Number Theory

Henry Liu, 6 July 2007

1. Introduction

In one sentence, number theory is the area of mathematics which studies the prop-erties of integers. Some of the most studied subareas are the theories of divisibility,prime numbers, and Diophantine equations (ie: equations whose solutions are inte-gers, or maybe rational numbers).

Number theory is one of the oldest fields in mathematics, but yet as of today, itremains an area where many of the most famous questions in mathematics remainunsolved. Here are just two.

Conjecture 1 (Goldbach’s Conjecture) Every even integer ≥ 4 is the sum oftwo positive primes.

Conjecture 2 (The Twin Primes Conjecture) There are infinitely many twinprimes. That is, there are infinitely many pairs (p, q), where p and q are positiveprimes, with p+ 2 = q.

On the other hand, there are many celebrated theorems in the area. Amongstthem ...

Theorem 3 (The Prime Number Theorem) For n ∈ N, let π(n) denote the

number of positive prime numbers not exceeding n. Then, π(n) lnnn→ 1 as n → ∞.

In other words, as n→∞, we have π(n) is approximately equal to nlnn

.

And very recently proved by Wiles in 1994 ...

Theorem 4 (Fermat’s Last Theorem) The Diophantine equation xn + yn = zn

has no solutions, where x, y, z, n ∈ Z with x, y, z 6= 0 and n ≥ 3.

(Side note: In Conjectures 1, 2 and Theorem 3, we used the word “positive”. Weshall see soon that some negative integers can also be considered prime).

Questions and results like these are famous due to the simplicity of their state-ments, making them extremely appealing to a wide audience.

Number theory seems to be an area of mathematics which is frighteningly large.But outside of a typical school syllabus, not too much more ideas are actually neededat olympiad level. This set of notes aims to cover these very basic ideas. We shallprove some of the more interesting results whose proofs are manageable, and leavesome others as exercises. The completion of a proof is denoted by the symbol �.

2. Divisibility

2.1 Divisibility

1

Definition 1 Let a, b ∈ Z. We say that a divides b, written a | b, if there existsc ∈ Z such that ac = b. If no such c exists, then we say that a does not divide b,and write a - b

Alternative ways of saying “a divides b” are:

• “a is a factor of b”.

• “a is a divisor of b”.

• “b is a multiple of a”.

• “b is divisible by a”.

Likewise for the negations.

Remark. Let a ∈ Z. We have a | 0 for every a. Also, if 0 | a, then a = 0 only.

Example 1. −4 | 12, and 5 - 19.

Definition 2 Let a ∈ Z \ {0}. Then

• a is a unit if a = ±1.

• a is a prime number if whenever a = bc, where b, c ∈ Z, then either b or c isa unit.

• a is a composite number otherwise.

In other words, the primes in Z are {±2,±3,±5,±7, . . . }, and the compositesare {±4,±6,±8,±9, . . . }.

Finally, in many situations, we may want to restrict all of the above concepts towithin N instead.

Now, we state some fairly trivial properties.

Proposition 5 Let a1, . . . , an, b1, . . . , bn, a, b ∈ Z. We have the following.

(a) If a1 | a2, a2 | a3, . . . , an−1 | an, where n ≥ 2, then a1 | an.

(b) If a | b1, . . . , a | bn, then a | x1b1 + · · ·+ xnbn for any x1, . . . , xn ∈ Z.

(c) If a1 | b1, . . . , an | bn, then a1 · · · an | b1 · · · bn.

(d) If a | b and b | a, then a = ±b.

(e) If b 6= 0 and a | b, then a ≤ |b|.

Note that parts (a), (b) and (c) have useful special cases. For a, b, c, d ∈ Z, wehave the following.

2

(a′) If a | b and b | c, then a | c.

(b′) If a | b and a | c, then a | b± c.

(c′) If a | b and c | d, then ab | cd.

Proof of Proposition 5. See Exercise 1.

2.2 Highest Common Factors, Least Common Multiples

Definition 3 Let a1, a2, . . . , an ∈ Z, not all zero. We say that b ∈ Z is a com-mon factor, or a common divisor, of a1, a2, . . . , an if b divides ai for each i. Thelargest such b is the highest common factor, or the greatest common divisor, ofa1, a2, . . . , an, and is denoted by hcf(a1, a2, . . . , an), or gcd(a1, a2, . . . , an), or just(a1, a2, . . . , an). We say that a1, a2, . . . , an are relatively prime, or coprime, ifhcf(a1, a2, . . . , an) = 1.

Definition 4 Let a1, a2, . . . , an ∈ Z\{0}. We say that b ∈ Z is a common multipleof a1, a2, . . . , an if b is a multiple of ai for each i. The smallest such b which is positiveis the least common multiple of a1, a2, . . . , an, and is denoted by lcm(a1, a2, . . . , an),or just [a1, a2, . . . , an].

Remarks.

(a) hcf(a1, a2, . . . , an) is well-defined if ai 6= 0 for some i, but not so if ai = 0 forevery i (why?).

(b) Likewise, lcm(a1, a2, . . . , an) is well-defined if ai 6= 0 for every i, but not so ifai = 0 for some i (why?).

(c) In both definitions, the ai are, in general, not necessarily pairwise distinct.

In advanced number theory, the least common multiple is generally much lessstudied than the highest common factor. Also, the case n = 2 seems to be consideredmore often.

Example 2. hcf(−18, 42) = 6, lcm(−18, 42) = 126.

For now, observe that two things are believable. Any common factor of a1, . . . ,an ∈ Z ought to divide hcf(a1, . . . , an). Likewise, any common multiple of a1, . . . ,an ∈ Z ought to be a multiple of lcm(a1, . . . , an). We shall come back to this a littlelater, as we need to develop some theory first.

We proceed by describing a method to show how to calculate the highest commonfactor of two integers (we shall return to discuss more integers a little later). Westart with a fundamental result.

3

Theorem 6 (The Division Theorem) Let a, b ∈ Z with a 6= 0. Then, there existunique q, r ∈ Z, with 0 ≤ r < |a|, such that b = qa+ r. Moreover, r = 0 if and onlyif a | b.

Proof. See Exercise 2.

In Theorem 6, a is the divisor, b is the dividend, q is the quotient, and r is theremainder.

With Theorem 6, we can perform Euclid’s Algorithm to find the highest commonfactor of two integers.

Theorem 7 (Euclid’s Algorithm) Let a, b ∈ Z, with a 6= 0. If a | b, thenhcf(a, b) = |a|. Otherwise, a - b, and there exist unique q1, . . . , qn+1, r1, . . . , rn ∈ Z,with 0 < rn < rn−1 < · · · < r1 < |a|, such that

b = q1a+ r1

a = q2r1 + r2

r1 = q3r2 + r3...

rn−2 = qnrn−1 + rn

rn−1 = qn+1rn.

Moreover, we have hcf(a, b) = rn.Note: If n = 1, then the equations will read

b = q1a+ r1

a = q2r1.

Proof. If a | b, then certainly, |a| | a and |a| | b. Now, if x | a and x | b, thencertainly x | |a|. By Proposition 5(e), this shows that x ≤ |a|, so that hcf(a, b) = |a|.

Otherwise, we apply Theorem 6 repeatedly. Apply Theorem 6 to a, b to getthe first equation. We get 0 < r1 < |a|. Apply Theorem 6 to r1, a to get thesecond equation. We get 0 ≤ r2 < r1. If r2 > 0, apply Theorem 6 to r2, r1 to getthe third equation. Repeating, we get a sequence of strictly decreasing remaindersr1 > r2 > · · · . This process must terminate; that is, after some n applications ofTheorem 6, we must have a zero remainder. It is then clear that we get the equationsin Theorem 7. Uniqueness is also clear, since each application of Theorem 6 yieldsa unique new equation.

We now prove that hcf(a, b) = rn. It is enough to prove (i) rn | a and rn | b,and (ii) if x | a and x | b, then x | rn, because then by Proposition 5(e), we havex ≤ |rn| = rn.

(i) The last equation shows that rn | rn−1. Then, the second last equation showsthat rn | rn−2. Repeating, working upwards, the second equation shows that rn | a,and finally, the first equation shows that rn | b.

4

(ii) If x | a and x | b, then the first equation shows that x | r1. Then the secondequation shows that x | r2, and so on. Working downwards, we find that the secondlast equation shows that x | rn, as required. �

Remark. If b = 0, then clearly hcf(a, b) = |a|. Otherwise, when we apply thealgorithm, we may assume that |a| ≤ |b|, since if |a| > |b|, then the first equationin the algorithm yields q1 = 0 and r1 = b, so that the second equation will have usdividing b into a.

With Theorem 7, we have a method of finding the highest common factor of twointegers.

Example 3. Use Euclid’s Algorithm to find hcf(861,−672).We apply the algorithm, starting by dividing −672 into 861. We have

861 = (−1)× (−672) + 189

−672 = (−4)× 189 + 84

189 = 2× 84 + 21

84 = 4× 21.

We have hcf(861,−672) = 21.

Euclid’s Algorithm has many important consequences. One of them is Bezout’sLemma. We first give a definition.

Definition 5 Let a1, . . . , an, b ∈ Z. We say that b is a linear combination of the aiif it can be represented in the form

b = c1a1 + · · ·+ cnan,

where c1, . . . , cn ∈ Z.

Theorem 8 (Bezout’s Lemma) Let a, b ∈ Z, not both zero. Then there existx, y ∈ Z such that hcf(a, b) = xa + yb. That is, hcf(a, b) is a linear combination ofa and b.

