Math 180A - Notes Neil Donaldson March 14, 018 1 Introduction & Notation Number Theory is primarily concerned with the properties of integers and with integer solutions to equations, so-called Diophantine Equations in honor of Diophantus of Alexandria, a Greek Mathematician of the 3rd century CE. Here are some classic number theory problems and examples. 1. Find all the integer points (x, y) on the line 3x y = 1. The answer is (x, y) = (1 + n, 1 + 3n) where n Z. Can you prove right now that these are all the solutions?. If n is an odd integer then n 1 is a multiple of 8. 3. Can we find all Pythagorean triples: integers x, y, z such that x + y = z? 4. Prime numbers: if n is prime, what is the next prime? Is there a formula for the nth prime? Is n + n + 41 always prime whenever n is an integer? 5. Which integers can be written as the sums of two squares? Three? Four? 6. Fermat s Last Theorem: 1 if n 3 is an integer, then there are no positive integers x, y, z such that x n + y n = z n. Mathematics restricted to the integers is less intuitive than with the reals, or rational, numbers. The fundamental reason is that division within the integers is often impossible: for instance 7 4 is not an integer. Instead, an alternative notion of division involving remainders is used: e.g. 7 4 is 1 remainder 3. In algebraic language the integers are merely a ring, not a field like the rationals or reals. Notation The Integers: Z = {..., 3,, 1, 0, 1,, 3,...} The Natural Numbers: N = {1,, 3, 4,...} The Whole Numbers: N 0 = {0, 1,, 3,...} The Rational Numbers: Q = { m n : m Z, n N 0} The real numbers R and complex numbers C will not play much role in this class. 1 Historical note: In 1637 Pierre de Fermat left a note in the margin of a copy of Diophantus Arithmetica famously claiming to have proved his theorem. A complete proof took mathematicians another three and a half centuries...
Divisibility in the integers Given two integers m, n, it is unlikely that the ratio n m is also an integer. E.g. 3 would say the following: Z. Algebraists Z is not closed under division. The first order of business is to identify those pairs of integers for which division is allowed. Definition 1.1. Let m, n Z. We say that m divides n, and write m n if: k Z such that n = km We say that m is a divisor or factor of n. A common factor of two integers x, y is any (positive) integer d such that d x and d y. We say that x, y are relatively prime or coprime if the only positive common factor is 1. Notes and conventions Keep the line vertical! m n is a proposition (a statement which is either true or false), whereas m/n = m n is (usually) a rational number. Thus: 4 1 is true, 7 9 is false, 4 1 is a rational number. Some version of the following is a very common mistake: m n m/n m n Z Not only are we confusing propositions with numbers, but the resulting fraction is upsidedown! The word positive is usually omitted when talking about common factors. For instance, even though is a common factor of 8 and 1, it is common to say that the common factors are only 1, and 4. Note that m 0 for all integers m, since k = 0 satisfies the definition! In particular, 0 0 is true. The first observation relates to a subtely in the definition. It would be tempting to say that m divides n if and only if n m is an integer. There are two problems with this: n m Z = m n is true but it s converse is false, 0 0 being the sole counter-example. Divisibility is a property solely of the integers. It is somehow cleaner not to introduce the concept of a rational number n m into a discussion purely about integers. Colloquially we say that x, y have no common factors.
Pythagorean triples As a motivational problem, we find all positive integers x, y, z for which x + y = z. It is easy to find many: 1. Take a known Pythagorean triple (3, 4, 5) and multiply it by a constant. Thus (3n) + (4n) = (5n) for any n N. We immediately have infinitely many triples.. Use a spreadsheet or computer program to run through a large number of pairs (x, y) of integers, take the square-root of x + y, and test whether this is an integer. For example: in C/C++, the code 3 for(int x=1; x<=100; ++x) {for(int y=x; y<=100; ++y) {real z=sqrt(x^+y^); if(z-floor(z)==0){write(x,y,z);} } } would return all Pythagorean triples where x, y 100 (the last in the list is (80, 84, 116)). But what if we want to find them all? We need to proceed more deviously. Case 1 above is a motivator: in the triple (3, 4, 5), none of x, y, z have any common factors. Definition.1. A Pythagorean triple (x, y, z) is primitive if no pair of x, y, z have a common factor. We can now state some basic results that help narrow our search: Lemma.. Suppose that (x, y, z) is a Pythagorean triple. 1. If any pair of x, y, z have a common factor, the third shares this factor.. All non-primitive triples are a common multiple of a primitive triple. 3. If (x, y, z) is primitive, then z is odd. Proof (sketch). 1. This hard at the moment: it depends on being able to show that d m = d m. This follows very quickly from unique factorization, which we shall see later.... If a triple is non-primitive then some pair of x, y, z have a common factor. By part 1 they all do. Divide x, y, z by their greatest common factor d to obtain the primitive triple ( x d, y d, z d ). 3. If (x, y, z) is primitive, then at most one of x, y, z can be even. Moreover, they cannot all be odd, since odd + odd = odd. If z = m is even, then x and y are both odd and we may write x = k + 1 and y = l + 1 for some integers k, l. But then 4m = x + y = (k + 1) + (l + 1) = 4(k + l + k + l) +. The right hand side is not divisible by 4 so we have a contradiction. Hence z must be odd. 3 This code is very inefficient but is fine for investigating. A more efficient algorithm could be based on Theorem.3. 3
To summarize the Lemma, we may assume that a primitive Pythagorean triple (x, y, z) has x, z odd and y even. We are now ready to finish things off. Suppose that (x, y, z) is a primitive triple where y is even. Then x = z y = (z y)(z + y) Observe that z y and z + y have no common factors, for if they did, such would be a common factor of y and z: a contradiction. It can now be shown 4 that z y and z + y must both be perfect squares. Write z y = t, z + y = s Moreover, s, t must be relatively prime for otherwise y, z have a common factor. We have therefore sketched a proof of the following result. Theorem.3. All primitive triples (x, y, z) with x odd and y even have the form x = st, y = s t, z = s + t where s > t 1 are any odd integers with no common factor. For example, take s = 9, t = 5 to get (45, 8, 53). All Pythagorean triples are simply multiples of these. 3 Pythagorean Triples and the Unit Circle Assume that (x, y, z) is a Pythagorean triple. Then ( x ) ( y ) x + y = z = + = 1 z z Since x, y, z N, it follows that the point ( x z, y z ) is a rational point5 on the unit circle. For example, ( ) 3 ( ) 4 + = 1 5 5 whence ( 3 5, 4 5 ) is a rational point on the unit circle. Conversely, suppose that (α, β) is a rational point satisfying α + β = 1. Let d be the product of the denominators of α, β. Then αd and βd are both integers. Moreover, (αd) + (βd) = d We therefore have a Pythagorean triple (αd, βd, d). Indeed there is a correspondence between rational points on the unit circle and Pythagorean triples. The correspondence is not 1 1, but with a little care it can be made so. We state the following without proof. 4 Unique factorization again... 5 A point whose co-ordinates are both rational numbers. 4
Theorem 3.1. 1. Suppose that (x, y, z) is a primitive Pythagorean triple. Then ( x z, y z ) is a rational point in the first quadrant of the unit circle.. Suppose that (α, β) is a rational point in the first quadrant of the unit circle. When written in lowest terms, α = a c and β = b c have the same denominator c. It follows that (a, b, c) is a primitive Pythagorean triple. To obtain a formula for the rational points we could simply divide the values for (x, y, z) in Theorem.3 to obtain ( x z, y ) ( st = z s + t, s t ) ( ) m s + t = m + 1, m 1 m where m = s + 1 t Noting, for primitive triples, that s > t, we see that m > 1 whence the resulting point really does lie in the first quadrant. Alternative viewpoint We could instead have started with the geometric problem of finding all rational points (x, y) on the unit circle. For this, imagine drawing a straight line with gradient m through the point (0, 1). Where does this intersect the circle? We want to solve the simultaneous equations { x + y = 1 y = mx 1 Substituting one in the other, we obtain x + m x mx + 1 = 1 = x[(m + 1)x m] = 0 = x = 0, x = 0 manifestly gives us our base point (0, 1), whereas the other yields y = mx 1 = m m + 1 1 = m 1 m + 1 We therefore obtain the second point of intersection (x, y) = ( ) m m + 1, m 1 m + 1 m m + 1 It is immediate that this is a rational point if and only if m is rational. Indeed we can go a little further: letting m = 0 yields the point (0, 1), while 6 m = results in the point (0, 1). We have therefore proved: 6 I.e. lim (x, y) = (0, 1). m 5
Theorem 3.. There is a bijective correspondence between the set of extended rational numbers Q { } and the rational points on the unit circle according the the formula m (x, y) = ( ) m m + 1, m 1 m + 1 P y 1 Indeed m can be interpreted as the gradient of the line joining the south pole (0, 1) with the desired rational point (x, y). 1 1 x The picture shows the line with gradient m = 5 through the south pole S, which generates the point P = ( 0 9, 1 9 ). Note that (0, 1, 9) is a (primitive) Pythagorean triple. 1 S Generalizing the method This method pay be applied to other quadratic curves. A full discussion requires an introduction to projective geometry which will have to wait until next term, but a simplified version of the idea is as follows. 1. Let C be a curve in the plane whose equation is quadratic with rational coefficients. I.e. ax + bxy + cy + dx + ey + f = 0 where a, b, c, d, e, f Q. Suppose that S is a rational point on C. 3. All rational points on C may be found by drawing a line through S which is either vertical or has rational gradient and intersecting it with C. Example Find all the rational points on the hyperbola x(y + x) = 3. We may choose S = (1, ). A line with gradient m through S has equation y = m(x 1) + Substituting into the original curve, we obtain (m + 1)x + ( m)x 3 = 0 = (x 1)[(m + 1)x + 3] = 0 = x = 1, 3 m + 1 It follows that all rational points on the hyperbola are given by the formula (x, y) = ( 3 ) m m, m + 1 m + 1 where m Q. In this case, a vertical line (m = ) does not yield a point on the hyperbola. y 3 S P 1 3 1 1 1 3 x 3 6
Hopefully these introductory sections convince you that the approaches that may be required in Number Theory are very different to those seen in other courses. We ve already seen a deep connection to Geometry; there are equally deep links to other areas of Mathematics. It is now time we started a thorough discussion of the integers: of divisibility and of the prime numbers. 5 Divisibility and the Greatest Common Divisor First we rehash part of Definition 1.1. Definition 5.1. Let a, b, d be integers: if d satisfies d a and d b then d is a common divisor 7 of a and b. Suppose that a, b are not both zero. The greatest common divisor 8 of a, b is written d = gcd(a, b). We say that a, b are coprime or relatively prime iff gcd(a, b) = 1. Examples gcd(0, 9) = 9, gcd(45, 33) = 3, gcd(16, 450) = 18. The definition may be extended to any list of numbers: gcd(a 1,..., a n ) is the largest divisor of all the numbers a 1,..., a n. A famous algorithm exists for computing the GCD of a pair of numbers. Since it dates back at least to Euclid it is named for him. The extended Euclidean Algorithm (Bézout s Identity) will be even more useful to us, for it shows not only how to find the GCD d of two integers a, b, but also how to construct integers x, y satisfying the linear Diophantine equation ax + by = d. Using this approach will allow us to find all solutions to such equations. Theorem 5. (Division algorithm). If a Z, b N then there exist unique q, r Z such that a = qb + r, 0 r < b. We call q the quotient and r the remainder. While we can t divide in the integers, we can calculate using remainders exactly as you did in elementary school: 13 4 = 3r1 b a = qrr } { 13 = 3 4 + 1 a = q b + r Proof. Consider the set S = N 0 {a bz : z Z}. This is a non-empty (take z large and negative) subset of the natural numbers, whence (well-ordering) it has a minimum element. Call this minimum r. Certainly r [0, b) for otherwise r b S. Now let q = a r b be the corresponding choice of z. This establishes existence. For uniqueness, suppose that a = q 1 b + r 1 and a = q b + r where 0 r 1, r < b. Then b < r 1 r < b and r 1 r = (q q 1 )b Thus r 1 r is divisible by b and lies in the interval ( b, b). Clearly r = r 1, whence q = q 1 and we have uniqueness. 7 By convention one tends to list only positive common divisors. 8 All positive common divisors satisfy d max( a, b ), hence there are a finite number of them; a greatest such must therefore exist. 7
