (2 + x 2 ) = 3 + x + 3x 2 = x. ii) In Z 4 [x], (1 + 2x)(2 + x + 2x 2 ) = (2 + x + 2x 2 ) + (4x + 2x 2 + 4x 3 ) = 2 + 5x + 4x 2 + 4x 3 = 2 + x. Note i) If R is ring with unity then so is R[x]. Indeed, if 1 R then 1 is a constant polynomial in R[x]. ii) If R is commutative then so is R[x]. This follows from the fact that a i b j = b j a i for all terms in the product of f(x) and g(x) as given above. For example if a, b R then (a+bx)(c+dx) = ac+bcx+adx+bdx 2, (c+dx)(a+bx) = ca+cbx+dax+dbx 2, and these two expressions are equal since ac = ca, bc = cb, ad = da, bd = db in a commutative ring. iii) If R has no zero divisors, then for any two nonzero polynomials f(x), g(x) R[x] we have deg(f(x)g(x) = deg(f(x)) + deg(g(x)). Indeed, in this case the leading term of the product f(x)g(x) is just the product of the leading terms of f(x) and g(x); it does not vanish! Example In Z 2 [x] find (1 + x) 2 : since 2 = 0 in Z 2. In Z 3 [x] find (1 + x) 3. (1 + x) 2 = (1 + 2x + x 2 ) = 1 + x 2, (1 + x) 3 = 1 + 3x + 3x 2 + x 3 = 1 + x 3,

46 40 3. RINGS, INTEGRAL DOMAINS AND FIELDS since 3 = 0 in Z Integral Domains Definition An integral domain is a commutative ring with unity having no zero divisors, that is, if a, b R and ab = 0 then either a = 0 or b = 0. Note Another way to say that a ring has no zero divisors is to say that if a and b are nonzero elements of a ring, then so is ab. Example Z is an integral domain. The property that ab = 0 implies a = 0 or b = 0 is what we called earlier the zero divisor property or integral domain property of Z. Theorem Z m is an integral domain iff m is a prime. Proof. Suppose that Z m is an integral domain. If m is composite, say m = ab with 1 < a < m, 1 < b < m, then a and b are zero divisors in Z m, contradicting our assumption that Z m is an integral domain. Therefore, m must be a prime. Conversely, suppose that m is a prime. We already know that Z m is a commutative ring with unity. Let a {1, 2, 3,..., m 1} be any nonzero element of Z m. Since a < m and m is a prime we must have gcd(a, m) = 1. Thus by Theorem 3.3.1, a in not a zero divisor. Note The importance of an integral domain is that in such a setting we can solve equations in the same manner that we have become accustomed to in high school. The following examples point out the difference between solving equations in an integral domain, and solving equations in a ring that is not an integral domain. Example Solve x 2 3x + 2 = 0 in an integral domain R. Note, since R is an integral domain, 1 R, and we define 2 := 1 + 1, 3 := By the foil law (distributive property), this equation is equivalent to (x 1)(x 2) = 0. Since R has no zero divisors we must have either x 1 = 0 or x 2 = 0, and thus, either x = 1 or x = 2. Example Now, solve the equation x 2 4x + 3 = 0 in Z 8. Note that Z 8 is not an integral domain, since 8 is composite. This equation is equivalent to (x 1)(x 3) = 0. But this time we cannot conclude that x = 1 or 3 since Z 8 has zero divisors. Instead, we either use trial and error, that is test x = 0, 1, 2,..., 7, or reason it out by noting that the equation is equivalent to saying 8 (x 1)(x 3), etc.. Trial and error is easier in this case, and we see that x = 1, 3, 5, 7 all satisfy the equation! Clearly, its nicer to solve equations in an integral domain than in a general ring. Lemma Let R be an integral domain and f(x), g(x) R[x] be nonzero polynomials of degrees n, m respectively. Then deg(f(x)g(x)) = n + m. Proof. Let f(x) = a n x n + + a 0, g(x) = b m x m + + b 0, with a n 0, b m 0. Then f(x)g(x) = a n b m x m+n + + a 0 b 0. Note that since R is an integral domain and a n, b m are both nonzero, we have a n b m 0. Thus a n b m x m+n is the leading term of the product, and so the degree of f(x)g(x) is m + n. Theorem If R is an integral domain, then R[x] is an integral domain.