Proof. Throughout, let h = hcf(a, b).If a | b, then h = |a|. We have b = q1a for some q1 ∈ Z. If a > 0, then

h = a = (1 − q1)a + b. If a < 0, then h = −a = (−1 − q1)a + b. So h is a linearcombination of a and b.

Otherwise, a - b, and Theorem 7 applies. Rewrite the equations (except the last)

5

as

r1 = b− q1ar2 = a− q2r1r3 = r1 − q3r2

...

rn−2 = rn−4 − qn−2rn−3

rn−1 = rn−3 − qn−1rn−2

rn = rn−2 − qnrn−1.

We have h = rn = rn−2−qn(rn−3−qn−1rn−2), so h is a linear combination of rn−2

and rn−3. Repeating, we get h is a linear combination of rn−3 and rn−4. Continuethe process, we eventually get h as a linear combination of a and b. �

Indeed, Theorem 8 has a more general form.

Theorem 9 (Bezout’s Lemma) Let a1, . . . , an ∈ Z, not all zero. Then there existc1, . . . , cn ∈ Z such that hcf(a1, . . . , an) = c1a1 + · · ·+ cnan. That is, hcf(a1, . . . , an)is a linear combination of the ai.

Proof. See Exercise 3.

Example 4. Find hcf(861,−672) as a linear combination of 861 and −672.We have hcf(861,−672) = 21. Rewriting the equations,

189 = 861− (−1)× (−672)

84 = −672− (−4)× 189

21 = 189− 2× 84

We have

21 = 189− 2[−672− (−4)× 189] = (−2)× (−672) + (−7)× 189

= (−2)× (−672) + (−7)[861− (−1)× (−672)]

= (−7)× 861 + (−9)× (−672).

As promised earlier, we can now prove the following.

Proposition 10 Let a1, . . . , an ∈ Z.

(a) If ai 6= 0 for some 1 ≤ i ≤ n, and b is a common factor of the ai, thenb | hcf(a1, . . . , an).

(b) If ai 6= 0 for every 1 ≤ i ≤ n, and c is a common multiple of the ai, thenlcm(a1, . . . , an) | c.

6

Proof. See Exercise 4.

Another consequence, this time from Bezout’s Lemma, is the following proposi-tion, often dismissed as trivial. It actually requires a rigourous proof.

Proposition 11 Let a1, . . . , an, p ∈ Z, with p prime. If p | a1 · · · an, then p | ai, forsome i.

Proof. The assertion is trivial if n = 1. We prove the case n = 2. Suppose thatp | a1a2, and that p - a1. We shall show that p | a2. We have hcf(a1, p) = 1, sincethe largest factor of p is |p|, but clearly |p| - a1, and the next largest factor of p is 1,which is a factor of a1. By Theorem 8, there exist x, y ∈ Z such that 1 = xa1 + yp.So, a2 = xa1a2 + ypa2. Since p | a1a2, clearly, p | xa1a2 + ypa2. Hence p | a2.

Now, we prove the result for n ≥ 3. Suppose that p | a1 · · · an. By the result forn = 2, if p - a1, then p | a2 · · · an. Then, if p - a2, then p | a3 · · · an. Repeating this,clearly we will arrive at p | ai, for some i. �

2.3 Unique Factorisation

We shall now discuss a key result in divisibility theory. We will see that every integera with |a| ≥ 1 can be factorised uniquely as a product of primes. The factorisationis unique up to ordering of the primes, and up to sign.

In practice, this result may seem obvious. Historically, mathematicians just tookthe result for granted. Euclid essentially gave a proof, but the great mathematicianGauss gave the first full correct proof.

Definition 6 Let a ∈ R \ {0}. We define the sign function sgn(a) to be

sgn(a) =

{1 if a > 0,−1 if a < 0.

In some other situations, we may want to let sgn(0) = 0.

Theorem 12 (The Unique Factorisation Theorem) Let a ∈ Z with |a| ≥ 1.Then a = (sgn(a))p1 · · · pn, where p1, . . . , pn > 0 are primes, unique up to ordering.

Remarks.

(a) The above unique factorisation of a is the prime factorisation of a.

(b) Of course, the primes may repeat. It is more common to write the prime fac-torisation as a = (sgn(a))pα1

1 · · · pαnn , where p1, . . . , pn > 0 are distinct primes,

and α1, . . . , αn ∈ N. In some situations, we may want to change the restric-tions, for example, allowing αi = 0, or, insisting that p1 < · · · < pn.

(c) We also allow the empty product (with no primes!), which is defined to be 1.This allows for the case a = ±1.

7

Proof of Theorem 12. It is enough to prove the theorem for a ≥ 2, sincethe third remark above dealt with a = ±1, and if a ≤ −2, then a has a uniquefactorisation follows from that −a ≥ 2 has a unique factorisation.

So, let a ≥ 2. The proof is carried out in two parts: the existence and theuniqueness of the prime factorisation of a.

Existence. We do this part by induction on a. The result is clear for a = 2:2 is a prime factorisation of 2. Now, let a ≥ 3, and suppose that every integer bwith 2 ≤ b < a is a product of positive primes. If a is prime, then a has a primefactorisation a. Otherwise, a is composite, so it has a factorisation a = cd, where2 ≤ c, d < a. By induction, both c and d can each be expressed as a product ofpositive primes. Multiplying these two products then gives a as a product of positiveprimes.

Uniqueness. Suppose that we have an integer a ≥ 2 which can be expressedas a product of positive primes in two different ways. Dividing out any commonprimes, we have an equation of the form

p1 · · · pr = q1 · · · qs,

where p1, . . . , pr, q1, . . . , qs are positive primes, and pi 6= qj for any 1 ≤ i ≤ r,1 ≤ j ≤ s (but otherwise, not necessarily all distinct). But this is impossible, sincep1 | p1 · · · pr = q1 · · · qs, so by Proposition 11, p1 | qj for some j, meaning thatp1 = qj, a contradiction. �

Example 5. 168 = 23 ·3 ·7, −2700 = (−1)22 ·33 ·52. Each of these factorisationsis unique.

Theorem 12 will be an extremely useful result. We leave the proofs of two usefulconsequences as Exercises 5 and 6. Theorem 12 is also undoubtedly useful for solvingmany olympiad style problems.

With Theorem 12 now proved, we end this section by discussing how to find thehighest common factor and the least common multiple of any number of integers.

Theorem 13 Let a1, . . . , am ∈ Z \ {0}, and obtain the unique prime factorisationof each ai (by Theorem 12). Suppose that p1, . . . , pn is the collection distinct positiveprime numbers formed by taking all the primes involved in the factorisations. Writethe ai as the following prime factorisations (each one unique).

a1 = (sgn(a1))pα111 · · · pα1n

n

a2 = (sgn(a2))pα211 · · · pα2n

n

...

am = (sgn(am))pαm11 · · · pαmn

n ,

where αij ∈ Z, αij ≥ 0 for every 1 ≤ i ≤ m, 1 ≤ j ≤ n. Then

(a) hcf(a1, . . . , am) = pβ1

1 · · · pβnn , where βj is the minimum of α1j, α2j, . . . , αmj, for

each 1 ≤ j ≤ n.

8

(b) lcm(a1, . . . , am) = pγ11 · · · pγnn , where γj is the maximum of α1j, α2j, . . . , αmj,

for each 1 ≤ j ≤ n.

Remark. The condition ai 6= 0 for every 1 ≤ i ≤ m is required for theapplication of Theorem 12. It is not much more interesting if we allow some ai = 0.Indeed, suppose that a1, . . . , ak 6= 0, and ak+1, . . . , am = 0. Then hcf(a1, . . . , am) =hcf(a1, . . . , ak) (why?), and we can apply Theorem 13 to a1, . . . , ak to findhcf(a1, . . . , am). Of course, we cannot even talk about the least common multi-ple if some ai = 0.

Proof of Theorem 13.(a) Let b = pβ1

1 · · · pβnn . We prove (i) b | ai for every 1 ≤ i ≤ m, and (ii) if x | ai

for every 1 ≤ i ≤ m, then x | b, which then implies x ≤ b by Proposition 5(e), andb = hcf(a1, . . . , am).

(i) Fix i, 1 ≤ i ≤ m. For every 1 ≤ j ≤ n, since βj ≤ αij, we have pβj

j | pαij

j . By

Proposition 5(c), we have pβ1

1 · · · pβnn | p

αi11 · · · pαin

n . So, b | |ai|, and hence, b | ai.(ii) Consider the prime divisors of x. We cannot have a prime q different from

the pi involved, otherwise we have q | x, x | a1, so q | a1, a contradiction. So we canwrite x = (sgn(x))pδ11 · · · pδnn , where δj ∈ Z, δj ≥ 0 for 1 ≤ j ≤ n. We claim thatδj ≤ βj for every 1 ≤ j ≤ n. Indeed, fix j, and choose i so that βj = αij. Since

pδjj | x and x | ai, we have p

δjj | ai, and hence kp

δjj = ai = (sgn(ai))p

αi11 · · · pαin

n , for

some k ∈ Z. If pδj is involved in the prime factorisation of k, where δ ∈ Z, δ ≥ 0, byunique factorisation, the powers of pj must match, and we have δ+ δj = αij. Hence,δj ≤ δ + δj = αij = βj, as required.

Hence, we have pδjj | p

βj

j for every 1 ≤ j ≤ n, so Proposition 5(c) gives

pδ11 · · · pδnn | pβ1

1 · · · pβnn . So |x| | b, and hence x | b, as required.

(b) Let c = pγ11 · · · pγnn . We prove (i) ai | c for every 1 ≤ i ≤ m, and (ii) if ai | y

for every 1 ≤ i ≤ m, then c | y, which then implies c ≤ |y| by Proposition 5(e), andc = lcm(a1, . . . , am).

