Download MTH6128 Number Theory 1 Overview and revision

MTH6128
Number Theory
Notes 1
1
Spring 2017
Overview and revision
In this section we will meet some of the concerns of Number Theory, and have a
brief revision of some of the relevant material from Introduction to Algebra.
1.1
Overview
Number theory is about properties of the natural numbers, integers, or rational
numbers, such as the following:
• Given a natural number n, is it prime or composite? If it is composite, how
can we factorise it?
• How many solutions do equations like x2 + y 2 = n or xn + y n = z n have for
fixed n, where the variables are required to be natural numbers?
• How closely can we approximate a given irrational number by rational
numbers which are not too complicated?
• How many primes are there less than 1012 (or any other bound we might
choose)? Are more primes of the form 4k + 1 than 4k − 1, or vice versa?
Some of these questions are interesting because properties of numbers have
fascinated humans for thousands of years. On the other hand, some of them (such
as primality testing and factorisation) are of very great practical importance: the
secret codes that keep internet commerce secure depend on properties of numbers
such as primality, factorisation, and modular arithmetic.
Not all these questions will be covered in the course. But here are some
problems, which turn out to be closely related to one another, which we will
consider. Let p be an odd prime number.
1
• Can we express p in the form x2 + y 2 for some natural numbers x and y?
(For example, 13 = 32 + 22 , but 19 cannot be written in this form, as you
can check.)
• Given a natural number a, is it congruent to the square of a number x
modulo p? How do we tell? (For example, −1 ≡ 52 (mod 13), but there is
no solution to −1 ≡ x2 (mod 19).)
• Does the equation x2 −py 2 = 1 have a solution? What about x2 −py 2 = −1?
For example, 182 − 13 · 52 = −1, but there is no solution to x2 − 19y 2 = −1.
√
• How closely can p be approximated by a rational number? For example,
√
2 is approximately equal to 141421/100000, but 1393/985 is an even
better approximation, and has much smaller numerator and denominator.
How does one find such good approximations?
1.2
Euclid’s algorithm
We will always count 0 as being a natural number.
We recall that, if a and b are natural numbers and b > 0, then there exist
unique natural numbers q and r such that a = bq + r, with 0 ≤ r < b. The
numbers q and r are the quotient and remainder when a is divided by b. We
sometimes write q = a div b and r = a mod b. If a mod b = 0, we say that b divides
a and write b | a.
Note: Don’t confuse a | b with a/b. The first, a | b, is a relation which is
”true” if a divides b and ”false” otherwise. The second, a/b, is a number. It is
correct to say that, if a and b are integers and a 6= 0, then a | b holds if and only
if b/a is an integer. But 0 | 0 is true (WHY??), whereas 0/0 is meaningless.
The greatest common divisor gcd(a, b) of two integers a and b is the natural
number d characterised by the following properties:
• d | a and d | b;
• if e is a natural number satisfying e | a and e | b, then e | d.
So, for example, gcd(4, 6) = 2, because
• 2 | 4 and 2 | 6;
• the only numbers that divide both 4 and 6 are ±1 and ±2, and they all
divide 2.
2
If we were using all the integers instead of just the natural numbers, then −2
would also be a correct answer to gcd(4, 6). We usually just take the positive
value, but the negative value works too.
We have gcd(0, 0) = 0 and indeed gcd(n, 0) = n for any integer n. (WHY?)
Euclid’s algorithm is a procedure for finding the greatest common divisor of
two natural numbers a and b. It can be written as a function gcd(a, b), defined
recursively as follows:
a
if b = 0,
gcd(a, b) =
.
gcd(b, a mod b) if b 6= 0
Example Find gcd(225, 157). Here is the calculation:
225
157
68
21
5
=
=
=
=
=
157 · 1 + 68
68 · 2 + 21
21 · 3 + 5
5·4+1
1·5+0
So gcd(225, 157) = 1.
The Euclidean algorithm also finds integers u and v such that
gcd(a, b) = ua + vb.
In the above example, we can work back up the chain:
1 =
=
=
=
21 − 5 · 4
21 − (68 − 21 · 3) · 4 = 21 · 13 − 68 · 4
(157 − 68 · 2) · 13 − 68 · 4 = 157 · 13 − 68 · 30
157 · 13 − (225 − 157) · 30 = 157 · 43 − 225 · 30.
So we have u = −30, v = 43.
Actually, for a natural number d, the following equivalence holds: d =
gcd(a, b) if and only if d | a, d | b and there exist integers u, v with d = ua + vb.
1.3
Primes and factorisation
A natural number p is said to be prime if p > 1 and, whenever p = ab holds for
some natural numbers a and b, we have either a = p, b = 1, or a = 1, b = p. In
3
other words, p is prime if its only factors in the natural numbers are itself and
1, and these factors are different.
We are going to show that every positive integer greater than 1 can be factorised into primes, and the factorisation is unique up to the possibility of writing
the factors in a different order (e.g. 26 = 2 · 13 = 13 · 2). This important result
is sometimes called the Fundamental Theorem of Arithmetic.
The fact that 1 is not counted as being prime is a convention, but is needed
in order for unique factorisation to hold. (If we allowed 1 to be prime, then
6 = 2 · 3 = 1 · 2 · 3 = 1 · 1 · 2 · 3 = · · · would have infinitely many prime
factorisations!)
Lemma 1.1 Let p be prime. If p | ab, then p | a or p | b.
Proof Suppose that p does not divide a. Since the only divisors of p are 1 and
p, and p doesn’t divide a, we must have gcd(a, p) = 1, so there exist integers u
and v with ua + vp = 1. Now b = uab + vpb; and p divides uab (since it divides
ab by assumption) and p divides vpb; so p divides their sum, which is b.
This result immediately extends to products of more than two factors:
Lemma 1.2 Let p be prime. If p | a1 a2 · · · an , then p | ai for some i (1 ≤ i ≤ n).
The idea behind the proof is simple. By the previous lemma, either p | a1 or
p | a2 · · · an . In the first case, we are finished; in the second case, either p | a2 or
p | a3 · · · an ; continue like this until we find p | ai for some i.
Exercise Write down a careful proof by induction of this lemma.
Theorem 1.3 Any natural number greater than 1 can be written as a product
of prime numbers, and this product expression is unique apart from re-ordering
the factors.
Proof We show the existence of a factorisation into primes by induction. Given
a natural number n, if n is prime, then it is the product of just one prime. (This
starts the induction at n = 2, and is also part of the inductive step.) Otherwise,
n has a factorisation n = ab with a, b < n. By the induction hypothesis (since
both a and b are greater than 1 but smaller than n), they have factorisations
into primes; putting them together we have a factorisation of n.
For the uniqueness, we use our lemmas. Suppose that
n = p1 p2 · · · pr = q 1 q2 · · · qs ,
4
where p1 , p2 , . . . , pr , q1 , q2 , . . . , qs are primes. Clearly p1 divides q1 q2 · · · qs ; by the
second lemma, p1 | qi for some i (1 ≤ i ≤ s). By re-ordering the qs if necessary,
we can assume that p1 divides q1 , whence p1 = q1 since q1 is prime. Now we can
cancel off the first factor from both sides and continue the process, until we have
shown that the two factorisations are the same.
1.4
Congruences and modular arithmetic
Let n > 0 be a natural number. We say that two integers a and b are congruent
modulo n if n divides a − b. We write this as
a ≡ b (mod n).
Note that this is a slightly different use of the word “mod” from the one we used
earlier to denote the remainder. Thus a mod n is a number: it is the remainder
when a is divided by n. But a ≡ b (mod n) is a statement which may be true or
R
false. Note that, in the notation a ≡ b (mod n), ≡ and mod go together, like
and dx in calculus; you can’t have one without the other.
The two usages are closely connected: two numbers are congruent modulo n
if and only if they leave the same remainder when they are divided by n. I will
try to use the convention of putting brackets in the expression a ≡ b (mod n).
Congruence modulo n is an equivalence relation; the equivalence classes are
called congruence classes modulo n. There are exactly n congruence classes,
corresponding to the n possible remainders (0, 1, . . . , n − 1) we could obtain
when we divide a number by n.
We denote by [a]n the congruence class modulo n containing a, and by Zn the
set of congruence classes modulo n. The set Zn is a ring, in fact a commutative
ring with identity; this means that congruence classes can be added or multiplied,
by the rules
[a]n + [b]n = [a + b]n ,
[a]n · [b]n = [ab]n ,
and the usual laws (commutative, associative, distributive, identity, and additive
inverse laws) hold. See the Introduction to Algebra lecture notes if you need a
reminder about this.
Here are the addition and multiplication tables of Z4 . I have written the
entries in the tables as a rather than [a]4 to save clutter. Remember that [1]4 is
an infinite set (it consists of all numbers congruent to 1 (mod 4), that is,
[1]4 = {. . . , −11, −7, −3, 1, 5, 9, 13, . . .}),
5
but we treat it like a single object in the tables below.
