Clark W Edwin Elementary Number Theory
Clark W Edwin Elementary Number Theory
Clark W Edwin Elementary Number Theory
W. Edwin Clark
Department of Mathematics
University of South Florida
Revised June 2, 2003
Copyleft 2002 by W. Edwin Clark
Copyleft means that unrestricted redistribution and modication are per-
mitted, provided that all copies and derivatives retain the same permissions.
Specically no commerical use of these notes or any revisions thereof is per-
mitted.
i
ii
Preface
Number theory is concerned with properties of the integers:
. . . , 4, 3, 2, 1, 0, 1, 2, 3, 4, . . . .
The great mathematician Carl Friedrich Gauss called this subject arithmetic
and of it he said:
Mathematics is the queen of sciences and arithmetic the queen of
mathematics.
At rst blush one might think that of all areas of mathematics certainly
arithmetic should be the simplest, but it is a surprisingly deep subject.
We assume that students have some familiarity with basic set theory, and
calculus. But very little of this nature will be needed. To a great extent the
book is self-contained. It requires only a certain amount of mathematical
maturity. And, hopefully, the students level of mathematical maturity will
increase as the course progresses.
Before the course is over students will be introduced to the symbolic
programming language Maple which is an excellent tool for exploring number
theoretic questions.
If you wish to see other books on number theory, take a look in the QA 241
area of the stacks in our library. One may also obtain much interesting and
current information about number theory from the internet. See particularly
the websites listed in the Bibliography. The websites by Chris Caldwell [2]
and by Eric Weisstein [11] are especially recommended. To see what is going
on at the frontier of the subject, you may take a look at some recent issues
of the Journal of Number Theory which you will nd in our library.
iii
iv PREFACE
Here are some examples of outstanding unsolved problems in number the-
ory. Some of these will be discussed in this course. A solution to any one
of these problems would make you quite famous (at least among mathemati-
cians). Many of these problems concern prime numbers. A prime number is
an integer greater than 1 whose only positive factors are 1 and the integer
itself.
1. (Goldbachs Conjecture) Every even integer n > 2 is the sum of two
primes.
2. (Twin Prime Conjecture) There are innitely many twin primes. [If p
and p + 2 are primes we say that p and p + 2 are twin primes.]
3. Are there innitely many primes of the form n
2
+ 1?
4. Are there innitely many primes of the form 2
n
1? Primes of this
form are called Mersenne primes.
5. Are there innitely many primes of the form 2
2
n
+ 1? Primes of this
form are called Fermat primes.
6. (3n+1 Conjecture) Consider the function f dened for positive integers
n as follows: f(n) = 3n+1 if n is odd and f(n) = n/2 if n is even. The
conjecture is that the sequence f(n), f(f(n)), f(f(f(n))), always
contains 1 no matter what the starting value of n is.
7. Are there innitely many primes whose digits in base 10 are all ones?
Numbers whose digits are all ones are called repunits.
8. Are there innitely many perfect numbers? [An integer is perfect if it
is the sum of its proper divisors.]
9. Is there a fast algorithm for factoring large integers? [A truly fast algo-
ritm for factoring would have important implications for cryptography
and data security.]
v
Famous Quotations Related to Number Theory
Two quotations from G. H. Hardy:
In the rst quotation Hardy is speaking of the famous Indian mathe-
matician Ramanujan. This is the source of the often made statement that
Ramanujan knew each integer personally.
I remember once going to see him when he was lying ill at Putney.
I had ridden in taxi cab number 1729 and remarked that the
number seemed to me rather a dull one, and that I hoped it
was not an unfavorable omen. No, he replied, it is a very
interesting number; it is the smallest number expressible as the
sum of two cubes in two dierent ways.
Pure mathematics is on the whole distinctly more useful than ap-
plied. For what is useful above all is technique, and mathematical
technique is taught mainly through pure mathematics.
Two quotations by Leopold Kronecker
God has made the integers, all the rest is the work of man.
The original quotation in German was Die ganze Zahl schuf der liebe Gott,
alles
Ubrige ist Menschenwerk. More literally, the translation is The whole
number, created the dear God, everything else is mans work. Note in
particular that Zahl is German for number. This is the reason that today we
use Z for the set of integers.
Number theorists are like lotus-eaters having once tasted of this
food they can never give it up.
A quotation by contemporary number theorist William Stein:
A computer is to a number theorist, like a telescope is to an
astronomer. It would be a shame to teach an astronomy class
without touching a telescope; likewise, it would be a shame to
teach this class without telling you how to look at the integers
through the lens of a computer.
vi PREFACE
Contents
Preface iii
1 Basic Axioms for Z 1
2 Proof by Induction 3
3 Elementary Divisibility Properties 9
4 The Floor and Ceiling of a Real Number 13
5 The Division Algorithm 15
6 Greatest Common Divisor 19
7 The Euclidean Algorithm 23
8 Bezouts Lemma 25
9 Blankinships Method 27
10 Prime Numbers 31
11 Unique Factorization 37
12 Fermat Primes and Mersenne Primes 43
13 The Functions and 47
14 Perfect Numbers and Mersenne Primes 53
vii
viii CONTENTS
15 Congruences 57
16 Divisibility Tests for 2, 3, 5, 9, 11 65
17 Divisibility Tests for 7 and 13 69
18 More Properties of Congruences 71
19 Residue Classes 75
20 Z
m
and Complete Residue Systems 79
21 Addition and Multiplication in Z
m
83
22 The Groups U
m
87
23 Two Theorems of Euler and Fermat 93
24 Probabilistic Primality Tests 97
25 The Base b Representation of n 101
26 Computation of a
N
mod m 107
27 The RSA Scheme 113
A Rings and Groups 117
Chapter 1
Basic Axioms for Z
Since number theory is concerned with properties of the integers, we begin by
setting up some notation and reviewing some basic properties of the integers
that will be needed later:
N = 1, 2, 3, (the natural numbers or positive integers)
Z = , 3, 2, 1, 0, 1, 2, 3, (the integers)
Q =
_
n
m
[ n, m Z and m ,= 0
_
(the rational numbers)
R = the real numbers
Note that N Z Q R. I assume a knowledge of the basic rules of high
school algebra which apply to R and therefore to N, Z and Q. By this I
mean things like ab = ba and ab + ac = a(b + c). I will not list all of these
properties here. However, below I list some particularly important properties
of Z that will be needed. I call them axioms since we will not prove them in
this course.
Some Basic Axioms for Z
1. If a, b Z, then a + b, a b and ab Z. (Z is closed under addition,
subtraction and multiplication.)
2. If a Z then there is no x Z such that a < x < a + 1.
3. If a, b Z and ab = 1, then either a = b = 1 or a = b = 1.
4. Laws of Exponents: For n, m in N and a, b in R we have
1
2 CHAPTER 1. BASIC AXIOMS FOR Z
(a) (a
n
)
m
= a
nm
(b) (ab)
n
= a
n
b
n
(c) a
n
a
m
= a
n+m
.
These rules hold for all n, m Z if a and b are not zero.
5. Properties of Inequalities: For a, b, c in R the following hold:
(a) (Transitivity) If a < b and b < c, then a < c.
(b) If a < b then a + c < b + c.
(c) If a < b and 0 < c then ac < bc.
(d) If a < b and c < 0 then bc < ac.
(e) (Trichotomy) Given a and b, one and only one of the following
holds:
a = b, a < b, b < a.
6. The Well-Ordering Property for N: Every non-empty subset of N
contains a least element.
7. The Principle of Mathematical Induction: Let P(n) be a state-
ment concerning the integer variable n. Let n
0
be any xed integer.
P(n) is true for all integers n n
0
if one can establish both of the
following statements:
(a) P(n) is true if n = n
0
.
(b) Whenever P(n) is true for n
0
n k then P(n) is true for
n = k + 1.
We use the usual conventions:
1. a b means a < b or a = b,
2. a > b means b < a, and
3. a b means b a.
Important Convention. Since in this course we will be almost exclu-
sively concerned with integers we shall assume from now on (unless otherwise
stated) that all lower case roman letters a, b, . . . , z are integers.
Chapter 2
Proof by Induction
In this section, I list a number of statements that can be proved by use of
The Principle of Mathematical Induction. I will refer to this principle as
PMI or, simply, induction. A sample proof is given below. The rest will be
given in class hopefully by students.
A sample proof using induction: I will give two versions of this proof.
In the rst proof I explain in detail how one uses the PMI. The second proof
is less pedagogical and is the type of proof I expect students to construct. I
call the statement I want to prove a proposition. It might also be called a
theorem, lemma or corollary depending on the situation.
Proposition 2.1. If n 5 then 2
n
> 5n.
Proof #1. Here we use The Principle of Mathematical Induction. Note that
PMI has two parts which we denote by PMI (a) and PMI (b).
We let P(n) be the statement 2
n
> 5n. For n
0
we take 5. We could write
simply:
P(n) = 2
n
> 5n and n
0
= 5.
Note that P(n) represents a statement, usually an inequality or an equation
but sometimes a more complicated assertion. Now if n = 4 then P(n) be-
comes the statement 2
4
> 5 4 which is false! But if n = 5, P(n) is the
statement 2
5
> 5 5 or 32 > 25 which is true and we have established PMI
(a).
3
4 CHAPTER 2. PROOF BY INDUCTION
Now to prove PMI (b) we begin by assuming that
P(n) is true for 5 n k.
That is, we assume
2
n
> 5n for 5 n k. (2.1)
The assumption (2.1) is called the induction hypothesis. We want to
use it to prove that P(n) holds when n = k + 1. So heres what we do. By
(2.1) letting n = k we have
2
k
> 5k.
Multiply both sides by two and we get
2
k+1
> 10k. (2.2)
Note that we are trying to prove 2
k+1
> 5(k + 1). Now 5(k + 1) = 5k + 5 so
if we can show 10k 5k + 5 we can use (2.2) to complete the proof.
Now 10k = 5k + 5k and k 5 by (2.1) so k 1 and hence 5k 5.
Therefore
10k = 5k + 5k 5k + 5 = 5(k + 1).
Thus
2
k+1
> 10k 5(k + 1)
so
2
k+1
> 5(k + 1). (2.3)
that is, P(n) holds when n = k + 1. So assuming the induction hypothesis
(2.1) we have proved (2.3). Thus we have established PMI (b).
We have established that parts (a) and (b) of PMI hold for this particular
P(n) and n
0
. So the PMI tells us that P(n) holds for n 5. That is, 2
n
> 5n
holds for n 5.
I now give a more streamlined proof.
Proposition 2.2. If n 5 then 2
n
> 5n.
5
Proof #2. We prove the proposition by induction on the variable n.
If n = 5 we have 2
5
> 5 5 or 32 > 25 which is true.
Assume
2
n
> 5n for 5 n k (the induction hypothesis).
Taking n = k we have
2
k
> 5k.
Multiplying both sides by 2 gives
2
k+1
> 10k.
Now 10k = 5k + 5k and k 5 so k 1 and therefore 5k 5. Hence
10k = 5k + 5k 5k + 5 = 5(k + 1).
It follows that
2
k+1
> 10k 5(k + 1)
and therefore
2
k+1
> 5(k + 1).
Hence by PMI we conclude that 2
n
> 5n for n 5.
The 8 major parts of a proof by induction:
1. First state what proposition you are going to prove. Precede the state-
ment by Proposition, Theorem, Lemma, Corollary, Fact, or To Prove:.
2. Write the Proof or Pf. at the very beginning of your proof.
3. Say that you are going to use induction (some proofs do not use induc-
tion!) and if it is not obvious from the statement of the proposition
identify clearly P(n), the statement to be proved, the variable n and
the starting value n
0
. Even though this is usually clear, sometimes
these things may not be obvious. And, of course, the variable need not
be n. It could be represented in many dierent ways.
4. Prove that P(n) holds when n = n
0
.
5. Assume that P(n) holds for n
0
n k. This assumption will be
referred to as the induction hypothesis.
6 CHAPTER 2. PROOF BY INDUCTION
6. Use the induction hypothesis and anything else that is known to be
true to prove that P(n) holds when n = k + 1.
7. Conclude that since the conditions of the PMI have been met then
P(n) holds for n n
0
.
8. Write QED or or // or something to indicate that you have com-
pleted your proof.
Exercise 2.1. Prove that 2
n
> 6n for n 5.
Exercise 2.2. Prove that 1 + 2 + + n =
n(n + 1)
2
for n 1.
Exercise 2.3. Prove that if 0 < a < b then 0 < a
n
< b
n
for all n N.
Exercise 2.4. Prove that n! < n
n
for n 2.
Exercise 2.5. Prove that if a and r are real numbers and r ,= 1, then for
n 1
a + ar + ar
2
+ + ar
n
=
a (r
n+1
1)
r 1
.
This can be written as follows
a(r
n+1
1) = (r 1)(a + ar + ar
2
+ + ar
n
).
And important special case of which is
(r
n+1
1) = (r 1)(1 + r + r
2
+ + r
n
).
Exercise 2.6. Prove that 1 + 2 + 2
2
+ + 2
n
= 2
n+1
1 for n 1.
Exercise 2.7. Prove that 111 1
. .
n1s
=
10
n
1
9
for n 1.
Exercise 2.8. Prove that 1
2
+2
2
+3
2
+ +n
2
=
n(n + 1)(2n + 1)
6
if n 1.
Exercise 2.9. Prove that if n 12 then n can be written as a sum of 4s
and 5s. For example, 23 = 5 + 5 + 5 + 4 + 4 = 3 5 + 2 4. [Hint. In this
case it will help to do the cases n = 12, 13, 14, and 15 separately. Then use
induction to handle n 16.]
