number theory - armstrong · 2.3 applications of induction ... the branch known as elementary...

Number Theory

Joshua K. Lambert

May 25, 2011

Contents

1 Introduction 1

2 The Basics 52.1 Contradiction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.3 Applications of Induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.4 The Binomial Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3 The Fundamental Theorem of Arithmetic 113.1 Divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.2 Linear Diophantine Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153.3 Basis Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.4 Building Blocks of the Integers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 Congruences 274.1 The Basics of Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274.2 Residue Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304.3 Linear Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314.4 The Chinese Remainder Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354.5 Polynomial Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5 Fundamental Theorems of Modular Arithmetic 475.1 The Euler Phi-function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

iii

Chapter 1

Introduction

Whether it was when we first learned how to speak or later on in elementary school, we have allbeen asked to count at some point in our lives. Whenever those first days of basic training hap-pened, our quest for further knowledge of these strange objects known as numbers continuedthroughout our existence. After counting came addition, multiplication, exponents, and the listgoes on and on to infinity (which also happens to be an unreachable topic discussed duringour childhood). While some of those childhood friends discarded numbers, living in fear ofthe immense amount of properties they encountered, others embraced numbers searching formore truth in the field known as mathematics. Some truth searching expeditions led many ofmathematicians to the mysterious lands known as geometry, topology, combinatorics, abstractalgebra, real analysis, complex analysis, and probability, while a select few decided to maketheir stomping ground in the field of numbers. For those men and women who loved numbers,the field known as number theory would welcome them home with open arms. Throughoutthe introduction and upcoming chapters we will be using the resources found in [1, 2, 3, 4, 5].

As we might expect, number theory studies the properties of numbers. In particular, numbertheorists ask questions related to the integers (the numbers · · · ,−2,−1, 0, 1, 2, · · · ). Since theintegers will be our proving ground for most problems, we will give it the shorthand notationof Z. Since discussions on properties of integers exist at such a young age, it causes our mind towonder what might be left to prove in this area. Luckily, number theory is such a vast and far-reaching topic that it resulted in the subject being broken into many other fields. These branchesthat number theory is broken into are classified by the tools used to study them.

Algebraic number theory is one such branch that uses ideas from abstract algebra to attack prob-lems. In this field, mathematicians often like to consider the roots of polynomials with rationalcoefficients (recall a rational number is of the form a

b , where a and b 6= 0 are integers). Theseroots of polynomials with rational coefficients receive the name algebraic numbers. Inside thisrealm of algebraic numbers lies a set with properties similar to the integers, which is given thesuitable name of algebraic integers. Properties of these strange creatures have been studied foryears. A majority of the problems require years of training to have the necessary machinery totackle them, implying we need to look to a different branch for a more suitable introduction tonumber theory.

Analytic number theory takes properties from calculus and complex analysis to look at numbertheoretic questions. In this effort towards understanding the integers, we look to analyzing thefunctions of a complex or real variable. This may seem like a bit of a stretch since we are takinga continuous set to consider a discrete set. As expected, this branch of the number theory treeholds one of the most elusive open problems in number theory, the Riemann Hypothesis. Bern-hard Riemann first introduced the Riemann Hypothesis. The implications of the result wouldanswer dozens of problems as a mere corollary. With large implications comes a large problem,

1

as the mere understanding of the question may take months to understand for a beginner inthe field. However, this branch also holds some beautiful results due to this technique. As amatter of fact, Leonhard Euler demonstrated that there exists an infinite number of primes byusing an analytic approach. Although much fruit lies in this branch of the tree, the techniquesinvolved require a well developed understanding of both complex and real analysis. Thus, wemove forward to the next approach in number theory.

Combinatorial number theory looks towards combinatorics for solutions to our questions. Com-binatorics focuses on the study of discrete and finite sets, so the correlation between combina-torics and number theory seems strong. Commonly referred to as the science of counting, com-binatorics will provide some of the techniques necessary for solving the questions discussed inthe later chapters of these notes. Although combinatorial number theory may seem an easy en-try way into an introduction to number theory, this field also calls upon ideas from an algebraicand analytic perspective. Therefore we must search for a more rudimentary place to begin ourquest for knowledge.

Computational number theory uses algorithms to study number theory. The allure to this sideof number theory is summed up in one little word, “cryptography.” Cryptography is one ap-plication of computational number theory which studies the practice of hiding information. Ina simpler context, we can think of cryptography as the art of keeping secrets. This form ofsecret-keeping must encrypt a message such that only the authorized receiver should be ableto translate the message in order to find its underlying meaning. If only this meaning couldlead to an introduction into number theory, then we shall find an excellent segue into the topic.Unfortunately, cryptography is an application of number theory, requiring us to develop somebasic understanding before entering into the field. Hence our search continues for an ideal placeto begin.

Discussions about geometric number theory, additive number theory, and probabilistic numbertheory would all lead us to the same conclusion found in the previous paragraphs. Fortunately,the branch known as elementary number theory gives us a perfect position to begin our questfor knowledge. In elementary number theory, we will study the integers without the use oftechniques acquired from other areas of mathematics. Many of the beautiful questions in num-ber theory can be stated in elementary terms, allowing even novice mathematicians to havetheir chance at tackling some of mathematics most elusive problems. Some problems becomeso popular in the mathematical community that they are given a special name. The list includesthe following problems:

1. The Goldbach Conjecture asks if every even integer greater than 2 can be written as thesum of two primes.

2. A twin prime is a pair of prime numbers that have a difference of two. For example{3, 5}, {11, 13}, {41, 43}, and {(2003663613)2195000 − 1, (2003663613)2195000 + 1} are alltwin primes (with the last example being the largest known twin primes). The Twin PrimeConjecture questions whether there exist infinitely many twin primes.

3. A prime number is called a Mersenne prime if it can be written in the form 2n − 1 wheren is a positive integer. The Mersenne Prime Conjecture wonders if there exist infinitelymany Mersenne primes.

4. Fermat’s Last Theorem states that there does not exist any integers x, y, z that satisfy theequation xn + yn = zn where n is an integer greater than two.

Along with each of the above conjectures comes an associated story. The Goldbach Conjecturecame about in 1742 from a series of letters between Christian Goldbach and Leonhard Euler.This problem continues to remain open with the conjecture verified for all numbers less than

2

or equal to 1018. Mathematicians have not faired much better on the Twin Prime Conjecture, asthat problem has been standing since 1849 when it was introduced in a more general setting bythe French mathematician Alphonse de Polignac. Polignac conjectured that for every integerk ≥ 1 there are infinitely many prime gaps of size 2k. The case where k = 1 just happens tobe the world renown Twin Prime Conjecture. The idea behind Mersenne primes came into theliterature in 1644 when the French monk Marin Mersenne stated that the numbers 2n − 1 wereprime for the numbers 2, 3, 5, 7, 13, 17, 19, 31, 67, 127, 257 and composite for all other positiveintegers less than 257. Mersenne’s statement was later proven to be incorrect as the numbers61, 89, and 107 were omitted from Mersenne’s list of primes while 67 and 257 gave compositenumbers (checking the rest of this list was not completed until 1947). Despite Mersenne’s error,prime numbers of the form 2n−1 were still given his name. To date the largest Mersenne primeknown is 243112609 − 1. Yet with all of our failures with unsolved conjectures, the latter of theconjectures results in triumph.

The story behind Fermat’s Last Theorem piques many of mathematicians’ interest. During 1637Pierre de Fermat wrote in the margins of his copy of a book called Arithmetica that he had awonderful proof of Fermat’s Last Theorem, but there was not enough room to fit the proof inthe margins. With the search for the truth always on mathematician’s mind, many brilliantpeople made attempts at recreating the proof Fermat claimed to exist. However, all of thosemathematicians failed until 1994, when the British mathematician Andrew Wiles produced aproof of the most sought after result. Across all of mathematics this result has been the biggestaccomplishment in the past century. Yet many more accomplishment are out there for the takingin the number theory world. The first three problems mentioned are all still open problemswith some carrying a prize for the first person to produce a proof. The list of open problems inelementary number theory is so long that there exists books just discussing those theorems inwaiting. We mention a few more of the famous open problems here:

1. A perfect integer is an integer that is the sum of its positive divisors other than itself. Oneexample of a perfect number is 28 = 1 + 2 + 4 + 7 + 14. Prove there does not exist an oddperfect number?

2. Prove there exists infinitely many primes of the form n2 + 1, where n is an integer?

3. Prove there exists infinitely many positive integers n such that gcd((

2nn

), 3 × 5 × 7) = 1,

where gcd denotes the greatest common divisor and(

2nn

)denotes (2n)!

n!n! .

4. Prove there exists only a finite number of positive integers n such that gcd((

2nn

), 3× 5×

7× 11) = 1, where gcd denotes the greatest common divisor and(

2nn

)denotes (2n)!

n!n! .

5. The primorial product is the product of consecutive prime numbers. For example, the firstfour primorial products are {2, 2× 3, 2× 3× 5, 2× 3× 5× 7}, which we could also write as{2, 6, 30, 210}. Prove that every odd prime number is either a distance of one or a primenumber away from a primorial product.

6. Consider the graph of the function y = x2 where x > 0. How many points can you findon the parabola such that the distance between any pair of points is rational? Thus far itis not even known if more than five points on the parabola satisfy the condition.

Throughout this course we will acquire the necessary information to take a practical approach tosolving these open problems. Along our journey, we will also encounter some of the problemsstemming from some of the aforementioned branches outside the realm of elementary numbertheory. Overall, our goal will be to create a strong foundation for our problem-solving abilityfor those queries associated to the field known as number theory.

3

Chapter 2

The Basics

Before beginning any course requiring proofs, we must know the basic techniques. Two of thosebasic techniques we must familiarize ourselves with are induction and contradiction. We beginby looking at proofs by contradiction.

2.1 Contradiction

Mathematics is built off a given set of axioms. Rather than beginning from the axioms and con-structing the integers, we shall assume a familiarity with many of their elementary facts. Ourstarting point will be the Well-Ordering Principle.

Well-Ordering Principle. Every nonempty set S of nonnegative integers contains a least ele-ment.

An equivalent statement describing the Well-Ordering Principle is for every nonempty set Sof positive integers there exists an integer x ∈ S such that x ≤ y for all y ∈ S. The Well-Ordering Principle shall play a vital role throughout these notes. We begin by demonstratingits importance in our first example of a proof by contradiction.

Theorem 2.1.1. If x and y are any positive integers, then there exists a positive integer n such thatnx ≥ y.

Proof. We will proceed with a proof by contradiction. Assume that the statement of our theoremis false. Then there exists positive integers x and y such that nx < y for every positive integern. Therefore the set

S = {y − nx|n ∈ Z+}consists entirely of positive integers. By applying the Well-Ordering Principle, we find S con-tains a least element, which we shall call y − Nx. Since S = {y − nx|n ∈ Z+}, the elementy − (N + 1)x also lies in S. However,

y − (N + 1)x = y −Nx− x = (y −Nx)− x < y −Nx

contradicts y − Nx being the smallest element in S. This implies our assumption that thereexists positive integers x and y such that nx < y for every positive integer n is false. As a result,if x and y are any positive integers, then there exists a positive integer n such that nx ≥ y.

Looking back at the proof of Theorem 2.1.1 we can find the trends consistent in all proofs bycontradiction. As the proof clearly stated, the first step is to negate the hypothesis. Notice howour goal immediately shifted into showing when our assumption is assumed false that we con-tradict a previously known result. In this particular case, we found our contradiction occurring

5

with the Well-Ordering Principle, which we already know to be true. The setup behind a proofcontradiction will be a useful tool for future proofs in upcoming chapters. This proof style actu-ally leads us to the topic of induction, which happens to be one of the most constructive provingtechniques in number theory.

2.2 Induction

Theorem 2.2.1. Let S be a set of positive integers with the following properties:

1. 1 ∈ S

2. If n ∈ S, then n+ 1 ∈ S

Then S is the set of all positive integers.

Proof. As previously mentioned, we will proceed with a proof by contradiction. Hence we canlet S be a set of positive integers where 1 ∈ S and n + 1 ∈ S whenever n ∈ S, but S is not theset of all positive integers. This implies the set T = Z+−S 6= ∅. By the Well-Ordering Principle,T must contain a least element, which we shall call x. Notice the x > 1 since 1 ∈ S. Therefore0 < x− 1 < x and x− 1 ∈ S because x is the smallest integer in T . However since x− 1 ∈ S, wefind (x− 1) + 1 = x ∈ S as a result of our assumptions. This contradicts x belonging to T sinceT = Z+ − S. Therefore T is the empty set, and S is the set of all positive integers.

Theorem 2.2.1 is better known as the Principle of Mathematical Induction. Although the resultseems quite simple and inconsequential, the implications of such a result is immeasurable. In-duction allows us to take the infinite task and turn it into an achievable one. Each proof usinginduction begins with a base case that resembles showing 1 ∈ S. This gives us a foundation tobuild our work upon. Moving forward with our induction proofs, we assume that our proofholds for n steps (we commonly refer to this as the induction hypothesis). In order to finish, wemust produce the n+ 1 step (known as the induction step) using the previous n steps. In orderto develop a deeper understanding with induction we look to its implications in the upcomingproofs. But first we shall state the Second Principle of Mathematical Induction.

Theorem 2.2.2. Let S be a set of positive integers with the following properties:

1. 1 ∈ S

2. If 1, 2, · · · , n ∈ S, then n+ 1 ∈ S

Then S is the set of all positive integers.

Notice the Second Principle of Mathematical Induction follows the format of the Principle ofMathematical Induction with the only exception being in the assumption that 1, 2, · · · , n ∈ Simplies n + 1 ∈ S instead of n ∈ S implying n + 1 ∈ S. With such a small difference betweenthe two types of induction, it does not stretch the imagination upon first learning the proof ofthe Second Principle of Mathematical Induction follows that of the Principle of MathematicalInduction. Adding both types of induction to our toolbox will prove useful for future proofs inthis course.

2.3 Applications of Induction

When searching for an application of induction, there is no better place to start than the sum ofthe first n positive integers. Let us try to find the trend in the listing of the sums of integers upto n = 6.

6

11 + 2 = 3

1 + 2 + 3 = 61 + 2 + 3 + 4 = 10

1 + 2 + 3 + 4 + 5 = 151 + 2 + 3 + 4 + 5 + 6 = 21

Theorem 2.3.1 will provide us with a formula for the the above list of sums.

Theorem 2.3.1. For all n ∈ Z+, we findn∑

i=1

i =n(n+ 1)

2.

Proof. We will proceed by induction. In order to begin with induction, we must show ourformula holds for the first integer.

Base case: Notice1∑

i=1

i = 1 =1(1 + 1)

2, implying our first case holds.

With our base case in tow, we proceed to our induction hypothesis.

