A SAMPLER FROM NUMBER THEORY AND MODERN ALGEBRA

Transcription

1 A SAMPLER FROM NUMBER THEORY AND MODERN ALGEBRA 1 Operations on sets Let S be a set (i.e., a collection, assemblage, class, etc.) of numbers. The numbers in S are called its members. The expression "x E S" abbreviates the phrase "x is a member of S". Similarly, "x ~ S" means x is not a member of S. For example, let I.Z, 1 4, and P denote the sets of integers, of integers between -~ and 7f, and of positive real numbers, respectively. Then 1 E I.Z, ~ ~ I.Z, 0 E 14, An operation on S is a rule which assigns to each ordered pair (a, b) of members of S another member of S. For example, subtraction gives an operation on the set I.Z above, but not on 1 4 or P. And division gives an operation on P but not on I.Z. If ~ denotes an operation on Sand (a, b) is an ordered pair of members of S, then we denote the member of S that ~ assigns to (a, b) by the expression a~b. This is a notation we have used in special cases for years! For example, the addition operation on the set Z above assigns to the pair (5,7) the number we denote by Similarly the division operation -;- on the set P above assigns to the pair (3,7) the number denoted by 3 -;- 7. 1

2 We now name some properties which an operation might or might not satisfy. Let b.. be an operation on S. i) We call A commutative if ab..b = bb..a for all a and b in S. ii) We call b.. associative if (ab..b)b..c = ab..(bb..c) for all a, band c in S. iii) A member 8 of S is called a b..-identity for S if 8b..a = ab..8 = a for all a in S. iv) Suppose 8 is a b..-identity for S. Say a is any member of S. By a b..-inverse for a (with respect to 0) we mean a member b of S with ab..b = bb..a = O. The phrase "with respect to 0" above is unnecessary since if there is a b..-identity, then there is only one. After all if a and b were both b..-identities, then from the definition itself we see that a = ab..b = b. As a first example note that ordinary addition, +, is a commutative and associative operation on the set Z, is a +-identity, and every member b of Z has a +-inverse, namely, -b. A second example. Division (-;-) is an operation on the set P of positive numbers above; it is neither associative nor commutative, nor does it have an identity. Here is a less familiar example. Note the set 1 4 above consists exactly of the numbers 0, 1, 2, 3. Define an operation "8" on 1 4 as follows. For any members a and b of 1 4 let a 8 b be the remainder when you divide the product ab by 4. (Note that long division of any nonnegative integer by 4 always leaves a remainder which is a member of 1 4.) For example, 382 = 2 (the remainder when 6 is divided by 4 is 2), 83 = 0, and 383 = 1. One can show that 8 is commutative and associative and that 1 is a 8-identity. 1 and 3 are 8-inverses of themselves, but and 2 have no 8-inverses. These facts are not all obvious, but they can at worst be checked 2

3 by an exhaustive enumeration of all possibilities! For example, 2 has no 8-inverse since 082 = 0 i- 1,1 82= 2 i- 1,282 = 0 i- 1,3 82= 2 i- 1. (The above assertions will follow easily from the results of the next two sections.) 1 Exercises 1. Let 1 4 = {O, 1, 2, 3} be the set studied above. Define a second operation EB on 1 4 by letting a EB b be the remainder when a + b is divided by 4 for all a and b (i) Compute a EB b for all possible choices of a and b. Your results can be tabulated in the table below. ~ (ii) Is EB commutative? How would this property be reflected in the above table? (iii) Verify that a EB (b EB c) = (a EB b) EB c for three or four different choices of values for a, b, and c. (E.g., one choice might be "a = b = 3, c = 1".) (iv) Explain why there is a EB-identity. Which elements have EB-inverses? 2. For each of the following operations on the set of positive real numbers P, determine whether the operation is commutative, whether it is associative, and whether it has an identity in P. If there is an identity, find out which elements have inverses and what they are. (i) addition 3

