6 Gaussian Integers and Rings of Algebraic Integers

One way that Euler, Lagrange, Jacobi, Kummer and others tackled Fermat’s Last Theorem was to try
to show that the equation x n + yn = zn had no non-zero solutions in a ring containing the integers.
Ultimately, proofs for a large number of exponents were obtained this way. Many other number
theory problems can be approached similarly.
Perhaps the simplest example of such a ring is the following:

Definition 6.1. The Gaussian integers are the set Z[i ] = { x + iy : x, y ∈ Z} of complex numbers
whose real and imaginary parts are both integers.

Z[i ] is a ring (really a subring of C) since it is closed under addition and multiplication:

( x + iy) + ( p + iq) = ( x + p) + i (y + q), ( x + iy)( p + iq) = ( xp − yq) + i ( xq + yp)

Note how the second follows from the fact that i satisfies the quadratic polynomial i2 + 1 = 0.

6.1 The Division and Euclidean Algorithms for the Gaussian Integers
Our first goal is to develop unique factorization in Z[i ]. Recall how this works in the integers: every
non-zero z ∈ Z may be written uniquely as

z = up1k1 · · · pknn

where k1 , . . . , k n ∈ N and, more importantly,

• u = ±1 is a unit; an element of Z with a multiplicative inverse (∃v ∈ Z such that uv = 1).

• p1 , . . . , pn are distinct irreducibles/primes; a | p =⇒ a = ±1 or ± p.

To do the same in Z[i ], we first need to identify the ingredients: what are the units and the Gaussian
primes? Since primality depends on divisibility, we start by working towards a division algorithm. . .

Definition 6.2 (Divisibility). Givena α, β ∈ Z[i ], we write α | β ⇐⇒ ∃γ such that β = γα.

a For the duration of this chapter, Greek letters denote complex numbers and Latin letters integers.

Examples 6.3. With the exception of 0 | 0, testing for divisibility requires the usual ‘multiply by the
conjugate’ trick:
7+i (7 + i )(1 − 3i ) 10 − 20i
1. Since = 1 − 2i ∈ Z[i ], we conclude that 1 + 3i  7 + i.

= =
1 + 3i 10 10
4+i (4 + i )(1 − 3i ) 7 − 11i
2. Since = = 6∈ Z[i ], we see that 1 + 3i - 4 + i.
1 + 3i 10 10
To obtain a version of the division algorithm we need some a notion that the remainder be smaller
than a divisor. Thankfully, the modulus provides such for the complex numbers. In part to avoid
nasty square roots, we instead use the square of the modulus.

1
Definition 6.4. The norm of a Gaussian integer α = x + iy is

N ( α ) : = | α |2 = x 2 + y2

The norm has a couple of useful basic properties analogous to the absolute value in Z:

Lemma 6.5. 1. (Multiplicativity) N (αβ) = N (α) N ( β): this holds for any complex numbers α, β.

2. (Units) α is a unit if and only if N (α) = 1, whence Z[i ] has precisely four units: ±1, ±i.

Proof. 1. Just multiply it out. We get almost the same formula as when we discussed sums of
squares: if α = x + iy and β = u + iv, then

N (αβ) = ( xu − yv)2 + ( xv + yu)2 = ( x2 + y2 )(u2 + v2 ) = N (α) N ( β)

2. α ∈ Z[i ] is a unit if and only if ∃ β ∈ Z[i ] such that αβ = 1. Taking norms, we see that

N ( α ) N ( β ) = N (1) = 1

Since norms are positive integers, this says that N (α) = 1.

Conversely, N (α) = 1 =⇒ αα = 1 so that α is a unit.

Theorem 6.6 (Division algorithm). Let α, β ∈ Z[i ] with β 6= 0. Then ∃γ, ρ ∈ Z[i ] for which

α = βγ + ρ and N (ρ) < N ( β)

The proof is somewhat algorithmic, so we obtain it before computing an example. First observe:

• The norm gives the required notion that the remainder ρ be smaller than the divisor β.

• Unlike with the division algorithm in Z, we make no claim that γ and ρ are unique.
ρ N (ρ) ρ
Proof. First reframe the goal. Since N ( β ) = N ( β)
, our job is to find ρ such that N ( β ) < 1. Since the
norm is distance squared, and we want
ρ α
= −γ
β β

it is enough for us to find any γ ∈ Z[i ] within distance 1 of αβ . This is trivial to do, since the Gaussian
integers form an equally-spaced lattice in the complex plane. Let γ be any suitable value and define
ρ = α − βγ, whence
 
α
N (ρ) = N (α − βγ) = N − γ N ( β) < N ( β)
β

We could have introduced uniqueness by choosing the closest γ to αβ , preferenced by lexicographic

ordering in case of a tie, but this would be unhelpfully messy!

2
Examples 6.7. 1. Let α = 4 + 5i and β = 3. Then αβ = 4+35i is iR
within unit distance of four Gaussian integers. In this case 3i
we have N ( β) = 9 and we may write the division algorithm
in four different ways
2i 4+5i
4 + 5i = 3(1 + 2i ) + (1 − i ) N (ρ) = 2 3
= 3(2 + 2i ) + (−2 − i ) =5
i
= 3(1 + i ) + (1 + 2i ) =5
= 3(2 + i ) + (−2 + 2i ) =8
0
2. Let α = 2 + 7i and β = 1 + 2i. Then 0 1 2 3 R
iR
α (2 + 7i )(1 − 2i ) 16 + 3i 4i
= =
β 5 5
3i
Choose γ = 3 + i and write

2 + 7i = (1 + 2i )(3 + i ) + 1
2i

where N (ρ) = N (1) = 1 < 5 = N ( β), as required. Two i 16+3i

other Gaussian integers lie within unit distance of αβ : the 5

corresponding statements of the division algorithm are 0

0 1 2 3 4 R
2 + 7i = (1 + 2i ) · 3 + (−1 + i ) N (ρ) = 2
= (1 + 2i )(4 + i ) − 2i =4

Greatest Common Divisors and the Euclidean Algorithm

The discussion of greatest common divisors and the Euclidean Algorithm is almost identical to that
in the integers, though there are some subtleties.

