Summary of lectures

Theory of Numbers (V63.0248) Professor M. Hausner

Summary of lectures.

Monday, May 14.Divisibility. The integers Z and the natural numbers N. (Non-negative integers)

The well-ordered property on N. (Every nonempty subset of N has a least.)

Notation a|b and a 6 | b.

Elementary divisibility theorems:a|b and b|c → a|c.a|b and a|c → a|(xa + yb) for all integers x, y.a|0, a|a, 1|a.a|b and b|a → |a| = |b|.

The Division Algorithm. For a, b > 0, there are numbers q and r, called the quotient andthe remainder such that a = bq + r with 0 ≤ r < b. Proved using well ordering.

Definition of (a, b), the greatest common divisor (GCD) of a and b.

The Euclidian Algorithm to compute the GCD of two numbers. Illustration and sampleformat: Find (30,105):

Numerator Denominator Quotient Remainder105 27 3 2427 24 1 324 3 8 0

So (30, 105) = 3, the last non-zero remainder. Using this algorithm, we showedTheorem. The GCD of a and b is a linear combination of a and b: (a, b) = xa + yb. Thetext shows that (a, b) is the least positive value of all linear combinations xa + yb when aand b are not both 0.

An important consequence of this theorem, proved in class, is the important:

a|bc and (a, b) = 1 → a|c.

Note that the condition (a, b) = 1 states that a and b have no common divisors except theobvious ±1. In this case, we say that a and b are relatively prime.

1

Primes.Theorem. Every integer greater than 1 is a product of prime. We proved this using thewell ordered property of the natural numbers.

Theorem. There are infinitely many primes. We gave Euclid’s proof. Add 1 to the productof all primes up through p and we either get a prime or a number divisible by a prime greaterthan p.

***********************

Tues. May 15thMore on Divisibility.Theorem. In any set of r consecutive numbers, one is divisible by r.The proof is by induction on n. We show that one of n, n + 1, . . . , n + r− 1 is divisible by r.It is true for n = 0 since r|0. Assuming it true for n = k, we prove it for n = k + 1 b yseparating into 2 cases: Either r|k or r 6 |k. We leave out the details here.

An alternative proof, as in the text, that (a, b) is a linear combination of a and b. Thisalso works for the GCD of more than 2 numbers. This proof is an existence proof, but doesnot yield an effective way of actually computing the linear combination. Letting M = theset of all linear combinations xq + yb. Assuming that a and b are not both 0, M containsa positive element. Let D be the smallest positive element of M . Writing D = ax0 + by0,we first show that D|a and D|b - that is, D is a common divisor of a and b. To show thatD|a, use the division algorithm to write a = Dq + r where 0 ≤ r < D. Solving for r usingD = ax0 + by0,, we find that r is in M . Since it is less than D it can’t be positive, sinceD is the least positive element of M . Since 0 ≤ r, we must have r = 0, showing that D|a.Similarly we can show D|b.

To show that D is the greatest common divisor of a and b, suppose c is a common divisor:c|a and c|b. Then c|ax0 + by0, so c|D. This shows that c ≤ D and incidentally shows that Dis a multiple of and common divisor of a and b.

More on Primes. We first need the followingTheorem: If p is prime and p|ab, then p|a or p|b.For the proof, suppose p does not divide a. The only common (positive) divisor of p and ais 1. So (p, a) = 1, Since p|ab, we must have p|b. So either p|a or p|b.

Similarly, by induction we have: If p|a1a3 · · ·an, then p|ai for some i.

Theorem: The Unique Factorization Theorem. Let n > 1. Then any two factoriza-tions of n are the same, except for the order of the factors.

For a proof, suppose this is not true. Then let N be the least number for which N does not

2

have a unique factorization. Then we have

N = p1 · · · pr = q1 · · · qs

where the p’s and q’s are all primes and the factorization is different. Then p1|N so p1|q1 · · · qs.So p1 divides one of q’s. Rearranging the q’s, we may suppose p1|q1. Since the q’s are primes,we must have p1 = q1. Dividing the equation by p1, we get

N/p1 = p2 · · · pr = q2 · · · qs

Since N was the least number with no unique factorization, and N/p1 < N , this latterfactorization is the same except for order. So the original factorization was the same andthis is a contradiction proving the theorem.

Binomial Coefficients.

These are a double array of numbers

(n

r

)defined for all integers r and n ≥ 0. We showed

that the following definitions are all equivalent.

I. Recursive Definition as in the Pascal Triangle:

A:

(0

0

)= 1,

(0

r

)= 0 for r 6= 0.

B:

(n

r

)=

(n − 1

r

)+

(n − 1

r − 1

)for n > 0.

In the usual Pascal triangle, n is the row, and r is the column.

II. Formula Definition.(n

r

)=

n!

r!(n − r)!, (0 ≤ r ≤ n) else

(n

r

)= 0.

III. Binomial Theorem Formulation.

(1 + x)n =n∑

r=0

(n

r

)xr.

IV. Combinatoric Formulation.(n

r

)is the number of subsets of size r of a set having n elements.

In lecture, we showed that II, and IV were equivalent to I, since they satisfy the samerecursive equation as in I. We can also show III is equivalent to I, using the identity (1+x)n =(1 + x)(1 + x)n−1 and (1 + x)0 = 1.

Some consequences, easily proved from this.

1.

(n

r

)is a non-negative integer, and

(n

r

)> 0 for 0 ≤ r ≤ n.

3

2. The product of r consecutive number is divisible by r!. In fact,

n(n − 1) · · · (n − r + 1)

r!=

(n

r

)

3.

(p

r

)is divisible by p if 0 < p < r.1

Wed, May 16.Table of Primes and the Sieve of Eratosthenese.This is an ancient method useful for creating relatively small tables of primes. To form atable of primes from 2 to n, start with 2 and eliminate all multiples of 2 from 2 time 2 on.The next number not eliminated is 3. It is a prime, and then eliminate all multiples of 3from 3 time 3 on. The next number not eliminated is 5. It is prime and then eliminateall multiples of 5 from 5 times 5 on. Continue up to

√n. At this point, all numbers not

eliminated from 2 to n will be primes. This method is based on the result: If n is composite,it will have a divisor d satisfying 1 ≤

√n.

The problem of factoring large numbers (say 128 digits!) is extremely difficult and there arevery few algorithms to simplify this process.

Congruences.Definition. a ≡ b mod n is defined to mean n|(b − a). A few elementary results are1. a ≡ a mod n (Reflexive property).2. If a ≡ b mod n then b ≡ a mod n (Symmetric property).3. If a ≡ b mod n and b ≡ c mod n then a ≡ c mod n (Transitive property.)4. If a ≡ b mod n then a + x ≡ b + x mod n.5. If a ≡ b mod n then ax ≡ bx mod n.6. If a ≡ b mod n and c ≡ d mod n then a + c ≡ b + d mod n.7. If a ≡ b mod n and c ≡ d mod n then ac ≡ bd mod n.8. If a ≡ b mod n then ak ≡ bk mod n.

Definition. A complete residue system mod n is a set of n numbers r1, r2, . . . , rn suchthat no two are congruent mod n. That is: If ri ≡ rj mod n then i = j. The standardcomplete residue system mod n are the remainders mod n: 0, 1, . . . , n− 1. We showed thatany complete residue system is (mod n) a rearrangement of the standard complete residuesystem. Further, that any integer a is congruent mod n to one and only one number in acomplete residue system.

Definition. φ(n) is defined as then number of integers between 1 and n which are relativelyprime to n. For example, φ(8) = 4 since the numbers between 1 and 8 which are relatively

1The letter p is always used in these notes to designate a prime.

4

prime to 8 are 1, 3, 5, 7. (4 in all). We stated, without proof, that φ(n) = n∏

p|n

p − 1

p. For

example, φ(8) = 8 × 1/2 = 4 and φ(21) = 21 × (2/3) × (6/7) = 12.

Definition. A reduced residue system mod n is a set of φ(n) numbers r1, r2, . . . , rφ(n, allrelatively prime to n such that no two are congruent mod n. That is: If ri ≡ rj mod nthen i = j. The standard reduce residue system mod n are the remainders mod n whichare relatively prime to n. For example, the standard reduced residue system mod 8 is 1,3, 5, 7. We showed that any reduced residue system is (mod n) a rearrangement of thestandard reduced residue system. Further, that any integer a which is relatively prime to nis congruent mod n to one and only one number in a reduced residue system.

Some results on division put into congruence form.1. If ab ≡ 0 mod n and (a, n) = 1 then b ≡ 0 mod n.This is equivalent to: If n|ab and (n, a) = 1, then n|b.From this we easily showThe Cancelation Law.

if ax ≡ ay mod n and (a, n) = 1 then x ≡ y mod n.If n is prime this is simply

If ax ≡ ay mod p and a 6≡ 0 mod p then x ≡ y mod p.Note the similarity with the familiar algebraic law if congruence is replace by equality:

If ax = ay and a 6= 0 then x = y.The result for primes is equivalent to

If ab ≡ 0 mod p then a ≡ 0 mod p or b ≡ 0 mod p.

Using these results, we haveTheorem: . If r1, . . . , rn is a complete residue system mod n and (a, n) = 1, then so is Ifar1, . . . , arn. Similarly, if r1, . . . , rφ(n) is a reduced residue system mod n and (a, n) = 1, thenso is If ar1, . . . , arφn.

The proof uses the definition and cancelation. For example, 0, 1, 2, 3 Is a complete residuesystem mod 4. Multiplying by 3, we have 0, 3, 6, 9 is also a complete residue system mod 4.

We can now prove Fermat’s Theorem2:Theorem: If a is not divisible by p then ap−1 ≡ 1 mod pProof: 1, 2, . . . , p− 1 is a reduced residue system mod p. Therefore, so is a, 2a, . . . , a(p− 1),Since this latter is a rearrangement of the former, mod p, the product of the numbers in theformer system is congruent to the product of the numbers in the latter:

(p − 1)! ≡ (p − 1)!ap−1 mod p

We get the result by canceling of (p − 1)!.

2Also called Fermat’s Little Theorem to distinguish it from the so-called Fermat’s Last Theorem.

5

Working with a reduced residue system, the same method gives Euler’s generalization of thisresult.Theorem: If (a, n) = 1, then

aφ)n) ≡ 1 mod n

Thur, May17thWe reviewed the previous lecture.

Definition of inverse If ab ≡ 1 mod n, we say that a and b are inverses mod n. Also, b iscalled the inverse of a mod n. The relation is symmetric: a is also the inverse of b mod n.We write b = a mod n.

Note: a has an inverse mod n if and only if (a, n) = 1. To see this, first suppose that(a, n) = 1. Then we have 1 = ax + ny for some x, y. Then 1 ≡ ax + ny ≡ ax mod n. So xis the inverse of a mod n. Conversely, if a has an inverse b mod n, we have ab ≡ 1 mod nso n|(ab − 1) and ab − 1 = nq. This shows that any divisor of a and n must also divide 1.Thus (a, n) = 1.