47 3.7. FIELDS 41 Proof. Since R is commutative and contains a unity element, so does R[x], as observed above. Thus, we only need to show that R[x] has no zero divisors. But, this follows immediately from the preceding lemma. I ll leave it as a homework problem for you to fill in the details. Theorem If R is an integral domain then the only units in R[x] are the constant polynomials f(x) = a 0 where a 0 is a unit in R. Proof. Suppose that f(x) = a n x n + + a 0 (with a n 0) is a unit. Then there must exist a polynomial g(x) = b m x m + + b 0 (with b m 0) such that f(x)g(x) = 1. Since the degree of f(x)g(x) is n + m and the degree of 1 is zero, we must have n + m = 0 and therefore n = m = 0. This means that f(x) and g(x) are just constant polynomials, f(x) = a 0, g(x) = b 0 for some a 0, b 0 R. The equation f(x)g(x) = 1 becomes a 0 b 0 = 1. Thus a 0, b 0 must be units in R. Note If R is not an integral domain, then it is possible for polynomials of positive degree to be units. For example, in Z 12 we have (1 + 6x 2 )(1 + 6x 2 ) = 1, and so (1 + 6x 2 ) 1 = 1 + 6x Fields Definition A ring R is called a field if (i) R has a unity element, (ii) R is commutative, and (iii) Every nonzero element of R is a unit. Example Which of the following are fields: Z, Q, R, Z 3, Z 4, R[x]? Answer: Q, R, Z 3. Another standard example of a field that we will return to later is the set of complex numbers. Example Another example of a field that you have worked with is the set F (x) of all rational functions p(x)/q(x) with coefficients in a given field F. We ll leave it as an exercise for the reader to verify that all the axioms are satisfied. In order to have a chance of being a field, a ring must already be an integral domain: Theorem If R is a field then R is an integral domain. The converse statement is false. For example, Z is an integral domain, but not a field. Proof. Suppose that R is a field. Then in particular R is commutative and has a unity element. In order to prove that R is an integral domain, all that is left is to show that R has no zero divisors. By definition of a field, every nonzero element of R is a unit. But, by Lemma 3.4.2, units are not zero divisors. Therefore R has no zero divisors. In general, being a field is a stronger condition than being an integral domain, but for the modular rings Z m these two concepts coincide. Theorem Z m is a field if and only if m is a prime. Thus Z m is a field if and only if Z m is an integral domain. Proof. The second statement follows immediately from Theorem so lets turn to the first statement. If Z m is a field, then by the preceding theorem Z m is an integral domain, and thus by Theorem 3.3.1, we must have m is a prime.

