Download 7. Prime Numbers Part VI of PJE

7. Prime Numbers Part VI of PJE
7.1
Definition (p.277) A positive integer n is prime when n > 1 and the only
divisors are ±1 and +n. That is
D (n) = {−n, −1, 1, n} .
Otherwise n > 1 is said to be composite.
So n > 1 is composite if, and only if, there exist integers a > 1 and b > 1
such that n = ab.
Example The first few prime numbers are
2, 3, 5, 7, 11, 13, 17, 19, ...
Note that it is an extremely hard problem to prove that a given large
integer (say with 150 digits) is prime, which is exactly what is required to
break present day codes. But some very large primes are known, such as
243112609 − 1 with 12978189 digits, found by Edson Smith, George Woltman,
Scott Kurowski, et al. in 2008
Question What is the connection with the earlier definition of coprime?
Lemma If p is prime and p - a then p and a are coprime.
Recall Two integers m and n are coprime if gcd (m, n) = 1. Here
gcd (m, n) = max D (m, n) = max D (m) ∩ D (n) .
Proof By the recollection, gcd (p, a) = max D (a)∩D (p). Because p is prime
we have D (p) = {−p, −1, 1, p} and so
D (a) ∩ D (p) ⊆ {−p, −1, 1, p} .
But p - a and so p ∈
/ D (a), and also −p ∈
/ D (a). Thus D (a) ∩ D (p) ⊆
{−1, 1}.
Yet −1, 1 ∈ D (n) for any integer n. Hence D (a) ∩ D (p) = {−1, 1}.
Finally therefore gcd (p, a) = max D (a) ∩ D (p) = 1.
1
Theorem Every integer n > 1 is a product of primes.
(With the convention that a product could be of just one prime!)
Proof p.278, is by strong induction
Theorem (Euclid) If p|ab then either p|a or p|b.
Proof p.279. The proof makes use of an earlier result that if n|ab and
gcd (n, a) = 1 then n|b.
Example 12|4 × 6 yet 12 - 4 and 12 - 6. This proves that 12 is not prime!
Euclid’s Theorem motivates the definition of a prime in more advanced
work. Thus p is prime iff for all integers a, b, p|ab implies either p|a or p|b.
Corollary If p|a1 a2 ...an then p|ai for some 1 ≤ i ≤ n.
Proof p|a1 a2 ...an ⇒ p|a1 (a2 ...an ) which by the Theorem implies that either
p|a1 or p|a2 ...an . If p|a1 we are finished. If p|a2 ...an repeat the process. Theorem Fundamental Theorem of Arithmetic. Every positive integer greater than 1 can be written as a product of primes unique up to
ordering, i.e. for all n ≥ 2
n = p1 p2 ...pr
where each pi (i = 1, ..., r) is a prime.
Proof p.283, is by contradiction
Note the similarities between this and the result that permutations in Sn
can be written as a product of disjoint cycles unique up to ordering.
Aside I It must be stressed that it is a very hard problem to find the prime
decomposition of large numbers. What do I mean by large? A 232 digit was
factored on December 12, 2009:
1230186684530117755130494958384962720772853569595334792197322
4521517264005072636575187452021997864693899564749427740638459
2519255732630345373154826850791702612214291346167042921431160
2221240479274737794080665351419597459856902143413
= 3347807169895689878604416984821269081770479498371376856891243
1388982883793878002287614711652531743087737814467999489
× 3674604366679959042824463379962795263227915816434308764267603
2283815739666511279233373417143396810270092798736308917.
2
See http://en.wikipedia.org/wiki/RSA numbers.
Question How to find primes?
Theorem If m is composite then m has a prime √
divisor not exceeding
i.e. m composite ⇒ ∃ prime p s.t. p|m and p ≤ m.
Proof p.280, is by contradiction.
√
m,
An application of this result is to finding primes. In this method we
disgard composite numbers, leaving only primes. And how do you know a
number m is composite? It√is a multiple of an integer (in fact a prime - but
that is not important) ≤ m. And if we are disgarding
√ composites m less
√
that N then it will be a multiple
of
an
integer
≤
m
≤
N . Thus we discard
√
the multiples of integers ≤ N .
