Introductory Number Theory

Transcription

1 Introductory Number Theory Lecture Notes Sudita Mallik May, 208

2 Contents Introduction. Notation and Terminology Prime Numbers Divisibility, GCD, and Prime Factorization 5 2. Divisibility in Z Greatest Common Divisors Prime Factorization Multilicative Functions 0 3. τ and σ Euler s φ Function µ and Möbius Inversion Formula* Theory of Congruences 6 4. Basic Proerties Residue Classes Theorems of Fermat and Euler Primitive Roots Linear Congruences Quadratic Recirocity Quadratic Congruences Quadratic Residues Legendre Symbol Quadratic Recirocity Law Additional Toics RSA Crytograhy Ellitic Curve Crytograhy Continued Fractions Partition Theory* Riemann Zeta Function

3 Sudita Mallik Introduction God made the integers, all else is the work of man. Leoold Kronecker Why are numbers beautiful? It s like asking why is Beethoven s Ninth Symhony beautiful. If you don t see why, someone can t tell you. I know numbers are beautiful. If they aren t beautiful, nothing is. Paul Erdös The number theory is one of the oldest branches of mathematics which is mainly the study of integers. It used to be called arithmetic before the twentieth century. Carl Friedrich Gauss is said to have claimed that Mathematics is the queen of the sciences and number theory is the queen of mathematics. Number theory has many alications including in crytograhy. Carl Friedrich Gauss ( ). Notation and Terminology N or Z + = {, 2, 3,...}, the set of natural numbers. Z = {0, ±, ±2, ±3,...}, the set of integers. { Q = },, q Z and q 0 the set of rational numbers. q R, the set of real numbers. n a i = a + a a n. E.g., i= n a i = a a 2 a n. E.g., i= n i = i= n i =: n! i= n(n + ) 2 A number theoretic notation: d n means d divides n (in Z), i.e., n = kd for some k Z. E.g. 2 8 and 2 9.

4 Sudita Mallik.2 Prime Numbers A rime number is an integer greater than that is only divisible by and itself. A comosite number is an integer greater than that is not a rime number. For examle, 2, 3, 5, 7, are rimes and 4, 6, 9, 2, 4 are comosites. All comosites are roduct of some other integers, in articular some rimes. We denote the set of rime numbers by P. Question. How many rime numbers are there? ( P =?) Theorem.. There are infinitely many rimes. Proof. (Euclid, 300 BC) Suose there are finite number of rimes: < 2 < < n. Let x = + 2 n. Note that x > n > and x is not a rime by our hyothesis. Then x has a divisor, in articular a rime divisor, say. This rime is one of, 2,..., n and thus 2 n. Since also x, x 2 n =. It contradicts the fact that no rime divides. Question. How often rime numbers occur? (rime distribution) First let us define a function π by π(n) being the number of rimes less than equal to n. For examle, π() = 0, π(2) =, π(0) = 4, π(0 6 ) = and by the receding theorem π(n) =. The following theorem gives an asymtotic estimate of π(n). lim n Theorem.2 (The Prime Number Theorem). π(n) n/ ln n for large n, more formally, π(n) n/ ln n, i.e., π(n) lim n n/ ln n =. First two roofs of the PNT were indeendently given by Jacques Hadamard and Charles Jean de la Valle-Poussin in 896. For n = 0 6, n/ ln n 72, 382 and π(n) = 78, 498. The following are two interesting consequence of the PNT. Corollary.3. For large n,. The robability of a random ositive integer n to be rime is almost / ln n, and 2. the nth rime n n ln n. Proof.. By the PNT, for large n, π(n) n/ ln n which imlies π(n)/n / ln n. 2. Note that π( n ) = n. By the PNT n = π( n ) n / ln( n ) for large n. Thus n n ln( n ). The result follows as ln( n ) ln(n) for large n (roof skied). For examle, for n = 0 6, n ln n 3, 85, 50 and n = 5, 485,

5 Sudita Mallik Dirichlet function li is defined by li(n) = n 2 dt ln t which is also a good estimate of π(n). Question. How to determine if a given integer n is rime? (rimality test) A naive way is to check if any integer from 2 to n divides n. A little better way is to concentrate on rime numbers from 2 to n. The following result gives a much more efficient test. Theorem.4. If a ositive integer n has no rime divisor n, then n is rime. Proof. (contraositive) Suose n is not rime. Then n = ab for some integers a, b where a b. So a 2 ab = n and a n. Now either a is rime or it has a rime divisor < a n. Examle. For n = 63, rimes n 2.8 are = 2, 3, 5, 7,. None of them divides 63. So 63 is rime. Using the receding theorem we can find all the rimes less than or equal to a given ositive integer n by the sieve of Eratosthenes: Consider integers 2, 3, 4,..., n. For each rime n, cross out 2, 3, 4,..., all the multiles of less than or equal to n. The remaining integers from 2 to n would be all the rimes less than or equal to n. Examle. For n = 30, rimes n 5.5 are = 2, 3, 5. For = 2, cross out 4, 6, 8,..., 30. Similarly for = 3, cross out 6, 9, 2,..., 30 and for = 5, cross out 0, 5, 20, 25, 30. The remaining integers are 2, 3, 5, 7,, 3, 7, 9, 23, 29 which are all the rimes 30. Some Structured Primes The nth Mersenne number is M n := 2 n for n. It is named after French riest Marin 3

6 Sudita Mallik Mersenne ( ) who stated that M = 2 is rime for = 2, 3, 5, 7, 3, 7, 9, 3, 67, 27, 257. In 876 French mathematician Edouard Lucas roved that M 27 is a rime but not M 67. A rime of the form 2 for a rime is called a Mersenne rime. The largest known rime number 2 77,232,97 is a Mersenne rime with 23,249,425 digits found by GIMPS (Great Internet Mersenne Prime Search) in 207. French mathematician Pierre de Fermat ( ) communicated to Mersenne and claimed that integers of the form 2 2n + are rime. The nth Fermat number is F n := 2 2n + for n 0 and a Fermat number that is a rime is called a Fermat rime. F 0, F, F 2, F 3, and F 4 are the only known Fermat rimes. It is unknown whether there are infinitely many Fermat s rime. Some Prime Conjectures In 92 German mathematician Edmund Landau oularized four roblems about rimes. Goldbach s conjecture: Every even integer greater than 2 can be written as the sum of two rimes. Twin rime conjecture: There are infinitely many rimes such that +2 is also a rime. Legendre s conjecture: There is a rime number between n 2 and (n + ) 2 for every ositive integer n. Near-square rime conjecture: There are infinitely many rimes of the form n 2 +. As of 208 these conjectures are still unresolved. Mathematicians have tried in vain to this day to discover some order in the sequence of rime numbers, and we have reason to believe that it is a mystery into which the human mind will never enetrate. Leonhard Euler 4