4 (ii) multiplication (iii) division (iv) the operation # which assigns to any pair (a, b) the larger of the two numbers a and b (v) the operation * which assigns to any pair (a, b) the number ab + a + b 3. Find an operation on 7L which is associative but not commutative. Can you find one which is commutative but not associative? 4. Suppose ~ is an operation on S which is associative and has an identity o. Can a member of S have two different ~- inverses? An afterword. An operation ~ on S is called a group operation if it is associative, there is a ~-identity, and every member of S has a ~-inverse. Such operations are ubiquitous in mathematics and have been intensely studied; they also occur naturally in the natural sciences (e.g., the symmetries of a crystalline structure). Like many important abstract concepts, group operations had to come up in many special situations before anyone realized the usefulness of abstracting from these concrete special cases their common structure. In the case of groups, much of the credit for this goes to Emmy Noether, and this is one of the reasons she is regarded as the mother of modern algebra. 1 Appendix: the well-ordering principle. In the next section we will need a fundamental property of the integers, which we review here. Suppose S is a non-empty set of integers such that there is a number t with t ::; s for all s E S. (Such t is called a "lower bound" for S.) The "wellordering principle" says that under these circumstances S must have a smallest member. Taking t = 1 gives the "least integer principle" as a special case: if S is a 4

5 nonempty set of positive integers then it must have a smallest member. The least integer principle implies the various forms of mathematical induction. Here is one: suppose P(l), P(2),... is a sequence of statements. Suppose P(l) is true and that whenever P(n) is true for some n then P(n + 1) is also true. Then P(n) is true for all positive integers n. Exercises: (1) Give an example of a nonempty set of integers which does not have a smallest number. Give an example of a nonempty set of rational numbers that has a lower bound but does not have a smallest member. (2) Use the least integer principle to prove the above statement of mathematical induction. 2 Remainders Here is our key definition. Definition. Suppose b E Z and 0 < d E Z. We call an integer r a remainder when b is divided by d if 0 ::; r < d and there exists an integer q such that b = qd + rj if this happens we also say that q is a quotient when b is divided by d. Note that the concept of a remainder is defined by giving properties a remainder must satisfy and not by specifying any procedure for finding one. Indeed in spite of the phrase "a remainder when b is divided by d" no process of division is actually involved; the definition gives a specific meaning to this phrase as a whole and one must be wary of any interpretation of the phrase based on the common meaning of the individual words. Of course what is behind this choice of language is the fact that when b ~ 0, the familiar process of long division of b by d does produce a remainder and quotient in the sense of the above definition. Some questions arise, 5

6 however, since we are not defining a remainder in terms of a computational procedure. Could there be two different "remainders" which satisfy the given conditions (notice we said "a remainder", not "the remainder" in the definition)? Second, must a remainder always exist? For example if b = and d = 721 is it clear that there exists r, q E Z with 0 :s; r < 721 and = 721q +r? These questions are answered in our first theorem. Basic Remainder Theorem. Suppose b E Z and 0 < d E Z. Then there is a unique number which is a remainder when b is divided by d. Because of the above theorem we will henceforth speak of the remainder when b is divided by d; we will denote this number by [bk Examples. [7]6 = 1 and [6h = 6 and [248]5 = 3 and [-1h = 6. Proof of the "BRT". There is a smallest integer q' with q' > bid (the well-ordering principle). Let q = q' - 1. Then by the choice of q', q :s; bid < q + 1. Hence qd :s; b < qd + d, so 0 :s; b - qd < d. Also b = qd + (b - qd). Setting r = b - qd we see r is a remainder when d is divided by b. Now suppose rl and r2 are such remainders, so there exists integers qi and q2 with b = qi d + rl = q2d + r2. We may without loss of generality assume rl :s; r2 (otherwise re-label the remainders). Then 0 :s; r2 - rl < d. A bit of algebra shows r2 - rl = (qi - q2)d, so d is a factor of r2 - ri. Since 0 :s; r2 - rl < d, this says r2 - rl = 0, i.e., rl = r2. Thus not only do remainders always exist, they are unique. We now define an operation 0d on Z by setting

