MA257 Introduction to Number Theory
J. E. Cremona
Visit to download the full and correct content document: https://textbookfull.com/product/ma257-introduction-to-number-theory-j-e-cremona/
More products digital (pdf, epub, mobi) instant download maybe you interests ...
An Introduction to Number Theory with Cryptography, Second Edition Kraft
https://textbookfull.com/product/an-introduction-to-numbertheory-with-cryptography-second-edition-kraft/
Number Theory Revealed An Introduction Andrew Granville
https://textbookfull.com/product/number-theory-revealed-anintroduction-andrew-granville/
Introduction to Analytic and Probabilistic Number Theory 3rd Edition Gerald Tenenbaum
https://textbookfull.com/product/introduction-to-analytic-andprobabilistic-number-theory-3rd-edition-gerald-tenenbaum/
An Introduction to Number Theory with Cryptography 2nd Edition James Kraft
https://textbookfull.com/product/an-introduction-to-numbertheory-with-cryptography-2nd-edition-james-kraft/
Introduction to Number Theory ch 9 15 2 nd Edition
Mathew Crawford
https://textbookfull.com/product/introduction-to-number-theorych-9-15-2-nd-edition-mathew-crawford/
Algebraic Number Theory - A Brief Introduction 1st
Edition J.S. Chahal
https://textbookfull.com/product/algebraic-number-theory-a-briefintroduction-1st-edition-j-s-chahal/
Invitation to Number Theory 1st Edition Ore
https://textbookfull.com/product/invitation-to-number-theory-1stedition-ore/
Invitation to Number Theory 2nd Edition Oystein Ore
https://textbookfull.com/product/invitation-to-number-theory-2ndedition-oystein-ore/
An Introduction To Quantum Field Theory First Edition
Michael E. Peskin
https://textbookfull.com/product/an-introduction-to-quantumfield-theory-first-edition-michael-e-peskin/
MA257:INTRODUCTIONTONUMBERTHEORY LECTURENOTES2018
J.E.CREMONA
Contents
0.Introduction:WhatisNumberTheory?2 BasicNotation3 1.Factorization4
1.1.Divisibilityin Z 4
1.2.GreatestCommonDivisorsin Z 5
1.3.TheEuclideanAlgorithmin Z 6
1.4.Primesanduniquefactorization7
1.5.UniqueFactorizationDomains9
2.Congruencesandmodulararithmetic14
2.1.DefinitionandBasicProperties14
2.2.Thestructureof Z/mZ 15
2.3.Euler’s,Fermat’sandWilson’sTheorems16
2.4.SomeApplications18
2.5.TheChineseRemainderTheoremorCRT19
2.6.Thestructureof Um 21
3.QuadraticReciprocity23
3.1.QuadraticResiduesandNonresidues23
3.2.LegendreSymbolsandEuler’sCriterion23
3.3.TheLawofQuadraticReciprocity24
4.DiophantineEquations28
4.1.GeometryofNumbersandMinkowski’sTheorem28
4.2.Sumsofsquares28
4.3.Legendre’sEquation30
4.4.PythagoreanTriples32
4.5.Fermat’sLastTheorem33
4.6.ProofofMinkowski’sTheorem35
5. p-adicNumbers37
5.1.Motivatingexamples37
5.2.Definitionof Zp 38
5.3.Thering Zp 39
5.4.Thefield Qp 42
5.5.Squaresin Zp 45
5.6.Hensellifting47 c 2018CreativeCommonsAttribution-ShareAlike(CCBY-SA)
0. Introduction:WhatisNumberTheory?
NumberTheoryis(ofcourse)primarilytheTheoryofNumbers:ordinarywholenumbers (integers).Itis,arguably,theoldestbranchofmathematics.IntegersolutionstoPythagoras’s equation
havebeenfound,systematicallylistedwithallthearithmeticcarriedoutinbase 60,onancient Babylonianclaytablets.ThereareseveraldifferentflavoursofNumberTheory,distinguished morebythemethodsusedthanbytheproblemswhosesolutionsaresought.Theseare
• Elementary NumberTheory:usingelementarymethodsonly;
• Analytic NumberTheory:usinganalysis(realandcomplex),notablytostudythe distributionofprimes;
• Algebraic NumberTheory:usingmoreadvancedalgebra,andalsostudying algebraic numbers suchas 1+ 3 √2+ 17 √17;
• Geometric NumberTheory:usinggeometric,algebraicandanalyticmethods;also knownas arithmeticalgebraicgeometry
AndrewWilesusedavastarrayofnewtechniquesandpreviouslyknownresultsinarithmetic algebraicgeometrytosolveFermat’sLastTheorem,whosestatementisentirelyelementary (seebelow).ThisistypicalofprogressinNumberTheory,wheretherehavebeenmany casesofentirelynewmathematicaltheoriesbeingcreatedtosolvespecific,andoftenquite elementary-seemingproblems.
Thismoduleismostlyelementarywithsomeanalyticandalgebraicparts.ThealgebraicapproachispursuedfurtherinthemoduleMA3A6(AlgebraicNumberTheory).Thegeometric approachispursuedfurtherinthemoduleMA426(EllipticCurves).
NumberTheorystartsoutwithsimplequestionsaboutintegers:simpletostate,ifnotto answer.Herearethreetypesofquestion:
• DiophantineEquations areequationstowhichoneseeksintegerssolutions(orsometimesrationalsolutions).Forexample,
(1) x2 +y2 = z2 hasinfinitelymanyintegralsolutions(so-calledPythagoreantriples); later,wewillseehowtofindthemall.
(2) xn + yn = zn has no nonzerointegersolutionswhen n ≥ 3.ThisisFermat’s LastTheorem,whichwewillcertainlynotbeprovingintheselectures,though wewillprovethecase n =4.
(3) y2 = x3 +17 hasexactly 8 integersolutions (x,y), x =
, 43, 52 andonefurthervaluewhichyoucanfindforyourselves.Provingthatthereare nomoresolutionsisharder;using Sage youcansolvethisasfollows: sage:EllipticCurve([0,17]).integral points()
,
,
,
(4) Everypositiveinteger n canbewrittenasasumoffoursquares(including 0), forexample
butnotallmaybewrittenasasumof2or3squares.Which?
sage:sum of k squares(4,47)
Wewillanswerthetwo-andfour-squareproblemslater,withapartialanswer forthreesquares.
• Questionsaboutprimes,forexample
(1) Thereareinfinitelymanyprimes(anancientresultprovedinEuclid.)
(2) Iseveryevennumber(greaterthan 2)expressibleasthesumoftwoprimes? ThiswasconjecturedbyGoldbachin1746andstillnotproved,thoughithas beenverifiedfornumbersupto 4 × 1018;the“weakform”oftheconjecture, thateveryoddnumbergreaterthan 5 isasumofthreeprimes,wasprovedin 2013bythePeruvianHaraldHelfgott.
(3) ArealltheFermatnumbers Fn =22n +1 prime(asFermatalsoclaimed)?Certainlynot:thefirstfourare(F1 =5, F2 =17, F3 =257, F4 =65537)butthen F5 =641×6700417, F6 =274177×67280421310721, F7 =59649589127497217× 5704689200685129054721,andnomoreprimevalueshavebeendiscoveredin thesequence.
sage:[(2ˆ2ˆn+1).factor() for n inrange (9)]
(4) Howmanyprimesendinthedigit 7?Infinitelymany?Ofthe664579primesless than10million,thenumberwhichendinthedigits 1, 3, 7 and 9 respectively are 166104, 166230, 166211,and 166032 (thatis, 24.99%, 25.01%, 25.01% and 24 98%).Whatdoesthissuggest?
sage:pc=dict ([(d,0) for d inrange (10)]) sage: for p in prime range(10ˆ7):pc[p%10]+=1 sage:[(d,pc[d],100.0 ∗ pc[d]/ sum(pc.values())) for d in [1,3,7,9]]
(5) Arethereinfinitelymanyso-called primepairs:primeswhichdifferbyonly 2, suchas (3, 5), (71, 73) or (1000000007, 1000000009)?
• Efficientalgorithmsforbasicarithmetic:manymodernapplicationsofNumberTheory areinthefieldofcryptography(securecommunicationofsecrets,suchastransmitting confidentialinformationovertheInternet).Theseapplicationrelyonthefactthat thefollowingtwoquestions,whichseemtrivialfromthetheoreticalpointsofview, arenotatalltrivialwhenaskedaboutverylargenumberswithdozensorhundreds ofdigits:
(1) PrimalityTesting:givenapositiveinteger n,determinewhether n isprime; (2) Factorization:givenapositiveinteger n,determinetheprimefactorsof n
Inthismodule,wewillstudyavarietyofsuchproblems,mainlyofthefirsttwotypes, whilealsolayingthetheoreticalfoundationstofurtherstudy.
BasicNotation. Z, Q, R, C willdenote,asusual,thesetsofintegers,rationalnumbers, realnumbersandcomplexnumbers.Theintegersformaring,theotherssetsarefields.
N = {n ∈ Z | n ≥ 1} isthesetof naturalnumbers (positiveintegers).
N0 = {n ∈ Z | n ≥ 0} isthesetofnon-negativeintegers.
P willdenotethesetof(positive)primenumbers:integers p> 1 whichhavenofactorization p = ab with a,b> 1
Divisibility:for a,b ∈ Z wewrite a|b,andsay a divides b,when b isamultipleof a: a|b ⇐⇒∃c ∈ Z : b = ac.
If a doesnotdivide b wewrite a |b.Thedivisibilityrelationgivesapartialorderon N with 1 asthe“least”elementandno“greatestelement”.
Congruence:for a,b,c ∈ Z with c =0 wewrite a ≡ b (mod c) andsaythat a iscongruent to b modulo c if c|(a b): a ≡ b (mod c) ⇐⇒ c|(a b) Divisibilityandcongruencewillbestudiedindetaillater.
1.1. Divisibilityin Z.
1. Factorization
Definition1.1.1. Let a,b ∈ Z.Thenwesaythat a divides b andwrite a|b if b = ac for some c ∈ Z: a|b ⇐⇒∃c ∈ Z : b = ac.
Alternatively,wemaysaythat“b isamultipleof a”.If a =0 thisisequivalenttothe statementthattherationalnumber b/a isaninteger c.If a doesnotdivide b wewrite a |b Lemma1.1.2. [Easyfactsaboutdivisibility]Forall a, b, ... ∈ Z:
(1) a|b =⇒ a|kb (∀k ∈ Z);
(2) a|b1, a|b2 =⇒ a|b1 ± b2;henceif b1 and b2 aremultiplesof a,thensoareallintegers oftheform k1b1 + k2b2
(3) a|b, b|c =⇒ a|c;
(4) a|b, b|a ⇐⇒ a = ±b;
(5) a|b, b =0=⇒|a|≤|b|;sononzerointegershaveonlyafinitenumberofdivisors;
(6) If k =0 then a|b ⇐⇒ ka|kb;
(7) Specialpropertiesof ±1: ±1|a (∀a ∈ Z),and a|± 1 ⇐⇒ a = ±1;
(8) Specialpropertiesof 0: a|0(∀a ∈ Z),and 0|a ⇐⇒ a =0
Proposition1.1.3 (DivisionAlgorithmin Z). Let a,b ∈ Z with a =0.Thereexistunique integers q,r suchthat b = aq + r with 0 ≤ r< |a|
Proof. Either:Take r tobetheleastnon-negativeintegerintheset S = {b aq | q ∈ Z}, whichcertainlycontainspositiveintegers.Then r< |a|,asotherwise r −|a| wouldbea smallernon-negativeelementof S
Or:if a> 0,take q =[b/a],the integerpart of b/a,so q ≤ b/a<q +1,andset r = b aq.Then 0 ≤ r<a.If a< 0,similarlywith q = [ b/a]
Uniqueness:if b = aq1 + r1 = aq2 + r2 with 0 ≤ r1,r2 < |a| then a(q1 q2)= r2 r1 Nowif q1 = q2 then |q1 q2|≥ 1,so |a| > |r1 r2| = |a||q1 q2|≥|a|,contradiction. Hence q1 = q2,andthen r1 = r2 also.
Notation: thesetofallmultiplesofafixedinteger a isdenoted (a) or aZ: (a)= aZ = {ka | k ∈ Z}.
