MATH 537 Class Notes

MATH 537 Class Notes Ed Belk Fall, 014 1 Week One 1.1 Lecture One Instructor: Greg Martin, Office Math 1 Text: Niven, Zuckerman & Montgomery Conventions: N will denote the set of positive integers, and N 0 the set of nonnegative integers. otherwise stated, all variables are assumed to be elements of N. 1. Divisibility Unless Definition: Let a, b Z with a 0. Then a is said to divide b, denoted a b, if there exists some c Z such that ac = b. If in addition a N, then a is called a divisor of b. Properties of Divisibility: For all a, b, c Z with a 0, one has: If a b then ±a ± b 1 b, b b, a 0 If a b and b a then a = ±b If a b and a c, then a (bx + cy for any x, y Z If we assume that a and b are positive, we also have If a b then a b The Division Algorithm: Let a, b N. Then there exist unique natural numbers q and r such that: 1. b = aq + r, and. 0 r < a Proof: We prove existence first; consider the set R = {b an : n N 0 } N 0. By the well-ordering axiom, R has a least element r, and we define q to be the nonnegative integer q such that b aq = r. Then b = aq + r and r 0; moreover, if r a then one has 0 r a = (b aq a = b a(q + 1 < b aq + r, contradicting the minimality of r R, and we are done. 1

Now, suppose q and r are such that we have b = aq + r = aq + r. Without loss of generality we may assume than r r. Then r r = (b aq (b aq = a(q q a (r r ; but 0 r r r < a, and so the above equation is a contradiction unless r r = 0, and the result is immediate. Greatest Common Divisor: Given any two integers a and b not both equal to zero, we define their greatest common divisor (commonly abbreviated gcd to be the largest d N such that d a and d b; we write d = (a, b. Note that because a and b each have only finitely many divisors, the gcd is always well-defined. Theorem 1.1.1 Let a, b Z, not both equal to zero. Then: 1. (a, b = min S, where S = ({ax + by : x, y Z} N, and. For any c Z such that c a and c b, we have c (a, b. The existence of integers x, y so that ax + by = (a, b as in part (1 is known as Bézout s identity. Proof: 1. Let m = min S, with u and v such that m = au + bv, and let g = (a, b; note that m a. Since g a and g b, we know from the properties of divisibility that g m and so g m. Now, if m a then by the division algorithm we may write a = mq + r with 0 < r < m, and thus r = a mq = a q(au + bv = a(1 qu + b( qv S, and we deduce that r m = min S, a contradiction; thus m a. In the same fashion we show m b, and so by definition m (a, b = g, and we are done.. If c a and c b, then we know c (ax + by for every x, y Z, and in particular for those u, v such that (a, b = au + bv, whose existence is guaranteed by part 1.

1. Lecture Two Recall: Bézout s identity states that (a, b is the smallest positive integer that may be written ax + by, where x, y Z. Proposition 1..1 For a, b N, one has (ma, mb = m(a, b. Corollary 1: If d a, d b, then ( a d, b ( d = 1 d (a, b; in particular, a (a,b, b (a,b = 1. Proof: Set g = (a, b, so that we may write for some x, y Z. Then ax + by = g, mg = (max + (mby, thus mg (ma, mb. Furthermore, g a and so mg ma; similarly mg mb, thus mg (ma, mb, and we are done. Definition: Two integers a and b are called relatively prime (or coprime if (a, b = 1. nb. We observe that (a, b = 1 if and only if there exist x, y such that ax+by = 1. The corresponding statement with (a, b = k > 1 is not, in general, true, however it is the case that ax + by = k (a, b k. Proposition 1.. If (a, n = (b, n = 1, then (ab, n = 1. Proof: Suppose we have u, v, x, y so that au + nv = bx + ny = 1; then we have and the result is immediate. 1 = 1 1 = (au + nv(bx + ny = ab(ux + n(auy + bvx + nvy, [Aside: Compare with the analagous result in commutative algebra. If R is a commutative, unital ring and I, J, K R are ideals such that I + K = J + K = R, then IJ + K = R.] Proposition 1..3 If a c, b c, and (a, b = 1, then ab c. (Note that this is not, in general, true for (a, b > 1, e.g. a = b = c =. Proof: Choose m, n, x, y so that c = am = bn and ax + by = 1. Then and we deduce that ab c. c = cax + cby = (bnax + (amby = ab(nx + my, Theorem 1..4 (Theorem 1.10, Niven If d ab and (b, d = 1, then d a. Proof: Exercise. nb. If d a, d b, then d b + ax for any x Z. In fact, the condition is also necessary, as b = (b + ax x(a. The Euclidean Algorithm: How can we find the gcd of two integers, for example 537 and 105? By the division algorithm, we have 537 = 5 105 + 1, and so by the above note we know (537, 105 = (105, 1. Repeating this process, we see 105 = 8 1 + 9 (105, 1 = (1, 9; 1 = 1 9 + 3 (1, 9 = (9, 3; 3

9 = 3 3 + 0 (9, 3 = (3, 0 = 3. Thus (537, 105 = 3. Notation: The least common multiple of a and b is denoted lcm(a, b or, more commonly, [a, b]. Exercise: Show that (a, b[a, b] = ab. 1.3 Primes Definition: A natural number n is called prime if it has exactly two divisors. n is called composite if there exists some d with 1 < d < n such that d n. The integer n = 1 is neither prime nor composite. Notation: Unless otherwise stated, p will denote a prime number. Lemma 1..5 (Euclid s lemma If p ab, then p a or p b. Proof: Suppose p b. Then (p, b = 1, and so by theorem 1..4 we know that p a. Theorem 1..6 (The Fundamental Theorem of Arithmetic Every n N, n > may be written as the product of primes; moreover this expression is unique up to reordering of the factors. Proof: (existence We use strong induction. The case n = is trivial from the definition of a prime, therefore suppose n >. If n is prime we have the trivial factorization n = n, otherwise we may write n = ab, with 1 < a < n and 1 < b < n. By the inductive hypothesis we may write a = p 1 p p k, b = q 1 q q l, with each p i, q j prime, and the result is immediate. (uniqueness Let n N and suppose we have n = p 1 p p k = q 1 q q l, each p i, q j prime. Since p 1 q 1 q q l we have by lemma 1..5 that p 1 q 1 or p 1 q q l. Repeating this process as many times as necessary, we find q t such that p 1 q t, and by relabelling the q j if necessary we will assume t = 1. Since p 1 1 this implies that p 1 = q 1, as q 1 has no other factors. We then cancel p 1 = q 1 on both sides of the equation and we have p p 3 p k = q q 3 q l. We apply the same argument to this expression to obtain p = q, p 3 = q 3, and so on; it follows that k = l, and we are done. 4

