Quadratic Congruences, the Quadratic Formula, and Euler s Criterion

Similar documents
Solving the general quadratic congruence. y 2 Δ (mod p),

The Chinese Remainder Theorem

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

Chapter 5. Modular arithmetic. 5.1 The modular ring

MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Lecture 7 Cyclic groups and subgroups

The primitive root theorem

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

3.2 Solving linear congruences. v3

Homework #2 solutions Due: June 15, 2012

Math Introduction to Modern Algebra

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

7. Prime Numbers Part VI of PJE

Mathematics for Cryptography

Homework due on Monday, October 22

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

The security of RSA (part 1) The security of RSA (part 1)

FIXED-POINT FREE ENDOMORPHISMS OF GROUPS RELATED TO FINITE FIELDS

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

MATH 115, SUMMER 2012 LECTURE 12

Public-key Cryptography: Theory and Practice

CYCLICITY OF (Z/(p))

Quizzes for Math 401

Number Theory. Modular Arithmetic

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Basic elements of number theory

Basic elements of number theory

x 2 a mod m. has a solution. Theorem 13.2 (Euler s Criterion). Let p be an odd prime. The congruence x 2 1 mod p,

Euler s, Fermat s and Wilson s Theorems

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

3+4=2 5+6=3 7 4=4. a + b =(a + b) mod m

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

1 Structure of Finite Fields

5 Group theory. 5.1 Binary operations

NOTES ON FINITE FIELDS

Chapter 3. Rings. The basic commutative rings in mathematics are the integers Z, the. Examples

Section VI.33. Finite Fields

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Math 120 HW 9 Solutions

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

Part II. Number Theory. Year

Algebra SEP Solutions

MTH 346: The Chinese Remainder Theorem

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Congruences and Residue Class Rings

Commutative Rings and Fields

The Chinese Remainder Theorem

Rings of Residues. S. F. Ellermeyer. September 18, ; [1] m

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Math 118: Advanced Number Theory. Samit Dasgupta and Gary Kirby

LECTURE NOTES IN CRYPTOGRAPHY

CS 514, Mathematics for Computer Science Mid-semester Exam, Autumn 2017 Department of Computer Science and Engineering IIT Guwahati

4. Congruence Classes

School of Mathematics and Statistics. MT5836 Galois Theory. Handout 0: Course Information

A field F is a set of numbers that includes the two numbers 0 and 1 and satisfies the properties:

COUNTING SEPARABLE POLYNOMIALS IN Z/n[x]

Number Theory and Algebra: A Brief Introduction

Discrete Mathematics with Applications MATH236

ECEN 5022 Cryptography

1 2 3 style total. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

CHAPTER 14. Ideals and Factor Rings

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

A. Algebra and Number Theory

MATH 361: NUMBER THEORY FOURTH LECTURE

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Course 2316 Sample Paper 1

CYCLOTOMIC POLYNOMIALS

Chapter 3 Basic Number Theory

CYCLOTOMIC POLYNOMIALS

Mahler s Polynomials and the Roots of Unity

Exercises MAT2200 spring 2014 Ark 5 Rings and fields and factorization of polynomials

A Generalization of Wilson s Theorem

Math 546, Exam 2 Information.

Moreover this binary operation satisfies the following properties

MATH 361: NUMBER THEORY TENTH LECTURE

(1) A frac = b : a, b A, b 0. We can define addition and multiplication of fractions as we normally would. a b + c d

Quasi-reducible Polynomials

w d : Y 0 (N) Y 0 (N)

Mathematics of Cryptography

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

ORDERS OF ELEMENTS IN A GROUP

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

To solve a radical equation, you must take both sides of an equation to a power.

Homework 7 solutions M328K by Mark Lindberg/Marie-Amelie Lawn

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

Summary Slides for MATH 342 June 25, 2018

Introduction to Number Theory

Basic Definitions: Group, subgroup, order of a group, order of an element, Abelian, center, centralizer, identity, inverse, closed.