Application Sieve of Eratosthenes,
• Write out the list of natural numbers up to N .
• Strike out all multiples of 2, except for 2.
• Strike out all multiples of the next remaining number except that number itself (this will be 3).
• Continue, at each step striking out all multiples of the next remaining
number except that number itself.
√
• Stop when the next remaining number is > N .
You will now have a list of primes up to N . So, for example, if we look
for
√ primes up to 100 we need only check for divisibility by primes up to
100 = 10, i.e. 2, 3, 5 and 7. See appendix 7-i where this is carried out for
N = 100.
Question How many primes are there?
Theorem There are infinitely many primes.
Proof (due to Euler) p.285, is by contradiction.
Note The first few examples of p1 p2 ..pr + 1 where p1 < p2 < ... < pr are the
first r primes are
2×3+1
2×3×5+1
2×3×5×7+1
2 × 3 × 5 × 7 × 11 + 1
3
=
=
=
=
7
31
211
2311
are all primes. But the next one is not:
2 × 3 × 5 × 7 × 11 × 13 + 1 = 30031 = 59 × 509.
“Interesting” problems concerning primes. The following are conjectures and are all examples of problems that can be simply stated yet for
which the answers are as yet unknown.
1) Goldbach’s Conjecture, Is every even integer n ≥ 4 the sum of two
primes?
4 = 2 + 2, 6 = 3 + 3, 8 = 3 + 5, 10 = 3 + 7, 12 = 5 + 7,
14 = 3 + 11, 16 = 3 + 13, 18 = 5 + 13, 20 = 7 + 13, ...
Has been checked for all even numbers up to 12 × 107 by Oliveira e Silva
(July 14, 2008).
Goldbach’s Conjecture is a difficult problem because primes are multiplicative objects, defined in terms of divisibility, and yet this is an additive
question.
2) Do there exist infinitely many Twin Primes, i.e. pairs of primes
p and p0 such that p − p0 = 2? The first few examples are
(3, 5) , (5, 7) , (11, 13) , (17, 19) , (29, 31) , (41, 43) , (59, 61) , (71, 73) ,
(101, 103) , (107, 109) , (137, 139) , (149, 151) , (179, 181) , (191, 193) ,
(197, 199) , (227, 229) , (239, 241) , ... .
A large prime pair is 65516468355 × 2333333 ± 1 with 100355 digits discovered by Kaiser1 & Klahn in 2009.
3) Is n2 + 1 is prime infinitely often?
22 + 1 = 5, 42 + 1 = 17, 62 + 1 = 37, 102 + 1 = 101, 142 + 1 = 197, ...
4) For all m ≥ 1 does there exists a prime p : m2 ≤ p ≤ (m + 1)2 ?
What is known is
Theorem Bertrand’s postulate: For all N ≥ 1 there exists a prime
p : N ≤ p ≤ 2N.
Proof not given in course.
4
Binomial Theorem for prime powers
n
r
Recall that the Binomial Coefficient
can be expressed as
n
n!
=
.
r
r! (n − r)!
Theorem If p is prime then p divides pr , i.e.
p
,
p r
for 1 ≤ r ≤ p − 1.
Proof Since p! = p × (p − 1)! we have that p|p!.
If p|r! then, since p is prime, the Corollary above implies that p|m for
some m in the product r!, which means m ≤ r ≤ p − 1. But p|m means
p ≤ m and thus p ≤ m ≤ p − 1 which is a contradiction. Hence p - r!.
Similarly, since p − r ≤ p − 1 we get p - (p − r)!.
Hence p|p! yet p - r! (p − r)! and so
p!
p
p
=
.
r! (p − r)!
r
Theorem For all a, b ∈ Z and all primes p we have
(a + b)p ≡ ap + bp mod p.
