Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Chapter Two Number Theory 2.1 INTRODUCTION Number theory is that area of mathematics dealing with the properties of the integers under the ordinary operations of addition, subtraction, multiplication and division. It is one of the oldest and, without dispute, one of the most beautiful branches of mathematics. Its problems and theorems have been studied by mathematicians, both amateur and professional, for well over 2000 years. In a large measure, the subject is characterized by the simplicity with which difficult problems can be stated and the ease with which they can be understood and appreciated by persons without much mathematical background. Thus it should come as no surprise that such problems have attracted the attention of professional mathematicians and amateurs alike. Many of the most basic and interesting problems in number theory involve prime numbers. Here is an example of one such problem: We prove in Section 2.4 that there are infinitely many prime numbers; but Are there infinitely many primes of the form n2 + 1, where n ∈ Z+ ? For instance, the primes 2, 5, and 17 are of this form, since 2 = 12 + 1, 5 = 22 + 1, and 17 = 42 + 1. This question is certainly easy to understand and yet, to this day, no one has determined the answer to it. Another famous problem, one with an intriguing history, is due to the famous French mathematician Pierre de Fermat (1601-1665). To begin our discussion of it, recall from plane geometry the Pythagorean theorem, which says that the side lengths a, b, and c of a right triangle (where c is the length of the hypotenuse) satisfy the relation c2 = a 2 + b 2 Triples (a, b, c) of positive integers that satisfy this relation and are called Pythagorean triples; the smallest and most well-known is (3, 4, 5). Are there infinitely many Pythagorean triples? Well, of course! Once we have one triple (a, b, c) we can get infinitely many others just by taking multiples of it; that is, look at (na, nb, nc) where n is any positive integer. Starting with the triple (3, 4, 5), for instance, we obtain (6, 8, 10), (9, 12, 15), and so on. But multiples of a given triple are not very interesting. So let’s call a Pythagorean triple primitive provided it is not simply a multiple of some smaller triple. We then get a revised, and more interesting, question: Are there infinitely many primitive Pythagorean triples? It turns out that the answer is yes. In fact, Pythagoras himself is credited with the following result. 84 Chapter 2 Number Theory Theorem 2.1 (Pythagoras): If n is an odd integer, n ≥ 3, then (n, n2 − 1 n2 + 1 , ) 2 2 is a primitive Pythagorean triple. Note that Pythagoras’ formula yields the following triples: (3, 4, 5), (5, 12, 13), (7, 24, 25), (9, 40, 41), (11, 60, 61), (13, 84, 85), . . . However, it does not give us all the primitive triples, for example, (8, 15, 17) does not fit Pythagoras’ formula. For more on the problem of finding primitive Pythagorean triples, see Chapter Problems 19 and 20. Are you starting to think like a mathematician yet? Seeing that the equation z 2 = x2 + y2 has infinitely many solutions in the positive integers, it may seem natural to wonder about similar equations of higher degree. What about the equation z 3 = x3 + y3 ? Does this equation have any solutions in the positive integers? That is, are there any triples (a, b, c) of positive integers such that c3 = a3 + b3 ? In general, let d be a positive integer, and consider the equation z d = xd + y d ♥ For d > 2, are there any solutions to equation ♥ in the positive integers? Fermat couldn’t find any; in fact, he claimed, in 1637, to have proved the following assertion. Fermat’s Conjecture: For d > 2, no solutions to equation ♥ exist in the positive integers. Now here’s where the story gets interesting. Fermat had the practice of making notes in his copy of the works of the Greek mathematician Diophantus (circa A.D. 300). He would quite often write down, without proof, a result he had discovered. The preceding conjecture is one of these discoveries. In fact, it is the only one that mathematicians had, until very recently, been unable to prove. Tantalizing us even further, Fermat himself wrote, “For this I have discovered a truly wonderful proof, but the margin is too small to contain it.” Because of this claim the conjecture has been called Fermat’s last theorem, or FLT for short. Many famous mathematicians worked on the Fermat conjecture. Euler, for example, proved the conjecture for the case d = 3. Fermat himself proved it for d = 4 and, in 1825, Legendre and Dirichlet independently proved it for d = 5. More recently, in 1983, Gerd Faltings proved a conjecture of Mordell which implies that, for each d > 2, there are only finitely many (possibly none!) solutions to equation ♥ in the positive integers. But, though many tried, no one was able to prove Fermat’s conjecture — until recently, that is. As is often the case in mathematics, failed attempts to prove the general Fermat conjecture were far from fruitless; they gave rise to a wealth of important mathematics, including a good portion of abstract algebra. Let us now fast-forward to the summer of 1993. A 40-year-old mathematics professor at Princeton University, Andrew Wiles, had just spent the last seven years working alone and in secrecy on the world’s most famous unsolved math problem. Finally, a shout of “Eureka!” In fact, Wiles had managed to prove (he thought) an important special case of a very general conjecture known as 2.1 Introduction 85 the Shimura-Taniyama conjecture, and from this result Fermat’s last theorem follows as a corollary. Wiles decided to unveil his results by giving a series of three lectures in June at a number theory conference at Cambridge University in England. Maintaining suspense to the very end, Wiles gave his lecture series the very general title of “Modular Forms, Elliptic Curves, and Galois Representations.” By the third lecture, many in the audience had guessed what Wiles was up to. When he wrote his main theorem on the blackboard, there was an audible gasp in the room, and when he then wrote that Fermat’s last theorem followed as a corollary, the audience of mathematicians (usually a fairly staid bunch) broke into applause! E-mail messages flashed the news across the world that Wiles had proven FLT. The news even made front page headlines in many newspapers, including the New York Times. But wait, a few skeptics cautioned, shouldn’t the celebration be put on hold until the details of the proof have been checked? Haven’t other people claimed to have proven FLT, only to have errors found in their proofs upon closer examination? Indeed, FLT is generally considered to hold the record for incorrect proofs; in fact, several purported proofs were at first judged to be correct and were actually published in mathematics journals. But following the Cambridge conference, even though no one had as yet read the 200 or so handwritten pages of Wiles’ manuscript, most of the experts believed that Wiles had indeed proven FLT — this based on Wiles’ excellent reputation, the outline of the proof he had given in his series of lectures, and the fact that his approach just seemed “right” to experts in the field. Ever cautious, Wiles initially refused to circulate his manuscript broadly, preferring instead to have a small number of close associates check it. He knew it was inevitable that a number of minor errors would be uncovered — errors that, hopefully, could be fixed easily. Unfortunately, one seemingly small gap turned out to be rather large. In December of 1993, Wiles sent out an e-mail message acknowledging that a gap had been found, but expressing the hope that it could be bridged using the ideas explained in his Cambridge lectures. Fortunately, the story has a happy ending. With the help of a colleague, Richard Taylor, Wiles was able to fix his proof of FLT — as Faltings puts it, Taylor and Wiles did not bridge the gap, but rather circumvented it. A set of two manuscripts, a long one by Wiles alone, and another shorter, joint paper by Taylor and Wiles, were released in late October, 1994. Having been checked already by several leading experts in the field, they were accepted for publication, and the articles appeared in 1995 in the Annals of Mathematics [A. Wiles, Modular elliptic curves and Fermat’s Last Theorem, Ann. Math. 141 (1995), 443–551; R.L. Taylor and A. Wiles, Ring theoretic properties of certain Hecke algebras, Ann. Math. 141 (1995), 553–572]. Thus, for the record, let us formally state Fermat’s last theorem. Fermat’s Last Theorem (A. Wiles and R.L. Taylor, 1995): For any positive integer d > 2, the equation z d = xd + y d has no solution (x, y, z) such that each of x, y, and z is a positive integer. The primary aim of this chapter is to provide some basic information from elementary number theory. This includes a treatment of several number-theoretic algorithms. In addition, we provide additional practice with mathematical induction, which provides an important technique for proving statements about the positive integers. Many of the ideas and results presented in this chapter are used in succeeding chapters of this book, and will be encountered again by the student taking subsequent course work in the mathematical sciences. 86 Chapter 2 Number Theory One of the most basic principles used in mathematics, especially in number theory, is the principle of well-ordering (PWO). This was introduced in Chapter 1, and we restate it now. Principle of Well-ordering: Every nonempty subset of Z+ has a smallest element. It is not possible to prove the principle of well-ordering using the familiar properties satisfied by the integers under addition and multiplication. However, a little thought should convince you of its self-evident nature. Hence, the principle of well-ordering is adopted as an axiom, or basic assumption. To get a better grasp of the principle of well-ordering (or, well-ordering principle), let’s find the smallest element of several nonempty subsets of Z+ . Example 2.1: Find the smallest element of each of these nonempty subsets of Z+ . (a) S1 = {n ∈ Z+ | n is prime} (b) S2 = {n ∈ Z+ | n is a multiple of 7} (c) S3 = {n ∈ Z+ | n = 110 − 17m for some m ∈ Z} (d) S4 = {n ∈ Z+ | n = 12s + 18t for some s, t ∈ Z} Solution: (a) The set S1 is the set of primes, and the smallest prime is 2. (b) The set S2 is the set of positive multiples of 7, and the smallest positive multiple of 7 is 7. (c) Here we must find the smallest positive integer n of the form 110 − 17m, where m is an integer. The number 110 = 110 − 17(0) is of this form and, as m increases, n decreases. In fact, as m takes on the values 0, 1, 2, 3, . . ., the values of n form the sequence 110, 93, 76, 59, . . ., 8, −9, . . . Hence, the smallest element of S3 is 8. The number 8 just happens to be the remainder when 110 is divided by 17. This is more than just a coincidence, as is shown in the next section where the division algorithm is discussed. (d) In this part we are looking for the smallest positive number n of the form 12s + 18t, where s and t are integers. Note that 12s + 18t = 6(2s + 3t); thus, any element of S4 must be a multiple of 6. Moreover, 6 = 12(−1) + 18(1), so that 6 ∈ S4 . This shows that 6 is the smallest element of S4 . The number 6 happens to be the greatest common divisor of 12 and 18, an idea that is explored in Section 2.3. We often make use of the following slight extension of the principle of well-ordering. 87 2.1 Introduction Theorem 2.2: Any nonempty subset of the set {0, 1, 2, 3, . . .} of nonnegative integers has a smallest element. Proof: Let S be an arbitrary nonempty subset of the set of nonnegative integers. We consider two cases, depending on whether or not 0 ∈ S. In the first case, if 0 ∈ S, then clearly 0 is the smallest element of S (because 0 is the smallest nonnegative integer). In the second case, if 0 ∈ / S, then S is a nonempty subset of Z+ . In this case the principle of well-ordering implies that S has a smallest element. In either case, then, S has a smallest element, and this completes the proof. Exercise Set 2.1 1. Plato is credited with the following result: If n is a positive integer, n ≥ 3, then (2n, n2 − 1, n2 + 1) is a Pythagorean triple. (a) Verify this result. (b) Find the Pythagorean triples given by Plato’s formula for n ∈ {3, 4, 5, . . . , 12}. Which of them are primitive? (c) Give a necessary and sufficient condition (on n) for Plato’s formula to yield a primitive Pythagorean triple. (d) In what sense do the formulas of Plato and Pythagoras (Theorem 2.1) complement each other? 2. Using Fermat’s last theorem, show that the equation z 3 = 8x3 + 27y3 has no solution (x, y, z) in the positive integers. 3. Prove Theorem 2.1. 4. In general, a subset T of R is said to be well-ordered provided every nonempty subset of T has a smallest element. Determine whether these subsets of R are well-ordered. (a) ∅ (c) {0} ∪ Q+ (e) {−9, −8, −7, −6, . . .} (b) {−9, −6, −3, 0, 1, 2, 3} (d) 2Z 5. Find the smallest element of each subset of Z+ . (a) A = {n ∈ Z+ | n = m2 − 10m + 28 for some integer m} (b) B = {n ∈ Z+ | n = 5q + 2 for some integer q} (c) C = {n ∈ Z+ | n = −150 − 19m for some integer m} (d) D = {n ∈ Z+ | n = 5s + 8t for some integers s and t} 6. Let T , T1 , and T2 denote arbitrary subsets of R. Referring to the definition given in Exercise 4, prove each of the following: 88 Chapter 2 Number Theory (a) If T is a finite subset of R, then T is well-ordered. (b) If T is well-ordered, then c + T is well-ordered for any real number c. (c) If T is well-ordered, then cT is well-ordered for any nonnegative real number c. (d) If T is a subset of Z and T itself has a smallest element, then T is well-ordered. (e) If T1 ⊆ T2 and T2 is well-ordered, then T1 is well-ordered. 7. Verify that (20, 21, 29) is a primitive Pythagorean triple that results neither from the formula of Pythagoras nor from the formula of Plato. (Is it the smallest Pythagorean triple that is missed by both of these formulas? See Chapter Problem 20.) 