Definition 6.8. Given α, β ∈ Z[i ], consider the set

S = {κα + λβ : κ, λ ∈ Z[i ]}

A greatest common divisor δ of α and β is a non-zero element of S with minimal norm.

The definition is algebraically nice, but awkward to compute with directly, except in special cases.

Example 6.9. If we take α = 2 + i and β = i, observe that

1 = (1 + i )(2 + i ) − 3i ∈ S

Since no element of S could possibly have smaller positive norm, we conclude that 1 is a greatest
common divisor. As previously, we’d say that α, β are relatively prime.
Note that there are four distinct greatest common divisors: multiplying the above by any unit shows
that ±1, ±i ∈ S. Since no other complex numbers have norm 1, these are all the greatest common
divisors.

3
Trying to guess some linear combination of α, β as above is hopeless in general. Thankfully the
Eucldiean Algorithm will provide a systematic method. Before seeing this, we check that greatest
common divisors really have the properties their name leads us to expect!

Theorem 6.10. Let δ be any gcd of α, β. Then:

1. (Common divisor) δ divides both α and β;

2. (Maximality) Every common divisor of α, β divides δ (among all such, δ has maximum norm);

3. (Four gcds) S = {µδ : µ ∈ Z[i ]}. In particular, ±δ, ±iδ are all the greatest common divisors.

Since you should have seen a version of this for the integers, we leave the proof to the Exercises.
It is legitimate to write δ = gcd(α, β) as long as you appreciate (part 3) that the gcd is not unique! It
is common to normalize a gcd by insisting that x > 0 and y ≥ 0 where δ = x + iy: exactly one of the
four choices will satisfy this.
Now suppose we have a line from the division algorithm:
α = γβ + ρ =⇒ κα + λβ = (λ + κ ) β + κρ
The sets S generated by the pairs (α, β) and ( β, ρ) are therefore identical, and we conclude that
gcd(α, β) = gcd( β, ρ)! The Eucldiean algorithm now proceeds as in the integers: simply iterate
the division algorithm and the last non-zero remainder will be a greatest common divisor.
Since division of complex numbers is messier than in the integers, any given example of the Eu-
clidean algorithm takes much longer. . .

Examples 6.11. 1. We compute gcd(4 + i, 3).

Observe that 4+ i
3 is within unit distance of four Gaussian integers 1, 2, 1 + i, 2 + i. We perform
the calculation with the first of these.

4 + i = 1 · 3 + (1 + i ) N (1 + i ) = 2 < 9 = N (3)
3 = (1 − i )(1 + i ) + 1 N (1) = 1

The algorithm can be reversed to obtain

gcd(4 + i, 3) = 1 = 3 − (1 − i )(1 + i ) = 3 − (1 − i ) 4 + i − 3

= (2 − i ) · 3 + (i − 1)(4 + i ) (∗)

Alternatively, we could have done the following:

4 + i = 2 · 3 + ( i − 2) N ( i − 2) = 5
3 = (−1 − i )(i − 2) + (−i ) N (−i ) = 1

from which

gcd(4 + i, 3) = −i = 3 + (1 + i )(i − 2) = 3 + (1 + i )(4 + i − 2 · 3)

= (−1 − 2i ) · 3 + (1 + i )(4 + i )

This is simply (∗) multiplied through by −i.

4
 2. Find gcd(7 + 17i, 8 − 14i ). First apply the division algorithm:

α 7 + 17i (7 + 17i )(8 + 14i ) −7 + 9i

= = =
β 8 − 14i 82 + 142 10

so we choose

γ = −1 + i =⇒ 7 + 17i = (−1 + i )(8 − 14i ) + 1 − 5i

Applying again:

8 − 14i (8 − 14i )(1 + 5i )

= = 3 + i ∈ Z[i ] =⇒ gcd(7 + 17i, 8 − 14i ) = 1 − 5i
1 − 5i 26
Indeed we have
(3 + i )(−7 + 9i )
8 − 14i = (3 + i )(1 − 5i ) =⇒ 7 + 17i = (1 − 5i ) = (−3 + 2i )(1 − 5i )
10
Normalizing the gcd, we can write

gcd(7 + 17i, 8 − 14i ) = 5 + i = i (1 − 5i ) = i (7 + 17i ) + (1 + i )(8 − 14i )

Exercises 1. For each part, check whether the Gaussian integer β divides α.

(a) β = 3 + 5i, α = 11 − 8i
(b) β = 2 − 3i, α = 4 + 7i
(c) β = 3 − 39i, α = 3 − 5i
(d) β = 3 − 5i, α = 3 − 39i

2. In the division algorithm, explain why there is at least one γ ∈ Z[i ] for which N ( αβ − γ) ≤ 12 .

3. (a) Apply the division algorithm to the pair (11 − 8i, 3 + 5i ) to find Gaussian integers γ, ρ
satisfying α = βγ + ρ with N (ρ) ≤ 21 N ( β).
(b) Repeat (apply the Euclidean Algorithm in Z[i ]) until you compute a gcd of α and β.
(c) Express gcd(11 − 8i, 3 + 5i ) as a linear combination of α, β.

4. Compute gcd(3 + i, 2i ) in two ways:

(a) The easy way using the Euclidean Algorithm.

(b) The hard way using Definition 6.8: write κ = x + iy and λ = z + iw, compute

N [( x + iy)(3 + i ) + (z + iw) · 2i ] = (3x − y − 2w)2 + ( x + 3y + 2z)2

and try to minimize N. . .

5. Prove all three parts of Theorem 6.10.

(Hint: for part (a), let δ be a gcd and use the division algorithm to divide α by δ)

5
6.2 Primes and Irreducibles: Unique Factorization
As in the integers, unique factorization will follow from the equivalence of primes and irreducibles.

Definition 6.12. Let π be a Gaussian integer such that N (π ) ≥ 2 (π 6= 0 and not a unit).

• π is a Gaussian prime if π | αβ =⇒ π | α or π | β.
• π is irreducible if π = αβ =⇒ α or β is a unit.

Theorem 6.13. π is a Gaussian prime ⇐⇒ π is irreducible.