Week Two.1 Lecture Three Doing a linear algebra problem backwards. Consider the augmented matrix ( 1 0 537 ; 0 1 105 ( ( x 537 this system clearly has solution =. Moreover, from basic linear algebra we know that the application y 105 of elementary row operations to this augmented system will not change the ( solution; ( therefore, with R 1, R x 537 respectively denoting the first and second row of the matrix, we observe that = is also a solution y 105 to the augmented matrices ( 1 5 1 (R 0 1 105 1 R 1 5R, ( 1 5 1 (R 8 41 9 R 8R 1, ( 9 46 3 (R 8 41 9 1 R 1 R, ( 9 46 3 (R 35 179 0 R 3R 1. Thus we have the matrix equation ( ( 9 46 537 35 179 105 = ( 3. 0 The first entry of this equation indicates that 9(537 + ( 46(105 = 3 = (537, 105, while the entries in the second row of the matrix are 35 = 105 537 (537,105 and 179 = (537,105. This operation is known as the extended Euclidean algorithm. Lemma.1.1 Let a, b N and use the division algorithm to write b = aq + r with 0 r < a. Then a b if and only if r = 0. Proof: If r = 0 then b = aq and we are done. Conversely, if a b then a b ax for every x, and since r = a bq < a, we must have r = 0. Theorem.1. (Euclid s theorem There are infinitely many prime numbers. Proof: It suffices to show that every finite list of primes excludes at least one prime number. Let {p 1, p,..., p k } be a set of finitely many primes and let N = p 1 p p k + 1. Then N and so by the fundamental theorem of arithmetic N is the product of primes, so there exists some prime p such that p N. Applying the division algorithm with N and any p j yields N = p j (p 1 p j 1 p j+1 p k + 1, which (since 1 < p j by lemma.1.1 implies that p j N for any j. Thus we deduce that p p j for any j = 1,,..., k, and therefore that the set of primes {p 1, p,..., p k } is not exhaustive. 5

.1 Congruences Definition: Let m Z, m 0. Given a, b Z, we say that a is congruent to b modulo m, written a b mod m, if m (b a. For example, we have 53 7 mod 3, but 5 37 mod 3. Lemma.1.3 For fixed m 0, congruence modulo m is an equivalence relation. Proof: Clearly a a mod m because m 0 = a a, which proves reflexivity. Symmetry is an immediate consequence of the fact that m (b a m (a b, and to prove transitivity we observe that and we are done. a b mod m, b c mod m m (b a, m (c b m (c b + (b a = (c a, Thus in particular, congruence modulo m (as every equivalence relation partitions Z into equivalence classes, called residue classes modulo m. For example, one residue class modulo 3 is the set {..., 39, 16, 7, 30, 53,...}. In general, a residue class modulo m is of the form {a + km : k Z}. Note in particular that a b mod m if and only if a and b have the same remainder when dividing by m. Lemma.1.4 Suppose a b mod m, c d mod m. Then: 1. If d m then a b mod d,. a + c b + d mod m, 3. ac = bd mod m. Proof: We prove only (3, as the others are clear from the definitions: since m (b a, m (c d, we must have that m divides c(b a + b(d c = bd ac, and the result follows. The last two parts of lemma.1.4 imply further that a c b d mod m, and more generally, if f(x Z[X], then f(a f(b mod m whenever a b mod m. In particular, we have that a k b k mod m for any k N. Question: If j k mod m, do we have a j a k mod m? In general, no: some counterexamples include a =, m = 3 or a =, m = 4. We have seen that the operations of addition, subtraction, and multiplication behave well with respect to congruence modulo m; does division? Again, in general the answer is no: 18 8 mod 10, but 9 14 mod 10, as we might expect if we were allowed to divide by. Theorem.1.5 (Theorem.3, Niven We have ax ay mod m if and only if x y mod if (a, m = 1 then ax ay mod m x y mod m. m (a,m. In particular, 6

Proof: Suppose ax ay mod m so that m a(y x; then we have m (a,m we know that we certainly have a m (a,m (a,m ( m (a,m a (a,m (y x, and since m (a,m, (a,m (a,m a (a,m = 1 (y x. Then (y x, hence x y mod m. Now, suppose x y mod m m so that a a(y x, hence m a(y x and so in particular m a(y x, and we are done. (a,m Definition: Given m Z, m 0, a complete residue system modulo m is a set containing exactly one element from each residue class modulo m. For example, with m = 5 we may take any of the sets {0, 1,, 3, 4}, {1,, 3, 4, 5}, {, 1, 0, 1, }, or { 17, 60, 101, 1, 111}. A reduced residue system is a set of representatives from all residue classes relatively prime to m; continuing in the same example, we may take {1,, 3, 4} or {537, 7, 1, 9999999}. 7

. Lecture Four Recall: A reduced residue system modulo m is a set consisting of exactly one element form each residue class modulo m whose elements are relatively prime to m; these are called reduced residue classes. Equivalently, we may take any complete residue system modulo m, and discard all elements d such that (d, m > 1. Example: If m = 10, a complete residue system is given by {1,, 3, 4, 5, 6, 7, 8, 9, 10}; by discarding all elements not relatively prime to 10, we obtain the reduced residue system {1, 3, 7, 9}. If m is prime, a reduced residue system is given by {1,,..., m 1}. Definition: The Euler φ-function (or Euler totient function is the function which assigns to m N the cardinality of a reduced residue system modulo m; that is, φ(m = #{1 i m : (i, m = 1}. For example, φ(10 = 4, and φ(p = p 1 for any prime p. Lemma..1 Let {r 1, r,..., r φ(m } be a reduced residue system modulo m and let a Z with (a, m = 1. Then {ar 1, ar,..., ar φ(m } is also a reduced residue system modulo m. For example, with m = 10, a = 13, we see that {13, 39, 91, 117} = {13 1, 13 3, 13 7, 13 9} is a reduced residue system modulo 10. Proof: By assumption a and each r j are relatively prime to m, and so each ar j is also relatively prime to m. Moreover, if ar i, ar j lie in the same residue class, then one has ar i ar j mod m. By theorem.1.5, we may cancel a (which is relatively prime to the modulus to yield the congruence r i r j mod m, and hence (since we began with a reduced residue system we know that i = j, and the result is immediate. Theorem.. (Euler s theorem If (a, m = 1, then a φ(m 1 mod m. Proof: Let {r 1, r,..., r φ(m } be a reduced residue system modulo m. Then by lemma..1, the elements ar 1, ar,..., ar φ(m are congruent (in some order to the elements r 1, r,..., r φ(m, and therefore r 1 r r φ(m (ar 1 (ar (ar φ(m mod m a φ(m r 1 r r φ(m mod m. Since (r 1 r r φ(m, m = 1, we may cancel it, and the result follows. Corollary 1: (Fermat s little theorem If p is prime and p a, then a p 1 1 mod p, and for all a Z one has a p a mod p. Corollary : Let (a, m = 1. If there exist e and f with e f mod φ(m, then a e a f mod m. For example, 537 1 mod 4, and since 4 = φ(10 we have that 3 537 3 1 mod 10. 8