(i) Fix i, 1 ≤ i ≤ m. For every 1 ≤ j ≤ n, since αij ≤ γj, we have pαij

j | pγj

j . ByProposition 5(c), we have pαi1

1 · · · pαinn | pγ11 · · · pγn

n . So, |ai| | c, and hence, ai | c.(ii) Firstly, we claim that pj | y for every 1 ≤ j ≤ n. Indeed, fix j. Choose i,

1 ≤ i ≤ m, such that pj | ai. Since ai | y, we have pj | y.So, we can write y = tpε11 · · · pεn

n , where t, εj ∈ Z, with εj ≥ 1, and pj - t, forevery 1 ≤ j ≤ n. We claim that εj ≥ γj for every 1 ≤ j ≤ n. Indeed, fix j, andchoose i so that γj = αij. Since ai | y, we have `ai = y for some ` ∈ Z, that is,`(sgn(ai))p

αi11 · · · pαin

n = tpε11 · · · pεnn . If pαj is involved in the prime factorisation of `,

where α ∈ Z, α ≥ 0, by unique factorisation, the powers of pj must match, and wehave α + αij = εj. Hence, εj = α + αij ≥ αij = γj, as required.

Hence, we have pγj

j | pεj

j for every 1 ≤ j ≤ n, so Proposition 5(c) givespγ11 · · · pγn

n | pε11 · · · pεn

n . So c | pε11 · · · pεnn , and since pε11 · · · pεn

n | y, this gives c | yas required. �

9

In practice, Theorem 13 is very easy to apply.

Example 6. Find hcf(3780, 1288,−50700) and lcm(3780, 1288,−50700).Writing out the unique prime factorisations, we have

3780 = 22 · 33 · 5 · 7 = 22 · 33 · 51 · 71 · 130 · 230,

1288 = 23 · 7 · 23 = 23 · 30 · 50 · 71 · 130 · 231,

−50700 = (−1)22 · 3 · 52 · 7 · 132 = (−1)22 · 31 · 52 · 71 · 132 · 230.

So by Theorem 13, hcf(3780, 1288,−50700) = 22 · 30 · 50 · 71 · 130 · 230 = 28, andlcm(3780, 1288,−50700) = 23 · 33 · 52 · 71 · 132 · 231 = 146928600.

3. Congruences

3.1 Congruences: Notation and Arithmetic

The theory of congruences can be thought as a different way of studying divisibility.With a convenient notation which was introduced by Gauss, the theory offers simplerways to produce proofs.

Definition 7 Let a, b,m ∈ Z with m ≥ 1. Then, we write a ≡ b (mod m) if andonly if a − b is a multiple of m. In other words, a and b have the same remainderupon division by m. We say that a is congruent to b, modulo m.

Otherwise, if a− b is not a multiple of m, we write a 6≡ b (mod m), and say thata is not congruent to b, modulo m.

The number m is called the modulus.

Remarks.

(a) Of course, it is enough to assume that m ≥ 1. If we were to remove thecondition m ≥ 1 in Definition 7, then clearly the case m = 0 is not interesting.Also, since a ≡ b (mod m) if and only if a ≡ b (mod −m), considering modulom is exactly the same as considering modulo −m. So it is enough to considerm ≥ 1.

(b) “Congruence”, like ordinary equality, is “transitive”. That is, if a ≡ b (modm) and b ≡ c (mod m), then a ≡ c (mod m). So, when we describe a chain ofcongruences together, we only need to write “(mod m)” once. For example,the above can be written a ≡ b ≡ c (mod m).

By Theorem 6, given a,m ∈ Z, m ≥ 1, a is always congruent to a unique b ∈ Z,modulo m, with 0 ≤ b < m. This is often the preferred form.

Example 7. 36 ≡ −40 (mod 19), and 56 ≡ 98 (mod 6). In preferred form, wehave 36 ≡ −40 ≡ 17 (mod 19), and 56 ≡ 98 ≡ 2 (mod 6).

Now, note that, given m ∈ N, we can naturally partition N into m parts.

10

Definition 8 Let x,m ∈ Z, where m ≥ 1. Then, the set x = {x + km : k ∈ Z} isthe residue class of x. So, y ≡ x (mod m) if and only if y ∈ x.

So, given m ∈ N, there are exactly m residue classes in total: 0, 1, . . . ,m− 1.Now, we would like to talk about performing arithmetic under such number sys-

tems. It turns out that addition/subtraction and multiplication work very similarlyto ordinary arithmetic with the real numbers.

Example 8. −59 + 34 = −25 ≡ 5 (mod 15), and (−3)× 16 = −48 ≡ 1 (mod 7).

Moreover, we have the following properties.

Proposition 14 Let a, b, c, d,m ∈ Z with m ≥ 1. We have the following.

(a) If a ≡ b (mod m) and c ≡ d (mod m), then a± c ≡ b± d (mod m).

(b) If a ≡ b (mod m) and c ≡ d (mod m), then ac ≡ bd (mod m).

(c) If a ≡ b (mod m), then ca ≡ cb (mod m).

Proof. See Exercise 7.

On the other hand, division is more tricky. In ordinary arithmetic, division bya real number x (where x 6= 0) is the same as multiplication by x−1. Note thatx−1 has the property xx−1 = 1. So, in the world of modulo m, we want to ask thequestion: Given a,m ∈ Z, m ≥ 1, can we find b ∈ Z such that ab ≡ 1 (mod m)?Such a b, of course, may or may not exist, depending on a and m. For example, bcertainly cannot exist if a = 0. Also, there is no b such that 4b ≡ 1 (mod 6). So,when does b exist? We have the following.

Proposition 15 Let a,m ∈ Z with m ≥ 1. Then we can find b ∈ Z such thatab ≡ 1 (mod m) if and only if hcf(a,m) = 1. Moreover, if b exists, then it isunique up to modulo m. That is, if ab1 ≡ 1 (mod m) and ab2 ≡ 1 (mod m), thenb1 ≡ b2 (mod m).

Proof. If hcf(a,m) = 1, then by Theorem 8, there exist x, y ∈ Z with 1 =xa+ ym. So, xa ≡ 1 (mod m), and we can take b = x.

Conversely, suppose we can find b ∈ Z with ab ≡ 1 (mod m). Then ab+ km = 1for some k ∈ Z. If d | a and d | m, then d | ab + km = 1, so d = ±1, and hencehcf(a,m) = 1.

Finally, if ab1 ≡ 1 (mod m) and ab2 ≡ 1 (mod m), then ab1b2 ≡ b2 (mod m) andab1b2 ≡ b1 (mod m). Hence, b1 ≡ b2 ≡ ab1b2 (mod m). �

Definition 9 Let a,m ∈ Z with m ≥ 1. If b ∈ Z satisfies ab ≡ 1 (mod m), then bis an inverse of a.

11

3.2 Linear Equations

Just like ordinary algebra with the real numbers, where we consider solving equationsin an unknown variable, we want to do something similar with congruence equations.Our solutions will be residue classes. Having developed the concept of inverses, wecan now solve linear congruence equations.

Example 9. Solve 8x ≡ 7 (mod 11), where x ∈ Z.We find an inverse of 8 (mod 11), whose existence is guaranteed by Proposition

15. Indeed, 8 · 7 ≡ 1 (mod 11). So, 7 · 8x ≡ 7 · 7 (mod 11), so x ≡ 49 ≡ 5 (mod 11).

If we cannot invert, we may divide out a common factor.

Example 10. Solve 6x ≡ −26 (mod 16), where x ∈ Z.We have 6x ≡ −26 (mod 16) ⇐⇒ 6x = 16k − 26 for some k ∈ Z ⇐⇒ 3x =

8k − 13 for some k ∈ Z ⇐⇒ 3x ≡ −13 (mod 8). Since 3 · 3 ≡ 1 (mod 8), we have3 · 3x ≡ 3(−13) (mod 8), so x ≡ −39 ≡ 1 (mod 8).

Next, we want to talk about solving simultaneous linear congruence equations.For this, we have a key theorem.

Theorem 16 (Chinese Remainder Theorem) Let m1, . . . ,mr ∈ N be pairwisecoprime, and m = m1 · · ·mr. Let a1, . . . , ar ∈ Z. Then, the simultaneous congru-ences

x ≡ a1 (mod m1)

x ≡ a2 (mod m2)...

x ≡ ar (mod mr)

have a unique solution, up to modulo m.

Proof. For each 1 ≤ i ≤ r, we have hcf(mi,m/mi) = 1. This is easy to seeby considering the prime factorisations of mi and m/mi: there are no primes incommon since hcf(mi,mj) = 1 for each j 6= i. Hence, if d ∈ Z, |d| ≥ 2, divides mi

and m/mi, then so must any of its prime factors, and this is not possible. Henced = ±1, and hcf(mi,m/mi) = 1.

Now by Proposition 15, we can find bi ∈ Z such that mbi/mi ≡ 1 (mod mi).Also, mbi/mi ≡ 0 (mod mj) if j 6= i. So, if we define

x0 =r∑i=1

mbiaimi

,

we see that x0 satisfies x0 ≡ ai (mod mi), for every 1 ≤ i ≤ r.Finally, if x1 ∈ Z is also a solution to the simultaneous congruences, then x1 ≡

12

ai ≡ x0 (mod mi), for every 1 ≤ i ≤ r. So, x1−x0 ≡ 0 (mod mi) for every 1 ≤ i ≤ r.Now lcm(m1, . . . ,mr) = m. This can be seen by considering the prime factorisationsof the mi: since the mi are pairwise coprime, no prime occurs in more than onefactorisation, and the assertion follows from Theorem 13(b). By Proposition 10(b),we have x1 − x0 ≡ 0 (mod m), and x1 ≡ x0 (mod m). �

Example 11. Solve the simultaneous congruences:

x ≡ 2 (mod 6),

x ≡ −10 (mod 7),

x ≡ 8 (mod 11).