Proof. (⇒) Suppose π is a Gaussian prime and that π = αβ. Certainly π | αβ. Since π is prime we
assume WLOG that π | α. But then α = πγ for some γ ∈ Z[i ], whence

π = αβ = πγβ =⇒ 1 = γβ

This says that β is a unit and so π is irreducible.a

(⇐) Suppose π is irreducible and that π | αβ. Let δ = κπ + λα = gcd(π, α). Then δ divides both
π, α. But π is irreducible, whence δ is a unit or a unit multiple of π.
– If δ is a unit, then δβ = κπβ + λαβ is divisible by π. But δ is a unit, so π | β.
– If δ is a unit multiple of π, then π | α.

a This direction holds in any integral domain. The converse requires gcds and thus the norm and division algorithm.

Henceforth we will refer only to Gaussian primes. The term prime (or real prime for clarity) will continue
to refer to a positive integer. Identifying some Gaussian primes is easy:

Lemma 6.14. 1. If π is a Gaussian prime, so is its complex conjugate and any unit multiple.
2. If N (π ) is a (real) prime, then π ∈ Z[i ] is a Gaussian prime.

Proof. Part 1. is an easy exercise. For part 2., let π = αβ. Then

N (π ) = N (α) N ( β) prime =⇒ N (α) or N ( β) = 1 =⇒ α or β is a unit

Examples 6.15. 1. 3 + 2i is a Gaussian prime since N (3 + 2i ) = 13 is prime. Any unit multiple is

also a Gaussian prime (−2 + 3i, −3 − 2i, 2 − 3i), as are their complex conjugates.
As with gcds, it is common to normalize Gaussian primes: 3 + 2i is already in the desired form.
For the complex conjugate we’d likely take 2 + 3i = i (3 − 2i )
2. N (2) = 4: is 2 a Gaussian prime? No: 2 = (1 + i )(1 − i ). However, both factors 1 ± i are
Gaussian primes, since N (1 ± i ) = 2 is prime.
3. N (3) = 9: is 3 a Gaussian prime? Suppose 3 = αβ for some α, β ∈ Z[i ]. Then
N (α) N ( β) = 9 =⇒ N (α), N ( β) = 1, 3 or 9
If N (α) = 3, writing α = x + iy forces 3 = x2 + y2 ; a contradiction. Either α or β must be a unit
and so 3 is a Gaussian prime. This shows that the converse to Lemma 6.14 is false.

6
As parts 2 and 3 show, it is not straightforwad to identify Gaussian primes. A complete description
is coming, though since it follows from unique factorization, we first establish this.

Theorem 6.16 (Unique Factorization). Every Gaussian integer α is either zero, a unit, or may be
written as a product of Gaussian primes:

α = π1 · · · π k (∗)

This product is unique up to order and multiplication of primes by units. If we normalize the Gaus-
sian primes,a then we can write

α = µπ1 · · · πk (†)

where µ is a unit and the factorization is unique up to the order of the π j .

aπ = x + iy where x > 0 and y ≥ 0.

The proof is essentially identical to the that for the integers, and comes in two Lemmas.

Lemma 6.17 (Existence). Every α with N (α) ≥ 2 is a product of Gaussian primes.

Proof. We prove by induction.

(Base Case n = 2) Suppose N (α) = 2. Then N (α) is prime and so α is a Gaussian prime.
(Induction step) Fix n ≥ 2 and assume that every Gaussian integer with norm at most n may be
factored as a product of Gaussian primes. If N (α) = n + 1, then either:
• α is a Gaussian prime, or;
• α = βγ where neither factor is a unit. But then 2 ≤ N ( β), N (γ) ≤ n, whence α is a product
of Gaussian primes.

By induction, every non-zero non-unit Gaussian integer may be factored as in (∗).

This is really factorization into Gaussian irreducibles: it depends only on the existence of the norm.

Lemma 6.18 (Uniqueness). The factorization (†) is unique up to ordering.

Proof. Suppose α has two factorizations into normalized Gaussian primes as in (†). Setting these
equal, we may divide both sides by common elements to obtain

π1 · · · πs = µψ1 · · · ψt

where {πi } and {ψj } are distinct sets and µ is a unit. However, π1 now dividesa some ψj and thus
equals ψj by normalization. This is a contradiction unless the factorizations differ only by ordering.

a This is where the equivalence of Gaussian primes and irreducibles is used. Since this depends on the division algorithm
and gcds, in more general rings, the existence of a factorization into irreducibles is much more likely than its uniqueness!

7
Computing the Prime Factorization
We now discuss how to compute the unique factorization of any Gaussian integer α = x + iy. This is
built on the factorization of N (α) = x2 + y2 ∈ Z and depends on three types of prime p | N (α).

p = 2: Suppose that 2 | N (α). Since 2 | x2 + y2 , we see that x, y have the same parity, and so

x+y y−x
 
α = x + iy = (1 + i ) + i
2 2

is a factorization in Z[i ].

p ≡ 3 (mod 4): This is a generalization of Example 6.15.3. If p = βγ, then N ( β) N (γ) = p2 . We

cannot have N ( β) = N (γ) = p, since p is not a sum of squares. It follows that one of β, γ is a
unit, whence p is a Gaussian prime.
Since p | x2 + y2 we have x2 ≡ −y2 (mod p). Taking Legendre symbols,

x2 − y2 −1 y2 y2 x y
            
= = =− =⇒ = =0
p p p p p p p

Clearly x and y are both divisible by p; we conclude that p | α.

p ≡ 1 (mod 4): Write p = a2 + b2 as a sum of squares, where we may assume both a, b > 0. Plainly
N ( a + ib) = p is prime and so π := a + ib is a Gaussian prime. Now compute1

α ( a − ib)( x + iy) ax + by ay − bx α ay + bx by − ax
= = + i and = + i
π a2 + b2 p p iπ p p

We want at least one of these to be a Gaussian integer. Since p | N (α), we see that

( ax + by)(by − ax ) = b2 y2 − a2 x2 = ( a2 + b2 )y2 − a2 ( x2 + y2 ) = py2 − a2 ( x2 + y2 )

is divisible by p, whence at least one of the LHS factors is also divisible by p. Similarly

( ay − bx )( ay + bx ) = py2 − b2 ( x2 + y2 ) is divisible by p

is divisible by p. There are four cases:

1. If p | ax + by and p | ay − bx then π | α.
2. If p | by − ax and p | ay + bx then π | α.
3. If p | ax + by and p | ay + bx then p divides

( ax + by)y − ( ay + bx ) x = b(y2 − x2 )

Since p - b (p > b2 !) we conclude that p | y2 − x2 . Combined with p | x2 + y2 , we see that

p | 2x2 and p | 2y2 , whence p | x and p | y. But then both π | α and π | α.
4. If p | by − ax and p | ay − bx, we obtain the same conclusion: π, π both divide α.
1 In the second case we divide by iπ = b + ia so that the calculations are symmetric. This is of no consequence.