When is x its own inverse mod p? The answer is x ≡ 1 or x ≡ −1 mod p.Theorem: x2 ≡ 1 mod p if and only if x ≡ ±1 mod p.Proof: If x2 ≡ 1 mod p, then x2 − 1 ≡ 0 mod p, or (x − 1)(x + 1) ≡ 0 mod p This impliesx ≡ ±1 mod p. These steps are all reversible.

Thus, Inverses occur in distinct pairs, with the exception of 1 and −1 which are their owninverses.Note: This result is not true if n is not a prime. For example (mod 8), 12 ≡ 32 ≡ 52 ≡ 72 ≡1 mod 8. I may have incorrectly used this result for non-primes in class.

This allows us to proveWilson’s Theorem. (p − 1)! ≡ −1 mod p.Proof: This is true, and uninteresting for p = 2.. When p is odd, we look at the factorizationof (p−1)! = 1·2·3 · · ·(p−2)(p−1). Except for the extreme factors 1 and (p−1) (≡ −1 mod p),the factors pair off into numbers and their inverse mod p. Any such pair multiplies out to 1mod p. So the entire product is congruent to 1 · (p − 1) ≡ −1 mod p.

Note: The generalization mod n, as stated in class, is wrong for the reasons stated above.

This result allows us to answer the question: For what primes p can the congruence x2 ≡−1 mod p be solved?

Theorem: The congruence x2 ≡ −1 mod p can be solved if and only if p = 2 or p = 4n + 1for some n, or simply p ≡ 1 mod 4.For example x2 ≡ −1 mod 41 can be solved, while x2 ≡ −1 mod 43 cannot. (The former

6

has the solution x ≡ 9 or −9 ≡ 32 mod 41.)

Proof: p = 2 is trivial. Note that an odd prime is either of the form 4n + 1 or 4n + 3. Weseparate the cases.1. If p = 4n + 3, we show that we cannot have x2 ≡ −1 mod p. For suppose we had asolution. Raise both sides to the power (p − 1)/2 = 2n + 1 to get xp−1 ≡ (−1)2n+1 mod p.But using Fermat’s theorem, this gives 1 ≡ −1 mod p which is a contradiction.

2, Suppose p = 4n + 1. We use Wilson’s theorem to get (4n)! ≡ −1 mod (4n + 1). This is

(1 · 2 · 3 · · · · 2n)(2n + 1)(2n + 2) · · · (4n − 1)(4n) ≡ −1 mod (4n + 1).

This is equivalent to

(1 · 2 · 3 · · · · (2n)(−2n)(−(2n − 1)) · · · (−2)(−1) ≡ −1 mod (4n + 1).

or simply (2n!)2 ≡ −1 mod p. So the solution of x2 ≡ −1 mod p is(

p−12

)! Perhaps this is

best illustrated numerically for p = 13: 12! ≡ −1 mod 13 by Wilson’s theorem. But

12! = 1 · 2 · 3 · · ·6 · 7 · 8 · · · 11 · 12 ≡ 6!(−6)(−5) · · · (−2)(−1) = 6!2 mod 13

Mon, May 21Review of some factoring results in algebra.

xn − 1 = (x − 1)(1 + x + x2 + . . . + xn−1)

This is the “geometric series” result. As a consequence, it follows that xn − 1 is compositeif x > 2 and n ≥ 2. However, even x = 2 is covered here if n is composite. For example, ifn = rs, 2n − 1 = 2rs − 1 = ys − 1 where y = 2r, and so has a factor y − 1 = 2r − 1. Forexample, 29−1 has a factor 23−1 = 7. Otherwise stated, the only possible primes of the form2n − 1 are those primes of the form P = 2p − 1. These are called Mersenne primes3 Thecomplete list of Mersenne primes through p = 257 are p = 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107and 127. The primes turn up in the study of perfect numbers which we shall discuss later.

A similar factoring result in algebra involves odd powers:

x2n+1 = (1 + x)2n∑

k=0

(−1)kxk = (1 + x)(1 − x + x2 − . . . + x2n−2 − x2n−1 + x2n).

A consequence of this factorization is that any number of the form 2n where n has an oddfactor, is composite. For example, 215 + 1 can be written (23)5) + 1 = 85 + 1 is divisibleby 23 + 1 = 9. So the only primes of the form 2k + 1 must have no odd divisors of k.These are the numbers 22n

+ 1. A prime number of the form 22n+ 1 is called a Fermat

3After Marin Mersenne (1588-1648) who (incorrectly) listed alleged primes of this sort up to p = 257.

7

prime, after Fermat, who conjectured that all numbers of this form were prime. The firstfive numbers of this form are 3, 5, 27, 257, and 65,537, which are in fact prime. The next is4,294,967,297 which is not a prime – it has the factor 641, In fact, no Fermat prime beyondthese 5 have been discovered, and it is not known if any exist. These primes turn up inan unexpected way in geometry. Gauss proved that if p is a Fermat prime, then there is ageometric construction using straight edge and compass constructing a regular polygon withp sides. In fact, a regular polygon with n sides is constructible if and only if n is the productof distinct Fermat primes and some power of 2.

Solving congruences. We first practice computing solutions of linear congruences of theform ax ≡ b mod p. For example, let’s solve

31x ≡ 14 mod 83

We multiply the equation to bring the coefficient of x closer to the modulus. Here, multi-plying by 3 does it. Multiply by 3 to get

93x ≡ 42 mod 83

Now reduce the coefficient of x mod 83:

10x ≡ 42 mod 83

Divide by 2:5x ≡ 21 mod 83

Now again, multiply by 17 and reduce mod 83

85x ≡ 357 mod 83

2x ≡ 25 mod 83

Add 83 to “make 25 even”.2x ≡ 108 mod 83

So the solution isx ≡ 54 mod 83.

Of course, we know that if (a, n) = 1, we have ax + ny = 1 for an x, y pair derivablefrom the Euclidean algorithm. This gives us ax ≡ 1 mod n. So by multiplying by b we getabx ≡ b mod n, So y = ax solves the congruence ay ≡ b mod n. The method shown heresimplifies it, from a practical standpoint, at least without a computer.

The Chinese Remainder Theorem. This states that if (m, n) = 1, the simultaneouscongruences

x ≡ r1 mod m, x ≡ r2 mod n

8

have a unique solution mod mn : x ≡ r mod mn.

We can see how to calculate the solution with the help of an example: Solve

x ≡ 7 mod 11, x ≡ 12 mod 17

Method: Rewrite the first congruence as x = 7 + 11s. (s is arbitrary.). Substitute inthe second to get 7 + 11s ≡ 12 mod 17, or 11s ≡ 5 mod 17. Coincidentally, this is easy,because we can write 5 ≡ 22 mod 17, So we have 11s ≡ 22 mod 17, and canceling 11, we gets ≡ 2 mod 17. Rewrite as s = 2+17t, and substitute into the original s equation x = 7+11sto get x = 7 + 11(2 + 17t) = 29 + 189t. So finally, we can write this as x ≡ 29 mod 189.

More generally, the Chinese Remainder Theorem states that the k congruences x ≡ ri modni, i = 1, . . . , k have a unique solution mod n1 · · ·nk provided (ni, nj) = 1 for i 6= j.

Tues, May 22.Proof of the Chinese Remainder Theorem. We illustrate by taking m = 4, n = 5 somn = 20. Take any number r from the complete residue system mod 20. and reduce it mod4 to find r1 and then mod 5 to find r2.. For example, take r = 14. Then r1 = 14 mod 4 = 2and r2 = 14 mod 5 = 4. Then put 14 in the row 2 (r1) and column 4 (r2). Similarly, r = 7yields r1 = 3 and r2 = 2. Finally ,choosing r = 16, we get r1 = 0 and r2 = 1. So we put 16in row 0, column 1. These examples are indicated in the table below.

0 1 2 3 40 1612 143 7

If we do this for every r between 0 and 19 inclusive, we end up with the following table

0 1 2 3 40 0 16 12 8 41 5 1 17 13 92 10 6 2 18 143 15 11 7 3 19

In this example, the 20 numbers from 0 through 19, all fit into different locations and alllocations are filled. Note that there are 20 locations, so once we know that they all fit intodifferent locations, we know that all locations are filled (and conversely). We can now give theproof of the Chinese Remainder Theorem. Suppose that n, m) = 1. Let 0 ≤ r ≤ mn−1. Forany such r define r1 = r mod m and r2 = r mod n. We now show that the map r 7→ (r1, r2).

9

To prove this, suppose r and s both map onto (r1, r2). Then by definition r ≡ r1 mod mand s ≡ r1 mod m. So r ≡ s mod m. Similarly, r ≡ s mod n. Since (m, n) = 1, this impliesr ≡ s mod mn. Therefore the map r 7→ (r1, r2) is 1-1. And therefore, the map is onto allordered pairs (a, b) where 0 ≤ a ≤ m− 1 and 0 ≤ b ≤ n− 1. Thus, the system x ≡ a mod mand x ≡ b mod n has a unique solution mod mn.

Proof of the formula for φ(n). If we go through the proof of the Chinese RemainderTheorem, using only integers r relatively prime to mn, we can compute φ(mn) in terms ofφ(m) and φ(n). Let r1 = r mod m and r2 = r mod n. For suppose (r, mn) = 1. Then,If r1 = r mod m then (r1, m) = 1, similarly, If r2 = r mod n then (r1, n) = 1, So bothr1 and r2 are relatively prime to m and n respectively. Also, if (r, mn) = d > 1, thensome prime number p divides r and mn. Suppose, for example, that p divides m. Then sincer1 = r mod m. Since p|m, we have r1 ≡ r ≡ 0 mod m, This shows that if r1, m) = (r2, n) = 1,we must have (r, mn) = 1. In terms of the table above, this shows that if we eliminate therows which are not relatively prime to m and the columns which are not relatively prime ton, we are left with precisely those r which are relatively prime to mn. Thus, we have theimportant result

φ(mn) = φ(m)φ(n) if (m, n) = 1

We say that φ is a multiplicative function. In general, a function f is said to be multiplicativeif f(mn) = f(m)f(n) when (m, n) = 1.