Induction Hypothesis Assume for all positive integers less than or equal to n, we haven∑

i=1

i =

n(n+ 1)2

.With the induction hypothesis at our disposal, we now wish to prove the next step to be true. In

other words, we wish to demonstraten+1∑i=1

i =(n+ 1)((n+ 1) + 1)

2=

(n+ 1)(n+ 2)2

. This leads

us to the following string of equationsn+1∑i=1

i = (n∑

i=1

i) + (n+ 1) =n(n+ 1)

2+ (n+ 1)

with our last equality coming from our induction hypothesis. Moving forward we findn+1∑i=1

i =n(n+ 1)

2+ (n+ 1) =

n(n+ 1) + 2(n+ 1)2

=(n+ 1)(n+ 2)

2,

which is our desired solution.

Oftentimes, proofs will not highlight the base case and the induction hypothesis, but the pre-vious proof helps illustrate the importance of such a result. The take home message from thisproof is that using the induction hypothesis becomes vital in a proof by induction. As a resultof our hard work in Theorem 2.3.1, we can confidently answer the person asking for the sum ofthe integers 1 to 99 with 99(99+1)

2 = 4950.

While continuing with our common theme of induction, we wish to provide theorems that wecan apply to prove results useful in number theory. Our quest for applicable theorems in theworld of number theory begins with a beautiful factorization formula found valuable in anearly algebra course.

Theorem 2.3.2. For all x 6= 1 we have 1 + x+ x2 + · · ·+ xn−1 = xn−1x−1 .

Proof. Once again we proceed be mathematical induction. Notice the base case holds sincex0 = 1 = x−1

x−1 where x 6= 1. Let us assume 1 + x + x2 + · · · + xn−1 = xn−1x−1 . We shall look to

prove the next step which is 1 + x + x2 + · · · + xn−1 + xn = xn+1−1x−1 . First we must consider

1+x+x2+ · · ·+xn−1+xn = (1+x+x2+ · · ·+xn−1)+xn. By applying the induction hypothesisto 1 + x + x2 + · · · + xn−1 we find (1 + x + x2 + · · · + xn−1) + xn = xn−1

x−1 + xn. This yields

1 + x+ x2 + · · ·+ xn−1 + xn = xn−1+xn(x−1)x−1 = xn+1−1

x−1 , which establishes our theorem.

7

2.4 The Binomial Theorem

Factoring formulas come in all shapes and sizes. The Binomial Theorem is one such theoremwith a triangle being such a shape. The triangle associated with the Binomial Theorem is noneother than Pascal’s Triangle (which is given below).

11 1

1 2 11 3 3 1

1 4 6 4 11 5 10 10 5 1

1 6 15 20 15 6 1

With the recognizable Pascal’s Triangle already mentioned, we now transition towards the Bi-nomial Theorem. First we will need a Lemma used in the proof of the Binomial Theorem.

Lemma 2.4.1. For all n ∈ Z+ with 1 ≤ i ≤ n the equality(n

i

)+(

n

i− 1

)=(n+ 1i

)holds.

Proof. This lemma follows from the following string of equations(n

i

)+(

n

i− 1

)=

n!i!(n− i)!

+n!

(i− 1)!(n− (i− 1))!=

n!i(i− 1)!(n− i)!

+n!

(i− 1)!(n− i+ 1)(n− i)!=

n!(n− i+ 1)i(i− 1)!(n− i)!(n− i+ 1)

+n!i

i(i− 1)!(n− i)!(n− i+ 1)=

(n+ 1)n!i(i− 1)!(n− i)!(n− i+ 1)

=(n+ 1)!

i!(n− i+ 1)!=

(n+ 1)!i!((n+ 1)− i)!

=(n+ 1i

).

This result gives us the necessary prerequisites to prove the Binomial Theorem.

Theorem 2.4.2. (The Binomial Theorem) For any positive integer n, (a+ b)n =n∑

i=0

(n

i

)an−ibi.

Proof. The trend continues with another proof by induction. Our base case holds since (a +

b)1 = a + b =1∑

i=0

(1i

)a1−ibi. Now assume (a + b)n =

n∑i=0

(n

i

)an−ibi. We wish to show

(a+ b)n+1 =n+1∑i=0

(n+ 1i

)an+1−ibi. Moving forward, we consider (a+ b)n+1 = (a+ b)(a+ b)n =

a(a+ b)n + b(a+ b)n Now by applying the induction hypothesis we find

a(a+ b)n = a

n∑i=0

(n

i

)an−ibi =

n∑i=0

(n

i

)an−i+1bi = an+1 +

n∑i=1

(n

i

)an−i+1bi

and

b(a+ b)n = b

n∑i=0

(n

i

)an−ibi =

n∑i=0

(n

i

)an−ibi+1 = bn+1 +

n∑i=1

(n

i− 1

)an−i+1bi.

This implies

(a+ b)n+1 = an+1 +n∑

i=1

(n

i

)an−i+1bi +

n∑i=1

(n

i− 1

)an−i+1bi + bn+1

8

= an+1 + (n∑

i=1

[(n

i

)+(

n

i− 1

)]an−i+1bi) + bn+1.

By applying Lemma 2.4.1 we find

an+1 +n∑

i=1

[(n

i

)+(

n

i− 1

)]an−i+1bi + bn+1 = an+1 +

n∑i=1

(n+ 1i

)an−i+1bi + bn+1.

We complete our proof by incorporating an+1 and bn+1 into our summation as follows:

(a+b)n+1 = an+1+n∑

i=1

(n+ 1i

)an−i+1bi+bn+1 =

n+1∑i=0

(n+ 1i

)an+i+1bi =

n+1∑i=0

(n+ 1i

)an+1−ibi.

9

Chapter 3

The Fundamental Theorem ofArithmetic

With the integers being the foundation of our studies in number theory, we need some familiar-ity with some of their basic properties. Such properties include divisibility, linear Diophantineequations, and basis representation. We begin by discussing divisibility properties of the inte-gers.

3.1 Divisibility

After learning multiplication at an early age, we immediately turned our focus to properties ofdivision. Whether it was discovering that 3 divides 495 or the existence of a remainder whenwe try to divide 5 into 7012, we kept on searching for more pieces of information on divisibility.These properties happen to be the driving force in number theory, which leads us to our firstdefinition.

Definition 3.1.1. Let a and b be integers with a 6= 0. We say a divides b, denoted by a | b, if there existsc ∈ Z such that ac = b. In the case where no such c ∈ Z exists, we say a does not divide b, which wedenote by a - b.

The notion of dividing follows from our grade school intuition. As we might anticipate, we canconfidently mention 3 | 495 since 3 × 165 = 495 and 5 - 7012 because there does not exist aninteger n ∈ Z such that 5n = 7012. The list of examples could go on forever, but our searchfor information will move towards a more general setting. We begin by listing some of thedivisibility properties.

Theorem 3.1.2. Let a, b, and c be positive integers. Then the following properties hold:

(1) a | 0.

(2) 1 | a.

(3) a | a.

(4) If a | b and c | d, then ac | bd.

(5) If a | b and b | c, then a | c.

(6) a | b and b | a if and only if a = ±b.

(7) If a | b and b 6= 0, then |a| ≤ |b|.

(8) If a | b and a | c, then a | (bx+ cy) for x, y ∈ Z.

11

Proof. We can immediately prove the results for properties (1), (2), and (3) since a×0 = 0, 1×a =a, and a× 1 = a.

Property (4) follows from using the definition of divisibility. Assuming a | b and c | d, thereexists x1, x2 ∈ Z such that ax1 = b and cx2 = d. This gives way to bd = ax1cx2 = acx1x2 =(ac)(x1x2). Since x1x2 ∈ Z, this implies ac | bd.

Similarly property (5) follows from our given definition. If a | b and b | c, then there existsintegers r and s such that ar = b and bs = c. Thus, c = bs = (ar)s = a(rs), implying a | c.

The simplicity of property (6) does not mean we should overlook its proof. We begin by assum-ing a | b and b | a. This gives way to the existence of integers c and d such that ac = b andbd = a. Hence a = (ac)d = a(cd), which yields a(1 − cd) = 0. Since a 6= 0 by the definitionof divisibility, we find cd = 1. This leads to the scenarios where c = d = 1 implying a = b, orc = d = −1 implying a = −b. For the reverse implication we assume a = ±b. We shall look atthe case when a = −b and leave the case for when a = b as a trivial exercise. If a = −b, we finda(−1) = b and b(−1) = a. Once again using our definition for divisibility we have a | b and b | a.

From all of the properties listed, property (7) and (8) will be the most useful to us. In property(8), we shall assume a | b with b 6= 0 which implies there exists an integer c such that ac = b. Wealso find c 6= 0 since we are assuming b 6= 0. This leads us to the discovery that |b| = |ac| = |a||c|with |c| ≥ 1 because c 6= 0. Hence |b| = |a||c| ≥ |a|, as we desired.

For property (8) we assume a | b and a | c. Therefore we have r, s ∈ Z with ar = b and as = c.Use this information to consider bx + cy = (ar)x + (as)y = a(rx + sy), where x, y ∈ Z. Sincerx+ sy ∈ Z, the desired result of a | (bx+ cy) immediately follows.

Although properties of integers dividing each other is alluring, the likelihood of such a thinghappening pales in comparison to the possibility of two integers not dividing one another. TheDivision Algorithm helps our search for a way to look at integers a and b such that a - b alongwith those where a | b.

Theorem 3.1.3. Given integers a and b, where b > 0, there exists unique integers q and r satisfying

a = qb+ r, with 0 ≤ r < b.

We call the integers q and r the quotient and remainder, respectively.

Proof. We begin this proof in search of the remainder r with 0 ≤ r < b. Consider the set

S = {a− xb|x ∈ Z and a− xb ≥ 0}.

Notice S is nonempty since b ≥ 1 implies |a|b ≥ |a|, which in turn gives

a− (−|a|)b = a+ |a|b ≥ a+ |a| ≥ 0.

This allows us to apply the Well-Ordering Principle to the set S. Hence there exists a least ele-ment which we shall call r = a− qb. We claim that r < b. Otherwise, if r ≥ b, then

a− (q + 1)b = a− qb− b = (a− qb)− b = r − b ≥ 0.

This would imply that a− (q + 1)b belongs to the set S with

a− (q + 1)b = (a− qb)− b = r − b < r,

which contradicts our claim that r is the least element in S. Thus providing us with the desiredproperty that r < b.

12

We now turn to showing the uniqueness of q and r. We begin by assuming that a has tworepresentations

a = qb+ r = q1b+ r1

with 0 ≤ r < b and 0 ≤ r1, < b. Then r1 − r = b(q − q1), which also allows us to say |r1 − r| =b|q − q1| because b ≥ 1. Fortunately, we realize that |r1 − r| < b since −b < r1 − r < b followsfrom −b < −r ≤ 0 and 0 ≤ r1 < b. With |r1 − r| < b in tow, we find b|q − q1| < b. This resultyields 0 ≤ |q − q1| < 1. However, |q − q1| is a nonnegative integer, implying |q − q1| = 0. Thusleading us to the conclusion that q = q1 and r = r1.

The implications of the Division Algorithm range from new definitions, rudimentary exam-ples, and proving theorems of the utmost importance. We begin our work with the DivisionAlgorithm with some basic examples.

Example 3.1.4. Consider the two numbers 17 and 5382. Using the Division Algorithm we find 5382 =(316)17 + 10. In this particular example q = 316 and r = 10.

As previously mentioned, definitions use the Division Algorithm to come into fruition. Thisleads us to the definition of even and odd integers.

Definition 3.1.5. Consider an integer a in the Division Algorithm with b = 2. The possible remaindersare r = 0 and r = 1. When r = 0 using the Division Algorithm with b = 2, the integer a is called even.Meanwhile, for r = 1 and b = 2, the integer a is said to be odd.

Moving forward, we look at a simple fact that result from the Division Algorithm.

Proposition 3.1.6. The expression a(a2+2)3 is an integer for all integers a ≥ 1.

Proof. Consider a(a2+2)3 where a is an integer. By the Division Algorithm, there are three possi-

bilities for a remainder for a when dividing by 3. As a result, a is of the form 3q, 3q+1, or 3q+2for some q ∈ Z. We begin by assuming that a looks like 3q. This leads to

a(a2 + 2)3

=3q((3q)2 + 2)

3= q(9q2 + 2).

The next case to consider is a = 3q + 1, which yields

a(a2 + 2)3

=(3q + 1)((3q + 1)2 + 2)

3=

(3q + 1)(9q2 + 6q + 3)3

= (3q + 1)(3q2 + 2q + 1).

The final case of a = 3q + 2 gives way to

a(a2 + 2)3

=(3q + 2)((3q + 2)2 + 2)

3=

(3q + 1)(9q2 + 12q + 6)3

= (3q + 2)(3q2 + 4q + 2).

These examples help transition to the topic of greatest common divisors, where we will onceagain call upon the Division Algorithm to aid us in our proofs.

Definition 3.1.7. Let a and b be integers with a, b 6= 0. An integer d is called the greatest commondivisor of a and b if

(1) d > 0,

(2) d is a common divisor of a and b, and

(3) each integer t that is a common divisor of both a and b is also a divisor of d.

13

For convenience, we will often denote the greatest common divisor of a and b by gcd(a, b). Theintriguing part about determining gcd(a, b) is the relationship the Division Algorithm has withits calculation. We illustrate this in the upcoming example.

Example 3.1.8. We wish to find gcd(4144, 1961). Let us look to the Division Algorithm for our solution.This gives

4144 = 2× 1961 + 222,

1961 = 8× 222 + 185,

222 = 1× 185 + 37, and

185 = 5× 37.

Although it may be immediately evident, 37 is the greatest common divisor of 4144 and 1961. Our argu-ment that 37 is the greatest common divisor will go in the reverse order of how we applied the DivisionAlgorithm. Since 37 | 185, we have 37 | 222. With 37 dividing both 185 and 222, we know that 37 mustdivide the linear combination 8× 222+185 = 1961. This gives rise to 37 | 4144 because 37 divides both1961 and 222.

With properties (1) and (2) satisfied for 37 being the greatest common divisor, we shift towards consider-ing property (3). Assume there exists another divisor d of 4144 and 1961. If d | 4144 and d | 1961, thend must divide 222 as well. From there we find d must also divide 185. When d | 222 and d | 185, we findd | 37. As a result, we have 37 = gcd(4144, 1961).

Example 3.1.8 gives us the necessary background for proving the upcoming theorem.

Theorem 3.1.9. If a and b are integers with a, b 6= 0, then there exists a unique integer d such thatd = gcd(a, b).

Before jumping into the proof of Theorem 3.1.9, we shall provide a lemma that will help toshorten our proof.

Lemma 3.1.10. If a = qb+ r, then gcd(a, b) = gcd(b, r).

Proof. Let d = gcd(a, b) with a = qb+ r. By Property (8) of Theorem 3.1.2, we have d | a and d | bimply d | (a− qb), which means d | r. Thus, d is a common divisor of both b and r. Assume thatthere exists another divisor of b and r, which we shall call f . Then Property (8) of Theorem 3.1.2yields f | (qb + r), whence f | a. This yields f is a common divisor of both a and b. However,since d = gcd(a, b), we find f ≤ d. Therefore, d is the greatest common divisor of b and r.

With Lemma 3.1.10 in hand we are ready to proceed with the proof of Theorem 3.1.9.