8
We summarize this discussion in our major result.

Theorem 6.19 (Classification of Gaussian Primes and the Computation of Unique Factorization).
The following comprise all the Gaussian primes. In each case, we also identify when a Gaussian
prime divides a given Gaussian integer α.

1. 1 + i: moreover if 2 | N (α), then 1 + i | α.

2. (Real) Primes p ≡ 3 (mod 4): if p | N (α), then p | α.

3. π = x + iy where p = x2 + y2 is a prime congruent to 1 modulo 4: if p | N (α), then one or both

π or π divides α.

4. Any unit multiple of the above.

Proof. Given α, compute the prime factorization of N (α). Each real prime corresponds to one of the
above Gaussian primes. Divide these out from α until there are no remaining prime divisors of N (α):
we are necessarily left with a unit µ and a factorization

α = µπ1 · · · πn

where each πk is one of the Gaussian primes described in the Theorem. By unique factorization
(Theorem 6.16), there are no other Gaussian primes.

Examples 6.20. 1. Factorize 7 + 17i and 8 − 14i into Gaussian primes and thus find their gcd.

N (7 + 17i ) = 338 = 2 · 132 =⇒ 7 + 17i has one factor of 1 + i and two factors with norm 13.
First divide by 1 + i:
7 + 17i
= 12 + 5i
1+i
Since 13 = 22 + 32 , the remaining factors come from {2 + 3i, 2 − 3i }: try to divide by the first:
12 + 5i (12 + 5i )(2 − 3i ) 24 + 15 + (10 − 36)i
= = = 3 − 2i = −i (2 + 3i )
2 + 3i 13 13
=⇒ 7 + 17i = (1 + i )(12 + 5i ) = −i (1 + i )(2 + 3i )2
Repeat: N (8 − 14i ) = 22 · 5 · 13 implies that 8 − 14i has two factors of 1 + i and one each from
the pairs 1 ± 2i and 2 ± 3i. First divide out by (1 + i )2 = 2i:

8 − 14i = −(1 + i )2 (7 + 4i )

Now try dividing by 2 + 3i:

7 + 4i (7 + 4i )(2 − 3i ) 26 − 13i
= = = 2 − i = −i (1 + 2i )
2 + 3i 13 13
=⇒ 8 − 14i = −i (1 + 2i )(7 + 4i ) = i (1 + i )2 (1 + 2i )(2 + 3i )
Clearly gcd(7 + 17i, 8 − 14i ) = (1 + i )(2 + 3i ) = −1 + 5i = i (5 + i ). Up to multiplication by a
unit this is the same as we obtained via the Euclidean algorithm on page 5.

9
 2. Factorize −39 + 48i into Gaussian primes.
First observe that −39 + 48i = 3(−13 + 16i ) and that 3 is a Gaussian prime. Now consider the
norm of what remains:

N (−13 + 16i ) = 169 + 256 = 425 = 52 · 17

Since N (2 ± i ) = 5 and N (4 ± i ) = 17 we have two factors of 2 + i or 2 − i and one factor of

4 ± i. Try the latter first:

−13 + 16i (−13 + 16i )(4 ∓ i ) −36 + 73i −68 + 51i

= = ,
4±i 17 17 17

Only the latter is a Gaussian integer: −4 + 3i. We check that (2 + i )2 = 3 + 4i, whence

−4 + 3i = i (3 + 4i ) = i (2 + i )2 =⇒ −39 + 48i = 3i (2 + i )2 (4 − i )

Normalizing this we obtain

−39 + 48i = 3(2 + i )2 (1 + 4i )

Application to sums of squares

The discussion on Gaussian primes leads to an alternative way to condider sums of squares:

A positive integer m = x2 + y2 is the sum of two squares if and only if it is the norm of
some Gaussian integer m = N ( x + iy).

The question of how to write m as a sum of two squares may now be rephrased:

Find all α ∈ Z[i ] such that N (α) = m.

The prime factorization of m determines all possible factorizations of α, and thus all possible α.

Examples 6.21. 1. We find all factorizations of 65 = 5 · 13 as a sum of squares.

Suppose 65 = N (α). Since 5 = N (2 ± i ) and 13 = N (3 ± 2i ), unique factorization tells us that

65 = x2 + y2 where x + iy = α = µ(2 ± i )(3 ± 2i )

where any of the four combinations of ± are possible and µ is a unit for 16 total possibilities. We
need not compute all these directly, since multiplying by units and taking complex conjugates
of the final result merely permutes x, y and changes their signs. We therefore only need to
consider two cases:

α1 = (2 + i )(3 + 2i ) = 4 + 7i, α2 = (2 + i )(3 − 2i ) = 8 − i

which produce the representations

65 = 72 + 42 = 82 + 12

If one includes different signs and orders, we obtain the advertised 16 distinct representations.

10
 2. 100 = 22 · 52 = N (α) =⇒ α = µ(1 + i )2 (2 ± i )(2 ± i ). Up to complex conjugation and
multiplication by units, we have only two options

100 = N (1 + i )2 (2 + i )2 = N (−8 + 6i ) = 82 + 62

= N (1 + i )2 (2 + i )(2 − i ) = N (10i ) = 102 + 02

Including order and signs, we have 12 distinct representations.