2.2 DIVISION ALGORITHM One of the fundamental concepts included in any introduction to number theory is that of factoring integers. In particular, given an integer n > 1, we are interested in expressing n as a product of primes. For example, if n = 132, then n = 2 · 2 · 3 · 11. Is it always possible to do this? Can it, for some n, be done in more than one way? Before these questions can be answered, it is necessary to define and work with certain fundamental terms, like factor and prime. Definition 2.1: Let a and b be integers, with a 6= 0. We say that a divides b, denoted a | b, provided there is an integer q such that b = aq. In this case we also say that a is a factor (or divisor ) of b and we call b a multiple of a. Example 2.2: (a) 2 | 6, since 2 · 3 = 6. (b) −3 | 27, since (−3)(−9) = 27. (c) 12 | (−72), since 12(−6) = −72. (d) 4 does not divide 7, since there is no integer q such that 4q = 7. (e) −8 does not divide 28, since there is no q ∈ Z such that (−8)q = 28. (f) For which integers m is it true that 0 is a multiple of m? In order for m | 0 to hold, there must exist an integer q such that mq = 0. Note that q = 0 works, since m · 0 = 0. Thus, 0 is a multiple of m for every integer m. Now, if m is not zero and m is a factor of the integer n, then n/m is also a factor of n; in fact, n ·m=n m However, this won’t work if m = 0. For this and other technical reasons, we do not allow 0 to be a factor. Note that, for any integer b > 1, both of the numbers 1 and b are positive factors of b. For some positive integers b these are the only positive factors of b. 89 2.2 Division Algorithm Definition 2.2: An integer p > 1 is called a prime number (or, simply, a prime) provided the only positive factors of p are 1 and p. An integer n > 1 that is not prime is called a composite number (or, simply, a composite). Suppose that the integer n is composite. Then n > 1 and n is not prime. This means that n has a factor d such that 1 < d < n. Thus it follows that n = dq, where q is an integer and 1 < q < n. In general, we refer to factors such as d and q as proper factors (or proper divisors) of n, and we call 1 and n the trivial factors (or trivial divisors) of n. Example 2.3: The numbers 2 and 3 are prime, 4 = 2 · 2 is composite, 5 is prime, 6 = 2 · 3 is composite, 7 is prime, 8 = 2 · 4 is composite, and 9 = 3 · 3 is composite. The primes less than 100 are: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97 Primes are discussed further in Section 2.4. Example 2.4: Find the factors of 126. Solution: Note that 126 = 2 · 63 = 3 · 42 = 6 · 21 = 7 · 18 = 9 · 14 so the set of positive factors of 126 is S = {1, 2, 3, 6, 7, 9, 14, 18, 21, 42, 63, 126} Moreover, for any integers a and b (a 6= 0), if a is a factor of b then −a is also a factor of b. It follows that the set of negative factors of 126 is −1S = {−1, −2, −3, −6, −7, −9, −14, −18, −21, −42, −63, −126} A number of basic properties of the relation divides are used in this and subsequent chapters. The next theorem lists several of these properties. Theorem 2.3: The following implications hold for any integers a, b, and c, with a 6= 0: 1. 2. 3. 4. 5. If If If If If a | b, then a | (bx) for any integer x. a | b and b | c, then a | c. (Here, b 6= 0.) a | b and a | c, then a | (bx + cy) for any integers x and y. a | b and b | a, then a = b or a = −b. (Here, b 6= 0.) a | b and b is nonzero, then |a| ≤ |b|. Proof: We give direct proofs of parts 2 and 4 and leave the remaining parts to Exercise 2; the proofs of parts 2 and 4 provide a good illustration of how the remaining parts are proved. 90 Chapter 2 Number Theory For part 2, assume a | b and b | c. Then there exist integers q1 and q2 such that b = aq1 and c = bq2 . It follows (using substitution for b) that c = bq2 = (aq1 )q2 = a(q1 q2 ) Thus, there exists an integer q, namely q = q1 q2 , such that c = aq. Therefore, a | c. For part 4, assume a | b and b | a. Then there exist integers q1 and q2 such that b = aq1 and a = bq2 . Hence, we have that a = bq2 = (aq1 )q2 = a(q1 q2 ) Since a 6= 0, it follows that 1 = q1 q2 and, since q1 and q2 are integers, we have that either q1 = q2 = 1 or q1 = q2 = −1. Hence, a = ±b. Let us emphasize again the meaning of the statement “a is a factor of b.” This means that there is some integer q such that b = aq. You probably remember learning about “long division” in elementary school. In this process, one integer b, called the “dividend,” is divided by another integer a, called the “divisor,” to obtain a “quotient” q and a “remainder” r. For example, when b = 23 is long-divided by a = 7, we obtain a quotient of 3 and a remainder of 2. One then checks this by noting that 23 = 7(3) + 2. However, note that 23 can be expressed in the form 7q + r in other ways; for example, 23 = 7(4) + (−5) = 7(2) + 9. Is it wrong to say that the quotient is 4 and the remainder is −5, or that the quotient is 2 and the remainder is 9? Well, yes it is, because, in long-dividing 23 by 7, one is taught to determine the largest quotient q for which the remainder r is nonnegative. This implies that the remainder must be less than the divisor. In fact, it should be remarked that, among all integer expressions of the form 23 − 7q, one chooses the smallest nonnegative one for the remainder. In general, given integers a and b with a > 0, there exist unique integers q and r such that b = aq + r, where 0 ≤ r < a. Analogous to what is stated above regarding 23 and 7, the remainder r will turn out to be the smallest nonnegative value of the expression b − aq, where q ∈ Z. This property is known as the “division algorithm,” and in this context the integers a, b, q, and r are called the divisor , dividend , quotient, and remainder , respectively. Theorem 2.4 (Division Algorithm): Given integers a and b with a > 0, there exist integers q and r such that b = aq + r and 0 ≤ r < a. Moreover, q and r are uniquely determined by a and b. Proof: Let integers a and b be given with a > 0. We first show that there exist integers q and r such that b = aq + r and 0 ≤ r < a. In order to do this, we apply the extended version of the principle of well-ordering (Theorem 2.2) to the set S = {b − ax | x ∈ Z and b − ax ≥ 0} So S is a set of nonnegative integers. In order to apply Theorem 2.2, we must show that S is nonempty. If b ≥ 0, then b ∈ S, since, letting x = 0, we obtain b = b − a(0). Suppose, on the other hand, that b < 0. Then b − ab ∈ S, since letting x = b yields b − ab = b(1 − a) ≥ 0. Thus, in either case, S is nonempty. Therefore, by Theorem 2.2, S has a smallest element; call it r. Since r ∈ S, there is some x ∈ Z, say x = q, such that r = b − aq. Thus, b = aq + r and, since r ∈ S, we have that r ≥ 0. 91 2.2 Division Algorithm It remains to show that r < a. To do this, we proceed by contradiction and suppose that r ≥ a. Let t = r − a. Then t ≥ 0 and, since a > 0, we have that t < r. Moreover, t = r − a = (b − aq) − a = b − (aq + a) = b − a(q + 1) But this means that t ∈ S (let x = q + 1) and t < r, contradicting the fact that r is the smallest element of S. This completes the proof of the existence of q and r. We next show that the quotient q and the remainder r are uniquely determined by a and b. To show that there is a unique mathematical object with a given property, a standard technique is to suppose that there are two objects with the given property, and then show that the two objects must, in fact, be equal. So, suppose that aq1 + r1 = b = aq2 + r2 , where q1 , r1 , q2 , and r2 are integers and both 0 ≤ r1 < a and 0 ≤ r2 < a. We wish to show that q1 = q2 and r1 = r2 . Assume, without loss of generality, that r1 ≤ r2 ; hence, r2 − r1 ≥ 0. Since aq1 + r1 = aq2 + r2 , we obtain a(q1 − q2 ) = r2 − r1 Thus, a | (r2 − r1 ). Since 0 ≤ r2 − r1 < a, it must be the case that r2 − r1 = 0. Therefore, r2 = r1 . Then, since a(q1 − q2 ) = r2 − r1 = 0 and a 6= 0, we obtain that q1 − q2 = 0, so that q1 = q2 . This completes the proof. The proof of Theorem 2.4 is an “existence proof.” It concentrates on verifying the existence of integers q and r satisfying the properties stated in the theorem, rather than on giving a method for finding q and r. However, the proof implicitly suggests an algorithm for finding q and r from a and b, using only the operations of addition and subtraction. We give an informal description of this algorithm here, leaving further investigation of it to the exercises. If b ≥ 0, then consider the sequence b − a(0), b − a(1), b − a(2), ... of numbers obtained by starting with b and then repeatedly subtracting a. Since a > 0, the numbers in this sequence are eventually negative; r = b − aq is the last nonnegative term in this sequence. On the other hand, if b < 0, then consider the sequence b − a(0), b − a(−1), b − a(−2), ... of numbers obtained by starting with b and then repeatedly adding a. The numbers in this sequence are eventually nonnegative; r = b − aq is the first nonnegative term. (Note in this case that q ≤ 0.) The following corollary to Theorem 2.4 extends the division algorithm to handle the case of a negative divisor. Its proof is left to Exercise 10. Corollary 2.5: Given integers a and b with a 6= 0, there exist uniquely determined integers q and r such that b = aq + r, where 0 ≤ r < |a|. 92 Chapter 2 Number Theory Example 2.5: In the context of Corollary 2.5, find q and r for the given a and b. (a) a = 17, b = 110 (c) a = −11, b = 41 (e) a = 13, b = 7 (b) a = 7, b = −59 (d) a = −5, b = −27 (f) a = −13, b = 7 Solution: (a) Since 110 = 17(6) + 8, we have that q = 6 and r = 8. (b) Since −59 = 7(−9) + 4, we have that q = −9 and r = 4. In this problem it is easy to make the mistake of saying q = −8 and r = −3, since −59 = 7(−8) + (−3). However, remember that any remainder is required to be nonnegative, so r = −3 can’t be right. (c) In this part we find that q = −3 and r = 8. (d) Here we find that q = 6 and r = 3. Parts (e) and (f) are meant to illustrate the following general problem: Given integers a and b with 0 ≤ b < |a|, find q and r. This is actually an easy problem, since b = a(0) + b and b is a valid remainder; see Exercise 24. In part (e), for example, note that 7 = 13(0) + 7 and 0 ≤ 7 < 13 Thus, q = 0 and r = 7. Similarly, in part (f), 7 = (−13)(0) + 7 and 0 ≤ 7 < |−13|. Hence it follows that q = 0 and r = 7. Example 2.6: Show that any integer m is expressible in precisely one of the forms 3q, 3q + 1, or 3q + 2, where q is an integer. Solution: Apply Corollary 2.5 with dividend m and divisor 3 — it states that there exist unique integers q and r such that m = 3q + r, where 0 ≤ r < 3. Hence r = 0, r = 1, or r = 2. Since r is uniquely determined, it follows that m is expressible in precisely one of the forms 3q, 3q + 1, or 3q + 2. Example 2.7: Show that the product of any two consecutive integers is even. Solution: According to the division algorithm (Corollary 2.5), every integer m is uniquely expressible in the form m = 2q + r, where 0 ≤ r < 2. Thus m is expressible in precisely one of the forms 2q or 2q + 1. If m = 2q, we call m an even integer, whereas if m = 2q + 1, we call m an odd integer. Now, consider two arbitrary consecutive integers, n and n + 1, say. We want to show that n(n + 1) is even. This means that we must show that n(n + 1) = 2k for some integer k. We consider two cases, depending on whether n itself is even or odd. In the first case, suppose that n is even, say n = 2q. Then n(n + 1) = 2q(2q + 1) = 2(2q 2 + q) This shows that n(n + 1) is even. (Here, k = 2q 2 + q.) 93 2.2 Division Algorithm In the second case, suppose that n is odd, say n = 2q + 1. Then n(n + 1) = (2q + 1)(2q + 2) = 2(2q + 1)(q + 1) so again n(n + 1) is even. (In this case, k = (2q + 1)(q + 1).) In general, given an arbitrary positive integer n, the division algorithm tells us that every integer is expressible in precisely one of the following forms: nq, nq + 1, nq + 2, . . ., nq + (n − 1) In much of the discussion that follows you need to make use of this idea, so be ready for it. The following example illustrates this point. Example 2.8: Show that the product of any two integers of the form 6k + 5 has the form 6k + 1. Solution: Let m1 and m2 be two integers of the form 6k + 5. This means that m1 = 6k1 + 5 and m2 = 6k2 + 5 for some integers k1 and k2 . Thus, m1 m2 = (6k1 + 5)(6k2 + 5) = 36k1 k2 + 30k1 + 30k2 + 25 = 36k1 k2 + 30k1 + 30k2 + 24 + 1 = 6(6k1 k2 + 5k1 + 5k2 + 4) + 1 Therefore, m1 m2 has the form 6k + 1 (with k = 6k1 k2 + 5k1 + 5k2 + 4), as was to be shown. As already noted, if the division algorithm is applied to an integer m and the divisor 3, then the remainder r is precisely one of the numbers 0, 1, or 2. Define the sets S0 , S1 , and S2 by S0 = {3q | q ∈ Z} = 3Z S1 = {3q + 1 | q ∈ Z} = 1 + 3Z S2 = {3q + 2 | q ∈ Z} = 2 + 3Z Then, for r ∈ {0, 1, 2}, Sr is the set of all those integers m that yield a remainder of r when divided by 3. For instance, 11 = 3 · 3 + 2, so 11 ∈ S2 , whereas −11 = 3(−4) + 1, so −11 ∈ S1 . By the uniqueness of r, each integer m belongs to exactly one of the sets S0 , S1 , or S2 . It follows that: 1. Z = S0 ∪ S1 ∪ S2 ; 2. The sets S0 , S1 , and S2 are pairwise disjoint. Because these two properties hold, we say that {S0 , S1 , S2 } is a “partition” of the set Z. important concept of partition is explored further in Chapter 4. In explicit form, S0 = {. . . − 9, −6, −3, 0, 3, 6, 9, . . .} S1 = {. . . − 8, −5, −2, 1, 4, 7, 10, . . .} The Note that two integers are in the same set Sr if and only if they differ by a multiple of 3. suggests the following general and important result. This S2 = {. . . − 7, −4, −1, 2, 5, 8, 11, . . .} 94 Chapter 2 Number Theory Theorem 2.6: Let m1 , m2 , and n be integers, with n 6= 0, and let the remainders upon division of m1 and m2 by n be r1 and r2 , respectively. Then r1 = r2 if and only if n | (m2 − m1 ) Proof: Let m1 , m2 , and n be integers, with n 6= 0, and let the remainders upon division of m1 and m2 by n be r1 and r2 , respectively. To prove this result, we must prove the two implications: (1) If r1 = r2 , then n | (m2 − m1 ). (2) If n | (m2 − m1 ), then r1 = r2 . According to the division algorithm, m1 = nq1 + r1 and m2 = nq2 + r2 for some integers q1 and q2 . Thus, m2 − m1 = (nq2 + r2 ) − (nq1 + r1 ) = n(q2 − q1 ) + (r2 − r1 ) We first prove (1) directly. Assume r1 = r2 . Then r2 − r1 = 0, and so m2 − m1 = n(q2 − q1 ) which shows that n | (m2 − m1 ). To complete the proof, we must prove implication (2). This is left to Exercise 8. Exercise Set 2.2 1. In the context of Corollary 2.5, find q and r for the given a and b. (b) a = 9, b = −63 (d) a = 6, b = −71 (f) a = −6, b = −39 (a) a = 11, b = 297 (c) a = 8, b = 77 (e) a = −5, b = 35 2. Prove Theorem 2.3, parts 1, 3, and 5. Also, prove part 4 as a corollary to part 5. 3. Let a, b, and c be integers, with a 6= 0. Prove each of these implications: (a) If a | b and a | c, then a2 | (bc). (b) If a | b, then a | (−b) and (−a) | b. 4. Prove that the following implication holds for any integers a, b, c, and d, with a and c nonzero: If a | b and c | d, then (ac) | (bd). 