7 Sudita Mallik 2 Divisibility, GCD, and Prime Factorization 2. Divisibility in Z d divides n (in Z) means n = kd for some k Z. We denote it by d n. For examle, 2 8 and 2 9. Observation. Let a, b, and c be integers.. If a b and b c, then a c. 2. If a b and a c, then a (bx + cy) for all integers x and y. Proof.. Suose a b and b c. Then b = ra and c = sb for some integer r and s. So c = sb = s(ra) = (sr)a is divisible by a. 2. Suose a b and a c. Then b = ra and c = sa for some integer r and s. So for any integers x and y, bx + cy = rax + say = (rx + sy)a is divisible by a. Other divisibility roerties can be obtained similarly. Proosition. The following are true for all integers a and b.. If a b, then a a b. 2. If a b and b a, then a = ±b. Theorem 2. (Division Theorem). For given two integers a and b where b > 0, we can write a = bq + r for some unique integers q and r where 0 r < b. Proof. If b a, then q = a/b and r = 0. Suose b a. Let S = {a kb k Z such that a kb > 0}. Note that S N. Note a ( a )b b > 0. So a ( a )b S and thus S. By the well-ordering rincile (every non-emty set of ositive integers contains a least element) S has a smallest element, say r. Then r = a qb > 0 for some q Z. So a = bq + r. Now we show r < b. If r = b, then a = bq + b = (q + )b is divisible by b, a contradiction. Let r > b. Then a (q + )b = (a qb) b = r b > 0. So r b S contradicting that r is the smallest element in S. Thus r < b. To show uniqueness of q and r, suose a = bq + r for some unique integers q and r where 0 r < b. Then a a = (bq+r) (bq +r ) = 0 = b(q q )+(r r ) = r r = b(q q ). Since 0 r < b and b < r 0, we have b < r r < b. Since r r = b(q q ), b < b(q q ) < b which imlies < q q <. Thus q q = 0, i.e., q = q. Consequently r = r. 5

8 Sudita Mallik For a = bq + r in the Division Theorem, q and r are called the quotient and the remainder resectively. It can be verified that q = a b, the greatest integer less than or equal to a and b r = a b a b. Examle. For a = 63 and b = 5, q = a b = 32.6 = 33 and r = a b a b = 63 5( 33) = 2. Verify that 63 = 5 ( 33) Greatest Common Divisors The greatest common divisor of two integers a and b that are not all zero is the largest integer integer that divides both a and b. It is denoted by gcd(a, b). For examle, common divisors of a = 2 and b = 8 are ±, ±2, ±3, ±6. So gcd( 2, 8) = 6. Two integers a and b are called relatively rime or corime if gcd(a, b) =. For examle, since gcd(4, 9) =, 4 and 9 are relatively rime. Theorem 2.2 (Bézout s Lemma). Let a and b be integers, not both zero. Then there exist integers x and y such that gcd(a, b) = ax + by. Proof. If a = 0, then gcd(a, b) = b = ax + by for x = 0 and y = ±. Suose a 0. Let S = {au + bv u, v Z such that au + bv > 0}. For u = a and v = 0, au+bv = a 2 > 0. So a 2 S and S. By the well-ordering rincile (every non-emty set of ositive integers contains a least element) S has a smallest element, say d. Then d = ax + by > 0 for some x, y Z. Now we show d = gcd(a, b). By the Division Theorem, there exist unique integers q and r such that a = dq + r, 0 r < d. Then r = a dq = a (ax + by)q = a( xq) + b( yq). If r > 0, then r S contradicting the fact that d is the smallest element in S. So r = 0 which imlies a = dq. Thus d a. Similarly using b = dq + r, 0 r < d, we can show that d b. Then d is a common divisor of a and b. Suose c a and c b. Then c ax + by = d which imlies c d = d. Thus d = gcd(a, b). Corollary 2.3. Let a and b be integers and d = gcd(a, b). Then. gcd(a, b) = if and only if ax + by = for some integers x and y. ( a 2. gcd d, b ) =, i.e., a d d and b are relatively rime, d Examle. gcd(2, 30) = 6 = 2( 2) + 30() = 2(3) + 30( ). So gcd(2, 5) = gcd( 2 6, 30 6 ) = = 2 6 ( 2) () = 2 6 (3) ( ). 6

9 Sudita Mallik The following useful results also follow from Bézout s Lemma. Corollary 2.4. Let a, b, and c be integers.. If a c, b c, and gcd(a, b) =, then ab c. 2. If a bc and gcd(a, b) =, then a c. (Euclid s Lemma) Proof.. Suose a c, b c, and gcd(a, b) =. By Bézout s Lemma, ax + by = for some integers x, y. Then c = c = c (ax+by) = acx+bcy. Since a c and b c, c = ar = bs for some integers r, s. Then c = acx + bcy = absx + bary is divisible by ab. 2. Exercise. Question. How to find the GCD of two integers? The Euclidean Algorithm finds the GCD by reeatedly using the following result: Proosition. Let a and b be two integers. If a = bq + r for q, r Z, then gcd(a, b) = gcd(b, r). Proof. Let d = gcd(a, b). Since d a and d b, d a bq = r. So d is a common divisor of b and r. To show d = gcd(b, r), let c b and c r. Then c bq + r = a. Since c a and c b, c gcd(a, b) = d. Thus d = gcd(b, r). Theorem 2.5 (The Euclidean Algorithm). Let a and b be two ositive integers. Construct a sequence of integers {r, r 2, r 3,...} with r = a, r 2 = b where successively alied Division Theorem gives r i = q i+ r i+ + r i+2, 0 r i+2 < r i+, i =, 2, 3,.... If r n > 0 and r n+ = 0 for some integer n, then r n = gcd(a, b). Proof. Suose alying the Division Theorem reeatedly, we have By the receding result we get, r = q 2 r 2 + r 3, 0 r 3 < r 2, r 2 = q 3 r 3 + r 4, 0 r 4 < r 3,. r n 2 = q n r n + r n, 0 r n < r n, r n = q n r n + 0, 0 = r n+. gcd(a, b) = gcd(r, r 2 ) = gcd(r 2, r 3 ) = gcd(r 3, r 4 ) = = gcd(r n 2, r n ) = gcd(r n, r n ) = r n. 7

10 Sudita Mallik Examle. Let us find gcd(479, 272) by the Euclidean Algorithm. Thus gcd(479, 272) = = , 272 = , 9 = , 34 = 2 7. Note that the Euclidean Algorithm gives a way to write gcd(479, 272) as a linear combination of 479 and = = 9 3 ( ) = = 7 ( ) = ( 38) Prime Factorization Theorem 2.6 (Fundamental Theorem of Arithmetic). Every integer greater than can be written as a roduct of rimes and the roduct is unique if rime factors are written in non-decreasing order. Examle. 76 = = In the unique rime factorization we can relace the roduct of the same rime by a rime ower to get a unique rime-ower factorization: Every integer n > can be written as n = a a 2 2 a k k, for some unique rimes < 2 < < k and unique ositive integers a, a 2,..., a k. Note that if were rime, then we do not have the uniqueness in the rime factorization. For examle, 3 = 3 = 3. Proof of Theorem 2.6 (Existence) We rove the existence of rime factorization of n > by induction. For n = 2, n is a rime which is a rime roduct with a single term. Suose we have rime factorization for all integers n = 2, 3,..., k. Let n = k+. If n = k+ is a rime, then it is a rime roduct with a single term. Otherwise n = k + = ab for some integers a, b, < a, b < k +. By the induction hyothesis, a = 2 r and a = q q 2 q s for some rimes, 2,..., r, q, q 2,..., q s. Then n = k + = ab = 2 r q q 2 q s. So by mathematical induction we have rime factorization for all integers n >. To rove the uniqueness of rime factorization, we need the following results. 8