7 for all a, b E Z. A special case of this operation appeared in 1. We will next study some basic properties of 8d; properties of an analogous operation "EBd" will be developed in the exercises. Since d will be regarded as a fixed integer (except in examples) we will often omit d as a subscript and abbreviate 8d and [ ]d by 8 and [ ]. Lemma 1. 8 is commutative. Proof. For all a, b E Z we have a 8 b = lab] = [ba] = b 8 a. Finished! Lemma 2. If a, b E Z then [a] 8 b = a 8 b. Proof. There exist rational numbers q and q' such that [a]b = qd + [a] 8 band a = q'd + [a]. Thus ab = q'bd + b[a] = q'bd + qd + [a] 8 b = (q'b + q)d + [a] 8 b. But then by our definitions of a 8 b and of lab], a 8 b = lab] = [a] 8 b. (Note a :::; [a] 8 b < d since [a] 8 b = [[alb] is itself a remainder!) Corollary 3. If a, be Z then a 8 b = a 8 [b] = [a] 8 [b]. Proof. Exercise 3 below. (Hint: combine Lemmas 1 and 2.) Corollary 3 is very useful since it lets us replace numbers in computations involving 8 by their remainders, which may be much smaller and therefore easier to work with. For example = [33331 Js 83 [666662Js = = [2Js = 2. It was not necessary to compute the product (33331)(666662). Lemma 2 also provides the machinery for an easy proof that 8d is associative. 7

8 Lemma 4. 0d is associative. Proof. For any a, b, c E Z we have a 0 (b 0 e) = a 0 [be] = a 0 be = [a(be)] = [(ab)e] = ab 0 e = lab] 0 e = (a 0 b) 0 e. (Besides the definition of 0, we have used the associativity of ordinary multiplication and Lemma 2. Where? The reader is expected, of course, to supply an explicit justification for each equality asserted in each proof.) Note there is no 0-identity "e" in Z since e 0 a = a is impossible if a 2: d (since e 0 a = [ea]d < d ~ a by the definition of a remainder when an integer is divided by d). Hence it does not make sense in this context to talk about 0-inverses. In the next section we will modify our setting to allow there to be a 0-identity and some 0-inverses. 2 Exercises 1. What is the remainder when -13 is divided by 5? 2. Let m be a positive integer. What can you say about [O]m and [mh? How about [-I]m? 3. Prove Corollary Compute [73,651]6 and [64,129]6 and 73, , Define an operation EBd on Z by setting aebdb = [a+b]d for all a, be Z. State and prove analogues of Lemmas 1, 2, 4 and Corollary 3 with 0d replaced by EBd. 6. Does 0d distribute over EBd? That is, is it true or false that for all choices of a, b, c in Z we have a0(bebe) = (a0b)eb(a0e)? 8

9 7. Let a, b, c E Z. (i) Suppose a 8d b = a 8d c. Can we conclude that b = c? that [b]d = [C]d? (ii) Suppose ae8db = ae8dc. Can we conclude tht b = c? that [b]d = [C]d? 8. Does 8d distribute over ordinary addition? Does ordinary multiplication distribute over EBd? (We sayan operation l!.. on S distributes over an operation \J on S if for all a, b, c in S, a6.(b \J c) = (al!..b) \l (al!..c). See Exercise 6.) 3 Inverses and Powers. Let us fix an integer d> 1, and let 8 and [ ] abbreviate 8d and [ ]d. Let n be an integer greater than 1. We set ai!:. = a 8 a 8 8 a (nfactors). We put the bar under the exponent n so as not to confuse ai!:. with the usual power an = a a.... a (n factors). Observe that the notation "ai!:." depends on the choice of d. When there is any danger of confusion we will write out the product a 8d'" 8d a. Lemma 5. For a and n as above, [an] = ai!:.. Proof. We will use mathematical induction. For n = 2 we have a~ = a 8 a = [a 2 ] by our definitions. Now suppose [an] = ai!:. for any n ~ 2. Then a n + 1 = a 8 ai!:. = a 8 [an] = a 8 an = [a an] = [a n + 1 ]. (We have used our induction hypothesis and Lemma 2 above. Where exactly?) Thus [an] = ai!:. for all integers n ~ 2. Lemma 6. Say a, b E Z and [a] = [b]. Then for any n ~ 2, we have [an] = [b n ]. Proof. [an] = ai!:. = [ali!:. = [b]i!:. = [b n ]. (If the second equality above bothers you, see exercise 1 below.) 9

