A.

WElL

NUMBER THEORY FOR BEGINNERS

 §I

We assume as known the concepts of "set" and "subset";

E means "element of". We use Z for the set of all
integers, and Q for the set of all rational numbers. We
assume the basic properties of integers and of rational
numbers:

(1) (x + y)+ z = x+(y + z).

(2) x+y=y+x.
(3) The equation a + x = b has a unique solution x (in Z, if
a,b are in Z; in Q, if they are in Q).
(4) O+x=x.
(1') (xy)z = x(yz).
(2') xy=yx.
(3') The equation ax= b has a unique solution x in Q, if
a,b are in Q and a=t=O.
(4') l·x= x.
(5) x(y + z) = xy + xz (this is the "distributive law").
2 §I
3

The unique solution of a+ x = b is written b- a. For 1.2. Prove that any integer x > I has either a divisor > 1 and
a=FO, the unique solution of ax= b is written .!!__
a
< Vx or no divisor > I and <x (in the latter case it is
called a prime; cf. § IV).
A rational number is positive ( > 0) or negative ( < 0);

r
only 0 is both; b>a (or a<b) means b-a>O; b>a (or 1.3. Prove by induction that
a<b) means b>a, b=Fa.lf x>O andy>O, then x+y>O
and xy>O. J3+ 23+··· +n3=[ n(n +I)
2
If a,b,x are integers, and b =ax, b is said to be a
multiple of a; a is said to divide b or to be a divisor of b; 1.4. Prove by induction that 42n+ 1 +3n+l is a multiple of 13 for
when that is so, we write alb. n>O.
Finally, we have:
1.5. If one is ~ven a balance, and n weights of I, 3, 32, ... , 3n -t
lb .. resp~ctlvely, show that it is possible, by placing some
(6) Any non-empty set of positive integers contains a least
we~ghts m one pan and some in the other, to weigh out any
integer. we~ght of N_ lb., with N an integer > I and < 1/2 (3n -1)
(Hmt: constder all sums of the form
In fact, such a set contains some integer n; then the
first one among the integers 0, 1, . .. ,n -1, n to be con- eo+ 3el +32e2 + ... +3n-len-1'
tained in the set has the property in question. An equiv- where each e; is 0, +I or - 1).
alent form of (6) is the "principle of mathematical induc- 1.6. Show that the number of terms in any polynomial of
tion":
degree d in n variables is at most ( n +d)! (Hint: use
. d . d nld!
(6') If a statement about a positive integer x is true for m uct10n on , and observe that the number of terms in a
x = 0, and its truth for all x <n implies its truth for homogeneous polynomial of degree d in n variables is the
x = n, then it is true for all x. same as that of a polynomial of degree din n- I variables).

PROOF. Call F the set consisting of the positive integers

for which the statement is not true. If F is not empty,
apply (6) to it; the conclusion contradicts the assumption
in (6').

ExERCISES

1.1. Show that the relation (-1)·(-1)=+1 is a consequence

of the distributive law.
 § II

Lemma. Let d, a be integers, d > 0. Then there exists a

unique largest multiple dq of d which is <a; it can be
characterized by dq<a<d(q+l), or also by a=dq+r,
O<r<d.

(In that relation, r is called the remainder of the divi-

sion of a by d; dis called the divisor, and q the quotient).

PROOF. The set of integers of the form a-dz with z EZ

contains positive integers, since z can be taken negative
and large in absolute value (i.e. z = - N, with N a large
positive integer). Apply (6) of § I to the set of all positive
integers which can be written in that form; take its
smallest element r, and write it as a- dq; this is ~ 0 and
< d, since otherwise a - d( q + 1) would belong to the same
set and would be <r. 0
Theorem 11.1. Let M be a non-empty set of integers, closed
under subtraction. Then there exists a unique m ~ 0 such
that M is the set of all multiples of m: M = { mz} z EZ = mZ.
5
6 §II §II 7

PROOF. If x EM, then, by assumption, 0 = x- x EM and Definition. The integer d defined in the corollaries of
-x=O-xEM.If alsoyEM, theny+x=y-(-x)EM, theorem 11.1 is called the greatest common divisor (or in
so that M is also closed under addition. If x EM and short the g.c.d.) of a,b, ... ,c; it is denoted by (a,b, ... ,c).
nx EM, where n is any positive integer, then (n + l)x =
nx + x EM; therefore, by induction, nx EM for all n ~ 0, As the g.c.d. (a,b, ... ,c) belongs to the set of linear
hence also for all n EZ. Finally, all linear combinations of combinations of a, b, ... , c (since it is the smallest element
elements of M with integral coefficients are in M; as this >0 of that set, unless a,b, .. . ,care all 0), it can be written
property of M obviously implies that M is closed under in the form
addition and subtraction, it is equivalent with our
assumption on M.
If M = {0}, the theorem is true with m = 0. If not, the (a,b, ... ,c)=ax0 +by0 +··· +cz0
set of elements > 0 in M cannot be empty; take for m the
smallest one. All multiples of m are then in M. For any where x 0 ,y0 , ... ,z 0 are all integers.
x EM, apply the lemma and write x =my+ r with
0 <r <m; then r= x- my is in M. In view of the defini- EXERCISES
tion of m, this implies r = 0, x = my. Therefore M = mZ.
Conversely, since m is the smallest element > 0 in mZ, it 11.1. Prove that (a,b,c)=((a,b),c)=(a,(b,c)).
is uniquely determined when M is given. 11.2. Prove that, in the "series of Fibonacci" 1,2,3,5,8, 13, ... ,
in which each term after the second is the sum of the two
Corollary 1. Let a, b, ... , c be integers in any (finite) num- preceding ones, every two consecutive terms have a g.c.d.
ber. Then there is a unique integer d ~ 0 such that the set of equal to I.
all linear combinations ax+ by+ · · · + cz of a, b, ... , c with 11.3. Ifp,q,r,s are integers such thatps-qr= ±I, and a,b,a',b'
integral coefficients x,y, ... ,z is the set of all multiples of d. are integers such that

PROOF. Apply theorem 11.1 to that set. 0 a'=pa+ qb, b'= ra+sb,

Corollary 2. Assumptions and notations being the same as ~rove that (a,b)=(a',b') (Hint: solve the last two equa-
in corollary 1, d is a divisor of each one of the integers tlons for a,b).
a,b, .. . ,c, and every common divisor of these integers is a 11.4. Let_ a,b be two integers >0. Put a0 =a, a1 =b; for n ;;.I,
divisor of d. defme an+t by an_ 1 =anqn+an+t• O<an+t<an, provided
an> 0. Prove that there exists N ;;. I such that aN+ 1 = 0,
PROOF. Each one of the integers a, b, ... , c belongs to the and that aN is then equal to (a, b).
set of their linear combinations. Conversely, every com-
11.5. Notations being as in exercise 11.4, prove that an can be
mon divisor of a,b, ... ,c is a divisor of every one of their written in the form ax+by, with integral x,y, for all n;;.O
linear combinations, hence in particular of d. and <N.
8 §II

11.6. Use the procedure described in exercises 11.4, 11.5 to find

(a,b) and to solve ax+by=(a,b) in each one of the § III
following cases: (i) a=56, b=35; (ii) a=309, b= 186;
(iii) a= 1024, b = 729.
11.7. If a,b, ... ,c,m are integers, and m>O, show that
(ma,mb, ... ,mc)= m·(a,b, ... ,c).

11.8. Prove that every rational number can be written in one

and only one way as m with (m,n)= I and n >0.
n

Definition. Integers a, b, ... , c are called mutually rela-

tively prime if their g.c.d. is 1.

In other words, they are mutually relatively prime if

they have no other common positive divisor than 1.
If two integers a, b are mutually relatively prime, then a
is said to be prime to b, and b prime to a; when that is so,
every divisor of a is also prime to b, and every divisor of b
is prime to a.

Theorem 111.1. Integers a, b, ... , c are mutually relatively

prime if and only if the equation ax+ by+ · · · + cz = 1 has
a solution in integers x,y, ... ,z.

In fact, if (a,b, ... ,c)= 1, then, by corollary 1 of theo-

rem II.l, the equation in question has a solution. Con-
versely, if it has a solution, then every common divisor
d > 0 of a, b, ... , c must divide 1 and must therefore be 1.

9
10 §III §III 11

Corollary. If d is the g.c.d. of integers a,b, ... ,c, then obtained by dividing a,2a, ... ,(m-I)a by m (cf. § II,
lemma) are the numbers 1,2, ... ,m-l, in some order.
a b
d, d, , d are mutua II0' ret
...c ·t
atzve .
[)' pnme.
111.3. Show that, if N is an integer >0, either it is a "perfect
square" (i.e. of the form n 2 , where n is an integer >0) or
This follows at once from the fact that d can be written VIii is not a rational number (Hint: use exercise 11.8).
in the form ax0 + by0 + · · · + cz 0 • 111.4. Any integer >I which is not a power of 2 can be written
as the sum of (two or more) consecutive integers.
Theorem 111.2. If a, b, c are integers such that a is prime to
b and divides be, then a divides c. 111.5. If a,b are positive integers, and (a,b)= I, show that every
integer ;;. ab can be written in the form ax+ by with
As (a,b)= 1, we can solve ax+by= 1. Then we have positive integers x,y.
111.6. Using exercise 111.5 and induction on m, show that, if
c = c(ax +by)= a( ex) +(bc)y. al>a2, ••• ,am are positive integers and d=(a 1,a2, ••• ,am),
every sufficiently large multiple of d can be written in the
As a divides both terms in the right-hand side, it divides
form a 1x 1 + a2 x 2 + · · · + amxm, where the X; are positive
c. integers.
Corollary 1. If a,b,c are integers, and if a is prime both to
b and to c, it is prime io be.