Thenwehave a|b ⇐⇒ b ∈ (a) ⇐⇒ (a) ⊇ (b):“tocontainistodivide”.From Lemma1.1.2(4)wehave (a)=(b) ⇐⇒ a = ±b
An ideal inacommutativering R isasubset I of R satisfying
(i) 0 ∈ I; (ii) a,b ∈ I =⇒ a ± b ∈ I; (iii) a ∈ I, r ∈ R =⇒ ra ∈ I
Notation: I R.Forexample,thesetofallmultiplesofafixedelement a of R isthe principalideal denoted (a) or aR.Wesaythat a generates theprincipalideal (a).Theother generatorsof (a) arethe associates of a:elements b = ua where u isaunitof R
Proposition1.1.4. Everyidealin Z isprincipal.
Proof. Let I Z.If I = {0} then I =(0) andsoisprincipal.Otherwise I containspositive integers,since a ∈ I ⇐⇒−a ∈ I byproperty(iii);let a betheleastpositiveelementin I Byproperty(iii)wehave (a) ⊆ I.Conversely,let b ∈ I;write b = aq + r with 0 ≤ r<a, then r = b qa ∈ I,sobyminimalityof a wehave r =0,so b = qa ∈ (a).So I =(a)
Definition1.1.5. A PrincipalIdealDomain orPIDisa(nonzero)commutativering R such that
(i) ab =0 ⇐⇒ a =0 or b =0;
(ii) everyidealof R isprincipal.
So Z isaprincipalidealdomain.Everynonzeroidealof Z hasauniquepositivegenerator.
1.2. GreatestCommonDivisorsin Z.
Theorem1.2.1. Let a,b ∈ Z
(1) Thereexistsauniqueinteger d satisfying
(i) d|a and d|b;
(ii) if c|a and c|b then c|d;
(iii) d ≥ 0
(2) Theinteger d canbeexpressedintheform d = au + bv with u,v ∈ Z.
Definition1.2.2. For a,b ∈ Z wedefinethe GreatestCommonDivisor (orGCD)of a and b tobetheinteger d withthepropertiesgiveninthetheorem.Notation: gcd(a,b), orsometimesjust (a,b).Integers a and b aresaidtobe coprime (orrelativelyprime)if gcd(a,b)=1
Sointegersarecoprimeiftheyhavenocommonfactorsotherthan ±1.Theidentity gcd(a,b)= au + bv issometimescalled Bezout’sidentity
ProofofTheorem1.2.1. Let I = {ax + by | x,y ∈ Z};then I isanidealof Z,so I =(d) forsomeinteger d ≥ 0.Now d hastheform d = au + bv since d ∈ I,and d|a and d|b since a,b ∈ I =(d).Lastly,if c|a and c|b then c|au + bv = d.
Corollary1.2.3. [BasicPropertiesof gcd]Forall a,b,k,m ∈ Z:
(1) a and b arecoprimeiffthereexist u,v ∈ Z suchthat au + bv =1;
(2) gcd(a,b)=gcd(b,a)=gcd(|a|, |b|);
(3) gcd(ka,kb)= |k| gcd(a,b);
(4) gcd(a, 0)= |a|; gcd(a, 1)=1;
(5) gcd(a,b)=gcd(a,b + ka) forall k ∈ Z;
(6) if gcd(a,m)=gcd(b,m)=1 then gcd(ab,m)=1; (7) if gcd(a,b)=1 then gcd(ak,bl)=1 forall k,l ∈ N.
Lemma1.2.4. [Euler’sLemma]If a|bc and gcd(a,b)=1 then a|c
Proof. Write 1= au + bv;then c = a(uc)+(bc)v so a|c
If a1, a2, , an isanyfinitesequenceofintegersthenwesimilarlyfindthattheideal theygenerate, I =(a1,a1,...,an)= {k1a1 + k2a2 + ··· + knan | k1,k2,...,kn ∈ Z} isan idealof Z,hence I =(d) foraunique d ≥ 0,andwedefine d =gcd(a1,a2,...,an).Wesay that a1, a2, ... , an are coprime if gcd(a1,a2,...,an)=1.Thisisweakerthanthecondition that gcd(ai,aj )=1 forall i = j:forexample, gcd(6, 10, 15)=1 since 6+10 15=1, butnopairof 6, 10, 15 iscoprime.When gcd(ai,aj )=1 forall i = j,wesaythatthe ai are pairwisecoprime.
Ourproofshavebeennon-constructive.AveryimportantcomputationaltoolistheEuclideanAlgorithm,whichcomputes d =gcd(a,b) given a and b ∈ Z,anditsextendedform whichalsocomputesthe(non-unique) u,v suchthat d = au + bv
1.3. TheEuclideanAlgorithmin Z TheEuclideanAlgorithmisanefficientmethodof computing gcd(a,b) foranytwointegers a and b,withouthavingtofactorizethem.Itmay alsobeusedtocomputethecoefficients u and v intheidentity d =gcd(a,b)= au + bv. Thebasicideaisthis.Wemayassume b>a> 0 (seetheBasicPropertiesabove).Write r = b aq with 0 ≤ r<a;then gcd(a,b)=gcd(r,a) andwehavereducedtheproblemto asmallerone.Afterafinitenumberofstepswereach 0,andthelastpositiveintegerinthe sequence a,b,r,... isthe gcd Example: (963, 657)=(657, 963)=(306, 657)=(45, 306)=(36, 45)=(9, 36)= (0, 9)=9.Herewehaveused 963 657=306, 657 2 306=45, 306 6 45=36, 45 36=9. Tosolve 9=963u +657v wecanback-substituteintheseequations: 9=45 36= 45 (306 6 · 45)=7 · 45 306=7 · (657 2 · 306) 306=7 · 657 15 · 306= 7 657 15(963 657)=22 657 15 963,so u = 15 and v =22
Thereisasimplerwayofkeepingtrackofallthesecoefficientswhilereducingtheamount whichneedstobewrittendown,usingsomeauxiliaryvariables,whichleadstotheEuclidean algorithm.Wegiveitinaformwhichkeepsalltheauxiliaryvariablespositivewhichiseasier tocarryoutinpractice.
ExtendedEuclideanAlgorithm: Givenpositiveintegers a and b,thisalgorithmcomputes (d,u,v) suchthat d =gcd(a,b)= au + bv:
(1) Set a
(2) Let q =[a1/a2]
(3) Set a3 = a1 qa2; x3 = x
(4) Set a1 = a2,
(5) If a2 > 0 loopbacktoStep2.
(6) If ax1 by1 > 0 return (d,u,v)=(a1,x1, y1),elsereturn (d,u,v)=(a1, x1,y1)
Proofofthealgorithm. Itisclearthatthesequence ai isjustthesequenceofsuccessive termsintheordinaryEuclideanAlgorithm,starting a,b,... ,inwhichthelastnonzeroterm is gcd(a,b).Eachnewtermofthissequenceisfirstcalled a3 andthenthe ai moveupby one.Thisshowsthatthealgorithmterminateswiththecorrectvalueof d Initially, ax1 by1 = a1 and ax2 by2 = a2.Ifatageneralstagewehave ax1 by1 = εa1 and ax2 by2 = εa2 with ε = ±1,thenacalculationshowsthatthesamewillholdatthe nextstagewiththeoppositevalueof ε.Sincethelastnonzerovalueof a1 (when a2 =0) is d,attheendwehave ax1 by1 = ±d,andthesignisadjustedifnecessary(whichwill dependonwhetherthenumberofstepsisevenorodd).
Example: Inthepreviousexample,the ai sequenceis 963, 657, 306, 45, 36, 9, 0
usingquotients
Sothe xi sequenceis
andthe yi sequenceis
q =1, 2, 6, 1, 4
1, 0, 1, 2, 13, 15, 73
0, 1, 1, 3, 19, 22, 107
Usingthelast xi and yi providesacheck:
73a 107b =73 · 963 107 · 657=0
andtheprecedingvaluesgivethesolution: 15a 22b =15 963 22 657= 9
Sowemaytake u = 15, v =22
1.4. Primesanduniquefactorization.
Definition1.4.1. A primenumber (or prime forshort)isaninteger p> 1 whoseonly divisorsare ±1 and ±p;thesetofprimesisdenoted P:
Forexample 2, 3, 5, 7, 11 areprimes.Integers n> 1 whicharenotprimearecalled composite.If a isanyintegertheneither p|a,inwhichcase gcd(p,a)= p,or p |a,inwhich case gcd(p,a)=1
Lemma1.4.2. Let p beaprimeand a,b ∈ Z.If p|ab theneither p|a or p|b (orboth).
Proof. SpecialcaseofEuler’sLemma1.2.4:if p|ab and p |a then gcd(p,a)=1 so p|b
Thispropertyofprimesisveryimportant,andtheuniquenessofprimefactorizationrelies onit.(Itiseasytoseethatcompositenumbersdonothavethisproperty.)Moregenerally:
Corollary1.4.3. Let p beaprimeand a1,a2,...,an ∈ Z.Then p|a1a2 ...an =⇒ p|ai forsome i.
Theorem1.4.4 (FundamentalTheoremofArithmetic) Everypositiveinteger n isaproduct ofprimenumbers,anditsfactorizationintoprimesisuniqueuptotheorderofthefactors.
Notethatthisincludes n =1 whichisan“empty”product,andprimesthemselveswith onlyonefactorintheproduct.Collectingtogetheranypowersofprimeswhichoccurina primefactorization,weobtain
Corollary1.4.5. Everypositiveinteger n maybeexpresseduniquelyintheform
where p1,...,pk areprimeswith p1 <p2 < ··· <pk andeach ei ≥ 1.Alternatively,every positiveinteger n maybeexpresseduniquelyintheform
wheretheproductisover all primes,each
,butonlya finite numberof ep > 0
Theexponent ep whichappearsinthisstandardfactorizationof n isdenotedordp(n);it ischaracterizedbythefollowingproperty: e = ordp(n) ⇐⇒ pe|n and pe+1 |n.
Forexample, 700=22 ·52 ·7,soord2(700)= ord5(700)=2,ord7(700)=1,andordp(700)= 0 forprimes p =2, 5, 7.Everypositiveinteger n isuniquelydeterminedbythesequenceof exponentsordp(n)
Thisstandardfactorizationofpositiveintegersintoprimesmaybeextendedtonegative integersbyallowingafactor ±1 infrontoftheproduct,andtononzerorationalnumbersby allowingtheexponentstobenegative.Wemayaccordinglyextendthefunctionordp to Q∗ , bysettingordp( n)= ordp(n) andordp(n/d)= ordp(n) ordp(d) fornonzerorationals n/d [Youshouldcheckthatthisiswell-defined,independentoftherepresentationofthefraction n/d.]Thenwehavethefollowingextensionofthemaintheoremonuniquefactorization:
Corollary1.4.6. Everynonzerorationalnumber x maybeuniquelyexpressedintheform x = ± p∈P p ordp (x)
Forexample, 72/91= 23327 113 1
ProofoftheFundamentalTheorem. Existence(usingstronginduction):Let n ≥ 1 andsupposetrueforall m<n;either n =1 (OK,emptyproduct)or n isprime(OKwithone factor),or n = ab with a,b<n,inwhichcasebyinductionboth a and b areproductsof primes,hencesois n
Uniqueness:Suppose n = p1p2 ...pr = q1q2 ...qs where r,s ≥ 0 andallthe pi and qj areprimes.Weuseinductionon r.If r =0 then s =0 (andviceversa)sincethen n =1 whichhasnoprimedivisors.Sosuppose r,s ≥ 1.Now p1|q1q2 ...qs,so p1|qj forsome j, so p1 = qj since p1 and qj arebothprime.Byreorderingthe qswemayassume j =1,so p1 = q1.Dividingbothsidesby p1 gives p2p3 ...pr = q2q3 ...qs.Thelefthandsidenowhas r 1 primefactors,sobyinduction r 1= s 1,so r = s,andtheremaining pi areequal totheremaining qj insomeorder.
Manyfactsaboutintegersmayeasilybeprovedusingtheiruniquefactorizationintoprimes.
Forexample:
Proposition1.4.7. Let m,n ∈ Z benonzero.Then m = ±n ⇐⇒ ordp(m)= ordp(n) ∀p ∈ P.
Thefunctionordp worksratherlikealogarithm.Thefollowingiseasytocheck:
Proposition1.4.8. Let m,n ∈ Z benonzero.Thenordp(mn)= ordp(m)+ ordp(n)
Proof. Exercise.
Thepreviousresultlookselementaryenough,butitissufficienttoimplytheuniqueness ofprimefactorization:forif n = pep is any factorizationof n intoprimes,applyingordq tobothsides(where q issomefixedprime)andusingthePropositiongives
q (n)= ep
q (p)= eq , sinceordq (q)=1 andordq (p)=0 when p = q.Itfollowsthattheexponents ep areuniquely determined.