Transcription:

Quadratic Congruences, the Quadratic Formula, and Euler s Criterion R. C. Trinity University Number Theory

Introduction Let R be a (commutative) ring in which 2 = 1 R + 1 R R. Consider a quadratic equation of the form ax 2 + bx + c = 0, a R. (1) In this situation we can complete the square in the usual way: ax 2 +bx +c = a(x 2 +ba 1 x)+c = a(x +ba 1 2 1 ) 2 +c b 2 a 1 2 2 Equating with zero, adding b 2 a 1 2 2 c to both sides and multiplying both sides by 2 2 a, (1) becomes Here we have used the fact that 4a 2 (x + ba 1 2 1 ) 2 = b 2 4ac. (2) 2 2 = (1 R + 1 R )(1 R + 1 R ) = 1 R + 1 R + 1 R + 1 R = 4.

The Quadratic Formula It follows that (2) (and hence (1)) has solutions iff We then have = b 2 4ac }{{} the discriminant = k 2, k R. (3) 2a(x + ba 1 2 1 ) = b 2 4ac 2ax + b = b 2 4ac ( x = (2a) 1 b + ) b 2 4ac, where k = b 2 4ac denotes any solution to (3). This is the familiar quadratic formula for the solutions to (1), valid in any ring R in which 2a R.

Quadratic Congruences A quadratic congruence has the form ax 2 + bx + c 0 (mod n), a, b, c Z. To solve this congruence we will view it as an equation in Z/nZ. Write n = p m 1 1 pm 2 2 p m k k with p i distinct primes and m i N. Recall the ring isomorphism of the CRT: ρ : Z/nZ k i=1 Z/p m i i Z, r + nz (r + p m i i Z) k i=1.

Given a ring R, we can interpret any t Z as an element of R by setting t = t 1 R. We then let S(R) = {r R ar 2 + br + c = 0}. If σ : R R is a ring isomorphism, one can show that is a bijection. σ : S(R) S(R ) One can also show that S(R 1 R 2 R k ) = S(R 1 ) S(R 2 ) S(R k ).

Applying these observations to ρ and Z/nZ we find that we have a bijection k ρ : S(Z/nZ) S(Z/p m i i Z). This proves the following result. i=1 Theorem The solutions to the quadratic congruence can be found by solving ax 2 + bx + c 0 (mod n) ax 2 + bx + c 0 (mod p m i i ), i = 1, 2,..., k, and gluing tuples of solutions together using the CRT.

Corollary The number of solutions (modulo n) to the quadratic congruence ax 2 + bx + c 0 (mod n) is the product of the numbers of solutions (modulo p m i i ) to ax 2 + bx + c 0 (mod p m i i ), i = 1, 2,..., k. We have therefore reduced the study of quadratic congruences to the case of prime power modulus, p m. Since the quadratic formula only holds when 2a (Z/p m Z), we will assume p is odd and p a.

Euler s Criterion Looking at the quadratic formula, we see that we are faced with two questions: How can we tell if is a square in (Z/p m Z)? How can we find all of the values of in (Z/p m Z)? Because (Z/p m Z) is cyclic, the first question has a straightforward answer. Theorem (Euler s Criterion) Let G be a finite cyclic group of even order and a G. Write G(2) = {e, h}. Then { a G /2 e if a = b 2 for some b G, = h otherwise.

Proof. Notice that (a G /2 ) 2 = a G = e a G /2 G(2) = {e, h}. It therefore suffices to prove that a G /2 = e iff a = b 2. ( ) If a = b 2, then a G /2 = (b 2 ) G /2 = b G = e. ( ) Write G = g, a = g k. If a G /2 = e, then (g k ) G /2 = e and g k G /2 = e G k G 2 G 2 k G 2 k. Writing k = 2m we have a = g k = g 2m = (g m ) 2.

Recall that for an odd prime p, if G = (Z/p m Z), then 1 + p m Z 1 + p m Z are the two elements of G(2). Corollary (Euler s Criterion (mod p m )) Let p be an odd prime and m N. If p a, then { a pm 1 (p 1)/2 1 (mod p m ) if a b 2 (mod p m ) for some b, 1 (mod p m ) otherwise. Remarks: Because we have an efficient way to compute powers modulo p m, Euler s criterion is a very effective way to detect squares modulo p m. One can state the corollary a bit more generally, replacing p m with any n for which (Z/nZ) is cyclic and using the exponent ϕ(n)/2 instead.