If d is a positive common divisor of a and of be, it is

prime to b (since it divides a) and must therefore divide c,
by theorem 111.2. As (a,c)= 1, d must be 1.

Corollary 2. If an integer is prime to each one of the

integers a,b, ... ,c, it is prime to their product.

This follows from corollary 1 by induction on the

number of factors in that product.

EXERCISES
III. I. If (a,b)= I and both a and b divide c, show that ab
divides c.
111.2. If m > I and a is prime to m, show that the remainders
 §IV

Definition. An integer p > 1 is called a prime if it has no

other positive divisor than itself and 1.

Every integer > 1 has at least one prime divisor, viz., its
smallest divisor > 1. If a is any integer, and p is a prime,
then either p divides a or it is prime to a.

Theorem IV.l. If a prime divides the product of some

integers, it divides at least one of the factors.

For otherwise it would be prime to all those factors,

and therefore, by corollary 2 of theorem 111.2, it would be
prime to their product.

Theorem IV.2. Every integer > 1 can be written as a

product of primes; it can be so written in only one way
except for the order of the factors.

13
14 §IV §IV 15

Take a> 1; call p a prime divisor of a. If a= p, the prime factors of a when a is written as a product of such
theorem holds for a; if not, ; is > 1 and <a; if the first factors (with a;= 0 if P; does not divide a). Then we have

statement in the theorem holds for !!:.., it holds for a.

p
Therefore that statement follows, by induction on a. provided r has been taken large enough (i.e. so large that
The second statement can also be proved by induction, all distinct prime divisors of a occur among pi,p 2, ••• ,pr).
as follows. Assume that a is written in two different ways
as a product of primes, say as a = pq ... r and as a= Theorem IV.3. There are infinitely many primes.
p' q' ... s'; asp divides a, theorem IV.l implies that p must
divide one of the primes p',q', ... ,s', say p'. Then p=p'; In fact, if p, q, ... , r are primes in any finite number, any
applying the second part of the theorem to !!:._, we see that prime divisor of pq ... r+ 1 must be distinct fromp,q, ... ,r.
p .
q', ... ,s' must be the same as q, ... ,r, except for then (This is Euclid's proof for that theorem; for other proofs,
order. By induction, this proves the second part. cf. the exercises).
It is worth while to give another proof. Write a as a
product of primes, a= pq ... r; let P be any prime; let n be EXERCISES
the number of times that P occurs among the factors IV.l. Let n be an integer ;;;. I, and p a prime. If for any rational
p,q, ... ,r of a. Then a is a multiple of pn; on the oth~r number x we denote by [x] the largest integer <x, show
hand since a· p -n is a product of primes other than P, 1t that the largest integer N such that p N divides n! is given
is no~ a multiple of P, by theorem IV.l, and therefore a is by
not a multiple of pn +I. Thus n is uniquely determined as
the largest integer such that pn divides a; we can write
n = vp(a). Thus, for any two ways of writing a as a
product of primes, the same primes must occur, and mu~t IV.2. Prove that, if a,b, ... ,c are integers ;;;.I, then
occur the same number of times in both products; th1s
(a+b+ ···+c)!
again proves the second part of our theorem.
a!b!. .. c!
is an integer. (Hint: using ex. IV.l, show that every prime
2 is a prime; it is the only even prime; all others are occurs at least as many times in the numerator as in the
odd. The first ten primes are denominator).
2, 3, 5, 7, 11, 13, 17, 19, 23, 29. IV.3. If a,m,n are positive integers, and m=l=n, show that the
g.c.d. of a 2m + I and a 2" + I is I or 2 according as a is even
Let PI= 2,p 2 ,p 3 , ••• be all the primes in their natural (i.e. or odd (Hint: use the fact that a 2" - I is a multiple of
increasing) order. Let a be any integer ;;;. 1; for each i;;;. 1, a2 m +I for n >m). From this, deduce the existence of
let aI be the number of times that P; occurs among the infinitely many primes.
16 §IV

IV.4. If a=paq/3 ... rr, where p,q, ... ,r are distinct primes and
a, /3, ... , 'I are positive integers, prove that the number of
§V
distinct divisors of a, including a and I, is
(a+ I)( f3 + I) ... ( y + I)
and that their sum is
pa+t_l q/3+1_1 ,r+t_l
p-I . q-I ... r-I .

IV.5. Prove that, if D is the number of distinct divisors of a,

their product is aD/2•
IV.6. If n,a,b, ... ,c are integers >I, then the number of dis-
tinct integers of the form aab/3 ... c 1 which are <n (where
a,f3, ... ,y are positive integers) is

<(I+ logn)(t+ logn)··· (t+ logn).

loga Iogb loge
Using this fact, and the fact that Definition. A commutative (or "abelian") group is a set
G, together with a binary operation between elements of
lim (Iognf =0 G, satisfying the following axioms (in which the group
n~+oo n
operation is denoted by + ):
for every r >0, prove that the number of primes is infinite
(Hint: assuming it to be finite, take for a,b, ... ,c all the I (Associativity). ( +y)+z=x+(y+z) for all x,y,z in
distinct primes). G.
2 2
IV.7. If (a,b)= I and a -b is a "perfect square" (cf. ex. 111.3), II (Commutativity). +y = y + x for all x,y in G.
show that either a+ b and a- b are perfect squares, or III If x,y are in G, t e equation x + z = y has a unique
each is twice a perfect square (Hint: show that the g.c.d. solution z in G ( itten z = y- x).
of a + b and a- b is I or 2). IV There is an eleme t in G, called the neutral element
(and denoted by such that 0 + x = x for all x in G.

For instance, the integers, the rational numbers (and

, the real numbers) are commutative groups under the
'operation of addition. There are of course many cases of
commutative groups where the group operation is not
written additively, i.e. is not denoted by +; then the

17
18 §V
§V
19

notations y- x in III, and 0 in IV, are to be suitably

modified. If the operation is written as a multiplication, (D) x y, x' y' (mod m) implies x±x' y±y' (mod m).
then one usually writes y , or y / x, or y x-I, for the (E) x y, x' y' (mod m) implies xx' yy' (mod m).
X (F) Let d > 0 divide m, x andy; then x y (mod m) if and
element z in III, and 1 for the neutral element in IV.
Non-zero rational numbers give an example of a com- only if ~ = ~ (mod ; ).
mutative group under multiplication.
In the present book, no groups will occur, other than As to (E), it is a consequence of the identity
commutative groups; therefore the word "commutative"
xx'- yy' = x(x'- y') + (x- y)y';
will mostly be omitted. A subset of a group G which
makes up a group under the same binary operation as G verification of all the other statements is immediate.
is called a subgroup of G. If G is written additively, a Properties (A), (B), (C) are expressed by saying that the
subset of G is a subgroup if and only if it is closed under relation of congruence modulo m is an "equivalence rela-
addition and subtraction, or even merely under subtrac- tion" between integers.
tion (cf. the proof of theorem 11.1). Theorem 11.1 may be
expressed concisely by saying that every subgroup of Z is Definition. A congruence class of integers modulo m is a
of the form mZ with m > 0. set consisting of all the integers which are congruent to a
Examples will now be given of finite groups. given one modulo m.

Definition. If m,x,y are integers and m > 0, x andy are If x is any integer, we write (x mod m) (or simply (x) if
said to be congruent modulo m if x- y is a multiple of m; no ambiguity can occur) for ~ congruence class of the
then one writes x y (mod m), or more briefly x y (m). integers congruent to x moduloyn. By (A), x belongs to
the class (x mod m); it is calle a representative of that
The lemma in § II shows that every integer is con- class. From (A), (B), (C), it follo s that any two classes
gruent modulo m to one and only one of the integers (x mod m), (y mod m) coincide "f x -y (mod m) and are
0, 1, ... ,m -1, and that two integers are congruent modulo disjoint (i.e., have no element in c mmon) otherwise. Thus
m if and only if they have the same remainder in the the set of all integers is separate into m disjoint classes
division by m. (0 mod m), (1 mod m), ... ,(m-1/mod m).
The relation of congruence modulo m has the following We define the addition of congruence classes by put-
properties: ting:
(A) (Reflexivity) x=x (mod m); (x mod m)+(y mod m)=(x+y mod m);
(B) (Transitivity) x y and y=z (mod m) implies x=z
(mod m); this is meaningful, for (D) shows that the right-hand side
(C) (Symmetry) x y (mod m) impliesy=x (mod m). depends only upon the two classes in the left-hand side
20 §V §V 21

and not upon the choice of the representatives x,y for V.7. If n is an integer > 0, show that any n + I of the first 2n
these classes. integers contain a pair x,y such that y is a power of 2
(Hint: for each one of the given intege:S x 0 ,x 1, ••• ,xn, call
Theorem V.l. For any integer m > 0, the congruence classes x; the largest odd divisor of X;, and show that at least two
modulo m, under addition, make up a commutative group of of these must be equal).
m elements. V.S. When x,y are two integers >0, write x--y if y is a power
It is immediate, in fact, that the equation
of 2, i.e. of the form 2n with n EZ; show th;t this is an
( x mod m) + (z mod m) = (y mod m ), equivalence relation, and that x--y if and only if the odd
divisors of x are the same as those of y.
for given x,y, has the unique solution (y-x mod m), and
that (0 mod m) has the property required of the neutral
element.