5. Prove each of the following facts: (a) The square of any odd integer is of the form 4k + 1 (for some integer k). (b) The square of any integer is of the form 3k or 3k + 1. 95 2.2 Division Algorithm 6. Let a, b, and c be arbitrary integers with a and c nonzero. Prove: If (ac) | (bc), then a | b. 7. Apply the result of part (a) of Exercise 5 to show that none of the numbers 11, 111, 1111, and 11111 is a perfect square. (Hint: Apply the division algorithm, with a divisor of 4.) Based on the result of this exercise, make a general conjecture regarding numbers of the form 11 · · · 1. 8. Complete the proof of Theorem 2.6. (Hint: Show that r1 − r2 is a multiple of n and that 0 ≤ |r1 − r2 | < n. It follows that r1 − r2 = 0. Why?) 9. Let a, b, and c be arbitrary integers, with a 6= 0. Prove or disprove: If a | (bc), then either a | b or a | c. 10. Prove Corollary 2.5. (Hint: If a < 0, then −a > 0, and we can apply Theorem 2.4 to find integers q and r such that b = (−a)q + r, where 0 ≤ r < −a.) 11. Apply the result of part (b) of Exercise 5 to show that, for any integer m, 3m2 − 1 is not a perfect square. 12. Prove that: (a) The sum of any two even integers is even. (b) The sum of any two odd integers is even. (c) The sum of any even integer and any odd integer is odd. 13. Prove: Given any three consecutive integers, (exactly) one of them is a multiple of 3. (Hint: Denote the three consecutive integers by m, m + 1, m + 2 and use the fact that m is expressible in exactly one of the forms 3q, 3q + 1, or 3q + 2.) 14. Prove that, for any integer m, m3 − m is a multiple of 3. (Hint: Note that m3 − m = m(m2 − 1); if m is not a multiple of 3, what can be said about m2 − 1?) 15. Prove: For any integer m, (exactly) one of the integers m, m + 4, m + 8, m + 12, m + 16 is a multiple of 5. 16. Let m represent an arbitrary integer. Prove: If m has the form 6q + 5 for some integer q, then m has the form 3k + 2 for some integer k. What about the converse of this implication? 17. Prove the following results as corollaries to Theorem 2.3. (a) For any integer m, if m is even, then mx is even for any integer x. (b) For any positive integers m and n, if m | n, then m ≤ n. 18. Other than 2, show that no positive integer of the form n3 + 1 is prime. (Hint: Apply the standard formula for factoring the sum of two cubes.) 19. Let p represent an arbitrary prime. Prove: If p has the form 3q + 1 for some integer q, then p has the form 6k + 1 for some integer k. (Hint: If p has the form 3q + 1, then p must be odd, so what can be said about q?) 20. Prove: If (a, b, c) is a Pythagorean triple, then one of a, b, or c is divisible by 3, one is divisible by 4, and one is divisible by 5. (For example, if a = 5, b = 12, and c = 13, then 3 | b, 4 | b, and 5 | a.) 96 Chapter 2 Number Theory 21. In this exercise, we introduce the div and mod notation. Given integers a and b with a 6= 0, Corollary 2.5 states that there exist uniquely determined integers q and r such that b = aq + r, where 0 ≤ r < |a|. In this context, we define the operators div and mod as follows: b div a = q b mod a = r Find b div a and b mod a for the pairs of integers a and b given in Exercise 1. 22. Given positive integers a and b, explain how to use a standard pocket calculator to compute b div a and b mod a 23. Let m1 and m2 be integers such that m1 div 5 = q1 m1 mod 5 = 2 m2 div 5 = q2 m2 mod 5 = 3 Find: (a) (m1 + m2 ) div 5 (c) (m1 m2 ) div 5 (b) (m1 + m2 ) mod 5 (d) (m1 m2 ) mod 5 24. Given integers a and b with 0 ≤ b < |a|, find b div a and b mod a. 25. Compute each of the following. (a) 47 div 10 (c) 47 div (−10) (e) (−47) div 10 (g) (−47) div (−10) (b) 47 mod 10 (d) 47 mod (−10) (f) (−47) mod 10 (h) (−47) mod (−10) 26. Show, for a > 0, that b div (−a) = −(b div a) and b mod (−a) = b mod a 27. Given that m1 div 7 = q1 , m1 mod 7 = 2, m2 div 7 = q2 , and m2 mod 7 = 6, find: (a) (m1 + 5) div 7 (c) (2m1 ) div 7 (e) (−m2 ) div 7 (g) (m1 + m2 ) div 7 (i) (2m1 + 3m2 ) div 7 (k) (m1 m2 ) div 7 (b) (m1 + 5) mod 7 (d) (2m1 ) mod 7 (f) (−m2 ) mod 7 (h) (m1 + m2 ) mod 7 (j) (2m1 + 3m2 ) mod 7 (l) (m1 m2 ) mod 7 28. Let a and b be positive integers with 1 ≤ a ≤ b. (a) Find and verify a formula for (−b) div a in terms of b div a. (b) Find and verify a formula for (−b) mod a in terms of b mod a. 29. Let a and b be positive integers. (a) What is the smallest possible value for b div a? (b) What is the largest possible value for b div a? 97 2.3 Euclidean Algorithm Given a and b, suppose one guesses a value q 0 for b div a in the range of possible values. Note that, if 0 ≤ b − aq 0 < a, then b div a = q 0 and b mod a = b − aq 0 . However: (c) If b − aq 0 < 0, what does this indicate about the guess q 0 ? (d) If b − aq 0 ≥ a, what does this indicate about the guess q 0 ? 30. Describe (and implement as a computer program) an algorithm that inputs integers a and b with a 6= 0 and outputs b div a and b mod a. Base your algorithm on the results of Exercises 26, 28, and the remarks following the proof of Theorem 2.4. 31. Several computer programming languages, such as Ada and C++, have built in operators to compute b div a and b mod a for integers a and b. However, the results do not always agree with Definition 2.3. If you are familiar with a language that has such operators, write a short program to test them. 2.3 EUCLIDEAN ALGORITHM In this section we define the greatest common divisor of two integers and describe an efficient method for finding it, given the integers. Definition 2.3: Given integers a and b, the integer c 6= 0 is called a common divisor (or common factor ) of a and b provided both c | a and c | b. If a and b are not both zero, then we define the greatest common divisor (or greatest common factor ) of a and b to be the largest common factor of a and b. The greatest common divisor of a and b is denoted by gcd(a, b). Let us make a few observations about gcd(a, b). First, since 1 | a and 1 | b, we have that 1 ≤ gcd(a, b) Second, gcd(b, a) = gcd(a, b) so we may, without loss of generality, assume that |a| ≤ |b|. Third, since gcd(−a, b) = gcd(a, b) = gcd(a, −b) we can assume that 0 ≤ a ≤ b. Finally note that, for b > 0, gcd(0, b) = b = gcd(b, b) Thus, in seeking gcd(a, b), it suffices to consider the case when 1 ≤ a < b; in this case, 1 ≤ gcd(a, b) ≤ a. In particular, this last statement implies that gcd(a, b) exists. 98 Chapter 2 Number Theory Example 2.9: Find: (a) gcd(12, 36) (b) gcd(18, 42) (c) gcd(15, 28) Solution: (a) Note that 12 is a factor of 36; hence gcd(12, 36) = 12. (b) The positive factors of 18 are 1, 2, 3, 6, 9, and 18; of these, only 1, 2, 3, and 6 are factors of 42. Therefore, gcd(18, 42) = 6. (c) The positive factors of 15 are 1, 3, 5, and 15. Of these, only 1 is a factor of 28. Thus, gcd(15, 28) = 1. Generalizing the result of part (a) of the preceding example, note that, for 1 ≤ a < b, gcd(a, b) = a if and only if a | b For 1 ≤ a < b, a simple-minded method for finding d = gcd(a, b) is to search the list of numbers a, a − 1, a − 2, . . ., 2, 1, looking for the largest one that is a common factor of a and b. In the worst case (when gcd(a, b) = 1), this method would take a steps to find d, where each step consists of determining whether a given positive integer is a common factor of a and b. In a number of practical applications (e.g., data encryption) in which gcd(a, b) must be computed, a might be a number on the order of 10100. Even with a fast computer that performs, say, 1010 steps per second, finding gcd(a, b) by this method could take 1090 seconds in the worst case. Since there are less than 108 seconds in a year, this is a very long time — far longer than the estimated age of the universe! Fortunately, there is a much faster method, which goes way back to Euclid (≈ 300 B.C.), and is based on repeated application of the division algorithm. For this method, assume we are given integers a and b with 0 ≤ a < b; we wish to find gcd(a, b). First of all, let’s handle the easy case; namely, if a = 0, then gcd(a, b) = b. To handle the case when a > 0, we make use of the following lemma. Lemma 2.7: For integers a and b with 0 < a ≤ b, let r = b mod a. Then gcd(a, b) = gcd(r, a) Proof: Let d1 = gcd(a, b) and d2 = gcd(r, a) We wish to show that d1 = d2 . We do this by showing that d1 ≤ d2 and d2 ≤ d1 . Let q = b div a. Then b = aq + r. Since b = a(q) + r(1), by Theorem 2.3, part 3, any common factor of a and r is also a factor of b. Hence, d2 is a factor of b, and thus d2 is a common factor of a and b. Therefore, d2 ≤ d1 . (Why?) 99 2.3 Euclidean Algorithm Similarly, since r = b − aq = a(−q) + b(1), any common factor of a and b is also a factor of r. Hence, d1 is a factor of r, and thus d1 is a common factor of a and r. It follows that d1 ≤ d2 . Now consider finding gcd(a, b) when 0 < a ≤ b. By the division algorithm, there exist (unique) integers q and r such that b = aq + r, with 0 ≤ r < a. By Lemma 2.7, we see that gcd(a, b) = gcd(r, a) This observation forms the basis for a procedure known as the Euclidean algorithm. Note that, for a > 0, we replace the problem of finding gcd(a, b) with the problem of finding gcd(r, a). In the sense that r < a and a < b, this new problem constitutes a “reduced form” of the original problem. But, you may ask, How do I now find gcd(r, a)? The answer is, Apply the same reasoning again! That is, if r = 0, then gcd(r, a) = a. Otherwise, let r 0 be the remainder when a is divided by r; then gcd(r, a) = gcd(r 0 , r). The Euclidean algorithm is an example of a recursive algorithm, because it operates by reducing a (nontrivial) instance of a given type of problem to a smaller instance of the same type of problem. Euclidean Algorithm: Given integers a and b with 0 ≤ a ≤ b: 0. If a = 0, then gcd(a, b) = b; 1. Otherwise, let r be the remainder when b is divided by a; then gcd(a, b) = gcd(r, a). Example 2.10: Use the Euclidean algorithm to compute gcd(64, 148). Solution: Since 64 > 0, we apply the division algorithm to 64 and 148, obtaining 148 = 64(2) + 20, namely, a quotient of 2 and a remainder of 20. By step 1 of the algorithm, then, gcd(64, 148) = gcd(20, 64) Next 20 > 0, so now we divide 64 by 20, obtaining a quotient of 3 and a remainder of 4. So, by step 1 of the algorithm, gcd(20, 64) = gcd(4, 20) Still 4 > 0, so we apply the recursive step again. Dividing 20 by 4 yields a quotient of 5 and a remainder of 0, so that gcd(4, 20) = gcd(0, 4) Finally, gcd(0, 4) = 4. Therefore, putting all of the steps together, we see that gcd(64, 148) = gcd(20, 64) = gcd(4, 20) = gcd(0, 4) = 4 It is the repeated application of Lemma 2.7 that indicates the general form of the Euclidean algorithm. Let’s look at this form more carefully. Suppose that a and b are positive integers with a < b. We begin by setting r0 = b and r1 = a. We then successively apply the division algorithm as follows: 100 Chapter 2 Number Theory r0 = r1 q 1 + r2 r1 = r2 q 2 + r3 .. . 0 ≤ r2 < r1 0 ≤ r3 < r2 .. . rk−1= rk qk + rk+1 .. . 0 ≤ rk+1 < rk .. . Consider the values r0 , r1 , r2 , . . ., rk−1 , rk , rk+1 , . . . . In view of the requirement in the division algorithm that any remainder be less than its corresponding divisor, we see that these numbers form a strictly decreasing sequence of integers; namely, that r0 > r1 > r2 > · · · > rk−1 > rk > rk+1 > · · · However, the above sequence of remainders can’t go on forever, because each remainder is nonnegative, and it’s impossible to have an infinite, strictly decreasing sequence of nonnegative integers. Hence, there must be some positive integer n + 1 such that rn+1 = 0, and so the above list of relations can be rewritten as follows: r0 = r1 q 1 + r2 r1 = r2 q 2 + r3 .. . rn−2 = rn−1qn−1 + rn rn−1 = rn qn + rn+1 0 ≤ r2 < r1 0 ≤ r3 < r2 .. . 0 ≤ rn < rn−1 rn+1 = 0 Then we obtain gcd(a, b) = gcd(r2 , a) = gcd(r3 , r2 ) = · · · = gcd(rn+1 , rn) = gcd(0, rn ) = rn It can be shown (see Chapter Problem 30) that the Euclidean algorithm requires not more than 2 log2 a divisions to compute gcd(a, b). For a on the order of 10100, this bound is on the order of 200(log2 10) ≈ 665. So the Euclidean algorithm is very efficient! Given integers a and b, a linear combination of a and b (over Z) is any expression of the form as + bt with s, t ∈ Z. Our next result provides an important characterization of gcd(a, b), showing that it is the smallest positive integer that can be expressed as a linear combination of a and b. The proof of the theorem applies the division algorithm in a strong way, and also makes use of the principle of well-ordering. Theorem 2.8: Let a and b be integers, not both 0. Then gcd(a, b) is the smallest positive integer expressible as a linear combination of a and b. Proof: Consider the set S = {ax + by | x, y ∈ Z and ax + by > 0} If we let x = a and y = b, then ax + by = a2 + b2 > 0 (since not both a and b are zero). Thus, the set S is nonempty. By the principle of well-ordering, S has a smallest element; call it d. So d is the smallest positive integer expressible as a linear combination of a and b, say, d = as + bt, where s, t ∈ Z. To show that d = gcd(a, b), we must verify the following: 101 2.3 Euclidean Algorithm 1. d is a common divisor of a and b; 2. If c is any common divisor of a and b, then c ≤ d. To show 1, we first apply the division algorithm to a and d, obtaining integers q and r such that a = dq + r, with 0 ≤ r < d. To show that d | a, it suffices to show that r = 0. Since d = as + bt, we have that r = a − dq = a − (as + bt)q = a(1 − sq) + b(−tq) where both 1 − sq and −tq are integers. So r is a linear combination of a and b. But r < d, and d is the smallest positive linear combination of a and b, so r can’t be positive. Hence, r = 0, as we wished to show. In a completely analogous way, it can be shown that d | b. Next, to show 2, let c be any common divisor of a and b. If c < 0, then clearly c ≤ d, so we may assume that c > 0. Since c is a common divisor of a and b, it follows from Theorem 2.3, part 3, that c is a divisor of any linear combination of a and b; in particular, c | d. Then, since both c and d are positive, it follows from part 5 of Theorem 2.3 (more directly, from Exercise 17, part (b) of Exercise Set 2.2), that c ≤ d. This completes the proof. So, given integers a and b, not both zero, there exist integers s and t such that gcd(a, b) = as + bt We have an efficient algorithm, namely, the Euclidean algorithm, for finding gcd(a, b). Is there some way to extend this algorithm