Example Determine if 784967 is a square modulo 37 5. What about 19754611? We use repeated squaring to compute 784967 374 18 1 (mod 37 5 ), 19754611 374 18 1 (mod 37 5 ). Hence the former is a square (mod 37) while the latter is not. Remark: Euler s criterion does not tell us what the square roots of 784967 (mod 37 5 ) actually em are. They turn out to be ±47205606.

How Many Squares? The proof of Euler s Criterion also establishes the following useful result. Corollary Let G = g be a finite cyclic group of even order. Then a G is a square if and only if it is an even power of g. In particular, exactly half of the elements of G are squares. Proof. The only thing we need to establish is the final sentence. The elements of G are e, g, g 2, g 3,..., g G 1.

(cont.) According to the first part of the corollary: the G /2 even exponents 0, 2, 4,..., G 2 yield squares; the G /2 odd exponents 1, 3, 5,..., G 1 do not. Now that we have an effective way of detecting squares modulo p m, we turn to the question of how many square roots there are. The following general result provides the answer. Theorem Let G be a finite cyclic group of even order. If a G is a square, then the equation x 2 = a has exactly two solutions in G.

Proof. Write G(2) = {e, h}. If a is a square, we can write a = b 2. Suppose c 2 = a as well. Then c 2 = a = b 2 b 2 c 2 = e (b 1 c) 2 = e b 1 c G(2). Hence b 1 c = e or b 1 c = h, i.e. c = b or c = bh. Therefore b and bh are the only solutions to x 2 = a. Since h e, this proves the result. Remark: This generalizes the result that G(2) = 2 for finite cyclic groups of even order, which is the case a = e.

Back to (Z/p m Z) Suppose that a + p m Z (Z/p m Z) is a square. Write a + p m Z = (b + p m Z) 2 = b 2 + p m Z. According to an earlier comment and the proof of the theorem, ±b + p m Z must be the (only) two square roots of a + pz. Corollary Let p be an odd prime, m N and a (Z/p m Z) a square. Then a has exactly two square roots and they are (additive) inverses of each other. Remark: Later we will see how to obtain a square root (mod p m ) from one (mod p). There exist efficient algorithms for finding square roots (mod p), but they are a bit too tricky for us.

Back to Z/nZ We can now strengthen our earlier statement on the number of solutions to a quadratic congruence. Theorem Consider the quadratic congruence ax 2 + bx + c 0 (mod n). (4) If = b 2 4ac and (2a, n) = 1, then (4) has a solution if and only if is a square modulo p m for each prime power dividing n. In this case, (4) has exactly 2 k incongruent solutions modulo n, where k is the number of prime divisors of n. We already know that the number of solutions (mod n) is the product of the numbers of solutions (mod p m ).

According to the quadratic formula and the final corollary above, the number of solutions (mod p m ) is 2 or 0, depending on whether or not + p m Z is a square in (Z/p m Z). So we have solutions to (4) if and only if is a square (mod p m ) for every p m dividing n, and there will be exactly 2 k solutions in this case. This completes the proof. Example Solve the quadratic congruence x 2 + 3x + 17 0 (mod 315).

We have a = 1 and = 3 2 4 17 = 9 68 = 59. Since n = 315 = 3 2 5 7, (2a, n) = 1. Furthermore 1 1 2 (mod 5), 4 2 2 (mod 7), 4 2 2 (mod 9). Hence the original congruence has 2 3 solutions.

Since the inverse of 2 is 3(mod 5), 4(mod 7), 5(mod 9),the quadratic formula yields the solutions x 3( 3 ± 1) 3, 4 (mod 5), x 4( 3 ± 2) 1, 3 (mod 7), x 5( 3 ± 2) 2, 4 (mod 9), Using the CRT to solve the system arising from every possible combination of roots we obtain x 29, 38, 94, 148, 164, 218, 274, 283 (mod 315).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback