Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
MTH6128 Number Theory Notes 1 1 Spring 2017 Overview and revision In this section we will meet some of the concerns of Number Theory, and have a brief revision of some of the relevant material from Introduction to Algebra. 1.1 Overview Number theory is about properties of the natural numbers, integers, or rational numbers, such as the following: • Given a natural number n, is it prime or composite? If it is composite, how can we factorise it? • How many solutions do equations like x2 + y 2 = n or xn + y n = z n have for fixed n, where the variables are required to be natural numbers? • How closely can we approximate a given irrational number by rational numbers which are not too complicated? • How many primes are there less than 1012 (or any other bound we might choose)? Are more primes of the form 4k + 1 than 4k − 1, or vice versa? Some of these questions are interesting because properties of numbers have fascinated humans for thousands of years. On the other hand, some of them (such as primality testing and factorisation) are of very great practical importance: the secret codes that keep internet commerce secure depend on properties of numbers such as primality, factorisation, and modular arithmetic. Not all these questions will be covered in the course. But here are some problems, which turn out to be closely related to one another, which we will consider. Let p be an odd prime number. 1 • Can we express p in the form x2 + y 2 for some natural numbers x and y? (For example, 13 = 32 + 22 , but 19 cannot be written in this form, as you can check.) • Given a natural number a, is it congruent to the square of a number x modulo p? How do we tell? (For example, −1 ≡ 52 (mod 13), but there is no solution to −1 ≡ x2 (mod 19).) • Does the equation x2 −py 2 = 1 have a solution? What about x2 −py 2 = −1? For example, 182 − 13 · 52 = −1, but there is no solution to x2 − 19y 2 = −1. √ • How closely can p be approximated by a rational number? For example, √ 2 is approximately equal to 141421/100000, but 1393/985 is an even better approximation, and has much smaller numerator and denominator. How does one find such good approximations? 1.2 Euclid’s algorithm We will always count 0 as being a natural number. We recall that, if a and b are natural numbers and b > 0, then there exist unique natural numbers q and r such that a = bq + r, with 0 ≤ r < b. The numbers q and r are the quotient and remainder when a is divided by b. We sometimes write q = a div b and r = a mod b. If a mod b = 0, we say that b divides a and write b | a. Note: Don’t confuse a | b with a/b. The first, a | b, is a relation which is ”true” if a divides b and ”false” otherwise. The second, a/b, is a number. It is correct to say that, if a and b are integers and a 6= 0, then a | b holds if and only if b/a is an integer. But 0 | 0 is true (WHY??), whereas 0/0 is meaningless. The greatest common divisor gcd(a, b) of two integers a and b is the natural number d characterised by the following properties: • d | a and d | b; • if e is a natural number satisfying e | a and e | b, then e | d. So, for example, gcd(4, 6) = 2, because • 2 | 4 and 2 | 6; • the only numbers that divide both 4 and 6 are ±1 and ±2, and they all divide 2. 2 If we were using all the integers instead of just the natural numbers, then −2 would also be a correct answer to gcd(4, 6). We usually just take the positive value, but the negative value works too. We have gcd(0, 0) = 0 and indeed gcd(n, 0) = n for any integer n. (WHY?) Euclid’s algorithm is a procedure for finding the greatest common divisor of two natural numbers a and b. It can be written as a function gcd(a, b), defined recursively as follows: a if b = 0, gcd(a, b) = . gcd(b, a mod b) if b 6= 0 Example Find gcd(225, 157). Here is the calculation: 225 157 68 21 5 = = = = = 157 · 1 + 68 68 · 2 + 21 21 · 3 + 5 5·4+1 1·5+0 So gcd(225, 157) = 1. The Euclidean algorithm also finds integers u and v such that gcd(a, b) = ua + vb. In the above example, we can work back up the chain: 1 = = = = 21 − 5 · 4 21 − (68 − 21 · 3) · 4 = 21 · 13 − 68 · 4 (157 − 68 · 2) · 13 − 68 · 4 = 157 · 13 − 68 · 30 157 · 13 − (225 − 157) · 30 = 157 · 43 − 225 · 30. So we have u = −30, v = 43. Actually, for a natural number d, the following equivalence holds: d = gcd(a, b) if and only if d | a, d | b and there exist integers u, v with d = ua + vb. 1.3 Primes and factorisation A natural number p is said to be prime if p > 1 and, whenever p = ab holds for some natural numbers a and b, we have either a = p, b = 1, or a = 1, b = p. In 3 other words, p is prime if its only factors in the natural numbers are itself and 1, and these factors are different. We are going to show that every positive integer greater than 1 can be factorised into primes, and the factorisation is unique up to the possibility of writing the factors in a different order (e.g. 26 = 2 · 13 = 13 · 2). This important result is sometimes called the Fundamental Theorem of Arithmetic. The fact that 1 is not counted as being prime is a convention, but is needed in order for unique factorisation to hold. (If we allowed 1 to be prime, then 6 = 2 · 3 = 1 · 2 · 3 = 1 · 1 · 2 · 3 = · · · would have infinitely many prime factorisations!) Lemma 1.1 Let p be prime. If p | ab, then p | a or p | b. Proof Suppose that p does not divide a. Since the only divisors of p are 1 and p, and p doesn’t divide a, we must have gcd(a, p) = 1, so there exist integers u and v with ua + vp = 1. Now b = uab + vpb; and p divides uab (since it divides ab by assumption) and p divides vpb; so p divides their sum, which is b. This result immediately extends to products of more than two factors: Lemma 1.2 Let p be prime. If p | a1 a2 · · · an , then p | ai for some i (1 ≤ i ≤ n). The idea behind the proof is simple. By the previous lemma, either p | a1 or p | a2 · · · an . In the first case, we are finished; in the second case, either p | a2 or p | a3 · · · an ; continue like this until we find p | ai for some i. Exercise Write down a careful proof by induction of this lemma. Theorem 1.3 Any natural number greater than 1 can be written as a product of prime numbers, and this product expression is unique apart from re-ordering the factors. Proof We show the existence of a factorisation into primes by induction. Given a natural number n, if n is prime, then it is the product of just one prime. (This starts the induction at n = 2, and is also part of the inductive step.) Otherwise, n has a factorisation n = ab with a, b < n. By the induction hypothesis (since both a and b are greater than 1 but smaller than n), they have factorisations into primes; putting them together we have a factorisation of n. For the uniqueness, we use our lemmas. Suppose that n = p1 p2 · · · pr = q 1 q2 · · · qs , 4 where p1 , p2 , . . . , pr , q1 , q2 , . . . , qs are primes. Clearly p1 divides q1 q2 · · · qs ; by the second lemma, p1 | qi for some i (1 ≤ i ≤ s). By re-ordering the qs if necessary, we can assume that p1 divides q1 , whence p1 = q1 since q1 is prime. Now we can cancel off the first factor from both sides and continue the process, until we have shown that the two factorisations are the same. 1.4 Congruences and modular arithmetic Let n > 0 be a natural number. We say that two integers a and b are congruent modulo n if n divides a − b. We write this as a ≡ b (mod n). Note that this is a slightly different use of the word “mod” from the one we used earlier to denote the remainder. Thus a mod n is a number: it is the remainder when a is divided by n. But a ≡ b (mod n) is a statement which may be true or R false. Note that, in the notation a ≡ b (mod n), ≡ and mod go together, like and dx in calculus; you can’t have one without the other. The two usages are closely connected: two numbers are congruent modulo n if and only if they leave the same remainder when they are divided by n. I will try to use the convention of putting brackets in the expression a ≡ b (mod n). Congruence modulo n is an equivalence relation; the equivalence classes are called congruence classes modulo n. There are exactly n congruence classes, corresponding to the n possible remainders (0, 1, . . . , n − 1) we could obtain when we divide a number by n. We denote by [a]n the congruence class modulo n containing a, and by Zn the set of congruence classes modulo n. The