Proof. Let a and b be integers with a, b 6= 0. Since gcd(|a|, |b|) = gcd(a, b), we can assume withoutloss of generality that a ≥ b > 0. For convenience we shall let r0 = a and r1 = b. Now we canapply the Division Algorithm to r0 and r1 to obtain

r0 = q1r1 + r2, where 0 ≤ r2 < r1.

In the case where r2 = 0, we find b | a implies gcd(a, b) = b. If r2 6= 0, we can divide r1 by r2 toget

r1 = q2r2 + r3, where 0 ≤ r3 < r2.

Either r3 = 0 or we have integers q3 and r4 such that

r2 = q3r3 + r4, where 0 ≤ r4 < r3.

We continue with this process as long as ri > 0. Then we can obtain a decreasing sequence ofremainders given by b = r1 > r2 > · · · > rn−1 > rn ≥ 0, since 0 ≤ ri < b− (i− 1). Some cause

14

for concern may come with having the Division Algorithm terminating after a given numberof steps, but the aforementioned inequality 0 ≤ ri < b − (i − 1) implies our strictly decreasingsequence must finish in at most b steps. Therefore, in at most b steps we shall obtain an rn thatequals zero.

The result of the aforementioned decreasing sequence is the following stream of equations:

r0 = q1r1 + r2, where 0 ≤ r2 < r1,

r1 = q2r2 + r3, where 0 ≤ r3 < r2,

r2 = q3r3 + r4, where 0 ≤ r4 < r3,

...

rn−2 = qn−1rn−1 + rn, where 0 ≤ rn < rn−1,

rn−1 = qnrn + 0.

Now apply Lemma 3.1.10 to give the string of equations

gcd(a, b) = gcd(r0, r1) = gcd(r1, r2) = gcd(r2, r3) = · · · = gcd(rn−1, rn) = gcd(rn, 0) = rn,

which demonstrates that rn is equal to gcd(a, b).

In order to show that rn is unique, we assume there exists another integer d such that d =gcd(a, b). Since rn = gcd(a, b), we find d | rn. Similarly, rn | d because of our assumption thatd = gcd(a, b). Now apply Property (6) of Theorem 3.1.2 to discover rn = ±d. While lookingat properties of the greatest common divisor we know both rn and d are greater than zero.Therefore rn = d and the uniqueness of gcd(a, b) has been proven.

This repeated application of the Division Algorithm to calculate the greatest common divisor oftwo integers in Example 3.1.8 and Theorem 3.1.9 is better known as the Euclidean Algorithm.The application of this Euclidean Algorithm to find the greatest common divisor can lead us tofinding linear combinations of integers.

3.2 Linear Diophantine Equations

Definition 3.2.1. Let a and b be integers. A linear combination of a and b is a sum of the form ax+ by,where x, y ∈ Z.

The examples of linear combinations are endless. In order to provide some insight to thetopic of linear combinations we provide some examples.

Example 3.2.2. Consider the integers 24 and 38. We list the following examples of linear combinationsof these two numbers:

24(4) + 38(5) = 286,

24(−8) + 38(19) = 530,

24(8)− 38(5) = 2.

The intriguing part of the previous example occurs in the last linear combination. Noticethat gcd(24, 38) = 2, which happens to be involved in the linear combination 24(8)− 38(5). Therelationship between linear combinations and greatest common divisors appears in our nexttheorem.

Theorem 3.2.3. The greatest common divisor of the nonzero integers a and b is the least positive integerthat is a linear combination of a and b.

15

Proof. Consider the set S = {ax+ by > 0|x, y ∈ Z} Notice that this set is nonempty since eithera(1) + b(0) = a or a(−1) + b(0) must appear in the set. By the Well-Ordering Principle, thereexists a least element in the set S. Let d be the least positive integer that is a linear combinationof a and b. Since d is a linear combination of a and b,

d = am+ bn

where m,n ∈ Z. We wish to show d | a and d | b.

We begin by assuming that d - a. Recall from the Division Algorithm, there exists integers q andr such that

a = dq + r, where 0 < r < d.

This leads us to the following string of equations

r = a− dq = a− (ma+ nb)q = (1− qm)a− qnb.

The last equality shows that r is a linear combination of a and b. However, d is the least positiveinteger that is a linear combination of a and b, giving us a contradiction. Therefore, our contra-diction implies that r = 0 and d | a. The same argument works for d | b where we replace a withb throughout our previous argument.

While d is known to be a common divisor and the least positive integer that is a linear com-bination of a and b, it remains to be shown that d is the greatest common divisor of a and b.Assume there exists another common divisor f of a and b. Since f | a and f | b, Property (8) ofTheorem 3.1.2 implies f | (am+bn) or, in other words, f | d. As a result, f ≤ d and d = gcd(a, b).

We can expand upon Theorem 3.2.3 to find the types of integers that can appear as linear com-binations of two integers.

Theorem 3.2.4. Let a and b be positive integers. The set of linear combinations of a and b is the set ofinteger multiples of gcd(a, b).

Proof. We shall begin by assuming that there exists a linear combination of a and b, ax + by forx, y ∈ Z, that is not a multiple of gcd(a, b). By the Division Algorithm, there exists integers qand r such that

ax+ by = q[gcd(a, b)] + r, where 0 < r < gcd(a, b).

Theorem 3.2.3 states that gcd(a, b) is the least positive linear combination of a and b, say ar+ bsfor r, s ∈ Z. This yields the following equations

r = (q[gcd(a, b)] + r)− q[gcd(a, b)] = (ax+ by)− q(ar + bs) = a(x− qr) + b(y − qs).

Since r = a(x − qr) + b(y − qs) and 0 < r < gcd(a, b), we have contradicted the statementof Theorem 3.2.3 that gcd(a, b) is the least positive linear combination of a and b. This impliesevery linear combination of a and bmust be a multiple of gcd(a, b). In order to find the existenceof multiples of gcd(a, b) as linear combinations of a and b we need only look at the equations

t[gcd(a, b)] = t[ar + bs] = a(tr) + b(ts)

for any integer t. This gives our desired result.

Thus far the connection between the Euclidean Algorithm and linear combinations seemto be a mystery since the only useful tool in our proofs for this section has used the DivisionAlgorithm. Although existence of which integers can be expressed as linear combinations ofintegers is helpful, actually finding those integers will prove to be a bit more difficult. This iswhere the Euclidean Algorithm can prove itself a vital part of our proving ground. We firstconsider an example of how to express a number as a linear combination.

16

Example 3.2.5. Recall from Example 3.1.8 we found gcd(4144, 1961) = 37. Theorem 3.2.3 goes on tostate that we can express 37 as a linear combination of 4144 and 1961. In order to express 37 as thedesired linear combination, we look to the Euclidean Algorithm we used in Example 3.1.8 to give

4144 = 2× 1961 + 222,

1961 = 8× 222 + 185,

222 = 1× 185 + 37, and

185 = 5× 37.

For our quest, we shall discard the last equation and require a little rearranging to begin with

37 = 222− 1(185).

By working backwards on the Euclidean Algorithm we see

185 = 1961− 8(222),

which implies37 = 222− 1(1961− 8(222)).

The simplified version of this equation gives

37 = 9(222)− 1961.

Once again going in the reverse order of our Euclidean Algorithm we find

222 = 4144− 2(1961),

leads us to37 = 9(4144− 2(1961))− 1961.

Thus our desired linear combination of 4144 and 1961 is given by

37 = 9(4144)− 19(1961).

We can generalize this result to obtain an efficient method for determining how to representgcd(a, b) as a linear combination of a and b.

Theorem 3.2.6. Let a and b be positive integers. We find gcd(a, b) can be written in the form asn + btnwhere sn and tn are the nth terms of the recursive sequences given by

s0 = 1, t0 = 0,

s1 = 0, t1 = 1,

andsj = sj−2 − qj−1sj−1, tj = tj−2 − qj−1tj−1

for j = 2, 3, · · · , n, where qj represent the quotients in the divisions of the Euclidean Algorithm used tofind gcd(a, b).

Proof. Recall from our original search for gcd(a, b) that the Euclidean Algorithm produced rn =gcd(a, b) where rn was the remainder of the nth iteration of our application of the Division Algo-rithm. As a result, our proof would follow from showing that rj = asj + btj for j = 0, 1, · · · , n.Since rn = gcd(a, b), proving rj = asj + btj for j = 0, 1, · · · , n, will give us our desired result ofgcd(a, b) = asn + btn.

17

Our proof will make use of the second principle of mathematical induction. For j = 0 we findr0 = a = 1(a) + 0(b) = s0(a) + t0(b) and j = 1 gives way to r1 = b = 0(a) + 1(b) = s1(a) + t1(b).This gives the base cases for our induction, so we can assume the equation

rj = asj + btj

for j = 1, 2, · · · k − 1. We wish to show that our equation holds for the kth step. From the kth

step of the Euclidean Algorithm, we find

rk = rk−2 − qk−1rk−1.

Now we apply the induction hypothesis to replace rk−2 and rk−1. This gives us the equations

rk = (ask−2+btk−2)−(ask−1+btk−1)qk−1 = a(sk−2−sk−1qk−1)+b(tk−2−tk−1qk−1) = ask +btk.

Therefore our equation rj = asj + btj holds for j = 0, 1, · · · , n, which completes our proof.

With the existence of linear combinations further established in Theorem refAlg, we wish to findall solutions to presenting a number as a linear combination of two positive integers. Theseequations caught the interest of the ancient Greek mathematician Diophantus, who wrote onequations where solutions were restricted to the rational numbers. Diophantus’ infatuationwith equations of this type led to them bearing a variation of his name, which we shall discussin the upcoming definition.

Definition 3.2.7. The equation ax+by = c, where a, b, and c are integers, is called a linear Diophantineequation in two variables.

A method for determining all solutions to a linear Diophantine equation would ultimately helpus find a deeper understanding of representing the integers. This in turn, gives us an oppor-tunity to see some of the real life applications number theory can provide. Therefore we looktowards the work of Brahmagupta, which explicitly describes all solutions to the linear Dio-phantine equation in two variables.

Theorem 3.2.8. Let a and b be integers with d = gcd(a, b). If d | c, then there exists infinitely manyintegral solutions to ax+ by = c. Moreover, if x0, y0 is any particular solution to the linear Diophantineequation ax+ by = c, then all other solutions are given by

x = x0 + (b

d)t

y = y0 − (a

d)t,

where t ∈ Z.

Proof. We begin by demonstrating the existence of infinitely many integral solutions. FromTheorem 3.2.4, we know there exists a particular solution x0, y0 to the aforementioned linearDiophantine equation, which yields ax0 +by0 = c. We will show that there exist infinitely manysolutions to the equation ax + by = c, where x = x0 + ( b

d )t, y = y0 − (ad )t, with t ∈ Z. Now

consider the sequence of equations

ax+ by = a(x0 + (b

d)t) + b(y0 − (

a

d)t) = ax0 + by0 + a

b

dt− ba

dt = ax0 + by0 = c.

Thus, the existence of infinitely many solutions is established (in particular, for each t ∈ Z).

Moving forward, we wish to show every solution of ax + by = c must be of the form x =x0 + ( b

d )t, y = y0 − (ad )t, where t ∈ Z. Once again we call upon Theorem 3.2.6 to provide

18

us with the solution x0, y0 to the given equation. Assume x1, y1 is another solution, giving usax1 + by1 = c. Since ax0 + by0 = c, we find

(ax1 + by1)− (ax0 + by0) = 0.

By rearranging a few terms we obtain

a(x1 − x0) + b(y1 − y0).

This yieldsa(x1 − x0) = b(y0 − y1).

Since d = gcd(a, b), we know that ad and b

d are integers. This allows us to rewrite our equationas follows

d(a

d)(x1 − x0) = d(

b

d)(y0 − y1).

By dividing both sides of the equation by d we find

(a

d)(x1 − x0) = (

b

d)(y0 − y1).

Now we recall from Problem 5 of Homework 2 that gcd(ad ,

bd ) = 1. We shall demonstrate that

(ad ) | (y0−y1). Since gcd(a

d ,bd ) = 1, there existsm,n ∈ Z such that (a

d )m+( bd )n = 1. Multiplying

by y0 − y1 yields

(a

d)m(y0 − y1) + (

b

d)n(y0 − y1) = (y0 − y1).

With (ad ) | (a

d )(y0− y1) and (ad ) | ( b

d )(y0− y1), the linear combination (y0− y1) must be divisibleby a

d . Hence, there exists an integer t such that (ad )t = y0 − y1. This implies y1 = y0 − (a

d )t. Asubstitution for y1 into (a

d )(x1 − x0) = ( bd )(y0 − y1) gives

(a

d)(x1 − x0) = (

b

d)(y0 − (y0 − (

a

d)t) = (

a

d)(b

d)t.

After dividing both sides of the equation by ad we obtain

(x1 − x0) = (b

d)t.

We complete our proof when adding x0 to both sides to find

x1 = x0 + (b

d)t.

With a format for finding solutions in place, we now look to put it to use in the upcomingexample.

Example 3.2.9. A Japanese businessman returning home from a trip to North America exchanges hisU.S. and Canadian dollars for yen. If he receives 15286 yen, and received 122 yen for each U.S. and 112yen for each Canadian dollar, how many of each type of currency did he exchange?

SOLVE THIS PROBLEM BEFORE NEXT CLASS

Building upon our construction of the integers, we move forward in search of different ways torepresent them. This leads us to developing a basis representation of any integer.

19

3.3 Basis Representation

Upon entering college we all have encountered a number being represented in terms of a givenbase. All across the world people use the base 10 to describe the positive integers. Even inelementary school, we found that

5317 = 5× 103 + 3× 102 + 1× 101 + 7× 100.

Meanwhile, the ever too familiar binary (meaning our base is 2) representation of 5317 yieldsanother method of displaying the number

5317 = 1×212+0×211+1×210+0×29+0×28+1×27+1×26+0×25+0×24+0×23+1×22+0×21+1×20.

A shorthand binary (base 2) representation of 5317 is given by (1010011000101)2, where thesubscript 2 helps indicate the base we are using. Fortunately, the integers can be representedusing any choice of base. This leads us to our next result known as the Basis RepresentationTheorem.

Theorem 3.3.1. Let b be any integer greater than 1. For each positive integer n, there exists a uniquerepresentation of n in the form

n = akbk + ak−1b

k−1 + · · · a1b+ a0,

where k is a nonnegative integer, ak 6= 0, and each ai is a nonnegative integer less than b.

Proof. Just as many other results in elementary number theory are obtain, we look towards theDivision Algorithm to provide us with a result. Assuming n is greater than b (otherwise we arealready finished), we divide n by b to find

n = bq0 + a0, where 0 ≤ a0 < b.

If q0 6= 0, we can continue by dividing q0 by b (notice that this process actually differs from theEuclidean Algorithm in this sense)

q0 = bq1 + a1, where 0 ≤ a1 < b.

We take another step forward by creating the string of equations

q1 = bq2 + a2, where 0 ≤ a2 < b,

q2 = bq3 + a3, where 0 ≤ a3 < b,

...

qk−2 = bqk−1 + ak−1, where 0 ≤ a2 < b,

qk−1 = b(0) + ak, where 0 ≤ ak < b.