Proposition1.4.9. Let n ∈ Z benonzero.Then n isaperfectsquareifandonlyif n> 0 andordp(n) isevenforallprimes p
Proof. If n = m2 thenclearly n> 0,andordp(n)=2ordp(m) whichiseven.
Conversely,ifallordp(n) areeven,set m =
n (not n since n> 0).
WeendthissectionwithafamousandancientresultofEuclid.
Theorem1.4.10. [Euclid]Thenumberofprimesisinfinite.
Proof. Let p1, p2, , pk beafinitesetofprimes.Set n = p1p2 ...pk +1.Then n ≥ 2,so n hasaprimefactor q,and q isnotequaltoanyofthe pi sincetheyclearlydonotdivide n Sothereexistsaprimeoutsidethefiniteset.Hencethesetofallprimescannotbefinite.
Notethatthisproofactuallyshowshowtoconstructa“new”primefromanygivenfinite setofknownprimes.Variationsofthisproofcanshowthatthereareinfinitelymanyprimes ofvariousspecialforms:seetheExercises.
1.5. UniqueFactorizationDomains. Theorem1.4.4(extendedtoincludenegativeintegers)maybeexpressedsuccinctlybythestatementthat Z isa UniqueFactorizationDomain orUFD.Roughlyspeaking,aUFDisaringinwhicheveryelementhasanessentiallyunique factorizationasaunittimesaproductof“prime”elements.EveryPIDisaUFD(butnot conversely: Z[X] isaUFDbutnotaPID),andanimportantsourceofPIDsisringswhich havea“divisionalgorithm”similartotheonefor Z.SuchringsarecalledEuclideanDomains, andwestartbydefiningthese.
Definition1.5.1. (a) Anonzeroring R isan IntegralDomain if,for a,b ∈ R, ab =0 ⇐⇒ (a =0 or b =0)
(b) Anonzeroring R isa EuclideanDomain orEDifitisanintegraldomainequipped withafunction λ : R −{0}→ N0 suchthat,for a,b ∈ R with a =0,thereexist q,r ∈ R suchthat
b = aq + r witheither r =0 or λ(r) <λ(a)
Examples:
• Z isanEDwith λ(n)= |n|:thisiswhatProposition1.1.3states(thoughnotethat thedefinitionofanEDdoesnotrequire q and r tobeunique).
• Anyfield F isanEDwith λ(x)=0 forall x =0;thisisadegenerateexamplesince wemayalwaystake r =0 indivision.
• If F isafieldthenthepolynomialring F [X] isanED,usingthedegreefunction λ(f (X))=deg(f (X)).Therequireddivisionpropertyiswell-known,beingjustthe usuallongdivisionforpolynomials.
Itisimportantthat F isafieldhere:forexample, Z[X] is not Euclidean(exercise).
• Thering Z[i] of GaussianIntegers isdefinedas
Z[i]= {a + bi | a,b ∈ Z}; itisasubringof C.Wewillstudythisinsomedetailasitgivesanotherexample ofaEuclideanDomainwhichisofinterestinnumbertheory,bothforitsownsake andalsoforprovingsomepropertiesoftheordinaryor“rational”integers Z.The Euclideanfunction λ on Z[i] isusuallycalledthe norm anddenoted N : N (α)= αα = a 2 + b2 for α = a + bi ∈ Z[i].
Theorem1.5.2. Thering Z[i] ofGaussianIntegersisaEuclideanDomain.
Lemma1.5.3. Thenormfunction N on Z[i] hasthefollowingproperties:
(1) Multiplicativity:forall α, β ∈ Z[i], N (αβ)= N (α)N (β); (2) Positivity: N (0)=0, N (α) ≥ 1 for α =0; (3) Units: N (α)=1 ⇐⇒ α ∈ U (Z[i])= {±1, ±i}
Recallthatforaring R,thegroupof units (invertibleelements)isdenoted U (R).Elements ofanintegraldomainarecalled associate ifoneisaunittimestheother,or(equivalently)if eachdividestheother.
Proof. 1. N (αβ)=(αβ)(αβ)=(αα)(ββ)= N (α)N (β)
2.For a,b ∈ Z, a2 + b2 ≥ 0 withequalityiff a = b =0
3.Let α = a + bi,so N (α)= a2 + b2.Then N (α)=1 ⇐⇒ a2 + b2 =1 ⇐⇒ (a,b) ∈ {(±1, 0), (0, ±1)}⇐⇒ α ∈{±1, ±i}.Theseelementsareunitssince αα =1=⇒ α 1 = α ∈ Z[i].Conversely,if α isaunitwith αβ =1 then 1= N (1)= N (αβ)= N (α)N (β),so N (α)= N (β)=1 sincebotharepositiveintegers.
ProofofTheorem. Firstofall, Z[i] isanintegraldomain,asitisasubringof C
Nowlet α = a + bi,β = c + di ∈ Z[i] with α =0.Then N (α)= a2 + b2 =0,and β α = c + di a + bi = (c + di)(a bi) N (α) = ac + bd N (α) + ad bc N (α) i.
Let e and f bethenearestintegerstotherationalnumbers ac+bd N (α) and ad bc N (α) respectively, andset γ = e + fi ∈ Z[i] and δ = β αγ.Then β/α γ = x + yi with |x|, |y|≤ 1/2, so x2 + y2 ≤ 1/4+1/4=1/2.Hence N (δ)= N (α)(x2 + y2) ≤ 1 2 N (α) <N (α) as required.
Example: Take α =3+4i and β =10+11i.Then 10+11i 3+4i = (10+11i)(3 4i) 25 = 74 7i 25 =3+ 1 7i 25 , sothequotientis 3 andremainder (10+11i) 3(3+4i)=1 i.Check: N (1 i)=2 is lessthan N (3+4i)=25
Justaswedidfor Z,wecannowprovethateveryEDisaPID:
Theorem1.5.4. Let R beaEuclideanDomain.Then R isaPrincipalIdealDomain.
Proof. Let I R.If I = {0} then I iscertainlyprincipal(I =(0))soassumethat I is nonzero.Let a ∈ I beanonzeroelementwithminimalvalueof λ(a).Then (a) ⊆ I Conversely,if b ∈ I,write b = aq + r with r =0 or λ(r) <λ(a).Thesecondpossibilityis notpossiblebyminimalityof λ(a),since r = b aq ∈ I,so r =0 and b = aq ∈ (a).Thus I =(a) isprincipal.
InaPIDwehave gcdsjustasin Z,andBezout’sidentity.Ingeneralwedonothave uniquenessof gcds,onlyuniquenessuptoassociates(multiplicationbyaunit).(In Z we avoidedthisnon-uniquenessbyinsistingthatall gcdswerenon-negative.)
Definition1.5.5. Inaring R,a gcd oftwoelements a and b isanelement d satisfying (i) d|a and d|b; (ii) if c|a and c|b then c|d
Lemma1.5.6. If gcd(a,b) existsthenitisuniqueuptoassociates.
Proof. If d1 and d2 bothsatisfytheconditionsofDefinition1.5.5,thenwehaveboth d1|d2 and d2|d1,so d1 and d2 areassociate.
Becauseofthisnon-uniquenesswecannottalkabout the gcd,only a gcd of a and b.In specificrings,onemayimposeanextraconditiontoensureuniqueness:in Z weinsisted that gcd(a,b) ≥ 0;inthepolynomialring F [X] (with F afield)oneusuallyinsiststhat gcd(a(X),b(X)) is monic (withleadingcoefficient 1).
Proposition1.5.7. InaPID,the gcd oftwoelements a and b exists,andmaybeexpressed intheform au + bv
Proof. Let a,b ∈ R whichisaPID.Let I =(a,b)= {ra + sb | r,s ∈ R} betheidealthey generate,andlet d ∈ R besuchthat I =(d).Then d = au + bv forsome u,v ∈ R by construction; a,b ∈ (d) so d|a and d|b;andif c|a and c|b then (d)=(a,b) ⊆ (c) so c|d
SoinaPID,whetherEuclideanornot,the gcd alwaysexists.However,itisonlyinaED thatcomputing gcdsiseasilypossibleviatheEuclideanAlgorithm.
Example: Take α =3+4i and β =10+11i.Thenfromthepreviousexamplewehave β 3α =1 i.Similarly, α 3i(1 i)= i,andlastly 1 i = i( 1 i) withzero remainder.Thelastnonzeroremainderwas i whichisthereforea gcd of α and β;onewould
normallyadjustthissince i isaunitandsaythat gcd(α,β)=1.Back-substitutiongives i = α 3i(β 3α)=(1+9i)α 3iβ,sofinally 1=(9 i)α 3β
ThenextstepistoshowthateveryPIDisalsoauniquefactorizationdomain.Inthecase of Z,weusedtheEuclideanpropertyagain,andnotjustthePIDproperty,forthisstep,but sincethereareringswhicharePIDsbutnotEuclideanwegiveaproofwhichworksforall PIDs.
Definition1.5.8. Inanintegraldomain R,anelement p iscalled irreducible ifitisneither 0 noraunitand p = ab impliesthateither a or b isaunit; p iscalled prime ifitisneither 0 noraunitand p|ab impliesthateither p|a or p|b
Lemma1.5.9. Everyprimeisirreducible.InaPID,everyirreducibleisprime.
Proof. Let p beprimeandsupposethat p = ab.Then p|ab so p|a (say).Write a = pc,then p = ab = pcb,so p(1 cb)=0,andsince p =0 and R isanintegraldomain, 1 cb =0 so bc =1 and b isaunit.
InaPID,let p beirreducibleandsupposethat p|ab.If p |a thentheonlycommondivisors of p and a areunits,so gcd(p,a)=1.Hencewecanwrite 1= pu + av,so b = p(ub)+(ab)v whichisamultipleof p
Thelastpropertywillbecrucialinprovingtheuniquenessoffactorizationsintoirreducibles, butfortheexistenceweneedtodosomemorepreparation.Thefollowinglemmaiscalled the“ascendingchaincondition”orACCforidealsinaPID.
Lemma1.5.10. Let R beaPID.Let (ai)i∈N beasequenceofelementsof R with (a1) ⊆ (a2) ⊆ (a3) ⊆ ... .(Soeach ai isamultipleofthenext).Thenthereexists k suchthat (ak)=(ak+1)=(ak+2)= ,sothechainofidealsstabilizes.Henceanystrictlyascending chainofideals (a1) ⊂ (a2) ⊂ (a3) ⊂ ... mustbefinite.
Proof. Let I = ∪i∈N(ai).Aneasycheckshowsthat I isanideal,hence I =(a) forsome a ∈ R.But a ∈ I = ∪i∈N(ai) impliesthat a ∈ (ak) forsome k,so I =(a) ⊆ (ak) ⊆ I.It followsthat I =(a)=(ak)=(ak+1)=
Thislemmaisusedtoreplaceinductionintheproofoftheexistenceoffactorizationsinto irreducibles,whichwasusedfor Z
Proposition1.5.11. Let R beaPID.Everyelementof R whichisneither 0 noraunitisa productofirreducibles.
Proof. Firstweshowthateverynonzeronon-unitof R hasanirreduciblefactor.Let a ∈ R beneither 0 noraunit.If a isirreduciblethereisnothingmoretodo.Otherwisethereisa factorization a = a1b1 withneitherfactoraunit.If a1 isnotirreduciblethen a1 = a2b2 with neitherfactoraunit.Continuinginthiswaywehave (a) ⊂ (a1) ⊂ (a2) ⊂ withstrict inclusionssince b1 = a1/a, b2 = a1/a2, ... arenon-units.BytheACClemmathesequence mustbefinite,soeventuallysome ak isirreducible.
Nowweshowthat a isaproductofirreducibles.If a itselfisirreducible,thereisnothing todo;otherwise,bythefirststep, a = p1c1 with p1 irreducibleand c1 notaunit.If c1 is irreducible,stop,else c1 = p2c2 with p2 irreducibleand c2 notaunit.Continuinginthisway, theprocessmuststopsince (a) ⊂ (c1) ⊂ (c2) ⊂
Finally,weusethefactthatinaPIDirreduciblesareprimetoprovethatthefactorizations ofanygivennonzeronon-unitareessentiallythesame,uptoreorderingthefactorsand replacingirreduciblesbyassociates.