7
Exercise 2.10. (a) For n 1, the triangular number t
n
is the number of
dots in a triangular array that has n rows with i dots in the i-th row. Find
a formula for t
n
, n 1. (b) Suppose that for each n 1. Let s
n
be the
number of dots in a square array that has n rows with n dots in each row.
Find a formula for s
n
. The numbers s
n
are usually called squares.
Exercise 2.11. Find the rst 10 triangular numbers and the rst 10 squares.
Which of the triangular numbers in your list are also squares? Can you nd
the next triangular number which is a square?
Exercise 2.12. Some propositions that can be proved by induction can also
be proved without induction. Prove Exercises 2.2 and 2.5 without induction.
[Hints: For 2.2 write s = 1+2+ +(n1)+n. Directly under this equation
write s = n+(n1)+ +2+1. Add these equations to obtain 2s = n(n+1).
Solve for s. For Exercise 2.5 write p = a+ar+ar
2
+ +ar
n
. Then multiply
both sides of this equation by r to get a new equation with rp as the left hand
side. Subtract these two equation to obtain pr p = ar
n+1
a. Now solve
for p.]
8 CHAPTER 2. PROOF BY INDUCTION
Chapter 3
Elementary Divisibility
Properties
Denition 3.1. d [ n means there is an integer k such that n = dk. d n
means that d [ n is false.
Note that a [ b ,= a/b. Recall that a/b represents the fraction
a
b
.
The expression d [ n may be read in any of the following ways:
1. d divides n.
2. d is a divisor of n.
3. d is a factor of n.
4. n is a multiple of d.
Thus, the following ve statements are equivalent, that is, they are all
dierent ways of saying the same thing.
1. 2 [ 6.
2. 2 divides 6.
3. 2 is a divisor of 6.
4. 2 is a factor of 6.
5. 6 is a multiple of 2.
9
10 CHAPTER 3. ELEMENTARY DIVISIBILITY PROPERTIES
Denitions will play an important role in this course. Students should learn
all denitions and be able to state them precisely. An alternative way to
state the denition of d [ n is as follows.
Denition 3.2. d [ n n = dk for some k.
or maybe
Denition 3.3. d [ n i n = dk for some k.
Keep in mind that we are assuming that all letters a, b, . . . , z represent inte-
gers. Otherwise we would have to add this fact to our denitions. One might
also see the following denition sometimes.
Denition 3.4. d [ n if n = dk for some k.
Note that , i, and if and only if, all mean the same thing. In denitions
such as Denition 3.4 if is interpreted to mean if and only if. It should be
emphasized that all the above denitions are acceptable. Take your pick.
But be careful about making up your own denitions.
11
Theorem 3.1 (Divisibility Properties). If n, m, and d are integers then
the following statements hold:
1. n [ n (everything divides itself )
2. d [ n and n [ m =d [ m (transitivity)
3. d [ n and d [ m =d [ an + bm for all a and b (linearity property)
4. d [ n =ad [ an (multiplication property)
5. ad [ an and a ,= 0 = d [ n (cancellation property)
6. 1 [ n (one divides everything)
7. n [ 1 =n = 1 (1 and 1 are the only divisors of 1.)
8. d [ 0 (everything divides zero)
9. 0 [ n =n = 0 (zero divides only zero)
10. If d and n are positive and d [ n then d n (comparison property)
Exercise 3.1. Prove each of the properties 1 through 10 in Theorem 3.1.
Denition 3.5. If c = as + bt for some integers s and t we say that c is a
linear combination of a and b.
Thus, statement 3 in Theorem 3.1 says that if d divides a and b, then d
divides all linear combinations of a and b. In particular, d divides a + b and
a b. This will turn out to be a useful fact.
Exercise 3.2. Prove that if d [ a and d [ b then d [ a b.
Exercise 3.3. Prove that if a Z then the only positive divisor of both a
and a + 1 is 1.
12 CHAPTER 3. ELEMENTARY DIVISIBILITY PROPERTIES
Chapter 4
The Floor and Ceiling of a Real
Number
Here we dene the oor, a.k.a., the greatest integer, and the ceiling, a.k.a.,
the least integer, functions. Kenneth Iverson introduced this notation and
the terms oor and ceiling in the early 1960s according to Donald Knuth
[6] who has done a lot to popularize the notation. Now this notation is
standard in most areas of mathematics.
Denition 4.1. If x is any real number we dene
x| = the greatest integer less than or equal to x
x| = the least integer greater than or equal to x
x| is called the oor of x and x| is called the ceiling of x The oor x| is
sometimes denoted [x] and called the greatest integer function. But I prefer
the notation x|. Here are a few simple examples:
1. 3.1| = 3 and 3.1| = 4
2. 3| = 3 and 3| = 3
3. 3.1| = -4 and 3.1| = -3
From now on we mostly concentrate on the oor x|. For a more detailed
treatment of both the oor and ceiling see the book Concrete Mathemat-
ics [5]. According to the denition of x| we have
x| = maxn Z [ n x (4.1)
13
14 CHAPTER 4. THE FLOOR AND CEILING OF A REAL NUMBER
Note also that if n is an integer we have:
n = x| n x < n + 1. (4.2)
From this it is clear that
x| x holds for all x,
and
x| = x x Z.
We need the following lemma to prove our next theorem.
Lemma 4.1. For all x R
x 1 < x| x.
Proof. Let n = x|. Then by (4.2) we have n x < n + 1. This gives
immediately that x| x, as already noted above. It also gives x < n + 1
which implies that x 1 < n, that is, x 1 < x|.
Exercise 4.1. Sketch the graph of the function f(x) = x| for 3 x 3.
Exercise 4.2. Find |, |,
2|,
2|, |, |,
2|, and
2|.
Denition 4.2. Recall that the decimal representation of a positive in-
teger a is given by a = a
n1
a
n2
a
1
a
0
where
a = a
n1
10
n1
+ a
n2
10
n2
+ + a
1
10 + a
0
(4.3)
and the digits a
n1
, a
n2
, . . . , a
1
, a
0
are in the set 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 with
a
n1
,= 0. In this case we say that the integer a is an n digit number or
that a is n digits long.
Exercise 4.3. Prove that a N is an n digit number where n = log(a)|+1.
Here log means logarithm to base 10. Hint: Show that if ( 4.3) holds with
a
n1
,= 0 then 10
n1
a < 10
n
. Then apply the log to all terms of this
inequality.
Exercise 4.4. Use the previous exercise to determine the number of digits
in the decimal representation of the number 2
3321928
. Recall that log(x
y
) =
y log(x) when x and y are positive.
Chapter 5
The Division Algorithm
The goal of this section is to prove the following important result.
Theorem 5.1 (The Division Algorithm). If a and b are integers and
b > 0 then there exist unique integers q and r satisfying the two conditions:
a = bq + r and 0 r < b. (5.1)
In this situation q is called the quotient and r is called the remainder
when a is divided by b. Note that there are two parts to this result. One
part is the EXISTENCE of integers q and r satisfying (5.1) and the second
part is the UNIQUENESS of the integers q and r satisfying (5.1).
Proof. Given b > 0 and any a dene
q =
_
a
b
_
r = a bq
Cleary we have a = bq + r. But we need to prove that 0 r < b. By
Lemma 4.1 we have
a
b
1 <
_
a
b
_
a
b
.
Now multiply all terms of this inequality by b. Since b is positive, b is
negative so the direction of the inequality is reversed, giving us:
b a > b
_
a
b
_
a.
15
16 CHAPTER 5. THE DIVISION ALGORITHM
If we add a to all sides of the inequality and replace a/b| by q we obtain
b > a bq 0.
Since r = a bq this gives us the desired result 0 r < b.
We still have to prove that q and r are uniquely determined. To do this
we assume that
a = bq
1
+ r
1
and 0 r
1
< b,
and
a = bq
2
+ r
2
and 0 r
2
< b.
We must show that r
1
= r
2
and q
1
= q
2
. If r
1
,= r
2
without loss of generality
we can assume that r
2
> r
1
. Subtracting these two equations we obtain
0 = a a = (bq
1
+ r
1
) (bq
2
+ r
2
) = b(q
1
q
2
) + (r
1
r
2
).
This implies that
r
2
r
1
= b(q
1
q
2
). (5.2)
This implies that b [ r
2
r
1
. By Theorem 3.1(10) this implies that b r
2
r
1
.
But since
0 r
1
< r
2
< b
we have r
2
r
1
< b. This contradicts b r
2
r
1
. So we must conclude that
r
1
= r
2
. Now from (5.2) we have 0 = b(q
1
q
2
). Since b > 0 this tells us that
q
1
q
2
= 0, that is, q
1
= q
2
. This completes the proof of the uniqueness of r
and q in (5.1).
Denition 5.1. An integer n is even if n = 2k for some k, and is odd if
n = 2k + 1 for some k.
Exercise 5.1. Prove using the Division Algorithm that every integer is either
even or odd, but never both.
Denition 5.2. By the parity of an integer we mean whether it is even or
odd.
Exercise 5.2. Prove n and n
2
always have the same parity. That is, n is
even if and only if n
2
is even.
17
Exercise 5.3. Find the q and r of the Division Algorithm for the following
values of a and b:
1. Let b = 3 and a = 0, 1, 1, 10, 10.
2. Let b = 345 and a = 0, 1, 1, 344, 7863, 7863.
Exercise 5.4. Devise a method for solving problems like those in the previ-
ous exercise for large positive values of a and b using a calculator. Illustrate
by using a = 123456 and b = 123. Hint: If a = bq + r and 0 r < b then
a
b
= q +
r
b
and so
r
b
is the fractional part of the decimal number
a
b
. So q is
what you get when you drop the fractional part. Once you have q you can
solve a = bq + r for r.
Sometimes a problem in number theory can be solved by dividing the integers
into various classes depending on their remainders when divided by some
number b. For example, this is helpful in solving the following two problems.
Exercise 5.5. Show that for all integers n the number n
3
n always has 3
as a factor. (Consider the three cases: n = 3k, n = 3k + 1, n = 3k + 2.)
Exercise 5.6. Show that the product of any three consecutive integers has
6 as a factor. (How many cases should you use here?)
Denition 5.3. For b > 0 dene a mod b = r where r is the remainder given
by the Division Algorithm when a is divided by b, that is, a = bq + r and
0 r < b.
For example 23 mod 7 = 2 since 23 = 7 3 + 2 and 4 mod 5 = 1 since
4 = 5 (1) + 1.
Note that some calculators and most programming languages have a func-
tion often denoted by MOD(a, b) or mod(a, b) whose value is what we have
just dened as a mod b. When this is the case the values r and q in the
Division Algorithm for given a and b > 0 are given by
r = a mod b
q =
a (a mod b)
b
If also the oor function is available we have
r = a mod b
q = a/b|
18 CHAPTER 5. THE DIVISION ALGORITHM
Exercise 5.7. Prove that if b > 0 then b [ a a mod b = 0.
Exercise 5.8. Prove that if b ,= 0 then b [ a a/b Z.
Exercise 5.9. Calculate the following:
1. 0 mod 10
2. 123 mod 10
3. 10 mod 123
4. 457 mod 33
5. (7) mod 3
6. (3) mod 7
7. (5) mod 5
Exercise 5.10. Use the Division Algorithm to prove the following more
general version: If b ,= 0 then for any a there exists unique q and r such that
a = bq + r and 0 r < [ b [. (5.3)
Hint: Recall that [ b [ is b if b 0 and is b if b < 0. We know the statement
holds if b > 0 so we only need to consider the case when b < 0. If b is
negative then b is positive, so we can apply the Division Algorithm to a and
b. Note that a as well as q can be any integers. This exercise may come in
handy later.
Chapter 6
Greatest Common Divisor
Denition 6.1. Let a, b Z. If a ,= 0 or b ,= 0, we dene gcd(a, b) to be the
largest integer d such that d [ a and d [ b. We dene gcd(0, 0) = 0.
Discussion. If e [ a and e [ b we call e a common divisor of a and b. Let
C(a, b) = e : e [ a and e [ b,
that is, C(a, b) is the set of all common divisors of a and b. Note that since
everything divides 0
C(0, 0) = Z
so there is no largest common divisor of 0 with 0. This is why we must dene
gcd(0, 0) = 0.
Example 6.1.
C(18, 30) = 1, 1, 2, 2, 3, 3, 6, 6.
So gcd(18, 30) = 6.
Lemma 6.1. If e [ a then e [ a.
Proof. If e [ a then a = ek for some k. Then a = (e)(k). Since e and
k are also integers e [ a.
Lemma 6.2. If a ,= 0, the largest positive integer that divides a is [a[.
19
20 CHAPTER 6. GREATEST COMMON DIVISOR
Proof. Recall that
[a[ =
_
a if a 0
a if a < 0.
First note that [a[ actually divides a: If a > 0, since we know a [ a we have
[a[ [ a. If a < 0, [a[ = a. In this case a = (a)(1) = [a[(1) so [a[ is a
factor of a. So, in either case [a[ divides a, and in either case [a[ > 0, since
a ,= 0.
Now suppose d [ a and d is positive. Then a = dk some k so a = d(k)
for some k. So d [ [a[. So by Theorem 3.1 (10) we have d [a[.
The following lemma shows that in computing gcds we may restrict our-
selves to the case where both integers are positive.
Lemma 6.3. gcd(a, b) = gcd([a[, [b[).
Proof. If a = 0 and b = 0, we have [a[ = a and [b[ = b. So gcd(a, b) =
gcd([a[, [b[). Suppose one of a or b is not 0. Note that d [ a d [ [a[. See
Exercise 6.1. It follows that
C(a, b) = C([a[, [b[).
So the largest common divisor of a and b is also the largest common divisor
of [a[ and [b[.