The above result is enough to show how to calculate φ(n) for any n. We first find φ(n) forany prime power pa). In the range from 1 through pa, the multiples of p are the only onesnot relatively prime to pa. These are 1 · p, 2 · p, . . . , pa−1 · p. There pa−1 of these. Thus thereare pa − pa−1 = pa−1(p − 1) in the range from 1 though pa which are relatively prime to pa.This gives

φ(pa) = pa−1(p − 1) = pa p − 1

p

Using multiplicity, and factoring n into a product of prime powers, we have

φ(n) = n∏

p|n

p − 1

p

We also showed that if we set d(n) equal to the number of divisors of n, then d(n) ismultiplicative. Since d(pa) = a + 1 (clearly), we find

d(∏

i

pa1i ) =

∏

i

(ai + 1)

Numbers Which are the Sum of Squares.We first note that numbers of the form 4n+3 cannot be the sum of two squares. To seethis, we need only consider odd and even possibilities. Suppose we have n = a2 + b2. Then,

10

depending on whether a and b are even or odd, we have a2 ≡ 0 or 1 mod 4, and similarly forb2. Thus a2 + b2 ≡ 0, 1, or 2 mod 4. So n = a2 + b2 ≡ 3 mod 4 is not possible.

Of course, the even prime 2=1+1 is the sum of two square. We now consider primes of thefrom 4n + 1.

Theorem: Any prime of the form 4n + 1 is the sum of two square.The proof uses the pigeonhole (or shoe-box) principle. Let p = 4n + 1. Take K = [

√p].4

Then K <√

p < K + 1. Since p ≡ 1 mod 4, we can solve the equation x2 ≡ −1 mod p.Using this x, we form the numbers u + xv for all pairs (u, v) where 0 ≤ u, v ≤ K. There are(K + 1)2 pairs, and since

√p < K + 1., we have p < (K + 1)2, there are more than p such

pairs. Therefore some two different numbers of the form u + xv are congruent mod p, sayu1 + xv1 ≡ u2 + xv2 mod p. This is equivalent to a + xb ≡ 0 mod p, where a = u1 − u2 andb = v1 − v2. Since (u1, v1) and (u2, v2) are different,, we have a2 + b2 > 0. Now write thecongruence as a ≡ −xb mod p. Squaring, we get a2 ≡ x2b2 ≡ −b2 mod p or a2+b2 ≡ 0 mod p.

We had 0 ≤ u1 ≤ K <√

p, and 0 ≤ u2 ≤ K <√

p. So 0 ≤ u1 <√

p, and−√p < −u2 ≤ 0.

Adding these inequalities we get −√p < u1 − u2 = a <

√p. Similarly, −√

p < b <√

p.Thus, a2 + b2 < 2p. But we have a < 02 + b2 and a2 + b2 ≡ 0 mod p. Therefore, a2 + b2 = p.This proves the result.

We now show that the product of two numbers which are the sum of two squares is also asum of 2 squares, This is simple algebra:

(a2 + b2)(c2 + d2) = (ac + bd)2 + (ad − bc)2

We also note the obvious fact that 2 = 1 + 1 is the sum of two squares. We therefore havethe following result

Theorem: Let n = 2apb11 · · · pbr

r q2c11 · · · q2cs

s where pi is a prime of the from 4n + 1 and qj isa prime of the form 4n + 3. Then n is the sum of two squares.

Wed., May 23

We now show that conversely, if n is the sum of two squares, then n = 2apb11 · · · pbr

r q2c11 · · · q2cs

s

where pi is a prime of the from 4n + 1 and qj is a prime of the form 4n + 3. To do this, weneed the following result.Theorem: If n = a2 + b2, q is a prime of the form 4k +3 and q|n, then q|a, q|b, and so q2|n.Proof: We have

a2 + b2 ≡ 0 mod q.

We claim that q|a. For if not, a 6≡ 0 mod q, and so a has an inverse mod q: aa ≡ 1 mod q.

4We use [x] to mean the greatest integer in x.

11

Multiply the congruence by a to get

(aa)2 + (ab)2 ≡ 0 mod q, or 1 + (ab)2 ≡ 0 mod q

Thus, the congruence x2 ≡ −1 mod q has the solution x ≡ ab mod q. But this is impossibleby a previous theorem since q ≡ 3 mod 4. This contradiction shows that q|a. Similarly, q|b.Therefore q2|n = a2 + b2. This proves the result.

Now suppose n = 2apb11 · · · pbr

r qc11 · · · qcs

s = a2 + b2 where pi is a prime of the from 4n + 1 andqj is a prime of the form 4n + 3. If qj appears in this factorization, then qj|a, qj|a, and q2

j |n.So cj ≥ 2 and we have n/q2

j = (a/qj)2 + (b/qj)

2. Continuing this process until all the q’s areeliminated, we find that all the exponents of the q’s are even. This is the result.

Pythagorean Triples. These are positive integers a, b, c satisfying

a2 + b2 = c2.

Note that if p divides any two of a, b, c it divides the third. In that case, we have (a/p)2 +(b/p)2 = (c/p)2. continuing this process we arrive at positive integers a, b, c satisfyinga2 + b2 = c2, in which any two of these are relatively prime. This is called relatively primein pairs. Such a triple (a, b, c) is called a primitive Pythagorean triple. We now characterizethese.

Since (a, b) = 1, both can’t be even. But also, both can’t be odd. For if a and b were bothodd, we would have a2 ≡ 1 mod 4 and b2 ≡ 1 mod 4. So c2 = a2 + b2 ≡ 2 mod 4. This isimpossible because the square of an even number is congruent to 0 mod 4. So with no lossin generality, we take a odd, and b even. Since c2 − a2 = b2, we can factor and divide by 4to get

c − a

2· c + a

2=

(b

2

)2

Butc − a

2and

c + a

2are relatively prime. To see this, suppose d divides each of them. Then

d would divide their sum c and their difference a. Thus d = 1. But if the product of relativelyprime numbers is a square, each must be a square. Thus

c + a

2= r2,

c − a

2= s2

where r and s are relatively prime. Solving for c and a, we get c = r2 + s2, and a = r2 − s2.Sing b2 = c2 − a2, we get b2 = 4r2s2, so b = 2rs. Since c2 and a2 are the sum and differenceof r2 and s2, we must also have r and s of different parities.5 Summarizing, all positiveprimitive solutions of the equation a2 + b2 = c2, with b even, are given by the two parametersystem

a = r2 − s2, b = 2rs, c = r2 + s2, where r > s, (r, s) = 1, and r + s is odd.

5This means that one is odd and one is even.

12

The rings Zn and the fields Zp.For fixed n > 0, we want to identify two numbers which are congruent mod n. For example,we are accustomed to talk about even and odd numbers. Here we identify any numberscongruent to 1 mod 2 as “odd.”, and similarly for “even.” For any n > 0, we let a = the setof all b ≡ a mod n. For example, if n = 2, 0 is the set of even numbers and 1 is the set ofodd numbers. For any n, we have for fixed n,

a = b if and only if a ≡ b mod n

The effect of the overbar notation is to replace congruence mod n with equality.6 We defineZn as the finite set {0, 1, . . . , n − 1}. In Zn we can define addition and multiplication by theformulas:

a · b = ab and a + b = a + b

We can replace 0, 1,. . . , n − 1 by any complete residue system mod n. Zn is a ring. This isa term in algebra in which the usual laws of algebra hold. The exception is that there mightbe non-zero elements without inverse. For example, In Z6, 2, 3, and 4 have no inverses. Wecan construct addition and multiplication tables in Zn. The following table gives additionand multiplication tables in Z6. From now on we omit the overbar, and simply write aas a.NO confusion will occur, if we note that we are working in |Zn.

Z6 :

+ 0 1 2 3 4 50 0 1 2 3 4 51 1 2 3 4 5 02 2 3 4 5 0 13 3 4 5 0 1 24 4 5 0 1 2 35 5 0 1 2 3 4

× 0 1 2 3 4 50 0 0 0 0 0 01 0 1 2 3 4 52 0 2 4 0 2 43 0 3 0 3 0 34 0 4 2 0 4 25 0 5 4 3 2 1

For primes p, the algebra in |Zp is more like ordinary algebra because any element unequalto 0 has an inverse. In such cases, the ring is called a field. Here are similar tables for Z5.

Z5 :

+ 0 1 2 3 40 0 1 2 3 41 1 2 3 4 02 2 3 4 0 13 3 4 0 1 24 4 0 1 2 3

× 0 1 2 3 40 0 0 0 0 01 0 1 2 3 42 0 2 4 1 33 0 3 1 4 24 0 4 3 2 1

6More accurately, we should write an instead of a, but in any context, we try to make it clear what theunderlying n is.

13

Note the 1’s in the body of the multiplication tables. These occur when the row and columncorresponding to the 1 are inverses. For the Zp column, a 1 appears once in each row andcolumn other than the 0 row and column. We can see this above for Z5. We see that thisfails if n is composite, as in the multiplication table for Z6.

Thur., May 24Lagrange’s Four Square Theorem.This famous theorem states that ever positive number is the sum of four squares.We started the proof, but left it unfinished, referring the class to classic text by Hardy andWright, The Theory of Numbers Oxford at the Clarendon Press. This was first published in1938 and contains many beautiful results and methods. The Lagrange theorem is on page302. It is accessible to anyone in the class, and uses little more than congruences.

The factorization of n! If p is a prime not more than n, we can find the highest powera of p which divides n! The text uses the notation pa||n! The double divisor sign is used toindicate that pa|n! but pa+1 † n! We illustrate by finding a such that 3a||100! First pull outall multiples of 3 from any of the factors of 100!

100! = 1 · 2 · 3 · · ·6 · · ·9 · · · 96 · 99 · 100 = 3331 · 2 · · · · 32 · 33 · K

where (K, 3) = 1. (We will use K generically in this way.)

Tues., May 29A number is said to be perfect if the sum of its proper divisors7 is equal to that number.For example, 6 is a perfect number: 6 = 1 + 2 + 3. In this section we show how to find alleven perfect numbers. to date, no odd perfect number has been found, and it is not knownif there are any. We start with a definition:

σ(n) is the sum of all divisors of n. We write σ(n) =∑

d|nd.

Thus the condition that a number n is perfect is σ(n) = 2n. This is so because σ(n) includesthe proper divisors and also n. We now show that σ(n) is multiplicative; i.e. if (m, n) = 1then σ(mn) = σ(m)σ(n). To see this, let d1, . . . , dj be the divisors of m and let e1, . . . , ek

be the divisors of n. Then dres is a divisor of mn and all divisors are of this form. Since(m, n) = 1, a little consideration using unique factorization shows that all of the dres aredistinct. Therefore

σ(m)σ(n) = (∑

r

dr)(∑

s

es) = (∑

r,s

dres) = σ(mn)

This easily permits us to compute σ(n), once we know its prime factorization. We firstcompute σ(pa):

σ(pa) = 1 + p + p2 + . . . + pa =pa+1 − 1

p − 1

7A proper divisor of n is a divisor unequal to n.

14

Therefore, since σ is multiplicative, for any product of distinct prime powers, we have

σ(∏

i

paii ) =

∏

i

pai+1i − 1

pi − 1

Note in particular that σ(2a) = 2a+1 − 1. Also σ(p) = p + 1 for a prime p.