Definition1.5.12. AnIntegralDomain R isa UniqueFactorizationDomain orUFDif (i) everynonzeroelementmaybeexpressedasaunittimesaproductofirreducibles;
(ii) thefactorizationin(i)isuniqueuptotheorderofthefactorsandreplacingthe irreduciblesbyassociates;thatis,if a ∈ R isnonzeroand a = up1p2 ...pr = vq1q2 ...qs with u,v unitsandall pi, qj irreducibles,then r = s,andafterpermutingthe qj if necessary,thereareunits vj for 1 ≤ j ≤ r suchthat qj = vj pj and u = vv1v2 ...vr
Theorem1.5.13. Let R beaPID.Then R isaUFD.
Proof. Theexistenceoffactorizationsintoirreducibleshasalreadybeenshownfornon-units; unitsareincludedbyallowinganemptyproductofirreduciblesandanextraunitfactor.
Uniqueness:Supposethat a = up1p2 ...pr = vq1q2 ...qs with u,v unitsandall pi, qj irreducibles.If r =0 then a isaunit,hencealso s =0 (sinceaunitcannotbedivisible byanyirreducible),andconversely.Sosupposethat r,s ≥ 1,anduseinductionon r.Now p1|vq1q2 ...qs,soprimalityof p1 impliesthat p1|qj forsome j (wecannothave p1|v since v isaunit).Permutingifnecessary,wemayassumethat j =1 so p1|q1.Hence q1 = v1p1 for some v1 whichmustbeaunitsince q1 isirreducible.Dividinggives up2 ...pr =(vv1)q2 ...qs, withonly r 1 irreduciblesontheleft,sobyinductionwehave r 1= s 1,so r = s,and units vj for j ≥ 2 suchthat qj = vj pj and u =(vv1)v2 ...vr asrequired.
Example(continued): Sincethering Z[i] ofGaussianIntegersisEuclidean,itisaPID andaUFD.Wehavealreadydeterminedthatitsunitsarethefourelements ±1 and ±i,but whatareitsprimes/irreducibles?
(1) If π ∈ Z[i] isprimethen π dividessomeordinary“rational”prime p,sinceif n = N (π)= ππ then π|n sobyprimalityof π, π dividesatleastoneprimefactor p of n
(2) If N (π)= p isprime,then π isirreducible:forif π = αβ then p = N (π)= N (α)N (β),sooneof α, β hasnorm 1 andisaunit.Forexample, 1+ i, 2+ i, 3+2i, 4+ i areprimesincetheirnormsare 2, 5, 13, 17.
(3) Ifarationalprime p isasumoftwosquares, p = a2 + b2,thensetting π = a + bi gives p = N (π)= N (π),so π and π arebothGaussianprimes.Wewillprovelater, inTheorem2.4.2,thateveryrationalprime p oftheform 4k +1 canbeexpressedin thisway;thefactors π and π arenotassociate(exercise).
(4) However,rationalprimes q oftheform 4k +3 can not beexpressedassumsof twosquares,sincesquaresallleaveremainderof 0 or 1 whendividedby 4,soall numbersoftheform a2 + b2 leavearemainderof 0, 1 or 2 ondivisionby 4.Such primes q remainprimein Z[i].Forif q = αβ withneither α nor β aunit,then q2 = N (α)N (β) withboth N (α), N (β) > 1,so(byuniquefactorizationin Z)we musthave N (α)= N (β)= q,so q wouldbeasumoftwosquares. Wesumupthisexampleasfollows;wehaveprovedeverythingstatedhereexceptforthe factthatallprimesoftheform 4k +1 aresumsoftwosquares(Theorem2.4.2),andthe remarkaboutassociates(exercise).
Theorem1.5.14. Thering Z[i] ofGaussianIntegersisaEuclideanDomainandhencealso aPrincipalIdealDomainandaUniqueFactorizationDomain.Itsunitsarethefourelements ±1, ±i.Itsprimesareasfollows(togetherwiththeirassociates):
(1) 1+ i,ofnorm 2;
(2) eachrationalprime p oftheform 4k +1 isasumoftwosquares, p = a2 + b2,and p factorizesin Z[i] as p = ππ where π = a + bi and π = a bi arenon-associate Gaussianprimesofnorm p;
(3) eachrationalprime q oftheform 4k +3 isalsoaGaussianprime.
Forexample,herearesomeGaussianfactorizations: 123+456i =3 · (1+2i) · (69+14i) (thelastfactorhasprimenorm 4957), 2000=(1+ i)8(1+2i)3(1 2i)3
sage:Qi.< i > =QQ.extension(xˆ2+1)
sage:2018.factor()
2 ∗ 1009
sage:Qi(2018).factor()
(i) ∗ (15 ∗ i 28) ∗ (i+1)ˆ2 ∗ (15 ∗ i+28)
sage:(123+456∗ i).norm().factor()
3ˆ2 ∗ 5 ∗ 4957
sage:(123+456∗ i).factor() ( 1) ∗ ( 14∗ i 69) ∗ (2 ∗ i+1) ∗ 3
Thereareother“numberrings”similarto Z[i],butnotmanywhichareknowntohave uniquefactorization.Acompletestudyrequiresmorealgebra,andisdoneinAlgebraic NumberTheory.Herearesomefurtherexamples.
Example: Thering R = Z[√ 2] isalsoEuclideanandhenceaUFD.Theproofisalmost identicaltotheonegivenabovefor Z[i],usingthenorm N (α)= αα,sothat N (a+b√ 2)= a2 +2b2.Thekeyfactwhichmakes R Euclideanviathenormisthateverypointinthe complexplaneisatdistancelessthan 1 fromthenearestelementof R,aswasthecasewith Z[i].Factorizationofprimes p nowdependson p (mod8)
Example: Thering R = Z[√ 3] is not Euclidean,andneitheraPIDnoraUFD.For example, 4=2 · 2=(1+ √ 3) · (1 √ 3) withallfactorsontherightirreduciblein R. Also:theideal (2, 1+√ 3) isnotprincipal;andtheelement 2 isirreduciblebutnotprime(as thepreviousequationshows,sinceneither 1 ± √ 3 aredivisibleby 2 in R).However,ifwe enlargetheringbyincludingnumbersoftheform (a + b√ 3)/2 where a and b arebothodd, weobtainthelargerring S = Z[ω],where ω =( 1+ √ 3)/2,satisfying ω2 + ω +1=0, whichisEuclideanandhenceaUFD.Thenormisagain N (α)= αα;with α = a + bω one computesthat N (α)= a2 ab + b2,and 4N (α)=(2a b)2 +3b2.Thisringturnsoutto beusefulinthesolutionoftheFermatequation x3 + y3 = z3
Example: Asinthepreviousexample,thering Z[√ 19] isnotEuclidean.Enlargingitto R = Z[ω],wherenow ω =( 1+ √ 19)/2,satisfying w2 + w +5=0,wefindaringwhich isstillnotEuclidean,butisaPIDandhenceaUFD.ThisexampleshowsthatnoteveryPID isEuclidean.Weomitthedetails.
2. Congruencesandmodulararithmetic
ThenotationforcongruenceisaninventionofGauss.Itsimplifiesmanycalculationsand argumentsinnumbertheory.
2.1. DefinitionandBasicProperties.
Definition2.1.1. Let m beapositiveinteger.For a,b ∈ Z wesaythat a iscongruentto b modulo m andwrite a ≡ b (mod m) iff a b isamultipleof m: a ≡ b (mod m) ⇐⇒ m|(a b).
Here m iscalledthe modulus.If m |(a b) thenwewrite a ≡ b (mod m)
Forexample, 3 ≡ 18(mod7) and 19 ≡ 1(mod4).Allevenintegersarecongruent to 0(mod2),whileoddintegersarecongruentto 1(mod2)
Congruencemaybeexpressedinalgebraicterms:tosay a ≡ b (mod m) isequivalentto sayingthatthecosets a + mZ and b + mZ of mZ in Z areequal. Thebasicpropertiesofcongruencearesummarizedinthefollowinglemmas.
Lemma2.1.2. Foreachfixedmodulus m,congruencemodulo m isanequivalencerelation:
(i) Reflexive: a ≡ a (mod m) forall a ∈ Z;
(ii) Symmetric: a ≡ b (mod m)=⇒ b ≡ a (mod m);
(iii) Transitive:If a ≡ b (mod m) and b ≡ c (mod m) then a ≡ c (mod m)
Proof. Allpartsareeasyexercises.Theyfollowfromthefactthatthesubgroup mZ of Z satisfies:(i) 0 ∈ mZ;(ii) x ∈ mZ =⇒−x ∈ mZ;(iii) x,y ∈ mZ =⇒ x + y ∈ mZ
Lemma2.1.3. If a ≡ b (mod m) and c ≡ d (mod m) then a + c ≡ b + d (mod m) and ac ≡ bd (mod m)
Proof. Anotherexercise.Thesecondpartfollowsfrom ac bd = a(c d)+ d(a b)
Theprecedingresulthasthefollowinginterpretation.Aswellas mZ beingasubgroupof theadditivegroup Z,itisalsoanidealofthering Z,andhencethereisawell-definedquotient ring Z/mZ.Thelemmasaysthatadditionandmultiplicationin Z/mZ arewell-defined.We willreturntothisviewpointinthenextsection.
Lemma2.1.4. (i) If a ≡ b (mod m) then ac ≡ bc (mod mc) forall c> 0; (ii) If a ≡ b (mod m) and n|m then a ≡ b (mod n)
Proof. ImmediatefromDefinition2.1.1.
Lemma2.1.5. If ax ≡ ay (mod m),then x ≡ y (mod m/ gcd(a,m))
Twoimportantspecialcases:
If ax ≡ ay (mod m) and gcd(a,m)=1,then x ≡ y (mod m)
If ax ≡ ay (mod m) and a|m,then x ≡ y (mod m/a).
Proof. Let g =gcd(a,m) andwrite m = gm1 and a = ga1 with gcd(a1,m1)=1.Then ax ≡ ay (mod m)=⇒ m|a(x y)=⇒ m1|a1(x y)=⇒ m1|(x y),thelaststep usingEuler’sLemma.Thespecialcasesarethecases g =1 and g = a respectively.
Proposition2.1.6. Let a,b ∈ Z.Thecongruence ax ≡ b (mod m) hasasolution x ∈ Z if andonlyif gcd(a,m)|b.Ifasolutionexistsitisuniquemodulo m/ gcd(a,m)
Inparticular,when gcd(a,m)=1 thecongruence ax ≡ b (mod m) hasasolutionfor every b,whichisuniquemodulo m
Proof. Solving ax ≡ b (mod m) for x ∈ Z isequivalenttosolving ax + my = b for x,y ∈ Z Sincethesetofallintegersoftheform ax+my istheideal (a,m)=(d) where d =gcd(a,m), thereisasolutioniff b ∈ (d),asstated.If x, x aretwosolutionsthen ax ≡ ax (mod m), whichimpliesthat x ≡ x (mod m/d) byLemma2.1.5.
Howtosolvethecongruence ax ≡ b (mod m):UsetheEEAtofind d,u,v with d = gcd(a,m)= au + mv.Checkthat d|b (otherwisetherearenosolutions).If b = dc then b = auc+mvc so x = uc isonesolution.Thegeneralsolutionis x = uc+tm/d =(ub+tm)/d forarbitrary t ∈ Z
Lemma2.1.7. Eachinteger a iscongruentmodulo m toexactlyoneintegerintheset {0, 1, 2,...,m 1}.Moregenerally,let k beafixedinteger.Theneveryintegeriscongruent modulo m toexactlyoneintegerintheset {k,k +1,k +2,...,k + m 1}
Proof. Thefirststatementisarestatementofthedivisionalgorithm:write a = mq + r with 0 ≤ r ≤ m 1;then a ≡ r (mod m),andthis r isunique.
Thegeneralstatementfollowssincenotwoofthe m integersinthesetarecongruent toeachothermodulo m,sincetheirdifferenceislessthan m;hencetheyhavedistinct remaindersondivisionby m,andsoarecongruentto 0, 1, 2,...,m 1 insomeorder.
Definition2.1.8. Taking k =0,weobtainthesystemof leastnon-negativeresiduesmodulo m: {0, 1, 2,...,m 1}.Taking k = [(m 1)/2] givesthesystemof leastresidues modulo m;when m isoddthisis {0, ±1, ±2,..., ±(m 1)/2},whilewhen m isevenweinclude m/2 butnot m/2.Anysetof m integersrepresentingall m residueclassesmodulo m iscalleda residuesystemmodulo m
Forexample,when m =7 theleastnon-negativeresiduesare {0, 1, 2, 3, 4, 5, 6} andthe leastresiduesare {−3, 2, 1, 0, 1, 2, 3};for m =8 wehaveleastnonnegativeresidues {0, 1, 2, 3, 4, 5, 6, 7} andleastresidues {−3, 2, 1, 0, 1, 2, 3, 4}
2.2. Thestructureof Z/mZ.
Definition2.2.1. The ringofintegersmodulo m isthequotientring Z/mZ.Wewilldenote thegroupofunitsof Z/mZ by Um,anditsorderby ϕ(m).Thefunction ϕ : N → N iscalled Euler’stotientfunction or Euler’sphifunction
Sometimes Z/mZ isdenoted Zm;howeverthereisaconflictofnotationhere,sincefor prime p thenotation Zp isusedtodenoteadifferentringimportantinnumbertheory,the ringof p-adicintegers. Wewillthereforenotusethisabbreviation!