48 42 3. RINGS, INTEGRAL DOMAINS AND FIELDS Conversely, suppose that m = p, a prime, and let a be any nonzero element of Z p. Then gcd(a, p) = 1 and so a is a unit, that is, a has a multiplicative inverse in Z p. Note If F is a field then the units in F [x] are just the nonzero constant polynomials, by Theorem Matrix Rings We will just look at the case of 2 by 2 matrices, although everything we do could just as well be done for n by n matrices, for arbitrary n. Matrix rings provide us with an example of a noncommutative ring. Definition A 2 by 2 matrix with entries in a given ring R is an array of elements of the form [ ] a b, c d where a, b, c, d R. The entry position is given by specifying the row number first, column number second. Thus, a is the entry in the 1, 1 position, b the 1, 2 position, c the 2, 1 position and d the 2, 2 position. Definition Matrix Rings. Let R be a given ring. The ring of 2 by 2 matrices over R is given by the set {[ ] } a b M 2,2 (R) = : a, b, c, d R, c d together with [ the ] standard [ ] laws [ for addition] and multiplication of matrices: a b e f a + e b + f Addition: + =. c d g h c + g d + h [ ] [ ] [ ] a b e f ae + bg af + bh Multiplication: =. c d g h ce + dg cf + dh Note Matrix multiplication is obtained by taking dot products of the rows of the left matrix with columns of the right matrix. Let A, B be the two matrices above. Let R 1, R 2 be the two rows of A and C 1, C 2 the two columns of B. Then the ij-th entry of AB is equal to R i C j. Note M 2,2 (R) is in fact a ring. Lets check the six properties. (1) Since R is closed under +, it follows that so is the matrix ring. Since R is closed under addition and multiplication, the product of any two matrices over R again has entries in R. (2) The associative law for addition follows immediately from the associative law for addition in R. The associative law for multiplication requires more work, and is best done in a matrix theory course, but here goes. Let A = [a ij ], B = [b ij ], C = [c ij ] be any three matrices over R. To show that two matrices are equal it suffices to show that their ij-th entries are equal for any i, j. The ij-th entry of (AB)C is given by l ( k a ikb kl ) c lj = l k (a ikb kl )c lj while the ij-th entry of A(BC) is given by k a ik ( l b klc lj ) = k l a ik(b kl c lj ); here, the indices in all of the sums run from 1 to 2. Thus the ij-th entries are equal by the associative law of multiplication and the general associative-commutative law for addition in R. (3) The commutative law for addition is immediate from the commutative law for addition in R.

49 3.8. MATRIX RINGS 43 (4) The distributive law: The ij-th entry of A(B + C) is given by 2 a ik (b kj + c kj ) = k=1 2 (a ik b kj + a ik c kj ) = k=1 2 a ik b kj + k=1 2 a ik c kj which is just the ij-th entry of AB + AC. [ ] 0 0 (5) The zero element in M 2,2 (R) is the matrix 0 =. 0 0 (6) The additive inverse of A = [a ij ] is the matrix A = [ a ij ], which is in M 2,2 (R) since R contains its additive inverses, and so each of the entries a ij is in R. Note (i) Matrix multiplication is not commutative, even if R itself is commutative. Indeed, [ ] [ ] [ ] [ ] [ ] [ ] =, = (ii) M 2,2 (R) has zero divisors. Indeed, for any a, b, c, d R, [ ] [ ] [ ] a =. b 0 c d 0 0 (iii) If R is a ring with unity 1, then M 2,2 (R) is a ring with unity I 2 given by [ ] 1 0 I 2 :=. 0 1 Example M 2,2 (Z m ), is a ring with m 4 elements, since there are m distinct choices for each of the four entries. [ ] a b Definition For any r R and matrix A = M c d 2,2 (R), the scalar product rm is defined by [ ] [ ] a b ra rb r =. c d rc rd [ ] a b Definition The determinant of a matrix A = is given by c d det(a) = ad bc. [ ] a b Theorem Let R be a commutative ring with unity, and A = c d M 2,2 (R). Put = det(a) = ad bc. Then A is a unit in M 2,2 (R) if and only if is a unit in R. In this case we have [ ] A 1 = 1 d b. c a [ ] d b Proof. It is homework for you to verify that if is a unit and B = 1, c a then AB = I 2 = BA. Conversely, if A is a unit, then AB = I 2 for some matrix B. Thus det(ab) = det(i 2 ) = 1. But det(ab) = det(a)det(b), and so we obtain det(a)det(b) = 1. Thus det(a) is a unit in R. k=1