Exercise 6.1. Prove that
d [ a d [ [a[
[Hint: recall that [a[ = a if a 0 and [a[ = a if a < 0. So you need to
consider two cases.]
Lemma 6.4. gcd(a, b) = gcd(b, a).
Proof. Clearly C(a, b) = C(b, a). It follows that the largest integer in C(a, b)
is the largest integer in C(b, a), that is, gcd(a, b) = gcd(b, a).
Lemma 6.5. If a ,= 0 or b ,= 0, then gcd(a, b) exists and satises
0 < gcd(a, b) min[a[, [b[.
21
Proof. Note that gcd(a, b) is the largest integer in the set C(a, b) of common
division of a and b. Since 1 [ a and 1 [ b we know that 1 C(a, b). So
the largest common divisor must be at least 1 and is therefore positive. On
the other hand d C(a, b) d [ [a[ and d [ [b[ so d is no larger than [a[
and no larger than [b[. So d is at most the smaller of [a[ and [b[. Hence
gcd(a, b) min[a[, [b[.
Example 6.2. From the above lemmas we have
gcd(48, 732) = gcd(48, 732)
= gcd(48, 732)
= gcd(48, 732).
We also know that
0 < gcd(48, 732) 48.
Since if d = gcd(48, 732), then d [ 48, to nd d we may check only which
positive divisors of 48 also divide 732.
Exercise 6.2. Find gcd(48, 732) using Example 6.2.
Exercise 6.3. Find gcd(a, b) for each of the following values of a and b:
(1) a = b, b = 14
(2) a = 1, b = 78654
(3) a = 0, b = 78
(4) a = 2, b = 786541
22 CHAPTER 6. GREATEST COMMON DIVISOR
Chapter 7
The Euclidean Algorithm
Unlike the Division Algorithm, the Euclidean Algorithm really is an algo-
rithm. It provides a method to compute gcd(a, b). Since as already noted
gcd(0, 0) = 0, gcd(a, b) = gcd([a[, [b[), and gcd(a, b) = gcd(b, a), it suces to
give a method to compute gcd(a, b) when a b 0.
Lemma 7.1. If a > 0, then gcd(a, 0) = a.
Proof. Since every integer divides 0, C(a, 0) is just the set of divisors of a.
By Lemma 6.2 the largest divisor of a is [a[. Since a > 0, [a[ = a. This shows
that gcd(a, 0) = a.
Remark 7.1. So we are now reduced to the problem of nding gcd(a, b) when
a b > 0.
Exercise 7.1. Prove that if a > 0 then gcd(a, a) = a.
Now having done Exercise 7.1 we only need to consider the case a > b > 0.
Lemma 7.2. Let a > b > 0. If a = bq + r, then
gcd(a, b) = gcd(b, r).
Proof. It suces to show that C(a, b) = C(b, r), that is, the common divisors
of a and b are the same as the common divisors of b and r. To show this
rst let d [ a and d [ b. Note that r = a bq, which is a linear combination
of a and b. So by Theorem 3.1(3) d [ r. Thus d [ b and d [ r. Next assume
d [ b and d [ r. Using Theorem 3.1(3) again and the fact that a = bq + r is
a linear combination of b and r, we have d [ a. So d [ a and d [ b. We have
thus shown that C(a, b) = C(b, r). So gcd(a, b) = gcd(b, r).
23
24 CHAPTER 7. THE EUCLIDEAN ALGORITHM
Remark 7.2. The Euclidean Algorithm is the process of using Lemmas 7.2
and 7.1 to compute gcd(a, b) when a > b > 0.
Rather than give a precise statement of the algorithm I will give an ex-
ample to show how it goes.
Example 7.1. Lets compute gcd(803, 154).
gcd(803, 154) = gcd(154, 33) since 803 = 154 5 + 33
gcd(154, 33) = gcd(33, 22) since 154 = 33 4 + 22
gcd(33, 22) = gcd(22, 11) since 33 = 22 1 + 11
gcd(22, 11) = gcd(11, 0) since 22 = 11 1 + 0
gcd(11, 0) = 11.
Hence gcd(803, 154) = 11.
Remark 7.3. Note that we have formed the gcd of 803 and 154 without fac-
toring 803 and 154. This method is generally much faster than factoring and
can nd gcds when factoring is not feasible.
Exercise 7.2. Let a > b > 0. Show that gcd(a, b) = gcd(b, a mod b).
Remark 7.4. So if your calculator can compute a mod b you may use it when
executing the Euclidean Algorithm.
Exercise 7.3. Find gcd(a, b) using the Euclidean Algorithm for each of the
values below:
(1) a = 37, b = 60
(2) a = 793, b = 3172
(3) a = 25174, b = 42722
(4) a = 377, b = 233
Chapter 8
Bezouts Lemma
Lemma 8.1 (Bezouts Lemma). For all integers a and b there exist inte-
gers s and t such that
gcd(a, b) = sa + tb.
Proof. If a = b = 0 then s and t may be anything since
gcd(0, 0) = 0 = s 0 + t 0.
So we may assume that a ,= 0 or b ,= 0. Let
J = na + mb : n, m Z.
Note that J contains a, a, b and b since
a = 1 a + 0 b
a = (1) a + 0 b
b = 0 a + 1 b
b = 0 a + (1) b.
Since a ,= 0 or b ,= 0 one of the elements a, a, b, b is positive. So we can
say that J contains some positive integers. Let S denote the set of positive
integers in J. That is,
S = na + mb : na + mb > 0, n, m Z.
By the Well-Ordering Property for N, S contains a smallest positive in-
teger, call it d. Lets show that d = gcd(a, b). Note that since d S we have
25
26 CHAPTER 8. BEZOUTS LEMMA
d = sa+tb for some integers, s and t. Note also that d > 0. Let e = gcd(a, b).
Then e [ a and e [ b, so by Theorem 3.1 (3) e [ sa + tb, that is e [ d. Since e
and d are positive, by Theorem 3.1 (10) we have e d. So if we can show
that d is a common divisor of a and b we will know that e = d. To show d [ a
using the Division Algorithm we write a = dq + r where 0 r < d. Now
r = a dq
= a (sa + tb)q
= (1 sq)a + (tq)b.
Hence r J. If r > 0 then r S. But this cannot be since r < d and d is the
smallest integer in S. So we must have r = 0. That is, a = dq. Hence d [ a.
By a similar argument we can show that d [ b. Thus, d is indeed a common
divisor of a and b since d e = gcd(a, b), we must have d = gcd(a, b). As
noted already d = sa + tb, so the theorem is proved.
Example 8.1. 1 = gcd(2, 3) and we have 1 = (1)2 + 1 3. Also we have
1 = 2 2+(1)3. So the numbers s and t in Bezouts Lemma are not uniquely
determined. In fact, as we will see later there are innitely many choices for
s and t for each pair a, b.
Remark 8.1. The above proof is an existence theorem. It asserts the existence
of s and t, but does not provide a way to actually nd s and t. Also the proof
does not give any clue about how to go about calculating s and t. We will
give an algorithm in the next chapter for nding s and t.
Chapter 9
Blankinships Method
In an article in the August-September 1963 issue of the American Mathe-
matical Monthly, W.A. Blankinship
1
gave a simple method to produce the
integers s and t in Bezouts Lemma and at the same time produce gcd(a, b):
Given a > b > 0 we start with the array
_
a 1 0
b 0 1
_
Then we continue to add multiples of one row to another row, alternating
choice of rows until we reach an array of the form
_
0 x
1
x
2
d y
1
y
2
_
or
_
d y
1
y
2
0 x
1
x
2
_
Then d = gcd(a, b) = y
1
a + y
2
b. [The goal is to get a 0 in the rst column.]
Examples 9.1. First take a = 35, b = 15.
_
35 1 0
15 0 1
_
Note 35 = 15 2 + 5, hence
35 + 15(2) = 5.
1
Thanks to Chris Miller for bringing this method to my attention.
27
28 CHAPTER 9. BLANKINSHIPS METHOD
So we multiply row 2 by 2 and add it to row 1, getting
_
5 1 2
15 0 1
_
Now 3 5 = 15 or 15 +(3)5 = 0, so we multiply row 1 by 3 and add it to
row 2, getting
_
5 1 2
0 3 7
_
.
Now we can say that
gcd(35, 15) = 5
and
5 = 1 35 + (2) 15.
Lets now consider a more complicated example: Take a = 1876, b = 365.
_
1876 1 0
365 0 1
_
Now 1876 = 365 5 +51 so we add 5 times the second row to the rst row,
getting:
_
51 1 5
365 0 1
_
Now 365 = 51 7 + 8, so we add 7 times row 1 to row 2, getting:
_
51 1 5
8 7 36
_
Now 51 = 8 6 + 3, so we add 6 times row 2 to row 1, getting:
_
3 43 221
8 7 36
_
Now 8 = 3 2 + 2, so we add 2 times row 1 to row 2, getting:
_
3 43 221
2 93 478
_
Then 3 = 2 1 + 1, so we add 1 times row 2 to row 1, getting:
_
1 136 699
2 93 478
_
29
Finally, 2 = 1 2 so if we add 2 times row 1 to row 2 we get:
()
_
1 136 699
0 365 1876
_
.
This tells us that
gcd(1876, 365) = 1
and
() 1 = 136 1876 + (699)365.
Note that it was not necessary to compute the last two entries 365 and
1876 in (). It is a good idea however to check that equation () holds. In
this case we have:
136 1876 = 255136
(699) 365 = 255135
1
So it is correct.
Why Blankinships Method works: Note that just looking at what
happens in the rst column you see that we are just doing the Euclidean
Algorithm, so when one element in column 1 is 0, the other is, in fact, the
gcd. Note that at the start we have
_
a 1 0
b 0 1
_
and
a = 1 a + 0 b
b = 0 a + 1 b.
One can show that at every intermediate step
_
a
1
x
1
x
2
b
1
y
1
y
2
_
we always have
a
1
= x
1
a + x
2
b
b
1
= y
1
a + y
2
b,
and the result follows. I will omit the details.
30 CHAPTER 9. BLANKINSHIPS METHOD
Exercise 9.1. Use Blankinships method to compute the s and t in Bezouts
Lemma for each of the following values of a and b.
(1) a = 267, b = 112
(2) a = 216, b = 135
(3) a = 11312, b = 11321
Exercise 9.2. Show that if 1 = as + bt then gcd(a, b) = 1.
Exercise 9.3. Find integers a, b, d, s, t such that all of the following hold
(1) a > 0, b > 0,
(2) d = sa + tb, and
(3) d ,= gcd(a, b).
Note that d in Exercise 9.3 cannot be 1 by Exercise 9.2.
Chapter 10
Prime Numbers
Denition 10.1. An integer p is prime if p 2 and the only positive
divisors of p are 1 and p. An integer n is composite if n 2 and n is not
prime.
Remark 10.1. The number 1 is neither prime nor composite.
Lemma 10.1. An integer n 2 is composite if and only if there are integers
a and b such that n = ab, 1 < a < n, and 1 < b < n.
Proof. Let n 2. If n is composite there is a positive integer a such that
a ,= 1, a ,= n and a [ n. This means that n = ab for some b. Since n and a
are positive so is b. Hence 1 a and 1 b. By Theorem 3.1(10) a n and
b n. Since a ,= 1 and a ,= n we have 1 < a < n. If b = 1 then a = n, which
is not possible, so b ,= 1. If b = n then a = 1, which is also not possible. So
1 < b < n. The converse is obvious.
Lemma 10.2. If n > 1, there is a prime p such that p [ n.
Proof. Assume there is some integer n > 1 which has no prime divisor. Let
S denote the set of all such integers. By the Well-Ordering Property there
is a smallest such integer, call it m. Now m > 1 and has no prime divisor.
So m cannot be prime. Hence m is composite. Therefore by Lemma 10.1
m = ab, 1 < a < m, 1 < b < m.
Since 1 < a < m then a is not in the set S. So a must have a prime divisor,
call it p. Then p [ a and a [ m so by Theorem 3.1, p [ m. This contradicts
the fact that m has no prime divisor. So the set S must be empty and this
proves the lemma.
31
32 CHAPTER 10. PRIME NUMBERS
Theorem 10.1 (Euclids Theorem). There are innitely many prime
numbers.
Proof. Assume, by way of contradiction, that there are only a nite number
of prime numbers, say:
p
1
, p
2
, . . . , p
n
.
Dene
N = p
1
p
2
p
n
+ 1.
Since p
1
2, clearly N 3. So by Lemma 10.2 N has a prime divisor p. By
assumption p = p
i
for some i = 1, . . . , n. Let a = p
1
p
n
. Note that
a = p
i
(p
1
p
2
p
i1
p
i+1
p
n
) ,
so p
i
[ a. Now N = a + 1 and by assumption p
i
[ a + 1. So by Exercise 3.2
p
i
[ (a + 1) a, that is p
i
[ 1. By Basic Axiom 3 in Chapter 1 this implies
that p
i
= 1. This contradicts the fact that primes are > 1. It follows that
the assumption that there are only nitely many primes is not true.
Exercise 10.1. Use the idea of the above proof to show that if q
1
, q
2
, . . . , q
n
are primes there is a prime q / q
1
, . . . , q
n
. Hint: Take N = q
1
q
n
+1. By
Lemma 10.2 there is a prime q such that q [ N. Prove that q / q
1
, . . . , q
n
.
Exercise 10.2. Let p
1
= 2, p
2
= 3, p
3
= 5, . . . and, in general, p
i
= the i-th
prime. Prove or disprove that
p
1
p
2
p
n
+ 1
is prime for all n 1. [Hint: If n = 1 we have 2 + 1 = 3 is prime. If n = 2
we have 2 3 + 1 = 7 is prime. If n = 3 we have 2 3 5 + 1 = 31 is prime.