We first note the following theorem: Let p be prime with 2p − 1 also a prime (a Mersenneprime). Then n = 2p−1(2p − 1) is a perfect number. The proof is direct. We have

σ(n) = σ(2p−1)σ(2p − 1) = (2p − 1)(2p − 1 + 1) = 2p(2p − 1) = 2n

We now show that conversely, and even perfect number is of this kind. For suppose n is aneven perfect number. Write it as n = 2aR where a > 0 and R is odd. Then by definition,σ(n) = 2n or σ(2aR) = 2a+1R. Thus

σ(2a)σ(R) = 2a+1R or (2a+1 − 1)σ(R) = 2a+1R.

Thus (2a+1−1)|2a+1R and so (2a+1−1)|R since 2a+1−1 and 2a+1 are relatively prime. Thus,R = c(2a+1 − 1) and so σ(R) = c2a+1. Now we claim that c = 1. For if not, the divisors of Rare at least 1, c(2a+1 − 1), and c. So σ(R) ≥ 1+ c+ c(2a+1 − 1) = 1+ c2a+1. This contradictsσ(R) = c2a+1. Thus c = 1 and R = 2a+1 − 1, and σ(R) = 2a+1. But two divisors of R are 1and 2a+1 − 1 whose sum is 2a+1 = σ(R). So there are no further divisors of R and R mustbe prime. This implies that R = 2a+1 − 1 is a prime and from our discussion of Mersenneprimes, we know that a + 1 = p, a prime. So finally, n = 2p−1(2p − 1).

The lecture included some discussion of continued fractions, to be repeated on the next day.

Wed. and Thur., May 30 and June 1Continued Fractions. Any positive real number x can be written As x = [x] + f where[x] is the greatest integer in x, and 0 ≤ f < 1. If f > 0, then we can write f = 1/g whereg > 1. This gives x = [x] + 1/g, We can continue this process with g. We illustrate with anexample:

11

3= 3 +

2

3= 3 +

132

= 3 +1

1 + 12

The text uses the notation 〈3, 1, 2〉 for this latter expression. For any rational number x theEuclidean algorithm for the computation of the GCD of the numerator and the denominatorwill give the entries for this continued fraction. For example, consider the fraction 53/22.We use the Euclidean algorithm to compute (58,21):

Numerator Denominator Quotient Remainder58 21 2 1621 16 1 516 5 3 15 1 5 0

15

So 58/21 = 2 + 16/21 = 2 + 1/(21/16) = 2 + 1/(1 + 5/16). Continuing in this manner wearrive at the continued fraction

58

21= 2 +

1

1 + 13+ 1

5

= 〈2, 1, 3, 5〉.

Note that the entries in this continued fraction are the quotients in the order they appear inthe Euclidean algorithm. We can define a continued fraction in general by induction:

〈a0〉 = a0; 〈a0, a1, . . . , an〉 = a0 +1

〈a1, . . . , an〉for n > 0.

Note the useful identity 〈a0, a1, ,an〉 = 〈a0, a1, ,an−2, 〈an−1, an−2〉〉.

We always assume that ai > 0. a0 ≤ 0 is also allowed. For a given continued fraction〈a0, a1, . . . an〉, We can compute the successive convergents as 〈a0〉, 〈a0, a1〉 . . . , 〈a0, . . . , an〉.For our computed continued fraction 〈2, 1, 3, 5〉, these are 2, 3, 11/4, and 58/21. Numericallythese are 2, 3, 2.75, 2.762. Convergence to the actual answer is very rapid.

Recall that the convergents of 〈a0, a1, . . . , an〉 are 〈a0〉, 〈a0, a1〉, . . . . Writing these as fractionsp0/q0, p1/q1, etc. it looks like

pn = anpn−1 + pn−2; p−2 = 1, p−1 = 1 and qn = anqn−1 + qn−2; q−2 = 0, q−1 = 0 (1)

for n ≥ 0. (We will prove this in what follows.) We will introduce p−2 = 0, p−1 = 1 andq−2 = 1, q−1 = 0 in order to get proper initial values for the p’s and q’s. We then constructthe following table:

n −2 −1 0 1 2 . . .an a0 a1 a2 . . .pn 0 1 a0 p1 p2 . . .qn 1 0 1 q1 q2 . . .

Once the second row is filled in with the given continued fraction, we compute the third andfourth row recursively using the above equations. We illustrate with the above continuedfraction〈2, 1, 3, 5〉:

n −2 −1 0 1 2 3an 2 1 3 5pn 0 1 2 3 11 58qn 1 0 1 1 4 21

Compare the convergents found above with the values pk/qk. We now prove that pk/qk arethe convergents.

16

Theorem: Let a0, a1, . . . , an, . . . be a sequence with ai > 0 for i > 0. Define the sequencespn and qn using Equation (1). Then 〈a0, a1, . . . , an〉 = pn/qn..

Proof: . We prove this for rational ai > 0. We check that this is true for n = 0 and 1.These are simply the equations 〈a〉 = a/1 = p0/q0 and 〈a, b〉 = a + 1/b = (ab + 1)/b = p1/q1.We assume it for all values less than n. We let x > 0 and compute

〈a0, a1, . . . , an−1, x〉 = 〈a0, a1, . . . , an−2, 〈an−1, x〉〉. Using induction this is

〈a0, a1, . . . , an−2,xan−1 + 1

x〉 =

pn−2xan−1+1

x+ pn−3

qn−2xan−1+1

x+ qn−3

=pn−2(xan−1 + 1) + xpn−3

qn−2(xan−1 + 1) + xqn−3

=x(an−1pn−2 + pn−3) + pn−2

x(an−1qn−2 + qn−3) + qn−2=

xpn−1 + pn−2

xqn−1 + qn−2

Finally, substituting x = an, we get

〈a0, a1, . . . , an〉 =anpn−1 + pn−2

anqn−1 + qn−2=

pn

qn

This is the required result.

Theorem: For any continued fraction, pnqn−1 − qnpn−1 = (−1)n+1

Proof: By induction. It is true for n = −1. Assuming the truth for n, we compute:

pn+1qn − qn+1pn = (an+1pn + pn−1)qn − (an+1qn + qn−1)pn

= an+1pnqn − an+1qnpn + qn−1pn − pn−1qn

= −(−1)n+1 = (−1)n+2.

This is the result for n + 1 proving the theorem.

Corollary. rn − rn−1 =(−1)n+1

qnqn−1

.

For this is simplypn

qn

− pn−1

qn−1

. This shows that the convergents oscillate.

Corollary. The convergents are in lowest terms.This is so because we have a linear combination of pn and qn equal to ±1.

Corollary. For an infinite continued fraction, limn→∞

(rn − rn−1) = 0.

This follows from rn − rn−1 =(−1)n+1

qnqn−1. The denominators qn clearly approach ∞ as n → ∞

17

Theorem: pnqn−2 − qnpn−2 = (−1)nan

The proof is a direct computation:

pnqn−2 − qnpn−2 = (anpn−1 + pn−2)qn−2 − (anqn−1 + qn−2)pn−2

= anpn−1qn−2 − anqn−1pn−2 = (−1)nan

This shows that the oscillations of the rn are not extreme. When rn moves right, it returnsto the right of where it started. Similarly, when it moves left, it returns to the left of whereit started. Thus, combining these results, we see that for an infinite continued fraction〈a0, a1. . . .〉, the n-th convergent rn has a limit, which is called the value of this continuedfraction. The convergents oscillate about this value.

Tues., June 5Polynomials over a field F . We have noted that a field is an algebraic system in whichthe usual laws of algebra including addition, subtraction, multiplication and division, hold.In particular, and element a 6= 0 ∈ F has an inverse a−1 ∈ F satisfying aa−1 = 1. We havenoted that Zp is a field for any prime p. F [x] denotes the polynomials with coefficients inF . A polynomial f(x) can be put into the form anxn + an−1x

n−1 + . . . + a0. If f(x) 6= 0, thestandard form is to take an 6= 0. In this case, n is called the degree of f (written deg(f)). Iff = 0, f is not assigned a degree.

Multiplication and division are performed on polynomials in the usual way. It is easy tosee that deg(fg) = deg(f) + deg(g). For suppose f(x) = anxn+ lower degree terms, andg(x) = bmxm+ lower degree terms with an, bm 6= 0. Then f(x)g(x) = anbmxm+n+ lowerdegree terms. By the field properties, anbm 6= 0 since an and bm 6= 0. This proves deg(fg) =deg(f) + deg(g). The formulas for the degree of a sum are more complicated. It is easy tosee that if deg(f) > deg(g) then deg(f + g) = deg(f). But if deg(f) = deg(g), the leadingcoefficients might cancel, so all we can say is deg(f + g) ≤ max(deg(f), deg(g)). So in allcases we have deg(f + g) ≤ max(deg(f), deg(g)).

There is a strong analogy between the polynomials in F [x] and the integers Z. This isillustrated in what follows.

Division. We say that f(x)|g(x) if there is a polynomial h(x) such that g(x) = f(x)h(x).For example, (x−1)|(x3−1) since x3−1 = (x−1)(x2+x+1). In Z7[x], we have (x+4)|(x2+5)because x2 + 5 = (x + 4)(x + 3). (Check this.)

For integers, we have a division algorithm, in which for any n, m with m > 0, we candivide to get a quotient q and remainder r with 0 ≤ r < m satisfying n = mq + r.

For polynomials, we have a division algorithm, in which for any f(x), g(x) withg(x) 6= 0, we can divide (long division of polynomials) to get a quotient q(x) and remainderr(x) with r = 0 or deg(r(x)) < deg(g(x)) satisfying f(x) = g(x)q(x) + r(x).

For integers, we have the Euclidean algorithm, in which a series of divisions with

18

remainders leads to finding the GCD d of the two numbers m and n. d is characterized bytwo facts: 1) d|m and d|n. 2) If e|m and e|n, then e|d. (The GCD of m and n is a multipleof any common divisor of m and n.

For polynomials, we have the Euclidean algorithm, in which a series of divisions withremainders leads to finding the GCD d(x) of the two polynomials f(x) and g(x). d(x) ischaracterized by two facts: 1) d(x)|f(x) and d(x)|g(x). 2) If e(x)|f(x) and e(x)|g(x), thene(x)|d(x). (The GCD of f(x) and g(x) is a multiple of any common divisor of f(x) and g(x).

For integers, the GCD d = (a, b) is a linear combination of a and b: d = am + bn. aand b can be computed from the Euclidean algorithm.

For polynomials, the GCD d(x) = (f(x), g(x)) is a linear combination of f(x) andg(x): d(x) = a(x)f(x) + b(x)g(x). a(x) and b(x) can be computed from the Euclideanalgorithm.

For the integers, if a|bc and (a, b) = 1, then a|c. This same result holds for polynomial,with the same proof.