3. 19890 = 2 · 32 · 5 · 13 · 17 = N 3(1 + i )(2 ± i )(3 ± 2i )(4 ± i ) . Up to complex conjugation, and

multiplying by units, the term inside the norm can be chosen in four different ways:

19890 = N 3(1 + i )(2 + i )(3 + 2i )(4 + i ) = N (−69 + 123i ) = 1232 + 692

= N 3(1 + i )(2 + i )(3 + 2i )(4 − i ) = N (−3 + 141i ) = 1412 + 32

= N 3(1 + i )(2 + i )(3 − 2i )(4 + i ) = N (87 + 111i ) = 1112 + 872

= N 3(1 + i )(2 + i )(3 − 2i )(4 − i ) = N (129 − 57i ) = 1292 + 572

These yield 32 representations when orderings and signs are included.

A general result for the number of representations of a positive integer as a sum of two squares can
easily be stated in terms of its prime decomposition. The proof is a challenging exercise.

Theorem 6.22. 1. A positive integer m can be written as the sum of two squares if and only if its
prime decomposition has the form
2cl
m = 2a p1b1 · · · pbkk q2c
1 · · · ql
1

where a ∈ N0 and each p j ≡ 1 and q j ≡ 3 modulo 4.

2. Let n = (b1 + 1) · · · (bk + 1).

(a) Counting different signs and orderings, the number of distinct ways to write m as the sum
of two squares is 4n.
(b) If order and signs are ignored, the number of distinct representations is

1
(
2n if n even,
1
2 ( n + 1) if n odd (equivalently all bi are even).

Exercises 1. Prove Lemma 6.14, part 1.

(You should be able to do this without invoking any results coming afterwards. . . )

2. (a) Suppose that a, b, c, d ∈ Z. Prove that

( a + bi ) | (c + di ) ⇐⇒ a2 + b2 divides both ac + bd and ad − bc

(b) Prove that ( a + bi ) | (c + di ) =⇒ ( a2 + b2 ) | (c2 + d2 )

3. Check explicitly that part 2 of Theorem 6.22 is satisfied when m = 1.

11
 4. Factor each of the following Gaussian integers into a product of Gaussian primes.

(a) 91 + 63i (b) 975 (c) 115 − 9i

5. (a) You are given the unique factorization −39 + 48i = 3(2 + i )2 (1 + 4i ) into Gaussian primes.
Find all possible representations of m = 3825 = 482 + 392 as a sum of squares of integers
x, y where x ≥ y ≥ 0.
(b) Find all the ways of writing 12 250 and 13 306 as sums of two squares.
(Hint: question 4 will help)
(c) How many ways are there to write 9752 = 950 625 as a sum of two squares? Find them all!

6. (Hard) Prove Theorem 6.22.

6.3 More General Rings and Factorization: Pell’s Equation revisited

To keep the discussion cleaner, throughout this section we assume that d is a square-free integer: i.e.
there are no primes p for which p2 | d.
√ √
Definition 6.23. Suppose d is a square-free integer. In the ring Z[ d] = { x + y d : x, y ∈ Z} the
norm is defined by
√
N ( x + y d) = x2 − dy2

We have a general analogue of Lemma 6.5: carefully rewrite its proof. . .

Lemma 6.24. 1. N is multiplicative: N (αβ) = N (α) N ( β).

2. α is a unit if and only if N (α) = ±1.

We can identify the units in these rings fairly easily, since we’ve seen many of them before.
√
Theorem 6.25. We classify the units in Z[ d].

1. If d = −1, we have the Gaussian integers with units ±1, ±i.

2. If d ≤ −2, then the only units are ±1.

√
3. If d ≥ 2, let δ = x + y d be the √ fundamental solution of Pell’s equation x2 − dy2 = 1; addi-
tionally, if it exists, let γ = X + Y d be the fundamental solution to the negative Pell equation
X 2 − dY 2 = −1.

(a) If the negative Pell equation has no solution, the units are ±δn for all n ∈ Z.
(b) If γ exists, then δ = γ2 and the units are ±γn for all n ∈ Z.
√
Either way, if d ≥ 2, then Z[ d] has infinitely many units.

We could have begun our study of Pell’s equation by √ proving this result directly: the solutions to
Pell’s equation corespond precisely to the units in Z[ d].

12
Primes, Irreducibles and Unique Factorization?
We can define irreducibles and primes exactly as in the Gaussian integers. Moreover the (⇒) direction
√
of Theorem 6.13 and Lemma 6.14 part 2 are proved identically. To summarize, let π ∈ Z[ d] be
non-zero and non-unit:

• π is irreducible if π = αβ =⇒ one of α, β is a unit.

• π is prime if π | αβ =⇒ π | α or π | β.

• π prime =⇒ π irreducible.

• ± N (π ) prime (in Z) =⇒ π irreducible.

Now re-read the discussion of unique factorization in Z[i ]: the proof depends on two things.

Existence (Lemma 6.17) The norm allows us to perform an induction argument showing that a factor-
ization into irreducibles exists. This argument translates perfectly to our new situation:
√
• Every non-zero, non-unit α ∈ Z[ d] has a factorization into irreducibles.

Uniqueness (Lemma 6.18) This holds because primes and irreducibles are the same. Our argument
depended on the concept of gcd, which in turn used the division algorithm.

We explore this dichotomy via several examples.

√
Example 6.26. We work in Z[ −2]. Since
√ √
N (1 + −2) = 12 + 2 · 12 = 3 and N (3 + −2) = 32 + 2 · 12 = 11

are both real primes, we see that

√ √ √
1 + 4 −2 = (1 + −2)(3 + −2) (∗)

is a factorization into irreducibles.

√
In fact (∗) is the only factorization of 1 + 4 −2 into irreducibles (up to multipliction by units ±1). To
see this directly,
√ note that the LHS has norm 33 = 3 · 11. To factorize into irreducibles is therefore to
find β, γ ∈ Z[ −2] such that
√
1 + 4 −2 = βγ, N ( β) = 3, N (γ) = 11

Clearly a2 + 2b2 = 3 ⇐⇒ ( a, b) = (±1, ±1). Similarly a2 + 2b2 = 11 ⇐⇒ ( a, b) = (±3, ±1). It is a

simple exercise to check that only (∗) is possible.
√ √ √
We can say more: both 1 + −2 and 3 + −2 are in fact prime in Z[ −2]. Showing this directly is
tricky; instead it follows from our next result. . .
√
Lemma 6.27 (Division algorithm in Z[ −2]). If α, β are non-zero, then there exist γ, ρ such that
α = βγ + ρ and N (ρ) < N ( β).