EXERCISES
V.I. If x 1, ... ,xm are m integers, show that the sum of a suitable
non-empty subset of that set is a multiple of m (Hint:
consider the distinct classes modulo m among those de-
termined by O,x 1,x 1 +x 2, ... ,x 1 +x 2 + · · · +xm)·
V.2. Prove that every "perfect square" (cf. ex. 111.3) is con-
gruent to 0, I or 4 modulo 8.
V.3. Prove by induction that, if n is a positive integer, then
22 n+ 1 =9n 2 -3n+2 (mod 54).
2
V.4. Show that, if x,y,z are integers, and x 2 +y 2 =z , then
xyz=O (mod 60).
V.5. If x 0 ,x 1, ... ,xn are integers, show that
x 0 +I0x 1 +··· +Ionxn=x0 +x 1 +··· +xn (mod9).

V.6. Show that a necessary and sufficient condition for the pair
of congruences x=a (mod m), x=b (mod n) to have a
solution is that a=b (mod d), where d=(m,n). If d= I,
show that the solution is unique modulo mn.
 §VI

If m is any integer > 0, we define the multiplication of

congruence classes by putting

(x mod m)·(y mod m)=(xy mod m);

in fact, property (E), §~shows that the right-hand side

depends only upon the tw~ classes in the left-hand side
and not upon the choice oft~ representatives x,y.

Definition. A ring is a set R, t~~er with two binary

operations, an addition (written +) and a multiplication
(written · or X) satisfying the following axioms:
I. Under addition, R is a group.
II. Multiplication is associative, commutative and distrib-
utive with respect to addition: (xy)z = x(yz), xy = yx,
x(y+z)=xy+xz for all x,y,z.

23
24 §VI §VI 25

If R is a ring, then, by the distributive law Theorem VI.2. Let '!l• a, b be integers, with m > 0; put
d=(a,m). Then the congruence ax=.b (mod m) has either
(x·O) +(xz) =x(O+ z) =xz, exactly d solutions modulo m, or no solution; it has a
solution if and only if b=O (mod d); there are exactly ;
so that x·O=O by the additive group property. Similarly,
x·( -y)= -xy. distinct values of b modulo m for which this is so.
If there is in R an element e such that ex= x for all x,
this is unique; for, if f is also such, then ef = f and In fact, x is a solution if and only if there is an integer
ef = fe =e. Such an element is called the unit element and y such that ax - b =my, i.e. b =ax -my; by corollary 1 of
is frequently denoted by lR or by I; a ring is called theorem 11.1, this has a solution if and only if d divides b
. '
unitary if it has a unit element. 1.e. b = dz; we get all distinct values of b modulo m of that
The set Z of the integers, and the set Q of the rational form_ by giving to z the values 0,1, ... , ; -1. If xis a
numbers, are unitary rings. solution of ax =b (mod m), then x' is also a solution if
and only if a(x'- x)=O (mod ";); by property (F) of
Theorem VI.l. For any integer m > 0, the congruence
congruences, this is quivalent to d(x'- x)=.O (mod ; ),
classes modulo m, under addition and multiplication, make
up a unitary ring of m elements. and therefore to x' = (mod ; ) by theorem 111.2 and
the corollary of theore 111.1. This shows that all the
The verification is immediate. The unit element is the solutions of ax' =b (m d m) can be written as x' =
congruence class (1 mod m); for that class, we will usually x + ; u; the distinct sol tions modulo m are then ob-
write 1, and 0 for the class (0 mod m); we have 1'FO
tained by giving to u the alues 0, l, ... ,d-1.
unless m= 1. The example m=6 shows that, in a unitary
ring, xy may be 0 without either x or y being 0 (take for
x,y the classes of 2 and of 3 modulo 6); when that is so, x Corollary. The congruence classes prime to m modulo m
andy are called zero-divisors. The rings Z, Q are without make up a group under multiplication.
zero-divisors.
If a is prime tom, and a'= a+ mt, then every common This follows at once from corollary 1 of theorem 111.2,
divisor of a' and m must also divide a= a'- mt; this from theorem VI.2, and from the fact that the class
shows that all integers in the congruence class (a mod m) (1 mod n) is the neutral element for multiplication in the
ring of congruence classes modulo m.
are then prime to m. Such a class will be called prime to
m. If (a mod m), (b mod m) are both prime tom, so is
(ab mod m), by corollary 1 of theorem 111.2; in particular, Definition. For any integer m > 0, the number of con-
such classes cannot be zero-divisors in the ring of con- gruence classes prime tom modulo m is denoted by <p(m),
gruence classes modulo m. and <p is called the Euler function.
26 §VI §VI 27

Accordingly, we have Vl.2. Solve the pair of congruences

5x-7y=9(mod 12), 2x+3y=.IO(mod 12);
<p(l) = <p(2) = 1, <p(3) = <p(4) =2, <p(5) =4, etc.
showthat the solution is unique modulo 12.
~
If m > 2, <p(m) can also be defined as the number of Vl.3. For all values of a and b modulo 2, solve
positive integers prime to m and ..;; m - 1. If p is a prime,
x 2 + ax+ b=.O (mod 2).
<p(p)=p-1.
Vl.4. Solve x 2 -3x+3=0 (mod 7).
Definition. A field is a ring whose non-zero elements
make up a group under multiplication. Vl.5. If m >I, show that the arithmetic mean of
. . m
all positive
mtegers pnme to m and <m is T.
The ring Q of rational numbers is a field; the ring Z of Vl.6. If m is any odd integer, prove that
integers is not a field. A field has no zero-divisors; the
example of Z shows that the converse is not true. Im+2m+ · · · +(m-I)m=.O (mod m).

Vl.7. If m,,are integers >0, and (m,n)= 1, prove that cp(mn)

Theorem Vl.3. For any integer m > 1, the ring of con- = cp(m)~n) (Hint: use exercise V.6).
gruence classes modulo m is a field if and only if m is a
prime. VI.S. Show tha~ if m >I and p, q, ... , r are all the distinct
prime diviso'\ of m, then
If m is a prime, all classes modulo m, other than 0, are
prime to m and therefore make up a multiplicative group, ~(m~~m(l-~)(1-~) ·{I-~)·
by the corollary of theorem VI.2. On the other hand, if m
is not a pr#Jte, it has a divisor d which is > 1 and <m; VI.9. If p is any pnme, prove by induction on n, using the
binomial formula, that nP =n (mod p) for all integers n.
then 1 < d < m, so that the classes (d mod m),
VI.IO. If p is any prime, and n > 0, prove by induction on n
( ~ mod m) are not 0 while their product is 0. Therefore that, if a=b (modp), then aP"=.bP" (modpn+ 1).
they are zero-divisors, and the ring modulo m is not a
VI. II. If p is an odd prime, and x 2 =.y 2 (mod p ), show that x is
field. congruent either toy or to - y modulo p, but not to
If p is a prime, the field of congruence classes modulo p both unless p divides x and y; hence conclude that
will be denoted by FP; it hasp elements. x 2 =a (mod p) has a solution x for exactly half of the
integers a among I, 2, ... ,p-I.
EXERCISES VI.l2. Show that the numbers of the form x+yV2, where x
VI. I. If F(X) is a polynomial with integral coefficients, and if andy are integers, make up a ring; if x,y range over all
x=.y (mod m), show that F(x)=F(y) (mod m). rational numbers, show that they make up a field.
 § VII

\
The definition of a)group and of a subgroup makes it
clear that the intersection of subgroups of a group G (in
any number, finite or not) is again a subgroup of G.

Definition. Let a,b, ... ,c be elements of a group G. Then

the intersection G' of all the subgroups of G (including G
itself) which contain a, b, ... ,c is said to be generated by
a, b, ... , c, and these are said to be genera tors of G'.

This can also be expressed by saying that G' is the

smallest subgroup of G containing a,b, ... ,c; it may
happen that it is no other than G itself.
Let G be a group, x an element of G, and call Gx the
subgroup generated by x. Suppose that G is written addi-
tively. As usual, write - x for 0- x; this must be in Gx.
Also, write O·x for 0; for every integer n >0, write nx for
the sum x + x + · · · + x of n terms all equal to x, and
(- n)x for - (nx); by induction on n, all these must be in