Proof By the Binomial Theorem
(a + b)
p
=
p
X
a
p
b
r
p−r r
r=0
p
= a +
p−1
X
r=1
a
p
b
+ bp
r
p−r r
≡ ap + bp mod p,
using the previous Theorem on all terms of the sum.
5
Corollary (Fermat’s Little Theorem) For all n ≥ 1, and all primes p,
np ≡ n mod p.
If gcd (p, n) = 1 then
np−1 ≡ 1 mod p.
Proof by induction.
Base case n = 1. 1p = 1 and so the result holds with equality.
Assume the result holds for n = k, so k p ≡ k mod p. Consider now
m = k + 1. Then by the previous Theorem
mp = (k + 1)p ≡ k p + 1 mod p
≡ k + 1 mod p by the inductive hypothesis,
= m mod p.
Thus the result holds for m = k + 1. Hence by induction the result holds for
all m ≥ 1
Finding and using inverses.
From Fermat’s Little Theorem we see that if p is prime and p - a then
ap−1 ≡ 1 mod p, or equivalently ap−2 × a ≡ 1 mod p. This means that ap−2 is
the inverse of a modulo p or, in the language of congruence classes,
p−2 [a]−1
in Z∗p .
p = a
p
An interesting question is with which method is it quickest to calculate
the modular inverse. Is it by Euclid’s Algorithm or by calculating ap−2 using,
for example, the method of successive squaring? In fact, both methods have
running time proportional to the number of decimal digits of a. For Euclid’s
algorithm this result on the running time is the content of Lame’s Theorem,
PJE p.226.
A use of inverses is to solve linear congruences.
Example Find the integer solutions of 5x ≡ 6 mod 19.
Solution 19 is prime so Fermat’s Little theorem implies 518 ≡ 1 mod 19. So
5 × 517 ≡ 1 mod 19, i.e. 517 is the inverse of 5 mod 19. Thus multiplying both
sides of the equation by 517 gives
518 x ≡ 6 × 517 mod 19, i.e. x ≡ 6 × 517 mod 19.
6
Though this is an answer to the question we normally give x as the least
positive residue. Successive squaring gives
52 ≡ 6, 54 ≡ 17 ≡ −2, 58 ≡ (−2)2 ≡ 4 and 516 ≡ 16 mod 19.
Thus
x ≡ 6 × 5 × 516
≡ 6 × 5 × 16
≡ 5 mod 19,
which agrees with the answer found in Chapter 3, but which should still be
checked by substitution.
Calculating powers.
With p = 13 and a = 4 we see that 412 ≡ 1 mod 13. Thus
8 2 2
4100 = 48×12+4 ≡ 412
4
≡ 112 (−3)2 ≡ 9 mod 13,
as we have seen before in Chapter 3, using the method of successive squaring.
Note Fermat’s Little Theorem may appear wonderful in that it helps us
solve congruences and simplifies substantially the calculation of large powers modulo p. But the result has two weaknesses. First, it only applies
to prime modulus. You can often overcome this by using the Chinese Remainder Theorem. The second weekeness is that you need to know that the
modulus is prime. It is a very difficult problem showing that a large number
is prime. The largest known prime (as of September 2008) is 243,112,609 − 1.
(See http://primes.utm.edu/largest.html for further details).
7
Permutations on Z∗n .
Recall from the previous chapter that Z∗n is the set of invertible classes in
Zn and that it can be written as
{[r]n : 1 ≤ r ≤ n, gcd (r, n) = 1} ,
which, because we can take different labels for the classes, is the same as
{[r]n : 0 ≤ r ≤ n − 1, gcd (r, n) = 1} .
Definition* Euler’s phi-function is, for all n ≥ 1, given by
φ (n) = |Z∗n |
= |{1 ≤ r ≤ n : gcd (r, n) = 1}|
= |{0 ≤ r ≤ n − 1 : gcd (r, n) = 1}|
Examples Simply by checking we see that
φ (5) = |{1, 2, 3, 4}| = 4
and
φ (7) = |{1, 2, 3, 4, 5, 6}| = 6.