The reason this process must terminate comes from the inequalities

n > q0 > q1 > q2 > q3 > · · · > qk−2 > qk−1 ≥ 0

where at most q0 terms can appear in this strictly decreasing sequence.

Now we turn to making substitutions for a series of qi in the upcoming equations

n = bq0 + a0 = b(bq1 + a1) + a0

= b2q1 + a1b+ a0

20

= b2(bq2 + a2) + a1b+ a0

= b3q2 + a2b2 + a1b+ a0

...

= bk−1qk−2 + ak−2bk−2 + · · ·+ a1b+ a0

= bk−1(bqk−1 + ak−1) + ak−2bk−2 + · · ·+ a1b+ a0

= akbk + ak−1b

k−1 + ak−2bk−2 + · · ·+ a1b+ a0,

where 0 ≤ aj < b for j = 0, 1, · · · k and ak 6= 0 given that the last nonzero quotient is qk−1. Thisgives us our desired representation of an arbitrary integer n.

In order to show uniqueness of this representation we first assume there exists two representa-tions of n, which we shall denote by akb

k+ak−1bk−1+· · · a1b+a0 and ckbk+ck−1b

k−1+· · · c1b+c0with 0 ≤ ak < b and 0 ≤ ck < b. Since both of these representations equal n we can group liketerms to obtain

(ak − ck)bk + (ak−1 − ck−1)bk−1 + · · · (a1 − c1)b+ (a0 − c0) = 0.

Since our assumption is that these two expansions are different, there exists a smallest integer jwith 0 ≤ j ≤ k such that aj 6= cj . Thus,

bj((ak − ck)bk−j + · · ·+ (aj+1 − cj+1)b+ (aj − cj)) = 0.

Now divide by bj we find

(ak − ck)bk−j + · · ·+ (aj+1 − cj+1)b+ (aj − cj) = 0.

Now subtract aj − cj from both sides to get

(ak − ck)bk−j + · · ·+ (aj+1 − cj+1)b = cj − aj .

This yields b | (cj − aj) since

b((ak − ck)bk−j−1 + · · ·+ (aj+1 − cj+1)) = cj − aj .

However, 0 ≤ aj < b and 0 ≤ cj < b means that −b < cj − aj < b. This information along withb | (cj − aj) imply cj − aj = 0. Therefore aj = cj and our representation is unique.

With the ability to represent integers in terms of different bases in place, we once again try tobuild some familiarity with the common notation used.

Example 3.3.2. When considering the base 6 notation, (235)6 yields an example with 2 = a2, 3 = a1,and 5 = a0, where the ai coincide with the notation used in Theorem 3.3.1. Therefore

(235)6 = 2× 62 + 3× 6 + 5 = 59.

This gives us yet another example of converting a given base notation into base 10 notation.

21

3.4 Building Blocks of the Integers

In the preceding sections, we developed different ways of constructing the integers. However,as suspected, we have saved the best for last. Our creation will be built from the particularintegers known as prime numbers.

Definition 3.4.1. An integer n > 1 is prime if the only positive divisors of n are 1 and n. We call ncomposite if n is not prime.

The only positive integer left to question is 1. The number 1 is neither prime nor composite. Theterm often associated with the number 1 is a unit. We will encounter more about its importancein the homework.

Shifting our focus back towards Definition 3.4.1, we call upon our intuition to provide a list ofprime numbers. The list 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47 gives an example of thefirst few primes while the first few composites are 4, 6, 8, 9, 10, 12, 14, 15, 16, 18, 20, 21, 22, 24, 25,26, 27, 28, 30, 32, 33, 34, 36, 38, 39, 40, 42, 44, 45, 46, 48, 49. These lists can continue for quite sometime, which we shall discuss in detail later. In the meantime, we shall look at a convenient wayof bringing the notion of a prime number to the realm of greatest common divisors.

Definition 3.4.2. Two integers a and b are relatively prime if gcd(a, b) = 1.

This concept of relatively prime numbers provides strings of useful results. We describe onesuch result here.

Lemma 3.4.3. Let a, b, c ∈ Z with a and b relatively prime. If a | bc, then a | c.

Proof. Since gcd(a, b) = 1, there are integers x and y such that ax+ by = 1. By multiplying bothsides of the equation by c we obtain acx + bcy = c. With a | a and a | bc, we find a divides anylinear combination of those two values. Therefore, a | c, as we desired.

Pushing forward, we search for the impact of the prime numbers and its relationship to all ofthe integers. With the previous lemma in tow, we can move towards a result involving primes.

Lemma 3.4.4. If p divides a1a2 · · · an where p is a prime and a1, a2, · · · , an ∈ Z, then there is aninteger i with 1 ≤ i ≤ n such that p | ai.

Proof. As we may anticipate, this proof will involve induction. In the case where p | a1, ourdesired result immediately holds. With our base case for induction in place, we assume theresult is true for n. We now consider a product of n + 1 integers a1a2 · · · an+1 that is di-visible by the prime p. Since a1a2 · · · an+1 = (a1a2 · · · an)an+1 we can apply Lemma 3.4.4 top | (a1a2 · · · an)an+1. This yields p | a1a2 · · · an or p | an+1. In the latter case, we have achievedour result, while in the former case we apply our induction hypothesis to obtain p | ai for aninteger i with 1 ≤ i ≤ n. Either case provides the result p | ai for some i with 1 ≤ i ≤ n+ 1.

These results give us a segue into the most powerful theorem found on the pages of any bookinvolving basic arithmetic. This result is referred to as the Fundamental Theorem of Arithmetic.

Theorem 3.4.5. Every positive integer greater than 1 can be written as a product of primes with eachfactorization unique except for a rearrangement of the factors.

Proof. We begin with a proof by contradiction to show every positive integer can be written asa product of primes. As a result, we should assume that there exists a positive integer that cannot be written as a product of primes. Then we can apply the Well-Ordering Principle to theset of positive integers that can not be written as a product of primes to obtain a least element,which we shall call m. Since m is not a product of primes, it must be composite. This allows

22

us to say m = ab where a, b ∈ Z+ with 1 < a < n and 1 < b < n. However, a and b are lessthan m, which happens to be our least element that is not a product of primes, so a and b mustbe a product of primes. This implies m = ab must be a product of primes as well, which is acontradiction. Therefore every positive integer can be written as a product of primes.We move our search from representing an integer as a product of primes to showing that thisrepresentation is unique. As in other proofs demonstrating uniqueness, we begin by assumingan integer m has two different factorization into primes. In other words there exist primesp1, p2, · · · pn and q1, q2, · · · qt such that

m = p1p2 · · · pn = q1q2 · · · qt.

By removing all the common primes we obtain a new list with

pi1pi2 · · · piy= qj1qj2 · · · qjz

.

where all of the primes on the left-hand side of our equation must differ from all the primes onthe right-hand side. Now apply Lemma 3.4.3 to find pi1 must divide qjk

for some k between 1and t. This gives us a contradiction since each qjk

is prime and different from pi1 . Hence, ourprime factorization of m is unique, and our proof is complete.

With the Fundamental Theorem of Arithmetic in place, a number of results immediately follow.We begin by searching for the number of primes in existence.

Theorem 3.4.6. There exists infinitely many primes.

Proof. Assume that there exists only finitely many primes. Then we can list all of the primesp1, p2, · · · pn. Now consider the integer N = p1p2 · · · pn + 1. The integer N must be compositesince are list of primes were used in its creation. Therefore we can apply the FundamentalTheorem of Arithmetic to find a prime factor of N , which we shall call q. Notice q 6= pi for1 ≤ i ≤ n since q | N and q - 1. This implies q is a prime not in the list p1, p2, · · · pn, which is acontradiction. Therefore, there are infinitely many prime numbers.

Although the infinite number of primes may be a familiar result, the results of Dirichlet aboutarithmetic progressions of prime numbers may shed some new light onto primal behavior.

Definition 3.4.7. An arithmetic progression is a sequence of integers

a, a+ b, a+ 2b, a+ 3b, · · ·

where a, b ∈ Z+.

Dirichlet was able to show that if a and b are relatively prime positive integers, then the afore-mentioned arithmetic progression produces infinitely many primes. Although this result is alittle beyond the scope of this course, we shall look at a special case of these arithmetic progres-sions.

Lemma 3.4.8. The product of two or more integers of the form 4s+ 1 is of the same form.

Proof. We proceed by induction. Consider two integers j = 4s + 1 and k = 4t + 1. Thenjk = (4s + 1)(4t + 1) = 16st + 4t + 4s + 1 = 4(4st + t + s) + 1. Since 4st + t + s ∈ Z, our basecase follows.

Assume the product of n integers of the form 4s + 1 gives another integer of the same form.Consider the product a1a2 · · · anan+1 where each ai is of the form 4s + 1 for some s ∈ Z+. Wefind a1a2 · · · anan+1 = (a1a2 · · · an)an+1. By our induction hypothesis, there exists an integer

23

j such that a1a2 · · · an = 4j + 1. This information combined with an+1 = 4k + 1 for k ∈ Z+,provides us with

a1a2 · · · anan+1 = (4j + 1)(4k + 1) = 16jk + 4j + 4k + 1 = 4(4jk + j + k) + 1.

With 4(4jk + j + k) + 1 in the desired form, our proof is complete.

Lemma 3.4.8 allows us to pursue an arithmetic progression producing an infinite number ofprimes.

Theorem 3.4.9. There are an infinite number of primes of the form 3 + 4b.

Proof. In a manner similar to proving an infinite number of primes, we begin by assuming thereexists only finitely many primes of the form 3 + 4b. Then we can list all the primes of the form3 + 4b, which we shall call p1, p2, · · · , pn. Consider the positive integer N = 4p1p2 · · · pn + 3and let N = q1q2 · · · qt be its prime factorization. Since N is an odd integer, all qi must be of theform 1 + 4b or 3 + 4b. If every qi is of the form 1 + 4b, then we apply Lemma 3.4.8 to obtainN = 4s + 1 for some integer s. This contradicts N = 4p1p2 · · · pn + 3, so we find there existsat least one prime factor in our list of the form 3 + 4b. However, this prime must appear in thelist p1, p2, · · · , pn because this list includes all primes of the form p1, p2, · · · , pn. Since pr - Nfor 1 ≤ r ≤ b, we have a contradiction. Hence, there exists infinitely many primes of the form3 + 4b.

Although an infinite number of primes of the form 3 + 4b may exist, the list 3, 7, 11, 15 imme-diately demonstrates that not all numbers in our arithmetic progression produce a prime. Thisresult causes us to take a closer look at Dirichlet’s arithmetic progressions. This time we shalltry to find properties of arithmetic progressions producing n consecutive prime numbers.

Theorem 3.4.10. Consider the arithmetic progression

p, p+ d, p+ 2d, · · · , p+ (n− 1)d

for p a prime and n > 2. If all the terms of the arithmetic progression are prime, then the commondifference d is divisible by every prime q < n.

Proof. Before considering all prime numbers q < n we shall show that p ≥ n for all of thearithmetic progressions of n primes beginning at p. For this case we assume p < n and considerthe term p + pd. This term must exist in our arithmetic progression if p < n and p + pd =p(1+d), which contradicts our assumption that our arithmetic progression only contains primenumbers. Hence p ≥ n for the arithmetic progression

p, p+ d, p+ 2d, · · · , p+ (n− 1)d

where all terms are prime.

Now we move towards showing all prime numbers q < n must be a divisor of d. Assume to thecontrary, that there exists a prime number q < n such that q - d. Now divide the q terms of thearithmetic progression

p, p+ d, p+ 2d, · · · , p+ (q − 1)d

by q. The Division Algorithm yields that when dividing by q the remainders of each term of thearithmetic progression must range from 0 to q − 1. Let us consider the case where there existtwo terms of the progression p + jd and p + kd with 0 ≤ j < k ≤ q − 1 where j, k ∈ Z thatproduce the same remainder when dividing by q. In other words, for 0 ≤ r ≤ q− 1 and s, t ∈ Z,we have qs = p+ jd− r and qt = p+ kd− r. This yields

q(t− s) = qt− qs = kd− jd = (k − j)d.

24

By our assumption that q - d, we find q | (k − j). However, 0 ≤ k − j ≤ q − 1 implies k − j = 0,which contradicts our choice of two terms in the progression

p, p+ d, p+ 2d, · · · , p+ (q − 1)d

having the same remainder upon division by q.

Our previous result provides us with the remainders 0, 1, · · · , q−1 being attained when dividingthe aforementioned arithmetic progression by q. In particular, one of these remainders must be0. Let us assume p + zd for an integer z with 0 ≤ z ≤ q − 1 produces a remainder of 0 whendivided by q. Then p + zd must be composite since q < n ≤ p ≤ p + zd, which contradictsour hypothesis that all elements of our arithmetic progression are prime. Therefore q | d for allprimes q < n, which happens to be our desired result.

The number of primes in existence still does no justice to the implications of the FundamentalTheorem of Arithmetic. Rather than create an endless list of places where the theorem becomesuseful, we shall produce an example where numbers can not be factored uniquely into a productof primes.

Example 3.4.11. Consider the set of all even integers given by 2Z = {2n|n ∈ Z}. This set providesus with a familiar set of numbers, yet some unfamiliar definitions. We need to make a small adjustmentto our definition of a “prime” number in this set. In 2Z, a nonzero element α 6= ±1 is called “prime”if whenever α divides βγ, α divides either β or γ. This definition of prime is a generalization for thedefinition of a prime integer. Rather than focusing on the technicalities of our new definition, we shallsearch for a few prime integers in 2Z by calling upon our intuition that a number is prime when it cannot be written as a product of two smaller integers in the set. As suspected 2 is also a prime number in2Z, but an unfamiliar prime appearing in 2Z is the number 6. We may hesitate to think that 6 is a primein 2Z, until looking at its prime factorization in Z. Notice 6 = 2× 3, however, 3 is not an even number.This implies 2 - 6 in 2Z, and as a result 6 must be a prime in 2Z. In a similar fashion, we see 18 is alsoprime since the only divisors of 18 are 2 and 9 with 9 6∈ 2Z.

Now we have three different prime elements in 2Z in our hands. Let us consider the element 36 ∈ 2Z.We find

36 = 6× 6 = 2× 18.

Hence, 36 has two different factorizations into prime elements. This provides us with an example thatthe set of even numbers does not have unique factorization into products of primes.

Without unique factorization into a product of primes, the difficulty of searching for propertiesof a set increases. Some of these properties can befuddle many of mathematicians. One suchmathematician happens to be Gabriel Lame, who thought he could prove Fermat’s Last Theo-rem back in 1847. Lame’s called upon the use of primitive nth roots of unity, which are complexnumbers ω such that ωn = 1 and ωk 6= 1 for k = 1, 2, · · ·n − 1. Lame claimed he could proveFermat’s Last Theorem by making use of the factorization

xn = zn − yn = (z − y)(z − ωy)(z − ω2y) · · · (z − ωn−1y),

where ω is a primitive nth root of unity. The problem with Lame’s proof is that it balanced on theassumption that the enlarged sets of integers needed to possess the unique factorization prop-erty. The German mathematician Eduard Kummer shattered the hopes and dreams of manymathematicians by showing that the unique factorization for integers including the primitiventh roots of unity fails when n = 23. As a matter of fact, unique factorization only holds for afinite number of such cases. Thus, the world of mathematics had to hold out for another 150years before Andrew Wiles finally had the machinery to complete the proof.