Proof: Suppose without loss of generality that f e and write f = e + kφ(m. We have a f = a e+kφ(m = a e (a φ(m k a e (1 k mod m a e mod m, as claimed. Definition: Given a, m Z with m 0, we call x Z a (multiplicative inverse of a modulo m if ax 1 mod m. Theorem..3 (Theorem.9, Niven If (a, m > 1, then a has no inverse modulo m. If (a, m = 1, then there exists a unique reduced residue class modulo m which contains all inverses of a. We denote any such inverse as ā or a 1. Note that the notation a 1 is justified, as for example if we define a k to be (a 1 k mod m, then we indeed have (a k 1 = (a 1 k. Proof: Let g = (a, m; note that if ax 1 mod m then ax 1 mod g, and since g a this congruence becomes 0x 1 mod g, a contradiction unless g = 1. Thus with the assumption that g = 1, we first prove uniqueness: if ax 1 mod m and ay 1 mod m, then ax ay mod m, hence (since (a, m = 1 x y mod m, as claimed. To show existence, we give two short proofs: (1 By Euler s theorem, we have 1 a φ(m mod m a a φ(m 1 mod m, so we may take a 1 = a φ(m 1. ( Since (a, m = 1, there exist integers u, v such that au + bv = 1. Taking this equation modulo m yields the congruence au 1 mod m, and so we may take a 1 = u. 9

.3 Lecture Five Calculating inverses: Suppose we want to calculate the (multiplicative inverse of 9 modulo 0; note that this calculation is well-defined, as (9, 0 = 1. We perform the Euclidean algorithm: 0 = 9 + ; 9 = 4 + 1 1 = 9 4 = 9 (0 9 = 9 9 4 0. Taking this last equation modulo 0, we see that 9 1 mod 0, so 9 1 9 mod 0. The same equation also tells us that 0 1 4 mod 9. One clearly has 0 1 1 mod 19, 19 1 1 mod 0, 19 1 1 mod 9, 9 1 mod 19. Definition: A collection of integers m 1, m,..., m r are called pairwise coprime (or pairwise relatively prime if (m i, m j = 1 for all i j. Note that this is stronger than the statement that (m 1, m,..., m r = 1. For example, (6, 10, 15 = 1, but (6, 10 =, (6, 15 = 3, (10, 15 = 5. Theorem.3.1 (Theorem.18, Niven; the Chinese remainder theorem Let m 1, m,..., m r be pairwise coprime, and let {a 1, a,..., m r } be any set of integers. Then there exists a solution x to the system of congruences x a 1 mod m 1, x a mod m,. x a r mod m r, and moreover the set of all solutions is exactly the residue class of x modulo M = m 1 m m r. Proof: For j = 1,,..., r, let N j = m 1m m r m j, and note that (m j, N j = 1. Therefore we may define b j to be the inverse of N j modulo m j, so N j b j 1 mod m j. Set x 0 = r N j b j a j ; j=1 we claim that x 0 solves our system. Indeed, modulo m j, each N i with i j is congruent to 0 modulo m j, and so x 0 (N j b j a j mod m j a j mod m j, as claimed. Now, if x x 0 mod M, then in particular for each j we have x x 0 mod m j a j mod m j, so x is also a solution. Finally, if y is any solution to our system, then y a j mod m j x 0 mod m j for every j, so m j (y x 0. Since the m i are pairwise coprime, we have m 1 m (y x 0, m 1 m m 3 (y x 0, and so on, until we obtain M (y x 0, and we are done. Remark: If m 1, m,..., m r are not pairwise coprime, then there may be no solution, or there may be one residue class of solutions modulo [m 1, m,..., m r ]. For example, the system x 0 mod 6, x 1 mod 4, 10

has no solution, while has as its solution the residue class of 6 modulo 1. x 0 mod 6, x mod 4, Example: Greg steals B boxes of 0 Timbits each. There are an equal number of each of the 9 flavours, and one extra to fill the last box. In class, he divides the Timbits equally among the 19 students, with 4 leftover for himself. What is the smallest possible value of B? Solution: Let t be the total number of Timbits; we have Set m 1 = 0, m = 9, m 3 = 19; then t 0 mod 0, t 1 mod 9, t 4 mod 19. N 1 = 171, N = 380, N 3 = 180. We need b 1 N 1 1 mod m 1 (9 19 1 mod 0 (9 1 (19 1 mod 0 11 mod 0, from our previous work. Similarly, b 5 mod 9, b 3 mod 19. Hence x 0 = N 1 b 1 a 1 + N b a + N 3 b 3 a 3 = (171(11(0 + (380(5(1 + (180( (4 = 460. Structural comments: Let Z m = Z/mZ be the set of residue classes modulo m. If d m, then there is a well-defined projection map π d : Z m Z d given by π d (a mod m = a mod d. Note that this map is not well-defined if d m. Now, let m 1, m,..., m r be pairwise coprime. We have a map π : Z m1 m m r Z m1 Z m Z mr, given in each component Z mi by π mi. The Chinese remainder theorem gives a map ρ : Z m1 Z m Z mr Z m1 m m r such that π ρ = id. Since each set is finite, we know that π and ρ are bijections. One can check that: 1. π and ρ respect coprimality, and. π and ρ respect multiplication and addition. Hence, π and ρ are ring isomorphisms. In particular, if Z m is the set of reduced residue classes modulo m, then π : (Z m1 m m r Z m 1 Z m Z m r is an isomorphism of multiplicative groups. It follows from this, and the formula for the Euler φ-function, that φ(m 1 m m r = φ(m 1 φ(m φ(m r. 11

3 Week Three 3.1 Lecture Six Suppose n N has prime factorization n = p α 1 1 pα pαr r, with α i > 0 and p i p j for all i j. Then as discussed last time, we have maps π : Z m1 m m r Z m1 Z m Z mr, ρ : Z m1 Z m Z mr Z m1 m m r, where π = π α p 1 π α 1 p π p αr and ρ is the map given by the Chinese remainder theorem. These maps are r mutual inverses, and moreover are ring isomorphisms. In particular, these maps respect coprimality, and so their restrictions to their respective multiplicative groups of units yield mutually inverse group isomorphisms π : (Z m1 m m r Z m 1 Z m Z m r, ρ : Z m 1 Z m Z m r (Z m1 m m r. By definition, (Z n has cardinality φ(n, and so it follows that φ(m 1 m m r = φ(m 1 φ(m φ(m r. Thus we are led to compute φ(p α for prime p; but since the only 1 k p α with (p α, k > 1 must have (p α, k = p, we deduce that exactly the multiples of p are not relatively prime to p α, hence φ(p α = p α p α 1 = p (1 α 1 p. It follows that φ(n = n ( 1 1, p p n with the product running over all prime divisors p of n. Lemma 3.1.1 Fix m N, and consider the following statements: 1. x 1 mod m. x 1 x mod m 3. x ±1 mod m For any m, one has (1 if and only if (, and that (3 implies (1. If m is prime, then all three are equivalent. Proof: The first statement is clear, as is the statement that (3 implies (1. Thus we will assume m is prime; then one has (3 if and only if m x 1 = (x + 1(x 1. Thus by Euclid s lemma we have m x + 1 or m x 1, and the result is immediate. We saw in the last lecture that 9 1 9 mod 0, but clearly 9 ±1 mod 0. 9 mod 0. Theorem 3.1. (Wilson s theorem If p is prime, then (p 1! 1 mod p. The same is true for 11 1