Informallywemayidentify Z/mZ withtheset {0, 1, 2,...,m 1},thoughtheelements of Z/mZ arenotintegersbut“integersmodulo m”:elementsofthequotientring Z/mZ
Tobestrictlycorrect,oneshouldusethenotation a, b, ... forintegersand a, b, ... for theirresiduesin Z/mZ.Thenonehas a = b (in Z/mZ)iff a ≡ b (mod m) (in Z),and Z/mZ = {0, 1, 2,...,m 1}.Forsimplicitywewillnotdothisbutusethesamenotation foranintegeranditsresiduein Z/mZ
So Z/mZ isafiniteringwith m elements,anditsunitgroup Um isafinitegroupunder theoperationof“multiplicationmodulo m”.
Proposition2.2.2. Let a ∈ Z/mZ.Then a ∈ Um (thatis, a isinvertiblemodulo m)ifand onlyif gcd(a,m)=1
Remark: Notethatif a ≡ a (mod m) then gcd(a,m)=gcd(a,m),since a = a + km for some k.Hencethequantity gcd(a,m) onlydependsontheresidueof a modulo m
Proof. a isinvertiblein Z/mZ iffthecongruence ax ≡ 1(mod m) hasasolution,whichis iff gcd(a,m)=1
WemayusetheExtendedEuclideanAlgorithmtodetectwhetherornot a isinvertible modulo m,andalsotofinditsinverse a ifso,sinceif (x,y) isasolutionto ax + my =1 then ax ≡ 1(mod m) sowemaytake a = x.Forexample, gcd(4, 13)=1 with 4·10 13·3=1, sotheinverseof 4 modulo 13 is 10.Hereisacompletetableofinversesmodulo 13: a 0123456789101112 a -179108112534612
Itfollowsthat ϕ(m),theorderof Um,isequaltothenumberofresiduesmodulo m of integerswhicharecoprimeto m.Thisisoftengivenasthedefinitionof ϕ(m) Corollary2.2.3.
ϕ(m)= |{a | 0 ≤ a ≤ m 1 and gcd(a,m)=1}|
Definition2.2.4. A reducedresiduesystemmodulo m isasetof ϕ(m) integerscovering theresidueclassesin Um
Anysetof ϕ(m) integerswhichareallcoprimeto m,andnotwoofwhicharecongruent modulo m,formareducedresiduesystem.The“standard”oneis {a | 0 ≤ a ≤ m 1 and gcd(a,m)=1}.
Forexample, U6 = {1, 5}, U7 = {1, 2, 3, 4, 5, 6} and U8 = {1, 3, 5, 7},sothat ϕ(6)=2, ϕ(7)=6 and ϕ(8)=4.Herearethefirstfewvaluesof ϕ(m):
Proposition2.2.5. (1) ϕ(m) isevenfor m ≥ 3; (2) ϕ(m)= m 1 ifandonlyif m isprime; (3) Let p beaprime;then ϕ(pe)= pe 1(p 1) for e ≥ 1.
Proof. (1) Um isagroupoforder ϕ(m) andtheelement 1 hasorder 2,unless m =1 or m =2 when 1 ≡ 1,so ϕ(m) mustbeevenbyLagrange’sTheoremforfinite groups.
(2) If m isprimethen gcd(a,m)=1 forall a with 1 ≤ a ≤ m 1,andconversely.
(3) Let m = pe where p isprime.Theonlyintegers a not coprimeto m arethe multiplesof p,whichintherange 0 ≤ a<pe are a = pb with 0 ≤ b<pe 1,so ϕ(pe)= pe pe 1
Wewillusethistoobtainageneralformulafor ϕ(m) aftertheChineseRemainderTheorem below,whichwillreducethedeterminationof ϕ(m) forgeneral m tothecaseofprimepowers. Arithmeticmodulo m ismuchsimplerwhen m isprime,asthefollowingresultindicates.
Theorem2.2.6. If p isaprimethen Z/pZ isafield.If m iscompositethen Z/mZ isnot afield,andnotevenanintegraldomain.
Proof. Let p beprime.Then Z/pZ isacommutativeringinwhicheverynonzeroelement isinvertible,i.e.afield.If m iscompositethen m = ab with 1 <a,b<m.Then ab ≡ 0 (mod m) while a,b ≡ 0(mod m),so Z/mZ isnotanintegraldomain.
Notation: Toemphasizeitsfieldstructure, Z/pZ isalsodenoted Fp,andthemultiplicative group Up isthendenoted F∗ p.Ithasorder p 1,andiscyclic(seeTheorem2.6.1below).
2.3. Euler’s,Fermat’sandWilson’sTheorems. Since Um isafinitemultiplicativegroup oforder ϕ(m) weimmediatelyhavethefollowingasaconsequenceofLagrange’sTheorem forfinitegroups.
Theorem2.3.1. (a) Euler’sTheorem: Let m beapositiveintegerand a aninteger coprimeto m.Then aϕ(m) ≡ 1(mod m)
(b) Fermat’sLittleTheorem: Let p beaprimeand a anintegernotdivisibleby p Then ap 1 ≡ 1(mod p); moreover,foreveryinteger a wehave ap ≡ a (mod p)
Proof. ThefirstfollowsdirectlyfromLagrange’sTheoremforfinitegroups,since a ∈ Um whichhasorder ϕ(m).Thesecondisaspecialcasesince ϕ(p)= p 1.Thelastfollows fromthis,sinceitisclearlytruewhen p|a asthenbothsidesare 0
Fermat’sLittleTheoremcanbeusedasaprimalitytest.Let n beanoddintegerwhich onesuspectstobeaprime;if 2n 1 ≡ 1(mod n) then n iscertainlynotprime.Notethat thishasbeenprovedwithoutexhibitingafactorizationof n.Ontheotherhand,if 2n 1 ≡ 1 (mod n) itdoesnotprovethat n isprime!Forexamplethisholdswith n =1729=7 · 13 · 19 Suchanumberiscalledapseudoprimetobase 2.Byusingacombinationofso-calledbases (ashereweusedthebase 2)onecandevelopmuchstronger“probabilisticprimalitytests”.
Corollary2.3.2. In Fp[X] thepolynomial X p X factorizesasaproductof p linearfactors: X p X = a
Fp (X a) in Fp[X].
Proof. ByFermat’sLittleTheorem,all p elements a ∈ Fp arerootsof X p X,fromwhich theresultfollowsbypolynomialalgebra.
Corollary2.3.3. [Wilson’sTheorem]Let p beaprime.Then (p 1)! ≡−1(mod p).
Proof. Comparetheconstanttermonbothsidesofthefactorization(in Fp[X]): X p 1 1= a
F
p (X a).Thisgives 1 ≡ ( 1)p 1(p 1)!(mod p), so (p 1)! ≡ ( 1)p ≡−1(mod p)
Remark: TheconversetoWilson’sTheoremalsoholds;infact,forcompositeintegers m greaterthan 4 wehave (m 1)! ≡ 0(mod m) (exercise).Butthisisnotusefulasaprimality test,sincethereisnowaytocomputetheresidueof (m 1)!(mod m) quickly.
Example:Take p =13.Then (p 1)!=12!=479001600=13 · 36846277 1.Abetter wayofseeingthisistowrite
12! ≡ 1 · 12 · (2
12 ≡−1(mod13).
Asimilartrick,pairingeachresidueapartfrom ±1 withitsinverse,maybeusedtoprove Wilson’sTheoremdirectly.Thisworksbecause ±1 aretheonlyresiduesmoduloaprime whicharetheirowninverse:
Proposition2.3.4. Let p beaprime.Thentheonlysolutionsto x2 ≡ 1(mod p) are x ≡±1
Proof. Clearly ±1 aresolutions.Since Fp isafield,thequadraticequation X 2 =1 hasat mosttwosolutionsin Fp,sotherearenomoresolutions. Alternatively,if x isasolutionthen p|x2 1=(x 1)(x +1),soeither p|(x 1) or p|(x +1),so x ≡±1(mod p)
Example: Let m = F5 =232 +1=4294967297.Checkthat x =1366885067 satisfies x2 ≡ 1(mod m).Thisprovesthat m isnotprime.Infact, m = ab where a =671= gcd(m,x 1) and b =6700417=gcd(m,x +1).Manymodernfactorizationmethodsare basedonthisidea.Ofcourse,oneneedsefficientwaystofindsolutionsotherthan ±1 to thecongruence x2 ≡ 1(mod m) where m isthe(odd)compositenumberbeingfactorized. Thereareseveralofthese,whichcollectivelygobythenameof“quadraticsieve”methods. 2.4. SomeApplications.
Proposition2.4.1. Let p beanoddprime.Thenthecongruence x2 ≡−1(mod p) hasa solutionifandonlyif p ≡ 1(mod4)
Proof. If x = a satisfies a2 ≡−1(mod p) then a4 ≡ 1(mod p),andso a hasorder exactly 4 inthemultiplicativegroup F∗ p oforder p 1,sobyLagrange’sTheorem 4|(p 1) If 4|(p 1) thenthepolynomial X p 1 1 isdivisibleby X 4 1 andhenceby X 2 +1.But X p 1 1 factorizesin Fp[X] asaproductofthe p 1 linearfactors X a for a ∈ F∗ p.Hence X 2 +1 isaproductoftwolinearfactors,so X 2 +1=(X a)(X + a) where a2 +1=0 (in Fp)sothecongruence x2 ≡−1(mod p) hassolutions ±a
TherearemanyotherwaysofprovingtheprecedingProposition.Oneistousethefact that F∗ p iscyclic(Theorem2.6.1),hencehaselementsoforder d forall d|(p 1),andan element a oforder 4 satisfies a4 =1, a2 =1,so a2 = 1.Alternatively,fromWilson’s Theoremonecanshowthatforallodd p, (((p 1)/2)!)2 ≡−( 1)(p 1)/2 (mod p), sowhen p ≡ 1(mod4) thenumber a =((p 1)/2)! satisfies a2 ≡−1(mod p)
Asacorollarywecanprovetheresultusedearlier,thataprimeoftheform 4k +1 may bewrittenasasumoftwosquares.
Theorem2.4.2. Let p beaprimesuchthat p ≡ 1(mod4).Thenthereexistintegers a and b suchthat p = a2 + b2
Proof. Wegivetwoproofshere.Thefirstusesthefactthatthering Z[i] ofGaussianIntegers isaUFD,whilethesecondismoreelementary.AthirdproofwillbegiveninChapter4(see Theorem4.2.2).Allstartfromtheexistenceofaninteger c suchthat c2 ≡−1(mod p)
Firstproof.In Z[i] wehave p|(c2 +1)=(c i)(c + i),but p doesnotdivideeitherfactor c ± i.Hence p isnotaprimein Z[i],so p = αβ with α, β ∈ Z[i] nonunits.Takingnorms gives p2 = N (α)N (β),so N (α)= N (β)= p.Writing α = a + bi with a,b ∈ Z wehave p = a2 + b2 asrequired.
Secondproof.Let k =[√p],so k2 <p< (k +1)2.Theset S = {(x,y) | 0 ≤ x ≤ k, 0 ≤ y ≤ k} contains (k +1)2 >p pairsofintegers,sotheremustexisttwodistinctpairswiththesame residueof x + cy (mod p),say x1 + y1c ≡ x2 + y2c with (x1,y1) =(x2,y2).Set a = |x1 x2| and b = |y1 y2|.Thenontheonehand, 0 <a2 + b2 ≤ 2k2 < 2p,andontheotherhand from x1 + y1c ≡ x2 + y2c (mod p) wehave a2 =(x1 x2)2 ≡ c2(y1 y
2 ≡−
2 (mod p),so a2 + b2 isamultipleof p.Hence a2 + b2 = p
Remarks Thefirstproofcanbemadeconstructive:given c satisfying c2 ≡−1(mod p),it isnothardtoshowthattheelement a + bi =gcd(c + i,p) in Z[i] satisfies a2 + b2 = p,soa singleapplicationoftheEuclideanalgorithmin Z[i] givesasolution. Thefirstproofalsoshowsthatthesolutionisessentiallyunique,uptopermuting a and b andchangingtheirsigns.Thisfollowsfromthefactthatthefactorizationof p in Z[i] as p = ππ with π = a + bi isuniqueuptopermutingthefactorsandmultiplyingthembyunits. Wefinishthissectionwithsomemoreapplicationstothedistributionofprimes.