In general φ (p) = p − 1 for all primes p since all integers strictly less than
p are coprime to p.
Also by checking φ (8) = 4 and φ (16) = 8. In general φ (2n ) = 2n−1 for
all n ≥ 1, since in these cases we are counting the integers coprime to 2n , i.e.
the odd integers. And half of the integers up to 2n are odd.
And you can easily check by hand that φ (6) = 2, φ (9) = 6 and φ (10) = 4.
Example What is φ (100)?
Solution Start from
φ (100) = |{0 ≤ n ≤ 99 : gcd (n, 100) = 1}| .
Then every 0 ≤ n ≤ 99 can be written uniquely as
n = r + s10 with 0 ≤ r ≤ 9 and 0 ≤ s ≤ 9.
Note that
gcd (n, 100) = 1 ⇔
⇔
⇔
⇔
2 - n and 5 - n
2 - (r + s10) and 5 - (r + s10)
2 - r and 5 - r
gcd (r, 10) = 1.
8
Hence
φ (100) = |{0 ≤ r ≤ 9, 0 ≤ s ≤ 9 : gcd (r, 10) = 1}|
= 10 × |{0 ≤ r ≤ 9 : gcd (r, 10) = 1}|
since there are 10 choices for s,
= 10 × φ (10)
= 40.
Question for students. What is φ (1000)?
Theorem If gcd (a, n) = 1 then the function
ρa : Z∗n → Z∗n , [r]n 7→ [ar]n
is a permutation.
Proof The idea for the proof can be seen on p.259 and p.290.
Is ρa well-defined? Does ρa map into Z∗n as claimed in the definition of
ρa ?
If [r]n ∈ Z∗n then gcd (r, n) = 1 by definition of Z∗n . By the assumption in
the theorem we have gcd (a, n) = 1.
Recall that two integers w, v are coprime, i.e. gcd (w, v) = 1 if, and only
if, there exist integers s and t such that 1 = sw + tv. Thus
gcd (r, n) = 1 ⇒ ∃s, t ∈ Z such that 1 = sr + tn,
gcd (a, n) = 1 ⇒ ∃k, ` ∈ Z such that 1 = ka + `n.
Combine these two equalities as
1 = sr × 1 + tn = sr (ka + `n) + tn
= (sk) ra + (sr` + t) n,
which gives gcd (ar, n) = 1. Thus [ar]n ∈ Z∗n and so, for every [r]n ∈ Z∗n the
image ρa ([r]n ) is in Z∗n and the function ρa is well-defined.
Is ρa a permutation? So, is ρa a bijection from Z∗n to Z∗n ? The easiest way
to check this is to find the inverse map. Since gcd (a, n) = 1 there exists an
element a−1 such that a−1 a ≡ 1 ≡ aa−1 mod n. Then we claim that ρa−1 is
the inverse function. To see this note that for [r]n ∈ Z∗n we have
(ρa−1 ◦ ρa ) [r]n = ρa−1 (ρa [r]n ) = ρa−1 [ar]n = a−1 ar n = [r]n .
9
Similarly,
(ρa ◦ ρa−1 ) [r]n = ρa (ρa−1 [r]n ) = ρa a−1 r n = aa−1 r n = [r]n .
And thus ρa−1 is the inverse function, ρa a bijection from Z∗n to Z∗n and hence
ρa a permutation.
Example On Z∗8 = {1, 3, 5, 7}, consider ρ3 .
ρ3 ([1]8 ) = [3]8 ,
ρ3 ([3]8 ) = [9]8 = [1]8 ,
ρ3 ([5]3 ) = [15]8 = [7]8 ,
ρ3 ([7]8 ) = [21]8 = [5]8 .
Dropping the [...]8 , we can represent this as
1 3 5 7
ρ3 =
= (1, 3) ◦ (5, 7) .
3 1 7 5
The other three permutations
1 3
ρ1 =
1 3
1 3
ρ5 =
5 7
1 3
ρ7 =
7 5
are
5 7
5 7
5 7
1 3
5 7
3 1
= 1Z∗8 ,
= (1, 5) ◦ (3, 7) ,
= (1, 7) ◦ (3, 5) .