29
30 §VII §VII 31

Gx. Also by induction, one verifies at once the formulas When there is such a correspondence, G and G' are
said to be isomorphic. The concept of isomorphism can be
mx+nx=(m+n)x, m(nx)=(mn)x. transported in an obvious manner to rings and fields.
for all m,n in Z. The first formula shows that the elements With this definition, the results obtained above can be
nx, for n EZ, make up a subgroup of G; clearly, this is no reformulated as follows:
other than Gx. For convenience, we state this as a theo-
rem only in the case when G is written multiplicatively; Theorem VII.2. Let G be a group under multiplication,
then we write x 0 for the neutral element 1 of G, x- 1 for generated by a single element x. Then either G is infinite,
and the mapping X ~a is an isomorphi~if G onto the
0
the element x' defined by x' x = 1, x n for the product
x·x· ... ·x of n factors equal to x, and x-n for (xn)- 1• additive group Z, or it consists of a fini number m of
elements, and then the mapping X 0 ~(a od m) is an
Theorem VII.l. Let G be a group under multiplication; isomorphism of G onto the additive group congruence
then, for every x E G, the subgroup of G generated by x ~~~~~fum~Z \
consists of the elements x n for n E Z. I
Of course, if G is any group and x any ele\nent of G,
G and x being as in theorem VII.l, call Mx the set of theorem VII.2 can be applied to the subg~oup of G
generated by x. I.
those integers a for which x a= 1. As x 0 = 1, Mx is not
empty. Also we have, for all integers a,b:
Definition. The number of elements of a finite group is
called its order. If a group of finite order is generated by a
single element, it is called cyclic; if an element x of a
which shows that X 0 =Xb if and only if a-b is in Mx; in group generates a group of finite order m, m is also called
particular, Mx is closed under subtraction. Therefore Mx the order of x.
satisfies the assumptions in theorem 11.1 (in other words,
it is a subgroup of the additive group Z) and consists of
EXERCISES
the multiples of some integer m > 0; if m is not 0, it is the
smallest integer > 0 such that x m = 1. Thus, if m = 0, all VII.l. If F is a finite field, show that the subgroup of the
the elements xa are different; if m >0, xa is the same as additive group ofF generated by I is of prime order p
x b if and only if a =b (mod m ). and is a subfield of F, isomorphic to the field FP of
congruence classes modulo p.
Definition. An isomorphism between two groups G, G' is VII.2. Show that a non-empty finite subset S of a group G is a
a one-to-one correspondence (a "bijection") between the subgroup of G if and only if it is closed under the group
elements of G and those of G', transforming the group operation (Hint: if a E S, then a~ax is a bijection of S
operation in G into the group operation in G'. onto itself).
32 §VII

Vll.3. Show that a finite ring is a field if and only if it has no

zero-divisors. § VIII
VII.4. If G is a (commutative) group, and n any integer, show
that the elements xn, for x E G, make up a subgroup of
G.
VII.5. If G', G" are subgroups of the (commutative) group G,
show that the elements x'x" with x'EG',x"EG",
make up a subgroup of G.
VII.6. Let G be a (commutative) group, x an element of G of
order m, andy an element of G of order n. Show that,
if (m,n)=l, then x')'b=I if and only if x 0 =yb=I:
hence show that the group generated by x and y is
cyclic of order mn, generated by xy.
VII.7. Show that, if m>2, n>2, and (m,n)= I, the multiplica-
tive group of congruence classes prime to mn modulo
mn is not cyclic (Hint: use exercise V.6 and the fact
that a cyclic group has at most one subgroup of order Theorem 11.1 shows that every subgroup M of Z is either
2). 0 or generated by its smallest element m >0; in the latter
case it is generated by m or also by - m, but by no other
Vll.S. Find all the values of n for which the multiplicative element of M. For cyclic groups, we have:
group of odd congruence classes modulo 2n is cyclic.
VII.9. Show that, if G is a (commutative) group and n an Theorem VIII.l. Let G be a cyclic group of order m,
integer > 0, the elements of G whose order divides n generated by an element x. Let G' be a subgroup of G; then
make up a subgroup of G. there is a divisor d of m such that G' is the cyclic group of
m
VII.IO. Show that, if G is a finite (commutative) group, the order d generated by x d.
product of all elements of G is I or an element of order
2. Let M be the set of those integers a for which X 0 E G'.
Vll.ll. If p is a prime, show that (p- I)!= - I (mod p) (Hint: The formula xa-b=(x 0 )·(xb)- 1 shows that M is a sub-
consider the multiplicative group modulo p, and reason group of Z; as it contains m, it consists of the multiples of
as in ex. VII.IO). some divisor d of m. Therefore G' consists of the elements
xda with a EZ, i.e., it is generated by xd. We have xda =
xdb if and only if da =db (mod m); by property (F) of the
congruence relation (§ V), this is equivalent to a =.b
(mod ~ ).
33
34 §VIII §VIII 35

Corollary 1. For every positive divisor n of m, a cyclic to one and only one set Hd, since it generates one and
group of order m has one and only one subgroup of order n. only one subgroup of G.
Let G be a group, and X a subset of G; for every a E G,
Let G be as in theorem VIII.l, and put d= m; by that we write aX for the set of the elements ax with x EX. The
n
theorem, if G' is a subgroup of G of order n, it must be definition of a group implies that x~ax is a bijection of
the one generated by xd, and xd does generate such a X onto aX, so that, if X is finite, all sets aX have the same
number of elements as X. ~
subgroup.
~
Corollary 2. G,m,x, G' being as in theorem VIII.l, an Definition. If G is a group and H a subgroup of ~every
element x a of G generates G' if and only if (a, m) = d. set of the form xH with x E G is called a coset of H ~ G.

If (a,m)=d, xa is in G'; moreover, by theorem V1.2, Lemma. Let xH,yH be two cosets of a subgroup H of~ '"
group G; then, either they have no element in common, or '
we can solve at=.d (mod m), and then we have xd=(xa)1,
so that the group generated by x a contains x d and hence xH=yH.
G'.
If they have a common element, this can be written as
Corollary 3. G,m,x being as above, xa generates G if and xh with hE H, and also as yh' with h' E H. This
only if (a,m)= 1, and G has exactly <p(m) distinct genera- gives y- 1x=h'h- 1 EH, and hence xH= y·(y- 1x)H =
tors. y· (h'h- 1H)=yH.

Corollary 4. For every integer m >0, we have Theorem VIII.2. If H is a subgroup of a finite group G, the
order of H divides the order of G.
L <p(d) = m.
dim In fact, every element x of G belongs to some coset of
H (viz., to xH), and, by the lemma, only to one. As the
(Here the sum in the left-hand side is taken over all number of elements of each coset is equal to the order of
positive divisors d of m). H, the order of G must be a multiple of that number.
Consider a cyclic group G of order m (e.g. the additive
group of congruence classes modulo m). By corollary 1, Corollary. If x is any element of a group of order m, its
for every divisor d of m, G has exactly one subgroup Gd of order divides m, and x m = 1.
order d, and d~Gd is a one-to-one correspondence be-
tween the divisors of m and the subgroups of G. For each As the order d of x is the order of the subgroup of G
d, call Hd the set of all distinct generators of Gd, whose generated by x, theorem VIII.2 shows that it divides m.
number is <p(d) by corollary 3. Each element of G belongs Then xm=(xd)mfd= 1.
II

§VIII §VIII 37
36

(N.B. The above results, and their proofs, are valid also VIII.3. If P is an odd prime divisor of a 2" +I, with n > I, show
for other than commutative groups; as mentioned before, ~atp= I (mod 2n+I) (Hint: find the order of (a modp)
these remain outside the scope of our treatment). m the multiplicative group modulo p) (N.B. This was
used b~ ~uler to s~ow that 232 + I is not a prime,
Theorem VIIT.3. If m is any integer > 0, and x an integer co~trad1ctmg Fermat s guess that all integers 22" + 1 are

prime to m, then x <p(m) =1 (mod m). pnme).

VIII.4. If a,b are integers >0, and a =2"5!3m, with m prime to
This is the special case of the above corollary, when it 10, show that the decimal fraction for !!._ .has a period
is applied to the multiplicative group of congruence ~he number of whose digits divides cp(m); show that, if
classes prime tom modulo m (or, as one says more briefly It ~as no period with less than m- I digits, then m is a
but less accurately, to the multiplicative group modulo m). pnme.

Corollary. If pis a prime, then xp- 1 = 1 (modp)for every x

prime top, and xP =x (mod p) for every x.

The first assertion is a special case of theorem VIII.3,

and the second one is an immediate consequence. Con-
versely, the latter also implies the former, in view of
theorem VI.2 (or of theorem 111.2). For another proof of
the second assertion, cf. exercise Vl.9.
The corollary was known to Fermat and is known as
Fermat's theorem; a proof was first published by Euler,
who also gave a proof (substantially the same as the one
given above) for theorem VIII.3, which is known as
Euler's theorem.

EXERCISES
VIII. I. If G is a group of order m, and if n is prime tom, show
that every element of G can be written in the form xn
with some x E G.
VIII.2. If pis a prime, show that every group of order pn, with
n > 0, contains an element of order p, and that every
group of order p is cyclic.
 §IX

In order to consider polynomials with coefficients in a

field FP, and equations over such fields, we begin by
reviewing some elementary properties of polynomials over
an arbitrary field K; these are independent of the nature
of that field, and quite analogous to the properties of
integers described above in §§ II, III, IV.
In this §, a field K (the "groundfield") is to be regarded
as fixed once for all. A polynomial P over K (i.e. with
coefficients in K), in one indeterminate X, is given by an
expression

with a 0,a 1, ••• , an inK. If an *0, Pis said to be of degree n,

and we write n =deg(P); every polynomial except 0 has a
degree. Addition and multiplication being defined in the
usual manner, such polynomials make up a ring, usually
written K[X]. If P, Q are non-zero polynomials, then
deg( PQ) = deg( P) + deg( Q ).

39
40 §IX §IX 41

Lemma. Let A,B be two polynomials, with B=I=O; put m = If we={O}, the theorem is true with D=O. Otherwise
deg(B). Then there is a unique polynomial Q such that take in we a polynomial D =1=0 of smallest degree d. If A is
A- BQ is 0 or of degree <m. in we, we can apply the lemma to A and D and write
A= DQ + R, where R is 0 or of degree <d. Then R =
(This should be compared with the lemma in § II). If A+ D·(- Q) is in IJJ1, hence 0 by the definition of D, and
A = 0, there is nothing to prove; we proceed by induction A= DQ. If D 1 has the same property as D, then it is a
on n=deg(A): first we prove the existence of Q. If n<m, multiple of D and D is a multiple of D 1, so that they have
we take Q=O. Otherwise, call bXm the term of degree m the same degree; writing then D 1 =DE, we see that E is of
in B, and aX" the term of degree n in A; as the poly- degree 0, i.e. a non-zero constant.
nomial A'=A-B·(~xn-m) is of degree <n, we can
write it as BQ' + R with R = 0 or of degree <m, by the Call aXd the term of degree din D; among the poly-
induction assumption. Then A = BQ + R, with nomials differing from D only by a non-zero constant
Q = Q' + ~ xn-m. As to the unicity of Q, let A- BQ and factor, there is one and only one with the highest
coefficient 1, viz., a- 1D; such a polynomial will be called
A- BQ 1 be 0 or of degree <m; then the same is true of
normalized.
B(Q- Q 1); since this is of degree m+deg(Q- Q 1) unless
Just as in § II, we can apply theorem IX.l to the set we
Q- Q 1 is 0, Q must be the same as Q 1• D
of all linear combinations AP + BQ + · · · + CR of any
number of given polynomials A,B, ... ,C; here P,Q, ... ,R
If R = 0, A = BQ, A is said to be a multiple of B, and B
denote arbitrary polynomials. If then we consists of the
a divisor of A. If B =X- a, R must be 0 or of degree 0, i.e. multiples of D, where D is either 0 or a normalized
a "constant" (an element of K), so that we can write polynomial, D will be called the g. c. d. of A, B, ... , C and
A=(X-a)Q+r will be denoted by (A,B, ... ,C). As in§ II, Dis a divisor
of A, B, ... , C, and every common divisor of A, B, ... , C
with r E K. Substituting a for X in both sides, we get divides D. If D= 1, then A,B, ... ,C are said to be mutu-
A( a)= r; if this is 0, a is called a root of A. Thus A is a ally relatively prime; they are so if and only if there are
multiple of X- a if and only if a is a root of A. polynomials P, Q, ... , R such that
Just as theorem 11.1 was derived from the lemma in
§ II, we have: AP+BQ+ · · · + CR= 1
Theorem IX.l. Let we be a non-empty set of polynomials If (A,B)= 1, A is said to be prime to B, and B to A.
(over K), closed under addition and such that, if A is in we, A polynomial A of degree n > 0 is said to be prime, or
all multiples of A are in we. Then we consists of all the irreducible, if it has no divisor of degree > 0 and <n.
multiples of some polynomial D, uniquely determined up to Every polynomial of degree 1 is irreducible. One should
multiplication by a non-zero constant. note that the property of a polynomial of being irreduc-
 §IX
§IX 43
42

EXERCISES
ible need not be preserved when one changes the ground-
field: for instance X 2 + 1 is irreducible over Q, and also IX.l. Find the g.c.d. of the polynomials over Q:
over the field of real numbers, but not over the field of X 5 -X 4 -6X 3 -2X 2 +5X+3, X 3 -3X-2.
complex numbers, since X 2 + 1=(X+ i)(X- i). Also, find their g.c.d. over the field F 3 if the coefficients
Exactly as in § IV, we could prove now that every are interpreted as congruence classes modulo 3.
polynomial of degree > 0 can be written, essentially
IX.2. Show that X 4 + 1 is a prime polynomial over Q, but has
uniquely, as a product of prime polynomials. All we shall
divisors of degree 2 over the field defined in exercise
need is a weaker result: VI.l2.
Theorem IX.2. Let A be a polynomial of degree n > 0 over IX.3. Let K be any field, and R a subring of K[X] containing
K; this can be written, uniquely up to the order of the K. Prove that there exists a finite set of polynomials
P 1,P2, ... ,PN in R such that R consists of all the poly-
factors, in the form
nomials in P 1,P2, ... ,PN with coefficients inK (Hint: call
d the g.c.d. of the degrees of all polynomials in R, take
P 1,P2, ... ,Pm in R such that the g.c.d. of their degrees is d,
where 0 <m <n, a 1,a2 , ... ,am are in K, and Q is without and then apply the conclusion in exercise 111.6).
roots inK.

If A has no root, this is clear; otherwise we use induc-

tion on n. If A has a root a, write A =(X- a)A'; as A' is
of degree n -l, we can apply the theorem to it; writing A'
in the prescribed form, we get a similar product for A. If
A can be written as above and also as

A =(X- b 1)(X- b2) ••• (X- b,)R

where R has no root inK, then the root a of A must occur

among the a; and also among the bp and then, dividing by
X- a, we get for A' two products which, by the induction
assumption, must coincide. D
Corollary. A polynomial of degree n >0 has at most n
distinct roots.
 §X

Lemma. Let G be a group of order m. If, for every divisor d

of m, there are no more than d elements of G satisfying
xd = 1, G is cyclic.

For every divisor d of m, call tf;(d) the number of

elements of order din G; we have to prove that tf;(m) >0.
In any case, since every element of G has an order which
divides m, we have

m= L tf;(d).
dim

If, for some d, tf;(d) > 0, then G has an element of order d,

and this generates a cyclic group G' of order d. As all the
d elements of G' satisfy xd= 1, our assumption on G
implies that all the tf;(d) elements of G of order d are in
G'; by corollary 3 of theorem VIII.l, there are exactly
q;(d) such elements. Therefore, if tf;(d) is not 0, it has the
value q;( d). Since 2: tf;( d) has the value m, and 2: q;( d) has
45
 §X 47
46 §X

the same value by corollary 4 of theorem VIII.l, this Theorem X.2. If p is any prime, there is an integer r prime
implies that tf;(d)=q;(d) for all d; in particular, tf;(m)= toP such that l, r, r 2 , r 3, ••• , rP - 2, in some order, are respec-
tively congruent to 1, 2, ... ,p - 1 modulo p.
q;(m)>O.

Now we consider an arbitrary field K, and, denoting by This is only the traditional formulation for the fact that
K x the multiplicative group of the non-zero elements of the ~on.gru~nce classes erime to p modulo p make up the
K, we consider the elements and subgroups of finite order mulhphcahve group FP of the field FP of congruence
of K x. If x is an element of K x of order m, it satisfies classes modulo p, and that, by corollary 1 of theorem X.l,
xm= 1, and xa=xh if and only if a=b (mod m); tradi- this must be cyclic; if (r mod p) is a generator' of that
tionally, x is then called a root of unity, and more pre- group, r has the property stated in theorem X.2.
cisely a primitive m 1h root of unity. For any n, an element
x of K which satisfies x" = 1 is a root of unity whose order If m is an integer > 1,
the multiplicative group of
divides n. In the field of complex numbers, the number con~ruence classes ~rime to m modulo m is not always
cyclic (cf. e.g. exerctses VII.? and VII.8). It is cyclic if
·; 21T + l. sm-
. 21T and only if there is an integer r prime to m such that
e21TI m =cos-
m m ~r mod m) is of order q;(m) in that group, i.e., if and only
1f the smallest integer x > 0 such that rx = 1 (mod m) is
is a primitive m 1h root of unity; so is e 21ria/m for (a,m)= 1. q;(m); when that is so, r is called a primitive root modulo
m. Then, to every integer a prime to m, there is an integer
Theorem X.l. If K is any field, every finite subgroup of K x
x such that rx =a (mod m); this integer x, which is
is cyclic.
determined only modulo q;(m), is called the index of a and
denoted by ind,(a). By theorem VII.2, if r is a primitive
For every n >0, an element of K satisfying x" = 1 is a
root modulo m, the mapping
root of the polynomial X"- 1; by the corollary of theo-
rem IX.2, there are at most n such elements in K. Our
(a mod m)~(ind,(a) mod q;(m))
theorem follows now at once from the lemma.

Corollary 1. If K is a finite field, K x is cyclic. is an isomorphism of the multiplicative group of con-

gruence classes prime to m modulo m onto the additive
Corollary 2. If K is any field, and n an integer > 0, the group of all congruence classes modulo q;(m). In particu-
elements of K satisfying x" = 1 make up a cyclic group lar, we have, for a and b prime tom:
whose order divides n.
ind,(ab) =ind,(a) +ind,(b) (mod q;(m)).
It is clear that they make up a subgroup of K x; this is
cyclic, by theorem X.l; if it is generated by x, the order of
The analogy with logarithms is obvious.
x, which is also the order of the group, must divide n.
48 §X
§X
49

ExERCISES
X.8. Let K be a field containing a primitive m 1h root of unity x;
X. I. If m is any integer > 1, show that the number of primitive for each divisor d of m, call FAX) the product of the
roots modulo m is either 0 or <p( <p(m)).
factors X -xa for O<.a<m, (a,m)=;. Show that Fd is of
X.2. Find a primitive root r modulo 13; tabulate ind,(a) for degree <p(d) and prove the formula
1 <.a<. 12; use the table to find all primitive roots modulo
13, and to tabulate 51h and 29 1h powers modulo 13. xm-1 = II FiX);
dim
X.3. Use the existence of a primitive root modulo p, where p is hence, using exercise X.7, prove that
a prime, to show that 1"+2"+ · · · +(p-1)" is congruent
to 0 or to - 1 modulo p according to the value of the Fm(X)= II (Xmfd_l)"(d)_
integer n ~ 0. dim

X.4. Show that a primitive root modulo an integer m > 1 is also X.9. K being as in exercise X.8, prove that the sum of all
1
a primitive root modulo every divisor of m (Hint: use primitive m h roots of unity in K is p.(m). State the special
exercise V.6). case of this result for K = FP, m = p- 1.
X.5. Using the binomial formula, prove by induction that, if p
is an odd prime, then, for all n ~ 0:
(l+pxY"=1+p"+ 1x (modp"+ 2 )
(cf. exercise VI.IO). Hence show that, if r is a primitive
root modulo p, it is a primitive root modulo p" if and only
if p 2 does not divide rp-!_ 1, and that in any case either r
or r + p is a primitive root modulo p n.
X.6. Find all the integers m > 1 such that there exists a primi-
tive root modulo m (Hint: use exercises X.4, X.5, VII.7,
VII.8, and the fact that if r is a primitive root modulo an
odd integer m, then either r or r + m is a primitive root
modulo 2m).
X.7. An integer m > 0 is called "square-free" if it has no divisor
of the form n 2 where n is an integer > 1. For every m > 0,
put p.(m) = (- 1)' if m is square-free and the product of r
primes (with r=O if m= 1), and p.(m)=O otherwise. Prove
that p.(ab) = p.(a)p.(b) if a is prime to b; hence show that
L p.(d) is 1 if m= 1, and 0 if m> 1 (Hint: write mas in
dim
exercise IV.4).
 §XI

Now we will consider equations of the form xm =a, in a

field K (or occasionally in a ring); the case a= 1 has been
discussed in § X. As the case a= 0 is trivial, we assume
a*O. If then, in the field K, x is a solution of xm=a,
an element x' of K is also a solution if and only if
(x' / x)m = 1. Therefore, if xm =a has a solution in K, it
has as many solutions as K contains mth roots of unity,
i.e. roots of xm- 1.
Here we are chiefly concerned with the field FP of
congruence classes modulo a prime p.

Theorem XI.l. Let p be a prime, man integer >0, and a

an integer prime to p; put d = ( m,p- 1). Then the con-
gruence xm=a (mod p) has either exactly d solutions
modulo p or no solution; it has a solution if and only if the
congruence yd =a (mod p) has a solution; this is so if and
1
only if a<P- I)/ d = 1 (mod p ), and there are exactly p :
such values of a modulo p.
51

_\
l
.:l
 §XI §XI
52 53

We use the fact that the group FPx is cyclic, or, what there are n quadratic residues modulo p, viz., the classes
amounts to the same, that there is a primitive root r of l,r 2 , • •• ,r2" - 2, and the same number of non-residues,
modulo p (cf. § X). Put a=r 1 , x=ru (mod p), i.e. t= viz., the classes of r,r3, ... ,r 2" - 1.1f xis a solution of x 2 =a
ind,(a), u=ind,(x). Then the congruence xm=a (modp) (mod p), this congruence has the two solutions ± x, and
is equivalent to mu =t (mod p- 1), and our conclusions no other, modulo p.
follow at once. from .theorem VI.~ frovided we note t~at
t=O (mod d) 1s eqmvalent to 7 t=O (mod p -1), 1.e. Theorem XI.2. Let p = 2n + 1 be an odd prime, and a an
integer prime top. Then an is congruent either to + 1 or to
to a<P-!)/d= 1 (modp). - 1 modulo p; a is a quadratic residue or a non-residue
modulo p according as an=+ 1 (mod p) or an= -1
Take for instance the congruence x 3 =a (mod p ), with a (modp).
prime top. For p=3, this is equivalent to x=a (mod 3).
Take the case where p = 1 (mod 3); as this implies p =1=2, p Put b =an; by Fermat's theorem (i.e. the corollary of
is also = 1 (mod 2), hence of the form 6n + 1; we have theorem VIII.3), we have b 2 = 1 (mod p), hence b = ± 1
d= 3, P ~ =2n; the congruence x 3 =a (mod p) has a
1
(modp). We can now apply theorem XI.l.
solution if and only if a is congruent to one of the
numbers 1, r 3, ... ,rP- 4 modulo p, and then, if x is one Corollary. -1 is a quadratic residue or a non-residue
solution, the solutions are given by xr 2nz modulo p with modulo the odd prime p, according as p = 1 or p = - 1
z = 0, 1, 2. If p = 2 (mod 3), in which case p is either 2 or of (mod 4).
the form 6n-l, the congruence x 3=a (mod p) has one
and only one solution for every a prime top. In fact, (- 1)" is + 1 or - 1 according as n is even or
From now on, we consider only the case m = 2. Then odd.
=
x 2 1 (mod p) has no other solution than 1 if p =2, and
has the two solutions ± 1 if p > 2.
ExERCISES
Definition. If p is an odd prime, an integer a prime top is
called a quadratic residue or a quadratic non-residue XI. I. If p is an odd prime divisor of a 2 + b2 , where a, b are
modulo p according as the congruence x 2 =a (mod p) has integers, show that p must be congruent to 1 modulo 4
unless it divides both a and b.
a solution or not.
XI.2. If p is an odd prime, and a is prime top, show that the
As no other case than m = 2 will occur, the word congruence ax 2 + bx + c = 0 (mod p) has two solutions,
"quadratic" will occasionally be omitted; otherwise one one or none according as b 2 - 4ac is a quadratic residue,
speaks of "cubic residues" if m = 3, "biquadratic residues" 0 or a non-residue modulo p.
if m =4, etc. XI.3. If m, n are mutually prime integers > 0, and F is a
Let p be an odd prime; put p =2n + 1, and let r be a polynomial with integral coefficients, show that the con-
primitive root modulo p. Then theorem XI.l shows that gruence F(x)=O (mod mn) has a solution if and only if

I
54 §XI

F(x)=O (mod m) and F(x)=O (mod n) both have solu- § XII

tions (Hint: use exercises V.6 and Vl.l).
XI.4. If p is an odd prime, n > 0, and a is prime top, prove by
induction on n that the congruence x 2 =a (mod p ") has a
solution if and only if a is a quadratic residue modulo p:
show that, if x is a solution, there are no other solutions
than ± X modulo p n.
XI.5. Show that, if a is an odd integer, and n > 2, the con-
gruence x 2 :=a (mod 2") has a solution if and only if a= 1
(mod 8) (Hint: use induction on n, observing that, if x is
a solution, either x or x +2"- 1 is a solution of y 2 =a
(mod 2"+ 1)). If xis a solution, find the other solutions.
Xl.6. Use exercises XI.3,4,5 to give a criterion for the con-
gruence x 2 =a (mod m) to have a solution when m is any
integer > 1, and a is prime to m.
Xl.7. If, for some m > 1 and some a prime tom, the congruence Let p be an odd prime; put p = 2n + 1. Write G for the
x 2 :=a (mod m) has exactly n distinct solutions modulo m, multiplicative group FPx of congruence classes prime top
show that there are exactly <p(m) values of a, prime tom modulo p; this has a subgroup H of order 2 consisting of
n the classes (± 1 mod p); we apply to G and H the
modulo m, for which this is so.
definitions and lemma of § VIII. If x is an element of G,
it belongs to one and only one coset xH; this consists of
the two elements ( ± x mod p); there are n such cosets,
viz., the cosets ( ± 1 mod p ), ( ± 2 mod p ), ... , ( ± n mod p ).
If, in each coset, we choose one element, and if we write
these elements, in any order, as u 1, ••• , un, this is known as
"a set of representatives" for the cosets of H in G; then
every integer prime top is congruent to one and only one
of the integers ± u 1, ••• , ± un modulo p. For the purposes
of the next lemma, which is due to Gauss and known as
Gauss' lemma, such a set { u 1, ••• , un} will be called a
"Gaussian set" modulo p. The simplest such set is
{ 1,2, ... ,n}.

55
56 §XII §XII 57

Lemma. Letp=2n+l be an odd prime, and {u 1, ••• ,un} a

Gaussian set modulo p. Let a be an integer prime top; for
Definition. If(
is an odd prime, and a an integer prime to
p, we define ; ) to have the value + 1 or -1 according
1 <. i <. n, let e; = ± 1 and i' be such that au; =e;ur (mod p ).
Then a is a quadratic residue modulo p or not according as as a is a quadratic residue or not modulo p; this is called
the product e 1e2 ••• en is + 1 or -1.
the Legendre symbol.

In the n congruences au; =e;ur (mod p), no two values When p is given, the symbol ( ; ) depends only upon
of i' can be the same, since otherwise this would give the congruence class of a modulo p. Its definition implies
au;= ±auk (mod p) for some i =l=k, hence u; = ± uk 2

(mod p), which contradicts the definition of a Gaussian that ( ~ ) = 1 for all a prime top. .
set. Therefore, if we take the product of all these con- If r is again a primitive root modulo p, and if a =rx
gruences, we get (modp), i.e. x=ind,(a), we have (;)=(-lY; here one
an(u 1u2 ••• un) = ( e 1e2 ••• en)· ( u 1u2 ••• un) (mod P) should note that this does not depend upon the choice of
x, since x is well defined modulo the even integer p- 1.
and therefore From the fundamental property of the index (cf. the last
formula of § X), it follows that the Legendre symbol has
the property
since all the u; are prime top. Our conclusion follows now
from theorem Xl.2. ( ~ ) = (; )· (; ) for all a, b prime top.

Theorem XII.l. Let p be an odd prime; then 2 is a Theorems Xl.2, its corollary, and theorem XII.l, give
quadratic residue modulo p if p = 1 or 7 (mod 8), and a respectively:
non-residue if p = 3 or 5 (mod 8).
a(p-1)/2=(;) (modp), ( ~1 )=(-l)(p-1)/2, /
Put p = 2n + 1, and apply Gauss' lemma to a= 2 and
the Gaussian set {1,2, ... ,n}. If n=4m or 4m+l, e; has
the value + 1 for 1 <. i <. 2m, and - 1 otherwise; then the
product of thee; is (-l)n- 2m=(-lt. If n=4m+2 or
m~( -l)(,'-f
(as to the last formula, observe that P'~ is alwJ an
4m +3 e. is + 1 for 1 <.i <.2m+ 1, and -1 otherwise, and 1
the product of thee; is (-lt- 2m- 1=(- it- 1. A straight-
' I

forward application of the lemma gives now the result integer, even if p= 1 or 7 (mod 8) and odd if p1i or 5
stated above. (mod 8)). ·
58 §XII
§XII 59

The following theorem is known as "the quadratic

reciprocity law": tions

Theorem XII.2. If p and q are distinct odd primes, then l<x<n, l<y<m, -n<qx-py<m.
Now let S be the number of pairs (x,y) satisfying
( ~ )· ( ; ) = ( -l)[(p-l)/2]·[(q-l)/2]
1 <x <n, 1 <y <m, qx-py< -n,
Putp=2n+ 1, q=2m+ 1. Apply Gauss' lemma to a=q and let T be the number of pairs (x',y') satisfyip.g
and to the "Gaussian set" {1,2, ... ,n} modulo p. For
1 <x <n, we have to write qx=exu (modp) with ex=± 1 l<x'<n, l<y'<m, qx'-py'>m.
and 1<u <n; this can be written as qx=exu+py, where
ex, u,y are uniquely determined by these conditions when Between those last two sets, there is a one-to-one corre-
x is given. In particular, ex has the value - 1 if and only if spondence defined by
we have qx = py- u, or equivalently py = qx + u, with x' = n + 1- x, y' = m + 1- y;
1,;;;; u <n. This implies y > 0, and also
in fact, when that is so, we have
1 q+ 1
y< p(q+l)n<--=m+l.
2 qx'-py'-m= -(qx-py+n).
In other words, we have ex= -1 if and only if we can Therefore S = T. On the other hand, M + N + S + T is the
find y such that the pair ( x,y) satisfies the conditions total number of pairs (x,y) with 1 <x <n, 1 <y <m, and is
therefore equal to mn. Finally we have
1 ,;;;; x < n, 1 <y < m, 1 <py - qx <n.

Consequently, if N is the number of such pairs (x,y), (~ )·(!)=< -l)M+N =( -l)M+N+S+T =( -l)mn,
Gauss' lemma gives ( ; ) = (- 1)N.
as was to be proved.
Similarly, ( ~) has the value (- l)M, if M is the number
of pairs (x,y) satisfying
EXERCISES
l<x<n, l<y<m, l<qx-py<m. XII. I. Letp be an odd prime; letf(a) be a function, defined for
As qx- py cannot be 0 if xis prime top, and in particular a prime top, taking no other values than ±
that (
t/
and such
if 1 ,;;;; x ,;;;; n, this shows that the left-hand side of the
formula in our theorem has the value ( -l)M+N, where f(ab)=j(a)f(b); f(a)=f(b) if a=:=b ( odp).
M + N is the number of pairs (x,y) satisfying the condi- Show that either f(a)= l for all a, or f(a)= ( ~) for all a.
60 §XII

XII.2. If p is an odd divisor of a 2 + 2b 2, where a, b are integers,

show that p is congruent to 1 or to 3 modulo 8 unless it § XIII
divides both a and b.
XII.3. If p and q are primes such that p=2q+ 1 and q=l
(mod 4), show that 2 is a primitive root modulo p.
XII.4. Using only Gauss' lemma, find all the values of the
prime p > 3 for which 3 is a quadratic residue.
XII.5. Let a be a non-zero integer. Prove that, if p and q are
odd primes, not divisors of a, such thatp=q (mod 4jal),
then { ~) = { ~) (Hint: write a= ± n2b, where b is
"square-free" (cf. exercise X.7); then apply the quadratic
reciprocity law to every odd prime divisor of b and top
and q; also, apply theorem XII.l if b is even, and the
corollary of theorem Xl.2 if a < 0).

We recall the concept of a complex number; this is a

number of the form x+ ry, where x,y are real numbers; i
satisfies i 2 =- 1, and the rules for addition and multi-
plication are the well-known ones. In particular, multi-
plication is given by

(x+ ry)(x' + ry') =(xx'- yy')+ i(yx' + xy').

For addition and multiplication, the set C of complex

numbers makes up a unitary ring, with the unit element
l=l+i·O (cf. §VI). If a=x+ry, one writes ii=x-ry,
and calls ii the imaginary conjugate of a; the imaginary
conjugate of ii is then a. The mapping a~ii is a one-to-
one mapping of C onto itself, preserving the operations of
addition and multiplica 'on;j!_is thus an "automorphism"
of C, i.e. an isom 1sm of C onto itself.
We wri~ a)= aii, and call this the norm of a. By the
multiplication rule, if a=x+ry, N(a)=x 2 +y 2 ; by the
commutativity of multiplication, we have N(ab) =
N(a)N(b). The norm of a is 0 if and only if a is 0;

61
62 §XIII
§XIII 63

otherwise it is a real number > 0. Consequently, for any

a=x+ry*O, we may put a*O, there is one and only one, say b=x+iy, satisfying
x > 0, y;;;,. 0; that one will be called normalized. For in-
( )
-1- X · Y stance, among the associates ± 1± i of 1+ i, 1+ i and no
a'=Na a=N(a)-zN(a)' other is normalized. Geometrically, the points in the
plane, corresponding to the associates of a, are th~~e
and then aa'= 1, and, for every b, a(a'b)=b; conversely,
deduced from a by a rotation around 0 by an angle T
if az=b, we have a'(az)=a'b, hence, by associativity,
z =a' b. This shows that C is in fact a field. As usual, we with n = 0, 1, 2, 3; the normalized one is the one which lies
associate, with the complex number a= x + ry, the point either on the positive real axis or in the "first quadrant".
(x,y) in the plane; its Euclidean distance from the A Gaussian integer of norm > 1 is called a Gaussian
"origin" 0 is then lal = N(a) 112 ; this is also called the prime if it has no other divisor than the units and its own
"absolute value" of a. associates. It amounts to the same to say that q is a
For our purposes, we have to consider, rather than the Gaussian prime if it is not 0 or a unit and has no divisor
field C, the subset of C consisting of the complex numbers whose norm is > 1 and <N(q). Ordinary integers which
x + ry where x,y are in Z, i.e. ordinary integers. It can .be are prime in the previously defined sense (§ IV) will be
verified at once that this is a ring; it is called the Gausszan called rational primes (or "ordinary primes"). If q is a
ring, and its elements are called Gaussia.n integers. <;:!early Gaussian integer and N(q) is a rational prime, then q is a
a~ii is an automorphism of that nng. If a 1s any
Gaussian prime; as we shall see, the converse is not true.
Gaussian integer, N(a) = aii is a positive integer in Z. The associates of a Gaussian prime are Gaussian primes;
Occasionally we also consider the numbers x + ry where as we have seen, there is one and only one of these which
x y are in Q, i.e. rational numbers; just as above one sees is "normalized" in the above defined sense. If q is any
that they make up a field (the "Gaussian field").. . Gaussian prime, so is ij. If a is any Gaussian integer, not 0
If a b x are Gaussian integers and b =ax, b 1s satd to nor a unit, then its divisor of smallest norm > 1 must be a
be a ~uitiple of a; a is said to divide b or to be a diviso~ of Gaussian prime.
b; when that is so, N(a) divides N(b). Every Gausstan Gauss, who introduced Gaussian integers into
integer divides its norm. . . . . number-theory, found that they can be (essentially
A divisor of 1 is called a unit; 1f a= x + zy 1s a urut, uniquely) factorized into Gaussian primes, in close anal-
N(a) must divide 1 and so has to be 1; as x,y are integers, ogy with ordinary integers. This will now be proved; the
this implies that one of them is ± 1 and the other 0. method is the same as in §§ II, III, IV (and as in § IX).
Therefore the Gaussian units are ± 1, ± i. We first prove lemma, similar to those in § II and §IX.
Two non-zero Gaussian integers a, b divide each other
if and only if they differ only by a factor which is a unit, Lemma. Let a b be Gaussian integers, with b*O. Then
there is a multz le bq of b such that
i.e. if b = ea with e = ± 1 or ± i; then they are called
associates. Among the four associates of a given integer
N(a-bq)< tN(b).

\
 §XIII 65
64 §XIII

For any real number t, there is 'a largest integer m <t, termined if we prescribe that it should be "normalized"
and we have m.;;;;, t <m + 1; by the nearest integer m' to t, (in the sense defined above). If it is 1, we say that
a, b, ... , c are mutually relatively prime. We can now re-
we will understand either m or m + 1 according as t- m is
peat the contents of §§ III and IV, except that the proof
<m+l-t or not; then we have lt-m'l<t. Now let
z = x + iy be any complex number; call m the nearest
of theorem IV.2 was by induction on the integer a in that
theore~, w~ile now one has to use induction on N(a). The
integer to x, n the nearest integer toy, and put q = m +in.
conclusiOn 1s:
Then q is a Gaussian integer, and we have
Theorem XIII.2. Every non-zero Gaussian integer can be
written "essentially uniquely" as a product of a. unit and of
Gaussian primes.
Apply this to z = ~ , where a, b are the integers in the
lemma. The Gaussian integer q defined by the above Here the words "essentially uniquely" have the follow-
construction has then the required property. ing meaning. Let

Theorem XIII.l. Let 9R be a non-empty set of Gaussian

integers, closed under addition and such that, if a is in [Q, be two products of the required type for some a =t= 0
all multiples of a are in 9R. Then 9R consists of all the where
•
e, e' are units and the q.'J and qlc are Gaussia~
multiples of some Gaussian integer d, uniquely determined pnmes. Then the theorem should be understood to say
up to a unit factor. that r = s and that the qlc can be reordered so that q~ is an
.
assoctate of qj for 1 <} <r; if a is a unit, r=O. 'JIf one
If 9R= {0}, the theorem is true with d=O. If not, take in
prescribes that the prime factors of a should be "normal-
9R an element d of smallest norm > 0. If a is in 9R, we can
ized", then the product is uniquely determined up to the
apply the lemma and write a=dq+r with N(r)<tN(d).
order of the factors.
Then r =a- dq is in 9R, which contradicts the definition Ordinary integers are also Gaussian integers; in order
of d unless r = 0, a= dq. As to unicity, if d' has the same to obtain their decomposition into Gaussian primes, it is
property as d, d and d' must be multiples of each other, so enough to do this for "ordinary" primes.
that d' is an associate of d.
Theorem XIII.3. Let p be an odd rational prime. Then it is
Just as in§ II (and in§ IX), we can now apply theorem
~ither a qaussian prime or the norm of a Gaussian prime q;
XIII.l to the set of all linear combinations ax+ by
m the la~er case p = qij, q and ij are not associates, and p
+ · · · +cz, where a,b, ... ,c are given Gaussian integers has n.o ther Gaussian prime divisor than q, ij and their
and x,y, ... ,z are arbitrary Gaussian integers, and so
assoczate .
define the g.c.d. (a,b, ... ,c); this will be uniquely de-

\
\
66 §XIII
§XIII 67

Put p=eq 1q2 ... qr as in theorem XIII.2. Taking the

XIII.4 if p is odd, and the above remarks if p = 2, we get
norm, we find thatp 2 is the product of the N(q_). If one of
our conclusion.
the N( lJ.i) is p 2, then r = 1, p = elJ.i, and p itself is a Gaussian
prime. Otherwise each N(q) is p, and we can write p = Corollary 2. A rational prime can be written as a sum of
N(q)=qq, with q a Gaussian prime; q is then also a two squares if and only if it is 2 or congruent to 1 modulo 4.
Gaussian prime. Put q = x + ry; if q was an associate of q,
it would be ± q or ± iq; this gives either y = 0, p = x 2 , or In fact, if p = x 2 +y 2 , p cannot be a Gaussian prime,
x = O, p = y 2 , or y = ± x, p = 2x 2 ; this cannot be, since p is since it has the divisors x± ry.
an odd prime. It is worthwhile pointing out that this is a' statement
As top= 2, its decomposition is given by concerning rational integers which has been proved using
2 a larger ring, viz., the Gaussian integers.
2= N(l + i) =(1 + i)(l- i) = i 3(1 + i) ;

this has the only normalized prime factor 1 + i. EXERCISES

> 1 and
XIII. I. If a positive integer is written as n 2a where a is
Theorem XIII.4. Let p be an odd rational prime. Then p is square-free (cf. exercise X.7), show that it can be writ-
a Gaussian prime or the norm of a Gaussian prime accord- ten as a sum of two squares if and only if every odd
ing as it is congruent to 3 or to 1 modulo 4. prime divisor of a is = 1 (mod 4). If that is so, and a
has r prime divisors, find the number of representations
If it is the norm of q= x+ ry, we have p = x 2 + y 2 , of a as a sum of two squares.
where one of the integers x,y must be odd and the other
XIII.2. If an integer is the sum of two relatively prime squares,
even. Then one of the squares x 2 ,y 2 is congruent to 1 and
show that the same is true of every divisor of that
the other to 0 modulo 4, so that p = 1 (mod 4). Conversely, integer.
if this is so, the corollary of theorem X1.2 shows that - 1
is a quadratic residue modulo p, so that there is x such XIII.3. Using the representation of complex numbers by points
that x 2 + 1 is a multiple ofp. As x 2 + 1 =(x+ i)(x- i), this, in the plane, show that, if z is any complex number,
there is a Gaussian integer q whose distance to z is
if p were a Gaussian prime, would imply that p divides
either x + i or x-i. Obviously this cannot be so. ~ V2
~ 2 ,· show that, among all Gaussian integers, there
is at least one whose distance to z is smallest, and that
Corollary 1. Every Gaussian prime is either ± 1± i, or an there are no ore than four with that property (Hint:
associate of a rational prime congruent to 3 modulo 4, or cf. the proof f the lemma in § XIII).
else its norm is a rational prime congruent to 1 modulo 4.
XIII.4. The congrue ce relation being defined for Gaussian
In fact, every Gaussian prime q must divide some integers in t e same way as for ordinary integers (cf.
§ V), call f( ), for any Gaussian integer m~O, the
prime rational factor p of its norm qq; applying theorem
number of dis inct Gaussian congruence classes modulo
68 §XIII

m; show that f(mn)= f(m)f(n) for any two non-zero

Gaussian integers m, n (Hint: take representatives X;, INDEX
with 1 <,i <J(m), for the classes modulo m, representa-
tives y1, with 1 <,j <,f(n), for the classes modulo n, and
show that the X;+ my1 are representatives of the classes
modulo mn).
XIII.5. Use exercise XIII.4 to show thatf(m)= miii for every m
(Hint: apply exercise XIII.4 to m and to n =iii).
XIII.6. Show that, if m is a Gaussian integer of norm > 1, the
Gaussian congruence classes modulo m make up a field
if and only if m is a Gaussian prime. Show that, if N(m)
is a rational prime, each Gaussian integer is congruent
to some rational integer modulo m.

XIII.7. If w=- ~ + i v; , show that the complex numbers

x + yw, where x andy are ordinary integers, make up a
ring R, whose units are ± 1, ±w, ±w 2 . Prove that, if z is
any complex number, there is an element q of the ring
R such that N(z- q),;;;;;, t (Hint: cf. exercise XIII.3).
Hence prove the analogue of theorem XIII.l for the Abelian group 17 Gauss' lemma 55
ring R, and prove for that ring a unique factorization Absolute value 62 Gaussian field 62
theorem. Associate 63 Gaussian integer 62
XIII.8. Use exercise XIII.7 to show that a rational prime >3
Gaussian prime 63
can be written as x 2 + xy + y 2, with integers x,y, if and Commutative group 17 Gaussian ring 62
only if it is = 1 (mod 3). Congruence class 19 Gaussian set 55
Congruence modulo m 18 Generator 29
Coset 35 Greatest common divisor
Cyclic 31 7

Equivalence relation 19 Index 47

Euler function 25 Irreducible (polynomial)
Euler's theorem 36 41
Isomorphism 30
Fermat's t eorem 36
Field 26 Legendre symbol 57

69

/
70

Norm 61 Quadratic reciprocity law

Normalized (polynomial) 58 Other books by Andre Wei/
41
Rational prime 63
Order 31 Relatively prime 9 Basic Number Theory
Ring 23 Third Edition
Perfect square 11
Polynomial 39 Series of Fibonacci 7 " ... this book consists of the body of ideas usually associated with the name
Prime 13 Subgroup 18 of Class Field Theory, both local and global ... a coherent treatment of the
known "basic" results on which our knowledge of number the~ry today is
Primitive root of unity 46
founded. It may well be regarded by latter historians as one of the "classics"
Primitive root 47 Unitary (ring) 24 in this field, compared perhaps to Heeke's "Theorie der algebraischen
Principle of mathematical Zahlen" ... its emphasis lies on equipping the reader with the fundamental
induction 2 Zero-divisor 24 tools and a general "analytical outlook ... "
Bulletin of the London Mathematical Society

1974/xviii, 325 pp./Cloth

(Grundlehren der mathematischen Wissenschaften, Volume 144)
ISBN 0-387-06935-6

Elliptic Functions According to Eisenstein and Kronecker

This book presents in two parts a modern, never-before-published treatment

of Eisenstein's elementary but far-reaching methods in the theory of elliptic
functions and its further development by Kronecker. Eisenstein's method,
detailed here for the first time since his original paper of 1847, leads quickly
and elegantly to all the classical theorems in the theory, as well as to results
of considerable importance in modern number theory.

A systematic explanation ofthe topics connected with Kronecker's cele-

brated "limit formula" and its application is then presented in Part II. It also
provides an introduction to the fundamental importance of much of Heeke's
work whose contributions have also become an integral part of twentieth
century mathematicians.

1976/xii, 92 pp./Cioth
(Ergebnisse der Mathematik und ihrer Grenzgebiete, Volume 88)
ISBN 0-387-07422-8