Proposition2.4.3. (a) Thereareinfinitelymanyprimes p ≡ 1(mod4)
(b) Thereareinfinitelymanyprimes p ≡ 3(mod4).
Proof. Forpart(b)werefertotheexercises.
Weknowthatoddprimedivisors p ofnumbersoftheform n2 +1 satisfy p ≡ 1(mod4), sincethecongruence x2 ≡−1(mod p) hasthesolution x = n.(Ordirectly, n hasorder 4 inthegroup Up,sobyLagrange 4|(p 1).)Nowif p1, p2, ... , pk areprimes,everyprime divisorof (2p1p2 ...pk)2 +1 iscongruentto 1(mod4),andisdistinctfromallthe pi,so thenumberofprimes ≡ 1(mod4) cannotbefinite.
Similarly,oddprimedivisorsof n4 +1 are ≡ 1(mod8) andtherearethereforeinfinitely manyofthose;oddprimedivisorsof n8 +1 are ≡ 1(mod16) sothereareinfinitelymany ofthose;andsoon.Nextwehave Proposition2.4.4. Let q beanoddprime.
(a) Let p beaprimedivisorof f (n)= nq 1 + nq 2 + + n +1.Theneither p = q or p ≡ 1(mod q)
(b) Thereareinfinitelymanyprimes p ≡ 1(mod q)
Proof. (a)Since (n 1)f (n)= nq 1 wehave p|nq 1,so nq ≡ 1(mod p).Sotheorder of n in Up divides q,soiseither 1 or q
Iftheorderis 1 then n ≡ 1(mod p) so 0 ≡ f (n) ≡ 1+1+ +1 ≡ q (mod p) so p = q.
Iftheorderis q thenbyLagrange, q|(p 1) so p ≡ 1(mod q)
(b)Allprimedivisors p of f (qp1p2 ...pk) satisfy p ≡ 1(mod q) andaredistinctfromall the pi,sothenumberofprimes ≡ 1(mod q) cannotbefinite.
Using cyclotomicpolynomials (forexample, f (n) above)onecanshowthatthereare infinitelymanyprimes p ≡ 1(mod m) forany m.Moregenerally Dirichlet’sTheoremon primesinarithmeticprogressions statesthatthereareinfinitelymanyprimes p ≡ a (mod m) whenever a and m arecoprime:thegeneralproofusescomplexanalysis! 2.5. TheChineseRemainderTheoremorCRT.
Proposition2.5.1. [ChineseRemainderTheoremforsimultaneouscongruences]Let m,n ∈ N becoprime.Thenforeverypairofintegers a,b thesimultaneouscongruences
x ≡ a (mod m) (2.5.1)
x ≡ b (mod n)
haveasolutionwhichisuniquemodulo mn
Moregenerally,if d =gcd(m,n) thenthecongruences(2.5.1)haveasolutionifandonly if a ≡ b (mod d),andthesolution(whenitexists)isuniquemodulolcm(m,n)= mn/d
Proof. Write x = a+my tosatisfythefirstcongruence;thesecondthenbecomes a+my ≡ b (mod n) or my ≡ b a (mod n),whichbyProposition2.1.6hasasolutionifandonlyif d|(b a) where d =gcd(m,n).Uniqueness: y isuniquemodulo n/d,so x = a + my is uniquemodulo mn/d
Tofindthesolutioninthecoprimecase,write 1= mu + nv.Thenwehavethesolution x = mub + nva since nv ≡ 1(mod m), ≡ 0(mod n) while mu ≡ 0(mod m), ≡ 1 (mod n).
Example: Let m =13, n =17.Then 1=gcd(13, 17)=52 51 sothesolutionforgeneral a,b is x ≡ 52b 51a (mod221)
TheCRTsaysthatthereisabijectionbetweenpairs (a mod m,b mod n) andsingle residueclasses (c mod mn) when m,n arecoprime.Thisbijectionisinfactaringisomorphism:
Theorem2.5.2. [ChineseRemainderTheorem,algebraicform]Let m,n ∈ N becoprime. Thenwehavetheisomorphismofrings
Z/mnZ ∼ = Z/mZ × Z/nZ
Restrictingtounitsonbothsides,wehavetheisomorphismofgroups
Umn ∼ = Um × Un.
Proof. Map Z → Z/mZ × Z/nZ by c → (c mod m,c mod n).Thisisaringhomomorphism,whichissurjectivebythepreviousProposition,andhaskernel mZ ∩ nZ = mnZ (the lastequalitybecause gcd(m,n)=1).ThefirstresultfollowsbytheIsomorphismTheorem forringhomomorphisms.
Inthecorrespondence (a,b) ↔ c wehave a ≡ c (mod m) and b ≡ c (mod n),so gcd(c,mn)=1 ⇐⇒ gcd(c,m)=gcd(c,n)=1 ⇐⇒ gcd(a,m)=gcd(b,n)=1,which givesthelastbijection.Moreover,fromtheringisomorphismwegetanisomorphismofthe groupsofunits,so Umn = U (Z/mnZ) ∼ = U (Z/mZ × Z/nZ) ∼ = U (Z/mZ) × U (Z/nZ)= Um × Un.
BothformsoftheCRTextendtoseveralmoduli m1, m2, ... , mk providedthattheyare pairwise coprime.Thesecondpartofthepropositionhasthefollowingimportantcorollary: ϕ isa multiplicativefunction
Proposition2.5.3. Let m,n ∈ N becoprime.Then ϕ(mn)= ϕ(m)ϕ(n).
Proof. ϕ(mn)= |Umn| = |Um × Un| = |Um|·|Un| = ϕ(m)ϕ(n)
Corollary2.5.4. Let m ∈ N haveprimefactorization
wherethe pi aredistinctprimesand ei ≥ 1.Then
Proof. Bymultiplicativitywehave ϕ(m)= k i=1 ϕ(p ei i ),and ϕ(p
1) by Proposition2.2.5.Thelastpartisjustarearrangementoftheproduct;ithasthemeritthat theexponentsoftheprimedivisorsof m donotappearexplicitly.
Examples: (1). ϕ(168)= ϕ(8)ϕ(3)ϕ(7) (splitting 168 intoprimepowers) =(8 4)(3 1)(7 1)=4 · 2 · 6=48.Alternatively, ϕ(168)=168 · 1
·
= 168 · 1 2 · 2 3 · 6 7 =48. (2). ϕ(100)= ϕ(4)ϕ(25)=2 20=40
Onemorepropertyof ϕ(m) willbeusefullater.
Proposition2.5.5. Let m ∈ N.Then d|m ϕ(d)= m
Thesumhereisoverallpositivedivisorsof m.Forexample,when m =12 wehave 12=
Proof. Considerthe m fractions k/m for 0 ≤ k ≤ m 1.Reducedtolowesttermsthey become a/d where d|m, 0 ≤ a ≤ d 1,and gcd(a,d)=1.Sothereare ϕ(d) fractionswith denominator d foreachdivisor d of m,givingthetotalasstated.
ApplicationsofCRT: TheCRTsaysthatcongruencestotwocoprimemoduliare,ina sense,independent.Solvingageneralcongruencetoageneralmodulusreducestosolvingit moduloprimepowers,andthenusingCRTto“glue”theseparatesolutionstogether.
Forexample:solve x2 ≡ 1(mod91).Since 91=7 13 wefirstsolveseparatelymodulo 7 andmodulo 13,giving x ≡±1(mod7) and x ≡±1(mod13) byanearlierproposition since 7 and 13 areprime.Thisgivesfourpossibilitiesmodulo 91: (+1mod7, +1mod13) ↔ (+1mod91) (+1mod7, 1mod13) ↔ ( 27mod91) ( 1mod7, +1mod13) ↔ (+27mod91) ( 1mod7, 1mod13) ↔ ( 1mod91)
Sothesolutionsare x ≡±1(mod91) and x ≡±27(mod91).Tosolvethesecondand thirdweusethemethodgivenabove:write 1=7u +13v =14 13,then (a,b)=(1, 1) mapsto mub + nva =14b 13a =14( 1) 13(1) ≡−27(mod91)
Systematicstudyofvarioustypesofcongruencenowfollowsthefollowingpattern.First workmoduloprimes;thisiseasiestsince Z/pZ isafield.Thensomehowgofromprimes toprimepowers.Theprocesshere(called“Hensellifting”)isratherliketakingsuccessive decimalapproximationstoanordinaryequation,andwewillcomebacktothisattheendof themodule,inChapter5on p-adicnumbers.Finally,usetheCRTto“glue”togetherthe informationfromtheseparateprimepowers.
2.6. Thestructureof Um. Themostimportantresulthereisthatforprime p,themultiplicativegroup Up (= F∗ p)iscyclic.
Theorem2.6.1. Let p beaprime.Thenthegroup Up = F∗ p iscyclic.
Proof. Every a ∈ F∗ p hasmultiplicativeorder d forsome d|(p 1) andsoisarootof X d 1 modulo p.Converselyif d|(p 1) then X d 1|X p 1 1 (aspolynomials);sincethelatter factorsinto p 1 distinctlinearfactorsin Fp[X],sodoes X d 1 foreach d|(p 1).Sofor each d|(p 1) thereareexactly d rootsof X d 1 in F∗ p.
Foreach n|(p 1) therootsof X n 1 haveorder d forsome d|n,andconverselyevery elementoforder d whichdivides n isarootof X n 1.Let ψ(d) bethenumberofelements oforder d.Thepreviousstatementshowsthat d|n ψ(d)= n forall n|(p 1).Weprove that ψ(n)= ϕ(n) forall n|(p 1) byinduction,startingwith ψ(1)=1= ϕ(1) sinceonly a =1 hasorder 1.Iftrueforall d<n then ψ(n)= n d|n,d<n ψ(d)= n d|n,d<n ϕ(d)= ϕ(n)
Hence ψ(n)= ϕ(n) forall n|(p 1).Inparticular, ψ(p 1)= ϕ(p 1) > 0,soatleastone a ∈ F∗ p hasorder p 1,so F ∗ p iscyclic.
Definition2.6.2. Anintegerwhichgenerates Up = F∗ p iscalleda primitiverootmodulo p. If Um iscyclic,thenageneratorof Um iscalleda primitiverootmodulo m
When g isaprimitiverootmodulo m,thepowers 1,g,g2,...,gϕ(m) 1 areincongruent modulo m,andeveryintegerwhichiscoprimeto m iscongruenttoexactlyoneofthese. Theotherprimitiverootsarethe gk forwhich gcd(k,ϕ(m))=1.Sowehavethefollowing:
Corollary2.6.3. Let p beaprime.Then p hasaprimitiveroot,andthenumberofincongruentprimitiverootsmodulo p is ϕ(p 1).Moregenerally,forevery d|(p 1) thereare ϕ(d) integers(incongruentmodulo p)withorder d modulo p. If m hasaprimitiverootthenthereare ϕ(ϕ(m)) incongruentprimitiverootsmodulo m
Example: Let p =13.Since ϕ(p 1)= ϕ(12)=4 thereare 4 primitiverootsmodulo 13 Oneis 2,sincethesuccessivepowersof 2 modulo 13 are 1, 2, 4, 8, 3, 6, 1,... .Theothers arethepowers 2k where gcd(k, 12)=1:taking k =1, 5, 7, 11 givestheprimitiveroots 2, 25 ≡ 6, 27 ≡ 11, 211 ≡ 7(mod13)
Asanapplicationofprimitiveroots,wemaygiveasimpleproofofaresultprovedearlier, thatwhen p ≡ 1(mod4) thenthecongruence x2 ≡−1(mod p) hasasolution.Forlet g beaprimitiverootmodulo p,andset a = g(p 1)/4.Then a2 ≡ g(p 1)/2 ≡ 1(mod p),but a4 = gp 1 ≡ 1(mod p),fromwhichitfollowsthat a2 ≡−1(mod p)
Theorem2.6.4. Primitiverootsmodulo m existifandonlyif m =1, 2, 4, pe or 2pe where p isanoddprimeand e ≥ 1.