50 44 3. RINGS, INTEGRAL DOMAINS AND FIELDS [ ] 1 3 Example Test whether A = is a unit in M 5 7 2,2 (Z 9 ), and if so, find A 1. We have det(a) = 7 [ 15 = 8 ] = 1 in Z 9. Thus det(a) is a unit in Z 9 and 7 3 so A 1 exists, with A 1 =. 5 1 Example Show that if A is a nonzero matrix [ over ] a commutative ring a b R with det(a) = 0, then A is a zero divisor. Let A =. Since A is nonzero, c d one of the rows of A is nonzero, say the first row. It is easy to check that [ ] [ ] [ ] a b b b 0 0 =, c d a a 0 0 since ad bc = 0, and thus A is a zero divisor. Note Putting together the previous example with Theorem we see that if A is a 2 2 matrix over any field F, then A is a unit iff det(a) 0 and A is a zero divisor iff det(a) = 0. Thus every nonzero matrix is either a unit or a zero divisor. This is the same phenomena we observed for the modular ring Z m Complex Numbers Definition i) The complex numbers C is the set of numbers, C := {a + bi : a, b R}, where i is the imaginary unit i = 1. The set of complex numbers can be represented geometrically as a plane with real and imaginary axes. A typical point a + bi is a point with real coordinate a and imaginary coordinate b. ii) Let z = a + bi. Then a is called the real part of z and b is called the imaginary part. iii) Two complex numbers are equal if and only if they have the same real and imaginary parts. In order to make C into a ring we define addition and multiplication on C as follows: For any a + bi, c + di C, (a + bi) + (c + di) := (a + c) + (b + d)i, (a + bi)(c + di) := (ac bd) + (bc + ad)i. Of course, these definitions are made so that the commutative, associative and distributive law holds true. Indeed, if we multiply the binomials a + bi and c + di assuming these laws we obtain (a + bi)(c + di) = ac + bci + adi + bdi 2 = ac + bci + adi + bd( 1) = ac bd + bci + adi = ac bc + (bc + ad)i. One can verify that under these definitions, C is a commutative ring with unity. The zero element of C is 0 = 0 + 0i, and the unity element is 1 = 1 + 0i. Definition i) The complex conjugate of z = a + bi, denoted z, is given by z = a bi. It is the reflection of z in the real axis. ii) The modulus or absolute value of a complex number z = a + bi, denoted z, is given by z = a 2 + b 2. Geometrically, it represents the distance from z to the origin 0 in the complex plane.

51 3.10. POLAR FORM AND EXPONENTIAL POLAR FORM OF COMPLEX NUMBERS 45 In order to obtain the multiplicative inverse of a complex number, lets recall the conjugate trick used for rationalizing denominators with radicals. For example = = = If we do the same thing, replacing 2 with 1 = i, we obtain a method for calculating the multiplicative inverse of a complex number. For example i = 1 3 5i 3 + 5i 3 5i = 3 5i 3 2 i 2 2 = 3 5i 11. More formally we have the following lemma. Lemma i) For any complex number z we have zz = z 2. ii) Any nonzero complex number z = a + bi has a multiplicative inverse z 1 in C, given by have z 1 = z z 2 = a bi a 2 + b 2. Proof. i) Let z = a + bi. Then zz = (a + bi)(a bi) = a 2 + b 2 = z 2. ii) If z is a nonzero complex number then z is a nonzero real number and we that is z 1 = z z 2. z z z 2 = z 2 z 2 = 1, Since C is a commutative ring with unity in which every nonzero element has a multiplicative inverse, we have the following. Theorem The set of complex numbers is a field under the standard addition and multiplication laws defined above Polar Form and Exponential Polar Form of Complex Numbers Definition Polar coordinates (r, θ) of a complex number i) The angular coordinate θ, also called the polar angle or argument of z, is the angle formed between the ray going from the origin to z and the positive real axis. It is not unique. One can add any integer multiple of 2π to θ to obtain another polar angle. ii) The radial coordinate r, called the modulus or absolute value of z is just r = z. It is unique and nonnegative. Note, unlike polar coordinates in the cartesian plane R 2, where r is allowed to be positive or negative, the polar coordinate r for complex numbers is always nonnegative. Theorem For any complex number z with polar coordinates (r, θ), (3.1) z = r(cos θ + i sin θ). Proof. Let z = a + bi, r = z = a 2 + b 2, and θ be a polar angle for θ. Then z is a point on the circle of radius r in the complex plane, centered at 0, with polar angle θ. By the definition of sine and cosine, we have a = r cos θ, b = r sin θ and thus z = r cos θ + ir sin θ = r(cos θ + i sin θ).