For the integers, if a|b and b|a, then b = ±a. For polynomials, if f(x)|g(x) andg(x)|f(x) then g(x) = cf(x) where c is a constant (that is, an element of F ) unequal to 0.For integers, the numbers ±1 are the only integers dividing everything. These numbers arecalled units. These are the integers of absolute value 1. For polynomials. the constants c 6= 0are the only polynomials dividing all polynomials. These are the polynomials of degree 0.Non-zero constants are called units.

For integers, primes are the integers n greater than 1, whose only positive divisors are 1 andn. If we broaden this definition to include negatives numbers, we can say that n is a primeif it is not a unit and its only divisors are units and a unit times n.

The corresponding polynomials are called irreducible. These are polynomials p(x)whose only divisors are units or a unit times p(x).

We have unique factorization of polynomials. Any polynomial f(x) is the product of ir-reducible polynomials. The factorization is unique up to order of factors and units. Forexample,

x2 − 4 = (x − 2)(x + 2) = (−1/2)(−2x + 4)(x + 2)

All polynomials of the first degree are irreducible. Polynomials x−a and x− b are relativelyprime if a 6= b. This can be seen since (x − a) − (x − b) = b − a. So any common divisor isa unit.

Some Important Polynomials Results. These results do not have clear analogies in theintegers.Theorem: (The Factor Theorem.) If f(x) is a polynomial in F [x] and f(a) = 0 for somea ∈ F , then (x − a) is a factor of f(x).

Proof: Divide f(x) by x − a to get a remainder: f(x) = (x − a)q(x) + r, where r ∈ F .Substitute x = a, this gives 0 = f(a) = (a − a)g(a) + r = r. So f(x) = (x − a)q(x) and

19

(x − a)|f(x).

Generalizing, we have: If f(x) has distinct zeros a1, a2, . . . , ak, then (x−a1) · · · (x−ak)|f(x).For a proof, we have f(x) = (x − a1)f1(x). Substituting x = a2, we get 0 = (a2 − a1)f1(a2).Since a2 = a1 6= 0, we have f1(a2) = 0 so f1(x) = (x − a2)f2(x), and f(x) = (x − a1)(x −a2)f2(x). Continuing in this way, or by induction, we get the result.

Corollary. A polynomial of degree n has at most n distinct roots.Proof: Otherwise, The polynomial would be divisible by a polynomial of degree greaterthan n which is impossible.

We can use this theorem to prove Wilson’s Theorem, with the help of Fermat’s theorem. InZ∗

p, we have xp = x for x = 0, 1, . . . , p − 1. So the polynomial xp − x has these p elementsas zeros. Thus xp − x = x(x − 1)(x − 2) . . . (x − (p − 1))8 Now divide by x and substitutex = 0 to get −1 = −1 · −2 · · · − (p − 1). Taking p as odd, we get −1 = (p − 1)! in Z∗

p whichis Wilson’s theorem. The case p = 2 is trivial, because here, 1 = −1.

Primitive Roots.We let Z∗

p be the set of non-zero elements of Zp. The Z∗p is closed under multiplication and

taking inverses. (Technically, it is a group.) Z∗p has p − 1 elements. By Fermat’s theorem,

ap−1 = 1. For a ∈ Z∗p we define the order of a as the least positive integer k such that ak = 1.

We now show:Theorem: If the order of a is h, then h|(p − 1).For the proof, we divide p − 1 by h and get a remainder: p − 1 = hq + r with 0 ≤ r < h.Then

1 = ahq+r = ahqar = (ah)qar = 1qar = ar

Since h was the least positive integer k with ak = 1, we must have r ≤ 0. But r ≥ 0 as aremainder. It follows that r = 0, so p − 1 = hq and h|(p − 1). This is the result.

Theorem: Let a ∈ Z∗p. If h is the order of a, then the h elements 1, a, a2, . . . , ah−1 are all

distinct.Proof: If ai = aj with 0 ≤ i < j ≤ h− 1, then 0 ≤ j − i < h, and aj−i = 1. Since j − i < h,it follows that j − i = 0 by the definition of order.

Theorem: Let a ∈ Z∗p. If h is the order of a, then am = an if and only if m ≡ n mod h.

Proof: If m ≡ n mod h, then m = n+hs. So am = an+hs = anahs = an. Conversely, supposean = am. Then an−m = 1. Dividing n − m by h, we get n − m = hq + r, with 0 ≤ r < h.Then ahq+r = 1. Using ah = 1, we get ar = 1. Since r < h, we must have r = 0 using thedefinition of order. Thus, n − m = hq and m ≡ n mod h.

Theorem: Let a ∈ Z∗p, and let h be the order of a. The any element of order h is necessarily

8The polynomial result also calls for a non-zero constant. We can see it is 1 by comparing the coefficientof xp on both sides of this equation.

20

a power of a.

Proof: There are h powers of a by a previous theorem. They all satisfy the equationxh − 1 = 0. But an equation of degree h has at most h solutions. So all the solutions of thisequation are powers of a. Therefore, since it satisfies this equation, every element of order hmust be a power of a.

Theorem: Let a ∈ Z∗p, and let h be the order of a. Then there are exactly φ(h) elements of

order h. These are ak where 1 ≤ k ≤ h with (k, h) = 1.

Proof: . We first show that these φ(h) elements have order h. Let b = ak where (k, h) = 1and 1 ≤ k ≤ h. Then bh = akh = (ah)k = 1. Now suppose that bs = 1 with s > 0. This givesaks = 1, and so h|ks. Since (k, h) = 1 this implies h|s. Since s > 0. we have s ≥ h. Thisshows that the smallest power of b equal to 1 is h. Thus the order of b is h.

We now show that no other power of a has order h. Let c = as, with (s, h) > 1. Let d|h andd|s with d > 1. So s = dt and c = adt. Then ch/d = (adt)(h/d) = aht = 1. So c cannot haveorder h since a smaller power than h can be used as a power of c to yield 1. This completesthe proof.

We know that the order of any element divides p − 1. We now prove that any divisor d of(p − 1) is an order of some element (and so exactly φ(d) elements.)

Theorem: . Let d|(p − 1). Then there are φ(d) elements in Z∗p with order d.

Proof: Let d|(p− 1) and define N(d) as the number of elements of order d. Then there areeither 0 elements of order d or φ(d) such elements. So N(d) ≤ φ(d). Since every element inZ∗

p has some order dividing p − 1, we have∑

d|(p−1)

N(d) = p − 1. Thus,

p − 1 =∑

d|(p−1)

N(d) ≤∑

d|(p−1

φ(d) = p − 1

(The last equality is a previous theorem.) This shows that all of the inequalities involving≤ must be replaced by equalities. Therefore N(d) = φ(d), and so, for any d|(p − 1) thereare exactly φ(d) elements of Z∗

p having order d.

An element of Z∗p is called a primitive element if it has order p− 1. This analysis shows that

there are φp − 1 primitive elements, and shows how to find them, once one is known. Weillustrate for p = 7. Here 23 = 1 so 2 is not a primitive element. 33 = 27 = −1, so 3 doeshave order 6, and is a primitive root. We list the powers of 3 in the table below:

n 1 2 3 4 5 63n 3 2 6 4 5 1

The above theory shows that the other primitive root is 35 = 5.

21

Thur, June 7Number Theoretic Functions. All functions are understood to be functions of a positiveinteger. A function f is called multiplicative if

f(mn) = f(m)f(n) when (m, n) = 1.

We first note that if (m, n) = 1 any divisor d of mn can be written uniquely as d = d1d2

with d1|m and d2|n. Conversely, if (m, n) = 1 and d1|m and d2|n, and d = d1d2 then d|mn.The proof is straightforward and is clear, using unique factorization.

Theorem: Let f(n) be multiplicative. Define F (n) =∑

d|nf(d). Then F (n) is multiplicative.

Proof: Let (m, n) = 1. Using the remark above about divisors of mn, we have

F (mn) =∑

d|mn

f(d) =∑

d1|m,d2|nf(d1d2) =

∑

d1|m,d2|nf(d1)f(d2) = (

∑

d1|mf(d1))(

∑

d2|nf(d2)) = f(m)f(n).

We can use this theorem to prove∑

d|nφ(d) = n. This was previously proved using the defini-

tion of φ(d). By the theorem just proved, we know that F (n) =∑

d|n φ(d) is multiplicative.We also know, from the definition, that φ(pa) = pa − pa−1. Therefore,

F (pa) =∑

d|pa

φ(d) = 1 +a∑

i=1

(pi − pi−1) = pa

(The sum is a “telescoping series” and it can be proved by induction on a.) This computationshows that F (pa) = pa. Therefore, since F is multiplicative, we have for any n,

F (n) = F (∏

p|npan) =

∏

p|nF (pan) =

∏

p|npan = n

The Mobius Function µ(n). This function is defined as follows.µ(n) = (−1)k if n is the product of k distinct primesOtherwise, µ(n) = 0.

Thus µ(n) = 0 when n is divisible by the square of a prime.For example µ(5) = −1, µ(28) = 0, µ(35) = 1.

Theorem:∑

d|nµ(d) = 0 if n > 1. If n = 1, the sum is 1.

It is easy to see that µ(n) is multiplicative. For if m and n are relatively primewith m and n as the product of r and s distinct primes, then mn is the product of r + sdistinct primes, Therefore, µ(m)µ(n) = (−1)r(−1)s = (−1)r+s = µ(mn). Therefore, (using

22

f(n) = 1 in the theorem on adding a function of the divisors of n) it follows that∑

d|n µ(d)is multiplicative. We now compute its value for prime powers. If a ≥ 1 then

∑

d|pa

µ(d) = µ(1) + µ(p) = 1 − 1 = 0.

Since F is multiplicative,, it follows that F (n) = 0 for n > 1. Clearly, F (1) = 1. This provesthe theorem.

An alternate proof is as follows. If n is product of k prime powers paii , then the only

contribution to the sum∑

d|n µ(d) is when d is the product of some of the primes. Thepossibilities are

{1, pi, pipj (i < j), . . . , p1 · · · pk}.The contribution to the sum from these divisors are

1 − p +

(p

2

)−(p

3

)+ . . . + (−1)k

But this is the expansion of (1 − 1)k which is 0 when k > 0.

Finally, we prove the famous Mobius Inversion Formula: If f(n) and F (n) are each definedfor n ≥ 1 and

F (n) =∑

d|nf(n), n ≥ 1 (2)

Thenf(n) =

∑

d|nµ(d)F (n/d) (3)

For example, setting f(n) = an, F (n) = bn, we are given

b1 = a1, b2 = a1 + a2, b3 = a1 + a3, b4 = a1 + a2 + a4, . . .

We can solve these successively for an as functions of the b’s::

a1 = b1, a2 = b2 − b1, a3 = b3 − b1, a4 = b4 − b2, . . .

The inversion formula gives the answer directly. For example, a20 = b20 − b10 − b4 + b2.

To prove the inversion formula, we directly compute the right hand side of Equation (3). Inthis case, we let D designate a divisor of n/d.