10 Innocent looking as it is, the last lemma lets us do some spectacular computations. Here are a few examples. 1. Find the remainder when is divided by 7. Solution. [36h = 1 = [lh, so [361027h = [ h = 1. Done! 2. What is the remainder when is divided by 120? Solution. [11 2 h20 = [12110h20 = [1 10 h20 = 1 since 11 2 = 121 has remainder 1 when divided by Show has 37 as a factor. Solution. Note [-lh7 = 36 = [36h7' so [ h7 = [( -1) 1027 h7= [-lh7 = 36. Thus for some integer q, = 37q + 36, so = 37q. That is, 37 is a factor of We have used the following terminology above. If a, b E Z, then we say a is a factor of b ifthere is an integer c with b = ac. Note that the definition ofremainders says r is a remainder when b is divided by d if and only if 0 :S r < d and d is a factor of b - r. As remarked at the end of 2, 0 has no identity. This "defect" can be remedied as follows. Set 1= I d = {O, 1,2,...,d - I}. (We will use the subscript when necessary for clarity, especially in concrete exampies.) Note [a] E I for all a E Z. Thus a 0 bel for all a, bel. Hence we may regard 0 as being an operation only on I, and we adopt this point of view for the rest of this section. With this understanding we have the following. Lemma 7. There is an 0 -identity (considering 0 as an operation on I), namely 10

11 1. Proof. For all a E I, a = [a 1] = a 01 = 10 a. Thus 1 is a 0-identity. Now we let J = J d denote the set of members of I = Id which have 0-inverses. Lemma 8. 1 E J, and if a E J and b E J, then a 8 b E J. Proof = 1, so 1 is its own 0-inverse. If a and b have 0-inverses c and d, respectively, then d 0 c is a 0-inverse for a 0 b and hence a 0 b E J, since (d 0 c) 0 (a 0 b) = d 0 (c 0 a) 8 b = d 818 b = d 0 b = 1. Note Lemma 8 implies that all E J whenever a E J and 1 < n E Z. Euler's Theorem. Let i.p = i.p(d) denote the number of elements in J d and suppose a E Jd. Then a'. = [acp] = 1. Proof. Suppose e is the 0-inverse of a. Let (1) be the i.p members of Jd. Consider the list (2) a 8 b1,a 0 b 2,...,a 0 bcp. For any index i :::; i.p, e 0 b i equals b j for some j :::; i.p and hence a 0 b j = a 0 e 0 b i = 1 0 bi = bi. Thus the list (2) is just a rearrangement of the list (1). Hence if 9 is the 8-inverse of b bcp then 1 = 9 8 (b bcp) = 9 0 ((a 8 b 1 ) 8 (a 8 b 2 )... (a 8 bcp)) = 9 0 (b bcp) 0 a'. = 10 acp = acp. 11

12 With Lemma 5, this completes the proof. Note we have used the associativity and commutativity of 8 implicitly and repeatedly! The above result is fundamental in number theory and group theory. It does raise some questions: which elements of Id have 8-inverses and how many are there (i.e., what is r.p = r.p(d))? Both these questions are discussed in the exercises. Here is an application of Euler's theorem of both historical and commercial interest. Rivest - Shamir - Adleman public cipher system. We study a family of encryption systems (i.e., "secret codes"). To set up such a code pick two large prime numbers, say p and q. Let d = pq and m = r.p(pq). Pick members sand t of J m which are 8 m -inverses of each other. The messages to be sent are members of J d. To encode an element a of J d replace it by [as]d. To decode a coded message b, we replace it by W]d. Why does the above system work? Note s 8 m t = 1 so there exists q E Z with st = qm + 1. Hence if a E h and b = [as]d, then by Lemma 5 By Euler's Theorem then, W]d = Ii 8 a = 1 8 a = a. This proves the decoding process works! (If the manipulation of exponents above seems questionable, see Exercise 5 below.) Notice that to encode, one needs to know d and s, but not t. It turns out that if the code is set up properly then knowledge of d and s does not enable a person 12