Since the moduli are pairwise coprime, Theorem 16 applies: we have a uniquesolution, modulo 462.

Our aim is to compute x0 in the proof of Theorem 16. With m1 = 6, m2 = 7,m3 = 11, a1 = 2, a2 = −10, a3 = 8, we need to find b1, b2, b3 first.

b1 is an inverse of m2m3 = 77, modulo 6. Since 77 ≡ −1 (mod 6), we may takeb1 = −1.

b2 is an inverse of m1m3 = 66, modulo 7. Since 66 ≡ 3 (mod 7), we may takeb2 = 5.

b3 is an inverse of m1m2 = 42, modulo 11. Since 42 ≡ −2 (mod 11), we may takeb3 = −6.

So, we have

x0 = m2m3b1a1 +m1m3b2a2 +m1m2b3a3

= 77(−1)2 + 66 · 5(−10) + 42(−6)8

= −154− 3300− 2016

= −5470

≡ 74 (mod 462).

Hence, the solutions to the simultaneous congruences are x ≡ 74 (mod 462).

Theorem 16 is helpful in olympiad problems, and we will have at least one prob-lem where the theorem will be handy.

3.3 Quadratic Residues and Equations

We would now like to consider congruence equations which involve squares.

Definition 10 Let a,m ∈ Z with m ≥ 1 and hcf(a,m) = 1. Then a is a quadraticresidue, modulo m, if the congruence x2 ≡ a (mod m) has a solution. If the congru-ence has no solution, then a is a quadratic non-residue, modulo m.

To find the quadratic residues modulo m, one can square 0, 1, 2, . . . ,m− 1, andthe quadratic residues are the squares obtained which are coprime to m, and the

13

non-residues are those integers coprime to m which are not congruent to any of thesquares, modulo m. This calculation can be shortened by squaring 0,±1,±2, . . . ,±(m− 1)/2 if m is odd, and squaring 0,±1,±2, . . . ,±(m− 2)/2,m/2 if m is even.

Example 12. For m = 7, squaring 0,±1,±2,±3 and reducing, modulo 7, weget 02 ≡ 0 (mod 7), (±1)2 ≡ 1 (mod 7), (±2)2 ≡ 4 (mod 7), (±3)2 ≡ 2 (mod 7). Sothe quadratic residues, modulo 7, are 1, 2, 4; we discard 0 since it is not coprime to7, and the non-residues are 3, 5, 6 (mod 7).

For m = 12, squaring 0,±1,±2,±3,±4,±5, 6 and reducing, modulo 12, we get02 ≡ 0 (mod 12), (±1)2 ≡ 1 (mod 12), (±2)2 ≡ 4 (mod 12), (±3)2 ≡ 9 (mod 12),(±4)2 ≡ 4 (mod 12), (±5)2 ≡ 1 (mod 12), 62 ≡ 0 (mod 12). So the only quadraticresidue, modulo 12, is 1; we discard 0, 4, 9, since they are each not coprime to 12,and the non-residues are 5, 7, 11 (mod 12); these are the other integers coprime to12.

This same technique also allows us to solve quadratic congruences. For example,x2 ≡ 3 (mod 5) has no solutions, while x2 ≡ 9 (mod 12) has two solutions, x ≡±3 (mod 12).

We can compute a table of values of n2 (mod m) for m small. Below, we do thisfor 2 ≤ m ≤ 13 and 0 ≤ n ≤ m− 1.

m2 3 4 5 6 7 8 9 10 11 12 13

0 0 0 0 0 0 0 0 0 0 0 0 01 1 1 1 1 1 1 1 1 1 1 1 12 1 0 4 4 4 4 4 4 4 4 43 1 4 3 2 1 0 9 9 9 94 1 4 2 0 7 6 5 4 35 1 4 1 7 5 3 1 12

n 6 1 4 0 6 3 0 107 1 4 9 5 1 108 1 4 9 4 129 1 4 9 310 1 4 911 1 412 1

With this, it is possible to solve equations involving squares where the variablescan only be integers. We can consider such an equation in a certain modulus.

Example 13. Find all solutions to

2m + 7 = n2, (1)

where m and n are positive integers.We consider (1) in modulo 4. If m ≥ 2, then 2m + 7 ≡ 3 (mod 4). But the table

14

shows that no square can be congruent to 3 (mod 4), so there are no solutions form ≥ 2.

It remains to consider m = 1. In this case, we have n = 3. So the only solutionis (m,n) = (1, 3).

Note that we can also use modulo 8: there are no solutions for m ≥ 3 by a similarargument, and we then have to check for m = 1, 2.

To tackle similar problems, we can similarly consider a particular modulus. Itmay not be easy to decide which modulus, but the idea is that, the fewer squaresin the modulus there are, the better. Looking at the table, two of the best modulito work with when squares are present are modulo 4 and modulo 8. We easily havethe following, extremely useful result, often used in olympiads.

Proposition 17 Let n ∈ Z. Then,

(a) n2 ≡ 0 (mod 4) if n is even, and n2 ≡ 1 (mod 4) if n is odd, while n2 ≡2, 3 (mod 4) are impossible.

(b) n2 ≡ 0 (mod 8) if n ≡ 0 (mod 4), n2 ≡ 4 (mod 8) if n ≡ 2 (mod 4), andn2 ≡ 1 (mod 8) if n is odd, while n2 ≡ 2, 3, 5, 6, 7 (mod 8) are impossible.

Proof. Obvious from the table. �

Finally, looking back at the table suggests that, when m is an odd prime, thenumber of quadratic residues and non-residues are each m−1

2. This indeed is the case

for every such prime.

Proposition 18 Let p > 0 be an odd prime. Then, the number of quadratic residuesand non-residues are each equal to p−1

2. Moreover, the quadratic residues are exactly

12, 22, . . . ,(p−12

)2.

Proof. Note that the set of quadratic residues is obtained from{

(±1)2, (±2)2,

. . . ,(± p−1

2

)2}={

12, 22, . . . ,(p−12

)2}, so that there are at most p−1

2of them. We

show that no two of these are congruent modulo p. Otherwise, if x21 ≡ x2

2 (mod p),where 1 ≤ x2 < x1 ≤ p−1

2, then (x1 − x2)(x1 + x2) ≡ 0 (mod p), so p | x1 − x2 or

p | x1 + x2 by Proposition 11. But this is impossible, since 1 ≤ x1− x2, x1 + x2 < p.

Hence, 12, 22, . . . ,(p−12

)2are exactly the quadratic residues. The number of non-

residues is then p− 1− p−12

= p−12

. �

3.4 Fermat’s Little Theorem, Euler’s Theorem, and Wilson’s Theorem

In order to tackle some of the more powerful results, we must develop some elemen-tary tools. In this section, we shall discuss three of the most well-known results incongruence theory. Each one is a very useful result in olympiads.

We first discuss Fermat’s Little Theorem, one of the most well-known results innumber theory. The theorem comes in two, equivalent forms.

15

Theorem 19 (Fermat’s Little Theorem) Let p > 0 be prime, and a ∈ Z.

(a) We have ap ≡ a (mod p).

(b) If hcf(a, p) = 1. Then ap−1 ≡ 1 (mod p).

Moreover, the statements of (a) and (b) are equivalent.

There are at least three different proofs of this famous result. Below, we givepossibly the most well-known proof.

Proof of Theorem 19. Firstly, we show the equivalence. After we do this, itthen suffices to prove part (a).

Assume (a), so that ap ≡ a (mod p). If hcf(a, p) = 1, then by Proposition 15, ahas an inverse modulo p. Multiplying both sides of ap ≡ a (mod p) by this inversethen clearly gives ap−1 ≡ 1 (mod p), so (b) holds.

Now, assume (b), so that ap−1 ≡ 1 (mod p) whenever hcf(a, p) = 1. If we dohave hcf(a, p) = 1, then multiplying both sides of ap−1 ≡ 1 (mod p) by a givesap ≡ a (mod p). If on the other hand, we have hcf(a, p) 6= 1, then we must havehcf(a, p) = p, so that a ≡ 0 (mod p). In this case, we also have ap ≡ a (mod p). So,(a) holds.

Now, it suffices to prove (a). The result is trivial if a ≡ 0 (mod p), so assume thata 6≡ 0 (mod p), and hence, hcf(a, p) = 1. Consider the numbers a, 2a, . . . , (p − 1)a.No two of these are congruent modulo p: if ia ≡ ja (mod p) for 1 ≤ i < j ≤ p− 1,then, since a has an inverse modulo p (by Proposition 15), we get i ≡ j (mod p),a contradiction. Also, none of them is congruent to 0 (mod p): if ia ≡ 0 (mod p),then Proposition 11 gives that p | i or p | a, neither of which is possible. It followsthat a, 2a, . . . , (p − 1)a are congruent to 1, 2, . . . , p − 1, modulo p, in some order.So, multiplying p − 1 congruences, we get ap−1(p − 1)! ≡ (p − 1)! (mod p). Sincehcf((p− 1)!, p) = 1, (p− 1)! has an inverse modulo p, and hence ap−1 ≡ 1 (mod p).It follows that ap ≡ a (mod p). �

Example 14. Simplify 9118 (mod 31) to preferred form.We use version (b) of Theorem 19. We have 930 ≡ 1 (mod 31). So, 9120 = (930)4 ≡

14 ≡ 1 (mod 31). Since 911892 = 9120 ≡ 1 (mod 31), we want to find an inverse for92, modulo 31. Now, 92 = 81 ≡ −12 (mod 31), so we want an inverse for −12. Since(−12)(−13) = 156 ≡ 1 (mod 31), it follows that we have −13 is an inverse for 92,modulo 31. Therefore, 911892(−13) ≡ −13 (mod 31), so, 9118 ≡ −13 ≡ 18 (mod 31).