While it is known as an algorithm, the presentation of Theorem 5. doesn t seem very algorithmic: indeed we shall simply take it as given that we can find q, r by whatever means we wish (messing with a calculator is fine!). To see it more as an algorithm, consider the case where a > 0 and follow these instructions: 1. Is a < b? If Yes, stop: r = a and q = 0.. Otherwise, compute a b. 3. Is a b < b? If Yes, stop: r = a b and q = 1. 4. Otherwise, compute a b, etc. 5. Repeat until the process terminates. For example, the following simple program computes q = 34 and r = from a = 40 and b = 7 simply by subtracting 7 from a until it can no longer do so. You can check that 40 = 34 7 +. int a=40; int b=7; int q=0; int r=a; while(r>=b){r=r-b; q=q+1; } write(q); write(r); The Euclidean Algorithm for computing gcd(a, b) Suppose a > b > 0. By Theorem 5. there exist integers q 1, r 1 with 0 r 1 < b such that a = q 1 b + r 1 Supposing r 1 = 0 and noting that r 1 < b we apply the Division Algorithm again to see that there exist q, r with 0 r < r 1 and b = q r 1 + r We iterate this process until we reach a remainder 9 r k+1 = 0: (Line 1) a = q 1 b + r 1 (Line ) b = q r 1 + r (Line 3) r 1 = q 3 r + r 3. (Line k 1) r k 3 = q k 1 r k + r k 1 (Line k) r k = q k r k 1 + r k (Line k + 1) r k 1 = q k+1 r k + 0 9 To help distinguish quotients from remainders, when working the Algorithm we will type all remainders a, b, r 1, r,... in boldface; observe how one can trace the same remainder diagonally from one line to the next. 8
We can now state the important result: Theorem 5.3. The Euclidean Algorithm always terminates with final non-zero remainder r k = gcd(a, b). Proof. First observe that the sequence a > b > r 1 > r > r 3 > > 0 is a decreasing sequence of positive integers. At worst, one might imagine that this sequence takes b steps to reach 0 (in practice it requires far fewer). We may therefore follow the algorithm for any pair of integers a > b > 0 and be assured of its termination. Now let d = gcd(a, b) and consider the first line of the Algorithm: a = q 1 b + r 1 Certainly r 1 = a q 1 b is divisible by d, whence d is a common divisor of b and r 1. Moreover, if c were any larger common divisor of b and r 1, then c would divide a = bq 1 + r 1 and necessarily be a larger common divisor of a, b than d = gcd(a, b). This is a contradiction, whence gcd(b, r 1 ) = gcd(a, b) Iterating this (strictly by induction) we obtain gcd(a, b) = gcd(b, r 1 ) = gcd(r 1, r ) = = gcd(r k 1, r k ) = gcd(r k q k+1, r k ) = r k Note that if a or b are negative, you may still apply the Theorem to the pair a, b before compensating for the sign afterwards. Example We use the Algorithm to compute gcd(161, 1) 161 = 1 140 + 1 140 = 6 1 + 14 1 = 1 14 + 7 14 = 7 = gcd(161, 140) = 7 We could easily have done this by listing the positive divisors of 1 (there are only 1, 3, 7, 1) and checking which of these is also a divisor of 161, but it is good to see the Algorithm at work. For larger a, b, finding all the divisors is prohibitively time-consuming, whereas the Euclidean Algorithm will always do the job in a (relatively) efficient manner. Bézout s Identity The next result is of great importance: not only does it allow us to write the GCD of two numbers in a special way, it tells us how we can construct those numbers. There are a great many existence theorems in Mathematics, but few of them tell you explicitly how to construct the desired objects. Theorem 5.4 (Extended Euclidean Algorithm/Bézout s Identity). Suppose that a, b Z are not both zero. Then there exist integers x, y such that gcd(a, b) = ax + by 9
Proof. Suppose that d = gcd(a, b). In the Euclidean Algroithm this appears in the penultimate line (line k), which can be rearranged to write d as an integer linear combination of the remainders r k and r k 1 : d = r k = r k q k r k 1 Move one line up the Algorithm: we can substitute for r k 1 (using line k 1): r k 1 = r k 3 q k 1 r k = d = r k q k (r k 3 q k 1 r k ) = (1 + q k 1 q k )r k q k r k 3 We now have an expression for d as an integer linear combination of the remainders r k and r k 3. Simply continue moving up the Algorithm ans substituting: after substituting for r j using line j, we will obtain an expression d = α j 1 r j 1 + α j r j where α j 1, α j Z. Eventually one reaches the first line of the Algorithm resulting in an integer linear combination for d in terms of the a and b. The proof is much easier to follow with our above example where d = r = 7. 7 = 1 1 14 (rearrange line 3) = 1 (140 6 1) (substitute for r = 14 using line ) = 140 + 7 1 = 140 + 7 (161 140) (substitute for r 1 = 1 using line 1) = 7 161 8 140 We therefore obtain 7 = 161x + 140y where (x, y) = (7, 8). Example Find d = gcd(113, 490) and integers x, y such that d = 113x + 490y Simply apply the Algorithm: 113 = 490 + 15 490 = 3 15 + 34 15 = 4 34 + 16 34 = 16 + 16 = 8 = gcd(113, 490) = We therefore have d =. Now reverse the steps of the Algorithm: = 34 16 (line 4) = 34 (15 4 34) = 9 34 15 (line 3) = 9 (490 3 15) 15 = 9 490 9 15 (line ) = 9 490 9 (113 490) = 67 490 9 113 (line 1) Hence (x, y) = ( 9, 67) is a solution to d = 113x + 490y. 10