25

These examples help demonstrate the power the Fundamental Theorem of Arithmetic actuallypossesses. However, with every upside there must also be a downside. In this case, the shearmagnitude of the prime numbers can be a force to reckon with. The existence of merely fac-toring integers carrying cash prizes demonstrates the exploitation of the aforementioned fact.Currently the smallest open challenge is known as RSA-704, which asks to find the two primefactors of the number

74037563479561712828046796097429573142593188889231289084936232638972765034028266276891996419625117843995894330502127585370118968098286733173273108930900552505116877063299072396380786710086096962537934650563796359,

which has 704 digits in binary form. Just in case we might think the factorization of RSA− 704may be accomplished by a simple algorithm, the $30000 award for its two prime factors causesus to reconsider its likelihood. As a result, we must also search for another method along withthe Fundamental Theorem of Arithmetic to provide us with information about the integers.This leads us into the direction of congruences, which happens to be our next chapter.

26

Chapter 4

Congruences

4.1 The Basics of Congruences

In his search for developing a method for working with divisibility relationships similar to thatof equalities, the German mathematician Gauss created a language of congruences. The impli-cations of congruences range from telling time on a clock to the International Standard BookNumber (ISBN) system. With congruences creating more ways for us to consider properties ofthe integers, we insert its definition here.

Definition 4.1.1. Given an integer n ≥ 2 and a, b ∈ Z, we find a and b are congruent modulo n,denoted by a ≡ b mod n, if n | (a− b).

Let us consider some basic examples of congruences in action.

Example 4.1.2. The endless list of examples of numbers congruent modulo 5 includes 107 ≡ 32 mod n,249 ≡ 1004 mod n, and 70326 ≡ 1 mod 5 since 5 | (107− 32), 5 | (249− 1004), and 5 | (70326− 1),respectively.

With properties of divisibility being the backbone of congruences, we can look towards divisi-bility to provide us with our first theorem on congruences.

Theorem 4.1.3. Let a, b, n ∈ Z with n ≥ 2. Then a ≡ b mod n if and only if there is an integer k suchthat a = b+ kn.

Proof. We start with the forward implication. Assuming a ≡ b mod n, then n | (a − b). By thedefinition of divisibility, we find an integer k such that kn = a − b. Thus, a = b + kn, as wedesired.

Conversely, if there exists an integer k such that a = b+ kn, then kn = a− b implies n | (a− b).From our definition of congruence, we have a ≡ b mod n, which completes our proof.

The similarities between modular arithmetic and the Division Algorithm become clearer afterTheorem 4.1.3. Let us take a closer look at their relationship in the next example.

Example 4.1.4. Suppose we wanted to use the Division Algorithm to determine congruences for theintegers 39, 101, and -14 modulo 8. For the aforementioned integers we can apply the Division Algorithmto obtain 39 = 4(8) + 7, 101 = 12(8) + 5, and -14 = -2(8) + 2. By applying Theorem 4.1.3, we find39 ≡ 7 mod 8, 101 ≡ 5 mod 8, and −14 ≡ 2 mod 8. Notice the Division Algorithm allows us toalways find a congruence between 0 and 7 when taking integers modulo 8.

The usefulness of the remainder in the Division Algorithm plays a role when discovering prop-erties about congruences modulo n, where n is an integer greater than 2. We discuss some ofthose results in the upcoming theorem.

27

Theorem 4.1.5. Let a, b, n ∈ Z with n > 2. Then a ≡ b mod n if and only if a and b have the sameremainder when we divide by n with the Division Algorithm.

Proof. For the forward implication, we shall assume a ≡ b mod n. Theorem 4.1.3 states thatthere exists an integer k such that a = b + kn. Now use the Division Algorithm to divide b byn to obtain a given remainder r, that is b = qn + r, for some q ∈ Z and 0 ≤ r < n. We need toshow that r is the remainder when dividing a by n. Consider the equations

a = b+ kn = (qn+ r) + kn = (q + k)n+ r.

This demonstrates r is the remainder when dividing a by n.

Conversely, suppose a and b leave the same remainder, r, when dividing by n. Then there existsintegers s and t such that a = sn+ r and b = tn+ r. Therefore

a− b = (sn+ r)− (tn+ r) = sn− tn = (s− t)n

implying n | (a− b). The definition of congruences tells us a ≡ b mod n, as we desired.

The aforementioned theorem will allow us to later classify all of the integers modulo n in termsof the remainders when applying the Division Algorithm. However, until we develop enoughinformation on modular arithmetic, a proof of this result is unattainable. Therefore we providea series of results that will become useful later.

Proposition 4.1.6. If a ≡ b mod n and c ≡ d mod n, then a+ c ≡ b+ d mod n and ac ≡ bd mod n.

Proof. Since we are assuming a ≡ b mod n and c ≡ d mod n, there exist integers s and t suchthat a = b+ sn and c = d+ tn. This yields

a+ c = (b+ sn) + (d+ tn) = (b+ d) + (sn+ tn) = (b+ d) + (s+ t)n.

By subtracting (b + d) from both sides of our final equality we obtain

(a+ c)− (b+ d) = (s+ t)n,

which gives a+ c ≡ b+ d mod n. Similarly, we can use the equalities a− b = sn and c− d = tnto find

ac− bd = ac+ (−bc+ bc)− bd = (a− b)c+ b(c− d) = (sn)c+ b(tn) = (sc+ bt)n.

This implies n divides ac− bd, which gives us our desired result.

These properties provide us with better tools for understanding congruences. The next examplewill demonstrate how our hard work pays off.

Example 4.1.7. We use Proposition 4.1.6 to solve for x in the congruence

4x+ 2 ≡ 8 mod 11.

By subtracting 2 to both sides of our congruence we find

4x ≡ 6 mod 11.

Now multiply both sides of our congruence by 3 to obtain

12x ≡ 18 mod 11.

Since 12 ≡ 1 mod 11 and 18 ≡ 7 mod 11 we have

x ≡ 7 mod 11.

28

The final property of congruences we shall discuss before shifting gears towards residue classesis looking at powers of congruent integers modulo n.

Theorem 4.1.8. Let a, b, k, n ∈ Z with k and n greater than 0. If a ≡ b mod n, then ak ≡ bk mod n.

Proof. From the definition of congruences, a ≡ b mod n implies n | (a− b). Use this informationalong with Homework 1 problem 3 to consider

ak − bk = (a− b)(ak−1 + ak−2b+ · · ·+ abk−2 + bk−1).

Since n | (a− b), our previous equality shows that n | (ak − bk). Therefore, ak ≡ bk mod n.

We use the ideas in Theorem 4.1.8 to determine the last two digits of a given number.

Example 4.1.9. Assume we wish to determine the last two digits of 21412. In order to provide the lasttwo digits we should look at 21412 modulo 100. Before we can do this we apply Theorem 4.1.8 repeatedlywith k = 2 to obtain the following congruences:

2 ≡ 2 mod 100,

22 ≡ 4 mod 100,

24 ≡ 16 mod 100,

28 ≡ 56 mod 100,

216 ≡ 36 mod 100,

232 ≡ 96 mod 100,

264 ≡ 16 mod 100,

2128 ≡ 56 mod 100,

2256 ≡ 36 mod 100,

2512 ≡ 96 mod 100,

21024 ≡ 16 mod 100.

This allows us to use the following string of equations and congruences

21412 = 21024+256+128+4 = 210242256212824 ≡ 16× 36× 56× 16 = 516096 ≡ 96 mod 100.

Therefore 96 is the last two digits of 21412.

Notice how the previous example called upon properties of basis representation in order tofind the last two digits of 21412. The basis representation came into play when considering1412 = (10110000100)2. Our binary representation proved useful when breaking 21412 intomultiplication of smaller powers of 2. This is just one of many examples of congruences callingupon resources outside of the basic properties of divisibility.

29

4.2 Residue Classes

Equivalence relations provide us with a simple method of categorizing elements of a relation.A demonstration that the relation ≡ is an equivalence relation will give us the desired trait thatwe can form equivalence classes.

Theorem 4.2.1. The congruence relation ≡ modulo n is an equivalence relation on the integers.

Proof. In order to show that ≡ is an equivalence relation we must show it is reflexive, symmet-ric, and transitive. We begin by showing ≡ is reflexive. For ≡ to be reflexive, we must showa ≡ a mod n. This result is immediate since a− a = 0 = 0× n.

While looking for the symmetric property, we assume a ≡ b mod n and wish to show b ≡a mod n. The assumption that a ≡ b mod n provides us with an integer k such that a− b = kn.This implies (−k)n = b− a, which yields b ≡ a mod n.

For the final piece of our puzzle we wish to show ≡ is transitive. We begin by assuming a ≡b mod n and b ≡ c mod n and try to demonstrate a ≡ c mod n. Since our assumptions area ≡ b mod n and b ≡ c mod n, we have integers k and q such that a − b = kn and b − c = qn.Then

a− c = a+ (−b+ b)− c = (a− b) + (b− c) = kn+ qn = (k + q)n,

and we have our desired result that a ≡ c mod n.

The knowledge that ≡ is an equivalence relation allows us to partition the set of integers intoequivalence classes. Every element of the integers must belong to a single equivalence class,which we shall give a special name.

Definition 4.2.2. The equivalence classes of the congruence relation ≡ modulo n are called residueclasses modulo n.

For the sake of distinguishing between an integer and residue class, we will denote the residueclass of any integer a by a. The set of all residue classes modulo n will be denoted by Zn. If werecall Theorem 4.1.3, then we notice all members of a are of the form a+ kn, where k ∈ Z.

Example 4.2.3. Let us consider the equivalence classes of Z5. We begin by looking at the equivalenceclass 0, which Theorem 4.1.5 states is all of the integers that are divisible by 5. Hence,

0 = {· · · ,−10,−5, 0, 5, 10, · · · }.

Similarly Theorem 4.1.5 describes 1 as the set of all integers that have a remainder of 1 when dividing by5. Thus,

1 = {· · · ,−9,−4, 1, 6, 11, · · · }.Using Theorem 4.1.5 provides us with our last three residue classes

2 = {· · · ,−8,−3, 2, 7, 12, · · · },

3 = {· · · ,−7,−2, 3, 8, 13, · · · },4 = {· · · ,−6,−1, 4, 9, 14, · · · }.

Since all of the integers are included in the aforementioned residue classes, we have Z5 = {0, 1, 2, 3, 4}.

The above example can be generalized to Zn. Theorem 4.1.5 allows for the description of theresidue classes modulo n as Zn = {0, 1, · · · , n− 1}. Any element of the given equivalenceclasses is called a representative. With this in mind we can find different ways of represent-ing a residue class, which leads us to our next definition.

30

Definition 4.2.4. A complete residue system modulo n is a collection of integers containing exactly onerepresentative of each residue class.

As previously mentioned in Example 4.2.3 a complete residue system for Z5 is given by {0, 1, 2, 3, 4}.By using the integers included in each residue class, we find another complete residue systemfor Z5 is {10,−4, 12, 8,−6}. This result coincides with the fact that 0 = 10, 1 = −4, 2 = 12, 3 = 8,and 4 = −6 in Z5. Our search for complete residue systems modulo n can be generalized. Weaim towards this result, but we must begin with a lemma.

Lemma 4.2.5. A set of n incongruent integers modulo n forms a complete set of residues modulo n.

Proof. Consider a set of n incongruent integers modulo n. Suppose that the set of n incongruentintegers modulo n is not a complete set of residues. Then there exists an integer a such that a isnot congruent to any to any of the integers in the set. This implies there is no integer in the set ofn incongruent integers modulo n having the same remainder as a when dividing by n. Hence,there exists at most n− 1 different remainder from the set of n incongruent integers. Thereforetwo of the integers must have the same remainder when dividing by n. By Theorem 4.1.5, weknow two such integers must be congruent, which is a contradiction. As a result, any set of nincongruent integers modulo n form a complete system of residues modulo n.

The previous result gives us enough information to tackle our next theorem.

Theorem 4.2.6. If r1, r2, · · · , rn is a complete system of residues modulo n with a being a positiveinteger such that gcd(a, n) = 1, then

ar1 + b, ar2 + b, · · · , arn + b

is a complete system of residues modulo n for any integer b.

Proof. Let r1, r2, · · · , rn be a complete system of residues modulo n and consider the set ofintegers

ar1 + b, ar2 + b, · · · arn + b,

where gcd(a, n) = 1 and b ∈ Z. Notice that if we can show the aforementioned set of integersare also incongruent integers modulo n, then Lemma 4.2.5 provides the result that ar1 + b, ar2 +b, · · · , arn + b is also a complete system of residues modulo n.

We begin our journey by assuming there exists two residues rj and rk such that

arj + b ≡ ark + b mod n.

By subtracting b from both sides of our congruence we obtain

arj ≡ ark mod n.

From the definition of congruences, this implies n divides arj − ark, which equals a(rj − rk).Since gcd(a, n) = 1, we find n | (rj − rk). This implies rj ≡ rk mod n, which is a contradic-tion. Therefore, ar1 + b, ar2 + b, · · · , arn + b is a set of n incongruent integers modulo n, whichLemma 4.2.5 implies these integers form a complete system of residue systems modulo n.

4.3 Linear Congruences

With an understanding of complete residue systems modulo n in place, we make the transitiontowards solving polynomial congruences. Our focal point for this section will be linear poly-nomials. We begin by studying properties of congruences that will be useful in solving linearcongruences.

31

Theorem 4.3.1. Let a, b, c, and n be integers with n > 0 and gcd(c, n) = d. If ac ≡ bc mod n, thena ≡ b mod n

d .

Proof. Assuming ac ≡ bc mod n, we know that n divides ac− bc, which equals c(a− b). Hence,there exists an integer k such that nk = c(a − b). Since gcd(c, n) = d, we can divide both sidesby d to find n

d k = cd (a− b). Recall from the homework that gcd(n

d ,cd ) = 1, which implies that n

ddivides (a− b). Therefore, a ≡ b mod n

d .

A special case of Theorem 4.3.1 proves useful in solving linear congruences. We state the resultwhen gcd(c, n) = 1 as the following corollary.

Corollary 4.3.2. Let a, b, c, and n be integers with n > 0 and gcd(c, n) = 1. If ac ≡ bc mod n, thena ≡ b mod n.

We now provide examples where Theorem 4.3.1 and Corollary 4.3.2 can be put to use.

Example 4.3.3. Consider the congruence given by 48 ≡ 88 mod 20. Notice we can rewrite this congru-ence as 8(6) ≡ 8(11) mod 20. Since gcd(8, 20) = 4, Theorem 4.3.1 yields 8

4 (6) ≡ 84 (11) mod 20

4 . As aresult, we have 12 ≡ 22 mod 5.