Next, we consider Euler’s Theorem. This is a generalisation of Fermat’s LittleTheorem. We need a definition first.

Definition 11 Let n ∈ N. We define φ(n) to be the number of positive integersnot greater than n which are coprime to n. The function φ(n) is Euler’s totientfunction.

16

Theorem 20 (Euler’s Theorem) Let a,m ∈ Z, with m ≥ 1 and hcf(a,m) = 1.Then aφ(m) ≡ 1 (mod m).

Note that, since φ(p) = p − 1 for any prime p > 0, Theorem 20 clearly impliesTheorem 19.

Proof of Theorem 20. We can prove this result with a similar argument tothe one used in the previous theorem. We leave this proof in Exercise 8.

We end this section with another well-known result, Wilson’s Theorem.

Theorem 21 (Wilson’s Theorem) Let p > 0 be prime. Then (p−1)! ≡ −1 (modp).

Proof. This theorem has a reasonably simple proof. See Exercise 9.

There will be problems where these three results can be useful.

3.5 Quadratic Reciprocity

Looking back at Section 3.3, we can easily see one major problem when we wish tosolve a quadratic congruence equation: if the modulus is large. Using the approach inSection 3.3 would mean that the computation would take far too long. For example,how do we answer the question: “Is the congruence x2 ≡ 5 (mod 103) solvable?”.

In this section, we shall briefly look at the theory behind this, the theory ofquadratic reciprocity.

Definition 12 Let p > 0 be an odd prime, and a ∈ Z. Then, the Legendre Symbol(ap

)is defined as

(ap

)=

1 if a is a quadratic residue (mod p),0 if a ≡ 0 (mod p),−1 if a is a quadratic non-residue (mod p).

We shall aim to find ways which will enable us to compute(ap

).

Theorem 22 Let a, b, p ∈ Z, where p > 0 is an odd prime. Then,

(a)(ap

)≡ a

p−12 (mod p),

(b)(abp

)=(ap

)(bp

),

(c)(a2

p

)= 1 if hcf(a, p) = 1,

(d)(

1p

)= 1, and

(−1p

)= (−1)

p−12 .

17

Proof. Parts (b) and (d) are instant from part (a), while part (c) either followsfrom part (b), or from part (a) via Theorem 19. So, it remains to prove part (a).This part is obvious if a ≡ 0 (mod p).

If(ap

)= 1, then there exists x ∈ Z with x2 ≡ a (mod p). Clearly, hcf(x, p) = 1;

if not, we will have(ap

)= 0. So by Theorem 19, we have a

p−12 ≡ xp−1 ≡ 1 ≡

(ap

)(mod p).

If(ap

)= −1, then, for every 1 ≤ i ≤ p − 1, it is easy to see that there exists

a unique 1 ≤ i′ ≤ p − 1 such that ii′ ≡ a (mod p) (Existence is guaranteed byProposition 15, while uniqueness can be shown by a similar argument to the lastpart of Proposition 15). Moreover, since a is a quadratic non-residue, we have i 6= i′.Furthermore, if 1 ≤ j ≤ p − 1, j 6= i, and j′ (1 ≤ j′ ≤ p − 1) is found likewise:jj′ ≡ a (mod p), then j′ 6= i′ (As before, assuming j′ = i′ would give j = i). Hence,multiplying the p−1

2congruences of the form ii′ ≡ a (mod p) together and using

Theorem 21, we have ap−12 ≡ (p− 1)! ≡ −1 ≡

(ap

)(mod p). �

Part (a) can be used to derive a criterion which determines the number of solu-tions to x2 ≡ a (mod p), where p > 0 is an odd prime, and hcf(a, p) = 1.

Theorem 23 (Euler’s Criterion) Let a, p ∈ Z, where p > 0 is an odd prime, andhcf(a, p) = 1. Then, x2 ≡ a (mod p) has two solutions or no solutions, according to

ap−12 ≡ 1 or −1 (mod p).

Proof. By Theorem 22(a), we have ap−12 ≡

(ap

)≡ ±1 (mod p), since hcf(a, p) =

1.If a

p−12 ≡ −1 (mod p), then

(ap

)= −1, so x2 ≡ a (mod p) has no solutions.

If ap−12 ≡ 1 (mod p), then

(ap

)= 1, and x2 ≡ a (mod p) has a solution. If x1

is a solution, then so is −x1, and x1 6≡ −x1 (mod p). If there is another solutionx2 where x2 6≡ x1 (mod p) and x2 6≡ −x1 (mod p), then, x2

2 ≡ x21 ≡ a (mod p), so

that (x2 − x1)(x2 + x1) ≡ x22 − x2

1 ≡ 0 (mod p). So, either x2 − x1 ≡ 0 (mod p) orx2 + x1 ≡ 0 (mod p), which is a contradiction. So, there are exactly two solutionsin this case. �

With Theorem 22, we now aim to derive the two main results which will enableus to compute

(ap

). By part (b), it is enough to consider a to be prime. We first

consider the case a = 2.

Theorem 24 (A Lemma of Gauss) Let p > 0 be an odd prime. Then,(

2p

)=

(−1)p2−1

8 . In other words,(

2p

)= 1 if p ≡ ±1 (mod 8), and

(2p

)= −1 if p ≡ ±3

(mod 8).

So, Theorem 24 says that 2 is a square (mod p) ⇐⇒ p ≡ ±1 (mod 8), and anon-square (mod p)⇐⇒ p ≡ ±3 (mod 8).

Proof of Theorem 24. We first prove the following lemma, also due to Gauss.

18

Let a, p ∈ Z, where p > 0 is an odd prime, and hcf(a, p) = 1. Let p′ = p−12

. Obtainthe remainders when a, 2a, . . . , p′a are divided by p, and let n be the number of thesereminders greater than p

2. Then

(ap

)= (−1)n.

So, let r1, . . . , rn be the above remainders larger than p2, and s1, . . . , sm be those

less than p2, so that n+m = p′. Note that the ri and sj are distinct modulo p. We

have p− r1, . . . , p− rn < p2. We claim that p− ri 6= sj for every i, j. If p− ri = sj for

some i, j, then p = ri + sj ≡ (Ri +Sj)a (mod p) for some Ri, Sj, so that p | Ri +Sj,since p - a. But also, we have 0 < Ri + Sj < p, which is a contradiction.

Hence,

p′! = (p− r1) · · · (p− rn)s1 · · · sm ≡ (−1)nr1 · · · rns1 · · · sm ≡ (−1)np′!ap′(mod p).

Since hcf(p′!, p) = 1, we have 1 ≡ (−1)nap′ ≡ (−1)n

(ap

)(mod p), by Theorem

22(a). Hence,(ap

)= (−1)n, and the lemma holds.

We now aim to show that, if a = 2, then n ≡ p2−18

(mod 2), which implies thetheorem. For k = 1, . . . , p′, we have ka = pbka

pc + ri for some i, or ka = pbka

pc + sj

for some j. So,p′∑k=1

ka = p

p′∑k=1

⌊kap

⌋+

n∑i=1

ri +m∑j=1

sj. (2)

Also,p′∑k=1

k =n∑i=1

(p− ri) +m∑j=1

sj. (3)

So, subtracting (3) from (2) gives

(a− 1)

p′∑k=1

k = p( p′∑i=1

⌊kap

⌋− n

)+ 2

n∑i=1

ri. (4)

Now, if a = 2, then bkapc = 0 for every k = 1, . . . , p′. Since

∑p′

k=1 k = p2−18

, by

considering (4) in modulo 2, we have p2−18≡ −pn (mod 2), and hence, p2−1

8≡ n

(mod 2), as required. �

Now, we consider the case when a ≥ 3 is prime. We have the following remarkableresult of Gauss.

Theorem 25 (Gauss’ Quadratic Reciprocity Law) Let p, q > 0 be distinct oddprimes. Then, (p

q

)(qp

)= (−1)( p−1

2)( q−1

2).

In other words,(pq

)(qp

)= 1, unless if p ≡ q ≡ 3 (mod 4), in which case,(

pq

)(qp

)= −1.

19

So, Theorem 25 says that, if at least one of p and q is congruent to 1 (mod 4),then the congruences x2 ≡ q (mod p) and x2 ≡ p (mod q) are either both solvableor both not solvable. If p ≡ q ≡ 3 (mod 4), then one of the congruences is solvable,and the other is not.

Proof of Theorem 25. Write p′ = p−12

and q′ = q−12

. We first show that, if

t1 =∑p′

x=1bqxpc and t2 =

∑q′

y=1bpyqc, then

(qp

)= (−1)t1 and

(pq

)= (−1)t2 . We use

the lemma of Gauss at the start of the proof of Theorem 24, taking a = q and n asdefined there. Then,

(qp

)= (−1)n. So, we want to show that n ≡ t1 (mod 2). With

the exact same calculations that gave equation (4), we have

(q − 1)

p′∑x=1

x ≡ p( p′∑x=1

⌊qxp

⌋− n

)(mod 2). (5)

Since p and q are odd, clearly, (5) implies that n ≡∑p′

x=1bqxpc ≡ t1 (mod 2). The

proof that(pq

)= (−1)t2 is exactly the same, by switching p and q.