As an example of the immediate theoretical power of Theorem 5.4 we prove the following: Corollary 5.5. Suppose that gcd(a, b) = 1 and a bc. Then a c. Proof. Since gcd(a, b) = 1, there exist integers x, y such that ax + by = 1. But then (ac)x + (bc)y = c, whence a bc = a LHS = a c Well-ordering, or the Least Integer Principle Recall that a set (of numbers) is well-ordered if every non-empty subset has a minimum element. In particular the natural numbers form a well-ordered set. In this context, well-ordering is also known as the least integer principle: any non-empty subset of the positive integers has a minimum element. We have now used this concept twice: 1. In the proof of the Division Algorithm, to guarantee the existence of r = min S.. To obtain a contradiction in the proof of the Euclidean Algorithm. The set of remainders {b, r 1, r,...} is a non-empty set of natural numbers: this has a minimum and since the remainders are decreasing, the minimum must be the last remainder. This second application of well-ordering is used repeatedly in Number Theory in particular in the method of descent. In short, any decreasing sequence of positive integers much have a minimum and therefore a finite length. The observation depends crucially on the terms of the sequence being positive integers; a decreasing sequence of positive rational numbers can be infinitely long (e.g. (1, 1, 1 3, 1 4,...)). 6 Linear Diophantine Equations A Linear Diophantine equation is an equation of the form ax + by = c where a, b, c Z are given and we are interested only in integer solutions (x, y). As the previous section shows we have already found solutions to some such equations: if c = gcd(a, b) then Bézout s Identity tells us how to find a solution. As this section shows, Bézout s Identity is essentially all one needs to deal with all linear equations. To see this, we use Bézout s Identity to obtain an important visualization of the GCD of two numbers. Theorem 6.1. If a, b Z are not both zero, then d = gcd(a, b) is the least positive member of the set D = {ax + by : x, y Z} Moreover, if E = {md : m Z} is the set of all integer multiples of d, then E = D. Proof. If one of a or b were zero then the GCD is the other and the theorem is trivial. If either is negative, consider a, b and observe that the sets D are independent of the signs of a, b. We thus assume without loss of generality that a > b > 0 and that we have applied the Euclidean Algorithm and its Extension to obtain integers x, y such that d = ax + by 11
We have therefore shown that d D 1. Moreover, we easily see that md = a(mx) + b(my) D = E D Conversely, d ax + by for all X, Y Z; every element ax + by D is therefore a multiple of d and so D E. The two sets are identical. Finally observe that d is clearly the least positive element of E. Corollary 6.. The Diophantine equation ax + by = c has a solution if and only if gcd(a, b) c. Proof. We have a solution iff c D which, by the Theorem, is iff c is a multiple of d = gcd(a, b). Example Show that 147x 45y = has no solutions in integers. 147 = 3 45 + 1 45 = 3 1 + 9 = gcd(147, 45) = 3 1 = 1 9 + 3 9 = 3 3 Since {147x 45y : x, y Z} = {3n : n Z} does not contain, there are no solutions to the equation. General Solutions We have already seen (Corollary 6.) that ax + by = c has a solution in integers iff d = gcd(a, b) c, and how, when a solution exists, to find one using the Extended Euclidean algorithm (Theorem 5.4). Here we find all solutions to such an equation. Suppose that d c so that we have a solution (x 0, y 0 ) to ax + by = c. Moreover, suppose that (x 1, y 1 ) is another solution. Then a(x 1 x 0 ) + b(y 1 y 0 ) = (ax 1 + by 1 ) (ax 0 + by 0 ) = c c = 0 It follows that the difference (x 1 x 0, y 1 y 0 ) is a solution to the associated homogeneous equation 10 ax + by = 0 Indeed we see that ax + by = c (x, y) = (x 0, y 0 ) + (x h, y h ) where ax h + by h = 0 It remains to solve the homogeneous equation. For this, divide by d to obtain a d x h + b d y h = 0 = b d y h = a d x h ( ) ( ) Note that the coefficients are integers and that gcd a d, b d = 1. Since b d divides ( ), we may appeal to Corollary 5.5 to see that b d divides x h. We quickly conclude that x h = b d t and y h = a t for some t Z. d Indeed we have proved the following: 10 This method of solution is analogous to the standard approach to inhomogeneous linear ordinary differential equations, and to non-homogeneous linear algebra problems Ax = b. 1
Theorem 6.3. The Diophantine equation ax + by = c has a solution iff d c where d = gcd(a, b). In such a case there are infinitely many solutions: if (x 0, y 0 ) is a given solution then all may be found using the formula (x, y) = (x 0 + bd t, y 0 ad ) t where t Z We have therefore reduced the problem to finding the GCD d = gcd(a, b) and a single solution (x 0, y 0 ) to ax + by = c. Thankfully the (Extended) Euclidean Algorithm does both for us! Remember to take care to solve the correct equation; Bézout s Identity only solves ax + by = d: if d = c then multiply your solution (x 0, y 0 ) accordingly. Moreover, if the signs of a, b are not positive take this into account in your final answer. 1. Find all the solutions to the Diophantine equation 161x + 140y = 14. From before we have d = gcd(161, 140) = 7 and a solution (7, 8) to 161x + 140y = 7. Multiplying this by to obtain a solution to the desired equation, we see that the general solution to 161x + 140y = 14 is ( (x, y) = 14 + 140 161 t, 16 7 7 t ) = ( 14 + 0t, 16 3t) : t Z. Find all the solutions in integers to the equation 490x 113y = 4. We know that d = gcd(113, 490) = and that ( 9, 67) is a solution to 113x + 490y =. Rearranging this and taking the signs into account, we see that (x 0, y 0 ) = (134, 58) is a solution to the equation of interest. Hence the general solution is ( (x, y) = 134 + 113 490 t, 58 + t, 7 Primes and Unique Factorization ) = (134 + 566t, 58 + 45t) : t Z. Now we turn to the building blocks of the integers, the prime numbers. Intuitively we understand what a prime is and that a positive integer can be decomposed into a product of primes: e.g. 156 = 3 13 The primary question for this section involves establishing that 156 cannot be factored into primes in any other way. Indeed the same is true for all positive integers: up to reordering there is one, and only one, decomposition as a product of primes. This famous result is known as the Unique Factorization Theorem or the Fundamental Theorem of Arithmetic. You have probably come across two different notions of a prime number: 1. A prime is an integer whose only positive divisors are 1 and itself.. A prime is an integer which, if it divides a product of integers must divide at least one of them. In abstract algebra, the first notion is known as irreducibility and the second primality. The challenge of proving unique factorization is showing the uniqueness part which, in essence, amounts to showing that these two concepts are the same. We restate the definitions for clarity. 13