Try the next few values of n. You may want to use the next theorem to check
primality.]
Theorem 10.2. If n > 1 is composite then n has a prime divisor p
n.
Proof. Let n > 1 be composite. Then n = ab where 1 < a < n and 1 < b < n.
I claim that one of a or b is
n and b >
n. Hence
n = ab >
n
n.
33
Remark 10.2. We can use Theorem 10.2 to help decide whether or not an
integer is prime: To check whether or not n > 1 is prime we need only try
to divide it by all primes p
n. If none of these primes divides n then n
must be prime.
Example 10.1. Consider the number 97. Note that
97 <
100 = 10.
The primes 10 are 2, 3, 5, and 7. One easily checks that 97 mod 2 = 1,
97 mod 3 = 1, 97 mod 5 = 2, 97 mod 7 = 6. So none of the primes 2, 3, 5, 7
divide 97 and 97 is prime by Theorem 10.2.
Exercise 10.3. By using Theorem 10.2, as in the above example, determine
the primality
1
of the following integers:
143, 221, 199, 223, 3521.
Denition 10.2. Let x R, x > 0. (x) denotes the number of primes p
such that p x.
For example, since the only primes p 10 are 2, 3, 5, and 7 we have
(10) = 4.
Here is a table of values of (10
i
) for i = 2, . . . , 10. I also include known
approximations to (x). Note that the formulas for the approximations do
not give integer values, but for the table I have rounded each to the nearest
integer. The values in the table were computed using Maple.
x (x)
x
ln(x)
x
ln(x)1
_
x
2
1
ln(t)
dt
10
2
25 22 28 29
10
3
168 145 169 177
10
4
1229 1086 1218 1245
10
5
9592 8686 9512 9629
10
6
78498 72382 78030 78627
10
7
664579 620421 661459 664917
10
8
5761455 5428681 5740304 5762208
10
9
50847534 48254942 50701542 50849234
10
10
455052511 434294482 454011971 455055614
You may judge for yourself which approximations appear to be the best. This
table has been continued up to 10
21
, but people are still working on nding
1
This means determine whether or not each number is prime.
34 CHAPTER 10. PRIME NUMBERS
the value of (10
22
). Of course, the approximations are easy to compute with
Maple but the exact value of (10
22
) is dicult to nd.
The above approximations are based on the so-called Prime Number The-
orem rst conjectured by Gauss in 1793 but not proved till over 100 years
later by Hadamard and Vallee Poussin.
Theorem 10.3 (The Prime Number Theorem).
() (x)
x
ln(x)
for all x > 0.
Remark 10.3. () means that
lim
x
(x)
x
ln(x)
= 1.
Although there are innitely many primes there are long stretches of
consecutive integers containing no primes.
Theorem 10.4. For any positive integer n there is an integer a such that
the n consecutive integers
a, a + 1, a + 2, . . . , a + (n 1)
are all composite.
Proof. Given n 1 let a = (n + 1)! + 2. We claim that all the numbers
a + i, 0 i n 1
are composite. Since (n + 1) 2 clearly 2 [ (n + 1)! and 2 [ 2. Hence
2 [ (n + 1)! + 2. Since (n + 1)! + 2 > 2, (n + 1)! + 2 is composite. Consider
a + i = (n + 1)! + i + 2
where 0 i n1 so 2 i +2 n+1. Thus i +2 [ (n+1)! and i +2 [ i +2.
Therefore i + 2 [ a + i. Now a + i > i + 2 > 1, so a + i is composite.
Exercise 10.4. Use the Prime Number Theorem and a calculator to approx-
imate the number of primes 10
8
. Note ln(10
8
) = 8 ln(10).
Exercise 10.5. Find 10 consecutive composite numbers.
35
Exercise 10.6. Prove that 2 is the only even prime number. (Joke: Hence
it is said that 2 is the oddest prime.)
Exercise 10.7. Prove that if a and n are positive integers such that n 2
and a
n
1 is prime then a must be 2. [Hint: By Exercise 2.4
1 + x + x
2
+ + x
n1
=
(x
n
1)
x 1
that is,
x
n
1 = (x 1)
_
1 + x + x
2
+ + x
n1
_
if x ,= 1 and n 1.]
Exercise 10.8. (a) Is 2
n
1 always prime if n 2? Explain. (b) Is 2
n
1
always prime if n is prime? Explain.
Exercise 10.9. Show that if p and q are primes and p [ q, then p = q.
36 CHAPTER 10. PRIME NUMBERS
Chapter 11
Unique Factorization
Our goal in this chapter is to prove the following fundamental theorem.
Theorem 11.1 (The Fundamental Theorem of Arithmetic). Every
integer n > 1 can be written uniquely in the form
n = p
1
p
2
p
s
,
where s is a positive integer and p
1
, p
2
, . . . , p
s
are primes satisfying
p
1
p
2
p
s
.
Remark 11.1. If n = p
1
p
2
p
s
where each p
i
is prime, we call this the prime
factorization of n. Theorem 11.1 is sometimes stated as follows:
Every integer n > 1 can be expressed as a product n = p
1
p
2
p
s
,
for some positive integer s, where each p
i
is prime and this fac-
torization is unique except for the order of the primes p
i
.
Note for example that
600 = 2 2 2 3 5 5
= 2 3 2 5 2 5
= 3 5 2 2 2 5
etc.
Perhaps the nicest way to write the prime factorization of 600 is
600 = 2
3
3 5
2
.
37
38 CHAPTER 11. UNIQUE FACTORIZATION
In general it is clear that n > 1 can be written uniquely in the form
() n = p
a
1
1
p
a
2
2
p
as
s
, some s 1,
where p
1
< p
2
< < p
s
and a
i
1 for all i. Sometimes () is written
n =
s
i=1
p
a
i
i
.
Here
1147 (p
1716) in succession.
42 CHAPTER 11. UNIQUE FACTORIZATION
Chapter 12
Fermat Primes and Mersenne
Primes
Finding large primes and proving that they are indeed prime is not easy. One
way to nd large primes is to look at numbers that have some special form,
for example, numbers of the form a
n
+1 or a
n
1. It is easy to rule out some
values of a and n. For example we have:
Theorem 12.1. Let a > 1 and n > 1. Then
(1) a
n
1 is prime a = 2 and n is prime
(2) a
n
+ 1 is prime a is even and n = 2
k
for some k 1.
Proof of (1). We know from Exercise 2.5, page 6, that
() a
n
1 = (a 1)(a
n1
+ + a + 1)
Note that if a > 2 and n > 1 then a1 > 1 and a
n1
+ +a+1 > a+1 > 3
so both factors in () are > 1 and a
n
1 is not prime. Hence if a
n
1 is
prime we must have a = 2. Now suppose 2
n
1 is prime. We claim that n
is prime. If not n = st where 1 < s < n, 1 < t < n. Then
2
n
1 = 2
st
1 = (2
s
)
t
1
is prime. But we just showed that if a
n
1 is prime we must have a = 2. So
we must have 2
s
= 2. Hence s = 1, t = n. So n is not composite. Hence n
must be prime. This proves (1).
43
44 CHAPTER 12. FERMAT PRIMES AND MERSENNE PRIMES
Proof of (2). From () on p. 43 we have
() a
n
1 = (a 1)(a
n1
+ a
n2
+ + a + 1).
Replace a by a in () and we get
() (a)
n
1 = (a 1)
_
(a)
n1
+ (a)
n2
+ + (a) + 1
_
Since n is odd, n 1 is even, n 2 is odd, . . . , etc., we have (a)
n
=
a
n
, (a)
n1
= a
n1
, (a)
n2
= a
n2
, . . . , etc. So () yields
(a
n
+ 1) = (a + 1)
_
a
n1
a
n2
+ +a + 1
_
.
Multiplying both sides by 1 we get
(a
n
+ 1) = (a + 1)(a
n1
a
n2
+ a + 1)
when n is odd. If n 2 we have 1 < a + 1 < a
n
+ 1. This shows that if n is
odd and a > 1, a
n
+1 is not prime. Suppose n = 2
s
t where t is odd. Then if
a
n
+1 is prime we have (a
2
s
)
t
+1 is prime. But by what we just showed this
cannot be prime if t is odd and t 2. So we must have t = 1 and n = 2
s
.
Also a
n
+1 prime implies that a is even since if a is odd so is a
n
. Then a
n
+1
would be even. The only even prime is 2. But since we assume a > 1 we
have a 2 so a
n
+ 1 3.
Denition 12.1. A number of the form M
n
= 2
n
1, n 2, is said to be
a Mersenne number. If M
n
is prime, it is called a Mersenne prime. A
number of the form F
n
= 2
(2
n
)
+ 1, n 0, is called a Fermat number. If
F
n
is prime, it is called a Fermat prime.
One may prove that F
0
= 3, F
1
= 5, F
2
= 17, F
3
= 257 and F
4
= 65537
are primes. As n increases the numbers F
n
= 2
(2
n
)
+ 1 increase in size
very rapidly, and are not easy to check for primality. It is known that F
n
is
composite for many values of n 5. This includes all n such that 5 n 30
and a large number of other values of n including 382447 (the largest one I
know of). It is now conjectured that F
n
is composite for n 5. So Fermats
original thought that F
n
is prime for n 0 seems to be pretty far from
reality.
Exercise 12.1. Use Maple to factor F
5
. [Go to any campus computer lab.
Click or double-click on the Maple iconor ask the lab assistant where it is
located. When the window comes up, type at the prompt > the following:
45
> ifactor(2^32 + 1);
Hit the return key and you will get the answer.]
M
3
= 2
3
1 = 7 is a Mersenne prime and M
4
= 2
4
1 = 15 is a Mersenne
number which is not a prime. At rst it was thought that M
p
= 2
p
1 is
prime whenever p is prime. But M
11
= 2
11
1 = 2047 = 23 89 is not prime.
Over the years people have continued to work on the problem of deter-
mining for which primes p, M
p
= 2
p
1 is prime. To date 39 Mersenne
primes have been found. It is known that 2
p
1 is prime if p is one of the
following 39 primes 2, 3, 5, 7, 13, 17, 19, 31, 61, 89, 107, 127, 521, 607, 1279,
2203, 2281, 3217, 4253, 4423, 9689, 9941, 11213, 19937, 21701, 23209, 44497,
86243, 110503, 132049, 216091, 756839, 859433, 1257787, 1398269, 2976221,
3021377, 6972593, 13466917.
The largest one, M
13466917
= 2
13466917
1, was found on November 14,
2001. The decimal representation of this number has 4, 053, 946 digits. It was
found by the team of Michael Cameron, George Woltman, Scott Kurowski et
al, as a part of the Great Internet Mersenne Prime Search (GIMPS),
see Chris Caldwells page for more about this. This prime could be the 39th
Mersenne prime (in order of size), but we will only know this for sure when
GIMPS completes testing all exponents below this one.You can nd the link
to Chris Caldwells page on the class syllabus on my homepage. Later we
show the connection between Mersenne primes and perfect numbers.
Lemma 12.1. If M
n
is prime, then n is prime.
Proof. This is immediate from Theorem 12.1 (1).
The most basic question about Mersenne primes is: Are there innitely many
Mersenne primes?
Exercise 12.2. Determine which Mersenne numbers M
n
are prime when
2 n 12. You may use Maple for this exercise. The Maple command for
determining whether or not an integer n is prime is
isprime(n);
The following primality test for Mersenne numbers makes it easier to
check whether or not M
p
is prime when p is a large prime.
46 CHAPTER 12. FERMAT PRIMES AND MERSENNE PRIMES
Theorem 12.2 (The Lucas-Lehmer Mersenne Prime Test). Let p be
an odd prime. Dene the sequence
r
1
, r
2
, r
3
, . . . , r
p1
by the rules
r
1
= 4
and for k 2,
r
k
= (r
2
k1
2) mod M
p
.
Then M
p
is prime if and only if r
p1
= 0.
[The proof of this is not easy. One place to nd a proof is the book A
Selection of Problems in the Theory of Numbers by W. Sierpinski, Pergamon
Press, 1964.]
Example 12.1. Let p = 5. Then M
p
= M
5
= 31.
r
1
= 4
r
2
= (4
2
2) mod 31 = 14 mod 31 = 14
r
3
= (14
2
2) mod 31 = 194 mod 31 = 8
r
4
= (8
2
2) mod 31 = 62 mod 31 = 0.
Hence by the Lucas-Lehmer test, M
5
= 31 is prime.
Exercise 12.3. Show using the Lucas-Lehmer test that M
7
= 127 is prime.
Remark 12.1. Note that the Lucas-Lehmer test for M
p
= 2
p
1 takes only
p1 steps. On the other hand, if one attempts to prove M
p
prime by testing
all primes
_
M
p
one must consider about 2
p
2
steps. This is MUCH larger
than p in general.
Chapter 13
The Functions and
Denition 13.1. For n > 0 dene:
(n) = the number of positive divisors of n,
(n) = the sum of the positive divisors of n.
Example 13.1. 12 = 3 2
2
has positive divisors
1, 2, 3, 4, 6, 12.
Hence
(12) = 6
and
(12) = 1 + 2 + 3 + 4 + 6 + 12 = 28.
Denition 13.2. A positive divisor d of n is said to be a proper divisor
of n if d < n. We denote the sum of all proper divisors of n by
(n).
Note that if n 2 then
(n) = (n) n.
Example 13.2.
(12) = 16.
Denition 13.3. n > 1 is perfect if
(n) = n.
Example 13.3. The proper divisors of 6 are 1, 2 and 3. So
(6) = 6.
Therefore 6 is perfect.
47
48 CHAPTER 13. THE FUNCTIONS AND
Exercise 13.1. Prove that 28 is perfect.
The next theorem shows a simple way to compute (n) and (n) from
the prime factorization of n.
Theorem 13.1. Let
n = p
e
1
1
p
e
2
2
p
er
r
, r 1,
where p
1
< p
2
< < p
r
are primes and e
i
0 for each i 1, 2, . . . , r.
Then
(1) (n) = (e
1
+ 1)(e
2
+ 1) (e
r
+ 1)
(2) (n) =
_
p
e
1
+1
1
1
p
1
1
__
p
e
2
+1
2
1
p
2
1
_
_
p
er+1
r
1
p
r
1
_
.
Before proving this lets look at an example. Take n = 72 = 8 9 = 2
3
3
2
.
The theorem says
(72) = (3 + 1)(2 + 1) = 12
(72) =
_
2
4
1
2 1
__
3
3
1
3 1
_
= 15 13 = 195.
[Proof of Theorem 13.1 (1)] From the Fundamental Theorem of Arithmetic
every positive factor d of n will have its prime factors coming from those of
n. Hence d [ n i d = p
f
1
1
p
f
2
2
p
fr
r
where for each i:
0 f
i
e
i
.
That is, for each f
i
we can choose a value in the set of e
i
+ 1 numbers
0, 1, 2, . . . , e
i
. So, in all, there are (e
1
+ 1)(e
2
+ 1) (e
r
+ 1) choices for
the exponents f
1
, f
2
, . . . , f
r
. So (1) holds.
[Proof of (2)] We rst establish two lemmas.
Lemma 13.1. Let n = ab where a > 0, b > 0 and gcd(a, b) = 1. Then
(n) = (a)(b).
Proof. Since a and b have only 1 as a common factor, using the Fundamental
Theorem of Arithmetic it is easy to see that d [ ab d = d
1
d
2
where d
1
[ a
49
and d
2
[ b. That is, the divisors of ab are products of the divisors of a and
the divisors of b. Let
1, a
1
, . . . , a
s
denote the divisors of a and let
1, b
1
, . . . , b
t
denote the divisors of b. Then
(a) = 1 + a
1
+ a
2
+ + a
s
,
(b) = 1 + b
1
+ b
2
+ + b
t
.
The divisors of n = ab can be listed as follows
1, b
1
, b
2
, . . . , b
t
,
a
1
1, a
1
b
1
, a
1
b
2
, . . . , a
1
b
t
,
a
2
1, a
2
b
1
, a
2
b
2
, . . . , a
2
b
t
,
.
.
.
a
s
1, a
s
b
1
, a
s
b
2
, . . . , a
s
b
t
.
It is important to note that since gcd(a, b) = 1, a
i
b
j
= a
k
b
implies that
a
i
= a
k
and b
j
= b
? [Hint: The
answer is no, but nd explicit numbers a and b such that the result fails yet
gcd(a, b) = 1.]
52 CHAPTER 13. THE FUNCTIONS AND
Chapter 14
Perfect Numbers and Mersenne
Primes
If you do a search for perfect numbers up to 10, 000 you will nd only the
following perfect numbers:
6 = 2 3,
28 = 2
2
7,
496 = 2
4
31,
8128 = 2
6
127.
Note that 2
2
= 4, 2
3
= 8, 2
5
= 32, 2
7
= 128 so we have:
6 = 2 (2
2
1),
28 = 2
2
(2
3
1),
496 = 2
4
(2
5
1),
8128 = 2
6
(2
7
1).
Note also that 2
2
1, 2
3
1, 2
5
1, 2
7
1 are Mersenne primes. One might
conjecture that all perfect numbers follow this pattern. We discuss to what
extent this is known to be true. We start with the following result.
Theorem 14.1. If 2
p
1 is a Mersenne prime, then 2
p1
(2
p
1) is perfect.
Proof. Write q = 2
p
1 and let n = 2
p1
q. Since q is odd and prime, by
Theorem 13.1 (2) we have (n) = (2
p1
q) =
_
2
p
1
21
_
_
q
2
1
q1
_
= (2
p
1)(q +
1) = (2
p
1)2
p
= 2n. That is, (n) = 2n and n is perfect.
53
54 CHAPTER 14. PERFECT NUMBERS AND MERSENNE PRIMES
Now we show that all even perfect numbers have the conjectured form.
Theorem 14.2. If n is even and perfect then there is a Mersenne prime
2
p
1 such that n = 2
p1
(2
p
1).
Proof. Let n be even and perfect. Since n is even, n = 2m for some m. We
take out as many powers of 2 as possible obtaining
() n = 2
k
q, k 1, q odd.
Since n is perfect
(q) = (q) q, so
(q) =
(q) + q.
Putting this in () we get
2
k+1
q = (2
k+1
1)(
(q) + q)
or
2
k+1
q = (2
k+1
1)
(q) + 2
k+1
q q
which implies
( )
(q)(2
k+1
1) = q.
In other words,
such that aa
< m.
We call a
by
a
1
since this might cause some confusion. Of course, if c a
(mod m)
then ac 1 (mod m) so a
< m.
Proof. If gcd(a, m) = 1, then by Bezouts Lemma there exist s and t such
that
as + mt = 1.
Hence
as 1 = m(t),
that is, m [ as 1 and so as 1 (mod m). Let a
= s mod m. Then a
s
(mod m) so aa
< m.
To show uniqueness assume that ac 1 (mod m) and 0 < c < m. Then
ac aa
(mod m).
It follows from Exercise 15.5 that c = a
.
Remark 18.1. From the above proof we see that Blankinships Method may
be used to compute the inverse of a when it exists, but for small m we may
71
72 CHAPTER 18. MORE PROPERTIES OF CONGRUENCES
often nd a
= 8.
Exercise 18.1. Show that the inverse of 2 modulo 7 is not the inverse of 2
modulo 15.
Theorem 18.2. Let m > 0. If ab 1 (mod m) then both a and b are
relatively prime to m.
Proof. If ab 1 (mod m), then m [ ab 1. So ab 1 = mt for some t.
Hence,
ab + m(t) = 1.
By Exercise 9.2 on page 30, this implies that gcd(a, m) = 1 and gcd(b, m) = 1,
as claimed.
Corollary 18.1. a has an inverse modulo m if and only if a and m are
relatively prime.
Theorem 18.3 (Cancellation). Let m > 0 and assume that gcd(c, m) = 1.
Then
() ca cb (mod m) a b (mod m).
Proof. If gcd(c, m) = 1, there is an integer c
such that c
c 1 (mod m).
Now since c
ca c
cb (mod m).
73
But c
c 1 (mod m) so
c
ca a (mod m)
and
c
cb b (mod m).
By reexivity and transitivity this yields
a b (mod m).
Exercise 18.2. Find specic positive integers a, b, c and m such that c , 0
(mod m), gcd(c, m) > 0, and ca cb (mod m), but a , b (mod m).
Although () above is not generally true when gcd(c, m) > 1, we do have
the following more general kinds of cancellation:
Theorem 18.4. If c > 0, m > 0 then
a b (mod m) ca cb (mod cm).
Exercise 18.3. Prove Theorem 18.4.
Theorem 18.5. Let m > 0 and let d = gcd(c, m). Then
ca cb (mod m) a b (mod
m
d
).
Proof. Since d = gcd(c, m) we can write c = d(
c
d
) and m = d(
m
d
). Then
gcd(
c
d
,
m
d
) = 1. Now rewriting ca cb (mod m) we have
d
c
d
a d
c
d
b (mod d
m
d
).
Since m > 0, d > 0, so by Theorem 18.4 we have
c
d
a
c
d
b (mod
m
d
).
Now since gcd(
c
d
,
m
d
) = 1, by Theorem 18.3
a b (mod
m
d
).
74 CHAPTER 18. MORE PROPERTIES OF CONGRUENCES
Theorem 18.6. If m > 0 and a b (mod m) we have
gcd(a, m) = gcd(b, m).
Proof. Since a b (mod m) we have ab = mt for some t. So we can write
(1) a = mt + b
and
(2) b = m(t) + a.
Let d = gcd(m, a) and e = gcd(m, b). Since e [ m and e [ b, from (1) e [ a so
e is a common divisor of m and a. Hence e d. Using (2) we see similarly
that d e. So d = e.
Corollary 18.2. Let m > 0. Let a b (mod m). Then a has an inverse
modulo m if and only if b does.
Proof. Immediate from Theorems 18.1, 18.2 and 18.6.
Exercise 18.4. Determine whether or not each of the following is true. Give
reasons in each case.
(1) x 3 (mod 7) gcd(x, 7) = 1
(2) gcd(68019, 3) = 3
(3) 12x 15 (mod 35) 4x 5 (mod 7)
(4) x 6 (mod 12) gcd(x, 12) = 6
(5) 3x 3y (mod 17) x y (mod 17)
(6) 5x y (mod 6) 15x 3y (mod 18)
(7) 12x 12y (mod 15) x y (mod 5)
(8) x 73 (mod 75) x mod 75 = 73
(9) x 73 (mod 75) and 0 x < 75 x = 73
(10) There is no integer x such that
12x 7 (mod 33).
Chapter 19
Residue Classes
Denition 19.1. Let m > 0 be given. For each integer a we dene
(1) [a] = x : x a (mod m).
In other words, [a] is the set of all integers that are congruent to a modulo
m. We call [a] the residue class of a modulo m. Some people call [a] the
congruence class or equivalence class of a modulo m.
Theorem 19.1. For m > 0 we have
(2) [a] = mq + a [ q Z.
Proof. x [a] x a (mod m) m [ x a x a = mq for some
q Z x = mq + a for some q Z. So (2) follows from the denition
(1).
Note that [a] really depends on m and it would be more accurate to write
[a]
m
instead of [a], but this would be too cumbersome. Nevertheless it should
be kept clearly in mind that [a] depends on some understood value of m.
Remark 19.1. Two alternative ways to write (2) are
(3) [a] = mq + a [ q = 0, 1, 2, . . .
or
(4) [a] = . . . , 2m + a, m + a, a, m + a, 2m + a, . . . .
75
76 CHAPTER 19. RESIDUE CLASSES
Exercise 19.1. Show that if m = 2 then [1] is the set of all odd integers and
[0] is the set of all even integers. Show also that Z = [0] [1] and [0] [1] = .
Exercise 19.2. Show that if m = 3, then [0] is the set of integers divisible
by 3, [1] is the set of integers whose remainder when divided by 3 is 1, and
[2] is the set of integers whose remainder when divided by 3 is 2. Show also
that Z = [0] [1] [2] and [0] [1] = [0] [2] = [1] [2] = .
Theorem 19.2. For a given modulus m > 0 we have:
[a] = [b] a b (mod m).
Proof. Assume [a] = [b]. Note that since a a (mod m) we have
a [a]. Since [a] = [b] we have a [b]. By denition of [b] this gives a b
(mod m), as desired.
Assume a b (mod m). We must prove that the sets [a] and [b] are
equal. To do this we prove that every element of [a] is in [b] and vice-versa.
Let x [a]. Then x a (mod m). Since a b (mod m), by transitivity
x b (mod m) so x [b]. Conversely, if x [b], then x b (mod m). By
symmetry since a b (mod m), b a (mod m), so again by transitivity
x a (mod m) and x [a]. This proves that [a] = [b].
Theorem 19.3. Given m > 0. For every a there is a unique r such that
[a] = [r] and 0 r < m.
Proof. Let r = a mod m. Then by Exercise 15.1 (p. 59) we have a r
(mod m). By deniton of a mod m we have 0 r < m. Since a r
(mod m) by Theorem 19.2, [a] = [r]. To prove that r is unique, suppose
also [a] = [r
] where 0 r
= a mod m = r.
Theorem 19.4. Given m > 0, there are exactly m distinct residue classes
modulo m, namely,
[0], [1], [2], . . . , [m1].
Proof. By Theorem 19.3 we know that every residue class [a] is equal to one
of the residue classes: [0], [1], . . . , [m 1]. So there are no residue classes
not in this list. These residue classes are distinct by the uniqueness part of
Theorem 19.3, namely if 0 r
1
< m and 0 r
2
< m and [r
1
] = [r
2
], then
by the uniqueness part of Theorem 19.3 we must have r
1
= r
2
.
77
Exercise 19.3. Given the modulus m > 0 show that [a] = [a + m] and
[a] = [a m] for all a.
Exercise 19.4. For any m > 0, show that if x [a] then [a] = [x].
Denition 19.2. Any element x [a] is said to be a representative of the
residue class [a].
By Exercise 19.4 if x is a representative of [a] then [x] = [a], that is, any
element of a residue class may be used to represent it.
Exercise 19.5. For any m > 0, show that if [a] [b] ,= then [a] = [b].
Exercise 19.6. For any m > 0, show that if [a] ,= [b] then [a] [b] = .
Exercise 19.7. Let m = 2. Show that
[0] = [2] = [4] = [32] = [2] = [32]
and
[1] = [3] = [3] = [31] = [31].
78 CHAPTER 19. RESIDUE CLASSES
Chapter 20
Z
m
and Complete Residue
Systems
Throughout this section we assume a xed modulus m > 0.
Denition 20.1. We dene
Z
m
= [a] [ a Z,
that is, Z
m
is the set of all residue classes modulo m. We call Z
m
the ring
of integers modulo m. In the next chapter we shall show how to add and
multiply residue classes. This makes Z
m
into a ring. See Appendix A for
the denition of ring. Often we drop the ring and just call Z
m
the integers
modulo m. From Theorem 19.4
Z
m
= [0], [1], . . . , [m1]
and since no two of the residue classes [0], [1], . . . , [m 1] are equal we see
that Z
m
has exactly m elements. By Exercise 19.4 if we choose
a
0
[0], a
1
[1], . . . , a
m1
[m1]
then
[a
0
] = [0], [a
1
] = [1], . . . , [a
m1
] = [m1].