13
 √
Since the norm in Z[ −2] is the square of the distance in C, the
proof is almost identical to that of Theorem 6.6. The furthest αβ can √ iR
4 −2
be from a lattice point is shown in the picture; we can always choose
γ satisfying √
3 −2
α
√ ! √ β
1 + −2 3
 
α
N −γ ≤ N = <1 2 −2
β 2 4
√
−2
The division algorithm produces a Euclidean algorithm and our en-
tire discussion regarding gcds, irreducibles being prime, and unique
factorization goes 0
√ through unchanged! The claim regarding the pri-
mality of 1 + −2 is now established 0 1 2 3 4R
√ √ √
(1 + −2) | αβ =⇒ (1 + −2) | α or (1 + −2) | β
√
It is not hard, however, to find examples of Z[ d] without a division algorithm.
√
For instance, if we attempt to replicate the discussion in Z[ −3],
things go wrong. In the extreme case that
√ iR
4 −3
α 1 √
= ( a + b −3) √
β 2 3 −3
α
is furthest from a lattice point, we can only choose γ such that √
β

√ ! 2 −3
1 + −3
 
α
N −γ = N =1 √
β 2
−3
√
There is therefore no equivalent to the division algorithm in Z[ −3],
and we should not expect there to be unique factorization. 0
0 1 2 3 4R
√
Examples 6.28. 1. In Z[ −3] we have the factorizations
√ √
4 = 2 · 2 = (1 + −3)(1 − −3) (†)
√ √
Suppose one of the√ factors 2, 1 ± − 3 were composite. Since N ( 2 ) = N ( 1 ± −3) = 4, this
means ∃α, β ∈ Z[ −3] such that N (α) = N ( β) = 2, which is √ impossible! It follows that (†)
represents two distinct factorizations of 4 into irreducibles in Z[ −3]: unique factorization fails.
This example is related to the idea that irreducibles might not be prime. For instance,
√ √
2 | (1 + −3)(1 − −3)
√
in Z[ −3] and yet 2 does not divide either√ factor: it follows that 2 is irreducible but not prime. It
can also be checked (challenge) that 1 ± −3 is not prime either.
√
If we consider Z[ −d] where d > 3 the problem becomes more acute as the lattice stretches
vertically. We conclude that there is only a division algorithm when d = 1, 2.

14
 √
2. This time we consider two factorizations in Z[ 10]
√ √
6 = 2 · 3 = ( 10 − 2)( 10 + 2)

Observing that
√
N (2) = 4, N (3) = 9, N ( 10 ± 2) = −6

we see that if any of the elements in the above factorizations were composite, they would have
a factor α whose norm was ±2 or ±3. However the equations

x2 − 10y2 = ±2, ±3 =⇒ x2 ≡ 2, 3 (mod 5)

have no solutions; the squares modulo 5 being 0, 1, and 4. We again have non-unique factor-
izations into irreducibles. Moreover
√ √ √
2 | ( 10 − 2)( 10 + 2) but 2 - 10 ± 2

so that 2 is irreducible but not prime.

√  √ 
It can be checked directly, that it is impossible to find γ ∈ Z[ 10] such that  N 210 − γ  < 1
 
√
and that, consequently, there is no division algorithm in Z[ 10].
√
There are very few rings Z[ d] for which the norm provides a division algorithm: only d = −1, −2,
2, 3, 6, 7, 11 and 19. Since they have a Euclidean algorithm and unique factorization, these rings are
known as norm-Euclidean. We check a couple of these facts in the exercises.

Exercises 1. Describe the units in the following rings.

√ √
(a) Z[i 2] = { a + bi 2 : a, b ∈ Z}.
√ √
(b) Z[ 5] = { a + b 5 : a, b ∈ Z}.
(c) Fix a prime p and let R = { da : a, d ∈ Z and p - d}.
(This is a lot simpler than it might appear: what is the inverse of da , if it has one?)
√ √ √
2. We work in the ring Z[ 3] = { a + b 3 : a, b ∈ Z} with norm N ( a + b 3) = a2 − 3b2 .

(a) Prove that N (αβ) = N (α) N ( β) (don’t just quote Lemma 6.24).
√
(b) If α ∈ Z[ 3] is a unit, prove that N (α) = 1.
(Hint: first show that N (α) = ±1 then show that it cannot be −1)
√
(c) If N (α) = 1, show that α is a unit in Z[ 3].
√
(d) Explicitly find six different units in Z[ 3], and describe how to find them all.
  
(e) Show that for any non-zero α, β there exists γ such that  N αβ − γ  < 1
 
√
(It follows that Z[ 3] has a division algorithm and thus unique factorization)
√  √ 
3. Show explicitly that there is no γ ∈ Z[ 10] such that  N 210 − γ  < 1.
 

(Hint: Multiply out and think about it modulo 5)

15
 √ √ √
4. We work in the ring Z[ −5] = { a + bi 5 : a, b ∈ Z} with norm N ( a + bi 5) = a2 + 5b2 .
√ √
(a) Verify that 3 + 2i 5 divides 85 − 11i 5.
√ √
(b) Let α = 11 + 2i 5 and β = 1 + i 5. Show that it is not possible to find γ, ρ for which

α = βγ + ρ and N (ρ) < N ( β)

whence the norm does not define a division algorithm.

(c) Show that 6 has two truly different factorizations into irreducibles by verifying that all
four factors in the following are irreducible
√ √
6 = 2 · 3 = (1 + i 5)(1 − i 5)
√
(d) Show that 2 does not divide either of the factors 1 ± i 5 and that consequently it is irre-
ducible but not prime.
√
(e) Find another α ∈ Z[ −5] with two truly different irreducible factorizations.
√
(f) Can you find β ∈ Z[ −5] with three truly different factorizations into two irreducibles?

The last two questions are harder, requiring some comfort with complex numbers
√
2πi 3
5. We work in the Eisenstein integers Z[ζ ] = { a + bζ : a, b ∈ Z} where ζ = e 3 = − 12 + 2 i is a
cube root of unity. The norm is N (α) = αα.

(a) Check that 1 + ζ + ζ 2 = 0 and verify that N ( a + bζ ) = a2 + b2 − ab.

(b) Explain why we can write
( √ )
c + d −3
Z[ζ ] = { a + bζ : a, b ∈ Z} = : c, d ∈ Z, c ≡ d (mod 2)
2

In particular, what is the relationship between ( a, b) and (c, d).

 √ 
(c) Use N c+d2 −3 = 14 (c2 + 3d2 ) to prove that ±1, ±ζ, ±ζ 2 are the only units.
(d) Given r, s ∈ Q, show that one can find integers x, y such that

1 2 1 2
   
r−x− y +3 s− y < 1 (∗)
2 2
(Hint: choose y to be the integer closest to 2s. . . )
√
(e) Given α, β ∈ Z[ζ ] with β 6= 0, write α
β = r + s −3 where r, s ∈ Q. With x, y as in (∗), let

1 1 √
 
ρ = α − β x + y + y −3
2 2
Prove that ρ ∈ Z[ζ ] and that N (ρ) < N ( β).
The Eisenstein integers therefore have a division algorithm and thus unique factorization
2πi
6. Let ζ = ζ 5 = e 5 be a 5th root of unity. Compute the expression λµ = (1 + ζ )(ζ + ζ 3 ). Explain
why all of the powers λn are distinct and thus conclude that Z[ζ ] has infinitely many units.

16
6.4 Field Norms (non-examinable)
This is for those with extra algebra experience only.

Definition 6.29. Let K be an algebraic field extension of Q.

The norm of α ∈ K is the product of the roots of the minimal polynomial of α over Q raised to the
power of degQ(α) K = [K : Q(α)].
The ring of integers OK in K comprises the elements whose minimal polynomial has coefficients in Z.

Theorem 6.30. Restricted to OK , the norm is a multiplicative function N : OK → Z satisfying

N (α) = ±1 ⇐⇒ α is a unit in OK

Examples 6.31. 1. K = Q. If α ∈ K, then its minimal polynomial over Q is simply mα,Q = x − α.

This has integer coefficients if and only if α ∈ Z, whence the ring of integers in Q is precisely
OQ = Z. Since Q(α) = Q whenever α ∈ Q, the norm is simply

N (α) = α[Q:Q] = α

This is clearly a multiplicative function. Moreover, N (α) = ±1 ⇐⇒ α = ±1: these are the
only units in OQ = Z.
√ √
2. K = Q( d) where d is square-free. The minimal polynomial of α = p + q d is
(
x−p if q = 0
mα,Q = 2 2 2
x − 2px + p − dq = 0 if q 6= 0
√
In the first case, [K : Q(α)] = [Q( d) : Q] = 2, whence the norm is N (α) = p2 .
√ √
In the second case, [K : Q(α)] = [Q( d) : Q(α)] = 1, and N ( p + q d) = p2 − dq2 .
This recovers all the norms we’ve seen thusfar. By thinking about when mα,Q has integer coef-
ficients, we can explicitly calculate the ring of integers:
√ √
• If d ≡ 1 (mod 4), then OQ(√d) = { a + b 1+2 d
: a, b ∈ Z} = Z[ 1+2 d ]. In this form the norm
d −1 2
can be written N = a2 + ab − 4 b
√ √
• If d ≡ 2, 3 (mod 4), then OQ(√d) = { a + b d : a, b ∈ Z} = Z[ d], in which case the norm
is the usual expression N = a2 − db2

The norm can be seen to provide a division algorithm and thus unique factorization in the ring
of integers OQ(√d) for precisely the following values of d:

−11, −7, −3, −2, −1, 2, 3, 5, 6, 7, 11, 13, 17, 19, 21, 29, 33, 37, 41, 57, 73
√
The red values are those for which OQ(√d) = Z[ d], as we considered before. Observe that the
Eisenstein integers are OQ(√−3) .
Many other rings of integers have unique factorization, but they require other methods of proof.

17
6.5 Fermat’s Last Theorem for n = 3 (non-examinable)
Our discussions of unique factorization lie at the heart of one of the primary historical approaches to
Fermat’s equation x n + yn = zn . As an example, we give a descent proof for the n = 3 case using the
2πi
Eisenstein integers Z[ζ ] = Z[e 3 ], as introduced in Exercise 6.3.5.

Theorem 6.32. It is not possible to find non-zero x, y, z ∈ Z[ζ ] satisfying x3 + y3 + z3 = 0.

The idea is to show that λ := 1 − ζ is an Eisenstein prime, write the general element of Z[ζ ] in terms
of λ and then perform a descent argument. We summarize the proof in two lengthy lemmas.

Lemma 6.33. Let λ = 1 − ζ. Then:

1. λ is an Eisenstein prime.

2. Every element of Z[ζ ] is congruent to 0 or ±1 modulo λ.

3. If x ≡ ±1 (mod λ), then x3 ≡ ±1 (mod λ4 ).

4. If x3 + y3 + z3 = 0 then at least one of x, y, z is divisible by λ.

Proof. 1. This is trivial since N (λ) = 3 is prime.

2. Write the general element as

a + bζ = ( a + b) − bλ = c + 3d − bλ

where c = 0 or ±1. Since 3 = −ζ 2 λ2 , we see that,

a + bζ = c − ζ 2 λ2 d − bλ ≡ c (mod λ)

3. Suppose x ≡ 1 (mod λ). Then x = 1 + κλ for some κ ∈ Z[ζ ]. A little algebra shows that

x3 − 1 = ( x − 1)( x − ζ )( x − ζ 2 ) = λ3 κ (κ + 1)(κ − ζ 2 )

Since −ζ 2 = 1 + ζ = −1 + 3 − λ ≡ −1 (mod λ), we see that κ, κ + 1, κ − ζ 2 are distinct modulo

λ. Since one of these must be congruent to zero, we conclude that x3 ≡ 1 (mod λ4 ).
The argument when x ≡ −1 (mod λ) is similar.

4. If none of x, y, z are divisible by λ, then

x3 + y3 + z3 ≡ ±1 ± 1 ± 1 ≡ ±1, ±3 (mod λ4 )

However N (±1) = 1, N (±3) = 9 and N (λ4 ) = 34 = 81, whence none of ±1, ±3 are divisible
by λ4 and the right hand side cannot be zero: contradiction.

By Lemma 6.33, we may assume WLOG that any potential solution to x3 + y3 + z3 = 0 has λ | z. To
establish Theorem 6.32 it is now enough to prove the following stronger result.

18
Lemma 6.34. Let n ∈ N, let ε ∈ Z[ζ ] be a unit, and suppose that x, y, w ∈ Z[ζ ] are non-zero,
pairwise coprime solutions to

x3 + y3 + ελ3n w3 = 0 (∗)

where λ does not divide any of x, y, w. Then:

1. n ≥ 2.

2. The three factors of

−eλ3n w3 = x3 + y3 = ( x + y)( x + ζy)( x + ζ 2 y)

x +y x +ζy x +ζ 2 y
are divisible by λ and the quotients λ , λ , λ are pairwise coprime.
x +y
3. Without loss of generailty, λ3(n−1) | λ . Write

x + y = ε 1 λ3n−2 ρ3 , x + ζy = ε 2 λσ3 , x + ζ 2 y = ε 3 λτ 3 ,

where ε 1 , ε 2 , ε 3 are units and ρ, σ, τ are pairwise coprime and not divisible by λ. Then there
exist units ε 4 and ε 5 such that

σ 3 + ε 4 τ 3 + ε 5 λ 3( n −1) ρ 3 = 0

Moreover ε 4 = ±1 has a cube root (itself!) and so can be absorbed into τ.

Since 3 ≤ 3(n − 1) < 3n, we conclude by descent that the equation (∗) has no solutions.

Proof. 1. We cannot have x ≡ y (mod λ), for then, by part 3 of Lemma 6.33,

x 3 + y3 ≡ ±2 (mod λ4 ) =⇒ λ3 - x3 + y3

Since x, y are distinct modulo λ, and thus congruent to ±1 respectively, we see that

−ελ3n w3 = x3 + y3 ≡ 0 (mod λ4 ) =⇒ λ4 | λ3n w3 =⇒ λ | λ3n−3 w3

Since λ is prime, we see that λ - w =⇒ λ - w3 , whence 3n − 3 ≥ 1 =⇒ n ≥ 2.

2. Since 1 ≡ ζ ≡ ζ 2 (mod λ) we see that

x + y ≡ x + ζy ≡ x + ζ 2 y (mod λ)

whence all three factors are divisible by λ.

x +y x +ζy
If we had a common factor of λ , λ it would divide

x + y x + ζy x + y x + ζy
− =y and −ζ + =x
λ λ λ λ
The coprimality of x, y says the common factor is a unit. The other pairs are similar.

19
 3. Since 1 + ζ + ζ 2 = 0, we have

0 = x + y + ζ ( x + ζy) + ζ 2 ( x + ζ 2 y) = ε 1 λ3n−2 ρ3 + ζε 2 λσ3 + ζ 2 ε 3 λτ 3

=⇒ σ3 + ε 4 τ 3 + ε 5 λ3(n−1) ρ3 = 0
ζε 3 ε1
where ε 4 = ε2 and ε 5 = ζε 2 .

Since n ≥ 2, observe that σ3 + ε 4 τ 3 ≡ 0 (mod λ2 ). By Lemma 6.33, σ3 and τ 3 are each ±1

(mod λ4 ) and therefore ±1 (mod λ2 ). We therefore have ε 4 ≡ ±1 (mod λ2 ). Since N (λ2 ) = 9,
it is easy to check that the only units e4 for which e4 ± 1 is divisible by λ2 are ε 4 = ±1.

Kummer’s generalization of the argument One can try to repeat the proof for x p + y p = z p within
the cyclotomic extension Z[ζ p ]. There are two major problems:
1. Z[ζ p ] may have non-trivial units: units which aren’t simply ±ζ kp . For example, in Z[ζ 5 ],

(1 + ζ 2 )(1 + ζ 3 + ζ 4 ) = 1
Amongst other things, this skewers step 3 of Lemma 6.34.
2. Unique factorization may fail: indeed only eight of the prime cyclotomic extensions Z[ζ p ] have
unique factorization: p = 2, 3, 5, 7, 11, 13, 17 and 19. The equivalence of primes and irreducibles
is used, for instance, in step 1 of Lemma 6.34.
To overcome these problems, Kummer introduced ideal numbers which are a precursor of the modern
notion of an ideal in a ring. Here are the important definitions:

Definition 6.35. Every element x in a ring R gives rise to a principal ideal

( x ) = { xr : r ∈ R}

An ideal I is prime if ab ∈ I =⇒ a ∈ I or b ∈ I.

In the ring of integers, it is easy to check that d | m ⇐⇒ (m) ⊆ (d), so that divisibility can
be encoded via ideals. Kummer showed that every proper ideal of Z[ζ p ] factorises uniquely as a
product prime ideals: this solves problem 2. Problem 1 also vanishes, since x = εy ⇐⇒ ( x ) = (y).
To see the extent of Kummer’s work applied to FLT, we need one further definition.

Definition 6.36. Suppose F ⊆ Q(ζ p ) and x ∈ Z[ζ p ] are such that xF is an ideal in Z[ζ p ]. We call F
a fractional ideal: in essence, it comprises the fractions with denominator x.
Fractional ideals I, J are in the same ideal class if ( a) I = (b) J for some principal ideals ( a), (b) in Z[ζ p ].
A prime p is regular if it does not divide the number of ideal classes (the class number) in Q(ζ p ).

The class number is 1 precisely when Z[ζ p ] has unique factorization. Using these techniques, Kum-
mer proved Fermat’s Last Theorem for all regular primes (and some others). There are infinitely
many irregular primes (37, 59, 67, 101, 103, 131, 149,. . . ). It is only conjectured that there are infinitely
many regular primes, so it is not known whether Kummer’s contribution was an infinite one or not.
Since he essentially invented algebraic number theory this was hardly a total loss!

20