52 46 3. RINGS, INTEGRAL DOMAINS AND FIELDS A more useful polar representation of a complex number, called the exponential polar form, follows from the next theorem. Theorem For any real number t we have e it = cos t + i sin t. Proof. Recall the Taylor expansions e z = z k k!, sin(t) = ( 1) k 1 t 2k 1 (2k 1)!, cos(t) = ( 1) k t2k (2k)!. k=0 k=1 These series converge absolutely for all z C and all t R. Inserting z = it into the expression for e z and expanding yields e it = 1 + it + 1 2! (it) ! (it)3 + = 1 + it 1 2! t2 i 3! t ! t4 + ( = 1 1 2! t2 + 1 ) ( 4! t4 + i t 1 3! t3 + 1 ) 5! t5 = cos t + i sin t. We note that in the derivation above we had to rearrange the terms of an infinite series. This is allowed because the series converges absolutely. Corollary For any complex number z with modulus r and polar angle θ, we have z = re iθ. Definition Let z be a complex number with polar coordinates r, θ. i) The polar form of z is the expression z = r(cos θ + i sin θ). ii) The exponential polar form of z is given by z = re iθ. The exponential polar form for z follows immediately from the polar form and the following theorem. Note e iθ represents a complex number on the unit circle with polar angle θ. For example, e iπ/2 = i, e iπ/4 = i 2. Example A beautiful relationship. e iπ + 1 = 0. This equation has all the fundamental values, 0, 1, e, π and i in one equation. It follows immediately from the fact that e iπ = 1, since e iπ represents a complex number of modulus 1 with polar angle π, which of course is just -1. The reason the exponential polar form is more useful than the (plain) polar form of a complex number is the fact that laws of exponents are much simpler than trigonometric identities. For instance we have the following lemma. Lemma For any complex numbers z, w and integer n we have i) e z e w = e z+w. ii) (e z ) n = e zn. Proof. i) This can be proved using the Taylor expansion for e z, together with the binomial expansion formula (we will leave it to the analysis courses to discuss k=0

53 3.11. n-th POWERS AND n-th ROOTS OF COMPLEX NUMBERS 47 the convergence of these series): e z+w 1 = n! (z + 1 w)n = n! = n=0 z k k=0 n k z k = k! k=0 n k 1 n! ( n k n=0 ) w n k = w n k (n k)! = k=0 n k=0 ( ) n z k w n k k z k w n k k!(n k)! k=0 n k = e z e w. ii) For positive integers n the identity follows (by induction) from part i), z k k! l=0 w l l! (e z ) n = e z e z e z = e z+z+ +z = e nz. For negative integers, we simply use the definition w n = 1 w n. Thus (e z ) n = 1 (e z ) n = 1 e zn = e zn = e ( n)z. Theorem The Geometry of Multiplication and Division. a) If z, w C then zw is a complex number whose modulus is the product of the moduli of z, w, that is, zw = z w, and whose polar angle is the sum of the polar angles of z and w. b) If w 0, the quotient z/w is a complex number whose modulus is z / w and whose polar angle is the difference of the polar angles of z and w. Proof. a) Let z, w have polar forms z = re iθ, w = se iβ. Then zw = re iθ se iβ = rse i(θ+β). The latter expression is in exponential polar form, and so zw = rs = z w, and the polar angle of zw is θ + β. b) Using the same notation we have z/w = re iθ /se iβ = (r/s)e i(θ β), and so z/w = z / w and the polar angle of z/w is θ β n-th powers and n-th roots of complex numbers The advantage of using the exponential polar form over the polar form is that it makes de Moivre s formula transparent. Theorem de Moivre s Formula for n-th powers. Let z be a complex number with exponential polar form z = re iθ. Then for any natural number n, z n = r n e inθ = r n (cos(nθ) + i sin(nθ)). Proof. We have z n = (re iθ ) n = r n (e iθ ) n = r n e inθ, by the observation preceding the theorem. Example Find (1 + i) 10. Start by writing 1 + i in exponential polar form 1 + i = 2e i π 4. Thus (1 + i) 10 = ( 2e i π 4 ) 10 = 2 5 e i 5 2 π = 2 5 e i π 2 = 32i. Definition Let n N, z C. The n-th roots of z denoted z 1/n are the set of complex numbers w satisfying w n = z. z 1/n = {w C : w n = z}.