so that it also finds the integers s and t? Indeed there is, and it is called the extended Euclidean algorithm. We illustrate the general form of the extended Euclidean algorithm by looking at a particular example. In particular, let’s compute d = gcd(141, 486) and find integers s and t such that d = 141s + 486t. Recall that d is the last nonzero remainder obtained in the process of applying the Euclidean algorithm. There is an especially nice way to display the remainders and quotients obtained along the way. In the general case, where 0 < a < b, if rn is the last nonzero remainder, then d = rn , and we can display the results in the following table (recall that r0 = b and r1 = a): b a q1 r2 q2 r3 q3 r4 q4 ··· ··· rn qn 0 It is easy to see how the relations obtained from our successive application of the division algorithm give rise to the entries in this table. Namely, for 0 ≤ k < n, we have the relation rk = rk+1 qk+1 + rk+2 and in the table this information is entered into successive columns as follows: ··· rk ··· rk+1 qk+1 ··· rk+2 ··· In our particular example, with a = 141 and b = 486, you should verify that the following table is obtained: 486 141 3 63 2 15 4 3 5 0 102 Chapter 2 Number Theory Thus, we see that d = gcd(141, 486) = 3. The method for determining the values of s and t such that 3 = 141s + 486t makes use of the above table. The idea is to express each remainder rk , 0 ≤ k ≤ n, as a linear combination of a and b. That is, for each k, 0 ≤ k ≤ n, we wish to find integers sk and tk such that rk = ask + btk Then, when k = n, we obtain the desired relation expressing d as a linear combination of a and b. So the method generates two additional sequences: s0 , s1 , s2 , . . . , sn and t0 , t1 , t2 , . . . , tn . These two sequences are added as rows to the table, so that in general the table looks like this: b a q1 s1 t1 s0 t0 ··· ··· ··· ··· r2 q2 s2 t2 rn qn sn tn 0 To get things started, we need to find values for s0 , t0 , s1 , and t1 such that b = r0 = as0 + bt0 a = r1 = as1 + bt1 That’s easy! Simply let s0 = 0, t0 = 1, s1 = 1, and t1 = 0. It’s also easy to obtain the values of s2 and t2 . By the division algorithm, r2 = b − aq1 = a(−q1 ) + b(1) Hence, s2 = −q1 and t2 = 1. So far, then, our general table looks like this: b 0 1 a q1 1 0 r2 q2 −q1 1 r3 q3 s3 t3 ··· ··· ··· ··· rn qn sn tn 0 In our particular example, when a = 141 and b = 486, we have the following so far: 486 0 1 141 3 1 0 63 2 −3 1 15 4 s3 t3 3 5 s4 t4 0 It is important to understand that each column of this table indicates how to express the remainder in that column as a linear combination of a and b. For example, in the above table, the column corresponding to k = 2 indicates that 63 = 141(−3) + 486(1) 103 2.3 Euclidean Algorithm Next, we need to determine values for s3 and t3 such that 15 = r3 = as3 +bt3 . To do this, we first make use of the division algorithm to express r3 in terms of r1 and r2 . Recall that r1 = r2 q2 + r3 ; hence: 15 = r3 = r1 − r2 q2 = 141 − 63(2) We then use the values already found for s1 , s2 , t1 , and t2 to replace each of r1 and r2 in the above expression by a linear combination of a and b. In the general case, this gives us: r3 = r1 − r2 q2 = (as1 + bt1 ) − (as2 + bt2 )q2 = a(s1 − s2 q2 ) + b(t1 − t2 q2 ) and so we see that s3 = s1 − s2 q2 and t3 = t1 − t2 q2 . In our particular example, we find that r3 = 15 = 141 − 63(2) = 141(1) + 486(0) − 141(−3) + 486(1) (2) = 141(1 − (−3)2) + 486(0 − 1(2)) = 141(7) + 486(−2) Thus, s3 = 7 and t3 = −2. (Check that 15 = 141(7) + 486(−2).) Try to notice a general pattern in the above expressions for s3 and t3 . Can you guess what the expressions for s4 and t4 are? Let’s work it out. Again the division algorithm is the key, because from it we know that r2 = r3 q3 + r4 . Hence, r4 = r2 − r3 q3 = (as2 + bt2 ) − (as3 + bt3 )q3 = a(s2 − s3 q3 ) + b(t2 − t3 q3 ) Thus, s4 = s2 − s3 q3 and t4 = t2 − t3 q3 . In our example, then, we find that s4 = s2 − s3 q3 = −3 − 7(4) = −31 t4 = t2 − t3 q3 = 1 − (−2)(4) = 9 Hence, r4 = 3 = 141(−31) + 486(9). (Check this!) Since d = r4 , our example is complete. summary, our results indicate that d = 3, s = −31, and t = 9, and here is the complete table: 486 0 1 141 3 1 0 63 2 −3 1 15 4 7 −2 3 5 −31 9 In 0 Let us now return to consideration of the extended Euclidean algorithm in the general case. As already noted, the results from an application of the algorithm can be displayed in table form as follows: b s0 t0 a q1 s1 t1 r2 q2 s2 t2 ··· ··· ··· ··· rk−1 qk−1 sk−1 tk−1 rk qk sk tk rk+1 qk+1 sk+1 tk+1 ··· ··· ··· ··· rn qn sn tn 0 Suppose that the above table has been completed through column k, except for the value of qk , and we next wish to find qk and then fill in the values of rk+1 , sk+1 , and tk+1 in column k + 1. If we understand how this is done, then we understand how the extended Euclidean algorithm works in general. Now then, we know how to obtain qk and rk+1 , since these are the quotient and remainder, respectively, obtained by dividing rk−1 by rk . Hence it follows that rk−1 = rk qk + rk+1 , and we 104 Chapter 2 Number Theory use this relation and the values from columns k − 1 and k to find sk+1 and tk+1 . This is done as follows: rk+1 = rk−1 − rk qk = (ask−1 + btk−1 ) − (ask + btk )qk = a(sk−1 − sk qk ) + b(tk−1 − tk qk ) Thus, sk+1 = sk−1 − sk qk and tk+1 = tk−1 − tk qk . In summary, the sequence s0 , s1 , s2 , . . . , sn−1 is defined by s0 = 0 s1 = 1 sk+1 = sk−1 − sk qk , for k = 1, 2, . . . , n − 1 We say that the sequence is defined recursively by the initial values s0 = 0 and s1 = 1 and the recurrence relation (or recurrence formula) sk+1 = sk−1 −sk qk . Similarly, the sequence t0 , t1 , t2 , . . . , tn−1 is defined recursively by the following initial values and recurrence relation: t0 = 1 t1 = 0 tk+1 = tk−1 − tk qk , for k = 1, 2, . . . , n − 1 In words, to obtain the value of s in a given column, multiple the value of s in the preceding column by the quotient in that column, and then subtract this product from the value of s in the column two columns before the given one. Similarly, to obtain the value of t in a given column, multiply the value of t in the preceding column by the quotient in that column, and then subtract this product from the value of t two columns before. Example 2.11: Use the extended Euclidean algorithm to find d = gcd(1407, 3255) and integers s and t such that d = 1407s + 3255t. Solution: First, we successively apply the division algorithm to obtain the first two rows of the table: 3255 1407 2 441 3 84 5 21 4 0 So we see that d = gcd(1407, 3255) = 21. Now we must complete the third and fourth rows of the table using the initial values and recurrence relations for the s and t values. It is recommended that you complete the third row first, and then do the fourth row. Completing the third row, you should get 3255 0 1407 2 1 441 3 −2 84 5 7 441 3 −2 1 84 5 7 −3 21 4 −37 0 21 4 −37 16 0 For example, s = s4 = s2 − s3 q3 = −2 − (7)5 = −2 − 35 = −37. We then do the fourth row; see if you get 3255 0 1 1407 2 1 0 105 2.3 Euclidean Algorithm For instance, t = t4 = t2 − t3 q3 = 1 − (−3)5 = 1 + 15 = 16. Therefore, d = 21, s = −37, and t = 16, and it can be checked that 21 = 1407(−37) + 3255(16) Easy, is it not? And fast, too! A final comment about the extended Euclidean algorithm. When applying the algorithm by hand, some people prefer to generate the table one column at a time. For instance, in the above example, suppose we have completed the table to this point: 3255 0 1 1407 2 1 0 441 −2 1 At the next step, we divide 1407 by 441, obtaining a quotient of 3 and a remainder of 84. We then compute the s and t values in column 3, and the table is updated as follows: 3255 0 1 1407 2 1 0 441 3 −2 1 84 7 −3 The entries in column 3 indicate that 84 = 1407(7) + 3255(−3), and this relation can be checked. In general, if one checks that rk = ask +btk , but, after the next step, one finds that rk+1 6= ask+1 +btk+1 , then one knows that a mistake has just been made. That is, either a mistake has been made in dividing rk−1 by rk , or a mistake has been made in computing the values of sk+1 and tk+1 . One could wait to the end, and simply check that d = as + bt, but if this does not check then one won’t know at what step things went wrong. As stated in Theorem 2.8, if d = gcd(a, b), then d is the smallest positive integer expressible as a linear combination of a and b, namely, as d = as + bt, where s, t ∈ Z. It is important to note, however, that just because some positive integer e is expressible as a linear combination of a and b, this does not necessarily imply that e = gcd(a, b). For example, 10 = 2(11) + 3(−4), but clearly 10 6= gcd(2, 3). There is an exceptional case that deserves special attention, however. Given a, b ∈ Z, suppose that there exist integers x and y such that 1 = ax + by. Then 1 is a linear combination of a and b, and 1 is the smallest positive integer. Therefore, 1 is the smallest positive linear combination of a and b, and so 1 = gcd(a, b). We state this result as a corollary to Theorem 2.8. Corollary 2.9: Let a and b be integers, not both 0. Then gcd(a, b) = 1 if and only if 1 = ax + by for some integers x and y. Definition 2.4: Two positive integers a and b are called relatively prime provided gcd(a, b) = 1. 106 Chapter 2 Number Theory Just because two positive integers a and b are relatively prime, this does not mean, necessarily, that either a or b is a prime number. For example, 10 and 21 are relatively prime, and neither 10 nor 21 is prime. What being relatively prime does mean is that 1 is the only positive common factor of a and b, and so, in particular, a and b have no common prime factors. Conversely, if a and b have no prime factors in common, then a and b are relatively prime. In order to show that two given positive integers a and b are relatively prime, it suffices to find integers x and y such that 1 = ax +by. Of course, one way to find x and y is to employ the extended Euclidean algorithm. Sometimes, however, we can find x and y more directly, perhaps by trial and error. Example 2.12: Show that 5n + 3 and 7n + 4 are relatively prime for any nonnegative integer n. Solution: The trick here is to notice that 1 = (5n + 3)(7) + (7n + 4)(−5) Hence, by Corollary 2.9, it follows that 5n + 3 and 7n + 4 are relatively prime. There are a number of interesting, intriguing, and useful results that involve the concept of relatively prime. We present one of these and two of its corollaries next, with further applications presented in the exercises and chapter problems. Theorem 2.10 (Euclid’s Lemma): Let a, b, and c be positive integers. If a | (bc) and a and b are relatively prime, then a | c. Proof: Assume a | (bc) and a and b are relatively prime. Since a | (bc), there is some integer q such that bc = aq. Since a and b are relatively prime, there exist integers x and y such that 1 = ax + by. Thus, c = c · 1 = c(ax + by) = a(cx) + (bc)y = a(cx) + (aq)y = a(cx + qy) Since cx + qy is an integer, this shows that a | c. Compare Theorem 2.10 with Exercise 9 of Exercise Set 2.2. Corollary 2.11: Let b and c be positive integers and let p be a prime. If p | (bc), then either p | b or p | c. Proof: Assume p | (bc). We know that either p is a factor of b or p is not a factor of b. If p is a factor of b, then the conclusion of the theorem holds and the proof is complete. If p is not a factor of b, then, since the only positive factors of p are 1 and p and p is not a factor of b, we see that p and b are relatively prime. Thus, by Euclid’s lemma, p | c, and so the proof is complete in this case, also. (Alternately, one can give a proof based on the logical equivalence presented in Chapter 1, Problem 5, part (b).) 107 2.3 Euclidean Algorithm The preceding corollary can be extended to the case when a prime p divides a product of any finite number of factors. We state this result as Corollary 2.12, with the proof left to Chapter Problem 29. Corollary 2.12: Let a1 , a2 , . . ., an be positive integers and let p be a prime. If p | (a1 a2 · · · an ), then p | ai for some i, 1 ≤ i ≤ n. Theorem 2.8 characterizes the greatest common divisor of two integers a and b as a special linear combination of a and b. Another very important and useful characterization of gcd(a, b) is presented in the next theorem, whose proof is left to Exercise 2. Some textbooks take the stated condition as the definition of gcd(a, b). Theorem 2.13: Let a and b be integers, not both 0. Then a positive integer d is the greatest common divisor of a and b if and only if d satisfies the following two conditions: 1. d is a common divisor of a and b. 2. If c is any common divisor of a and b, then c | d. Exercise Set 2.3 1. Use the Euclidean algorithm to find gcd(a, b). (a) a = 27, b = 81 (c) a = 1380, b = 3020 (b) a = 120, b = 615 (d) a = 412, b = 936 2. Prove Theorem 2.13. 3. For the a and b given in each part of Exercise 1, apply the extended Euclidean algorithm to find d = gcd(a, b) and integers s and t such that d = as + bt. 4. Let a and b be integers, not both 0. We know that gcd(a, b) can be expressed as a linear combination of a and b. What other integers can be so expressed? Prove: Given an integer e, e is a linear combination of a and b if and only if e is a multiple of gcd(a, b). 5. Suppose the Euclidean algorithm is being applied to find gcd(a, b), and at some step the remainder ri+1 obtained is exactly 1 less than the remainder ri obtained at the previous step. What does this imply? Apply your observation to aid in finding gcd(383, 862). 6. Prove, using Corollary 2.9: For any positive integer n, n and n + 1 are relatively prime. 7. Prove: Any two consecutive odd positive integers are relatively prime. 8. Suppose the Euclidean algorithm is being applied to find gcd(a, b), and at some step we recognize that the remainder ri just obtained is prime. (a) Show that either gcd(a, b) = ri or gcd(a, b) = 1. (b) How can one tell which of the alternative conclusions in part (a) holds? Apply the observations made in parts (a) and (b) to aid in finding: 108 Chapter 2 Number Theory (c) gcd(40, 371) (d) gcd(52, 325) 9. Prove or disprove each of the following assertions about an arbitrary positive integer n. (a) 2n and 4n + 3 are relatively prime. (b) 2n + 1 and 3n + 2 are relatively prime. 