Example 4.3.4. Let us consider the linear congruence 2x − 4 ≡ 6 mod 21. By adding 4 to both sideswe find 2x ≡ 10 mod 21. This leads to 2x ≡ 2(5) mod 21, which Corollary 4.3.2 allows us to reduce tox ≡ 5 mod 21.

The preceding examples help demonstrate how effective Theorem 4.3.1 and Corollary 4.3.2 canbe in our pursuit for solving linear congruences. Before we determine when linear congruencescan be solvable, we shall provide a formal definition.

Definition 4.3.5. A congruence of the form ax ≡ b mod n where x is an unknown variable is called alinear congruence.

With our definition in place, we wish to pursue solvable linear congruences along with deter-mining the number of incongruent solutions possible when considering the congruence modulon.

Theorem 4.3.6. Let a, b, and n be integers with n > 0 and gcd(a, n) = d. If d - b, then ax ≡ b mod nhas no solutions. If d | b, then ax ≡ b mod n has exactly d incongruent solutions modulo n.

Proof. Consider ax ≡ b mod n. From Theorem 4.1.3, the aforementioned congruence is equiva-lent to the existence of an integer y such that ax − ny = b. The equation ax − ny = b is a linearDiophantine equation. Since ax − ny = b has no solution if d - b where d = gcd(a, b), we needonly consider the case where d | b.

Assuming d | b, recall that ax − ny = b has infinitely many solutions for the integers. Wewish to discover how many of those infinite solutions are incongruent modulo n. We begin oursearch with a particular solution x0 and y0 for our linear Diophantine equation. This implies allsolutions of ax− ny = b must be of the form

x = x0 + (n

d)t, y = y0 − (

a

d)t

where t is an integer. In particular, we wish to focus on the solutions to our linear congruence,which is all of the values x = x0 + (n

d )t.

In order to determine the number of incongruent solutions in existence, we find conditions thatdescribes when two solutions are congruent modulo n. Consider two integers t1 and t2 suchthat

x0 + (n

d)t1 ≡ x0 + (

n

d)t2 mod n.

32

After subtracting x0 from both sides of our equation we find

(n

d)t1 ≡ (

n

d)t2 mod n.

Now we focus our attention on the fact that gcd(nd , n) = n

d . Since nd | n, we can apply Theo-

rem 4.3.1 to findt1 ≡ t2 mod d.

This demonstrates that a complete of incongruent solutions modulo n of x = x0 + (nd )t can be

given by the all of the values t can obtain in a complete system of residues modulo d. Recallthat a complete system of residues modulo d can be given by 0, 1, · · · , d− 1. Hence, a completeset of incongruent solutions is given by x = x0 + (n

d )t where t = 0, 1, · · · , d − 1. Since t has dpossible values, we find if d | b, then ax ≡ b mod n has exactly d incongruent solutions modulon.

Theorem 4.3.6 aids us in our journey for solutions to linear congruences. The upcoming exam-ples include a case where no solution exists along with a case to help shed some light on howthe methods from the previous proof can guide us to the desired solutions.

Example 4.3.7. Consider the linear congruence 15x ≡ 9 mod 25. Since gcd(15, 25) = 5 and 5 - 9, weknow this linear congruence has no solutions.

Example 4.3.8. Consider the linear congruence 15x ≡ 9 mod 42. From the Euclidean Algorithm, wefind

42 = 15(2) + 12,

15 = 12(1) + 3,

12 = 3(4).

This implies gcd(42, 15) = 3 and 15(3) + 42(−1) = 3. By multiplying our last equation by 3 we obtain15(9) + 42(−3) = 9, which gives x0 = 9. Since gcd(42, 15) = 3, we can look at our 3 incongruentsolutions by using the values 0, 1, and 2 for t in the equation x = x0 + (n

d )t This yields the results

x = 9 + 14(0) = 9,

x = 9 + 14(1) = 23,

x = 9 + 14(2) = 37.

Therefore the 3 incongruent solutions to the linear congruence 15x ≡ 9 mod 42 are x ≡ 9 mod 42,x ≡ 23 mod 42, and x ≡ 37 mod 42.

With our main motivation being methods for solving linear congruences, we introduce a defi-nition that will be useful in our studies.

Definition 4.3.9. Let a be an integer with gcd(a, n) = 1. A solution to the linear congruence ax ≡1 mod n is called an inverse of a modulo n.

The uniqueness of an inverse is an immediate result since gcd(a, n) = 1 and Theorem 4.3.6 statessuch a case produces only one solution. We will use the notation a−1 to represent the residueclass of the inverse of a modulo n. We determine the usefulness of inverses in the upcomingexample.

Example 4.3.10. Assume we wish to find the inverse of 3 modulo 14. This is equivalent to us findingx such that 3x ≡ 1 mod 14. Without much hesitation, we notice that x ≡ 5 mod 14 which implies theinverse of 3 modulo 14 is 5. Now let us put this inverse to good use.

Consider the linear congruence 3x ≡ 10 mod 14. Let us multiply both sides of the equivalence by theinverse of 3, which is 5, to obtain 5·3x ≡ 5·10 mod 14. Since 5·3 ≡ 1 mod 14, we have x ≡ 50 mod 14.This gives rise to x ≡ 8 mod 14, which happens to be our desired solution.

33

Example 4.3.10 illustrates how inverses can guide us to solutions for linear congruences. Thegeneralization of our previous example is stated in our next proposition.

Proposition 4.3.11. Let a, b, and n be integers with n > 0 and gcd(a, n) = 1. The unique solution forthe linear congruence ax ≡ b mod n is given by x ≡ a−1 · b mod n.

Proof. The uniqueness of our solution for the linear congruence ax ≡ b mod n is an immediateconsequence of Theorem 4.3.6 since gcd(a, n) = 1. We also find that a has an inverse becausegcd(a, n). Hence we can multiply both sides of our congruence to find a−1 · ax ≡ a−1 · b mod n.By the definition of an inverse we know a−1 · a ≡ 1 mod n, which gives our desired result ofx ≡ a−1 · b mod n.

With inverses playing a crucial role in determining solutions of linear congruences, it suggestswe find a better method for determining inverses of elements (if an inverse exists). In the caseof a linear congruence modulo p where p is prime, we can actually find all of the elements thatserve as their own inverse. We precede such a theorem with an example to help illustrate ourideas.

Example 4.3.12. Consider the inverse of 96 modulo 97. Although 97 is prime, this seems like a tall ordertrying to find an x such that 96x ≡ 1 mod 97. However, we can notice that 96 ≡ −1 mod 97. Thereforewe could write our linear congruence as −1 · x ≡ 1 mod 97. After multiplying both sides by −1, wehave x ≡ −1 mod 97. From our statement that 96 ≡ −1 mod 97, we have a beautiful result that 96 isthe inverse of 96 modulo 97. This gives an example of an integer that happens to serve as its own inverse.

As previously mentioned, we have a complete characterization of all of the elements that aretheir own inverse modulo p, where p is a prime.

Theorem 4.3.13. Let p be a prime. The positive integer a is its own inverse modulo p if and only ifa ≡ 1 mod p or a ≡ −1 mod p.

Proof. We begin with the reverse implication. Assume a ≡ 1 mod p or a ≡ −1 mod p. Ifa ≡ 1 mod p, then a ·a ≡ 1 mod p implying a is its own inverse. Likewise, if a ≡ −1 mod p, thena · a ≡ −1(−1) ≡ 1 mod p giving a is its own inverse.

For the forward implication assume a is its own inverse modulo p. Then a · a ≡ a2 ≡ 1 mod p.Hence p | (a2 − 1) = (a − 1)(a + 1). This implies p | (a − 1) or p | (a + 1). In the case wherep | (a − 1), we use our definition of congruences to find a ≡ 1 mod p. Similarly if p | (a + 1),then we find a ≡ −1 mod p.

Although looking at elements that are their own inverse has a simple result modulo p where pis a prime, such a result can not be generalized to modulo nwhere n is any positive integer. Thenext example helps illustrate the previous comment.

Example 4.3.14. We wish to find the inverse of 5 modulo 24. Once again, this means we need an x suchthat 5x ≡ 1 mod 24. By multiplying both sides by 5 we find 25x ≡ 5 mod 24. Since 25 ≡ 1 mod 24,we find 5 is the inverse 5 modulo 24. Thus, the result from Theorem 4.3.13 can not be generalized tomodulo n where n is a positive integer.

Before bringing this section to a close, we wish to take a closer look at a subset of Zn. Let Z∗n bethe subset of Zn consisting of residue classes containing numbers relatively prime to n. Let uslook at some of the properties of Z∗n.

Proposition 4.3.15. If a and b are elements of Z∗n, then their product ab is an element of Z∗n.

34

Proof. Since a and b are elements of Z∗n, we know gcd(a, n) = 1 and gcd(b, n) = 1. This impliesthe existence of x0, y0, x1, y1 ∈ Z such that ax0 + ny0 = 1 and bx1 + ny1 = 1. We wish to find alinear combination of ab and n that equals 1. Consider the linear combination

ab(x0x1) + n(y0 + y1 − ny0y1).

From our earlier linear combinations we find ax0 = 1− ny0 and bx1 = 1− ny1. Therefore,

ab(x0x1) + n(y0 + y1 − ny0y1) = (ax0)(bx1) + ny0 + ny1 − n2y0y1 =

(1− ny0)(1− ny1) + ny0 + ny1 − n2y0y1 =

1− ny0 − ny1 + n2y0y1 + ny0 + ny1 − n2y0y1 = 1.

Since, we have represented ab and n as a linear combination of 1, we find gcd(ab, n) = 1. Thus,ab ∈ Z∗n.

We finish this section by looking at the relationship between invertible elements of Zn and theelements of Z∗n.

Theorem 4.3.16. An integer a is invertible modulo n if and only if a ∈ Z∗n.

Proof. Let a be invertible modulo n. Then we find a · a−1 ≡ 1 mod n implies n | (a · a−1 − 1).Hence, there exists k ∈ Z such that nk = a · a−1 − 1, which is equivalent to a(a−1) + n(−k) = 1.Therefore gcd(a, n) = 1 and a ∈ Z∗n.

For the reverse implication, let us begin by assuming a ∈ Z∗n. Then there exists x, y ∈ Z suchthat ax + ny = 1, which is equivalent to ax − 1 = n(−y). Therefore ax ≡ 1 mod n yielding ourdesired result that a is invertible.

4.4 The Chinese Remainder Theorem

During our search for solutions to linear congruences, we found the Euclidean Algorithm andinverses can be extremely useful. However, most of our situations considered congruences withsmall integer values rather than a linear congruence similar to 3x ≡ 2937 mod 10000. Hence,we continue our search for an even more efficient method for solving these linear congruences,along with hopes of making a transition towards solving polynomial congruences. While mak-ing this transition, we will learn how to solve systems of congruences such as

x ≡ 3 mod 7,

x ≡ 4 mod 9,

x ≡ 1 mod 25.

This magical theorem that ties all of these pieces together is the Chinese Remainder Theorem,which is our next stated result.

Theorem 4.4.1. Let n1, n2, · · · , nr be positive integers such that gcd(ni, nj) = 1 for all i 6= j. Thenthe system of congruences

x ≡ a1 mod n1,

x ≡ a2 mod n2,

...

x ≡ ar mod nr,

has a unique solution modulo N where N = n1n2 · · ·nr.

35

Proof. We begin by trying to find a solution to the provided system of congruences. Let Nk =Nnk

= n1n2 · · ·nk−1nk+1 · · ·nr. Since gcd(nj , nk) = 1 for all j 6= k, we know that gcd(Nk, nk) = 1.Hence Nk ∈ Z∗nk

implying Nk is invertible modulo nk. Since Nk is invertible there exists anN−1

k such that NkN−1k ≡ 1 mod nk for all integers k with 1 ≤ k ≤ r. Now consider the integer

x given byx = a1N1N

−11 + a2N2N

−12 + · · ·+ arNrN

−1r .

We wish to show that x ≡ ak mod nk for all integers k with 1 ≤ k ≤ r. In order to demonstratethis just recall that nk | Nj whenever j 6= k, which implies that Nj ≡ 0 mod nk. As a result, wefind

x ≡ a1N1N−11 + a2N2N

−12 + · · · akNkN

−1k + · · ·+ arNrN

−1r ≡ akNkN

−1k ≡ ak mod nk.

This leads to all of the congruencesx ≡ a1 mod n1,

x ≡ a2 mod n2,

...

x ≡ ar mod nr,

being satisfied by the integer x.

Now we shall demonstrate that any solution of the aforementioned system of congruence isunique modulo N where N = n1n2 · · ·nr. We shall proceed by induction on the number ofcongruences in our system. For our base case we immediately know there is a unique solutionfor x modulo n1, namely a1. Our induction hypothesis shall state that the solution to the firstr − 1 congruences is unique modulo n1n2 · · ·nr−1. Let x0 and x1 be simultaneous solutions tothe system of r congruences. This implies for each

x0 ≡ x1 mod (n1n2 · · ·nr−1)

x0 ≡ x1 mod nr.

By the definition of congruences, this gives (x0 − x1) is divisible by both n1n2 · · ·nr−1 and nr.Therefore, we can find integers s and t such that (n1n2 · · ·nr−1)s = x0 − x1 = nrt. We alsoknow that n1n2 · · ·nr−1 and nr are relatively prime, so there exists integers y and z such that(n1n2 · · ·nr−1)y + nrz = 1. This leads to

x0−x1 = (x0−x1)1 = (x0−x1)(n1n2 · · ·nr−1y+nrz) = (x0−x1)n1n2 · · ·nr−1y+(x0−x1)nrz.

Now we can use the substitutions (n1n2 · · ·nr−1)s and nrt for x0 − x1 to find

x0 − x1 = (nrt)n1n2 · · ·nr−1y + (n1n2 · · ·nr−1s)nrz = n1n2 · · ·nr(ty + sz).

This yields n1n2 · · ·nr | (x0−x1) and x0 ≡ x1 mod (n1n2 · · ·nr). SinceN = n1n2 · · ·nr, we haveobtained our desired result of such a solution being unique modulo N .

Let us take a closer look at the Chinese Remainder Theorem at work by solving the aforemen-tioned system of congruences.

Example 4.4.2. Consider the system of congruences

x ≡ 3 mod 7,

x ≡ 4 mod 9,

x ≡ 1 mod 25.

36

According to our proof of the Chinese Remainder Theorem a1 = 3, a2 = 4, a3 = 1,N1 = 225,N2 = 175,and N3 = 63. Now we must find the inverses of N1 modulo 7, N2 modulo 9, and N3 modulo 25.

We begin by finding the inverse of N1 modulo 7. Recall that we find the inverse by looking at the con-gruence 225x ≡ 1 mod 7. Since 225 ≡ 1 mod 7, our congruence becomes x ≡ 1 mod 7. This impliesN−1

1 ≡ 1 mod 7, allowing us to continue with our next congruence 175x ≡ 1 mod 9. From the congru-ence 175 ≡ 4 mod 9, we have 175x ≡ 1 mod 9 becomes equivalent to the congruence 4x ≡ 1 mod 9.By multiplying both sides of our congruence by 7 we obtain 28x ≡ 7 mod 9, which is the same asx ≡ 7 mod 9. This gives N−1

2 ≡ 7 mod 9. We finish our search for inverses with N3 modulo 25.When we consider 63x ≡ 1 mod 25, we can immediately transition into the easier to handle congruence13x ≡ 1 mod 25. After multiplying both sides of the congruence by 2, we obtain x ≡ 2 mod 25. Thisgives N−1

3 ≡ 2 mod 25, which allows us to make our move towards a solution.