Now, consider the grid S = {(x, y) : x, y ∈ Z, 1 ≤ x ≤ p′, 1 ≤ y ≤ q′}. LetS1 = {(x, y) ∈ S : qx > py} and S2 = {(x, y) ∈ S : qx < py}. Note that S is adisjoint union of S1 and S2, since no (x, y) ∈ S satisfies qx = py, otherwise, we canfind a rational 0 < α < 1 with αp, αq ∈ Z, giving that p and q have a commondivisor greater than 1.

Now,

|S1| =p′∑x=1

⌊qxp

⌋= t1, |S2| =

q′∑y=1

⌊pyq

⌋= t2,

so that p−12· q−1

2= |S| = |S1| + |S2| = t1 + t2. Hence,

(pq

)(qp

)= (−1)t2(−1)t1 =

(−1)( p−12

)( q−12

), as required. �

Example 15. Are the following congruences solvable?

(a) x2 ≡ 5 (mod 103).

(b) x2 ≡ 30 (mod 103).

We just have to find(

5103

)and

(30103

), and we may use Theorems 22, 24 and 25

to help us.(a) Since 5 ≡ 1 (mod 4), we have

(5

103

)(1035

)= 1. Now,

(1035

)=(

35

)= −1,

since x2 ≡ 3 (mod 5) is not solvable. So,(

5103

)= −1, and x2 ≡ 5 (mod 103) is not

solvable.(b) We have

(30103

)=(

2103

)(3

103

)(5

103

). Since 103 ≡ −1 (mod 8), we have(

2103

)= 1. Since 3 ≡ 103 ≡ 3 (mod 4), we have

(3

103

)(1033

)= −1.

(1033

)=(

13

)= 1,

since x2 ≡ 1 (mod 3) is solvable, so(

3103

)= −1. We already have

(5

103

)= −1.

Hence,(

30103

)= 1(−1)(−1) = 1, and x2 ≡ 30 (mod 103) is solvable. Applying Theo-

rems 22(a) and 23 shows that there are exactly two solutions.

20

4. Diophantine Equations

In this section, we discuss some well-known Diophantine equations. These are equa-tions whose solutions are integers, maybe sometimes, rational numbers. Such equa-tions usually involve at least two variables. These equations are named after theGreek mathematician Diophantus. We will also discuss a useful method to solvethese equations, Fermat’s method of infinite descent.

4.1 Two Squares and Four Squares Theorems

We want to know when a given positive integer can be written as a sum of certainnumber of perfect squares. Our first aim will be to characterise those integers whichcan be represented as a sum of two squares. Certainly, there are integers for whichthis is not possible; for example, 6 and 7. So, for which integers can this be done?

We shall prove the following characterisation of these integers, due to Fermat.

Theorem 26 (Fermat) Let n ∈ N, with prime factorisation

n = 2α∏

p≡1 (mod4)

pβ∏

q≡3 (mod4)

qγ. (6)

Then, n can be written as a sum of two non-negative squares if and only if allthe exponents γ are even.

To help us, we first consider the case when n is an odd prime, which itself is aninteresting result.

Theorem 27 (Fermat) Let p > 0 be an odd prime. Then, p can be written as asum of two squares if and only if p ≡ 1 (mod 4).

Proof. Since squares are congruent to 0 or 1 (mod 4) by Proposition 17(a),certainly, p cannot be written as a sum of two squares if p ≡ 3 (mod 4). It remainsto show that p can be written as a sum of two squares if p ≡ 1 (mod 4).

By Theorem 22(d),(−1p

)= 1, so that there exists an x ∈ Z such that x2 ≡ −1

(mod p). Take such an x ∈ {1, . . . , p− 1}, and consider the set S = {(a, b) : a, b ∈ Zand 0 ≤ a, b <

√p}. If k = b√pc, then |S| = (k+ 1)2 > p. Hence by the pigeonhole

principle, there exist two distinct members of S, say, (a1, b1), (a2, b2) ∈ S, witha1 + b1x ≡ a2 + b2x (mod p). Setting u = a1− a2 and v = b2− b1 (note that at leastone of u, v is non-zero), we have u ≡ vx (mod p), so u2 ≡ (vx)2 ≡ −v2 (mod p),hence u2 + v2 ≡ 0 (mod p). Now, −√p < u, v <

√p, so that 0 < u2 + v2 < 2p. It

follows that u2 + v2 = p, as required. �

Proof of Theorem 26. Firstly, suppose that when n is written in the expression(6), the exponents γ are all even. Using the identity (a2 + b2)(c2 +d2) = (ac− bd)2 +(ad+ bc)2, we see that if x and y can each be written as a sum of two squares, thenso can xy. Since 2 = 12 + 12, q2 = q2 + 02 if q ≡ 3 (mod 4), and Theorem 27 gives

21

that any prime p ≡ 1 (mod 4) is a sum of two squares, it follows that n too is a sumof two squares.

Now we prove the converse. Firstly, we claim that, if q ≡ 3 (mod 4) is prime,and q | u2 + v2, then q | u and q | v. Assume that q - u. Then, there exists u′ withuu′ ≡ 1 (mod q). Since u2 + v2 ≡ 0 (mod q), we have 0 ≡ (u2 + v2)u′2 ≡ 1 + (vu′)2

(mod q), so that x2 ≡ −1 (mod q) has a solution vu′. This contradicts Theorem22(d) that

(−1q

)= −1 if q ≡ 3 (mod 4), proving the claim.

Now, suppose that there exists an n ∈ N which is the sum of two squares, andhas a prime congruent to 3 (mod 4) with an odd exponent in its prime factorisation.Let n0 be the smallest such integer, with n0 = a2 + b2 for a, b ∈ Z, and q0 ≡ 3 (mod4) be a prime factor of n0 with odd exponent γ0. By the claim, we have q0 | a andq0 | b, so that q2

0 | a2 + b2 = n0, hence γ0 ≥ 3. But then, the integer n0

q20is smaller

than n0, has the integer representation n0

q20=(aq0

)2+(bq0

)2, and the exponent of q0

in the prime factorisation of n0

q20is γ0 − 2, which is also odd. This is a contradiction

and we are done. �

Next, we want to know that for any n ∈ N, at most how many squares do weneed so that n is the sum of the squares? We see that n = 7 shows that threesquares is insufficient (and indeed, the same is true whenever n ≡ 7 (mod 8), byan easy application of Proposition 17(b)). The next remarkable result of Lagrangeshows that four squares is sufficient for every n.

Theorem 28 (Lagrange) Every integer n ∈ N can be written as the sum of fournon-negative squares.

The rather short and standard proof of Theorem 28 uses techniques from an areaof number theory called Geometry of Numbers. This area utilises high dimensionallinear algebra on integer lattices, and such a proof of Theorem 28 considers a certain4-dimensional integer lattice. We shall not give such a proof here, but we give alonger, more elementary proof.

Proof of Theorem 28. We begin with the following identity, due to Euler.

(a2 + b2 + c2 + d2)(e2 + f 2 + g2 + h2) = (ae+ bf + cg + dh)2

+(af − be− ch+ dg)2

+(ag + bh− ce− df)2

+(ah− bg + cf − de)2. (7)

This means that it suffices to prove the theorem for n = p, where p is an oddprime, since 1 = 12 + 02 + 02 + 02 and 2 = 12 + 12 + 02 + 02.

Next, let p = 2r + 1, X = {x2 : x = 0, 1, . . . , r}, and Y = {−y2 − 1 : y =0, 1, . . . , r}. Then, by Proposition 18, we have, modulo p, the elements of X areexactly the quadratic residues, united with 0. So, |X| = p−1

2+ 1 = p+1

2. Similarly,

|Y | = p+12

. Moreover, X ∩ Y = ∅, since X has non-negative elements and Y has

22

negative elements. Hence, X ∪Y has p+12

+ p+12

= p+ 1 elements. By the pigeonholeprinciple, it follows that an element of X is congruent to an element of Y , modulop, say, x2 ≡ −y2− 1 (mod p). So, x2 + y2 + 1 = kp for some k ∈ N. We have k ≥ 1,and kp ≤ 2r2 + 1 < (2r + 1)2 = p2, so k < p.

It follows that there exist a, b, c, d,m ∈ Z such that mp = a2 + b2 + c2 +d2, where1 ≤ m < p. Choose m to be the smallest such integer. If m = 1, we are done.Otherwise, if m > 1, we shall find an ` ∈ N with 1 ≤ ` < m, and `p is also a sum offour squares, which will be a contradiction.

If m is even, then we claim that we can take ` = m2

. We have that either none,or two, or all four of a, b, c, d are even. So without loss of generality, assume thata− b ≡ c− d ≡ 0 (mod 2). Then,

m

2· p =

(a− b2

)2

+(a+ b

2

)2

+(c− d

2

)2

+(c+ d

2

)2

.

If m is odd, then take integers −m2< e, f, g, h < m

2with

e ≡ a (mod m), f ≡ b (mod m), g ≡ c (mod m), h ≡ d (mod m). (8)

So, e2 + f 2 + g2 + h2 ≡ 0 (mod m). Let e2 + f 2 + g2 + h2 = `m for some integer` ≥ 0. We claim that ` is a suitable integer. We have e2+f 2+g2+h2 < m2, so ` < m.Also, if ` = 0, then e = f = g = h = 0, which implies that mp = a2 +b2 +c2 +d2 ≡ 0(mod m2). It follows that m | p, which contradicts 1 < m < p. So, 1 ≤ ` < m. Nowconsider the identity (7). The left hand side is equal to `pm2. For the right handside, by (8), we have,

ae+ bf + cg + dh ≡ e2 + f 2 + g2 + h2 ≡ 0 (mod m),

and

af − be− ch+ dg = (af − be) + (dg − ch) ≡ 0 (mod m),

ag + bh− ce− df = (ag − ce) + (bh− df) ≡ 0 (mod m),

ah− bg + cf − de = (ah− de) + (cf − bg) ≡ 0 (mod m).