10. Let m and n be positive integers. Prove that gcd(m, m + n) | n. 11. Let a and b be integers such that 1 < a < b and a and b are relatively prime. Prove the following assertions: (a) gcd(−a + b, a + b) = 1 or 2 (Hint: Apply Theorem 2.3, part 3.) (b) gcd(2a + b, a + 2b) = 1 or 3 (c) gcd(a + b, ab) = 1 (d) gcd(a2 , b2 ) = 1 12. Prove each of the following assertions about arbitrary positive integers a, b, c, and d. (a) If a | c, b | c, and d = gcd(a, b), then (ab) | (cd). (b) If a | c, b | c, and a and b are relatively prime, then (ab) | c. 13. Let a, b, and d be integers with 0 < d ≤ a ≤ b. Prove: If d is a common divisor of a and b and d can be expressed as a linear combination of a and b, then d = gcd(a, b). 14. Let m and n be positive integers, and let p be a prime such that p is not a factor of m. Show that m and pn are relatively prime. 15. Let a, b, and n be positive integers with n ≤ a and n ≤ b. Prove or disprove: (a) If a mod n = b mod n, then gcd(n, a) = gcd(n, b). (b) If gcd(n, a) = gcd(n, b), then a mod n = b mod n. 16. Implement the Euclidean algorithm as a computer program. (The program is to input integers a and b with 0 ≤ a < b and output d = gcd(a, b).) 17. Let a and b be integers and let n, n1 , and n2 be positive integers such that n = gcd(n1 , n2 ). Prove: If a mod n1 = b mod n1 or a mod n2 = b mod n2 , then a mod n = b mod n. 18. Implement the extended Euclidean algorithm as a computer program. (The program is to input integers a and b with 0 ≤ a < b and output d = gcd(a, b) and integers s and t such that d = as + bt.) 19. Prove or disprove the converse of the implication in Exercise 17. 20. Describe (and implement as a recursive procedure) a recursive form of the extended Euclidean algorithm. 21. In the context of the extended Euclidean algorithm, where rn = gcd(a, b) = asn + btn , define the numbers sn+1 and tn+1 as follows: sn+1 = sn−1 − sn qn and tn+1 = tn−1 − tn qn What is the value of the expression asn + btn ? 22. In the context of the extended Euclidean algorithm, prove the following: (a) sk tk < 0 for 2 ≤ k ≤ n (b) sk sk+1 < 0 for 1 ≤ k < n (c) tk tk+1 < 0 for 2 ≤ k < n 2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 109 2.4 PRIME NUMBERS AND THE FUNDAMENTAL THEOREM OF ARITHMETIC As stated in Section 2.2, one of the basic notions in number theory is that any integer n > 1 may be factored as a product of primes, and that such a factorization is essentially unique. We prove this result in this section, along with several other results concerning prime numbers. We first prove the following lemma. Note: A lemma is a result which is used to prove another (usually more important) result. Lemma 2.14: Every positive integer n > 1 has a prime factor. Proof: Let P (n) represent the statement n has a prime factor When n = 2, we see that 2 is prime and is certainly a factor of itself. So P (2) is true. Suppose it is not the case that P (n) holds for every integer n ≥ 2. Then the set S = {n | n ≥ 2 and P (n) is false} is a nonempty subset of the set of positive integers. It follows by the PWO that S contains a smallest element; denote this by n b. Note that n b must be composite, for otherwise n b would be a prime factor of itself. It follows from this observation and our anchor step that n b > 3. Since b n is composite, it can be factored as n b = n1 n2 , where n1 and n2 are integers and 1 < n1 ≤ n2 < n b. It then follows, since n b is the smallest element of S, that n1 has a prime factor. But since any factor of n1 is also a factor of n b, we have shown that n b has a prime factor. Thus P (b n) is true, a contradiction. It follows that the set S is empty, and therefore P (n) is true for every integer n ≥ 2. Let n be an integer, n > 1. By Lemma 2.14, n has a prime factor, and hence the set of prime factors of n is a nonempty subset of Z+ . It follows from the principle of well-ordering that n has a smallest prime factor; we state this as a corollary to Lemma 2.14. Corollary 2.15: Every integer n > 1 has a smallest prime factor. We are now ready to prove that every integer n > 1 can be (uniquely) factored as a product of primes. This result is so important in number theory that it called the “fundamental theorem” of the subject. Its proof suggests an algorithm (albeit a rather inefficient one) for finding the factorization of a given integer n > 1. Before proceeding to the theorem, let’s illustrate the algorithm with an example. Example 2.13: We repeatedly apply the idea of Corollary 2.15 to factor n1 = 474383 as a product of primes. 110 Chapter 2 Number Theory We begin by finding the smallest prime factor p1 of n1 . Since n1 is odd, we see that 2 is not a factor of n1 . Likewise, it can be checked that neither 3 nor 5 is a factor of n1 . Then checking 7, we find that p1 = 7 is a factor of n1 ; in fact, n1 = 7 · 67769. To complete the factorization at this point, we must factor n2 = 67769 as a product of primes. Again, we apply the idea of Corollary 2.15, namely, we want to find the smallest prime factor p2 of n2 . Now, ask yourself this question: Could p2 be 2 or 3 or 5? Clearly not, because any factor of n2 is also a factor of n1 , and so the smallest prime factor of n2 can’t be smaller than the smallest prime factor of n1 . Hence, p2 ≥ 7. However, it can be checked that 7 is not a factor of n2 . The next prime after 7 is 11, but 11 is also not a factor of n2 . The next prime after 11 is 13, and 13 is a factor of n2 ; in fact, n2 = 13 · 5213. Thus, p2 = 13. At this point we have n1 = 7 · 13 · 5213. Letting n3 = 5213, we next need to find the smallest prime factor p3 of n3 . Checking 13, we find that 13 is a factor of n3 , and so p3 = 13. Also, n3 = 13 · 401. The situation now is that n1 = 7 · 13 · 13 · n4, where n4 = 401; the next task is to find the smallest prime factor p4 of n4 . Checking 13 and the next several primes after 13, we find that√none of 13, 17, and 19 is a factor of 401. The next prime after 19 is 23, but 23 is greater than 401. As a result of this fact, we claim that 401 is itself a prime number! The reason goes as follows. If 401 is not prime, namely, if 401 is composite, then Corollary 2.15 tells us that 401 has a smallest prime factor; call it p. We know from our work above that p ≥ 23, and so 401 = pt, for some t, with 23≤ p ≤ t < 401. But then 401 = p t ≥ 232 = 469 > 401 This is a clear contradiction. Therefore, 401 must be prime, and so p4 = 401. Thus, we have factored n1 = 474383 as a product of primes; namely, 474383 = 7 · 13 · 13 · 401 The reasoning used in the above example to argue that 401 is prime can be generalized to prove the following useful lemma. Lemma√2.16: Let n be an integer, n > 1. If n is composite, then n has a prime factor p such that p ≤ n. Theorem 2.17 (Fundamental Theorem of Arithmetic): Any integer n > 1 can be factored as a product of primes, that is, n can be expressed as n = p1 p2 · · · pm where p1 , p2 , . . ., pm are primes and p1 ≤ p2 ≤ · · · ≤ pm . Furthermore, the above factorization is unique in the sense that, if q1 , q2 , . . ., qm0 are primes with q1 ≤ q2 ≤ · · · ≤ qm0 and n = q1 q2 · · · qm0 , then m = m0 and qi = pi for each i, 1 ≤ i ≤ m. Proof: We first employ the principle of well-ordering to prove the existence part of the result, and then show uniqueness. For n ≥ 2, let P (n) represent the statement n can be expressed as a product of primes 2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 111 Note that, if n is prime, then n is already expressed as a “product” of primes, namely, a product with only one factor, that factor being n. In particular, 2 and 3 are prime, so that P (2) and P (3) are true. Suppose that P (n) is false for some integer n, n > 3. Then the set S = {n | n ≥ 2 and P (n) is false} is a nonempty subset of Z+ . It follows by the PWO that S contains a smallest element; as usual, denote it by n b. It follows from the above remarks that b n is composite. By Corollary 2.15, n b has a smallest prime factor; call it p1 ; then, since n b is composite, n b = p 1 n2 for some integer n2 , 2 ≤ n2 < n b. So, n2 is not in S, and it follows that n2 can be expressed as a product of primes, say n2 = p2 · · · pm , with p2 ≤ · · · ≤ pm . Since p1 is the smallest prime factor of n b, we have that p1 ≤ p2 , and since n b = p1 n2 , we have that n b = p1 p2 · · · pm This shows that P (b n) holds, a contradiction. Therefore, S is empty, and it follows that P (n) holds for every integer n > 1. Next we prove uniqueness. This time, we use the strong form of induction on n; let P (n) be the statement that n is uniquely expressible as a product of primes Clearly, P (2) holds, and so the induction is anchored. Let k represent an arbitrary integer, k ≥ 2, and assume that P (n) holds for every integer n, 2 ≤ n ≤ k; explicitly, the induction hypothesis is that any such n is uniquely expressible as a product of primes. To complete the proof, we must show that P (k+1) holds, namely, that k+1 is uniquely expressible as a product of primes. This is clearly the case if k + 1 is prime, so assume that k + 1 is composite. Suppose that we can factor k + 1 as a product of primes in two ways, say, p1 p2 · · · pm = k + 1 = q1 q2 · · · qm0 where p1 , p2 , . . ., pm , q1 , q2 , . . ., qm0 are primes such that p1 ≤ p2 ≤ · · · ≤ pm and q1 ≤ q2 ≤ · · · ≤ qm0 . Since p1 | (k + 1), we have that p1 | (q1 q2 · · · qm0 ). By the extended form of Euclid’s lemma (Corollary 2.12), pi must be a factor of qj for some j, i ≤ j ≤ m0 . Now qj is prime, and so p1 = qj . Since q1 ≤ qj , we have that q1 ≤ p1 . In a completely analogous manner, beginning with the fact that q1 | (k + 1), we can show that p1 ≤ q1 . Therefore, p1 = q1 . Now let n = (k + 1)/p1 . Since 2 ≤ n ≤ k, it follows from the induction hypothesis that n is uniquely expressible as a product of primes. Hence, it must be that m = m0 and that pi = qi for each i, 2 ≤ i ≤ m. Therefore, P (k + 1) holds and the proof is complete. Suppose now that an integer n > 1 is expressed as a product of primes, say, n = q1 q2 · · · qm , with q1 ≤ q2 ≤ · · · ≤ qm . The primes q1 , q2, . . . , qm need not be distinct, of course; however, we can collect together all equal prime factors and express n in the following form: n = pa1 1 pa2 2 · · · pakk where p1 , p2 , . . ., pk are primes such that p1 < p2 < · · · < pk and each ai is a positive integer. We call this the canonical factorization of n. 112 Chapter 2 Number Theory Example 2.14: Find the canonical factorization of: (a) 474383 (c) 5337423 (b) 4918914 (d) 983 Solution: For part (a), we see from Example 2.21 that the canonical factorization of 474383 is 474383 = 71 · 132 · 4011 For part (b), we proceed as follows: 2 is the smallest prime factor of 4918914 and 4918914 = 2 · 2459457; then 3 is the smallest prime factor of 2459457 and 2459457 = 3 · 819819; then 3 is the smallest prime factor of 819819 and 819819 = 3 · 273273; then again 3 is the smallest prime factor of 273273 and 273273 = 3 · 91091; then 7 is the smallest prime factor of 91091 and 91091 = 7 · 13013; then again 7 is the smallest prime factor of 13013 and 13013 = 7 · 1859; then 11 is the smallest prime factor of 1859 and 1859 = 11 · 169; then 13 is the smallest prime factor of 169 and 169 = 13 · 13. Therefore, the canonical factorization of 4918914 is 4918914 = 21 · 33 · 72 · 111 · 132 For (c), we proceed in a similar manner to find that 5337423 = 32 · 74 · 131 · 191 For part (d), checking the primes up to 31, we find that none is a factor of 983. The next prime after 31 is 37, and 372 > 983. It follows from Lemma 2.20 that 983 is prime, and so the canonical factorization of 983 is 9831 . As an interesting sidelight to the preceding example, consider the problem of finding the canonical factorization of gcd(4918914, 5337423). With this purpose in mind, it is convenient to express these numbers as follows: 4918914 = 21 · 33 · 72 · 111 · 132 · 190 5337423 = 20 · 32 · 74 · 110 · 131 · 191 so that each factorization includes the same primes. Then we have gcd(4918914, 5337423) = gcd(21 · 33 · 72 · 111 · 132 · 190 , 20 · 32 · 74 · 110 · 131 · 191 ) = 20 · 32 · 72 · 110 · 131 · 190 = 32 · 72 · 131 Note that, for each of the primes involved, we take the smaller of the two exponents to determine its contribution to gcd(4918914, 5337423). This procedure can be formulated in general terms without much difficulty (see Chapter Problem 14). It should be mentioned that there are additional applications of canonical factorizations. We next prove that the number of primes is infinite. You are no doubt aware of this fact but perhaps you have never seen a proof. The proof we give, which is credited to Euclid, is considered one of the most elegant in all of mathematics. 2.4 Prime Numbers and the Fundamental Theorem of Arithmetic 113 Theorem 2.18: The number of primes is infinite. Proof: We proceed by contradiction and suppose that the number of primes is finite. Suppose that P = {p1 , p2 , . . . , pn } is the set of all primes. Consider the integer m = 1 + p1 p2 · · · pn . Clearly, m ≥ 2. Moreover, it is easy to verify that, for each i, 1 ≤ i ≤ n, no pi is a factor of m. (In fact, m mod pi = 1.) However, by Corollary 2.15, m has a smallest prime factor; call it q. Then q 6= pi for any i, 1 ≤ i ≤ n, so q ∈ / P . This contradicts the supposition that P is the set of all primes and therefore proves the result. If one looks at a list of primes, say a list of all the primes less than 1000, one is hard-pressed to find any pattern to them. One interesting phenomenon is the occurrence of consecutive odd integers both of which are prime; such as 3 and 5, 5 and 7, 11 and 13, 17 and 19, 29 and 31, 41 and 43, and so on. Such pairs of odd integers are called twin primes, and it is conjectured that there are infinitely many pairs of twin primes. Opposed to the phenomenon of twin primes, it can be shown that, for any positive integer n, there exist n consecutive composite integers; see Exercise 2. Although the primes individually do not follow any definite pattern or formula, we can say something about the number of primes up to n. Let us denote this function by π(n); that is, given a positive integer n, let π(n) denote the number of primes between 1 and n, inclusive. (Note that here the Greek letter π is not denoting the famous constant 3.14159 · · · , but instead is being used to name a function.) The great German mathematician Carl Freidrich Gauss, in 1793, made some calculations concerning π(n), and came up with something like the following table: n 101 102 103 104 105 106 π(n) 4 25 168 1229 9592 78498 dn/ ln ne 5 22 145 1086 8686 72383 Table 2.1 (Here, ln n denotes the natural logarithm of n. Also, we are using the “ceiling notation:” given a real number x, dxe denotes the smallest integer greater than or equal to x. Thus, the notation dn/ ln ne indicates that the value n/ ln n is to be rounded up to the nearest whole number.) It appears from the table that the function dn/ ln ne provides a reasonably good approximation to π(n), in the sense that the relative error |π(n) − dn/ ln ne | π(n) decreases toward 0 as n increases; see Exercise 7. Gauss conjectured that this was indeed the case, and this was proved in 1896, independently, by both J. Hadamard and C.J. de la Vallée-Poussin. This result is known as the prime number theorem. We state it and consider an application, but do not prove the theorem since it requires mathematical knowledge beyond the scope of our discussion. 