Theorem Euler’s Theorem
If gcd (a, n) = 1 then
aφ(n) ≡ 1 mod n.
Proof is not in PJE’s book, but the idea is to be found on p.290.
Since ρa is a permutation of Z∗n then the image of ρa is simply Z∗n in some
different order. Since order is immaterial in sets we have Z∗n = Im ρa , i.e.
{[r]n : 1 ≤ r ≤ n − 1, gcd (r, n) = 1}
= {[ar]n : 1 ≤ r ≤ n − 1, gcd (r, n) = 1} .
10
Taking products of everything in each set we get
Y
Y
Y
[r]n =
[ar]n =
([a]n [r]n )
1≤r≤n−1
gcd(r,n)=1
1≤r≤n−1
gcd(r,n)=1
1≤r≤n−1
gcd(r,n)=1
by definition of multiplication in Zn
Y
= [a]nφ(n)
[r]n ,
1≤r≤n−1
gcd(r,n)=1
since there are φ (n) terms in the product. Now cancel the product from
both sides to get
[1]n = [a]nφ(n) = aφ(n) n ,
again by the definition of the multiplication of classes. But this final result
merely means aφ(n) ≡ 1 mod n, as required.
Example of the method of proof of Euler’s Theorem.
Z∗8 = {[1]8 , [3]8 , [5]8 , [7]8 }, and so φ (8) = 4.
Take a = 5, in which case the map ρ5 is
[1]8
[3]8
[5]8
[7]8
7→
7→
7→
7→
[5 × 1]8
[5 × 3]8
[5 × 5]8
[5 × 7]8
= [5]8 ,
= [7]8 ,
= [1]8 ,
= [3]8 .
Then
[1]8 [3]8 [5]8 [7]8 = [5 × 1]8 [5 × 3]8 [5 × 5]8 [5 × 7]8
= [5]48 [1]8 [3]8 [5]8 [7]8
Canceling [1]8 [3]8 [5]8 [7]8 from both sides leaves [5]48 = [1]8 . Thus
54 ≡ 1 mod 8
as expected.
Taking n = p, prime, in the Theorem we again get
Theorem Fermat’s Little Theorem If p is prime and a an integer with
p - a then
ap−1 ≡ 1 mod p.
(1)
11
Proof p.290
Corollary If p is prime and a an integer then ap ≡ a mod p.
Proof Either p - a or p|a. In the first case, Fermat’s Little Theorem implies
ap−1 ≡ 1 mod p. Multiply by a to get ap ≡ a mod p. in the second case p|a
and so a ≡ 0 mod p. But then ap−1 ≡ 0 mod p and so ap−1 ≡ 0 ≡ a mod p.
In both cases we have ap ≡ a mod p.
Example Find the last two digits in the decimal expansion of 1399 .
Solution We have to calculate 1399 mod 100.
Euler’s Theorem tells us that 13φ(100) = 1340 ≡ 1 mod 10. Thus
2
1399 = 1340 1319 ≡ 12 1319 ≡ 1319 mod 100.
Now use successive squaring
132
134
138
1316
≡
≡
≡
≡
69,
61,
21,
41 mod 100.
(2)
Hence
1399 ≡ 1319 = 1316 × 132 × 13
≡ 41 × 69 × 13
≡ 77 mod 100.
So the last two digits of 1399 are 77, as already found in Chapter 3.
Note you may now think that Euler’s Theorem has none of the problems
of Fermat’s Little Theorem as we do not have to know that the modulus m
is prime, Euler’s Theorem holds for all integer m. But unfortunately it has
another problem, how to calculate φ (m)? In general this is very difficult for
large m. It can be shown that if m = pq, the product of different primes
then
φ (m) = φ (p) φ (q) = (p − 1) (q − 1) .
But to be able to do this we need to factorise m, and that is the difficulty.
In general the calculating of φ (m) is as hard as factorising m.
12