set Zn is a ring, in fact a commutative ring with identity; this means that congruence classes can be added or multiplied, by the rules [a]n + [b]n = [a + b]n , [a]n · [b]n = [ab]n , and the usual laws (commutative, associative, distributive, identity, and additive inverse laws) hold. See the Introduction to Algebra lecture notes if you need a reminder about this. Here are the addition and multiplication tables of Z4 . I have written the entries in the tables as a rather than [a]4 to save clutter. Remember that [1]4 is an infinite set (it consists of all numbers congruent to 1 (mod 4), that is, [1]4 = {. . . , −11, −7, −3, 1, 5, 9, 13, . . .}), 5 but we treat it like a single object in the tables below. + 0 1 2 3 0 0 1 2 3 1 1 2 3 0 2 2 3 0 1 · 0 1 2 3 3 3 0 1 2 0 0 0 0 0 1 0 1 2 3 2 0 2 0 2 3 0 3 2 1 Proposition 1.4 If p is prime, then Zp is a field; that is, all non-zero elements (elements which are not equal to [0]p ) have multiplicative inverses. Proof Suppose that [a]p is a non-zero element of Zp . This means [a]p 6= [0]p , so p does not divide a. Since p is prime, gcd(a, p) = 1. By Euclid’s algorithm, there are integers u and v satisfying ua + vp = 1. This means that ua ≡ 1 (mod p), so that [u]p · [a]p = [1]p . So [u]p is the inverse of [a]p . For example, take p = 157. What is the inverse of [225]157 ? Our earlier calculation showed that 43 · 157 − 30 · 225 = 1, so that the required inverse is [−30]157 = [127]157 . As a consequence we prove Fermat’s Little Theorem: Theorem 1.5 Let p be a prime number. Then np ≡ n (mod p) for any natural number n. Proof If n ≡ 0 (mod p), then the conclusion is certainly true; so suppose not. Then [n]p is an element of the multiplicative group of non-zero elements of Zp . By Lagrange’s Theorem (see the Introduction to Algebra notes), the order of this element divides the order of the group, which is p − 1. So ([n]p )p−1 = [1]p , or in other words, np−1 ≡ 1 (mod p). Multiplying both sides by n gives the result. Exercise Prove Fermat’s Little Theorem by induction on n. Fermat’s Little Theorem shows that it is possible to show that a number n is composite without finding any factors of n. If we calculate an mod n and the answer comes out to be different from amodn, then we know that n is composite. 6 Example 32047 ≡ 992 (mod 2047), so 2047 is not prime. The computation is not as bad as it might appear. Since 2048 = 211 , we can work out 32048 mod 2047 by successive squaring (all congruences mod 2047): 31 32 34 = 92 38 = 812 316 = 4202 332 ≡ 3582 364 ≡ 12502 3128 ≡ 6392 3256 ≡ 9682 3512 ≡ 15452 31024 ≡ 2232 32048 ≡ 6012 = = = = ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ 3 9 81 420 358 1250 639 968 1545 223 601 929 So we cannot have 32047 ≡ 3, since if it were then 32048 would be congruent to 9. Thus 2047 is not prime. In fact, if we need to, we can find what 32047 is congruent to. We have to take 32048 ≡ 929 and “divide by 3”, or (what is the same thing, multiply by the inverse of 3 (mod 2047)). At the end of this section I will explain how to use Euclid’s algorithm to do this. Some people found this puzzling. For example, 38 = (34 )2 = 812 = 6561, and the remainder when 6561 is divided by 2047 is 420, since 6561−3·2047 = 420. Note that the successive squaring method avoids having to compute very large numbers. We can evaluate 32048 by just eleven squaring operations of numbers smaller than 2047 together with taking the remainder mod 2047. No number in the calculation is larger than 20462 , so this is a very practical method! Unfortunately, it doesn’t always work. If we had used 2 rather than 3, we would have found that 22047 ≡ 2 (mod 2047). The converse of Fermat’s Little Theorem is false! Note: Inverses mod n In the calculation above, we had a congruence modulo 2047 and we wanted to divide by 3. We can use Euclid’s algorithm for this purpose. 7 Observation: Let gcd(a, n) = 1. Then there is x such that ax ≡ 1 (mod n). Proof Euclid tells us that there exist x and y such that ax + ny = 1. Now this says that ax and 1 differ by a multiple of n; that is, that ax ≡ 1 (mod n). In our example, we want an inverse of 3 (mod 2047). We find that 3 · 1365 − 2047 · 2 = 1, so the required inverse is 1365. Thus 32047 ≡ 929 · 1365 ≡ 992 (mod 2047). 1.5 The Chinese Remainder Theorem The Chinese Remainder Theorem is about solving simultaneous congruences to different moduli. We say that m and n are coprime if gcd(m, n) = 1. Theorem 1.6 Let m and n be coprime natural numbers, and let a and b be arbitrary integers. Then there is a solution to the simultaneous congruences x ≡ a (mod m), x ≡ b (mod n). Moreover, the solution is unique modulo mn; that is, if x1 and x2 are two solutions, then x1 ≡ x2 (mod mn). Proof Since gcd(m, n) = 1, there are integers u and v with um + vn = 1. We have vn ≡ 1 (mod m), um ≡ 0 (mod m), vn ≡ 0 (mod n), um ≡ 1 (mod n). Now let x = umb + vna. Then x ≡ vna ≡ a (mod m), and x ≡ umb ≡ b (mod n), as required. If x1 and x2 are two solutions, then x1 ≡ a ≡ x2 (mod m) and x1 ≡ b ≡ x2 (mod n). So both m and n divide x1 − x2 . Since m and n are coprime, mn divides x1 − x2 , so that x1 ≡ x2 (mod mn) as required. 8 The proof is constructive: use Euclid’s algorithm to find u and v, and then use the formula. But I don’t recommend that you memorise the formula, since the method is so simple to work out. This can be extended to an arbitrary number of congruences to pairwise coprime moduli. We say that n1 , . . . , nr are pairwise coprime if gcd(ni , nj ) = 1 for all i 6= j. Now, if n1 , . . . , nr are pairwise coprime, and a1 , . . . , ar are arbitrary integers, then the congruences x ≡ ai (mod ni ), i = 1, . . . , r have a unique solution modulo n1 n2 · · · nr . We can find the solution by first replacing the two congruences x ≡ a1 (mod n1 ) and x ≡ a2 (mod n2 ) by a single congruence modulo n1 n2 , and then continuing with the r − 1 pairwise coprime numbers n1 n2 , n3 , . . . , nr . Example Find all numbers congruent to 2 (mod 3), 1 (mod 4) and 3 (mod 5). The theorem shows that there is a unique solution mod 60, which can be found by trial and error, or systematically as in the proof, which we do here. Since −3+4 = 1, the number −3·1+4·2 = 5 satisfies the first two congruences. (We have m = 3, n = 4, a = 2, b = 1, u = −1, v = 1, so umb + vna = 5.) Now we look for a number congruent to 5 (mod 12) and 3 (mod 5). We have −2 · 12 + 5 · 5 = 1, so the solution is −2 · 12 · 3 + 5 · 5 · 5 = 53. (Here m = 12, n = 5, a = 5, b = 3, u = −2, v = 5.) So the general solution is the congruence class [53]60 (all numbers congruent to 53 (mod 60)). 1.6 And finally . . . Remember Euclid’s famous proof of the existence of infinitely many primes, which you will find in the Introduction to Algebra notes. It is possible to adapt Euclid’s method for other purposes. Here is an example. Note that, apart from 2, all primes are odd, and so are of one or other of the forms 4k + 1 and 4k − 1 for some natural number k. That is, congruent to +1 or −1 (mod 4). Theorem 1.7 There are infinitely many primes congruent to −1 (mod 4). Proof Suppose that there are only finitely many such primes, say q1 , . . . , qn . Consider the number N = 4q1 · · · qn − 1. We know that N can be factorised into prime factors. (This allows the possibility that N is itself prime.) But 2 is not a factor of N , since it is odd; 9 and q1 , . . . , qn are not factors of N , since it is one less than a multiple of each of these primes. But we supposed that q1 , . . . , qn are all the primes congruent to −1 (mod 4); so all the prime factors of N must be congruent to +1 (mod 4). However, the product of numbers congruent to +1 (mod 4) is itself congruent to +1 (mod 4) [since, for example, (4k + 1)(4l + 1) = 4m + 1, where m = 4kl + k + l]; so N is congruent to +1 (mod 4). This is a contradiction, since by construction N is congruent to −1 (mod 4). The contradiction shows that the assumption that there are only finitely many primes congruent to −1 (mod 4) is false; that is, there are infinitely many such primes. It is also true that there are infinitely many primes congruent to +1 (mod 4), (and indeed, roughly equal numbers of the two forms below any given bound), but these things are more difficult to prove. We will see that there are infinitely many later in the course. Question: What goes wrong with the above argument if we try to apply it for primes congruent to +1 (mod 4)? 10