So, the right hand side of (7) is divisible by m2. Dividing the resulting expressionby m2, we find that `p can be represented as a sum of four squares, as required. �

4.2 Pythagorean Triples

The equationx2 + y2 = z2, (9)

where x, y, z ∈ Z, is one of the most well-known Diophantine equations. It is well-known that a solution to (9), where x, y, z are positive real numbers, corresponds tothe side lengths of a right angled triangle, where z is the length of the hypothenuse:Pythagoras’ Theorem. So, a solution to (9) is called a Pythagorean triple. Two of

23

the most well-known Pythagorean triples are (3, 4, 5) and (5, 12, 13).We can start by simplifying the problem of solving (9) a little.Firstly, note that if (x, y, z) = (x0, y0, z0) is a solution, then so is (kx0, ky0, kz0)

for any k ∈ Z. So, it is enough to seek solutions to (9) where hcf(x, y, z) = 1. Sucha solution is called a primitive Pythagorean triple.

Next, it is also enough to restrict the study of (9) to x, y, z ∈ N. This is fairlyclear. If x = 0, then (x, y, z) = (0, y0, z0), where |y0| = |z0|, is a solution. Likewisefor y = 0. While if z = 0, then x = y = 0. Also, if (x, y, z) = (x0, y0, z0) is asolution, then changing the sign of any number of x0, y0, z0 also gives a solution.

Theorem 29 below describes every solution to (9). Part (a) describes thosesolutions with the above restrictions, while part (b) describes every solution in theintegers.

Theorem 29 Consider the Diophantine equation

x2 + y2 = z2. (10)

(a) If x, y, z ∈ N, where hcf(x, y, z) = 1, then the solutions of (10) are given by

{x, y} = {2mn,m2 − n2}, z = m2 + n2,

where m,n ∈ N, hcf(m,n) = 1, m > n, and m and n have opposite parity.That is, these are all the positive primitive Pythagorean triples.

(b) If x, y, z ∈ Z, then all the solutions to (10) can be obtained by multiplying aprimitive Pythagorean triple by some k ∈ Z, followed by changing the sign ofany number of the three resulting integers. In addition,

{x, y} = {0, a}, z = b,

where a, b ∈ Z and |a| = |b|, are also solutions.

Proof. By the remarks before the theorem, it suffices to prove part (a) only.So, assume that x, y, z are as in part (a). We first claim that hcf(x, y) =

hcf(x, z) = hcf(y, z) = 1. If h = hcf(x, y) > 1, then h2 | x2 + y2 = z2, so thatz2 = kh2 for some k ∈ N. By considering prime factorisations, we see that k = `2

for some ` ∈ N, giving z = `h, so h | z, contradicting hcf(x, y, z) = 1. The exactsame argument gives that hcf(x, z) = hcf(y, z) = 1.

Next, x and y cannot have the same parity. They are not both even sincehcf(x, y) = 1. If they are both odd, then x2 + y2 ≡ 2 (mod 4), but z2 6≡ 2 (mod 4)by Proposition 17(a). So without loss of generality, assume that x is even and y isodd. Then, z2 = x2 + y2 is odd, so z is odd. So, we have the equation(x

2

)2

=z + y

2· z − y

2,

where x2, z+y

2, z−y

2∈ N.

24

Now, we claim that hcf(z+y2, z−y

2

)= 1. If g = hcf

(z+y2, z−y

2

)> 1, then g |

z+y2− z−y

2= y, and g | z+y

2+ z−y

2= z. This contradicts hcf(y, z) = 1.

So, by Exercise 6 (see Section 5.1), we have z+y2

= m2 and z−y2

= n2 for somem,n ∈ N, and clearly, hcf(m,n) = 1, since hcf

(z+y2, z−y

2

)= 1. We can now easily

see that x = 2mn, y = m2−n2, z = m2 +n2, m > n, and m,n have different parity.Part (a) follows. �

We will have at least one problem later which uses Theorem 29.

4.3 Pell’s Equation

We are about to discuss a remarkable family of Diophantine equations: Pell’s equa-tions. These equations have been surprisingly useful in many olympiad style prob-lems. This section features fairly advanced material, so we shall only have an intro-ductory treatment, and not provide a proof of the main result: Theorem 30.

Definition 13 Let d ∈ N with d ≥ 2. Then d is square-free if it has no squarefactors greater than 1.

We want to consider solutions to an equation of the form

x2 − dy2 = 1, (11)

where x, y, d ∈ Z, x, y ≥ 0 and d ≥ 2 is square-free. Such an equation belongs to afamily of equations collectively known as Pell’s equations.

With d fixed, the solutions to (11) are given by second-order recurrence relationsin both x and y.

Theorem 30 Consider the Diophantine equation

x2 − dy2 = 1, (12)

where x, y, d ∈ Z, x, y ≥ 0 and d ≥ 2 is square-free. Then, with d fixed, the solutionsto (12) arise as follows. The first, trivial solution is (x0, y0) = (1, 0). If (x1, y1) isthe next, first non-trivial solution, then all the solutions are given by (xk, yk), wherefor k ≥ 2,

xk = 2axk−1 − xk−2,

yk = 2ayk−1 − yk−2,

where a = x1.

So, the first few cases are as follows.

25

d Equation a First four solutions2 x2 − 2y2 = 1 3 (1, 0), (3, 2), (17, 12), (99, 70)3 x2 − 3y2 = 1 2 (1, 0), (2, 1), (7, 4), (26, 15)5 x2 − 5y2 = 1 9 (1, 0), (9, 4), (161, 72), (2889, 1292)6 x2 − 6y2 = 1 5 (1, 0), (5, 2), (49, 20), (485, 198)7 x2 − 7y2 = 1 8 (1, 0), (8, 3), (127, 48), (2024, 765)10 x2 − 10y2 = 1 19 (1, 0), (19, 6), (721, 228), (27379, 8658)11 x2 − 11y2 = 1 10 (1, 0), (10, 3), (199, 60), (3970, 1197)

Generalisations of equation (11) have also been studied. These include x2−dy2 =n, where x, y, d, n ∈ Z, x, y, d ≥ 0 and d is square free. In particular, the casen = −1 presents much interest, and is closely related to (11). Even more generally,cx2 − dy2 = n, where x, y, c, d, n ∈ Z, with x, y, c, d ≥ 0 and c, d square free, hasbeen studied.

We now give an example of a problem where Theorem 30 can be used.

Example 16. This problem appeared in the British Mathematical Olympiad,Round 1, 2006/7. This was the final problem on the exam, and Theorem 30 can beused.

Let n be an integer. Show that, if 2 + 2√

1 + 12n2 is an integer, then it is aperfect square.

Note that we may assume that n ≥ 0. Firstly, we must have 1 + 12n2 ≥ 1 is aperfect square, say, 1 + 12n2 = m2, where m ∈ N. If not, then let 1 + 12n2 = t ≥ 1,where the prime factorisation of t has a prime with an odd power. We have 22t = z2

for some z ∈ Z. This is impossible since the prime factorisation of 22t also has anodd prime power, but that of z2 does not.

Now, we have m2 − 3(2n)2 = 1. This is a form of Pell’s equation with d = 3above. The solutions of x2 − 3y2 = 1 are given by the pairs (xk, yk), where xk, ykare generated by the recurrence relations

x0 = 1, x1 = 2, xk = 4xk−1 − xk−2 for k ≥ 2,

y0 = 0, y1 = 1, yk = 4yk−1 − yk−2 for k ≥ 2,

giving the successive solutions (x, y) = (1, 0), (2, 1), (7, 4), (26, 15), (97, 56), . . . .Looking at m2 − 3(2n)2 = 1 suggests that we must seek solutions to x2 − 3y2 = 1where y is even. The recurrence yk = 4yk−1 − yk−2 easily shows that yk and yk−2

have the same parity, and since y0 is even and y1 is odd, it follows that yk is even ifand only if k is even. It follows that the solutions for m are precisely xk, where kis even. So it is a good idea to derive a recurrence relation for xk, with k even. Fork ≥ 4, we have

xk = 4xk−1 − xk−2 = 4(4xk−2 − xk−3)− xk−2

= 15xk−2 − 4xk−3 = 15xk−2 − (xk−2 + xk−4)

= 14xk−2 − xk−4,

26

since 4xk−3 = xk−2 + xk−4. It follows that the solutions to m are mk, given by therecurrence relation

m0 = 1,m1 = 7,mk = 14mk−1 −mk−2 for k ≥ 2,

giving the solutions m = 1, 7, 97, 1351, . . . . We are done if we can show that forevery term mk of this sequence, 2 + 2mk is a perfect square.

Now, observe that we have the pattern

m0 = 1 = 2 · 12 − 1 = 2x20 − 1,

m1 = 7 = 2 · 22 − 1 = 2x21 − 1,

m2 = 97 = 2 · 72 − 1 = 2x22 − 1.

So, it is reasonable to claim that we have mk = 2x2k − 1 for every k. We prove

this by induction on k. mk = 2x2k − 1 holds for k = 0, 1. For k ≥ 2, assume that

m` = 2x2` − 1 for every 0 ≤ ` < k. We have

mk = 14mk−1 −mk−2 = 14(2x2k−1 − 1)− (2x2

k−2 − 1) = 28x2k−1 − 2x2

k−2 − 13.