+
0
1
2
3
0
0
1
2
3
1
1
2
3
0
2
2
3
0
1
·
0
1
2
3
3
3
0
1
2
0
0
0
0
0
1
0
1
2
3
2
0
2
0
2
3
0
3
2
1
Proposition 1.4 If p is prime, then Zp is a field; that is, all non-zero elements
(elements which are not equal to [0]p ) have multiplicative inverses.
Proof Suppose that [a]p is a non-zero element of Zp . This means [a]p 6= [0]p , so
p does not divide a. Since p is prime, gcd(a, p) = 1. By Euclid’s algorithm, there
are integers u and v satisfying ua + vp = 1. This means that ua ≡ 1 (mod p), so
that
[u]p · [a]p = [1]p .
So [u]p is the inverse of [a]p .
For example, take p = 157. What is the inverse of [225]157 ? Our earlier
calculation showed that 43 · 157 − 30 · 225 = 1, so that the required inverse is
[−30]157 = [127]157 .
As a consequence we prove Fermat’s Little Theorem:
Theorem 1.5 Let p be a prime number. Then np ≡ n (mod p) for any natural
number n.
Proof If n ≡ 0 (mod p), then the conclusion is certainly true; so suppose not.
Then [n]p is an element of the multiplicative group of non-zero elements of Zp .
By Lagrange’s Theorem (see the Introduction to Algebra notes), the order of this
element divides the order of the group, which is p − 1. So ([n]p )p−1 = [1]p , or in
other words, np−1 ≡ 1 (mod p). Multiplying both sides by n gives the result. Exercise Prove Fermat’s Little Theorem by induction on n.
Fermat’s Little Theorem shows that it is possible to show that a number n
is composite without finding any factors of n. If we calculate an mod n and the
answer comes out to be different from amodn, then we know that n is composite.
6
Example 32047 ≡ 992 (mod 2047), so 2047 is not prime.
The computation is not as bad as it might appear. Since 2048 = 211 , we can
work out 32048 mod 2047 by successive squaring (all congruences mod 2047):
31
32
34 = 92
38 = 812
316 = 4202
332 ≡ 3582
364 ≡ 12502
3128 ≡ 6392
3256 ≡ 9682
3512 ≡ 15452
31024 ≡ 2232
32048 ≡ 6012
=
=
=
=
≡
≡
≡
≡
≡
≡
≡
≡
3
9
81
420
358
1250
639
968
1545
223
601
929
So we cannot have 32047 ≡ 3, since if it were then 32048 would be congruent to 9.
Thus 2047 is not prime.
In fact, if we need to, we can find what 32047 is congruent to. We have to
take 32048 ≡ 929 and “divide by 3”, or (what is the same thing, multiply by the
inverse of 3 (mod 2047)). At the end of this section I will explain how to use
Euclid’s algorithm to do this.
Some people found this puzzling. For example,
38 = (34 )2 = 812 = 6561,
and the remainder when 6561 is divided by 2047 is 420, since 6561−3·2047 = 420.
Note that the successive squaring method avoids having to compute very large
numbers. We can evaluate 32048 by just eleven squaring operations of numbers
smaller than 2047 together with taking the remainder mod 2047. No number in
the calculation is larger than 20462 , so this is a very practical method!
Unfortunately, it doesn’t always work. If we had used 2 rather than 3, we
would have found that 22047 ≡ 2 (mod 2047). The converse of Fermat’s Little
Theorem is false!
Note: Inverses mod n In the calculation above, we had a congruence modulo
2047 and we wanted to divide by 3. We can use Euclid’s algorithm for this
purpose.
7
Observation: Let gcd(a, n) = 1. Then there is x such that ax ≡ 1 (mod n).
Proof Euclid tells us that there exist x and y such that ax + ny = 1. Now this
says that ax and 1 differ by a multiple of n; that is, that ax ≡ 1 (mod n).
In our example, we want an inverse of 3 (mod 2047). We find that 3 · 1365 −
2047 · 2 = 1, so the required inverse is 1365. Thus
32047 ≡ 929 · 1365 ≡ 992 (mod 2047).
1.5
The Chinese Remainder Theorem
The Chinese Remainder Theorem is about solving simultaneous congruences to
different moduli.
We say that m and n are coprime if gcd(m, n) = 1.
Theorem 1.6 Let m and n be coprime natural numbers, and let a and b be
arbitrary integers. Then there is a solution to the simultaneous congruences
x ≡ a (mod m),
x ≡ b (mod n).
Moreover, the solution is unique modulo mn; that is, if x1 and x2 are two solutions, then x1 ≡ x2 (mod mn).
Proof Since gcd(m, n) = 1, there are integers u and v with um + vn = 1. We
have
vn ≡ 1 (mod m),
um ≡ 0 (mod m),
vn ≡ 0 (mod n),
um ≡ 1 (mod n).
Now let
x = umb + vna.
Then x ≡ vna ≡ a (mod m), and x ≡ umb ≡ b (mod n), as required.
If x1 and x2 are two solutions, then x1 ≡ a ≡ x2 (mod m) and x1 ≡ b ≡
x2 (mod n). So both m and n divide x1 − x2 . Since m and n are coprime, mn
divides x1 − x2 , so that x1 ≡ x2 (mod mn) as required.
8
The proof is constructive: use Euclid’s algorithm to find u and v, and then
use the formula. But I don’t recommend that you memorise the formula, since
the method is so simple to work out.
This can be extended to an arbitrary number of congruences to pairwise
coprime moduli. We say that n1 , . . . , nr are pairwise coprime if gcd(ni , nj ) = 1
for all i 6= j. Now, if n1 , . . . , nr are pairwise coprime, and a1 , . . . , ar are arbitrary
integers, then the congruences
x ≡ ai (mod ni ),
i = 1, . . . , r
have a unique solution modulo n1 n2 · · · nr . We can find the solution by first
replacing the two congruences x ≡ a1 (mod n1 ) and x ≡ a2 (mod n2 ) by a single
congruence modulo n1 n2 , and then continuing with the r − 1 pairwise coprime
numbers n1 n2 , n3 , . . . , nr .
Example Find all numbers congruent to 2 (mod 3), 1 (mod 4) and 3 (mod 5).
The theorem shows that there is a unique solution mod 60, which can be
found by trial and error, or systematically as in the proof, which we do here.
Since −3+4 = 1, the number −3·1+4·2 = 5 satisfies the first two congruences.
(We have m = 3, n = 4, a = 2, b = 1, u = −1, v = 1, so umb + vna = 5.)
Now we look for a number congruent to 5 (mod 12) and 3 (mod 5). We have
−2 · 12 + 5 · 5 = 1, so the solution is −2 · 12 · 3 + 5 · 5 · 5 = 53. (Here m = 12,
n = 5, a = 5, b = 3, u = −2, v = 5.)
So the general solution is the congruence class [53]60 (all numbers congruent
to 53 (mod 60)).
1.6
And finally . . .
Remember Euclid’s famous proof of the existence of infinitely many primes, which
you will find in the Introduction to Algebra notes.
It is possible to adapt Euclid’s method for other purposes. Here is an example.
Note that, apart from 2, all primes are odd, and so are of one or other of the
forms 4k + 1 and 4k − 1 for some natural number k. That is, congruent to +1
or −1 (mod 4).
Theorem 1.7 There are infinitely many primes congruent to −1 (mod 4).
Proof Suppose that there are only finitely many such primes, say q1 , . . . , qn .
Consider the number N = 4q1 · · · qn − 1.
We know that N can be factorised into prime factors. (This allows the possibility that N is itself prime.) But 2 is not a factor of N , since it is odd;
9
and q1 , . . . , qn are not factors of N , since it is one less than a multiple of each
of these primes. But we supposed that q1 , . . . , qn are all the primes congruent
to −1 (mod 4); so all the prime factors of N must be congruent to +1 (mod 4).
However, the product of numbers congruent to +1 (mod 4) is itself congruent to
+1 (mod 4) [since, for example, (4k + 1)(4l + 1) = 4m + 1, where m = 4kl + k + l];
so N is congruent to +1 (mod 4). This is a contradiction, since by construction
N is congruent to −1 (mod 4).
The contradiction shows that the assumption that there are only finitely many
primes congruent to −1 (mod 4) is false; that is, there are infinitely many such
primes.
It is also true that there are infinitely many primes congruent to +1 (mod 4),
(and indeed, roughly equal numbers of the two forms below any given bound),
but these things are more difficult to prove. We will see that there are infinitely
many later in the course.
Question: What goes wrong with the above argument if we try to apply it for
primes congruent to +1 (mod 4)?
10