∑

d|nµ(d)F (n/d) =

∑

d|nµ(d)

∑

D|(n/d)

f(D) =∑

d|n

∑

D|(n/d)

µ(d)f(D)

Note that D|(n/d) and dD|n and d|(n/D) are all equivalent. In the above sum we combinethe coefficients of f(D). They sum to

∑

d|(n/D)

µ(n/D). But this has been shown to be 0,

23

except for D = n, when it is 1. This is the coefficient of f(n). Thus, the sum is f(n) whichis the result.

Note: Rearranging such a double some can be confusing, so we illustrate with an example.We give an example of this procedure for n = 6. We have

F (1) = f(1)F (2) = f(1) + f(2)F (3) = f(1) + f(3)F (6) = f(1) + f(2) + f(3) + f(6)

We now multiply f(d) by µ(6/d) This gives

µ(6)F (1) = µ(6)f(1)µ(3)F (2) = µ(3)f(1) + µ(3)f(2)µ(2)F (3) = µ(2)f(1) + µ(2)f(3)µ(1)F (6) = µ(1)f(1) + µ(1)f(2) + µ(1)f(3) + µ(1)f(6)

Adding, we get the result f(6) =∑

d|6µ(d)F (6/d). We used the formula

∑

d|nµ(d) = 0 if n 6= 1,

and equals 1 if n = 1.

Mon, June 11.Error checking. Any positive number n can be written uniquely in base 10 in the form

n = a0 + 10a1 + 102a2 + . . . + 10kak,

where each ai is a “digit”: 0 ≤ ai ≤ 9 and ak, the leading digit, is not zero. The numberis written as ak . . . a2a1a0. There are a few simple ways to find n mod 9, 10, and 11. Mod10 is the simplest, since n ≡ a0 mod 10.We can find n mod 9 by noting that 10 ≡ 1 mod 9.Therefore

n = a0 + 10a1 + 102a2 + . . . + 10kak ≡ a0 + a1 + a2 + . . . + ak = S(n) mod 9

where we define S(n) as the sum of the digits of n: S(n) =∑

ai. For example, if n = 345, 682,S(n) = 28, so n ≡ 28 ≡ 10 ≡ 1 mod 9, where we have applied this formula repeatedly to thesum. When finding n mod 9, we can simply add the digits mod 9. Mod 11 is similar. Using10 ≡ −1 mod 11 we find:

n = a0 + 10a1 + 102a2 + . . . + 10kak ≡ a0 − a1 + a2 − . . . + (−1)kak = A(n) mod 11

where we define A(n) as the alternating sum of the digits of n: A(n) =∑

(−1)iai. Forexample, if n = 456, 821, A(n) = 1 − 2 + 8 − 6 + 5 − 4 = 14 − 12 = 2, so n ≡ 2 mod 11,

By checking a calculation mod 9, 10, or 11, many errors can be found. For example, weimmediately know that the alleged result 437× 538 = 234, 109 is wrong because we see that

24

the last digit of the answer should be 6, not 9. By looking at the last digit, we have havechecked mod 10. This doesn’t work for the alleged computation 437×538 = 233, 106. But ifwe check mod 9 we find 437 ≡ 5 and 538 ≡ 7 mod 9. Their product should be congruent to5 × 7 = 35 ≡ 8 mod 9. But the alleged answer is congruent to 6. This inconsistency showsthat the calculation is incorrect. The calculation 437× 538 = 231, 506 passes the mod 9 and10 test, but it fails the 11 test: By observation 437 ≡ 8 mod 11 and 538 ≡ 10 mod 11, sothe product should be congruent to 80 or 3 mod 11. But the alleged answer is congruentto 6 − 0 + 5 − 1 + 3 − 2 = 11 or 0 mod 11. The correct answer is 235,106. The mod 10calculation check the last digit. The mod 9 calculation will usually catch an incorrect digitin the answer. The mod 11 check will catch a transposition of 2 digits.

Realistically, if the numbers are not too large, a hand calculator is a fine direct check of theanswer. Also, the method is not fail-safe. By checking mod 9, 10, 11, your are checkingyour answer mod 990. Any number congruent to the correct answer mod 990 will pass thesetests. So these techniques can be described as recreational mathematics.

The Legendre symbol. In what follows, we take p and q as odd primes. A number ais called a quadratic residue mod p if a 6≡ 0 mod p and the equation x2 ≡ a mod p has asolution. That is, a = b2 for some b. a is called a quadratic non-residue mod p if a 6≡ 0 mod p

and the equation x2 ≡ a mod p has no solution. The Legendre symbol

(a

p

)is defined as

follows:(

a

p

)= 1 if a is a quadratic residue mod p

(a

p

)= −1 if a is a quadratic non-residue mod p

(a

p

)= 0 if a ≡ 0 mod p

While, on the face of, it, this symbol is simply a code to identify quadratic residues, it enjoysmany useful algebraic properties. Before beginning, we start with the following results.Theorem: Any quadratic residue satisfies the equation x(p−1)/2 − 1 ≡ 0 mod p.Proof: If a is a quadratic residue mod p, then a = b2 for some b ∈ Z∗

p Therefore,

a(p−1)/2 = (b2)(p−1)/2 = bp−1 = 1 in Z∗p

This proves the result.

Theorem: . There are (p − 1)/2 quadratic residues, and (p − 1)/2 quadratic non-residues.Proof: We show that the numbers i2 where 1 ≤ i ≤ (p − 1)/2, namely the numbers12, 22, 32, . . . , ((p − 1)/2)2 are distinct quadratic residues mod p. To see this, supposei2 ≡ j2 mod p where 1 < i ≤ j ≤ (p − 1)/2. Then (j − i)(j + i) = j2 − i2 ≡ 0 mod p.But 0 ≤ j − i < j + i < p, since i, j ≤ (p − 1)/2 < p/2. Since p † (j + i), we must have

25

p|(j − i) and so i = j. Thus, the powers i2 are distinct for 1 ≤ i ≤ (p − 1)/2. The numbers(p+1)/2 ≤ i ≤ p−1 can be written as (p− i) for 1 ≤ i ≤ (p−1)/2, so they are the negativesmod p of the numbers i for which 1 ≤ i ≤ (p − 1)/2. So they yield the same squares. Thusthe quadratic residues are simple the (p − 1)/2 numbers i2, where 1 ≤ i ≤ (p − 1)/2. Theremaining (p − 1)/2 numbers mod p are non-residues.

We now state and prove the algebraic properties of the Legendre symbol.

1.

(a

p

)≡ ap−1/2 mod p.

2,

(ab

p

)=

(a

p

)(b

p

).

3. If a ≡ b mod p then

(a

p

)=

(b

p

).

4.

(a2

p

)= 1.

5.

(−1

p

)= (−1)(p−1)/2.

Proofs. 1. We already know that if a is a quadratic residue, then ap−1/2 mod p. This isequation 1 in that case.. We consider the equation xp−1−1 = (x(p−1)/2−1)(x(p−1)/2 +1) = 0.We have shown that the first factor has the (p − 1)/2 quadratic residues as its zeros. Theseare the only zeros because a polynomial of degree n can have at most n zeros. Therefore,the non-residues are zeros of the second factor. Namely a(p−1)/2 + 1 ≡ 0 mod p for any non-

residue. We can rewrite as a(p−1)/2 ≡(

a

p

)mod p. This shows that equation 1 is true when

a is a non-residue mod p.

2. We have

(ab

p

)≡ (ab)(p−1)/2 = a(p−1)/2b(p−1)/2 ≡

(a

p

)(b

p

)mod p. But since both sides

of equation 2 are ±1 the congruence implies equality.

3 and 4 follow from the definition.. We know 5 as a congruence mod p from 1. But sinceboth sides are ±1, we have equality.

While the basic equation

(a

p

)≡ a(p−1)/2 mod p can be used to calculate

(a

p

), the following

method does not involve computing powers of a. It is used for a proof of the quadraticreciprocity law, proved in the next section. We illustrate it with a simple computation to

26

calculate(

5

13

). We start by multiplying 5 by all the numbers from 1 through 6 (This is

p − 1/2 for p = 13. We then reduce mod 13: We get

5 × 1 ≡ 5 mod 135 × 2 ≡ 10 mod 13 xx5 × 3 ≡ 2 mod 135 × 4 ≡ 7 mod 13 xx5 × 5 ≡ 12 mod 13 xx5 × 6 ≡ 4 mod 13

An xx mark was placed after each remainder which was bigger than 6 p − 1/2 for p = 13.IN these cases replace the remainder r by r − 13. This has the effect of making it negative,keeping the congruence, and except for the sign, putting the number in the range from1through 6:

5 × 1 ≡ 5 mod 135 × 2 ≡ −3 mod 13 xx5 × 3 ≡ 2 mod 135 × 4 ≡ −6 mod 13 xx5 × 5 ≡ −1 mod 13 xx5 × 6 ≡ 4 mod 13

Note that except for the sign, the remainders are a rearrangement of the numbers from1 through 6. Now multiply these congruences to get 566! ≡ (−1)36! mod 13, so 56 ≡−1 mod 13. This shows that

(5

13

)= −1, using the congruence 1.

We now state and prove this result in general.Theorem: Let (a, p) = 1. For each i such that 1 ≤ i ≤ (p − 1)/2, let ui be the remainder

of ia mod p. Let n = the number of remainders ui > p/2.. Then

(a

p

)= (−1)n.

Proof: Suppose there are n remainders r1, . . . , rn which are greater than p/2, and k remain-ders s1, . . . .sk which are less than p/2. Then k + n = (p − 1)/2. Then

(a) The ri are distinct, since if 1 ≤ i ≤ j ≤ (p − 1)/2, and ia ≡ ja mod p, we musthave i ≡ j and so i = j. Similarly, the si are all distinct.

(b) The values of p − ri are all distinct, since if p − ri = p − rj, we have ri = rj andso i = j.

(c) Further, we cannot have p − ri = sj. For ri ≡ σa and sj ≡ τa where 1 ≤σ, τ < p/2. So if p − ri = sj, we have p = ri + sj ≡ σa + τs = (σ + τ)a mod p. But0 < σ + τ < p/2 + p/2 = p. So (σ + τ, p) = 1. Canceling, we get 0 ≡ a mod p which is acontradiction.

Thus the (p−1)/2 elements (p−r1), . . . , (p−r)n), s1, . . . , sk are all distinct and in the range

27

from 1 through (p−1)/2. Thus, they are a rearrangement of the numbers 1, 2, . . . , (p−1)/2..Since the remainders of ia are ri and sj, we get after multiplying

1a · 2a · · · p − 1

2a = a(p−1)/2)(p − r1) · · · (p − rn)s1 · · · sc

≡ (−1)nr1 . . . rns1 · · · sk mod p

≡ (−1)n1 · 2 · · · p − 1

2mod p

Canceling, we get

a(p−1)/2 ≡ (−1)n mod p. In view of the above theorem and the basic

(a

p

)≡ a(p−1)/2 mod p,

this gives the result.