11 Sudita Mallik Lemma (Euclid s Lemma). Let a and b be integers. If a rime ab, then a or b. Proof. If a, we are done. Otherwise a and consequently gcd(a, ) =. By Bézout s Lemma, = gcd(a, ) = ax + y for some integers x and y. Then b = abx + by. Since ab and b, abx + by = b. Alying Euclid s lemma inductively we get the following result. Corollary 2.7. Let be a rime and a, a 2,..., a n be integers.. If a a 2 a n, then a k for some k =, 2,..., n. 2. If a a 2 a n and a, a 2,..., a n are rimes, then = a k for some k =, 2,..., n. Proof of Theorem 2.6 (Uniqueness) Suose n = 2 r and n = q q 2 q s for some rimes 2 r, q q 2 q s. We show r = s and i = q i for i =, 2,..., r. Since q q 2 q s, = q k for some k by the receding corollary. Then q. Similarly we can show that q. Thus = q and 2 3 r = q 2 q 3 q s. Reeating this rocess, we get 2 = q 2 and 3 4 r = q 3 q 4 q s. Continuing this rocess we get r = q r and = q r+ q s if r < s or s = q s and s+ r = if r > s. Since each i, q j >, we cannot have = q r+ q s and s+ r =. Thus r = s and i = q i for i =, 2,..., r. 9

12 Sudita Mallik 3 Multilicative Functions A number-theoretic or arithmetic function is a function whose domain is the set of ositive integers. A number-theoretic function f is called multilicative if f(mn) = f(m)f(n), for all relatively rime ositive integers m and n (i.e., gcd(m, n) = ). If n = a a 2 2 a k k is the rime-ower factorization of n >, then by the multilicativity of f we have f(n) = f( a a 2 2 a k k ) = f(a )f( a 2 2 ) f( a k k ). In this chater we study four multilicative functions. 3. τ and σ Definition. For any ositive integer n, τ(n) is the number of all ositive divisors of n and σ(n) is the sum of all ositive divisors of n. Examle. The ositive divisors of n = 2 are, 2, 3, 4, 6, 2. So τ(2) = 6 and σ(2) = = 28 Note that τ and σ can also be defined as sums as follows: τ(n) = d n and σ(n) = d n d, where d runs over all the ositive divisors of n. This would be our standard notation throughout for the sums over the ositive divisors of n. Theorem 3.. Let n = a a 2 2 a k k (a) τ(n) = (a + )(a 2 + ) (a k + ) and (b) σ(n) = a + a ak+ k k. be the rime-ower factorization of n >. Then Proof. (a) The ositive divisors of n = a a 2 2 a k k are b b 2 2 b k k where 0 b i a i for i =, 2,..., k. There are a i + choices for b i for i =, 2,..., k. Thus τ(n) = (a + )(a 2 + ) (a k + ). (b) Note that each ositive divisor of n = a a 2 2 a k k the exansion of the roduct aears exactly once as a term in ( a )( a 2 2 ) ( + k + 2 k + + a k k ), where each term in the exansion of the roduct is a ositive divisor of n. Thus σ(n) = (+ + + a )( a 2 2 ) (+ k + + a k k ) = a + a ak+ k k. 0

13 Sudita Mallik Examle. For 76 = , τ(76) = (3 + )( + )(2 + ) = 24 and σ(76) = = Theorem 3.2. τ and σ are multilicative functions. Proof. Let m and n be two relatively rime ositive integers. We show τ(mn) = τ(m)τ(n) and σ(mn) = σ(m)σ(n). Let m = a a 2 2 ar r and n = q b q b 2 2 qs bs be the rime-ower factorizations of m and n resectively. Since gcd(m, n) =, i q j for all i, j and a rime factorization of mn is mn = a a 2 2 ar r q b q b 2 2 qs bs. Then τ(mn) = (a + )(a 2 + ) (a r + )(b + )(b 2 + ) (b s + ) = τ(m)τ(n) and σ(mn) = a + a ar+ r r q b + q We have an alternative roof using the following result. q b 2+ 2 q 2 qbs+ s q s = σ(m)σ(n). Theorem 3.3. Let f be a multilicative function and F be an arithmetic function defined by F (n) = f(d). d n Then F is also a multilicative function. Proof. Let m and n be two relatively rime ositive integers. We show F (mn) = f(d) = F (m)f (n). d mn Note that since gcd(m, n) =, each ositive divisor d of mn is a unique roduct of a divisor d of m and a divisor d 2 of n where gcd(d, d 2 ) =. Thus F (mn) = d mn f(d) = f(d d 2 ) d m d 2 n = f(d )f(d 2 ) since gcd(d, d 2 ) = d m d 2 n = f(d ) f(d 2 ) d m d 2 n = F (m)f (n). Note that the constant function f (n) = and the identity function f 2 (n) = n are multilicative functions. Since τ(n) = d n = d n f (d) and σ(n) = d n d = d n f 2(d), τ and σ are multilicative functions by the receding theorem.

14 Sudita Mallik 3.2 Euler s φ Function Euler introduced the following number-theoretic function called Euler s φ function or Euler s totient function. Definition. For any ositive integer n, φ(n) is the number of all ositive integers less than or equal to n that are relatively rime to n. Examle. φ() =, φ(2) =, φ(3) = 2, φ(4) = 2, φ(5) = 4. Observation. Let n > be a ositive integer. Then n is rime if and only if φ(n) = n. Proosition. Let be a rime and a be a ositive integer. Then ( φ( a ) = a a = a ). Proof. The ositive integers less than or equal to a that are not relatively) rime to a are a divisors of a :, 2, 3,..., a. Thus φ( a ) = a a = ( a. To derive a formula for φ we need the multilicativity of φ. Theorem 3.4. φ is a multilicative function. Theorem 3.5. Let n = a a 2 2 a k k φ(n) = n be the rime-ower factorization of n >. Then ( ) ( 2 ) Proof. Using the multilicativity of φ reeatedly we get By the last roosition we have φ(n) = φ( a )φ( a 2 2 ) φ( a k k ) = k φ(n) = φ( a ( a 2 2 a 3 3 a k k )) = φ( a )φ( a 2 2 ( a 3 3 a k k )) = φ( a )φ( a 2 2 )φ( a 3 3 a k. = φ( a )φ( a 2 2 ) φ( a k k ). ( k ). k ) ) ) ( ( k 2 2 ( 2 a k k ) ) = a a 2 2 a k k ( ( 2 ) ) ( ) = n ( ( 2 k. ( k ) k ) Examle. For 76 = , φ(76) = 76 ( ( ) ( ) 2) 3 7 = =

15 Sudita Mallik Proof of Theorem 3.4. (sketch) Let gcd(m, n) =. We show that φ(mn) = φ(m)φ(n). For each i =, 2,..., m, define S i := {i, i + m, i + 2m,..., i + (n )m}. Note that S, S 2,..., S m artition {, 2,..., mn} and each S i contains exactly φ(n) integers that are relatively rime to n (why?). Since gcd(i + dm, m) = gcd(i, m), if i is relatively rime to m, all integers in S i are relatively rime to m. Thus exactly φ(m) of S, S 2,..., S m contain all the ositive integers relatively rime to m. Since each S i contains exactly φ(n) integers that are relatively rime to n, there are exactly φ(m)φ(n) integers in S S 2 S m = {, 2,..., mn} that are relatively rime to both m and n. The result follows as a ositive integer is relatively rime to mn if and only if it is relatively rime to both m and n. Gauss noticed the following roerty of φ. Theorem 3.6. Let n be a ositive integer. Then n = d n φ(d). Proof. For each ositive divisor d of n, we define a subset S d of {, 2,..., n} as follows: S d = {x x n, gcd(x, n) = d}. Suose the ositive divisors of n are d, d 2,..., d k. Notice that S d, S d2,..., S dk artition {, 2,..., n}. Then n = k i= S d i = d n S d. Now note that x S d if and only if gcd(x, n) = d if and only if gcd( x, n) =. Then S d d d is the number ositive integers less than or equal to n that are relatively rime to n. Thus S d d d = φ( n) and d n = S d = ( n ) φ. d d n d n As d runs over all the ositive divisors of n, so does n and consequently d n = ( n ) φ = φ(d). d d n d n Examle. The ositive divisors of n = 2 are, 2, 3, 4, 6, 2. So φ(d) = φ() + φ(2) + φ(3) + φ(4) + φ(6) + φ(2) = = 2. d 2 Note that S = {, 5, 7, }, S 2 = {2, 0}, S 3 = {3, 9}, S 4 = {4, 8}, S 6 = {6}, S 2 = {2}. 3

16 Sudita Mallik 3.3 µ and Möbius Inversion Formula* German mathematician August Ferdinand Möbius introduced a number-theoretic function µ called Möbius µ function as follows: µ() = and for any integer n > with the rime-ower factorization n = a a 2 2 a k k, µ(n) = { 0 if a i 2 for some i ( ) k if a i = for all i. Alternately µ(n) can be defined using the square-freeness of n for its rime factors: 0 if n is not square-free µ(n) = if n is a square-free roduct of an even number of rimes if n is a square-free roduct of an odd number of rimes. Examle. µ() =, µ(2) =, µ(3) =, µ(4) = 0, µ(5) =, µ(6) =, and µ() = for any rime. Theorem 3.7. µ is a multilicative function. Proof. Let m and n be two relatively rime ositive integers. We show µ(mn) = µ(m)µ(n). If m or n is not square-free, so is mn and then µ(m)µ(n) = 0 = µ(mn). Suose m and n are square-free where m = 2 r and n = q q 2 q s. Since gcd(m, n) =, i q j for all i, j. Then mn = 2 r q q 2 q s and µ(mn) = ( ) r+s = ( ) r ( ) s = µ(m)µ(n). Lemma. For any ositive integer n, µ(d) = d n { if n = 0 if n >. Theorem 3.8 (Möbius Inversion Formula). Let f and F be two number-theoretic functions where F (n) = f(d). d n Then f(n) = d n ( n ) µ F (d). d Proof. First note that as d runs over all the ositive divisors of n, so does n. Then d ( n ) µ F (d) = ( n ) µ(d)f d d d n d n = d n = d n µ(d) c n d µ(d)f(c) f(c) = c n c n d µ(d)f(c) since d n, c n d c n, d n c d n c 4

17 Sudita Mallik = c n f(c) d n c µ(d) By Lemma 3.3, d n c µ(d) is nonzero if and only if n =, i.e., c = n. Thus c ( n ) µ F (d) = f(c) µ(d) d d n c n d n c = f(c) µ(d) c n d = n c c=n = f(n). Note that since τ(n) = d n and σ(n) = d n d, by the Möbius Inversion Formula we have = d n ( n ) µ τ(d) and n = d d n ( n ) µ σ(d). d 5

18 Sudita Mallik 4 Theory of Congruences The concet of congruence was introduced in the book Disquisitiones Arithmeticae ( Arithmetical Investigations in Latin) written by 2 years old Carl Friedrich Gauss in 798. Given a ositive integer n, integers a and b are congruent modulo n if their difference is an integer multile of n. We denote it by a b (mod n) (Read as a is congruent to b modulo n). a b (mod n) n (a b) a = kn + b for some k Z. For examle, 7 (mod 3) and 9 (mod 3), i.e., 9 and are incongruent modulo Basic Proerties Many arithmetic roerties and oerations on congruence are similar to that of equality as follows. Proosition. Let n be a ositive integer. The following hold for all integers a, b, c, and d. (a) a a (mod n) (Reflexivity). (b) a b (mod n) b a (mod n) (Symmetry). (c) If a b (mod n) and b c (mod n), then a c (mod n) (Transitivity). (d) If a b (mod n), then a + c b + c (mod n) (Translation). (e) If a b (mod n), then ac bc (mod n) (Scaling). (f) If a b (mod n) and c d (mod n), then a + c b + d (mod n) (Addition). (g) If a b (mod n) and c d (mod n), then ac bd (mod n) (Multilication). (mod n) for all nonnegative integers k (Exonentia- (h) If a b (mod n), then a k b k tion). Proof. (a) and (b) are obvious. For (c), suose a b (mod n) and b c (mod n). Then a b = rn and b c = sn for some integers r and s. Then a c = (a b) + (b c) = rn + sn = (r + s)n which means a c (mod n). (d) and (e) are easy. For (f) and (g), suose a b (mod n) and c d (mod n). Then a b = xn and c d = yn for some integers x and y. Then (a + c) (b + d) = (a b) + (c d) = xn + yn = (x + y)n which means a + c b + d (mod n). For (g), note that a = b + xn and c = d + yn. Then ac = (b + xn)(d + yn) = bd + (by + xd + xyn)n which means ac bd (mod n). (h) holds by inductively using c = a and d = b in (g). 6

19 Sudita Mallik Let us use the above roerties for the following divisibility roblem. Problem. Determine if 0 divides It suffices to determine if (mod 0). Note that 7 7 (mod 0). Then (mod 0), (mod 0), and (mod 0) by (h) and (e). Now since 23 = , 7 23 = (7 4 ) () (mod 0) by (h) and (e). Note that while the converse of (d) is true, but not the converse of (e). For examle, (mod 6) but 6 2 (mod 6). How to divide both sides of a congruence? Theorem 4.. ( Let n be ) a ositive integer. Let a, b, and c be integers. If ac bc (mod n), then a b mod. n gcd(n,c) Proof. Suose ac bc (mod n). Then (a b)c = ac bc = kn for some integer k. Dividing both sides by d = gcd(n, c), we get (a b) c d = k n d. So n d (a b) c d. Since gcd( n d, c d ) =, n d (a b). Corollary 4.2. Let n be a ositive integer. The following hold for all integers a, b, and c. (a) If ac bc (mod n) and gcd(c, n) =, then a b (mod n). (b) If ac bc (mod n) for a rime n c, then a b (mod n). A nice alication of modular arithmetic finds w, the day of the week, where w = 0 means Sunday,..., w = 6 means Saturday: For the date d/m/00c + y, c 6, 0 y 99, c y w d + 2.6m 0.2 2c + y + + (mod 7), 4 4 where m = means March,..., m = 2 means February. For 4th of November, 2024 we have w (mod 7). 4 4 So 4th of November, 2024 is a Monday. 4.2 Residue Classes Let m be a ositive integer. For an integer a, the residue class (or, congruence class) of a modulo m is the set a := {x Z x a (mod m)}. Examle. For m = 3, 0 = 3Z, = {, ± 3, ± 6, ± 9,...}, 2 = {2, 2 ± 3, 2 ± 6, 2 ± 9,...}. 7

20 Sudita Mallik It easy to check for any two integers a and b that a = b if and only if a b (mod m). Also either a = b or a b =. Since the congruence is an equivalence relation (see Pro 4.), it artitions Z into residue classes. Proosition. For any ositive integer m, Z is artitioned into m residue classes modulo m, viz., 0,,, m. Proof. It easy to check that 0,,, m are disjoint. Now we show that Z = 0 m. Let x Z. By the division algorithm, we have x = qm + r for some integers q and r where 0 r m. Then x r (mod m) which imlies x r for some r, 0 r m. So x 0 m and thus Z = 0 m. A comlete set of residues modulo m is a set of integers {a, a 2,..., a m } such that each a i belongs to exactly one of the residue classes 0,,..., m. We write Z m := {0,,..., m }. Examle. For m = 3, {0,, 2}, {, 0, }, { 6, 7, }, and {n, n +, n + 2} for any integer n are comlete sets of residues modulo 3. So Z 3 = {0,, 2}. We define addition and multilication on residue classes as follows: a + b = a + b, ab = ab Examle. Modulo 5, = = 0 and 2 3 = 2 3 =. A residue class a modulo m is relatively rime to m if gcd(a, m) =. There are exactly φ(m) integers among 0,,..., m that are relatively rime to m forming a reduced set of residues modulo m. So there are φ(m) residue classes modulo m relatively rime to m. Definition. The set of residue classes relatively rime to m under multilication modulo m forms an abelian (commutative) grou called the multilicative grou modulo m denoted by Z m (or, Z m, U m ). It is also called the unit grou of Z m as it consists of invertible elements (or units) of Z m. Closure: a, b Z m = gcd(a, m) = = gcd(b, m) = gcd(ab, m) = = ab = ab Z m Associativity: For a, b, c Z m, (ab)c = abc = a(bc). Identity: as a = a = a for all a Z m. Inverse: For a Z m, a x = x a = where x is the unique solution to ax (mod m) (why?). We denote this x by (a). So a (a) = (a) a =. Commutativity: For a, b Z m, ab = ab = ba = ba. Order: Z m = φ(m) as discussed above. So for rime, Z = and Z = {, 2,..., }. Examle. Z 8 = φ(8) = 4. Since, 3, 5, 7 are relatively rime to 8 (i.e., {, 3, 5, 7} is a reduced set of residues modulo 8), Z 8 = {, 3, 5, 7}. Note that 3 3 = 3 3 =. So (3) = 3, inverse of itself. 8

21 Sudita Mallik Lemma. Let be a rime. If (a) = a for some a Z, then a = or. Proof. Suose (a) = a for some a Z. Then a 2 = a 2 =, i.e., a 2 (mod ). So a 2 0 (mod ) which imlies (a + )(a ) 0 (mod ), i.e., (a + )(a ) = 0 / Z. Since Z is closed under multilication modulo, a + = 0 or a = 0, i.e., (a + ) 0 (mod ) or (a ) 0 (mod ). Thus a = = or a =. Using the above lemma we rove the following famous result. Theorem 4.3 (Wilson s Theorem, 770). For a rime, ( )! (mod ). Proof. It suffices to rove ( )! =, i.e., 2 = which means 2 2 =. By the receding lemma, the only elements of Z that are inverse of themselves are and. So in the roduct 2 2, each element gets multilied by its inverse on rearrangement. Thus 2 2 =. Examle. 0! + is divisible by. Use = in Wilson s Theorem. Theorem 4.4 (Converse of Wilson s Theorem). If (n )! (mod n) for a ositive integer n >, then n is rime. Proof. Suose (n )! (mod n) for a ositive integer n >. Let n be a comosite number. Then n has a divisor d, 2 d n. Since n (n )!+, d (n )!+. Note that d (n )! as d n. Since d (n )! + and d (n )!, d = [(n )! + ] (n )!, a contradiction. 4.3 Theorems of Fermat and Euler In this section we study two imortant theorems of congruence. Theorem 4.5 (Fermat s Little Theorem, 640). If is a rime and a is an integer not divisible by, then a (mod ). Proof. We claim that {a, 2a,..., ( )a} = {, 2,..., }(= Z ). First of all ra 0 for r =, 2,...,. Otherwise ra for some r =, 2,...,. Since a, r, a contradiction. To show distinctness, suose ra = sa for some integers r < s which imlies (s r)a = 0. Then (s r)a. Since a, (s r), a contradiction. Thus {a, 2a,..., ( )a} = {, 2,..., } and consequently a 2a ( )a = 2 = a ( )! = ( )! = a ( )! ( )! (mod ) = a (mod ) as gcd(( )!, ) =. 9

22 Sudita Mallik Examle. To determine (mod ), using = in FLT we get 2 0 (mod ). Note that 64 = Then 2 64 = (2 0 ) () (mod ). The converse of FLT is not true as (mod 34) but 34 = 3 is not a rime. The first roof of FLT was ublished by Euler in 736. But more than 50 years ago a similar roof was found in an unublished manuscrit by Leibniz. Sometimes FLT is written in a more general form: Corollary 4.6. If is a rime, then a a (mod ) for all integers a. To see this, note that if a is divisible by, then a 0 a (mod ). Otherwise it is FLT. Using FLT, we have a robabilistic rimality test called the Fermat Primality Test: To test rimality of a given integer n >, chose a random ositive integer a < n not divisible by n. If a n is not divisible by n, then n is not a rime. Otherwise n is a robable rime. Theorem 4.7 (Euler s Theorem, 736). If n is a ositive integer and a is an integer such that gcd(a, n) =, then a φ(n) (mod n). Euler s theorem is a generalization of FLT because for a rime n, φ(n) = n and also note that gcd(a, n) = n a. Proof of Euler s Theorem. Suose S = {k, k 2,..., k φ(n) } is the set of integers from {, 2,..., n} that are relatively rime to n. We claim that {k a, k 2 a,..., k φ(n) a} = {k, k 2,..., k φ(n) }(= Z n). For each k i S, gcd(k i, n) = and gcd(a, n) =. Then gcd(k i a, n) = (gcd ro), i.e., k i a Z n for all k i S. To show distinctness, suose k i a = k j a for some integers k i < k j S which imlies (k j k i )a = 0. Then n (k j k i )a. Since gcd(a, n) =, n (k j k i ), a contradiction. Thus {k a, k 2 a,..., k φ(n) a} = {k, k 2,..., k φ(n) } and consequently k a k 2 a k φ(n) a = k k 2 k φ(n) = a φ(n) k k 2 k φ(n) = k k 2 k φ(n) = a φ(n) k k 2 k φ(n) k k 2 k φ(n) (mod n) = a φ(n) (mod n) as gcd(k k 2 k φ(n), n) =. Euler s Theorem lays a crucial role in the RSA crytograhy (978). Note that the converse of Euler s Theorem is also true: Corollary 4.8. For ositive integers n and a, if a φ(n) (mod n), then gcd(a, n) =. Examle. To determine (mod 0), using n = 0 in Euler s Theorem we get 7 φ(0) = 7 4 (mod 0). Note that 66 = Then 2 66 = (7 4 ) () (mod 0). 20

23 Sudita Mallik 4.4 Primitive Roots Let n be a ositive integer and a be an integer relatively rime to n. The order of a modulo n is the smallest ositive integer k for which a k (mod n). By Euler s theorem, k φ(n). Note that in the multilicative grou Z n, the order of a is the order of a modulo n. Examle.. For a = 3, modulo n = 8 we have a 3, a 2. Thus 3 has order 2 modulo 8. In Z 8, the order of 3 is 2. Note that the order is 2 < 4 = φ(0). 2. For a = 3, modulo n = 0 we have a 3, a 2 9, a 3 7, a 4. Thus 3 has order 4 modulo 0. Note that the order is 4 = φ(0). Proosition. Let k be the order of a modulo n. If a t (mod n) for a ositive integer t, then k t. In articular, k φ(n). Proof. Suose a t (mod n) for a ositive integer t. Then obviously t k. By the Division Theorem t = kq + r, 0 r < k. Then a t = a kq+r = (a k ) q a r. Since a t (mod n) and a k (mod n), we have a r (mod n). If 0 < r < k, a r (mod n) contradict that k is the order of a modulo n. Thus r = 0 and consequently k t = kq. Finally, since a φ(n) (mod n), k φ(n). If the order of a modulo n is φ(n) (i.e., the smallest ositive integer k for which a k (mod n) is k = φ(n)), then a is called a rimitive root of n or a rimitive root modulo n. Note that in that case {a, a 2,..., a φ(n) } is a reduced set of residues modulo n, i.e., Z n = {a, a 2,..., a φ(n) } ( = a is a generator of Z n). (why?) Examle.. 3 has order 4 = φ(0) modulo 0. So 3 is a rimitive root of 0. Note that 3 is a generator of Z 0 = {3 = 3, 3 2 = 9, 3 3 = 7, 3 4 = }. 2. The ositive integers relatively rime to n = 8 are, 3, 5, 7. Their orders modulo 8 are, 2, 2, 2 resectively. None of them is 4 = φ(8). So 8 has no rimitive roots. Also Z 8 has no generators. Proosition. The number of rimitive roots of a ositive integer n is either 0 or φ(φ(n)). Proof. Suose n has a rimitive root a. Then {a, a 2,..., a φ(n) } is a reduced set of residues modulo n. For k =, 2,..., φ(n), the order of a k φ(n) is (why?). Then for k = gcd(k, φ(n)), 2,..., φ(n), a k has order φ(n) if and only if gcd(k, φ(n)) =. Since the number of ositive integers k φ(n) is φ(φ(n)), the number of rimitive roots of n is φ(φ(n)). 2

24 Sudita Mallik 4.5 Linear Congruences A linear congruence in one variable x is a congruence of the form ax b (mod n), for some integers a and b. We study solutions of linear congruences such as 9x 6 (mod 5). Theorem 4.9. Let a, b, and n be ositive integers where d = gcd(a, n). (a) ax b (mod n) has a solution if and only if d divides b. (b) If d b, then there are d incongruent solutions modulo n: x 0 + i n, i = 0,,..., d d where ax 0 b (mod n). Proof. (a) Suose ax b (mod n) has a solution c. Then ac b (mod n) = ac b = kn for some integer k. Since d = gcd(a, n) divides a and n, d divides b = ac kn. Conversely let d = gcd(a, n) divides b, i.e., b = td for some integers t. By Bézout s Lemma d = ar + ns for some integers r and s. Then td = tar + tns which imlies b = a(tr) + n(ts) = a(tr) = b + n( ts) = a(tr) b (mod n). (b) Suose d b and ax 0 b (mod n). Consider a solution x of ax b (mod n). Note ax ax 0 b b (mod n), i.e., a(x x 0 ) 0 (mod n). Then dividing both sides by a, x x 0 0 ( ) mod n d by Theorem 4.. So x = x0 + i n for some integer i. To get incongruent d solutions modulo n, consider a solution x = x 0 + j n for some integer j. If x and d x are congruent modulo n, then x 0 + i n d x 0 + j n d (mod n) = in d j n d (mod n). Since gcd( n, n) = n, dividing both sides by n, by Theorem 4. we get d d d ( ( n )) i j mod n/ = i j (mod d). d Thus the incronguent solutions modulo n are x = x 0 + i n d integers modulo d such as i = 0,,..., d. where i runs over incronguent Corollary 4.0. Suose gcd(a, n) =. Then (a) ax b (mod n) has a unique solution modulo n, and (b) ax (mod n) has a unique solution modulo n which is denoted by a modulo n. Examle. 9x 6 (mod 5) has a solution because gcd(9, 5) = 3 divides 6. gcd(9, 5) = 3, there are three incongruent solutions modulo 5: Since x x 0, x 0 + 5, x (mod 5), where x 0 is a articular solution modulo 5. There are a coule of ways to find x 0 : 22

25 Sudita Mallik. We find gcd(9, 5) = 3 by the Euclidean Algorithm (Theorem 2.5): 5 = 9 + 6, 9 = = 2 3. So 3 = 9 6 = 9 (5 9) = So 9 2 = Multilying by 2, we get 9 4 = , i.e., x 0 = 4 is a solution to 9x 6 (mod 5). Thus three incongruent solutions modulo 5 are x 4, 9, 4 (mod 5). 2. To find x 0, first divide 9x 6 (mod 5) by gcd(9, 5) = 3 and get 3x 2 (mod 5). (a) Since gcd(3, 5) =, there is a unique solution which is one of 0,, 2, 3, 4. So start multilying 3 by each of them until we get 2 modulo 5: (mod 5), 3 2 (mod 5), (mod 5), (mod 5), (mod 5). Then x 0 = 4 is a solution to 3x 2 (mod 5) and consequently to 9x 6 (mod 5). (b) Alternatively multily both sides of 3x 2 (mod 5) by 3 modulo 5. So start multilying 3 by 2, 3, 4 until we get modulo 5: 3 2 (mod 5) = 3 2 (mod 5). Then 2 3x 2 2 (mod 5) = x 4 (mod 5). So x 0 = 4 is a solution to 3x 2 (mod 5) and consequently to 9x 6 (mod 5). Thus three incongruent solutions modulo 5 are x 4, 9, 4 (mod 5). Now we study systems of linear congruences such as x 2 (mod 3), x 3 (mod 5), x 2 (mod 7). This is the formulation of the following roblem found in the third century Chinese book Sunzi Suanjing by Sunzi: Find an integer that leaves remainder 2 when divided by 3, remainder 3 when divided by 5, and remainder 2 when divided by 7. Now we solve the system directly by a general technique as follows: x 2 (mod 3) = x = 2 + 3r. Plugging it in x 3 (mod 5), we get (2 + 3r) 3 (mod 5) = 3r (mod 5) = 6r 2 (mod 5) = r 2 (mod 5) = r = 2+5s. Plugging it in x = 2 + 3r, we get x = 2 + 3(2 + 5s) = 8 + 5s. Plugging it in x 2 (mod 7), we get (8 + 5s) 2 (mod 7) = 5s 6 (mod 7) = s (mod 7) = s = + 7t. Plugging it in x = 8 + 5s we get x = 8 + 5( + 7t) = t = x 23 (mod 05). We will solve it using a better technique by the Chinese Remainder Theorem (CRT in short). 23

26 Sudita Mallik Theorem 4. (Chinese Remainder Theorem). If ositive integers n, n 2,..., n k are airwise relatively rime, then the following system of linear congruences has a unique solution modulo n n 2 n k : x a (mod n ), x a 2 (mod n 2 ),..., x a k (mod n k ). Proof. Suose ositive integers n, n 2,..., n k are airwise relatively rime. Let n = n n 2 n k. Let N i = n/n i for i =, 2,..., k. Since gcd(n i, n j ) = for all j i, gcd(n i, N i ) = which imlies N i x = (mod n i ) has a unique solution, say y i. We show that y := y a N + y 2 a 2 N y k a k N k is a simultaneous solution to the system, i.e., y a i (mod n i ) for i =, 2,..., k. Since n i N j for all j i, N j 0 (mod n i ) for all j i and consequently y = y a N + y 2 a 2 N y k a k N k a i y i N i (mod n i ). Since N i y i (mod n i ), a i y i N i a i (mod n i ). Thus y = y a N + y 2 a 2 N y k a k N k y i a i N i a i (mod n i ). To show the uniqueness of the solution y modulo n, let z be a simultaneous solution. Then y z a i (mod n i ) for i =, 2,..., k. So n i (z y) for i =, 2,..., k. Since n, n 2,..., n k are airwise relatively rime, n n 2 n k (z y) by Corollary 2.4. Thus z y (mod n). Examle. Let us solve x 2 (mod 3), x 3 (mod 5), x 2 (mod 7). Let n = = 05. Let N = n/3 = 35, N 2 = n/5 = 2, and N 3 = n/7 = 5. Now linear congruences 35x (mod 3), 2x (mod 5), 5x (mod 7) have unique solutions x = 2,, resectively. Then y = y a N + y 2 a 2 N 2 + +y 3 a 3 N 3 = = 233. Thus the unique solution is (mod 05). Note that a linear congruence with large integers can be converted into a system of linear congruences with smaller integers. For examle, consider x 6 (mod 05). Since 05 = 3 5 7, it can be converted to the system x 6 (mod 3), x 6 (mod 5), x 6 (mod 7). This technique together with CRT is useful in integer arithmetic in comuters. 24

27 Sudita Mallik 4.6 Quadratic Recirocity In this section we discuss techniques to solve quadratic congruences: ax 2 +bx+c 0 (mod n) Quadratic Congruences We assume a 0 (mod n). Otherwise ax 2 + bx + c 0 (mod n) reduces to the linear congruence bx + c 0 (mod n). Now we show that solving ax 2 + bx + c 0 (mod n) is equivalent to solving the following system Case. gcd(4a, n) =. Then y 2 b 2 4ac (mod n), 2ax y b (mod n). ax 2 + bx + c 0 (mod n) 4a(ax 2 + bx + c) 4a 0 (mod n) (2ax + b) 2 b 2 4ac (mod n) y 2 b 2 4ac (mod n), 2ax y b (mod n). Case 2. gcd(4a, n) >. Then 4a = kd where gcd(k, n) =. Similarly we can show that ax 2 + bx + c 0 (mod n) y 2 b 2 4ac (mod dn), 2ax y b (mod dn). Because of the above equivalency we concentrate on a quadratic congruence of the form x 2 a (mod n) where n is an odd rime that does not divide a. Note that if n is an odd rime and n a, then gcd(4a, n) = and we get the above equivalent system. Also note that if n a, then x 2 a (mod n) becomes x 2 0 (mod n) giving a unique solution x 0 (mod n). Examle. Let us solve x 2 + 4x (mod 5). Since gcd(4, 5) =, it is equivalent to y (mod 5), 2 x y 4 (mod 5). y 2 4 (mod 5) has two solutions y ±2 2, 3 (mod 5). Now for each y, we solve 2x y 4 (mod 5). For y = 2, 2x 4 (mod 5) = x 2 3 (mod 5). Similarly for y = 3, 2x 4 (mod 5) = x 2 (mod 5). Thus solutions are x 2, 4 (mod 5). Proosition. Let be an odd rime and a. Then x 2 a (mod ) has either no solution or exactly two incongruent nonzero solutions of the form ±x 0. Proof. If x 0 is a solution (which is obviously nonzero as a), then so is x 0 x 0 (mod ). Note that x 0 is incongruent to x 0 modulo because x 0 x 0 (mod ) = 2x 0 0 (mod ) = x 0 0 (mod ). To show there are exactly two incongruent solutions, let z be a solution. Then z 2 x 2 0 a (mod ) = (z + x 0 )(z x 0 ) = z 2 x (mod ) = (z + x 0 ) or (z x 0 ) = z x 0 (mod ) or z x 0 (mod ). 25

28 Sudita Mallik Quadratic Residues Let be an odd rime and a (which imlies gcd(a, ) = ). Now we study those secial values of a for which x 2 a (mod ) has a solution, i.e., a is a square mod. If x 2 a (mod ) has a solution, a is called a quadratic residue of. Otherwise a is called a quadratic nonresidue of. Examle. Let us find quadratic residues of the odd rime = (mod 7) (mod 7) (mod 7) So x 2 a (mod 7) has a solution when a =, 2, 4 and no solution when a = 3, 5, 6. Thus quadratic residues of = 7 are, 2, 4 and quadratic nonresidues of = 7 are 3, 5, 6. Observation. Let be an odd rime and a. Then has exactly ( )/2 residues and ( )/2 nonresidues among, 2,...,. The reason is x 2 a (mod ) has either no or two solutions. Theorem 4.2 (Euler s criterion, 748). Let be an odd rime and a. Then a is a quadratic residue of if and only if a 2 (mod ). Proof. Suose a is a quadratic residue of. Then x 2 0 a (mod ) for some integer x 0. Since a, x 0. By FLT x 0 (mod ). Then a 2 (x 2 0) 2 x 0 (mod ). Conversely suose a 2 (mod ). Since is rime, has a rimitive root, say r (why?). Then r (mod ) and r is a generator of Z. Then a r k (mod ) for some ositive integer k. Note that k r 2 a 2 (mod ). Since the order of r is, by Proosition 4.4, ( ) k( ) 2 which imlies k = 2t is an even integer. Then (r t ) 2 r k a (mod ) giving r t as a solution of x 2 a (mod ). Thus a is a quadratic residue of. Note that for an odd rime a, ) ) (a 2 (a 2 + a 0 (mod ). Then either ( ) a 2 or ( ) a 2 +. Because if divides both, then 2 = (a 2 +) (a 2 ), a contradiction. Thus either a 2 (mod ) or a 2 (mod ). 26

29 Sudita Mallik Corollary 4.3. Let be an odd rime and a. Then a is a quadratic nonresidue of if and only if a 2 (mod ). Examle. Let us see whether a = 4 is a quadratic residue of = 7. Since (mod 7), So 4 is a quadratic residue of 7. Similarly for a = 5, (mod 7). So 5 is a quadratic nonresidue of Legendre Symbol For an odd ( ) rime, the receding discussions can be simly summarized using the Legendre a symbol read as a on and defined by ( ) a = 0 if a if a is a quadratic residue mod if a is a quadratic nonresidue mod. Note that the number of solutions of x 2 a (mod ) is + Examle. Since quadratic residues of = 7 are, 2, 4 and quadratic nonresidues of = 7 are 3, 5, 6. We have ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) = 0, =, =, =, =, =, =, = Now we restate Euler s criterion using the Legendre symbol: Theorem 4.4 (Euler s criterion). Let be an odd rime and a an integer not divisible by. Then ( ) a a 2 (mod ). ( ) ( ) Examle. By Euler s criterion, ( ) 2 (mod ). Since both and ( ) 2 ( ) are or, = ( ) 2 for any odd rime. Corollary 4.5. Let be an odd rime. The following hold for any given integers a and b. ( ) ( ) a 2 (a) = if a and 0 otherwise. In articular =. ( ) ( ) a b (b) If a b (mod ), then =. ( ) ( ) ( ) ab a b (c) =, i.e., the Legendre symbol is a comletely multilicative function on the numerator. ( a ). 27