Proof: The cases p =, p = 3 are clear by computation. For p > 3, we pair off the numbers {, 3,..., p } as {a 1, b 1, a, b,..., a k, b k }, where k = p 3 and a i b i 1 mod p. We know that this is well-defined by lemma 3.1.1, and the fact that inverses modulo p are unique. One then has (p 1! = 1 (p 1 = 1 (p 1 a 1 b 1 a k b k 1 (p 1 1 1 1 mod p 1 mod p, as claimed.. Solutions of congruences How many solutions has X 4 + X 3 + X + 1 0 mod 5? As integers, we have solutions As residue classes modulo 5, we have only x {, 14, 13, 9, 8, 4, 3, 1,, 6, 7, 11, 1, }. x 1 mod 5 and x mod 5; we say that our congruence has only solutions modulo 5. Definition: Given a polynomial f(x Z[X], the number of solutions of f(x 0 mod m, denoted σ f (m, is the number of residue classes modulo m which satisfy the congruence; equivalently, σ f (m = #{1 x m : f(x 0 mod m}. Example: Let f(x = X 1. We saw that σ f (0 4, while by lemma 3.1.1 we know that if p is an odd prime then σ f (p =, while σ f ( = 1. We begin our investigation by studying linear congruences of the form ax b mod m. Theorem 3.1.3 (Theorem.17, Niven Let m N and set f(x = ax b, a, b Z. Set g = (a, m. Then σ f (m = 0 unless g b, in which case σ f (m = g. Proof: If ax b mod m, then ax b mod g, i.e. 0x b mod g, since g a, and hence we must have g b. Now, suppose g b and write a = αg, b = βg, m = µg. Then ax b mod m αx β mod µ, by theorem.1.5. But (α, µ = 1 by construction, so α 1 modulo µ exists, and we have the unique solution given by x α 1 β mod µ. This yields g = m µ solutions modulo m, as claimed. Example: Let m = 100 and g = 5, so that µ = 0. Then x 14 mod 0 if and only if x 14, 34, 54, 74, or 94 modulo 100. Let m have prime factorization m = p e 1 1 pe per r. By the Chinese remainder theorem, the congruence f(x 0 mod m is equivalent to the system of congruences f(x 0 mod p e 1 1, f(x 0 mod p e,. f(x 0 mod p er r. 13

In particular, this implies that σ f (m = r i=1 σ f (p e i i, and thus it suffices to study polynomial congruences modulo prime powers; this will be the focus of our next lecture. 14

3. Lecture Seven Exercise: Prove that the product of any k consecutive integers is a multiple of k!. Solution: The pigeonhole principle implies that among any k consecutive integers must be a multiple of 1, of, and so on up to k, but this is not quite enough, since these numbers need not be pairwise coprime. Instead, we may prove it one prime at a time, from which the general case follows. On the other hand, we may simply use the identity ( j(j 1 (j k + 1 j! j = k! k!(j k! = Z, k from which the fact is apparent; granted, the last method is a Deus ex machina..6 Prime power moduli Lemma 3..1 Let f(x C[X] have degree d. Then for any a C, we have f(a + h = f(a + hf (a + h f (a! + + h d f (d (a. d! Proof: Fix a; both expressions above are polynomials in h of degree d, and their zeroth derivatives agree at h = 0, as do their first derivatives, second, and so on up to the d th derivatives. Thus their derivative, which is a polynomial in h of degree at most d, is divisible by h d+1, which implies that they must, in fact, be equal. nb. With the notion of a derivative not defined here, we instead will use the formal derivative of a polynomial or power series, i.e. if f(x = m a n X n, then f (X = n=0 m na n X n 1, m N 0 { }. Lemma 3.. If f(x Z[X], then for any a Z, k N, we have that f (k (a k! is an integer. Proof: Write f(x = d a n X n, a n Z. Then n=0 n=0 f (k (a k! = d n=0 n(n 1 (n k + 1 a n k, k! and by the exercise we know that n(n 1 (n k+1 k! Z. Theorem 3..3 (Hensel s lemma Let f(x Z[X] and let p j be a prime power. Suppose there exists a Z so that f(a 0 mod p j and f (a 0 mod p. Then there exists a unique integer t, 0 t < p such that f(a + tp j 0 mod p j+1. Example: Take f(x = X, a = 4, p j = 7 1. Then f(4 = 16 0 mod 7, f (4 = (4 0 mod 7. It follows that exactly one element of {4, 11, 18, 5, 3, 39, 46} is a root of f(x modulo 7 ; it turns out to be 39. 15

Note that the residue class a modulo p j is the union of the p residue classes a + tp j, 0 t < p. The one which is a root modulo p j+1 is called a lift of a. Proof of Hensel s lemma: By lemma 3..1, we may write Taking this expression modulo p j+1 yields f(a + tp j = f(a + tp j f (a + (tpj f (a! f(a + tp j f(a + tp j f (a mod p j+1. Since f(a 0 mod p j, we have that this is the case if and only if f(a p j tf (a mod p. + + (tpj d f (d (a. d! Since f (a 0 mod p, we have that f (a is a unit modulo p j+1, and so we find the unique class t to be given by t (f (a 1 f(a p j mod p, as can be easily verified. Example: Using the same example from before, we calculate f(a p j = 14 7 =, f (a = 8 1 mod 7, so we ought to take t = (1 1 ( 5 mod 7, and indeed f(4 + 5 7 = f(39 = 1519 0 mod 7. Corollary 1: Given f(x Z[X], a prime p, and a Z with f(a 0 mod p and f (a 0 mod p, then for every j there exists a unique lift of a to a root of f modulo p j ; that is, a unique residue class a j mod p j such that f(a j 0 mod p j and a j a mod p. Proof: Exercise. (hint: use induction and Hensel s lemma Remark: The a j of the corollary are given recursively by a 1 = a and, for j 1, a j+1 = a j f (a j 1 f(a j. nb. The condition f (a 0 mod p is the condition that a is a nonsingular root of f(x modulo p. As written, this formula fails for singular roots: consider f(x = X. Then a = 0 is a root modulo p, and every lift of a is a root of f modulo p. Similarly, for g(x = X p, a = 0 is a root modulo p, but no lifts of a are roots modulo p. There is a more general version of Hensel s lemma (theorem.4 of Niven which accommodates such roots. Fact: There exist polynomials, such as (X (X 17(X 34, or 3X 3 + 4Y 3 + 5Z 3, which have roots modulo m for every m N, but have no roots over the rationals. 16