13 to compute t. (More precisely, one can find t in principle, but not in practice because the computing time to do so is measured at least in millenia.) This means that the coding procedure can be made public without compromising the secrecy of the decoding method. For more discussion of the code and its many possible applications one might consult M. Gardner's "Mathematical Games" column in volume 237 (August, 1977) of the Scientific American. This article was the first announcing this encryption method; it caused a large stir in the intelligence community since, unlike any earlier code capable of handling a large volume of secure communications, it appeared unbreakable. 3 Exercises 1. Prove by induction the second equality in the proof of Lemma Find the remainder when (a) is divided by 7; (b) is divided by 7; (c) is divided by 7 (hint: [2317 = 1). 3. Show 8 is a factor of Show 7 is a factor of (738)(657) Let us extend our notation for all (which was defined only for n > 1) by setting a 1 = [ak Prove by induction that for all positive integers m and n, a=+n = a=0ail and (a=)il = a!i!:!3:... (We assume here a fixed choice of d.) 6. Note that EBd gives an operation on I d. Find a EBd-identity and show every element of I d has a EBd-inverse. (Note the case d = 4 was done in problem 1 of 1.) 7. Call integers a and b strangers if 1 is the only positive integer which is a factor 13

14 of both a and b. Prove that if 1 < d E Z and a E Z, then a and d are strangers if and only if [a]d has a 8d-inverse. (Outline. First suppose a has a 8d-inverse, say b. Then there exists q E Z with ab = qd + 1; deduce that a and d are strangers. Conversely, suppose a and d are strangers. The set S of positive integers of the form ax + dy (x, Y E Z) is nonempty. For some x, y E Z, ax + dy is the smallest member of S. By the Basic Remainder Theorem of 2, there exist q, r E Z with o ~ r < ax+by and a = q(ax+dy)+r. Thus 0 ~ r = (l-qx)a+(-qy)d < ax+by, so r = O. Thus ax + by is a factor of a, and, similarly, of d. Thus ax + dy = 1, so [X]d is a 8-inverse for a.) The next exercises apply exercise Find <p(2), <p(4), <p(8). Generalize. 9. Find <p(3), <p(5), <p(7), <p(ll). Generalize. 10. You may assume p = 1997 and p = 1999 are both prime numbers. Show <p(pq) = <p(p)<p(q). Conclude that #Jpq/#Ipq ~.999. (I.e., most elements of I pq have 8 pq -inverses. Here "#S" denotes the number of elements in the set S.) 11. Suppose a and b are positive integers. Show a and b are strangers if and only if a and [b]a are strangers. Repeated application of Exercise 11 gives a good method for determining whether two positive integers are strangers. For example, 1381 and 457 are strangers if and only if 10 (= [1381]457) and 457 are strangers, and this happens if and only if 7 = [457]10 and 10 are strangers, which they clearly are (the positive factors of 7 are 1 and 7, while those of 10 are 1, 2, 5 and 10). 12. Use the above method to tell if 1657 and 331 are strangers, and if 723 and 3693 are strangers. 14

15 13. Does 331 have a inverse? Does 723 have a inverse? 14. Prove Fermat's Theorem: If p is a prime number and a E Z, then p is a factor of a P - a. (HINT: Consider separately the cases when p is, or is not, a factor of a.) 15. Suppose a Rivest-Shamir-Adleman code is set up with p = 5, q = 179, s = 31 and t = 23. What is the coded form of the message "2"? (It may help to note that 2 10 = 1024.) Now decode your coded message and make sure you get 2 back. (This should only take 7 multiplications.) A last note on terminology. The relation we have called being "strangers" (taken from French usage) is usually called being "relatively prime". The function <p is called the Euler phi-function. Our "basic remainder theorem" is usually called the "division algorithm", although it is a fact and not an algorithm. 15