So we also have
Z
m
= [a
0
], [a
1
], . . . , [a
m1
].
79
80 CHAPTER 20. Z
M
AND COMPLETE RESIDUE SYSTEMS
Example 20.1. If m = 4 we have, for example,
8 [0], 5 [1], 6 [2], 11 [3].
And hence:
Z
4
= [8], [5], [6], [11].
Denition 20.2. A set of m integers
a
0
, a
1
, . . . , a
m1
]
if a a
such that aa
] = [1]. So
[a][a
] = [aa
.
Note that from Theorem 18.6 we see that if [a] = [b] (i.e., a b (mod m))
then gcd(a, m) = 1 gcd(b, m) = 1. So in checking whether or not a residue
class is a unit we can use any representative of the class.
Exercise 22.1. Show that [1] and [m 1] are always units in Z
m
. Hint:
[m1] = [1].
Denition 22.2. The set of all units in Z
m
is denoted by U
m
and is called
the group of units of Z
m
. See Appendix A for the denition of a group.
Theorem 22.2. Let m > 0, then
U
m
= [i] [ 1 i m and gcd(i, m) = 1.
87
88 CHAPTER 22. THE GROUPS U
M
Proof. We know that if [a] Z
m
then [a] = [i] where 0 i m 1. If
m = 1 then Z
m
= Z
1
= [0] = [1] and since [1][1] = [1], [1] is a unit,
U
1
= [1] and the theorem holds. If m 2, then gcd(i, m) = 1 can only
happen if 1 i m 1, since gcd(0, m) = gcd(m, m) = m ,= 1. So the
theorem follows from Theorem 22.1 and the above remarks.
Theorem 22.3. (U
m
is a group
1
under multiplication.)
(1) If [a], [b] U
m
then [a][b] U
m
.
(2) For all [a], [b], [c] in U
m
we have ([a][b])[c] = [a]([b][c]).
(3) [1][a] = [a][1] = [a] for all [a] U
m
.
(4) For each [a] U
m
there is a [b] U
m
such that [a][b] = [1].
(5) For all [a], [b] U
m
we have [a][b] = [b][a].
Exercise 22.2. Prove Theorem 22.3.
Example 22.1. Using Theorem 22.2 we see that
U
15
= [1], [2], [4], [7], [8], [11], [13], [14]
= [1], [2], [4], [7], [7], [4], [2], [1].
Note that using absolute least residue modulo 15 simplies multiplication
somewhat. Rather than write out the entire multiplication table, we just nd
the inverse of each element of U
15
:
[1][1] = [1]
[2][7] = [2][8] = [1]
[4][4] = [1]
[7][2] = [7][13] = [1]
[4][4] = [11][11] = [1]
[1][1] = [14][14] = [1].
Exercise 22.3. Find the elements of U
7
in both least nonnegative and abso-
lute least residue form and nd the inverse of each element, as in the example
above.
1
Actually (1)(4) are all that is required for U
n
to be a group. Property (5) says that
U
n
is an Abelian group. See Appendix A.
89
Denition 22.3. If X is a set, the number of elements in X is denoted by
[X[.
Example 22.2. [1[ = 1, [0, 1, 3, 9[ = 4, [Z
m
[ = m if m > 0.
Denition 22.4. If m 1,
(m) = [i Z [ 1 i m and gcd(i, m) = 1[.
The function is called the Euler phi function or the Euler totient function.
Corollary 22.1. If m > 0,
[U
m
[ = (m).
Note that
U
1
= [1] so (1) = 1
U
2
= [1] so (2) = 1
U
3
= [1], [2] so (3) = 2
U
4
= [1], [3] so (4) = 2
U
5
= [1], [2], [3], [4] so (5) = 4
U
6
= [1], [5] so (6) = 2
U
7
= [1], [2], [3], [4], [5], [6] so (7) = 6.
Generally (m) is not easy to calculate. However, the following theorems
show that once the prime factorization of m is given, computing (m) is easy.
Theorem 22.4. If a > 0 and b > 0 and gcd(a, b) = 1, then
(ab) = (a)(b).
Theorem 22.5. If p is prime and n > 0 then
(p
n
) = p
n
p
n1
.
Theorem 22.6. Let p
1
, p
2
, . . . , p
k
be distinct primes and let n
1
, n
2
, . . . , n
k
be
positive integers, then
(p
n
1
1
p
n
2
2
p
n
k
k
) =
_
p
n
1
1
p
n
1
1
1
_
_
p
n
k
k
p
n
k
1
k
_
.
90 CHAPTER 22. THE GROUPS U
M
Before discussing the proofs of these three theorems, lets illustrate their
use:
(12) =
_
2
2
3
_
=
_
2
2
2
1
_ _
3
1
3
0
_
= 2 2 = 4
(9000) =
_
2
3
5
3
3
2
_
=
_
2
3
2
2
_ _
5
3
5
2
_ _
3
2
3
1
_
= 4 100 6 = 2400.
Note that if p is any prime then
(p) = p 1.
I will sketch a proof of Theorem 22.4 in Exercise 22.6 below. Now I give
the proof of Theorem 22.5.
Proof of Theorem 22.5. We want to count the number of elements in the
set A = 1, 2, . . . , p
n
that are relatively prime to p
n
. Let B be the set of
elements of A that have a factor > 1 in common with A. Note that if b B
and gcd (b, p
n
) = d > 1, then d is a factor of p
n
and d > 1 so d has p as a
factor. Hence b = pk, for some k, and p b p
n
, so p kp p
n
. It follows
that 1 k p
n1
. That is,
B =
_
p, 2p, 3p, . . . , kp, . . . , p
n1
p
_
.
We are interested in the number of elements of A not in B. Since [A[ = p
n
and [B[ = p
n1
, this number is p
n
p
n1
. That is, (p
n
) = p
n
p
n1
.
The proof of Theorem 22.6 follows from Theorems 22.4 and 22.5. The
proof is by induction on n and is quite similar to the proof of Theorem 13.1
(2) on page 50, so I omit the details.
Exercise 22.4. Find the sets U
m
, for 8 m 20. Note that [U
m
[ =
(m). Use Theorem 22.6 to calculate (m) and check that you have the
right number of elements for each set U
m
, 8 m 20.
Exercise 22.5. Show that if
m = p
n
1
1
p
n
2
2
p
n
k
k
where p
1
, . . . , p
k
are distinct primes and each n
i
1, then
(m) = m
_
1
1
p
1
__
1
1
p
2
_
_
1
1
p
k
_
.
91
Exercise 22.6. Let a and b be relatively prime positive integers. Write
n = ab. Dene the mapping f by the rule
f([x]
n
) = ([x]
a
, [x]
b
).
Here we denote the residue class of x modulo m by [x]
m
. First illustrate each
of the following for the special case a = 3 and b = 5. Then prove each in
general. (The proof is dicult and is optional.)
1. f : Z
n
Z
a
Z
b
is one-to-one and onto. (This is called the Chinese
Remainder Theorem.)
2. f : U
n
U
a
U
b
is also a one-to-one, onto mapping.
3. Conclude from (2) that (ab) = (a)(b).
92 CHAPTER 22. THE GROUPS U
M
Chapter 23
Two Theorems of Euler and
Fermat
Fermats Big Theorem or, as it is also called, Fermats Last Theorem states
that x
n
+ y
n
= z
n
has no solutions in positive integers x, y, z when n > 2.
This was proved by Andrew Wiles in 1995 over 350 years after it was rst
mentioned by Fermat. The theorem that concerns us in this chapter is Fer-
mats Little Theorem. This theorem is much easier to prove, but has more
far reaching consequences for applications to cryptography and secure trans-
mission of data on the Internet. The rst theorem below is a generalization
of Fermats Little Theorem due to Euler.
Theorem 23.1 (Eulers Theorem). If m > 0 and a is relatively prime to
m then
a
(m)
1 (mod m).
Theorem 23.2 (Fermats Little Theorem). If p is prime and a is rela-
tively prime to p then
a
p1
1 (mod p).
Lets look at some examples. Take m = 12 then
(m) =
_
2
2
3
_
=
_
2
2
2
_
(3 1) = 4.
93
94 CHAPTER 23. TWO THEOREMS OF EULER AND FERMAT
The positive integers a < m with gcd(a, m) = 1 are 1, 5, 7 and 11.
1
4
1 (mod 12) is clear
5
2
1 (mod 12) since 12 [ 25 1
_
5
2
_
2
1
2
(mod 12)
5
4
1 (mod 12).
Now 7 5 (mod 12) and since 4 is even
7
4
5
4
(mod 12)
7
4
1 (mod 12).
11 1 (mod 12) and again since 4 is even we have
11
4
(1)
4
(mod 12)
and
11
4
1 (mod 12).
So we have veried Theorem 23.1 for the single case m = 12.
Exercise 23.1. Verify that Theorem 23.2 holds if p = 5 by direct calculation
as in the above example.
Denition 23.1. (Powers of residue classes.) If [a] U
m
dene [a]
1
= [a]
and for n > 1, [a]
n
= [a][a] [a] where there are n copies of [a] on the right.
Theorem 23.3. If [a] U
m
, then [a]
n
U
m
for n 1 and [a]
n
= [a
n
].
Proof. We prove that [a]
n
= [a
n
] U
m
for n 1 by induction on n.
If n = 1, [a]
1
= [a] = [a
1
] and by assumption [a] U
m
. Suppose
[a]
k
=
_
a
k
U
m
for some k 1. Then
[a]
k+1
= [a]
k
[a]
=
_
a
k
by Denition 21.1, p. 83
=
_
a
k+1
since a
k
a = a
k+1
.
So by the PMI, the theorem holds for n 1.
95
Note that for xed m > 0 if gcd(a, m) = 1 then [a] U
m
. And using
Theorem 23.3 we have
a
n
1 (mod m) [a
n
] = [1] [a]
n
= [1].
It follows that Eulers Theorem (Theorem 23.1) is equivalent to the fol-
lowing theorem.
Theorem 23.4. If m > 0 and [a] U
m
then
[a]
(m)
= [1].
A proof of Theorem 23.4 is outlined in the following exercise.
Exercise 23.2 (Optional). Let U
m
= X
1
, X
2
, . . . , X
(m)
. Here we write
X
i
for a residue class in U
m
to simplify notation.
1. Show that if X U
m
then
XX
1
, XX
2
, , XX
(m)
= U
m
.
2. Show that if X U
m
then
XX
1
XX
2
XX
(m)
= X
1
X
2
X
(m)
.
3. Let A = X
1
X
2
X
(m)
. Show that if X U
m
then X
(m)
A = A.
4. Conclude from (3) that X
(m)
= [1] and hence Theorem 23.4 is true.
Also Theorem 23.4 is an easy consequence of Lagranges Theorem, which
students who take (or have taken) a course in abstract algebra will learn
about (or will already know).
Exercise 23.3. Show that Fermats Little Theorem follows from Eulers
Theorem.
Exercise 23.4. Show that if p is prime then a
p
a (mod p) for all integers
a. Hint: Consider two cases: I. gcd(a, p) = 1 and II. gcd(a, p) > 1. Note
that in the second case p [ a.
Exercise 23.5. Let m > 0. Let gcd(a, m) = 1. Show that a
(m)1
is an
inverse for a modulo m. (See Theorem 18.1, p. 71.)
96 CHAPTER 23. TWO THEOREMS OF EULER AND FERMAT
Exercise 23.6. For all a 1, 2, 3, 4, 5, 6 nd the inverse a
of a modulo 7
by use of Exercise 23.5. Choose a
6.
Example 23.1. Note that Fermats Little Theorem can be used to simplify
the computation of a
n
mod p where p is prime. Recall that if a
n
r (mod p)
where 0 r < p, then a
n
mod p = r. We can do two things to simplify the
computation:
(1) Replace a by a mod p.
(2) Replace n by n mod (p 1).
Suppose we want to calculate
1234
7865435
mod 11.
Note that 1234 1+23+4 (mod 11), that is, 1234 2 (mod 11). Since
gcd(2, 11) = 1 we have 2
10
1 (mod 11). Now 7865435 = (786543) 10 + 5
so
2
7865435
2
(786543)10+5
(mod 11)
_
2
10
_
786543
2
5
(mod 11)
1
786543
2
5
(mod 11)
2
5
(mod 11),
and 2
5
= 32 10 (mod 11). Hence,
1234
7865435
10 (mod 11).
It follows that
1234
7865435
mod 11 = 10.
Exercise 23.7. Use the technique in the above example to calculate
28
1202
mod 13.
[Here you cannot use the mod 11 trick, of course.]
Chapter 24
Probabilistic Primality Tests
According to Fermats Little Theorem, if p is prime and 1 a p 1, then
a
p1
1 (mod p).
The converse is also true in the following sense:
Theorem 24.1. If m 2 and for all a such that 1 a m1 we have
a
m1
1 (mod m)
then m must be prime.
Proof. If the hypothesis holds, then for all a with 1 a m 1, we know
that a has an inverse modulo m, namely, a
m2
is an inverse for a modulo m.
By Theorem 18.2, this says that for 1 a m1, gcd(a, m) = 1. But if m
were not prime, then we would have m = ab with 1 < a < m, 1 < b < m.
Then gcd(a, m) = a > 1, a contradiction. So m must be prime.
Using the above theorem to check that p is prime we would have to check
that a
p1
1 (mod p) for a = 1, 2, 3, . . . , p 1. This is a lot of work.
Suppose we just know that 2
m1
1 (mod m) for some m > 2. Must m be
prime? Unfortunately, the answer is no.The smallest composite m satisfying
2
m1
1 (mod m) is m = 341.
Exercise 24.1. Use Maple (or do it via hand and or calculator) to verify
that 2
340
1 (mod 341) and that 341 is not prime.
97
98 CHAPTER 24. PROBABILISTIC PRIMALITY TESTS
The moral is that even if 2
m1
1 (mod m), the number m need not be
prime.
On the other hand, consider the case of m = 63. Note that
2
6
= 64 1 (mod 63).
Hence, 2
6
1 (mod 63). Raising both sides to the 10th power we have
2
60
1 (mod 63).
Then multiplying both sides by 2
2
we get
2
62
4 (mod 63)
since
4 , 1 (mod 63)
we have
2
62
, 1 (mod 63).
This tells us that 63 is not prime, without factoring 63. We emphasize that
in general if 2
m1
, 1 (mod m) then we can be sure that m is not prime.
FACT. There are 455,052,511 odd primes p 10
10
, all of which satisfy
2
p1
1 (mod p). There are only 14,884 composite numbers 2 < m 10
10
that satisfy 2
m1
1 (mod m). Thus, if 2 < m 10
10
and m satises
2
m1
1 (mod m), the probability m is prime is
455, 052, 511
455, 052, 511 + 14, 884
.999967292.
In other words, if you nd that 2
m1
1 (mod m), then it is highly likely
(but not a certainty) that m is prime, at least when m 10
10
. Thus the
following Maple procedure will almost always give the correct answer:
> is_prob_prime:=proc(n)
if n <=1 or Power(2,n-1) mod n <> 1 then
return "not prime";
else
return "probably prime";
end if;
end proc:
99
Note that the Maple command Power(a,n-1) mod n is an ecient way
to compute a
n1
mod n. We discuss this in more detail later. The procedure
is_prob_prime(n) just dened returns probably prime if 2
n1
mod n = 1
and not prime if n 1 or if 2
n1
mod n ,= 1. If the answer is not prime,
then we know denitely that n is not prime. If the answer is probably
prime, we know that there is a very small probability that n is not prime.
In practice, there are better probabilistic primality tests than that men-
tioned above. For more details see, for example, Elementary Number The-
ory, Fourth Edition, by Kenneth Rosen.
The built-in Maple procedure isprime is a very sophisticated probabilis-
tic primality test. The command isprime(n) returns false if n is not prime
and returns true if n is probably prime. So far no one has found an integer
n for which isprime(n) gives the wrong answer.
One might ask what happens if we use 3 instead of 2 in the above prob-
abilistic primality test. Or, better yet, what if we evaluate a
m1
mod m for
several dierent values of a.
Consider the following data:
The number of primes 10
6
is 78,498.
The number of composite numbers m 10
6
such that 2
m1
1 (mod m)
is 245.
The number of composite numbers m 10
6
such that 2
m1
1 (mod m)
and 3
m1
1 (mod m) is 66.
The number of composite numbers m 10
6
such that a
m1
1 (mod m)
for a 2, 3, 5, 7, 11, 13, 17, 19, 31, 37, 41 is 0.
Thus, we have the following result:
If m 10
6
and a
m1
1 (mod m) for a 2, 3, 5, 7, 11, 17, 19, 31, 37, 41,
then m is prime.
The above results for m 10
6
were found using Maple.
If m > 10
6
and a
m1
1 (mod m) for a 2, 3, 5, 7, 11, 17, 19, 31, 37, 41,
it is highly likely, but not certain, that m is prime. Actually the primality
test isprime that is built into Maple uses a somewhat dierent idea.
Exercise 24.2. Use Maple to show that
100 CHAPTER 24. PROBABILISTIC PRIMALITY TESTS
(1) 3
90
1 (mod 91), but 91 is not prime.
(2) 2
m1
1 (mod m) and 3
m1
1 (mod m) for m = 1105, but 1105 is
not prime.
[Hints. Note that a
n
1 (mod m) a
n
mod m = 1. In Maple, 3
90
is written 3^90 and 3
90
mod 91 is written 3^90 mod 91. A faster way to
compute a
n
mod m in Maple is to use the command Power(a,n) mod m .
Recall that ifactor(m) is the command to factor m.]
Chapter 25
The Base b Representation of n
Denition 25.1. Let b 2 and n > 0. We write
(1) n = [a
k
, a
k1
, . . . , a
1
, a
0
]
b
if and only if for some k 0
n = a
k
b
k
+ a
k1
b
k1
+ + a
1
b + a
0
where a
i
0, 1, . . . , b 1 for i = 0, 1, . . . , k. [a
k
, a
k1
, . . . , a
1
, a
0
] is called a
base b representation of n.
Remark 25.1. Base b is called
binary if b = 2,
ternary if b = 3,
octal if b = 8,
decimal if b = 10,
hexadecimal if b = 16.
If b is understood, especially if b = 10, we write a
k
a
k1
a
1
a
0
in place of
[a
k
, a
k1
, . . . , a
1
, a
0
]
10
. In the case of b = 16, which is used frequently in
computer science, the digits 10, 11, 12, 13, 14 and 15 are replaced by A,
B, C, D, E and F, respectively.
For a xed base b 2, the numbers a
i
0, 1, 2, . . . , b 1 in equation
(1) are called the digits of the base b representation of n. In the binary case
a
i
0, 1 and the a
i
s are called bits (bi nary digits).
101
102 CHAPTER 25. THE BASE B REPRESENTATION OF N
Here are a few examples:
(1) 267 = [5, 3, 1]
7
since 267 = 5 7
2
+ 3 7 + 1.
(2) 147 = [1, 0, 0, 1, 0, 0, 1, 1]
2
since 147 = 1 2
7
+ 0 2
6
+ 0 2
5
+ 1 2
4
+ 0 2
3
+ 0 2
2
+ 1 2 + 1.
(3) 4879 = [4, 8, 7, 9]
10
since 4879 = 4 10
3
+ 8 10
2
+ 7 10 + 9.
(4) 10705679 = [A, 3, 5, B, 0, F]
16
since 10705679 = 10 16
5
+ 3 16
4
+ 5 16
3
+ 11 16
2
+ 0 16 + 15.
(5) 107056791 = [107, 56, 791]
1000
since 107056791 = 107 1000
2
+ 56 1000 + 791.
Theorem 25.1. If b 2, then every n > 0 has a unique base b representation
of the form n = [a
k
, . . . , a
1
, a
0
]
b
with a
k
> 0.
Proof. Apply repeatedly the Division Algorithm as follows:
n = bq
0
+ r
0
, 0 r
0
< b
q
0
= bq
1
+ r
1
, 0 r
1
< b
q
1
= bq
2
+ r
2
, 0 r
2
< b
.
.
.
q
k1
= bq
k
+ r
k
, 0 r
k
< b
q
k
= bq
k+1
+ r
k+1
, 0 r
k+1
< b.
It is easy to see that if q
k
> 0:
n > q
0
> q
1
> > q
k
.
Since this cannot go on forever we eventually obtain q
.
I claim that n = [r
, r
1
, . . . , r
0
] if is the smallest integer such that q
= 0.
To see this, note that
n = bq
0
+ r
0
103
and
q
0
= bq
1
+ r
1
.
Hence
n = b (bq
1
+ r
1
) + r
0
n = b
2
q
1
+ br
1
+ r
0
.
Continuing in this way we nd that
n = b
+1
q
+ b
+ + br
1
+ r
0
.
And, since q
= 0 we have
() n = b
+ + br
1
+ r
0
,
which shows that
n = [r
, . . . , r
1
, r
0
]
b
.
To see that this representation is unique, note that from () we have
n = b
_
b
1
r
+ + r
1
_
+ r
0
, 0 r
0
< b.
By the Division Algorithm it follows that r
0
is uniquely determined by n,
as is the quotient q = b
1
r
+ + r
1
. A similar argument shows that r
1
is uniquely determined. Continuing in this way we see that all the digits
r
, r
1
, . . . , r
0
are uniquely determined.
Example 25.1.
(1) We nd the base 7 representation of 1,749.
1749 = 249 7 + 6
249 = 35 7 + 4
35 = 5 7 + 0
5 = 0 7 + 5
Hence 1749 = [5, 0, 4, 6]
7
.
104 CHAPTER 25. THE BASE B REPRESENTATION OF N
(2) We nd the base 12 representation of 19,151.
19, 151 = 1595 12 + 11
1, 595 = 132 12 + 11
132 = 11 12 + 0
11 = 0 12 + 11
19, 151 = [11, 0, 11, 11]
12
.
(3) Find the base 10 representation of 1,203.
1203 = 120 10 + 3
120 = 12 10 + 0
12 = 1 10 + 2
1 = 0 10 + 1
1203 = [1, 2, 0, 3]
10
.
(4) Find the base 2 (binary) representation of 137.
137 = 2 68 + 1
68 = 2 34 + 0
34 = 2 17 + 0
17 = 2 8 + 1
8 = 2 4 + 0
4 = 2 2 + 0
2 = 2 1 + 0
1 = 2 0 + 1
137 = [1, 0, 0, 0, 1, 0, 0, 1]
2
.
Exercise 25.1. Generalize the following observations
3 = [1, 1]
2
7 = [1, 1, 1]
2
15 = [1, 1, 1, 1]
2
31 = [1, 1, 1, 1, 1]
2
63 = [1, 1, 1, 1, 1, 1]
2
Prove your generalization. [HINT: See Exercise 2.5 on page 6.]
105
Exercise 25.2. Generalize the following observation:
8 = [2, 2]
3
26 = [2, 2, 2]
3
80 = [2, 2, 2, 2]
3
242 = [2, 2, 2, 2, 2]
3
Prove your generalization. [HINT: See Exercise 2.5 on page 6.]
Exercise 25.3. Generalize Exercises 25.1 and 25.2 to an arbitrary base b 2.
Remark 25.2. To nd the binary representation of a small number, the fol-
lowing method is often easier than the above method:
Given n > 0 let 2
n
1
be the largest power of 2 satisfying 2
n
1
n. Let 2
n
2
be the largest power of 2 satisfying
2
n
2
n 2
n
1
.
Let 2
n
3
be the largest power of 2 satisfying
2
n
3
n 2
n
1
2
n
2
.
Note that at this point we have
0 n (2
n
1
+ 2
n
2
+ 2
n
3
) < n (2
n
1
+ 2
n
2
) < n 2
n
1
< n.
Continuing in this way, eventually we get
0 = n (2
n
1
+ 2
n
2
+ + 2
n
k
) .
Then n = 2
n
1
+2
n
2
+ +2
n
k
, and this gives the binary representation of n.
Example 25.2. Take n = 137. Note that 2
1
= 2, 2
2
= 4, 2
3
= 8, 2
4
= 16,
2
5
= 32, 2
6
= 64, 2
7
= 128, and 2
8
= 256. Using the above method we
compute:
137 2
7
= 137 128 = 9,
9 2
3
= 1,
1 2
0
= 0.
So we have
137 = 2
7
+ 9 = 2
7
+ 2
3
+ 1,
137 = 2
7
+ 02
6
+ 02
5
+ 02
4
+ 2
3
+ 02
2
+ 0 2 + 1.
So 137 = [1, 0, 0, 0, 1, 0, 0, 1]
2
.
106 CHAPTER 25. THE BASE B REPRESENTATION OF N
Exercise 25.4. Show how to use both methods to nd the binary represen-
tation of 455.
Exercise 25.5. Make a vertical list of the binary representation of the inte-
gers 1 to 16.
Chapter 26
Computation of a
N
mod m
Lets rst consider the question: What is the smallest number of multiplica-
tions required to compute a
N
where N is any positive integer?
Suppose we want to calculate 2
8
. One way is to perform the following 7
multiplications:
2
2
= 2 2 = 4
2
3
= 2 4 = 8
2
4
= 2 8 = 16
2
5
= 2 16 = 32
2
6
= 2 32 = 64
2
7
= 2 64 = 128
2
8
= 2 128 = 256
But we can do it in only 3 multiplications:
2
2
= 2 2 = 4
2
4
=
_
2
2
_
2
= 4 4 = 16
2
8
=
_
2
4
_
2
= 16 16 = 256
In general, using the method:
a
2
= a a, a
3
= a
2
a, a
4
= a
3
a, . . . , a
n
= a
n1
a
requires n 1 multiplications to compute a
n
.
107
108 CHAPTER 26. COMPUTATION OF A
N
MOD M
On the other hand if n = 2
k
then we can compute a
n
by successive
squaring with only k multiplications:
a
2
= a a
a
2
2
=
_
a
2
_
2
= a
2
a
2
a
2
3
=
_
a
2
2
_
2
= a
2
2
a
2
2
.
.
.
.
.
.
a
2
k
=
_
a
2
k1
_
2
= a
2
k1
a
2
k1
Note that the fact that
2
k
=
_
2
k1
_
2 = 2
k1
+ 2
k1
together with the Laws of Exponents:
(a
n
)
m
= a
nm
and
a
n
a
m
= a
n+m
is what makes this method work. Note that if n = 2
k
then k is generally a
lot smaller than n 1. For example,
1024 = 2
10
and 10 is quite a bit smaller than 1023.
If n is not a power of 2 we can use the following method to compute a
n
.
The Binary Method for Exponentiation. Let n be a positive integer.
Let x be any real number. This is a method for computing x
n
.
Step 1. Find the binary representation
n = [a
r
, a
r1
, . . . , a
0
]
2
for n.
109
Step 2. Compute the powers
x
2
, x
2
2
, x
2
3
, . . . , x
2
r
by successive squaring as shown above.
Step 3. Compute the product
x
n
= x
ar2
r
x
a
r1
2
r1
x
a
1
2
x
a
0
.
[Note each a
i
is 0 or 1, so all needed factors were obtained in Step 2.]
Example 26.1. Lets compute 3
15
. Note that 15 = 2
3
+ 2
2
+ 2 + 1 =
[1, 1, 1, 1]
2
. So this takes care of Step 1. For Step 2, we note that
3
2
= 3 3 = 9
3
2
2
= 9 9 = 81
3
2
3
= 81 81 = 6561
So 3
15
= 3
2
3
3
2
2
3
2
3
1
. For this we need 3 multiplications:
3 3
2
= 3 9 = 27
_
3 3
2
_
3
2
2
= 27 81 = 2187
_
3 3
2
3
2
2
_
3
2
3
= 2187 6561 = 14348907
So we have
3
15
= 14348907.
Note that we have used just 6 multiplications, which is less than the 14 it
would take if we used the naive method. Lets not forget that some additional
eort was needed to compute the binary representation of 15, but not much.
Theorem 26.1. Computing x
n
using the binary method requires log
2
(n)|
applications of the Division Algorithm and at most 2log
2
(n)| multiplications.
Proof. If n = [a
r
, . . . , a
0
]
2
, a
r
= 1, then n = 2
r
+ + a
1
2 + a
0
. Hence
() 2
r
n 2
r
+ 2
r1
+ + 2 + 1 = 2
r1
1 < 2
r+1
.
Since log
2
(2
x
) = x and when 0 < a < b we have log
2
(a) < log
2
(b), we have
from () that
log
2
(2
r
) log
2
(n) < log
2
_
2
r+1
_
110 CHAPTER 26. COMPUTATION OF A
N
MOD M
or
r log
2
(n) < r + 1.
Hence r = log
2
(n)|. Note that r is the number of times we need to apply
the Division Algorithm to obtain the binary representation n = [a
r
, . . . , a
0
]
2
,
a
r
= 1. To compute the powers x, x
2
, x
2
2
, . . . , x
2
r
by successive squaring
requires r = log
2
(n)| multiplications and similarly to compute the product
x
2
r
x
a
r1
2
r1
x
a
1
2
x
a
0
requires r multiplicatons. So after obtaining the binary representation we
need at most 2r = 2log
2
(n)| multiplications.
Use of a calculator to compute log
2
(x): To nd log
2
(x) one may use
the formula
log
2
(x) =
1
ln(2)
ln(x)
or
log
2
(x)
_
1
(0.69314718)
_
ln(x)
where ln(x) is the natural logarithm of x. For small values of x it is sometimes
faster to use the fact that r = log
2
(x)| is equivalent to
2
r
x < 2
r+1
,
that is, r is the largest positive integer such that 2
r
x. The Maple command
for log
2
(x) is log[2](x).
Note that if we count an application of the Division Algorithm and a
multiplication as the same, the above tells us that we need at most 3log
2
(n)|
operations to compute x
n
. So, for example, if n = 10
6
, then it is easy to see
that 3log
2
(n)| = 57. So we may compute x
1,000,000
with only 57 operations.
Exercise 26.1. Calculate 3log
2
(n)| for n = 2, 000, 000.
Exercise 26.2. Use the binary method to compute 2
25
.
Exercise 26.3. Approximately how many operations would be required to
compute 2
n
when n = 10
100
? Explain.
Exercise 26.4. Note that 6 multiplications are used to compute 3
15
using
the binary method. Show that one can compute 3
15
with fewer than 6 mul-
tiplications. [You will have to experiment.]
111
Computing a
n
mod m. We use the binary method for exponentiation
with the added trick that after every multiplication we reduce modulo m,
that is, we divide by m and take the remainder. This keeps the products
from getting too big.
Example 26.2. We compute 3
15
mod 10:
3
2
= 3 3 = 9 9 (mod 10)
3
4
= 9 9 = 81 1 (mod 10)
3
8
1 1 1 1 (mod 10)
3
15
= 3
8
3
4
3
2
3
1
1 1 9 3 = 27 7 (mod 10).
Note that 3
15
7 (mod 10) implies that 3
15
mod 10 = 7. [Recall that on
page 109 we calculated that 3
15
= 14348907 which is clearly congruent to
7 mod 10, but the multiplications were not so easy.]
Example 26.3. Lets nd 2
644
mod 645. It is easy to see that
644 = [1, 0, 1, 0, 0, 0, 0, 1, 0, 0]
2
That is, 644 = 2
9
+2
7
+2
2
= 512 +128 +4. Now by successive squaring and
reducing modulo 645 we get
2
2
= 2 2 = 4 4 (mod 645)
2
4
4 4 = 16 16 (mod 645)
2
8
16 16 = 256 256 (mod 645)
2
16
256 256 = 65, 536 391 (mod 645)
2
32
391 391 = 152, 881 16 (mod 645)
2
64
16 16 = 256 256 (mod 645)
2
128
256 256 = 65, 536 391 (mod 645)
2
256
391 391 = 152, 881 16 (mod 645)
2
512
16 16 = 256 256 (mod 645).
Now
2
644
= 2
512
2
128
2
4
,
hence
2
644
256 391 16 (mod 645).
112 CHAPTER 26. COMPUTATION OF A
N
MOD M
So
256 391 = 100099 121 (mod 645)
and
121 16 = 1936 1 (mod 645)
so we have 2
644
1 (mod 645). Hence 2
644
mod 645 = 1.
Exercise 26.5. Calculate 2
513
mod 10.
Exercise 26.6. Calculate 2
517
mod 100.
Exercise 26.7. If you multiplied out 2
517
, how many decimal digits would
you obtain? [See Exercise 4.3 on page 14.]
Exercise 26.8. Note that on page 96 we calculated 1234
7865435
mod 11 with
very few multiplications. Why can we not use that method to compute
1234
7865435
mod 12?
Chapter 27
The RSA Scheme
In this chapter we discuss the basis of the so-called RSA scheme. This is
the most important example of a public key cryptographic scheme. The RSA
scheme is due to R. Rivest, A. Shamir and L. Adelman
1
and was discovered
by them in 1977. We show how to implement it in more detail later using
Maple. Here we give the number-theoretic underpinning of the scheme.
We assume that the message we wish to send has been converted to an
integer in the set J
m
= 0, 1, 2, . . . , m1 where m is some positive integer
to be determined. Generally this is a large integer. We will require two
functions:
E : J
m
J
m
(E for encipher)
and
D : J
m
J
m
(D for decipher).
To be able to use D to decipher what E has enciphered we need to have
D(E(x)) = x for all x J
m
. To show how m, E, and D are chosen we rst
prove a lemma:
Lemma 27.1. Let p and q be any two distinct primes and let m = pq. Let
e and d be any two positive integers which are inverses of each other modulo
(m). Then
x
ed
x (mod m)
for all x.
1
A copy of the paper A Method for Obtaining Digital Signatures and Public-Key
Cryptosystems may be downloaded from http://citeseer.nj.nec.com/rivest78method.html
113
114 CHAPTER 27. THE RSA SCHEME
Proof. By Theorem 22.6, (m) = (p 1)(q 1). Since ed 1 (mod (m))
we have ed 1 = k(m) = k(p 1)(q 1) for some k. Note k > 0 unless
ed = 1 in which case the theorem is obvious. So we have
() ed = k(m) + 1 = k(p 1)(q 1) + 1
for some k > 0.
Now by Fermats Little Theorem, if gcd(x, p) = 1 we have x
p1
1
(mod p) and raising both sides of the congruence to the power (q 1)k we
obtain:
x
(p1)(q1)k
1 (mod p)
and multiplying both sides by x we have
x
(p1)(q1)k+1
x (mod p)
That is, by ()
() x
ed
x (mod p).
Now we proved () when gcd(x, p) = 1, but if gcd(x, p) = p it is obvious
since then x 0 (mod p). So in all cases () holds. A similar argument
proves that for all x
x
ed
x (mod q).
So by Exercise 15.11, page 63, we have since gcd(p, q) = 1
x
ed
x (mod m)
for all x.
Theorem 27.1. Let J
m
= 0, 1, 2, . . . , m1 and dene E : J
m
J
m
by
E(x) = x
e
mod m
and D : J
m
J
m
by
D(x) = x
d
mod m.
Then E and D are inverses of each other if m, e and d are as in Lemma
27.1.
115
Proof. It suces to show that D(E(x)) = x for all x J
m
. Let x J
m
and
let E(x) = x
e
mod m = r
1
. Also let D(r
1
) = r
d
1
mod m = r
2
. We must show
that r
2
= x. Since x
e
mod m = r
1
we know that
x
e
r
1
(mod m).
Hence x
ed
r
d
1
(mod m). We also know that
r
d
1
r
2
(mod m).
Hence x
ed
r
2
(mod m). By Lemma 27.1 x
ed
x (mod m) so we have
x r
2
(mod m).
Since both x and r
2
are in J
m
we have by Exercise 15.5 that x = r
2
. This
completes the proof.
More details on the use of the RSA scheme will be given in the Maple
worksheets which are available from the course website which may be reached
from my home page: http://www.math.usf.edu/~eclark.
116 CHAPTER 27. THE RSA SCHEME
Appendix A
Rings and Groups
The material in this appendix is optional reading. However, for the sake
of completeness we state here the denition of a ring and the denition of
a group. If you are interested in learning more you might take the course
Elementary Abstract Algebra. Having had this course should make it a little
easier to understand the ideas in abstract algebra and vice versa.
For more details you may download the free book Elementary Ab-
stract Algebra from my homepage:
http://www.math.usf.edu/~eclark
Alternatively, look in almost any book whose title contains the words Abstract
Algebra or Modern Algebra. Look for one with Introductory or Elementary
in the title.
Denition A.1. A ring is an ordered triple (R, +, ) where R is a set and
+ and are binary operations on R satisfying the following properties:
A1 a + (b + c) = (a + b) + c for all a, b, c in R.
A2 a + b = b + a for all a, b in R.
A3 There is an element 0 R satisfying a + 0 = a for all a in R.
A4 For every a R there is an element b R such that a + b = 0.
M1 a (b c) = (a b) c for all a, b, c in R.
D1 a (b + c) = a b + a c for all a, b, c in R.
117
118 APPENDIX A. RINGS AND GROUPS
D2 (b + c) a = b a + c a for all a, b, c in R.
Thus, to describe a ring one must specify three things:
1. a set,
2. a binary operation on the set called multiplication,
3. a binary operation on the set called addition.
Then, one must verify that the properties above are satised.
Example A.1. Here are some examples of rings. The two binary operations
+ and are in each case the ones that you are familiar with.
1. (R, +, )the ring of real numbers.
2. (Q, +, )the ring of rational numbers.
3. (Z, +, )the ring of integers.
4. (Z
n
, +, )the ring of integers modulo n.
5. (M
n
(R), +, )the ring of all n n matrices over R.
Denition A.2. A group is an ordered pair (G, ) where G is a set and
is a binary operation on G satisfying the following properties
1. x (y z) = (x y) z for all x, y, z in G.
2. There is an element e G satisfying e x = x and x e = x for all x
in G.
3. For each element x in G there is an element y in G satisfying x y = e
and y x = e.
Denition A.3. A group (G, ) is said to be Abelian if x y = y x for all
x, y G.
Thus, to describe a group one must specify two things:
1. a set, and
2. a binary operation on the set.
119
Then, one must verify that the binary operation is associative, that there is
an identity in the set, and that every element in the set has an inverse.
Example A.2. Here are some examples of groups. The binary operations
are in each case the ones that you are familiar with.
1. (Z, +) is a group with identity 0. The inverse of x Z is x.
2. (Q, +) is a group with identity 0. The inverse of x Q is x.
3. (R, +) is a group with identity 0. The inverse of x R is x.
4. (Q 0, ) is a group with identity 1. The inverse of x Q 0 is
x
1
.
5. (R 0, ) is a group with identity 1. The inverse of x R 0 is
x
1
.
6. (Z
n
, +) is a group with identity 0. The inverse of x Z
n
is n x if
x ,= 0, the inverse of 0 is 0.
7. (U
n
, ) is a group with identity [1]. The inverse of [a] U
n
was shown
to exist in Chapter 22.
8. (R
n
, +) where + is vector addition. The identity is the zero vector
(0, 0, . . . , 0) and the inverse of the vector x = (x
1
, x
2
, . . . , x
n
) is the
vector x = (x
1
, x
2
, . . . , x
n
).
9. (M
n
(R), +). This is the group of all n n matrices over R and + is
matrix addition.
120 APPENDIX A. RINGS AND GROUPS
Bibliography
[1] Tom Apostol, Introduction to Analytic Number Theory, Springer-Verlag,
New York-Heidelberg, 1976.
[2] Chris Caldwell, The Primes Pages,
http://www.utm.edu/research/primes/
[3] W. Edwin Clark, Number Theory Links,
http://www.math.usf.edu/~eclark/numtheory_links.html
[4] Earl Fife and Larry Husch, Number Theory (Mathematics Archives,
http://archives.math.utk.edu/topics/numberTheory.html
[5] Ronald Graham, Donald Knuth, and Oren Patashnik, Concrete Mathe-
matics, Addison-Wesley, 1994.
[6] Donald Knuth The Art of Computer Programming, Vols I and II,
Addison-Wesley, 1997.
[7] The Math Forum, Number Theory Sites
http://mathforum.org/library/topics/number_theory/
[8] Oystein Ore, Number Theory and its History, Dover Publications, 1988.
[9] Carl Pomerance and Richard Crandall, Prime Numbers A Computa-
tional Perspective, Springer -Verlag, 2001.
[10] Kenneth A. Rosen, Elementary Number Theory, (Fourth Edition),
Addison-Wesley, 2000.
[11] Eric Weisstein, World of Mathematics Number Theory Section,
http://mathworld.wolfram.com/topics/NumberTheory.html
121