30 Sudita Mallik Proof. (a) If a, then x 2 a 2 ( ) a 2 (mod ) has solutions ±a. Thus =. (b) If a b (mod( ), ) then( x 2 ) a (mod ) has a solution if and only if x 2 b (mod ) has a b a solution. Thus =. (c) If a or b, then ab and consequently ( ) ab = 0 = ( a ) ( ) b. Suose a and b. By the Euler s criterion, ( ) ( ) ( ) ab (ab) 2 a a b 2 b 2 (mod ). ( ) ( ) ( ) ( ) ( ) ( ) ab a b ab a b Note that each of and is or. If, then we get (mod ) or (mod ) imlying 2 0 (mod ), a contradiction to the fact > 2. ( ) 50 Examle. Let us comute by the above roerties. 7 ( ) ( ) ( ) ( ) ( ) ( ) ( ) = = = ( ) ( ) 2 3 By the Euler s criterion, 8 (mod 7) and (mod 7). So ( ) ( ) 7 ( ) = and =. Thus = and x 2 50 (mod 7) has no solution ( ) ( ) 50 3 Alternatively, using 50 3 (mod 7), we get = = Quadratic Recirocity Law ( ) ( ) q For any two distinct odd rimes and q, the Legendre symbols and are defined. q What is the relation between them? In other words do we know whether x 2 q (mod ) has a solution once we know x 2 (mod q) has a solution? The answer is given by the Quadratic Recirocity Law which was referred as the golden theorem by Gauss who gave its first roof. Theorem 4.6 (Quadratic Recirocity Law). For any two distinct odd rimes and q, ( ) ( ) q = ( ) q 2 2. q 28

31 Sudita Mallik Corollary 4.7. For any two distinct odd rimes and q, ( ) ( ) { q if or q (mod 4) (a) = q if q 3 (mod 4) ( ) ( ) q if or q (mod 4) (b) = ( ) q q if q 3 (mod 4). Proof. (a) Note that (mod 4) ( )/2 is even and 3 (mod 4) ( )/2 is ( odd. ) ( If ) (mod 4) or q (mod 4), then q is an even integer and consequently 2 2 q = ( ) 2 q 2 =. Similarly if q 3 (mod 4), then q is an odd 2 2 q ( ) ( ) q integer and consequently = ( ) 2 q 2 =. q ( ) ( ) 2 q q (b) It follows from (a) by multilying the equation by and using =. Examle.. Consider = 7 are q = 3. Since 3 (mod 4), we have ( ) ( ) ( ) ( ) = and = ( ) ( ) 3 7 So and are both or. In other words x 2 7 (mod 3) has a solution 7 3 if and only if x 2 3 (mod 7) has a solution, i.e., 7 is a square modulo 3 if and only if 3 is a square modulo Consider = 7 are q =. Since 7 3 (mod 4) and 3 (mod 4), we have ( ) ( ) ( ) ( ) 7 7 = and =. 7 7 ( ) ( ) 7 If one of and is, the other is. So x 2 7 (mod ) has a solution if 7 and only if x 2 (mod 7) has no solution, i.e., 7 is a square modulo if and only if is not a square modulo 7. ( ) a For a general strategy to find, consider the unique rime-ower factorization of a = ±2 α α 2 2 α k k. By the multilicative roerty of the Legendre symbol, ( ) ( a ±2 α α 2 2 α ) ( ) ( ) k α ( ) α2 ( ) αk k ± 2 2 k = =. 29

32 Sudita Mallik ( ) ± Note that is known and ( ) 2 is obtained (from Gauss s Law) by the following: Theorem 4.8. For any odd rime, ( 4 Examle. Let us find 03 ( ) ( 4 = ) ( ) 4 03( 4 = ( ) (03 )/2 ( ) i can be found by the Quadratic Recirocity Law where ( ) 2 = if and only if ± (mod 8). ). Note that 4 and 03 are odd rimes. ) ( ) = ( ) by QRL as 4 (mod 4) ( ) 4 2 = since 03 2 (mod 4) ( 4) ( ) 3 7 = since 2 = 3 7 ( 4) ( 4) 4 4 = by QRL as 4 (mod 4) ( 3) ( 7 ) 2 = 3 7 = ( )( ) (7 )/2 since 3 ± (mod 8) =. Thus x 2 4 (mod 03) has no solution. since 4 2 (mod 3), 4 (mod 7) There are hundreds of roofs of the Quadratic Recirocity Law like that of Pythagorean Theorem. The most traditional one uses Gauss s Lemma and its corollary by Eisenstein. First time reader may ski the roofs of Gauss s Lemma and Eisenstein s Lemma. Theorem. Let be an odd rime and a be an integer not divisible by. Let { S = a, 2a, 3a,..., } 2 a. If n is the number of integers of S whose least ositive residues modulo are greater than /2, then ( ) a = ( ) n.(gauss s Lemma) Moreover, if a is odd, then n ( )/2 ka 30 (mod 2),

33 Sudita Mallik and consequently ( ) a = ( ) ( )/2 ka.(eisenstein s Lemma) Examle. Let = 3 and a = 7. Then ( )/2 = 6 and S = {a, 2a, 3a, 4a, 5a, 6a} = {7, 4, 2, 28, 35, 42}. The least ositive residues of integers of S modulo = 3 are {7,, 8, 2, 9, 3}. If n is the number of integers of S whose least ositive residues modulo = 3 are greater than /2 = 6.5, then n = 3. The following verifies Gauss s Lemma: ( ) a = ( ) 7 3 The following verifies Eisenstein s Lemma: ( )/2 ka = 6 7k 3 = = = ( ) 3 = ( ) n ( ) ( ) a 7 = = = ( ) 9 = ( ) ( )/2 ka. 3 Proof of Quadratic Recirocity Law. First we combinatorially rove that y q 2 2 = ( )/2 kq + (q )/2 k q. 42 = 9 n (mod 2). 3 (0, q/2) (/2, q/2) T U y = q x T L (0, 0) (k, 0) (/2, 0) x Consider the following oen rectangular region R = {(x, y) 0 < x < /2, 0 < y < q/2}. 3

34 Sudita Mallik The number of lattice oints in R is q. Now we show that none of the lattice oints 2 2 of R lies on the line y = q x. Consider a lattice oint (a, b) on y = q x. Then b = q a, i.e., b = aq. So aq. Since q, a. By construction R has no lattice oints (a, b) where a is a multile of. Thus (a, b) / R. Consider the two oen triangular regions inside R below and above the line y = q x: T L = {(x, y) 0 < x < /2, 0 < y < q x} and T U = {(x, y) 0 < x < /2, q x < y < q/2}. Note that the sum of numbers of lattice oints in T L and T R is, the number of lattice 2 2 oints in R. Let us count the number of lattice oints in T L and T R. Suose (k, l) is a lattice oint in T L. Then k ( )/2. If (k, l) is on the vertical q line through (k, 0), then l. k Thus the total number of lattice oints in T L is ( )/2 kq Similarly the total number of lattice oints in T U is Thus ( )/2 kq + (q )/2 (q )/2 k q k q.. = q 2 2. Now by Eisenstein s Lemma, ( ) ( ) q = ( ) (q )/2 k q ( )/2 ( ) kq (q )/2 = ( ) k q + ( )/2 kq q q = ( ) 2 q 2. Proof of Gauss s Lemma. First note that no integer in S is congruent to 0 modulo and no two integers in S are congruent modulo (Why?). Let r, r 2,..., r m, s, s 2,..., s n be the least ositive residues of integers in S modulo where m + n = ( )/2 and r < r 2 < < r m < 2 < s < s 2 < < s n. Since > s i > /2, 0 < s i < /2 for i =, 2,..., n. Now we show that { {r, r 2,..., r m, s, s 2,..., s n } =, 2, 3,..., }. 2 32