Proof. 1 isaprimitiverootmodulo 1 and 2 since ϕ(1)= ϕ(2)=1,and 3 (or 1)isa primitiverootmodulo 4
Theintegersexcludedfromtheabovelistarethehigherpowersof 2,and m = n1n2 with gcd(n1,n2)=1 and n1, n2 ≥ 3.Higherpowersof 2 donothaveprimitiverootssince ϕ(2e)=2e 1,butinductionshowsthatforalloddintegers a wehave a2e 2 ≡ 1(mod2e)
If m = n1n2 with gcd(n1,n2)=1 and n1, n2 ≥ 3 thenboth ϕ(ni) areeven;forall a ∈ Um wethenhave a 1 2 ϕ(m) ≡ a 1 2 ϕ(n1 )ϕ(n2 ) ≡ aϕ(n1 ) 1 2 ϕ(n2 ) ≡ 1(mod n1), since gcd(a,n1)=1,andsimilarly a 1 2 ϕ(m) ≡ 1(mod n2),sobytheChineseRemainder Theoremwehave a 1 2 ϕ(m) ≡ 1(mod m) forall a ∈ Um,sonoelementof Um hasorderas bigas ϕ(m)
Nowweshowthatprimitiverootsexistfor m = pe and m =2pe where p isanoddprime.
Let g beaprimitiverootmodulo p,andconsidertheorder d of g modulo p2.ByLagrange wehave d|ϕ(p2)= p(p 1),and gd ≡ 1(mod p2)=⇒ gd ≡ 1(mod p)=⇒ p 1|d,so either d = p 1 or d = p(p 1).If gp 1 ≡ 1(mod p2) thenreplace g by g1 = g + p,which isstillaprimitiverootmodulo p,andsatisfies gp 1 1 =(g + p)p 1 ≡ gp 1 + p(p 1)gp 2 ≡ 1 pgp 2 ≡ 1(mod p2).Sowemayassumethat gp 1 ≡ 1(mod p2),andthen g isa primitiverootmodulo p2 aswellasmodulo p.
Thissame g isnowaprimitiverootmodulo pe forall e ≥ 1.Proceedingbyinduction,the orderof g modulo pe divides ϕ(pe)= pe 1(p 1) andisamultipleof ϕ(pe 1)= pe 2(p 1) soeitherequals pe 2(p 1) or pe 1(p 1).However,from gp 1 =1+ kp with p |k itfollows byinductionthat (gp 1)pe 2 ≡ 1+ kpe 1 ≡ 1(mod pe) forall e ≥ 2,sotheorderof g modulo pe isinfact pe 1(p 1)= ϕ(pe)
Finallyif m =2pe with p anoddprime,notethat ϕ(2pe)= ϕ(2)ϕ(pe)= ϕ(pe).Let g be anyprimitiverootmodulo pe whichisalsoodd(replace g by g + pe ifnecessary).Then g is aprimitiverootmodulo 2pe
Nowif m isodd,withprimefactorization m = k i=1 p ei i ,itfollowsthatthegroup Um is isomorphictotheproductofcyclicgroupsoforder p ei 1 i (pi 1) for 1 ≤ i ≤ k
Wehavenotdeterminedthestructureof U2e for e ≥ 3;itturnsoutthatwhilenotcyclic, itisalmostso:for e ≥ 3, U2e isisomorphictotheproductofcyclicgroupsoforder 2 (generatedby 1)andorder 2e 2 (generatedby 5).
3. QuadraticReciprocity
Inthissectionwewillstudyquadraticcongruencestoprimemoduli.When p isanodd prime,thenanyquadraticcongruence ax2 + bx + c ≡ 0(mod p) (with p |a)maybereduced bycompletingthesquaretothesimplercongruence y2 ≡ d (mod p),where d = b2 4ac and y =2ax + b.Sosolvingquadraticcongruencesreducestotheproblemoftakingsquare roots.
3.1. QuadraticResiduesandNonresidues.
Definition3.1.1. Let p beanoddprimeand a anintegernotdivisibleby p.Wesaythat a isa quadraticresidue of p when x2 ≡ a (mod p) hasatleastonesolution,anda quadratic nonresidue otherwise.
Notethatwhen a isaquadraticresiduewith b2 ≡ a (mod p) thenthecongruence x2 ≡ a (mod p) hasexactlytwosolutions,namely x ≡±b.Forthesearebothsolutions;theyare incongruentmodulo p since b ≡−b =⇒ 2b ≡ 0=⇒ b ≡ 0=⇒ a ≡ 0.(Herewe usedthat p =2.)Lastly,therearenomoresolutionssince p|x2 a =⇒ p|x2 b2 =⇒ p|(x b)(x + b)=⇒ p|(x b) or p|(x + b)
Wecanfindthequadraticresiduesmodulo p byreducing b2 modulo p for 1 ≤ b ≤ (p 1)/2 Theothersquareswillrepeatthese(inreverseorder),since (p b)2 ≡ b2 (mod p).Itfollows thatexactlyhalfthenonzeroresiduesarequadraticresiduesandtheotherhalfquadratic nonresidues.
Examples: p =11:thequadraticresiduesmodulo 11 are:
,
,
,
,
,
,
whilethequadraticnonresiduesare
p =13:thequadraticresiduesmodulo 13 are:
whilethequadraticnonresiduesare ±2, ±5, ±6. Thereasonforthepatternsweseeherewillbecomeapparentlater.
Anotherwaytoseethatexactlyhalfthenonzeroresiduesarequadraticresiduesistouse primitiveroots.Let g beaprimitiverootmodulo p.Thenthenonzeroresiduesare gk for 0 ≤ k ≤ p 2 andeveryintegernotdivisibleby p iscongruentto gk forsome k inthis range.Thequadraticresiduesarethe gk foreven k:thatis,thepowersof g2
Forexamplewhen p =13 wemaytake g =2,so g2 =4 withsuccessivepowers 1, 4, 3, 12, 9, 10(mod13).Thesearethequadraticresidues;togetthequadraticnonresidues multiplythemby g =2 togettheoddpowers 2, 8, 6, 11, 5, 7(mod13)
3.2. LegendreSymbolsandEuler’sCriterion.
Definition3.2.1. The LegendreSymbol a p isdefinedasfollows:
+1 if p |a and x2 ≡
if p |a and x2 ≡
if p|a
(mod p) hasasolution
(mod p) doesnothaveasolution
Inallcases,thenumberof(incongruent)solutionsto x2 ≡ a (mod p) is 1+ a p .
Proposition3.2.2. Let p beanoddprime.
(a) a ≡ b (mod p)=⇒ a p = b p .
(b) Euler’sCriterion: a p ≡ a(p 1)/2 (mod p)
(c) 1 p =( 1)(p 1)/2 = +1 if p ≡ 1(mod4) 1 if p ≡ 3(mod4)
(d) ab p = a p b p
Proof. (a)isobviousfromDefinition3.2.1.
(b)Thisisclearwhen p|a sincethenbothsidesarecongruentto 0.Sosuppose p |a Firstweuseaprimitiveroot g.Notethat g(p 1)/2 ≡−1(mod p),since h = g(p 1)/2 satisfies h2 ≡ 1 but h ≡ 1(mod p),so h ≡−1(mod p).Writing a ≡ gk wehave a(p 1)/2 ≡ gk(p 1)/2 ≡ ( 1)k whichis +1 iff k isevenwhichisiff a isaquadraticresidue.
Hereisadirectproofnotusingprimitiveroots.If a p =1 then a ≡ b2 forsome b,and then a(p 1)/2 ≡ bp 1 ≡ 1(mod p) byFermat.If a p = 1 thenconsiderthestatement ofWilson’sTheorem,that (p 1)! ≡−1(mod p).Intheproductpairoff x1,x2 with 1 ≤ x1 <x2 ≤ p 1 when x1x2 ≡ a (mod p).No x ispairedwithitselfsince x2 ≡ a (mod p) hasnosolutions,soweget 1 ≡ a(p 1)/2 (mod p) asrequired.
(c)Thisisaspecialcaseof(b);wealsoproveditearlier(Proposition2.4.1).
(d)Firstwehave ab p ≡ (ab)(p 1)/2 ≡ a(p 1)/2b(p 1)/2 ≡ a p b p (mod p).Now bothsidesarein {−1, 0, 1} sobeingcongruentmodulo p theymustbeequal(since p> 2).
Corollary3.2.3. Let p beanoddprime.
If p ≡ 1(mod4) then a p = a p forall a
If p ≡ 3(mod4) then a p = a p forall a.
Proof. Thisfollowsfrom a p = 1 p a p andtheevaluationof 1 p
Ifwestarttoaskquestionssuchas“forwhichprimes p is 2 aquadraticresidue?”then weareledtooneofthemostfamousresultsinelementarynumbertheory.Experimental evidenceforsmallprimeseasilyconvincesonethattheansweris“primescongruentto ±1 (mod8)”: 2 p =+1 for p =7, 17, 23, 31, 41, 47, 71,... 2 p = 1 for p =3, 5, 11, 13, 19, 29, 37, 43,...
Moregenerally,thevalueof a p forfixed a andvariable p onlydependsontheresidueof p modulo 4a.ThisisoneformofGauss’sfamousLawofQuadraticReciprocity.
3.3. TheLawofQuadraticReciprocity.
Proposition3.3.1. [Gauss’sLemma]Let p beanoddprimeand a anintegernotdivisible by p.Then a p =( 1)s,where s isthenumberofintegers i with 0 <i<p/2 forwhich theleastresidueof ai isnegative.
Proof. Let λ(n) denotetheleastresidueof n modulo p;recallthatthismeansthat λ(n) ≡ n (mod p) and |λ(n)| <p/2.Weneedtocountthenumberof i forwhich λ(ai) < 0.Now {|λ(ai)|| 0 <i<p/2} = {i | 0 <i<p/2} sincetheleftsideisasubsetoftheright,andhasnorepeatssince λ(ai)= ±λ(aj)=⇒ ai ≡±aj =⇒ i ≡±j (mod p)=⇒ i = j, since p<i ∓ j<p.Hence ( 1)s i i ≡ i λ(ai) ≡ i ai ≡ a(p 1)/2P where P = ((p 1)/2)!.Cancellingthecommonfactor P gives a(p 1)/2 ≡ ( 1)s andhencetheresult byEuler’scriterion.
Example: Take p =13 and a =11;thenwereduce 11, 22, 33, 44, 55, 66 modulo 13 to 2, 4, 6, 5, 3, 1.AsexpectedbytheproofoftheProposition,theseare,uptosign,the integersbetween 1 and 6.Thereare 3 minussigns,so 11 13 =( 1)3 = 1
If p =13 and a =10 thenwereduce 10, 20, 30, 40, 50, 60 to 3, 6, 4, 1, 2, 5 with fournegativevalues,so 10 13 =( 1)4 =1.Indeed, 62 =36 ≡ 10(mod13)
Corollary3.3.2. Assumethat a> 0,andset a = a if a iseven, a = a 1 if a isodd. Then a p =( 1)s where s = a k=1 [(kp)/(2a)]
Proof. ByGauss’sLemma, a p =( 1)s where s isthetotalnumberofintegers i inallthe intervals (kp/2a, (k +1)p/2a) for odd k =1, 3, ··· <a.Butif x<y and x,y/ ∈ Z thenthe numberofintegersbetween x and y is [y] [x],soiscongruentto [x]+[y](mod2)
Example: Take p =13 and a =11,so a =10.Then 11 13 =( 1)s where s =[13/22]+ [26/22]+[39/22]+[52/22]+[65/22]+[78/22]+[91/22]+[104/22]+[117/22]+[130/22] ≡ 0+(1+1)+(2+2)+3+(4+4)+(5+5) ≡ 1(mod2),so 11 13 = 1
WecanuseCorollary3.3.2toGauss’sLemmatoevaluate 2 p for all oddprimes p
Proposition3.3.3. Let p beanoddprime.Then 2 p =( 1)(p2 1)/8 = +1 if p ≡±1(mod8); 1 if p ≡±3(mod8)
Proof. ByCorollary3.3.2wehave 2 p =( 1)s where s =[p/4]+[p/2],whoseparity dependson p (mod8)
If p =8r +1 then s ≡ 2r +4r ≡ 0
If p =8r +3 then s ≡ 2r +(4r +1) ≡ 1
If p =8r +5 then s ≡ (2r +1)+(4r +2) ≡ 1.