114 Chapter 2 Number Theory Theorem 2.19 (Prime Number Theorem): The function dn/ ln ne provides an approximation to π(n), and the relative error of this approximation approaches zero as n approaches infinity; that is |π(n) − dn/ ln ne| lim =0 n→∞ π(n) Example 2.15: Consider the following question: If an odd (positive) integer m having k digits is chosen at random, what is the probability that it is prime? In particular, consider the case k = 6. Well, the number of 6-digit odd integers is 106 − 105 = 450000 2 (since 106 −105 is the number of 6-digit integers, and half of them are odd). Also, using information from Table 2.1, we obtain that the number of 6-digit primes is π(106 ) − π(105 ) = 78498 − 9592 = 68906 Thus, the probability that a 6-digit odd integer chosen at random is prime is 68906 out of 450000; mathematically, such a probability is usually expressed as a fraction, decimal, or percentage: 68906 ≈ .1531 ≈ 15.3% 450000 Now consider the case k = 10: What is the probability that a 10-digit odd integer selected at random is prime? Well, the number of 10-digit odd integers is 1010 − 109 = 4500000000 2 And the number of 10-digit primes is π(1010 ) − π(109 ) Table 2.1 does not provide the values for π(109 ) and π(1010 ). However, even though we may not know their exact values, we can approximate these values using the prime number theorem. Doing so, we obtain that the number of 10-digit primes is approximately 1010 109 − = 386039539 ln 1010 ln 109 Thus, the probability that a 10-digit odd integer chosen at random is prime is approximately 386039539 ≈ .0858 ≈ 8.6% 4500000000 115 2.4 Prime Numbers and the Fundamental Theorem of Arithmetic Exercise Set 2.4 1. For each of these integers, find its smallest prime factor. (a) 539 (c) 529 (b) 1575 (d) 1601 2. For any positive integer n, show that there exist n consecutive positive integers each of which is composite. Hint: Consider the numbers 2 + (n + 1)!, 3 + (n + 1)! , ..., n + (n + 1)!, n + 1 + (n + 1)! 3. For each of these integers, find its canonical factorization. (a) 4725 (c) 180625 (b) 9702 (d) 1662405 4. If p is an odd prime, show that: (a) p is of the form 4k + 1 or of the form 4k + 3 (for some nonnegative integer k). (b) p is of the form 6k + 1 or of the form 6k + 5. Give an example of an odd prime p of each of the specified forms: (c) 4k + 1 (e) 6k + 1 (d) 4k + 3 (f) 6k + 5 5. Prove each of the following statements. (a) Any prime of the form 3n + 1 is also of the form 6k + 1. (b) If the positive integer n has the form 3k + 2, then n has a prime factor of this form. (c) The number 5 is the only prime of the form n2 − 4. (d) If p is a prime and p ≥ 5, then p2 + 2 is composite. (Hint: Apply the result of Exercise 4, part (b).) 6. Prove: If p and q are primes with p ≥ q ≥ 5, then 24 | (p2 − q 2 ). 7. Use mathematical induction to prove that the following statement P (n) holds for every n ∈ Z+ : If a1 , a2 , . . . , an are integers with ai mod 3 = 1 for each i, 1 ≤ i ≤ n, then (a1 a2 · · · · · an ) mod 3 = 1. 8. Prove Lemma 2.14. 9. Prove the following implication concerning a positive integer k: If 2k − 1 is prime, then k is prime. (See also Exercise 6, part (c), of Exercise Set 1.1.) 10. Prove: If p, p + 2, and p + 4 are all (odd) primes, then p = 3. (Thus, 3, 5, and 7 are the only three consecutive odd primes; i.e., (3, 5, 7) is the only prime triplet.) 11. Given that π(107 ) = 664579, π(108 ) = 5761455, and π(109 ) = 50847534, add three rows to Table 2.1. (See Exercise 13.) 12. As regards the proof of Theorem 2.18, define an infinite sequence (p1 , p2 , p3 , . . .) of primes recursively as follows: p1 = 2; For n ≥ 2, pn = the smallest prime factor of 1 + n−1 Y k=1 pk 116 Chapter 2 Number Theory (a) Find p2 , p3 , p4 , p5 , p6 , p7 , and p8 . (b) Show that (p1 , p2 , p3, . . .) is an infinite sequence of distinct primes. 13. For a given positive integer n, when p(n) = dn/ ln ne is used to approximate π(n), the (absolute) error in the approximation is |π(n) − p(n)|, and the relative error in the approximation is |π(n) − p(n)|/π(n). Complete Table 2.2. The prime number theorem says that the relative error approaches zero as n gets larger and larger. Based on the data in this table, what appears to happen to the error as n gets larger and larger? n 101 102 103 104 105 106 107 108 109 π(n) 4 25 168 1229 9592 78498 664579 5761455 50847334 dn/ ln ne 5 22 145 1086 8686 72383 error relative error Table 2.2 14. A method of finding all the primes up to some given positive integer n is known as the “sieve of Eratosthenes.” Start with a list of the integers from 2 to n. The first number on the list, 2, is prime; output 2 and then delete all multiples of 2 from the list. The first number on the new list, 3, is prime; output 3 and then delete all multiples of 3 from the list. Continue this process until only prime numbers remain on the list, then output these. Implement the sieve of Eratosthenes as a program that inputs n and outputs all the primes≤ n. 15. Given that π(109 ) = 50847334 and π(1010 ) = 455052512, find the probability that a 10-digit odd integer chosen at random is prime. Compare this with the approximate value found in Example 2.23. 16. Design, and implement as a program, an algorithm that inputs a positive integer n and outputs the first n primes. 17. Use the ideas in Example 2.15 to approximate the probability that a 50-digit odd integer chosen at random is prime. 18. Design, and implement as a program, an algorithm that inputs a positive integer n ≥ 2 and outputs: (a) the smallest prime factor of n (b) the canonical factorization of n 19. Let π 0 (k) denote the number of k-digit primes (where k represents a positive integer). (a) Use the prime number theorem to develop an approximation p0 (k) for π 0 (k). (b) Make a table, similar to Table 2.2, showing π 0 (k), p0 (k), the error, and the relative error for 1 ≤ k ≤ 9. (c) Does the error in using p0 (k) to approximate π 0 (k) appear to approach zero as k gets larger and larger? What about the relative error? 117 2.5 Modular Addition and Multiplication 20. Execute the program of Exercise 18, part (a), for the following prime values of n. Measure the runtime of the program in each case. How does the runtime vary with the size (number of digits ) of n? Try to answer this question as precisely as possible. (a) 7 (b) 97 (c) 997 (d) 9973 (e) 99991 21. How would you choose, at random, an odd positive integer m having k digits? 22. Prove Theorem 2.18 by using mathematical induction to prove that there exist at least n primes for any positive integer n. 2.5 MODULAR ADDITION AND MULTIPLICATION When an integer m is divided by the positive integer n, a remainder r is obtained satisfying 0 ≤ r ≤ n − 1; that is, m mod n ∈ {0, 1, 2, . . . , n − 1}. This set of possible remainders upon division by n is denoted by Zn and is called the set of integers modulo n. In this section we want to define operations of addition and multiplication on Zn and determine what properties are satisfied by these operations. The resulting algebraic structure is extremely important and useful in a number of mathematical disciplines, including algebra, number theory, combinatorics, and computer science. To begin and focus our discussion, let us recall some of the properties that are satisfied by the real numbers under the operations of addition and multiplication. Theorem 2.20: The operations of addition and multiplication on R satisfy the following properties: 1. The associative laws: For any x1 , x2 , x3 ∈ R, (a) (x1 + x2 ) + x3 = x1 + (x2 + x3 ) (b) (x1 · x2 ) · x3 = x1 · (x2 · x3 ) 2. The commutative laws: For any x1 , x2 ∈ R, (a) x1 + x2 = x2 + x1 (b) x1 · x2 = x2 · x1 3. The distributive laws: For any x1 , x2 , x3 ∈ R, (a) x1 · (x2 + x3 ) = (x1 · x2 ) + (x1 · x3 ) (b) (x1 + x2 ) · x3 = (x1 · x3 ) + (x2 · x3 ) 4. The number 0 is the additive identity; that is, 0 + x = x + 0 = x for any x ∈ R. 5. The number 1 is the multiplicative identity; that is, 1 · x = x · 1 = x for any x ∈ R. 6. For every number x ∈ R, there is a number y ∈ R such that x + y = 0; y is called the (additive) inverse of x. Note that the inverse of x is −x. 7. For every number x ∈ R, except 0, there is a number y ∈ R such that xy = 1; y is called the reciprocal (or multiplicative inverse) of x. Note that the reciprocal of x is x−1 = 1/x. 118 Chapter 2 Number Theory Because it has the properties listed in Theorem 2.20, we call the algebraic structure (R, +, ·) (the real numbers under addition and multiplication) a field . In particular, (R, +, ·) is called the field of real numbers. Recall that the set of rational numbers is a subset of the set of real numbers; that is, Q ⊆ R. Furthermore, for x, y ∈ Q, we have x + y ∈ Q and xy ∈ Q. Thus, we can consider the algebraic structure (Q, +, ·). Immediately we see that the associative, commutative, and distributive laws hold; in fact, these are inherited from (R, +, ·). Since 0 and 1 are rational, 0 and 1 are the additive and multiplicative identities of (Q, +, ·), respectively. Also, x ∈ Q has inverse −x ∈ Q, and the reciprocal of x is 1/x ∈ Q, provided x 6= 0. Therefore, (Q, +, ·) is also a field; it is called the field of rational numbers. Since Q ⊆ R, we say that (Q, +, ·) is a subfield of (R, +, ·), and that (R, +, ·) is an extension field of (Q, +, ·). In general, if (F, +, ·) and (E, +, ·) are fields and F ⊆ E, then (F, +, ·) is a subfield of (E, +, ·) and (E, +, ·) is an extension field of (F, +, ·). In particular, any field is a subfield and an extension field of itself. It also makes sense to consider the algebraic structure (Z, +, ·); however, this is not a field. Note that it satisfies all the properties listed in Theorem 2.20 except property 7; for example, the reciprocal of 2 is 1/2, but 1/2 is not an integer. The fields discussed above are infinite fields because the sets Q and R are infinite. The set Zn is finite, of course, and the algebraic structure (Zn , +, ·) we are about to describe is a field if and only if n is prime. Moreover, when p is prime, (Zp , +, ·) can be used to construct fields with cardinalities p2 , p3 , p4 , and so on. Having a catalog of such finite fields turns out to be useful for a variety of applications, particularly in the area of combinatorial designs. We now define operations of addition and multiplication on Zn = {0, 1, 2, . . . , n − 1}. Initially, so as not to confuse these operations with the standard operations of addition and multiplication on Z, we will denote the addition operation on Zn by ⊕ (this symbol is called “oplus”) and the multiplication operation on Zn by (called “odot”). So then, for x, y ∈ Zn , we define: x ⊕ y = (x + y) mod n x y = (xy) mod n It is clear that (x + y) mod n ∈ Zn and (xy) mod n ∈ Zn , since x + y and xy are integers. So ⊕ and are valid (binary) operations on Zn . For x, y ∈ Zn , it is sometimes convenient to present the values of x⊕y and xy by giving addition and multiplication tables; these are like the familiar tables we all used in elementary school. For instance, the addition and multiplication tables for (Z5 , ⊕, ) are shown in Tables 2.3 (a) and (b). Note, for example, that 3⊕4 = (3+4) mod 5 = 7 mod 5 = 2, and 24 = (2·4) mod 5 = 8 mod 5 = 3. (a) ⊕ 0 1 2 3 4 0 0 1 2 3 4 1 1 2 3 4 0 2 2 3 4 0 1 3 3 4 0 1 2 4 4 0 1 2 3 (b) 0 1 2 3 4 0 0 0 0 0 0 1 0 1 2 3 4 2 0 2 4 1 3 3 0 3 1 4 2 4 0 4 3 2 1 Tables 2.3 Addition and multiplication tables for (Z5 , ⊕, ) Now, let’s see what properties are satisfied by these operations on Zn . Note that x ⊕ y = (x + y) mod n = (y + x) mod n = y ⊕ x 119 2.5 Modular Addition and Multiplication and x y = (xy) mod n = (yx) mod n = y x so that both ⊕ and are commutative. To prove that the associative and distributive laws hold, we need the following lemma. Lemma 2.21: Let n ∈ Z+ and let m1 , m2 ∈ Z. Then: 1. (m1 + m2 ) mod n = (m1 mod n) + (m2 mod n) mod n 2. (m1 m2 ) mod n = (m1 mod n)(m2 mod n) mod n Proof: Let m1 div n = q1 , m1 mod n = r1 , m2 div n = q2 , m2 mod n = r2 Then m1 = nq1 + r1 and m2 = nq2 + r2 Thus, m1 + m2 = (nq1 + r1 ) + (nq2 + r2 ) = n(q1 + q2 ) + (r1 + r2 ) and m1 m2 = (nq1 + r1 )(nq2 + r2 ) = n(nq1 q2 + q1 r2 + r1 q2 ) + r1 r2 Hence, (m1 + m2 ) − (r1 + r2 ) = n(q1 + q2 ) and m1 m2 − r1 r2 = n(nq1 q2 + q1 r2 + r1 q2 ) In other words, both (m1 + m2 ) − (r1 + r2 ) and m1 m2 − r1 r2 are multiples of n. It follows from Theorem 2.6 that (m1 + m2 ) mod n = (r1 + r2 ) mod n and (m1 m2 ) mod n = (r1 r2 ) mod n which proves the lemma. Lemma 2.21 is important in its own right. Before proceeding, we illustrate a few of its applications. Example 2.16: Apply Lemma 2.21 to find: (a) (2045 + 2761) mod 13 (b) (2045 · 2761) mod 13 Solution: For part (a), we apply Lemma 2.21, part 1, as follows: (2045 + 2761) mod 13 = (2045 mod 13) + (2761 mod 13) mod 13 = (4 + 5) mod 13 = 9 mod 13 = 9 120 Chapter 2 Number Theory And for part (b), we apply Lemma 2.21, part 2: (2045 · 2761) mod 13 = (2045 mod 13) · (2761 mod 13) mod 13 = (4 · 5) mod 13 = 20 mod 13 = 7 Example 2.17: Apply Lemma 2.21 to show that m2 mod 5 ∈ {0, 1, 4} for any integer m. Solution: By Lemma 2.21, part 2, we have that m2 mod 5 = (m mod 5)2 mod 5 Now, whereas there are infinitely many possible values for m, there are only 5 possible values for m mod 5, namely, 0, 1, 2, 3, and 4. Checking these, we find that 02 mod 5 = 0, 12 mod 5 = 1, 22 mod 5 = 4, 32 mod 5 = 4, 42 mod 5 = 1 which verifies the result. Now we move on to prove that ⊕ and are associative. Let x, y, z ∈ Zn ; then (x ⊕ y) ⊕ z = (x + y) mod n ⊕ z = ( (x + y) mod n + z) mod n = (x + y) + z mod n by Lemma 2.21, part 1 = x + (y + z) mod n = (x + (y + z) mod n ) mod n again by Lemma 2.21, part 1 = x ⊕ (y + z) mod n = x ⊕ (y ⊕ z) This shows that ⊕is associative. Next, (x y) z = (xy) mod n z = ( (xy) mod n z) mod n = (xy)z mod n = x(yz) mod n = (x (yz) mod n ) mod n = x (yz) mod n = x (y z) which shows that is associative. by Lemma 2.21, part 2 again by Lemma 2.21, part 2 121 2.5 Modular Addition and Multiplication Next, to verify the distributive laws — for x, y, z ∈ Zn : x (y ⊕ z) = x (y + z) mod n = (x (y + z) mod n ) mod n = x(y + z) mod n = (xy + xz) mod n = ( (xy) mod n + (xz) mod n ) mod n = ( x y + x z ) mod n = (x y) ⊕ (x z) This verifies one of the distributive laws, and the other follows from this one and commutativity: (x ⊕ y) z = z (x ⊕ y) = (z x) ⊕ (z y) = (x z) ⊕ (y z) Next we observe that the following three properties hold for any x ∈ Zn : x ⊕ 0 = (x + 0) mod n = x mod n = x x 1 = (x · 1) mod n = x mod n = x x ⊕ (−x mod n) = (x + ( − x)) mod n = 0 mod n = 0 It follows that 0 is the additive identity, 1 is the multiplicative identity, and the inverse of x is −x mod n. For x ∈ Z∗n = Zn − {0}, note that −x mod n = n − x At this point we have shown that (Zn , ⊕, ) has all the properties of a field, with the possible exception of the existence of reciprocals for elements of Z∗n . This brings us to the following important result. Theorem 2.22: Let x and n be integers with 1 ≤ x < n. Then x has a reciprocal in Zn if and only if gcd(x, n) = 1. Proof: We prove sufficiency and leave the proof of necessity to Exercise 4. Assume gcd(x, n) = 1. Then there exist integers s and t such that 1 = xs + nt Thus, 1 − xs = nt, and it follows from Theorem 2.6 that (xs) mod n = 1 mod n = 1. Therefore, s mod n is the reciprocal of x in Zn . Corollary 2.23: For n ∈ Z+ with n ≥ 2, (Zn , ⊕, ) is a field if and only if n is prime. Proof: For sufficiency, note that, if n is prime, then gcd(x, n) = 1 for every x, 1 ≤ x < n. It follows from Theorem 2.22 that every such x has a reciprocal in Zn , and thus (Zn , ⊕, ) is a field. 