54 48 3. RINGS, INTEGRAL DOMAINS AND FIELDS Recall the convention that if x is a nonnegative real number then n x denotes the nonnegative n-th root of x. Example /2 = { 2, 2}. 1 1/4 = {1, 1, i, i}. 2 1/4 = /4 = {± 4 2, ± 4 2i}. Theorem de Moivre s Formula for n-th roots: Let z be a complex number with exponential polar form z = re iθ. Then z 1/n = n re i( θ n + 2π n k), with k = 0, 1, 2..., n 1. (Technically, it is the set of these values, but the convention is to omit the set brackets and just indicate a typical element of the set.) Proof. Let w = ρe iα. Then w n = z is equivalent to ρ n e inα = re iθ, which means, ρ n = r and nα = θ + 2πk, for some k Z. Thus ρ = n r and α = θ n + 2π n k, for some k Z. Although k is allowed to be any integer, the polar angle for w advances by 2π once k reaches n. Thus the distinct angles are obtained by letting k run from 0 to n 1. Note de Moivre s Formula shows that every nonzero complex number has n distinct n-th roots and that they are equally spaced around the circle of radius n r, centered at the origin. Example a) Find i 1/4. Rather than memorize de Moivre s formula, I recommend working this out from scratch as follows. Start with the general exponential polar form of i, i = e i( π 2 +2πk), k Z. In the general form one allows all possible polar angles for i. Thus, for any choice of k we have ( i 1/4 = e i( π +2πk)) 1/4 2 = e i( π 2 +2πk) 1 4 = e i( π 8 + π 2 k), One lets k = 0, 1, 2, 3 to obtain the four distinct fourth roots of i. Plugging in these values of k, gives i 1/4 = {e i π 8, e i 5π 8, e i 9π 8, e i 13π 8 }. b) Find ( 3 + i) 1/5. By plotting the point z = 3 + i we see that its polar angle is 5 6 π. Also, z = = 2. Thus the general exp. polar form of z is 2e i( 5 6 π+2πk) and we obtain, z 1/5 = 5 2e i( 5 6 π+2πk) 1 5 = 5 2e i( 1 6 π+ 2 5 πk), with k = 0, 1, 2, 3, 4. c) Find all solutions of the equation x = 0, with x C. This is equivalent to solving the equation x 5 = 2, that is x = ( 2) 1/5. The general exp. polar form of 2 is 2 = 2e i(π+2πk), k Z. Thus with k = 0, 1, 2, 3, 4. ( 2) 1/5 = 5 2e (iπ+2πk) 1 5 = 5 2e i( π 5 + 2π 5 k), Subfields of the Real Numbers and Complex Numbers Definition A subset K of a field F is called a subfield of F if K is a field with respect to the same addition and multiplication operations. We have already seen one important subfield of R, namely the rationals Q, and two important subfields of C, namely Q and R. It turns out there are infinitely many subfields of the reals, and infinitely many more subfields of the complex numbers. All of these subfields must contain the rationals, as the next theorem shows.

55 3.12. SUBFIELDS OF THE REAL NUMBERS AND COMPLEX NUMBERS 49 Theorem If K is a subfield of C then K must contain Q. Proof. Suppose that K is a subfield of C. Since 1 K and K is closed under addition, it follows by induction that N K. Since K contains 0 and additive inverses we then deduce that Z K. Finally, since K contains multiplicative inverses and is closed under multiplication, we then get that Q K (indeed, any rational number can be expressed in the manner a b 1 for some integers a, b.) Definition If F is a subfield of the field K and a K, then F [a] denotes the set of all polynomials in a and F (a) the set of all rational functions in a. F [a] is a subring of K given by and F (a) is a subfield of K given by F [a] := {p(a) : p(x) F [x]}, F (a) := {p(a)/q(a) : p(x), q(x) F [x]}. We ll leave it as an exercise for you to verify that F [a] is a ring and that F (a) a field. It is also straightforward to verify that both of these sets are subsets of K, since K is closed under addition and multiplication. Note Just as with the concept of subrings, to show that a subset K of a given field is a subfield we only need to verify a few of the field axioms, the rest being inherited from the bigger field. It suffices to verify that K is closed under addition and multiplication, 0, 1 K, and if a 0 K, then a K and a 1 K. Example Let a C. Since Q is a subfield of C, we have that Q(a) is a subfield of C. If a Q, then Q(a) is a subfield of C strictly larger than Q. If a R, then Q(a) is a subfield of R. Note If K is a subfield of C and a K, then Q(a) is a subfield of K, since by the theorem above we know that Q is a subfield of K. Example Let m be an integer such that m is not a perfect square. Let K = Q( m). Then, as noted in the previous example, K is a subfield of C, called a quadratic subfield of C. We claim that K takes on a simpler form, K = {a + b m : a, b Q}. Proof. Let L = {a + b m : a, b Q}. Clearly L K, so it suffices to show that K L. Let f(x) = c 0 + c 1 x + c 2 x c n x n with the c i Q, 0 i n. Then, if n is even, f( m) = c 0 + c 1 m + c2 m + c 3 m m + + c n m n/2 = (c 0 + c 2 m + + c n m n/2 ) + (c 1 + c 3 m + c n 1 m n 2 2 ) m = a + b m L, for some a, b Q. A similar argument holds when n is odd. We also observe that a typical element of Q( m) is of the form f( m) g( m) = a + b m c + d m = (a + b m)(c d m) c 2 d 2 = ac bdm + (bc ad) m b c 2 db 2 L, for some a, b, c, d Q. Thus, K L.

56 50 3. RINGS, INTEGRAL DOMAINS AND FIELDS Note It n, m are distinct square-free integers then Q( m) Q( n). Thus we obtain infinitely many distinct quadratic subfields of C, one for each square-free integer. Proof. Proof by contradiction. Suppose that Q( n) = Q( m) where m, n are distinct square-free integers. Then m Q( n) and so m = a+b n for some a, b Q. If a = 0, then squaring both sides yields m = b 2 n contradicting the fact that m is square-free. If b = 0, then m = a Q, contradicting the fact that m is irrational. Thus ab 0. Then squaring both sides of the relation m = a + b n yields m = a 2 +b 2 n+2ab n, which, upon solving for n implies that n is rational, a contradiction (n is not a perfect square.) Therefore Q( n) Q( m). The previous example can be extended to any root, such as Q( 3 2), called a cubic extension of the rationals. In this case one can show that Q( 3 2) = {a + b c( 3 2) 2 : a, b, c Q}. Example Here is another type of subfield of R, called a transcendental extension of the rationals: Q(π) = {p(π)/q(π) : p(x), q(x) Q[x]}. In this case the description of the subfield does not collapse to a simpler expression as in the case of quadratic extensions. Indeed, being a transcendental number means that π is not a zero of any polynomial over Q. Thus if p(π) = q(π) for two polynomials p(x), q(x) then it follows that the two polynomials are identical, that is, p(π) does not collapse to a polynomial expression in π of lower degree Venn Diagram of Rings The diagram in Figure 1 illustrates the different types of rings we have encountered in this chapter. In the figure H stands for the set of quaternions H := {a + bi + cj + dk : a, b, c, d R}, where i, j, k are elements satisfying i 2 = j 2 = k 2 = 1, ij = k, jk = i, ki = j. The quaternions are like a four dimensional version of complex numbers with 3 fundamental imaginary units i, j, k, and a noncommutative multiplication: ji = j(jk) = (jj)k = k. Similarly, kj = i, ik = j. Multiplication and Addition are defined in the standard manner using the distributive law. Thus for example (1+i j)(2 i+k) = (2 i+k)+i(2 i+k) j(2 i+k) = 2 i+k+2i+1 j 2j k i = 3 3j.

57 3.13. VENN DIAGRAM OF RINGS 51 Figure 1. Diagram of Rings