Tues., June 12The Quadratic Reciprocity Law. The analysis continues. Recall that r1, . . . , rn, s1, . . . , sk

is a rearrangement, mod p, of the numbers ia, 1 ≤ i ≤ (p − 1)/2. Further, the numbersp − r1, . . . , p − rn, s1, . . . , sk is a rearrangement of the numbers 1, 2, . . . , (p − 1)/2.

If m is divided by n, leaving a remainder r, we have m = nq + r, where 0 ≤ r < n. Som/m = q + r/n, and 0 ≤ r/n < 1. Thus, q = [m/n], and m = n[m/n] + r. Here [x] is thegreatest integer function. We now bring the quotient into play in the above analysis.

Write ia = p[ia/p]+r, for 1 ≤ i ≤ (p−1)/2. Here r will be one of the ri or sj of the previoustheorem. We sum over all i to get

a(p−1)/2∑

i=1

i = p(p−1)/2∑

i=1

[ia/p] +∑

i

ri +∑

j

sj (4)

Since p − r1, . . . , p − rn, s1, . . . , sk is a rearrangement of the numbers from 1 to (p − 1)/2,(p−1)/2∑

i=1

i can be computed in two ways. It is∑

(p − ri) +∑

sj or np − ∑ri +

∑sj. Also

we can use the high school resultn∑

i=1

i = n(n + 1)/2. In this case, n = (p − 1/2 , so

n(n + 1)/2 =1

2

p − 1

2

p + 1

2=

p2 − 1

8. Thus

(p−1)/2∑

i=1

i = np −∑

ri +∑

sj.

Subtracting this from Equation (4), we get

(a − 1)(p2 − 1)/8 = p(p−1)/2∑

i=1

[ia/p] + 2∑

ri − np. (5)

28

Now take this mod 2:

(a − 1)(p2 − 1)/8 =(p−1)/2∑

i=1

[ia/p] − n (mod 2) (6)

We take two cases:

Case 1. a is odd. Then we have

0 =(p−1)/2∑

i=1

[ia/p] − n mod 2

So n ≡ ∑(p−1)/2i=1 [ia/p] mod 2, and so by the previous result

(a

p

)= (−1)

∑(p−1)/2

i=1[ia/p] when a is odd.

Case 2. a = 2. Here equation (6) becomes

(p2 − 1)/8 =(p−1)/2∑

i=1

[2i/p] − n (mod 2)

In this case, since i < p/2, we have 2i < p, so [2i/p] = 0, and the sum vanishes. Thereforewe have n ≡ (p2 − 1)/8 mod 2, and by the previous theorem,

(2

p

)= (−1)(p2−1)/8

This result can be read simply as

(2

p

)= 1 if p ≡ ±1 mod 8

= −1 if p ≡ 4 ± 1 mod 8

The quadratic reciprocity law states that if p and q are different odd primes, then

(p

q

)(q

p

)= (−1)

p−12

q−12

Our result, so far, gives

(p

q

)(q

p

)= (−1)

∑(p−1)/2

1=1[iq/p]+

∑(q−1)/2

j=1[jp/q]

We shall show these are equivalent by proving these two exponents are equal.

29

Wed., June 13We now show that

p − 1

2

q − 1

2=

(p−1)/2∑

1=1

[iq/p] +(q−1)/2∑

j=1

[jp/q]]

for distinct odd primes p and q. The combinatorial proof is as follows. We consider allordered couples (i, j) with 1 ≤ i ≤ (p−1)/2 and 1 ≤ j ≤ (q−1)/2. Since there are (p−1)/2

choices for i and (q − 1)/2 choices for j. There is a total ofp − 1

2

q − 1

2such couples. We

now count these couples in a different way:

Case 1. jp < iq. This is the condition j < iq/p. For fixed i, the j’s can be1, 2, . . . , [iq/p] so there are [iq/p] possibilities for j. So for 1 ≤ i ≤ (p− 1)/2, there is a total

of(p−1)/2∑

1=1

[iq/p] couples (u, v) for which jp < iq.

Case 2. iq < jp. The same proof shows that in this case there are(q−1)/2∑

j=1

[jp/q]]

couples satisfying this condition.Finally, jp = iq is not possible, because this implies p|iq and so p|iq which is not

possible because 1 ≤ i ≤ (p − 1)/2.

Summarizing, the full quadratic reciprocity law is: If p and q are distinct odd primes, then(

p

q

)= (−1)

p−12

q−12 ;

(2

p

)= (−1)(p2−1)/8;

(−1

p

)= (−1)(p−1)/2

The Congruence x2 ≡ a mod pn. If p is any prime and x2 ≡ a mod pn with n > 1, thenclearly x2 ≡ a mod p. We shall show that the converse is true: If p is odd, n > 1 and(

a

p

)= 1, then the equation x2 ≡ a mod pn has exactly two solutions, x ≡ ±b mod pn.

To see this, suppose, we have a solution x ≡ b mod p for the equation x2 ≡ a mod p. Weshall show how to “lift” this solution to a solution mod p2. We have (a − b2)/p = c. Thesolution to the p congruence may be written x = b + pt. Substituting into the congruencex2 ≡ a mod p, we get (b+pt)2 ≡ a mod p2, or b2 +2pt+p2 ≡ a mod p2. Using (a−b2)/p = c,this becomes 2pt ≡ pc mod p2, This is equivalent to 2t ≡ c mod p. this linear equation has aunique solution mod p, say t = d+ ps. this gives x = b+ p(d+ ps), or x ≡ b+ pd mod p2. Inthe same way, we can lift this solution to a solution mod p3, and ultimately, by induction,to pn,

We illustrate with an example. Consider the congruence x2 ≡ 14 mod 125. We first workwith x2 ≡ 14 ≡ 4 mod 5. One solution is x ≡ 2 mod 5. Writing x = 2 + 5t, we workwith the congruence x2 ≡ 14 mod 25. This gives 4 + 20t + 25t3 ≡ 14 mod 25. Simplifying,

30

20t ≡ 10 mod 25. Dividing by 5, we get 4t ≡ 2 mod 5. Solving, t ≡ 3 mod 5. Writingt = 3+5s, this gives x = 2+5(3+5s) = 17+25s. This gives x mod 25. Substituting into theoriginal congruence, we get (17+25s)2 ≡ 14 mod 125. Simplifying, 275+34·25s ≡ 0 mod 125,Dividing by 25, 11+34s mod 5 or 1+4s ≡ 0 mod 5.Solvings=1+5u, so x = 17+25(1+5u).So finally, the solution is x ≡ 42 mod 125. This is lifted from x ≡ 2 mod 5. To lift fromx ≡ −2 mod 5, we would arrive at x ≡ −42 ≡ 83 mod 125.

The case p = 2 needs special consideration. For example the congruence x2 ≡ 3 mod 4 hasno solution, although the congruence mod 2 has the obvious solution x ≡ 1 mod 2. −1 ≡ 1is the same solution. also, the congruence x2 ≡ 1 mod 8 has 4 solutions, x ≡ 1, 3, 5, 7 mod 8.We do not consider the modulus 2n in these notes.

The congruence x2 ≡ a mod n can now be reduced to a congruence mod prime powers. For,writing n = n1 · · ·nk, where ni = pai

i with distinct pi. Then the congruence is equivalentto the system of congruences x2 ≡ a mod ni, i = 1, . . . , k. If the congruence mod ni has ai

solutions, then the congruence mod n will have a1 · · ·ak solutions. This is so, because anysolution x ≡ bi mod ni give rise to a solution mod n by the Chinese remainder theorem.

The Gaussian Integers.Gaussian integers Z[i] are defined as the set of complex numbers a + bi, where a and b areintegers in Z. This system is closed under addition, subtraction and multiplication. Division,done by “rationalizing the denominator” yields complex number a + bi where a and b arerational numbers. We use the notation z to indicate the conjugate of z. Thus, a + bi = a−bi.The following results can easily be checked: z = z, and zw = zw.

We define N(z) = zz. In coordinate form, N(a + bi) = (a + bi)(a − bi) = a2 + b2. We haveN(zw) = N(z)N(w). This equation give a simple proof that the product of two sums ofsquares is a sum of squares. For example, if n = a2 + b2 and m = c2 + d2, then n = N(α)and m = N(c + di), where α = a + bi and γ = c + di. So nm = N(αγ). Computingαγ = (ac − bd) + i(ad + bc), this gives the identity

(a2 + b2)(c2 + d2) = (ac − bd)2 + (ad + bc)2

We had this before, but here it arises naturally. We get another expression if we chooseγ = c − di.

Units, associates, and primes. The definition of division in Z[i] is as expected. α|βif and only if α = βγ for some γ ∈ Z[i]. A unit u is an element which divides 1, and sodivides all elements. To find the units, suppose u is a unit. Then 1 = uv. Taking norms,1 = N(u)N(v), so N(u) = 1. If u = a + bi, this is a2 + b2 = 1 Thus a = ±1 and b = 0, orb = ±1 and a = 0. Thus there are 4 units: 1, −1, i, and −i. If α and β divide each other:α|β and β|α, then it is easy to show that β = uα where u is a unit. In this case, we say thatα and β are called associates. A prime π is an element whose only divisors are units andassociates of π. A unit u is characterized by the condition N(u) = 1.

31

We can give a simple sufficient condition for an element of Z[i] to be a prime:Theorem: If N(α) is a prime in Z, then α is a prime in Z[i]T.Proof: For suppose α is not a prime. Then α = βγ. Then N(α) = N(β)N(γ). But sinceN(α) is a prime, N(β) = 1 or N(γ) = 1, so either β or γ is a unit. Therefore α is a prime.

For example, 1 + i and 4 − i are primes, because their norms are respectively 2 and 17.

Z[i] behaves like Z in a very important way. There is a division algorithm in Z[i] whichallows for a version of the Euclidean algorithm used to find the GCD of two numbers.

Theorem: (The Division Algorithm.) Let α and β be elements of Z[i] with β 6= 0. Thenthere exists γ and ρ in Z[i] such that α = βγ + ρ, and N(ρ) < N(β).Proof: . Let α/β = δ, where δ = c + di, with c and d rational. Now find integers m and nclosest to m and n respectively, so that c = m + f1, d = n + f2 with |fi| ≤ 1/2 for i = 1 and2. Then N(f1 + f2i) ≤ 1/4 + 1/4 = 1/2. By definition we have

α/β = (m + ni) + (f1 + f2i)

soα = βγ + ρ

where γ = m + ni and ρ = β(f1 + f2i. We have

N(ρ) = Nβ)N(f1 + f2i) ≤ N(β)/2 < N(β)

Finally ρ ∈ Z[i] since it is α − βγ.