122 Chapter 2 Number Theory To prove necessity, assume n is composite. Then n = ab for some integers a and b with 1 < a ≤ b < n. Hence, gcd(a, n) = a, and by Theorem 2.22, a does not have a reciprocal in Zn . Therefore, (Zn , ⊕, ) is not a field. Thus, we have an example of a finite field with p elements when p is prime, namely, (Zp , ⊕, ). Having considered the properties satisfied by the operations of ⊕ and on Zn , it becomes cumbersome at this point to continue to use the special symbols ⊕ and to denote these operations. Henceforth, unless stated otherwise, we agree to denote the addition and multiplication operations in Zn (and in any field F ) by the familiar + and ·. For x ∈ Zn (and for x in any field F ), the (additive) inverse of x is denoted by −x and the reciprocal (multiplicative inverse) of x (if it exists) is denoted by x−1 . (We should remark that the inverse of x is unique, as is the reciprocal of x, if it exists; see Exercise 2.) Example 2.18: Find each of the following elements in the field (Z23 , +, ·). (b) 10 · 17 (d) −17 (f) 17−1 (a) 10 + 17 (c) −10 (the inverse of 10) (e) 10−1 (the reciprocal of 10) Solution: (a) Here, 10 + 17 = (10 + 17) mod 23 = 27 mod 23 = 4. (b) Here, 10 · 17 = (10 · 17) mod 23 = 170 mod 23 = 9. For parts (c) and (d) we use the fact that the inverse of x 6= 0 in Zn is n − x. Hence, −10 = 23 − 10 = 13 − 17 = 23 − 17 = 6 and For part (e), we might observe that 10 · 7 = 70 mod 23 = 1 so that 10−1 = 7. Instead, let’s use the more systematic approach suggested by the proof of Theorem 2.22. We apply the extended Euclidean algorithm to find integers s and t such that 1 = 10s + 23t; then 10−1 = s mod 23: r q s 23 0 10 2 1 3 3 −2 1 3 7 0 Thus, 10−1 = 7 mod 23 = 7. Part (f) is handled in a similar fashion. Applying the extended Euclidean algorithm we obtain: r q s 23 0 17 1 1 6 2 −1 5 1 3 1 5 −4 0 123 2.5 Modular Addition and Multiplication Thus, 17−1 = (−4) mod 23 = 19. (Check: 17 · 19 = 323 mod 23 = 1.) Example 2.19: For x ∈ Zn , note again the following facts: x+0 = 0+x= x x·0 = 0·x =0 x·1 = 1·x =x This, and the fact that 1 + 1 = 0, tells us everything about the addition and multiplication in the field (Z2 , +, ·), because Z2 = {0, 1}. For the field (Z3 , +, ·), we have the following additional results: 1 + 1 = 2, 1 + 2 = 2 + 1 = 0, 2·2 = 1 2 + 2 = 1, The addition and multiplication tables for (Z4 , +, ·) are shown in Tables 2.4 (a) and (b). Because of the facts stated above, we have reduced these tables somewhat by excluding 0 (as an operand) from the addition table and by excluding both 0 and 1 from the multiplication table. We know from Corollary 2.23 that (Z4 , +, ·) is not a field because 4 is not prime. In particular, we see from Table 2.4(b) that 2 does not have a reciprocal. (a) + 1 2 3 1 2 3 0 2 3 0 1 3 0 1 2 (b) · 2 3 2 0 2 3 2 1 Tables 2.4 Addition and multiplication tables for (Z4 , +, ·) In Zn , we have −0 = 0 and 1−1 = 1 Moreover, −(−x) = x and, when gcd(x, n) = 1, (x−1 )−1 = x Thus, in Z3 for example, once we have determined that −1 = 2, then it follows immediately that −2 = 1. Also, 2−1 = 2 in Z3 . In Z5 , the operation tables (Tables 2.3) show us that −1 = 4, −2 = 3, 2−1 = 3, and 4−1 = 4. In stating that 2−1 = 3, we are also implicitly stating that 3−1 = 2. If a finite field F has n elements, then we say that F has order n. For what values of n does there exist a finite field of order n? This question is answered by the next theorem. Theorem 2.24: There exists a finite field of order n if and only if n = pk for some prime p and some positive integer k. 124 Chapter 2 Number Theory When k = 1 in Theorem 2.24, we already have an example of a field of order p, namely, (Zp , +, ·). It is beyond the scope of this text to discuss the general method used to construct a field of order n = pk when p is prime and k is a positive integer, k ≥ 2. However, we do consider a few specific cases in the exercises and chapter problems. For example, Theorem 2.24 tells us that there is a field of order 4, and Corollary 2.23 tells us that this field is not (Z4 , +, ·). A field of order 4 is presented in Exercise 13. For x ∈ Zn (and for x in any field F ), multiples and powers of x are defined in the usual way. Multiples of x are defined recursively, for m ∈ Z+ , as follows: 1. 0x = 0 2. mx = x + (m − 1)x 3. − m(x) = −(mx) Thus, for example, 2x = x + x, 3x = x + 2x = x + x + x, and −2(x) = −(2x) = −(x + x). Powers of x are defined recursively, for m ∈ Z+ , as follows: 1. x0 = 1 2. xm = x · xm−1 3. x−m = (xm )−1 (Note: Rule 3 is valid only if (xm )−1 exists.) We call the power to which x is being raised an exponent, as usual. Thus, for example, x2 = x · x, x3 = x · x2 = x · x · x, and x−2 = (x2 )−1 . Multiples and exponents obey the usual properties; in particular, given x ∈ Zn and m1 , m2 ∈ Z, we have that: (m1 x) + (m2 x) = (m1 + m2 ) and m1 (m2 x) = (m1 m2 )x xm1 · xm2 = xm1 +m2 and (xm1 )m2 = xm1 m2 (See Exercises 12 and 16.) Example 2.20: Find each of the following elements in (Z13 , +, ·): (a) 4(7) (c) 743 (b) −3(7) (d) 7−43 Solution: For parts (a) and (b) we have the following: 4(7) = 7 + 7 + 7 + 7 = 28 mod 13 = 2 −3(7) = −(7 + 7 + 7) = −(21 mod 13) = −8 = 5 For part (c) the trick is to apply Lemma 2.21. In fact, there is a particularly effective and efficient method for computing powers modulo n called repeated squaring. We illustrate this method for the problem of part (c). We start by expressing the exponent, 43 in this case, as a sum of powers of 2; here, 43 = 1 + 2 + 8 + 32. Then, as an element of Z13 , 743 = 71+2+8+32 = 71 · 72 · 78 · 732 125 2.5 Modular Addition and Multiplication Hence, to complete the calculation, we need to compute the elements 71 , 72 , 78 , and 732 . Actually, what we do is compute the list of values (71 , 72 , 74 , 78, 716 , 732). This is where the “repeated squaring” comes in, because 72 = (71 )2 , 74 = (72 )2 , 78 = (74 )2 , 716 = (78 )2 , 732 = (716 )2 that is, each number on this list of values, after the first value, is the square of the preceding value. Using this idea we obtain the following values (remember that we are performing all operations in Z13 ): 71 = 7 72 = 49 mod 13 = 10 74 = 102 = 100 mod 13 = 9 78 = 92 = 81 mod 13 = 3 716 = 32 = 9 732 = 92 = 3 Thus, 743 = 71+2+8+32 = 71 · 72 · 78 · 732 = 7 · 10 · 3 · 3 = 7 · 10 · 9 = 7 · 12 =6 For part (d) then, we have 7−43 = (743 )−1 = 6−1 = 11 (Note that 6−1 = 11, since 6 · 11 = 66 mod 13 = 1.) Exercise Set 2.5 1. Consider (Z6 , +, ·). (a) Give the addition table for Z6 . (b) Find the inverse of each element. (c) Give the multiplication table for Z6 . (d) Find the reciprocal of each element that has one. 2. For (Zn , +, ·), prove that: (a) The inverse of any element x is unique. (b) For any element x, if x has a reciprocal, then it has a unique reciprocal. (Recall that, to show that something (which is known to exist) is unique, assume that there are two of them, say x0 and x00 , and show that x0 = x00 .) 3. Consider the field (Z7 , +, ·). 126 Chapter 2 Number Theory (a) Give the addition table for Z7 . (b) Find the inverse of each element. (c) Give the multiplication table for Z7 . (d) Find the reciprocal of each nonzero element. 4. Consider (Zn , +, ·), n ≥ 2 and let x ∈ Zn . Complete the proof of Theorem 2.22 by showing that, if x has a reciprocal y in Zn , then gcd(x, n) = 1. (Hint: Let d = gcd(x, n), and let q1 = x div d and q2 = n div d; then q2 mod n = 1 q2 = (y x) q2 = · · · = 0. It follows that q2 = n, and hence that d = 1.) 5. Apply Lemma 2.21 to find: (a) (2054 + 2761) mod 17 (b) (2054 · 2761) mod 17 6. Apply Lemma 2.21 to show that m3 mod 7 ∈ {0, 1, 6} for any integer m. 7. Find each of the following elements in the field (Z31 , +, ·): (a) 7 + 27 (c) −7 (e) 7−1 (b) 7 · 27 (d) −27 (f) 27−1 8. Let m be an integer. (a) Show that no integer of the form m2 + 1 is a multiple of 7. (b) Find the two possible values for m mod 13 given that m2 + 1 is a multiple of 13. 9. Find each of the following elements in the field (Z53 , +, ·): (a) 14 + 20 (c) −14 (e) 14−1 (b) 14 · 20 (d) −20 (f) 20−1 10. For (Zn , +, ·), prove directly from the definitions of the operations that: (a) (−x)2 = x2 for any element x (b) (−x)3 = −(x3 ) for any element x 11. In the field (Z11 , +, ·): (a) Find 445 using the fact that 445 = ((43 )3 )5 . (b) Find 445 using repeated squaring. (c) Find 523 using repeated squaring. 12. Prove that the following two properties of multiples hold in (Zn , +, ·), where x ∈ Zn and m1 , m2 ∈ Z: (a) (m1 x) + (m2 x) = (m1 + m2 )x (b) m1 (m2 x) = (m1 m2 )x 127 2.5 Modular Addition and Multiplication (Hint: First use induction on m1 to prove that the property holds for all m1 ≥ 0; then prove that the property holds for m1 < 0.) 13. We can construct a field of order 4 by defining operations of addition and multiplication on Z2 × Z2 so that the properties of a field are satisfied. Consider the operations of addition and multiplication (denoted, as usual, by + and ·, respectively) defined by the following operation tables: + (0, 0) (0, 1) (1, 0) (1, 1) (0, 0) (0, 0) (0, 1) (1, 0) (1, 1) (0, 1) (0, 1) (0, 0) (1, 1) (1, 0) (1, 0) (1, 0) (1, 1) (0, 0) (0, 1) (1, 1) (1, 1) (1, 0) (0, 1) (0, 0) · (0, 0) (0, 1) (1, 0) (1, 1) (0, 0) (0, 0) (0, 0) (0, 0) (0, 0) (0, 1) (0, 0) (0, 1) (1, 0) (1, 1) (1, 0) (0, 0) (1, 0) (1, 1) (0, 1) (1, 1) (0, 0) (1, 1) (0, 1) (1, 0) Note that the addition on Z2 × Z2 is defined as coordinate-wise addition modulo 2; that is, (x1 , y1 ) + (x2 , y2 ) = (x1 + x2 , y1 + y2 ) where x1 + x2 and y1 + y2 denote the usual addition in Z2 . Verify that (Z2 × Z2 , +, ·) is a field as follows: (a) Show that + is associative. (b) Show that + is commutative. (c) What is the additive identity? (d) Show that each element has an inverse. (e) Show that · is associative. (f) Show that · is commutative. (g) What is the multiplicative identity? (h) Show that each element, except for the additive identity, has a reciprocal. (i) Show that the distributive laws hold. 14. Prove that the following properties hold in (Zn , +, ·), n ≥ 2, where x, y ∈ Zn , gcd(x, n) = gcd(y, n) = 1 (so that x−1 and y−1 exist), and m is a nonnegative integer: (a) (x · y)−1 = x−1 · y−1 (b) (xm )−1 = (x−1 )m 15. In each part, indicate whether the given statement is true or false, and justify your answer. (a) (Z29 , +, ·) is a field. (b) There exists a field of order 6. (c) There exists a field of order 8. (d) (Z8 , +, ·) is a field. (e) There exists a field of order 9. (f) (Z9 , +, ·) is a field. (g) There exists a field of order 10. (h) There exists a field of order 12. 16. Prove that the following two properties of exponents hold in (Zn , +, ·), where x ∈ Zn and m1 , m2 ∈ Z (and, whenever the exponent on x is negative, assume gcd(x, n) = 1): 128 Chapter 2 Number Theory (a) xm1 · xm2 = xm1 +m2 (b) (xm1 )m2 = xm1 m2 17. Consider the field (Z7 , +, ·). (Refer to Exercise 3.) (a) Find the multiples of 6; that is, find: . . ., −3(6), −2(6), −1(6), 0(6), 1(6), 2(6), 3(6), . . . . (b) Find the powers of 6; that is, find: . . ., 6−3 , 6−2 , 6−1 , 60 , 61 , 62 , 63 , . . . . (c) Find the multiples of 2. (d) Find the powers of 2. (e) Find the multiples of 3. (f) Find the powers of 3. (g) Compute 383 using repeated squaring. (h) Compute 383 using the result of part (f) and the fact that 383 = (36 )13 · 35 . 18. Let (F, +, ·) be a field and let 0 denote the additive identity (in particular, consider (Zp , +, ·), where p is prime). Show that the following properties are satisfied for any x, y ∈ F : (a) Cancellation law of addition: If x + z = y + z for some z ∈ F , then x = y. (b) Cancellation law of multiplication: If xz = yz for some z ∈ F − {0}, then x = y. 19. Consider the field (Z17 , +, ·). (a) Find the multiples of 4; that is, find: . . ., −3(4), −2(4), −1(4), 0(4), 1(4), 2(4), 3(4), . . . . (b) Find the powers of 4; that is, find: . . ., 4−3 , 4−2 , 4−1 , 40 , 41 , 42 , 43 , . . . . (c) Find the multiples of 3. (d) Find the powers of 3. (e) Compute 459 in two different ways. 20. Let (F, +, ·) be a finite field and let 0 denote the additive identity (in particular, consider (Zp , +, ·), where p is prime), and refer to Exercise 18. (a) Consider the operation table for F under +; what does the cancellation law of addition imply about each row (or column) of this table? (b) Consider the operation table for F under ·; what does the cancellation law of multiplication imply about each row (or column) of this table? 21. In this exercise we outline the construction of a field (F, +, ·) of order 8. Let F = {0, 1, a, a2, . . . , a6 }, where, as usual, 0 is the additive identity and 1 is the multiplicative identity. The multiplicative structure of the field is implicit in the way the elements of F − {0} have been listed — as powers of the element a — where a7 = 1. Thus, for example, a2 · a3 = a5 and a4 · a5 = a9 = a7 · a2 = 1 · a2 = a2 . The additive structure of the field is determined by the following two rules: (1) every element x is its own inverse, that is, x + x = 0 for every x ∈ F ; (2) 1 + a = a3 . Using these two rules and the commutative and distributive laws, one can complete the addition table for the field; do so. 22. Having done Exercise 21, rename the elements of F using the elements of Z2 × Z2 × Z2 such that (0, 0, 0) is the additive identity, (0, 0, 1) is the multiplicative identity, and the addition is coordinate-wise addition modulo 2; that is (x1 , y1 , z1 ) + (x2 , y2 , z2 ) = (x1 + x2 , y1 + y2 , z1 + z2 ) where x1 + x2 , y1 + y2 , and z1 + z2 denote the usual addition in Z2 . Show the multiplication table with the renamed elements. 129 Chapter Problems CHAPTER PROBLEMS 1. Compute the quotient q and the remainder r for the given dividend b and divisor a. (a) b = 100, a = 13 (c) b = 100, a = −13 (b) b = −100, a = 13 (d) b = −100, a = −13 2. Give an example of a set A such that Z+ ⊂ A ⊂ Z and: (a) A is well-ordered. (b) A is not well-ordered. 3. Given that m1 div 6 = q1 , m1 mod 6 = 3, m2 div 6 = q2 , and m2 mod 6 = 5, find: (a) (m1 + 4) div 6 (c) (3m1 ) div 6 (e) (−m2 ) div 6 (g) (m1 + m2 ) div 6 (i) (4m1 − m2 ) div 6 (k) (−m1 m2 ) div 6 (b) (m1 + 4) mod 6 (d) (3m1 ) mod 6 (f) (−m2 ) mod 6 (h) (m1 + m2 ) mod 6 (j) (4m1 − m2 ) mod 6 (l) (−m1 m2 ) mod 6 4. For any positive integer n, prove that: (a) n2 − n is a multiple of 2 (b) n2 + 1 is not a multiple of 4 (c) n(n + 1)(2n + 1) is a multiple of 6 5. Find d = gcd(a, b) and integers s and t such that d = as + bt. (a) a = 357, b = 629 (c) a = 1109, b = 4999 (b) a = 812, b = 1876 (d) a = 1278, b = 2844 6. Prove or disprove each of the following assertions about an arbitrary integer m: (a) If m = 8k + 5 for some integer k, then m = 4t + 1 for some integer t. (b) If m = 4t + 1 for some integer t, then m = 8k + 5 for some integer k. 7. Find the canonical factorization of each of the following: (a) 17892875 (b) 24635975 8. Let a, b, and c be integers with a odd. Prove: If a | b and a + b = 2c, then a | c. 9. Let a and b be positive integers with a < b. Find the relationship between: (a) b div a and (b − a) div a (b) b mod a and (b − a) mod a 130 Chapter 2 Number Theory 10. For positive integers a, b, and d, prove or disprove: If gcd(a, b) = d, then a gcd ,b = 1 d 11. Let dk · · · d1 d0 be the usual decimal representation of the positive integer n; that is, n = dk · 10k + · · · + d1 · 101 + d0 where di ∈ {0, 1, 2, . . ., 9}, 0 ≤ i ≤ k, are the digits of n and dk 6= 0. Prove that n is a multiple of 3 if and only if d0 + d1 + · · · + dk is a multiple of 3. 12. For positive integers m and n with m ≤ n, use the Euclidean algorithm to find gcd(2m − 1,2n − 1). 13. Prove: If the positive integer n is both a perfect square and a perfect cube (for example, n = 64 = 82 = 43 ), then n is of the form 7k or 7k + 1 for some positive integer k. 14. Given positive integers a and b with 1< a ≤ b, let {p1 , p2 , . . . , pn } be the set of prime factors of ab, where p1 < p2 < · · · < pn . Further, suppose that a = pa1 1 pa2 2 · · · pann b = pb11 pb22 · · · pbnn where ai and bi are nonnegative integers for each i, 1 ≤ i ≤ n. (a) Using the above expressions for a and b, give a formula for gcd(a, b) of the form gcd(a, b) = pd11 pd22 · · · pdnn Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to find the canonical factorization of gcd(a, b) for the given values of a and b. (See Exercise 3 in Exercise Set 2.5 and Problem 7 above.) (b) a = 4725, b = 9702 (c) a = 180625, b = 1662405 (d) a = 17892875, 24635975 15. For positive integers a, b, and c, prove that gcd(ac, bc) = c · gcd(a, b). 16. Given (positive) integers a and b, their least common multiple, denoted lcm(a, b), is defined as the smallest positive integer c such that a | c and b | c. Suppose that a and b are expressed as in Problem 14. (a) Give a formula for lcm(a, b) in the form lcm(a, b) = pc11 pc22 · · · pcnn Also, justify your result. In parts (b), (c), and (d), use the result of part (a) to find the canonical factorization of lcm(a, b) for the given values of a and b. (See Problem 14.) (b) a = 4725, b = 9702 (c) a = 180625, b = 1662405 (d) a = 17892875, 24635975 Prove each of the following assertions: 131 Chapter Problems (e) gcd(a, b)·lcm(a, b) = ab (f) For any positive integer n, if a | n and b | n, then lcm(a, b) | n. 17. For positive integers a, b, and d, prove: If gcd(a, b) = d, then a b gcd , =1 d d 18. For a positive integer n > 1, prove: If n | (35m + 26) and n | (7m + 3) for some integer m, then n = 11. 19. Recall that a triple (a, b, c) of positive integers such that c2 = a2 + b2 is called a Pythagorean triple. Prove: (a) If (a, b, c) is a Pythagorean triple, then ab is even. (b) If (a, b, c) is a Pythagorean triple, then (na, nb, nc) is a Pythagorean triple for any n ∈ Z + . A Pythagorean triple (a, b, c) is called primitive if gcd(a, b) = 1. (In this case it also happens that gcd(a, c) = gcd(b, c) = 1.) (c) Prove: If (a, b, c) is a primitive Pythagorean triple, then a + b is odd. (d) Develop and implement as a program an algorithm that inputs a positive integer m and outputs all primitive Pythagorean triples (a, b, c) such that 1 < a < b < c ≤ m. 20. Let s and t be positive integers with s > t and gcd(s, t) = 1 such that s + t is odd. (a) Show that (s2 − t2 , 2st, s2 + t2 ) is a primitive Pythagorean triple. (b) Obtain Theorem 2.1 as a corollary to the result in part (a). (c) Obtain the result of Exercise 1, part (c) of Exercise Set 2.1 as a corollary to the result in part (a). (d) The formula in part (a) is credited to Euclid. Show that Euclid’s formula yields all primitive Pythagorean triples. (e) Show that (3, 4, 5) is the only Pythagorean triple consisting of consecutive positive integers. 21. Let n1 and n2 be positive integers such that n1 | n2 . Prove: For any integers m1 and m2 , If m1 mod n2 = m2 mod n2 , then m1 mod n1 = m2 mod n1 . 22. Let n1 and n2 be positive integers and let d = gcd(n1 , n2 ). Prove that, for any integers m1 and m2 : n n 2 2 If (m1 n1 ) mod n2 = (m2 n1 ) mod n2 , then m1 mod = m2 mod . d d What does this result say in the case that n1 and n2 are relatively prime? 23. Let p be a prime. An integer a with 1 < a < p is called a primitive root of p provided {a, a2 mod p, a3 mod p, . . . , ap−1 mod p} = {1, 2, 3, . . . , p − 1} Find all primitive roots of: (a) 5 (b) 7 (c) 11 (d) 13 132 Chapter 2 Number Theory 24. Let n be a positive integer such that n = 4k + 3 for some nonnegative integer k. Show that it is not possible to express n in the form n = a2 + b2 for some integers a and b. 25. In Section 2.2, we stated the division algorithm: Given integers b and a with a > 0, there exist integers q and r (uniquely determined by b and a) such that b = aq + r and 0≤r<a Use of the strong form of induction to prove the existence part of this result. 26. Let m1 and m2 be integers and let n1 and n2 be positive integers such that each of m1 , m2 , and n2 is a multiple of n1 . Prove: m1 n2 m2 n2 If m1 mod n2 = m2 mod n2 , then mod = mod . n1 n1 n1 n1 27. Let a and b be integers with 0 ≤ a < b and let d = gcd(a, b). Use the strong form of induction (on a) to show that there exist integers s and t such that d = as + bt. (Hint: In the inductive step, use the idea of the Euclidean algorithm. Let r = b mod (k + 1); then 0 ≤ r ≤ k and gcd(k + 1, b) = gcd(r, k + 1).) 28. Prove that there are infinitely many primes of the form 4k + 3. (Hint: Mimic the proof of Theorem 2.22.) 29. Use induction on n to prove Corollary 2.12 (the extended version of Euclid’s lemma). 30. Let a and b be integers with 1 ≤ a ≤ b and let r = b mod a. Recall that the Euclidean algorithm is based on the observation that gcd(a, b) = gcd(r, a). (a) Show that 2r < b. Let P (b) be the statement that, if 1 < a < b, then the number of divisions required by the Euclidean algorithm to compute gcd(a, b) is less than 2 log2 b. (b) Use the result of (a) and the strong form of induction to prove that P (b) holds for all integers b ≥ 3. (c) Use the result of (b) to prove that, if 1 < a < b, then the number of divisions required by the Euclidean algorithm to compute gcd(a, b) is less than 1 + 2 log2 a. 31. Let p be a prime and consider the field (Zp , +, ·). (a) Prove: For any elements a and b, if a2 = b2 , then either a = b or a = −b. (b) Does the result of part (a) hold in general for (Zn , +, ·)? (In other words, is the requirement that n be prime necessary?) 32. Let a, b, and c be positive integers with 2 ≤ a < b and gcd(a, b) = 1. Consider the equation ax + by = c F (a) Discuss how to obtain a particular solution of equation F in integers x1 and y1 . (b) Let (x1 , y1 ) be a particular solution of equation F. Show that (x, y) is a solution, x, y ∈ Z, if and only if x = x1 + bt and y = y1 − at for some integer t. (c) Show that equation F has a solution in nonnegative integers x and y if and only if, for any particular solution (x1 , y1 ), the closed interval [−x1 /b, y1 /a] contains an integer. (d) Show that the equation ax + by = ab − a − b does not have a solution in nonnegative integers. 133 Chapter Problems (e) Show that equation F has a solution in nonnegative integers for all c > ab − a − b. (Hint: Write c = ab − a − b + n, n ∈ Z+ , and use the strong form of induction on n. Anchor the induction by showing that F has a solution in nonnegative integers for n ∈ {1, 2, . . ., a}. In particular, for n ∈ {1, 2, . . ., a − 1}, let x0 and y0 be integers such that n = ax0 + by0 . Note that y0 may be chosen so that 1 ≤ y0 < a. Then c = a(x0 + b − 1) + b(y0 − 1); show that x0 + b − 1 ≥ 0.) 33. Let p denote a prime. (a) Prove that there do not exist positive integers a and b such that a2 = pb2 . √ (b) Apply the result of part (a) to show that p is irrational. 34. Given a finite field (F, +, ·), the characteristic of F is the smallest positive integer c such that c(1) = 0 (where 0 and 1 denote the additive and multiplicative identities of F , respectively). (a) Show that the characteristic of Zp (where p is prime) is p. (b) Show that the characteristic of any finite field F must be prime. (If the characteristic of F is the prime p, then the theorems of Lagrange and Cauchy from the theory of finite groups can be used to prove that the order of F must be pk for some positive integer k, thus proving necessity in Theorem 2.27.) 35. Let the canonical factorizations of the positive integers a and b be given by: a = pa1 1 pa2 2 · · · pakk b = q1b1 q2b2 · · · qnbn What conditions must be satisfied by the primes and/or the exponents if: (a) a is a perfect square? (b) b is a perfect cube? (c) a | b? 36. Let n be a positive integer. The purpose of this problem is to develop efficient algorithms to do arithmetic modulo n; that is, given a, b ∈ Zn and a nonnegative integer m, we wish to compute, as elements of Zn , a ⊕ b, a b, and am . (a) Develop (and implement as a program) an algorithm to efficiently compute a + b. (Note that, if a + b ≥ n, then a ⊕ b = a + b − n.) (b) Develop an algorithm to efficiently compute a b. Use the technique known as repeated doubling: Compute a, 2a, 4a, and so on, by doubling; then use the binary representation of b to determine which terms are needed for the final result. For example, when b = 101, we would have a b = a (1 + 4 + 32 + 64) = a ⊕ 4a ⊕ 32a ⊕ 64a (c) Develop an algorithm to efficiently compute am . Use the repeated squaring technique. 37. Consider (Z9 , +, ·). (a) Give the addition table for Z9 . (b) Find the inverse of each element. (c) Give the multiplication table for Z9 . (d) Find the reciprocal of each element that has one. 134 Chapter 2 Number Theory 38. Consider the field (Z11 , +, ·). (a) Give the addition table for Z11 . (b) Find the inverse of each element. (c) Give the multiplication table for Z11 . (d) Find the reciprocal of each nonzero element. 39. Let a and b be integers with 1 < a < b. (a) Prove: If a and b are both even, then gcd(a, b) = 2 · gcd(a div 2, b div 2). (b) Prove: If a is even and b is odd, then gcd(a, b) = gcd(a div 2, b). (Or, if a is odd and b is even, then gcd(a, b) = gcd(a, b div 2).) (c) Prove: If a < b, then gcd(a, b) = gcd(a, b − a). (Or, if b < a, then gcd(a, b) = gcd(a − b, b).) (d) Use the results of parts (a), (b), and (c) to design (and implement) an algorithm that inputs positive integers a and b and outputs gcd(a, b). (e) Use the algorithm of part (d) to find gcd(1428, 2516). 40. Find each of the following elements in the field (Z43 , +, ·): (a) 10 + 39 (c) −10 (e) 10−1 (g) 1031 (b) 10 · 39 (d) −39 (f) 39−1 (h) 3942 41. Let n be a positive integer and let m be an integer with 0 ≤ m ≤ 2n+1 − 1. (a) Show that m is uniquely expressible in the form m = bn · 2n + bn−1 · 2n−1 + · · · + b1 · 21 + b0 where each bi is either 0 or 1. The representation (bn bn−1 · · · b1 b0 )2 is called the binary representation of m. (For example, the binary representation of 25 is (11001)2 , or more simply, 11001.) (b) Design and implement an algorithm that inputs a nonnegative integer m and outputs the binary representation of m. (c) Design and implement an algorithm that inputs a bit string (a string of 0s and 1s) and outputs the nonnegative integer m having that string as its binary representation. 42. In this problem we outline the construction of a field (F, +, ·) of order 9. Let F = {0, 1, a, a2, . . . , a7 }, where, as usual, 0 is the additive identity and 1 is the multiplicative identity. The multiplicative structure of the field is implicit in the way the elements of F − {0} have been listed — as powers of the element a — where a8 = 1. Thus, for example, a2 · a3 = a5 and a4 · a6 = a10 = a8 · a2 = 1 · a2 = a2 . The additive structure of the field is determined by the following two rules: (1) 3x = 0 (that is, x + x + x = 0) for every x ∈ F ; (2) 1 + a = a2 . Using these two rules and the commutative and distributive laws, one can complete the addition table for the field; do so. 43. Having done Problem 42, rename the elements of F using the elements of Z3 × Z3 such that (0, 0) is the additive identity, (0, 1) is the multiplicative identity, and the addition is coordinate-wise addition modulo 3; that is (x1 , y1 ) + (x2 , y2 ) = (x1 + x2 , y1 + y2 ) Chapter Problems 135 where x1 + x2 and y1 + y2 denote the usual addition in Z3 . Show the multiplication table with the renamed elements. 44. Given that m1 div 6 = q1 , m1 mod 6 = 3, m2 div 6 = q2 , and m2 mod 6 = 5, redo Problem 3, replacing the divisor 6 by 3 in each part.