We would like this to be equal to 2x2k − 1. We have

2x2k − 1 = 2(4xk−1 − xk−2)

2 − 1 = 32x2k−1 + 2x2

k−2 − 16xk−1xk−2 − 1,

so it suffices to show that

28x2k−1 − 2x2

k−2 − 13 = 32x2k−1 + 2x2

k−2 − 16xk−1xk−2 − 1,

or equivalently,x2k−1 + x2

k−2 − 4xk−1xk−2 + 3 = 0. (13)

(13) holds for k = 2; x21 + x2

0 − 4x1x0 + 3 = 22 + 12 − 4 · 2 · 1 + 3 = 0. Now, fork ≥ 3, we have

x2k−1 + x2

k−2 − 4xk−1xk−2 + 3 = (4xk−2 − xk−3)2 + x2

k−2 − 4(4xk−2 − xk−3)xk−2 + 3

= x2k−2 + x2

k−3 − 4xk−2xk−3 + 3,

so repeating this calculation successively gives

x2k−1 + x2

k−2 − 4xk−1xk−2 + 3 = x2k−2 + x2

k−3 − 4xk−2xk−3 + 3

= · · ·= x2

1 + x20 − 4x1x0 + 3 = 0

We have now shown that mk = 2x2k − 1 for every k. So, 2 + 2mk = (2xk)

2, andwe are done.

We will have several more problems where Theorem 30 will be useful.

27

4.4 Fermat’s Method of Infinite Descent

We shall discuss another useful method to tackle Diophantine equations. It is acontradiction type method, called Fermat’s method of infinite descent. The ideais, we are given a Diophantine equation in positive (or non-negative) integers x, y,z, . . . . We then show that, if the equation is true for x = a1, y = b1, z = c1, . . . ,then it is true for x = a2 < a1, y = b2 < b1, z = c2 < c1, . . . , and then for the samereason, the equation is true for x = a3 < a2, y = b3 < b2, z = c3 < c2, . . . , and so on.This cannot happen infinitely often, by the positivity of x, y, z, . . . .

It is best to illustrate this method by an example.

Example 17. Show that the equation

x2 + y2 + z2 = 2xyz (14)

has no solutions in non-negative integers x, y, z, other than x = y = z = 0.Suppose that we can find a solution (x, y, z) = (x1, y1, z1), where at least one of

x1, y1, z1 is positive. The right hand side of (14) is even, hence so is the left handside. So either x1, y1, z1 are all even, or two of x1, y1, z1 are odd and the other is even.For the latter case, by Proposition 17(a), the left hand side of (14) is congruentto 2 (mod 4), while the right hand side is congruent to 0 (mod 4); impossible. Itfollows that x1 = 2x2, y1 = 2y2, z1 = 2z2 for some non-negative integers x2, y2, z2,with at least one positive. Substituting these into (14), we find

x22 + y2

2 + z22 = 4x2y2z2. (15)

Using (15) to apply a similar argument, we find that x2, y2, z2 must all be evenas well, so that x1, y1, z1 are all multiples of 4. Repeating the argument successively,we find that x1, y1, z1 are all divisible by as large a power of 2 as we like. This isimpossible, unless if x1 = y1 = z1 = 0.

5. Problems

We divide the problems into two parts. The first set consists of some elementaryexercises; some of these exercises complete most of the missing proofs. The secondset consists of the challenges.

5.1 Elementary Exercises

1. Prove Proposition 5.

2. Prove Theorem 6 as follows. Consider the set

. . . , b− 3a, b− 2a, b− a, b, b+ a, b+ 2a, b+ 3a, . . . .

Letting r be the least non-negative member of this set, and letting r = b− qa,show that this choice of q and r satisfies the conditions of Theorem 6. Also,prove the “Moreover” part of the theorem.

28

3. Use the following guideline to prove Theorem 9. This is a different approachto the one used to prove Theorem 8, and so it is a second proof of Theorem 8as well.Consider the linear combinations of the form

c1a1 + · · ·+ cnan,

as c1, . . . , cn vary over Z. Observe that these linear combinations can takepositive and negative values, as well as 0. So, choose c′1, . . . , c

′n ∈ Z so that

c′1a1 + · · ·+ c′nan has the least positive value. Let ` = c′1a1 + · · ·+ c′nan.

(a) Prove that ` | ai for every i as follows. Assume that ` - ai. Use Theorem6 to obtain a contradiction.

(b) Let h = hcf(a1, . . . , an). Use some of the properties of Proposition 5 toshow that h = `.

4. Prove Proposition 10 as follows.

(a) Apply Theorem 9.

(b) Use a contradiction argument, and apply Theorem 6.

5. Suppose that z ∈ Z\{0}, with prime factorisation z = sgn(z)pα11 · · · pαn

n , wherepi, αi ∈ N and pi > 0 is prime, for 1 ≤ i ≤ n.

(a) How many distinct divisors of z are there?

(b) How many distinct positive divisors of z are there?

6. Suppose that a, b ∈ Z with hcf(a, b) = 1. Prove that, if |ab| is a perfect square,then so are |a| and |b|.

7. Prove Proposition 14.

8. Prove Theorem 20 as follows. Let b1, . . . , bφ(m) be those positive integers notgreater than m, each of which is coprime to m. Consider the set ab1, . . . , abφ(m).Show that no two of these numbers are congruent modulo m, and that eachone is coprime to m. Deduce Theorem 20 with a similar argument to the proofof Theorem 19.

9. Prove Theorem 21 as follows. Firstly, verify that the result holds for p = 2, 3.Now, assume p ≥ 5. Prove the following.

(a) For a ∈ Z and p > 0 prime, show that a2 ≡ 1 (mod p)⇐⇒ a ≡ ±1 (modp).

(b) Show that for every b ∈ {2, 3, . . . , p− 2}, b has a unique inverse, modulop, in {2, 3, . . . , p − 2}, which is distinct from b. Proposition 15 will helphere.

29

(c) Deduce Theorem 21.

10. Prove that the equation x4 + y4 = z4 has no solutions for x, y, z ∈ N. Thisspecial case of Fermat’s Last Theorem is one of Fermat’s most famous results.Hints: Use infinite descent, and ideas from Theorem 29.

5.2. Olympiad Style Problems

Here are the more challenging problems. The ordering does not necessarily reflectthe difficulty of the problems.

1. Find all solutions to the equation

5x · 7y + 4 = 3z,

where x, y, z are non-negative integers.

2. Let A be the sum of the digits of the decimal representation of 44444444. LetB be the sum of the digits of A. What is the sum of the digits of B?

3. Find the smallest integer n > 1 such that the average of 12, 22, 32, . . . , n2 isitself a perfect square.

4. Find all solutions to the equation

x41 + x4

2 + · · ·+ x414 = 9999,

where x1, x2, . . . , x14 ∈ Z.

5. Let m = 13(4p − 1), where p is a prime number with p > 3. Prove that 2m−1

has a remainder of 1 when divided by m.

6. Find all integers n such that 3n + n3 is the cube of an integer.

7. For a, b, c, d ∈ Z, prove that

(ab, cd) = (a, c)(b, d)

(a

(a, c),

d

(b, d)

)(c

(a, c),

b

(b, d)

).

8. For a, b, c ∈ Z, prove that

[a, b, c]2

[a, b][b, c][c, a]=

(a, b, c)2

(a, b)(b, c)(c, a).

9. Find all n ∈ N with the property that, if the leading digit of the decimalexpansion of 2n is removed, the resulting number is also a power of 2. Notethat, if there are initial zeros formed after the removal of the leading digit,then we also remove the initial zeros to get the new number.

30

10. The side lengths of a triangle are 2n− 1, 2n and 2n+ 1, where n is a positiveinteger. If the triangle has an integer valued area less than 20000, find allpossible areas of the triangle, and for each area, find the corresponding sidelengths.

11. Show thatx2 − 2

2y2 + 3

is never an integer when x and y are integers.

12. Does there exist a set S of 21 consecutive positive integers such that, for eachx ∈ S, x is divisible by some prime p from the interval 2 ≤ p ≤ 13 (note thattwo distinct members of S can use two different primes from the interval)?

13. A circular table of radius r is pushed into a corner of a square room. A pointon the edge of the table is at distance m from one wall, and n the other, wherem,n ≤ r. Suppose that m,n, r are integers, with m and n coprime. Provethat one of m and n is a perfect square, with the other even.

14. Can we find five distinct positive integers such that the sum of any three ofthem is prime?

15. Let p > 0 be prime. Prove that

(a)(2pp

)≡ 2 (mod p2),

(b)(p−1k

)≡ (−1)k (mod p) for 0 ≤ k ≤ p− 1,

where(nr

)= n!

r!(n−r)! denotes the binomial coefficient.

16. Prove that hcf(am−1, an−1) = ahcf(m,n)−1 for every a,m, n ∈ N, with a ≥ 2.

17. For n ∈ N, define n!! = 1 · 3 · 5 · · ·n if n is odd, and n!! = 2 · 4 · 6 · · ·n if n iseven. Prove that 2005!! + 2006!! is divisible by 2007.

18. Let a and b be positive integers such that a2 + b2 is divisible by ab. Prove thata = b.

19. Show that there are no integers x, y such that x3 − y4 = 6.

20. Prove that if m,n, r are positive integers such that

1 +m+ n√

3 = (2 +√

3)2r−1,

then m is a perfect square.

31

21. Let a, b, c be positive integers such that a is odd, hcf(a, b, c) = 1, and

2

a+

1

b=

1

c.

Prove that abc is a perfect square.

22. Find all integer solutions to x2 + y2 + z2 = x2y2.

32