Definition 7.1. Let z be an integer. We say that z is: Irreducible if, for any positive k, we have k z = k = 1 or k = z. Composite if z is not irreducible. Prime if z ab = z a or z b. We also refer to ±1 as units. 11 We will build up to Unique Factorization in two stages. First we show that every positive integer may be factored in terms of irreducibles. Then, by showing that primes and irreducibles are identical, we see that said factorization is unique. Irreducibiles and Composites First observe that a composite number z must have a positive divisor which is neither 1 nor z. That is, z is composite iff there exists a, b neither of which are units such that z = ab. Lemma 7.. Every composite number is divisible by an irreducible. Proof. Suppose that z is composite, but has no irreducible factors. Then: We may write z = a 1 b 1 where a 1, b 1 are not irreducible, and thus must be composites. If a 1 had an irreducible factor then this would be an irreducible factor of z. Hence a 1 is composite and may be written a 1 = a b for a, b composite. We may repeat the process ad infinitum: z = a 1 b 1 = a b b 1 = a 3 b 3 b b 1 = Since each b n we see that (a 1, a, a 3, a 4,...) is a decreasing sequence of positive integers. This is a contradiction. We conclude that z must have an irreducible factor. We can use Lemma 7. to prove Euclid s famous theorem that the set of irreducibles (primes) is infinite. Theorem 7.3. There are infinitely many irreducibles. Proof. Suppose that {p 1,..., p n } constitutes all the irreducibles and consider P := p 1 p n + 1. By Lemma 7., P has an irreducible factor p which, by assumption, is one of our irreducibles p i. But then p P and p p 1 p n = p 1 This contradicts the fact that p. 11 In a pure algebra sense, we should also deal with negative numbers and state that, for instance, is prime/irreducible. Don t worry if this makes you uncomfortable: we won t do this! 14
Theorem 7.4 (Fundamental Theorem of Arithmetic, part 1 (existence)). Every integer a may be factorized into irreducibles: that is a = p 1 p n where p 1,..., p n are a list of irreducibles. Proof. This is algorithmic. If a is irreducible, we are done. Otherwise (Lemma 7.) a has an irreducible factor p 1. But then a = p 1 a 1 for some a 1 N. If a 1 is an irreducible p, we are done. If a 1 is composite, apply Lemma 7. again to obtain an irreducible factor p and write a 1 = p a. Continue until the process terminates: we have our factorization a = p 1 p p n If the process never terminates, then we have an infinite sequence (a, a 1, a, a 3,...) of decreasing positive integers; a contradiction. Primes and Irreducibles Lemma 7.5. Every prime is irreducible. Proof. Suppose that p = k 1 k is prime where k 1, k are positive. Then p k 1 or p k ; without loss of generality suppose the former. Then k 1 = pα for some α Z. But then p = pαk = αk = 1 Since we are working in the integers and k > 0, it follows that k = 1 and k 1 = p. Lemma 7.6. Every irreducible is prime. Proof. This is a consequence of Bézout s Identity and the Euclidean Algorithm. Suppose that z is irreducible and that z ab for some integers a, b. Let d = gcd(a, z). Since z is irreducible, there are only two possibilities: d = 1: in this case gcd(a, z) = 1 and z ab implies (Corollary 5.5) that z b. d = z: in this case z a. From now on we can simply refer to irreducibles as primes. Theorem 7.7 (Fundamental Theorem of Arithmetic, part (uniqueness)). Every integer a may be uniquely factorized a = p µ 1 1 pµ n n where p 1 < < p n are a list of primes and each µ i N. 15
Proof. Theorem 7.4 says that we can factor a into irreducibles. Now suppose that we have two distinct such factorizations of a 1 p µ 1 1 pµ n n = p ν 1 1 pν n n Since the factorizations are distinct, we may suppose WLOG that µ 1 > ν 1. But then p µ 1 ν 1 1 p µ pµ n n = p ν pν n n Clearly p 1 LHS whence p 1 RHS. Since p 1 is prime (this is where we use Lemma 7.6) we see that p 1 divides at least one of p,..., p n. This is a contradiction. The result is often stated as follows: Theorem 7.8 (Unique Prime Factorization/Fundamental Theorem of Arithmetic). Every integer a is either 0, a unit, or may be written uniquely as a = up µ 1 1 pµ n n where p 1 < < p n are a list of primes, u is a unit, and each µ i N. Now that we have unique factorization, all manner of obvious things are seen to be true. For instance, suppose that a = p µ 1 1 pµ n n and b = p ν 1 1 pν n n are written in terms of their factorizations, where some of the exponents may need to be zero in order to have the same list of primes. The following should be immediate: 1. b a ν i µ i for all i. In essence, all the primes in b must also be in a.. gcd(a, b) = p min(µ 1,λ 1 ) 1 p min(µ n,λ n ) n. 3. a is a perfect square if and only if every µ i is even (consider a = b then µ i = ν i ). Indeed, look back to our discussion of Pythagorean triples where we used the facts that 4. d m = d m. 5. If ab is a perfect square and gcd(a, b) = 1 then both a and b are perfect squares. These facts are also very easy to prove using unique factorization. 1 Note that some of the exponents µ i, ν i could be zero if the supposed lists of primes were different. 16
Least Common Multiple Definition 7.9. The least common multiple lcm(a, b) of two positive integers a, b is the smallest positive integer divisible by both a and b. In terms of the unique prime decompositions of a and b we clearly have a = p µ 1 1 pµ n n b = p λ 1 1 pλ n n } = lcm(a, b) = p max(µ 1,λ 1 ) 1 p max(µ n,λ n ) n. As ever, we allow some of the µ i, λ i to be zero so as to simultaneously list all primes appearing in both decompositions. Recalling observation above, we see that lcm(a, b) gcd(a, b) = ab. This follows since max(µ i, λ i ) + min(µ i, λ i ) = µ i + λ i for each i. Warning: this formula does not hold for gcd s or lcm s of three or more integers. Example Find lcm(110, 154). We can either do this by brute force, listing the multiples of each number and looking for the smallest in the list, or we may proceed by calculating the GCD instead. By the Euclidean Algorithm we have 154 = 110 1 + 44 110 = 44 + 44 = Using the above formula we see that = gcd(110, 154) = lcm(110, 154) = 110 154 = 5 154 = 770 8 Congruences and Z n A great many problems in number theory rely only on remainders when dividing by an integer. Recall the Division Algorithm: given a Z and n N there exists a unique quotient q and remainder r (both integers) such that a = qn + r, 0 r < n ( ) Motivated by this, we make a definition: Definition 8.1. For each n N, the set of residues modulo n is Z n = {0, 1,..., n 1}. ( ) says that every integer a Z has a unique residue r Z n. a, b Z are said to be congruent modulo n if they have the same residue modulo n. We write this as a b mod n 17
Example We may write 7 3 mod 5, since applying the Division Algorithm yields 7 = 5 1 + and 3 = 5 ( 1) + Indeed both 7 and 1 have residue modulo 5. As a further example of using just this definition, we prove a simple result. Proposition 8.. All perfect squares of integers have remainders 0 or 1 upon dividing by 3. Proof. By the definition, every integer x Z has remainder 0, 1 or upon division by 3. We therefore have three mutually exclusive cases to check: (Remainder zero) We may write x = 3y for some integer y. But then x = 9y = 3(3y ) 0 mod 3 (Remainder one) We may write x = 3y + 1 for some integer y. Then x = 9y + 6y + 1 = 3(3y + y) + 1 1 mod 3 (Remainder two) We may write x = 3y + for some integer y. Then x = 9y + 1y + 4 = 3(3y + 4y + 1) + 1 1 mod 3 A perfect square can therefore never have remainder. This is tedious notation, and we will shortly make it less unwieldy. To start this process we observe that there is an easier way to check whether two integers are congruent modulo n. Theorem 8.3. a b mod n n (a b) Proof. Suppose that a = nq 1 + r 1 and b = nq + r are the results of applying the Division Algorithm to a, b modulo n. We prove each direction separately: ( ) First note that a b mod = r 1 = r = a nq 1 = b nq = a b = n(q q 1 ) Since q q 1 is an integer, this forces a b to be a multiple of n. ( ) Conversely, suppose that a b = kn is a multiple of n. Then r 1 r = (a nq 1 ) (b nq ) = (a b) + n(q q 1 ) = n(k + q q ) This says that r 1 r is an integers multiple of n. Recalling the proof of the Division Algorithm, the fact that n < r 1 r < n forces r 1 r = 0, whence a b mod n. 18
For instance, we can now prove that 7 3 mod 5 simply by observing that 7 ( 3) = 10 is divisible by 5. The advantage should be clear: Theorem 8.3 says that we can compare remainders without computing quotients. Our next goal is to define an arithmetic with remainders: that is, we want to be able to add and multiply remainders without calculating quotients. For instance, it certainly seems reasonable that if x and y have remainders 3 and 5 (respectively) modulo 7, then x 3, y 5 = xy 3 5 15 1 mod 7 so that the product has remainder 1. At the present, we have to justify this in laborious fashion: If x 3 and y 5 modulo 7, then there exist integers k, l such that x = 7k + 3 and y = 7l + 5; but then xy = 7(7kl + 5k + 3l) + 15 = 7(7kl + 5k + 3l + ) + 1 = xy 1 mod 7 We now establish this in general. Theorem 8.4. Suppose that x a, y b modulo n. Then 1. x ± y a ± b mod n. xy ab mod n 3. For any m N, x m a m mod n Proof. We just prove the second: the first is similar, and the third is by induction using the second as the induction step. By Theorem 8.3, there exist integers k, l such that x = kn + a and y = ln + b. But then xy = (kn + a)(ln + b) = n(kln + al + bk) + ab = xy ab mod n According to the theorem, we can now easily compute remainders of complex arithmetic objects; for instance: 1. What is the remainder when 17 113 is divided by 3? Don t bother asking your calculator: 17 113 is 139 digits long so a calculator won t help! Instead we use modular arithmetic: 17 1 mod 3 = 17 113 ( 1) 113 (Theorem 8.4, part 3.) 1 mod 3 (since 113 is odd) Since 1, we conclude that 17 113 has remainder when divided by 3.. Similarly, calculating remainders modulo 10 gives 19 45 43 1 ( 1) 45 3 1 1 9 6 1 ( 1) 6 1 1 8 mod 10 19
3. In this lengthy example, we first search for a power of 4 which is small modulo n = 67: the obvious choice is 4 3 = 64. 4 49 4 (4 3 ) 16 4 ( 3) 16 4 3 16 mod 67 Next we search for a power of 3 which is small: since 3 4 = 81 14 mod 67 we obtain 4 49 4 (3 4 ) 4 4 14 4 mod 67 Now observe that 14 = 196 5 mod 67 and we are almost finished: 4 49 4 ( 5) 4 5 100 33 mod 67 Don t try this without a calculator! Now that we have some better notation, here is a much faster proof of Proposition 8.. Proof. Modulo 3 we have: 0 0, 1 1, 4 1 Hence squares can only have remainders 0 or 1 modulo 3. As an application, we can easily show that in a Pythagorean triple (a, b, c) exactly one of a or b is a multiple of three: just think about the remainders modulo 3: a + b c where each square is congruent to 0 or 1. The only possibilities are 0 + 0 0, 0 + 1 1 and 1 + 0 1, however the first of these says that all three of a, b, c are divisible by three whence the triple is non-primitive. Aside: What is Z n? (for those with some abstract algebra experience) Our notation Z n = {0, 1,..., n 1} for the set of residues is strictly incorrect, for it makes it appear that the elements of Z n are integers. In fact the symbol Z n is used to denote something subtly different. Here is some of the detail: Strictly speaking, congruence modulo n is an equivalence relation on the ring (Z, +, ) of integers. Write Z/ nz = {[0], [1],..., [n 1]} for the set of equivalence classes: that is [x] = [a] x a mod n In this language the subring nz = [0] of multiples of n is an ideal in Z. It follows that the set of equivalence classes Z/ nz inherits a ring structure from Z where addition + n and multiplication n are defined by [x] + n [y] := [x + y], [x] n [y] := [xy] ( We call the triple Z / ) nz, + n, n a quotient or factor ring. Since the notation is very ugly, it is customary to omit the square brackets and subscripts and to denote the new ring by Z n. Thus Z n is the quotient ring of residues modulo n. It is perfectly legitimate to denote the elements of this ring by Z n = {0, 1,..., n 1} 0
as long as one understands that each element is an equivalence class and may be represented by any other element in the class. Thus it is perfectly acceptable to write 1 = 4 in the ring Z 5. This discussion means that we now have three competing notations: for example, if n = 6: Congruence notation: 4 + 5 3 mod 6 Factor ring notation: [4] + 6 [5] = [3] Z n notation: 4 + 5 = 3 This last is clearly the most succinct, but it very easy to be confused: 4, 5 and 3 are not integers in this context, they are elements of a new algebraic structure, namely the ring Z 6. Unless you make it absolutely clear in which ring Z n you are working, you should avoid this notation. Congruence and Division We are able to add, subtract, multiply and take positive integer powers of remainders without issue. Division is another matter entirely. For example, since 8 0 mod 6, we know that 4 4 5 mod 6 ( ) We d like to be able to divide by four, however 5 mod 6. What can we try instead? To motivate the next result, we follow the definition: 13 4 4 5 mod 6 = 4 = 4 5 + 6m for some m Z Dividing this by we see that = 5 + 3m = m = m = l for some l Z But then we may divide by again to correctly conclude = 5 + 3l = 5 mod 3 It appears that we were able to divide ( ) by four, but at the cost of dividing the modulus by : it just so happens that = gcd(4, 6). Theorem 8.5. Suppose that k = 0. If gcd(k, n) = d then ka kb mod n = a b mod n d ( ) Proof. gcd(k, n) = d gcd k d, n d = 1. Therefore ka kb = n k(a b) = n d k (a b) d Since n d and k d are comprime integers, an appeal to Corollary 5.5 tells us that n d a b mod n d. a b. Otherwise said 13 It is obvious that m = but leaving this unsaid makes it easier to see a proof of the following theorem. 1
Examples 1. We divide by 4 in the congruence 1 8 mod 8. Since gcd(4, 8) = 4 we also divide the modulus by 4 to obtain 1 8 mod 8 = 3 7 mod. We divide by 1 in the congruence 1 7 mod 30. Since gcd(1, 30) = 6, we conclude that 1 7 mod 30 = 1 6 mod 5 Aside: Rings and Fields While considering division, it is worth revisiting Corollary 5.5 and Bézout s identity. We know that gcd(a, p) = 1 = x, y Z such that ax + py = 1 Looking at this modulo p, we obtain ax 1 mod p Otherwise said, if a Z p is relatively prime to p then a has a multiplicative inverse x. If p is prime then every non-zero element in the ring Z p has a multiplicative inverse. This is precisely what it means for a ring to be a field. For example: in Z 5 we have 1 = 1 1 = 3 = 4 4 = 1 1 = 1, 1 = 3, 3 1 =, 4 1 = 4 In Z 6 however, we see that the remainder has no multiplicative inverse: x 0 1 3 4 5 x 0 4 0 4 I.e. there is no x such that x 1 mod 6. In general this approach gives us a converse for composite numbers. Suppose that n = ab is composite, where a, b < n: if a Z n had a multiplicative inverse c then we would have ac 1 mod n = abc b = b 0 mod n But this says that b is divisible by n: a contradiction. We conclude: Theorem. Z n is a field if and only if n is prime. Tying this to Theorem 8.5, we see that in a field Z p we can divide by any non-zero remainder while remaining in the same set of remainders.
Congruence Equations We can rephrase our discussion of Linear Diophantine Equations ax c mod m has a solution x y s.t. ax c = my ax my = c has a solution. But this is iff gcd(a, m) c. Indeed: Theorem 8.6. Let d = gcd(a.m). The equation ax c mod m has a solution iff d c. If x 0 is such a solution, then all solutions are x = x 0 + k m d : k Z. Indeed, modulo m, there are exactly d solutions x 0, x 0 + m d, x 0 + m d,..., x 0 + (d 1)m d Example 188x 1 mod 1575 has a solution since d = gcd(1575, 188) = 7 and 7 1. Indeed Bézout s identity says 7 = 1575 9 188 11 = 7 188( 11) mod 1575 = x = 33 154 is a solution. Since m d = 1575 7 = 5 in this case, we see that all solutions are then {x 33 + 5k : k = 0,..., 6} = {19, 417, 64, 867, 109, 1317, 154}. Polynomial Congruence Equations Consider the quadratic equation x + 3x 0 mod 10. One can easily check by plugging in the remainders 0,..., 9 that the solutions to this equation are x 0,, 5, 7 mod 10 This is perhaps surprising. We are used to quadratic equations having at most two solutions. Now consider the same equation modulo the two prime divisors of 10, namely and 5. Indeed it should be clear that { x x + 3x 0 mod, and, + 3x 0 mod 10 x + 3x 0 mod 5. Again we can check by substituting values for x, that x + 3x 0 mod x 0, 1 mod, x + 3x 0 mod 5 x 0, mod 5. Sanity is restored! Indeed, we can even factorize like we are used to: x + 3x x x x(x 1) mod, x + 3x x x x(x ) mod 5. Modulo 10, we have two distinct factorizations: x + 3x x(x 7) (x )(x 5) mod 10. For general polynomial congruences, the same sort of thing is true, but only when the modulus is prime. 3
Theorem 8.7 (Lagrange). Let p be prime and f (x) a degree n polynomial with integer coefficients. Then the congruence f (x) 0 mod p has at most n distinct roots modulo p. Of course Lagrange s Theorem is useless for polynomial congruences such as x 39 + 5x + 1 0 mod 17. There are only 17 distinct values of x to try, and so the congruence can only have a maximum of 17 solutions, not the 39 given by Lagrange s Theorem. Aside: a (sketch) proof of Lagrange s Theorem Since we ve not done all the preliminaries for a proof of Lagrange s Theorem, we provide only a sketch. One needs a little more algebra than we have, in particular the division algorithm in the ring Z[x] of polynomial with integers coefficients. Suppose that f (c 1 ) 0 mod p. Then there exist polynomials q(x), r(x) satisfying { f (x) = (x c 1 )q(x) + r(x) 0 deg(r) < deg(x c 1 ) = 1 Since the degree of the remainder r(x) must be zero, we see that it is constant. Moreover f (c 1 ) 0 = r 0 mod p. We conclude that (x c 1 ) is a factor of f (x) modulo p. Proof. Suppose that we find n roots of the equation. According to the division algorithm above, we may therefore totally factorize f (x) as f (x) = a(x c 1 ) (x c n ). Since the degree of both sides is n we cannot divide out by any further linear factors. Now suppose that ξ c 1,..., c n mod p. Then ξ c i 0 mod p for all i. Since products of non-zero elements in a field Z p are non-zero we must have f (ξ) = 0. There are thus at most n roots of the polynomial congruence. In fact, the ring of polynomials Z p [x] with coefficients in the field Z p has a Euclidean Algorithm, and therefore a unique factorization theorem. This means that there is only one way to factorize any polynomial modulo p, but this takes us beyond the scope of the course. The practical upshot is that you can hunt for roots of f (x) 0 modulo p by extracting a linear factor f (x) (x c 1 )q(x), then searching for roots of q(x) 0, exactly as you would for polynomials with real coefficients. Lagrange s Theorem is completely useless in the situation when n p as there can only be at most p solutions to any equation modulo p. Examples 1. Factorize f (x) = x 3 + x + 4x + 3 over Z 5. By inspection we see that x ±1, are solutions. By Lagrange s Theorem these are the only solutions and we can factorize f (x) (x 1)(x + 1)(x + ) mod 5. We know that the factorization is unique and there are no other solutions, but it is worth seeing it played out in stages. f (x) x 3 + x + 4x + 3 (x 1)(x + 3x + 7) (spot x 1 and factorize) 4