3.3 Lecture Eight.7 Prime modulus Definition: Let f(x = a j X j, g(x = b j X j Z[X]. We will say that f(x is congruent to g(x modulo m, written f(x g(x mod m, if a j b j mod m for every j. In other words, f(x g(x mod m if and only if f(x and g(x have the same image in (Z[X]/(m = (Z/mZ[X]. Example: Suppose f(x = 15X + 3X + 8 Z[X]. We note that deg f = over Z, but deg f = 1 over Z 5, and deg f = 0 over Z 3. Lemma 3.3.1 Let p be prime, a an integer, and f(x Z[X]. If f(a 0 mod p, then there exists g(x Z[X] with deg g = deg f 1 such that f(x (X ag(x mod p. Proof: We saw in our last lecture that (with d = deg f We set and we have that f(a + h = f(a + hf (a + h f (a! g(x = d (X a j=1 j 1 f (j + + h d f (d (a. d! j!, f(x = f(a + (X ag(x (X ag(x mod p. Note that the leading coefficient of f(x is f (d (a d! and that deg g = d 1. Observe that the primality condition is necessary; indeed, if f(x = X 1, then f has roots ±1, but we may factor f(x = (X 5(X + 5. Theorem 3.3. (Theorem.6, Niven Let f(x Z[X], deg f = d modulo p, with p prime. Then f has at most d roots modulo p. Proof: We induct on deg f. For deg f = 0 the result is clear, so suppose deg f = d > 0. If f has no roots modulo p we are done; otherwise, write f(x (X ag(x mod p, where f(a = 0 and deg g = d 1, as guaranteed by lemma 3.3.1. Since p is prime, any root of f(x modulo p is a root of X a or g(x. By the inductive hypothesis, g has at most d 1 roots modulo p, and X a has a single root modulo p, from which we deduce the result. Example: Consider f(x = X p X with p prime. By Fermat s little theorem, every residue class modulo p is a root of f, and by lemma 3.3.1 it follows that f(x = X(X 1(X (X p + 1 mod p. Comparing coefficients yields some interesting congruences, among which we have in the coefficient of X p 1 0 + 1 + + + (p 1 0 mod p, p >, 17

and in the coefficient of X p jk 0 mod p, p > 3. 0 j<k p 1 Finally, from the coefficient of X we may deduce Wilson s theorem (p 1! 1 mod p. Remark: This example implies that if f(x, g(x Z[X] are such that f(a g(a mod p for every a Z, then f(x g(x h(x(x p X mod p for some h(x Z[X]. In fact, this condition is also sufficient. Proposition 3.3.3 Let F (X be any function (i.e. set map from Z p to Z p. Then there exists a unique polynomial g(x modulo p of degree at most p 1 such that F (a g(a mod p for every a Z. Proof: We show uniqueness first. If g(x, h(x both satisfy the condition, then from our remark above we have that g(x h(x = q(x(x p X, some q(x Z[X]. Comparing degrees, we see that we must have g = h. For existence, we give two proofs. First of all, if we set p 1 g(x = (1 (X a p 1 F (a, then by Fermat s little theorem we see that g(a (1 0F (a mod p F (a mod p. a=0 Alternatively, we observe that there are exactly p p functions Z p Z p, and there are exactly p p polynomials over Z p of degree at most p 1. No two of these polynomials give the same function, and it follows that the two sets must coincide. Corollary 1: (Corollary.30, Niven Let p be prime and suppose that d (p 1. Then X d 1 has exactly d roots modulo p. Proof: By theorem 3.3. there are most d roots, so we need only show there are at least d roots. that X p 1 1 (X 1(X (X p + 1 mod p has exactly p 1 roots modulo p. Since d (p 1, we have X p 1 1 = (X d 1(X p 1 d + X p 1 d + + X d + X d + 1. The second factor has at most p 1 d roots modulo p, and so by the pigeonhole principle X d 1 must have at least d roots modulo p, as claimed..8 Primitive roots and power residues Consider the congruence X n 1 mod m; note that any solution a must satisfy (a, n = 1. Definition: Given a with (a, m = 1, the multiplicative order of a modulo m (often called simply the order of a is the least positive integer k such that a k 1 mod m. One sometimes says that a belongs to the exponent k modulo m. Note 18

Example: Let m = 11, a = 3. We have 3 1 3 mod 11, 3 mod 11, 3 3 5 mod 11, 3 4 4 mod 11, 3 5 1 mod 11, and we see that the order of 3 modulo 11 is 5. Fact: The order of a modulo m always divides φ(m. 19

4 Week Four 4.1 Lecture Nine Lemma 4.1.1 (Lemma.31, Niven a k 1 mod m if and only if the order of a modulo m divides k. Proof: Let h be the order of a modulo m. If h k, we have k = hq for some q, hence a k = a hq = (a h q 1 q mod m 1 mod m. Conversely, if a k 1 mod m, we may use the division algorithm to write k = hq + r, 0 r < h. One then has 1 a k mod m (a h q a r mod m a r mod m. Since h is the minimal positive integer such that a h 1 mod m, it follows that r = 0, and we are done. If (a, m = 1, then the order of a modulo m divides φ(m. Lemma 4.1. (Lemma.33, Niven If a has order h modulo m, then a k has order For example, the order of a modulo m is h if h is even, and h if h is odd. Proof: The following statements about positive integers j are equivalent: 1. (a k j 1 mod m. h (kj 3. h (h,k k (h,k j 4. h (h,k j It follows that the least positive j satisfying (4, and hence (1, is exactly j = h (h,k. h (h,k modulo m. Remark: The subgroup of Z m generated by a is a cyclic group of order h. The same proof shows that the smallest positive integer y such that ky 0 mod h is y = h (h,k. Lemma 4.1.3 Let a have order r modulo m, and let b have order s modulo m. Then the order of ab modulo rs rs m divides (r,s = [r, s], and moreover is a multiple of = [r,s] (r,s. (r,s In particular (Lemma.34, Niven, if (r, s = 1, then the order of ab modulo m is exactly rs. Proof: Let t be the order of ab modulo m. Then and it follows that t rs (r,s. We also have hence r st, so it follows that r (r,s s rs t. (r,s (r,s t (ab rs/(r,s = (a r s/(r,s (b s r/(r,s (1(1 mod m 1 mod m, a st a st (b s t mod m ((ab t s mod m 1 mod m, r s (r,s t. By a symmetric argument we may show that ( (r,s t, and since r (r,s, s (r,s = 1 Definition: An integer a is called a primitive root modulo m if it has order φ(m modulo m. In this case, Z m is the cyclic group of order φ(m. 0

Proposition 4.1.4 If m has a primitive root, then it has exactly φ(φ(m primitive roots. Proof: Let g be a primitive root modulo m. Then we have a reduced residue system modulo m given by {g, g,..., g φ(m }. By lemma 4.1., the order of g j φ(m modulo m is exactly (j,φ(m, which equals φ(m exactly when (j, φ(m = 1. There are exactly φ(φ(m such residue classes, and we are done. Lemma 4.1.5 (Lemma.35, Niven Let p, q be primes and let r N be such that q r (p 1. Then there are q r q r 1 residue classes of order q r modulo p. Proof: The order of a modulo p divides q r if and only if a qr 1 mod p. This congruence has exactly q r solutions by corollary 1 of proposition 3.3.3. The order of a modulo p divides q r 1 if and only if a qr 1 1 mod p, which has exactly q r 1 solutions. The result is now immediate. Theorem 4.1.6 (Theorem.36, Niven Every prime p has a primitive root. Proof: If p = the result is immediate, so assume p is odd and write p 1 in its prime factorization p 1 = q r 1 1 qr qr k k. For each 1 j k, let a j be some integer of order q r j j modulo p, whose existence is guaranteed by lemma 4.1.5. Since (q r i i, qr j j = 1 for all i j, we have by lemma.34 of Niven that a 1a has order q r 1 1 qr modulo p, that a 1 a a 3 has order q r 1 1 qr qr 3 3 modulo p, and continuing in this fashion, we eventually see that a 1a a k has order p 1 modulo p, as claimed. 1

4. Lecture Ten Example: Modulo 5, the reduced residue classes are 1,, 3, and 4, with respective orders 1, 4, 4, and ; we see that and 3 are the φ(φ(5 primitive roots modulo 5. What are the primitive roots modulo 5? Exactly {, 3, 8, 1, 13, 17,, 3}. Note that there are 8 = φ(φ(5 of them, and that all are also primitive roots modulo 5. In fact, we may lift any primitive root modulo p to p 1 primitive roots modulo p, and for j, any primitive root modulo p j lifts to exactly p primitive roots modulo p j+1. Proposition 4..1 For n 1, we have φ(d = n. d n Proof: The fractions { 1 n, n,..., n n } are not all in lowest terms; when we do so, we may consider their denominators. For every divisor d of n, exactly φ(d of these fractions have denominator d; indeed, these fractions are exactly { } k(n/d : 1 k d, (k, d = 1. n Since there are exactly n fractions in our original set, the result follows. Alternative proof of the existence of primitive roots modulo p: We use strong induction to find the number of elements of order k modulo p, namely φ(k if k (p 1, and 0 if k (p 1. The case k = 1 is trivial. For k > 1, k (p 1, we first note that φ(k + d k, d<k φ(d = d k φ(d = k. Since p is prime, there are exactly k solutions to the congruence x k 1 mod p, which are exactly those x modulo p with order dividing k. This, again, is exactly the sum #{x : ord p (x = k} + d k, d<k #{x : ord p (x = d}, where ord p (x denotes the order of x modulo p; the result is now immediate. Lemma 4.. If d n, then for any a with (a, n = 1, the order of a modulo d divides the order of a modulo n. Proof: If ord n (a = h, then a h 1 mod n, so a h 1 mod d. Proposition 4..3 If g is a primitive root modulo p r with r, then g pr (p 1 1 mod p r. Moreover, the converse holds if g is a primitive root modulo p r 1. Proof: If g is a primitive root modulo p r, then ord p r(g = φ(p r = p r 1 (p 1 > p r (p 1,

from which it follows that g pr (p 1 1 mod p r. Now, suppose that g is a primitive root modulo p r 1 and that g pr (p 1 1 mod p r. The order of g modulo p r divides φ(p r = p r 1 (p 1, and by lemma 4.. must be a multiple of p r (p 1. Since ord p r(g p r (p 1 by assumption, we deduce the result. Theorem 4..4 Primitive roots exist modulo p for any prime p. Proof: Let g be a primitve root modulo p and consider the lifts g + tp modulo p, 0 t p 1. We claim that all but one of these lifts are primitive roots modulo p. Indeed, by proposition 4..3 it suffices to show that exactly one lift satifsies (g + tp p 1 1 mod p. Let f(x = X p 1 1. Then g is a root of f(x modulo p, and f (g = (p 1g p 0 mod p. Thus g is a nonsingular root of f modulo p, and so by Hensel s lemma exactly one lift of g is a root of f modulo p ; every other such lift must then yield a primitive root. Lemma 4..5 If g is a primitive root modulo p, then it is also a primitive root modulo p. Proof: If a k 1 mod p, then a pk 1 = (a k 1((a k p 1 + (a k p + + a k + 1. Both factors are multiples of p, so it follows that a pk 1 mod p. In particular, if g is a primitive root modulo p, then g pk 1 mod p for k = 1,,..., p. Hence g k 1 mod p for 1 k p, and it follows that the order of g modulo p is p 1. Next, we will consider primitive roots modulo p r for r 3. No more degenerate cases arise here, except when p =. In this case, there are no primitive roots modulo r for any r 3. 3

4.3 Lecture Eleven Theorem 4.3.1 Let p be an odd prime and let r. Then any primitve root modulo p is a primitive root modulo p r. Proof: We induct on r. The case r = is trivial, so for r > assume g is a primitive root modulo p r ; we will show that g is a primitive root modulo p r+1. Indeed, by proposition 4..3 we have that g pr (p 1 1 mod p r, and so by the same proposition it suffices to show that g pr 1 (p 1 1 mod p r+1. By Euler s theorem we have that g pr (p 1 1 mod p r 1, so we can write g pr (p 1 = 1 + np r 1 for some n 0 mod p. By the binomial theorem we have that g pr 1 (p 1 = (1 + np r 1 p = p n=0 ( p (np r 1 k, k and since p ( p k for k p 1, we see that p r+1 ( p k (np r 1 k. In fact we also have this divisibilty when k = p, and so g pr 1 (p 1 1 + np r mod p r+1 1 mod p r+1, and we are done. nb. We only use the fact that p is odd in the cancellation of ( p n p r. Lemma 4.3. If r 3, then the order of every odd integer modulo r divides r = 1 φ(r. In particular, there are no primitive roots modulo r. Proof: Again we induct on r. We did the case r = 3 in the last lecture, and so assuming the claim is true for some r with r 3, then a r 1 mod r for every odd a. Then r (a r 1 and (a r + 1 by parity, hence whence a r 1 1 mod r+1, as claimed. r+1 (a r 1(a r + 1 = a r 1 1, nb. The same proof shows that if a 5 mod 8, then α+ (a α 1, where p k n if and only if p k n and p k+1 n. Theorem 4.3.3 (Theorem.43, Niven Let r 3; then the set {±5, ±5,..., ±5 r } is a reduced residue system modulo r. In particular, 5 has order r modulo r, and the abelian group homomorphism given by f(x, y = 5 x ( 1 y is an isomorphism. f : Z r Z Z r 4

By way of comparison, note that if p is odd, the map is an isomorphism f : Z p r 1 (p 1 Z p r given by f(x = g x for any primitive root g modulo p r 1. Proof: The order of 5 modulo r divides r by lemma 4.3., and so if r is not the order, then the order divides r 3, hence 5 r 3 1 mod r. But then r 5 r 3 1, contradicting our previous remark with α = r 3. Thus 5 has order r modulo r, and so the residue classes {5, 5,..., 5 r } are distinct modulo r, as are the residue classes { 5, 5,..., 5 r }. Finally, 5 k 1 mod 4, while 5 k 3 mod 4, so the two sets above are disjoint, and we are done. We now know the group structure of Z n for every n. If n has prime factorization n = p e 1 1 pe per r, then by the Chinese remainder theorem Z n = Z p e 1 Z 1 p e Z p er. r If p is odd, then and for p = we have Z p e i i Primitive roots modulo non-prime powers = Z p e i 1 i (p i 1, Z 1 if r = 1, Z r = Z if r =, and Z r Z if r 3. Note that φ(n is even for every n 3. If we can write n = cd with (c, d = 1 and c, d 3, then the order of any a modulo n must divide 1 φ(n = 1 φ(cφ(d, as we have and similarly a φ(n/ = (a φ(c φ(d/ 1 φ(d/ mod c 1 mod c, a φ(n/ = (a φ(d φ(c/ 1 φ(c/ mod d 1 mod d, since by our assumption φ(c, φ(d. Our claim then follows by the Chinese remainder theorem. The only integers a which do not have such a factorization are powers of, or are of the form a = p r or a = p r, where p is an odd prime and r 1. Numbers of this form are the only ones which could possibly have primitive roots. Theorem 4.3.4 (Theorem.41, Niven The moduli that have primitive roots are exactly 1,, 4, p r, and p r, where p is an odd prime and r 1. Proof: Next lecture. 5

5 Week Five 5.1 Lecture Twelve Fun fact! If S(x denotes the set of squarefree numbers s with s x, then one has #S(x lim = 6 n x π. Recall theorem 4.3.4 from last lecture, and let P R denote the set of moduli which have primitive roots. For example, modulo 18, we have φ(18 = 6, and indeed a reduced residue system is given by {1, 5, 7, 11, 13, 17}, which have respective order 1, 6, 3, 6, 3, and. Thus 5 and 11 are primitive roots modulo 18, and as expected we find there are = φ(φ(18 of them. Similarly, modulo 9 a reduced residue system is given by {1,, 4, 5, 7, 8} with respective orders 1, 6, 3, 6, 3, and (note the similarity with Z 18, and we have the same result with the primitive roots and 5. Proof: (of theorem 4.3.4 We need only check that m = p r has primitive roots, the other claims having already been proven. If {a 1, a,..., a φ(p r } is a reduced residue system modulo p r, then we claim that {a j : a j } {a j + p r : a j } is a reduced residue system modulo p r. Indeed, we see that we have exactly φ(p r = φ(φ(p r = φ(p r residue classes, that all are distinct, and since (a j, p = 1 we have u, v so that a j u + pv = 1; thus writing x = u and y = v p r 1 u, we have 1 = a j x + p(y + p r 1 x = (a j + p r x + py (a j + p r, p = 1, and hence (since p is assumed odd a j + p r is indeed a unit modulo p r, by the Chinese remainder theorem. Furthermore, the order of the elements of the latter set (the lifts of the even a j do not change, as for 0 < k < ord p r(a j we have k ( k (a j + p r k = a n j p r(k n a k j mod p r, n n=0 which is nonzero by assumption, thus a k j 0 mod pr. The same argument holds for the odd a j, and we see that one of the elements in our reduced residue system must have order φ(p r = φ(p r, which completes the proof. Remark: When m is odd, we have an isomorphism of groups π : Z m Z m. Corollary 1: (Corollary.4, Niven Let m P R and let (a, m = 1. The congruence x n a mod m has d solutions if a φ(m/d 1 mod m where d = (n, φ(m, and zero solutions otherwise. Remark: The analogue for m = r, r 3, is corollary.44 in Niven. Proof: Let g be a primitive root modulo m. Choose j, 1 j φ(m so that g j a mod m, and note that if x n a mod m then one must have (x, n = 1. For every such x, there exists k so that g k x mod m, and thus it suffices to solve the congruence (g k n g j mod m for k. Since the order of g is φ(m, this congruence has a solution if and only if kn j mod φ(m. For fixed j, theorem 3.1.3 tells us that there are d = (n, φ(m solutions if d j, and none otherwise. But d j if and only if j = dl for some 1 l m, if and only if a g dl mod m. 6

Finally, this is equivalent to the statement that a φ(m/d g φ(ml mod m (it is a sufficient condition because g di 1 mod m for 1 i l 1; but g φ(ml 1 mod m, and we are done. Corollary : (Corollary.38, Niven; Euler s criterion: Let p be an odd prime. The congruence X a mod p has two solutions if a p 1 1 mod p, and no solutions otherwise. There is one solution if p a. Definition: The Carmichael lambda function, denoted λ(m, is the smallest exponent e N such that a e 1 mod m for every (a, m = 1. Remark: We know λ(m φ(m, and λ(m = φ(m if and only if m P R. Moreover, as seen last week, if m P R then λ(m φ(m. By the Chinese remainder theorem, λ(p e 1 1 pe per r = [p e 1 1, pe,..., per r ]. For odd primes, we have λ(p r = p r 1 (p 1, which also holds for p = and r. For r 3, one has instead λ( r / r. Group theoretically, λ(m is the exponent of the group Z m. Definition: A base-b pseudoprime is a composite number m such that b m 1 1 mod m. For example, we may take b =, m = 341; then 10 = 104 = 3 341 + 1, and so 341 1 = ( 10 34 1 34 mod 341 1 mod 341. Thus 341 is a base- pseudoprime. This notion gives rise to the Fermat test for primality: if b m 1 1 mod m, then m is composite. For example, with m = 341, b = 3, we have 3 341 1 56 mod 341 1 mod 341, and it follows that 341 is not prime. 7

5. Lecture Thirteen Recall: Fermat s test for primality. Definition: Let m be composite. Then m is called a Carmichael number if b m 1 1 mod m for all (b, m = 1. For example, we might take m = 561 = 3 11 17. If (b, m = 1, then we have by Euler s theorem (b 80 mod 3 1 mod 3, b 561 1 (b 10 56 mod 11 1 mod 11, (b 16 35 mod 17 1 mod 17. The Chinese remainder theorem then implies that b 560 1 mod m. In 1994, Alford, Granville, and Pomerance showed that there are infinitely many Carmichael numbers, in the paper of the same name. In fact, if 6k + 1, 1k + 1, and 18k + 1 are all prime for some k N, then their product is a Carmichael number. For example with k = 1 we get that 179 is a Carmichael number. 3.1 Quadratic residues Most generally, we will investigate congruences of the form ax + bx + c 0 mod p, where p is an odd prime. Completing the square gives 4a X + 4abX + 4ac 0 mod p (ax + b b 4ac mod p. Thus we are led to ask when y mod p (where = b 4ac is the discriminant of our polynomial has a solution. If so, then ax + b y mod p x (y b(a 1 mod p. We note the obvious analogue of the quadratic formula. Thus it suffices to investigate when X a mod p can be solved. By Euler s criterion, this occurs exactly when a p 1 1 mod p, if p a. Example: We investigate such congruences modulo 7, when p 1 = 3. a ord 7 (a a 3 mod 7 Solutions of x a mod 7 0 0 x 0 mod 7 1 1 1 x 1, 6 mod 7 3 1 x 3, 4 mod 7 3 6 1 none 4 3 1 x, 5 mod 7 5 6 1 none 6 1 none Definition: If (a, m = 1, then a is called a quadratic residue modulo m if X a mod m has a solution, and a quadratic nonresidue otherwise. Definition: If p is an odd prime, define the Legendre symbol ( a p via ( a 1 if a is a quadratic residue modulo p, = 1 if a is a quadratic nonresidue modulo p, p 0 if p a. 8

Remark: If a b mod p, then ( ( a p = b p. Moreover, the number of solutions of X a mod p is exactly + 1. ( a p Theorem 5..1 (Theorem 3.1, Niven If p is an odd prime and (a, p = 1, then ( p 1 a p = a. Proof: We give two proofs. In the first, we simply use Euler s criterion (this is left as an exercise. For the second, we observe that if a is a quadratic residue modulo p, then we can choose some z such that z ( z mod p a mod p. We then pair the reduced residue classes modulo p apart from ±z as (x i, y i, with x i y i a mod p. There are p 3 such pairs, and by Wilson s theorem 1 (p 1! mod p z( z p 3 i=1 x i y i mod p a a p 3 mod p a p 1 mod p, and the result follows. If a is a nonresidue, we repeat the above construction, this time pairing all residue classes x i y 1 a mod p, i = 1,,..., p 1, and we are done. Corollary 1: For any integers a, b, we have ( ( ab p = a b ( p( p ; in particular, if (a, p = 1 we have a p = 1. In other words, the product of two quadratic residues is a quadratic residue, as is the product of two quadratic nonresidues. The product of a residue and a nonresidue is a nonresidue compare this behaviour with that of the positive and negative integers. 9

5.3 Lecture Fourteen Recall: The Legendre symbol for p a is defined ( a = p { 1 if x a mod p has a solution, 1 otherwise. By Euler s criterion, we showed that a p 1 ( a p mod p. Example: When a = 1 and p is odd, we have that ( 1 ( 1 p 1 mod p p { 1 if p 1 mod 4, 1 if p 3 mod 4. So X 1 mod p has two solutions if p 1 mod 4, and no solutions if p 3 mod 4. nb. For odd primes p, we have p 1 i= p+1 In particular, if p 1 mod 4 we get and hence x = (( p 1! i ( 1 p 1 ( p 1 p 1 j=1 ( 1 p 1 ( p 1! solves x 1 mod p. j mod p ( 1 p 1 p 1 i= p+1 ( p 1! mod p. (1 i mod p (p 1! mod p 1 mod p, Theorem 5.3.1 (The Law of Quadratic Reciprocity Let p q be odd primes; then ( ( p q = ( 1 p 1 q 1. q p In other words, ( p q = ( q p if p or q 1 mod 4, and ( p q = ( q p if p q 3 mod 4. Knowing whether or not X p mod q has solutions is the same as knowing whether or not X q mod p has solutions. Proof: (due to Rousseau, 1991 First, some background. Let α = p 1, β = q 1. Let { F = 1 k < pq } : (k, pq = 1 be the first half of Z pq and let L = { (i, j Z p Z q : 1 i p 1, 1 j < q } be the left half of Z p Z q, and let π : Z pq Z p Z q be the map given by the Chinese remainder theorem. One can see that for every k Z pq, one has π(k L or π(k L (we will write k L. For each such k, choose ɛ k {±1}, i k {1,,..., p 1}, j k {1,,..., β} such that π(k = ɛ(i k, j k. 30

In particular, if k k F, then π(k π(k and π(k π(k. Thus each ordered pair (i k, j k is distinct, and we obtain k k F(k, π(k ( ɛ k (i k, j k ɛ k (i, j, ( k F k F k F (i,j L the calculation taking place in Z p Z q and the congruences taken (modp, modq. Now, consider the right-hand side of (: we have (with the same notation convention From (1, we have that (i, j k F p 1 i=1 j=1 q 1 i=β+1 hence (modp, modq we have (i, j ((p 1! β, β! (i,j L and finally by Wilson s theorem we obtain (i,j L β (i, j (((p 1! β, (β! p 1. q 1 β+1 i ( 1 β β! mod q, α i( 1 β (((p 1! β, ( 1 αβ ((q 1! α, (i, j (( 1 β, ( 1 αβ ( 1 α. Thus with ɛ = k F ɛ k, the right-hand side of ( becomes ɛ(( 1 β, ( 1 αβ ( 1 α. Now, on the left-hand side, we look at the first co-ordinate modulo p: k k F 1 k< pq, (pq,k=1 k 1 k< pq, p k k 1 k< pq, q k k 1. (3 The first factor in (3 splits into intervals of length p 1, with one exception, namely the interval ending pq. Thus modulo p we see k = k k k k ; 1 k< pq, p k 1 k p 1 but βp + α = pq, so we see that The second factor of (3 is the inverse of 1 k< pq, q k p+1 k p 1 1 k< pq, p k (β 1p k βp 1 k ((p 1! β α! mod p. k q q αq mod p q α α! mod p 31 ( q α! mod p, p βp+1 k βp+α

with the last congruence following by Euler s criterion. Thus (3 becomes (( q 1 k ((p 1! β α! α! mod p, p k F which by Wilson s theorem is congruent modulo p to ( 1 β( q p. The same proof shows ( p k ( 1 α mod q, q k F and so ( becomes ( ( ( q p ( 1 β, ( 1 α (( 1 β ɛ, ( 1 αβ ( 1 α ɛ (modp, modq. p q The first co-ordinate tells us that ( q ( p ɛ mod p, and the second that p q = ( 1 αβ ɛ = ( 1 αβ( q p (where we have equality rather than congruence, as ( q p {±1} and p is odd, hence ( ( p q = ( 1 αβ, q p as claimed. 3

6 Week Six 6.1 Lecture Fifteen Recall: Last week, we saw that Euler s criterion implies that ( p 1 1 p = ( 1 for any odd prime p. In other words, x 1 mod p has solutions if p 1 mod 4, and no solutions if p 3 mod 4. There is a single solution if p =. Consequently, we see that, for every integer x, all of the prime factors of x +1 (other than must be congruent to 1 modulo 4. Similarly, for any x, k Z we have that all prime factors p of x + k satisfy p k or p 1 mod 4, since if p k then x + k 0 mod p implies that x k mod p, hence (xk 1 1 mod p and so p = or p 1 mod 4. Note that in the first case, we must have (x, k > 1. Example: We use quadratic reciprocity to answer the question: Does x 55 mod 367 have a solution? Note that 367 is a prime congruent to 3 modulo 4. To answer this question we compute the Legendre symbol ( 55 367 : by multiplicativity we have ( ( ( 55 5 11 =. 367 367 367 The law of quadratic reciprocity then implies that ( ( 5 367 = = 367 5 ( = 1, 5 since the quadratic residues modulo 5 are 1 and 4, and similarly ( ( ( ( 11 367 4 = = = = 1. 367 11 11 11 Thus ( 55 367 = ( 1( 1 = 1, and we see that 55 is a quadratic residue modulo 367. The theorem is nonconstructive, but one may check that (±34 55 mod 367. We see from this example that one algorithm for calculating (ap is given by: 1. Factor a completely, a = p e 1 1 pe pe k k.. Use multiplicativity and periodicity: 3. Use the law of quadratic reciprocity. 4. If not finished, return to 1. ( a = p ( p e 1 1 p ( p e p Theorem 6.1.1 (Theorem 3.3, Niven If p is an odd prime, then ( = ( 1 p 1 8 ; p that is, ( p e k k. p ( { 1 if p ±1 mod 8, = p 1 if p ±3 mod 8. 33