If p =8r +7 then s ≡ (2r +1)+(4r +3) ≡ 0
Theresultfollowsifwenotethat (p2 1)/8 isevenwhen p ≡±1(mod8) andisodd when p ≡±3(mod8)
Moregenerally,wecandeducethatingeneralthevalueof a p onlydependson p (mod4a),ourfirstformof quadraticreciprocity :althoughthedefinitionof a p isinterms of a (mod p),itisfarfromobviousthatitdependson p (mod4a)!
Proposition3.3.4. Let p and q beoddprimesand a a positive integernotdivisibleby either p or q.Then p ≡±q (mod4a)=⇒ a p = a q .
(For a< 0 aslightlymodifiedresultholds:exercise.)
Proof. Define s bythesuminCorollary3.3.2,sothat a p =( 1)s,andconsiderhowthe sumchangeswhen p isreplacedby q.Thenumberoftermsisthesame.
If q = p +4an,thenthe kthterminthisexpressionisincreasedby 2kn,soitsparitydoes notchange,andsoneitherdoestheparityof s;hence a p = a q
If q =4an p,the kthtermbecomes 2kn +[ kp/2a];thishasthe opposite parityto [kp/2a] sincefor x/ ∈ Z, [x] isevenifandonlyif [ x] isodd,andviceversa.Soeachtermin thesumchangesparity;butthenumberoftermsiseven,sotheparityof s isunchanged.
The LawofQuadraticReciprocity usesthisresultinthecasethat a isalsoprimetoget averysymmetricstatement.
Theorem3.3.5. [QuadraticReciprocity]Let p and q bedistinctoddprimes.Then p q q p =( 1)( p 1 2 )( q 1 2 )
So q p = p q if p ≡ 1 or q ≡ 1(mod4),while q p = p q if p ≡ q ≡ 3(mod4)
Proof. If p ≡ q (mod4),saywith p>q,thenwrite p q =4a with a> 0;thenwehave p q = q +4a q = 4a q = a q = a p = 4a p = p q p = q p ,which equals q p if p ≡ q ≡ 1(mod4) andequals q p if p ≡ q ≡ 3(mod4).
Similarly,if p ≡−q (mod4) thenwrite p+q =4a with a> 0;then p q = 4a q q = 4
SincetheLegendresymbol a p iscompletelymultiplicativein a forfixed p,toevaluate a p forall a weonlyneedtoknowthevaluesof 1 p , 2 p and q p ,foroddprimes q differentfrom p.TheLawofQuadraticReciprocitytellsushowtoevaluateeachofthese! SpecialcasesofthereciprocitylawwereconjecturedbyEuleronthebasisofsubstantial calculationsandknowledge,butGaussfirstprovedit,andinfactgaveseveralproofs.
SummaryofQuadraticReciprocity: If p and q aredistinctoddprimesthen:
• 1 p =( 1)(p 1)/2 = +1 if p ≡ 1(mod4); 1 if p ≡ 3(mod4);
• 2 p =( 1)(p2 1)/8 = +1 if p ≡±1(mod8); 1 if p ≡±3(mod8);
• q p =
+ p q if either p ≡ 1(mod4) or q ≡ 1(mod4); p q if both p ≡ 3(mod4) and q ≡ 3(mod4)
UsingQRwemayeasilyanswerquestionsoftheform:Given a,forwhich p is a p =1?
Forexample: 2 p = 1 p 2 p = +1 if p ≡ 1, 3(mod8); 1 if p ≡−1, 3(mod8) 3 p = 1 p 3 p = p 3 = +1 if p ≡ 1(mod3); 1 if p ≡−1(mod3) 3 p = 1 p p 3 = +1 if p ≡±1(mod12); 1 if p ≡±5(mod12).
(Noticehow a p sometimesdependsonlyon p modulo a ratherthanmodulo 4a.)
UsingProposition3.3.4givesanalternativemethodofevaluating a p forfixed a> 0
Take a =3,soweknowthat 3 p onlydependson ±p (mod12);when p =13 wehave
3 13 =+1 andwhen p =5 wehave 3 5 = 1;so 3 p =+1 forall p ≡±1(mod12) and 3 p = 1 forall p ≡±5(mod12).
When a< 0 itisalsotruethat p ≡ q (mod4a)=⇒ a p = a q ,butnow p ≡−q (mod4a)=⇒ a p = a q .(ApplyProp.3.3.4to a toseethis.)Hencewecan evaluate a p for a< 0
Forexample,take a = 5.Then 5 p dependson p modulo 20,giving ϕ(20)=8 cases. Taketheprimes p =61, 3, 7, 29 whicharecongruentrespectivelyto 1, 3, 7, 9(mod20); computingthefourLegendresymbols 5 p ,wefindthattheyareall +1.Hence
5 p = +1 if p ≡ 1, 3, 7, 9(mod20); 1 if p ≡ 11, 13, 17, 19(mod20) wherethesecondlinefollowsfromthefirstbythe“anti-symmetry”since 5 < 0
4. DiophantineEquations
A DiophantineEquation issimplyanequationinoneormorevariablesforwhich integer (orsometimesrational)solutionsaresought.Forexample:
• x2 + y2 = z2 hassolutions (x,y,z)=(3, 4, 5), (5, 12, 13),... ;
• x3 + y3 = z3 hasnosolutionswith x,y,z positiveintegers;
• x2 61y2 =1 hasinfinitelymanysolutionswith x,y> 0;thesmallesthas x = 1766319049 and y =226153980
Wewillusethetechniqueswehavedevelopedinearlierchapters,aswellasonenewone, tosolveanumberofDiophantineequationsallofwhichhavehadsomehistoricalinterest. Theirsolutionhasledtothedevelopmentofmuchofmodernalgebraandnumbertheory. Thenewtechniquewewilluseiscalledthe GeometryofNumbers.
4.1. GeometryofNumbersandMinkowski’sTheorem. Wewillusethegeometryof Rn andofcertainsubsetsofit:
Definition4.1.1. A lattice in Zn isasubgroup L ⊆ Zn offiniteindex.
Thelatticeswewillusearealldefinedusingcongruenceconditionsonthecoordinates ofvectorsin Zn,andtheindexofthelatticewillbedeterminedfromthemoduliofthese congruences(exampletofollowsoon).Therearemoregeneralsubsetsof Rn calledlattices, butwewillnotneedthem.
Ourgeneralstrategywillbetosetupalatticesothatthecoordinatesgivea“modular approximation”totheequationbeingsolved;thentogetanexactsolutionwerequireasecond condition,thatthevectorofcoefficientsis“small”insomesense.Minkowski’sTheoremwill showthat(undercertainconditions)thereareshortlatticevectors,andwewin.Itsstatement requiresthefollowingdefinitions.
Definition4.1.2. Asubset S ⊆ Rn is symmetric if x ∈ S ⇐⇒−x ∈ S,and convex if x,y ∈ S =⇒ tx +(1 t)y ∈ S forall t with 0 ≤ t ≤ 1
Hereistheresultfromthegeometryofnumberswewillusetodeducetheexistenceof solutionstoseveralDiophantineEquations:
Theorem4.1.3. [Minkowski]Let L ≤ Zn bealatticeofindex m,andlet S ⊆ Rn bea boundedconvexsymmetricdomain.If S hasvolume v(S) > 2nm,then S containsanonzero elementof L. Thesameconclusionholdswhen v(S)=2nm,providedthat S iscompact.
Proof. Seesection4.6below.
4.2. Sumsofsquares. Inthissectionwewillgiveananswertothequestions“whichpositive integerscanbeexpressedasasumof 2 squares(S2S),orasumof 3 squares(S3S),ora sumof 4 squares(S4S)”?Inthe 3-squarescasewewillonlygiveapartialproof,sincethe fullproofusesconceptswhichwewillnotcover.ThereasonfortheS3Scasebeingharder isthatthesetofS3Snumbersisnotclosedundermultiplication,whileforS2SandS4Sit is,whichthenessentiallyreducesthequestiontothecaseofprimes.
4.2.1. Sumsoftwosquares. Toaskwhetheraninteger n isasumoftwosquares, n = a2 +b2 , isthesameastoaskwhetheritisthenormofaGaussianInteger: n = a2 + b2 = N (α) where α = a + bi ∈ Z[i].UsingTheorem1.5.14onGaussianprimes,suchanintegermust beaproductofnormsofGaussianprimeswhichare: 2, p foranyprime p ≡ 1(mod4),and q2 foranyprime q ≡ 3(mod4).Thisprovesthefollowing:
Theorem4.2.1. Thepositiveinteger n maybeexpressedasasumoftwosquares, n = x2 + y2,ifandonlyifordq (n) isevenforallprimes q ≡ 3(mod4),orequivalentlyifand onlyif n = ab2 where a hasnoprimefactorscongruentto 3(mod4).
Remarks: Onecansimilarlycharacterizepositiveintegersoftheform n = x2 +2y2 asthose suchthatordq (n) isevenforallprimes q ≡ 5, 7(mod8).Eitheradirectprooforonebased onuniquefactorizationintheEuclideanDomain Z[√ 2] ispossible.Asimilarresultholds for n = x2 +3y2 (thoughisslightlyhardertoprovesince Z[√ 3] isnotEuclidean).But thepatterndoesnotcontinue,andforgeneral m itisaveryhardproblemtodetermine exactlywhichintegers n,orevenwhichprimes p,havetheform x2 + my2.Thestudyofthis questionleadsontoalgebraicnumbertheory,andinparticulartothestudyofthearithmetic propertiesofquadraticnumberfields.
RecallfromChapter1thatthekeytodeterminingtheGaussianprimeswasafactwhich weonlyprovedlater(Theorem2.4.2):thatif p isaprimesuchthat p ≡ 1(mod4) then p isasumoftwosquares.WeprovedthisinChapter2byusingfactsaboutGaussianIntegers, togetherwiththefactthatforsuchprimesthecongruence x2 ≡−1(mod p) hasasolution. Nowwegiveadifferentproofthat p ≡ 1(mod4)=⇒ p = a2 + b2,asafirstapplication oftheGeometryofNumbers.
Theorem4.2.2. [=Theorem2.4.2again]Let p beaprimesuchthat p ≡ 1(mod4).Then thereexistintegers a and b suchthat p = a2 + b2 .
Proof. Let r ∈ Z beasolutionto r2 ≡−1(mod p),whichexistsbyProposition2.4.1.Let L bethelattice
L = {(x,y) ∈ Z2 | x ≡ ry (mod p)}, whichhasindex p in Z2.(Incasethatisnotobvioustoyou,notethat L isthekernelofthe surjectivegrouphomomorphism Z2 → Z/pZ givenby (x,y) → x ry (mod p),andhence Z2/L ∼ = Z/pZ bygrouptheory.)Notethatfor (x,y) ∈ L wehave x2 + y2 ≡ (1+ r2)y2 ≡ 0 (mod p).Theideanowistofindalatticepointwhichisshortenoughthat x2 + y2 = p:let S ⊆ R2 bethesubset
S = {(x,y) ∈ R2 | x 2 + y 2 < 2p}, whichistheinteriorofacircleofradius √2p sohas“volume”(area) v(S)= π(√2p)2 = 2πp> 4p.Clearly S isconvexandsymmetric;hencebyMinkowski’sTheoremthereisa non-zeropoint (x,y) ∈ S ∩ L,forwhichwehave 0 <x2 + y2 < 2p and p | x2 + y2,hence p = x2 + y2
BeforeapplyingMinkowskiagaintoprovethefour-squaretheorembelow,wewillbriefly (andincompletely)lookatsumsofthreesquares.
4.2.2. Sumsofthreesquares.
Proposition4.2.3. Let n beapositiveintegerwith n ≡ 7(mod8).Then n isnotasum ofthreesquares,andnorisanyintegeroftheform 4kn with n ≡ 7(mod8)
Proof. Allsquaresareallcongruentto 0, 1 or 4(mod8),sothesumofthreesquaresis congruentto 0, 1, 2, 3, 4, 5 or 6(mod8).Thisgivesthefirstpart.
If m = x2 + y2 + z2 and 4|m,thenallof x,y,z mustbeevensinceotherwisetheirsum cannotbeamultipleof 4,sincesquaresare ≡ 0, 1(mod4).So m/4=(x/2)2 +(y/2)2 + (z/2)2 isalsoS3S.Continuingtodivideoutfactorsof 4,ifwereachanoddnumber n = m/4k thenbythefirstpart,since n isasumofthreesquares, n ≡ 7(mod8)
Theconverseofthisresultistrue:everypositiveintegernotoftheform 4kn with n ≡ 7 (mod8) canbewrittenasasumofthreesquares.Butthisishardertoproveandweomit it.Insteadweturntosumsoffoursquares.
Another random document with no related content on Scribd: