Download Elementary Theory of Numbers

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
page
112
page
113
page
114
page
115
page
116
page
117
page
118
page
119
page
120
page
121
page
122
page
123
page
124
page
125
page
126
page
127
page
128
page
129
page
130
page
131
page
132
page
133
page
134
page
135
page
136
page
137
page
138
page
139
page
140
page
141
page
142
page
143
page
144
page
145
page
146
page
147
page
148
page
149
page
150
page
151
page
152
page
153
page
154
page
155
page
156
page
157
page
158
page
159
page
160
page
161
page
162
page
163
page
164
page
165
page
166
page
167
page
168
Document related concepts
no text concepts found
Transcript 
W. Edwin Clark
Oscar Vega
Elementary Theory of Numbers
Revised May, 2017
vi
W. Edwin Clark
Oscar Vega
Department of Mathematics
University of South Florida
Tampa, FL 33620
Department of Mathematics
California State University, Fresno
Fresno, CA 93740
Copyleft 2017 by W. Edwin Clark and Oscar Vega
Copyleft means that unrestricted redistribution and modification are permitted, provided that all copies and
derivatives retain the same permissions. Specifically no commercial use of these notes or any revisions thereof
is permitted.
Contents
1
Things You Should Know . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Proof by Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 The Floor and Ceiling Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4 Sigma Notation for Sums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
Basic Properties of Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1 Divisibility in Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 gcd: First Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Prime Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 gcd: Second Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3
How to Find gcd(a, b) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.1 The Division Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 gcd: Third Part - The Euclidean Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3 Bézout’s Lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.4 Blankinship’s Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
Applications of gcd(a, b) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.1 Proof of the Fundamental Theorem of Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.2 Linear Diophantine Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5
Zm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1 Residue Classes Modulo m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 The Set Zm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.3 Addition and Multiplication in Zm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
7
Linear Equations in Zm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.1 Equations in Zm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.2 Linear Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.3 Systems of Linear Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Euler’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.1 Z∗m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.2 Euler’s Theorem and Fermat’s Little Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
1
1
2
4
6
19
19
22
23
25
35
35
36
37
47
47
48
51
vii
viii
Contents
9
The Discrete Logarithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.1 The Order of an Element Modulo n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.2 Primitive Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
9.3 Discrete Logarithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10
Squares in Z∗n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
10.1 Squares in Z∗p , p Odd Prime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
10.2 The Quadratic Reciprocity Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
11
Multiplicative Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11.1 Generalities About Multiplicative Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11.2 The Functions σ and τ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11.3 The Möbius Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
81
81
84
86
12
Important Families of Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.1 Fermat Primes and Mersenne Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.2 Perfect, Deficient, and Abundant Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12.3 Pythagorean Triples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
91
91
93
95
13
Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
13.1 Probabilistic Primality Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
13.2 The Base b Representation of n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
13.3 Computation of aN mod m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
13.4 The RSA Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
14
Appendix A: Rings and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
15
Solutions to Selected Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
63
63
65
69
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Chapter 1
Things You Should Know
This is a quick review of material that you should already have learned in other courses. Please spend some
time refreshing your memory in case you forgot any of these concepts.
Also, it is assumed that you know how to read and write proofs (and that you, hopefully, enjoy it).
1.1 Numbers
Since number theory is concerned with properties of the integers, we begin by setting up some notation and
reviewing some basic properties of the integers that will be needed later:
N = {1, 2, 3, · · · } (the natural numbers or positive integers)
Z = {· · · , −3, −2, −1, 0, 1, 2, 3, · · · } (the integers)
o
nn
; n, m ∈ Z and m 6= 0
(the rational numbers)
Q=
m
R = the real numbers
Note that N ( Z ( Q ( R. We will assume a knowledge of the basic rules of high school algebra which apply
to R and therefore to N, Z and Q. By this we mean things like ab + ac = a(b + c) and ab = ba. We will not list
all of these properties here. However, some particularly important properties of numbers that will be needed
are listed below. We call them axioms since we will not prove them in this course.
1. Basic Axioms for Z
(a) If a, b ∈ Z, then a + b, a − b and ab ∈ Z. (Z is closed under addition, subtraction and multiplication.)
(b) If a ∈ Z then there is no x ∈ Z such that a < x < a + 1.
(c) If a, b ∈ Z and ab = 1, then either a = b = 1 or a = b = −1.
2. Laws of Exponents: For n, m in N and a, b in R we have
(a) (an )m = anm
(b) (ab)n = an bn
(c) an am = an+m .
These rules hold for all n, m ∈ Z if a and b are not zero.
3. Properties of Inequalities: For a, b, c in R the following hold:
(a) (Transitivity) If a < b and b < c, then a < c.
(b) If a < b then a + c < b + c.
(c) If a < b and 0 < c then ac < bc.
(d) If a < b and c < 0 then bc < ac.
(e) (Trichotomy) Given a and b, one and only one of the following holds:
a = b,
a < b,
b < a.
4. The Well-Ordering Principle for N: Every non-empty subset of N contains a least element.
1
2
1 Things You Should Know
1.2 Proof by Induction
In this section, we will look at a number of statements that can be proved by using The Principle of Mathematical Induction or, simply, induction. In short, induction works as follows:
Let P(n) be a statement concerning the integer variable n. Let n0 be any fixed integer. P(n) is true for all integers n ≥ n0 if one can establish both of the following statements:
(a) P(n) is true if n = n0 .
(b) Whenever P(n) is true for n0 ≤ n ≤ k then P(n) is true for n = k + 1.
Most of the times the number n0 is equal to 1 or 0.
As an example we will look at two induction proofs for the same proposition. In the first one we will see in
detail how one uses the PMI. The second one is less pedagogical and is the type of proof students should be
able to write.
Proposition 1.1. If n ≥ 5 then 2n > 5n.
Proof (Proof #1). Here we use The Principle of Mathematical Induction. Note that PMI has two parts which
we denote by PMI (a) and PMI (b).
We let P(n) be the statement 2n > 5n. For n0 we take 5. We could write simply:
P(n) = 2n > 5n
and n0 = 5.
Note that P(n) represents a statement, usually an inequality or an equation but sometimes a more complicated
assertion. Now if n = 4 then P(n) becomes the statement 24 > 5 · 4 which is false! But if n = 5, P(n) is the
statement 25 > 5 · 5 or 32 > 25 which is true and we have established PMI (a).
Now to prove PMI (b) we begin by assuming that
P(n) is true for 5 ≤ n ≤ k.
That is, we assume
2n > 5n for 5 ≤ n ≤ k.
(1.1)
The assumption (1.1) is called the induction hypothesis. We want to use it to prove that P(n) holds when
n = k + 1. So here’s what we do. By (1.1) letting n = k we have
2k > 5k.
Multiply both sides by two and we get
2k+1 > 10k.
(1.2)
Note that we are trying to prove 2k+1 > 5(k + 1). Now 5(k + 1) = 5k + 5 so if we can show 10k ≥ 5k + 5 we
can use (1.2) to complete the proof.
Now 10k = 5k + 5k and k ≥ 5 by (1.1) so k ≥ 1 and hence 5k ≥ 5. Therefore
10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).
Thus
2k+1 > 10k ≥ 5(k + 1)
so
2k+1 > 5(k + 1).
(1.3)
1.2 Proof by Induction
3
that is, P(n) holds when n = k + 1. So assuming the induction hypothesis (1.1) we have proved (1.3). Thus we
have established PMI (b).
We have established that parts (a) and (b) of PMI hold for this particular P(n) and n0 . So the PMI tells us that
P(n) holds for n ≥ 5. That is, 2n > 5n holds for n ≥ 5.
t
u
We now give a more streamlined proof.
Proposition 1.2. If n ≥ 5 then 2n > 5n.
Proof (Proof #2). We prove the proposition by induction on the variable n.
If n = 5 we have 25 > 5 · 5 or 32 > 25 which is true.
Assume
2n > 5n for 5 ≤ n ≤ k (the induction hypothesis).
Taking n = k we have
2k > 5k.
Multiplying both sides by 2 gives
2k+1 > 10k.
Now 10k = 5k + 5k and k ≥ 5 so k ≥ 1 and therefore 5k ≥ 5. Hence
10k = 5k + 5k ≥ 5k + 5 = 5(k + 1).
It follows that
2k+1 > 10k ≥ 5(k + 1)
and therefore
2k+1 > 5(k + 1).
Hence by PMI we conclude that 2n > 5n for n ≥ 5.
Exercise 1.3. Prove that 2n > 6n for n ≥ 5.
Exercise 1.4. Prove that 1 + 2 + · · · + n =
n(n + 1)
for n ≥ 1.
2
Exercise 1.5. Prove that if 0 < a < b then 0 < an < bn for all n ∈ N.
Exercise 1.6. Prove that n! < nn for n ≥ 2.
Exercise 1.7. Prove that if a and r are real numbers and r 6= 1, then for n ≥ 1
a rn+1 − 1
2
n
.
a + ar + ar + · · · + ar =
r−1
This can be written as follows
a(rn+1 − 1) = (r − 1)(a + ar + ar2 + · · · + arn ).
And important special case of which is
(rn+1 − 1) = (r − 1)(1 + r + r2 + · · · + rn ).
Exercise 1.8. Prove that 1 + 2 + 22 + · · · + 2n = 2n+1 − 1 for n ≥ 1.
Exercise 1.9. Prove that |111{z· · · 1} =
n 1’s
10n − 1
for n ≥ 1.
9
t
u
4
1 Things You Should Know
Exercise 1.10. Prove that 12 + 22 + 32 + · · · + n2 =
n(n + 1)(2n + 1)
if n ≥ 1.
6
Exercise 1.11. Prove that if n ≥ 12 then n can be written as a sum of 4’s and 5’s. For example,
23 = 5 + 5 + 5 + 4 + 4 = 3 · 5 + 2 · 4.
Hint: Do the cases n = 12, 13, 14, and 15 separately. Then use induction to handle n ≥ 16.
Exercise 1.12.
(a) For n ≥ 1, the triangular number tn is the number of dots in a triangular array that has n rows with i dots in
the ith row. Find a formula for tn , n ≥ 1.
(b) Suppose that for each n ≥ 1. Let sn be the number of dots in a square array that has n rows with n dots in
each row. Find a formula for sn . The numbers sn are usually called squares.
(c) Find the first 10 triangular numbers and the first 10 squares. Which of the triangular numbers in your list
are also squares? Can you find the next triangular number which is a square?
Exercise 1.13. Some propositions that can be proved by induction can also be proved without induction. Prove
Exercises 1.4 and 1.7 without induction.
Hint: You have probably seen these properties already in an Algebra or Calculus course.
1.3 The Floor and Ceiling Functions
Here we define the floor, a.k.a., the greatest integer, and the ceiling, a.k.a., the least integer, functions. Kenneth
Iverson introduced this notation and the terms floor and ceiling in the early 1960s — according to Donald Knuth
[4] who has done a lot to popularize the notation. Now this notation is standard in most areas of mathematics.
Definition 1.14. If x is any real number we define
bxc = the greatest integer less than or equal to x
dxe = the least integer greater than or equal to x
bxc is called the floor of x and dxe is called the ceiling of x The floor bxc is sometimes denoted [x] and called
the greatest integer function. But we prefer the notation bxc. Here are a few simple examples:
(a) b3.1c = 3 and d3.1e = 4
(b) b3c = 3 and d3e = 3
(c) b−3.1c = -4 and d−3.1e = -3
√
√
√
√
Exercise 1.15. Find bπc, dπe, b 2c, d 2e, b−πc, d−πe, b− 2c, and d− 2e.
From now on we mostly concentrate on the floor bxc. For a more detailed treatment of both the floor and ceiling
see the book Concrete Mathematics by Graham, Knuth, and Patashnik [2].
According to the definition of bxc we have
bxc = max{n ∈ Z | n ≤ x}
Note also that if n is an integer we have:
n = bxc ⇐⇒ n ≤ x < n + 1.
From this it is clear that bxc ≤ x holds for all x, and bxc = x if and only if x ∈ Z.
(1.4)
1.3 The Floor and Ceiling Functions
5
Lemma 1.16. For all x ∈ R
x − 1 < bxc ≤ x.
Proof. Let n = bxc. Then by (1.4) we have n ≤ x < n + 1. This gives immediately that bxc ≤ x, as already noted
above. It also gives x < n + 1 which implies that x − 1 < n, that is, x − 1 < bxc.
t
u
Exercise 1.17. Sketch the graph of the function f (x) = bxc for −3 ≤ x ≤ 3.
Exercise 1.18. (a) Find the general
of the sequence 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, ...
nj n koterm
∞
Hint: Consider the sequence
4 n=1
(b) Find the general term of the sequence 1, 2, 3, 3, 4, 5, 6, 6, 7, 8, 9, 9, 10, 11, 12, 12...
(c) Find the general term of the sequence 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, ...
Exercise 1.19. Find a formula for [x] + [−x] for any x ∈ R. Prove your answer!
Hint: Try a couple of examples first.
Exercise 1.20. Let y ∈ R and n ∈ N. Prove the following facts:
(a) by + nc = byc + n.
j k
byc
y
=
.
(b)
n
n
1
2
n−1
(c) byc + y +
+ y+
+···+ y+
= bync.
n
n
n
Hint: Use Lemma 1.16 for x = nθ , where θ = y − byc.
Exercise 1.21. Prove that
$√
%
9m2 + m + 1
=m
3
for all positive integers m.
We now introduce an interesting application of the floor function.
Definition 1.22. The decimal representation of a positive integer a is given by a = an−1 an−2 · · · a1 a0 (not a
product, keep reading) where
a = an−1 10n−1 + an−2 10n−2 + · · · + a1 10 + a0
(1.5)
and the digits an−1 , an−2 , . . . , a1 , a0 are in the set {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} with an−1 6= 0. In this case we say that
the integer a is an n digit number or that a is n digits long.
Example 1.23. The number n = 12345 has length 5 and its digits are a0 = 5, a1 = 4, a2 = 3, a3 = 2, and a4 = 1.
Exercise 1.24. Prove that if a ∈ N is an n digit number then n = blog10 (a)c + 1.
Hint: Show that if Equation (1.5) holds with an−1 6= 0 then 10n−1 ≤ a < 10n . Then apply logarithms to both
sides of this inequality.
Exercise 1.25. Use the previous exercise to determine the number of digits in the decimal representation of the
number 23321928 .
6
1 Things You Should Know
1.4 Sigma Notation for Sums
The notation used for writing sums is called the ‘Sigma notation’. You have probably used it in your Calculus
courses. A few examples of different uses of this notation follow.
Example 1.26.
3
(a)
∑ (k2 − ek ) = (12 − e1 ) + (22 − e2 ) + (32 − e3 )
k=1
(b)
k2 = 12 + 22 + 32 + 42 + 62 + 122
∑
k|12, k>0
n
n k n−k
(c) (a + b) = ∑
ab
k=0 k
n
Note that the formula in item (c) in Example 1.26 is the well-known Newton’s binomial formula, or just the
binomial theorem.
A couple of interesting properties of sums that we will need later are
(a) ∑ α f (n) + β g(n) = α ∑ f (n) + β ∑ g(n)
n
n
n
(b) ∑ f (n)g(m) = ∑ ∑ f (n)g(m) = ∑ f (n)
∑ g(m)
n,m
n m
n
m
for all (nice, well-defined) functions f and g, and α, β ∈ Z.
Exercise 1.27. Find a formula for the following sums. Prove your answer!
n
(a)
∑ k, for n ≥ 1.
k=1
n
(b)
∑ ark , for a, r ∈ R, r 6= 1, and n ≥ 1.
k=0
n
(c)
∑ k2 , for n ≥ 1.
k=1
n
(d)
∑ 2k , for n ≥ 1.
k=0
n
(e)
∑ k3 , for n ≥ 1.
k=1
k
j
√
Exercise 1.28. Show that (4 + 11)n is odd, for all n ∈ N.
√
√
Hint: Use the binomial theorem on (4 + 11)n and (4 − 11)n .
Finally, since in this course we will be almost exclusively concerned with integers we shall assume from now
on (unless otherwise stated) that all lower case roman letters a, b, . . . , z are integers. Moreover, we will avoid
as much as possible the use of fractions. This means that if you feel compelled to use fractions in a problem
or a proof, then you should stop and think if you can rewrite the argument you want to use but with no use of
fractions. An excellent example of how to avoid fractions is the definition of divisibility in the integers.
Chapter 2
Basic Properties of Z
In this chapter you will learn the basic algebraic, or number theoretical, properties of the integers. Prime numbers will also appear as the atoms that will be enough to build up all the elements of Z.
2.1 Divisibility in Z
The concept of divisibility permeates all Number Theory and, even though it is rooted in very simple and
intuitive ideas, it is one of the most powerful concepts in this area. A good recommendation to the student is to
not rely too much in his/her intuition about divisibility at the time of writing a proof, as this will probably leads
to lots of handwaving and/or incorrect arguments.
Definition 2.1. d | n means there is an integer k such that n = dk. We read this as d divides n. Obviously, d - n
means that d does not divide n.
The expression d | n may be also read as
(a) d is a divisor of n,
(b) d is a factor of n,
(c) n is a multiple of d, or
(d) n is divisible by d.
Definition 2.1 is very important, and it will play an important role in this course. Next there is another (shorter)
way to phrase it.
Definition 2.2. d | n if and only if n = dk, for some k ∈ Z.
Keep in mind that we are assuming that all letters a, b, . . . , z represent integers. Otherwise we would have to
add this fact to our definitions.
Example 2.3. Straight from the definition(s) we get that 2|6, 3|15, 6|24, etc. Also, it is also straightforward to
check that 3 - 7, 2 - 153, 6 - 4, etc.
Theorem 2.4 (Divisibility Properties). If n, m, and d are integers then the following statements hold:
(a) n | n (everything divides itself )
(b) d | n and n | m =⇒ d | m (transitivity)
(c) d | n and d | m =⇒ d | an + bm for all a and b (linearity property)
(d) d | n =⇒ ad | an (multiplication property)
(e) ad | an and a 6= 0 =⇒ d | n (cancellation property)
(f) a|n and b|m then (ab)|(nm).
(g) 1 | n (one divides everything)
(h) n | 1 =⇒ n = ±1 (1 and −1 are the only divisors of 1.)
(i) d | 0 (everything divides zero)
(j) 0 | n =⇒ n = 0 (zero divides only zero)
(k) If d | n, and n 6= 0 then |d| ≤ |n| (comparison property)
Exercise 2.5. Prove each of the 11 properties in Theorem 2.4.
7
8
2 Basic Properties of Z
Exercise 2.6. Let n be a positive integer:
(a) Prove that n divides infinitely many integers.
(b) Prove that n is divisible by only a finite number of integers.
Exercise 2.7. True or False (prove or give a counterexample). Let a, b, c ∈ Z.
(a) If a|b and c|b, then (ac)|b. Explain your answer.
(b) There are infinitely many pairs of integers such that a|b and b|a simultaneously.
(c) a|(bc) if and only if a|b and a|c.
Exercise 2.8. Let a and b be integers.
(a) What can be said if a|b and b|a?
(b) Prove that if a|b then an |bn , for all positive integers n.
(c) Is the converse of (b) true?
(d) What if we assumed an = bn for some (fixed) positive integer, can we imply that a = b?
Exercise 2.9. Prove that if a and b are odd integers, then a2 − b2 is divisible by 8.
Definition 2.10. If c = as + bt, for some integers s and t, then we say that c is a linear combination of a and b.
Remark 2.11. (a) Sometimes the linear combinations in the previous definition are called integral linear combination, to remark on the fact that s and t are integers.
(b) The concept of linear combinations also appears in Linear Algebra. However, in this important area of
mathematics, s and t are, most of the times, elements in R or C, and a and b are elements in a vector space.
(c) Theorem 2.4 (c) says that if d divides a and b, then d divides all linear combinations of a and b.
Exercise 2.12. Prove that if d | a and d | b then d | (a + b) and d | (a − b).
Exercise 2.13. Prove that if a ∈ Z then the only positive divisor of both a and a + 1 is 1.
Exercise 2.14. Let a, b, d ∈ Z.
(a) Prove that the only possible positive divisors of both a and a + b are the positive divisors of b.
(b) Give an example of integers a, b and d such that d|(a + b) but d - b.
(c) Give an example of integers a, b and d such that d - (a + b) but d|b.
Exercise 2.15. The objective of this exercise is to obtain criteria to determine when a number is divisible by a
power of 2 or a power of 5.
We will use the decimal representation of a number (see Definition 1.22) for this proof. So, consider
a = ak · 10k + ak−1 · 10k−1 + · · · + a2 · 102 + a1 · 10 + a0
where 0 ≤ ai ≤ 9, for all i = 0, 1, 2, · · · , k.
(a) Use that 2|10 to show that if 2|a then 2|a0 .
(b) Now prove that if 2|a0 then 2|a.
(c) Prove that 5|a if and only if 5|a0 .
(d) Prove that 2 j |a if and only if 2 j |(a j−1 · 10 j−1 + · · · + a1 · 10 + a0 ).
(e) Prove that 5 j |a if and only if 5 j |(a j−1 · 10 j−1 + · · · + a1 · 10 + a0 ).
(f) Phrase the latter two divisibility criteria in an easy-to-remember way.
(g) What is the largest power of 2 that divides a = 4567232?
(h) What is the largest power of 5 that divides a = 4567625?
(i) Let n = 2140000000000 (that is 10 zeros). Find the largest power of 5 that divides n and then find the largest
power of 2 that divides n.
Finally, just to show you that different areas of mathematics sometimes converge to create surprising results.
Exercise 2.16. Prove that 2n+2 |(2n + 3)!, for all n ∈ N.
Hint: You might want to review Section 1.2.
Exercise 2.17. What is the largest power of 5 dividing 10!? What about dividing 20!? 30!? Do you see any
patterns arising?
We will find a formula generalizing this exercise later in the book (Exercise 2.87).
2.2 gcd: First Part
9
2.2 gcd: First Part
Definition 2.18. Let a, b ∈ Z.
(a) If d ∈ Z divides both a and b then d is called a common divisor of a and b. The set of all common divisors
of a and b will be denoted
C(a, b) = {d; d | a and d | b}
(b) If a 6= 0 or b 6= 0, we define the greatest common divisor of a and b, denoted gcd(a, b), to be the largest
integer d such that d | a and d | b.
Another notation used for gcd(a, b) is (a, b).
Remark 2.19. What about gcd(0, 0)? Note that since everything divides 0 then C(0, 0) = Z. So, there is no
largest common divisor of 0 with 0. This is why we define gcd(0, 0) = 0.
An alternative definition of the gcd of two numbers can be given:
Definition 2.20. Let a, b ∈ Z. We define gcd(a, b) to be the positive integer d such that
(a) d divides both a and b, and
(b) if c divides both a and b then c|d.
Exercise 2.21. Prove that Definition 2.20 implies Definition 2.18.
We will need to wait to prove that these two definitions are equivalent.
Example 2.22.
C(18, 30) = {−1, 1, −2, 2, −3, 3, −6, 6}.
So, gcd(18, 30) = 6.
Definition 2.23. We say that a and b are relatively prime if gcd(a, b) = 1.
Definition 2.24. A set of integers {a1 , a2 , · · · , an } is said to be pairwise relatively prime if and only if
gcd(ai , a j ) = 1, for all i 6= j.
Remark 2.25. With the same notation as in the previous definition. Note that not having a common divisor for
the ai ’s is not enough reason for the set {a1 , a2 , · · · , an } to be pairwise relatively prime.
Exercise 2.26. Find three integers that do not have a common divisor and that are NOT pairwise relatively
prime.
Lemma 2.27. If d | a then −d | a.
Proof. If d | a then a = dk for some k. Then a = (−d)(−k). Since −d and −k are also integers then −d | a. t
u
Exercise 2.28. Prove that if d | a then d | −a and −d | −a.
Exercise 2.29. Prove that
d | a ⇐⇒ d | |a|
Hint: Recall that |a| = a if a ≥ 0 and |a| = −a if a < 0.
Lemma 2.30. If a 6= 0, then the largest positive integer that divides a is |a|.
Proof. First note that |a| actually divides a: If a > 0, since we know a | a we have |a| | a. If a < 0, |a| = −a.
In this case a = (−a)(−1) = |a|(−1) so |a| is a factor of a. So, in either case |a| divides a, and in either case
|a| > 0, since a 6= 0.
Now suppose d | a and d is positive. Then a = dk some k so −a = d(−k) for some k. So d | |a|. So by Theorem
2.4(k) we have d ≤ |a|.
t
u
10
2 Basic Properties of Z
The following lemma shows that in computing gcd’s we may restrict ourselves to the case where both integers
are positive.
Lemma 2.31. gcd(a, b) = gcd(|a|, |b|).
Proof. If a = 0 and b = 0, we have |a| = a and |b| = b. So gcd(a, b) = gcd(|a|, |b|). Suppose one of a or b is
not 0. Note that d | a ⇔ d | |a|. See Exercise 2.29. It follows that
C(a, b) = C(|a|, |b|).
So, the largest common divisor of a and b is also the largest common divisor of |a| and |b|.
t
u
Exercise 2.32. Prove that gcd(a, b) = gcd(b, a).
Example 2.33. From the above lemmas we have
gcd(48, 732) = gcd(−48, 732)
= gcd(−48, −732)
= gcd(48, −732).
We also know that
0 < gcd(48, 732) ≤ 48.
Since if d = gcd(48, 732), then d | 48, to find d we may check only which positive divisors of 48 also divide
732.
Exercise 2.34. Find gcd(48, 732) using Example 2.33.
Exercise 2.35. Find gcd(a, b) for each of the following values of a and b:
(a) a = −b, b = 14
(b) a = −1, b = 78654
(c) a = 0, b = −78
(d) a = 2, b = −786541
a b
Exercise 2.36. Let a, b ∈ Z and d = gcd(a, b). Show that gcd
,
=1
d d
Exercise 2.37. Let a, b ∈ Z. Show that gcd(a, a + b) | b.
2.3 Prime Numbers
Prime numbers are the building blocks of the integers. Hence, in order to understand Z we need to study the
primes.
Definition 2.38. An integer p is prime if p ≥ 2 and it has exactly two positive divisors. An integer n is composite if n ≥ 2 and n is not prime.
The number 1 is neither prime nor composite.
Exercise 2.39. Prove that 2 is the only even prime number.
Exercise 2.40. True of False (prove or give a counterexample). Let p be a prime number
(a) p2 could be prime.
(b) p2 + p could be prime.
(c) p2 − p could be prime.
(d) p2 − 18p + 80 is never prime.
2.3 Prime Numbers
11
Exercise 2.41. Let n be a positive integer.
(a) Show that no integer of the form n3 + 1 is a prime, other than 13 + 1 = 2.
(b) Show that n3 − 1 is never prime, unless n = 2 (note that 23 − 1 = 7).
Exercise 2.42. (a)* Let f (x) be a non-constant polynomial with integral coefficients. Prove that there is n ∈ N
such that f (n) is composite.
(b) Check (using a calculator, if you please) that the polynomial f (x) = x2 − x + 41 yields prime numbers for
x = 0, 1, . . . , 40, but that f (41) is composite.
Exercise 2.43. Let a, b, p ∈ N be such that a|b and b|(ap), where p is prime. Show that b = a or b = ap.
Lemma 2.44. An integer n ≥ 2 is composite if and only if there are integers a and b such that n = ab, 1 < a < n,
and 1 < b < n.
Proof. Let n ≥ 2. If n is composite there is a positive integer a such that a 6= 1, a 6= n and a | n. This means that
n = ab for some b. Since n and a are positive so is b. Hence 1 ≤ a and 1 ≤ b. By Theorem 2.4(k) a ≤ n and
b ≤ n. Since a 6= 1 and a 6= n we have 1 < a < n. If b = 1 then a = n, which is not possible, so b 6= 1. If b = n
then a = 1, which is also not possible. So 1 < b < n. The converse is obvious.
t
u
Lemma 2.45. If n > 1, then there is a prime p such that p | n.
Proof. Assume there is some integer n > 1 which has no prime divisor. Let S denote the set of all such integers.
By the Well-Ordering Principle there is a smallest such integer, call it m. Now m > 1 and has no prime divisor,
thus m cannot be itself a prime. Hence, m is composite and so by Lemma 2.44
m = ab,
1 < a < m,
1 < b < m.
Since 1 < a < m then a is not in the set S. So a must have a prime divisor, call it p. Then p | a and a | m so by
Theorem 2.4, p | m. This contradicts the fact that m has no prime divisor. So the set S must be empty and this
proves the lemma.
t
u
Exercise 2.46. * How many elements of the set S = {1, 2, · · · , 2015, 2016} are
(a) divisible by 3 but not divisible by 5 and 7 (simultaneously)?
(b) divisible by 3 but not divisible by 5 or 7?
Theorem 2.47 (Euclid). There are infinitely many prime numbers.
Proof. Assume, by way of contradiction, that there are only a finite number of prime numbers, say:
p1 , p2 , . . . , pn .
Define
N = p1 p2 · · · pn + 1.
Since p1 ≥ 2, clearly N ≥ 3. So, by Lemma 2.45 N has a prime divisor p. By assumption p = pi for some
i = 1, · · · , n. Let a = p1 · · · pn . Note that
a = pi (p1 p2 · · · pi−1 pi+1 · · · pn ) ,
so pi | a. Now N = a + 1 and by assumption pi | a + 1. So, by Exercise 2.12 pi | (a + 1) − a, that is pi | 1. By
Theorem 2.4(h) we get that pi = 1. This contradicts the fact that primes are larger than 1. It follows that there
are infinitely many primes.
t
u
Exercise 2.48. Use the idea of the above proof to show that if q1 , q2 , . . . , qn are primes then there is a prime
q∈
/ {q1 , . . . , qn }.
Hint: Consider q to be a prime divisor of N = q1 · · · qn + 1.
12
2 Basic Properties of Z
Exercise 2.49. Let p1 = 2, p2 = 3, p3 = 5, . . . and, in general, pi = the i-th prime. Prove or disprove that
p1 p2 · · · pn + 1
is prime for all n ≥ 1.
Hint: Look at many examples. You may want to use the next theorem to check primality.
Theorem 2.50. Let n > 1 be an integer. Then, n is composite if and only if n has a prime divisor p ≤
√
n.
√
Proof. If n has a prime divisor p ≤ n, then p 6= n, and thus n is not prime.
√
Let n > 1 be √
composite. Then
< a√< n and 1 < b < n. I claim that one of a or b is ≤ √n. If
√ n = ab where 1 √
not then
√ a > n and b√> n. Hence n = ab > n n = n. This implies n > n, a contradiction. So a ≤ n or
that p | a. Hence, by Theorem
b ≤ n. Suppose a ≤ n. Since 1 < a, by Lemma 2.45 there is a prime p such √
2.4 since a | n we have p | n. Also by Theorem 2.4, since p | a we have p ≤ a ≤ n.
t
u
Remark 2.51. We can use Theorem 2.50 to help decide whether or √
not an integer is prime: To check whether
or not n > 1 is prime we need only try to divide it by all primes p ≤ n. If none of these primes divides n then
n must be prime.
√
√
Example 2.52. Consider the number 97. Note that 97 < 100 = 10. The primes ≤ 10 are 2, 3, 5, and 7. One
easily checks that 97 is not divisible by any of these primes. So, 97 is prime by Theorem 2.50.
Exercise 2.53. By using Theorem 2.50, as in the above example, determine the primality1 of the following
integers:
143, 221, 199, 223, 3521.
Now we can use this idea to find all primes less or equal to, let us say, 100. We will do this by making a table
with containing
√ all positive integers less or equal to 100 and then we will cross out all multiples of primes that
are at most 100 = 10 (thus, we check divisibility by 2, 3, 5, and 7). Don’t forget to cross 1 out, it is not a
prime! We get
2
3
64
5
66
7
6 8 6 9 10
6
61
11 12
6
13 14
6
15
6
16
6
17 18
6
19 20
6
21
6
22
6
23
24
6
25
6
26
6
27
6
28
6
29
30
6
31
32
6
33
6
34
6
35
6
36
6
37
38
6
39
6
40
6
41
42
6
43
44
6
45
6
46
6
47
48
6
49
6
50
6
51
6
52
6
53
54
6
55
6
56
6
57
6
58
6
59
60
6
61
62
6
63
6
64
6
65
6
66
6
67
68
6
69
6
70
6
71
72
6
73
74
6
75
6
76
6
77
6
78
6
79
80
6
81
6
82
6
83
84
6
85
6
86
6
87
6
88
6
89
90
6
91
6
92
6
93
6
94
6
95
6
96
6
97
98
6
99
6
100
6
where the circled numbers are not multiples of any of the primes considered, and thus they are primes.
The process of finding primes this way is due to the Greek mathematician Eratosthenes (275-194 B.C.), and it
is called the sieve of Eratosthenes.
We know that there are infinitely many primes, but how many are there that are less than a given number? We
can do this, for small numbers, by using the sieve of Eratosthenes, but this is unfeasible if the numbers get too
large. The following results summarize what is known about this problem.
1
This means determine whether or not each number is prime.
2.3 Prime Numbers
13
Definition 2.54. Let x ∈ R, x > 0. π(x) denotes the number of primes p such that p ≤ x.
Example 2.55. Since the only primes p ≤ 10 are 2, 3, 5, and 7 we have π(10) = 4.
Here is a table of values of π(10i ) for i = 2, . . . , 10. I also include known approximations to π(x). Note that the
formulas for the approximations do not give integer values, but for the table I have rounded each to the nearest
integer. The values in the table were computed using Maple.
Z x
x
1
x
x
π(x)
dt
ln(x)
ln(x) − 1
2 ln(t)
2
10
25
22
28
29
3
10
168
145
169
177
4
10
1229
1086
1218
1245
5
10
9592
8686
9512
9629
6
10
78498
72382
78030
78627
7
10
664579
620421
661459
664917
8
10
5761455
5428681
5740304
5762208
9
10
50847534
48254942
50701542
50849234 1010
455052511
434294482
454011971
455055614 You may judge for yourself which approximations appear to be the best. This table has been continued up to
1021 , but people are still working on finding the value of π(1022 ). Of course, the approximations are easy to
compute with Maple but the exact value of π(1022 ) is difficult to find.
The above approximations are based on the so-called Prime Number Theorem first conjectured by Gauss in
1793 but not proved till over 100 years later by Hadamard and Vallée Poussin.
Theorem 2.56 (The Prime Number Theorem).
π(x) ∼
x
ln(x)
for all x > 0.
or in other words
lim
x→∞
π(x)
x
ln(x)
= 1.
The distribution of primes is an active area of mathematical research. Besides the desire to know how many
primes there are between any two numbers, there is also the search for knowing how compactly packed prime
numbers are.
For instance, pairs of primes like 3 and 5, 5 and 7, or 11 and 13, are as close to each other as possible (for
odd primes). Pairs of ‘consecutive’ primes like these are called twin primes. It has been conjectured that there
are infinitely many pairs of twin primes, but nobody has been capable to prove so. On the other hand, three
‘consecutive’ primes, different from 3, 5, and 7 (called a triplet), do not exist (see Exercise 3.12). Moreover,
there are long stretches of consecutive integers containing no primes.
Exercise 2.57. Prove that, for any positive integer n there is an integer a such that the n consecutive integers
a, a + 1, a + 2, . . . , a + (n − 1)
are all composite.
Hint: Consider a = (n + 1)! + 2.
Exercise 2.58. Find 10 consecutive composite numbers.
14
2 Basic Properties of Z
Exercise 2.59. Prove that if a and n are positive integers such that n ≥ 2 and an − 1 is prime then a must be 2.
Hint: Use Exercise 1.7 to get
xn − 1 = (x − 1) 1 + x + x2 + · · · + xn−1
if x 6= 1 and n ≥ 1.
Exercise 2.60. Let a, p > 1 be integers. Show that if a p − 1 is prime then so is p. Is the converse true?
As mentioned at the beginning of this chapter, prime numbers can be considered as the building blocks of the
integers. This can be seen clearly in the next theorem, which will be proved later, in Chapter 4.
Theorem 2.61 (The Fundamental Theorem of Arithmetic). Every integer n > 1 can be written
uniquely in the form
n = pa11 pa22 · · · pas s ,
where s is a positive integer and p1 , p2 , . . . , ps are distinct primes satisfying
p1 < p2 < · · · < ps .
Remark 2.62. The way to write n given in the previous theorem, that is n = pa11 pa22 · · · pas s , is called the prime
factorization of n.
Theorem 2.61 is sometimes stated as follows:
Every integer n > 1 can be expressed as a product of powers of primes. This factorization is unique up to re-arrangement of
the factors.
Note, for example, that
600 = 23 · 3 · 52
= 23 · 52 · 3
= 3 · 52 · 23
etc.
2.4 gcd: Second Part
Now that we know about the prime factorization of an integers we can look at a second way to find the greatest
common divisor of two given integers. WLOG, we will restrict our study to positive integers.
First of all, consider any two integers a and b. These numbers have their prime factorizations, but these probably
use different sets of primes. We want to write both numbers using the same primes, so we will use all the primes
appearing in either factorization, and we will allow the use of zero as an exponent, just in case a specific prime
does not appear in the prime factorization of one of the numbers.
Example 2.63. Let a = 315 and b = 200. We know that
315 = 32 · 5 · 7
200 = 23 · 52
Now we write the factorizations as
315 = 20 · 32 · 5 · 7
200 = 23 · 30 · 52 · 70
because now we use the same set of primes for the prime factorization of both 315 and 200.
2.4 gcd: Second Part
15
For the rest of this section we assume that
a
b
a
k−1
a = pa11 pa22 · · · pk−1
pk k
b
k−1
pk k
b = pb11 pb22 · · · pk−1
where the pi ’s are distinct primes, and the ai ’s and bi ’s are nonnegative integers.
In order to continue we will assume the following result, which we will prove later.
Theorem 2.64 (Euclid’s Lemma). Let p be a prime number. If p|(nm), then p|n or p|m.
Using Euclid’s Lemma it is easy to find all the divisors of a given number, as long as we know its prime
factorization.
Exercise 2.65. Let p and q be primes and n ∈ N. Prove that p = q if and only if p|qn .
d
Exercise 2.66. Show that if d is a positive divisor of a, then d = pd11 pd22 · · · pk k , where 0 ≤ di ≤ ai , for all
i = 1, 2, · · · , k.
Exercise 2.67. (a) How many positive factors does 37 have? How many 1120 ? How many pn ? where p is a
prime number and n is a positive integer.
(b) Show that if p and 2 p − 1 are both prime, then the sum of the factors of n = 2 p−1 (2 p − 1) is exactly 2n.
p
Exercise 2.68. Show that if p is prime then p divides
for all k = 1, 2, · · · , p − 1.
k
Now it is easy to see that a common divisor of a and b must have a prime factorization that considers only those
primes that appear in the prime factorization of both a and b. The problem now is what the exponent of these
primes should be.
For simplicity (after a re-arrangement of the factors if needed), assume that p1 = q1 . Let us see what is the
greatest common divisor of pa11 and qb11 = pb11 is. It is clear that we want the largest possible exponent so that it
min(a ,b )
divides both numbers. Hence gcd(pa11 , pb11 ) = p1 1 1 . It follows that
Theorem 2.69.
min(a ,b ) min(a ,b )
min(a1 ,b1 ) min(a2 ,b2 )
p2
· · · pk−1 k−1 k−1 pk k k
gcd(a, b) = p1
Exercise 2.70. Write a nice, and complete, proof of the previous theorem.
Exercise 2.71. Prove the converse of Exercise 2.21. Conclude that the two definitions of gcd (Definitions 2.18
and 2.20) are equivalent.
Now note that
ab
max(a ,b ) max(ak ,bk )
max(a1 ,b1 ) max(a2 ,b2 )
= p1
p2
· · · pk−1 k−1 k−1 pk
gcd(a, b)
Definition 2.72. The least common multiple of a and b, denoted LCM[a, b] or just [a, b], is the least positive
integer that is divisible by both a and b.
Exercise 2.73. Prove that
ab = gcd(a, b)LCM[a, b]
Exercise 2.74. Prove that if a and b are nonzero integers, then gcd(a, b) | LCM[a, b]. Find a ‘formula’ to find
the largest i such that gcd(a, b)i | LCM[a, b].
Exercise 2.75. Give all pairs of integers a and b such that gcd(d, m) = 1, where d = gcd(a, b) and m =
LCM[a, b].
16
2 Basic Properties of Z
Exercise 2.76. Let a, b ∈ Z. Prove gcd(a + b, LCM[a, b]) = gcd(a, b).
Exercise 2.77.
(a) Find all pairs of positive integers, a and b, such that gcd(a, b) = 18 and LCM[a, b] = 360.
(b) Find all (positive) integers n such that gcd(2n, n + 1) = 2 and LCM[2n, n + 1] = 90. What if gcd(2n, n + 1)
were asked to be 4?
(c) Let d, m ∈ Z+ be fixed. How many different pairs of integers (a, b) are there such that gcd(a, b) = d and
LCM[a, b] = m?
Exercise 2.78. True or False? Prove or give a counterexample. Consider a, b ∈ Z, and p a prime
(a) LCM[ab, ad] = a LCM[b, d] for all a ∈ Z+ .
(b) gcd(p, a) = 1 for all positive integer a.
(c) If gcd(a, p2 ) = p then gcd(a2 , p2 ) = p2
(d) If gcd(a, p2 ) = p and gcd(b, p2 ) = p2 then gcd(ab, p4 ) = p3
(e) If gcd(a, p2 ) = p and gcd(b, p2 ) = p2 then gcd(ab, p4 ) = p2
(f) If gcd(a, p2 ) = p then gcd(a + p, p2 ) = p.
Exercise 2.79. Find gcd(a, b) where
(a) a = 1001, and b = 289.
(b) a = 23 · 32 · 52 · 77 , and b = 27 · 35 · 53 · 72 .
(c) a = 2 · 32 · 6, and b = 2 · 15 · 74 .
(d) a = 2 · 4 · 6 · 8 · 10 and b = 1 · 3 · 5 · 7 · 9.
(e) a = 43 · 53 · 67 , and b = 45 · 73 · 82 · 102011 .
(f) a = (4p) · (6p) · 45 and b = (200p) · (9p2 ) · (4p)2 , where p is a prime larger than 31.
Exercise 2.80. Find LCM[a, b] for the pairs of numbers in Exercise 2.79.
Finally, a new concept that can be better explored using the fundamental theorem of arithmetic.
Definition 2.81. An integer n is said to be a square (in Z) if there is an integer m such that n = m2 .
If n cannot be written as the square of any integer then n is called a non-square.
Exercise 2.82. What is the smallest positive number that is both a square and a multiple of 90?
Note that numbers like 200 are non-squares but do have a factor that is a square. In this case 102 |200. Numbers
with all their factors being non-squares will be a special kind of non-squares that will need a special label.
Definition 2.83. An integer n is said to be square-free (in Z) if all its divisors (different from 1) are nonsquares.
Exercise 2.84. Let n be an integer, n ≥ 2, with prime factorization
a
a
k−1
n = pa11 pa22 · · · pk−1
pk k
(a) Show that n is a square if and only if ai is even for all i = 1, 2, · · · , k.
(b) Show that n is square-free if and only if ai = 1 for all i = 1, 2, · · · , k.
(c) Show that any integer n ≥ 2 can be written as n = ab, where a is a square, and b is a square-free number or
b = 1.
Exercise 2.85. Find the smallest positive integer divisible by 2 and 3 which is simultaneously a square and a
fifth power.
Exercise 2.86. True or False? Prove or give a counterexample.
(a) The product of two squares is a square.
(b) The product of two non-squares is a non-square.
(c) The product of a square and a non-square might be a square or a non-square.
2.4 gcd: Second Part
17
Exercise 2.87. Let p be a prime and n ∈ N. Prove that the power of p in the prime factorization of n! is
n
n
n
+ 2 + 3 +···
p
p
p
Exercise 2.88. (a) What is the exponent of the prime 3 in the prime factorization of 2016! ?
(b) How many zeros are there at the end of 12! ?
(c) How many zeros are there at the end of 2016! ?
Exercise 2.89. If a is a square-free number and a|bn for some positive integer n. Show that a2 |b2 .
Exercise 2.90. Assume that a and b are relatively prime and that ab is a square. Prove that both a and b are
squares.
Chapter 3
How to Find gcd(a, b)
In this chapter we will learn one of the most useful computational tools in Number Theory: The Euclidean
Algorithm, which can be used to find gcd’s, solve equations in the integers, factor large integers, etc.
We start with the theorem that will be used repeatedly in the Euclidean Algorithm.
3.1 The Division Theorem
The goal of this section is to prove the following important result.
Theorem 3.1 (The Division Theorem). If a and b are integers and b > 0 then there exist unique integers
q and r satisfying the two conditions:
a = bq + r
and
0 ≤ r < b.
(3.1)
In this situation q is called the quotient and r is called the remainder when a is divided by b. Note that there
are two parts to this result. One part is the existence of integers q and r satisfying (3.1) and the second part is
the uniqueness of the integers q and r satisfying (3.1).
Proof. Given b > 0 and any a define
q=
jak
b
and
r = a − bq.
Clearly we have a = bq + r. We still need to prove that 0 ≤ r < b. By Lemma 1.16 we have
jak a
a
≤ ,
−1 <
b
b
b
which is
a
a
−1 < q ≤ .
b
b
Now multiply throughout by b. Since b is positive, the directions of the inequalities are maintained, giving us:
a − b < bq
and
bq ≤ a.
subtracting bq on each of the two inequalities yields r < b and 0 ≤ r respectively (using that r = a − bq).
We still have to prove that q and r are uniquely determined. To do this we assume that
a = bq1 + r1
and
0 ≤ r1 < b,
a = bq2 + r2
and
0 ≤ r2 < b.
and
We must show that r1 = r2 and q1 = q2 . If r1 6= r2 without loss of generality we can assume that r2 > r1 .
Subtracting these two equations we obtain
19
20
3 How to Find gcd(a, b)
0 = a − a = (bq1 + r1 ) − (bq2 + r2 ) = b(q1 − q2 ) + (r1 − r2 ).
This implies that
r2 − r1 = b(q1 − q2 ).
(3.2)
This implies that b | r2 − r1 . By Theorem 2.4(k) this implies that b ≤ r2 − r1 . But since
0 ≤ r1 < r2 < b
we have r2 − r1 < b. This contradicts b ≤ r2 − r1 . So we must conclude that r1 = r2 . Now from Equation (3.2)
we have 0 = b(q1 − q2 ). Since b > 0 this tells us that q1 − q2 = 0, that is, q1 = q2 . This completes the proof. t
u
Remark 3.2. When a and b are positive, then there is a simpler argument that could be used to prove the
previous theorem.
Consider a larger than b and place these two numbers on the real line. Then copy the interval [0, b] and paste it to create
‘consecutive’ intervals of length b. After doing this process many times we will either hit a with the end of an interval or
we will go beyond a, and this number will be an element of an interval, which is not and not an endpoint (note that in order
to use this argument we need the Archimedean property of real numbers). In case that b does not divide a then we are in
the latter case mentioned above. Hence, a = bk + r, for some integers k and r. Moreover, since a is contained in this ‘last’
interval then 0 < r < b.
Exercise 3.3. Find the q and r of the Division Theorem for the following values of a and b:
(a) Let b = 3 and a = 0, 1, −1, 10, −10.
(b) Let b = 345 and a = 0, −1, 1, 344, 7863, −7863.
Note that the Division Theorem can be used to justify the way we write generic even and odd numbers. That
is, an integer n is even if n = 2k for some k, and is odd if n = 2k + 1 for some k.
Exercise 3.4. Prove using the Division Theorem that every integer is either even or odd, but never both.
Definition 3.5. By the parity of an integer we mean whether it is even or odd.
Exercise 3.6. Prove n and n2 always have the same parity. That is, n is even if and only if n2 is even.
Exercise 3.7. (a) Prove that the product of two consecutive integers is divisible by 2.
(b) Prove that the product of three consecutive integers is divisible by 6.
(c) What is the minimum number n needed to have every product of n consecutive numbers being divisible by
10? By 15? By 30? Do you see a pattern?
Sometimes a problem in number theory can be solved by dividing the integers into various classes depending
on their remainders when divided by some number b. For example, this is helpful in solving the following
problems.
Exercise 3.8. Let n be any integer. Show that the remainder of n2 divided by 4 is either 0 or 1. What would be
the possible remainders of n2 when dividing by 3, by 5, or by 6?
Exercise 3.9. Show that if a is a multiple of 3 that is not a multiple of 2, and b has remainder 1 when it is
divided by 6, then ab has remainder 3 when divided by 6.
Exercise 3.10. Let n be an odd positive integer.
(a) Show that n can be written as either 4k + 1 or 4k + 3 for some k ∈ Z.
(b) If n has the form 4k + 3. Can n be the product of only primes of the form 4q + 1? If not, what can you say
about the number of primes of the form 4q + 3 used in n’s prime factorization?
For the following exercises, consider three cases: when numbers have the form 3k, 3k + 1, and 3k + 2, for k ∈ Z.
3.1 The Division Theorem
21
Exercise 3.11. Show that for all integers n the number n3 − n always has 3 as a factor.
Exercise 3.12. Show that the only triplet of primes is {3, 5, 7}. In other words, show that if p, p + 2, and p + 4
are primes then p = 3.
Exercise 3.13. Show that 17 is the only prime of the form pq + q p , where p and q are prime.
Exercise 3.14. Use the Division Theorem to show the following:
(a) The square of any integer is either of the form 3k or 3k + 1.
(b) The cube of an integer has one of the forms: 9k, 9k + 1, or 9k + 8.
(c) The fourth power of any integer is either of the form 5k or 5k + 1.
Exercise 3.15. Show that every number of the form 6k + 5 is also of the form 3 j + 2 (both j and k are integers),
but not conversely.
Definition 3.16. For b > 0 define a mod b = r where r is the remainder given by the Division Theorem when
a is divided by b, that is, a = bq + r and 0 ≤ r < b.
For example, 23 mod 7 = 2 since 23 = 7 · 3 + 2 and −4 mod 5 = 1 since −4 = 5 · (−1) + 1.
Note that some calculators and most programming languages have a function often denoted by MOD(a, b) or
mod(a, b) whose value is what we have just defined as a mod b. When this is the case the values r and q in the
Division Theorem for given a and b > 0 are given by
r = a mod b
q=
a − (a mod b)
b
If also the floor function is available we have
r = a mod b
jak
q=
b
Exercise 3.17. Prove that if b > 0 then b | a ⇐⇒ a mod b = 0.
Exercise 3.18. Prove that if b 6= 0 then b | a ⇐⇒ a/b ∈ Z.
Exercise 3.19. Calculate the following:
(a) 0 mod 10
(b) 123 mod 10
(c) 10 mod 123
(d) 457 mod 33
(e) (−7) mod 3
(f) (−3) mod 7
(g) (−5) mod 5
Exercise 3.20. Use the Division Theorem to prove the following more general version: If b 6= 0 then for any a
there exists unique q and r such that
a = bq + r
and
0 ≤ r < | b |.
Hint: Recall that | b | is b if b ≥ 0 and is −b if b < 0. We know the statement holds if b > 0 so we only need to
consider the case when b < 0. If b is negative then −b is positive, so we can apply the Division Theorem to a
and −b. Note that a as well as q can be any integers. This exercise may come in handy later.
Exercise 3.21. Let a, b ∈ Z, b > 0. If r is the remainder obtained after dividing a by b. What is the remainder
obtained after dividing −a by b?
22
3 How to Find gcd(a, b)
3.2 gcd: Third Part - The Euclidean Algorithm
The Division Theorem is many times called the Division Algorithm, in spite of it not being an algorithm at all.
On the contrary, The Euclidean Algorithm really is an algorithm, it provides a method to compute gcd(a, b).
Since as already noted gcd(0, 0) = 0, gcd(a, b) = gcd(|a|, |b|), and gcd(a, b) = gcd(b, a), it suffices to give a
method to compute gcd(a, b) when a ≥ b ≥ 0.
Lemma 3.22. If a > 0, then gcd(a, 0) = a.
Proof. Since every integer divides 0, C(a, 0) is just the set of divisors of a. By Theorem 2.4 the largest divisor
of a is |a|. Since a > 0, |a| = a. This shows that gcd(a, 0) = a.
t
u
Remark 3.23. So we are now reduced to the problem of finding gcd(a, b) when a ≥ b > 0.
Exercise 3.24. Prove that if a > 0 then gcd(a, a) = a.
Now having done Exercise 3.24 we only need to consider the case a > b > 0.
Lemma 3.25. Let a > b > 0. If a = bq + r, then
gcd(a, b) = gcd(b, r).
Proof. It suffices to show that C(a, b) = C(b, r), that is, the common divisors of a and b are the same as the
common divisors of b and r. To show this first let d | a and d | b. Note that r = a − bq, which is a linear
combination of a and b. So by Theorem 2.4(c) d | r. Thus d | b and d | r. Next assume d | b and d | r. Using
Theorem 2.4(c) again and the fact that a = bq + r is a linear combination of b and r, we have d | a. So d | a and
d | b. We have thus shown that C(a, b) = C(b, r). So gcd(a, b) = gcd(b, r).
t
u
Exercise 3.26. (a) Assume gcd(a, b) = 1, and that a is odd and b is even. Show that gcd(a + b, a − b) = 1.
(b) Keep assuming that gcd(a, b) = 1, but now both a and b are odd. Show that gcd(a + b, a − b) = 2.
(c) What can you say about gcd(a + b, a − b) if we do not assume that a and b are relatively prime?
Remark 3.27. The Euclidean Algorithm is the process of using Lemmas 3.22 and 3.25 to compute gcd(a, b)
when a > b > 0.
Also, note that the Euclidean Algorithm does not require that division is performed. That is, in the phrasing of
the theorem, q does not need to be the quotient, nor r the remainder.
Rather than give a precise statement of the algorithm we will give an example to show how it goes.
Example 3.28. Let us compute gcd(803, 154).
gcd(803, 154) = gcd(154, 33)
gcd(154, 33) = gcd(33, 22)
gcd(33, 22) = gcd(22, 11)
gcd(22, 11) = gcd(11, 0)
gcd(11, 0) = 11.
since 803 = 154 · 5 + 33
since 154 = 33 · 4 + 22
since 33 = 22 · 1 + 11
since 22 = 11 · 2 + 0
Hence gcd(803, 154) = 11.
Remark 3.29. Note that we have formed the gcd of 803 and 154 without factoring 803 and 154. This method
is generally much faster than factoring and can find gcd’s when factoring is not feasible.
Exercise 3.30. Let a > b > 0. Show that gcd(a, b) = gcd(b, a mod b).
Remark 3.31. If your calculator can compute a mod b you may use it when executing the Euclidean Algorithm.
3.3 Bézout’s Lemma
23
Exercise 3.32. Find gcd(a, b) using the Euclidean Algorithm for each of the values below:
(a) a = 75, b = 115
(b) a = 793, b = 3172
(c) a = 25174, b = 42722
(d) a = 377, b = 233
(e) a = 34709, b = 100313
(f) a = 1234, b = 981
(g) a = 102, b = 222
(h) a = 2340000000000 (that is ten zeros), b = 1230000000000 (that is ten zeros).
Exercise 3.33. Show that gcd(7a + 2, 3a + 1) = 1, for all a ∈ Z.
Exercise 3.34. Let a and b be two non-zero relatively prime integers. What is gcd(a2 + b2 , a + b)?
Exercise 3.35. What happens when the Euclidean Algorithm is applied to two consecutive Fibonacci numbers?
3.3 Bézout’s Lemma
Theorem 3.36 (Bézout’s Lemma). For all integers a and b there exist integers s and t such that
gcd(a, b) = sa + tb.
Moreover, if ab 6= 0 then gcd(a, b) is the least positive integer that can be written as a linear combination
of a and b.
Proof. If ab = 0, then the result is trivial. Assume ab 6= 0.
Consider the set
S(a, b) = {ma + nb; m, n ∈ Z}
which is the set of all linear combinations of a and b. Note that
a = a·1+b·0
− a = a · (−1) + b · 0
b = a·0+b·1
− b = a · 0 + b · (−1)
which implies that S(a, b) always contains at least two positive elements.
Let D = sa +tb, s,t ∈ Z, be the least positive element in S(a, b), this element exists because of the well-ordering
principle.
Now we will show that every element in S(a, b) is a multiple of D. This will imply that D = (a, b).
Let x ∈ S(a, b), then x = ma + nb for some m, n ∈ Z. If x is negative, then −x is also a linear combination of a
and b, so WLOG we can assume that x is positive. Since D is the least positive element in S(a, b) then x ≥ D,
thus we can divide x by D. We get
x = Dq + r
0≤r<D
Since we want to show that x is a multiple of D, then we want to show that r = 0.
Note that
r = x − Dq = (ma + nb) − (sa + tb)q = (m − sq)a + (n − tq)b
It follows that r ∈ S(a, b) (because m − sq and n − tq are integers). But since 0 ≤ r < D, and D is the least
positive element in S(a, b), then r is forced to be zero.
Thus, D divides every element in S(a, b), in particular, it divides both a and b, which makes it a common
divisor of these two numbers. Moreover, if c is any common divisor of a and b then c must divide any linear
combination of a and b, in particular c must divide D. This shows that D = gcd(a, b).
t
u
24
3 How to Find gcd(a, b)
Exercise 3.37. Show that S(a, b) is the set of all multiples of D.
Example 3.38. 1 = gcd(2, 3) and we have 1 = (−1)2 + 1 · 3. Also we have 1 = 2 · 2 + (−1)3. So the numbers
s and t in Bézout’s Lemma are not uniquely determined. In fact, as we will see later, there are infinitely many
choices for s and t for each pair a, b.
Exercise 3.39. Let a, b ∈ Z.
(a) Show that if 1 = as + bt, for some s,t ∈ Z, then gcd(a, b) = 1.
(b) Let gcd(a, b) = d and d = as + bt, where s,t ∈ Z. Prove that gcd(s,t) = 1.
Exercise 3.40. Show that gcd(a, b)|(as + bt) for all s,t ∈ Z, and conclude that there are no integers s and t such
that 0 < as + bt < gcd(a, b).
Exercise 3.41. Let a, b, c ∈ Z. Prove that
(a) if c|(ab) and gcd(a, c) = 1 then c|b
(b) (Euclid’s Lemma) if p is prime and p|(ab) then p|a or p|b.
(c) Is it true that when a | bc then a | b or a | c ?
(d) Let p be a prime number, a a non-zero integer, and n a fixed positive integer. Show that p|a if and only if
p|an .
Exercise 3.42. What are the conditions for n, m ∈ Z so that both n − m and n + m are divisible by 7 (simultaneously)?
Exercise 3.43. Let a, b, p ∈ Z, where a > 1 and p is prime.
(a) T or F (prove or give counterexample). If a divides b(b + p) then a divides b or b + p.
(b) Assume that a divides b(b + p). Show that a divides both b and b + p if and only if a = p.
Exercise 3.44. Let a, b, c, d ∈ Z. Assume that ab = cd and that α = gcd(a, c). Show that d is a multiple of
a
.
α
Remark 3.45. The proof of Bézout’s Lemma does not give any clue about how to go about calculating s and t.
Let a, b ∈ Z and d = gcd(a, b). We will now learn a way to find s and t in Z such that d = as + bt. This way
essentially needs us to ‘reverse’ the Euclidean Algorithm.
Example 3.46. Let us find (1974, 2112) and integers s,t such that
2112s + 1974t = (1974, 2112)
We use the Euclidean Algorithm to get
2112 = 1974 · 1 + 138
1974 = 138 · 14 + 42
138 = 42 · 3 + 12
42 = 12 · 3 + 6
12 = 6 · 2 + 0
and thus (1974, 2112) = 6.
Now we solve for all the nonzero remainders in the Euclidean Algorithm above trying to keep the expressions
written in the same way as they were. We obtain
138 = 2112 − 1974
42 = 1974 − 138 · 14
12 = 138 − 42 · 3
6 = 42 − 12 · 3
3.4 Blankinship’s Method
25
As you can see, the last expression already looks like 6 = something. The idea is to take that expression and
plug the next remainder into it, simplify, then plug the previous remainder into it, etc. This will give you at the
end 6 = 2112s + 1974t for some s,t ∈ Z. In fact, for the numbers we have in this example we get
6=
=
=
=
=
=
=
42 − 12 · 3
42 − (138 − 42 · 3) · 3
42 · 10 − 138 · 3
(1974 − 138 · 14) · 10 − 138 · 3
1974 · 10 − 138 · 143
1974 · 10 − (2112 − 1974) · 143
1974 · 153 − 2112 · 143
now we plug 12 = 138 − 42 · 3
now we plug 42 = 1974 − 138 · 14
now we plug 138 = 2112 − 1974
Since, 2112(−143) + 1974(153) = 6 then s = −143 and t = 153.
Remark 3.47. There are infinitely many pairs (s,t) such that
6 = 2112s + 1974t
We will later learn (Section 4.2) how to find all these pairs.
Q: Why does this method always work?
A: In short. Due to the nature of the Euclidean Algorithm, solving for the last nonzero remainder in the list of
divisions performed to find gcd(a, b) yields gcd(a, b) as a linear combination of the previous two remainders.
Hence, plugging in this linear combination the previous to the last remainder allows us to write gcd(a, b) using
two ‘earlier’ remainders (the previous to the last does not appear anymore, but the previous two do). Continuing
this process will eventually lead you to write gcd(a, b) as a linear combination of the initial two numbers (which
for this to make sense, can be considered as the ‘original’ two remainders).
Another method used to find gcd(a, b) and s,t ∈ Z such that gcd(a, b) = as + bt is discussed in the next section.
Exercise 3.48. Find s,t ∈ Z such that as + bt = gcd(a, b) for all pairs of numbers in Exercise 3.32.
Exercise 3.49. Find two integers, m and n, such that
gcd(1974, 2010) = 1974m + 2010n
3.4 Blankinship’s Method
In an article in the August-September 1963 issue of the American Mathematical Monthly, W.A. Blankinship1
gave a simple method to produce the integers s and t in Bézout’s Lemma and at the same time produce gcd(a, b):
Given a > b > 0 we start with the array
a10
b01
Then we continue to add multiples of one row to another row, alternating choice of rows until we reach an array
of the form
0 x1 x2
d y1 y2
or
d y1 y2
0 x1 x2
Then, d = gcd(a, b) = y1 a + y2 b. The goal is to get a 0 in the first column.
1
Thanks to Chris Miller for bringing this method to our attention.
26
3 How to Find gcd(a, b)
Example 3.50. (a) Let a = 35 and b = 15.
35 1 0
15 0 1
Note that 35 = 15 · 2 + 5, hence 35 + 15(−2) = 5.
So, we multiply row 2 by −2 and add it to row 1, getting
5 1 −2
15 0 1
Now 3 · 5 = 15 or 15 + (−3)5 = 0, so we multiply row 1 by −3 and add it to row 2, getting
5 1 −2
.
0 −3 7
It follows that gcd(35, 15) = 5 and 5 = 1 · 35 + (−2) · 15.
(b) Let us consider now a more complicated example: Let a = 1876 and b = 365. We start with
1876 1 0
365 0 1
Since 1876 = 365 · 5 + 51 we multiply the second row by −5 and add that to the first row, getting:
51 1 −5
365 0 1
Now, 365 = 51 · 7 + 8, so we multiply the first row by −7 and add this to row 2, getting:
51 1 −5
8 −7 36
Since 51 = 8 · 6 + 3 we multiply the second row by −6 and add that to the first row, getting:
3 43 −221
8 −7 36
Now 8 = 3 · 2 + 2, so we multiply the first row by −2 and add this to row 2, getting:
3 43 −221
2 −93 478
Then, 3 = 2 · 1 + 1, so we multiply the second row by −1 and add that to the first row, getting:
1 136 −699
2 −93 478
Finally, 2 = 1 · 2 so if we multiply the first row by −2 and add this to row 2 we get:
1 136 −699
0 −365 1876
This tells us that gcd(1876, 365) = 1 and 1 = 136 · 1876 + (−699)365.
Note that it was not necessary to compute the last two entries −365 and 1876 in the last matrix above.
Another implementation of Blankinship’s Method follows.
3.4 Blankinship’s Method
27
We construct a matrix with three columns but an undetermined number of rows. The last row will give us all
the information we need: if the last row is [ x y d ], then (a, b) = d = ax + by.
To construct this matrix, we proceed
as follows:
10a
(a) We start by writing down
.
0 1b
x y z
(b) Suppose the last two rows are 0 0 0 . We use the Division Theorem to write z = z0 q + r with 0 ≤ r < z0 .
x y z
If r = 0, we’re done; if r > 0, then we add the following row : the row [ x y z ] minus q times the row [ x0 y0 z0 ];
so the row we’re adding is [ x − qx0 y − qy0 r ]
Example 3.51. Let us apply this method to a = 324 and b = 126
1 0 324
0 1 126
1 −2 72
−1 3 54
2 −5 18
324 = 126 · 2 + 72
126 = 72 · 1 + 54
72 = 54 · 1 + 18
54 = 18 · 3 + 0
so, R3 = R1 − 2R2
so, R4 = R2 − R3
so, R5 = R3 − R4
we stop
Hence, (324, 126) = 18 = 2 · 324 − 5 · 126.
Note that we are allowed to use negative ‘remainders’. In fact, many times doing this will shorten the process.
We illustrate this with the same example.
Example 3.52.
1 0 324
0 1 126 324 = 126 · 3 + (−54) so R3 = R1 − 3R2
1 −3 −54
We normally make sure that the numbers in the third column are positive. So we multiply the whole row by −1
and continue the process :
1 0
0 1
−1 3
2 −5
324
126
54
18
324 = 126 · 3 + (−54) so, R3 = R1 − 3R2
126 = 54 · 2 + 18
so, R4 = R2 − 2R3
54 = 18 · 3
we stop
Again we get (in one less step) that (324, 126) = 18 = 2 · 324 − 5 · 126.
In exercise 3.53 you are asked to solve this problem (again), now by using the standard Blankinship’s Method.
Why Blankinship’s Method works: Note that just looking at what happens in the first column you see that
we are just doing the Euclidean Algorithm, so when one element in column 1 is 0, the other is, in fact, the gcd.
Note that at the start we have
a10
b01
and
a = 1·a+0·b
b = 0 · a + 1 · b.
One can show that at every intermediate step
a1 x1 x2
b1 y1 y2
we always have
28
3 How to Find gcd(a, b)
a1 = x1 a + x2 b
b1 = y1 a + y2 b,
and the result follows. We leave the details to the interested reader.
Exercise 3.53. Use Blankinship’s Method to compute the s and t in Bézout’s Lemma for each of the following
values of a and b.
(a) a = 267, b = 112
(b) a = 216, b = 135
(c) a = 324 and b = 126
(d) a = 11312, b = 11321
Exercise 3.54. Re-do exercise 3.48.
Exercise 3.55. Find integers a, b, d, s, t such that all of the following hold
(a) a > 0, b > 0,
(b) d = sa + tb, and
(c) d 6= gcd(a, b).
Chapter 4
Applications of gcd(a, b)
It has been mentioned in this text that the Euclidean Algorithm is probably the most important tool in elementary Number Theory. In this chapter we will see two very important applications of this algorithm and of
Bézout’s Lemma.
4.1 Proof of the Fundamental Theorem of Arithmetic
In Section 2.3 the Fundamental Theorem of Arithmetic was stated but not proven. Our goal in this section is to
prove it. We write it again to have it handy.
Theorem 4.1 (The Fundamental Theorem of Arithmetic). Every integer n > 1 can be written uniquely
in the form
n = p1 p2 · · · ps ,
where s is a positive integer and p1 , p2 , . . . , ps are primes satisfying
p1 ≤ p2 ≤ · · · ≤ ps .
To prove Theorem 4.1 we need to first establish a few lemmas.
Lemma 4.2. Let p be prime. Let a1 , a2 , . . . , an , n ≥ 1, be integers. If p | a1 a2 · · · an , then p | ai for at least one
i ∈ {1, 2, . . . , n}.
Proof. We use induction on n. The result is clear if n = 1. Assume that the lemma holds for n such that
1 ≤ n ≤ k. Let’s show it holds for n = k + 1. So assume p is a prime and p | a1 a2 · · · ak ak+1 . Let a = a1 a2 · · · ak
and b = ak+1 . Then p | a or p | b by Exercise 3.41. If p | a = a1 · · · ak , by the induction hypothesis, p | ai for
some i ∈ {1, . . . , k}. If p | b = ak+1 then p | ak+1 . So we can say p | ai for some i ∈ {1, 2, . . . , k + 1}. So the
lemma holds for n = k + 1. Hence by PMI it holds for all n ≥ 1.
t
u
Lemma 4.3 (Existence Part of Theorem 4.1). If n > 1 then there exist primes p1 , . . . , ps for some s ≥ 1 such
that
n = p1 p2 · · · ps
and p1 ≤ p2 ≤ · · · ≤ ps .
Proof. Proof by induction on n, with starting value n = 2: If n = 2 then since 2 is prime we can take p1 = 2,
s = 1. Assume the lemma holds for n such that 2 ≤ n ≤ k. Let’s show it holds for n = k + 1. If k + 1 is prime we
can take s = 1 and p1 = k +1 and we are done. If k +1 is composite we can write k +1 = ab where 1 < a < k +1
and 1 < b < k + 1. By the induction hypothesis there are primes p1 , . . . , pu and q1 , . . . , qv such that
a = p1 · · · pu and b = q1 · · · qv .
This gives us
k + 1 = ab = p1 p2 · · · pu q1 q2 · · · qv ,
that is k + 1 is a product of primes. Let s = u + v. By reordering and relabeling where necessary we have
29
30
4 Applications of gcd(a, b)
k + 1 = p1 p2 · · · ps
where p1 ≤ p2 ≤ · · · ≤ ps . So the lemma holds for n = k + 1. Hence by PMI, it holds for all n > 1.
t
u
Lemma 4.4 (Uniqueness Part of Theorem 4.1). Let
n = p1 p2 · · · ps for some s ≥ 1,
and
n = q1 q2 · · · qt for some t ≥ 1,
where p1 , . . . , ps , q1 , . . . , qt are primes satisfying
p1 ≤ p2 ≤ · · · ≤ ps
and
q1 ≤ q2 ≤ · · · ≤ qt .
Then, t = s and pi = qi for i = 1, 2, . . . ,t.
Proof. Our proof is by induction on s. Suppose s = 1. Then n = p1 is prime and we have
p1 = n = q1 q2 · · · qt .
If t > 1, this contradicts the fact that p1 is prime. So t = 1 and we have p1 = q1 , as desired. Now assume the
result holds for all s such that 1 ≤ s ≤ k. We want to show that it holds for s = k + 1. So assume
n = p1 p2 · · · pk pk+1
and
n = q1 q2 · · · qt
where p1 ≤ p2 ≤ · · · ≤ pk+1 and q1 ≤ q2 ≤ · · · ≤ qt . Clearly pk+1 | n so pk+1 | q1 · · · qt . So by Lemma 4.2
pk+1 | qi for some i ∈ {1, 2, . . . ,t}. It follows from Exercise 2.65 that pk+1 = qi . Hence pk+1 = qi ≤ qt .
By a similar argument qt | n so qt | p1 · · · pk+1 and qt = p j for some j. Hence qt = p j ≤ pk+1 . This shows that
pk+1 ≤ qt ≤ pk+1
so pk+1 = qt . Note that
p1 p2 · · · pk pk+1 = q1 q2 · · · qt−1 qt
Since pk+1 = qt we can cancel this prime from both sides and we have
p1 p2 · · · pk = q1 q2 · · · qt−1 .
Now by the induction hypothesis k = t − 1 and pi = qi for i = 1, . . . ,t − 1. Thus we have k + 1 = t and pi = qi
for i = 1, 2, . . . ,t. So the lemma holds for s = k + 1 and by the PMI, it holds for all s ≥ 1.
t
u
Now the proof of Theorem 4.1 follows immediately from Lemmas 4.3 and 4.4.
Exercise 4.5. Assume gcd(m, n) = 1. Then d|(mn) if and only if d = ab, where a|m, b|n and gcd(a, b) = 1.
4.2 Linear Diophantine Equations
A Diophantine equation is an equation like
4.2 Linear Diophantine Equations
31
x2 − 4y3 = 7
3x + 2y = 5
3 − 4x − 2y2 = z3
that we want to solve in the integers. That is, we want to find all solutions where the unknowns are all integers.
For example, the equation
x2 = 2
√
has solutions x = ± 2 but since these numbers are not integers, then we will say that the equation has no
solutions as a Diophantine equation.
Definition 4.6. A Diophantine equation that looks like
ax + by = c
where a, b, c ∈ Z is called a linear Diophantine equation (with two variables, in this case).
InNote that the solutions (in the reals) of ax + by = c forms a line on the plane. The solutions we want to find
are then all the points on the line that have both coordinates in Z.
The first thing to notice is that the left-hand part of a linear Diophantine equation is a linear combination of a
and b (recall that x and y are integers). Hence, using Bézout’s Lemma seems to be an obvious way to approach
this problem. In fact, finding gcd(a, b) will give us the ultimate tool to solve any linear Diophantine equation
that has solutions in Z.
In previous sections we have learned that S(a, b) is the set of all multiples of gcd(a, b). It follows that if
ax + by = c has solutions x, y ∈ Z then c ∈ S(a, b), and thus c must be a multiple of gcd(a, b). In other words
ax + by = c has solutions in Z only if c is a multiple of gcd(a, b).
Let us now assume that c = gcd(a, b)k, for some k ∈ Z. Then, Bézout’s Lemma tells us that there exist s,t ∈ Z
such that as + bt = gcd(a, b). If we multiply by k both sides we get
a(sk) + b(tk) = gcd(a, b)k = c
and thus x = sk, y = tk is a solution of ax + by = c. We have proved.
Lemma 4.7. Let a, b, c ∈ Z. The equation ax + by = c has solutions x, y ∈ Z if and only if gcd(a, b)|c.
Now we would like to know whether there are more solutions, and how can we find them all. In order to do
this, we consider two solutions of ax + by = c: (x0 , y0 ) and (x, y). It follows that
ax0 + by0 = c
ax + by = c
which after equating the c’s yields
ax0 + by0 = ax + by
or, in other words,
a(x0 − x) = b(y − y0 )
We now divide both sides by d = gcd(a, b) to get
b
a
(x0 − x) = (y − y0 )
d
d
a
b
a
b
Note that divides (x − x0 ). But Exercise 2.36 says that and are relatively prime and thus, by Exercise
d
d
d
d
b
3.41, must divide x − x0 . It follows that there is an integer n such that
d
b
x = x0 + n
d
Plugging this expression into a(x0 − x) = b(y − y0 ) we get
32
4 Applications of gcd(a, b)
a
y = y0 − n
d
Exercise 4.8. Check that any pair of numbers of the form
a
y = y0 − n
d
b
x = x0 + n
d
where n ∈ Z is, in fact, a solution of ax + by = c
We summarize all this section in the following theorem.
Theorem 4.9. Let a, b ∈ Z and d = gcd(a, b). The equation ax + by = c has solutions x, y ∈ Z if and only
if d|c. Moreover, if (x0 , y0 ) is a solution of such an equation then ax + by = c has infinitely many solutions,
and they all have the form
a
y = y0 − n
d
b
x = x0 + n
d
for some n ∈ Z.
Example 4.10. We want to use the Euclidean Algorithm to find all solutions of the Diophantine equation
1974x + 2010y = 18
From the solution of Exercise 3.49 we know that (1974, 2010) = 6. Since 6 | 18 there there are solutions for
this Diophantine equation. We divide it by 6 to get nicer numbers, we get
329x + 335y = 3
Using the Euclidean Algorithm (up and down) we get
335 = 329 · 1 + 6
329 = 6 · 55 − 1
and thus
1 = 6 · 55 − 329 = (335 − 329) · 55 − 329 = 335 · 55 + 329 · (−56)
Multiplying this by 3 we get
3 = 329 · (−56 · 3) + 335 · (55 · 3)
It follows that x0 = −56 · 3 and y0 = 55 · 3 form a solution of the equation. All the equations in Z of the equation
are
x0 = −56 · 3 + 335n
y0 = 55 · 3 − 329n
for n ∈ Z.
Exercise 4.11. Find all solutions to the following Diophantine equations:
(a) 1492x + 1066y = −4.
(b) 105x + 300y = 30.
(c) 252x + 198y = 72.
(d) 75x + 115y = 75.
(e) 30x + 47y = −11
Exercise 4.12. Find (1974, 2112), [2112, 1974] and integers m, n such that
2112m + 1974n = 12
4.2 Linear Diophantine Equations
33
Exercise 4.13. I have bought chocolates for the students in my Number Theory class for just $13.15. If each
female in the class got a 50-cent chocolate and each male got a 45-cent chocolate, how many students of each
sex are there in the class?
Exercise 4.14. The results of a recent study, among Fresno State math professors, state that each faculty uses
either two or 57 markers a week, with a total of 146 markers used per week (for the whole department). How
many of them use 57 markers per week?
Exercise 4.15. Assume that each black marker is 35 cents and every color marker is 91 cents. If I spent $5.60
on markers, how many markers of either type did I buy?
Exercise 4.16. I spent exactly $21.30 in chocolate kisses and conversation hearts for Valentine’s. If each kiss
was $2.50 and each heart was $0.70 then what are the possibilities for the chocolate kisses and conversation
hearts bought?
Exercise 4.17. After working for an hour, Oscar has picked a few apples and oranges. He thinks that if he sells
each apple for 25 ¢ and each orange for 50 ¢ then he would make $ 5. Then he notices he has picked an even
number of apples and an even number of oranges and that he has more oranges than apples. How many of each
fruit did he pick?
Exercise 4.18. When Oscar cashed a check at his bank, the teller mistook the number of cents for the number
of dollars and vice versa. Unaware of this, Oscar puts this money together with 7 cents he already had. To his
surprise, he then realizes that he now has exactly three times the amount of the original check. Find a possible
value for which the check could have been written.
Chapter 5
Zm
Zm will be a set that will have a special addition and multiplication. These operations will make it to behave
very similar to Z.
In order to understand what Zm really is, and how it works, we need to connect it with the concepts already
learned in previous chapters. That is the objective of the next section.
5.1 Residue Classes Modulo m
Let m be a fixed integer, m > 1. Recall that the division theorem says that any integer a can be written in a
unique way as
a = mq + r
provided that 0 ≤ r < m.
Using this, we define an equivalence relation ∼ on Z by a ∼ b if and only if a and b have the same remainder
when divided by m.
Exercise 5.1. Check that ∼ is in fact an equivalence relation.
Note that we can also define ∼ as
(a) a ∼ b ⇔ a mod m = b mod m, or
(b) a ∼ b ⇔ m|(a − b).
It is known that the equivalence classes of ∼ will partition Z. In fact, the equivalence classes have the form
[a] = {x; m|(a − x)},
where a ∈ Z.
In other words, [a] is the set of all integers that have the same remainder that a has after being divided by m.
We call [a] the residue class of a modulo m.
Theorem 5.2. For m > 1 we have
[a] = {a + mq; q ∈ Z}.
Proof. x ∈ [a] ⇔ m|(a − x) ⇔ x − a = mq for some q ∈ Z. Hence, x ∈ [a] ⇔ x = a + mq for some q ∈ Z. The
result follows from the definition of a residue class.
t
u
Remark 5.3. Note that [a] really depends on m and it would be more accurate to write [a]m instead of [a],
but this would be too cumbersome. Nevertheless it should be kept clearly in mind that [a] depends on some
understood value of m.
Exercise 5.4. Prove that the following three ways to represent [a] are equivalent.
(a) [a] = {a + mq; q ∈ Z}.
(b) [a] = {a + mq; q = 0, ±1, ±2, . . . }
(c) [a] = {. . . , −2m + a, −m + a, a, m + a, 2m + a, . . . }.
Exercise 5.5. Show that if m = 2 then [1] is the set of all odd integers and [0] is the set of all even integers.
35
36
5 Zm
Exercise 5.6. Given the modulus m > 0 show that for a fixed a ∈ Z, [a] = [a + km] for all k ∈ Z.
Exercise 5.7. Show that for any two given integers, a and b, either [a] = [b] or [a] ∩ [b] = 0.
/
Do not use that ∼ is an equivalence relation for this proof.
Exercise 5.8. For any m > 0, show that if x ∈ [a] then [a] = [x].
Definition 5.9. Any element x ∈ [a] is said to be a representative of the residue class [a].
By Exercise 5.8 if x is a representative of [a] then [x] = [a], that is, any element of a residue class may be used
to represent it.
Theorem 5.10. Given m > 1. For every a there is a unique r such that
[a] = [r] and 0 ≤ r < m.
Proof. Let r be the remainder of a after division by m, thus a = mq + r, for some q ∈ Z. Then a − r = mq,
which means that m|(a − r). It follows that [a] = [r]. We are done with the existence, as 0 ≤ r < m.
Now to check uniqueness, assume that [a] = [r] = [r0 ] and 0 ≤ r, r0 < m. WLOG, assume r ≥ r0 , then having
[r] = [r0 ] implies that m divides r − r0 , but this number is at most r, which is less than m. Hence, r − r0 = 0. t
u
Theorem 5.11. Given m > 1, there are exactly m distinct residue classes modulo m, namely,
[0], [1], [2], . . . , [m − 1].
Proof. Theorem 5.10 tells us that every residue class [a] must be equal to one of the residue classes:
[0], [1], . . . , [m − 1]. So, there are no residue classes not in this list. These residue classes are distinct because
if 0 ≤ r1 < m and 0 ≤ r2 < m and [r1 ] = [r2 ], then by the uniqueness part of Theorem 5.10 we must have
r1 = r2 .
t
u
5.2 The Set Zm
Throughout this section we assume a fixed modulus m > 1.
Definition 5.12. We define
Zm = {[a]; a ∈ Z},
that is, Zm is the set of all residue classes modulo m. We call Zm the ring of integers modulo m.
In the next section we shall show how to add and multiply residue classes. This makes Zm into a ring (you
will learn what a ring is in an abstract algebra class; Appendix A, in Chapter 14, has a simple introduction to
structures of this type). Often we will drop the ring and just call Zm the integers modulo m.
From Theorem 5.11 we get
Zm = {[0], [1], . . . , [m − 1]}
and since no two of the residue classes [0], [1], . . . , [m − 1] are equal we see that Zm contains exactly m elements.
By Exercise 5.8, if we chose
a0 ∈ [0], a1 ∈ [1], . . . , am−1 ∈ [m − 1]
then
[a0 ] = [0], [a1 ] = [1], . . . , [am−1 ] = [m − 1].
Thus we would also have
Zm = {[a0 ], [a1 ], . . . , [am−1 ]}.
5.3 Addition and Multiplication in Zm
37
Example 5.13. If m = 4 we have, for example,
8 ∈ [0], 5 ∈ [1], −6 ∈ [2], 11 ∈ [3].
And hence:
Z4 = {[0], [1], [2], [3]} = {[8], [5], [−6], [11]}.
Definition 5.14. A set of m integers
{a0 , a1 , . . . , am−1 }
is called a complete system of residues modulo m if
Zm = {[a0 ], [a1 ], . . . , [am−1 ]}.
Remark 5.15. A complete system of residues modulo m is sometimes called a complete set of representatives
for Zm .
Example 5.16. By Theorem 5.11, for m > 1
{0, 1, 2, . . . , m − 1}
is a complete residue system modulo m.
Example 5.17. From the above discussion it is clear that for each m > 1 there are infinitely many distinct
complete residue systems modulo m. A few examples of complete residue systems modulo 5 follow:
(a) {0, 1, 2, 3, 4}
(b) {0, 1, 2, −2, −1}
(c) {10, −9, 12, 8, 14}
(d) {0 + 5n1 , 1 + 5n2 , 2 + 5n3 , 3 + 5n4 , 4 + 5n4 } where n1 , n2 , n3 , n4 , n5 may be any integers.
Definition 5.18. The set {0, 1, . . . , m − 1} is called the set of least nonnegative residues modulo m.
Exercise 5.19. Let m > 1 be given.
(a) If m = 2k, then
{0, 1, 2, . . . , k − 1, k, −(k − 1), . . . , −2, −1}
is a complete residue system modulo m.
(b) If m = 2k + 1, then
{0, 1, 2, . . . , k, −k, . . . , −2, −1}
is a complete residue system modulo m.
5.3 Addition and Multiplication in Zm
We have already been introduced to the set Zm , now we will define addition and multiplication in this set, so
we can study it just as we have already done with the integers.
Definition 5.20. For [a], [b] ∈ Zm we define
[a] + [b] = [a + b]
and
[a][b] = [ab].
Example 5.21. For m = 5 we have
[2] + [3] = [5]
and
[2][3] = [6].
38
5 Zm
But, note that since [5] = [0] and [6] = [1] then we can also write
[2] + [3] = [0]
and
[2][3] = [1].
Since a residue class can have many representatives, it is important to check that the rules given in Definition
5.20 do not depend on the representatives chosen. For example, when m = 5 we know that
[7] = [2]
and
[11] = [21]
so we should have
[7] + [11] = [2] + [21]
[7][11] = [2][21].
and
For the addition, we can check that
[7] + [11] = [18]
and
[2] + [21] = [23].
But, since 5|(23 − 18) then [18] = [23]. We are good. Similarly, for the product
[7][11] = [77]
and
[2][21] = [42]
but, 77 − 42 = 35 and 5 | 35 so [77] = [42], as desired.
Theorem 5.22. For any modulus m > 1, if [a] = [b] and [c] = [d] then
[a] + [c] = [b] + [d]
and
[a][c] = [b][d]
Hence, addition and multiplication in Zm are well-defined.
Exercise 5.23. Prove Theorem 5.22
When performing operations in Zm using the rules in Definition 5.20, due to Theorem 5.22, we may at any time
replace [a] by [a0 ] if m|(a − a0 ) (or, in other words, a and a0 have the same remainder after division by m). This
will sometimes make calculations easier. Most of the times one wants to take a0 to be the remainder of a after
division by m.
Example 5.24. Take m = 151. We want to compute [150] + [149] and [150][149] but these numbers are too big.
There’s gotta be a better way!
Since [150] = [−1] and [149] = [−2] then
[150][149] = [−1][−2] = [2]
and
[150] + [149] = [−1] + [−2] = [−3] = [148]
since [148] = [−3].
Remark 5.25. Recall that we have for all a and m > 0
[a] = [ra ]
where ra is the remainder of a when dividing by m. Hence,
5.3 Addition and Multiplication in Zm
39
[a] + [b] = [ra + rb ]
[a] [b] = [ra rb ]
So if a and b are in the set {0, 1, . . . , m − 1}, these equations give us a way to obtain representations of the
sum and product of [a] and [b] in the same set. This leads to an alternative way to define Zm , and addition
and multiplication in Zm . This identification (or double definition), though confusing at first, is fairly used in
mathematics.
Exercise 5.26. Show that the power rules
[a]st = ([a]s )t
and
[a]s+t = [a]s [a]t
hold in Zm , where [a] ∈ Zm and s,t ∈ N.
For now, we just care that we are able to compute the sum and/or product of any two elements in Zm , but very
interesting computations can be performed in Zm because of the small amount of possible end results. Just
think about it; one could add and multiply how many times, and how many elements you want from Z7 and the
final result must be one of the seven elements in Z7 . Amazing!
Example 5.27. For simplicity, I will not use brackets to represent the elements in Z7 . We want to compute the
following expression in Z7
2300 · 3 − 4 · 2 · 3200
We first note that 23 = 8, but 8 is equal to 1 in Z7 . Hence, 23 = 1 in Z7 , and thus
2300 = 23
100
= 1100 = 1
in Z7 .
It follows that 2300 · 3 = 1 · 3 = 3 in Z7 .
Similarly, since 32 = 9 = 2 in Z7 , then 36 = (32 )3 = 23 = 1 in Z7 . Thus,
3200 = 36·33+2 = 36·33 32 = (36 )33 32 = 133 · 2 = 1 · 2 = 2
in Z7 .
Summarizing:
2300 · 3 − 4 · 2 · 3200 = 3 − 2 = 1
in Z7 .
Would you like to have an option that allows you to perform these computations without needing to write “in
Z7 ” all the time, or having to write all elements of Zm using brackets ?
Chapter 6
Congruences
Now we will learn an alternate way to study Zm , and thus of performing its operations. We will, essentially,
start all from scratch.
Definition 6.1. Let m ≥ 2 be an integer. We write a ≡ b (mod m) if and only if m | (a − b), and we say that a
is congruent to b modulo m.
The notation a 6≡ b (mod m) means that m - (a − b).
Note that we could re-phrase the previous definition as
a≡b
(mod m) ⇐⇒ [a] = [b] in Zm
Remark 6.2. Many authors define a ≡ b (mod m) for m ≥ 0. But for m = 1, since 1 divides everything, then
a ≡ b (mod 1) for all a, b. And for m = 0, as 0 divides only 0, we get that a ≡ b (mod 0) ⇐⇒ a = b for all a,
b.
Hence, these trivial cases are not considered in our definition.
Example 6.3. (a) 25 ≡ 1 (mod 4) since 4 | 24.
(b) 25 6≡ 2 (mod 4) since 4 - 23.
(c) 1 ≡ −3 (mod 4) since 4 | 4.
WARNING!
Do not confuse the use of mod in Definition 6.1 with that of Definition 3.16. We shall see that the two uses of
mod are related, but have different meanings.
Example 6.4. 25 ≡ 5 (mod 4) is true since 4 | 20. But, 25 = 5 mod 4 does not make sense, since 5 > 4, and
thus it cannot be a remainder after dividing by 4.
We next introduce some more terminology. Expressions such as
x=2
42 = 16
x2 + 2x = sin(x) + 3
are called equations. By analogy, expressions such as
x≡2
(mod 16)
25 ≡ 5
(mod 5)
x3 + 2x ≡ 6x2 + 3
(mod 27)
are called congruences. Before discussing further the analogy between equations and congruences, we show
the relationship between the two different definitions of mod.
41
42
6 Congruences
Theorem 6.5. For all m, a, b ∈ Z, m > 1:
a≡b
(mod m) ⇐⇒ a mod m = b mod m.
Proof. (⇒) Assume that a ≡ b (mod m). Let r1 = a mod m and r2 = b mod m. We want to show that r1 = r2 .
By definition we have
(a) m | a − b,
(b) a = mq1 + r1 , 0 ≤ r1 < m, and
(c) b = mq2 + r2 , 0 ≤ r2 < m
From (a) we obtain
a − b = mt
for some t. Hence
a = mt + b.
Using (b) and (c) we see that
a = mq1 + r1 = m (q2 + t) + r2 .
Since 0 ≤ r1 < m and 0 ≤ r2 < m by the uniqueness part of the Division Theorem we obtain r1 = r2 , as desired.
(⇐) Assume that a mod m = b mod m. We must show that a ≡ b (mod m). Let r = a mod m = b mod m, then
by definition we have
a = mq1 + r, 0 ≤ r < m,
and
0 ≤ r < m.
b = mq2 + r,
Hence
a − b = m (q1 − q2 ) .
This shows that m | a − b and hence a ≡ b (mod m), as desired.
t
u
Exercise 6.6. Prove that for all m > 1 and for all a:
a ≡ a mod m
(mod m).
Remark 6.7. From Example 5.27 we get that
2300 · 3 − 4 · 7 · 3200 ≡ 1 (mod 7)
Exercise 6.8. Using Definition 6.1 show that the following congruences are true
385 ≡ 322 (mod 3)
−385 ≡ −322 (mod 3)
1 ≡ −17 (mod 3)
33 ≡ 0
(mod 3).
Exercise 6.9. Use Theorem 6.5 to show that the congruences in Exercise 6.8 are valid.
Exercise 6.10. Show that a is even ⇔ a ≡ 0 (mod 2), and a is odd ⇔ a ≡ 1 (mod 2).
Exercise 6.11. Show that if m > 0 and a is any integer, there is a unique integer r ∈ {0, 1, 2, . . . , m − 1} such
that a ≡ r (mod m).
Exercise 6.12. Find integers a and b such that 0 < a < 15, 0 < b < 15 and ab ≡ 0 (mod 15).
Exercise 6.13. Find integers a and b such that 1 < a < 13, 1 < b < 13, and ab ≡ 1 (mod 15).
6 Congruences
43
Remark 6.14. The previous two exercises tell you that, even though, Z15 seems to be very similar to Z, some
things work differently. In fact, Exercise 6.12 says that one can find two nonzero elements a, b ∈ Z15 such that
ab = 0 in Z15 . This is something that cannot happen in Z, as the product of two nonzero integers is always
different from zero.
Exercise 6.13 says that one can find invertible elements in Z15 that are not ±1. We know this is impossible in
Z, as the only elements with multiplicative inverses are ±1.
Exercise 6.15. Show that if d | m and d > 0, then
a≡b
(mod m) ⇒ a ≡ b
(mod d).
The next two theorems show that congruences and equations share many similar properties, which should not
be a surprise, as congruences mod m are nothing but equations in Zm .
Theorem 6.16 (Congruence is an equivalence relation). For all a, b, c and m > 1 we have
(a) a ≡ a (mod m) [reflexivity]
(b) a ≡ b (mod m) ⇒ b ≡ a (mod m) [symmetry]
(c) a ≡ b (mod m) and b ≡ c (mod m) ⇒ a ≡ c (mod m) [transitivity]
Proof. (a) a − a = 0 = 0 · m, so m | a − a. Hence a ≡ a (mod m).
(b) If a ≡ b (mod m), then m | a − b. Hence a − b = mq. Hence b − a = m(−q), so m | b − a. Hence b ≡ a
(mod m).
(c) If a ≡ b (mod m) and b ≡ c (mod m) then m | a − b and m | b − c. By the linearity property m | (a − b) +
(b − c). That is, m | a − c. Hence a ≡ c (mod m).
t
u
Exercise 6.17. Let x, y, n ∈ Z.
(a) Show that either x2 ≡ 0 ( mod 4) or x2 ≡ 1 ( mod 4).
(b) Show that if n ≡ 3 ( mod 4), then n is not the sum of the squares of two integers.
Recall that a polynomial is an expression of the form
f (x) = an xn + an−1 xn−1 + · · · + a1 x + a0 .
Here we will assume that the coefficients an , . . . , a0 are integers and x also represents an integer variable. Also,
of course, n is a non-negative integer.
Theorem 6.18. If a ≡ b (mod m) and c ≡ d (mod m), then
(a) a ± c ≡ b ± d (mod m)
(b) ac ≡ bd (mod m)
(c) an ≡ bn (mod m) for all n ≥ 1
(d) f (a) ≡ f (b) (mod m) for all polynomials f (x) with integer coefficients.
Proof. (a) Since a − c = a + (−c), it suffices to prove only the “+ case.” By assumption m | a − b and m | c − d.
By linearity, m | (a − b) + (c − d), that is m | (a + c) − (b + d). Hence
a+c ≡ b+d
(mod m).
(b) Since m | a − b and m | c − d by linearity
m | c(a − b) + b(c − d).
Now c(a − b) + b(c − d) = ca − bd, hence
m | ca − bd,
44
6 Congruences
and so ca ≡ bd (mod m), as desired.
(c) We prove an ≡ bn (mod m) by induction on n. If n = 1, the result is true by our assumption that a ≡ b
(mod m). Assume it holds for n = k. Then we have ak ≡ bk (mod m). This, together with a ≡ b (mod m)
using (b) above, gives aak ≡ bbk (mod m). Hence ak+1 ≡ bk+1 (mod m). So it holds for all n ≥ 1, by the PMI.
(d) Let f (x) = cn xn + · · · + c1 x + c0 . We prove by induction on n that if a ≡ b (mod m) then
cn an + · · · + c0 ≡ cn bn + · · · + c0
(mod m).
If n = 0 we have c0 ≡ c0 (mod m) by Theorem 6.16(a). Assume the result holds for n = k. Then we have
ck ak + · · · + c1 a + c0 ≡ ck bk + · · · + c1 b + c0
(mod m).
(∗)
By part (c) above we have ak+1 ≡ bk+1 (mod m). Since ck+1 ≡ ck+1 (mod m) using (b) above we have
ck+1 ak+1 ≡ ck+1 bk+1
(mod m).
(∗∗)
Now we can apply part (a) to (∗) and (∗∗) to obtain
ck+1 ak+1 + ck ak + · · · + c0 ≡ ck+1 bk+1 + ck bk + · · · + c0
(mod m).
So by the PMI, the result holds for n ≥ 0.
t
u
Exercise 6.19. Re-phrase the previous theorem in terms of elements in Zm .
Theorem 6.20. If m > 1 and a ≡ r (mod m), where 0 ≤ r < m, then r = a mod m.
Exercise 6.21. Prove Theorem 6.20.
Exercise 6.22. Find the value of each of the following (without using a calculator/computer!).
(a) 232 mod 7
(b) 1035 mod 7
(c) 335 mod 7
(d) 461003 · 52016 − 1091090000000000000000 mod 11
Hint: You might want to use Theorem 6.20 and the ideas used in Remark 6.7.
Exercise 6.23. Use arithmetic modulo m to solve the following problems.
(a) What is the remainder of 510 when divided by 19?
(b) What is the final digit of 1! + 2! + 3! + · · · + 1974!?
(c) What is the remainder of 15 + 25 + 35 + · · · + 1005 after dividing by 4?
The following exercise is very important for many computations we will carry later in this book.
Exercise 6.24. Let gcd (m1 , m2 ) = 1. Prove that
a≡b
(mod m1 )
a≡b
(mod m2 )
if and only if
a ≡ b (mod m1 m2 ).
Hint. Use Exercise 3.41.
Exercise 6.25. Show that if gcd(n, 6) = 1, then n3 ≡ ±1 (mod 21).
Exercise 6.26. True or False (prove or give a counterexample). For all these problems a, b, j, k, n ∈ Z. n > 1.
(a) a2 ≡ b2 (mod n) implies that a ≡ ±b (mod n).
6 Congruences
45
2n
≡ 0 (mod p).
n
(c) If ak ≡ bk (mod n) and k ≡ j (mod n) then a j ≡ b j (mod n)
(b) If p is a prime satisfying n < p < 2n, then
Remark 6.27. Divisibility by n can be re-phrased as follows:
n|k ⇔ k ≡ 0
(mod n)
Exercise 6.28. Show the following statements. Use only results proved so far.
(a) 53103 + 10353 is divisible by 39.
(b) 111333 + 333111 is divisible by 7.
Exercise 6.29. Let n = 9 · 787 + 5 · 785 + 7 · 78 + 7. Answer the following questions in detail.
(a) Is n divisible by 3?
(b) Is n divisible by 7 or 11?
(c) Is n divisible by 79?
Exercise 6.30. Write a proof for the divisibility criteria in Exercise 2.15 that uses congruences. It should be
much easier than the one you did then.
Exercise 6.31. In this exercise you will use that 10 ≡ 1 (mod 9) and that 10 ≡ −1 (mod 11) to prove the
following divisibility criteria for 3, 9 and 11.
As we did in Exercise 2.15, we will write a generic positive integer as
a = ak · 10k + ak−1 · 10k−1 + · · · + a2 · 102 + a1 · 10 + a0
where 0 ≤ ai ≤ 9, for all i = 0, 1, 2, · · · , k. Prove that
(a) 3|a if and only if 3|(a0 + a1 + · · · + ak−1 + ak ).
(b) 9|a if and only if 9|(a0 + a1 + · · · + ak−1 + ak ).
(c) 11|a if and only if 11|(a0 − a1 + a2 − a3 + · · · + (−1)k ak ).
(d) Phrase in an easy-to-remember way the three divisibility criteria above.
Exercise 6.32. Let n ∈ N and let Σn be the sum of the digits of n. Prove:
(a) n ≡ Σn (mod k), for k = 3, 9, 11.
(b) n − Σn is always divisible by 3, 9 and 11.
Hint: Analyze the proofs given for the problems in the previous exercise.
Exercise 6.33. Let a = 18726132117057. Use all the divisibility criteria learned so far to find a mod m for
m = 2, 3, 5, 9 and 11.
Exercise 6.34. Let 23x232y32 be the decimal representation of a positive integer n. Assume n is divisible by
72. What is/are the possible value(s) of n?
Exercise 6.35. Oprah has given away a car for each of the 72 attendants to her show, If the bill she received
was for $7, 2x2, 0y2, where x and y are digits, then what are the possibilities for the price of each car?
Remark 6.36. So far we know divisibility criteria for 2, 3, 4, 5, 8, 9, and 11. By combining them (just like in the
previous exercise) we can get divisibility criteria for 6, 10, 12, 15 and 16. If we had divisibility criteria for 7 and
13 then we would have a way to determine whether or not a number is divisible by any number up to 16.
Let us look at divisibility by 7 and 13.
Theorem 6.37. Let a be a positive integer with decimal representation a = ar ar−1 · · · a1 a0 . Then
(a) 7 | a ⇔ 7 | (ar · · · a1 − 2a0 ).
(b) 13 | a ⇔ 13 | (ar · · · a1 − 9a0 ).
Here ar · · · a1 =
a − a0
= ar 10r−1 + · · · + a2 10 + a1 .
10
46
6 Congruences
Before proving this theorem we illustrate it with two examples.
7 | 2481 ⇔ 7 | 248 − 2
⇔ 7 | 246
⇔ 7 | 24 − 12
⇔ 7 | 12
since 7 - 12 we have 7 - 2481.
13 | 12987 ⇔ 13 | 1298 − 63
⇔ 13 | 1235
⇔ 13 | 123 − 45
⇔ 13 | 78
since 6 · 13 = 78, we have 13 | 78. So, by Theorem 6.37(b), 13 | 12987.
Proof (Proof of Theorem 6.37(a)). Let c = ar · · · a1 . So we have a = 10c + a0 . Hence −2a = −20c − 2a0 . Now
1 ≡ −20 (mod 7) so we have
−2a ≡ c − 2a0 (mod 7).
It follows from Theorem 6.5 that
−2a mod 7 = c − 2a0 mod 7.
Hence, 7 | −2a ⇔ 7 | c − 2a0 . Since gcd(7, −2) = 1 we have 7 | −2a ⇔ 7 | a. Hence 7 | a ⇔ 7 | c − 2a0 , which
is what we wanted to prove.
t
u
Exercise 6.38. Prove Theorem 6.37(b).
Exercise 6.39. Use Theorem 6.37(a) to determine which of the following are divisible by 7:
(a) 6994
(b) 6993
(c) 1974
Exercise 6.40. In the notation of Theorem 6.37, show that a mod 7 need not be equal to (ar · · · a1 −2a0 ) mod 7.
Chapter 7
Linear Equations in Zm
From now on we will not use brackets to denote elements in Zm . This will allow us to avoid cumbersome
writing. Because of this, we advise the reader to be careful when writing expressions involving elements in Zm .
Although this chapter deals mostly with linear equations, we start it by considering more general polynomial
equations in Zm . We remark that the equations we will study are all polynomial because other types of functions,
such as trigonometric or exponential, are not the types of things we will encounter in Zm .
7.1 Equations in Zm
Equations in Zm can also be seen as congruences with unknowns. We will study how to solve these equations
using both terminologies, as some equations will make better sense in the modular form than in the Zm setting
(see Section 7.3, for example).
Example 7.1. Let p be a prime number. Let us solve the equation x2 = 1 in Z p .
We re-write the equation as x2 − 1 = 0. By factoring we get (x − 1)(x + 1) = 0 in Z p , which means that p divides
(x − 1)(x + 1). Since p is prime then we can use Euclid’s Lemma to get that p must divide (x − 1) or (x + 1).
The first case yields x = 1 and the second yields x = −1, both equalities in Z p . Hence, the solutions in Z p of
x2 = 1 are x = ±1.
Note that in Z8 , the solutions for x2 = 1 are x = 1, 3, 5, 7. Hence, the previous example cannot be generalized.
Exercise 7.2. Prove that if p is prime then x2 ≡ y2 (mod p) implies x ≡ ±y (mod p).
Exercise 7.3. Prove that the equation x2 + 7x = −12 has exactly two distinct solutions in Z p , for every prime
p. Is this true for every positive integer p > 1?
Example 7.4. We want to prove that the equation x2 + 28y3 − 140z5 = 5 has no integral solutions.
Reducing both sides of the equation modulo 7 we get x2 = 5. Now we look for the squares modulo 7 and we
check that no residue can be squared to obtain 5. In fact,
02 ≡ 0, 12 ≡ 1, 22 ≡ 4, 32 ≡ 2, 42 ≡ 9, 52 ≡ 4, 62 ≡ 2
all computations modulo 7.
Probably the basic tool needed to solve equations is the cancellation law. However, this law does not work so
well in Zm .
Theorem 7.5. Let m be an integer larger than one, and let a, b, c ∈ Z, where c 6= 0. Let d = gcd(m, c).
Then,
ac ≡ bc (mod m)
if and only if
a ≡ b (mod m/d)
47
48
7 Linear Equations in Zm
Proof. We know that ac ≡ bc (mod m) if and only if there is an integer x such that c(a − b) = mx. Since d
divides both m and c then we can divide by d both sides, leaving
m
c
(a − b) = x
d
d
(7.1)
which is still an equality of integers. Note that this step is easily reversed.
m
c
m
c
Equation 7.1 means that
divides (a − b) and so, given that
and are relatively prime (Exercise 2.36),
d
d
d
d
m
m
.
we get that divides a − b (Exercise 3.41), and thus a ≡ b mod
d
d
Since this last argument is also ‘reversible’ then the proof is finished.
t
u
Exercise 7.6. Find specific positive integers a, b, c and m such that c 6≡ 0 (mod m), gcd(c, m) > 0, and ca ≡ cb
(mod m), but a 6≡ b (mod m).
The previous cancellation law tells us that we can cancel a common factor with no big complications when
gcd(c, m) = 1. In this case the equation, which was set originally in Zm , remains in Zm after the cancellation of
c.
In the case that gcd(c, m) 6= 1 the equation that was originally set in Zm becomes an equation in Zm/d after the
cancellation of c.
Example 7.7. We will use the previous theorem to find solutions in Z13 for the equation 5x = 1.
We first notice that 5 · 8 = 1 in Z13 . Hence the equation becomes 5x = 5 · 8, which, by cancellation, and using
that gcd(5, 13) = 1 yields x = 8 in Z13 .
In the previous example we were able to see quickly, by trial and error, that 5 · 8 = 1 in Z13 . For large moduli,
however, we may not be so lucky. Let us analyze such equations in more detail.
7.2 Linear Congruences
A linear congruence has the form
ax ≡ b (mod m)
where a, b, m, and x are integers, with m > 1.
Naturally, a linear congruence can be also seen as an equation in Zm , namely ax = b.
Most of the time the method used in Example 7.7 will not work, due to the modulus being too large, or the
numbers used in the equation to be not so easy to work with. Besides, we would like to find a method that
solves these equations and finds all its solutions. In order to do that we realize that ax ≡ b (mod m) can be
rewritten as ax = b − my for some y ∈ Z. It follows that finding all the solutions of the linear Diophantine
equation ax + my = b will yield all the solutions of ax ≡ b (mod m) (although we will not care much for the
‘y part’ of the solution because the linear congruence we want to solve does not have a y).
We know that the equation ax + my = b has solutions if and only if gcd(a, m) | b. Hence, this gives us a first
thing to check when solving a linear congruence. Moreover, if ax + my = b has solutions and x0 is a part of a
solution, then all the x’s that solve the Diophantine equation are
x = x0 +
m
n
d
where d = gcd(a, m), and n ∈ Z.
Note that this means that the congruence has infinitely many solutions, but since we care only about those that
are distinct modulo m then the only ones that we will consider are
x = x0 +
m
n
d
7.2 Linear Congruences
49
where d = gcd(a, m), and n = 0, 1, 2, · · · , d − 1, as all the other will be congruent modulo m to one of these d
solutions. We summarize all this in the following theorem.
Theorem 7.8. The linear congruence ax ≡ b (mod m) has solutions if and only if d | b, where d =
gcd(a, m). In case the equation has solutions then
(a) it has exactly d (incongruent modulo m) solutions. They are given by
xn = x0 +
m
n
d
where n = 0, 1, 2, · · · , d − 1, and x0 is any solution to the congruence.
(b) it has infinitely many solutions. They are given by x ≡ xn (mod m), for some n = 0, 1, 2, · · · , d − 1,
where xn is given in part (a).
(c) A single solution to the congruence may be found by using the Euclidean Algorithm to solve the linear
Diophantine equation ax + my = b.
Exercise 7.9. Re-phrase the previous theorem in terms of elements in Zm .
Exercise 7.10. Solve the following congruences/equations. Find all solutions.
(a) 5x ≡ 1 ( mod 13)
(b) 13x = 1 in Z5 .
(c) 45x ≡ 25 (mod 125)
(d) 21x = 20 in Z15
(e) 10x ≡ 12 (mod 42)
(f) 10x = 8 in Z64
In Exercise 6.13 you were asked to find integers a and b such that a, b 6≡ ±1 (mod 15) and ab ≡ 1 (mod 15).
Back then it was mentioned that this is impossible in the integers, as the only invertible elements in Z are ±1.
This makes the next two (equivalent) definitions crucial for future study of Zm .
Definition 7.11. Let m ∈ Z, m > 1.
(a) a ∈ Zm is said to be invertible in Zm if there is an element b ∈ Zm such that ab = 1 in Zm . The element b is
called the inverse of a in Zm .
(b) a ∈ Z is said to be invertible modulo m if there is an element b ∈ Z such that ab ≡ 1 (mod m). The element
b is called an inverse of a modulo m.
Example 7.12. Since 4 · 2 = 1 in Z7 then 4 and 2 are invertible in Z7 . Equivalently, the integers 4 and 2 are
invertible modulo 7.
Since 4 · 1 = 4 · 3 = 4 · 5 = 4 · 7 = 4 and 4 · 0 = 4 · 2 = 4 · 4 = 4 · 6 = 0 in Z8 , then 4 is not invertible in Z8 .
How to check whether a given element is invertible? In which case, how to find its inverse?
Note that the inverse of an element a in Zm is an (unknown) element x such that ax = 1 in Zm . Hence, a will
have an inverse as long as we can solve this equation. But we know that the equation will have solutions as
long as gcd(a, m) | 1, which forces that gcd(a, m) = 1. It follows that finding inverses is nothing but solving
linear congruences. Moreover, looking at the solutions to the linear congruence ax ≡ 1 (mod m) we get that
the inverse of a is unique in Zm . However, inverses modulo m are not unique. For instance, 4 · 2 ≡ 4 · 9 ≡ 1
(mod 7), so both 2 and 9 are inverses of 4 modulo 7.
A very common approach to find an inverse of a modulo m is to use Blankinship’s Method (or the ‘reversed’
Euclidean Algorithm) to find x, k ∈ Z such that ax + km = 1 (given that gcd(a, m) = 1). This expression yields
ax ≡ 1 (mod m) when reduced modulo m, giving us x as an inverse of a modulo m. However, for small m we
may often find an inverse of a by “trial and error.” For example, if m = 15 take a = 2. Then we can check each
element 0, 1, 2, . . . , 14:
50
7 Linear Equations in Zm
2 · 0 6≡ 1
(mod 15)
2 · 1 6≡ 1
(mod 15)
2 · 2 6≡ 1
(mod 15)
2 · 3 6≡ 1
(mod 15)
2 · 4 6≡ 1
(mod 15)
2 · 5 6≡ 1
(mod 15)
2 · 6 6≡ 1
(mod 15)
2 · 7 6≡ 1
(mod 15)
2·8 ≡ 1
(mod 15) since 15 | 16 − 1.
So we can take 8 to be an inverse of a modulo 15.
Exercise 7.13. Find
(a) the inverse of 5 in Z13 .
(b) an inverse of 13 modulo 5.
(c) the inverse of 12 in Z27
(d) an inverse of 13 modulo 5 that is larger than 100.
Exercise 7.14. Show that if a is invertible modulo n then so is ak , for all k ∈ N. Is it true that if ak is invertible
modulo n, for some k ∈ N, then a is invertible modulo n?
Exercise 7.15. Let gcd(c, m) = 1. Show that ca ≡ cb (mod m) if and only if a ≡ b (mod m).
Hint: Theorem 7.5.
Exercise 7.16. Show that the inverse of 2 modulo 7 is not the inverse of 2 modulo 15.
Exercise 7.17. Let m > 1 and let a ≡ b (mod m). Prove that a has an inverse modulo m if and only if b does.
Exercise 7.18. True or False. Prove or give a counterexample.
(a) x ≡ 3 (mod 7) ⇒ gcd(x, 7) = 1
(b) gcd(68019, 3) = 3
(c) 12x ≡ 15 (mod 35) ⇒ 4x ≡ 5 (mod 7)
(d) x ≡ 6 (mod 12) ⇒ gcd(x, 12) = 6
(e) 3x ≡ 3y (mod 17) ⇒ x ≡ y (mod 17)
(f) 5x ≡ y (mod 6) ⇒ 15x ≡ 3y (mod 18)
(g) 12x ≡ 12y (mod 15) ⇒ x ≡ y (mod 5)
(h) x ≡ 73 (mod 75) ⇒ x mod 75 = 73
(i) x ≡ 73 (mod 75) and 0 ≤ x < 75 ⇒ x = 73
(j) There is no integer x such that 12x ≡ 7 (mod 33).
Theorem 7.19 (Wilson’s Theorem). Let p be a prime. Then, (p − 1)! ≡ −1 (mod p).
Exercise 7.20. Prove Theorem 7.19.
Hint: Note that x = (p − 1)! is a solution of x2 − 1 = 0 in Z p . Use Example 7.1 a couple of times.
Other linear congruences, such as 3x + 2y ≡ 5 (mod m) can be addressed using similar methods to the ones
discussed in this section, but will not be considered for further study. We will now move into systems of linear
congruences.
7.3 Systems of Linear Congruences
51
7.3 Systems of Linear Congruences
Probably the simplest system of linear congruences is
x≡b
(mod m1 )
x ≡ b (mod m2 )
which, by Exercise 6.24, as long as gcd (m1 , m2 ) = 1, has a unique solution modulo m1 m2 , which is (obviously)
x≡b
(mod m1 m2 ).
Note that if we look at this system as a system of linear equations in some Zm then we would have to deal with
several Zm ’s at the same time. This is why we will study these systems only as congruences.
Exercise 7.21. Use Exercise 6.24 to show that if m1 , m2 , · · · , mk are pairwise relatively prime then the system
x ≡ b (mod m1 )
x ≡ b (mod m2 )
.. ..
..
. .
.
x ≡ b (mod mk )
has a unique solution modulo m1 m2 · · · mk , which is
x≡b
(mod m1 m2 · · · mk ).
A similar, stronger, result follows.
Theorem 7.22 (The Chinese Remainder Theorem). Let m1 , m2 , · · · , mk be pairwise relatively prime
integers, and b1 , b2 , · · · , bk ∈ Z. A system of congruences of the form
x ≡ b1
(mod m1 )
x ≡ b2
.. ..
. .
(mod m2 )
..
.
x ≡ bk
(mod mk )
has a unique solution modulo m1 m2 · · · mk .
Proof. Let M = m1 m2 · · · mk .
Let us assume first that the system has solutions. Consider two of them, namely x1 and x2 . Then,
x1 ≡ x2 ≡ b1
(mod m1 )
x1 ≡ x2 ≡ b2
..
.. ..
.
. .
(mod m2 )
..
.
x1 ≡ x2 ≡ bk
(mod mk )
which by Exercise 7.21 forces x1 ≡ x2 (mod M). So the solution is unique modulo M.
Now we need to find one solution. Since we want x ≡ bi (mod mi ) then we need to consider the integers
Mi = M/mi , for all i to get an element of the form
x = b1 M1 + b2 M2 + · · · + bk Mk
52
7 Linear Equations in Zm
So far we obtain x ≡ bi Mi (mod mi ). Hence we need to get rid of Mi , but since gcd(mi , Mi ) = 1 then Mi is
invertible modulo mi . Let Bi denote an inverse of Mi modulo mi . It follows that
x = b1 B1 M1 + b2 B2 M2 + · · · + bk Bk Mk
t
u
is a solution of the system.
There are other ways to get to the same solution, that might be more straightforward. We will look at one of
them in the following example.
Example 7.23. We want to solve the system
x≡1
x≡2
(mod 3)
(mod 5)
x≡3
(mod 4)
using the idea in the proof of the Chinese Remainder Theorem, and also by just using simple arithmetic.
Method 1: We identify b1 = 1, b2 = 2, and b3 = 3, m1 = 3, m2 = 5, and m3 = 4. Hence M = 3 · 5 · 4 = 60 and
M1 = 20, M2 = 12, and M3 = 15.
In order to find the Bi ’s we set the equations
20B1 ≡ 1
(mod 3)
12B2 ≡ 1
(mod 3)
2B2 ≡ 1 (mod 5)
(mod 5)
15B3 ≡ 1 (mod 4)
which simplify to
2B1 ≡ 1
3B3 ≡ 1 (mod 4)
easily solve to get B1 = 2, B2 = 3, and B3 = −1 (it is always convenient to write one of the Bi ’s as a negative
number).
Hence,
x = 1 · 2 · 20 + 2 · 3 · 12 + 3 · (−1) · 15 = 40 + 72 − 45 = 67
Since the solution is unique modulo M = 60 then we can reduce the number we got to x = 7. However, the
solution should be written
x ≡ 7 (mod 60)
Method 2: We take the first congruence and write it as x = 1 + 3a, where a ∈ Z. Now we plug this into the
second congruence, leaving
1 + 3a ≡ 2 (mod 5)
which reduces to 3a ≡ 1 (mod 5), and thus a ≡ 2 (mod 5), which means a = 2 + 5b, for some integer b. We
plug this into what we had for x to get
x = 1 + 3a = 1 + 3(2 + 5b) = 7 + 3 · 5 · b
Just as we did before, we plug this into the next equation, to get
7+3·5·b ≡ 3
(mod 4)
which reduces to 3 · 1 · b ≡ 0 (mod 4) forcing b ≡ 0 (mod 4), which is b = 4c, for some c ∈ Z. Hence
x = 7+3·5·b = 7+3·5·4·c
and that means x ≡ 7 (mod 3 · 5 · 4).
Many different types of word problems can be solved using the methods just described.
7.3 Systems of Linear Congruences
53
Exercise 7.24. Find all x ∈ Z such that x is divisible by 6, has remainder 1 when divided by 5, and remainder
3 when divided by 7.
Exercise 7.25. What is the smallest number of oranges in a basket if the number leaves a remainder of 2 when
divided by 4 or 9 but leaves a remainder of 1 when divided by 37?
Exercise 7.26. A magician claims he can guess a number you have chosen (randomly) between 1 and 100 (both
included). The magician always guesses right once you tell him the remainders of your number after dividing
by 3, 5 and 7. Explain how, and why, the trick works.
Would the trick work if the magician asked the remainders of your number after dividing by 2, 3 and 5?
Exercise 7.27. Oscar has spent most of the weekend grading exams for his three classes. He notices that all
classes have the same number of students.
On Friday he grades the exams of MATH 111. Oddly, there is the same number of A’s, B’s and C’s, and there
are two D’s and two F’s.
On Saturday he grades the exams of MATH 116. Then again some symmetry... when he starts grading the last
exam he notices that so far he has the same number of A’s, B’s, C’s, D’s, and F’s.
On Sunday he grades the exams of MATH 260. Now, there are only A’s and B’s and exactly half of the class
got an A.
How many students there are in each of his classes if he has between 20 and 70 students per class?
Exercise 7.28. Oscar goes to the record store weekly for his fix of new music. He always carries the same
amount of money (which is an integer), and each week he only buys CDs that all have the same price. One
week he bought three CDs and got no change back. The next week he got five CDs and got one dollar back.
The third week he got a good deal, bringing home eight CDs and still having three dollars to spare. How much
money does Oscar take to the store every week?
Do not consider taxes for this problem.
It seems that the system of congruences we can solve are of a very specific form. However, systems might be
given in ways that do not resemble what we have seen so far.
Exercise 7.29. Solve the system of congruences
x≡5
x≡3
x≡8
(mod 6)
(mod 10)
(mod 15)
Hint: Use Exercise 7.21.
Exercise 7.30. Find all solutions of the system
x ≡ 3 (mod 6)
3 ≡ x (mod 15)
x ≡ −3 (mod 14)
Exercise 7.31. Solve the system of simultaneous congruences
3x ≡ 6 (mod 12)
2x ≡ 5 (mod 7)
3x ≡ 1 (mod 5)
Exercise 7.32. Let m1 , m2 , a1 , a2 ∈ Z, with m1 , m2 > 0. Prove that the system of equations
x ≡ a1 ( mod m1 )
x ≡ a2 ( mod m2 )
has a solution if and only if gcd(m1 , m2 ) | (a1 − a2 ).
54
7 Linear Equations in Zm
Finally, we look at systems of congruences with more than one unknown.
Example 7.33. Find all solutions to the system of congruences
2x + 3y ≡ 1
(mod 15)
x − 7y ≡ 3
(mod 15)
The method used regularly to solve a system of linear equations involves multiplication of the equations in such
a manner that adding/subtracting the ensuing equations results in one or more variables getting cancelled out.
All that arithmetic can be done modulo 15 as well!
We multiply the second congruence by 2 to get
2x + 3y ≡ 1
(mod 15)
2x − 14y ≡ 6
(mod 15)
Subtracting, we get (3+14)y ≡ 1−6 (mod 15), which is 2y ≡ −5 (mod 15). Since 8 is an inverse of 2 modulo
15, then we multiply both sides by 8 to get y ≡ −40 ≡ 5 (mod 15).
Now we can plug this into the second congruence to get x − 7 · 5 ≡ 3 (mod 15), which implies x ≡ 8 (mod 15).
It seems that everything works just as it has always worked. However, we needed to find an inverse of 2 modulo
15 to solve the system. If we had had to find an inverse of 3 modulo 15, then we wouldn’t have been able to
solve the system.
Exercise 7.34. Find all solutions, if any, to the following two systems of congruences.
(a)
2x + 4y ≡ 1
(mod 15)
x − 7y ≡ 3
(mod 15)
5x + 3y ≡ 4
(mod 19)
3x + 4y ≡ 7
(mod 19)
(b)
Exercise 7.35. Show that if ad − bc is invertible modulo m then the system
ax + by ≡ e (mod m)
cx + dy ≡ f
has solutions.
(mod m)
Chapter 8
Euler’s Theorem
The reader has probably realized by now that, many times, when computing consecutive powers of an element
a ∈ Zm one gets a cyclic list of elements. This could be easily explained as soon as one gets ak = 1 in Zm . In
this chapter we will obtain a result that will assure the existence of such an integer k for every ‘good’ element
a ∈ Zm .
8.1 Z∗m
In Definition 7.11 an invertible element in Zm (or modulo m) was defined. Also, we know that an integer a has
an inverse modulo m if and only if gcd(a, m) = 1. This originates the following definition.
Definition 8.1. The set of all invertible elements in Zm is denoted Z∗m , and is called the group of units of Zm .
See Appendix A in Chapter 14 for the definition of a group.
Note that Z∗m could be defined in the following alternative ways
Z∗m = {[k] ∈ Zm ; gcd(k, m) = 1}
= {[k]; 1 ≤ k ≤ m and gcd(k, m) = 1}.
Example 8.2. Using the previous observation, we get
Z∗15 = {[1], [2], [4], [7], [8], [11], [13], [14]}
In fact, using reduction modulo 15 we find the inverse of each element of Z∗15 :
[1][1] = [1]
[2][8] = [1]
[4][4] = [1]
[7][13] = [7][−2] = [1]
[11][11] = [−4][−4] = [1]
[14][14] = [−1][−1] = [1].
Exercise 8.3. Find the elements of Z∗p , for p prime less than 12, and find the inverse of each element, as in the
example above.
Repeat this in Z∗8 .
Theorem 8.4. (Z∗m is a group under multiplication.)
(a) If [a], [b] ∈ Z∗m then [a][b] ∈ Z∗m .
(b) For all [a], [b], [c] in Z∗m we have ([a][b])[c] = [a]([b][c]).
(c) [1][a] = [a][1] = [a] for all [a] ∈ Z∗m .
(d) For each [a] ∈ Z∗m there is a [b] ∈ Z∗m such that [a][b] = [1].
(e) For all [a], [b] ∈ Z∗m we have [a][b] = [b][a].
55
56
8 Euler’s Theorem
Remark 8.5. Parts (a)–(d) in Theorem 8.4 are all that is required for Z∗m to be a group. Property (e) says that
Z∗m is an Abelian group. See Appendix A in Chapter 14.
Exercise 8.6. Prove Theorem 8.4.
Definition 8.7. If m ≥ 1,
φ (m) = |{k ∈ Z; 1 ≤ k ≤ m and gcd(k, m) = 1}|.
The function φ is called the Euler phi function or the Euler totient function.
Corollary 8.8. If m > 0,
|Z∗m | = φ (m).
Note that
Z∗1
Z∗2
Z∗3
Z∗4
Z∗5
Z∗6
Z∗7
= {[1]}
⇒ φ (1) = 1
= {[1]}
⇒ φ (2) = 1
= {[1], [2]}
⇒ φ (3) = 2
= {[1], [3]}
⇒ φ (4) = 2
= {[1], [2], [3], [4]}
⇒ φ (5) = 4
= {[1], [5]}
⇒ φ (6) = 2
= {[1], [2], [3], [4], [5], [6]} ⇒ φ (7) = 6.
Exercise 8.9. Show that if p is any prime then φ (p) = p − 1.
Generally φ (m) is not easy to calculate. However, the following theorems show that once the prime factorization
of m is given, computing φ (m) is easy.
Theorem 8.10. If a > 0, b > 0, and gcd(a, b) = 1, then
φ (ab) = φ (a)φ (b).
Theorem 8.11. If p is prime and n > 0 then
φ (pn ) = pn − pn−1 = pn−1 (p − 1).
We will not prove these theorems yet. But we will illustrate their use in the following example.
Example 8.12.
φ (12) = φ 22 · 3 = 22 − 21 31 − 30 = 2 · 2 = 4
φ (9000) = φ 23 · 53 · 32 = 23 − 22 53 − 52 32 − 31 = 4 · 100 · 6 = 2400.
Exercise 8.13. Let p1 , p2 , . . . , pk be distinct primes and let n1 , n2 , . . . , nk be positive integers, then
n n
n −1
φ pn11 pn22 · · · pk k = pn11 − pn11 −1 · · · pk k − pk k
.
Exercise 8.14. Compute:
(a) |Z∗900 |
(b) φ (φ (22 · 33 · 55 · 77 ))
Exercise 8.15. Let a, b, k ∈ N. Show:
(a) φ (ak ) = ak−1 φ (a).
(b) φ (a)φ (b) = φ (gcd(a, b))φ (LCM[a, b]).
(c) φ (ab)φ (gcd(a, b)) = gcd(a, b)φ (a)φ (b).
(c) φ (φ (5!))
8.1 Z∗m
57
Exercise 8.16. Let a, p, q ∈ N. Assume that gcd(p, q) = 1 to show that
φ (gcd(ap, q))φ (gcd(aq, p)) = φ (gcd(a, pq))
Proof (Proof of Theorem 8.10). As we know |Z∗a | = φ (a). It follows that the result we want to prove is equivalent to prove
|Z∗ab | = |Z∗a ||Z∗b |
which it can also be written as
|Z∗ab | = |Z∗a × Z∗b |
Before getting to that equality we consider the function
Ψ : Zab −→ Za × Zb
[x] 7−→ ([x mod a], [x mod b])
Note that we are abusing notation a bit, as we are using [ ] for three different types of residue classes.
What we want to show is that Ψ is bijective. Since the number of elements in the domain and range are the
same then we just need to show onto (or 1 − 1, if you prefer).
Let ([c], [d]) ∈ Za × Zb , we want to find an [x] ∈ Zab such that Ψ [x] = ([c], [d]), but this can be rephrased as
x≡c
x≡d
(mod a)
(mod b)
which has a unique solution modulo ab because of the Chinese Remainder Theorem.
So, Ψ is bijective. Now let us restrict the domain of Ψ to Z∗ab .
It is clear that if [x] ∈ Z∗ab then [x] ∈ Z∗a and [x] ∈ Z∗b (this because gcd(x, ab) = 1 if and only if gcd(x, a) =
gcd(x, b) = 1). Moreover, if we take an element in Z∗a × Z∗b , then we know it looks like ([x], [x]) and thus its
pre-image under Ψ is an element that is invertible modulo ab. It follows that
Ψ : Z∗ab −→ Z∗a × Z∗b
[x] 7−→ ([x mod a], [x mod b])
t
u
is a bijection, which proves the theorem.
Proof (Proof of Theorem 8.11). We want to count the number of elements in the set A = {1, 2, . . . , pn } that are
relatively prime to pn . Let B be the set of elements of A that have a factor > 1 in common with pn . Note that
if b ∈ B and gcd (b, pn ) = d > 1, then d is a divisor of pn and d > 1 so d has p as a factor. Hence b = pk, for
some k, and p ≤ b ≤ pn , so p ≤ kp ≤ pn . It follows that 1 ≤ k ≤ pn−1 . That is,
B = p, 2p, 3p, . . . , kp, . . . , pn−1 p .
We are interested in the number of elements of A not in B. Since |A| = pn and |B| = pn−1 , this number is
pn − pn−1 . That is, φ (pn ) = pn − pn−1 .
t
u
Exercise 8.17. Find the sets Z∗m , for 8 ≤ m ≤ 20. Note that |Z∗m | = φ (m). Use Exercise 8.13 to calculate φ (m)
and check that you have the right number of elements in each case.
Exercise 8.18. Show that if
n
m = pn11 pn22 · · · pk k
where p1 , . . . , pk are distinct primes and each ni ≥ 1, then
1
1
1
φ (m) = m 1 −
1−
··· 1−
.
p1
p2
pk
58
8 Euler’s Theorem
Exercise 8.19. Let
n
m = pn11 pn22 · · · pk k
where p1 , . . . , pk are distinct primes and each ni ≥ 1.
(a) Show that if p is prime and p|m then (p − 1)|φ (m).
(b) Show that if p is prime and pa |m then pa−1 |φ (m), for a > 1.
Hint: Exercise 8.13.
Exercise 8.20. Show that φ (m) is either 1 or an even number.
Exercise 8.21. Let k ∈ {1, 2, 4, 6, 8, 10, 14, 16, 18, 22}. Find all positive integers n such that φ (n) = k.
Exercise 8.22. Assume n = pq, where p and q are distinct odd primes.
(a) Compute φ (n) in terms of p and q.
(b) Show that p + q = n − φ (n) + 1.
(c) Conclude that, for all n as described above, the quadratic equation
x2 + (n − φ (n) + 1)x + n = 0
has two distinct solutions in the integers.
Exercise 8.23. Find all the positive integers n such that φ (4n) = 2φ (n).
Exercise 8.24. Show that φ (2n) is equal to either φ (n) or 2φ (n). Determine for what n’s these values are
obtained.
Exercise 8.25. (a) Show that φ (3n) 6= φ (n), for all n ∈ N.
(b) Find all n’s such that φ (3n) = 3φ (n).
Exercise 8.26. Find all positive integers n such that φ (φ (n)) = 2.
8.2 Euler’s Theorem and Fermat’s Little Theorem
Fermat’s Big Theorem or, as it is also called, Fermat’s Last Theorem states that xn + yn = zn has no solutions in
positive integers x, y, z when n > 2. This was proved by Andrew Wiles in 1995, over 350 years after it was first
mentioned by Fermat. The theorem that concerns us in this chapter is Fermat’s Little Theorem. This theorem
is much easier to prove, but has more far reaching consequences for applications to cryptography and secure
transmission of data on the Internet. The first theorem below is a generalization of Fermat’s Little Theorem due
to Euler.
Theorem 8.27 (Euler’s Theorem). If m > 0 and a is relatively prime to m then
aφ (m) ≡ 1
(mod m).
Note that we are not saying that if ak ≡ 1 (mod m) then k must be equal to φ (m).
Theorem 8.28 (Fermat’s Little Theorem). If p is prime and a is relatively prime to p then
a p−1 ≡ 1
(mod p).
Let us look at some examples. Take m = 12 then
φ (m) = φ 22 · 3 = 22 − 2 (3 − 1) = 4.
8.2 Euler’s Theorem and Fermat’s Little Theorem
59
The positive integers a < m with gcd(a, m) = 1 are 1, 5, 7 and 11.
14 ≡ 1
(mod 12)
52 ≡ 1 (mod 12)
2
52 ≡ 12 (mod 12)
54 ≡ 1
(mod 12).
Now 7 ≡ −5 (mod 12) and since 4 is even
74 ≡ 54
(mod 12)
74 ≡ 1
(mod 12).
11 ≡ −1 (mod 12) and again since 4 is even we have
114 ≡ 1
(mod 12).
So we have verified Theorem 8.27 for the single case m = 12.
Exercise 8.29. Verify that Theorem 8.28 holds if p = 5 by direct calculation as in the example above.
Note that Euler’s Theorem (Theorem 8.27) is equivalent to the following.
Theorem 8.30. If m > 1 and a ∈ Z∗m , then aφ (m) = 1 in Zm .
A proof of Theorem 8.30 is outlined in the following exercise.
Exercise 8.31. Let Z∗m = {X1 , X2 , . . . , Xφ (m) }. Here we write Xi for a residue class in Z∗m to simplify notation.
(a) Show that if X ∈ Z∗m then
{XX1 , XX2 , · · · , XXφ (m) } = Z∗m .
(b) Show that if X ∈ Z∗m then
XX1 XX2 · · · XXφ (m) = X1 X2 · · · Xφ (m) .
(c) Let A = X1 X2 · · · Xφ (m) . Show that if X ∈ Z∗m then X φ (m) A = A.
(d) Conclude from (c) that X φ (m) = [1] and hence Theorem 8.30 is true.
Also, Theorem 8.30 is an easy consequence of Lagrange’s Theorem, which students who take (or have taken)
a course in abstract algebra will learn about (or already know).
Exercise 8.32. Show that Fermat’s Little Theorem follows from Euler’s Theorem.
Exercise 8.33. Show that if p is prime then a p ≡ a (mod p) for all integers a.
Hint: Consider two cases: gcd(a, p) = 1, and gcd(a, p) > 1. Note that in the second case p | a.
Exercise 8.34. Let m > 0. Let gcd(a, m) = 1. Show that aφ (m)−1 is an inverse for a modulo m.
Exercise 8.35. For all a ∈ {1, 2, 3, 4, 5, 6} find the inverse a∗ of a modulo 7 by use of Exercise 8.34. Choose a∗
in each case so that 1 ≤ a∗ ≤ 6.
Example 8.36. Note that Fermat’s Little Theorem can be used to simplify the computation of an mod p where
p is prime. Recall that if an ≡ r (mod p) where 0 ≤ r < p, then an mod p = r. We can do two things to simplify
the computations:
(i) Replace a by a mod p.
(ii) Replace n by n mod (p − 1).
60
8 Euler’s Theorem
Suppose we want to calculate
12347865435 mod 11.
Note that 1234 ≡ −1 + 2 − 3 + 4 (mod 11), that is, 1234 ≡ 2 (mod 11). Since gcd(2, 11) = 1 we have 210 ≡ 1
(mod 11). Now 7865435 = (786543) · 10 + 5 so
27865435 ≡ 2(786543)·10+5 (mod 11)
786543 5
≡ 210
· 2 (mod 11)
≡ 1786543 · 25
5
≡2
(mod 11)
(mod 11),
and 25 = 32 ≡ 10 (mod 11). Hence,
12347865435 ≡ 10 (mod 11).
It follows that
12347865435 mod 11 = 10.
Exercise 8.37. Use the technique in the above example to
(a) calculate 281202 mod 13.
(b) reduce 3987654321 modulo 11
(c) find the last digit of the decimal expansion of 31000 . Do not use Euler’s Theorem.
(d) find the last digit of the decimal expansion of 31000 . Use Euler’s Theorem.
(e) find the last three digits of the decimal expansion of 20111974 .
Exercise 8.38. Is 19742011 + 20111974 divisible by 11?
Exercise 8.39. Find the last two digits of 2016123 .
Exercise 8.40. Find all prime factors of n = 31974 − 1.
Exercise 8.41. Let n be an odd positive integer. What is the reduction of the sum
1 + 2 + 22 + · · · + 2φ (n)−1
modulo n?
Sometimes one wants to compute ak ( mod n) and what Euler’s Theorem gives us is far from being optimal.
For instance, it is possible to show that whenever gcd(n, 42) = 1 then n6 ≡ 1 (mod 42) (this is Exercise 8.44
below), which is better than
a12 ≡ 1 (mod 42)
which is what Euler’s Theorem gives us. Similarly, a2 ≡ 1 (mod 8) for every gcd(a, 8) = 1, which is better
than a4 ≡ 1 (mod 8), etc.
So, we will now consider a generalization of Euler’s Theorem.
α
Corollary 8.42 (Euler). Let m ≥ 2 be an integer with prime factorization m = pα1 1 pα2 2 · · · pk k . Define the integer
α
N by N = LCM[φ (pα1 1 ), φ (pα2 2 ), · · · , φ (pk k )]. Then, aN ≡ 1 (mod m), for all a ∈ Z with gcd(a, m) = 1.
Proof. Let a be a positive integer with gcd(a, m) = 1. Consider the following system of linear congruences
x≡1
x≡1
..
.
(mod pα1 1 )
(mod pα2 2 )
..
.
x≡1
(mod pk k )
α
8.2 Euler’s Theorem and Fermat’s Little Theorem
61
Since p1 , p2 , . . . , pk are k distinct primes, then the the Chinese Remainder Theorem tells us that there is a unique
solution modulo m. Clearly, x = 1 is one of them.
Now note that if gcd(a, m) = 1 then aN is also a solution (and thus aN ≡ 1 ( mod m)). This follows from
α1
aN = alcm[φ (p1
αi
)ri
αi
)ri
= aφ (pi
α
α
),φ (p2 2 ),··· ,φ (pk k )]
for all 1 ≤ i ≤ k, for some integer ri .
But this implies that
aN = aφ (pi
≡1
(mod pαi i )
t
u
Exercise 7.21 finishes the proof.
Example 8.43. Let us reduce 11829877 mod 1960.
Note that 1960 = 23 ·5·72 . Let N = LCM[φ (23 ), φ (5), φ (72 )] = LCM[22 , 4, 7·6] = 84. Since gcd(11, 1960) = 1,
we get
1184 ≡ 1 (mod 1960)
But 829877 ≡ 41 (mod 84). Hence
11829877 ≡ 1141
(mod 1960)
We easily get the following table :
11 ≡ 11 (mod 1960)
112 ≡ 121 (mod 1960)
114 ≡ 1212 ≡ 14641 ≡ 921 (mod 1960)
118 ≡ 9212 ≡ 848241 ≡ 1521 (mod 1960)
1116 ≡ 15212 ≡ 2313441 ≡ 641 (mod 1960)
1132 ≡ 6412 ≡ 410881 ≡ 1241 (mod 1960)
Since 41 = 32 + 8 + 1, we have
1141 ≡ 1132+8+1 ≡ 1132 · 118 · 11 ≡ 1241 · 1521 · 11 ≡ 20763171 ≡ 891 (mod 1960)
It follows that 11829877 ≡ 891 (mod 1960).
Exercise 8.44. Show that if gcd(n, 42) = 1 then
n6 ≡ 1 (mod 42)
Chapter 9
The Discrete Logarithm
In this chapter we will study equations that will require us to focus on the exponents instead of on the bases.
The main tool we will use for these problems is a number theoretical version of the well-known logarithmic
function.
9.1 The Order of an Element Modulo n
In Chapter 8 we have proved that every element in Z∗n raised to φ (n) yields 1. We called this result Euler’s
Theorem. Then we proved a corollary, also due to Euler, that could allow us to find a smaller exponent such
that ax = 1, for all a ∈ Z∗n . The question now is obvious:
Fixed a ∈ Z∗n , what is the smallest positive integer x such that ax = 1?
Definition 9.1. Let n ∈ Z, n > 1.
(a) For a ∈ Z such that gcd(a, n) = 1, the order of a modulo n is the least positive integer x such that ax ≡ 1
(mod n). Equivalently,
(b) For a ∈ Z∗n . The order of a in Z∗n is the smallest positive integer x such that ax = 1.
Note that these numbers are the same. We will use the notation |a|n for both of these orders.
Remark 9.2. The word positive in the definition above is important because, first of all, we do not work with
negative exponents, and also because a0 ≡ 1 (mod n) for all a ∈ Z.
Example 9.3. Since 21 ≡ 2 6≡ 1 (mod 5), 22 ≡ 4 6≡ 1 (mod 5), 23 ≡ 3 6≡ 1 (mod 5), and 24 ≡ 1 (mod 5), then
|2|5 = 4.
Exercise 9.4. Let n ∈ Z, n > 1, and gcd(a, n) = 1.
(a) Show that |a|n = 1 if and only if a ≡ 1 (mod n).
(b) Show that a|a|n −1 is an inverse of a modulo n.
(c) Show that a|a|n −k is an inverse of ak modulo n, for all 1 ≤ k ≤ |a|n − 1.
Theorem 9.5. Let n ∈ Z, n > 1, and gcd(a, n) = 1. If ax ≡ 1 (mod n) for some x ∈ N then |a|n | x.
Proof. Since |a|n is the smallest positive integer such that ay ≡ 1 (mod n) and ax ≡ 1 (mod n) then x ≥ |a|n .
Using the Division Theorem we get
x = |a|n q + r
where 0 ≤ r < |a|n .
Note that
1 ≡ ax = a|a|n q+r = a|a|n q ar = (a|a|n )q ar ≡ ar
(mod n)
because a|a|n ≡ 1 (mod n). If r 6= 0 then, since ar ≡ 1 (mod n) then r ≥ |a|n (the order of a being the least
exponent such that ay ≡ 1 (mod n)). But this would contradict 0 < r < |a|n (from the Division Theorem).
Hence, r = 0, and thus |a|n | x.
t
u
Exercise 9.6. Prove that the converse of the previous theorem is also true. That is, if |a|n | x then ax ≡ 1
(mod n).
63
64
9 The Discrete Logarithm
The following corollary is immediate from Euler’s Theorem and the previous theorem.
Corollary 9.7. With the same hypothesis of the previous theorem. |a|n | φ (n).
Exercise 9.8. Solve the congruence x100 ≡ −1 (mod 31).
Hint: What are the possible values for |a|31 if a is a solution of that equation?
Exercise 9.9. Let N be the number discussed in Corollary 8.42. With the same hypothesis of Theorem 9.5,
prove that |a|n | N.
Exercise 9.10. Find:
(a) |5|14
(b) |10|21
(c) |31|20
(d) |3|20
(e) |2|255
Exercise 9.11. Let a 6≡ 1 (mod 31) be such that a9 ≡ 1 (mod 31). Find |a|31 .
Exercise 9.12. Let a ∈ Z be such that gcd(a, 31) = 1. Find all possible values for |a|31 , assuming you know
that a100 ≡ −1 (mod 31).
Exercise 9.13. Find the order modulo 23 of a if you know that a74 ≡ 1 ( mod 23), and a 6≡ 1 ( mod 23).
Exercise 9.14.
(a) Assume that |a|n and | − a|n are both even. Prove that | − a|n = |a|n .
(b) Find | − a|n in terms of |a|n .
Exercise 9.15. Let n ∈ Z, n > 1, and gcd(a, n) = 1. What can you say about
(a) |a2 |n in terms of |a|n ?
(b) |b|n in terms of |a|n , where ab ≡ 1 (mod n)?
Exercise 9.16. Let n ∈ Z, n > 1, and a, b ∈ Zn∗ .
(a) Assume gcd(|a|n , |b|n ) = 1. Prove that |ab|n = |a|n |b|n .
(b) Find a counterexample for part (a) when gcd(|a|n , |b|n ) 6= 1.
In the process of finding the order of a given number modulo n you have, most probably, noticed that the powers
obtained before getting ax ≡ 1 (mod n) are all distinct. The following theorem proves this observation, among
other things.
Theorem 9.17. Let n ∈ Z, n > 1, x, y ∈ N, and gcd(a, n) = 1.
ax ≡ ay
(mod n) ⇐⇒ x ≡ y
(mod |a|n )
Proof. (⇐) Assume that x ≡ y (mod |a|n ). Then x = y + k|a|n , for some k ∈ Z. Then
ax = ay+k|a|n = ay ak|a|n = ay (a|a|n )k ≡ ay (1)k ≡ ay
(mod n)
(⇒) Now assume ax ≡ ay (mod n). Since ax ≡ ar (mod n), where r is the remainder of x when divided by
|a|n then we let r and s be the remainders of x and y (when divided by |a|n ) respectively. Also, WLOG we can
assume that s ≥ r.
Multiply both sides of ar ≡ as (mod n) by a|a|n −r . We get
ar a|a|n −r ≡ as a|a|n −r
(mod n)
which is 1 ≡ a|a|n +(s−r) (mod n). It follows that |a|n divides |a|n + (s − r), and thus |a|n divides s − r. But, since
r ≤ s < |a|n then 0 ≤ s − r < |a|n , forcing s − r = 0. Hence x ≡ y (mod |a|n ).
t
u
9.2 Primitive Roots
65
Exercise 9.18. Let n ∈ Z, n > 1, and a ∈ Z∗n .
(a) Show that the set < a >= {a, a2 , · · · , a|a|n } contains exactly |a|n elements.
(b) Show that the set containing all positive powers of a, modulo n, contains exactly |a|n elements, and thus it
is equal to < a >.
(c) Assume |a|n = φ (n). Show that < a >= Z∗n .
Exercise 9.19. Let n ∈ Z, n > 1, and gcd(a, n) = 1. Show that |a|n divides |a|n2 .
9.2 Primitive Roots
As mentioned in the previous section, if |a|n = φ (n) then < a >= Z∗n . Hence, it seems that such elements a are
important, we will make this clear in the following definition.
Definition 9.20. Let n ∈ Z, n > 1, and gcd(a, n) = 1. Then a is a primitive root of n (or modulo n) if and only
if |a|n = φ (n).
Remark 9.21. A primitive root of n can be re-defined as an element in Z∗n that has maximal order.
Example 9.22. Since |2|5 = 4 = φ (5) then 2 is a primitive root of 5. Similarly, |5|14 = 6 = φ (14), and thus 5
is a primitive root of 14. On the other hand, φ (8) = 4, and |1|8 = 1, |3|8 = |5|8 = |7|8 = 2. Hence, 8 has no
primitive roots.
Exercise 9.23. Find primitive roots (if possible) for the following integers:
(a) 7
(b) 9
(c) 10
(d) 11
(e) 12
(f) 13
Exercise 9.24. Assume that r is a primitive root of n. Show that if r ≡ s (mod n) then s is also a primitive root
of n.
Exercise 9.25. Prove that if a is not a primitive root of n then none of the powers of a can be a primitive root
of n.
Exercise 9.26. Find all values of n for which n − 1 is a primitive root of n.
Exercise 9.27. Let n = pα , where p is an odd prime and α ∈ N. Show that if |a|n = pα−1 and |b|n = p − 1, then
ab is a primitive root of n.
Hint: Exercise 9.16.
Exercise 9.28. Let p be prime such that p ≡ 1 (mod 4), and r be a primitive root of p. Show that −r is also a
primitive root of p.
Exercise 9.29. Let n ∈ Z, n > 1. Z∗n =< r >, for some r ∈ Z∗n if and only if n has r as a primitive root.
Remark 9.30. In case you know some abstract algebra.
It is important to realize that n has a primitive root, if and only if, Z∗n is a cyclic group. In fact, Exercise 9.29
says that a generator of Z∗n is always given by a primitive root of n (and vice-versa).
Exercise 9.31. Complete the following table, in which all the elements of Z∗23 should appear (as 5 is a primitive
root of 23). Then make a claim about the orders of the elements in Z∗23 related to the exponent used when
written as a power of 5, and to |5|23 .
element
1
2
3
4
..
.
as a power of 5
order
..
.
..
.
66
9 The Discrete Logarithm
As implied by the previous exercise, there seems to be a way to find the order of an element if we know it is a
power of another element a and we know the order of a. This is exactly the result given in the next theorem.
Theorem 9.32. Let n ∈ Z, n > 1, and gcd(a, n) = 1. Then
|at |n =
|a|n
gcd(|a|n ,t)
for all t ∈ N.
Proof. As we have done before, we will prove this ‘formula’ by proving |at |n divides
|a|n
and vicegcd(|a|n ,t)
versa. Write t = gcd(|a|n ,t)k, and |a|n = gcd(|a|n ,t)q for some k, q ∈ Z. Then,
at
|a|n / gcd(|a|n ,t)
= at|a|n / gcd(|a|n ,t) = ak|a|n ≡ 1
(mod n)
|a|n
.
gcd(|a|n ,t)
t
t
For the other direction, note that (at )|a |n ≡ 1 (mod n), which is at|a |n ≡ 1 (mod n). It follows that |a|n divides
t|at |n . So, we know that t|at |n = r|a|n for some r ∈ Z. We now divide both sides by gcd(|a|n ,t) to get
and thus |at |n divides
t
|a|n
|at |n = r
gcd(|a|n ,t)
gcd(|a|n ,t)
|a|n
t
t
|a|n
|a|n
t
Since
|a
|
and
gcd
,
= 1,
divides |at |n .
n
gcd(|a|n ,t) gcd(|a|n ,t)
gcd(|a|n ,t) gcd(|a|n ,t)
gcd(|a|n ,t)
t
u
Corollary 9.33. If r is a primitive root of n, then
|rt |n =
φ (n)
gcd(φ (n),t)
for all t ∈ N.
Exercise 9.34. Prove Corollary 9.33.
Exercise 9.35. Show that if n has a primitive root r, then the order of any element in Z∗n can be computed using
Corollary 9.33.
Note that the previous exercise gives us a tool to find all primitive roots of n, assuming we have at least one
already.
Corollary 9.36. Assume n has a primitive root r, and t ∈ N. Then, rt is a primitive root of n if and only if
gcd(φ (n),t) = 1.
Corollary 9.37. Assume n has a primitive root. Then n has exactly φ (φ (n)) primitive roots.
Exercise 9.38. Prove Corollaries 9.36 and 9.37.
Exercise 9.39. Find a primitive root of 14. Then compute the orders of all the elements in {0, 1, 2, · · · , 13} that
have an order modulo 14. Out of those, which ones are primitive roots of 14? Explain.
Exercise 9.40. Find all primitive roots of n, where
(a) 13
Give explicit numbers as answers.
(b) 18
(c) 22
9.2 Primitive Roots
67
Note that in the previous few results need the hypothesis of n having a primitive root. As we have seen before,
both 8 and 12 do not have a primitive root. Hence, It is of great importance to determine which numbers do
have a primitive root. The next theorem summarizes all that is known about this.
Theorem 9.41. Assume n has a primitive root, then either
(a) n = 2, 4, or
(b) n = pα , where p is an odd prime and α ∈ N, or
(c) n = 2 · pα , where p is an odd prime and α ∈ N.
Proof. Corollary 8.42 says that if n = pα1 1 pα2 2 · · · pk k , a ∈ Z∗n and N = LCM[φ (pα1 1 ), φ (pα2 2 ), · · · , φ (pk k )] then
α
we get aN ≡ 1 (mod n). Note that if k ≥ 3 then at least two of the numbers φ (pα1 1 ), φ (pα2 2 ), and φ (p3 3 ) are
α1 α2
even. In this case it would follow that N < φ (n). Hence, n = p1 p2 .
In this case, if both p1 and p2 are odd then both φ (pα1 1 ) and φ (pα2 2 ) are even, and then again N < φ (n). So,
either
(i) n = pα , where p is an odd prime, and α ∈ N,
(ii) n = 2α1 pα2 , where p is an odd prime, and α2 ∈ N. However, if α1 > 1 then both φ (2α1 ) and φ (pα2 ) are
even, and then again N < φ (n). So, we must have n = 2 · pα , where p is an odd prime, and α ∈ N,
(iii) n = 2α , where α ∈ N. In this case, we will use that 8 does not have a primitive root. We notice that if r is a
k+1
k
k
primitive root of 2k+1 then 1 ≡ rφ (2 ) ≡ r2 (mod 2k+1 ), which means that 2k+1 | (1 − r2 ). But,
α
α
k−1 2 k
k−1
k−1
1 − r2 = 1 − r2
= 1 − r2
1 + r2
k−1
k−1
Since if r is odd, then r2 ≡ 1 (mod 4). It follows that 2 divides 1 + r2 but 4 does not. Hence, 2k | (1 − r2 ),
and this means that r is a primitive root of 2k . Repeating this process would lead us to find a primitive root of
8, which is impossible.
t
u
We have not proved yet that every number that has the form described in Theorem 9.41 actually has a primitive
root. In order to obtain such result we will need to go over quite a few results. Some proofs will be omitted,
such as the existence of primitive roots for primes. These proofs may be found in any good number theory
book.
Exercise 9.42. How many primitive roots do the following numbers have: 4, 10, 21, 81, 250 and 12 ?
Finding primitive roots for p prime is a ‘trial and error’ problem. However, there is a good chance that one of
the primitive roots of p is a small number. Hence, in order to find such a root you should start by looking at
|2| p , and then |3| p , etc, until you find a primitive root of p. Not really exciting.
From now on let us assume we have a primitive root r of an odd prime p. We want to find a primitive root of
p2 .
Lemma 9.43. Assume r is a primitive root of p (odd prime), then |r| p2 is either φ (p) or φ (p2 ).
Proof. Since |r| p2 | φ (p2 ), then using Exercise 9.19 we get
(p − 1) |r| p2 p(p − 1)
Moreover, since p is prime, then |r| p2 is either φ (p) = p − 1 or φ (p2 ) = p(p − 1) (Exercise 2.43).
t
u
Lemma 9.43 implies that if r is a primitive root of p then r could be, with a good chance, a primitive root of
p2 . Hence, we need to find a candidate for when |r| p2 6= φ (p).
Lemma 9.44. Let p be an odd prime. Assume r is a primitive root of p, and that |r| p2 = φ (p) then |r + p| p2 =
φ (p2 ).
68
9 The Discrete Logarithm
Proof. Since r is a primitive root of p then so is r + p (Exercise 9.24). It follows, from Lemma 9.43, that in
order to show |r + p| p2 = φ (p2 ) we need to get
(r + p) p−1 6≡ 1
(mod p2 )
By assumption, we know that r p−1 ≡ 1 (mod p2 ), and thus
(r + p) p−1 = r p−1 + (p − 1)r p−2 p1 + p2 s
≡r
p−1
−r
p−2
≡ 1 − r p−2 p
p
for some s ∈ Z
2
(mod p )
(mod p2 )
So, if (r + p) p−1 ≡ 1 (mod p2 ) then r p−2 p ≡ 0 (mod p2 ), which means that r p−2 ≡ 0 (mod p), and thus
gcd(r, p) 6= 1. This is a contradiction. Hence, (r + p) p−1 6≡ 1 (mod p2 ). That is, |r + p| p2 = φ (p2 ).
t
u
Putting these two lemmas together we obtain the following:
Theorem 9.45. Let p be an odd prime and r a primitive root of p. Then,
(a) If r p−1 6≡ 1 (mod p2 ) then r is a primitive root of p2 .
(b) If r p−1 ≡ 1 (mod p2 ) then r + p is a primitive root of p2 .
The previous theorem will set the base for us to find primitive roots of pn , where p is an odd prime and n ∈ N.
Theorem 9.46. Let r be a primitive root of p, p an odd prime, be such that r p−1 6≡ 1 (mod p2 ) then r is
a primitive root of pn , for all n ∈ Z, n ≥ 2.
In order to prove this theorem we need a lemma first.
n
Lemma 9.47. Let r be a primitive root of the odd prime p. If r p−1 6≡ 1 (mod p2 ), then rφ (p ) ≡
6 1 (mod pn+1 ),
for all n ∈ N.
Proof. We will proceed by induction on n. The case n = 1 is given as hypothesis. So, assume the result is true
for all 1 ≤ k ≤ n.
n
n
n
We know that rφ (p ) 6≡ 1 (mod pn+1 ) and, by Euler, that rφ (p ) ≡ 1 (mod pn ). It follows that rφ (p ) = 1 + t pn ,
for some t ∈ Z with gcd(t, p) = 1. Raising both sides to the power p we get
n
r pφ (p ) = (1 + t pn ) p = 1 + t pn+1 + pn+2 s
for some s ∈ Z (all this comes from the binomial theorem). But, since pφ (pn ) = φ (pn+1 ) we get
n+1 )
rφ (p
This completes the induction.
6≡ 1
(mod pn+2 )
t
u
Proof (Proof of Theorem 9.46). Let r be a primitive root of p (odd prime) such that r p−1 6≡ 1 (mod p2 ). We
will prove that |r| pn = φ (pn ) by induction on n.
The case n = 1 follows by assumption, as this says |r| p = φ (p).
n
So, we now assume |r| pk = φ (pk ) for all 1 ≤ k < n. Note that, by Euler, we have rφ (p ) ≡ 1 (mod pn ), which
implies that |r| pn divides φ (pn ).
Since r|r| pn ≡ 1 (mod pn ) implies r|r| pn ≡ 1 (mod pn−1 ), we get that |r| pn−1 divides |r| pn . We now use the
induction hypothesis to get that φ (pn−1 ) divides |r| pn . It follows, using that p is prime, that |r| pn can be either
n−1
φ (pn−1 ) or φ (pn ). But, in the previous lemma we have just proved that rφ (p ) 6≡ 1 (mod pn ). So, |r| pn must
n
be equal to φ (p ).
t
u
9.3 Discrete Logarithms
69
Exercise 9.48. Find a primitive root of 231974 . How many primitive roots of 231974 are there? How would you
find all primitive roots of 231974 ? Explain.
One last theorem on existence of primitive roots.
Theorem 9.49. Let r be a primitive root of pa , where p is an odd prime and a ∈ N. Then,
(a) if r is odd then r is a primitive root of 2pa ,
(b) if r is even, then r + pa is a primitive root of 2pa .
Proof. Case r is odd. Since φ (pa ) = φ (2pa ), then |r|2pa divides φ (pa ). On the other hand, r|r|2pa ≡ 1 (mod 2pa )
implies r|r|2pa ≡ 1 (mod pa ), and thus φ (pa ) divides |r|2pa .
Case r is even. Note that r + pa is also a primitive root of pa , and that it is odd. The previous case applies to
this number to get what we wanted to prove.
t
u
Exercise 9.50. Find a primitive root of 46.
Exercise 9.51. Let p be an odd prime and a ∈ N.
(a) Show that the number of primitive roots of pa is equal to the number of primitive roots of 2pa .
(b) Prove or disprove: if r is a primitive root of pa then r is a primitive root of 2pa . Is the converse true?
Exercise 9.52. Use a primitive root of 13 found in Exercise 9.40 to find a primitive root of 2 · 132011 .
Exercise 9.53. (a) Find a primitive root of 31.
(b) Find all primitive roots of 31.
(c) Find a primitive root of 31α for all α ≥ 2.
(d) Find a primitive root of 2 · 31α for all α ≥ 1.
Exercise 9.54. (a) Assume that 3 is a primitive root of 7. Find a primitive root of 2 · 72011 .
(b) Find a primitive root of n = 92011 . How many primitive roots does n have?
Exercise 9.55. Compute the sum of all the elements in Z∗997 . Note that 997 is a prime number.
Now that we know which integers have primitive roots we will focus on applications of primitive roots to
solving congruence equations.
9.3 Discrete Logarithms
Exercise 9.29 says that if r is a primitive root of n then < r >= {r, · · · , rφ (n) } = Z∗n .
It follows that for every a ∈ Z∗n there is a unique x ∈ {1, 2, · · · , φ (n)} such that rx = a in Z∗n . This observation
yields the following definition, which we will phrase in terms of congruences.
Definition 9.56. Let n ∈ Z, n > 1. Assume that r is a primitive root of n, and a ∈ Z is such that gcd(a, n) = 1.
The unique exponent x ∈ {1, 2, · · · , φ (n)} such that rx ≡ a (mod n) will be denoted logr (a).
We will read logr (a) as the (discrete) logarithm to the base r of a.
It follows from the definition that the ‘value’ of logr (a) depends on what base (always a primitive root) is used,
but that n is always fixed.
Remark 9.57. Theorem 9.17 implies that if x, y ∈ N, and r is a primitive root of n, then
rx ≡ ry
(mod n) ⇐⇒ x ≡ y (mod φ (n))
but since rlogr (a) ≡ a (mod n), then it follows that we could re-define logr (a) by
rx ≡ a (mod n) ⇐⇒ x ≡ logr (a) (mod φ (n))
70
9 The Discrete Logarithm
Exercise 9.58. Let a, b, n, r ∈ Z be such that n > 1, gcd(a, n) = gcd(b, n) = 1, and r is a primitive root of n.
Prove:
a ≡ b (mod n)
if and only if
logr (a) ≡ logr (b) (mod φ (n))
Exercise 9.59. Let r and s be primitive roots of n with rt ≡ s (mod n), for some t ∈ N. Assume that gcd(a, n) =
1 and that logs (a) = k. Find logr (a) in terms of k.
It seems that choosing the name logarithm for this was a good idea. Does this logarithm behave just like the
standard logarithms?
Theorem 9.60. Let a, b, n ∈ N, where n > 1, gcd(a, n) = gcd(b, n) = 1, and let r be a primitive root of n.
Then,
(a) logr (1) ≡ 0 (mod φ (n)).
(b) logr (ab) ≡ logr (a) + logr (b) (mod φ (n)).
(c) logr (ak ) ≡ k logr (a) (mod φ (n)), for all k ∈ N.
Proof. (a) Since rlogr (1) ≡ 1 ≡ rφ (n) (mod n), then logr (1) ≡ φ (n) ≡ 0 (mod φ (n)) by Remark 9.57.
(b) Since rlogr (ab) ≡ ab ≡ rlogr (a) rlogr (b) ≡ rlogr (a)+logr (b) (mod n) we get, by Remark 9.57, that logr (ab) ≡
logr (a) + logr (ab) (mod φ (n)).
k
k
(c) For any k ∈ N, we get rlogr (a ) ≡ ak ≡ rlogr (a) ≡ rk logr (a) (mod n). Now, Remark 9.57 implies logr (ak ) ≡
k logr (a) (mod φ (n)).
t
u
Since the discrete logarithm has, essentially, the same properties that regular logarithms have, then we may
apply the discrete logarithm to solve exponential equations/congruences.
Example 9.61. We want to solve the congruence 9x5 ≡ 1 (mod 14). We will use that 3 is a primitive root of
14, and thus that log3 ( ) is perfectly well-defined.
9x5 ≡ 1
(mod 14)
log3 (9x5 ) ≡ log3 (1) (mod φ (14))
log3 (9) + log3 (x5 ) ≡ 0
(mod 6)
log3 (9) + 5 log3 (x) ≡ 0
(mod 6)
2 + 5 log3 (x) ≡ 0
(mod 6)
5 log3 (x) ≡ 4
(mod 6)
next apply log3 ( ) both sides
next use log properties
next use log3 (9) = 2
Note that if we set X = log3 (x) then we have to solve 5X ≡ 4 (mod 6). This congruence has solution X ≡ 2
(mod 6), and thus log3 (x) ≡ 2 (mod 6). It follows that x ≡ 9 (mod 14).
We can solve many other types of equations using the discrete logarithm. For instance, an equation featuring
the unknown as an exponent could be approached by using the properties listed in Theorem 9.60.
Example 9.62. We want to solve 3x ≡ 11 (mod 14).
We know that 3 is a primitive root of 14. Hence, we apply log3 ( ) to both sides of the equation to get log3 (3x ) ≡
log3 (11) (mod φ (14)), which is x log3 (3) ≡ log3 (11) (mod 6).
Since log3 (11) = 4 and log3 (3) = 1, then x ≡ 4 (mod 6).
Exercise 9.63. Solve xx ≡ 1 (mod 14).
So far we have solved equations using the discrete logarithm only for small moduli. This is because whenever
the modulus is large the computations needed to find logr ( ) get fairly long. In order to be able to approach
problems involving not so small modulus we will use tables of powers of primitive roots.
Note that if we want to solve a problem that requires us to use log2 ( ) (modulo 11) then knowing the following
powers of 2
9.3 Discrete Logarithms
71
t
2t
1 2 3 4 5
2 4 8 5 10
will easily allow us to expand this table, using that 25 ≡ −1 (mod 11), to
t
2t
1 2 3 4 5
6
7
8
9
10
2 4 8 5 10 −2 ≡ 9 −4 ≡ 7 −8 ≡ 3 −5 ≡ 6 −10 ≡ 1
After we have the complete table of powers of 2 we get all the logarithms we need by just reversing this table,
a
2 4 8 5 10 9 7 3 6 1
log2 (a) 1 2 3 4 5 6 7 8 9 10
and re-arrange it
a
1 2 3 4 5 6 7 8 9 10
log2 (a) 10 1 8 2 4 9 7 3 6 5
Exercise 9.64. Explain why ‘reversing’ the table of powers of a primitive root r of n yields a table for logr ( )
modulo n.
Example 9.65. We want to solve 2 − 3x8 ≡ 8 ( mod 11).
Since we have both a table of powers of 2 and a table of logarithms to that base, then it is natural to think
of applying log2 ( ) to both sides of the equation. However, we see that we can simplify the equation before
applying logarithms, as we do not know what a logarithm of a difference would be. We get −3x8 ≡ 6 ( mod 11).
We can divide both sides of the equation by 3, and multiply times −1 to get x8 ≡ 9 (mod 11).
Now we apply logarithms both sides to get log2 (x8 ) ≡ log2 (9) (mod φ (11)), which is 8 log2 (x) ≡ 6 (mod 10).
Note that this congruence yields two solutions for log2 (x) modulo 10. Next, we divide everything by 2 to
get 4 log2 (x) ≡ 3 (mod 5). But, since 4 ≡ −1 (mod 5) and 3 ≡ −2 (mod 5) then the equation reduces to
log2 (x) ≡ 2 (mod 5). Hence, the solutions are
log2 (x) ≡ 2
(mod 10)
log2 (x) ≡ 7
(mod 10)
Finally, we get the solutions for x out of the two possible solutions for log2 (x), they are x ≡ 22 = 4 (mod 11)
and x ≡ 27 = 7 (mod 11).
Exercise 9.66. Solve the equations
(a) 7x4 ≡ 8
(b) 1 + 10x6 ≡ 8
(mod 11)
(mod 11)
Exercise 9.67. Consider the (incomplete) table of powers of 3, modulo 38 below.
t 18 4 6 2
17 5 16 7 14
3
15 13
9
t
3 1 3 5 7 9 11 13 15 17 21 23 25 27 29 31 33 35 37
(a) Complete the table and check that 3 is a primitive root of 38.
(b) Solve
35 x4 ≡ 11 ( mod 38)
Exercise 9.68. Consider the following (incomplete) table of logarithms modulo 17 with respect to the primitive
root r = 3
a
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
log3 (a)
14
12
15 11
2 3
4
6
(a) Complete the table.
(b) Solve
11x10 − 5 ≡ 0 ( mod 17)
72
9 The Discrete Logarithm
(c) Find all solutions of
6x12 + 5 ≡ 11 ( mod 17)
Exercise 9.69. Let a, b, c ∈ Z.
(a) Find all the values of a for which the equation ax9 ≡ 5 (mod 14) has solutions.
(b) Find all the values of b for which the equation 3x9 ≡ b (mod 14) has solutions.
(c) Find all the values of c for which the equation 3xc ≡ 5 (mod 14) has solutions.
Recall that in Example 7.1 we proved that, if p is an odd prime, the equation x2 ≡ 1 (mod p) has exactly two
distinct solutions, namely x ≡ ±1 (mod p). In the next couple of problems you will need this result to prove
what is asked.
Exercise 9.70. Let p be an odd prime and r a primitive root of p. What is logr (−1)?
Exercise 9.71. Let p be an odd prime. Prove that the equation x2 ≡ −1 (mod p) has solutions if and only if
p ≡ 1 (mod 4).
Exercise 9.72. Let p be an odd prime, a ∈ N, and r a primitive root of pa . Assume that the equation x2 ≡ 1
(mod pa ) has exactly two solutions mod pa : x ≡ ±1 (mod pa ).
φ (pa )
.
(a) Prove that logr (−1) =
2
(b) Prove that the equation x2 ≡ −1 (mod pa ) has solutions if and only if p ≡ 1 (mod 4).
Exercise 9.73. Let p be an odd prime. Find conditions, similar to those in Exercise 9.71, for x4 ≡ −1 (mod p)
to have solutions.
Exercise 9.74. Let p be an odd prime number and r a primitive root of p. For which values of i does the
equation x2 ≡ ri (mod p) have solutions?
Exercise 9.75. Let p be an odd prime number. Solve , separately, the equations
x(p−1)/2 ≡ 1
(mod p)
x(p−1)/2 ≡ −1
Hint: Note that r is a solution for x(p−1)/2 ≡ −1 (mod p), for r any primitive root of p.
(mod p)
Chapter 10
Squares in Z∗n
In Definition 2.81 we learned what a square in Z was. We got to the conclusion that every positive integer was
the product of a square and, possibly, a square-free number. In Zn things are a little different because we do
not have a fundamental theorem of arithmetic that would allow us to consider square-free numbers. However,
things end up working fairly well.
The following two definitions are, somehow, equivalent.
Definition 10.1. An element a ∈ Z∗n is a square (in Z∗n ) if and only if a = b2 , for some b ∈ Z∗n .
Definition 10.2. An integer a, such that gcd(a, n) = 1, is a quadratic residue modulo n if and only if there is
b ∈ Z such that a ≡ b2 (mod n).
Remark 10.3. The concepts of a square in Z∗n and that of a quadratic residue modulo n could be extended (in
an obvious way) to elements in Zn and to elements a ∈ Z such that gcd(a, n) 6= 1. However, for this chapter’s
purposes we will not do that, and we will consider only elements as described in Definitions 10.1 and 10.2.
Exercise 10.4. Find all the quadratic residues modulo n for n = 2, 3, · · · , 20.
Exercise 10.5. Let n ∈ Z, n > 1. Denote by n the set of all quadratic residues modulo n.
(a) Show that if a, b ∈ n then ab ∈ n .
(b) Show that 1 ∈ n .
(c) Show that if a ∈ n and c is an inverse of a modulo n, then c ∈ n .
Remark 10.6. Exercise 10.5 implies that n is a group 1 under multiplication. Similarly, the set of all squares
in Z∗n is a subgroup of Z∗n .
Exercise 10.7. Let n ∈ Z, n > 1.
(a) Prove that Z∗n , for n > 2, contains at most
φ (n)
squares.
2
Hint: x2 ≡ (−x)2 (mod n), for all x ∈ Z.
(b) Prove that if p is an odd prime then the equation x2 ≡ a (mod p) has either no solutions or exactly two
incongruent solutions modulo p.
φ (p)
p−1
(c) Prove that if p is an odd prime then Z∗p contains exactly
=
squares.
2
2
Hint: Exercise 7.2.
(d) Confirm the results proved in parts (a) and (b) by looking at the data obtained in Exercise 10.4.
We notice that we have a little more control on squares/quadratic residues when the modulus is an odd prime.
This takes us to the next section
10.1 Squares in Z∗p , p Odd Prime.
p−1
squares. How to find them? How to check that a
We know that, for p an odd prime, Z∗p contains exactly
2
∗
given element in Z p is a square? In this section we will address these questions and more.
1
See Appendix A in Chapter 14
73
10 Squares in Z∗n
74
Definition 10.8. Let p be an odd prime and a ∈ Z. We define the Legendre symbol

 1
a
= −1

p
0
a
by:
p
if a is a quadratic residue modulo p
if a is not a quadratic residue modulo p
if gcd(a, p) 6= 1
Exercise 10.9. Let p be an odd prime. Compute
p
a
∑ p
a=1
Theorem 10.10 (Euler’s Criterion). Let p be an odd prime and a ∈ Z, then
a
≡ a(p−1)/2 (mod p)
p
Proof. Ifgcd(a,
p) 6= 1 the result is obvious. So, assume that gcd(a, p) = 1.
a
= 1, then a ≡ b2 (mod p) for some b ∈ Z. It follows that (using the other Euler’s Theorem)
Assume
p
a(p−1)/2 ≡ (b2 )(p−1)/2 ≡ b p−1 ≡ 1
(mod p)
a
= −1. Let r be a primitive root of p, then a ≡ ri (mod p), for some i ∈ N. Since a is
p
not a quadratic residue modulo p then i must be odd. Hence
Now assume that
i
a(p−1)/2 ≡ (ri )(p−1)/2 ≡ r(p−1)/2
(mod p)
But, Exercise 9.75 implies that r(p−1)/2 ≡ −1 (mod p), and thus
a(p−1)/2 ≡ (−1)i = −1
(mod p)
t
u
Example 10.11. (a) Let us find all squares in Z∗18 .
Since ±x would yield the same square, then we just need to compute a2 for a ∈ Z∗18 and 1 ≤ a ≤ 9. Moreover,
Z∗18 = {1, 5, 7, 11, 13, 17}, then:
12 = 1
52 = 25 = 7
72 = 49 = 13
So, the squares of elements in Z∗18 are {1, 7, 13}.
(b) Now we will check whether 18 is a square in Z∗23 .
Using Euler’s criterion we get
18(23−1)/2 = 1811 ≡ (−5)11 ≡ (−1)11 511 ≡ (−1)511 ≡ (−5)(52 )5 ≡ (−5) · (25 ) ≡ (−5) · 9 ≡ 1
Hence, 18 is a quadratic residue modulo 23.
Exercise 10.12. Let p be an odd prime, and r a primitive root of p.
(a) Prove that r is not a quadratic residue modulo p.
(b) Prove that a is a quadratic residue modulo p if and only if logr (a) is even.
(mod 23)
10.1 Squares in Z∗p , p Odd Prime.
75
Exercise 10.13. Check whether a = 3 is a quadratic residue modulo p for:
(a) p = 29
(b) p = 41
(c) p = 67
(d) p = 71
Repeat the problem for a = 4.
Exercise 10.14. Let p be an odd prime, then
−1
1
=
−1
p
if p ≡ 1 (mod 4)
if p ≡ 3 (mod 4)
Exercise 10.15. Let p be an odd prime. Assume that a is a quadratic residue modulo p. Show that −a is also a
quadratic residue modulo p if and only if p ≡ 1 (mod 4).
Exercise 10.16. Let p be an odd prime. Denote by p the set of all squares in Z∗p and by 6 p the set of all
non-squares in Z∗p .
(a) Prove that if a, b ∈ 6 p then ab ∈ p .
(b) Let a, b ∈ Z∗p . Prove that either a, b, and ab are all squares in Z∗p , or exactly one of them is a square in Z∗p .
(c) Let a be a fixed element in 6 p . Prove that if b ∈ 6 p then there exists a c ∈ p such that b = ac.
In order to find out whether, let us say, 123 is a quadratic residue modulo 991 (which is prime) we need to learn
more about the Legendre symbol. We start with a few simple properties that, together with Exercise 10.14, will
allow us to compute a wide variety of Legendre symbols.
Theorem 10.17. Let p be an odd prime, and gcd(a, p) = gcd(b, p) = 1. Then:
a
b
(a) If a ≡ b (mod p) then
=
p
p
ab
a
b
(b)
=
p
p
p
2
a
(c)
=1
p
Exercise 10.18. Prove Theorem 10.17.
a
Exercise 10.19. Let p be an odd prime and gcd(n, p) = 1. Assume that n = pa11 pa22 · · · pk k is the prime factorization of n. Prove
i1 i2 ik
p1
p2
pk
n
=
···
p
p
p
p
where i j = 1 if a j is odd, and i j = 0 if a j is even.
Exercise 10.20. Check whether a = 36 is a quadratic residue modulo p for:
(a) p = 29
(b) p = 41
(c) p = 67
(d) p = 71
Repeat the problem for a = 99.
Note that with all the results we have it is still very hard to check whether 123 is a quadratic residue modulo
991... try it out! We need a theorem called the quadratic reciprocity. The proof of this is fairly complex, and so
we will assume a couple of results to prove it.
10 Squares in Z∗n
76
10.2 The Quadratic Reciprocity Law
In order to motivate what follows we will first introduce the main theorem of this section, learn how to use it
and then prove it.
Theorem 10.21 (Quadratic Reciprocity Law). Let p and q be distinct odd primes, then
p−1 q−1
p
q
= (−1) 2 2
q
p
p
The quadratic reciprocity allows us to ‘flip’ the symbol
upside down. This will be extremely useful,
q
mostly when put together with other properties of the Legendre symbol (such as Exercises 10.14 and 10.19,
and Theorem 10.17).
Exercise 10.22. If p and q are distinct odd primes, then
  q
if p ≡ 1 (mod 4) or q ≡ 1
p
p =
− q
q
if p ≡ q ≡ 3 (mod 4)
p
(mod 4)
Example 10.23. Note that 991 is prime. Is 123 a quadratic residue modulo 991?
We first notice that the prime factorization of 123 is 123 = 3 · 41. Then
123 T h10.17
3
41
=
991
991
991
3−1
991−1
41−1 991−1
991
991
T h10.21
2
2
= (−1) 2
(−1) 2
3
41
991
991
= (−1)
(1)
3
41
1
7
T h10.17
= (−1)
3
41
7
T h10.17
= (−1)(1)
41
7−1 41−1
41
T h10.21
2
2
= (−1)(−1)
7
41
= (−1)(1)
7
−1
T h10.17
= (−1)
7
Ex10.14
=
(−1)(−1)
=
1
It follows that 123 is a quadratic residue modulo 991.
Note that in the previous example we had, at some point
123
41
= (−1)
991
7
At this point we could have done
10.2 The Quadratic Reciprocity Law
123
991
77
= (−1)
41
7
T h10.17
=
(−1)
6 T h10.17
2
3
= (−1)
7
7
7
3
We see that
could have been dealt with by using the quadratic reciprocity again (or just checking that 3
7
2
cannot be dealt with using the quadratic reciprocity because 2 is not
is not a square modulo 7). However,
7
odd. This observation makes the following result necessary.
Corollary 10.24. Let p be an odd prime, then
2
1
=
−1
p
if p ≡ ±1
if p ≡ ±3
(mod 8)
(mod 8)
The proof of Corollary 10.24 follows from the next lemma, which we will not prove in this book. You may find
proofs for this lemma in any good Number Theory book.
Theorem 10.25 (Gauss’s Lemma). Let p be an odd prime, and gcd(a, p) = 1. Denote by s the number
p−1
p
of distinct remainders (upon division by p) of a, 2a, · · · ,
a that are greater than . Then,
2
2
a
≡ (−1)s (mod p)
p
Proof (Corollary 10.24). Let p be an odd prime. Since gcd(2, p) = 1 then we can use Gauss’s Lemma and get
2
≡ (−1)s (mod p)
p
where s is the number of distinct remainders (upon division by p) of all the elements in the set
p−1
· 2(= p − 1)
S = 2, 4, · · · ,
2
p
.
2
p−1
p
p
It is easy to see that, roughly, half of these
numbers are greater than . In fact, since is not an integer,
2
2
2
p
p+1
p−1
we locate it between two integers by realizing that
< <
. But, this can be re-written as
2
2
2
that are greater than
2
which implies that there are exactly
j pk
4
p−1
p
p+1
<2 <2
4
4
4
elements of S that are less than
s=
p
. It follows that there are
2
p−1 j pk
−
2
4
p
.
2
Finally, taking cases (p ≡ 1 (mod 4) and p ≡ 3 (mod 4)) we get that
elements in S that are larger than
s=
p − 1 j p k p2 − 1
−
≡
2
4
8
(mod 2)
10 Squares in Z∗n
78
The result follows from re-writing the condition
8.
p2 − 1
being even/odd into what p is congruent to modulo
8
t
u
Exercise 10.26. Finish the proof of Corollary 10.24. That is, take cases p ≡ 1 (mod 4) and p ≡ 3 (mod 4) to
prove
p − 1 j p k p2 − 1
−
≡
(mod 2)
2
4
8
p2 − 1
being even/odd into what p is congruent to modulo 8.
8
−2
Exercise 10.27. Let p be an odd prime p > 3. What is
?
p
168
Example 10.28. Let us compute
. Since 168 ≡ −2 (mod 17) then
17
−2
−1
2
168
=
=
17
17
17
17
and re-write the condition
Hence, using that 17 ≡ 1 (mod 4) and 17 ≡ 1 (mod 8) then
−1
2
168
=
= (1)(1) = 1
17
17
17
Exercise 10.29. Is 1974 a quadratic residue modulo p? Where
(a) p = 11
(b) p = 37
(c) p = 991
(d) p = 1009
Exercise 10.30.
(a) Find all quadratic residues modulo 17 (between 0 and 17).
(b) Is 17 a quadratic residue modulo 2011?
Hint: 2011 is prime.
The proof of the quadratic reciprocity that we will give next follows from the next lemma, which we will not
prove in this book. You may find proofs for this lemma in any good Number Theory book.
Theorem 10.31 (Eisenstein’s Lemma). Let p be an odd prime and gcd(a, p) = 1. Define
(p−1)/2 T (a, p) =
∑
j=1
ja
p
Then,
a
≡ (−1)T (a,p)
p
(mod p)
Proof (Quadratic Reciprocity: Theorem 10.21). Consider the set
p−1
q−1
T = (x, y) ∈ Z × Z; 1 ≤ x ≤
, 1≤y≤
2
2
p−1 q−1
.
2
2
q−1
Note that if qx = py then q|y, but 1 ≤ y ≤
. So, qx 6= py for all (x, y) ∈ T . It follows that T is the disjoint
2
union of the following two sets
Clearly, |T | =
10.2 The Quadratic Reciprocity Law
79
A = {(x, y) ∈ T ; qx > py}
It follows that |A| + |B| = |T | =
B = {(x, y) ∈ T ; qx < py}
p−1 q−1
. Now, since
2
2
qx
>y
A = {(x, y) ∈ T ; qx > py} = (x, y) ∈ T ;
p
qx
and y ≥ 1 then, for each x there are exactly
y’s such that (x, y) ∈ T . Hence,
p
(p−1)/2 |A| =
∑
x=1
qx
= T (q, p)
p
Similarly |B| = T (p, q). It follows that,
(−1)
p−1 q−1
2
2
|T |
= (−1)
|A|+|B|
= (−1)
T (q,p)
= (−1)
T (p,q)
(−1)
p
q
=
p
q
t
u
where the last equality is obtained by using Eisenstein’s Lemma.
Exercise 10.32. Is n = 991991 · 20112011 · 2, 000, 000 a quadratic residue modulo 31?
Hint: 31, 991, and 2011 are prime numbers.
Exercise 10.33. Is n = 262012 · 621,000,001 · 251003 a square modulo p = 991?
Exercise 10.34. Use the quadratic reciprocity to find out when 3 is a quadratic residue modulo p, where p is
an odd prime greater than 3.
p−1
Hint: Take cases depending on whether
is even or odd. You might need to take a couple of sub-cases
2
after that.
Exercise 10.35. Give an example of two distinct odd primes, p and q, such that:
(a) p is not a quadratic residue modulo q and q is not a quadratic residue modulo p.
(b) p is a quadratic residue modulo q but q is not a quadratic residue modulo p.
(c) p is a quadratic residue modulo q and q is a quadratic residue modulo p.
A natural generalization of the Legendre symbol is the Jacobi symbol.
b
b1 b2
k
Definition 10.36. Let b be an
positive integer with prime factorization b = p1 p2 · · · pk . Let a be any
aodd,
is defined by
integer. The Jacobi symbol
b
a a b1 a b2 a bk
=
···
b
p1
p2
pk
a
where the
’s are Legendre symbols.
pi
Exercise 10.37. Let b, b1 , b2 be odd,
positive integers and a, a1 , a2 ∈ Z. Prove:
a1 a2 =
(a) If a1 ≡ a2 (mod b) then
b
b
a a a a 1 2
1
2
(b)
=
b b b a
a
a
(c)
=
b1 b2
b1
b2
80
Exercise
10.38. Let b be an odd, positive integer and a ∈ Z. Prove:
−1
= (−1)(b−1)/2
(a)
b
2
2
(b)
= (−1)(b −1)/8
b
(c) If a is odd and positive, then
a
b
= (−1)((a−1)/2)((b−1)/2)
b
a
10 Squares in Z∗n
Chapter 11
Multiplicative Functions
In Theorem 8.10 it was shown that if a > 0, b > 0 and gcd(a, b) = 1, then
φ (ab) = φ (a)φ (b)
This property of φ is shared by many other functions. In this chapter we will take a deep look at the functions
that ‘split a product’ for relatively prime integers, and will look at a few very important functions of this type.
One of the reasons to study multiplicative functions is that they will be needed in the development of important
concepts in following chapters, such as perfect numbers, deficient numbers, abundant numbers, weird numbers,
etc.
11.1 Generalities About Multiplicative Functions
Definition 11.1. (a) A function defined on the set of natural numbers, into R, is called an arithmetic function.
(b) If an arithmetic function is such that f (ab) = f (a) f (b), for all a, b ∈ N such that gcd(a, b) = 1, then it is
said to be a multiplicative function.
(c) If an arithmetic function is such that f (ab) = f (a) f (b), for all a, b ∈ N, then it is called completely multiplicative.
Note that for the definition of multiplicative (and completely multiplicative) function to make sense the range
of f must be a set where a multiplication is defined.
Exercise 11.2. Prove that if f is completely multiplicative then it is multiplicative.
Example 11.3. (a) φ is a multiplicative function (Theorem 8.10) that is not completely multiplicative.
(b) The identity function, f (n) = n for all n ∈ N, is completely multiplicative.
(c) The constant function, g(n) = 1 for all n ∈ N, is completely multiplicative.
Exercise 11.4. Prove what is claimed in Example 11.3.
Exercise 11.5. Are the following functions multiplicative?
(a) For any fixed k ∈ N. f (n) = nk .
(b) g(n) = 2, for all n ∈ N.
(c) h(n) = n + 1.
n
(d) For p an odd prime, λ (n) is the ‘Legendre symbol’ function: λ (n) =
.
p

if n = 1
1
if n is not square-free
(e) µ(n) = 0

(−1)k if n = p1 p2 · · · pk , where the pi ’s are all distinct primes
Exercise 11.6. Let f be a multiplicative function and n ∈ N. Assume that the prime factorization of n is n =
a
pa11 p2a2 · · · pk k . Show that
a
f (n) = f (pa11 ) f (pa22 ) · · · f (pk k )
Conclude that in order to know the value of f (n) for any n ∈ N we just need to know the values of f (pa ), for
all prime p and a ∈ N.
81
82
11 Multiplicative Functions
Sometimes it is possible to create new (completely or not) multiplicative functions out of known ones. The next
three exercises show how this could be done.
Exercise 11.7. Check whether the function f defined by f (n) = φ (n)2 is multiplicative and/or completely
multiplicative.
Exercise 11.8. Let f : N → R and g : N → R be two arithmetic functions.
(a) Assume that both f and g are completely multiplicative. Prove that the function f g defined by ( f g)(n) =
f (n)g(n), for all n ∈ N, is also completely multiplicative.
(b) Is part (a) true if we eliminate the word ‘completely’ throughout?
(c) Is the sum of two multiplicative functions multiplicative?
Exercise 11.9. Let f : N → N and g : N → N be two arithmetic functions.
(a) Assume that both f and g are completely multiplicative. Prove that the function f ◦ g defined by ( f ◦ g)(n) =
f (g(n)), for all n ∈ N, is also completely multiplicative.
(b) Is part (a) true if we eliminate the word ‘completely’ throughout?
(c) Assume that f is a multiplicative function and g is a completely multiplicative function. Show that g ◦ f is
a multiplicative function.
Another way to construct a multiplicative function out of a known one is by, for a given function f , constructing
what is known as the summatory function of f .
Definition 11.10. Let f be an arithmetic function. The summatory function F of f is defined by
F(n) = ∑ f (d)
d|n
where the divisors of n are always considered to be positive.
Most of the times it is very hard to find an explicit formula for the summatory function of a given function f .
However, computation of the values of F is a task not so hard to achieve.
Example 11.11. Let f : N → R be defined as f (n) = n2 − 1. Then
F(12) =
∑ f (d) =
f (1) + f (2) + f (3) + f (4) + f (6) + f (12)
d|12
= (12 − 1) + (22 − 1) + (32 − 1) + (42 − 1) + (62 − 1) + (122 − 1)
= 0 + 3 + 8 + 15 + 35 + 143
= 204
Exercise 11.12. For each of the functions in Example 11.3 and Exercise 11.5 (for part (d) use p = 23), find the
value of the summatory function of f when evaluated at n = 18.
Our short-term objective is to show that the summatory function of a multiplicative function is also a multiplicative function. We get, in fact, a slightly stronger result.
Theorem 11.13. Let f be an arithmetic function and F be its summatory function. Then, f is a multiplicative function if and only if F is a multiplicative function.
Proof. Assume that f is multiplicative. Let m, n ∈ N be such that gcd(m, n) = 1. Then,
11.1 Generalities About Multiplicative Functions
83
F(mn) =
f (d)
∑
d|(mn)
=
f (ab)
∑
a|m & b|n
=
f (a) f (b)
∑
a|m & b|n
=
∑ ∑ f (a) f (b)
a|m b|n
!
=
∑ ∑ f (b)
a|m
f (a)
b|n
!
=
!
∑ f (b)
∑
b|n
a|m
f (a)
= F(m)F(n)
In order to get the second line in the argument above we used Exercise 4.5.
For the converse. Assume F is multiplicative. We will prove that f is multiplicative by strong induction on
k = nm. For k = 1, the only way to write 1 as a product of two positive integers is 1 = 1 · 1. In this case
F(1) = ∑ f (d) = f (1)
d|1
and thus f (1 · 1) = F(1 · 1) = F(1)F(1) = f (1) f (1).
Now assume the result is true for all products nm < k. We want to show that for mn = k with gcd(m, n) = 1,
f (mn) = f (m) f (n). We know
F(mn) = ∑ f (d) = f (mn) +
∑
f (d)
d|k d6=k
d|k
and
!
F(m)F(n) =
!
∑ f (s)
∑ f (t)
s|m
t|n
!
=
f (m) +
∑
f (s)
!
f (n) +
s|m s6=m
∑
f (t)
t|n t6=n
!
= f (m) f (n) + f (m)
∑
t|n t6=n
= f (m) f (n) +
∑
f (t) + f (n)
!
∑
s|m s6=m
!
f (s) +
∑
t|n t6=n
f (t)
!
∑
f (s)
s|m s6=m
f (s)
s|k s6=k
where in the last step we used Exercise 4.5 again, and the induction hypothesis.
It follows that f (mn) = f (m) f (n).
t
u
a
Exercise 11.14. Let f be a multiplicative function and F be its summatory function. Let n = pa11 · · · pk k , where
the pi ’s are distinct primes. Then,
k
F(n) = ∏ 1 + f (pi ) + f (p2i ) + · · · + f (pai i )
i=1
84
11 Multiplicative Functions
Now let us find explicitly the summatory functions corresponding to the three multiplicative functions in Example 11.3.
Theorem 11.15. The summatory function of φ , denoted Φ, is the identity function.
In order to prove this theorem we need a lemma.
Lemma 11.16. Let n ∈ Z, n > 1, be fixed. Define a relation on Z by a ∼ b if and only if gcd(a, n) = gcd(b, n).
(a) Show that ∼ is an equivalence relation.
(b) Show that Z can be partitioned into the sets
Sm = {a ∈ Z; gcd(a, n) = m}
where m|n.
Exercise 11.17. Prove Lemma 11.16.
Proof (Theorem 11.15). We know that Φ(n) = ∑ φ (d). Note that this can be re-written as Φ(n) = ∑ φ (n/m).
d|n
m|n
The equivalence relation in Lemma 11.16 yields a partition (into equivalence classes) of Z. Moreover, this
partition indices a partition of the set {1, 2, · · · , n} into the sets
Tm = {a ∈ N; a ≤ n, gcd(a, n) = m}
where m|n. It follows that
n = |{1, 2, · · · , n}| = ∑ |Tm |
m|n
Now notice that
|Tm | = |{a ∈ N; a ≤ n, gcd(a, n) = m}|
n
o
a n
,
=1 = a ∈ N; a ≤ n, gcd
m
m
n
a n
o
a
n
= a ∈ N;
≤ , gcd
,
=1 m m
m m
= φ (n/m)
Finally,
n = ∑ |Tm | = ∑ φ (n/m)
m|n
m|n
which implies that Φ(n) = n, for all n ∈ N.
t
u
Exercise 11.18. Use Exercise 11.14 to give a different (easier) proof of Theorem 11.15.
The summatory functions of f (n) = n and g(n) = 1 are studied in the next section.
11.2 The Functions σ and τ
The summatory function of f (n) = n is
F(n) = ∑ f (d) = ∑ d
d|n
d|n
which is the sum of the positive divisors of n. This function will be denoted by σ .
Similarly, the summatory function of g(n) = 1 is
11.2 The Functions σ and τ
85
G(n) = ∑ g(d) = ∑ 1
d|n
d|n
which is the number of positive divisors of n. This function will be denoted by τ.
We summarize these observations in the following definition.
Definition 11.19. For n > 0 define:
σ (n) = the sum of the positive divisors of n.
τ(n) = the number of positive divisors of n,
Remark 11.20. These functions are both multiplicative, by Theorem 11.13.
Example 11.21. 12 = 3 · 22 has positive divisors
1, 2, 3, 4, 6, 12.
Hence
σ (12) = 1 + 2 + 3 + 4 + 6 + 12 = 28
and
τ(12) = 6
We want to find a simple way to compute σ (n) and τ(n). Similarly to what happened in Chapter 8 when we
studied φ , we will just need to find expressions for σ (pk ) and τ(pk ) for p prime and k ∈ N.
Lemma 11.22. If p is a prime and k ∈ N we have
(a) σ (pk ) =
pk+1 − 1
p−1
(b) τ(pk ) = k + 1
Proof. Since p is prime, the divisors of pk are 1, p, p2 , . . . , pk , which are k + 1 divisors. Hence, (b) follows, and
σ (pk ) = 1 + p + p2 + · · · + pk =
pk+1 − 1
p−1
t
u
which is what we wanted to show for (a).
It is now immediate to prove.
Theorem 11.23. Let
n = pk11 pk22 · · · pkr r ,
r ≥ 1,
be the prime factorization of n, and ki ∈ N for each i ∈ {1, 2, . . . , r}. Then,
!
! pk11 +1 − 1
pk22 +1 − 1
pkr r +1 − 1
(a) σ (n) =
···
p1 − 1
p2 − 1
pr − 1
(b) τ(n) = (k1 + 1)(k2 + 1) · · · (kr + 1).
Exercise 11.24. Prove Theorem 11.23.
Hint: Exercise 11.6.
Let us look at an example to see how to use Theorem 11.23.
Example 11.25. Take n = 72 = 8 · 9 = 23 · 32 . The theorem says
86
11 Multiplicative Functions
σ (72) =
24 − 1
2−1
33 − 1
3−1
= 15 · 13 = 195
τ(72) = (3 + 1)(2 + 1) = 12
Similarly, since 2011 is prime then
σ (2011) = 2011 + 1 = 2012
τ(2011) = 1 + 1 = 2
Exercise 11.26. Find σ (n) and τ(n) for the following values of n.
(a) n = 900
(b) n = 496
(c) n = 32
(d) n = 128
(e) n = 1024
Exercise 11.27. Compute σ [σ (2011) + τ(2011) + 2].
Exercise 11.28. (a) Find all positive integers n with σ (n) = k, for k = 15, 21, 46 and 48.
(b) Find all positive integers with exactly four positive divisors.
(c) Find the least positive integer that has exactly twenty-five positive divisors.
(d) Find the least positive integer that has exactly twenty-one positive divisors.
(e) How many different positive divisors does 10! have? What is the sum of its positive divisors?
Exercise 11.29. Define a function α : N → N by
α(n) = sum of the squares of the positive divisors of n
Show that α is multiplicative.
Exercise 11.30. Show that the number of divisors of a square-free number is a power of 2. Is the converse true?
Exercise 11.31. Show that τ(n) is odd if and only if n is a square.
11.3 The Möbius Function
In Section 11.1 we learned how to obtain the summatory function of a given arithmetic function f . In this
section we will ‘reverse’ this process. In order to see how we will do this, we will work with specific numbers
and see what f must be, in terms of F.
Recall that the summatory function F of f is given by F(n) = ∑ f (d).
d|n
Since F(1) = f (1), then f (1) = F(1).
Since F(2) = f (1) + f (2) and f (1) = F(1), then f (2) = F(2) − F(1).
Since F(3) = f (1) + f (3) and f (1) = F(1), then f (3) = F(3) − F(1).
Similarly, we see that if p is prime, then F(p) = f (1) + f (p) and f (1) = F(1) imply f (p) = F(p) − F(1).
Now, for n = 4 we get F(4) = f (1) + f (2) + f (4) and f (1) = F(1) and f (2) = F(2) − F(1), then
f (4) = F(4) − f (1) − f (2) = F(4) − F(1) − (F(2) − F(1)) = F(4) − F(2)
Using similar ideas we compute other values. We recap these values next
11.3 The Möbius Function
87
f (4) = F(4) − F(2)
f (6) = F(6) − F(3) − F(2) + F(1)
f (8) = F(8) − F(4)
f (9) = F(9) − F(3)
f (10) = F(10) − F(5) − F(2) + F(1)
f (12) = F(12) − F(6) − F(4) + F(2)
Note that f (n) seems to be a sum of ±F(d)’s where d divides n, but we notice that some terms do not show up
(like F(1) in f (4)). Hence, f (n) seems to be a sum of m(d)F(d)’s where d divides n and m(d) is either 0 or
±1. Finally, we notice that F(1) appears only in the expressions of numbers that are square-free.
In order to figure what m(d) should be we will, instead consider a different writing for the formula we want to
obtain. It seems that our m is not consistent, as in f (4), we get a positive F(4) and in f (8) we get a negative
F(4). So, from now on we think f (n) has having the form
f (n) = ∑ µ(d)F(n/d)
d|n
and we notice that now the values of µ are consistent. In fact
µ(1) = 1
µ(2) = µ(3) = µ(5) = µ(7) = µ(11) = −1
µ(4) = µ(8) = µ(9) = µ(12) = 0
µ(6) = µ(10) = 1
Just to add a little more info, next are other values of µ that can be computed just as we computed the values
above.
µ(30) = µ(42) = µ(70) = µ(105) = −1
µ(16) = µ(18) = µ(20) = 0
µ(15) = µ(21) = µ(210) = 1
By looking at these values, it is easy to see that µ(n) = 0 should be zero for all numbers that are NOT squarefree, and if n is a square free number then µ(n) is 1 or −1 depending on the number of prime factors in the
factorization of n. That is, of n has an even number of prime factors then µ(n) = 1, and it is −1 otherwise.
Definition 11.32. The Möbius function µ is defined by

if n = 1
1
if n is not square-free
µ(n) = 0

(−1)k if n = p1 p2 · · · pk , where the pi ’s are all distinct primes
Remark 11.33. µ is multiplicative, this was Exercise 11.5(e).
Hence, we have the following theorem, which will be proved in a couple of pages ahead.
Theorem 11.34 (Möbius Inversion Formula). Assume that F is the summatory function of f . Then
f (n) = ∑ µ(d)F(n/d)
d|n
Example 11.35. Let g(n) be the arithmetic function whose summatory function is f (n) =
like to find g(24).
n−1
. We would
n+1
88
11 Multiplicative Functions
Using the Möbius Inversion Formula, we get
24
g(24) = ∑ µ(d) f
d
d|24
= µ(1) f (24) + µ(2) f (12) + µ(3) f (8) + µ(4) f (6) +
µ(6) f (4) + µ(8) f (3) + µ(12) f (2) + µ(24) f (1)
= f (24) − f (12) − f (8) + f (4)
23 11 7 3
=
−
− +
25 13 9 5
304
=−
2925
So, g(24) = −
304
2925
Exercise 11.36. Let F(n) = 2n + 1 be the summatory function of f . Compute f (24).
Exercise 11.37. Let n = 3500 5300 .
(a) Show that µ(d) 6= 0 for only 4 of the divisors d of n.
x−1
(b) Assume that F(x) =
is the summatory function of the arithmetic function f . Compute f (n).
x+1
In order to prove the Möbius inversion formula we need a couple of results.
Exercise 11.38. The following sets are equal:
{(n/d, k); d|n & k|d} = {(m, k); k|n & m|(n/k)}
Hint: Note that if k|d|n, then k|n and
n n
n
| . Consider m = .
d k
d
Lemma 11.39. Let µ be the Möbius function, then
∑ µ(m) =
m|t
0 if t 6= 1
1 if t = 1
a
Proof. Clearly the result is true for t = 1. For t 6= 1, let t = pa11 pa22 · · · pk k be the prime factorization of t. Since
µ(m) = 0 for all m|t that is not square-free then
∑ µ(m) = ∑ µ(m)
m|t
m|s
where s = p1 p2 · · · pk (square-free).
Now, note that a divisor of m of s will be mapped to −1 by µ if and only if m is the product
ofan odd number of
k
primes, out of the k that constitute s. Hence, for any odd number i ≤ k there are exactly
possible divisors
i
of s with µ(a) = −1. A similar result holds for divisors of s such that µ(a) = 1. It follows that
k
k
(−1)i = (1 − 1)k = 0
i
i=0
∑ µ(m) = ∑
m|s
t
u
Remark 11.40. Note that Lemma 11.39 gives us an expression for the summatory function of µ.
Exercise 11.41. Use Exercise 11.14 to give a different proof of Lemma 11.39.
11.3 The Möbius Function
89
Proof (Möbius inversion formula). Recall that F(n) = ∑ f (d). Then,
d|n
∑ µ(d)F(n/d) = ∑ µ(n/d)F(d)
d|n
d|n
!
= ∑ µ(n/d)
∑ f (k)
d|n
=∑
k|d
∑ µ(n/d) f (k)
d|n k|d
Now now use Exercise 11.38 to get ∑
µ(m) f (k). Hence,
∑ µ(n/d) f (k) = ∑ ∑
d|n k|d
k|n m|(n/k)
µ(m) f (k)
∑ µ(d)F(n/d) = ∑ ∑
d|n
k|n m|(n/k)
!
= ∑ f (k)
k|n
∑
µ(m)
m|(n/k)
Now we use that Lemma 11.39 gives us an explicit value for the expression in parenthesis in the sum above.
Since it is almost always zero, then the only term in the sum that survives is the one obtained when n = k.
Hence,
!
∑ µ(d)F(n/d) = ∑ f (k)
d|n
k|n
∑
µ(m)
= f (n)
m|(n/k)
t
u
Exercise 11.42. Let F(n) = ∑ µ(d)τ(d) for all positive integers n.
d|n
(a) Show that F(n) is multiplicative.
(b) Calculate F(pα ) where p is a prime and α ≥ 1.
(c) Calculate F(n). For n ≥ 2, your answer should depend on the prime factorization of n.
Exercise 11.43. Let g(n) be the arithmetic function whose summatory function is f (n) =
(a) Prove that g(n) is multiplicative.
(b) Calculate g(pα ) where p is a prime and α ≥ 1.
(c) Calculate g(n) (for n ≥ 2, your answer should depend on the prime factorization of n).
φ (n)
.
n
10
is the summatory function of an arithmetic function g.
n
(a) Compute µ(d) for all divisors d of 1, 000, 000.
(b) Find g(1, 000, 000).
Exercise 11.44. Assume G(n) =
Exercise 11.45. (a) Consider the function F(n) = n2 , which is the summatory function of f . Find f (18) and
f (24).
(b) Assume that
√
F(n) = 100 n
is the summatory function of f . Compute f (100100 ).
Exercise 11.46. Find four consecutive integers that are zeros of the Möbius function.
Exercise 11.47. Assume f is a non-zero multiplicative function. Show
90
11 Multiplicative Functions
k
∑ µ(d) f (d) = ∏ (1 − f (pi ))
i=1
d|n
a
where the prime factorization of n is n = pa11 · · · pk k .
Hint: Exercise 11.14.
We close this chapter by taking an algebraic look at the set of all arithmetic functions. The reader needs to have
some knowledge of abstract algebra to study this material.
Definition 11.48. We denote by A the set of all real-valued arithmetic functions. That is,
A = { f : N → R; f is an arithmetic function}
This set turns out behaving well with respect to the operations ‘inherited’ from R.
Exercise 11.49.
(a) Show that A is an integral domain under the obvious operations induced by R.
(b) Is the set of all multiplicative functions a subring of A ? What about the set of all completely multiplicative
functions?
A much less natural operation can also be defined on A . It is called the Dirichlet product.
Definition 11.50. Define the Dirichlet product of f , g ∈ A by
( f ∗ g)(n) =
∑
f (d1 )g(d2 )
d1 d2 =n
Exercise 11.51. (a) Compute (φ ∗ τ)(n), (φ ∗ σ )(n), and (τ ∗ σ )(n), for n = 1, 2, . . . , 6.
(b) Compute (τ ∗ φ )(n), (σ ∗ φ )(n), and (σ ∗ τ)(n), for n = 1, 2, . . . , 6. Compare with part (a).
(c) Let p be a prime number. Prove that (φ ∗ τ)(pk ) = σ (pk ), for all k ∈ N.
Exercise 11.52. (a) Prove that f ∗ g is also an arithmetic function.
(b) Prove that the product ∗ is commutative and associative.
(c) What is the identity in A for this product?
(d) Let I be the constant function equal to 1. What is f ∗ I?
(e) What would be the inverse (under ∗) of I in A ?
(f) Prove that an arithmetic function f has a Dirichlet inverse that is multiplicative if and only if f (1) 6= 0.
(g) Prove that the set of multiplicative functions is closed under the Dirichlet product.
Hint: Proof of Theorem 11.13.
(h) Prove that the set of non-zero multiplicative functions is a group under the Dirichlet product.
Exercise 11.53. (a) Prove that φ ∗ τ = σ .
(b) Compute (τ ∗ τ ∗ τ)(n), for all n ∈ N.
Chapter 12
Important Families of Numbers
It has already been mentioned that Number Theory is the branch of mathematics that focuses on the study of
the integers. Out of this study many ways to classify these numbers arise. In this chapter we will look at a few
of these classes (arguably, among the most important ones), and the associated concepts needed to understand
them.
12.1 Fermat Primes and Mersenne Primes
Finding large primes and proving that they are indeed prime is not easy. One way to find large primes is to look
at numbers that have some special form, for example, numbers of the form an + 1 or an − 1. It is easy to rule
out some values of a and n. For example we have:
Theorem 12.1. Let a > 1 and n > 1. Then,
(a) an − 1 is prime ⇒ a = 2 and n is prime.
(b) an + 1 is prime ⇒ a is even and n = 2k for some k ≥ 1.
Proof. (a) We know from Exercise 2.59, page 14, that
an − 1 = (a − 1)(an−1 + · · · + a + 1)
Note that if a > 2 and n > 1 then a − 1 > 1 and an−1 + · · · + a + 1 ≥ a + 1 > 3 so both factors of an − 1 above
are larger than 1 and thus an − 1 is not prime. Hence if an − 1 is prime we must have a = 2. Now suppose 2n − 1
is prime. We claim that n is prime. If not n = st where 1 < s < n, 1 < t < n. Then
2n − 1 = 2st − 1 = (2s )t − 1
is prime. But we just showed that if an − 1 is prime we must have a = 2. So we must have 2s = 2. Hence s = 1,
t = n. So n is not composite. Hence n must be prime.
(b) We know that
an − 1 = (a − 1)(an−1 + an−2 + · · · + a + 1)
Replace a by −a above to get
(−a)n − 1 = (−a − 1) (−a)n−1 + (−a)n−2 + · · · + (−a) + 1
Since if n is odd, then n − 1 is even, n − 2 is odd, . . . , etc., we have
(−a)n = −an , (−a)n−1 = an−1 , (−a)n−2 = −an−2 , · · ·
So,
−(an + 1) = −(a + 1) an−1 − an−2 + · · · − a + 1 .
Multiplying both sides by −1 we get
(an + 1) = (a + 1)(an−1 − an−2 + · · · − a + 1)
91
92
12 Important Families of Numbers
when n is odd.
If n ≥ 2 we have 1 < a + 1 < an + 1. This shows that if n is odd and a > 1, an + 1 is not prime. Suppose n = 2st
s
where t is odd. Then if an + 1 is prime we have (a2 )t + 1 is prime. But by what we just showed this cannot be
prime if t is odd and t ≥ 2. So we must have t = 1 and n = 2s . Also an + 1 prime implies that a is even since
if a is odd so is an . Then an + 1 would be even. The only even prime is 2. But since we assume a > 1 we have
a ≥ 2 so an + 1 ≥ 3.
t
u
Definition 12.2. (a) A number of the form Mn = 2n − 1, n ≥ 2, is said to be a Mersenne number.
(b) If Mn is prime, it is called a Mersenne prime.
n
(c) A number of the form Fn = 22 + 1, n ≥ 0, is called a Fermat number.
(d) If Fn is prime, it is called a Fermat prime.
One may prove that F0 = 3, F1 = 5, F2 = 17, F3 = 257 and F4 = 65537 are primes. As n increases the numbers
n
Fn = 2(2 ) + 1 increase in size very rapidly, and are not easy to check for primality. It is known that Fn is
composite for many values of n ≥ 5. This includes all n such that 5 ≤ n ≤ 30 and a large number of other values
of n including 382447 (the largest one I know of). It is now conjectured that Fn is composite for n ≥ 5. So
Fermat’s original thought that Fn is prime for n ≥ 0 seems to be pretty far from reality.
Exercise 12.3. Use Maple to factor F5 . [Go to any campus computer lab. Click or double-click on the Maple
icon. When the window comes up, type at the prompt > the following:
> ifactor(2ˆ32 + 1);
Hit the return key and you will get the answer.]
M3 = 23 − 1 = 7 is a Mersenne prime and M4 = 24 − 1 = 15 is a Mersenne number which is not a prime. At
first it was thought that M p = 2 p − 1 is prime whenever p is prime. But M11 = 211 − 1 = 2047 = 23 · 89 is not
prime.
Over the years people have continued to work on the problem of determining for which primes p, M p = 2 p − 1
is prime. To date 48 Mersenne primes have been found. It is known that 2 p − 1 is prime if p is one of the
following 48 primes:
2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279, 2203, 2281, 3217, 4253, 4423, 9689, 9941,
11213, 19937, 21701, 23209, 44497, 86243, 110503, 132049, 216091, 756839, 859433, 1257787, 1398269,
2976221, 3021377, 6972593, 13466917, 20996011, 24036583, 25964951, 30402457, 32582657, 37156667,
42643801, 43112609, 57885161, 74, 207, 281.
The largest one, M74,207,281 = 274,207,281 − 1, was found on January 07, 2016. The decimal representation of this
number has 22, 338, 618 digits. It was found by Curtis Cooper et al, as a part of the Great Internet Mersenne
Prime Search (GIMPS), see Chris Caldwell’s page for more about this. This prime could be the 49th Mersenne
prime (in order of size), but we will only know this for sure when GIMPS completes testing all exponents below this one. You may find the link to Chris Caldwell’s page on the bibliography, under [1]. Later we show the
connection between Mersenne primes and perfect numbers.
Lemma 12.4. If Mn is prime, then n is prime.
Proof. This is immediate from Theorem 12.1(a).
t
u
The most basic question about Mersenne primes is: Are there infinitely many Mersenne primes?
Exercise 12.5. Determine which Mersenne numbers Mn are prime when 2 ≤ n ≤ 12. You may use Maple for
this exercise. The Maple command for determining whether or not an integer n is prime is
isprime(n);
Exercise 12.6. Find all values of n such that φ (σ (2n )) = 2n .
The following primality test for Mersenne numbers makes it easier to check whether or not M p is prime when
p is a large prime.
12.2 Perfect, Deficient, and Abundant Numbers
93
Theorem 12.7 (The Lucas-Lehmer Mersenne Prime Test). Let p be an odd prime. Define the sequence
r1 , r2 , r3 , . . . , r p−1
by the rules
r1 = 4
and for k ≥ 2,
2
rk = (rk−1
− 2) mod M p .
Then M p is prime if and only if r p−1 = 0.
The proof of this is not easy. One place to find it is [6].
Example 12.8. Let p = 5. Then M p = M5 = 31.
r1 = 4
r2 = (42 − 2) mod 31 = 14 mod 31 = 14
r3 = (142 − 2) mod 31 = 194 mod 31 = 8
r4 = (82 − 2) mod 31 = 62 mod 31 = 0.
Hence by the Lucas-Lehmer test, M5 = 31 is prime.
Exercise 12.9. Show using the Lucas-Lehmer test that M7 = 127 is prime.
Remark 12.10. Note that the Lucas-Lehmer test for M p = 2 p − 1 takes only p − 1 steps. On the other hand, if
p
p
one attempts to prove M p prime by testing all primes ≤ M p one must consider about 2 2 steps. This is MUCH
larger than p in general.
12.2 Perfect, Deficient, and Abundant Numbers
The ancient Greek considered that a number was perfect if it was the sum of its (proper) divisors. For instance,
6 = 1 + 2 + 3 and 28 = 14 + 7 + 4 + 2 + 1 are perfect.
We will study perfect numbers as a part of the study of the function σ . We already know this function is multiplicative, and this will prove being very useful when working with perfect numbers. The following definition
is equivalent to the way the ancient Greek defined perfect numbers.
Definition 12.11. n > 1 is perfect if and only if σ (n) = 2n.
Exercise 12.12. Prove that 6 and 28 are perfect.
It is clear that, for any n ∈ N, we will get that σ (n) is either less, equal, or larger to 2n. Then, it makes sense to
give the following definition.
Definition 12.13. n > 1 is deficient if and only if σ (n) < 2n. Similarly, n > 1 is abundant if and only if
σ (n) > 2n.
Example 12.14. (a) Since σ (5) = 4 < 2 · 5, then n = 5 is deficient.
(b) Since σ (6) = 12 = 2 · 6, then n = 6 is perfect.
(c) Since σ (12) = 28 > 2 · 12, then n = 12 is abundant.
Exercise 12.15. (a) Classify each of the natural numbers up to 15 as deficient, perfect, or abundant.
(b) Classify each of the numbers in Exercise 11.26 as deficient, perfect, or abundant.
94
12 Important Families of Numbers
Exercise 12.16. Let n ∈ N. Prove that n is perfect if and only if
1
∑ d = 2.
d|n
Hint: Use σ as a summatory function.
Exercise 12.17. (a) Prove that if p is prime, and k ∈ N, then n = pk is deficient.
(b) Prove that there exist infinitely many deficient numbers.
If you do a search for perfect numbers up to 10, 000 you will find only the following perfect numbers:
6 = 2 · 3,
28 = 22 · 7,
496 = 24 · 31,
8128 = 26 · 127.
Note that 22 = 4, 23 = 8, 25 = 32, 27 = 128 so we have:
6 = 2 · (22 − 1),
28 = 22 · (23 − 1),
496 = 24 · (25 − 1),
8128 = 26 · (27 − 1).
Note also that 22 − 1, 23 − 1, 25 − 1, 27 − 1 are Mersenne primes. One might conjecture that all perfect numbers
follow this pattern. We discuss to what extent this is known to be true. We start with the following result.
Theorem 12.18. If 2 p − 1 is a Mersenne prime, then 2 p−1 (2 p − 1) is perfect.
Proof. Let n = 2 p−1 (2 p − 1). Since 2 p − 1 is odd and prime, then gcd(2 p−1 , 2 p − 1) = 1. Hence, using that σ
is multiplicative, we have
p
2 −1
σ (n) = σ 2 p−1 σ (2 p − 1) =
(1 + (2 p − 1)) = (2 p − 1)(2 p ) = 2(2 p − 1)2 p−1 = 2n
2−1
That is, σ (n) = 2n and thus n is perfect.
t
u
Exercise 12.19. (a) Prove that if n = 2k − 1 is not a Mersenne prime, then 2k−1 (2k − 1) is abundant.
(b) Prove that there exist infinitely many abundant numbers.
Now we show that all even perfect numbers have the conjectured form.
Theorem 12.20. If n is even and perfect then there is a Mersenne prime 2 p −1 such that n = 2 p−1 (2 p −1).
Proof. Let n be even and perfect. Since n is even, n = 2m for some m. We take out as many powers of 2 as
possible obtaining
n = 2k · q
k ∈ N, q odd.
Since n is perfect σ (n) = 2n. Since q is odd, gcd(2k , q) = 1, so by Remark 11.20 and Theorem 11.23
σ (n) = σ (2k )σ (q) = (2k+1 − 1)σ (q).
So, we have
2k+1 q = 2n = σ (n) = (2k+1 − 1)σ (q),
hence
12.3 Pythagorean Triples
95
2k+1 q = (2k+1 − 1)σ (q).
(12.1)
So, 2k+1 divides (2k+1 − 1)σ (q). But since 2k+1 − 1 is odd, then 2k+1 divides σ (q). Hence σ (q) = (2k+1 )a, for
some a ∈ N. Plugging this into Equation (12.1) we get
q = (2k+1 − 1)a
Note that this implies that a is a (positive) divisor of q.
Now we distribute a in q = (2k+1 − 1)a and use σ (q) = (2k+1 )a to get
q = 2k+1 a − a = σ (q) − a
which can be re-written as
σ (q) = a + q
But, both q and a are positive divisors of q, and they cannot be the same because q = (2k+1 − 1)a and k 6= 0.
It follows that a = 1. Hence, σ (q) = 1 + q, and thus q is prime. Moreover, q = 2k+1 − 1. Done.
t
u
Corollary 12.21. There is a 1–1 correspondence between even perfect numbers and Mersenne primes.
Exercise 12.22. Prove that a Mersenne number 2n−1 (2n − 1), such that 2n − 1 is not prime, must be abundant.
Three Open Questions:
1. Are there infinitely many even perfect numbers?
2. Are there infinitely many Mersenne primes?
3. Are there any odd perfect numbers?
So far no one has found a single odd perfect number. It is known that if an odd perfect number exists, it must
be larger than 1050 .
Remark 12.23. (a) Some think that Euclid’s knowledge of 2 p−1 (2 p − 1) being perfect when 2 p − 1 is prime
may have been his motivation for defining prime numbers.
(b) A great webpage with lots of history about perfect numbers is [3].
Exercise 12.24. True or False (prove or give an example).
(a) The sum of two distinct perfect numbers is perfect as well.
(b) There are three consecutive numbers such that one of them is perfect, another deficient, and the other
abundant (not necessarily in this order).
Exercise 12.25. Prove that if n is a power of a prime then it is deficient.
Exercise 12.26. (a) Prove that if n is a multiple of an abundant/perfect number then it is abundant.
(b) Prove that if n is a divisor of a deficient/perfect number then it is deficient.
12.3 Pythagorean Triples
An equation that you most probably have used before is what is known as ‘The Pythagorean Theorem,’ which
allows us to find the third side of a right triangle by putting the other two into
x2 + y2 = z2
and solving.
Already in the Elements of Euclid this equation is considered as an equation in Z... a Diophantine equation, if
you please. In this section we will find all solutions in Z for it; such solutions are called Pythagorean triples.
96
12 Important Families of Numbers
We start by assuming that a, b, c ∈ Z are such that x = a, y = b and z = c form a solution of
x2 + y2 = z2
Knowing that a2 + b2 = c2 plug x = ka, y = kb and z = kc into x2 + y2 = z2 to get
(ka)2 + (kb)2 = k2 (a2 + b2 ) = k2 c2 = (kc)2
and thus x = ka, y = kb and z = kc also form a solution of the equation, for all k ∈ Z. Because of this we will
now look for integers a, b, and c such that gcd(a, b) = gcd(b, c) = gcd(a, c) = 1. Such solutions of x2 + y2 = z2
are said to be primitive.
If at least two of the integers are even, then the triple gcd condition does not hold. So, there must be at most 1
even integer. If none of them is even, then we get a contradiction as the square of an odd number is odd and the
sum of two odds is always even. It follows that exactly one of the integers must be even. Moreover, we know
that the even number must be either a or b. WLOG we assume that a and c are odd and b is even.
Now note that 2 cannot divide both c + b and c − b, as b and c have different parity. Moreover, if an odd prime
p divided both c + b and c − b then it would divide (b + c) + (b − c) = 2b and (b + c) − (b − c) = 2c, which
would force p to divide both b and c. This is impossible! Hence c + b and c − b are relatively prime.
If we manipulate a2 + b2 = c2 we get a2 = c2 − b2 = (c + b)(c − b), which says that the product of two relatively
prime numbers is a square... this can only be possible if each of the numbers is a square. Summarizing, c + b =
n2 and c − b = m2 , for some n, m ∈ Z.
We now solve the system of linear equations in b and c
c + b = n2
c − b = m2 .
We get
b=
n2 − m2
2
c=
n2 + m2
.
2
We also obtain a = mn by plugging what we have gotten above into a2 = c2 − b2 .
Finally, WLOG we can consider m and n to be positive. Moreover, since a = mn and a is odd, then so are both
m and n. Also, since 1 = gcd(c + b, c − b) = gcd(m2 , n2 ), then gcd(m, n) = 1.
We have proved the following:
Theorem 12.27. Let a, b, c ∈ Z be a primitive Pythagorean triple. Then,
a = mn
b=
n 2 − m2
2
c=
n 2 + m2
2
for some positive odd integers m and n with gcd(m, n) = 1.
Exercise 12.28. Prove that if a, b, c ∈ Z is a Pythagorean triple, then there exist d ∈ N such that
2
2
n − m2
n + m2
a = dmn
b=d
c=d
2
2
or
a=d
n2 − m2
2
b = dmn
c=d
n 2 + m2
2
Exercise 12.29. (a) Find all Pythagorean triples (x, y, z) such that one of the values is 10.
(b) Find all Pythagorean triples (x, y, z) such that one of the values is 15.
Chapter 13
Applications
Take two large prime numbers
Find the product n, and the totient φ
If e and φ have gcd one
and d is e’s inverse, then you’re done!
For sending m raised to the e
reduced mod n gives secre-c.
Daniel G. Treat1
13.1 Probabilistic Primality Tests
According to Fermat’s Little Theorem, if p is prime and 1 ≤ a ≤ p − 1, then
a p−1 ≡ 1
(mod p).
The converse is also true in the following sense:
Theorem 13.1. If m ≥ 2 and for all a such that 1 ≤ a ≤ m − 1 we have
am−1 ≡ 1 (mod m)
then m must be prime.
Proof. If the hypothesis holds, then for all a with 1 ≤ a ≤ m − 1, we know that a has an inverse modulo m,
namely, am−2 is an inverse for a modulo m. It follows that gcd(a, m) = 1 for all 1 ≤ a ≤ m − 1. But if m were
not prime, then we would have m = ab with 1 < a < m, 1 < b < m. Then gcd(a, m) = a > 1, a contradiction.
So m must be prime.
t
u
Using the above theorem to check that p is prime we would have to check that a p−1 ≡ 1 (mod p) for a =
1, 2, 3, . . . , p − 1. This is a lot of work. Suppose we just know that 2m−1 ≡ 1 (mod m) for some m > 2. Must m
be prime? Unfortunately, the answer is no. The smallest composite m satisfying 2m−1 ≡ 1 (mod m) is m = 341.
Exercise 13.2. Use Maple (or do it via hand and or calculator) to verify that 2340 ≡ 1 (mod 341) and that 341
is not prime.
The moral is that even if 2m−1 ≡ 1 (mod m), the number m need not be prime. On the other hand, consider the
case of m = 63. Note that
26 = 64 ≡ 1 (mod 63).
Hence, 26 ≡ 1 (mod 63). Raising both sides to the 10th power we have
260 ≡ 1 (mod 63).
Then multiplying both sides by 22 we get
1
Mathematics magazine of the MAA. Vol 75, No 4, Oct 2002.
97
98
13 Applications
262 ≡ 4 (mod 63)
since
4 6≡ 1
(mod 63)
we have
262 6≡ 1 (mod 63).
This tells us that 63 is not prime, without factoring 63. We emphasize that this is a general fact. That is, if
2m−1 6≡ 1 (mod m) then we can be sure that m is not prime.
FACT.
There are 455,052,511 odd primes p ≤ 1010 , all of which satisfy 2 p−1 ≡ 1 (mod p). There are only 14,884
composite numbers 2 < m ≤ 1010 that satisfy 2m−1 ≡ 1 (mod m). Thus, if 2 < m ≤ 1010 and m satisfies 2m−1 ≡
1 (mod m), the probability m is prime is
455, 052, 511
≈ .999967292.
455, 052, 511 + 14, 884
In other words, if you find that 2m−1 ≡ 1 (mod m), then it is highly likely (but not a certainty) that m is prime,
at least when m ≤ 1010 . Thus the following Maple procedure will almost always give the correct answer:
> is_prob_prime:=proc(n)
if n <=1 or Power(2,n-1) mod n <> 1 then
return "not prime";
else
return "probably prime";
end if;
end proc:
Note that the Maple command Power(a,n-1) mod n is an efficient way to compute an−1 mod n. We
discuss this in more detail later. The procedure is_prob_prime(n) just defined returns “probably prime”
if 2n−1 mod n = 1 and “not prime” if n ≤ 1 or if 2n−1 mod n 6= 1. If the answer is “not prime”, then we know
definitely that n is not prime. If the answer is ‘probably prime’, we know that there is a very small probability
that n is not prime.
In practice, there are better probabilistic primality tests than that mentioned above. For more details see, for
example, [5].
The built-in Maple procedure isprime is a very sophisticated probabilistic primality test. The command
isprime(n) returns false if n is not prime and returns true if n is probably prime. So far no one has found an
integer n for which isprime(n) gives the wrong answer.
One might ask what happens if we use 3 instead of 2 in the above probabilistic primality test. Or, better yet,
what if we evaluate am−1 mod m for several different values of a.
Consider the following data:
The number of primes ≤ 106 is 78,498.
The number of composite numbers m ≤ 106 such that 2m−1 ≡ 1 (mod m) is 245.
The number of composite numbers m ≤ 106 such that 2m−1 ≡ 1 (mod m) and 3m−1 ≡ 1 (mod m) is 66.
The number of composite numbers m ≤ 106 such that am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 13, 17, 19, 31, 37, 41}
is 0.
Thus, we have the following result:
If m ≤ 106 and am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 17, 19, 31, 37, 41}, then m is prime.
The above results for m ≤ 106 were found using Maple.
13.2 The Base b Representation of n
99
If m > 106 and am−1 ≡ 1 (mod m) for a ∈ {2, 3, 5, 7, 11, 17, 19, 31, 37, 41}, it is highly likely, but not certain,
that m is prime. Actually the primality test isprime that is built into Maple uses a somewhat different idea.
Exercise 13.3. Use Maple to show that
(a) 390 ≡ 1 (mod 91), but 91 is not prime.
(b) 2m−1 ≡ 1 (mod m) and 3m−1 ≡ 1 (mod m) for m = 1105, but 1105 is not prime.
Hints: Note that an ≡ 1 (mod m) ⇔ an mod m = 1. In Maple, 390 is written 3ˆ90 and 390 mod 91 is written
3ˆ90 mod 91. A faster way to compute an mod m in Maple is to use the command Power(a,n) mod m.
Recall that ifactor(m) is the command to factor m.
13.2 The Base b Representation of n
Definition 13.4. Let b ≥ 2 and n > 0. We write
n = [ak , ak−1 , . . . , a1 , a0 ]b
(1)
if and only if for some k ≥ 0
n = ak bk + ak−1 bk−1 + · · · + a1 b + a0
where ai ∈ {0, 1, . . . , b − 1} for i = 0, 1, . . . , k. [ak , ak−1 , . . . , a1 , a0 ] is called a base b representation of n.
Remark 13.5. Base b is called
binary if b = 2,
ternary if b = 3,
octal if b = 8,
decimal if b = 10,
hexadecimal if b = 16.
If b is understood, especially if b = 10, we write ak ak−1 · · · a1 a0 in place of [ak , ak−1 , . . . , a1 , a0 ]10 . In the case
of b = 16, which is used frequently in computer science, the “digits” 10, 11, 12, 13, 14 and 15 are replaced by
A, B, C, D, E and F, respectively.
For a fixed base b ≥ 2, the numbers ai ∈ {0, 1, 2, . . . , b − 1} in equation (1) are called the digits of the base b
representation of n. In the binary case ai ∈ {0, 1} and the ai ’s are called bits (binary digits).
Here are a few examples:
(a) 267 = [5, 3, 1]7 , since 267 = 5 · 72 + 3 · 7 + 1.
(b) 147 = [1, 0, 0, 1, 0, 0, 1, 1]2 , since 147 = 1 · 27 + 0 · 26 + 0 · 25 + 1 · 24 + 0 · 23 + 0 · 22 + 1 · 2 + 1.
(c) 4879 = [4, 8, 7, 9]10 , since 4879 = 4 · 103 + 8 · 102 + 7 · 10 + 9.
(d) 10705679 = [A, 3, 5, B, 0, F]16 , since 10705679 = 10 · 165 + 3 · 164 + 5 · 163 + 11 · 162 + 0 · 16 + 15.
(e) 107056791 = [107, 56, 791]1000 , since 107056791 = 107 · 10002 + 56 · 1000 + 791.
Theorem 13.6. If b ≥ 2, then every n > 0 has a unique base b representation of the form n =
[ak , . . . , a1 , a0 ]b with ak > 0.
Proof. Apply repeatedly the Division Algorithm as follows:
100
13 Applications
n = bq0 + r0 ,
0 ≤ r0 < b
q0 = bq1 + r1 ,
0 ≤ r1 < b
q1 = bq2 + r2 ,
..
.
0 ≤ r2 < b
qk−1 = bqk + rk ,
0 ≤ rk < b
qk = bqk+1 + rk+1 ,
0 ≤ rk+1 < b.
It is easy to see that if qk > 0:
n > q0 > q1 > · · · > qk .
Since this cannot go on forever we eventually obtain q` = 0 for some `. Then we have
q`−1 = b · 0 + r` .
I claim that n = [r` , r`−1 , . . . , r0 ] if ` is the smallest integer such that q` = 0. To see this, note that
n = bq0 + r0
and
q0 = bq1 + r1 .
Hence
n = b (bq1 + r1 ) + r0
n = b2 q1 + br1 + r0 .
Continuing in this way we find that
n = b`+1 q` + b` r` + · · · + br1 + r0 .
And, since q` = 0 we have
n = b` r` + · · · + br1 + r0 ,
(∗)
which shows that
n = [r` , . . . , r1 , r0 ]b .
To see that this representation is unique, note that from (∗) we have
n = b b`−1 r` + · · · + r1 + r0 , 0 ≤ r0 < b.
By the Division Algorithm it follows that r0 is uniquely determined by n, as is the quotient q = b`−1 r` + · · · + r1 .
A similar argument shows that r1 is uniquely determined. Continuing in this way we see that all the digits
r` , r`−1 , . . . , r0 are uniquely determined.
t
u
Example 13.7. (a) We find the base 7 representation of 1,749.
1749 = 249 · 7 + 6
249 = 35 · 7 + 4
35 = 5 · 7 + 0
5 = 0·7+5
Hence 1749 = [5, 0, 4, 6]7 .
(b) We find the base 12 representation of 19,151.
13.2 The Base b Representation of n
101
19, 151 = 1595 · 12 + 11
1, 595 = 132 · 12 + 11
132 = 11 · 12 + 0
11 = 0 · 12 + 11
So, 19, 151 = [11, 0, 11, 11]12 .
(c) Find the base 10 representation of 1,203.
1203 = 120 · 10 + 3
120 = 12 · 10 + 0
12 = 1 · 10 + 2
1 = 0 · 10 + 1
Hence 1203 = [1, 2, 0, 3]10 .
(d) Find the base 2 (binary) representation of 137.
137 = 2 · 68 + 1
68 = 2 · 34 + 0
34 = 2 · 17 + 0
17 = 2 · 8 + 1
8 = 2·4+0
4 = 2·2+0
2 = 2·1+0
1 = 2·0+1
So, 137 = [1, 0, 0, 0, 1, 0, 0, 1]2 .
Exercise 13.8. Generalize the following observations
3 = [1, 1]2
7 = [1, 1, 1]2
15 = [1, 1, 1, 1]2
31 = [1, 1, 1, 1, 1]2
63 = [1, 1, 1, 1, 1, 1]2
Exercise 13.9. Generalize the following observation:
8 = [2, 2]3
26 = [2, 2, 2]3
80 = [2, 2, 2, 2]3
242 = [2, 2, 2, 2, 2]3
Exercise 13.10. Generalize Exercises 13.8 and 13.9 to an arbitrary base b ≥ 2.
Remark 13.11. To find the binary representation of a small number, the following method is often easier than
the above method:
Given n > 0 let 2n1 be the largest power of 2 satisfying 2n1 ≤ n. Let 2n2 be the largest power of 2 satisfying
2n2 ≤ n − 2n1 .
102
13 Applications
Let 2n3 be the largest power of 2 satisfying
2n3 ≤ n − 2n1 − 2n2 .
Note that at this point we have
0 ≤ n − (2n1 + 2n2 + 2n3 ) < n − (2n1 + 2n2 ) < n − 2n1 < n.
Continuing in this way, eventually we get
0 = n − (2n1 + 2n2 + · · · + 2nk ) .
Then n = 2n1 + 2n2 + · · · + 2nk , and this gives the binary representation of n.
Example 13.12. Take n = 137. Note that 21 = 2, 22 = 4, 23 = 8, 24 = 16, 25 = 32, 26 = 64, 27 = 128, and
28 = 256. Using the above method we compute:
137 − 27 = 137 − 128 = 9,
9 − 23 = 1,
1 − 20 = 0.
So, we have
137 = 27 + 9 + 1 = 27 + 23 + 1 = 27 + 0 · 26 + 0 · 25 + 0 · 24 + 23 + 0 · 22 + 0 · 2 + 1.
So, 137 = [1, 0, 0, 0, 1, 0, 0, 1]2 .
Exercise 13.13. Show how to use both methods to find the binary representation of 455.
Exercise 13.14. Make a vertical list of the binary representation of the integers 1 to 16.
13.3 Computation of aN mod m
Let’s first consider the question: What is the smallest number of multiplications required to compute aN where
N is any positive integer?
Suppose we want to calculate 28 . One way is to perform the following 7 multiplications:
22 = 2 · 2 = 4
23 = 2 · 4 = 8
24 = 2 · 8 = 16
25 = 2 · 16 = 32
26 = 2 · 32 = 64
27 = 2 · 64 = 128
28 = 2 · 128 = 256
But we can do it in only 3 multiplications:
13.3 Computation of aN mod m
103
22 = 2 · 2 = 4
2
24 = 22 = 4 · 4 = 16
2
28 = 24 = 16 · 16 = 256
In general, using the method:
a2 = a · a, a3 = a2 · a, a4 = a3 · a, . . . , an = an−1 · a
requires n − 1 multiplications to compute an .
On the other hand if n = 2k then we can compute an by successive squaring with only k multiplications:
a2 = a · a
2
2
a2 = a2 = a2 · a2
2 2
2
2
3
= a2 · a2
a2 = a2
..
.
..
.
k−1 2
k
k−1
k−1
a2 = a2
= a2 · a2
Note that the fact that
2k = 2k−1 2 = 2k−1 + 2k−1
together with the Laws of Exponents:
(an )m = anm
an · am = an+m
and
is what makes this method work. Note that if n = 2k then k is generally a lot smaller than n − 1.
If n is not a power of 2 we can use the following method:
Let n be a positive integer. Let x be any real number. This is a method for computing xn .
• Find the binary representation for n:
n = [ar , ar−1 , . . . , a0 ]2
• Compute the powers
2
3
r
x2 , x2 , x2 , . . . , x2
by successive squaring as shown above.
• Compute the product
r
r−1
xn = xar 2 · xar−1 2 · · · xa1 2 · xa0 .
[Note each ai is 0 or 1, so all needed factors were obtained in Step 2.]
Example 13.15. Let us compute 315 . Note that 15 = 23 + 22 + 2 + 1 = [1, 1, 1, 1]2 . For Step 2, we note that
32 = 3 · 3 = 9
2
32 = 9 · 9 = 81
3
32 = 81 · 81 = 6561
So
3
2
315 = 32 · 32 · 32 · 31 = 6561 · 81 · 9 · 3 = 14348907
104
13 Applications
Note that we have used just 6 multiplications, which is less than the 14 it would take if we used the naive
method. Let’s not forget that some additional effort was needed to compute the binary representation of 15, but
not much.
Theorem 13.16. Computing xn using the binary method requires blog2 (n)c applications of the Division
Algorithm and at most 2blog2 (n)c multiplications.
Proof. If n = [ar , . . . , a0 ]2 , ar = 1, then n = 2r + · · · + a1 2 + a0 . Hence
2r ≤ n ≤ 2r + 2r−1 + · · · + 2 + 1 = 2r−1 − 1 < 2r+1 .
(∗)
Since log2 (2x ) = x and when 0 < a < b we have log2 (a) < log2 (b), we have from (∗) that
log2 (2r ) ≤ log2 (n) < log2 2r+1
or
r ≤ log2 (n) < r + 1.
Hence r = blog2 (n)c. Note that r is the number of times we need to apply the Division Algorithm to obtain the
2
r
binary representation n = [ar , . . . , a0 ]2 , ar = 1. To compute the powers x, x2 , x2 , . . . , x2 by successive squaring
requires r = blog2 (n)c multiplications and similarly to compute the product
r
r−1
x2 · xar−1 2
· · · xa1 2 · xa0
requires r multiplications. So after obtaining the binary representation we need at most 2r = 2blog2 (n)c multiplications.
t
u
To find log2 (x) one may use the formula
log2 (x) =
1
ln(x)
ln(2)
where ln(x) is the natural logarithm of x. For small values of x it is sometimes faster to use the fact that
r = blog2 (x)c is equivalent to
2r ≤ x < 2r+1 ,
that is, r is the largest positive integer such that 2r ≤ x. The Maple command for log2 (x) is log[2](x).
Note that if we count an application of the Division Algorithm and a multiplication as the same, the above tells
us that we need at most 3blog2 (n)c operations to compute xn . So, for example, if n = 106 , then it is easy to see
that 3blog2 (n)c = 57. So we may compute x1,000,000 with only 57 operations.
Exercise 13.17. Calculate 3blog2 (n)c for n = 2, 000, 000.
Exercise 13.18. Use the binary method to compute 225 .
Exercise 13.19. Approximately how many operations would be required to compute 2n when n = 10100 ? Explain.
Exercise 13.20. Note that 6 multiplications are used to compute 315 using the binary method. Show that one
can compute 315 with fewer than 6 multiplications. [You will have to experiment.]
In order to compute an mod m we use the binary method for exponentiation with the added trick that after every
multiplication we reduce modulo m. This keeps the products from getting too big.
Example 13.21. We compute 315 mod 10:
13.3 Computation of aN mod m
105
32 = 3 · 3 = 9 ≡ 9
(mod 10)
4
3 = 9 · 9 = 81 ≡ 1 (mod 10)
38 ≡ 1 · 1 ≡ 1 ≡ 1
∴3
15
8
4
2
(mod 10)
1
= 3 · 3 · 3 · 3 ≡ 1 · 1 · 9 · 3 = 27 ≡ 7
(mod 10).
Note that 315 ≡ 7 (mod 10) implies that 315 mod 10 = 7. [Recall that we have already calculated that 315 =
14348907 which is clearly congruent to 7 mod 10, but the multiplications were not so easy.]
Example 13.22. Let us find 2644 mod 645. It is easy to see that
644 = [1, 0, 1, 0, 0, 0, 0, 1, 0, 0]2
That is, 644 = 29 + 27 + 22 = 512 + 128 + 4. Now by successive squaring and reducing modulo 645 we get
22 = 2 · 2 = 4 ≡ 4
4
2 ≡ 4 · 4 = 16 ≡ 16
(mod 645)
(mod 645)
8
2 ≡ 16 · 16 = 256 ≡ 256
(mod 645)
16
≡ 256 · 256 = 65, 536 ≡ 391
32
≡ 391 · 391 = 152, 881 ≡ 16 (mod 645)
64
2
≡ 16 · 16 = 256 ≡ 256
128
≡ 256 · 256 = 65, 536 ≡ 391
256
≡ 391 · 391 = 152, 881 ≡ 16 (mod 645)
512
≡ 16 · 16 = 256 ≡ 256 (mod 645).
2
2
2
2
2
(mod 645)
(mod 645)
(mod 645)
Now
2644 = 2512 · 2128 · 24 ,
hence
2644 ≡ 256 · 391 · 16 (mod 645).
So
256 · 391 = 100099 ≡ 121 (mod 645)
and
121 · 16 = 1936 ≡ 1
so we have
2644
≡ 1 (mod 645). Hence
2644
(mod 645)
mod 645 = 1.
Exercise 13.23. Calculate 2513 mod 10.
Exercise 13.24. Calculate 2517 mod 100.
Exercise 13.25. If you multiplied out 2517 , how many decimal digits would you obtain? [See Exercise 1.24 on
page 5.]
Exercise 13.26. Note that on page 60 we calculated 12347865435 mod 11 with very few multiplications. Why
can we not use that method to compute 12347865435 mod 12?
106
13 Applications
13.4 The RSA Scheme
In this chapter we discuss the basis of the so-called RSA scheme. This is the most important example of a
public key cryptographic scheme. The RSA scheme is due to R. Rivest, A. Shamir and L. Adelman 2 and was
discovered by them in 1977. We show how to implement it in more detail later using Maple. Here we give the
number-theoretic underpinning of the scheme.
We assume that the message we wish to send has been converted to an integer in the set Jm = {0, 1, 2, . . . , m − 1}
where m is some positive integer to be determined. Generally this is a large integer. We will require two
functions:
E : Jm → Jm
(E for encipher)
and
D : Jm → Jm
(D for decipher).
To be able to use D to decipher what E has enciphered we need to have D(E(x)) = x for all x ∈ Jm . To show
how m, E, and D are chosen we first prove a lemma:
Lemma 13.27. Let p and q be any two distinct primes and let m = pq. Let e and d be any two positive integers
which are inverses of each other modulo φ (m). Then
xed ≡ x
(mod m)
for all x.
Proof. By Theorem 22.6, φ (m) = (p − 1)(q − 1). Since ed ≡ 1 (mod φ (m)) we have ed − 1 = kφ (m) = k(p −
1)(q − 1) for some k. Note k > 0 unless ed = 1 in which case the theorem is obvious. So we have
ed = kφ (m) + 1 = k(p − 1)(q − 1) + 1
(∗)
for some k > 0.
Now by Fermat’s Little Theorem, if gcd(x, p) = 1 we have x p−1 ≡ 1 (mod p) and raising both sides of the
congruence to the power (q − 1)k we obtain:
x(p−1)(q−1)k ≡ 1
(mod p)
and multiplying both sides by x we have
x(p−1)(q−1)k+1 ≡ x
(mod p)
That is, by (∗)
xed ≡ x
(mod p).
(∗∗)
Now we proved (∗∗) when gcd(x, p) = 1, but if gcd(x, p) = p it is obvious since then x ≡ 0 (mod p). So in all
cases (∗∗) holds. A similar argument proves that for all x
xed ≡ x
(mod q).
So by Exercise 7.21, we have since gcd(p, q) = 1
xed ≡ x
for all x.
2
(mod m)
t
u
A copy of the paper “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” may be downloaded from
http://citeseer.nj.nec.com/rivest78method.html
13.4 The RSA Scheme
107
Theorem 13.28. Let Jm = {0, 1, 2, . . . , m − 1} and define E : Jm → Jm by
E(x) = xe mod m
and D : Jm → Jm by
D(x) = xd mod m.
Then E and D are inverses of each other if m, e and d are as in Lemma 13.27.
Proof. It suffices to show that D(E(x)) = x for all x ∈ Jm . Let x ∈ Jm and let E(x) = xe mod m = r1 . Also let
D (r1 ) = r1d mod m = r2 . We must show that r2 = x. Since xe mod m = r1 we know that
xe ≡ r1
(mod m).
r1d ≡ r2
(mod m).
Hence xed ≡ r1d (mod m). We also know that
Hence xed ≡ r2 (mod m). By Lemma 13.27 xed ≡ x (mod m) so we have
x ≡ r2
(mod m).
Since both x and r2 are in Jm we have by Exercise 6.11 that x = r2 . This completes the proof.
t
u
Chapter 14
Appendix A: Rings and Groups
The material in this appendix is optional reading. However, for the sake of completeness we state here the
definition of a ring and the definition of a group. If you are interested in learning more you might take the
course Elementary Abstract Algebra. Having had this course should make it a little easier to understand the
ideas in abstract algebra and vice versa.
For more details you may look in almost any book whose title contains the words Abstract Algebra or Modern
Algebra. Look for one with Introductory or Elementary in the title.
Definition 14.1. A ring is an ordered triple (R, +, ·) where R is a set and + and · are binary operations on R
satisfying the following properties:
A1
A2
A3
A4
M1
D1
D2
a + (b + c) = (a + b) + c for all a, b, c in R.
a + b = b + a for all a, b in R.
There is an element 0 ∈ R satisfying a + 0 = a for all a in R.
For every a ∈ R there is an element b ∈ R such that a + b = 0.
a · (b · c) = (a · b) · c for all a, b, c in R.
a · (b + c) = a · b + a · c for all a, b, c in R.
(b + c) · a = b · a + c · a for all a, b, c in R.
Thus, to describe a ring one must specify three things:
(i) a set,
(ii) a binary operation on the set called multiplication,
(iii) a binary operation on the set called addition.
Then, one must verify that the properties above are satisfied.
Example 14.2. Here are some examples of rings. The two binary operations + and · are in each case the ones
that you are familiar with.
(a) (R, +, ·)–the ring of real numbers.
(b) (Q, +, ·)–the ring of rational numbers.
(c) (Z, +, ·)–the ring of integers.
(d) (Zn , +, ·)–the ring of integers modulo n.
(e) (Mn (R), +, ·)–the ring of all n × n matrices over R.
Definition 14.3. A group is an ordered pair (G, ∗) where G is a set and ∗ is a binary operation on G satisfying
the following properties
(a) x ∗ (y ∗ z) = (x ∗ y) ∗ z for all x, y, z in G.
(b) There is an element e ∈ G satisfying e ∗ x = x and x ∗ e = x for all x in G.
(c) For each element x in G there is an element y in G satisfying x ∗ y = e and y ∗ x = e.
Definition 14.4. A group (G, ∗) is said to be Abelian if x ∗ y = y ∗ x for all x, y ∈ G.
Thus, to describe a group one must specify two things:
(i) a set, and
(ii) a binary operation on the set.
Then, one must verify that the binary operation is associative, that there is an identity in the set, and that every
element in the set has an inverse.
109
110
14 Appendix A: Rings and Groups
Example 14.5. Here are some examples of groups. The binary operations are in each case the ones that you are
familiar with.
(a) (Z, +) is a group with identity 0. The inverse of x ∈ Z is −x.
(b) (Q, +) is a group with identity 0. The inverse of x ∈ Q is −x.
(c) (R, +) is a group with identity 0. The inverse of x ∈ R is −x.
(d) (Q − {0}, ·) is a group with identity 1. The inverse of x ∈ Q − {0} is x−1 .
(e) (R − {0}, ·) is a group with identity 1. The inverse of x ∈ R − {0} is x−1 .
(f) (Zn , +) is a group with identity 0. The inverse of x ∈ Zn is n − x if x 6= 0, the inverse of 0 is 0.
(g) (Un , ·) is a group with identity [1]. The inverse of [a] ∈ Un was shown to exist in Section 8.1.
(h) (Rn , +) where + is vector addition. The identity is the zero vector (0, 0, . . . , 0) and the inverse of the vector
x = (x1 , x2 , . . . , xn ) is the vector −x = (−x1 , −x2 , . . . , −xn ).
(i) (Mn (R), +). This is the group of all n × n matrices over R and + is matrix addition.
Chapter 15
Solutions to Selected Problems
Chapter 1
jnk
Exercise 1.18: (a) The general term is given by an =
4
jnk
(b) The general term is bn = n −
4
(c) This sequence is constructed by repeating 1, 1, 1, 0 over and over again. We consider the sequence in part
(a), and we use it to get the sequence
jj n k n k
cn = −
−
4
4
which yields what we wanted.
Exercise 1.19: In order to do this we need to find a relation between [x] and [−x].
For x a positive non-integer we first look at some examples.
(i) If x = 7.2 we get that [x] = 7 and [−x] = −8.
(ii) If x = 13.8 we get that [x] = 13 and [−x] = −14.
(iii) If x = 123.454 we get that [x] = 123 and [−x] = −124.
So, [−x] = −[x] − 1. It follows that for x positive
[x] + [−x] = [x] + (−[x] − 1) = −1
For x a negative non-integer we note that in this case −x is positive, so the case discussed above can be used to
get that
[x] + [−x] = [−x] + (−[−x] − 1) = −1
Finally, if x ∈ Z we get that [x] = x and [−x] = −x, so [x] + [−x] = x + (−x) = 0.
So, the formula asked for is
−1 if x ∈
/Z
[x] + [−x] =
0 if x ∈ Z
Exercise 1.21: We need to show that
√
9m2 + m + 1
m≤
< m+1
2
Since we have a square root, the idea is to get rid of the radical by making the expression inside it smaller (for
the part m ≤) and bigger (for the part < m + 1).
Note that 9m2 < 9m2 + m + 1. Using this, we obtain
√
√
9m2
9m2 + 3m + 2
m=
<
3
3
Now we will use that 9m2 + m + 1 < 9m2 + 18m + 9 = 9(m2 + 2m + 1) = 9(m + 1)2 to obtain
p
√
9(m + 1)2
9m2 + m + 1
<
= m+1
2
3
111
112
15 Solutions
n−1
Exercise 1.24: Let a =
∑ ak 10k . Since an−1 6= 0 then
k=0
n−1
10n−1 ≤
∑ ak 10k < 10n
k=0
We now apply f (x) = log10 x both sides and, since f is increasing, we get n − 1 ≤ log10 a < n, which implies
n − 1 = blog10 (a)c. The result follows.
Exercise 1.27: Parts (a)–(d) are given in Section 1.2. For part (e), it is easy to show by induction (do it!) that
n
∑k
!2
n
3
k=1
=
∑k
k=1
Exercise 1.28: Using the binomial theorem.
n √
n n−k √ k
4
11
(4 + 11)n = ∑
k=0 k
n
n
n n−k √ k
n n−k √ k
=
4
11 + ∑
4
11
∑
k=0, k even k
k=0, k odd k
Denote
n n−k √ k
11
4
∑
k=0, k even k
n n−k √ k
4
11
∑
k=0, k odd k
n
n
Seven =
Sodd =
√ k
Note that if k is even, then
11 is a power of 11, and thus Seven is even if and only if n is odd (if n is odd
we can factor a 2, but if n is even then we factor a 2 out of all but one term, which is for k = n. This term is a
power of 11, and thus for n even Seven would be odd).
Now notice that
√
(4 − 11)n = Seven − Sodd
and thus
√
√
(4 + 11)n + (4 − 11)n = 2Seven
√ n
√ n
which is even. It follows that
√ (4 + 11) and (4 − 11)
√ have the same parity.
Finally, note that 0 < 4 − 11 < 1 and thus 0 < (4 − 11)n < 1, for all n ∈ N. So,
√
√
√
even = (4 + 11)n + (4 − 11)n = (4 + 11)n + ε
j
k
√
√
where 0 < ε < 1. Hence, (4 + 11)n = even − ε, with 0 < ε < 1, which forces (4 + 11)n to be odd.
Chapter 2
Exercise 2.5: Only a few of the properties.
(d) Assume d|n. Thus, there is an integer c such that n = dc. Multiplying both sides by a we get an = (ad)c,
which means that (ad)|(an).
(e) If (ad)|(an), then there is an integer c such that an = (ad)c. Since a 6= 0 we can divide both sides of the
equation by a. We get n = dc, which means that d|n.
(f) Assume a|n and b|m, which means that there are x, y ∈ Z such that n = ax and m = by. Then nm = (ax)(by) =
(xy)(ab). We are done because xy ∈ Z.
15 Solutions
113
(k) Since d|n, then n = dk for some k ∈ Z. It follows that |n| = |dk| = |d||k|.
Now we use that n 6= 0 and n = dk to get that k 6= 0, which forces 1 ≤ |k|. Hence,
|d| = |d| · 1 ≤ |d||k| = |dk| = |n|
Connecting the two extremes we get |d| ≤ |n|.
Exercise 2.6: (a) n divides n, 2n, 3n, · · · , 100n, · · · . In that list there is one multiple of n per positive integer.
Since there are infinitely many positive integers then this list contains infinitely many multiples of n.
(b) If d|n then |d| ≤ |n|. Since n is a fixed (finite) number, then the number of candidates to be divisors of n is
at most 2n (for sure many less than that), which is a finite number.
Exercise 2.7: (a) False. For example 2|12 and 4|12 but (2 · 4) - 12.
(b) True. a|(−a) and (−a)|a, for all a ∈ Z.
(c) (⇒) False. 4|(2 · 6) but 4 - 2, 4 - 6. (⇐) True. If a|b then b = ax for some x ∈ Z, it follows that bc = a(cx).
Since cx ∈ Z then a|(bc).
Exercise 2.8: (a) If a|b then there is an integer c such that b = ac. If b|a, then there is an integer d such that
a = bd. Now, plugging a = bd into b = ac we get
b = (bd)c
which implies
1 = dc
But as c and d are integers, then c and d must be ±1. This forces either a = ±b.
(b) a|b means that there is a c ∈ Z such that b = ac. Rising both sides to the nth power we get bn = an cn , since
cn ∈ Z then we are done.
(c) Yes, the hypothesis includes n = 1.
(d) True. Assume (WLOG) that b ≥ a, then b = a + c, where c is a nonnegative integer. Note that
bn = (a + c)n = an + cd
where d is a positive integer (just look at the binomial theorem expansion for (a + c)n ). Since an = bn , then
cd = 0, which forces c = 0.
Exercise 2.9: Since both a and b are odd integers, then a = 2x + 1 and b = 2y + 1, with x, y ∈ Z. Thus,
a2 − b2 = (a + b)(a − b) = [(2x + 1) − (2y + 1)][(2x + 1) + (2y + 1)]
= 4(x − y)(x + y + 1)
Now we need to show that at least one of the factors (x − y) or (x + y + 1) is even. If x − y is even we are done.
If x − y = 2k + 1, for some k ∈ Z, then
x + y + 1 = x − y + 2y + 1 = 2k + 1 + 2y + 1 = 2k + 2y + 2
which is even. Done.
Exercise 2.12: This follows from d dividing all linear combinations of a and b (statement 3 in Theorem 2.4)
because we can take m = n = 1 to get d|(a + b) and m = 1, n = −1 to get d|(a − b).
Exercise 2.15: (i) Note that
n = 2140000000000 = 214 · 10000000000 = 214 · 210 · 510
and that 214 is not divisible by 5. Thus, n is divisible by 510 and not by 511 . Similarly, 214 is divisible by 2 but
not by 4 (because 4 does not divide 14), then n is divisible by 211 and not by 212
114
15 Solutions
Exercise 2.16: By induction on n. The case n = 1 is easy.
Assume 2n+2 |(2n + 3)!, which we write as (2n + 3)! = 2n+2 k, for some k ∈ Z. We want to show that
2(n+1)+2 |(2(n + 1) + 3)! (or 2(n+3 |(2n + 5)!), which we write as (2n + 5)! = 2n+3 q, for some q ∈ Z. Note
that
(2n + 5)! = (2n + 3)!(2n + 4)(2n + 5)
= 2n+2 k(2n + 4)(2n + 5)
= 2n+2 k2(n + 2)(2n + 5)
= 2n+3 k(n + 2)(2n + 5)
So, q = k(n + 2)(2n + 5) ∈ Z does the job.
Exercise 2.26: For instance, {6, 10, 15} do not have a common divisor but gcd(6, 10) = 2, gcd(10, 15) = 5, and
gcd(6, 15) = 3, and hence these numbers are NOT pairwise relatively prime.
a b
Exercise 2.36: Let gcd
,
d d
= c, then c divides both
a
b
and . It follows that
d
d
a
= cx
d
b
= cy
d
for some x, y ∈ Z. Then, by multiplying both sides by d we get
a = (cd)x
b = (cd)y
It follows that cd is a common divisor of a and b. Since gcd(a, b) = d then cd ≤ d. Hence, c must be equal to 1.
Exercise 2.40: (a) p2 cannot be prime because it has at least three distinct positive divisors: 1, p and p2 .
(b) p2 + p cannot be prime because p2 + p = p(p + 1), and thus 1, p, p + 1 are three positive divisors of p2 + p.
All these numbers are distinct unless p = 0 or p = 1, and these cases are impossible because p is prime.
(c) p2 − p could be prime, for p = 2 we get 22 − 2 = 2, which is prime.
Moreover, since p2 − p = p(p − 1) then this number could be prime only if p = 1 (impossible because p is
prime) or p − 1 = 1 (which is p = 2). Hence, p2 − p is prime IF AND ONLY IF p = 2.
(d) False. p2 − 18p + 80 = (p − 8)(p − 10), which looks like a composite number. However, if p = 9 or p = 11
one of the factors ‘becomes’ 1. For p = 9 we get a negative number, which cannot be prime. For p = 11 we get
3, which is prime.
Exercise 2.41: (a) We know that n3 + 1 = (n + 1)(n2 − n + 1). It follows that if n + 1 or n2 − n + 1 is different
from one, then a number of the form n3 + 1 cannot be prime.
When n + 1 = 1, then n = 0 and thus n2 − n + 1 = 1. We get that n3 + 1 = 1, which is not prime.
When n2 − n + 1 = 1, then n2 − n = 0, and thus n could be 0 or 1, the case when n = 0 was looked at in the
previous paragraph. If n = 1 then n3 + 1 = 13 + 1 = 2.
(b) Since n3 − 1 = (n − 1)(n2 + n + 1) then n3 − 1 will be prime only if n − 1 = 1 or n2 + n + 1 = 1.
• If n − 1 = 1, then n = 2 and n3 − 1 = 23 − 1 = 7.
• If n2 + n + 1 = 1, then n2 + n = 0, which implies n = 0 or n = −1. For n = 0 we get n3 − 1 = 1, which is not
prime, and for n = −1 we get n3 − 1 = −2, which is not even positive.
Hence, n3 − 1 is prime if and only if n = 2.
Exercise 2.46: First of all, the number of multiples of 3 in S is
2013
= 671
3
15 Solutions
115
(a) We will take out the numbers that are multiples of 5 and 7 at the same time.
We need the number of multiples of 3 · 5 · 7 = 105 in S (105 because we need multiples of both 5 and 7 that are
in the set of multiples of 3). This number is
2016
= 19
105
It follows that the number asked for is
2016
2016
−
= 672 − 19 = 653
3
105
(b) We will take out the numbers that are multiples of 5 and 7 but not necessarily at the same time.
We need the number of multiples of 3 · 5 = 15 and 3 · 7 = 21 in S (because we need multiples of 5 and/or 7 that
are in the set of multiples of 3). These numbers are
2016
2016
= 134
= 96
15
21
But now we have taken out twice all numbers that are multiples of 5 and 7 at the same time, which is the
multiples of 105. From part (a) we get
2016
= 19
105
So, the number asked is
2016
2016
2016
2016
−
−
+
= 672 − 134 − 96 + 19 = 461
3
15
21
105
Exercise 2.57: Given n ≥ 1 let a = (n + 1)! + 2. We claim that all the numbers
a + i,
0 ≤ i ≤ n−1
are composite. Since (n + 1) ≥ 2 clearly 2 | (n + 1)! and 2 | 2. Hence 2 | (n + 1)! + 2. Since (n + 1)! + 2 > 2,
(n + 1)! + 2 is composite. Consider
a + i = (n + 1)! + i + 2
where 0 ≤ i ≤ n − 1 so 2 ≤ i + 2 ≤ n + 1. Thus i + 2 | (n + 1)! and i + 2 | i + 2. Therefore i + 2 | a + i. Now
a + i > i + 2 > 1, so a + i is composite.
Exercise 2.59: We know, from Exercise 1.7 that
an − 1 = (a − 1) 1 + a + a2 + · · · + an−1
if a 6= 1 and n ≥ 1.
So, if an −1 is to be prime then the factorization above must be trivial, which means that a−1 = 1 or 1+a+a2 +
· · ·+an−1 = 1. Note that a−1 = 1 implies a = 2, and that 1+a+a2 +· · ·+an−1 = 1 forces a+a2 +· · ·+an−1 =
0. Since this can be re-written as
a(1 + a + · · · + an−2 ) = 0
and using that n ≥ 2 we get that 1 + a + · · · + an−2 6= 0, which forces a = 0. But this cannot be because a is
positive. Hence, the only way an − 1 could be prime would be when a = 2.
Exercise 2.60: We will show that if p is composite then so is a p − 1.
We will use the factorization ‘formula’:
xn − 1 = (x − 1)(xn−1 + xn−2 + · · · + x2 + x + 1)
116
15 Solutions
Assume that p = mn, a non-trivial factorization of p, then
a p − 1 = amn − 1 = (am )n − 1
Now we use the formula above with x = am to get
a p − 1 = (am )n − 1 = (am − 1)((am )n−1 + (am )n−2 + · · · + (am )2 + (am ) + 1)
which, since both am −1 and (am )n−1 +(am )n−2 +· · ·+(am )2 +(am )+1 are different from 1 yields a non-trivial
factorization of a p − 1.
The converse is not true. For example, if p = 2 (prime) and a = 3 then a p − 1 = 32 − 1 = 8 is not prime.
Exercise 2.65: ⇒) If p = q then p|qn is p|pn and that is immediate.
⇐) By induction. The case n = 1 is trivial, as if p|q then (both numbers being prime) p = q. Now we assume
that p|qn−1 implies p = q. For the case p|qn , if p = q we are done, so assume gcd(p, q) = 1. We re-write qn
as q · qn−1 to get p|(q · qn−1 ). Euclid’s lemma (here using gcd(p, q) = 1) implies p|qn−1 , but in this case the
induction hypothesis takes over and gives us p = q. Contradiction. So, the assumption gcd(p, q) = 1 is false.
Exercise 2.67: (a) The factors of pn are 1, p, p2 , p3 , · · · , pn . This follows from the fact that if a|pn , then pn = ak
and thus the prime factorization of a must be just a bunch of p’s. So, the number of factors of pn is n + 1.
(b) By using part (a) we get that the number of positive factors of 2 p−1 is p, they are 1, 2, 22 , · · · 2 p−1 . Since
2 p − 1 is prime, then it has only two positive factors, they are 1 and 2 p − 1. It follows that all the factors of n
are
1 · 1, 2 · 1, 22 · 1, · · · 2 p−1 · 1, 1 · (2 p − 1), 2 · (2 p − 1), 22 · (2 p − 1), · · · 2 p−1 · (2 p − 1)
or just
1, 2, 22 , · · · 2 p−1 , (2 p − 1), 2(2 p − 1), 22 (2 p − 1), · · · 2 p−1 (2 p − 1)
The sum of these numbers is
1, +2 + 22 + · · · + 2 p−1 + (2 p − 1) + 2(2 p − 1) + 22 (2 p − 1) + · · · + 2 p−1 (2 p − 1)
which is
1, +2 + 22 + · · · + 2 p−1 + (2 p − 1) 1 + 2 + 22 + · · · + 2 p−1
or
2
Exercise 2.68: Let x =
p
2
1+2+2 +···+2
p−1
=2
p
2p − 1
2−1
= 2n
p
p!
, which we know lives in N. Then
=
k
k!(p − k)!
p! = xk!(p − k)!
We note that p divides xk!(p − k)! Since p does not divide any number less than itself, and no product of such
numbers can yield a multiple of p (p is prime). Hence, p does not divide k!(p − k)!, and thus p|x, by Euclid’s
lemma.
Exercise 2.74: Since d = gcd(a, b) divides both a and b, then it divides any multiple of a or b, thus d divides
m = LCM[a, b].
For the second part we need to look at the prime factorization of a and b
a
a = pa11 · · · pk k
where the exponents are positive or zero. According to this
b
b = pb11 · · · pk k
15 Solutions
117
min{a1 ,b1 }
d = p1
min{ak ,bk }
· · · p1
max{a1 ,b1 }
m = p1
max{ak ,bk }
· · · p1
It follows that for d i to divide m we need
min{a j , b j } i ≤ max{a j , b j }
for all j = 1, 2, · · · , k.
Exercise 2.75: Note that d|m, then gcd(d, m) = d. Assuming gcd(d, m) = 1 forces a and b to be relatively
prime. So, all pairs of relatively prime numbers work.
Exercise 2.77: (b) First of all, since gcd(a, b) | LCM[a, b] for all a, b ∈ Z then assuming gcd(2n, n + 1) = 4 and
LCM[2n, n + 1] = 90 yields a contradiction, as 4 - 90.
Now assume gcd(2n, n + 1) = 2 and LCM[2n, n + 1] = 90 (which seems to be fine because 2 | 90).
Since LCM[2n, n + 1] = 90 = 2 · 32 · 5, then we know that both 2n and n + 1 have at most three primes in their
prime factorization, they can be 2, 3 or 5. Moreover, the exponents for these primes are at most 1 (for 2 and
5), 2 (for 3) because these are the exponents in the LCM, which gathers the largest powers of the primes in the
prime factorization of, in this case 2n and n + 1.
Note that 2n = 2a 3b 5c , where a ≤ 1. Hence, n = 3b 5c , which is odd. It follows that n + 1 is even, and thus
gcd(2n, n + 1) = 2 whatever b and c are (using here that gcd(n, n + 1) = 1). Note that, this far we know that n
is a divisor of 45 and that n + 1 divides 90. The divisors of 45 are n = 1, 3, 5, 9, 15, 45. Out of these, n = 1, 5, 9
have the property that n + 1 divides 90. The pairs are
(i) n = 1, n + 1 = 2
(ii) n = 5, n + 1 = 6
(iii) n = 9, n + 1 = 10
For pair (i), LCM[2n, n + 1] = LCM[2, 2] = 2 6= 90.
For pair (ii), LCM[2n, n + 1] = LCM[10, 6] = 30 6= 90.
For pair (iii), LCM[2n, n + 1] = LCM[18, 10] = 90.
So, there is only one solution n = 9.
(c) Since d|m, then we can assume that
a
a
d = pa11 pa22 p33 · · · pk k
b
b
b
k+1
m = pb11 pb22 p33 · · · pk k pk+1
· · · pbr r
where ai ≤ bi for all i = 1, 2, · · · , k, and all the pi ’s are distinct primes.
Since gcd(a, b) = d, then d divides both a and b. It follows that the primes p1 , p2 , · · · , pk must be used in
the prime factorization of both a and b. Moreover, since gcd(a, b) is found using the smallest power of every
‘common prime’, and LCM[a, b] is found using the largest of the two powers, then if pa1i must be the exact
factor in the prime factorization of one, a or b, and pb1i must be the exact factor in the prime factorization of the
other.
Without loss of generality, we assume that
a = pa1i · α
b = pb1i · β
where gcd(p1 , α) = gcd(p1 , β ) = 1.
Now we need to decide where the other powers of primes could go. For p2 we have one or two options: One
option if a2 = b2 , and two options if these exponents differ (pa22 could go to a or b, which will determine where
the other one would go). The same is true for p3 , p4 , · · · , pk . This, so far gives us 2x possibilities, where
x = number of times ai 6= bi , for i = 2, · · · , k.
Now we need to accommodate the other r − k (not common) primes. These have to go whole into exactly one, a
or b, thus this yields 2r−k possibilities. Overall, the number of pairs (a, b) with gcd(a, b) = d and LCM[a, b] = m
is
2x+r−k
where
x = number of times ai 6= bi , for i = 2, · · · , k.
118
15 Solutions
Exercise 2.78: (a) True. We know gcd(am, an) = a gcd(m, n) for all a ∈ Z+ . It follows that
LCM[am, an] =
(am)(an)
a2 mn
mn
=
=a
= aLCM[m, n]
gcd(am, an) a gcd(m, n)
gcd(m, n)
(b) False, (p, p) = p for all p prime.
(c) True, since a2 = p2 m2 and p cannot divide m.
(d) False, just consider p = 2, a = 6 and b = 16.
(e) False, same as above.
(f) False, just take p = 2 and a = 6.
Exercise 2.79: (a) Since 1001 = 11 · 91 = 7 · 11 · 13, and 289 = 172 , then these two numbers have no common
prime divisors. Hence, gcd(1001, 289) = 1.
(b) We collect the lowest exponent in the common primes to get
gcd(23 · 32 · 52 · 77 , 27 · 35 · 53 · 72 ) = 23 · 32 · 52 · 72
(c) The prime factorization of the numbers given are a = 22 · 33 , b = 2 · 3 · 5 · 74 . Hence, collecting the least
powers of 2, 3, 5, and 7 appearing in these prime factorizations, we get
gcd(a, b) = 21 · 31 · 50 · 70 = 6
(d) gcd(2 · 4 · 6 · 8 · 10, 1 · 3 · 5 · 7 · 9) = gcd(28 · 3 · 5, 33 · 5 · 7) = 3 · 5 = 15.
(e) We look at the prime factorizations of the numbers given, we get
43 · 53 · 67 = 213 · 37 · 53
45 · 73 · 82 · 102011 = 22027 · 52011 · 73
Then,
gcd(43 · 53 · 67 , 45 · 73 · 82 · 102011 ) = gcd(213 · 37 · 53 , 22027 · 52011 · 73 )
= gcd(213 · 37 · 53 · 70 , 22027 · 30 · 52011 · 73 )
= 2min{13,2027} · 3min{7,0} · 5min{3,2011} · 7min{0,3}
= 213 · 30 · 53 · 70
= 213 · 53
(f) Let us first find the prime factorization of a and b. Since p is prime and larger than 31 then it cannot be any
of the other primes showing up,so we will just leave p in its own class. We get
a = 23 · 33 · 5 · p2
b = 27 · 32 · 52 · p5
It follows that gcd(a, b) = 23 · 32 · 51 · p2 by collecting the smaller powers of the primes in the prime factorizations of a and b.
Exercise 2.82: Since 90 = 2 · 32 · 5, then we need a second 2 and a second 5 to get even exponents for all primes
used in the prime factorization of 90. Hence 900 = 2 · 5 · 90 = 22 · 32 · 52 is a square, a multiple of 90, and it has
just the essential ‘extra factors’ for it to be a square. Hence 900 = 302 is the smallest multiple of 90 that is also
a square.
Exercise 2.84: (b) A square-free number cannot be divided by any square (except for 1). Thus, if n is a squarefree number and
a
n = pa11 pa22 · · · pk k
where all the pi ’s are distinct primes and ai > 0 for all i. If we assume any of the ai ’s is larger than one then p2i
divides piai , and thus it divides n. It follows that all the ai ’s must be equal to one. Done.
15 Solutions
119
Exercise 2.85: If n is a square then n = m2 for some m ∈ Z, which implies that the exponents in its prime
factorization must be all even, that is
2a
2a
n = p12a1 p22a2 p3 3 · · · pk k
If n is a fifth power then n = q5 for some q ∈ Z, which implies that the exponents in its prime factorization must
be all multiples of 5, that is
5b
5b
n = p15b1 p25b2 p3 3 · · · pk k
Note that the exponent of, let us say, p1 is 2a1 = 5b1 , since gcd(2, 5) = 1, then the exponent must be a multiple
of 10. This, of course, is the case for all the exponents. It follows that
10ck
10c3
· · · pk
10c3
· · · pk
1 10c2
p2 p3
n = p10c
1
Since we want a number divisible by 2 and 3, then
n = 210c1 310c2 p3
10ck
The smallest of all will be the one with the smallest exponents and the least number of primes, thus n = 210 310 =
610 .
Exercise 2.86: (a) True. If a = m2 and b = n2 , then ab = m2 n2 = (mn)2 . So the product of squares is a square.
(b) False. The product of two non-squares could be a square, for example 3 · 3 = 32 . This could occur even if
one takes distinct non-squares, for instance 12 · 3 = 36 = 62 .
(c) False. The product of a square and a non-square is always a non-square. Let a = n2 be a square, and let
b = m2 c be a non-square, where c is a square-free number. It follows that
ab = n2 m2 c = (nm)2 c
which is a non-square because of the square-free part.
jnk
Exercise 2.87: Note that, for any integer k,
counts the number of multiples of k between 1 and n.
k
Since we want to count the numbers of p’s in the prime factorization
of n!, we first look for the numbers
n
between 1 and n that have p as a factor. There are exactly
of them.
p
Next we need to consider all the numbers between 1 and n having p2 as a factor. Of course we have already
counted these in the previous step, but we need to keep track of the number of p’s contributed by each number
between 1 and n. So, we realize that the numbers that are a multiple of p2 need to be counted again so these
two
consider them as contributing with two p’s (double counting for two p’s). Hence, we need to add
countings
n
to our counting.
p2
We have so far
n
n
+ 2
p
p
p’s in the prime factorization of n!
Then we realize we should consider the multiples of p3 , these numbers have been already counted twice in the
two
steps, but since they contribute with three p’s then they need to be counted again. That gives us
previous
n
.
p3
We have so far
n
n
n
+ 2 + 3
p
p
p
p’s in the prime factorization of n!
Repeating this idea as many times as necessary we get to the formula we wanted to prove.
120
15 Solutions
Exercise 2.88: (a) Using Exercise 2.87 we get that the exponent of the prime 3 in the prime factorization of
2016! is
2016
2016
2016
2016
2016
2016
+
+
+
+
+
3
32
33
34
35
36
which is
672 + 224 + 74 + 24 + 8 + 2 = 1004
(b) We look at the prime factorization of this number
12! = 210 · 35 · 52 · 7 · 11
We note that the number of zeros at the end of 12! will be given by the powers of ten there are in the factorization
of 12!. Of course, the power of 10 is going to be determined by the power of 5 in the prime factorization of 12!
It follows that 12! ends in 2 zeros.
(c) Repeating the argument used in part (b) would be too long. Hence, we will only find the power of 5 in the
prime factorization of 2016! by using Exercise 2.87. We get that the number of zeros at the end of 2016! is:
2016
2016
2016
2016
+
+
+
5
52
53
54
which is
403 + 80 + 16 + 3 = 502
Exercise 2.89: A square-free number looks like a = p1 p2 · · · pk , where the pi ’s are all distinct primes. Let
b = q1b1 q2b2 · · · qbr r , where all the qi ’s are distinct primes. Since a|bn , then
nbr
1 nb2
bn = qnb
1 q2 · · · qr = (p1 p2 · · · pk )m
where m ∈ Z.
Since p1 is prime, and it divides bn then one of the qi ’s must be equal to p1 . Similarly, for every pi there is a q j
that is equal to pi . It follows that (after rearrangement and relabeling, if necessary) that
nb
nb
nbr
k+1
k
1 nb2
bn = pnb
1 p2 · · · pk qk+1 · · · qr
and thus
b
b
k+1
· · · qbr r
b = pb11 pb22 · · · pk k qk+1
which implies that a|b. Hence a2 |b2 .
Chapter 3
Exercise 3.6: If n = 2k then n2 = (2k)2 = 2(2k2 ) and so n even implies n2 even. Similarly, if n = 2k + 1 then
n2 = (2k + 1)2 = 2(2k2 + 2k) + 1, and so if n is odd so is n2 .
Exercise 3.7: (a) One of the two consecutive numbers must be even, and since even times any number is even,
then the product of two consecutive numbers is always even.
(b) Let n − 1, n, and n + 1 be the three consecutive numbers. We want to show that their product, which is
(n − 1)n(n + 1) = n3 − n, is divisible by 3.
• If n = 3k, for some k ∈ Z. Then (n − 1)n(n + 1) = (n − 1)(3k)(n + 1) = 3(k(n2 − 1)), which is divisible by
three because k(n2 − 1) ∈ Z.
• If n = 3k + 1, for some k ∈ Z. Then (n − 1)n(n + 1) = (3k + 1 − 1)n(n + 1) = 3(k(n2 + n)), which is divisible
by three because k(n2 + n) ∈ Z.
15 Solutions
121
• If n = 3k + 2, for some k ∈ Z. Then (n − 1)n(n + 1) = (n − 1)n(3k + 2 + 1) = 3(k + 1)(n2 − n), which is
divisible by three because (k + 1)(n2 − n) ∈ Z.
We know that all cases have been considered, as when n is divided by 3 only three remainders are possible,
namely 0, 1, and 2 (Division Theorem).
If a number is divisible by 2 and 3 then it must be divisible by 6.
Exercise 3.8: Integers have the form either 4k, 4k + 1, 4k + 2 or 4k + 3. It is easy to see that the product of two
numbers of the form 4k + 1 or 4k + 3 has the form 4k + 1. Similarly,
(4k)(4q) = 4(4qk)
(4k + 2)(4q + 2) = 4(4kq + 2k + 2q + 1)
So, the product of two numbers of the form 4k or 4k + 2 has the form 4k. It follows that n2 must have the form
4k + 1 or 4k.
For remainders after dividing by 3 we notice that
(3k)2 = 3(3k2 )
(3k + 1)2 = 3(3k2 + 2k) + 1
(3k + 2)2 = 3(3k2 + 4k + 1) + 1
So, n2 has remainder either 0 or 1.
Similarly, after dividing by 5, n2 has remainder either 0, 1, or 4.
Finally, after dividing by 6, n2 has remainder either 0, 1, 3 or 4.
Exercise 3.9: If a is a multiple of 3 then a = 3k, for k ∈ Z. Since a is not a multiple of 2 then k cannot be even.
So, k = 2n + 1, for some n ∈ Z.
It follows that a = 3k = 3(2n + 1) = 6n + 3, for some n ∈ Z.
Now, b has remainder 1 when dividing by 6, so b = 6m + 1, for some m ∈ Z. Thus,
ab = (6n + 3)(6m + 1) = 6(6mn + n + 3m) + 3
Since 6mn + n + 3m ∈ Z, then ab has remainder 3 when divided by 6.
Exercise 3.10: (a) If we perform division by 4 to all integers, then we get a partition of the integers in four
classes determined by the four possible remainders. It is easy to see that if a number has remainder either 0 or
2 after dividing by 4 then the number is even. On the other hand, numbers with remainder 1 or 3 are odd. It
follows that every odd number can be written as either 4k + 1 or 4k + 3 for some integer k.
(b) Note that
(4x + 1)(4y + 1) = 42 xy + 4x + 4y + 1 = 4(4xy + x + y) + 1
So, the product of two elements of the form 4k + 1 is also of the form 4k + 1. It follows that if we multiply three
elements of the form 4k + 1, let us say α · β · γ, then we can use that the product of α and β is of the form 4k + 1
to get that the product of three numbers of the form 4k + 1 is actually the product of TWO elements of the form
4k + 1, which we know must be of the form 4k + 1. Repeating the same idea as many times as necessary, we
can see that the product of any number of integers of the form 4k + 1 must be of the same form. Hence, n of the
form 4k + 3 cannot be written as a product of only integers of the form 4k + 1.
So, the factorization of n must have at least one integer of the form 4k + 3, but how many? That is hard to say,
as it will depend on n. But notice that
(4x + 3)(4y + 3) = 42 xy + 4 · 3x + 4 · 3y + 9 = 4(4xy + 3x + 3y + 2) + 1
Thus the product of two elements of the form 4k + 3 has the form 4k + 1. It follows that the prime factorization
of n must have an ODD number of integers of the form 4k + 3.
Exercise 3.13: Clearly 17 = 23 + 32 . WLOG we can consider p = 2 and q > 3 (why?), then in each of the
cases, q = 3k + 1 and q = 3k + 2, one gets that 3 divides 2q + q2 .
122
15 Solutions
Exercise 3.14: For all these problems, let n be an integer.
(a) If n = 3a, then n2 = 9a2 = 3(3a2 ), of the form 3k.
If n = 3a + 1, then n2 = 9a2 + 6a + 1 = 3(3a2 + 2a) + 1, of the form 3k + 1.
If n = 3a + 2, then n2 = 9a2 + 12a + 4 = 3(3a2 + 4a + 1) + 1, of the form 3k + 1.
(b) If n = 3a, then n3 = 27a3 = 9(3a3 ), of the form 9k.
If n = 3a + 1, then n3 = 27a3 + 27a2 + 9a + 1 = 9(3a3 + 3a2 + a) + 1, of the form 9k + 1.
If n = 3a + 2, then n3 = 27a3 + 54a2 + 36a + 8 = 9(3a3 + 6a2 + 4a) + 8, of the form 9k + 8.
(c) I will skip some computations here.
If n = 5a, then n4 = 54 a4 , of the form 5k.
If n = 5a + 1, then n4 , is of the form 5k + 1 because 14 = 1.
If n = 5a + 2, then n4 , is of the form 5k + 1 because 24 = 16 = 5 · 3 + 1.
If n = 5a + 3, then n4 , is of the form 5k + 1 because 34 = 81 = 5 · 16 + 1.
If n = 5a + 4, then n4 , is of the form 5k + 1 because 44 = 256 = 5 · 51 + 1.
Exercise 3.15: First note that n = 6k + 5 = 6k + 3 + 2 = 3(2k + 1) + 2. Since j = 2k + 1 ∈ Z then we are done.
The converse does not work for any j even. In fact if j = 2a, then
3 j + 2 = 3(2a) + 2 = 6a + 2 6= 6k + 5
because if they were equal then a number would have two distinct remainders after dividing by 6 (2 and 5).
Exercise 3.21: We know a = bq + r where 0 ≤ r < b. Multiplying a = bq + r by −1 we get −a = −bq − r,
which can be re-written as
−a = b(−q) − r
It seems that −r is the remainder, but this is impossible, as −r ≤ 0 (unless the division is exact, in which case
this new remainder is also 0). So, if the division is not exact, we know that 0 < r < b, and thus −b < −r < 0,
and thus −b + b < −r + b < 0 + b, which is 0 < b − r < b. Hence, if we rewrite −a = b(−q) − r as −a =
b(−q − 1) + (b − r) then the remainder obtained after dividing −a by bm is either zero or b − r (here using
uniqueness in the division theorem).
Exercise 3.26: (a) Since a + b = (a − b) · 1 + 2b, then gcd(a + b, a − b) = gcd(a − b, 2b). Since a is odd and b
is even, then a − b is odd, it follows that (a − b, 2b) is odd, and thus (a − b, 2b) = (a − b, b). Since any common
divisor of b and a − b would have to divide a as well (and b of course), then the only common divisor must be
one (recall that b and a are relatively prime). Hence, gcd(a + b, a − b) = 1.
(b) Similarly, using that gcd(a, b) = 1 and that a and b being odd forces b − a to be even we get
gcd(b + a, a − b) = gcd(a − b, 2b) = gcd(a − b, 2) = 2
Exercise 3.32: (a) Dividing repeatedly we get
115 = 75 · 1 + 40
75 = 40 · 1 + 35
40 = 35 · 1 + 5
35 = 5 · 7 + 0
So, gcd(75, 115) = 5.
(e)
15 Solutions
123
100313 = 34709 · 2 + 30895
34709 = 30895 · 1 + 3814
30895 = 3814 · 8 + 383
3814 = 383 · 9 + 367
383 = 367 · 1 + 16
367 = 16 · 22 + 15
16 = 15 · 1 + 1
15 = 1 · 15 + 0
So, gcd(34709, 100313) = 1.
(f) We use the Euclidean Algorithm to find gcd(1234, 981)
1234
981
253
222
31
5
= 981 · 1 + 253
= 253 · 3 + 222
= 222 · 1 + 31
= 31 · 7 + 5
= 5·6+1
= 1·5+0
So, gcd(1234, 981) = 1.
(h) First note that gcd(a, b) = 1010 gcd(234, 123). Since
234 = 123 · 2 − 12
123 = 12 · 10 + 3
12 = 3 · 4 + 0
then gcd(234, 123) = 3, and thus gcd(a, b) = 3 · 1010 .
Exercise 3.33: We will use the fact that if b = aq + r then gcd(a, b) = gcd(a, r).
7a + 2 = (3a + 1)2 + a
so
gcd(7a + 2, 3a + 1) = gcd(3a + 1, a)
so
gcd(3a + 1, a) = gcd(a, 1) = 1
Now we do it again
3a + 1 = a(3) + 1
Exercise 3.34: Note that
a2 + b2 = (a − b)(a + b) + 2b2
It follows that gcd(a2 + b2 , a + b) = gcd(a + b, 2b2 ). Now, if p is a prime divisor of b2 then p divides b. So, if
we assume that p also divides a + b then p must divide a. But gcd(a, b) = 1! So, p does not exist. It follows
that no divisor of b2 could be in the gcd we are looking for. Hence
gcd(a2 + b2 , a + b) = gcd(a + b, 2b2 ) = gcd(a + b, 2)
and this is 1 or 2 depending on a + b being odd or even.
Exercise 3.35: Since fn+1 = fn + fn−1 for all n > 2, thus using the first step of the Euclidean algorithm we get
that gcd( fn+1 , fn ) = gcd( fn , fn−1 ) for all n > 2. So, the whole Euclidean algorithm says
gcd( fn+1 , fn ) = gcd( fn , fn−1 ) = gcd( fn−1 , fn−2 ) = · · · = gcd(3, 2) = gcd(2, 1) = 1
124
15 Solutions
Exercise 3.37: Clearly the elements of S are multiples of D. Now, if x is a multiple of D then x = Dn, for n ∈ Z.
But, since D = αa + β b, then x = (nα)a + (nβ )b, which means that x ∈ S.
Exercise 3.40: Since d divides both a and b, then it must divide as + bt for all s,t ∈ Z (which proves the second
part). It follows that as + bt, if positive, must be larger or equal to d.
Exercise 3.41: (a) We know that there is an integer x such that ab = cx and, since gcd(a, c) = 1 then there exist
two integers m and n such that am + cn = 1. Multiplying the latter expression by b we get
(ab)m + c(nb) = b
but since ab = cx, we get
b = (cx)m + c(nb) = c(xm + nb)
which means that c|b because xm + nb ∈ Z.
(b) If p|a then we are done. Now assume that p does not divide a, then gcd(p, a) = 1. Part (a) implies that p
divides b.
(c) False. Note that 4|(2 · 6) but 4 - 2 and 4 - 6.
(d) If p|a then a = pk, k ∈ Z, then an = p(pn−1 kn ), which implies p|an because pn−1 kn ∈ Z.
For the other direction we will use that if p is prime and p|(ab) then p|a or p|b.
Let us use induction on n. For n = 1 the result is trivial.
Let us assume the result is true for n = N − 1. That is, we know that p|(aN−1 ) implies p|a.
So, assume that p|aN . Since aN = a · aN−1 then having p|(a · aN−1 ) implies p|a or p|aN−1 . Either way (using
the induction hypothesis) we get p|a. Done.
Exercise 3.42: Assuming that 7 divides n−m means that n−m = 7k, where k ∈ Z. This implies that m = n−7k,
and thus
n + m = n + (n − 7k) = 2n − 7k
Using this, and assuming that 7 divides n + m, we get 7|(2n − 7k). Since 7 divides 7k then 7 divides 2n, and
thus (Euclid’s Lemma) 7|n because 7 - 2.
Since 7|n then n = 7a, for some a ∈ Z. Now plugging this into n − m = 7k we get that 7 must also divide m.
Summarizing, 7 divides both n − m and n + m if and only if 7 divides both n and m.
Exercise 3.43: (a) False 6 divides 3(3 + 7) but 6 - 3 and 6 - (3 + 7).
(b) Assume that a divides both b and b + p, and by hypothesis a divides b(b + p). It follows that a divides the
linear combination (b + p) − b = p, and thus a = 1 or a = p, but by hypothesis a > 1 so a = p.
Assume that a = p and that a divides b(b + p). Since p is prime then Euclid’s lemma says that p divides b or
(b + p). If p divides b then it must divide b + p because p divides itself. If p divides b + p then it must divide
b = (b + p) − p because p divides itself.
Exercise 3.44: We divide both sides of ab = cd by α. We get
a
c
b= d
α
α
Since gcd
a c
a
c
a
,
= 1, then having dividing d implies that divides d. Done.
α α
α
α
α
Exercise 3.48: (a) Using the divisions used to solve Exercise 3.32, where we obtained gcd(75, 115) = 5, and
by reversing them we get
15 Solutions
125
5 = 40 − 35
= 40 − (75 − 40)
= 40 · 2 − 75
= (115 − 75) · 2 − 75
= 115 · (2) + 75 · (−3)
(f) Using the divisions used to solve Exercise 3.32, where we obtained gcd(1234, 981) = 1, and by reversing
them we get
1234 − 981 · 1 = 253
981 − 253 · 3 = 222
253 − 222 · 1 = 31
222 − 31 · 7 = 5
31 − 5 · 6 = 1
1 = 31 − 5 · 6
= 31 − (222 − 31 · 7) · 6
= 31 · 43 − 222 · 6
= (253 − 222) · 43 − 222 · 6
= 253 · 43 − 222 · 49
= 253 · 43 − (981 − 253 · 3) · 49
= 253 · 190 − 981 · 49
= (1234 − 981) · 190 − 981 · 49
= 1234 · 190 − 981 · 239
So, 1 = 1234 · 190 − 981 · 239
(h) Using the divisions used to solve Exercise 3.32, where we obtained gcd(a, b) = 3 · 1010 , and by reversing
them we get
3 = 123 − 12 · 10 = 123 − (123 · 2 − 234) · 10 = 123 · (−19) + 234 · 10
It follows that
gcd(a, b) = 3 · 1010 = (123 · 1010 ) · (−19) + (234 · 1010 ) · (10) = 10a − 19b
Exercise 3.49: Using the Euclidean Algorithm, we get
2010 = 1974 · 1 + 36
1974 = 36 · 55 − 6
36 = 6 · 6 + 0
It follows that gcd(1974, 2010) = 6, and that by solving for the remainders we get
6 = 36 · 55 − 1974
and
36 = 2010 − 1974
We plug the second equation into the first one to get
6 = (2010 − 1974) · 55 − 1974 = 2010 · 55 + 1974 · (−56)
Hence m = −56 and n = 55
Exercise 3.53: (c)
126
15 Solutions
324 1 0
126 0 1
R 7→R −2R
−−−−1−−−1−−−2−−→
72 1 −2
126 0 1
72 1 −2
54 −1 3
18 2 −5
54 −1 3
18 2 −5
0 −7 18
since 324 = 126 · 2 + 72
R2 7→R2 −R1
−−−−−−−−−−−−→
since 126 = 72 · 1 + 54
R1 7→R1 −R2
−−−−−−−−−−−→
since 72 = 54 · 1 + 18
R 7→R −3R
−−−2−−−2−−−1−→
since 54 = 18 · 3 + 0
Hence gcd(324, 126) = 18 = 2 · 324 − 5 · 126.
Note that we are allowed to use negative ‘remainders’, just as negative ‘remainders’ were allowed when using
the Euclidean algorithm.
Chapter 4
Exercise 4.11: (a) We notice that we can divide the equation by 2. We get 746x + 533y = −2. Now we find
gcd(746, 533) using the Euclidean algorithm.
746 = 533 · 1 + 213
533 = 213 · 2 + 107
213 = 107 · 2 − 1
107 = (−1) · (−107) + 0
So, the gcd is 1, and now we reverse all this to look for a solution to the equation.
1 = 107 · 2 − 213
= (533 − 213 · 2) · 2 − 213
= 533 · 2 − 213 · 5
= 533 · 2 − (746 − 533) · 5
= 533 · 7 − 746 · 5
We now multiply by −2, we get
−2 = 533 · (−14) + 746 · (10)
So, x0 = 10 and y0 = −14, and thus all the solutions are
x = 10 + 533n
x = −14 − 746n
where n ∈ Z.
(b) Note that gcd(105, 300) = 15, and that in fact 105 · (3) + 300 · (−1) = 15. By multiplying by 2 both sides
we get
105 · (6) + 300 · (−2) = 30
So, x0 = 6 and y0 = −2. It follows that all the solutions are given by
x = 6−
300
n = 6 − 20n
15
where n ∈ Z.
(c) Dividing repeatedly we get
y = −2 +
105
n = −2 + 7n
15
15 Solutions
127
252 = 198 · 1 + 54
198 = 54 · 3 + 36
54 = 36 · 1 + 18
36 = 18 · 2 + 0
Now solving for the nonzero remainders we get
54 = 252 − 198
36 = 198 − 54 · 3
18 = 54 − 36
Now reversing this we get
18 = 54 − 36
= 54 − (198 − 54 · 3)
= 54 · 4 − 198
= (252 − 198) · 4 − 198
= 252 · 4 − 198 · 5
Finally, we multiply by 4 both sides to get
252 · (4 · 4) − 198 · (5 · 4) = 18 · 4
which is
252 · (16) + 198 · (−20) = 72
So, we find x = 16 and y = −20.
(d) In Exercise 3.48 we got 5 = 115 · (2) + 75 · (−3). Thus, by multiplying this equation by 15 we get
75 = 115 · (30) + 75 · (−45)
It follows that x0 = −45 and y0 = 30 is a solution of the equation. Since gcd(115, 75) = 5 then we know that
all the integral solutions of the equation are
x = −45 +
115
n
5
y = 30 −
75
n
5
or, in other words,
x = −45 + 23n
y = 30 − 15n
where n ∈ N.
Another way to do this is to simplify before doing the Euclidean algorithm. The equation divided by 5 is
15x + 23y = 15
and now we need to get a linear combination of 15 and 23 to be equal to 1 = (15, 23). Since
23 · (2) + 15 · (−3) = 1
then
23 · (30) + 15 · (−45) = 15
By using this linear combination we get the same solutions obtained above.
(e) As (30, 47) = 1, and this divides −11, then we can solve this equation. We do the Euclidean algorithm
128
15 Solutions
47 = 30 · 1 + 17
30 = 17 · 1 + 13
17 = 13 · 1 + 4
13 = 4 · 3 + 1
4 = 1·4+0
47 − 30 · 1 = 17
30 − 17 · 1 = 13
17 − 13 · 1 = 4
13 − 4 · 3 = 1
→
So,
1 = 13 − 4 · 3
= 13 − (17 − 13) · 3
= 13 · 4 − 17 · 3
= (30 − 17) · 4 − 17 · 3
= 30 · 4 − 17 · 7
= 30 · 4 − (47 − 30) · 7
= 30 · 11 − 47 · 7
It follows that 1 = 30 · 11 − 47 · 7, so after multiplying by −11 we get
−11 = 30 · (−11 · 11) − 47 · (7 · 11)
= 30 · (−121) + 47 · (−77)
Hence (x0 , y0 ) = (−121, −77) is a solution of 30x + 47y = −11. Now we need to get all solutions for that
equation, we just use the formula seen in class to get
x = −121 − 47n
y = −77 + 30n
for all n ∈ Z.
Exercise 4.12: In Example 3.46 we learned that gcd(1974, 2112) = 6. It follows that
[2112, 1974] =
2112 · 1974
= 694, 848.
6
Finally, in Example 3.46 we found that 2112(−143) + 1974(153) = 6, and thus, in order to find the m and n
asked for, we multiply this expression by 2 to get
1974(153 · 2) + 2112(−143 · 2) = 12
Hence, m = 306 and n = −286.
Exercise 4.14: The setting of the problems yields
57x + 2y = 146
where x is the number of faculty using 57 markers and y is the number of people using 2 markers.
Since gcd(57, 2) = 1, and that the numbers are nice, we get
57(1) + 2(−28) = 1
We now multiply by 146 through to get
57(146) + 2(−28 · 146) = 146
It follows that all the solutions are given by
15 Solutions
129
x = 146 − 2n
y = −28 · 146 + 57n
for n ∈ Z.
Since we want both x to be non-negative we get 146 − 2n ≥ 0, which implies 73 ≥ n. Similarly, we get −28 ·
146 + 57n ≥ 0, and this forces 28 · 146 ≤ 57n. Since this inequality implies 72 ≤ n. So, 72 ≤ n ≤ 73.
When n = 72.
x=2
y = 16
When n = 73
x=0
y = 73
Since our department does not have 73 faculty members, then it must be that x = 2 and y = 16, and thus only
two faculty use 57 markers per week... I might be one of them.
Exercise 4.15: Let x be the number of black markers bought, and y the number of color markers bought. Then
0.35x + 0.91y = 5.60, which after multiplying times 100 yields 35x + 91y = 560. Notice that all numbers are
divisible by 7. Hence, the equation to solve is 5x + 13y = 80. We want to use the Euclidean algorithm, so we
divide repeatedly
13 = 5 · 2 + 3
5 = 3 · 2 + (−1)
3 = (−1) · (−3) + 0
and thus gcd(13, 5) = 1 and reversing these divisions we get
1 = 3 · 2 − 5 = (13 − 5 · 2) · 2 − 5 = 13 · 2 + 5 · (−5)
It follows that 80 = 13·(2·80)+5·(−5·80) = 13·160+5·(−400), and thus a particular solution of 5x +13y =
80 would be
x0 = −400
y0 = 160
Hence, the solutions are
x = −400 + 13n
y = 160 − 5n
where n ∈ Z.
Now we want both x and y to be non-negative, and thus −400+13n ≥ 0 (which forces n ≥ 31), and 160−5n ≥ 0
(which implies n ≤ 32).
So, we have solutions for n = 31 and n = 32. They are
x=3
y=5
and
x = 16
y=0
Exercise 4.16: Let x be the number of chocolate kisses bought and let y be the number of conversation hearts
bought. It follows that 2.50x + 0.7y = 21.3. Multiplying by ten both sides we get
25x + 7y = 213
Since 25(−1) + 7(4) = 3 and 213 = 3 · 71 then by multiplying 25(−1) + 7(4) = 3 by 71 we get 25(−71) +
7(4 · 71) = 213. So, x0 = −71 and y0 = 284 and thus all the solutions to 25x + 7y = 213 are
x = −71 + 7n
y = 284 − 25n
for n ∈ Z.
Since we want both x and y to be positive then x = −71 + 7n > 0, and thus n ≥ 11. Similarly y = 284 − 25n > 0
implies n ≤ 11. Hence, n = 1, and thus x = −71 + 7(11) = 6 and y = 284 − 25(11) = 9.
Exercise 4.17: Let x be the number of apples picked, and y be the number of oranges picked. Then,
0.25x + 0.5y = 5
130
15 Solutions
which is not a Diophantine equation. However, by multiplying both sides by 4 we get
x + 2y = 20
which is a Diophantine equation. We solve this equation either by using the Euclidean algorithm (which has
not been required) or by simple inspection (trial and error).
Solution 1: By inspection, the possible (positive integer) solutions are
x = 18, y = 1
x = 10, y = 5
x = 16, y = 2
x = 8, y = 6
x = 14, y = 3
x = 6, y = 7
x = 12, y = 4
x = 4, y = 8
x = 2, y = 9
The conditions of the problem say that both x and y are even and that y > x. Of course, both x and y are positive
integers as well. Hence, x = 4, y = 8.
Solution 2: If you wanted to solve this using the standard techniques then, since (1)(−1) + 2(1) = 1 then
(1)(−20) + 2(20) = 20, and thus x0 = −20 and y0 = 20. It follows that all the solutions of the equation are
x = −20 + 2n
x = 20 − n
n∈Z
Since x > 0 then n > 10. Since y > 0 then n < 20. In order for both y to be even, then n must be even. This
yields only n = 12, 14, 16, 18 as possibly giving us a solution. For these n’s we get
x = 16, y = 2
x = 12, y = 4
x = 8, y = 6
x = 4, y = 8
The only solution having y > x is x = 4, y = 8.
Exercise 4.18: Let us suppose that the check was written for $x.y and that it was cashed for $y.x (thus x is the
number of dollars and y is the number of cents in the original amount of money in the check). Of course, we
cannot work with things like $x.y so we will write
x+
y
instead of $x.y
100
y+
and
x
instead of $y.x
100
Hence, adding the 7 cents to the money the cashier gave me I get
y+
x
7
y +
= 3 x+
100 100
100
multiplying times 100 and simplifying we get
299x − 97y = 7
Now we solve this by using the Euclidean algorithm up and down.
299 = 97 · 3 + 8
97 = 8 · 12 + 1
12 = 1 · 12 + 0
→
299 − 97 · 3 = 8
97 − 8 · 12 = 1
So,
1 = 97 − 8 · 12
= 97 − (299 − 97 · 3) · 12
= 299 · (−12) − 97 · (−37)
15 Solutions
131
We get that
7 = 299 · (−84) − 97 · (−259)
and so
xn = −84 + 97n
yn = −259 + 299n
for n ∈ Z. Now, for n = 1 we get x = 13 and y = 40. So, the check could have been for $13.40.
Chapter 5
Exercise 5.1: In order to show R is of equivalence, then we check:
Symmetric: Since a and a have the same remainder after dividing by n then aRa.
Reflexive: Assume aRb, so the remainder of a when divided by n is also the remainder of b when divided by n.
It follows that the remainder of b when divided by n is also the remainder of a when divided by n, which means
bRa.
Transitive: Assume aRb and bRc. Assume that the remainder of a is r, and thus so is the remainder of b (using
aRb), but since bRc then the remainder of b, which is r is also the remainder of c. Hence, the remainder of a
and c is r, when divided by n.
Exercise 5.6: Assume that the remainder of a when divided by m is r. Hence, a = mq + r, where 0 ≤ r < m.
Also note that for every k ∈ Z we get
a + km = (mq + r) + (km) = m(q + k) + r
and thus, since 0 ≤ r < m and remainders are unique, then r is the remainder of m + km, for all k ∈ Z.
Exercise 5.8: Assume that x ∈ [a], then the remainder of x when divided by m, call it r, is equal to the remainder
of a when divided by m. It follows that [x] contains all elements with remainder r, which is the set of all elements
with same remainder as a, AKA [a].
Exercise 5.19 : (a) Since if m = 2k
Zm = {[0], [1], . . . , [k], [k + 1], . . . , [k + i], [k + k − 1]},
it suffices to note that by exercise 5.6 we have
[k + i] = [k + i − 2k] = [−k + i] = [−(k − i)].
So
[k + 1] = [−(k − 1)], [k + 2] = [−(k − 2)], . . . , [k + k − 1] = [−1],
as desired.
(b) In this case
[k + i] = [−(2k + 1) + k + i] = [−k + i + 1] = [−(k − i + 1)]
so
[k + 1] = [−k], [k + 2] = [−(k − 1)], . . . , [2k] = [−1],
as desired.
Exercise 5.26 : Since we want to probe the power rules for exponents in N then it all reduces to counting [a]’s.
That is,
[a]s [a]t = [a] · · · [a] [a] · · · [a] = [a] · · · [a] = [a]s+t
| {z } | {z } | {z }
s times
t times
s+t times
132
15 Solutions
Similarly,
([a]s )t = [a]s · · · [a]s = [a] · · · [a] · · · [a] · · · [a] = [a] · · · [a] = [a]st
| {z } | {z } | {z } | {z }
t times
s times
s times
st times
|
{z
}
t times
Chapter 6
Exercise 6.17: Let x, y, n ∈ Z.
(a) We have four cases here:
Case 1: If x ≡ 0 (mod 4) then x2 ≡ 0 (mod 4).
Case 2: If x ≡ 1 (mod 4) then x2 ≡ 1 (mod 4).
Case 3: If x ≡ 2 (mod 4) then x2 ≡ 0 (mod 4).
Case 4: If x ≡ 3 (mod 4) then x2 ≡ 1 (mod 4).
(b) From part (a) we get that the square of an integer is congruent to 0 or 1 modulo 4. Hence the sum of any
two of them can add up to 0, 1 or 2 modulo 4. So, if n ≡ 3 (mod 4) then n cannot be the sum of two squares.
Exercise 6.22: (d) We first simplify the large numbers appearing here to numbers between 0 and 10. We get
the 46 ≡ 2 (mod 11) and 109 ≡ −1 (mod 11).
So, in Z11 : 461003 · 52016 − 1091090000000000000000 = 21003 · 52016 − (−1)1090000000000000000 .
Since the exponent of −1 is even, then (−1)1090000000000000000 = 1.
Now we look at the powers of 2 and get (all computations in Z11 )
22 = 4
23 = 8
24 = 16 = 5
25 = 32 = −1
So, 461003 = 21003 = (25 )200 23 = (−1)200 · 8 = 8.
Now we look at the powers of 5 and get (all computations in Z11 )
52 = 3
53 = 3 · 5 = 4
54 = 4 · 5 = −2
55 = (−2) · 5 = 1
So, 52016 = (55 )403 · 5 = (1)403 · 5 = 5.
Hence, (all computations in Z11 )
461003 · 52016 − 1091090000000000000000 = 21003 · 52016 − (−1)1090000000000000000
= 8·5−1
= 39 = 6
Exercise 6.23: Just using the basic properties of modular arithmetic
(a) We want to compute 510 modulo 19. Since 52 ≡ 6 ( mod 19), then 510 ≡ 65 ( mod 19). Now we use that
62 ≡ −2 ( mod 19) to get
510 ≡ 65 ≡ 62 · 62 · 6 ≡ (−2)(−2)6 ≡ 24 ≡ 5 ( mod 19)
(b) We want to find 1!+2!+3!+· · ·+1974! modulo 10. Since 5! ≡ 0 ( mod 10) then so are 6!, 7!, 8!, 9!, · · · 1974!
It follows that
1! + 2! + 3! + · · · + 1974! ≡ 1! + 2! + 3! + 4! ≡ 1 + 2 + 6 + 24 ≡ 3 ( mod 10)
(c) The idea is to realize that
15 Solutions
133

0 if



1 if
5
n ≡
 0 if


−1 i f
n ≡ 0 ( mod 4)
n ≡ 1 ( mod 4)
n ≡ 2 ( mod 4)
n ≡ −1 ( mod 4)
So, the sum of the first 100 fifth powers is 25 equal (modulo 4) sums. Since these sums are all zero, then
15 + 25 + 35 + · · · + 1005 ≡ 0 ( mod 4).
Exercise 6.26: For all these problems a, b, j, k, n ∈ Z. n > 1.
(a) False. For instance, 02 ≡ 42 ≡ 82 ≡ 122 ( mod 16).
(b) True. Let n < p < 2n, then
(n + 1)(n + 2) · · · (2n)/p
(n + 1)(n + 2) · · · (2n)
2n
=p
=
n!
n!
n
(note that thenumerator
of the latter fraction is an integer).
2n
We use that
is an integer to get that n!|(n + 1)(n + 2) · · · (2n), but since (n!, p) = 1 (because n < p) we
n
get that n! must divide (n + 1)(n + 2) · · · (2n)/p.
It follows that
(n + 1)(n + 2) · · · (2n)/p
n!
2n
is an integer, and thus
is divisible by p.
n
(c) False. Consider 16 ≡ 26 ( mod 7), and 6 ≡ 13 ( mod 7) but 113 ≡ 1 6≡ 2 ≡ 213 ( mod 7).
Exercise 6.28: (a) We need to reduce 53103 + 10353 modulo 39. We first reduce the bases to get
53103 + 10353 ≡ 14103 + (−14)53 ≡ 14103 − 1453 ≡ 1453 (1450 − 1) ( mod 39)
We want to show that 1450 ≡ 1 ( mod 39). We first check the powers of 14 modulo 39.
142 ≡ 14 · 2 · 7 ≡ 28 · 7 ≡ (−11) · 7 ≡ 1 ( mod 39)
So, 1450 ≡ 1 ( mod 39). Done.
(b) Just as we did in part (a) we first reduce modulo 7.
111333 + 333111 ≡ 6333 + 4111 ≡ (−1)333 + 4111 ≡ −1 + 4111
(mod 7)
We want to show 4111 ≡ 1 (mod 7). We now check the powers of 4 modulo 7.
42 ≡ 2 ( mod 7)
43 ≡ 1
(mod 7)
Since 3|111, then 4111 ≡ 1 (mod 7).
Exercise 6.29: (a) Since 3 divides 78 then dividing n by 3 yields a remainder of 1. So, 3 - n.
(b) Note that 78 ≡ 1 both mod 7 and mod 11. So, n ≡ 9 + 5 + 7 + 7 = 28 both mod 7 and mod 11. Since 7|28
then 7|n. On the other hand 11 - 28, then 11 - n.
(c) Note that 78 ≡ −1 ( mod 79), then
n ≡ 9 · (−1)7 + 5 · (−1)5 + 7 · (−1) + 7 ≡ −9 − 5 − 7 + 7 ≡ 4
(mod 79)
It follows that 79 - n.
Exercise 6.34: Since n is divisible by 72, then it is divisible by both 8 and 9. Using the divisibility criterion for
8 we get that the 3-digit number y32 must be divisible by 8. Hence y = 0, 2, 4, 6 or 8.
134
15 Solutions
Since n is divisible by 9 then the sum of its digits must be divisible by 9. It follows that 2 + 3 + x + 2 + 3 + 2 +
y + 3 + 2 = 17 + x + y is divisible by 9.
If y = 0 then 17 + x + 0 is divisible by 9, and thus x = 1. In this case n = 231232032.
If y = 2 then 17 + x + 2 is divisible by 9, and thus x = 8. In this case n = 238232232.
If y = 4 then 17 + x + 4 is divisible by 9, and thus x = 6. In this case n = 236232432.
If y = 6 then 17 + x + 6 is divisible by 9, and thus x = 4. In this case n = 234232632.
If y = 8 then 17 + x + 8 is divisible by 9, and thus x = 2. In this case n = 232232832.
Exercise 6.35: Since n = 72x20y2 is divisible by 72 then it must be divisible by both 9 and 8. Using the criteria
we have learned so far we get that
7 + 2 + x + 2 + 0 + y + 2 = 9k
0y2 = 8q
where k, q ∈ Z.
As 8 divides y2, then y must be either 3 or 7. On the other hand 9 dividing 7 + 2 + x + 2 + 0 + y + 2 implies that
9 divides x + y + 4.
If y = 3, then 9 divides x + 7. Hence, x must be 2. It follows that the number is n = 7222032, and thus each car
must be $100, 306.
If y = 7, then 9 divides x + 11. Hence, x must be 7. It follows that the number is n = 7272072, and thus each
car must be $101, 101.
Chapter 7
Exercise 7.3: The equation can be re-written as x2 + 7x + 12 = 0, which factors as (x − 3)(x − 4) = 0. Since
this means that p divides (x − 3)(x − 4), then (Euclid’s Lemma) must divide (x − 3) or (x − 4). It follows that
x = −3 or x = −4 in Z p . Finally −3 6= −4 in Z p because this would force p = 1.
If p is not assumed to be prime then in Z6 we get that the equation is x2 +x = 0, which has solutions x = 0, 2, 3, 5.
Four solutions, not two.
Exercise 7.10: (a) Since 5 · 8 = 40 ≡ 1 ( mod 13), then 5x ≡ 1 ( mod 13) has solution x ≡ 8 ( mod 13).
(b) Since 13 · 2 = 26 ≡ 1 ( mod 5), then 13x ≡ 1 ( mod 5) has solution x ≡ 2 ( mod 5).
(c) We multiply 45x ≡ 25 (mod 125) times 3 both sides to get 135x ≡ 75 (mod 125), which is 10x ≡ −50
(mod 125). Now we divide both sides by 10 (which is not relatively prime with 125) to get x ≡ −5 (mod 25).
Now we look for solutions modulo 125 not 25. We get, x ≡ 20, 45, 70, 95, 120 (mod 125).
(d) No solutions as (21, 15) = 3 - 20
(e) Since gcd(10, 42) = 2, which divides 12 then this congruence will have two solutions modulo 42.
We divide the congruence, getting 5x ≡ 6 (mod 21). Now we multiply times 4 both sides to get 20x ≡ 24
(mod 21), which is −x ≡ 3 (mod 21). It follows that x ≡ −3 ≡ 18 (mod 21). Hence, the two solutions modulo
42 are x ≡ 18 (mod 42) and x ≡ 18 + 21 ≡ 39 (mod 42).
(f) We rewrite the equation like 10x ≡ 8 (mod 64). We notice that gcd(10, 64) = 2 | 8. So, we have exactly two
incongruent solutions modulo 64 (or in other words, two solutions in Z64 ). Let’s look for the first one.
We divide 10x ≡ 8 (mod 64) by 2 to get 5x ≡ 4 (mod 32). Since 5 · 13 = 65 ≡ 1 (mod 32) then 13 is an
inverse of 5 modulo 32. Thus, we multiply 5x ≡ 4 (mod 32) times 13 both sides to get 65x ≡ 52 (mod 32),
which is x ≡ 20 (mod 32). It follows that the two solutions in Z64 are 20 and 20 + 32 = 52... or, in other words
x ≡ 20 (mod 64)
x ≡ 52 (mod 64)
Exercise 7.14: If b is an inverse of a modulo n, then ab ≡ 1 (mod n). It follows that
ak bk = (ab)k ≡ 1k ≡ 1
(mod n)
15 Solutions
135
Hence, ak is invertible modulo n.
Conversely, if c is an inverse of ak modulo n, then ak c ≡ 1 (mod n). Hence, a(ak−1 c) ≡ 1 (mod n), and thus
ak−1 c is an inverse of a modulo n.
Exercise 7.24: We want to find x such that
x≡0
(mod 6)
x≡1
(mod 5)
x≡3
(mod 7)
Since x ≡ 0 (mod 6) then x = 6a for some a ∈ Z. Plugging this into the second equation we get 6a ≡ 1
(mod 5), which becomes a ≡ 1 (mod 5). Now we know that a = 5b + 1 for some b ∈ Z. It follows that x =
6a = 6(5b + 1) = 30b + 6. Now we plug this into the third equation to get 30b + 6 ≡ 3 (mod 7). This equation
simplifies to 2b ≡ 4 (mod 7), which after dividing by two both sides (using 2 and 7 being relatively prime)
yields b ≡ 2 (mod 7), or b = 7c + 2, for some c ∈ Z. It follows that
x = 30b + 6 = 30(7c + 2) + 6 = 210c + 66
It follows that x ≡ 66 (mod 210).
Exercise 7.25: We want to find the smallest positive number x such that
x ≡ 2 ( mod 4)
x ≡ 2 ( mod 9)
x ≡ 1 ( mod 37)
So, m1 = 4, m2 = 9, m3 = 37, and M = 4 · 9 · 37. It follows that M1 = 9 · 37, M2 = 4 · 37, M3 = 4 · 9. Finally,
Y1 = 1,Y2 = −2,Y3 = −1. Hence
x ≡ (2)(9 · 37)(1) + (2)(4 · 37)(−2) + (1)(4 · 9)(−1) ( mod 4 · 9 · 37)
≡ (2)(9 · 37) − (4)(4 · 37) − (4 · 9) ( mod 4 · 9 · 37)
≡ (2 · 9 − 4 · 4) · 37 − (4 · 9) ( mod 4 · 9 · 37)
≡ 2 · 37 − (4 · 9) ( mod 4 · 9 · 37)
≡ 38 ( mod 4 · 9 · 37)
So, the answer is x = 38.
Exercise 7.26: You have to take the three remainders, call them a, b, and c and set the (Chinese remainder)
system
x ≡ a ( mod 3)
x ≡ b ( mod 5)
x ≡ b ( mod 7)
This system has a unique solution modulo 3 · 5 · 7 = 105. Since the person chose a number between 1 and 100
then your solution will be exactly the number he/she chose.
If the remainders were asked modulo 2, 3, and 5, then the solution you will find by repeating the argument
above will be unique modulo 30, so you will not be positive that the number you found is the one the person
chose.
For example, if the person picked 77, then the possible solutions for the system are 17, 47 and 77. There is no
way for us to know which of the three is the one the person chose.
Exercise 7.27: Let the number of exams in either class (same number for the three of them) be denoted by x.
On Friday the exams and distributed in three equal piles (A’s, B’s and C’s) plus four more exams (D’s and F’s).
136
15 Solutions
So, x ≡ 4 ( mod 3).
On Saturday when one exam is taken off the list (the one he is currently grading), the other exams are in five
equal piles. So, x ≡ 1 ( mod 5).
On Sunday the exams are on two equal piles. Hence x ≡ 0 ( mod 2).
We want to solve the system
x ≡ 0 ( mod 2)
x ≡ 4 ( mod 3)
x ≡ 1 ( mod 5)
which, using that 1 ≡ 4 ( mod 3), can be written as:
x ≡ 0 ( mod 2)
x ≡ 1 ( mod 3)
x ≡ 1 ( mod 5)
this system is super easy, it has solutions x ≡ 16 ( mod 2 · 3 · 5). Since the number of exams was between 20
and 70, then the answer is: 16 + 30 = 46 exams.
Exercise 7.30: Since the mods in this system are not pairwise relatively prime then we use Exercise 6.24 to
re-write it (we also exchange sides for x and 3 in the second equation). We get
x
x
x
x
x
x
≡ 3
≡ 3
≡ 3
≡ 3
≡ −3
≡ −3
(mod 2)
(mod 3)
(mod 3)
(mod 5)
(mod 2)
(mod 7)
which is
x
x
x
x
x
x
≡ 1
≡ 0
≡ 0
≡ 3
≡ 1
≡ −3
(mod 2)
(mod 3)
(mod 3)
(mod 5)
(mod 2)
(mod 7)
Eliminating the equations that appear twice we get
x
x
x
x
≡ 1 (mod 2)
≡ 0 (mod 3)
≡ 3 (mod 5)
≡ −3 (mod 7)
Now all the moduli are pairwise relatively prime, and so we can use the known techniques associated to the
Chinese remainder theorem. So,
x ≡ 1 · 105 · 1 + 0 · (whatever) + 3 · 42 · 3 + (−3) · 30 · 4
(mod 2 · 3 · 5 · 7)
as m1 = 105, m3 = 42, and m4 = 30, and the inverse of m1 = 105 modulo 2 is 1, the inverse of m3 = 42 modulo
5 is 3, the inverse of m4 = 30 modulo 7 is 4. Hence,
x ≡ 105 + 9 · 42 + (−9) · 40 ≡ 105 + 9(42 − 40) ≡ 105 + 18 ≡ 123
(mod 210)
Exercise 7.31: Since the system is not quite as we need it to use the Chinese remainder theorem, we need to
manipulate the equations.
We ‘divide’ 3x ≡ 6 ( mod 12) by 3 both sides (and changing the mod because 3 and 12 are not relatively prime),
we get x ≡ 2 ( mod 4).
In the second equation we multiply both sides by 4, here using that 4 is the inverse of 2 modulo 7. We get,
x ≡ 6 ( mod 7).
In the third, we multiply by 2 both sides, we get x ≡ 2 ( mod 5).
Now we need to solve the system
x ≡ 2 ( mod 4)
x ≡ 6 ( mod 7)
x ≡ 2 ( mod 5)
15 Solutions
137
which is in the form the Chinese remainder theorem can solve it. It follows that, using that the inverse of 35
modulo 4 is −1, the inverse of 20 modulo 7 is −1, and the inverse of 28 modulo 5 is 2. Hence,
x ≡ 2 · 35 · (−1) + 6 · 20 · (−1) + 2 · 28 · 2 ≡ −78 ( mod 4 · 7 · 5)
or x ≡ 62 ( mod 140).
Exercise 7.32: Solving the second equation, we get
x ≡ a2 ( mod m2 ) ⇐⇒ x = m2 k + a2 where k ∈ Z
Hence we get that
x is a solution of
x ≡ a1 ( mod m1 )
⇐⇒ k is a solution of m2 k + a2 ≡ a1 ( mod m1 )
x ≡ a2 ( mod m2 )
But
m2 k + a2 ≡ a1 ( mod m1 ) ⇐⇒ m2 k ≡ a1 − a2 ( mod m1 )
But we know that the latter equation has a solution (for k) if and only if (m1 , m2 ) divides (a1 − a2 ).
Exercise 7.34 (b): We multiply the first equation times 3 and the second times 5 to get
15x + 9y ≡ 12
(mod 19)
15x + y ≡ −3
(mod 19)
We now subtract and get
8y ≡ 15 ( mod 19)
We multiply both sides by 3 and get
5y ≡ 3 · 15 ( mod 19)
and now divide by 5 (which is fine because gcd(5, 19) = 1) to get y ≡ 9 ( mod 19).
We can now plug this into 5x + 3y ≡ 4 ( mod 19) to get
5x ≡ 15 ( mod 19)
We divide by 5 again to get x ≡ 3 ( mod 19).
So, the solutions are
x ≡ 3 ( mod 19)
y ≡ 9 ( mod 19)
Chapter 8
Exercise 8.6: (a) Since [a], [b] ∈ Z∗m , then there are [c], [d] ∈ Zm such that [a][c] = [b][d] = [1]. It follows that
([a][b])([c][d]) = ([a][c])([b][d]) = [1] · [1] = [1]
which means that [a][b] is invertible (its inverse being [c][d]), and thus [a][b] ∈ Z∗m .
(d) Since [a] ∈ Z∗m , then there is a [b] ∈ Zm such that [a][b] = [1]. It follows that [a] is the inverse of [b], and thus
[b] ∈ Z∗m .
Exercise 8.14: (a) Since
138
15 Solutions
φ (900) = φ (22 · 32 · 52 ) = φ (22 )φ (32 )φ (52 ) = 2 · 6 · 20 = 240
It follows that |Z∗900 | = φ (900) = 240.
(b) First we compute φ (22 · 33 · 55 · 77 ):
φ (22 · 33 · 55 · 77 ) = φ (22 )φ (33 )φ (55 )φ (77 )
= 2(2 − 1) · 32 (3 − 1) · 54 (5 − 1) · 76 (7 − 1)
= 25 · 33 · 54 · 76
Hence,
φ (φ (22 · 33 · 55 · 77 )) = φ (25 · 33 · 54 · 76 )
= φ (25 )φ (33 )φ (54 )φ (76 )
= 24 (2 − 1)32 (3 − 1)53 (5 − 1)75 (7 − 1)
= 28 · 33 · 53 · 75
Exercise 8.20: We know φ (1) = φ (2) = 1. Consider n > 2.
If n has an odd prime factor p, then n = pa q, where (p, q) = 1, then
φ (n) = φ (pa q) = φ (pa )φ (q) = (pa − pa−1 )φ (q)
which is even because pa − pa−1 is even.
If n has no odd factors, then n = 2a , but φ (2a ) = 2a−1 , which is even unless n = 2.
Exercise 8.21:
Assume φ (n) = 4. Since the divisors of 4 are 1, 2, 4 then n = 2a 3b 5c . Checking what powers of 2, 3 and 5 divide
4 we get that a = 0, 1, 2, 3, b, c = 0, 1.
If c = 1 then φ (5) = 4 forces φ (2a 3b ) = 1. So, solutions are 5 · 1 and 5 · 2.
If c = 0 then n = 2a 3b . Assuming b = 1 we get 4 = φ (2a 3) = φ (2a )φ (3) = φ (2a )2, which forces φ (2a ) = 2,
and thus 2a = 4. Hence, there is exactly one solution, which is 4 · 3.
If b = c = 0 then 4 = φ (2a ), and thus n = 8.
All solutions are n = 5, 8, 10, and 12.
Assume φ (n) = 6. Since the divisors of 6 are 1, 2, 3, 6 then n = 2a 3b 7c . Checking what powers of 2, 3 and 7
divide 6 we get that a = 0, 1, 2, b = 0, 1, 2 and c = 0, 1.
If c = 1 then φ (7) = 6 forces φ (2a 3b ) = 1. So, solutions are 7 · 1 and 7 · 2.
If c = 0 then n = 2a 3b . Assuming b = 2 we get 6 = φ (2a 32 ) = φ (2a )φ (32 ) = φ (2a )6, which forces φ (2a ) = 1,
and thus 2a = 4. Hence, there are two more solutions, 1 · 32 and 2 · 32 . If b = 1 then 6 = φ (2a 3) = φ (2a )φ (3) =
φ (2a )2, which forces φ (2a ) = 3, impossible! No solutions.
If b = c = 0 then 6 = φ (2a ), which has no solutions.
All solutions are n = 7, 9, 14, and 18.
Assume φ (n) = 14. The primes p that could possibly divide n are p = 2, 3 because no other p − 1 (p prime)
divides 14. Next we look for possible exponents for 2 and 3, we get that
21 | 14
30 | 14
So, n = 2a 3b , where a = 0, 1, 2 and b = 0, 1.
If we consider b = 1 we get n = 2a 3. Hence
14 = φ (2a )φ (3) = φ (2a ) · 2
15 Solutions
139
which forces φ (2a ) = 7, and that is impossible. No solutions.
Similarly, when b = 0, n = 2a , and since φ (2a ) = 2a−1 6= 14, then we get no solutions here either.
Assume φ (n) = 16. Let p be a prime dividing n. Then p − 1 divides φ (n) = 16 and so p − 1 ∈ {1, 2, 4, 16}.
Hence p ∈ {2, 3, 5, 17}. Next we find for each such prime p all the positive exponents α such that φ (pα ) divides
16. After some calculation, we get the following table containing (pα , φ (pα )):
(21 , 1) (31 , 2) (51 , 4) (171 , 16)
(22 , 2)
(23 , 4)
(24 , 8)
(25 , 16)
Note that 16 = 4 · 2 · 2 = 4 · 4 = 2 · 8. So
n ∈ {171 , 171 · 21 , 51 · 31 · 22 , 51 · 23 , 31 · 24 , 25 } = {17, 34, 60, 40, 48, 32}
So, n ∈ {17, 32, 34, 40, 48, 60}.
Assume φ (n) = 18. We first look for prime numbers p such that p − 1 | 18. We get p ∈ {2, 3, 7, 19}. Now we
look at the highest power of these primes that divide 18 we get
21 | 18
32 | 18
70 | 18
190 | 18
It follows that n = 2a 3b 7c 19d , where a = 0, 1, 2, b = 0, 1, 2, 3, c = 0, 1, and d = 0, 1.
Case d = 1: We get n = 2a 3b 7c 19, and thus
18 = φ (n) = φ (2a 3b 7c )φ (19) = φ (2a 3b 7c ) · 18
which forces φ (2a 3b 7c ) = 1 and thus 2a 3b 7c = 1 or 2.
Hence, for d = 1 we find two solutions n = 19 and n = 38.
Case d = 0, subcase c = 1: Now n = 2a 3b 7, and thus
18 = φ (2a 3b )φ (7) = φ (2a 3b ) · 6
which forces φ (2a 3b ) = 3, and that is impossible. No solutions.
Case d = c = 0: n has been reduced to n = 2a 3b . Let’s consider b = 3, we get
18 = φ (2a )φ (33 ) = φ (2a ) · 18
which forces φ (2a ) = 1 and thus 2a = 1 or 2. We get two solutions: n = 27 and n = 54.
Now consider b = 2, we get
18 = φ (2a )φ (32 ) = φ (2a ) · 6
which forces φ (2a ) = 3. Impossible! No solutions.
If b = 1 then
18 = φ (2a )φ (3) = φ (2a ) · 2
which forces φ (2a ) = 9. Impossible! No solutions.
Case d = c = b = 0: n = 2a , but φ (2a ) = 2a−1 , which is never equal to 18. No solutions.
Summarizing, the possible values for n are 19, 27, 38, and 54.
Assume φ (n) = 22. We first look for prime numbers p such that (p − 1) | 22, we get p = 2, 3, 23. It follows that
n = 2a · 3b · 23c .
Now we note that since 3 and 23 do not divide 22 then b and c can be 0 or 1. Similarly, since 2 | 22 but 4 - 22
140
15 Solutions
then a = 0, 1, 2.
If c = 1 we get n =stuff ·23, and thus 22 = φ (stuff)φ (23), which forces φ (stuff) = 1. Hence, stuff = 1, 2 and
n = 23 or n = 46.
If c = 0 then n = 2a · 3b . In the case b = 1 we get that n = 2a · 3. Since φ (3) = 2, then φ (2a ) = 11, impossible!
φ is never equal to 11. If b = 0 then n is a power of two, this is impossible, as φ (2i ) = 2i−1 6= 22.
So, two solutions: n = 23, 46.
Exercise 8.22: Let n = pq, where p and q are distinct odd primes.
(a) φ (n) = φ (pq) = φ (p)φ (q) = (p − 1)(q − 1).
(b) Since
φ (n) = (p − 1)(q − 1) = pq − p − q + 1 = n − p − q + 1
then we solve for p + q to get p + q = n − φ (n) + 1.
(c) Note that (x + p)(x + q) = x2 + (p + q)x + pq = x2 + (n − φ (n) + 1)x + n.
It follows that the two solutions of the quadratic equation
x2 + (n − φ (n) + 1)x + n = 0
are x = −p and x = −q, which are distinct by hypothesis, and are integers because p and q are integers (in fact
prime).
Exercise 8.23: Suppose first that n is odd. Then gcd(4, n) = 1. Since the Euler-phi function if multiplicative,
we get that
φ (4n) = φ (4)φ (n) = φ (22 )φ (n) = 2 φ (n)
It follows that all odd positive integers are solutions.
Now suppose that n is even. Then n = 2α m where α > 0 and m is odd. Hence
φ (4n) = φ (22 · 2α · m) = φ (2α+2 · m) = φ (2α+2 )φ (m) = 2α+1 φ (m)
since gcd(2α+2 , m) = 1 and the Euler-phi function is multiplicative. Similarly, we get that
2 φ (n) = 2 φ (2α · m) = 2 φ (2α )φ (m) = 2 · 2α−1 φ (m) = 2α φ (m)
Note that we used the fact that α > 0 (if α = 0 then φ (2α ) 6= 2α−1 ). Since φ (m) 6= 0, we get that φ (4n) 6= 2φ (n).
So, the solutions of φ (4n) = 2φ (n) are all the positive odd integers.
Exercise 8.24: We will take two cases.
If n is odd, then
φ (2n) = φ (2)φ (n) = 1 · φ (n) = φ (n)
If n is even, let us say n = 2a m, where m is odd. Then
φ (2n) = φ (2a+1 m) = φ (2a+1 )φ (m) = 2a φ (m) = 2(2a−1 φ (m)) = 2φ (n)
Exercise 8.25: These are similar to Exercises 8.23 and 8.24.
(a) We need to take two cases, as we do not know what gcd(3, n) is
Case gcd(3, n) = 1, then φ (3n) = φ (3)φ (n) = 2φ (n) 6= φ (n).
Case gcd(3, n) = 3, then n = 3a m, with (3, m) = 1. In this case
φ (3n) = φ (3a+1 m) = φ (3a+1 )φ (m) = 3a (3 − 1)φ (m)
and
φ (n) = φ (3a m) = 3a−1 (3 − 1)φ (m) 6= 3a (3 − 1)φ (m) = φ (3n)
(b) If 3 | n then n = 3a · m where 3 - m. Hence gcd(3, m) = 1. Then,
15 Solutions
141
φ (3n) = φ (3(3a m)) = φ (3a+1 m) = φ (3a+1 )φ (m) = 3a (3 − 1)φ (m)
on the other hand
3φ (n) = 3φ (3a m) = 3φ (3a )φ (m) = 3(3a−1 (3 − 1)φ (m)) = 3a (3 − 1)φ (m)
So, φ (3n) = 3φ (n).
If 3 - n then gcd(3, n) = 1. Hence,
φ (3n) = φ (3)φ (n) = 2φ (n) 6= 3φ (n)
So, φ (3n) = 3φ (n) if and only if 3 | n.
Exercise 8.37: (b) Since 11 is a prime and gcd(3, 11) = 1, it follows from Fermat’s Little Theorem that
310 ≡ 311−1 ≡ 1 ( mod 11)
Note that 987654321 = 10 · 98765432 + 1. Hence
3987654321 ≡ 310·98765432+1 ≡ (310 )98765432 · 31 ≡ 1 · 31 ≡ 3 ( mod 11)
Thus, 3987654321 ≡ 3 ( mod 11).
(c) We need to find the remainder of 31000 after dividing by 10, thus we will look at congruences modulo 2 and
5. By using FLT we get 34 ≡ 1 (mod 5), and obviously 31000 ≡ 1 (mod 2) because 31000 is odd. It follows that
31000 ≡ 34·250 ≡ (34 )250 ≡ (1)250 ≡ 1 (mod 5)
Since 31000 ≡ 1 ( mod 5) and 31000 ≡ 1 ( mod 2) then, by using exercise 7.21 we get 31000 ≡ 1 (mod 10), and
thus the last digit is a one.
(d) Since we need to find the remainder of 31000 after dividing by 10 then we use Euler’s theorem to get 3φ (10) ≡
(mod 10). Since φ (10) = 4 then we know that 34 ≡ (mod 10). It follows that
31000 ≡ 34·250 ≡ (34 )250 ≡ (1)250 ≡ 1
(mod 10)
It follows that the last digit of 31000 is a one.
(e) Since (2011, 1000) = 1, then we can use Euler’s theorem. Note that,
φ (1000) = φ (23 ) · φ (53 ) = 4 · 100 = 400
Euler says
1 ≡ 2011400
(mod 1000)
and thus
20111974 = 20114·400+374 = 20114·400 · 2011374 ≡ 2011374
What is the reduction of
2011374
modulo 1000? Since 2011 ≡ 11 (mod 1000), then
2011374 ≡ 11374
(mod 1000)
Since
11374 = (10 + 1)374 =
374 ∑
k=0
then
(mod 1000)
374
10k
k
142
15 Solutions
374
374
374
100 +
101 +
102 (mod 1000)
0
1
2
374 · 373
≡ 1 + 374 · 10 +
100 (mod 1000)
2
≡ 3741 + 187 · 37300 (mod 1000)
11374 ≡
≡ 741 + 187 · 300 (mod 1000)
≡ 741 + 18700 · 3
(mod 1000)
≡ 741 + 700 · 3 (mod 1000)
≡ 2841 (mod 1000)
≡ 841 (mod 1000)
So, the last three digits of 20111974 are 841.
Exercise 8.38: Note that since −2 + 0 − 1 + 1 = −2 then 2011 ≡ −2 (mod 11), and since −1 + 9 − 7 + 4 = 5
then 1974 ≡ 5 (mod 11). Hence,
19742011 + 20111974 ≡ (5)2011 + (−2)1974
(mod 11)
Using Euler’s Theorem (or Fermat’s Little Theorem, if you prefer), we get a10 ≡ 1 (mod 11), for both a = 5
and a = −2. Hence,
(5)2011 ≡ (5)1
(mod 11)
(−2)1974 ≡ (−2)4 ≡ 24
(mod 11)
It follows that
19742011 + 20111974 ≡ (5) + 24 ≡ 21 ≡ 10 6≡ 0
Hence,
19742011 + 20111974
(mod 11)
is not divisible by 11.
Exercise 8.39: We want to compute 2016123 mod 100. We first reduce the base modulo 100. So, now we want
to compute 16123 mod 100. Since gcd(16, 100) 6= 1 then we cannot just use Euler’s theorem. So, we will need
to break this into two modular congruences; one modulo 22 and the other modulo 52 (the 22 and 52 come from
the prime factorization of 100).
Easily we get that 16123 ≡ 0 (mod 4). Now, since φ (25) = 20 we can use Euler’s theorem (now we do have
that gcd(16, 25) = 1) and get
16123 ≡ 16120+3 ≡ 16120 · 163 ≡ 163 ≡ (16 · 4)2 ≡ 642 ≡ (14)2 ≡ 21 (mod 25)
So, we want a number so that
x≡0
(mod 4)
x ≡ 21 (mod 25)
which yields x ≡ 96 (mod 100) using the Chinese remainder theorem. Hence, the last two digits of 2016123
are 96.
Exercise 8.40: It is clear that 3 does not divide n, as n ≡ −1 (mod 3). Also, we know that if p is a prime different from 3 then 3 p−1 ≡ 1 ( mod p). But this implies that 3k ≡ 1 ( mod p) for all numbers k that are multiples
of p − 1. Hence, a prime p divides 31974 − 1 as long as p − 1 divides 1974. Since 1974 = 2 · 3 · 7 · 47, then a
simple search yields p = 2, 3, 7, 43, 283 and 659.
Exercise 8.41: Using the geometric sum formula we get
1 + 2 + 22 + · · · + 2φ (n)−1 = 2φ (n) − 1
which is congruent to zero modulo n because gcd(2, n) = 1 and Euler’s Theorem.
15 Solutions
143
Chapter 9
Exercise 9.8: We know |a|31 divides φ (31) = 30, and that a100 ≡ −1 (mod 31). But the latter expression
implies a200 ≡ 1 (mod 31). Hence, |a|31 divides 200, and thus |a|31 divides gcd(30, 200) = 10. It follows that
|a|31 could be 1, 2, 5, or 10.
Now, if |a|31 is either of these numbers then a10 ≡ 1 (mod 31), and thus a100 ≡ 1 6≡ −1 (mod 31). So, the
equation has no solutions in Z.
Exercise 9.10: (a) Since φ (14) = φ (2)φ (7) = 6 then we need to check that |5|14 = 6. We know that |5|14 | 6,
so the possible orders are 1, 2, 3, and 6. We take powers of 5 modulo 14
51 ≡ 5
(mod 14)
52 ≡ 25 ≡ 11 (mod 14)
53 ≡ 11 · 5 ≡ −15 ≡ −1 (mod 14)
Since the order of 5 modulo 14 is not less or equal to 3 then it must be 6.
(b) Since φ (21) = φ (3 · 7) = 12, we get that |10|21 ∈ {1, 2, 3, 4, 6, 12}. We easily find
101 ≡ 10 ( mod 21)
102 ≡ 16 ( mod 21)
104 ≡ 4 ( mod 21)
103 ≡ 13 ( mod 21)
106 ≡ 1 ( mod 21)
So, |10|21 = 6.
(d) 31 ≡ 3 (mod 20), 32 ≡ 9 (mod 20), 33 ≡ 7 (mod 20), 34 ≡ 1 (mod 20). Hence, |3|20 = 4.
(e) 21 ≡ 2 (mod 255), 22 ≡ 4 (mod 255), 23 ≡ 8 (mod 255), 24 ≡ 16 (mod 255), 25 ≡ 32 (mod 255), 26 ≡
64 (mod 255), 27 ≡ 128 (mod 255), 28 ≡ 1 (mod 255). Hence, |2|255 = 8.
Exercise 9.11: Since a9 ≡ 1 (mod 31) then |a|31 | 9.
Also, we know that |a|31 | φ (31). Hence, |a|31 | gcd(9, 30) = 3. It follows that |a|31 = 1 or 3, but since a 6= 1
(mod 31) then its order cannot be 1.
Thus, |a|31 = 3.
Exercise 9.12: We know |a|31 divides φ (31) = 30, and that a100 ≡ −1 (mod 31) implies |a|31 divides 200.
Hence, |a|31 divides gcd(30, 200) = 10. It follows that |a|31 could be 1, 2, 5, or 10. However, If |a|31 = 1, 2, 5, 10
(all of them divisors of 100) then a100 ≡ 1 (mod 31). Hence, this problem has no solutions.
Exercise 9.13: Since a74 ≡ 1 ( mod 23) then |a|23 divides 74. Since we know that |a|23 divides φ (23) = 22
then |a|23 divides gcd(74, 22) = 2, and thus |a|23 = 1, 2. But |a|23 = 1 implies a ≡ 1 ( mod 23), which is a
contradiction. Hence, |a|23 = 2.
Exercise 9.14: (a) Since |a|n is even then (−1)|a|n = 1. Then
(−a)|a|n = (−1)|a|n a|a|n = a|a|n ≡ 1
(mod n)
Hence, | − a|n divides |a|n . Similarly, since | − a|n is even then (−1)|−a|n = 1. Then,
a|−a|n = (−(−a))|−a|n = (−1)|−a|n (−a)|−a|n = (−a)|−a|n ≡ 1 (mod n)
Hence, |a|n divides | − a|n . Done.
Exercise 9.19: Since a|a|n2 ≡ 1 (mod n2 ), then a|a|n2 ≡ 1 (mod n). It follows that |a|n divides |a|n2 .
144
15 Solutions
Exercise 9.25: Since a is not a primitive root, then |a|n < φ (n). Note that
(at )|a|n ≡ (a|a|n )t ≡ 1 (mod n)
for all t ∈ N. Hence, |at | ≤ |a|n < φ (n). This implies that |at |n < φ (n), and thus at cannot be a primitive root of
n.
Exercise 9.26: For n = 2, n − 1 = 1 is a primitive root of 2.
For n > 2. Since n − 1 ≡ −1 6≡ 1 (mod n) then |n − 1|n = 2. It follows that, for n − 1 to be a primitive root of
n we need φ (n) = 2. Since φ (n) = 2 implies n = 3, 4, 6 then we get that
(i) 2 is a primitive root of 3,
(ii) 3 is a primitive root of 4,
(iii) 5 is a primitive root of 6
Exercise 9.27: We know that if |a|n and |b|n are relatively prime, then |ab|n = |a|n |b|n (exercise 9.16). Hence,
using that pα−1 and p − 1 are relatively prime we get that |ab|n = |a|n |b|n = pα−1 (p − 1) = φ (pα ). It follows
that ab is a primitive root of n = pα .
Exercise 9.28: Let x = | − r| p . Since r is a primitive root of p then −r = ri for some i ∈ N. It follows that
x = | − r| p = |ri | p =
φ (p)
gcd(i, φ (p))
and thus x divides φ (p).
Since (−r)x ≡ 1 (mod p) then
1 ≡ (−r)x ≡ (−1)x rx
(mod p)
which implies that (−1)x ≡ rx (mod p).
- If x is even, then 1 ≡ rx (mod p), and thus |r| p divides x. Hence, φ (p) divides x, and thus φ (p) = x.
- If x is odd, then −1 ≡ rx (mod p). Squaring both sides we get 1 ≡ r2x (mod p), which forces that |r| p divides
2x. Hence, φ (p) | 2x | 2φ (p). It follows that x = φ (p) or 2x = φ (p).
If x = φ (p) then we get a contradiction because odd cannot be equal to even. If 2x = φ (p) then p ≡ 1 (mod 4)
forces that p − 1 is a multiple of 4, and thus x must be even. Contradiction.
Exercise 9.39: The smallest candidate to be a primitive root of 14 is 3. We check the powers of 3 and see if
|3|14 = φ (14) = 6,
31 ≡ 3 ( mod 14)
32 ≡ 9 ( mod 14)
33 ≡ −1 ( mod 14)
So, |3|14 = 6, and thus it is a primitive root of 14.
The other powers of 3 are
34 ≡ 11 ( mod 14)
35 ≡ 5 ( mod 14)
36 ≡ 1 ( mod 14)
and thus, using the formula for the order of powers of an element we get
|1|14 = 1
|9|14 = |32 |14 = 3
|3|14 = 6
|11|14 = |34 |14 = 3
|5|14 = |35 |14 = 6
|13|14 = |33 |14 = 2
It follows that the only primitive roots of 14 are 3 and 5.
Exercise 9.40: (a) We need to try numbers to find a first primitive root. Let’s try r = 2.
Since φ (13) = 12 then |2|13 could be 1, 2, 3, 4, 6, or 12. We look at powers of 2:
15 Solutions
145
21 ≡ 2
(mod 13), 22 ≡ 4
(mod 13), 23 ≡ 8
(mod 13)
24 ≡ 3 (mod 13), 26 ≡ 12 (mod 13)
Since |2|13 6= 1, 2, 3, 4, 6, then |2|13 = 12, and thus r = 2 is a primitive root of 13.
Now that we have one primitive root, we know that 2i will also be a primitive root of 13 if and only if
gcd(i, 12) = 1. Hence,
21 ≡ 2 (mod 13),
25 ≡ 6 (mod 13)
27 ≡ 11 (mod 13),
211 ≡ 7
(mod 13)
are all the primitive roots of 13.
(b) We cannot try 2 or 3 for this because they are not relatively prime with 18. So, we will first try 5. We know
that φ (18) = φ (2)φ (9) = 6. So, |5|18 | can be 1, 2, 3, or 6. The powers of 5 modulo 18 are
51 ≡ 5 (mod 18)
52 ≡ 7
(mod 18)
53 ≡ −1 (mod 18)
So, |5|18 | = 6, and thus 5 is a primitive root of 18.
Since 5 is a primitive root of 18 then 5i is a primitive root of 18 for all (i, φ (18)) = 1. It follows that i can be 1
or 5. Hence, all the primitive roots of 18 are
(i) r = 51 = 5
(ii) r = 55 , which is 55 ≡ 53 52 ≡ (−1)(7) ≡ 11 (mod 18)
Exercise 9.42: Recall that n has a primitive root if and only if n = 2, 4, pα or 2 · pα , where p is an odd prime
and α ≥ 1. It follows that 21 and 12 have zero primitive roots.
For the other numbers we use that if n has a primitive root, then n has exactly φ (φ (n)) primitive roots.
We easily get that
φ (φ (4)) = φ (φ (22 )) = φ (2) = 1
φ (φ (10)) = φ (φ (2 · 5)) = φ (4) = φ (22 ) = 2
φ (φ (81)) = φ (φ (34 )) = φ (2 · 33 ) = 2 · 32 = 18
φ (φ (250)) = φ (φ (2 · 53 )) = φ (52 · 4) = φ (22 · 52 ) = 2 · 5 · 4 = 40
n # of roots
4
1
10
2
21
0
81
18
250
40
12
0
Exercise 9.48: We need to find a primitive root of 232 by first finding a primitive root of 23. Since 5 is a
primitive root of 23 then that is our candidate to be a primitive root of 232 . We know that the order of 5 modulo
232 must be either 22 or 22 × 23 = φ (232 ).
All computations below are modulo 232 . We want to know
522 ≡ (52 )11 ≡ 2511 ≡ (23 + 2)11 ≡ 11 · 23 · 210 + 211
(mod 232 )
(the last step by using the binomial theorem).
Since
210 ≡ (32)2 ≡ (23 + 9)2 ≡ 18 · 23 + 81 ≡ 9(2 · 23 + 9) (mod 232 )
then
146
15 Solutions
522 ≡ 9(2 · 23 + 9)(11 · 23 + 2) ≡ 9(103 · 23 + 18) ≡ 9[(5 · 23 − 12)23 + 18] (mod 232 )
≡ 9(18 − 12 · 23) ≡ 9 · 18 − 108 · 23 ≡ 162 − (5 · 23 − 7) · 23 (mod 232 )
≡ 23 · 7 + 1 + 7 · 23 ≡ 14 · 23 + 1
(mod 232 )
which is less than 232 and different from one. Hence, 5 is a primitive root of 232 , and it is also a primitive root
of 231974 .
All the other primitive roots of 231974 are of the form 5i , where (i, φ (231974 )) = 1.
Exercise 9.50: Since 46 = 23 · 2 we need a primitive root of 23.
Let us try r = 5. Since φ (23) = 22 then |5|23 = 1, 2, 11, or 22.
The first three interesting powers of 5 modulo 23 are
51 ≡ 5 (mod 23)
52 ≡ 2
(mod 23)
and
511 ≡ (52 )5 · 5 ≡ 25 · 5 ≡ 9 · 5 ≡ −1
(mod 23)
So, the order of 5 is 22, and thus it is a primitive root of 23.
Since r = 5 is odd then 5 is also a primitive root of 2 · 23.
Exercise 9.51: (a) We want to use that gcd(2, pa ) = 1, because p is odd to get
φ (φ (2 · pa )) = φ (φ (2)φ (pa )) = φ (φ (pa ))
But, in order to use this we need to know that both pa and 2 · pa have at least one primitive root. However, since
p is an odd prime then we know that both pa and 2 · pa have at least one primitive root.
Exercise 9.52: Take r = 2.
We know that if r is a primitive root of p (odd prime) and
(i) r12 ≡ 1 (mod p2 ) then r is not a primitive root of p2 , but r + p is, or
(ii) r12 6≡ 1 (mod p2 ) then r is a primitive root of p2 .
Now we need to check whether 212 ≡ 1 (mod 132 ). We have the following computations modulo 132 .
212 ≡ (24 )3 ≡ (13 + 3)3 ≡ 133 + 3 · 132 · 3 + 3 · 13 · 32 + 33 ≡ 3 · 13 · 32 + 33
which is congruent to
13 · 27 + 27 ≡ 13(26 + 1) + 27 ≡ 2 · 132 + 13 + 27 ≡ 40
which is not 1 modulo 132 . Hence, 2 is a primitive root of 132 , and of 13r for all r > 1. In particular, 2 is a
primitive root of 132011 .
Finally, we know that if r is a primitive root of pk (p odd prime) and
(i) r is odd then r is a primitive root of 2 · pk , or
(ii) r is even then r is not a primitive root of 2 · pk , but r + pk is.
Since 2 is even then 2 + 132011 is a primitive root of 2 · 132011 .
Exercise 9.53: (a) We know φ (31) = 30. So if a ∈ Z with gcd(a, 31) = 1, then |a|31 ∈ {1, 2, 3, 5, 6, 10, 15, 30}.
We easily get that
21 ≡ 2 ( mod 31)
22 ≡ 4 ( mod 31)
23 ≡ 8 ( mod 31)
25 ≡ 1 ( mod 31)
So, |2|31 = 5 6= 30 and 2 is not a primitive root of 31. Hence any power of 2 is not a primitive root of 31. Let us
try 3 :
15 Solutions
147
31 ≡ 1 ( mod 31)
32 ≡ 9 ( mod 31)
5
3 ≡ 26 ( mod 31)
36 ≡ 16 ( mod 31)
15
3 ≡ 30 ≡ −1 ( mod 31)
33 ≡ 27 ( mod 31)
310 ≡ 25 ( mod 31)
So |3|31 = 30 and thus 3 is primitive root of 31.
(b) To find all the primitive roots of 31, we use that if r is a primitive root of n then all the primitive roots of n
are powers of r, where the exponent is relatively prime with φ (n).
Since ϕ(31) = 30, all the primitive roots of 31 are given by
{31 , 37 , 311 , 313 , 317 , 319 , 323 , 329 }
But,
31 ≡ 3 ( mod 31)
313 ≡ 24 ( mod 31)
323 ≡ 11 ( mod 31)
37 ≡ 17 ( mod 31)
317 ≡ 22 ( mod 31)
329 ≡ 21 ( mod 31)
311 ≡ 13 ( mod 31)
319 ≡ 12 ( mod 31)
So all the primitive roots of 31 are
{3, 11, 12, 13, 17, 21, 22, 24}
(c) Now we want to find a primitive root of 31α for all α ≥ 2, we know that it has to be either 3 or 3 + 31 = 34.
We first check if 3 is a primitive root of 312 . We need to calculate 330 ( mod 312 ). if 330 ≡ 1 mod 312 then 3
is not a primitive root of 312 and 34 will be a primitive root of 312 ; if 330 6≡ 1 mod 312 then 3 is a primitive
root of 312 .
Using successive squaring, or just by playing with the numbers, we get
330 ≡ 528 6≡ 1 ( mod 312 )
So, 3 is a primitive root of 312 , which implies that 3 is a primitive root of 31α for all α ≥ 2.
(d) To find a primitive root for 2 · 31α for all α ≥ 1, we know that if we have already found a primitive root as
above for 312 then one can use that root depending on the root being even or odd. In our case we get that, since
3 is odd, then 3 is a primitive root of 2 · 31α for all α ≥ 1.
Exercise 9.54: (a) Since 3 is a primitive root of 7 then 3 is a primitive root of 72 if and only if 37−1 6≡ 1
(mod 72 ). Now,
36 ≡ 81 · 9 ≡ (−17) · 9 ≡ (−17 · 3) · 3 ≡ (−51) · 3 ≡ (−2) · 3 ≡ −6
(mod 49)
which is not congruent to 1.
It follows that 3 is a primitive root of 72 , and thus, a primitive root of 7k for all k ∈ N. In particular 3 is a
primitive root of 72011 .
Finally , since 3 is odd then 3 is also a primitive root of 2 · 72011 .
(b) Since n = 34022 , which is a power of an odd prime, then n has a primitive root, it follows that it has φ (φ (n))
primitive roots, which is
φ (φ (34022 )) = φ (34021 (3 − 1)) = φ (2 · 34021 ) = φ (34021 ) = 34020 (3 − 1) = 2 · 34020
In order to find one primitive root we look for a primitive root of 3. It is easy to see that r = 2 is one. Now to
check that 3 is a primitive root of 32 . It is also easy to see that |2|9 = 6 = φ (9), and thus r = 2 is a primitive
root of both 3 and 32 . Hence, r = 2 is a primitive root of 3k , for all k ∈ N. In particular, r = 2 is a primitive root
of n.
Exercise 9.55: A nice way to do this is to consider r a primitive root of 997 (we know r exists because 997 is
prime). Then, the sum of the elements in Z∗997 is :
r + r2 + · · · + rφ (997) = 1 + r + r2 + · · · + rφ (997)−1
148
15 Solutions
(using Euler’s Theorem).
Now notice that
(r − 1)(1 + r + r2 + · · · + rφ (997)−1 ) = rφ (997) − 1 = 0
in Z997 (by Euler’s Theorem).
Since 997 is prime then we get that r − 1 = 0 (impossible because r is a primitive root), or 1 + r + r2 + · · · +
rφ (997)−1 = 0, in which case the sum we were looking for is equal to zero.
Exercise 9.58: All we need is Remark 9.57.
logr (a) ≡ logr (b) (mod φ (n))
m
rlogr (a) ≡ rlogr (b) (mod n)
m
a ≡ b (mod n)
Exercise 9.59: Since logs (a) = k then sk ≡ a (mod n). Plugging rt ≡ s (mod n) into the previous expression
we get (rt )k ≡ a (mod n), and thus rtk ≡ a (mod n). It seems that logr (a) = tk, but since tk could be larger
than φ (n) then we use that rtk ≡ rx ≡ a (mod n) for all x ≡ tk (mod φ (n)), to get logr (a) = x where x is the
remainder of tk after dividing by φ (n).
Exercise 9.63: Using that 3 is a primitive root of 14 we get to use log3 ( ). Then
xx ≡ 1
(mod 14) → log3 (xx ) ≡ log3 (1) (mod 6) → x log3 (x) ≡ 0
(mod 6)
It follows that either:
(i) x ≡ 0 (mod 6)
(ii) log3 (x) ≡ 0 (mod 6), which implies x ≡ 1 (mod 14)
(iii) x ≡ 2 (mod 6) and log3 (x) ≡ 3 (mod 6), which implies that x ≡ 2 (mod 6) and x ≡ 13 (mod 14)
(iv) x ≡ 4 (mod 6) and log3 (x) ≡ 3 (mod 6), which implies that x ≡ 4 (mod 6) and x ≡ 13 (mod 14)
(v) x ≡ 3 (mod 6) and log3 (x) ≡ 2 (mod 6), which implies that x ≡ 3 (mod 6) and x ≡ 9 (mod 14)
(vi) x ≡ 3 (mod 6) and log3 (x) ≡ 4 (mod 6), which implies that x ≡ 3 (mod 6) and x ≡ 11 (mod 14)
All solutions follow from these six cases. You might need to use the Chinese Remainder Theorem for the last
four.
Exercise 9.66: (a) Applying log2 ( ) to both sides of 7x4 ≡ 8 (mod 11) we get
log2 (7) + 4 log2 (x) ≡ log2 (8) (mod 10)
7 + 4 log2 (x) ≡ 3
(mod 10)
4 log2 (x) ≡ −4
(mod 10)
Since gcd(4, 10) = 2, then we will have two solutions for log2 (x) modulo 10, in the equation above. We divide
by 4 the equation above to get
log2 (x) ≡ −1
log2 (x) ≡ 4
(mod 5)
(mod 5)
So,
log2 (x) ≡ 4
(mod 10)
log2 (x) ≡ 9
(mod 10)
which implies
x ≡ 24 ≡ 5 (mod 11)
x ≡ 29 ≡ 6
(mod 11)
15 Solutions
149
(b)
1 + 10x6 ≡ 8 (mod 11)
next we subtract 1 both sides and use 10 ≡ −1
−x6 ≡ 7 (mod 11)
next we multiply by −1 both sides
x6 ≡ −7 (mod 11)
next we use 4 ≡ −7 (mod 11)
x6 ≡ 4 (mod 11)
next we apply log2 ( ) both sides
log2 (x6 ) ≡ log2 (4) (mod 10) next we use log properties to bring the 6 down
6 log2 (x) ≡ log2 (4) (mod 10) next we use that log2 (4) = 2
6 log2 (x) ≡ 2 (mod 10)
(mod 11)
Note that since gcd(6, 10) = 2 and that this divides 2 then the equation has two solutions. We divide that
equation by 2 to get
3 log2 (x) ≡ 1 (mod 5)
which has an obvious solution log2 (x) ≡ 2 (mod 5), and this implies
log2 (x) ≡ 2
log2 (x) ≡ 7
(mod 10)
(mod 10)
Finally, we get
x ≡ 22 ≡ 4 (mod 11)
x ≡ 27 ≡ 7
(mod 11)
Exercise 9.69: (a) We know that 3 is a primitive root of 14. So, we apply log3 () to both sides of ax9 ≡ 5
(mod 14). We get
log3 (a) + 9 log3 (x) ≡ log3 (5) (mod 6)
Since log3 (5) = 5 we get
9 log3 (x) ≡ 5 − log3 (a) (mod 6)
Then, this equation has solutions iff gcd(9, 6) = 3 divides 5 − log3 (a). Since, log3 (a) ∈ {1, 2, 3, 4, 5, 6} then
log3 (a) = 2, 5. It follows that
a ≡ 32 = 9 (mod 14)
a ≡ 35 ≡ 5
(mod 14)
are the only two values that would imply that ax9 ≡ 5 (mod 14) has solutions.
2
Exercise 9.70: Recall that x2 ≡ 1 (mod p) has solutions x ≡ ±1 (mod p). Since r(p−1)/2 ≡ 1 (mod p)
then r(p−1)/2 is a solution of x2 ≡ 1 (mod p). Hence, since |r| p = p − 1 then r(p−1)/2 6≡ 1 (mod p), and thus
r(p−1)/2 ≡ −1 (mod p). It follows that logr (−1) = p−1
2 .
Exercise 9.71: Let r be a primitive root of p. We apply logr ( ) to both sides of x2 ≡ −1 (mod p) to get
logr (x2 ) ≡ logr (−1) (mod p − 1), which can be re-written as 2 logr (x) ≡ p−1
2 (mod p − 1). This equation
(with unknown logr (x)) has solutions if and only if gcd(2, p − 1) = 2 divides p−1
2 , which happens when 4
divides p − 1. It follows that x2 ≡ −1 (mod p) has solutions if and only if p ≡ 1 (mod 4).
Exercise 9.72: This is a generalization of Exercises 9.70 and 9.71.
(a) Since r
φ (pa )
2
is a solution of x2 ≡ 1 (mod pa ), then r
φ (pa )
2
φ (pa )
2
≡ ±1 (mod pa ). Since r is a primitive root
of pa then |r| pa = φ (pa ), and thus r
6≡ 1 (mod pa ). It follows that r
φ (pa )
logr (−1) =
.
2
(b) In order to solve x2 ≡ −1 (mod pa ) we will use logr ( ).
x2 ≡ −1 (mod pa )
2 logr (x) ≡ logr (−1) (mod φ (pa ))
a
2 logr (x) ≡ φ (p2 ) (mod φ (pa ))
φ (pa )
2
≡ −1 (mod pa ). Hence,
next we apply logr ( ) both sides
next we use part (a)
150
15 Solutions
a
a
it follows that this equation has solutions if and only if gcd(2, φ (pa )) = 2 divides φ (p2 ) . This forces that φ (p4 ) is
an integer, and thus 4 divides φ (pa ) = pa−1 (p − 1). Since 4 and pa−1 are relatively prime then 4 divides p − 1,
which means p ≡ 1 (mod 4).
Exercise 9.73: Let r be a primitive root of p. We apply logr ( ) to both sides of x4 ≡ −1 (mod p) to get
logr (x4 ) ≡ logr (−1) (mod p − 1), which can be re-written as 4 logr (x) ≡ p−1
2 (mod p − 1). This equation
(with unknown logr (x)) has solutions if and only if gcd(4, p − 1) divides p−1
.
We have to consider two cases
2
here:
(a) If gcd(4, p − 1) = 2, which happens when p ≡ 3 (mod 4), then we need to have that 2 divides p−1
2 . But this
means that 4 divides p − 1, i.e. p ≡ 1 (mod 4). Contradiction.
(b) If gcd(4, p − 1) = 4, which happens when p ≡ 1 (mod 4), then we need to have that 4 divides p−1
2 . This
means that 8 divides p − 1, and that means that p ≡ 1 (mod 8).
Hence, x4 ≡ −1 (mod p) has solutions if and only if p ≡ 1 (mod 8).
Exercise 9.74: Just as we did before, let r be a primitive root of p. We apply logr ( ) to both sides of x2 ≡ ri
(mod p) to get logr (x2 ) ≡ logr (ri ) (mod p − 1), which can be re-written as 2 logr (x) ≡ i (mod p − 1). This
equation (with unknown logr (x)) has solutions if and only if gcd(2, p − 1) divides i. It follows that x2 ≡ ri
(mod p) has solutions if and only if i is even.
Chapter 10
Exercise 10.5: Let n ∈ Z, n > 1.
(a) If a, b ∈ n then there exist c, d ∈ Z such that
a ≡ c2
(mod n)
b ≡ d2
(mod n)
It follows that (ab) ≡ (cd)2 (mod n), and thus ab ∈ n .
(b) Since 12 = 1 then 1 ∈ n .
(c) If a ∈ n then there exists b ∈ Z such that a ≡ b2 (mod n). If c is an inverse of a modulo n then c ≡ aφ (n)−1
(mod n) (by Euler’s Theorem). It follows that
2
c ≡ aφ (n)−1 ≡ (b2 )φ (n)−1 ≡ bφ (n)−1
(mod n)
and thus c ∈ n .
Exercise 10.7: (b) The equation x2 ≡ y2 (mod p) can be re-written as p | (x2 − y2 ), which is p | (x + y)(x − y).
By Euclid’s Lemma we get that p | (x + y) or p | (x − y). Hence, we get x ≡ ±y (mod p). So, if there is a
solution then there are exactly two solutions (here using that p 6= 2). The other possibility is that there are no
solutions.
(c) Since p is an ODD prime, that there are exactly two elements in Z∗p that have the same square (part (b)).
p−1
(in Z∗p ). There we use part (a) to
Since Z∗p contains p − 1 elements then the number of squares is exactly
2
p−1
get at most
squares.
2
Exercise 10.12: Let p be an odd prime, and r a primitive root of p.
(a) Since r(p−1)/2 ≡ −1 (mod p) then r is not a quadratic residue modulo p.
(b) If logr (a) = k, for some k ∈ Z, then
a(p−1)/2 ≡ (rk )(p−1)/2 ≡ (r(p−1)/2 )k ≡ (−1)k
(mod p)
15 Solutions
151
Hence, a(p−1)/2 ≡ 1 (mod p) if and only if k is even, which means that a is a quadratic residue modulo p if
and only if k is even.
Exercise 10.14: This follows from logr (−1) = p−1
2 , which forces (using Exercise 10.12) −1 to be a quadratic
p−1
residue if and only if p−1
is
even.
But,
is
even
if and only if p ≡ 1 (mod 4). We are done.
2
2
Exercise 10.15: Note that
(−r)(p−1)/2 ≡ (−1)(p−1)/2 (r)(p−1)/2 ≡ (−1)(p−1)/2 · 1
(mod p)
which is 1 if and only if −1 is a quadratic residue of p. Using Exercise 10.14 we get the result we wanted.
Exercise 10.16: (a) Note that if a, b ∈ 6 p then
a(p−1)/2 ≡ −1
b(p−1)/2 ≡ −1 (mod p)
(mod p)
Hence,
(ab)(p−1)/2 ≡ a(p−1)/2 b(p−1)/2 ≡ (−1)(−1) ≡ 1
(mod p)
and so, ab ∈ p .
(b) Note that
ab
p
=
a
b
p
p
and thus, if any two of these Legendre symbols are equal to 1 then the third must be a 1 as well. Similarly, if
any of the three symbols is a −1 then exactly one of the other two must be a −1 as well.
(c) Let a be a fixed element in 6 p . Note that if d is an inverse of a modulo p then d is also an element in 6 p
(otherwise, a would be forced to live in p ).
Let b be any element in 6 p . Using part (a) we know that db ∈ p . Let db = c, where d ∈ p .
Multiplying db = c both sides by a we get b = ac.
Exercise 10.29: (b) Note that 37 is an odd prime and that 1974 ≡ 13 (mod 37). Then, using the quadratic
reciprocity,
1974
13
−2
−1
2
37
=
= (−1)((13−1)/2 (37−1)/2)
= (1)
=
37
37
13
13
13
13
Since 13 ≡ −3 (mod 8), and 13 ≡ 1 (mod 4) then
2
= −1
13
−1
13
=1
Hence,
1974
37
−1
2
13
13
= (1)(−1)
=
= −1
Then, 1974 is not a quadratic residue modulo 37.
Exercise 10.30: (a) Computing squares modulo 17 we get
12 ≡ 1
22 ≡ 4
32 ≡ 9
42 ≡ 16
52 ≡ 8
62 ≡ 2
72 ≡ 15
82 ≡ 13
152
15 Solutions
Since there are exactly 17−1
2 quadratic residues modulo 17 then we are done.
(b) Since both 17 and 2011 are odd primes, then we can use the quadratic reciprocity law to get
17
(17−1)/2 (2011−1)/2 2011
= (−1)
2011
17
5
= (−1)8·1005
17
= (1)(−1) = −1
the last step is because 5 is not a quadratic residue modulo 17 (from part (a)). It follows that 17 is not a quadratic
residue modulo 2011.
Exercise 10.32:
n 991991 · 20112011 · 2, 000, 000 =
31
31
991991 · 20112011 · 27 · 56
=
31
990
991 · 2011 · 2
991 · 20112010 · 26 · 56
=
31
31
2 ! 495
1005
3
3
991 · 2011
·2 ·5
991 · 2011 · 2
=
31
31
991
2011
2
= (1)
31
31
31
30
27
2
=
31
31
31
−1
−4
2
=
31
31
31
−1
4
2
−1
=
31
31
31
31
−1 2 4
2
=
31
31
31
2
=
31
=1
the last step because 31 ≡ −1 (mod 8). Hence, n is a quadratic residue modulo 31.
Exercise 10.34: Let p be an odd prime, different from 3. Then,
3
1 p ≡ ±1 (mod 12)
=
−1 p ≡ ±5 (mod 12)
p
Exercise 10.35: This could be done either by trial and error, or by realizing that the quadratic reciprocity gives
information on whether two distinct odd primes are quadratic residues modulo each other.
(a) 3 is not a quadratic residue modulo 5 and 5 ≡ 2 (mod 3) is not a quadratic residue modulo 3.
(b) 7 ≡ 1 ≡ 12 (mod 3) is a quadratic residue modulo 3 but 3 is not a quadratic residue modulo 7.
(c) 11 ≡ 1 ≡ 12 (mod 5) is a quadratic residue modulo 5 and 5 ≡ 16 ≡ 42 (mod 11) is a quadratic residue
modulo 11.
15 Solutions
153
Chapter 11
Exercise 11.5: For all these solutions, let gcd(m, n) = 1,
(a) Yes. f (mn) = (mn)k = mk nk = f (m) f (n)
(b) No. g(mn) = 2 6= 2 · 2 = g(m)g(n)
(c) No. h(mn) = (mn) + 1 6= (m + 1)(n + 1) = h(m)h(n)
(d) Yes. Let p be an odd prime. We need to consider two cases:
(i) If p divides n or m, WLOG p divides n. Then, p divides nm. It follows that
n
mn
=0=
p
p
Hence
λ (mn) =
mn
p
=0=
m
m
n
·0 =
= λ (m)λ (n)
p
p
p
(ii) If p divides neither n nor m. Then, p does not divide nm. It follows that
m
n
mn
=
= λ (m)λ (n)
λ (mn) =
p
p
p
all this from theorem 10.17.
(e) Yes, but then again we will need to take cases.
(i) If m or n is/are equal to one. The proof is immediate.
(ii) If m or n is not square-free, WLOG n is not square-free. It follows that mn is not square-free. It follows that
µ(n) = µ(mn) = 0. Then
µ(mn) = 0 = µ(m) · 0 = µ(m)µ(n)
(iii) If both m and n are square-free, then n = p1 p2 · · · pk and m = q1 q2 · · · qr , where all the pi ’s and qi ’s are
distinct (this is not only because n and m are square-free, but also because gcd(m, n) = 1). It follows that
mn = p1 p2 · · · pk q1 q2 · · · qr is also square-free. Hence,
µ(mn) = (−1)k+r = (−1)k (−1)r = µ(n)µ(r)
Exercise 11.7: Note that h(x) = x2 is completely multiplicative, and φ is multiplicative. The function given in
this problem is f (x) = (h ◦ φ )(x). Let us check, directly, that f is multiplicative. Assume (m, n) = 1
f (mn) = φ (mn)2 = [φ (m)φ (n)]2 = φ (m)2 φ (n)2 = f (m) f (n)
Hence, f is multiplicative. We suspect it is not completely multiplicative, as φ is not. In order to be sure we
need to give an example. Firstly
f (2 · 6) = φ (2 · 6)2 = 42 = 16
and on the other hand
f (2) f (6) = φ (2)2 φ (6)2 = 12 · 22 = 4
and thus f (2 · 6) 6= f (2) f (6), which means that f is not multiplicative.
Exercise 11.8: (a) Let f and g be two completely multiplicative functions and let m, n ∈ Z. Then,
( f g)(mn) = f (mn)g(mn)
= f (m) f (n)g(m)g(n)
= f (m)g(m) f (n)g(n)
= ( f g)(m)( f g)(n)
154
15 Solutions
Note that in order to do this we need to be able to do g(m) f (n) = f (n)g(m), but this is fine because both f and
g have images in R.
(b) This is just like (a), as adding the condition gcd(m, n) = 1 will not change the proof a bit. Check it!
(c) False. Consider φ and µ (from exercise 11.5). Since
(φ + µ)(6) = φ (6) + µ(6) = 2 + 1 = 3
and
(φ + µ)(2) = φ (2) + µ(2) = 1 − 1 = 0
then, since
(φ + µ)(6) = 3 6= 0 = (φ + µ)(2)(φ + µ)(3)
we get that φ + µ is not multiplicative.
Exercise 11.9:
(a)
( f ◦ g)(mn) = f (g(mn)) = f (g(m)g(n)) = f (g(m)) f (g(n)) = ( f ◦ g)(m)( f ◦ g)(n)
(b) Note that the third inequality in the solution of part (a) uses that f splits the product g(m)g(n). This is
always possible if f is completely multiplicative, but if f is just multiplicative then we need g(m) and g(n)
to be relatively prime for the splitting of the product to work. Hence, we suspect this the composition of
multiplicative function is not necessarily multiplicative. We need a counterexample.
Let f = g = φ , and n = 3 and m = 4. Then
(φ ◦ φ )(3 · 4) = (φ ◦ φ )(12) = φ (φ (12)) = φ (4) = 2
(φ ◦ φ )(3)(φ ◦ φ )(4) = φ (φ (3))φ (φ (4)) = φ (2)φ (2) = 1 · 1 = 1
and hence (φ ◦ φ )(3 · 4) 6= (φ ◦ φ )(3)(φ ◦ φ )(4), and thus φ ◦ φ is not multiplicative.
(c) Let gcd(m, n) = 1. Then f (mn) = f (m) f (n), because f is multiplicative. Then, using that g is completely
multiplicative,
(g ◦ f )(mn) = g( f (mn)) = g( f (m) f (n)) = g( f (m))g( f (n)) = (g ◦ f )(m)(g ◦ f )(n)
which means that g ◦ f is multiplicative.
Exercise 11.12: (c) Let H be the summatory function of h(n) = n + 1. We want to compute H(18).
We know H(n) = ∑ h(d). Then,
d|n
H(18) =
∑ h(d)
d|18
= h(1) + h(2) + h(3) + h(6) + h(9) + h(18)
= (1 + 1) + (2 + 1) + (3 + 1) + (6 + 1) + (9 + 1) + (18 + 1)
= 2 + 3 + 4 + 7 + 10 + 19
= 45
Exercise 11.27: Since 2011 is prime then σ (2011) = 1 + 2011 and τ(2011) = 1 + 1.
15 Solutions
155
σ [σ (2011) + τ(2011) + 2] = σ [(1 + 2011) + (1 + 1) + 2]
= σ (2016)
= σ (2016)
= σ (25 · 32 · 7)
= σ (25 )σ (32 )σ (7)
26 − 1
(1 + 3 + 32 )(1 + 7)
2−1
= 6552
=
Exercise 11.28: (a) Let σ (n) = 46.
Since 46 = 2 · 23, then we can write this number in only two ways as a product of factors, namely 46 and 2 · 23.
Since 46 ≡ 1 (mod 5) and 46 ≡ 1 (mod 3) then we now check whether 46 is the sum of consecutive powers
of these primes (3 or 5). Since
1+3 = 4
1 + 3 + 32 = 13
1 + 3 + 32 + 33 = 40
1 + 3 + 32 + 33 + 34 > 46
then 3 does not work. Similarly, 5 does not work because
1+5 = 6
1 + 5 + 52 = 31
1 + 5 + 52 + 53 > 46
Now we look at the other factorization. Since 2 6≡ 1 (mod p), for all primes p then this factorization yields no
solutions as well.
Summarizing, there are no positive integers n such that σ (n) = 46.
Let σ (n) = 48... a slightly different approach for this solution.
α
If n = pα1 1 pα2 2 . . . pk k is the prime factorization of n, then
α +1
α
48 = σ (n) = σ (pα1 1 ) σ (pα2 2 ) . . . σ (pk k ) =
p k
pα1 1 +1 pα2 2 +1
·
··· k
p1 − 1 p2 − 1
pk − 1
First, we find what the possibilities are for pαi i . So we have to find all pairs (p, α) where p is a prime, α ≥ 1 and
pα+1 − 1
= 1 + p + · · · + pα divides 48. After some work, we get the following possibilities for (pα , σ (pα ))
p−1
(21 , 3) (31 , 4) (51 , 6) (71 , 8) (111 , 12) (231 , 24) (471 , 48)
Next, we have to piece these possibilities together to find n : write 48 as the product of σ (pα )’s that we just
found; then n is the product of the corresponding pα ’s. We get
48 = 48 = 12 · 4 = 8 · 6
This corresponds to n = 471 , n = 111 · 31 = 33 and n = 71 · 51 = 35.
(b) Let n be one of these integers. Since 1 and n are divisors of n then we look at n having exactly two other
divisors.
b
If n = p1b1 pb22 · · · pk k , where the pi ’s are all distinct primes, and k > 2 then p1 , p2 and p3 would be three other
divisors. Can’t be. So, n = pb11 pb22 .
If b1 > 3 then p1 , p21 and p31 divide n (and are not n), so b1 and b2 can be 0, 1, 2 or 3. Similarly we check that if
one of the exponents is 3 then the only way this would work is not to have the other prime as a factor of n.
Now we check what happens with the possible n’s.
(i) n = p31 , has divisors 1, p1 , p21 , p31 . It works!
(ii) n = p21 p2 , has 1, p1 , p21 , p1 p2 , n as divisors. Too many!
156
15 Solutions
(iii) n = p21 p22 , has at least 1, p1 , p21 , p2 , p22 as divisors. Too many!
(iv) n = p1 p2 , has divisors 1, p1 , p2 , n. It works!
(v) n = p21 , has 1, p1 , n as divisors. Too few!
(vi) n = p1 , has 1, n as divisors. Too few!
Hence, n = p3 , where p is prime, or n = pq, where p and q are distinct primes.
α
(c) We have to find the smallest positive integer n with τ(n) = 25. If n = pα1 1 pα2 2 . . . pk k is the prime factorization
of n, then
25 = τ(n) = (α1 + 1) · (α2 + 1) · · · (αk + 1)
In how many ways can we write 25 as a product of integers? There are only two ways :
25 = 25 = 5 · 5
This corresponds to k = 1 and α1 = 24 or to k = 2 and α1 = α2 = 4. Hence
n = p24
or n = p41 p42
1
where p1 , p2 are different primes. The smallest solution in each case is
n = 224 = 16, 777, 216 or n = 24 · 34 = 1296
Exercise 11.29: Consider the function f (n) = n2 . This function is completely multiplicative, as
f (nm) = (nm)2 = n2 m2 = f (n) f (m)
Now note that its summatory function is
F(n) = ∑ f (d) = ∑ d 2
d|n
d|n
which is the sum of the squares of the divisors of n. Hence, α is the summatory function of a multiplicative
function, and thus it is multiplicative.
Another way to do this is to use problem 1 in part I, as α = σ · σ , the product of two multiplicative functions,
and thus multiplicative.
Yet another way to do this is to realize that α = σ 2 , and thus for (m, n) = 1 we get
α(mn) = σ (mn)2 = [σ (m)σ (n)]2 = σ (m)2 σ (n)2 = α(m)α(n)
Exercise 11.31: We will give two solutions for this problem
√
(i) Note that if n = dk then both
√d and k are divisors. Moreover, one of them is less (or equal) than n and the
other is larger (or equal) than n. It follows that if n is not a square then the divisors of√n can be paired, and
thus τ(n) is even.
√ Also, if n is a square, then all the divisors of n that are different from n can be paired, and
thus (adding n to the list of the divisors of n) n has an odd number of divisors.
a
(ii) If the prime factorization of n is n = p1a1 pa22 · · · pk k , then
τ(n) = (a1 + 1)(a2 + 1) · · · (ak + 1)
Since τ(n) is odd if and only if each of the (ai + 1)’s is odd, then we get that τ(n) is odd if and only if each ai
is even, which means that n is a square.
Exercise 11.36: We know f (n) = ∑ µ(d)F(n/d). Then, f (24) =
d|n
∑ µ(d)F(24/d).
d|12
Of the divisors of 24 only 1, 2, 3, and 6 are square-free (or 1). Hence, the terms of the sum with other divisors
of 24 do not contribute anything, as µ(d) = 0 for them. It follows,
15 Solutions
157
f (24) =
∑ µ(d)F(24/d)
d|12
= µ(1)F(24/1) + µ(2)F(24/2) + µ(3)F(24/3) + µ(6)F(24/6)
= µ(1)F(24) + µ(2)F(12) + µ(3)F(8) + µ(6)F(4)
= F(24) − F(12) − F(8) + F(4)
= (2 · 24 + 1) − (2 · 12 + 1) − (2 · 8 + 1) + (2 · 4 + 1)
= (49) − (25) − (17) + (9)
= 16
Exercise 11.37: (a) The divisors of n look like d = 3i 5 j , where i = 0, 1, · · · , 500 and j = 0, 1, · · · , 300. If i or j
are larger than 1 then a square divides d and thus µ(d) = 0. So the only divisors of n with non-zero µ(d) are
µ(3) = −1
µ(1) = 1
µ(5) = −1
µ(15) = 1
(b) This is essentially example 11.35 in the book. The only difference is n. So, based on what was done there
we have
f (n) = ∑ µ(d)F(n/d)
d|n
= µ(1)F(3500 5300 ) + µ(3)F(3499 5300 ) + µ(5)F(3500 5299 ) + µ(15)F(3499 5299 )
= F(3500 5300 ) − F(3499 5300 ) − F(3500 5299 ) + F(3499 5299 )
Exercise 11.42: (a) Let m, n be positive integers with gcd(m, n) = 1. We know that µ and τ are multiplicative.
Hence
µ(mn)τ(mn) = µ(m)µ(n)τ(m)τ(n) = [µ(m)τ(m)][µ(n)τ(n)]
So µτ is multiplicative. Since F is the summatory function of µτ, it follows that F is multiplicative.
(b) Let p be a prime and α > 0. Then the divisors of pα are 1, p, p2 , · · · , pα−1 , pα . Using our formulas for µ
and τ, we get
F(pα ) =
∑ µ(d)τ(d)
d|pα
= µ(1)τ(1) + µ(p)τ(p) + µ(p2 )τ(p2 ) + · · · + µ(pα )τ(pα )
= 1 · 1 + (−1) · 2 + 0 · 3 + · · · + 0 · (α + 1)
= −1
(c) We easily get that F(1) = ∑ µ(d)τ(d) = µ(1)τ(1) = 1 · 1 = 1.
d|1
α
Let n ≥ 2 and n = pα1 1 pα2 2 · · · pk k the prime factorization of n. Using the fact that F is multiplicative and using
(b), we get
F(n) = F(pα1 1 pα2 2 · · · pk k ) = F(pα1 1 )F(pα2 2 ) · · · F(pk k ) = (−1) · (−1) · · · (−1) = (−1)k
{z
}
|
k times
1
if n = 1
So, F(n) =
α
(−1)k if n = pα1 1 pα2 2 · · · pk k
α
α
Exercise 11.43: Using the Möbius Inversion Formula, we get
n
g(n) = ∑ µ(d) f
d
d|n
158
15 Solutions
(a) It is enough to show that f is multiplicative. So let m, n be positive integers with (m, n) = 1. By Theorem
7.4, the Euler-phi function φ is multiplicative. Hence
f (mn) =
φ (mn) φ (m)φ (n) φ (m) φ (n)
=
=
= f (m) f (n)
mn
mn
m
n
So f is multiplicative.
(b) We use our formulas for µ and φ . Recall that the divisors of pα are 1, p, p2 , . . . , pα−1 , pα whenever p is a
prime and α ≥ 1. So,
α
p
α
g(p ) = ∑ µ(d) f
d
d|pα
α
= µ(1) f (p ) + µ(p) f pα−1 + µ(p2 ) f pα−2 + · · · + µ(pα−1 ) f (p) + µ(pα ) f (1)
= f (pα ) − f (pα−1 )
φ (pα ) φ (pα−1 )
−
pα
pα−1
pα−1 (p − 1) φ (pα−1 )
−
=
pα
pα−1
p − 1 φ (pα−1 )
=
−
p
pα−1
=
We have to be careful here
φ (pα−1 ) =
 α−2
(p − 1) if α > 1
p
1

So
if α = 1
 p−1

if α > 1
φ (pα−1 )  p
=

pα−1

1 if α = 1
Hence we get
α
g(p ) =

0


if α > 1

 − 1 if α = 1
p
(c) We easily get that
1
φ (1)
g(1) = ∑ µ(d) f
= µ(1) f (1) = µ(1)
=1
d
1
d|1
α
Let n ≥ 2 and n = pα1 1 pα2 2 · · · pk k the prime factorization of n. Since g is multiplicative, we get
α
α
g(n) = g(pα1 1 pα2 2 · · · pk k ) = g(pα1 1 )g(pα2 2 ) · · · g(pk k )
From (b), it follows that g(n) = 0 if αi ≥ 2 for some 1 ≤ i ≤ k. So g(n) = 0 unless αi = 1 for i = 1, 2, . . . , k, in
which case
1
1
1
(−1)k
−
··· −
=
g(n) = g(p1 p2 · · · pk ) = g(p1 )g(p2 ) · · · g(pk ) = −
p1
p2
pk
p1 p2 · · · pk
Hence,
15 Solutions
159
g(n) =















1
if n = 1
0
if n is divisible by a square
(−1)k
if n = p1 p2 · · · pk
p1 p2 · · · pk
Exercise 11.44: Similar to Exercises 11.42 and 11.43.
(a) Since n = 1, 000, 000 = 106 = 26 56 then the divisors of n have the form 2a 5b for a and b between 0 and 6.
We know that µ(d) = 0 whenever a square divides d, thus µ(1) = 1, µ(2) = −1, µ(5) = −1, µ(10) = 1, and
µ(d) = 0 for all the other divisors of n.
(b) Using the Möbius inversion formula, and the values of µ found in part (a), we get
g(n) = ∑ µ(d)G(n/d)
d|n
= µ(1)G(n/1) + µ(2)G(n/2) + µ(5)G(n/5) + µ(10)G(n/10)
= G(n/1) − G(n/2) − G(n/5) + G(n/10)
10
10
10
10
−
−
+
=
n
n/2 n/5 n/10
10
10
10
10
=
− 2 − 5 + 10
n
n
n
n
−5
= 4 · 10 = 0.00004
Exercise 11.45: (a) We plug F(n) = n2 in the Möbius Inversion Formula,
µ(d)
d2
d|n
f (n) = ∑ µ(d)F(n/d) = ∑ µ(d)(n/d)2 = n2 ∑
d|n
d|n
Now note that the divisors of 18 are 1, 2, 3, 6, 9, 18, and that the divisors of 24 are 1, 2, 3, 4, 6, 8, 12, 24. Now
note that 18 and 24 have the same divisors with µ(d) 6= 0, they are 1, 2, 3, 6. It follows that
µ(d)
µ(1) µ(2) µ(3) µ(6)
f (18) = 182 ∑ 2 = 182
+
+
+
d
12
22
32
62
d|18
and
f (24) = 242
Since
µ(d)
∑ d 2 = 242
d|24
µ(1) µ(2) µ(3) µ(6)
+ 2 + 2 + 2
12
2
3
6
−1 −1
1
36 − 9 − 4 + 1 2
µ(1) µ(2) µ(3) µ(6)
+ 2 + 2 + 2 = 1+
+
+
=
=
12
2
3
6
4
9
36
36
3
then
f (18) = 182
2
= 216
3
f (24) = 242
2
= 432
3
Exercise 11.46: Let x be the smallest of the four consecutive integers. Then
µ(x) = µ(x + 1) = µ(x + 2) = µ(x + 3) = 0
So x, x + 1, x + 2 and x + 3 are divisible by a square (not equal to 1 and of course not necessarily the same
square). One way of finding such x is by solving the following system of equations :
160
15 Solutions




x≡0
x+1 ≡ 0
x+2 ≡ 0



x+3 ≡ 0
(mod
(mod
(mod
(mod
22 )
32 )
52 )
72 )
Writing this in standard form, we get

x≡0



x≡8
x ≡ 23



x ≡ 46
(mod 4) (1)
(mod 9) (2)
(mod 25) (3)
(mod 49) (4)
By the Chinese Remainder Theorem, this system of congruences will have a unique solution modulo 4 · 9 · 25 ·
49 = 44100.
From Equation (4), we get that x = 49k + 46 for k ∈ Z. Substituting this in Equation (3), we get
49k + 46 ≡ 23 (mod 25)
Reducing modulo 25, we have
−k ≡ 24k ≡ 2
(mod 25)
Hence k ≡ −2 ≡ 23 (mod 25). So k = 25l + 23 for l ∈ Z. Hence
x = 49k + 46 = 49(25l + 23) + 46 = 1225l + 1173
Substituting in Equation (2), we find
1225l + 1173 ≡ 8 (mod 9)
Reducing modulo 9, we get
l≡5
(mod 9)
So l = 9m + 5 for m ∈ Z and
x = 1225l + 1173 = 1225(9m + 5) + 1173 = 11025m + 7298
Substituting this in Equation (1), we get
11025m + 7298 ≡ 0
(mod 4)
Reducing modulo 4, we find
m≡2
(mod 4)
So m = 4n + 2 for n ∈ Z. Hence
x = 11025m + 7298 = 11025(4n + 2) + 7298 = 44100n + 29348
So x = 29348 is a solution. It follows that the integers 29348, 29349, 29350 and 29351 are four consecutive
zeros of the Möbius function.
Note that this is not the smallest solution. It turns out that 242, 243, 244 and 245 are the first four consecutive
zeros of the Möbius function.
15 Solutions
161
Chapter 12
n
Exercise 12.16: Recall that σ (n) = ∑ d. We re-write the sum and get σ (n) = ∑ . It follows that
d
d|n
d|n
1
d
d|n
=⇒
σ (n) = n ∑
σ (n)
1
=∑
n
d
d|n
Hence, using the relation between σ (n) and 2n we get:
1
- if n is deficient then ∑ < 2.
d
d|n
1
- if n is perfect then ∑ = 2.
d
d|n
1
- if n is abundant then ∑ > 2.
d
d|n
Exercise 12.17: (a) Let n = pk , then
σ (n) = 1 + p + · · · + pk−1 + pk
= 1 + p + · · · + pk−1 + pk
pk − 1
+ pk
p−1
≤ pk − 1 + pk
=
< pk + pk
= 2pk = 2n
So, σ (n) < 2n, and thus n is deficient.
(b) The following infinite sequence contains only deficient numbers
3, 32 , 33 , 34 , · · ·
Exercise 12.19: (a) Since 2k−1 and 2k − 1 are relatively prime, then
σ (n) = σ (2k−1 (2k − 1)) = σ (2k−1 )σ (2k − 1) = (2k − 1)σ (2k − 1)
Since σ (t) = t + 1 if and only if t is prime and 2k − 1 is composite, then
σ (2k − 1) > (2k − 1) + 1 = 2k
So,
σ (n) = (2k − 1)σ (2k − 1) > (2k − 1)2k = 2[2k−1 (2k − 1)] = 2n
(b) Since the Mersenne number Mn is composite whenever n is composite then there are infinitely many
Mersenne numbers that are composite. Hence, by part (a) we obtain infinitely many abundant numbers.
n2 − m2 n2 + m2
,
where d, m, n ∈ N0 , n > m,
Exercise 12.29: (b) We may assume that (x, y, z) = d mn,
2
2
gcd(m, n) = 1 and both m and n are odd.
Assume first that dmn = 15 and thus d|15, which forces d ∈ {1, 3, 5, 15}.
- If d = 15, then we have no solutions because m, n ∈ N and n > m.
162
15 Solutions
- If d = 5, then mn = 3 and thus n = 3 and m = 1. It follows that (a, b, c) = (15, 20, 25).
- If d = 3 then mn = 5 and thus (n, m) = (5, 1). It follows that (a, b, c) = (15, 36, 39).
- If d = 1 then mn = 15 and thus (n, m) = (5, 3) or (n, m) = (15, 1). It follows that (a, b, c) = (15, 8, 17) or
(a, b, c) = (15, 112, 113).
Now assume that d(n2 − m2 ) = 30. But this implies d(n − m)(n + m) = 30, which is impossible as both m and
n are odd.
Finally, assume that d(n2 + m2 ) = 30 and thus d|15, which forces d ∈ {1, 3, 5, 15}. However, taking cases, the
only case that yields a result is d = 3, n = 3, and m = 1. It follows that (a, b, c) = (9, 12, 15).
Since a and b are interchangeable (recall that arbitrarily we had decided that a was odd and b even), then all
the Pythagorean triples with a 15 are:
(15, 20, 25), (15, 36, 39), (15, 8, 17), (15, 112, 113), (9, 12, 15),
(20, 15, 25), (36, 15, 39), (8, 15, 17), (112, 15, 113), (12, 9, 15)
References
1. Chris Caldwell, The Primes Pages,
http://www.utm.edu/research/primes/
2. Ronald Graham, Donald Knuth, and Oren Patashnik, Concrete Mathematics, Addison-Wesley, 1994.
3. History of Number Theory at the School of Mathematics and Statistics, University of St Andrews, Scotland.
http://www-history.mcs.st-andrews.ac.uk/HistTopics/Perfect_numbers.html
4. Donald Knuth The Art of Computer Programming, Vols I and II, Addison-Wesley, 1997.
5. Kenneth A. Rosen, Elementary Number Theory, (Fourth Edition), Addison-Wesley, 2000.
6. Waclaw Sierpinski, A Selection of Problems in the Theory of Numbers, Pergamon Press, 1964.
163
Related documents
Here - UMD MATH
Here - UMD MATH
TEST #2 Directions: Solve five of the following eight problems: three
TEST #2 Directions: Solve five of the following eight problems: three
Name: Math 111 - Midterm 1 Review Problems
Name: Math 111 - Midterm 1 Review Problems
Fall 2016 Midterm
Fall 2016 Midterm
CS 3333 Mathematical Foundations of CS
CS 3333 Mathematical Foundations of CS
REVIEW SENTENCE, FRAGMENT, RUN
REVIEW SENTENCE, FRAGMENT, RUN
Determine the number of odd binomial coefficients in the expansion
Determine the number of odd binomial coefficients in the expansion
Solving Linear Congruence
Solving Linear Congruence
MT 437 – Cryptography Fall 2014
MT 437 – Cryptography Fall 2014
MAS144 – Computational Mathematics and Statistics A (Statistics)
MAS144 – Computational Mathematics and Statistics A (Statistics)
Problem Set 8 The getting is
Problem Set 8 The getting is
Homework 3
Homework 3
[Part 2]
[Part 2]
[Part 2]
[Part 2]
Primality Tests (2pp.)
Primality Tests (2pp.)
Math 4707 Intro to combinatorics and graph theory
Math 4707 Intro to combinatorics and graph theory