When we combine all of the aforementioned information, we obtain x = 3 · 225 · 1 + 4 · 175 · 7 + 1 ·63 · 2 = 675 + 4900 + 126 = 5701 modulo N where N = 7 · 9 · 25 = 1575. Since N = 1575 and5701 ≡ 976 mod 1575, we come to the conclusion that all solutions to the system of congruences

x ≡ 3 mod 7,

x ≡ 4 mod 9,

x ≡ 1 mod 25

are of the form x ≡ 976 mod 1575. We can also justify our solution by demonstrating 976 ≡ 3 mod 7,976 ≡ 4 mod 9, and 976 ≡ 1 mod 25.

While solving a system of congruences by the Chinese Remainder Theorem becomes easilyachievable, our main objective is to solve linear congruences. One of the problems we encoun-tered in the previous chapter was solving a linear congruence modulo n when n is large. TheChinese Remainder Theorem allows us to tackle such problems by breaking a linear congruenceinto a system of equations. We shall demonstrate how to find such a solution in the upcomingexample.

Example 4.4.3. Consider the linear congruence 177x ≡ 399 mod 900. The prime factorization of 900is 223252, which gives the system of congruences

177x ≡ 399 mod 4,

177x ≡ 399 mod 9,

177x ≡ 399 mod 25.

We can simplify these congruences tox ≡ 3 mod 4,

6x ≡ 3 mod 9,

2x ≡ 24 mod 25.

The first congruence is already in the appropriate form to use the Chinese Remainder Theorem. We canapply Theorem 4.3.6 on the congruence 6x ≡ 3 mod 9 to obtain solutions of the form 2x ≡ 1 mod 3.After multiplying both sides of the congruence by 2 we have x ≡ 2 mod 3. This implies the congruence6x ≡ 3 mod 9 has solutions x ≡ 2, 5, 8 mod 9. For our final congruence 2x ≡ 24 mod 25, we onceagain apply Theorem 4.3.6 to find the congruence x ≡ 12 mod 25.

From the Chinese Remainder Theorem we find N1 = 225, N2 = 100, and N3 = 36. This calls forsolutions to the congruences

225x ≡ 1 mod 4,

100x ≡ 1 mod 9,

37

36x ≡ 1 mod 25.

These congruences are equivalent to x ≡ 1 mod 4, x ≡ 1 mod 9, and 11x ≡ 1 mod 25, respec-tively. Since the first two congruences provide us with N−1

1 ≡ 1 mod 4 and N−12 ≡ 1 mod 9, we

only need to consider the congruence 11x ≡ 1 mod 25. This congruence implies x ≡ 1 mod 5, thuswe need only check the residue classes 1, 6, 11, 16, 21 modulo 25. Upon further investigation, we find11 · 16 ≡ 176 ≡ 1 mod 25. Therefore 11x ≡ 1 mod 25 is equivalent to x ≡ 16 mod 25. As a result wehave N−1

3 ≡ 16 mod 25.

With all of our inverses in place it is time to search for possible solutions to the congruence 177x ≡399 mod 900. The strange situation here is that a2 can have 2, 5, or 8 as a possible value. Thisgives us three possible solutions to 177x ≡ 399 mod 900, which should come as no surprise sincegcd(177, 900) = 3. Therefore our three possible values for x are

x = 3 · 225 · 1 + 2 · 100 · 1 + 12 · 36 · 16 = 7787,

x = 3 · 225 · 1 + 5 · 100 · 1 + 12 · 36 · 16 = 8087,

x = 3 · 225 · 1 + 8 · 100 · 1 + 12 · 36 · 16 = 8387.

As a list of congruences, we find7787 ≡ 587 mod 900,

8087 ≡ 887 mod 900,

8387 ≡ 287 mod 900.

Therefore our solutions to 177x ≡ 399 mod 900 are given by x ≡ 287, 587, 887 mod 900.

Although we can produce an answer for all sorts of linear congruences using the Chinese Re-mainder Theorem, we need to find a time saving method for solving such congruences. TheChinese Remainder Theorem can be used to determine if a solution to a linear congruence ex-ists, but we shall look to other means to find the exact solutions. Rather than use the ChineseRemainder Theorem methods to solve linear congruence, we will look towards relationships ofdivisibility properties and congruences to determine our solutions. We see this approach in theupcoming example.

Example 4.4.4. We wish to determine all of the solutions for the linear congruence 128x ≡ 833 mod1001. Since 1001 = 7 · 11 · 13, we need only consider the congruences

128x ≡ 833 mod 7,

128x ≡ 833 mod 11,

128x ≡ 833 mod 13.

This gives rise to the congruences2x ≡ 0 mod 7,

7x ≡ 8 mod 11,

11x ≡ 1 mod 13.

These congruences reduce to the more familiar congruences

x ≡ 0 mod 7,

x ≡ 9 mod 11,

x ≡ 6 mod 13.

38

Rather than use our normal method of solving the system of congruences from here, we shall use re-lationships between congruences and divisibility properties. We begin by considering the congruencex ≡ 0 mod 7. This implies x = 7t, where t is an integer. Now we take this expression for x into oursecond congruence to find

7t ≡ 9 mod 11.

After multiplying both sides of our equation by 8, we have t ≡ 6 mod 11. This leads to the existence ofan integer u such that t = 11u+ 6. This gives us the equation x = 7(11u+ 6) = 77u+ 42. From herewe plug in for x into our third congruence to obtain

77u+ 42 ≡ 6 mod 13.

We can simplify this congruence to −u ≡ 3 mod 13. We finish this congruence by multiplying bothsides of our congruence by −1 and noticing −3 ≡ 10 mod 13 to obtain u ≡ 10 mod 13. This tells usthat u = 13v + 10 where v is an integer. Hence we can write x in terms of v as

x = 77(13v + 10) + 42 = 1001v + 812.

The aforementioned equation can be rearranged to x− 812 = 1001v. We finish by using the definition ofcongruences to give the desired result of

x ≡ 812 mod 1001.

We briefly move away from our search for solving linear congruences in one variable to takea closer look at congruences in two variables such as ax + by ≡ c mod n. For this case we canconsider gcd(a, b) = d and apply Theorem 4.3.6 to see a solution exists if and only if gcd(d, n)divides c. We begin by determining solutions to a linear congruence in two variables, and weshall build up to systems of congruences in two variables from there.

Example 4.4.5. Consider the linear congruence 7x+3y ≡ 10 mod 16. Since gcd(7, 3) = 1 we know atleast one solution exists. However, the difference between a linear congruence in one variable and a linearcongruence in two variables becomes clear when we see that the congruence 7x + 3y ≡ 10 mod 16 hasmultiple solutions. The existence of one solution comes to fruition upon converting the aforementionedlinear congruence to the form 7x ≡ 10 − 3y mod 16 and setting y ≡ 0 mod 16. This leads us tothe linear congruence 7x ≡ 10 mod 16. After multiplying both sides of our congruence by 7, we findx ≡ 6 mod 16. Therefore, one solution to the linear congruence 7x+ 3y ≡ 10 mod 16 is given by

x ≡ 6 mod 16

y ≡ 0 mod 16.

Our difference maker comes into play when we let y ≡ 1 mod 16. This gives rise to the congruence7x ≡ 7 mod 16. In this case we have x ≡ 1 mod 16. As a result, we find another solution of 7x+ 3y ≡10 mod 16 is

x ≡ 1 mod 16

y ≡ 1 mod 16.

The search for solutions to 7x+ 3y ≡ 10 mod 16 can continue for every residue class of y modulo 16.

The above example illustrates some of the behavior of a linear congruence in two variables. Wecan call upon our intuition to complete all linear congruences in two variables. Hence, we shallfocus our attention on finding solutions to systems of linear equations in two variables.

Theorem 4.4.6. The system of linear congruences

ax+ by ≡ r mod n

cx+ dy ≡ s mod n

has a unique solution whenever gcd(ad− bc, n) = 1.

39

Proof. Consider the system of congruences

ax+ by ≡ r mod n

cx+ dy ≡ s mod n

and assume gcd(ad− bc, n) = 1. Multiply the first congruence by d and our second congruenceby b to obtain the congruences

adx+ bdy ≡ dr mod n

bcx+ bdy ≡ bs mod n.

After subtracting the two equations, we have the congruence

(ad− bc)x ≡ (dr − bs) mod n.

Since gcd(ad− bc, n) = 1, the residue ad− bc has an inverse modulo n. Let us denote the inverseof ad − bc modulo n by z. After multiplying the congruence (ad − bc)x ≡ (dr − bs) mod n onboth sides by z, we find

x ≡ (dr − bs)z mod n.

Such a solution for x is unique because the inverse of ad− bc is unique.Similarly, we shall search for a solution to the congruence for y. Multiply the first congruenceby c and our second congruence by a to obtain the congruences

acx+ bcy ≡ cr mod n

acx+ ady ≡ as mod n.

After subtracting the first congruence from the second congruence we are left with the congru-ence

(ad− bc)y ≡ (as− cr) mod n.

From the argument above, we find ad − bc has an inverse modulo n, which we denoted by z.This leads to the unique solution of

y ≡ (as− cr)z mod n

for our system of congruences. Therefore the unique solution to the system of congruences

ax+ by ≡ r mod n

cx+ dy ≡ s mod n

is given byx ≡ (dr − bs)z mod n

y ≡ (as− cr)z mod n

whenever gcd(ad− bc, n) = 1.

We bring this section to a close with an example illustrating how Theorem 4.4.6 works.

Example 4.4.7. Consider the system of congruences

3x+ 4y ≡ 5 mod 13

2x+ 5y ≡ 7 mod 13.

40

Notice gcd(3 · 5 − 2 · 4, 13) = 1, so we can apply Theorem 4.4.6. We begin by multiplying our firstcongruence by 5, our second congruence by 4, and subtract the resulting two congruences to obtain thecongruence

7x ≡ −3 mod 13.

From here we find the inverse of 3 · 5 − 2 · 4 = 7 modulo 13 would be beneficial in search of a solution.This leads us to the congruence 7z ≡ 1 mod 13, which gives the solution z ≡ 2 mod 13. After using theinverse to get the solution for x, we finish with x ≡ −6 mod 13, which is equivalent to the congruence

x ≡ 7 mod 13.

In order to complete this problem we use the methods in the proof of Theorem 4.4.6 to solve for y. Aftermultiplying the first congruence by 2, our second congruence by 3, and subtracting the resulting twocongruences we are left with the congruence

7y ≡ 11 mod 13.

Using our inverse once more, we multiply both sides of our congruence by 2 to find our desired solutionof

y ≡ 9 mod 13.

4.5 Polynomial Congruences

Our previous work in this chapter will culminate with discovering properties of polynomialcongruences. Without hesitation, we begin with a theorem coming from an earlier result.

Theorem 4.5.1. Let P (x) =m∑

i=0

cixi be a polynomial of degree m with coefficients given by ci. If

a ≡ b mod n, then P (a) ≡ P (b) mod n.

Proof. This result is based on the results of Theorem 4.1.8 and Theorem 4.1.6. These resultsstate if a ≡ b mod n and c ≡ d mod n, then we have ai ≡ bi mod n, a + c ≡ b + d mod n, andac ≡ bd mod n. Since we are assuming a ≡ b mod n, an immediate result is ai ≡ bi mod n for allintegers i where 0 ≤ i ≤ m. We expand on this result to find the congruence ciai ≡ cib

i mod nholds for all integers i where 0 ≤ i ≤ m. The finishing touch is given when we notice that

these congruences still hold true after addition. This yieldsm∑

i=0

ciai ≡

m∑i=0

cibi mod n, which is

equivalent to P (a) ≡ P (b) mod n.

As we previously mentioned, we are searching for solutions to polynomial congruences. Weuse the result found in Theorem 4.5.1 to move to the next corollary.

Corollary 4.5.2. If a ≡ b mod n and a is a solution of P (x) ≡ 0 mod n, then P (b) ≡ 0 mod n.

Proof. We make the assumptions that a ≡ b mod n and P (a) ≡ 0 mod n. We can apply Theo-rem 4.5.1 to give the congruence P (b) ≡ P (a) ≡ 0 mod n.

Although the differences between polynomials modulo n and polynomials over the real num-bers come to the forefront in the previous theorem, this only skims the surface on the discrep-ancies between polynomials over these two types of circumstances. We wish to develop somegroundwork where these differences can occur.

41

Example 4.5.3. Consider the polynomial x2 + 1. We find the roots of this polynomial are given byx = ±i, which means this polynomial has no real roots. Let us examine this polynomial in terms ofcongruences. We begin by considering x2 +1 ≡ 0 mod 3. This leads to the congruence x2 ≡ −1 mod 3,which is equivalent to x2 ≡ 2 mod 3. After realizing

02 ≡ 0 mod 3,

12 ≡ 1 mod 3,

22 ≡ 1 mod 3

we come to the conclusion that x2 + 1 has no solutions modulo 3.

Now let us take a closer look at the polynomial x2 + 1 modulo 2. In a similar manner to the above con-gruence, we find this is equivalent to x2 ≡ −1 mod 2. This leads us to the congruence x2 ≡ 1 mod 2,which has a solution of x ≡ 1 mod 2. This gives a solution to the polynomial x2 + 1 modulo 2, whereasthe aforementioned paragraph produced no solutions to the same polynomial. This not only shows thedifference of roots of a polynomial over the reals compared to modulo n, it also demonstrates how polyno-mials can vary between different congruences.

In order to provide further evaluation of the behavior of x2 + 1 over different congruences, we shall lookfor solutions to x2 + 1 ≡ 0 mod 4 and x2 + 1 ≡ 0 mod 5. The case of x2 + 1 ≡ 0 mod 4 is exactly thesame as x2 ≡ 3 mod 4. Since

02 ≡ 0 mod 4,

12 ≡ 1 mod 4,

22 ≡ 0 mod 4,

32 ≡ 1 mod 4,

we find x2 + 1 has no solutions modulo 4. For x2 + 1 ≡ 0 mod 5, we can just consider x2 ≡ 4 mod 5.This leads us to

02 ≡ 0 mod 5,

12 ≡ 1 mod 5,

22 ≡ 4 mod 5,

32 ≡ 4 mod 5,

42 ≡ 1 mod 5.

Hence we have the solutions x ≡ 2 mod 5 and x ≡ 3 mod 5 for the polynomial congruence x2 + 1 ≡0 mod 5. Thus, we have further established the differences amongst polynomial congruences.

Another example of differences between polynomials over the real numbers and polynomialcongruences can occur when polynomials have real roots. The following example helps illus-trate these differences.