(x 1)(x + 3x + ) (x 1)(x + 1)(x + ) (simplify) (spot x 1 and factorize). Note that Lagrange only says that there are at most n solutions modulo p. Consider the polynomial f (x) = x + x + 1 mod. It is easy to check that this has no solutions. 14 3. Here is another example of a quadratic with four roots: modulo 6 we have f (x) x 5x x(x 5) (x )(x 3). Comparing with example 1, note that we can t simply factor out (x 0) from x 5x because the factorization need not be unique. This is because 6 is not prime. 4. We find all solutions to x + 14x 3 0 mod 18. While you may feel it is fastest to try all remainders 0, 1,..., 17 with your calculator, we give a more systematic approach. x is a solution if and only if both { x + 14x 3 x 1 0 mod x odd, and, x + 14x 3 x + 5x 3 0 mod 9. The second condition implies that x + x 0 mod 3 which, by factoring, yields x 0, 1 mod 3. We therefore try x 0, 1, 3, 4, 6, 7 mod 9 and observe that only x 6, 7 mod 9 work. We therefore have to solve two different sets of equations: { x 1 mod, x 6 mod 9, or { x 1 mod, x 7 mod 9. We have two sets of simultaneous equations. In general, the Chinese Remainder Theorem (later) can deal with these, but these are so simple that there s no need. For instance x 6 mod 9 = x 6, 15 mod 18 If x must also be odd (and 18 is even), only x 15 mod 18 will do. Similarly, the second simultaneous congruence has solution x 7 mod 18. 5. Find all solutions to x 3 x + 1 0 mod 1. We easily spot that x 1 mod 1 is a solution. Are there others? Considering the primes dividing 1 we see that any solution must satisfy x 3 x + 1 (x 1)(x + x 1) 0 mod and mod 3. It is clear by inspection that the only solutions modulo and 3 are x 1. It follows that any solution must satisfy x 1 mod 6. Stepping this up to modulo 1, we should try x 1 and x 7 mod 1. The first is certainly a solution. As for the latter, 7 3 7 + 1 7 49 14 + 1 7 + 1 6 mod 1 It follows that the only solution is x 1 mod 1. 14 In the language of Section 7, f is an irreducible polynomial in the ring Z [x]. 5
9 Congruences, Powers and Fermat s Little Theorem Fermat s Little 15 Theorem provides a useful trick for simplifying large powers in congruence equations. Perhaps the simplest proof relies on a simple fact about the residues modulo a prime. Lemma 9.1. Let p be a prime and a be a positive integer less than p. Then numbers a, a, 3a, 4a,..., (p 1)a constitute all the non-zero remainders modulo p. Otherwise said, modulo p these are the numbers 1,, 3,..., p 1 though probably in a different order. Example table: If you re having trouble believing this, try an examples. Let p = 5 and we can create a a a 3a 4a 1 3 4 4 1 3 3 1 4 4 3 1 Notice that every remainder appears exactly once in each row. If we try to repeat with a non-prime, say p = 6, we get a different story: a a 3a 4a 5a 1 3 4 5 4 0 4 3 0 3 0 3 4 0 4 5 4 3 1 The only lines in which all the non-zero remainders appear are when a = 1 or a = 5. This will be important in the next section: these are precisely the remainders a for which gcd(a, 6) = 1. With primes, we always have gcd(a, p) = 1, and this forms the heart of the proof. Proof. If 1 a p 1 and p is prime, then gcd(a, p) = 1. Suppose that two of the remainders xa, ya were equal. Appealing to Theorem 8.5, we can divide by a to obtain xa ya = x y mod p It follows that the numbers a, a,..., (p 1)a are distinct modulo p. Moreover, none are zero, since none are divisible by p. Corollary 9. (Fermat s Little Theorem). If p is prime and p a then a p 1 1 mod p Proof. Multiply the remainders a, a,..., a(p 1) together. Since these are just the remainders 1,,..., p 1 in a different order, we obtain a p 1 (p 1)! (p 1)! mod p Since p is prime and gcd ( (p 1)!, p) = 1 we must be able to divide by (p 1)!. The result follows. 15 To distinguish it from his famous last. 6
Examples Here are a few examples of using Fermat s Little Theorem to simplify calculations. Doing these without the Theorem is very tedious! 1. Since 39 is not divisible by the prime 137, we instantly see that 39 136 1 mod 137. Compute the remainder when 66 98 is divided by 97. Since 97 is prime and 66 is coprime to it, we can apply Fermat s Little Theorem: 66 98 66 97 1 66 66 mod 97 ( 31) 961 9 88 mod 97 3. This time we employ the Theorem to help solve the high-powered congruence x 74 1 mod 37. First note that x 0. If there is a solution, we see that the theorem applies. But then x 37 1 x 36 1 mod 37. Since 74 = 36 + we conclude that 1 x 74 (x 36 ) x x mod 37 We have therefore reduced the congruence to something much more manageable. Finally, we consider numbers congruent to 1 modulo 37: we don t have far to look before we find a perfect square! 1, 49,... Thus x 7 is a solution, which says that x 7 30 is another. By Lagrange s Theorem, there are at most two solutions to this congruence: we conclude x 74 1 x 7, 30 mod 37 Theorem 9.3 (Wilson s Theorem). If p is prime then (p 1)! 1 mod p. Proof. Consider the polynomial congruence g(x) (x p 1 1) (x 1)(x ) (x (p 1) ) 0 mod p We can attack this using two theorems: Multiplying out and cancelling the x p 1 terms, we see that g has degree at most p. Lagrange s Theorem says that g(x) 0 can have at most p distinct roots. Fermat s little theorem says that the congruence has at least p 1 distinct roots, namely x 1,,..., p 1. The only way to make sense of this is if g(x) is not a polynomial at all: it is identically zero modulo p. It follows that x p 1 1 (x 1)(x ) (x (p 1) ) mod p Evaluating at x 0 yields the result. 7