The division algorithm allows us to use the Euclidean algorithm to find the GCD of any twoelements, and to express it as linear combination (with coefficients in Z[i]) of those elements.As in the theory in Z this gives us unique factorization (up to order of primes and unitfactors).

What are the primes in Z[i]? First suppose that an integer prime p is the sum of two squares:p = a2 + b2. Then setting π = a+ bi, we have N(π) = a2 + b2 = p, so π is a prime in Z[i]. Sois π and p splits into two prime factors: p = ππ. Note the associates of π are π, iπ,−π, iπ,and similarly for π. The 8 variations here correspond to p = (±a)2 + (±b)2 and this sum inreverse order. The only time there are overlaps here9 are for the prime 2. Here π = 1 + i,and π = 1 − i = −i(1 + i) = iπ. So the factorization 2 is 2 = −i(1 + i)2.

The above analysis applies to the prime 2, and to any prime p ≡ 1 mod 4. If p ≡ 3 mod 4,then p is a prime in Z[i]. To see this, suppose p ≡ 3 mod 4, and p is not a prime in Z[i].Then p = αβ with N(α) and N(β) > 1. Taking norms, p2 = N(α)N(β), and so N(α) = p.But this give p as the sum of square which is not possible in Z. This is a contradiction.

9This can be seen geometrically.

32

Summarizing, the distinct primes of Z[i] are:Type 1. The prime 1 + i. Here 2 = −i(1 + i)2.Type 2. Integer primes p ≡ 3 mod 4.Type 3. Each prime p ≡ 1 mod 4 generates two distinct primes (non-associates) π and πsatisfying p = ππ.

Remark. To factor α in Z[i], take norms. For example, let’s factor 7 − 2i into primes. Wehave N(7− i) = 49 + 1 = 50 = 2 · 52. So 1 + i is a factor, and an other is either 2 + i or 2− iup to a unit factor. Since

7 + i

1 + i=

(7 + i)(1 − i)

2=

8 − 6i

2= 4 − 3i

Now (2+ i)2 = 3+4i = i(4−3i), so (4−3i)/(2+ i)2 = 1/i = −i. so putting this all together,we get 7 + i = −i(1 + i)(2 + i)2.

What is the factorization of an integer n ∈ Z? In Z, the prime factorization of n is

n = 2apa11 · · · par

r qb11 · · · qbs

s

where pi ≡ 1 mod 4 and qi ≡ 3 mod 4. Each pi = πiπi, so the factorization of n in Z[i] is:

n = 2aπa11 πa1

1 · · ·πarr πar

r qb11 · · · qbs

s

When is a positive integer n a sum of two squares? This is true if n = a2+b2 = N(a+bi) = ααwhere alpha = a + bi. If we factor α into primes, we have α = π1 · · ·πrq1 · · · qs, where qi ∈ Zand qi is a prime ≡ 3 mod 4, and pi = N(πi) is 2, or a prime congruent to 1 mod 4. Therefore,

n = N(α) = αα = p1 · · · prq21 · · · q2

s

where pi = N(πi) is 2, or a prime congruent to 1 mod 4 and qi is a prime ≡ 3 mod 4. Thus,every prime q ≡ 3 mod 4 will appear in the factorization of n to an even power. Conversely.if every prime q ≡ 3 mod 4 will appear in the factorization of n to an even power, then thefactorization of n in Z[i] has the form n = p1 · · · pr · q2

1 · · · q2s . In Z[i], this can be factored

further into n = π1π1 · · ·πrπr · q21 · · · q2

s , where pi = πrπr. So, taking α = π1 · · ·πr · q1 · · · qs,we have n = αα. Note that we may choose πi instead of πi at any point in this factorization,yielding a different α, and so a different way of expressing n as the sum of two squares.

We can now answer the question: How many distinct ways can a positive integer n beexpressed as a sum of two squares? For simplicity, let us assume that n is square-free. Thenn cannot be expressed a sum of two squares if p ≡ 3 mod 4 and p|n. Suppose n = p1p2

where pi ≡ 1 mod 4. Writing p1 = αα and p2 = ββ. Then n = ααββ. So we can writen = N(γ) = γγ by choosing γ = αβ or αβ.10 For example, take n = 85 = 5 · 17 Take

10Choosing γ = αβ gives nothing new, as this is the conjugate of αβ. It gives a different answer, but onlya variant. For example, 5 = 12 + (−2)2 is a variant of the 5 = 12 + 22.. This is also the reason we omit unitsin our analysis.

33

α = 2 + i and β = 4 + i Thenγ = αβ = (2 + 1)(4 + i) = 7 + 6. Note that 49 + 36 = 85.γ = αβ = (2 + 1)(4 − i) = 9 + 2. Note that 81 + 4 = 85.

Similarly if n is the product of k distinct primes congruent to 1 mod 4, then n can bewritten as the sum of two square in 2n−1 different ways. We illustrate for n = 3. Taken = 1105 = 5 · 13 · 17.. Let α = 2 + i, So N(α) = 5. Let β = 3 + 2i, with N(β = 13 andγ = 4 + i with N(γ) = 17. Computingαβγ = (2 + i)(3 + 2i)(4 + i) = 9 + 32i.αβγ = (2 + i)(3 − 2i)(4 + i) = 33 + 4i.αβγ = (2 + i)(3 + 2i)(4 − i) = 23 + 24iαβγ = (2 + i)(3 − 2i)(4 − i) = 31 − 12i.Note that 1, 105 = 92 + 322 = 332 + 42 = 232 + 242 = 312 + 122.

Thur, 6/14We shall try to analyze the equation z = x2 + 2y2 in a way analogous to our considerationof the equation z = x2 + y2.

For what values of p is

(−2

p

)= 1? We compute

(−2

p

)=

(−1

p

)(2

p

)= (−1)p−1)/2(−1)(p2−1)/8.

By considering the cases p ≡ 1, 3, 5, 7 mod 8, we find that

(−2

p

)= 1 if and only if p ≡

1 mod 8 or p ≡ 3 mod 8. Therefore, we can show:Theorem: If p = x2 + 2y2, then p ≡ 1 or 3 mod 8.Proof: If p = x2 + 2y2, then x2 + 2y2 ≡ 0 mod p, or x2 ≡ −2y2 mod p, since 0 < x, y < p,y has an inverse mod p, and multiplying by y−1, we get (xy−1)2 ≡ −2 mod p. Therefore(−2

p

)= 1 and so p ≡ 1 or 3 mod 8. The following table, computed in class shows the first

4 primes in each category, together with x, y satisfying x2 + 2y2 = p.

p ≡ 1 x y p ≡ 3 x y17 3 2 3 1 141 3 4 11 3 123 1 6 19 1 389 9 2 43 5 2

Here p = x2 + 2y2, and the computation suggests that every prime congruent 1 or 3 mod 8can be written uniquely as a sum x2 + 2y2. This is true, but the proof is deferred. We takeit as true, in the discussion below.

34

We now copy the results in Z[i] by constructing Z[i√

2]. this is motivated by the algebraicidentity x2 + 2y2 = (x − i

√2)(x + i

√2) Set θ = i

√2, so θ2 = −2. We let Z[θ] be the

set of all numbers of the form a + bθ. This set is closed under addition, subtraction, andmultiplication. If we allow a and b to be rational, the resulting set is called Q[θ]. If z = a+bθwe set z = a − bθ. then zz = a2 + 2b2, and we write N(z) = zz. We can easily prove thatzw = zw. Hence N(zw) = zwzw = zwzw = zzww = N(z)(N(w). Thus, the product of twonumbers of the form a2 + 2b2 is also of this form.

The Euclidean Algorithm in Z[θ]. Following the proof in Z[i], we have the followingdivision algorithm:

If α, β ∈ Z[θ] with β 6= 0, then there exists γ, ρ ∈ Z[θ] such that α = βγ + ρ with N(ρ) <N(β). The proof is the same as in Z[i], except here we find that we have N(ρ) ≤ (3/4)N(β).Once we have the division algorithm, we can use the Euclidean algorithm to find the GCD of2 elements, express it as a linear combination of the elements, and prove unique factorizationinto primes.

Units, Associates, and Primes in Z[θ].As in Z[i], units are elements that divide 1, hence everything. If u is a unit in Z[θ], the1 = uv, and taking norms, we have 1 = N(1) = N(u)N(v). So N(u) = 1. If u = a + bθ, thisgives 1 = a2 + 2b2, so a = ±1 and b = 0. So the only units are 1 and −1, as in Z, and u isa unit if and only if N(u) = 1. The associates of a prime π are ±pi. An element π is primeif and only if its only divisors are units and associates. As in the theory of Z[i], with thesame proof, we have the sufficient condition: If N(z) is a prime in Z, then z is a prime inZ[θ]. For example 3 + 4θ is a prime, since N(3 + 4θ) = 9 + 2 · 16 = 41. Thus, primes p ∈ Zof the form p = a2 + 2b2 split into two primes in Z[θ]: p = (a + bθ)(a − bθ) = ππ. As in thediscussion of Z[i], primes not of this form stay primes in Z[θ]. Note that 2 splits: 2 = −θ2.It is a square, up to a unit factor. Thus any prime congruent to 1 or 3 mod 8 splits into twodistinct primes π and π. The prime 2 splits into −θθ. A prime congruent to 5 or 7 mod 8remains a prime in Z[theta].

Using unique factorization in Z[θ], we can now show:

A positive integer n ∈ Z can be written in the form a2 + 2b2 if and only if pa||n with odd aimplies p ≡ 1 or 3 mod 8.

The proof follows the reasoning of the similar result for Z[i]. Assume n = a2 + 2b2. Thenn = N(a + bθ) = αα where α = a + bθ. Writing α as a product of primes in Z[θ], thefactorization will contain primes π, such that N(π) is a prime in Z congruent to 1 or 3mod 8. The other primes are primes in Z congruent to 5 or 7 mod 8. This shows that thefactorization of n = αα primes q congruent to 5 or 7 will appear an even number of times.The converse is also true, and the proof follows the lines of the corresponding result in Z[i].If n is square-free and is not divisible by any prime congruent to 5 or 7, then the number of

35

ways n can be written in the form a2 + 2b2 is, as in the result for Z[i], 2k−1, where k is thenumber of primes in the factorization of n.

There remains the result: If p ≡ 1 or 3 mod 8, then p can be written a2 + 2b2. The prooffollows the proof on page 11 on primes that are the sum of squares. However, what we endup with are numbers x, y such that x2 + 2y2 ≡ 0 mod p, with 0 < x2 + 2y2 < 3p. Thus wecan say x2 + 2y2 = p or x2 + 2y2 = 2p. In the latter case, working mod 2, it follows that x2,hence x is even. So we have x = 2u, and 4u2 +2y2 = 2p. Dividing by 2, we get p = y2 +2u2.This is the result.

36

Documents

Summary of lectures