Example 4.5.4. Consider the polynomial x2 − 1. This polynomial has real roots x = 1 and x = −1.Let us take a closer look at its polynomial congruence counterpart x2 − 1 ≡ 0 mod 8. This yieldsthe polynomial congruence x2 ≡ 1 mod 16. Since 16 = 24, we can look at x2 ≡ 1 mod 2 to buildtowards a solution modulo 8. Notice a solution modulo 2 is given by x ≡ 1 mod 2. This leads to allsolutions being of the form x = 2t + 1 where t ∈ Z. Hence, we discover solutions must be of the form(2t + 1)2 ≡ 1 mod 16. This gives rise to the congruence 4t2 + 4t + 1 ≡ 1 mod 16. Now we have4(t2 + t) ≡ 0 mod 16, which can reduce to t2 + t ≡ 0 mod 4 since gcd(4, 16) = 4. From here we find

02 + 0 ≡ 0 mod 4,

12 + 1 ≡ 2 mod 4,

42

22 + 2 ≡ 2 mod 4,

32 + 3 ≡ 0 mod 4

providing us with the solutions t ≡ 0 mod 4 and t ≡ 3 mod 4.

Let us move forward by using our values for t to create our solutions for x. Notice from the congruencet ≡ 0 mod 4, we obtain the solutions x ≡ 1 mod 16 and x ≡ 9 mod 16. Similarly t ≡ 3 mod 4creates the congruences x ≡ 7 mod 16 and x ≡ 15 mod 16 as solutions to the polynomial congruencex2 − 1 ≡ 0 mod 16. Therefore the polynomial congruence x2 − 1 ≡ 0 mod 16 actually produces 4solutions whereas x2 − 1 only has 2 real solutions.

The previous example demonstrates how the general polynomial congruences can behave likelinear congruences. Although these polynomial congruences with degree greater than 1 inheritsome of the properties of linear congruences, differences between the two types of congruencesstill exist. Instead of focusing on our shortcomings, we shall put forth our effort to find roots topolynomial congruences by calling upon our intuition. As we expected, our search for solvingpolynomial congruences falls upon our knowledge gained from the Chinese Remainder Theo-rem. Assuming f(x) is a polynomial with degree greater than 1, we can solve the congruencef(x) ≡ 0 mod n by looking at the congruences f(x) ≡ 0 mod pti

i where n = pt11 p

t22 · · · pts

s . Thismethod for determining solutions can be seen in the upcoming examples.

Example 4.5.5. Let us look at the polynomial congruence x3 + 30x2 + 27x + 23 ≡ 0 mod 45. Usingour knowledge from the Chinese Remainder Theorem, we find ourselves staring at the two congruences

x3 + 30x2 + 27x+ 23 ≡ 0 mod 9

x3 + 30x2 + 27x+ 23 ≡ 0 mod 5.

These congruences reduce to the more comfortable congruences

x3 + 3x2 + 5 ≡ 0 mod 9

x3 + 2x+ 3 ≡ 0 mod 5.

The second congruence becomes the easier of the two since we are dealing with a prime number rather thanits square. Hence we begin down the discovery trail by looking for solutions to the equivalent congruencex3 + 2x ≡ 2 mod 5. This gives rise to the congruences

03 + 0 ≡ 0 mod 5,

13 + 2 ≡ 3 mod 5,

23 + 4 ≡ 2 mod 5,

33 + 6 ≡ 3 mod 5,

43 + 8 ≡ 2 mod 5.

Hence, we find x ≡ 2 mod 5 and x ≡ 4 mod 5 are the solutions to x3 + 30x2 + 27x+ 23 ≡ 0 mod 5.

When looking for solutions to x3+3x2+5 ≡ 0 mod 9, a useful starting point would be to considering theassociated polynomial congruence x3 + 3x2 + 5 ≡ 0 mod 3. The latter polynomial congruence reducesto x3 + 2 ≡ 0 mod 3. This leads us to the congruence x3 ≡ 1 mod 3. Since 03 = 0 and 23 = 8, the onlysolution to x3 ≡ 1 mod 3 is x ≡ 1 mod 3. As a result, x = 1 + 3t where t ∈ Z can be plugged into ourcongruence x3 + 3x2 + 5 ≡ 0 mod 9. This leads to

(1 + 3t)3 + 3(1 + 3t)2 + 5 ≡ 0 mod 9,

which is equivalent to 27t3 + 54t2 + 27t+ 9 ≡ 0 mod 9. However, the left hand side of our congruencereduces to 0, implying all values of t provide a solution. Using x = 1 + 3t, we find the solutions to

43

x3 + 30x2 + 27x+ 23 ≡ 0 mod 9 are given by x ≡ 1 mod 9, x ≡ 4 mod 9, and x ≡ 7 mod 9.

With our solutions in place we now call upon methods developed in the Chinese Remainder Theorem.Therefore we must find the inverse of 9 modulo 5 and 5 modulo 9. We easily find the solution to 9x ≡1 mod 5 is given by x ≡ 4 mod 5. Likewise, x ≡ 2 mod 9 serves as the inverse of 5 modulo 9. Thesetwo inverse give us the following six solutions for x modulo 45

x = 2 · 9 · 4 + 1 · 5 · 2 = 82,

x = 4 · 9 · 4 + 1 · 5 · 2 = 154,

x = 2 · 9 · 4 + 4 · 5 · 2 = 112,

x = 4 · 9 · 4 + 4 · 5 · 2 = 184,

x = 2 · 9 · 4 + 7 · 5 · 2 = 142,

x = 4 · 9 · 4 + 7 · 5 · 2 = 214.

Reducing these values modulo 45 gives the solutions x ≡ 37 mod 45, x ≡ 19 mod 45, x ≡ 22 mod 45,x ≡ 4 mod 45, x ≡ 7 mod 45, and x ≡ 34 mod 45, respectively to the polynomial congruence x3 +30x2 + 27x+ 23 ≡ 0 mod 45.

We continue with examples of solving polynomial congruences.

Example 4.5.6. We wish to solve the polynomial congruence 2x3 + 7x − 4 ≡ 0 mod 200. Since200 = 2352 we begin with the congruences 2x3 + 7x − 4 ≡ 0 mod 2 and 2x3 + 7x − 4 ≡ 0 mod 5.The reduced version of these congruences become x ≡ 0 mod 2 and 2x3 + 2x ≡ 4 mod 5, respec-tively. We focus on the congruence x ≡ 0 mod 2 and try to build it towards a congruence satisfying2x3 + 7x − 4 ≡ 0 mod 8. Since x ≡ 0 mod 2 we have x = 2t for t ∈ Z. Now we substitute into2x3 + 7x − 4 ≡ 0 mod 8 to create the congruence 2(2t)3 + 7(2t) − 4 ≡ 0 mod 8. This yields the con-gruence 6t ≡ 4 mod 8, which becomes 3t ≡ 2 mod 4. After multiplying both sides of our congruenceby 3 we have t ≡ 2 mod 4. We use this result to find the incongruent solutions modulo 8 for x = 2t.Fortunately, this gives x ≡ 4 mod 8 as our only solution for 2x3 + 7x− 4 ≡ 0 mod 8.

We now change gears and look at 2x3 + 2x ≡ 4 mod 5 in hopes of finding a solution for 2x3 + 7x− 4 ≡0 mod 25. By converting 2x3 + 2x ≡ 4 mod 5 to 2(x3 + x) ≡ 4 mod 5 we can cancel out a factor of 2on both sides of our equivalence since gcd(2, 5) = 1. This leads to x3 + x ≡ 2 mod 5. Since 03 + 0 = 0,13 + 1 = 2, 23 + 2 = 10, 33 + 3 = 30, and 43 + 4 = 68, we find x ≡ 1 mod 5 is our only validsolution. This gives x = 1 + 5u where u is an integer. Now we make our transition to the congruence2x3 + 7x− 4 ≡ 0 mod 25. Using x = 1 + 5u, we have 2(1 + 5u)3 + 7(1 + 5u)− 4 ≡ 0 mod 25, whichis equivalent to 250u3 + 150u2 + 65u+ 5 ≡ 0 mod 25. This congruence reduces to 15u ≡ 20 mod 25.With gcd(15, 25) = 5, the resulting congruence becomes 3u ≡ 4 mod 5. Thus, u ≡ 3 mod 5 allowingus to find the incongruent solutions of x = 1 + 5u modulo 25. Luckily, the only incongruent solution isx ≡ 16 mod 25.

Our last part of this problem requiring some work is finding the inverses of 25 modulo 8 and 8 modulo25. First we notice the 25x ≡ 1 mod 8 produces the congruence x ≡ 1 mod 8. Hence 1 is the inverse of25 modulo 8. Upon further consideration of 8x ≡ 1 mod 25, we find the inverse of 8 modulo 25 is givenby 22. These two inverses allow us to create

x = 4 · 25 · 1 + 16 · 8 · 22 = 2916

where we consider x modulo 200. Since 2916 ≡ 116 mod 200, we find all solutions to the polynomialcongruence 2x3 + 7x− 4 ≡ 0 mod 200 are given by x ≡ 116 mod 200.

With differences between polynomial congruences and polynomials over the real numbers al-ready mentioned, we wish to find similarities between the two. We close this chapter with atheorem discussing one such connection.

44

Theorem 4.5.7. If f(x) is a polynomial of degree n with integral coefficients and p is a prime such thatp does not divide the leading coefficient of f(x), then the congruence f(x) ≡ 0 mod p has at most nmutually incongruent solutions modulo p

Proof. We shall perform mathematical induction on the degree n. For the base case of n = 1, wehave a linear congruence. Since p is prime with p not dividing the leading coefficient, we knowthe linear congruence has a unique solution from Theorem 4.3.6. Assume for all polynomialsof degree k − 1 or less our theorem holds true. Consider a polynomial f(x) of degree k. Thenf(x) = akx

k + · · · a0 where p - ak. We can assume that f(x) has at least k + 1 incongruent rootsmodulo p, otherwise our theorem is proven. Then we can list the solutions t1, t2, · · · tk+1. Wedefine a polynomial

g(x) = f(x)− ak(x− t1)(x− t2) · · · (x− tk).

Notice if x = t1, t2, · · · tk, then g(x) ≡ f(x) ≡ 0 mod p. However, g(x) is a polynomial of degreeless than k since the leading term akx

k cancels out with the akxk from the product ak(x−t1)(x−

t2) · · · (x−tk), implying g(x) has at most k−1 incongruent solutions modulo p. Therefore, eitherwe have a contradiction to

g(t1) ≡ g(t2) ≡ · · · ≡ g(tk) ≡ 0 mod p

org(x) ≡ 0 mod p

for all integers x. In particularg(tk+1) ≡ 0 mod p.

Since g(tk+1) = f(tk+1)− ak(tk+1 − t1)(tk+1 − t2) · · · (tk+1 − tk), we find

f(tk+1)− ak(tk+1 − t1)(tk+1 − t2) · · · (tk+1 − tk) ≡ 0 mod p.

Recall that f(tk+1) ≡ 0 mod p by our assumption that tk+1 is a solution to the polynomial con-gruence f(x) ≡ 0 mod p. Hence

−ak(tk+1 − t1)(tk+1 − t2) · · · (tk+1 − tk) ≡ 0 mod p.

Thus p | ak(tk+1 − t1)(tk+1 − t2) · · · (tk+1 − tk), and in particular p must divide one of thefactors. Since t1, t2, · · · tk+1 are incongruent solutions modulo p by assumption, we must havep | ak. This contradicts our assumption that p does not divide the leading coefficient of ourpolynomial. Therefore, f(x) ≡ 0 mod p has at most k incongruent solutions, which happens tobe our desired result.

45

Chapter 5

Fundamental Theorems of ModularArithmetic

5.1 The Euler Phi-function

Definition 5.1.1. An arithmetic function is a function that is defined for all positive integers.

Recall that Z∗n is the subset of Zn consisting of residue classes containing numbers relativelyprime to n. This subset leads us to our first example of an arithmetic function.

Definition 5.1.2. The number of elements in Z∗n is denoted by φ(n). This function φ is commonlyreferred to as the Euler phi-function.

Let us look at the behavior of φ(n). We begin with φ(10). Since 1, 3, 7, and 9 are the only elementsof {0, 1, 2, 3, 4, 5, 6, 7, 8, 9} that are relatively prime to 10, we find φ(10) = 4. When consideringφ(13), we notice all of the nonzero residues in Z13 are relatively prime to 13. As a result, weknow φ(13) = 12. We can expand upon these results, which we shall discuss in the upcomingtheorem.

Theorem 5.1.3. A positive integer p is prime if and only if φ(p) = p− 1.

Proof. Assume that p is prime. Then every positive integer less than p is relatively prime to p.Since there exist p− 1 such integers, we have φ(p) = p− 1.

For the reverse implication, let us assume that φ(p) = p − 1. We shall also assume that p iscomposite and hope to derive a contradiction. With p being composite, we know there exists adivisor d with 1 < d < p. Hence, one of the integers 1, 2, · · · , p − 1 is not relatively prime to p.This yields φ(p) ≤ p − 2, giving us a contradiction. Therefore, if φ(p) = p − 1, then p must be aprime.

We can expand upon Theorem 5.1.3 to determine how the Euler phi-function behaves for pow-ers of primes. This leads us to our next result.

Theorem 5.1.4. Let p be a prime and k a positive integer. Then φ(pk) = pk − pk−1.

Definition 5.1.5. An arithmetic function f is called multiplicative if f(mn) = f(m)f(n) whenever mand n are relatively prime positive integers.

Theorem 5.1.6. If f is a multiplicative function with n = pa11 p

a22 · · · p

att is the prime power factorization

of the positive integer n, then f(n) = f(pa11 )f(pa2

2 ) · · · f(patt ).

47

Proof. We shall use induction on the number of different prime factors for n. If n has one primein its prime-power factorization, then n = pa1

1 for some prime p1. Hence f(n) = f(pa11 ) and our

result holds.

Assume that the theorem is true for all integers with t different prime factors in their prime-power factorization. Suppose that n has t+ 1 different primes in its prime power factorization,say n = pa1

1 pa22 · · · p

at+1t+1 . Since f is multiplicative function and gcd(pa1

1 pa22 · · · p

att , p

at+1t+1 ) = 1, we

have f(n) = f(pa11 p

a22 · · · p

att )f(pat+1

t+1 ). Now apply the inductive hypothesis to f(pa11 p

a22 · · · p

att )

to findf(n) = f(pa1

1 pa22 · · · p

att )f(pat+1

t+1 ) = f(pa11 )f(pa2

2 ) · · · f(patt )f(pat+1

t+1 ).

Since this gives us the desired result, our proof is complete.

48

Bibliography

[1] G. E. Andrews, Number Theory, Dover Publications, Inc., New York, (1971).

[2] D. M. Burton, Elementary Number Theory, McGraw Hill, New York, (2002).

[3] C. V. Eynden, Elementary Number Theory, McGraw Hill, New York, (2001).

[4] R. Kumanduri and C. Romero, Number Theory with Computer Applications, Prentice Hall,Upper Saddle River, (1998).

[5] K. H. Rosen, Elementary Number Theory and its Applications, Addison Wesley Longman,Reading, (2000).

49

number theory - armstrong · 2.3 applications of induction ... the branch known as elementary...

Documents